An extended type system with lambda-typed lambda-expressions (extended version)March 2018

# An extended type system with lambda-typed lambda-expressions (extended version) March 2018

Matthias Weber
Technical Report,
matthias.weber@ campus.tu-berlin.de
###### Abstract

We present the type system , an extended type system with lambda-typed lambda-expressions. It is related to type systems originating from the Automath project.  extends existing lambda-typed systems by an existential abstraction operator as well as propositional operators. -reduction is extended to also normalize negated expressions using a subset of the laws of classical negation, hence  is normalizing both proofs and formulas which are handled uniformly as functional expressions.  is using a reflexive typing axiom for a constant to which no function can be typed. Some properties are shown including confluence, subject reduction, uniqueness of types, strong normalization, and consistency. We illustrate how, when using , due to its limited logical strength additional axioms must be added both for negation and for the mathematical structures whose deductions are to be formalized.

\makenomenclature

## Chapter 1 Introduction

### 1.1 Overview of this document

The following section provides a brief overview of . The subsequent sections of this chapter contain a more detailed motivation of the concepts of . Chapter 2 contains a formal definition of . Chapter 3 presents some examples of the use of . Chapter 4 contains proofs of the main properties of . Chapter 5 discusses possible variations of  and its relation to other systems. Appendix B defines and briefly analyzes two mappings from  to untyped -calculus. Appendix C illustrates the use of  as a logical framework.

### 1.2 Overview of d

Most typing systems contain subsystems that can be classified as instances of pure type systems (PTS) (e.g. [2]). As one of their properties, these systems use distinct operators to form dependent products and functional (i.e. )-abstractions. Type systems outside of PTS using a single operator for both (i.e. -structured types) have been investigated in early type systems such as  [11][10], as well as more recent approaches [17][20]. In particular [20] introduces the single-binder based -cube, a variant of the -cube which does not keep uniqueness of types, and studies -structured type variants of well-known systems within this framework.

The core of  is the system  [16], a reconstruction of a variation [28] of , modified with a reflexive typing axiom, see Table 1.1 for its typing rules. As usual, we use environments declaring types of distinct identifiers and a -reduction induced congruence on expressions. In order to emphasize its use as a type as well as an entity to which a type can be assigned, deviating from [16] we use the notation for the typed -abstraction and call it universal abstraction.

In contrast to other type systems with -structured types,  is using the axiom for a special constant . This might seem very strange as the use of a reflexive axiom in combination with basic rules of PTS leads to paradoxies [19], see also [2](Section 5.5). However, as will be seen, in our context of extended -structured types, the axiom acts as seed for deriving valid (i.e. typable) expressions and leads to a consistent system.

While with is elegant, as it consists of nothing but -typed -expressions, a function such as does not accept functional arguments such as . In fact, cannot be typed since , and . The lack of functions of type is the reason for achieving both consistency and .

Unlike instances of PTS (e.g. [24]), systems with -structured types have never been extended by existential or classical propositional operators. In this paper we present a possible extension the core of which is motivated by means of two typing sequences as follows:

First, there is an extension to the -induced typing sequence 111We write as shorthand for , , . where . An index where in combination with a corresponding base where forms a protected definition , which is typed to an existential abstraction . The type tag (which may use ) in is necessary to ensure uniqueness of types. Existential abstractions are then typed like universal abstraction, i.e. where . Intuitively this means a formula describing an infinite disjunction of elements is typed to the infinite conjunction of these elements types . This yields the following typing sequence.

 Γ⊢ai:aΓ⊢bi:b[x:=ai]Γ,x:a⊢b:c:d:…Γ⊢[x≐ai,bi:b]:[x!a]b:[x:a]c:[x:a]d:…

In addition to the elimination of a universal abstraction by means of application , operators of projection and are introduced as eliminators for existential abstractions.

Second,  adds a product as a binary analogon of the infinite aggregation . We use the tuple notation due to the use of products both in the role of element and of type. Similarly to the typing sequence above, there is an analogous typing sequence of binary aggregations: Expressions and may be used within injections , , which type to sums . The bracket notation is extended to injections and sums for coherence. Sums type to products , products type to products, and so on 222We write as shorthand for and .

 Γ⊢a1:b1:c1:d1:…Γ⊢a2:b2:c2:d2:…Γ⊢[a1,:b2],[:b1,a2]:[b1+b2]:[c1,c2]:[d1,d2]:…

Elimination is extended by using projections for products and a case distinction operator for sums.

Furthermore, to support common mathematical reasoning practices,  introduces a classical negation operator and additional rules to transform expressions into a negation normal form.. The most important rules are the following:

 ¬¬a→a¬[a,b]→[¬a+¬b]¬[a+b]→[¬a,¬b]
 ¬[x:a]b→[x!a]¬b¬[x!a]b→[x:a]¬b

Here, denotes the extended -contraction used in . Hence  is normalizing both proofs and formulas which are handled uniformly as functional expressions. Normalization of negation expressions as such does not yield all logical properties of negation, rather one has to assume additional axioms about negation. Similarly, due to the limited strength of , additional axioms must also be added for the mathematical structures whose deductions are to be formalized (see Chapter 3). The remainder of this chapter presents the above concepts in more detail.

### 1.3 Core concepts

In this section, we motivate and present the core concepts of  in a semi-formal property-oriented style. To understand the starting point of , consider the rules of pure type systems (PTS) summarized in Table 1.2 which are the basis for a large class of typed systems which can be used to formalize deductions (see e.g. [2]). As usual we use the notation where to formalize type assumptions. As usual, denotes equality modulo -reduction. The substitution of free occurrences of in by is denoted by . In the rules of Table 1.2, , the set of axioms, is a set of pairs , where are from a set of sort ; and , the set of rules, is a set of pairs where .

Many instances of these typing systems allow for representing deductions as well-sorted -expressions which reduce to a unique normal form with respect to -reduction, e.g. [2]. Depending on their axioms and rules, these systems allow to represent logical propositions as types and to identify sorting of terms and typing of formulae.

A well-known example of these systems is the calculus of constructions (CoC) [8] which can essentially be seen as a PTS with the following configuration (as usual, for , we write for ):

 S = {Prop,type} A = {(Prop,type)} R = {(Prop,Prop),(Prop,type),(type,Prop),(type,type)}

We will now discuss the differences of the system  [16]333which is itself a reconstruction of [28] which is a variation of Automath system  [11] to PTS.

The first deviation from PTS that is characteristic for the system is to use a single abstraction mechanism for propositions and expressions on all levels which we will denote as universal abstraction and write as . Some of the resulting types of systems have been studied as -cubes in [20]. Semantically, a universal abstractions can be seen as a function specified by a -expression444Nevertheless, we use the term universal abstraction to emphasize their logical roles as functional abstraction and universal quantification. As a consequence, typing does not correspond to set inclusion anymore but becomes a relation between functions and types become roles that functions can play in this relation. Consequently, -equality can now be applied also to expressions playing the role of types. Merging the abstraction mechanisms would lead to the following adapted typing rules, replacing the rules product, application, and abstraction.

 (product′) Γ⊢a:s1Γ,x:a⊢b:s2Γ⊢[x:a]b:s3where(s1,s2,s3)∈R (application′) Γ⊢a:[x:b]cΓ⊢d:bΓ⊢(ad):c[x:=d] (abstraction′) Γ,x:a⊢b:cΓ⊢[x:a]c:sΓ⊢[x:a]b:[x:a]c

Note that to emphasize the difference to PTS we use , , , etc. to denote expressions using a single binding mechanism. An important reason that this unification works smoothly is that abstraction works as introduction operator for itself. We will see later how this becomes more complex when existential operators are introduced.

Note also that and together would violate uniqueness of types [20]:

 Γ⊢a:bΓ⊢a:cb=βc

For example if , , and we would have

 ⊢[x:∗]x:□and⊢[x:∗]x:[x:∗]□

This motivates the second difference of w.r.t. PTS which is to reject the rule in order to ensure uniqueness of types.

The third and final difference to PTS that is characteristic for is to strengthen the rule to allow using any typable universal abstraction. The rules weakening, conversion, and start are adapted accordingly.

 (abstraction′′) Γ,x:a⊢b:cΓ⊢[x:a]b:[x:a]c (weakening′) Γ⊢a:bΓ⊢c:dΓ,x:c⊢a:b (conversion′) Γ⊢a:bΓ⊢c:db=βcΓ⊢a:c (start′) Γ⊢a:bΓ,x:a⊢x:a

Similar kind of choices are included in the system  [17].

deviates from by setting and instead of and .. It is well know that systems with can lead to paradoxes, e.g. [7][19], see also [2](Section 5.5). It will turn out that rejection of the rule is the key reason for avoiding these paradoxes555Note that the system does do have formation rules that yield e.g. .

These adaptations result in a system that correponds to the system , modified by , in inference rule notation and which will be used as backbone of . The basic properties of this system are summarized in Table 1.3.666See Section 5.5 for extensions of the congruence relation including -reduction laws. Note that, again to emphasize the difference to PTS, we use a special symbol () for the reduction relation on expressions. Similarly we use for the congruence between expression, the symmetric and transitive closure of reduction.

We require two more properties for its meaningful use as a typing systems. First, the typing relation should be decidable in the sense that there is an algorithm which takes an expression and either fails or delivers an expression with . Second, the calculus should be consistent in the sense that there is an expression which is not the type of any other expression. In , is such an expression:

 there is no a with ()⊢a:[x:τ]x

Due to the properties of confluence and strong normalisation we can define the unique normal forms of a typable expression. In the core of , we have the following such normal forms.

 N = {τ}∪{[x:a]b∣a,b∈N}∪D D = {x∣x∈I}∪{(ab)∣a∈D,b∈N}

Here the set denotes the set of dead ends (of reduction).

In , common encodings of logical operators can be used (where abbreviates if is not free in ):

 ff := [x:τ]x tt := [x:τ][y:x]y implies := [x:τ][y:τ][x⊢y] not := [x:τ][x⊢ff] and := [x:τ][y:τ][z:τ][[x⊢[y⊢z]]⊢z] or := [x:τ][y:τ][z:τ][[x⊢z]⊢[[y⊢z]⊢z]] forall := [x:τ][y:[x⊢τ]][z:x](yz) exists := [x:τ][y:[x⊢τ][[z:x][(yz)⊢x]⊢x]

Given these definitions, one can derive further logical properties, for example the following one (where abbreviates :

 x1,x2:τ⊢[y:(andx1x2)](yx1[z1:x1][z2:x2]z1):[(andx1x2)⊢x1]

Hence one could argue that no further logical operators (apart from the law of the excluded middle) seem necessary. We do not follow this argument because as we have already argued in Section 1.2, due to the typing rules of the core of , declarations such as cannnot be instantiated to functions . This limitation of expressive power is a drawback of such encodings.

To overcome this limitation, we could introduce abbreviations for expression schemas, e.g.

 and(a,b) := [z:τ][[a⊢[b⊢z]]⊢z]

However, regardless of the use of schemas we do not adopt the encoding approach in  because of properties such as

which we consider less intuitive for deductions involving conjunction as compared to the approach in  which is to introduce additional logical operators with their specific typing and congruence laws. This will lead to the law:

### 1.5 Existential abstraction

The restricted structuring means of the core of  become apparent when modeling the assumption of some identifier of type and with a constraining property depending on . In the core of  one is forced to use two consecutive declarations as assumption and consequently a nested application as resolution.

 Γ⊢b:[x1:a][x2:Px1]Qx1,x2Γ⊢c1:aΓ⊢c2:Pc1Γ⊢(bc1c2):Qc1,c2

A key mechanism of  is to extend this system by existential abstraction, written as , and left and right projection, written as and . Using these operators, the two assumptions and the two applications can be merged.

 Γ⊢b:[x:[y!a]Py]Qx.1,x.2Γ⊢c:[y!a]PyΓ⊢(bc):Qc.1,c.2

We now turn to the intended additional typing laws. The elimination laws are relatively straightforward and similar to common laws for types, e.g. [24].

 (chI)Γ⊢a:[x!b]cΓ⊢a.1:b(chB)Γ⊢a:[x!b]cΓ⊢a.2:c[x:=a.1]

Note that the type of contains a projection , i.e.  is used on both sides of the elimination rules of 777This is related to the remark about existential quantification in §12 of [18].. Note that logically left projection has similarities to a skolem function and right projection can be seen as a skolemisation operator888Left projection has also similarities with Hilberts -operator, see Section 5.1.

Next, we define the introduction law for existential abstraction, which turns out to be somewhat more complicated. As for universal abstractions, some sort of unique introduction operation for existential abstraction seems necessary999Otherwise expressions would have types of very different structures at the same time. This is not investigated further in this context.. A first approximation of the corresponding typing rule would be to use a tuple to introduce existential abstractions:

 Γ⊢a:bΓ⊢c:d[x:=a]Γ⊢[a,c]:[x!b]d

However, this rule is inappropriate in our setting as it allows for many incompatible types of the same expression and thus violates uniqueness of types, for example:

 Γ⊢a:bc:[d⊢d]Γ⊢[a,c]:[x!b][x⊢d]Γ⊢a:bc:[d⊢d]Γ⊢[a,c]:[x!b][d⊢x]

A solution to this issue is to specify the intended type explicitly in the protected definition. Instead of using a notation such as we can omit the expression by introducing an operator called protected definition, written as where we allow , but not to use the identifier . The second attempt for the typing rule then becomes

 Γ⊢a:bΓ⊢c:d[x:=a]Γ⊢[x≐a,c:d]:[x!b]d

There is a logical issue with this naive characterization of existential quantification: In the expression in the rule-antecedent it would be possible to unfold to at arbitrary places in . This may lead to problematic instantiation of the rules which leads to expressions that cannot be typed. For example, we can instantiate the proposed rule to obtain (with abbreviating ):

 Γ⊢˙τ:˙τΓ⊢[x:˙τ][(xτ)⊢τ]:([x:y][(xτ)⊢τ])[y:=˙τ][y≐˙τ,[x:˙τ][(xτ)⊢τ]:[x:y][(xτ)⊢τ]]:[y!˙τ][x:y][(xτ)⊢τ]

and therefore, since both antecedents of the rule are true, i.e.

 Γ⊢˙τ:˙τ[x:˙τ][(xτ)⊢τ]:[x:˙τ][(xτ)⊢τ]

the consequence of this rule would be true as well. Note however, that in the type expression in the rule-consequence the expression is not typable. The cause of this issue is that the unfolding of the definition of , which is necessary to ensure that is typable, has been lost in the typing step. We therefore need to add a condition to this rule requiring typability of the intended type. This leads to the final form

 (def)Γ⊢a:bΓ⊢c:d[x:=a]Γ,x:b⊢d:eΓ⊢[x≐a,c:d]:[x!b]d

Furthermore, protected definitions are subject to the following reduction axioms:

 (π1)[x≐a,b:c].1→a(π2)[x≐a,b:c].2→b

Finally, we need to define a typing law for existential abstraction itself, in order to define well-defined existential abtractions. With respect to type elimination, an expression of type embodies a proof of for some concrete expression . However, with respect to type introduction, i.e. when playing the role of a proof, an expression has the logical strength identical to a universal abstraction: it is a function which given some it produces a , hence we use the rule:

 (absE)Γ⊢a:dΓ,x:a⊢b:cΓ⊢[x!a]b:[x:a]c

It is important to note that this law has the effect that existential abstractions can now be instantiated as elements in the elimination rule for universal abstraction, i.e.

 Γ⊢[x!a]b:[x:a]cΓ⊢d:aΓ⊢([x!a]bd):c[x:=d]

Hence, we extend the law of -equality to existential abstractions as well

 (β2)([x!a]bc)→b[x:=c]

Note that this does not lead to logical inconsistency because from and one cannot conclude .

One might ask why not type an existential abstraction to an existential abstraction (assuming ). This would logically be invalid since we could prove existential statements by magic, i.e. without providing an instance expressions. Actually it is quite easy to see such a rule would lead to inconsistency. First, the type has an element, namely itself!

 ⊢[x:τ][y!x]τ:[x:τ][y!x]τ

However from a declaration of this type one can extract a proof of as follows

 y:[x1:τ][x2!x1]τ⊢[z:τ](yz).1:[z:τ]z

The discussion about the typing rules for abstractions can be summarized as follows:

• From the point of view of reduction, universal abstraction and existential abstraction both share the properties of -abstraction.

• From the point of view of typing, when playing the role of a type, universal abstraction is its own introducer and existential abstraction requires a proof of a concrete instance in its introduction rule, however when playing the role of an element, universal abstraction and existential abstraction have the same contraction and typing rules.

The set of normal forms is extended as follows::

 N = {τ}∪{[x:a]b,[x!a]b,[x≐a,b:c]∣a,b,c∈N}∪D D = {x∣x∈I}∪{(ab),a.2,a.1∣a∈D,b∈N}

The basic properties of existential abstraction are summarized in Table 1.4.

### 1.6 Products and sums

While quantifiers now have a direct intuitive correspondence,

 [x:a]b ∼ ∀x:a.b [x!a]b ∼ ∃x:a.b

this is not yet the case for propositional operators. One could introduce the notational convention

 and(a,b) := [x!a]b

where may not occur free in . However we would then obtain the property

 Γ⊢a:bΓ⊢c:dΓ⊢and(a,c):[x:b]d

swhich we consider an unintuitive (c.f. discussion in Section 1.4).

In this section, we therefore introduce explicit propositional operators. First, we introduce binary products as a finite version of universal abstractions.

 (prd)Γ⊢a:cΓ⊢b:dΓ⊢[a,b]:[c,d]

Furthermore, the left and right projection operators and are extended to products:

 (prL)Γ⊢a:[b,c]Γ⊢a.1:b(prR)Γ⊢a:[b,c]Γ⊢a.2:c
 (π3)[a,b].1→a(π4)[a,b].2→b

Analogously to binary products, we introduce binary sums as a finite version of existential abstractions. Together with binary sums, we introduce left- and right-injections , of expressions into sums and a case distinction operator . The notations with sharp brackets are used to emphasize the fact these constructs are related to universal and existential abstraction in the sense that they represent finite variations of these constructs. These constructs have the following typing and rules:

 (injL)Γ⊢a:bΓ⊢c:dΓ⊢[a,:c]:[b+c](injR)Γ⊢a:cΓ⊢b:dΓ⊢[:b,a]:[b+c]
 (case)Γ⊢a:[x:c1]dΓ⊢b:[y:c2]dΓ⊢d:eΓ⊢[a?b]:[z:[c1+c2]]d

Note that left-injection carries a type tag , similar to the tag in . Similar for right-injections. Note that the third condition in the typing rule for case distinction implies that does not appear free in .

Analogously to the extension of projection to products, application is extended to case distinctions:

 (β3)([a?b][c,:d])→(ac)(β4)([a?b][:c,d])→(bd)

Concerning typing and reduction of sums, since a sum can be seen as a finite variant of an existential abstraction we use finite variants of the rules motivated in Section 1.5: The typing of sums is analogous to that of existential abstraction:

 (sum)Γ⊢a:cΓ⊢b:dΓ⊢[a+b]:[c,d]

Obviously, there should be similar treatment for the finite variants and of the expression . Hence we also include the following equivalences:

 (π5)[a+b].1→a(π6)[a+b].2→b

As a simple example of the use of these rules consider the following expression () proving commutativity of sums:

 [x:[a+b]]([[y:a][:b,y]?[y:b][y,:a]]x):[[a+b]⊢[b+a]](Ca,b)

The set of normal forms now looks as follows:

 N = {τ}∪{[x:a]b,[x!a]b,[x≐a,b:c]∣a,b,c∈N} ∪{[a,b],[a+b],[a,:b],[:a,b],[a?b]∣a,b∈N}∪D D = {x∣x∈I}∪{(ab),a.2,a.1,([b?c]a)∣a∈D,b,c∈N}

The basic properties of products and sum are summarized in Table 1.5.

### 1.7 Negation

The rules given sofar allow, within the paradigm of natural deduction, for defining negation as described in Section 1.4:

 not(a):=[a⊢