This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
+’+’ ( 4([XI ( D )B @ I.[ ( D )4,q.e.d. Conversely, we might generate part of the &-equalityby adding general permutative reductions, paying due attention to the thus arising SN problem.
6.3. The SN-problem caused by E We strongly believe that SN holds for the full AUT-ll reduction (including E ) , and that there are just some technical problems which prevent the proofs of
The language theory of Automath, Chapter VIII, Section 6 (C.5)
653
the preceding section to apply to that situation. We briefly sketch why each of the three proofs fails in presence of E . The problem with the first proof (5.1) is that the dead end set for, e.g., PE-reduction is not so easy to describe. E.g. [ y ]((il(y)) z) F @ [y]( i 2 ( y ) )F is a typical dead end for PE. Of course Pv- or Do-dead ends are not manageable either, but a77 can be included afterwards, using pp. Then the second proof (5.2). An c-redex [ y ]( i l ( y ) )F @ [y]( i z ( y ) )F can be created by substitution [z/A]in two different ways:
(1) from z @ [y](iz(y)) F , A part) 1
[ y ]( i l ( y ) )F (and similar with the right hand
(2) from [Y]( i l ( y ) )FI @ [yl ( h ( y ) )Fz, F l [ A ]= F , F2[AI = F . In case (1) we are suggested t o replace z @ [ y ]( i l ( y ) )F by a single variable z , and t o introduce a new substitution [ r / F ] . However, l ( p ( z ) ) > l ( p ( z ) ) ,which does not fit in the proof at all. But we can remove this case by just considering AUT-no. Case (2) does not pose a problem: the substitution plus reduction can be simulated by reduction plus substitution, starting from [y](il(y)) Fo @ [ y ]( 2 2 ( y ) ) Fo, where both F1 and F2 can be constructed from FO by substituting A for some of free z’s. Besides, the second proof is based on replacement. This means that the E-redex above can also be created from, e.g., (3) [YI
(4F @ [YI (i2(v))F , with A = i l ( Y ) , or
These two expressions do not reduce, unless we switch to a generalized form of (which does not solve the problem, though - see below). Finally the computability method (5.3) fails because the property: F E C, G E C + F @ G E C is not so easy anymore. For, let F 2 [z]( i l ( z ) [) y ] D ,G 2 [z]( i ~ ( z[)y)] D .Then we just know that A E C D [ i l ( A ) ]E C , D [ i z ( A ) ]E C , but we want that D [ A ]E C for general A E C. We have tried to adapt the second SN-proof to this situation, viz. by restricting to AUT-no, and by introducing a liberal version of &,It, named 8.
Ealt
*
E’
:
> [YIF. [ p ] F ( i i ( y )@] G > [ y ] F G @ [P]F[~(Y)I
This can be considered a kind of improper reduction in the sense that it identifies expressions which in the intuitive interpretation do correspond to different objects. A typical way of creating a new &-redex is, e.g., from (y]z @ G by the ~~, to [yly. One can indeed mimick this by first replacement [ z / 2 1 ( y ) ]reducing reducing to [ylz, and then apply a new replacement, viz. [z/y].But the norm of this new z is longer than that of the old one.
This Page Intentionally Left Blank
655
The Language Theory of A,, a Typed A-Calculus where Terms are Types L.S. van Benthem Jutting 1. INTRODUCTION
In the present paper we present the theory of a system of typed A-calculus A,, which is essentially the system introduced in [Nederpelt 73 (C.3)]. Its characteristic feature is that any term of the system can serve as a type. The main difference between the two systems is that our system only allows for @-reduction, while Nederpelt’s system has 7-reduction as well. The importance of A, lies in the fact that it may be considered as basic to the Automath languages. Therefore its theory can also be seen as basic to the theory of Automath [ d e Bruijn 80 (A.5)], [van Daalen 801. In our notation we will follow the habits of Automath, that is: for terms u and v, types
(Y
and variables z we will denote
Azauby[s:a]u and
(u.1
by
(4..
The system consisting of such terms will be called A. The system A, is the subset of A to which a term ( u ) v belongs only if v is a function, and if the domain of u and the type of u have a common (@-)reduct. Our main theorems will be:
(1) Church-Rosser for A. This will be proved along the lines of well-known proofs by Tait and Martin-Lof [Martin-Lof 75al. (2) Strong normalization for a subsystem of “normable terms” in A. Our proof will be along the lines of proofs in [Gandy 801 and in [de Vrijer 87c] for strong normalization in simply typed A-calculus.
(3) Closure of Am under (@)-reduction. For this we have a new direct proof, though the theorem has been proved previously in [van Daalen 801, see [C.5].
L.S. van Benthem Jutting
656
Moreover, we prove that the terms of Am are “normable” in the sense intended above; therefore those terms strongly normalize. This, together with correctness of types, implies that Am is decidable. In our presentation we will use “nameless variables’’ as suggested in [de Bruzjn 72b (C.2)]. That is, our variables will not be “letters from an alphabet” but “references to a binding A”, or rather, because of our notational habits, “references to a binding square brackets pair”. In order to grasp the use of nameless variables one should note that terms can be interpreted as trees. Consider e.g. the term:
.1 : 4 (4[v : PI (9)2 The corresponding tree is
.
Figure 1 In this tree the bindings may be indicated by arrows, omitting the names of the variables:
Figure 2
The language theory of A,
(C.6)
657
And here, again the arrows may be replaced by numbers, indicating the depth of the binding node to which the arrow points as seen from the node where the arrow starts (only binding nodes, indicated by c‘o”,are counted!):
Figure 3 This last tree can again be represented in a linear form:
1.1
(1) [Dl (1)2
*
Note that the same variable x in the first term (or tree) is represented in the “nameless” term (or tree) once by 1 and once by 2, whereas the same reference 1 in the “nameless” representation once denotes x and once y. Both the name carrying and the nameless linear representation can be considered as formalizations of the underlying intuitive notion of “tree with arrows”. The presentation with nameless variables makes the notion of a-conversion superfluous (and even meaningless). Thereby the definition of operations where “clash of variables” might arise (e.g. substitution) becomes more definite, and the proofs more formal. The drawbacks of this presentation might be a loss of “readability” of the formulas, and the need of a number of technical lemmas for updating references involved in certain formula manipulations. In our presentation frequent use will be made of inductive definitions (e.g. the definition of term, of substitution, of reduction and of A,). Subsequently, proofs are given with induction with respect to these definitions. This should always be understood in the sense of “induction with respect to the number of applications of a clause in the definition”, or, in other words, “induction with respect to the derivation tree”. This concept is not formalized here.
L.S. va.n Benthem Jutting
658
2. PRELIMINARIES AND NOTATIONS In our theory we will use some notions of intuitive set theory. N will denote the set of natural numbers { 0 , 1 , 2 , 3 , ...}, N+ the set of positive natural numbers {1,2,3, ...}, and IF'= N U {oo}, the set nV extended with infinity. The predecessor function is extended to N- by defining oo - 1 := 00. For n E N we define N,, := {k E N+I k I n}, so NO = 0, the empty set. Let A and B be sets. Then A x B denotes the Cartesian product of A and B, that is the set of pairs [a,b] where a E A and b E B; and A -+ B denotes the set of functions with domain A and values in B. If f E A --* B and a E A then ( a )f will denote the value of f at a; and if for a E A we have b(a) E B then [a E A ] b ( a )will denote the corresponding function, that is the set{[a,b(a)l E A x B ~ u E A } . As a consequence of our notation for the values of a function our notation for the composition of functions will be a little unusual: i f f and g are functions with domains A and B respectively, then
f 0 g = [z E C] ((z)f ) g ,
where C = {z E A I (z)f E B }
So (z) ( f o g ) = ((z)f ) g for z E C. If A is a collection of sets then U A denotes + A , i.e. the the union of A . If A is any set and n E N then A(") denotes N,, set of finite sequences of elements of A with length n. In particular A(O) = {0}, where 0 denotes the empty sequence. A* will denote U {A(")I n E N}, that is the set of all finite sequences of elements of A . If s E A* then L ( s ) is the length of a; and if s l 5 A* and 92 E A* then 81&82 denotes the concatenation of s l and 92. In particular, 0&s = s for s E A*. If a E A we will often confuse a with {[l,al}, that is the element of A(') with value a. In particular, if a E A and s E A*, then a&s E A', and moreover:
+
(1)(a&s) = a , and (n 1) ( a h )= (n) s for n 5 L ( s ) . Where no confusion is expected we will often omit the symbol "&". For the updating of references we will use the following functions and operations on functions:
For m E N
vrn = [nE N+] (n+m) For m E N
where
The language theory of A,
T(m,n)= Form E
In
(C.6)
659
n+l
ifnsm
1
ifn=m+l if n
>m
+ 1.
N and $ E N+ + N+ $(m)
= [n E M+]~ ( $ , m , n, )
where
It follows that cpo = 290 = [n E N + ] n , the identity on Nv+,and that for E N + + N+ we have +(') = +. Note that ( P and ~ 19', are injective, and that if $ is injective then so is +("). Simple computation shows that the following lemmas hold:
+
Lemma 2.3. If k E +l(k)
0
N and $1,$2 E N+ -+ N+ then
+2@) = ($10 $ 2 ) ( k )
Lemma 2.4. If k, m E
( n )' : 9
=
("
.
M and n E N+ then
n+m
ifnsk ifn>k
L.S. van Benthem Jutting
660
Lemma 2.5. Zf k,1, m E N then
3. TERMS, TRANSFORMATION AND SUBSTITUTION
We define the set of terms A inductively as follows:
Deflnition 3.1. (1) T E A (2) if
TI
E N + then
nEA
(3) if u,v E A then (u)v E A (4) if u, v E A then [u] v E A
0
Transformation, i.e. adaptation of the references in terms by means of a function $ is defined as follows:
0
Clearly if u E A then $21 E A. Moreover qU=T
iff u = ~ ,
@=m
iff u = 21 and
- = (vl)v2 $u
iff u = (ul)u2, $ul = v l and $2~2= v2
- = [vl] v2 $u
iff u = [ul]212, $u1= v l and $(l)u2 = v2
( T I ) $=
m
, ~
It follows that for injective $, $JU = $v implies u = v. -
Lemma 3.1. Zf$1,@2 E N + -+ N + , u $1 $2u = $2 0$1u
--
~
*
E
A then
, .
The language theory of Am (C.6)
66 1
Proof. By induction on u.
0
For u, v E A, k E N + we define substitution of u in v at k , denoted by as follows:
xi v
Definition 3.3.
xi
Clearly, again, if u,u E A then v E A. Now we have the following technical lemmas: L e m m a 3.2.
xi v = x r
LPk-lu
29k-1~. __
Proof. By induction on v. L e m m a 3.3.
11 ~7
-
v=
0
tltu
@v.
Proof. By induction on v. L e m m a 3.4. If m
then
0
xi (Pmv = xi-mv . -
(Pm
Proof. By Lemma 3.2 and Lemma 2.1. L e m m a 3.5. If m
+ 1 2 k > 1 then xi &v
-
=(P;-~V.
Proof. By induction on v. Corollary 3.5. Zf m 2 k then
xi -~ pmv = vm-lv.
These lemmas are used to prove the following theorem: T h e o r e m 3.1. Substitution theorem.
Z f m 2 k thenx:
xi w = x kE L + l x1+1W '
Proof. By induction on w.
L.S. van Benthem Jutting
662
The relevant case is when w = 12. If n = k then
and on the other hand
If n = rn
+ 1 then
c:+1
= Ck
x;-k+l'
'w
vnu = 'p.,-?u
-
For other values of n the proof is straightforward.
by Lemma 3.5
. 0
4. REDUCTION
We define on A the relation -+,called one step reduction. Definition 4.1. (1)
(4['wl v
+
CY
2,.
If u --* v then
The relation
-,,on A is the reflexive and transitive closure of +, defined by
Definition 4.2. (1) u+u.
(2) If u + v and v
+
w then u + w
The language theory of A,
on
(C.6)
663
It is easily seen that the relation ++is transitive and monotonic. By induction $v, the following technical lemma is proved: 21 -+ v, respectively $u + -
Lemma 4.1. If u + v then for any $ we have - implies u + v . if 4 is injective then $u - + +v
$21 .
+
$v ; 0
Another technical lemma: Lemma 4.2. If $u -
+v
then for some w we have v = $w - and u + w.
Proof. By induction on $u -
+ v.
0
Finally it is easily shown that if [ u l ] u 2 u 2 * v2.
+
v then v = [vl]v2, u1
+
v l and
5. THE CHURCH-ROSSER THEOREM
We define on A the relation
> called
nested one step reduction.
Definition 5.1. (1) u > u . If u 2 u1 and v 3 v l then (2)
(414v 3 EY1v l
(3) (u) v 3
(211)
vl
(4) [u]v 3 [ U l ] v l .
5
2 denotes the transitive (and - of course - reflexive) closure of easy inductive argument it is seen that u 2 v iff u --H v. The following technical lemma is proved by induction on u 3 v.
>. By
Lemma 5.1. If u 3 v then for any $ $u 3 +v. -
an
5
Now we are able to prove two lemmas on substitution. Lemma 5.2. If u 3 u l then
xt v 3 xi1V.
Proof. By induction on v it is proved that
xt v 3 Ct1v for any k.
0
L.S. van Benthem Jutting
664
Lemma 5.3. Substitution lemma for >. Zf u 3 u1 and v 2 v l then v> vl.
xi
xi1
Proof. By induction on v 3 v l it is proved that Lemma 5.2 and Theorem 3.1 are used.
xi v 3 xi1v l for any k.
Using these lemmas we can prove the diamond property for
0
>.
Lemma 5.4. Diamond lemma for >. If u 2 u l and u 3 u2 then there exists a term v such that u l
> v and u2 3 v.
Proof. By induction on u 3 u1 and u 2 u2,using Lemma 5.3.
0
As a corollary we have:
Theorem 5.1. Church-Rosser theorem for +. If u -M u1 and u + u2 then there exists a term v such that u1 +,v and u2 + v.
0
6. NORMS, NORMING FUNCTIONALS AND MONOTONIC
FUNCTIONALS A term u E A is called normal if u -n v implies u = v. A reduction sequence of u is a finite or infinite sequence uo, ul,212, ... such that uo = u and un-l -+ un for n E lN+. We say that u strongly normalizes if all reduction sequences of u are finite. This is the case, by Konig’s lemma, iff there is a uniform upperbound to the lengths of the reduction sequences of u. We will prove strong normalization for a subset of A, the set of normable terns. Our proof extends proofs in [Gandy 801 and [de Vrijer 87c] for strong normalization in simple type theory. It is based mainly on de Vrijer’s “quick proof”; we refer also to that proof for comments. We define the set F of norms recursively as follows:
DeAnit ion 6.1. (1) lN E F
(2) if a , @E F then a
-@
:= ( a
-+
0)x EV
E F.
It is clear that, for a,@€F , a =par a n p = 0 . The elements of UF will be called norming function&.
0
For any norming
The language theory of A,
(C.6)
665
functional f the norm to which f belongs is denoted by the projection operators:
fT.
Moreover, we define
if f = n, n E N then f' = n , if f = [g,nl, [g,nl E a
- p then f' = g and f'
=n.
Let f be a norming functional, m a natural number. We define the norming functional f m as follows:
+
Definition 6.2.
+ m = n + m.
(1) If f E N , f = n then f
(2) If f E a
- P, f = [g,nl then f + m
Thus for f E a we have f
= [ [ hE a]((h)g
+ m),n + ml.
0
+ m E a and
(f + m)' = 'f + m , ( h )(f + m)' = ( h )f'+ m if a = p
-
y and h E
0.
Note that + extends addition on the natural numbers. For a E F and n E IV we define the norming functional c; E a.
Definition 6.3. (1) :c
(2)
=n
4-7 = "h E PI
C;[.+n,
n1'
Thus c;*
=n ,
( h )(@-7)'
= c;.+~
if h E
,
Note that c;
+ m = c+;,
.
Now let a be a norm. We define a subset ao of a and a relation simultaneous inductive definition.
Definition 6.4. (1) N O = N ;for f,g E
N o , f < g iff 'f < g*
< on ao by a
L.S. van Benthem Jutting
666
We define G := {aola E F } ; the elements of G will be called monotonic functionals. Note that < on N o is the order on the naturals. The following facts are easily proved: If f , g , h E a', f < g and g < h then f < h. Iff,gEoo,mEMthenf+mEaoandiff
< n then c g < c:.
7. STRONG NORMALIZATION We will assign to certain terms u E A a functional in U F , which will be called the norming functional of u. In order to define it we need a sequence 9 E ( u F ) * ;9 may be thought of as an administration of the functionals assigned to the free variables of u. f n ( u , 9 ) will denote the norming functional of u. It may be the case that f n ( u , 9 ) is undefined. This will be denoted by fn(u, 9)= 0.Terms u for which fn(u, 9)# 0 for some 9 E (uG)* will be called nomable.
Definition 7.1. (1) fn(7,O) = 0 .
(fn(v, 9)) fn(w, 9)'
if fn(v, 9)#
,
fn(w, 9)# 0 and dom(fn(w, 9)')= fn(v, 0)t ;
l o
otherwise.
The language theory of A,
((2.6)
667
+ + fn(v, @)* + 1,fn(w,@)* -t
[ [ hE a]fn(w, h&@) h* (4) fn(b1 w,@) =
+ fn(w,ct&@)*l
if fn(w, @) # 0 , fn(v, @)t= a and fn(w,h&@) # 0 for h E a ; otherwise.
0
It will be clear from Lemma 7.5, which will be proved presently, that for normable terms u the number fn(u, @)* is a n upperbound for the lenghts of the reduction sequences of u. Note that if fn((u) [w]v,9)# 0 then fn(u, @)t= fn(w, @)t. Our first lemma expresses that it only depends on the norms of the functionals in @ whether fn(u, @) is defined and, if so, what is the value of fn(u, 0)t.
Lemma 7.1. Zf @1,@2 E ( U F ) * , L(@l) = L(@2) = n and (k)@lt= (k)@2t 5 n then either
for k
fn(u, 91) = fn(u, @2)= 0
,
OT
fn(u, @l)t= fn(u, @2)t
. 0
Proof. By induction on u. The following technical lemma is also proved by induction on u.
Lemma 7.2. If@ E ( U F ) ' , II, E N + + IV+ and II, o @ E ( U F ) * then fn($u, - @)= fn(u,II, o 0).
0
(Note that @ as well as II, is a function, hence II, o @ is a function.) The following important lemma expresses that an upperbound for the lengths of the reduction sequences of C'; w can be calculated from fn(u, @) and fn(w, fn(u, a)&@).
Lemma 7.3. Substitution lemma. Zf fn(u, @)# 0 then fn(Cy v, @) = fn(v, fn(u, a)&@). Proof. By induction on v. The main case is: v = [vl] v2.
+ + fn(C;" v l , @)* + 1,
fn(Cy v,@)= [[hE a]fn(C; w2, h&@) h* fn(C;" w l , @)*
+ fn(C;
v2,
.;&@)*I
L.S. van Benthem Jutting
668
where a = fn(Cy v l , 9)f, while by the induction hypothesis fn(Cy v l , 9)f = fn(v1, fn(u, @)&@)I . Moreover, we have by the induction hypothesis for h E a: fn(C; v2, h&9) = f n ( C y 5 v 2 , h&9) = fn(cplu, - h&Q)&h&@) . = fn(191v2,
Therefore f n ( C t v2, h&9) = fn(v2,&
o
(fn(u, 9)&h&9)) =
= fn(v2, h&fn(u, a)&@) .
It follows that fn(Zy v,9) = fn(v, fn(u, 9)&9).
0
In order to formulate the next lemma we need the concept of a free uariable. Therefore we define for u E A and k E N + the proposition free(u, k), expressing (in the language of Section 1) that the term u contains a reference (or an arrow) to the k-th binding node below u.
Definition 7.2. (1) not free(.r, k) (2) free(n,k) iff n = k (3) free( (v)w, k) iff free(v, k) or free(w, k) (4) free([v] w, k) iff free(v, k) or free(w, k
+ 1).
0
Lemma 7.4. Monotonicity lemma. -
If 0 E (uG)* then fn(u, 9)E (UG) u ( 0 ) .
- If 91, 9 2 E (UG)*, L(@l) = L(92) = n, we have ( 1 ) 91 = ( 1 ) 9 2 ,
(k)91 < (k)9 2 and for 1 5 n, 1 # k
then fn(ul91) < fn(ul9 2 ) OT fn(u, 91)= fn(ul9 2 ) = 0 zffree(u, k) and fn(u, 91) = fn(u, 9 2 ) zf not free(u, k).
Proof. By induction on u. The main case is, again, = [ul]212. Suppose fn(u, 9) # 0. Then by the induction hypothesis fn(u1, 9) E UG. Let a denote fn(u1, 9)f. Then also by the
The language theory of A,
(C.6)
669
induction hypothesis for every g E a we have fn(u2,g&@) E UG. Now let g, h be elements of a such that g < h. Then either fn(u2,g&@) < fn(u2, h&@) or fn(u2,g&@) = fn(u2,h&@), hence fn(u2,g&@) g* + fn(ul,@)* + 1 < fn(u2, h&@) h* fn(u1, @)* 1. It follows that fn(u, @) E UG. Now assume that free(u, k ) . Then for g E a we have:
+ +
+
+
+ + fn(u1, @I)*+ 1
(9)fn(ul @I)'= fn(u2,g&@1) g* and
+ + fn(u1, @2)*+ 1
(9)fn(u, @2)' = fn(u2, g&@2) g* and therefore (9) fn(u, 01)' < (9)fn(u, @2)' . Moreover ,
+
fn(u, @l)* = fn(u1, @ l ) * fn(u2, cg&@l)* and
+
fn(u, @2)*= fn(u1, @2)* fn(u2, cg&@2)* and therefore fn(u, @I)* < fn(u, @2)* . Hence if free(u,k) then f n ( u , @ l ) < fn(u,(P2). It is easily seen that if not free(u, k ) then fn(u, @ l ) = fn(u, 32). 0
Lemma 7.5. Reduction lemma. If 9 E (UG)*, fn(u, @) # 0 then u -+ v implies fn(vl 0)< fn(u, @), Proof. By induction on u ered by Lemma 7.3.
-+
v. The case u = (211) [u3]212, v =
xyl
212
is cov0
As a corollary we have Theorem 7.1. Strong normalization. If u is normable then u strongly normalizes. If 9 E (uG)*, fn(u,@) # 0 then fn(ul@)*is an upperbound for the lengths of reduction sequences of u. 0
8. CONTEXTS AND TYPES
In Sections 8 and 9 we will define the system A,. In order t o do so we must be able t o calculate the type of an expression u E A. For assigning a type
L.S. van Benthem Jutting
670
to u we need a sequence U E A*. Such a sequence is called a context. It can be considered as administrating the types of the free variables in u.The type of u may be undefined which, again, will be denoted by the symbol “0”.
Definition 8.1. (1) tYP(.,
U )=
In order to express the properties of the typing operator typ, we must extend the transformation operation, the substitution operation and the reduction relation to contexts. As far as transformation is concerned we restrict ourselves (k). to the functions (pm
Definition 8.2. Let U be a context, L ( U ) = n. Then v (4 m U
E A* with L ( ( p g ) U )= n ~
is defined by
The following lemmas are easily seen to hold:
0
Lemma 8.2. If L ( U 1 ) = k then ( p g ’ ( U l & U 2 ) = (cpg)Ul)&U2. ~
~
We prove a technical lemma by induction on u:
0
The language theory of A,
((2.6)
671
Lemma 8.3. If L ( U 0 ) = k , L ( U 1 ) = m and U = UO&Ul&U2 then either typ(&u,
@U)
tYP(&U,
@U) = q&typ(u, UO&U2) .
= typ(u, UO&U2) = 0
or 0
This gives as a consequence:
Corollary 8.3. If L ( U 1 ) = m, then either typ(q,u, - U l & U 2 ) = typ(u, U 2 ) = 0
or tYP(cp,U, U1&U2) = 'PmtYP(U,U 2 ) .
0
Now in order t o investigate the relation between substitution and typing we define substitution in contexts:
Definition 8.3. Let U be a context, L ( U ) = n, and 1 5 k 5 n. Then U E A* with L ( C g U ) = n - 1 is defined by
xi
(1)
C; u =
xg-l ( 1 ) U (1
if 1
+ 1) U
if k 5 1 < n
.
0
We have the following easy lemmas on substitution in contexts:
0
Lemma 8.5. If L ( U 1 ) = k then
( U l & U 2 )=
(xiU 1 )& U 2 .
0
The next lemma describes the relation between substitution and typing:
Lemma 8.6. Substitution lemma for typ. If tYP((Pku, - u ) -n w and q k (k) u -n w then either
xi U ) = tYP(U1 U ) = 0
tYP(x; v,
or typ(x;t v,
xi U )
-H
w0 and
typ(v, U ) -n w0 for some w0 E A
.
L.S. van Benthem Jutting
672
Proof. By induction on u. The main case is u = b. Because k 5 L ( U ) we have U = Ul&U2, where L(U1) = k .
fore typ(C1 u , C;t U ) = typ(cpk-lu, Hence, by Corollary 8.3: t y p ( Z i o, lary 8.3: ~~
cp1 tYP(CZ
21,
There-
( x i Ul)&U2)
where L(Ci U1) = k - 1. V ) = p k - 1 typ(u, V2), so, again by Corol~
C i U ) = 'PktYP(U,U 2 ) = tYP(B'L1, U )
+
w
*
On the other hand
C i tYP(U, U ) = xi y& (k)u = 'Pk-lM u by Corollary 3.5. This gives us
( k )u
5 C i tYP(U, U ) =
+
'w
.
By Lemma 4.2 it follows that w = cp1 w0 and that t y p ( C i u , Zi U ) -M w0 and
Corollary 8.6. If typ(u, V)
-M
xi typ(u, U )
w and u l
-M
-M
w0
0
w then either
typ(CY u , V) = typ(u, ul&V) = 0
or typ(CY u , V ) -M w0 and
zy typ(v, ol&V)
-M
w0 for some w0 E A
Proof. Take k = 1 and U = ul&V in Lemma 8.6.
.
0
Finally, in order t o describe a relation between typing and reduction we define the concept of reduction on contexts.
Deflnition 8.4. Let u and u be terms, U and V contexts. (1) if u --* u then u&U
(2) if U
+V
-.*
then u&U
u&U
.--$
0
u&V.
We have the following lemma:
Lemma 8.7. If U k 5 72 such that
(k)U
-.*
+
V then L ( U ) = L ( V ) = n
> 0 and there is just one
( I c ) V and ( 1 ) U = (1) V for 15 R , 1 # k
.
The language theory of Aw (C.6)
Proof. By induction on U
4
673
V.
0
Moreover, we have
Lemma 8.8. Zf U tYP(’u, U )
+
+
V then either
tYP(% V )
or tYP(.u,
w = tYP(% V ).
Proof. By induction on u.
Corollary 8.8. Zfv tYP(% V&U)
-+
+
w then either tYP(U, w
w
or typ(u, v&U) = typ(u, w&U) .
0
The relation +I between contexts is the reflexive and transitive closure of -+. If u -W v and U -,, V then clearly u&U +I v&V.
9. THE SYSTEM A,
We will define by simultaneous induction the set r, c A* which is the set of correct contexts, and the set A, c A x A* (it will turn out even A, c A x.),?I If [u, U l E Aw then u will be called a correct term on context U.Here correctness should be understood as follows: If (u)v is correct on context U then v “is a function” and moreover typ(u, U ) and “the domain of v” have a common reduct. In fact, we have not formalized what it means for v t o “be a function” and, if it is, what “the domain of v” is. The requirements described above appear, however, in clause 4 of our definition and - implicitly - also in clause 6. Together with r, and Aw we will define the sets ri and hi for i E N . They are introduced only for the purpose of induction in the proof of Lemma 10.3. If [u,Ul E Ai then u will be called i-correct. The systems are connected with the notion of degree in [de Bruijn 72b (C.2)] and [de Bruijn 80 (A.S)] in the sense that any i-correct term will have degree at most i. (The converse, however, does not hold.) In the following discussion it is always assumed that i E nVw. For i = 00 the definitions and lemmas contain the theory of A,.
L.S. van Benthem Jutting
674
Deflnition 9.1. (0)
ro= ho = 0 .
If i > 0 then ( 1 ) 0 E ri ( 2 ) if [u, Ul E A, then u&U E ri (3) if U E
ri then
17,Ul E Ai
(4) if typ((u)v,U) = 0 , [u,UlE hi, [ v I U 1 E [ v l ]v 2 then [ ( u )v , U l E hi
Ail
typ(u,U)
-w
v l and
-w
(5) if typ([u] v, U ) = 0 and [D,u&U] E hi then [ [ u ]v ,U l E Ai (6) if [typ(u, U ) , U ] E
Ai-1
then [u,UlE A i .
0
Clearly if [ulUl E A, then U E ri and if U1&U2 E ri then U2 E ri. It is also clear (by induction on i) that A i c Ai+l for i E AJand it is easy to check that Am = U {Ai I i E nV}. We have the following technical lemma:
Lemma 9.1. If L ( U 0 ) = k, L(U1) = m, U = UO&Ul&U2 and U1&U2 E then
[g~, &U] hi E
if
[u, VO&U21 E A,
ri
.
Proof. B induction, respectively on [u,UO&U21 E Ai and on [&u, &U1 E A i , where frequent use is made of Lemma 8.3.
0
The lemma has some nice corollaries:
Corollary 9.1.1. Weakening and strengthening lemma. If L ( U 1 ) = m, U1&U2 E ri, then [ ( P ~ UU, l & U 2 ] E hi afl [u, U21 E Ai. Corollary 9.1.2. If U E ri, k 5 L ( U ) then [( ~ k(k)U,Ul E Ai. Corollary 9.1.3.
[n,Ul E A, zf
UE
rooand n 5 L ( U ) .
0 0
The next lemma partially expresses our assertions about correctness of terms.
The language theory of Am (C.6)
675
Lemma 9.2. Soundness of application. Zf [ ( u ) [w]v,Ul E Ai then typ(u, U ) --* w0 and w -* w0 for some w0 E A. Proof. By induction on [ ( u ) [w]v,Vl E Ai.
0
Types of correct terms are, in a sense, preserved under reduction.
Lemma 9.3. Preservation of types. If [u, V l E A,, u v then either -+
tYP(U, V ) = tYP(V, U ) = 0
or typ(u, V ) -* w and typ(v, U ) --* w for some w E A
Proof. By induction on u v. We will consider the case u = ( u l ) [u3] u2, v = C;”’ u2. By the previous lemma typ(u1, V ) -* w0 and 213 -* w0. Now typ(u, U ) = (ul)[u3]typ(u2, u3&U) -+ typ(u2, u3&U) and typ(v, U ) = typ(Cy’ u2, U ) . Apply Corollary 8.6. -+
x;”’
0
The following lemmas are easy to prove. The first contains the converse of clause 6 in Definition 9.1.
Lemma 9.4. Correctness of types. If typ(u, V ) # then [u, Vl E hi if [typ(u, V ) ,U l E hi-I. The second tells us that if an application of a function to an argument is correct, then both the function and the argument are correct.
Lemma 9.5. Correctness of functions and arguments. If [ ( u ) v,Vl E hi then [ u , V l E Ai and [ v , U l E Ai.
0
We prove two lemmas which are, in a sense, converses of Lemma 9.5.
Lemma 9.6. If [ ( u ) v l , U ] E v2, vl E A ~ .
r(.)
Ai,
[v2,U] E hi, v l
-*
w and v2
+
w then
Proof. By induction on [ ( u )v l , V l E A i . We consider the case of clause 4: typ((u) v l , U ) = 0 , [u, Vl E A i , 1.1, Vl E A i , typ(u, V ) -* w0 and v l -* [wO]wl. We know that typ(v1, V ) = 0,hence, by Lemma 9.3, typ(w, V ) = 0 and also typ(v2, U ) = 0.Therefore typ((u) v2, V ) = 0 . Moreover, by the Church-Rosser theorem we have, for some w2 E A:
L.S. van Benthem Jutting
676
w + w 2 and [wO]wl-nw2, hence w2 = [wO*]wl* for some wO* and Therefore typ(u,U) [ ( u )v2, U l E hi.
--H
w0
-*
wO* and 712
++
w
-*
wl*
.
[wO*]wl*, so, by clause 4, 0
Lemma 9.7. If [ ( d ) v,U l E A i , [(u2) V , U ) E A;.
121.2, Ul
E
A, and u1 + 212 then
Proof. By induction [(vl) v,U l E A i . We consider again the case of clause 4: typ((u) v, U ) = 0 , [ul, U l E A i l [v,U l E Ai, typ(u1, U ) w l and v ++ [wl] w2. First we have typ(v, U ) = 0 , hence typ((u2) v , U ) = 0. By Lemma 9.3 we have for some w0 typ(v1,U) ++ w0 and typ(u2,U) w0. Hence, by the ChurchRosser theorem: w0 ++ v l and w l ++ v l for some v l . Therefore typ(u2,U) 0 w0 --H v l and 21 + [wl]w2 ++ [vl] w2, so, by clause 4, [(u2)v,Ul E A,. ++
++
++
Finally we state a lemma on correct abstraction:
Lemma 9.8. [[v]v,U l E A,
zfl [v,u&U1 E hi.
Proof. By induction, respectively on [[u] v, U l E Ai and on [v,u&U1 E A,. 0
10. CLOSURE FOR A,
For the proof that A, is closed under reduction we need Lemma 10.2 which tells us that correctness is preserved under correct substitution. In order to prove this lemma we give a slightly different definition of A*, which we will prove to be equivalent to the first definition. Induction on this alternative definition will be used in the proof of Lemma 10.2. We define for i E IN" the sets Ci and Li by a simultaneous inductive definition as follows:
Deflnition 10.1. (0)
co = Lo = 0.
If i
> 0 then
(1)
0 E Ci
(2)
if [u, Ul E Li then u&U E Ci
(3)
if U E Ci then [ T , U ~E Li
The language theory of Am (C.6)
(5)
677
if typ([u]v,V ) = 0 and [v,u&U1 E Li then [ [ u ]v,U l E Li
The clauses 0 to 5 are the same as the corresponding clauses of Definition 9.1, but clause 6 of that definition has been split up into three clauses. We easily verify that Li-1 c Li and that L , = U { L , I i E N } . In order to show that Ci = ri and Li = Ai we first prove the following lemma:
Lemma 10.1. If [typ(u, V ) ,Vl E Li-1 then [u,Vl E Li.
Proof. By induction on [typ(u, V)l E Li-1. We consider the case of clause 4: typ(u, V ) = (ul ) v, typ((u1) v,V ) = 0 , [ul, Ul E Li-1, [v,U l E Li-1, typ(u1, U ) + w l , v [wl]w2. Now either u = 24 or u = (ul) u2 and typ(u2, V ) = v. If u = B then [u, Vl E Li by clause 6.1. If u = ( u l) u 2 , typ(u2,U) = v then we have by the induction hypothesis ru2, Vl E L; and therefore [u, Vl E Li by clause 6.2. As another case we consider clause 6.3: typ(u, V ) = [ul] v, [typ([ul] v,V ) ,Vl E L,-z and [v,ul&U] E Li-1. Again we either have u = n or u = [ul] 212 and typ(u2, ul&U) = v. If u = n then again clause 6.1 applies. And if u = [ul]u2, typ(u2,~1&U) = v then by the induction hypothesis 0 ru2, ul&U1 E Li and therefore [u, Vl E Li by clause 6.3. I +
Corollary 10.1. C , = J?i and Li = hi.
Proof. Li C Ai is trivial, Ai
c Li is proved by using Lemma 10.1.
0
Now we are able to prove the following important substitution lemma.
Lemma 10.2. Substitution lemma for Li. If [__ ( ~ k u , U ]E Li, [vlul E Li, typ(@u,U) ~i E L ~ .
rc; v , c ;
+
w and ' p k ( k ) U
Proof. By induction on [v,Vl E Li, freely using Corollary 10.1.
+
w then
L.S. van Benthem Jutting
678 We consider some of the clauses:
Clause 3: = r. We have to prove that X i U E Cj. If k = 1 this is clear by Lemma 8.4. U= w& V, also by Lemma 8.4. If k > 1 then U = w&V and Now we have [w, Vl E L i , hence by the induction hypothesis w, U E Ci by clause 2. E L, and therefore
xg
xi
xi
xI Vl
Clause 4: v = (vl ) v2. We know that typ(v, U ) = 0,[vl, Ul E Li, rv2, ul E Li, typ(v1, U ) -n w l
and v2 + [wl] w2
.
By Lemma 8.6 we have:
The induction hypothesis gives us:
Also by Lemma 8.6 we see that
Now by Lemma 5.3 it follows that
hence by the Church-Rosser theorem
w 0 a w and E i w 1 - n ~forsome w , Therefore we have: typ(Cg
x;v2
vl,Ci U ) -n w0 -n w
+
and
[Xi 2011 Cbl w2 -w bl C;+l w2
From (i), (ii) and (iii) we conclude by clause 4 that
*
(iii)
The language theory of Am (C.6)
679
Clause 6.1: v = 12. We know that [typ(v,U),U] = rpn - (n)U,Ul E Li-1. We discern two cases: n = k and n # k . Suppose n = k. As L ( U ) 2 k we may put U = U1&U2 with L(U1) = k . Then U= U l ) & U 2 by Lemma 8.5 and L ( x ; U1) = k - 1. Moreover, U E Ci. Hence by Corollary it can be shown, just as under clause 3, that 9.1.1 we have [u, U21 E Li and by the same corollary also v, Ul =
(xi
r(Pk+a;
x;
Ul E Li.
Now suppose n # k. v either equals 12 (if n < k ) or n-l (if n Lemma 3.4 (for n < k ) or Corollary 3.5 (for n > k ) we see that tYP(C; u, C; U ) =
x;(pn (4u .
By the induction hypothesis we have by clause 6.1 [C; v,Ci Ul E Li. Clause 6.2: v = ( v l ) v2. We know that [ ( v l ) typ(v2, U ) ,U l E tion hypothesis it follows that
[C; __ pn (n)U ,
Li-1
x;U l E
Li-1
> k ) . Using
and therefore
and that [v2, U l E Li. By the induc-
By Lemma 8.6 it is known that for some w0 E A
x;typ(v2, U )
--H
w0 and typ(E; v2, C; U )
+
w0 .
(ii)
And from (*) we conclude by Lemma 9.4 that rtYP(C;
GC;
w,c;Ul E
.
Li-1
(iii)
From (i), (ii) and (iii) it follows by Lemma 9.6 that rtYP(C;
v , c ; % C i Ul E Li-1
7
and this, together with (*) gives us by clause 6.1:
rc;
v,Ci Ul E Li .
We leave the other clauses to the reader.
0
L.S. van Benthem Jutting
680
Proof. Take k = 1 and U = vl&V in Lemma 10.2.
0
Our next lemma implies that for i E N the set A, is closed under reduction. In order to word it we use the relation -H between contexts, which has been defined in Section 8. In order to prove the lemma we assign t o every context U the number M ( U ) which is the sum of the lengths of the terms in U : if L ( U ) = n then M ( U ) = L((1) U ) L((2) U ) ... L ( ( n )U ) .
+
Lemma 10.3. If i E N , u&U
-n
+ +
v&V and [u, U l E
Ai
then [v, Vl E A i .
Proof. By induction on i. If i = 0 then A, = 0, so the lemma holds. Suppose i > 0. We prove the following: Proposition. If u&U
+
v&V and [u,U l E A, then [v, Vl E A,.
Proof. By induction on M(u&U). If M ( u & U ) = 1 then u&U + v&V is impossible, so the proposition holds. Now suppose M ( u & U ) > 1. As u&U + v&V we have either u + v and U = V or u = v and U + V. Suppose u + v and U = V. We inspect the clauses for 21 --+ 0.
(1)
u = ( ~ 1[u3] ) u2
v = Cyl u2
,
.
By Lemma 9.2 we have typ(u1,U) + w and u3 -H w for some w , and by Lemma 9.5 we have “2131 212, Ul E A, so [u2, u3&U1 E Ai by Lemma 9.8. Apply Corollary 10.2.
(2)
21
= ( u l ) v2
,
u1 + v l
,
v = (vl) u2
.
By Lemma 9.5 we have [ul, Ul E A,. Moreover ul&U + vl&U and M ( u l & U ) < M ( u & U ) . Therefore by our induction hypothesis we have [ v l , U l E Ai and hence [v, U l E A, by Lemma 9.7.
(3)
u = (211) u2
,
u2
--+
v2
,
v = ( u l ) v2
.
[v, Ul E A, by a similar argument, where Lemma 9.6 is used instead of Lemma 9.7. (4)
u=
[vl]v 2 ,
u1 + v l
,
v = ( v l ] u2
.
By Lemma9.8 we have [u2, ul&U1 E A,. Moreover u2&ul&U + u2&vl&U and M(u2&ul&U) < M(u&U); in fact M ( u & U ) = M(uZ&ul&U) 2. Therefore our induction hypothesis gives us [u2, vl&U1 E A, and it follows that [v, Ul E A, by Lemma 9.8.
+
The language theory of Am (C.6)
(5)
'11 =
[v,Ul
[ul] u2
E Ai by
,
u2
v2
,
21
= [ul] v2
.
a similar argument as under 4.
Now suppose u = v and U
(3)
+
68 1
+
V. We inspect the clauses for [u, Ul E A i ,
u= 7.
We have to prove that V E ri. As U -+ V it is impossible that U = 8, so we may put U = ul&U1 and V = v l & V l . As U E ri we have [ul, U l l E Ai and also M ( U ) < M(u&U). Therefore we have by our induction hypothesis [ v l , V l l E Ai, hence V E ri.
u = ( ~ 1~2 ) ,
(4)
typ(u, U ) = 0
typ(u1, U ) +,v l and 212
-+
,
[ ~ Ul l , E hi
,
[ ~ 2U, l E
Ai
[vl]v2 .
By Lemma 8.7 we know typ(u, V) = 0 . Moreover, we have ul&U + u l & V and M ( u l & U ) < M ( u & U ) so by our induction hypothesis [ul, Vl E A i , and by a similar argument we see that ru2, V1 E A i . Also by Lemma 8.7 it is seen that typ(u1, U ) --* typ(u1, V) so by the ChurchRosser theorem we have: v l - w and typ(u1, V)
It follows that u2 -,, [vl]v2 = [ul] u2
(5)
,
-+
-+
w for some w
.
[w] v2, hence [u, Vl E Ai by clause 4.
typ(u, U ) = 0
,
[u2, ul&U] E A,
.
We know that u2&ul&U + 212&ul&V and that M(u2&ul&U) < M ( u & U ) . It follows that [u2, ul&V] E Ai, hence [u, Vl E A, by Lemma 9.8.
(6)
[ ~ Y P ( u , U ) , UE] Ai-1
.
By Lemma 8.7 we have typ(u, U ) -+ typ(u, V), hence typ(u&U)&U -+ typ(u&V)&V. Now by our induction hypothesis on i it follows that [typ(u, V), Vl 0 E Ai-1 and therefore [u, Vl E Ai by clause 6.
So our proposition is proved, and it follows immediately that u&U [u, Ul E A, imply [v,Vl E A i . This proves our lemma. Corollary 10.3. Closure for Ai. If i E N , [u, U l E Ai and u v then [v,Ul E -+
As a consequence we have:
Ai.
-+
v&V, 0
0
L.S. van Benthem Jutting
682
Theorem 10.1. Closure fOT Am. If [u, U l E Am and u --H v then [v,Ul E Am.
0
11. NORMABILITY FOR Am In this section we will prove that ru,Ul E Am implies that u is normable. It then follows from Theorem 7.1 that u strongly normalizes. In order t o prove that u is normable we will assign to certain sequences U E A* a sequence s ( U ) E (UG)*. If the assignment is not possible then we will write as before, s ( U ) = 0.
Definition 11.1. (1)
40) = 0 cg&s(U)
(2) s(u&U) =
if
s(U)#
fn(u,s(U)) # 0
0,
and fn(u, s(U))t = a otherwise
0
,
Proof. By induction on U.
0
Our second lemma gives a relation between norms and typing.
Lemma 11.2. If U E A*, s ( U ) # 0 and typ(u, U )# 0 then either fn(typ(u, U),s ( V ) )= fn(u, s ( U ) )= 0
or fn(typ(u, U), s ( U ) ) t = fn(u, W ) t
'
Proof. By induction on u. We consider the case that u = (ul]u2. Then typ(u, V ) = (2111 typ(u2, ul&U) and typ(u2, ul&U) # 0 . If fn(u1, s ( U ) ) = 0 then fn(typ(u, V ) ,s ( U ) ) = fn(u, s ( U ) )= 0 . Now assume that fn(u1, s ( U ) ) # 0 and put fn(ul,s(U))t = a. Then it follows that s(ul&U) = c$&s(U) # 0. If fn(typ(u2, ul & U ), s(ul&U)) = 0 then also fn(u2, s(ul&U)) = 0 by the induction hypothesis, and therefore fn(typ(u, V ) ,U ) = fn(u, V ) = 0 . SO let us assume fn(typ(u2, uI&U), s(ul&U)) # 0 . Putting fn(typ(d2, ul&U), s(ul&U))T = /3 we have by the induction hypothesis
The language theory of A,
683
(C.6)
fn(u2, s(ul&U))T = p and also fn(u2, g&s(V))j = ,B for g E a. Hence fn(typ(u, U ) ,s ( U ) ) t = fn(u, s(U))T = a + 0.
Lemma 11.3. If [u, Vl E
Ai
then s ( U ) #
0
0
and fn(u, s ( U ) ) # 0 .
Proof. By induction on [u, Crl E A i . We consider clause 3: u = 7. We only have to show that s ( U ) # 0 . If U = 0 then s ( V ) = 0, and if U = v&V then we have [v,V1 E hi, so by the induction hypothesis s ( V ) # 0 and fn(v,s(V)) # 0 and therefore s ( U ) # 0. We will also consider clause 4: u = ( u l ) u2. We have typ(u,U) = 0 , [ u l , U ] E A;, [u2,U] E A i , typ(u1,U) --H v l and 212 -H [vl] v2. By the induction hypothesis fn(u1, s ( U ) ) # 0 and fn(u2, s ( U ) ) # 0 . Putting fn(ul,s(U))T = a we have fn(typ(ul,U),s(U))T = a by Lemma 11.2 and fn(vl,s(U))T = a by Lemma 7.5. Also by Lemma 7.5 we have fn(u2, s ( U ) ) t = fn([vl]v2, s ( U ) ) t = a + p for some p, hence fn(u, s ( U ) )# 0. 0 We leave the other cases to the reader. As a consequence we have
Theorem 11.1. Strong normalization for A,. If [u, Ul E A, then u strongly normalizes.
0
ACKNOWLEDGEMENT
I want to express my gratitude to R. Nederpelt for his encouragement and his careful reading of the original text, where he suggested some improvements and detected a serious error.
This Page Intentionally Left Blank
PART D Text Examples
This Page Intentionally Left Blank
687
Example of a Text written in Automath N.G. de Bruijn
[Editor’s comments This early text is written in the first full-fledged version of an Automath language, later to become known as AUT-68. It covers some elementary logic and the notions of set, powerset and set inclusion. An introduction to the language AUT-68 can be found in this Volume flvan Benthem Jutting 81 (B.l)]). First a f e w remarks on features that are particular of this text and on the way at has been reproduced here. (1) Early 1968 d e Bruijn still used the term sort instead of type. We have
not changed this terminology.
(2) In the original text one finds vertical lines as indicators of the scope of the variables, like in Natural Deduction in the style of Fitch [Fitch 521. These lines are redundant, although they enhance readability. They have been deleted in this reproduction. (3) In some places, especially at the opening of each new section, you will find a few lines that have been placed between brackets. These lines are superfluous in the sense that deleting them would affect neither the correctness nor the meaning of the text. They redefine a context that could have been just picked up from the preceding sections. De Bruijn included these lines as reminders, saving the reader the trouble of searching the text for the proper identifiers. Since they definitely contribute to the readability, we have reproduced both the lines and the brackets.
(4) The division
of the text in sections with descriptive headers is from the original. So are the comments between the lines.
(5) The text has never been checked on a computer. A few obvious mistakes
have been corrected.
688
N.G. de Bruijn
We.continue with a few short comments on the handling of logic in terms of bool and T R U E . Once this mechanism is understood, it is not dificult to read the plain Automath text. Consult on this subject also the rCsumCs of [D.1] and [A.2] in the Introduction. Section 12 of [van Benthem Jutting 81 ( B . l ) ] , entitled ‘Logic’, contains a more recent text fragment developing some logic. It may be instructive to compare the two texts. 1.1-1.3. The primitive type bool of propositions (here called ‘booleans’) is introduced, and for each boolean x the connected assertion type T R U E ( x ) . The idea is that a boolean will be true if its assertion type is inhabited. 1.4 C O N T R is defined as the type of functions that attach to each boolean v an assertion of v. Such a function could of course be taken as an assertion of a contradiction, and in a pure propositions-as-types setting it would be natural to view the type C O N T R itself as the proposition that in a canonical way represents falsity. Here the corresponding proposition (boolean) can be obtained via the nonempty-construction that now follows. 1.9-1.13. To each type ksi corresponds a boolean nonempty(ksi). Its assertion type TRUE(nonempty(ksi)) is inhabited if ksi is. This construction may look a bit artificial: why is not ksi itself taken as the assertion type? The answer is that we already have the uniform construction of the TRUE-types as the assertion types of booleans, and there is no way to make ksi and TRUE(nonempty(ksi)) definitionally equal. It is noteworthy that i n the present text de Bruijn not always takes the trouble to explicitly construct the TRUE-type, or even the bool. A typical example is Section 2. Both the equality axioms and the reasoning on equality are entirely in terms of thc types IS(ksi,x,y). The corresponding boolean equal is defined in line 2,3, but never used, the assertion type does not occur at all. A s a matter of fact, the IS-types here already have taken the role of the propositions. A similar observation could be made e.g. on implication (IMPL, defined in line 4.7). I n other places the booleans are used in an essential way, though. I n particular the type [u : ksi] bool plays an important role. First, in Section 7 on quantification, as the type of predicates on ksi, and then again in Section 13, as the type of sets over ksi. A final remark seems in order on the kind of logic that is at issue. De Bruijn has always emphasized that Automath is neutral with respect to the logical principles that one wants to accept or reject. This view is reflected in the present text b y the manner i n which he handles non-constructive principles. Two such principles (or rather, corresponding types) are defined as PARADISE I and I 1 (line 7.15 and 1.19). Metaphorically speaking, a type ksi has an inhabited PARADISE I 1 if the double-negation law holds for ksi. However, there is no axiom ( P N ) stating that PARADISE II(ksi) is inhabited for each ksi. I n particular, this is not assumed for the TRUE-types, so that we obtain intuitionistic and not
Example of a text written in Automath (D.1)
689
classical logic for the inhabitants of bool. (The names bool and TRUE may be felt to be a bit misleading here.) In Section 12, line 12.1, the type EXCLTHIRD is defined. An inhabitant of EXCLTHIRD would yield that all TRUE-types are in PARADISE 11. Then in line 12.7 a non-constructive notion of truth, called VALID, is defined as truth on the assumption of EXCLTHIRD. The upshot is that intuitionistic and classical logic live happily together in the guises of TRUE and VALID.
R.C. de Vrijer]
1. BOOLEANS 1.1 0 1.2 0 1.3 x
@ bool
1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18
:= PN
: sort
@ X
.-.- _ _ - - -
@ TRUE
:= PN
: sort
0 0 a b 0 ksi ksi a ksi a
@ CONTR
:= [v:bool]TRUE(~)
: sort
ksi ksi x u x
Q EMPTY
@ a @ b @ then 1 @ ksi @ nonempty @ a Q then 2 @ a @ then 3
.-...-
_____ _____
:= (b)a
..-
_____
:
TRUE(b)
: : : : :
sort
:= P N := [u:ksi]CONTR
: sort
:= PN
.-.- _ _ _ - _ := PN
..- _ _ _ _ _
@ U
Q then 4 @ then 5
:= (x)u := [t:EMPTY (ksi)]
__--_
___-_
then 4 (t) 1.19 ksi
: CONTR : bool
bool ksi TRUE(nonempty) TRUE(nonempty) : ksi
.-..-
@ X
: bool
: ksi : EMPTY(ksi) : CONTR :
EMPTY(EMPTY( ksi))
@ PARADISE I1 := [t:EMPTY(EMPTY(
ksi))]ksi
: sort
N.G. de Bruijn
690 2. EQUALITY
0 ksi
Q (ksi Q (x
2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9
Q y x y Q IS Q equal y x Q reflexive y Q ass 1 ass 1 Q symm ass 1 Q z z Q ass 2 ass 2 @ transitive
2.10 2.11 2.12 2.13 2.14 2.15
ksi theta x1 P 1 x2 ass 3
: sort) :
ksi)
.- _ _ _ _ _ := P N
:= nonempty(1S) := PN
.-.-
_____
:= PN _____
...-
_____
:= PN
Q theta
: sort
Q x1
:
@ P 1 Q x2 Q ass 3 @ then 6
:
ksi [t:ksi]theta : ksi : IS(ksi,xl,x2) : IS(theta, (xl)P 1,
Q P2
: [x:ksi]theta
Q ass 4
:
(X2)Pl) 2.16 P 1 2.17 P 2
2.18 ass 4 Q then 7 2.19 P 2
0 ass 4a
2.20 ass 4a Q then 7a
:= PN
IS([x:ksi]theta, Pl,P2) : [x:ksi]IS(theta,
.-.-
: [x:ksi]IS(theta,
(X)Pl,(X)P2) _____
:= PN
:
( 4 P1,W 2 ) IS([x:ksi]theta, Pl,P2)
Example of a text written in Automath (D.1)
691
Za. Ifelse 2”.1 2”.2 2”.3 2”.4 2”.5 2”.6 2”.7 2”.8
0 ksi x a a ass 4b a ass 4c
@ @ @ @ @ @ @ @
(ksi (x a ifelse ass 4b then 7b ass 4c then 7c
: sort) : ksi) :
bool
: ksi : TRUE(a) : IS(ksi,ifelse,x) : IS(ksi,ifelse,x) : TRUE(a)
2b. Equality for two sorts 2b.l 0 2b.2 ksi 2b.3 eta 2b.4 a 2b.5 b 2b.6 b 2b.7 b 2b.8 ass4d 2b.9 eta 2 b . 1 zeta ~ 2b.lla 2b.12 b 2b.13 c 2b.14 ass 4e 2b.15 ass 4f
@ (ksi @ eta @ a @ b @ ISS @ equal1 @ ass 4d @ symmm @ zeta @ a @ b @ c @ ass 4e @ ass 4f @ transitivv
: sort) : sort : ksi :
eta
: sort
bool : ISS(ksi,eta,a,b) : ISS(eta,ksi,b,a) :
: sort :
ksi
: eta : zeta
ISS(ksi,eta,a,b) ISS(eta,zeta,b,c) : ISS(ksi,zeta,a,c)
:
:
C o m m e n t : T h e PN’s in 2.2, 2.6, 2.9 can n o w be replaced respectively b y ISS(ksi, ksi,x,y), symmm(ksi,ksi,x,y); transitivv(ksi,ksi,ksi,x,y,z). 2‘.
2‘.1 2‘.2 2‘.3 2c.4
Embedding 0 ksi eta p
@ @ @ @
(ksi (eta p EMBED
...-
_____
: sort)
_____ _____
: sort)
:=
[t:eta]ISS(ksi,eta,(t)p,t)
: sort
1-
:
[x:eta]ksi
N.G. de Bruijn
692 2'.5 p 2".6 w
@ w @ image
.- _ _ _ _ -
:
EMBED
:= [x:ksi]nonempty (
EXISTS(eta,[b:eta] equal( (b)P9x11
: [x:ksi]bool
[Note: EXISTS is still to be defined i n line 7.2. So this Section 2' should, as a matter of fact, be placed after Section 7.1
3. PAIRSORT 0 ksi
@ (ksi @ (theta
3.1 3.2 3.3 3.4
theta theta x y
@ @ @ @
3.5 3.6 3.7 3.8
theta u u u
@ u 0 first @ second @ then 8
pairsort x y pair
.-.- _ _ _ _ _ .- _ _ _ _ :=
PN
: sort) : sort)
sort
:= P N
: : : :
ksi theta pairsort
.-.-
:
pairsort
.- _ _ _ _ _ .- _ _ _ _ _ ___--
:= P N := P N := P N
: IS(pairsort,u,
:= P N := P N
: IS(ksi,x,first(pair)) : IS(theta,y,
: ksi :
theta pair(first,second))
3.9 y 3.10 y
@ then 9 @ then 10
second( pair))
4. BOOLEQUAL, IMPLICATION 4.1 4.2 4.3
0 a b
@ a @ b @ c
.- _ _ _ _ _ .- _ _ _ _ _ .- _ _ _ _ _
4.4 4.5
c b
@ then 11 @ d
:= P N
.-
_____
bool bool : pairsort( [t:TRUE (a)]TRUE(b),[s: TRUE(b)]TRUE(a)) : IS(bool,a,b) : IS(bool,a,b)
:
:
Example of a text written in Automath ( D. l) @ then 12
4.6
d
4.7 4.8 4.9 4.10
b @ b @ ass 1 @ ass 2 @
IMPL ass 1 ass2 modpon
:= PN
693
:
pairsort([t:TRUE (a)]TRUE(b),[s: TRUE(b)]TRUE(a))
:= [u:TRUE(a)]TRUE(b) : s o r t .- _ _ _ _ _ : TRUE(a) .- - _ _ _ _ : IMPL := (ass 1)ass 2 : TRUE(b)
..-
5. SOME LOGICAL CONSTANTS
5.3
0
5.4
0
@ contradiction := nonempty(C0NTR) @ OBVIOUSLY := IMPL(contradiction, contradiction) @ trivial := nonempty( OBVIOUSLY) @ now 1 := [u:TRUE(
5.5
0
@ now 2
:= then 2
5.6
0
@ now 3
:= [u:CONTR]u
: TRUE(trivia1) : EMPTY(C0NTR)
..-
:
5.1 5.2
0 0
contradiction)]^ (OBVIOUSLY,now 1)
: bool : sort : bool :
OBVIOUSLY
6. NON, A N D 6.1 6.2 6.3
0 b b
@ b @ NON @ non
6.4 6.5
b c
6.6
_____
bool
:= EMPTY(TRUE(b)) := nonempty(N0N)
: sort : bool
@ C
..-
: bool
@ AND
:= pairsort (TRUE(b),
c
@ and
:= nonempty(AND)
:
6.7 6.8
c if
@ if @ then 12a
.-.-
: AND
6.9
if
@ then 12b
_____
TRUE(c))
_____
: sort
bool
:= first (TRUE(b),
TRUE(c) ,if)
: TRUE(b)
:= second(TRUE( b) ,
TRUE(c),if)
: TRUE(c)
N.G. de Bruijn
694
6.10 b 6.11 if
@I
6.12 b 6.13 if
Q if @ then 12d
6.14 b 6.15 if
Q if
if @I then 12c
@I
then 12c
.-
_____
:= then 3(NON(b),if)
.-.-
_____ := then 2 (NON(b),if)
.- - _ _ _ _
: TRUE(non(b)) : NON(b) : NON(b) : TRUE(non(b))
:= then 5 (TRUE(b) ,if)
: TRUE(b) : EMPTY(NON(b))
.- _ _ _ _ _ .-
: sort)
7. EXISTS, ALL
(ksi
0
@I
7.1 7.2 7.3 7.4 7.5
ksi P P v ass 1
P @I EXISTS @I v @I ass 1 @I then 13
7.6 7.7 7.8
P ass 2 ass 2
@I
7.9 7.10 7.11 7.12
P P
@I
@I
@I @I
ass 2 then 13a then 13b
ALL @ (v v @ ass 3 ass 3 @I specialize
.-.-
_____ := PN
.- _ _ _ _ _ .- _ _ _ _ _ := P N
..-
_____
:= PN := PN
:= [u:ksi]TRUE((u)P) .- _ _ _ _ _
.- _ _ _ _ _ :=
(v)ass 3
: : : :
[u:ksi]bool sort
ksi TRUE((v)P) : EXISTS : EXISTS : ksi :
TRUE( (then 13a)P)
: sort : ksi) : ALL :
TRUE((v)P)
7.13 P 7.14 P
Q NONEXIST := [u:ksi]NON((u)P) : sort @I WEAKEXIST := EMPTY(N0NEXIST) : s o r t
7.15 ksi
@ PARADISE I := [Q:[u:ksi]bool] [t:WEAKEXIST( Q)] EXISTS(Q) @I a .-.- _ _ _ _ _ .- _ _ _ _ _ @ b @ then 14
7.16 P 7.17 a 7.18 b
: : : :
sort
PARADISE1 WEAKEXIST (P) EXISTSfP’I
Example of a text written in Automath (D.l)
695
8. CONSTANT FUNCTIONS 0 ksi
8.1 8.2
8.3 8.4 8.5 8.6
@ ksi @ theta
theta @ pi pi @ CONSTANT
g a b c
@ 0 @ @
a b c then 15
.- _ _ _ _ ...- _ _ _ - -
: sort : sort
.- _ _ _ - .-
: [t:ksi]theta
:=
[s:ksi][t:ksi]IS(theta, (t)Pi,(S)Pi)
..- _ _ _ _ -
..-.-
_____
____-
:= (a)(b)c
: sort : : : :
ksi ksi CONSTANT IS(theta,(a)pi, (b)Pi)
9. CONDITIONAL BRACING
9.1 9.2
0
@ (ksi
ksi
@ P @ h
P
9.3 9.4 9.5 9.6
h x x h
@ X
9.7 9.8 9.9
x a a
@ a @ then 17 0 then 18
9.10 a
@ then 19
@ sigma @ then 16 @ Q
.- _ _ _ - -
: [t:ksi]bool : [t:ksi][s:TRUE(
..-
(t)P)]boo1 _____
:= TRUE( (x)P) := EXISTS(sigma, (x)h) := [t:ksi]nonemtpy(
then 16(t))
.- _ _ _ - -
1-
:= then 3(then 16,a) := then 13a(sigma, (x)h ,
then 17)
@ a @ b @ then 20
: ksi : sort : sort : [t:ksi]bool : TRUE((x)Q) : then 16 : TRUE((x)P)
:= then 13b(sigma,(x)h,
then 17) 9.11 x 9.12 a 9.13 b
: sort)
..- - _ _ _ _ .-.- _ _ _ - _ := then 13(TRUE((x)P),
: TRUE(
(then 18)(x)h) : TRUE((x)P) : TRUE((a)(x)h)
N.G. de Bruijn
696
9.14 b 9.15 b
Q then 21 @ then 22
:= then 2(then 16, then 20) : TRUE((x)Q)
:= then 2(then 16, then 13
(sigma,(x)h,a,b))
:
TRUE((x)Q)
_____
: sort) : [t:ksi]bool)
10. DIRECT BRACING
0 ksi 10.1 P 10.2 Q
Q (ksi Q (P Q Q @ R
.-
.- _ _ _ _ _
.- - _ _ _ _ := [t:ksi] and ((t)P,(t)Q)
: [t:ksi]bool : [t:ksi]bool
11. NAMECHANGING @ NAME @ dash
:= PN := PN
Q ksi Q classin
:= pairsort ([t:ksi]bool,
11.5 ksi 11.6 c
@ C
.-
@ predicof
:= first([t:ksi]bool,
11.7 ksi 11.8 d
@ d @ classof
11.1 11.2 11.3 11.4
0 0 0 ksi
.- - - _ _ _
..-
NAME) _____
NAME,c) _____
11.9 0 11.10 0
@ NAME 2 @ dot
11.11 0 11.12 ksi
.- _ _ _ _ _ @ (ksi @ PREDICATE := pairsort([t:ksi]bool, NAME 2) .-.- _ _ _ _ _ 8 C
:= PN := PN
@ predicup
:= first([t:ksi]bool,
@ d @ predicdown
:= _ _ _ _ _
NAME 2,c) 11.15 ksi 11.16 d
: sort : classin : t:ksi]bool : [t:ksi]bool
:= pair([t:ksi]bool,
NAME,d,dash)
11.13 ksi 11.14 c
: sort
: NAME : sort
: classin(ksi) : sort :
NAME 2
: sort)
: sort : PREDICATE : [t:ksi]bool : [t:ksi]bool
:= pair([t:ksi]bool,
NAME S,d,dot)
: P,REDICATE
Example of a text written in Automath (D.l) 11.17 0 11.18 ksi 11.19 theta 11.20 P 11.21 a
@ (ksi @ (theta
@ P @ a @ then 25
.- _ _ _ _ _ .- _ - - _ _ .- _ _ _ _ _ .- _ _ _ _ _ 1-
697
: : : :
sort) sort)
:= [s:ksi]((s)P)a
[t:ksi]theta EMPTY(theta) : EMPTY(ksi) : EMPTY(ksi)
@ b
.- _ - - _ _
@ then 26
:= then 25(TRUE(
11.24 ksi
@C
11.25 c
@ then 27
nonempty(ksi)) ,ksi,[s: TRUE(nonempty(ksi))] then 3(s),b) : EMPTY(TRUE( nonempty (ksi))) .- _ _ _ _ _ : EMPTY(TRUE( nonempty (ksi))) := then 25(ksi,TRUE( nonempty(ksi)) ,[s:ksi] then 2(s),c) : EMPTY(ksi)
11.26 0 11.27 b 11.28 x
@ X
..-.-
@ then 28
:= then 3(EMPTY(
11.22 ksi 11.23 b
@ b
_____
_____
: boo1 : TRUE(non( non( b)))
TRUE(non(b)),x)) 11.29 x
@ then 29
:= then 27(NON(b),
11.30 x
@ then 30
:= then 29
: EMPTY(NON(b)) : EMPTY(EMPTY(
11.31 b
Q Y
.-
: EMPTY (EMPTY(
11.32 y 11.33 y
@ then 31 @ then 32
:= y := then 26(NON(b),
11.34 y 11.35 b 11.36 z
@ then 33 @ Z
:= then 2(NON(non(b)) ..- _ _ _ _ _
@ then 34
:= then 5(TRUE(b) ,z)
11.37 z
@ then 35
:= then 33(TRUE(b),
then 28)
_____
TRUE@))) TRUE(b))1
then 31)
then 34)
: EMPTY(NON(b)) : : : :
NON(non(b)) TRUE(non(non( b))) TRUE(b) EMPTY(EMPTY( TRUE@)1)
: TRUE(non(non( b)))
N.G. de Bruijn
698
12. EXCLUDED THIRD 12.1 0
@ EXCLTHIRD := [t:bool]PARADISE 11(
12.2 12.3 12.4 12.5 12.6 12.7
@ excl @I a @ if @ then 36 63 (b @ VALID
.- _ - _ _ _ .-.- _ - - _ _ .- _--__
: EXCLTHIRD : bool : EMPTY(NON(a))
:= (a)(if)excl
:
if @ then 37
.- ---__
:
:= [s:EXCLTHIRD]if
: VALID(b)
TRUE(t)) 0 excl b if 0 b
12.8 b 12.9 if
@I
.- _ - - _ _ :=
[s:EXCLTHIRD] TRUE(b)
: sort
TRUE(a)
: bool) : sort
TRUE(b)
Comment: VALID is the notion of truth in non-intuitionistic logic.
12.10 b 12.11 p 12.13 q 12.14 q 12.15 p
.-.-
@ P
@ q @ then 38 @I then 39 @I then 40
_-___
.- ---__ := (q)P := then 35(then 38)
@ P @ q @ then @I then @ then @ then
40a 41 42 42a
: :
TRUE(b) TRUE(non(non(b)))
:= [xEXCLTHIRD]
then 39(s) 12.16 b 12.17 p 12.18 q 12.19 q 12.20 q 12.21 p
: VALID(b) : EXCLTHIRD
: VALID(non(non(b)))
.- ---__ .-.- _ _ _ _ _
:
(q)P then 30(then 40a) := then 36(q,b,then 41) := [s:EXCLTHIRD] then 42(s)
:
:= :=
VALID(non(non(b)))
: EXCLTHIRD
TRUE(non(non(b)) )
: EMPTY(NON(b)) : TRUE(b) : VALID(b)
13. SETS
13.1 13.2 13.3 13.4 13.5 13.6 13.7
0 ksi ksi x s s ksi
(ksi @ set @I x
@I
s EST1 @ esti @ s @I @I
.- --_-_ .:= [x:ksi]bool
..-
_-___
--___
:= TRUE((x)s) := (x)s
.-.-
_-___
: sort)
: sort : ksi : set : sort : bool :
set
Example of a text written in Automath (D.1) 13.8 s 13.9 t
@ t @ INCL
..-
13.10 t 13.11 ksi 13.12 s 13.13 ksi 13.14 ksi 13.15 x 13.16 ksi 13.17 ksi 13.18 x 13.19 ass
@ incl
:= nonempty(1NCL) := _ _ _ _ _
@ then 43 @ emptyset QX @ assume @ then 44
:= now 2 := [x:ksi]contradiction := _ _ _ _ _
13.20 ass
Q then 45
:= then 3(CONTR,
13.21 x
@ then 46
:= [t:ESTI(x,emptyset)]
_____
(s @ powerset Q universe @ X
:= [x:set]incl(x,s) := [x:ksi]trivial
..-
_____
14. TRANSITIVITY
14.1 ksi 14.2 14.3 14.4 14.5 14.6 14.7 14.8
s t r
Q (s
@ t @ r
@ ass 1 ass 1 @ ass 2
ass 2 @ x x @ ass 3 ass 3 Q then48
14.10 ass 3 @ then 50
: : :
:
:= then 46
ESTI(x,universe) set ksi ESTI(x,emptyset) TRUE( contradiction)
: CONTR
EMPTY(ESTI( x,emptyset)) : NON(esti( x,emptyset)) :
OF SET-INCLUSION :=
...-.....-
__------_____ _____ ____-
____-
:= _ _ - - -
: set) : set : set : INCL(s,t) : INCL(t,r) : ksi :
TRUE((x)s)
:= then 3(IMPL( (x)s,(x)t) ,
(x)ass 1) 14.9 ass 3 @ then 49 @ refl 14.9” s
:
:= assume
then 45 @ then 47
: sort : boo1 : set) : set(set(ksi)) : set : ksi
..- -_-_-
then 44)
13.22 x
: set
:= ALL( ksi,[u:ksilnonempty
(IMPL((uh(u)t))) @
699
:= (ass 3)then 48 := [u:ksi]
: IMPL((x)s,(x)t) : TRUE((x)t)
then 2(IMPL((u)s, ( 4 s ) J Y :TRUE((u)s)ly) : INCL(s,s) := then 49(t,r,r,ass 2, refl(r),x,then 49) : TRUE((x)r)
N.G. de Bruijn
700 14.11 x
@ then 51
:= [p:TRUE((x)s)]
14.12 x
@ then 52
:= then 2(IMPL( (x)s, (x) r) ,
then 50(p)
: IMPL((x)s,(x)r)
then 51) 14.13 ass 2 @ then 53
:= [t:ksi]then 52(t)
15. INCLUSION INDUCED IN POWERSET 15.1 15.2 15.3 15.4 15.5
ksi s t ass 4 u
@ @ @ @
set) set) INCL(s,t) set : TRUE((u) powerset (s)) : TRUE(incl(u,s)) : : : :
(s
(t ass 4 u @ a
15.6 a 15.7 a
@ then 54 @ then 55
15.8 a
@ then 56
15.9 a
Q then 57
15.10 a
62 then 58
..- a := then then := then then := then then := then
15.11 u
@ then 59
:= [a:TRUE((u)powerset(
3(INCL(u,s), 54) 53(u,s,t, 55,ass 4) 2(INCL(u,t), 56) 57
: INCL(u,s) : INCL(u,t) : TRUE(incl(u,t)) : TRUE( (u)
powerset( t)) s))]then 58
: IMPL(
(u)powerset (s), (u) powerset (t)) 15.12 u
@ then 60
:= IMPL((u)powerset(s),
15.13 u
@ then 61
:= then 2(then 60,
(u)powerset (t)) then 59)
: sort : TRUE(nonempty(
then 60)) 15.14 ass 4 @ then 62
:= [t:set]then 61(t)
: INCL(set,
powerset (s), power set (t ) )
70 1
Checking Landau’s “Grundlagen” in the Automath System Parts of Chapters 0, 1 and 2 (Introduction, Preparation, Translation) L.S. van Benthem Jutting
CHAPTER 0. INTRODUCTION 0.2. The book translated At an early stage of the Automath project the need was felt to translate an existing mathematical text into an Automath language, first, in order to acquire experience in the use of such a language, and secondly, to investigate to what extent mathematics could be represented in Automath in a natural way. As a text to be translated, the book “Grundlagen der Analysis” by E. Landau [Landau 301 was chosen. This book seemed a good choice for a number of reasons: it does not presuppose any mathematical theory, and it is written clearly, with much detail and with a rather constant degree of precision. For a short description of the contents of Landau’s book see 2.0.
0.3. The language of the translation The language into which Landau’s book has been translated is AUT-QE. A detailed description and a formal definition of this language is given in [van Daalen 73 (A.3)]. I will use the notations introduced there whenever necessary. Where in the following text a concept introduced in [van Daalen 73 (A.3)] is used for the first time, it will be displayed in italics, with a reference to the section in [van Daalen 73 (A.3)] where it occurs. The language of the translation differs from the definition in [van Daalen 73 (A.3)] in one respect, viz. the division of the text into paragraphs [van Daalen 73 (A.3), 2.161. By this device the strict rule that all constants [van Daalen 73 (A.3), 2.6, 5.4.11 in an AUT-QE book [van Daalen 73 (A.3), 2.13.1, 5.4.41 should be different is weakened to the more liberal rule that all constants in one paragraph have to differ. Now, in a line [van Daalen 73 (A.3), 2.13, 5.4.41, reference to constants defined in the paragraph containing that line is as usual, while reference to constants defined in other paragraphs is possible by a suitable
L.S. van Benthem Jutting
702
reference system. For a more detailed description of the system of paragraphing, see Appendix 2 [not an this Volume]. In contravention of the rules for the shape and use of names in AUT-QE, we will in examples in the following text not restrict ourselves to alpha-numeric symbols, and occasionally we use infix symbols. (Of course, in the actual translation of Landau’s book, these deviations from proper AUT-QE do not occur.)
CHAPTER 1. PREPARATION In this chapter the logic which Landau presupposes is analysed and its representation in AUT-QE is described. 1.0. The presupposed logic
In his Vorwort fur den Lernenden” Landau states: “Ich setze logisches Denken und die deutsche Sprache als bekannt voraus”. Clearly, in the translation AUT-QE should be substituted for “die deutsche Sprache”. The proper interpretation of “logisches denken” must be inferred from Landau’s use of logic in his text. This appears to be a kind of informal second (or higher) order predicate logic with equality. In the following some characteristics of Landau’s logic will be discussed, and illustrated by quotations from his text. (i)
Variables have well defined ranges which are not too different from types [van Daalen 73 (A.3), 2.21 in AUT-QE. Cf.: -
On the first page of “Kapitel 1”: “Kleine lateinische Buchstaben bedeuten in diesem Buch, wenn nichts anderes gesagt wird, durchweg naturliche Zahlen” .
- In “Kapitel2, $5’’ : Grosze lateinische Buchstaben bedeuten durchweg,
wenn nichts anderes gesagt wird, rationale Zahlen”. (ii)
Predicates have restricted domains, which again can be interpreted as types in AUT-QE. Cf.: -
-
“Satz 9: Sind 2 und y gegeben, so lie@ genau eine der Falle vor:
(1) 2 = y. (2) Es gibt ein u mit 2 = y + u ...” etc. It is clear that u (being a lower case letter) is a natural number, or u E nat. “Definition 28: Eine Menge von rationalen Zahlen heiszt ein Schnitt, wenn ...”.
Checking Landau’s “Grundlagen”, Prepaxation (0.2)
703
Here it is apparent that being a “Schnitt” is a predicate on the type of sets of rational numbers. (iii)
When, for a predicate P , it has been shown that a unique x exists for which P holds, then “the x such that P” is an object. Cf.: - “Satz 4, zugleich Definition 1: Auf genau eine Art laszt sich jedem
Zahlenpaar x,y eine natiirliche Zahl, x+y genannt, so zuordnen dasz ... . x y heiszt die Summe von x und y”.
+
+
X > Y so hat X U = Y genau eine Losung U . Definition 23: Dies U heiszt X - Y”.
- “Satz 101: 1st
(iv)
The theory of equivalence classes modulo a given equivalence relation, whereby such classes are considered as new objects, is presupposed by Landau. Cf.: -
The text preceding “Satz 40”: “Auf Grund der Satze 37 bis 39 zerfallen alle Briiche in Klassen, so dasz x1 -
N
22
und
y1
Y2
dann und nur dann, wenn
21
-
22
derselben Klasse angehoren”. Y2
-
“Definition 16: Unter eine rationale Zahl versteht mann die Menge aller einem festen Bruch aquivalenten Bruche (also eine Klasse im Sinne des fj1)”.
(v)
The concepts “function” and “bijective function” are vaguely described. Cf.: - “Satz 4” (see (iii) above).
< y so konnen die m eineindeutig bezogen werden” .
- ‘‘Satz 274: 1st x
- “Satz 275: Es sei x fest, f(n)fur n
5 x nicht auf die n 5 y
5 x definiert. Dann gibt es genau
ein fur n 5 x definiertes gz(n)mit folgenden Eigenschaften ...” followed by the “explanation”: “Unter definiert verstehe ich: als komplexe Zahl definiert” , This explanation might be interpreted to indicate the typing of the functions f and g. (vi)
Landau defines and uses partial functions. Cf.: -
“Definition 14: Das beim Beweise des Satzes 67 konstruierte spezielle 211
-
212
heiszt
21
-
22
Y1 --
...‘I.
Y2
nition, only applies if
Here the construction. and therefore the defi21
-
22
> y1 -.
Y2
L.S.van Benthem Jutting
704
- “Definition 56: Das Y des Satzes 204 heiszt
-
r”. This definition deH
pends upon H # 0. - “Definition 71”,where Landau states explicitly: “Nicht definiert ist x” also lediglich fur x = 0, n 5 0”.
X > Y folgt X = ( X - Y )+ Y”. “Satz 240: 1st y # 0 so ist - . y = x”. Y
- “Satz 155: Beweis: 11) Aus -
X
- “Satz 291: Es sei
xy . x y .
n > 0 oder
XI
# 0, xz #
0. Dann ist
( ~ 1 . ~= 2 ) ~
In these last three examples we see “generalized implications”: the terms occurring in the consequent are meaningful only if the antecedent is taken t o be true. A similar situation will be encountered in (vii). (vii) Definitions by cases, sometimes of a complicated nature, are used. Cf.: -
“Definition 52:
f -(Pl+IHl) 181- IHI
-=+H =
0
-(IHI - 1Bl) H+E H
I
-
wennBc0, H
I
- “Definition 71:
IElX
I”={
1
1
wenn n
> 0.
wennx#O,
n=O.
w e n n x # O , n
Notice that in these two definitions, in some of the cases the definiens is not defined when the corresponding condition does not hold, (“generalized definition by cases”), and also that, in some cases, there is in the definiens a reference to the definiendum. (viii) In his text Landau only occasionally mentions predicates and relations; usually he refers to sets. Cf.: -
“Axiom 5: Es sei A4 eine Menge naturlicher Zahlen mit den Eigenschaften:
705
Checking Landau’s “Grundlagen”, Preparation (0.2) (1) 1 gehort zu M. (2) Wenn x zu M gehort, so gehort x’ zu
M.
Dann umfaszt M alle natiirlichen Zahlen” . -
“Satz 2: x’ # x. Beweis: M sei die Menge der x, fur die dies gilt..”.
However, in the text preceding “Definition 26”: - “Da =, >, <, Summe und Produkt den alten Begriffen entsprechen...”.
(ix)
Landau considers (ordered) pairs of objects. In Chapter 2 the components of such pairs remain clearly visible in their names: he does not refer to “the pair 5 with components x1 and 2 2 ” , but only t o “the pair ~ 1 ~ x 2 ” . Nevertheless it is clear from his words that he considers such a pair as one object. Cf.: - “Definition 7: Unter einem Bruch 21 - versteht man das Paar der natiir-
lichen Zahlen -
“Definition 8:
22
XI, 2 2
21
-
22
N
(in dieser Reihenfolge)”. y1 - wenn xly2 = y1x2”. y2
In Chapter 5, however, variables for pairs are used. Cf.: -
“Definition 57: Eine komplexe Zahl ist ein Paar reeller Zahlen E1,E2 (in bestimmter Reihenfolge). Wir bezeichnen die komplexe Zahl mit [El,E:2]”.
This definition is immediately followed by - “Kleine deutsche Buchstaben bedeuten durchweg komplexe Zahlen” .
The two notations are linked in the following way: -
“Definition 60: 1st x = [E,,E2], y = H2]”.
E2, Hi
(x)
+
[H1,H2], so
ist x
+ y = [El +
Finally it should be pointed out that some of Landau’s proofs and remarks tend to a kind of intuitive reasoning which is not easily represented in a formal system. A first example of this is the treatment of equality in “Kapitel 1, 51”. - Yst x gegeben und y gegeben, so sind entweder x und y dieselbe Zahl;
das kann man auch x = y schreiben; oder x und y nicht dieselbe Zahl; das kann man auch z # y schreiben. Hiernach gilt aus rein logischen Griinden:
L.S. van Benthem Jutting
706 ( 1 ) x = x fur jedes x. (2) Aus x = y folgt y = X . (3) Aus x = y, y = z folgt x = z ” .
Here it seems that Landau derives the properties of equality from reflection on the properties of a mathematical structure. They are not theorems or axioms but intuitively true statements. Substitutivity of equal objects, though used frequently in the proofs of subsequent theorems, is never mentioned. Other examples of proofs with intuitive components may be found where Landau, in a glance, takes in a complex logical situation. Cf.: -
“Satz 16: Aus x 5 y, y < z oder x < y, y 5 z folgt x < z . Beweis: Mit dem Gleichheitszeichen in der Voraussetzung klar; sonst durch Satz 15 erledigt”.
- “Satz 20: Aus x
+ z > y + z bzw. x + z = y + z bzw. x + z < y + z
folgt x > y bzw. x = y bzw. x < y. Beweis: Folgt aus Satz 19 d a die drei FQle beide Male sich ausschlieszen und alle Moglichkeiten erschopfen” . A somewhat different example, which involves what might be called “metalogic”, is the text preceding “Definition 26”, where it is indicated how a number of theorems might be proved, without actually proving them. I will return to this in 2.1 (viii).
1.2. The representation of logic in AUT-QE The logic considered by Landau to be “logisches Denken”, as described in the previous section, has been formalized in the first part of the AUT-QE book, called “preliminaries”, which, unlike the other parts, does not correspond to an actual chapter of Landau’s book. A possible way of coding logic in AUT-QE has been described in [van Daalen 73 (A.3), 3, 41. In addition to this description we stress a few points on the interpretation of AUT-QE lines [van Daalen 73 (A.3), 2.13, 5.4.41. Adopting the terminology introduced in [Zucker 77 (A.4)] we shall call expressions of the form [ X I : a11 ... [xk : a k ] type (with k 2 0) (i.e. t-expressions of degree I) l t expressions and expressions of the form [ X I : a11 ... [xk : a k ] prop (again with k 2 0) lp-expressions. Expressions having I t - and lpexpressions as their types, will be called 2t-expressions and 2pexpressions, respectively. Finally, 3t- and 3pexpressions have 2t- and Ppexpressions as their types. Now a 2t-expression will be used to denote a type (or “class”). If its type is an abstraction expression [van Daalen 73 (A.3), 2.8, 5.4.21 then it denotes
Checking Landau’s “Grundlagen”, Preparation (0.2)
707
a type of functions. A 2pexpression denotes a proposition or a predicate. A 3t-expression denotes an object (of a certain type) and a 3pexpression a proof (of a certain proposition). The interpretation of an AUT-QE line having a certain shape (EB-line, PNline or abbreviation line [van Daalen 73 ( A . 3 ) , 2.13, 5.4.41) will depend on its category part [van Daalen 73 ( A . 3 ) , 2.13.11 being a It-, lp, 2t- or 2pexpression. So we arrive at the following refinement of the scheme in [van Daalen 73 (A.3), 4.51.
Shape of the line:
Category-part lt-expression introduces a type variable
lpexpression introduces a proposition or predicate variable
2t-expression introduces= object variable (of the stated type)
PN-line
introduces a primitive type constant
introduces a primitive object (of the stated type)
Abbreviation line
defines a type in terms of known concepts
introduces a primitive proposition or predicate constant defines a proposition or predicate in terms of known concepts
EB-line
defines an object (of the stated type) in terms of known concepts
2pexpression introduces the stated proposition as an assumption introduces the stated proposition as an axiom proves the stated proposition as a theorem
In the above scheme it is apparent that, if the category part of a line is a Ipexpression, then the interpretation of that line is an assertion. But also if the category part is a 2t-expression a , the interpretation has an assertional aspect; the line does not only introduce a new name for an object (as a variable, or a primitive or defined constant) but also asserts that this object has the type a.
1.3. Account of the PN-lines Here I will give a survey of the primitive concepts and axioms (PN-lines) occurring in the preliminary AUT-QE text. A mechanically produced list of
L.S.
708
vitn
Benthem Jutting
these axioms appears as Appendix 3 [see lD.5,11, in this Volume]. In this list the PN-lines appear numbered. References in parentheses below will refer to these numbers. (i)
Axioms for contradiction. Contradiction is postulated as a primitive proposition (l),the double negation law as an axiom (2).
(ii) Axioms for equality. Given a type S, equality is introduced as a primitive relation on S (3), with axioms for reflexivity (4)and for substitutivity (5) (i.e. if x = y , and if P is a predicate on S which holds at x, then P holds at y ) . Moreover, there is a n axiom stating extensionality for functions (8). The notion of equality so introduced is called book-equality (cf. [ v a n Daalen 73 (A.3), 3.61) in contrast to definitional equality of expressions ( [ v a n Daalen 73 (A.3), 2.12, 5.5.61). (iii) Axioms for individuals. Given a type S, a predicate P on S, and a proof that P holds at a unique x E S , the object 2nd (for individual) is a primitive object (6), to be interpreted as “the x for which P holds”. An axiom states that and satisfies P
(7). (iv) Axioms for subtypes. Given a type S and a predicate P on S, the type O T (for own-type, i.e. the subtype of S associated with P ) is a primitive type (9). For U E O T we have a primitive object in(u)E S (lo), and an axiom stating that the function [u : OT] in(u)is injective (12). Moreover, there are axioms to the effect that the images under this function are just those x E S for which P holds ((11) and (12)). (v) Axioms for products (of types). Given types S and T the type pairtype (the type of pairs (x,y ) with c E S and y E T ) is introduced as a primitive type (14). For p E pairtype we have the projections first(p)E S and second ( p ) E T as primitive objects (( 16) and (17)), and conversely, for x E S and y E T we have pair (x,y ) as a primitive object in pairtype (15). Next there are three axioms stating that pair (first(p),second ( p ) ) = p , first(pair (x,y ) ) = z and second (pair (x,y ) ) = y (where = refers to book-equality as introduced in (ii)) ((19), (20) and (21)). (Note: If a type U containing just two objects is available, and if S is a type, the type of pairs (x,y ) with x E S and y E S may be defined alternatively as the function type [x : V l S . In the translation this was done at
Checking Landau’s LLGrundlagen”, Preparation (0.2)
709
the end of Chapter 1, where we took for U the subtype of the naturals 5 2. Therefore the pairing axioms as described above were not used in the actual translation.) (vi) Axioms for sets. Given a type S, the type set (the type of sets of objects in S) is introduced as a primitive type (21), and the element relation as a primitive relation (22). Given a predicate P on S, there is a primitive object setof ( P ) E set (denoting the set of x E S satisfying P ) (23), and there are two axioms to the effect that P holds at z iff z is an element of setof ( P ) ((24) and (25)). These can be viewed as comprehension axioms for S. (As sets contain only objects of one type, such axioms will not give rise to Russell-type paradoxes.) Finally extensionality for sets is stated as an axiom (26). The axioms for sets permit “higher-order” reasoning in AUT-QE, since quantification over the type set is possible. 1.4. Development of concepts and theorems in Landau’s logic
Here we give a sketch of the development of the logic in [Landau 301 from the axioms described in the previous section. Starting from the axioms for contradiction, the development of classical first order predicate calculus is straightforward. In this development more than usual attention has been paid to mutual exclusion: ’ ( A A B ) , and trichotomy: ( A V B V C ) A ( - { A A B ) A i ( B A C) A -.(C A A ) ) , because these concepts are used frequently by Landau in discussing linear order. The properties of equality, e.g. symmetry, transitivity, and substitutivity for functions (i.e. if z = g and f is a function on S then f(z)= f ( y ) ) , follow from the axioms for equality. The development of the theory of equivalence classes (cf. 1.0 (iv)) requires the axioms for subtypes and for sets. It turns out here, when translating mathematics into AUT-QE, that Landau goes quite far in considering concepts and statements about those concepts to belong to “logisches Denken”. We had to choose how to describe partial functions in AUT-QE. As an example let us consider the function f on the type rl of the reals, defined for all 5 E rl for which z # 0, and mapping z to 1/x. There are (at least) four reasonable ways to represent f : (i)
The range of f may be taken to be rl*, the “extended type” of reals, containing, apart from the reals, an object und representing “undefined”. In this case (0) f will be (book-equal to) und, and rl may be defined as OT(rl*,[z : rl*] (z # und)).
710
L.S. van Benthem Jutting
(ii)
An arbitrary fixed object in rl, 0 say, may replace und. Then (0) f will be taken t o be 0.
(iii) f may be considered as a function on OT(r1,[z : rl]z the nonzero reals.
# 0), the subtype of
(iv) f may be represented as a function of two variables: an object x E rl and a proof p E z # 0. so
f E [x: T I ] [p, z # 01 rl (Then, given an 2 such that 2 # 0, i.e. given an z and a proof p that x # 0, we can use (p) (z)f t o represent I/z.) It is clear that the representations (i) and (ii) have much in common. The representations (iii) and (iv) are also related: in fact, we may construct, by the axioms for subtypes, for given z E r l and p E z # 0 an object out(z,p)EOT(rl, [z : rl]z # 0). Then, if fl
E [z : O T ( d ,[x: T I ] x
# O)] rl ,
then
[z::rl][p,z#O](out(z,p))fl~[x:rl][p,z#O]rl. On the other hand, if f2
E [z : rl] [p, z
# 01 rl
then [z : OT(r1,[z : rl]z
# O)] (OTAz(z))(in(z)) f2
E [z : OT(r1,[z : d ]z
# o)] rl
(for brevity some obvious subexpressions in the formula above have been omitted). After a careful examination of Landau’s language, I have decided that the fourth representation is closest to his intention, and have therefore adopted it. However, this leads to the following difficulty: Let, in our example, z E r l and y E r l be given, such that x = y, and suppose we have proofs pE (z # 0) and q E (y # 0). Now it is not a priori clear in AUTQE (though it is clear to Landau), that the corresponding values (p) (z) f and (q) (y) f will be equal. That is: it is not guaranteed in the language that the function values for equal arguments will be independent of the proofs p and q. This property of partial functions, which is called irrelevance of proofs, can be proved for all functions which Landau introduces. When discussing arbitrary
Checking Landau’s “Grundlagen”, Translation (D.2)
711
partial functions, however, irrelevance of proofs had to be assumed in some places (cf. gite below). For a further discussion we refer to 4.0.1. As a consequence of the chosen representation of partial functions, terms may depend on proofs, and therefore certain propositions are meaningful only if others are true. This gives rise to generalized implications (cf. 1.0 (vi)) and generalized conjunctions, such as: “2
> 0 * 1/x > 0”
and “x > 0 A
fi # 2” .
Logical connectives of this kind have been formalized in the paragraph iir’lin the preliminary AUT-QE text. The definition-by-cases operator ite (short for if-then-else, cf. 1.0 (vii)) can be defined on the basis of the axioms for individuals. As we have seen (1.0 (vii)), Landau admits partial functions in such definitions. For these cases a “generalized” version of the definition-by-cases operator gite (for generalized ifthen-else) is required, which has been defined only for partial functions satisfying the irrelevance of proofs condition. All set theoretical concepts used by Landau (cf. 1.0 (viii)) may be defined starting from our axioms for sets. The passages in Landau’s text which use more or less intuitive reasoning (cf. 1.0 (x)) could not very well be translated. In the relevant places straightforward logical proofs were given, which follow Landau’s line of thought as closely as possible.
CHAPTER 2. TRANSLATION In this chapter, we discuss the actual translation of Landau’s book, the difficulties encountered and the way they were overcome (or evaded). First, in Section 2.0, we given an abstract of Landau’s book; then, in Section 2.1, a general survey is given of the various reasons to deviate occasionally from Landau’s text. In the following sections we describe the translation of the Chapters 1 to 5 of Landau’s book. 2.0. An abstract of Landau’s book
(i)
“Kapitel 1. Natiirliche Zahlen”. Peano’s axioms for the natural numbers 1,2,3, ... are stated. ‘i+l’ is defined as the unique operation satisfying x 1 = x‘ and x y‘ = (x y)’. Properties of (associativity, commutativity) are derived.
+
+
+
+
L.S. van Benthern Jutting
712
+
Order is defined by z > y := 3 u(z = y u ] . It is proved to be a linear are derived. “Satz 27” states order relation and its connections with that it is a well-ordering. “.” (multiplication) is defined as the unique operation satisfying z . 1 = z and z.y’ = z.y z. Properties of “.” (commutativity, associativity) are derived, and also its connections with (distributivity) and with order.
+
+
(ii)
+
“Kapitel 2. Briiche”. Fractions (i.e. positive fractions) are defined as pairs of natural numbers. Equivalence of fractions is defined, and proved to be an equivalence relation. Order is defined, it is shown to be preserved by equivalence, and to be an order relation. Properties are derived (e.g. it is shown that neither maximal nor minimal fractions exist, and that the set of fractions is dense in it self). Addition and multiplication are defined, and proved to be consistent with equivalence. Their basic properties and interconnections are derived, and their connections with order are shown. Also subtraction and division are defined. Rationals (i.e. positive rational numbers) are defined as equivalence classes of fractions. Order, addition and multiplication are carried over to the rationals, and their various properties are proved. Finally the natural numbers are embedded, and the order in the rationals is shown to be archimedean.
(iii) “Kapitel 3. Schnitte”. Cuts in the positive rationals are defined. For these cuts, order, addition (with subtraction), and multiplication (with division), are defined, and again the various properties and interconnections of these concepts are proved. The rationals are embedded, and the set of rationals is proved to be dense in the set of cuts. Finally the existence of irrational numbers is proved, by introducing \/z as an example. (iv) “Kapitel 4. Reelle Zahlen”. The cuts are now identified with the positive real numbers, and to these the real number 0 and the negative reals are adjoined, in such a way that to every positive real there corresponds a unique negative real. The absolute value of a real number is defined. Order is defined, its properties are derived, and the predicates “rational” and “integral” (“ganz”) are defined on the reals. Now addition and multiplication are defined, and their properties and their
713
Checking Landau’s “Grundlagen”, Translation ( 0 . 2 )
connections with each other, with absolute value and with order are derived. In particular the minus operator (associating to each real its additive inverse) is discussed, as well as subtraction and division. Finally, in the “Dedekindsche Hauptsatz” , Dedekind-completeness of the order in the reals is proved. (v)
“Kapitel 5. Komplexe Zahlen”. Complex numbers are defined as pairs of reals. Addition, multiplication, subtraction and division, their properties and interconnections are discussed. To each complex number i s associated its conjugate, and also (following the definition of the square root of a nonnegative real) its modulus (as a real number). The connections of these two concepts with each other and with the previously introduced operations are derived. For an associative and commutative operator * (which may be interpreted or .), and for an n-tuple of complex numbers f ( l ) ,...,f(n), as either Landau denotes
+
f(1) * f ( 2 )
* ... *
f ( n ) by
@?=I
f(i) .
This concept is defined as the value at n of the unique function g (with domain {1,2,,..,n}) for which g(1) = f(1) and g ( i ’ ) = g ( i ) * f(i’) for i < n. The properties of @ are proved, in particular, for a permutation s of {1,2, ...,n} it is proved that
+
+
The definition of @ is extended to n-tuples f ( y ) , f ( y l),...,f ( y n - 1) (where y is an integer), and its properties are carried over to this situation. C is defined as the specialization of @ to the operation +, and as its specialization to . (multiplication). Some properties of C and are proved. For a complex number 2 and an integer n, with 2 # 0 or n > 0, zn is defined, and its properties and connections with previously defined concepts are discussed. Finally the reals are embedded in the set of complex numbers, the number i is defined, it is proved that i2 = -1, and that each complex number may be uniquely represented as a bi with a, b real.
n
n
+
2.1. Deviations from Landau’s text In our translation, deviations from Landau’s text appear occasionally. They may be classified as follows:
L.S. van Benthem Jutting
714
(i)
In some cases a direct translation of Landau’s proofs seems a bit too complicated. We list three reasons for this.
(a) Sometimes it is due to the structure of AUT-QE which does not quite agree with the proof Landau gives. E.g. in the proof of “Satz 6” Landau applies, for fixed y, induction with respect to x. As xE nut, y E nut is a common context in the translation, it is easier there to apply, for fixed x, induction with respect to y. (b) Sometimes the reason is that Landau uses a unifying argument. E.g. in the proof of the “Dedekindsche Hauptsatz” there are, at a certain stage, two real numbers E and H , such that E > 0 and Z > H . Here Landau needs a rational number z , such that E > z > H. Now it has been proved in “Satz 159” that between any two positive reals there is a rational. If H > 0 this may be applied immediately. If H 5 0
-
Landau defines HI= and again applies “Satz ‘159”, this time 1+1 with H I . This argument, however, is complicated, because, to apply “Satz 159”, first 0 < H I < Z has to be proved (which Landau fails to do). And it is superfluous because every z in the cut Z will meet the conditions in this case. I
~
( c ) In one instance (the proof of “Satz 27”), Landau has given a complex proof, which may be simplified. In all these cases I have, in the translation, given a proof which follows Landau’s line of reasoning. However, in some cases, I have also given shorter alternative proofs. This means that the deviations are optional in these cases. (ii)
Some of Landau’s “Satze” really consist of two or three theorems. E.g. Tatz 16: Aus x 5 y, y < z oder x < y, y 5 z folgt x < 2”. In such cases the theorem has been split up: “Satz 16a: Aus x 5 y, y < z folgt x < z ” , “Satz 16b: Aus x < y, y 5 z folgt x < 2’.
(iii)
Very frequently Landau uses without notice a number of more or less trivial corollaries of a theorem he has proved. E.g. besides “Satz 93: ( X + Y ) + Z = X + ( Y + Z ) ” he uses “ X + ( Y + Z ) = ( X + Y ) + Z ” without quoting “Satz 79”. Sometimes such a practice is explicitly announced, e.g. in the Vorbemerkung” to “Satz 15”, where it is stated that, with any property derived for <, the corresponding property for > shall be used. In all such cases the corollaries have been formulated and proved after the theorems.
Checking Landau’s “Grundlagen”, Translation (0.2)
715
(iv)
Following the translation of the definition of a concept, we often added the specialization to this concept of certain general properties. E.g. after the introduction of +, substitutivity of equality was applied: “If x = y then x+z = y+z and z+x = z+y. If x = y and z = u then z+z = y+u”. This was done in order to make later applications easier.
(v)
In a few proofs of the last three chapters minor changes were made. E.g. in the proof of “Satz 145”, where Landau states: “AUS > 7 folgt nach Satz 140 bei passendem u E = q+u” but where, by “Definition 35” u can be defined explicitly by u := - q. This has been done in the translation, thus avoiding the superfluous existence elimination. Another deviation occurs in the proof of “Satz 284”. Here Landau writes the following chain of equalities:
<
As in the proof the equality ((u
+ 1) - y) + ((x+ 1) - .( + 1))= (z + 1) - u
was needed, the following chain of equations was preferred in the translation:
+ 1) - y) + ((x+ 1) - (u + 1))= = ((x + 1)- + 1))+ ( ( u + 1) - y) = = (((x + 1)- ( u + 1))+ (u + 1))- y = (x+ 1) - y . ((u
(?A
(vi)
As we have seen in 1.0 (vii) Landau formulates Peano’s fifth axiom in terms of sets, and, when applying it, always represents a predicate as a set. In the translation this extra step has been avoided. The induction axiom is indeed introduced for sets, but then immediately a lemma, called induction, which applies to predicates is proved. This lemma has been used systematically in all proofs by induction. Also “Satz 27: In jeder nicht leeren Menge natiirlicher Zahlen gibt es eine kleinste” has been reworded and proved in terms of predicates and not of “Mengen” .
(vii)
“Intuitive arguments” of Landau were translated in various ways. E.g.
+
“Satz 20: Aus x z folgt X > Y
>y +z
+
bzw. x z = y bzw. x = y
+ z bzw. x + z < y + z bzw. x
< y.
L.S. van Benthem Jutting
716
Beweis: Folgt aus Satz 19 d a die drei FQle beide Male sich ausschlieszen und alle Moglichkeiten erschopfen” (where “Satz 19” asserts the inverse implications). Considering the fact that Landau regards this proof as belonging to “logisches Denken”, I have proved in the preliminaries three “logical” theorems to the effect that: D , B + E , C =+ F , If A V B V C , - ( D A E ) , 7 ( E ~ F )- (, F A D ) and A then D =+ A , E =+ B and F =+ C. These theorems were used in the translation. A second example: “Satz 17: Aus x 5 y, y 5 z folgt z 5 z . Beweis: Mit zwei Gleichheitszeichen in der Voraussetzung klar; sonst durch Satz 16 erledigt” (“Sazt 16” is quoted above under (ii)). Here the AUT-QE text, when translated back into German, might read: L‘Beweis: Es sei z = y. Dann ist, wenn y = z , auch x = z also z 5 z. Wenn aber y < z so ist x < z nach Satz 16a, also ebenfalls x 5 z . Nehme jetzt an x < y. Dan folgt aus Satz 16b x < z , also auch in diesem Fall x 5 z . Deshalb ist jedenfalls x 5 z ” . Another argument which is difficult to translate faithfully occurs in “Kapitel 5, $8’’ where sums and products are introduced. Landau uses here a symbol which he intends to represent either 6L+” or “.”, and in this simultaneously. In our translation we defined way defines “C” and iteration for arbitrary commutative and associative operators, and consequently our concept and the relevant theorems are essentially stronger than Landau’s. This generality is much easier to describe in AUT-QE and “.”. than a theory which applies only t o LL+”
*
“n”
(viii) Landau uses metatheorems whenever he embeds one structure into another, to show that the properties proved for the old structure “carry over” to the new. As an example I cite his treatment in Chapter 2 of the embedding of the natural numbers into the (positive) rationals.
folgt
x > y bzw. x = y bzw. x < y”.
“Definition 25: Eine rationale Zahl heiszt ganz, wenn under den Briichen, deren Gesamtheit sie ist, ein Bruch
X -
1
vorkommt”.
“Dies x ist nach Satz 111 eindeutig bestimmt, und umgekehrt entspricht jedem x genau eine ganze Zahl”.
Checking Landau’s “Grundlagen ”, Translation (0.2)
717
“Satz 113: Die ganzen Zahlen geniigen den fiinf Axiomen der natiirlichen 1 Zahlen, wenn die Klasse von - an Stelle von 1 genommen wird, und als 1 2
2’
Nachfolger der Klasse von - die Klasse von - angesehen wird”. 1 1 Landau adds the following comment: ‘LDa=, >, <, Summe und Produkt (nach Satz 111 und 112) den alten Begriffen entsprechen, haben die ganzen Zahlen alle Eigenschaften die wir in Kapitel 1 fur die natiirlichen Zahlen bewiesen haben”. It was difficult to translate this text. The translation requires first a careful analysis of the interpretation of Peano’s axioms in Chapter 1. There are two possibilities: In the first interpretation, the axioms describe fundamental properties of the given system of naturals (nat, 1, suc), which cannot be proved from more primitive properties, and from which all other properties of the system can be derived. In this conception there is an intention to characterize the structure by the axioms. In the second interpretation, the axioms are simply assumptions underlying a certain theory. The theorems of the theory are valid in any structure in which these assumptions hold. In this view, no claim is made that the axioms characterize the system. The difference between these two conceptions can be illustrated by comparing the r6le of the axioms in Euclid’s geometry to the r61e of the axioms for groups in group theory. The interpretation of “Satz 113” and Landau’s comment varies according to the interpretation of the Peano axioms. In the first interpretation the “ganzen rationalen Zahlen” form a structure (nat*, 1*,suc’) which “happens to” have the same fundamental properties as the original structure (nat, 1, sac). Hence, by a suitable metatheorem, we see that the reasoning of Chapter l may be repeated for this new structure, extending it to (nat*,1*,suc’, +*, .*, <*) and proving the various properties of this extended system. In the second interpretation “Satz 113” just proves that the structure (nat’, 1*,sue*) satisfies the assumptions. After this the theory of Chapter 1 can be applied immediately. However, there is a further problem (under either interpretation): addition on nat’ defined according to the method of Chapter 1 is not (definitionally) the same thing as the restriction (to nut*) of the addition on the rationals and these two functions must still be proved to be (extensionally) equal. Similar remarks can be makde about multiplication and order.
L.S. van Benthem Jutting
718
It follows that the relevant text cannot be rendered directly in AUT-QE under either interpretation of Peano’s axioms. There is, therefore, no technical reason to prefer one of these interpretations to the other. Landau’s ideas on the rBle of the axioms are not quite clear from his text. We cite some of his statements: - In his Vorwort fur den Kenner” he mentions certain laws on the reals
which can be “als Axiome postuliert”. -
He thinks it right, that the student should learn “auf welchen als Axiomen angenommenen Grundtatsachen sich luckenlos die Analysis aufbaut” .
- Moreover: “In dieser (Vorlesung) gelange ich, von den Peanoschen Ax-
iomen der natiirlichen Zahlen ausgehend, bis zur Theorie der reellen Zahlen” . -
In Chapter 1: “Wir nehmen als gegeben an: Eine Menge, d.h. Gesamtheit, von Dingen, naturliche Zahlen genannt, mit den nachher aufzuzahlenden Eigenschaften, Axiome genannt” .
- V o n der Menge der naturlichen Zahlen nehmen wit nun an, dasz sie
die Eigenschaften hat...”. -
A relevant passage is also “Satz 113” quoted above.
-
Landau never mentions “a system of naturals”, like in group theory one would discuss “a group”, but always “die naturlichen Zahlen” .
Most of the sentences quoted above point to the second interpretation, some of them, however, could be interpreted better or equally well in the first way. Now, as neither technical reasons nor Landau’s text indicated definitely how Peano’s axioms should be interpreted, I decided to interpret them as postulates (PN-lines) rather than assumptions (EB-lines) because it suited my own conception of the naturals. Moreover, this interpretation reduces the context and thereby simplifies verification. The meta-reasoning sketched above has been treated as follows. After the proof of “Satz 113” the proofs of Tatz 1” and “Satz 4” (where addition is introduced) were copied for the “ganzen Zahlen”. However, addition on the ‘lganzen Zahlen” has been defined as the restriction of addition on the rationals. Then a number of theorems from “Kapitel 1” was proved using “Satz 112”. Order and multiplication were treated in a similar way. These texts have been inserted as a matter of prestige because we claimed that we were able to say everything Landau says. The insertions were never used, however (cf. (ix) below).
Checking Landau’s “Grundlagen ”, Translation (0.2)
719
In “Kapitel 3, $5’’ and “Kapitel 5, $10” similar arguments occur, when the rationals are embedded in the reals, and the reals in the complex numbers. These arguments were “translated” just by constructing the relevant isomorphisms. This suffices for all applications. (ix)
A consequence of the difficulties described in (viii) is a divergence between the translation and Landau’s book with respect to the use of natural numbers in the Chapters 3, 4 and 5. After his comment (following “Satz 113”) that the “ganzen Zahlen” have the same properties as the “natiirliche Zahlen” Landau continues: “Daher werfen wir die natiirlichen Zahlen weg, ersetzen sie durch die entsprechenden ganzen Zahlen, und haben fortan (da auch die Briiche iiberfliissig werden) in bezug auf das Bisherige nur von rationalen Zahlen zu reden”. In the translation I have not followed this course, because, as pointed out, it would have been a cumbersome task to prove the properties of the “natiirliche Zahlen” for the “ganze Zahlen”, and also because it would have been inevitable to repeat this procedure with every further extension of the number system. Therefore I have stuck to the “natiirliche Zahlen” throughout the translation. Another important deviation of Landau’s text was caused by “Definition 43: Wir erschafFen eine neue, von den positiven Zahlen verschiedene Zahl 0. Wir erschaffen ferner Zahlen die von den positiven und 0 verschieden sind, negative genannt, derart, dasz wir jedem E (d.h. jeder nennen”. positiven Zahl) eine negative Zahl zuordnen, die wir I doubt whether this creative act may be called a “definition”. Landau considers it a part of “logisches Denken” to form, given sets (or types) a and p, the Cartesian product a x p, as is clear from Chapter 2. It might be also considered “logical” t o form the disjoint union [email protected] Landau does not mention this, he just “creates” 0 and the negative numbers from nothing. Moreover, I do not see a formal difference between the assertion “1 ist eine natiirliche Zahl” (which Landau calls an axiom) and the assertion “0 ist eine reelle Zahl” (which he calls a definition). Neither do I see a formal difference between “z’ # 1” and # 0”. In my opinion the limits of “logisches Denken” are exceeded here. In agreement with this criticism I have translated this “definition” by introducing a number of primitive concepts and axioms (PN-lines). The type of real numbers rl is a primitive type. To any cut [ real numbers p(E) and n(E)are associated. 0 is a primitive real number. Next there are axioms to the effect that the functions [z : c u t ] p ( z ) and [z : cut] n ( z )are
-<
“-<
720
L.S. van Benthem Jutting injective. Now zErl has the property pos (or neg) if it is in the range of the first (or the second) of these functions. Then there are axioms stating that, for zErl, p o s ( x ) , neg(z) and 2 = 0 are mutually exclusive, and that each 2 E rl has one of these properties. (In fact Landau does not state the latter axiom explicitly.) Starting from these axioms “Kapitel 4” was translated. However, as I thought it unsatisfactory t o develop the theory of real and complex numbers using more than Peano’s axioms alone, I have added an alternative AUT-QE version of Chapter 4, called Chapter 4a, where the real numbers are defined as equivalence classes of pairs of cuts, and where all theorems of Landau’s “Kapitel 4” are proved for these alternative reals. The AUT-QE translation of Chapter 5 has been checked relative to the AUT-QE book consisting of the Chapters 1, 2, 3 and 4a.
72 1
Checking Landau’s “Grundlagen” in the Automath System Chapter 4 (Conclusions) L.S. van Benthem Jutting
CHAPTER 4. CONCLUSIONS In this chapter we discuss some possibilities t o represent logic in Autoniath. We indicate some desirable extensions of AITT-68 and AIJT-QE and we discuss some aspects (positive as well as negative) of our translation. 4.0. Formalization of logic in Automath
In this section we shall describe various possibilities to represent systems of natural deduction in AUT-68 ( [ v a n Daalen 7.5’ (A.3), 2]), in AUT-QE and in some closely related languages. First we discuss two main decisions which have to be made when choosing between these possibilities. Then we indicate explicitly two possibilities to represent logic. 4.0.0. First order v. higher order In most Automath languages there are certain restrictions on abstraction. E.g. iii AUT-68 as well as in AIJT-QE correct abstraction expressions have the form [ J : a ]A where (Y is a Zexpression (and hence x, having type a, is a :I-variable, i.e. a variable which is a 3-expression). Such restrictions allow a faithful representation of‘ first order logic (in the sense of excluding higher order formulas and inferences). In AIJT-68 as well as in .iITT-QE this can be done by representing propositions and predicates as %expressions (as described in [aarz Daalen 73 (A.:?), 31). Then proposition variables and ( i n AITT-QE) predicate variables will be 2-variables and abstraction (or quantification) with respect t o such variables is impossible in the language.
If‘. in such a setting, we want t o discern between proposition variables and predicate variables then it is necessary t o have abstraction expressions of‘ degree 1 in the language, i.e. t o use AITT-QE (and not AUT-68). In order to represent higher order logic we should require the possibility of abstraction with respect t o proposition and predicate variables. Therefore, if we
L.S. van Benthem Jutting
722
stick to the abstraction restrictions of AUT-68 or AUT-QE, we should represent propositions and predicates by 3-expressions. We may proceed in two ways: (i) we can associate to each proposition a (primitive) type (which we will call the assertion type of the proposition). Objects of this type will be considered as proofs of the proposition. In other words: we consider the proposition as asserted iff its assertion type contains some object. This possibility will be elaborated in 4.0.2. (ii) we can extend the language t o a new language, called AUT-4, by admitting 4expressions (having 3-expressions as their types (cf. [van Daalen 73 (A.3), 2.31). Then a proposition (represented by a 3-expression) might be considered as asserted if it contains something (some Cexpression). Thus propositions act as their own assertion types, and the representation of logic is just as described in [van Daalen 73 (A.3), 3.21, but for a shift with respect to degrees. 4.0.1. Relevance of proofs vs. irrelevance of proofs In all representations of logic in Automath languages which have been developed so far, proofs (i.e. names of proofs) appear in the language ( [ v a n Daalen 73 (A.3), 31, [de Bruijn 73b], [C.4]).In this respect these representations reflect a constructive conception of logic, in which proofs and objects are treated similarly. In a classical conception of logic, proofs are discussed in the metalanguage only. As a consequence it is impossible in such a conception to discern (in the language) between different proofs of one proposition. This point of view can be roughly represented in Automath by proclaiming, for any given proposition a, all proofs of a to be equal. This deprives these proofs of their identity, their names should be considered only as references to the place in the book where the proposition is asserted. This possibility has been first suggested by de Bruijn. If, in a representation of logic in Automath, such a n attitude is adopted, we shall say that this representation satisfies irrelevance of proofs. (Cf. [Zucker 77 (A.4)], and also 1.4). How this irrelevance of proofs is implemented (i.e. in which sense proofs are considered “equal”) will depend both on the language and on the way logic is represented in it (cf. 4.0.3 (i) and (ii)). 4.0.2. A representation of logic in AUT-68 A higher order system of natural deduction can be formalized in AUT-68 as follows. A type of proposition is introduced as a primitive type:
PROP
:=
PN
Etype
Checking Landau’s “Grundlagen”, Conclusions (0.3)
723
and to each proposition A its assertion type I- ( A ) is associated:
E PROP E type
* A : = -
A
*
I-
:=
PN
(In earlier publications on AUT-68, boo1 and TRUE were used instead of PROP and I-). If S is a type, an object P E [z : S] PROP has to be interpreted as a predicate. Objects of type [ x : 5’) I- ( ( x )P ) must then be interpreted as proving that P holds for every E S. So we want to introduce the proposition V(S, P ) which has the property that its assertion type contains elements iff the type [z : S] I- ((z)P ) contains elements. This is expressed in the following lines:
S P P a u P u
* s : = -
E type E [z : S] PROP EPROP
* P : =
*
V
* a * u * Ve * u * Vi
:= PN :=-
ES E I- ( V ( S , P ) )
:=:= PN :=:= PN
E
I-((a)P)
s]
E [z : b ((z) P ) E I- ( V ( s , P ) )
Starting from these primitieve concepts and axioms, higher order logic can be developed. An indication of how this can be done, is given in Appendix 6 [not in this Volume, but see also [B.f]], where the first three theorems from Landau’s book are derived on the basis of the logic so developed. This logic represents a constructive system of natural deduction. Axioms could be added for extensional euqality of functions and extensional equality of propositions (i.e. if a b then a = b ) . Classical logic could be represented this way by adding axioms for irrelevance of proofs:
-
* A
._ .-
._ A * u .._ u * v .- v * i v . p r . := P N
E PROP E I- ( A )
E I- ( A ) E
IS (l-
(A),u,v)
and for the double negation law:
._ A * u .u * d.n.1. :=
PN
E I- ( - ( - ( A ) ) ) E I- ( A )
4.0.3. A representation of logic in AUT-QE How logic can be represented in AUT-QE is described in [vanDaalen 73 (A.3), 31. This system, a first order system of natural deduction, has been used in our translation. An indication of the development of logic in it can be found in the
L.S. van Benthem Jutting
724
excerpted text in Appendix 7, which covers the proofs of the first three theorems of Landau’s book and the logic used in these proofs. [Appendix 7 is not in this Volume. However, this excerpt is contained in the excerpt for “Satt 27”, [D.5] in this Volume.] The system is a bit ambivalent, because it is classical (containing the double negation law as an axiom) but does not satisfy irrelevance of proofs. There are two obvious ways t o implement irrelevance of proofs: (i) by adding an axiom: * A A * S
S * t t * u
.-.-
...-.-
~
~
u * v := v * zrr,pr. := PN
E Prop E type E [z : A] S EA EA E IS(S,(u)t,(v)t)
That is: if to every proof of A an object of type S is associated, then this object is independent of the nature of the proof. It has been indicated by J. Zucker that this axiom implies irrelevance of proofs in partial functions as mentioned in 1.4:
* s
:=
S * T : = T * P : = P * f := f * a := a * b := b *u:= u * v := v * w : = w * Q := [x : SI [Y : ( x )PI Is (T (4(a)f , (Y) (4 f1 w * 11 := [y : ( a )PI irr.pr.((a)P, T , (a)f , u,y) w * 12 := ISP(S,Q,a,b,u,11) w * 13 := ( w ) l z
E type E type E [z : S] prop E [z : S] [y : ( x )P ]T ES
ES E IS (S, a, b ) E
(4p
E E E E E
(b) p [x : 5’1 prop (a)Q (b) Q
W T ,(4 (4 f , (4( b ) f 1
(ii) by extending, in the language, the relation of definitional equality, in such a way that two 3p-expressions (cf. 1.2) are definitionally equal iff their types are definitionally equal. This has been done in the language AUT-II (cf. [Zucker 77 (A.4)]),but could be done in a variant of AUT-QE as well. If we want to formalize intuitionistic logic in AUT-QE we should have the absurdity rule (i.e. contradiction implies any proposition) instead of the double
Checking Landau’s “Grundlagen”, Conclusions (D.3)
725
negation law. The logical connectives (apart from implication) and the existential quantifier could be added as primitive constants, and their elimination- and introduction rules as axioms.
4.1. The language In this section we discuss some features of Automath languages, and the value of these features for the formalization of mathematics.
4.1.0. AUT-SYNT Consider the following AUT-QE text, representing the introduction rule for conjunction: a b u v
* a * b * u * v * andi
:=
__ __
E Prop E Prop
..-
__ __
Eb
:=
.....
.-.-
:=
Ea E and(a,b )
(where the dots indicate some proof which is irrelevant for the present discussion). We will call the variables a, b, u, v the parameters of andi. If we want to apply this rule for propositions A and B, we need two proofs p and q of the propositions, thus getting the proof andz(A,B,p,q) E and ( A ,B ) . Suppose we are given the proof p , then we can compute mechanically its type (cf. [van Daalen 73 (A.3), 6.4.2.31) which is (definitionally equal to) the proposition A it proves. A similar observation holds for q and B. Hence we could say that the expression andi ( A ,B , p , q ) contains redundant information. If the “mechanical type” function CAT ([vanDaalen 73 (A.3), 6.4.2.31) were incorporated in the language, we could write, instead of the expression above, andz (CAT(p), CAT(q),p,q), which only contains p and q. We will call the parameters u and v (for which p and q are substituted) the essential parameters of andi, while a and b (for which the redundant expression A and B are substituted) are called redundant parameters. There are many other examples of expressions with redundant parameters. It is worth while to extend the language in such a way that redundant parameters can be avoided, because the expressions which have to be substituted for them might be long. A system of extensions of this kind has been proposed by I. Zandleven. It is called AUT-SYNT since it admits sylztactzc variables for expressions. Thus we have the languages AUT-68-SYNTI AUT-QE-SYNT etc. For a description of AUT-SYNT we refer to Appendix 9 [[B.5] in thzs Volume], a text in AUT-68-SYNT may be found in Appendix 8 [not in this Volume]. Our experiences with translating Landau’s book have been a stimulus for developing AUT-SYNT, and have indicated the way this could be done. As no
L.S. van Benthem Jutting
726
verifying program for SYNT languages was available until after the translation was finished, the SYNT-facility could not be used in the translation. This may be considered unfortunate, because the presence of this facility would have simplified both the writing and the reading of our text.
4.1.1. 7-reduction in Automath In AUT-68 and AUT-QE one of the possible ways to establish definitional equality is by 0-reduction ([vanDaalen 73 (A.3), 6.2.21): If x is not free in A then [z : a](z) A -+rl A . As can be seen in the list in Chapter 3 [[E.t] in this Volume],0-reduction was applied only twice during the verification of our translation. We give the lines which required these 0-reductions, together with their relevant contexts. The following lines from the text on propositional logic are presupposed:
* *
con a not u
a * a * u * et a * u u * cone
:=
PN
:=
[z : a] con
..-
.._
:=
._ .-
:=
E Prop E Prop E Prop E not(not(a))
__
PN
E a
E con Ea
et(a, [ z : not(a)]u)
The first line where q-reduction is required occurs in the text on predicate logic. In this text the following lines appear:
* s S P P P u v s v
*
:= :=
* *
P all non u v
*
s
...-.-
*
tl t2
:= :=
* *
*
:=
P
:= :=
[x : S ] not((x)P ) __
et ((4Plb) v) ([z : S] tl(z))u
E type E [z : S ]p r o p E Prop E [x: S ]p r o p E not( all (s,P ) ) E non (non ( P ) )
ES E (4 p E con
In order to verify that the middle part of this last line is a correct expression, it should be established that
CAT([x : S]tl(x)) &' DOM(u)
(cf. [van Daalen 73 (A.3), 6.2.4.61) .
We have CAT([z : S ]tl(x)) = [x : S] CAT(tl(x)) = = [x : S] ((s) P ) [s := x] = [z : S] (z) P
,
Checking Landau js “Grundlagen”, Conclusions (0.3)
727
DOM(u) = DOM(not(al1 ( S , P ) ) )= D
= DOM([z : all ( S ,P ) ]con) = all (S,P ) = P
.
The question is to establish D
[z : S] (z) P = P
This obviously requires 17-reduction. The second case in which 17-reduction is used occurs in the text on generalized implication:
* a b b
*
u
*
* *
a b imp u th2
:= := := := :=
E E E E E
b [z : a] cone ((z)b, (z) u)
Prop [z : a] p r o p Prop not(a) imp (a,b)
Here, in order to verify the last line, it is asked whether the category of the middle part definitionally equals the category part, i.e. whether D .
CAT([z : a] cone((z) b, (z) u) = zmp (a,b )
.
Now CAT([z : a] c o n e ( ( z ) b , ( z ) u ) )= [z : a]CAT(cone ( ( z ) b , ( z ) u ) ) = = [z : a] (z) b
,
D
imp (a,b) = b and therefore 17-reduction must be used for establishing D
[z : a] (z) b = b
.
It has been observed by v. Daalen that 17-reduction might have been avoided in both cases by a slight modification of the definitions: for all (in the first case) and for imp (in the second case). In fact all might have been defined by
P
*
all
:=
[x:s]( z ) P
E prop
imp
:=
[ z : S](z)b
Eprop
and imp by b
*
This would have made no difference to the rest of the book, apart from the fact that in some places an extra /?-reduction would have been necessary. In fact, if a predicate P is defined explicitly (as opposed to being a predicate variable or a D primitive predicate constant) then P = [y : S ]m(y), say, and we have, without 7-reduction
L.S. van Benthem Jutting
728 D D [z : S] (z) P = [z : S] (z) [y : S] m(y) = D
D
= [z : S] (m(y)) [y := z] = [z : S] m(z) = P
.
We conclude therefore that q-reduction does not add considerably to the expressive power of Automath. prop v. type In the stage of exploration of the possibilities to represent logic in AUTQE, initially a variant of this language was used which did not contain the 1-expression prop. It was therefore impossible to prescribe whether types had to be interpreted as assertion types (containing proofs) or “ordinary” types (containing “ordinary” objects). Contradiction was represented as a primitive type, negation and the double negation law were formalized in terms of this type as follows:
4.1.2.
* *
*
a a
*
u
*
con a not u d.n.l.
PN
:=
..-
:= := :=
~
[ z : alcon ___
PN
E type E type E type E not(not(a))
Ea
If in this text a is interpreted as an “ordinary” type, nat say, then expressions of type not(a) (or [z : a] con) could be interpreted as proofs that a is empty (in fact, if we have p E not(a), then for an object z E a we have ( z ) p to prove contradiction). Hence expressions of type not(not(a))have to be interpreted as proofs that a is (in a weak sense) nonempty. Given such a proof q we have an object d.n.l.(a,q) E a. Or, in other words: d.n.1. acts as a Hilbert operator, selecting an object from any non-empty type. In particular this induces a form of the axiom of choice. As we did not want the double negation law to have such far-reaching consequences, we extended the language by admitting prop as a basic 1-expression. Thus we obtained the language AUT-QE (as defined in [van Daalen 73 (A.3), 5 ] ) , in which it is possible to distinguish between assertion types and ordinary types. The distinction of prop and type not only unlinked the double negation law from the axiom of choice, but also made it possible to implement irrelevance of proofs (cf. 4.0.1, 1.4). This opportunity was not seized in the logic underlying our translation (though this would have been natural). For an explanation we refer t o 4.2.1. We may conclude that the distinction between proofs and “ordinary” objects is an essential feature when representing classical logic in Automath. For representing constructive logic the version with only type keeps its value.
Checking Landau’s “Grundlagen”, Conclusions (0.3)
729
4.1.3. Strings and telescopes In Chapter 2 of his book Landau uses pairs (21, Q) of natural numbers. He considers such a pair as a single object and yet he describes it by two variables. A faithful translation of this practice could have been given if the concept of a string of expressions would have been present in our language. Another use strings of expressions might have is as arguments of partial functions (as described in 1.4). In fact such functions are applied to pairs ( a , p ) where a is an object of a certain type S, and p a proof that a satisfies some predicate P on S (which describes the range of the function). As a further example we consider the concept of a group, which might be op, iv,e , p ) where E type, op E [z : s][g : s] zv E considered as a string [z : e E and p E groupazzorns op, iv, e). We usually want the types of the expressions of such a string to satisfy certain conditions. In the case of the argument ( a , p ) of a partial function we want a E S, p E (a)P. In other words we want the argument ( a l p )to be consistent with the “abstractor part” of the function: z E S; y E (z) P. In the case of groups we want a group (S,op, iv, e,p) to be consistent with
s]s,
s
(s,
(s,
s
s,
zEtype; yE[s:z][t:z]z; zE[s:z]z; u E z ;
v E groupaxaorns (2,g, z , u ) . There is a strong analogy with the case where expressions All ...,A , are required to be suitable candidates for substitution for the variables zl, ...,z, of a certain context z1 E a1,22 E a2, ...,2, E a, (cf. [van Daalen 73 (A.3), 2.51). To describe such conditions on strings we introduce the following terminology. A finite sequence of E-formulas z1 E all...,xnE a, is called a telescope. The string of expressions (al, ...,a,) is said to fit into the telescope 31 E all...,Z n E an if al E ( Y ~ ,EuC~Y ~ [ :=al], Z~ ...,a, E an[zl,...,zn-l:=a1 ,...,a,-1]. Extension of the language with constants and variables for strings and defined constants for telescopes has been proposed by de Bruijn. This is especially helpful, when formalizing abstract structures such as groups, vector spaces or categories, and has been applied on a large scale by J. Zucker (cf. [ Z U C k e T 77 ( A 4)1)* 4.2. Comments on the Translation
In this section we first give a chronological survey of the different representations of logic which have been tried, and we state the motives for finally choosing AUT-QE as a language for our translation. Furthermore we mention some aspects which are (in our opinion) shortcomings of the translation and we add some positive conclusions which can be drawn from our work.
L.S. van Benthem Jutting
730
4.2.0. Choice of the language In our first attempts to translate Landau’s “Grundlagen” in Automath, we used the language AUT-68. The representation of logic was similar to the one described in 4.0.2 and presented in Appendix 6 [not in this Volume].Elimination and introduction of V were effected by the axioms Ve (with parameters S E type, p E [z : PROP, a E s, u E k (t/(s, P ) ) and vi (with parameters s E t y p e , P E [z : S ]PROP, u E [z : S] ((z)P ) ) . These axioms were used frequently in developing logic, because the logical connectives and the existential quantifier were defined in terms of V. On the basis of this logic Chapter 1 of Landau’s book was translated in AUT-68. At that stage of our work we started trying to represent logic in AUT-QE, initially using a variant of that language which did not contain prop. In AUTQE the axioms V i and Ve were superfluous: if P E [z : S]type (i.e. P represents a predicate on S ) then objects of type P can be interpreted as proofs of V(S, P ) . Conversely, given such an object u E P and an object a E S we have (a)u E (a)P (i.e. ( a )u proves that P holds at a). As a consequence the text on logic in AUT-QE was considerably shorter than the earlier text in BUT-68. (It was not observed at that time, that this was caused essentially by the redundant parameters S and P of both constants Ve and Vi.) So AUT-QE seemed to be a much better language, and therefore a fresh start was made with the translation of Landau’s book into that language. In 4.1.2 we have reported that in this system (AUT-QE without prop) the double negation law induces a Hilbert operator. This led us to add prop as a basic 1-expression to our language, thus extending it t o proper AUT-QE. At the time we finally fixed the language we did not appreciate the fundamental importance of incorporating a form of irrelevance of proofs. This was due mainly t o two reasons:
s]
+
(i) Partial functions are not frequently used in the first three chapters of Landau’s book, and for those partial functions which are defined there, irrelevance of proofs could be derived. Therefore no need was felt for an axiom. (ii) As Landau, being a classical mathematician, does not discuss proofs at all, we thought we should try to follow this practice. Consequently we did not want to have an axiom declaring proofs equal.
4.2.1. Shortcomings of the translation Here I list those features of the translation which I would change if I were to redo the work. (i)
In my opinion the SYNT-facility should be present in any Automath language. It will bring texts in Automath closer t o mathematical practice.
Checking Landau’s “Grundlagen”, Conclusions (0.3)
73 1
The middle parts of many lines in the present Landau translation are unnessarily complex and tedious (both to the reader and to the writer), because this facility is absent in the language I used. (ii) I regret that I have not implemented irrelevance of proofs as an axiom. As I see it now, for representing classical reasoning a language should be chosen which even contains irrelevance of proofs by definitional equality (cf. 4.0.3). (iii) Some of the names I have used lack expressive power. This is partly due to the fact that AUT-QE admits only alphanumeric identifiers, but mainly to my excessive preference for short names. (i.1
I am not content with the translation of Chapter 5.8. This text is overloaded with irrelevant embedding and lifting functions which hamper a clear understanding of the argument. I think it is better to define CZ1 f ( i ) and f(i) for functions f defined for all natural numbers (and not just on an initial part of the naturals), although this procedure deviates slightly from Landau’s intentions.
nz,
Final remarks The main positive comment we can make on the translation is that is has been succesfully finished (in spite of some inconveniences in the language). An aspect which has not been mentioned so far is the ratio between the length of pieces of AUT-QE text and the length of the corresponding German texts. Our claim at the outset was that this ratio can be kept constant. We give a few data. As pieces of text we have chosen the chapters of Landau’s book, and as a measure of the lengbhs .the number of stored AUT-QE expressions (storing expressions requires storing all subexpressions too) and (rough estimates of) the number of German words (where “z” and “+” were counted as words). We give the following list: 4.2.2.
nr. of expressions nr. of words nr.n;f ZE ;wn;:s
Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 12200 25800 30300 35000 60500 3200 4900 5300 5500 11000 3,8 593 597 64 5,5
The high ratio in Chapter 4 might be attributed to the complicated definitions by cases in this chapter, while the low ratio in Chapter 1 is possibly caused by the absence of calculations. Another notable aspect of the work is the comparatively small place taken by the preliminaries. It appears that a formal treatment of the logic underlying
732
L.S. van Benthem Jutting
mathematics (if we disregard metalogic) is much easier than a formal treatment of mathematics itself. It has not been the purpose of this enterprise to construct a formal system which suits my own fancy and to develop in this system the theory of naturals, reals and complex numbers. I have rather tried to represent in a language which was essentially given beforehand, a wide variety of concepts and ideas as expressed in a book like Landau’s. The success of this undertaking is due to the flexibility of Automath languages, and to the close connection which can be made between these languages and intuitive human reasoning.
733
A Text Fragment from Zucker’s “Real Analysis” L.S. van Benthem Jutting and R.C. de Vrijer
The text “Real Analysis” was written by J. Zucker, partly in cooperation with A. Kornaat, in 1975-1976. It contains a formalization of the theory of real numbers, functions, continuity, differentiation, ending with the definition of the exponential function as a power series and the proof that this function is its own derivative. In [Wcker 77 (A.4)] its author reported on the development of this text. It is written in AUT-II, a variant of Automath developed by Zucker, which contains explicit product types, sum types and disjoint sums of types. A verifying program for AUT-II was never finished; hence Zucker’s text has never been checked on a computer. We present here a short fragment of Zucker’s text. The aim is to give an impression of how mathematics, also of a more advanced level, can be written, and has actually been written, in a flexible Automath language like AUT-II. With this goal in mind, we have not selected a piece from the very beginning of the Automath book. Instead, we exhibit a fragment occurring at a point where already a good deal of the subject “Real Analysis” has been developed, viz., from Chapter 10 (entitled “Partial functions of a real variable”): Section 7 (“Differentiation”) and part of Section 8 (“Rules for differentiation”). The consequence of this policy is that the text is not readable without some explanation, since we just drop in in the middle of the story, so to say. Therefore, we start with an informal introduction, written with the aim of providing the background that is needed for an understanding of the formal text. It is not intended as a general introduction t o AUT-II. For more information on the background and specific features of this Automath language one should consult [Zucker 77 (A.411 or [ B . 6] .It may be noted that the format of the text roughly follows common Automath practice. In particular, the notations, the way of dealing with contexts, etc., are much as in the description of AUT-68 in [van Benthem Jutting 81 (B.I)]. This article is organized as follows. First we will give an informal exposition of the language and of some syntactical conventions (Section l),and comment on the particular way in which Zucker deals with the syntax (Section 2). Then we give a short account of some relevant parts of the text Real Analysis that
734
L.S. va.n Benthem Jutting and R.C. de Vrjer
precede the fragment (Section 3), on the basis of which it is possible to give a synopsis of the fragment itself (Section 4). We conclude our introductory remarks with an overview of some more identifiers that are used but not defined in the fragment (Section 5). Then Section 6 contains the actual text fragment.
1. DESCRIPTION OF THE SYNTAX The text consists of lines. A book is a sequence of lines. There are three main kinds of lines: (i) AUT-II lines, (ii) paragraph lines, (iii) skip lines. Paragraphs give a global structure to the text, facilitating internal referencing. They are indicated by the paragraph lines. Skip lines are for comments and for formatting purposes. The AUT-11 lines contain the real AUT-11 text. They can again be subdivided into three kinds:
(a) context lines, (b) defining lines, (c) primitive notion lines. We now briefly discuss each of the kinds of lines mentioned. (i)(a) A context line consists of two parts: a context indicator (which is optional) and a context extension. In order t o explain their roles, we discuss contexts. As usual in Automath, a context consists of a sequence [x1 : All ... [ x , : A,], where 2 1 , ..., xn are distinct “variables” and A l , ...,A , are expressions (see below). A context indicator is either a variable followed by the symbol @ or just the symbol @. It denotes the context on which the line should be interpreted. If a context [x1 : All [ x :~Az] [x3 : A31 [ 2 4 : Ad] has been introduced earlier, the context indicator “ 2 3 62”indicates that the present line must be interpreted on context [x1 : All [ x :~Az] [x3 : A31 and the context indicator “x2 @” that the context will be [q : All [x2 : A z ] . If the context indicator is just @, the line should be interpreted on an empty context. If it is absent, the context of the line is the context of the previous AUT-II line. The context extension in a context line is a nonempty sequence [y1 : B1] ... [y, : B,], where again y1, ...,,y are distinct variables and B1, ...,B, are expressions. We now describe the effect of a context line. Suppose that somewhere in our book appears the context [x1 : All [x2 : Az] [xg : A3][x4 : Ad], and that the
A text fragment from Zucker’s “Real Analysis” (0.4)
735
context of the previous AUT-rI line is [z1 : Cl] [Q : Cz]. Then the context that is created by the line [yi : B11 [yz : B2][y3 : &]
will be :c 1 1 [.2 : CZ][yt : B1] [yz : &] [y3 : 831;
the context that is created by the line @
[Yi : B11 [Y2 :
B21 [3/3 : &]
will be [!/I
: B11 b 2 : B21 [3/3 :
&I;
the context that is created by the line xi
@
[pi : B11 [YZ : &]
[2/3
:83)
will be [XI
: A11 [?A : B 11 [3/2 : B2] [u3 : &];
and the context that is created by the line x4
@
[Yl : B11 [y2 : B2j
will be
(i)(b) A defining line also consists of two parts: a context indicator again, and a definition. The context indicator works exactly the same way as it does in a context line. In particular the context indicator is optional. The definition consists of a definiendum, a definiens and a type. Definiendum and definiens are separated by the symbol :=, and definiens and type by the symbol “:”. So a defining line looks like this:
x
@
definiendum
:= definiens
: type
The definiendum is an identifier or a fix symbol. Identifiers are sequences of letters, digits and the symbol “.”. Fix symbols are some special symbols like &, =, >, +, 7 ,etc. and any sequence of symbols in quotes (e.g. ‘and’). They are a special kind of identifiers, that can be used prefix, postfix or infix. Their specific use is indicated at the place where they are defined. In the fragment which is shown here, no fix symbols are defined, and hence we omit the relevant syntax.
736
L.S. van Benthem Jutting and R.C. de Vrijer
Fix symbols which have been defined in the previous book appear frequently in the text, though. The definiens and the type are expressions, separated by a semicolon ":". The type in a definition line is optional, as it is possible t o deduce it from the definiens (modulo convertibility). However, in most cases it is explicitly given in the text. We now describe briefly six important shapes of expressions. Lambda expressions, written as [x: A] b. The square brackets are used for lambda abstraction. In more traditional notation one would write Ax : A h . Application expressions, written as ( a )f , meaning the function f applied to the argument a. In Automath tradition, the argument is written before the function. II-expressions (for Cartesian products), written as II(f), where f denotes a type- (or prop-)valued function. Typically, [x : A] b : II([x : A] B ) holds if on the context extended with [x: A] we have b : B. C-expressions, written as C ( f ) ,where f denotes a type- (or prop-)valued function. A C-expression denotes a type of pairs (a,b ) , where the type of b may depend on a. Typically, we have (a,b ) : C([x : A] B ( z ) )if a : A and b : B(a). Zucker writes pair(a, b ) for (a,b ) , and p r o j l and proj2 for the left and right projections. So projl(pair(a,b ) ) definitionally equals a and proj2(pair(a, b ) ) equals b. Head expressions. If an identifier id has been defined earlier in context [xl : All ... [z, : A , ] , then id(a1, ...,a,) is an expression. Below we make a remark about omitting arguments from such expressions. Fix expressions. If fz is a prefix symbol then fz a will be a n expression, if fz is an infix symbol then afx b will be an expression, and similarly for postfix symbols. Ordinary brackets are used for parsing in this case. This is not yet a complete list. E.g., we did not mention the construction of disjoint sums of types. It may be observed that explicit occurrences of the II- and the C-construction are not encountered in the fragment. However, you will see for example R1 + R1, an infix expression that is definitionally equal to the type II([z: Rl] Rl), and V ( P ) , defined as II(P), where P is a predicate, i.e. P : II([x : Alprop) for some type A . As will become apparent later in this introduction, II- and Cexpressions, and also disjoint-sum types, do prominently figure in the background of the fragment. (On the use of products and disjoint sums in logic see [Zucker 77 (A.4)].)
A text fragment from Zucker’s “Real Analysis” (0.4)
737
(i)(c) A primitive notion line is like a defining line. The difference is that the definiens is not an expression, but PN, for primitive notion. In a primitive notion line a new identifier is declared and its type is given.
x
@ identifier I
:= PN
: type
Primitive notion lines do not occur in the present fragment.
Abbreviating expressions. 1. If the identifier id has been defined earlier on. the context [ X I : All ... [x, : A,] [x,+1 : A,+1] ... [xn : An] and if [ X I : All ... [z, : A,] is the initial part of the context of the line under consideration, then id(a,+l, ...,a,) denotes id(x1,...,x m ra,+l, ...,an). So, in particular, just id on the context [x1 : All ... [x, : An] denotes the full expression id(z1,...,zn).
2. For writing lambda expressions there is in some cases another abbreviation device. If in the book a defining line id
._ .-
a
: A
occurs, with context [q : A11 ... [x, : A,] [zm+l: A,+1] ... [&+k : A,+k], then [Icxlid denotes the expression [2m+1 : A,+i] ... [x,+k : A,+k] id(z,+l, ...,x,+k), that is the expression obtained by “lc times abstracting id”. Cf. [de Bruijn 72al.
3. Zucker exploits the facilities provided by AUT-SYNT. For a description of the AUT-SYNT mechanism see [ B . 5 ] .In Section 5 below we will point out some examples. (ii) Paragraph lines mark the paragraph structure of the text. The text is divided into a nested structure of paragraphs, which is largely independent of the context structure. The purpose of the paragraph structure is to provide the possibility of reusing identifiers. Every line of the text, be it an AUT-II line, a paragraph line or a comment line, belongs to a paragraph, the L‘active paragraph” of that line. Three kinds of paragraph lines are used to indicate the paragraph structure of the text: paragraph opening lines, paragraph reopening lines and paragraph closing lines. They determine the active paragraph of the lines which follow.
L.S. van Benthem Jutting and R.C. de Vrijer
738
Paragraph opening lines have the form +P where P is an identifier, a so called paragraph name. After such a line the active paragraph has name P , until another paragraph line appears. The active paragraph, Q say, of the paragraph opening line itself is called the “mother” of P , and P is called a “daughter” of Q.
Paragraph reopening lanes will not be discussed here, since they do not occur in the present text fragment. Paragraph closing lines have the form
-P where P must be the name of the active paragraph. The lines following this paragraph closing line have as active paragraph the mother of P. The reflexive and transitive closure of the relation mother is called “ancestor”, the reflexive and transitive closure of daughter is “descendant”. Inside paragraphs the definienda must be distinct. Reference to definienda in ancestor paragraphs is (essentially) direct, reference to definienda in nonancestor paragraphs is by “paragraph indicators”. These are characterized by two enclosing double quotes. We do not describe the referencing technique formally, but give a typical example. Consider the following text fragment:
+P @
two
:= 1 + 1
: N
2
:= tWO“.P”
: N
-P Suppose the first line in the text fragment has active paragraph Q. The paragraph opening line changes the active paragraph to P. The paragraph Q is the mother of P , and hence is an ancestor of P. The identifier two is a definiens in P. The paragraph closing line changes the active paragraph back to Q. The next line contains in its definiens the identifier two. This identifier is defined in paragraph P , which is not an ancester of Q. By adjoining to this identifier a paragraph indication we obtain two“.P”, t o be read as “the two from paragraph P”. More complicated paragraph indications are possible, but do not occur in the text fragment from “Real Analysis” which is shown. (iii) Skip lines serve for structuring the text by lay-out devices, and for communicating informal reminders, intuitions and considerations to human readers.
A text fragment from Zucker’s “Real Analysis” (D.4)
739
They are skipped in machine verification. There are two kinds of skip lines: comment lines and empty lines.
Comment lanes have one of the three forms ‘comment’ ‘remark’ ‘heading’
(arbitrary text) (arbitrary text) (arbitrary text)
Comment lines with ‘heading’ are used for dividing the text into chapters and sections. The present fragment occurs in Chapter 10, titled “Partial functions of a real variable”. It contains Section 7 and part of Section 8 from this chapter. Comment lines with ‘comment’ and ‘remark’refer to the AUT-II lines next t o them, ‘comment’ referring forward and ‘remark’ backward. In Zucker’s original manuscript empty lanes are indicated as follows: % . They are to be read as instructions to the typist for organizing the lay-out of the AUT-II text. Here these instructions have simply been followed.
2. SYNTACTIC USAGE Now we discuss, guided by a few specific examples, the manner in which Zucker makes use of the syntax. We start out with the use of paragraphs. The paragraph structure follows to some extent the chapter structure of the text, in such a way that chapters which depend on earlier chapters correspond t o paragraphs which are descendants of other paragraphs. Chapter 10, which contains the text fragment presented here, and which has as its subject matter partial functions of a real variable, starts, after some comment, by a paragraph opening line
+PF This paragraph P F (obviously for “partial functions”) has among its ancestors the following paragraphs:
SYNT containing syntactic constructors derived from the basic AUT-SYNT constructors CAT, DOM,etc. B containing basic concepts: logic, equality, sets, etc. L on linear orders. N on natural numbers. CL on complete linear orders. G on (abelian) groups.
L.S. van Benthem Jutting and R.C. de Vrijer
740
F E R
A4
on fields. on extended reals, i.e. Rl U (03, -m}. on reals. on metric spaces.
The list above shows the structure of the text “Real Analysis” up to Chapter 10. In fact Zucker’s “main” paragraphs often coincide with his chapters. Another use that is made by Zucker of the paragraph mechanism, is storing proofs of theorems in paragraphs that are created especially for this purpose, as these proofs will (most probably) not be referred to, and only the theorems are of interest. A typical example is the paragraph 73 (the third paragraph inside Section 7) in our text fragment. Before the opening line of this paragraph, the context is extended to
[h: pfn] [d : Rl][u: l ( d ) do(h)] , to be interpreted as: let h be a partial function from R t o R, let d be a real number and suppose d does not belong t o the domain of h. The goal is to prove that d does not belong to the domain of the derivative of h. Now first the paragraph 73 is opened and inside this paragraph the theorem is stated: th
.._
-(d) do(der.fn)
The type of th is omitted as this type is clearly prop. Note that, according to the convention on omitting variables, der.fn should be interpreted as der.fn(h). Then we see a number of lines which form together the proof of the theorem. The last of these lines has the definiendum pf, obviously meaning proof, and as its definiens an object of type th, that is, in the “proofs as objects interpretation”, a proof of the theorem. Then paragraph 73 is closed and outside the paragraph the theorem is restated, now with a suggestive name. In words it would run like the following. If we have a partial function, a real number and a proof that the real number does not belong to the domain of the function then we may conclude that the number does not belong to the domain of the derivative. The theorem (or rather its proof) now gets the illustrative name: not.do.so.not. do.der.fn, suggesting “a not in the domain of f so a not in the domain of the derived function of f”. The definiens comes from inside the paragraph, and is indicated by a paragraph indication:
A text fragment from Zucker’s “Red Analysis” ( 0 . 4 )
not.do.so.not. do. der.fn
:= pfl.73”
74 1
: l ( d ) do(der.fn)
After this line the contents of paragraph 73 can be forgotten. A shorter way of proceeding is demonstrated in paragraph 71 (the first paragraph of Section 7). Again, before opening the paragraph a relevant context is built:
[h : pfn] [d : Rl] [e : Rl] [u: (e) der(d, h)]
to be interpreted: let h be a partial function, d and e be reals, and suppose that e is the derivative of h at d. Now paragraph 71 is opened, but instead of stating a theorem, only a proof is given in three lines with definienda 11, 12 and 13 respectively, 12 proving (in the proofs as objects interpretation) that def (derw(d, h ) ) and 13 that e = j w ( der w(d, h)). Then the paragraph is closed and two theorems are extracted, by using the lines of 12 and 13 inside the paragraph. The first is do.der.fn
:= 12“.71”
: (d) do(der.fn)
The name d0.der.b is mnemonic for “(concerning the) domain of the derived function. Apparently (d) do(der.fn) definitionally equals def(der w(d, h ) ) . Note again that der.jh should be interpreted as der.fn(h). The second theorem is va.der.fn
:= sy(1314.71”)
: (der.fn; d) = e
Here sy stands for symmetry of equality. Now apparently der.fn ; d is definitionally equal to jw(derw(d, h ) ) .
3. CONTENTS OF THE PRECEDING TEXT The text fragment is not self-contained. There are, by way of the identifiers that are used, many references t o the preceding text. In order to make it yet accessible, we will briefly comment on some of the relevant parts of the AUT-II book preceding Section 7 of Chapter 10. For the description of the underlying logic and of the treatment of the reals we refer to [Zucker 77 (A.4)] in this Volume. Here we will focus on the way partial functions are formalized, on neighbourhoods and nearness predicates and on limits. Occasionally we cite from Zucker’s text and especially from his comments and remarks.
L.S. van Benthem Jutting and R.C. de Vrijer
742
To keep this section readable, we have not tried t o include all identifiers that might trouble the reader. Some have been covered already in the previous section. In Section 5 , after the synopsis, we list and discuss some other key identifiers from the preceding text, that occur in the fragment but did not yet find a place in this introduction.
Partial functions. The type R1 of real numbers is extended by considering the disjoint sum Rw of R1 with the type which has as its only element the object w (to be interpreted as “the undefined object”). The natural injection of R1 into Rw is i w , so if a : R1 then i w ( a ) : Rw. The image of w in Rw is w_. If b : Rw then def ( b ) is a proposition which is provably equivalent t o b # w_. As a matter of fact, def (g) is definitionally equal to I (contradiction), and def ( b ) is definitionally equal to T (truth) for b other than w_.
Then j w is the mapping from Rw t o R1 such that j w ( g ) is definitionally equal t o 0, and j w ( i w ( a ) ) is definitionally equal t o a (for any a : Rl). On the other hand, if b : Rw and u : d e f ( b ) then it can be proved that i w ( j w ( b ) ) = b (but here we do not have definitional equality!). The type p f n is defined as R1 + Rw. If f : p f n then the domain of f is the predicate do on R1, defined as follows: @I
[f do
: Pfnl
:=
[x: Rl] d e f ( ( a ) f )
:
pred(R1)
The type pred(Rl), denoting the predicates on the reals, is defined as the product type U([x : R l ] prop); see [Zucker 77 (A.4)]. If moreover a : R l then the value of f at a, considered as a real, is denoted by f ; a (where ; is used as an infix symbol).
Note that our remarks above, concerning definitional equality of ( d ) do( der.fn) and d e f ( d e r w ( d , h ) ) , and of d e r . f n ; d and j w ( d e r w ( d , h ) ) respectively, can now be derived, by inspection of the definition of der.fn.
Nearness. The subject of limits is prepared in a section on “nearness”. Zucker begins by taking a point a : R1 and defining the concepts of “neighbourhood” and “punctured neighbourhood” with centre a and (positive) radius p as predicates on the reals.
A text fragment from Zucker’s “Real Analysis” (0.4) @
743
[ a : R l ] [p : R p ] nb := [z : R l ]
( m 4 z + -a) 5 projl(p)) nd
:= [z : R l ]
( n b ( z )A 2 # a )
:
pred(R1)
Here R p is the type of positive reals, that is, the C-type C( [p : Rl] ( p > 0 ) ) . So p r o j l ( p a i r ( p ,u ) ) definitionally equals p . And mo obviously denotes the modulus. Finally, “-” is a prefix symbol denoting the additive inverse, so x -a means x - a in usual notation. Let P : pred(R1). We want to define the propositions “P holds near a” (i.e. in some punctured neighbourhood of a ) , “ P holds at and near a” (i.e. in some neighbourhood of a ) and also, for uniformity of treatment, “P holds at a” (i.e.
+
(4PI. a
@
[ P :p r e d ( R l ) ] at near.pred
:= ( a ) P
near at.near
:= 3(near.pred) := 3( [x : R p ] V( [y : R l ]
:=
: prop
[x: R p ] V([y : R l ] ((Y) n d ( z ) --* (Y) P ) )
((Y) n b ( z )
(Y) P I ) ) We introduce a parameter for a partial function f. a
@
If
+
: pred(R1) :
prop
: Prop
:pfnI
Now we define some more propositions: def.at def.near def.at.near
:= a t ( d o ( f ) ) := n e a r ( d o ( f ) ) := a t . n e a r ( d o ( f ) )
These say that f is defined at a, or near a , or at and near a (respectively). Apart from the definitions above, this section contains other definitions and theorems concerning the defined concepts. For our text, and for the concept of limit, the following definition is important.
f
@
[b : R l ] [p : R p ] near.nb := n e a r ( [ z : RZ]((x)d o ( f ) A ( f ;z) n b ( b , p ) ) ) The proposition near.nb expresses that near a the values of f are in the pneighbourhood of b.
Limits. Then follows a section entitled Limits. The context [a : R l ] [f : p f n ] in Section 3 is kept here. We first define the predicate of “being a limit, at point a, of the partial function f”.
L.S. van Benthem Jutting and R.C. de Vrijer
744
f
@
lim
:= [b : Rl]V ( [ E: Rp]
near.nb(b,E ) )
: pred(R1)
Note that the predicate lam can be satisfied only if a punctured neighbourhood of a lies within the domain of f. There are proofs that the limit is unique:
unq.lim
.- ... .-
: unq(1im)
(where unq is the unicity quantifier). Then limw is defined, being the (unique) limit if the predicate lirn holds for some r e d number, and w_ otherwise.
lirn w
.-.- ...
:Rw
[u : 3(lim)] lim w l
._ .- ...
: (jw(1imw))lim
satisfying
and [u : V([z : Rl] ( ~ ( zlim))] )
lam w 2
._ .- ...
:
limw
=(J
Moreover, going back to the context [a : RI] [f : pfn] [b : Rl],we have b
@
[ u :( b ) lim] 1im.so.lim.w
:=
...
: iw(b) = limw
1im.w.def .so.lim :=
...
:
Finally
f
0
[u : def (limw)]
(jw(1imw))lam
It should by now be not too difficult t o understand other properties of limits occurring in the fragment by their names and use.
4. SYNOPSIS OF THE TEXT FRAGMENT The text fragment starts with Section 7 of Chapter 10, “Differentiation”, containing the definition and some elementary properties of differentiation. It starts out by defining, in context [a : Rl] [f : pfn] (d : Rl] [u : d # a ] ,the difference quotient dq. Then dq.fn : p f n is defined in context [a : Rl][f : p f n ] as the partial function that assigns to any x for which i t is defined the difference quotient dq(a, f , x), or rather iw(dq(a,f,z)), its injection in Rw. (The definition uses def.pfn.g. For a description of this see Section 5 below.) Then the predicate of being the derivative o f f at a is defined as the limit of dq.fn at a.
A text fragment from Zucker’s “Real Analysis” (0.4)
f
@I
der
:= lim(dq.fn)
745
:
pred(R1)
On the context [h : pfn] the derivative of h can now be given as a partial function. h
@
der.fn
:= [z : Rl] d e r w ( z ,h)
: pfn
where der w ( z , h) stands for l z m w ( z , dq.fn(z,h ) ) . These definitions are followed by a few immediate consequences, mainly on the domain of the derivative in relation to the domain of the original function (paragraphs 71-74). Subsequently the context [a : Rl] [f : pfn] is extended with the assumption that f is differentiable at a, with b as the value of the derivative.
f
@I
[b : Rl] [b.der.a.f : ( b ) der]
Under this assumption, it is proved in paragraph 74 that f is defined at and near a, and in paragraph 75 that f must be continuous at a. This ends Section 7. Section 8 is devoted to finding the derivatives of certain functions and giving rules for differentiation. We outline the contents of the part of Section 8 that is included in the selection. The derivative of a constant function is computed. In particular, first, in paragraph 81, it is established that the derivative of a constant function at a is 0. a
62 [c : Rl] th
:= (0) der(con.fn(c))
: prop
Subsequently, this result is used in paragraph 82 to compute the derivative of the constant function as a function. th
:= der.fn(con.fn(c) = con .fun(0))
: prop
The same pattern is followed for the case of the identity function (paragraphs 83, 84). Finally, paragraph 85 is devoted to computing the derivative of the sum of two partial functions as the sum of the derivatives. That is, on the extended context
b.der.a.f @ [g : pfn] [c : Rl] [c.der.a.f : (c) der(g)] the following theorem is proved. th
:= ( b + c )
der(sum.fn(f,g))
: prop
L.S. van Benthern Jutting and R.C. de Vrijer
746
5. OTHER PRECEDING NOTIONS We conclude this introduction by listing some more notions from the preceding text, mostly in the order in which the corresponding identifiers appear in the fragment. The identifiers given here in addition to the ones discussed in the previous sections do still not form a complete list. We expect that the definitions of the missing identifiers can be guessed by their use and by Zucker’s practice of choosing suggestive names. stands for “quotient”. It requires three arguments: two real numbers and a proof that the second is nonzero. daf-nz
proves that the difference of two distinct reals is nonzero. In fact this is an example of the use of AUT-SYNT. Zucker derives first in context [a: Rl][b : Rl][u : a # b]
.- ...
Pf121
: (a+-b)#O
Then he defines in context [z1 : synt]
.dif.nz .pfltl (LASTELT(PREPART(TAIL(#, CAT(zl)))), LASTELT( TAIL(#, C A T ( z l ) ) )21) ,
# q, then dzf .nz(v) : (p+-q) # 0. In context [ P r : pred(Rl)] [F : n([z: Rl]II([u. : (z) P r ] Rl))]
Now if v : p
we have def .pfn.g : pfn. The partial function def.pfn.g has the same value as F at points where P r holds and is undefined otherwise. Note that literally speaking F is a function of two arguments: a real z and a proof of (z)P r . However, since in AUT-II we have irrelevance of proofs (see [Zucker 77 (A.d)]),the value of F depends only on the first argument. d0.pfn.g
This identifier and the following substantiate the just mentioned properties of def.pfn.g. First, if the context above is extended with [d : Rl][u : (d)P r ] , then d is in the domain: d0.pfn.g : (d)do( def .pfn.g(Pr,F)).
va.pfn.g
And, secondly, the value is as said: va.pfn.g : (def .pfn.g ; d) = ( u ) (d) F .
not.d0.pfn.g
If, on the other hand, the context is extended by [d : Rl] [u : ~ ( dP )r ] then n0t.do.pfn.g : ~ ( ddo(def.pfn.g(Pr, ) F)).
A text fragment from Zucker’s “Real AnaJysis” (0.4)
921
747
is for “substitutivity”: if P is a predicate, a = b and ( a )P holds, then so does (b) P. In the definition of su, again, AUT-SYNT is used. First in context [a: type] [ P : II([z: a]prop)] [a : a][b : a][u : a = b]
[v : (4 PI
we have the axiom
ax34
:= PN
: (b)P
.
Then, in context [z1 : synt] [ z :~synt] [z3 : synt]
we have
..-
su
ax94 ( D OM ( CA T(t.1)) , a ,
LASTELT(PREPART(TAIL(=, C A T ( z 2 ) ) ) ) , LASTELT( TAIL(=, C A T ( t z ) ) )~, 2 ~ 2 .3 ) Now if P : n([z : @]prop), u : c = d and TJ : (c) P (where @ : type, c : @ and d : @),then su(P,u, TJ): ( d ) P.
defd
is the “abstracted version of def” i.e. the predicate [ x : Rw]def ( x ) .
Pf.T
is a proof for T (denoting truth and defined by T := I -+ I).In fact pf.T := [z : I]z.
aP
is for “application of a function to equal arguments”: if f is a function and a = 6, then ( a )f = ( b ) f .
jwab
is the “abstracted version of jw” i.e. the function
[. : Rw]j w ( z ) . SY
is for symmetry of equality.
tr3
is for transitivity of 3 equalities: if a = b, b = c and c = d, then a = d. (Note that both sy and tr3 use AUT-SYNT.)
never
is for “always not”. Temporal adverbs are used as identifiers for quantifiers. If P is a predicate on Rl,say, then always(P) is ll([z : Rl] (z) P ) , and n e v e r ( P ) is n([z: Rl]( ~ ( 2P)) ) .
‘amp’
is implication between predicates. In fact if P and Q are predicates on R1, say, then
L.S. van Benthem Jutting and R.C. de Vrijer
748
amp
is the universal quantification of P ‘imp’ Q , that is
(Zucker uses similar notations for other connectives, e.g.
P ‘and’ Q
:= [z : RI]((z)P A (z) Q ) ,
and(P,Q)
:= l l ( [ z : R l ] ( ( z ) P A ( z ) Q ))) .
2.neg
is the double negation law.
ex. i
is for “introduction of existential quantifier” (by producing a witness).
ex. e
is “elimination of existential quantifier”. If 3([z : Rl] (z) P ) and V([z : Rl] ((z) P -, c)) then c.
hf cont
stands for
R1).
is continuity of f at a, defined in context [a : Rl][ f : p f n ] by
cont fn.pl.con
(with type
:=
( a )do( f ) A (f ; a) lzm(a,f) .
stands for “function plus constant”. If f : pfn and a : Rl then fn.pl.con(a,f ) is the function with the same domain as f,and with value (f ; z)+a, for z in that domain. Formally, if u : (b) do(f) then
do.fn.pl.con(f,a, b, u ) : ( b ) do(fn.pl.con(f,a ) ) and
va.fn.pl,con(f,a,6,u) : (fn.pl.con(f,a);6) = ((f;b ) + a ) ii.eq2
.
i f f : pfn and g : pfn, then i i . e q a ( f , g ) is the predicate
That is: (z) i i . e q t ( f , g ) means that z is in the domain of both f and g , and f and g are equal at 5.
A text fragment from Zucker’s “Real Analysis” (0.4)
749
aP2
is for “application of a binary function to equal arguments”: if f is a binary function, a = c and b = d then (b) ( a )f =
ti
is the product function [z : Rl] [y : Rl](z x y).
div. ti
(for “division” followed by “times”) proves that, for q # 0, e9 x q = p . Here, again, a notable use is made of AUT-SYNT. First, on context [a: Rl] [b : Rl] [u : b # 01 Zucker derives
(4 (4f .
Pf27 Then on context
..- ... [tl
: qu(a,b, u ) x b = a
.
: synt] [z2 : synt]
._ div.ti .pf27(.%1,LASTELT(PREPART( TAIL(#, C A T ( t 2 ) ) ) )2, 2 )
.
It follows that if p : Rl and v : q # 0
div.ti(p, v)
:= qu(p,q , v ) x q = p
triple
is defined by: triple(a, b, c) := pair(pair(a,b ) , c).
elsewhere
if a : R1 and P a predicate on R1 then
elsewhere(a, P ) := V([z : Rl]((x # a) --t (z) P ) ) . near.90. near.mod
proves that, for predicates P and Q , if elsewhere(P ‘imp’ Q ) and near(P), then near(&). Note that both “elsewhere” and “near” refer to a : R1,which is not mentioned explicitly here, but should be taken from the context.
near. eq2
near.eqd(f,g ) definitionally equals near(ii.eq2( f , 9 ) ) . So near.eq2(f1g) means that f and g are both defined near a, and that f and g are pointwise equal near a.
ti.@
stands for “times zero”, and proves a x 0 = 0.
O.pE
similarly, stands for “zero plus”, and proves 0
do2
stands for “the intersection of 2 domains”, i.e. d o 2 ( f , g ) := d o ( f ) ‘and’ do(g).
co
stands for ‘‘convergence of equality”, i.e. if a = c and b = c then a = b.
+ a = a.
750
L.S. van Benthem Jutting and R.C. de Vrijer
6. THE TEXT FRAGMENT
‘heading’ 7. DIFFEREN TIA TION
‘comment’ We return to the context “[a:Rl][f:pfn]” To begin with, we define the “difference quotient condition” (a predicate on the reals),
‘comment’ and (in an extended context) the “difference quotient”: [d:Rl] [u:d#a] dq := qu((f;d)+-(f;a),d+-a, dif.nz( u))
: R1
‘comment’ Then we define the “difference quotient function, at a, o f f ” (by the second of the two general methods given in Sec. 2).
f
@I
dq.term := [x:Rl][y:(x)dq.cond] dq(x,projl(y)) dq.fn := def,pfn.g(dq.cond,dq.term)
d
@I
: pfn
[u:d#a][v:(a)do(f)][w:(d)do(f)] do.dq.fn := do.pfn.g(dq.cond,dq.term, d,pair(u,pair(v,w)))
: (d)do(dq.fn)
va.dq.fn := va.pfn.g(dq.cond,dq.term, d,pair (u,pair(v,w)))
: (dq.fn;d)=dq(u)
d @ [u:~(d)dq.cond] not.do.dq.fn := not.do.pfn.g(dq.cond, dq.term,d,u)
: -(d)do(dq.fn)
A text fragment from Zucker’s “Real Analysis” (D.4)
75 1
‘comment’ Now we can define a “derivative, at a, o f f ” (as a predicate o n R1) to be a limit, at a, of the difference quotient function o f f at a.
f@
der := lim(dq.fn)
: pred(R1)
‘comment’ The derivative is unique, unq.der := unq.lim(dq.fn)
: unq(der)
‘comment’ and so we can define it as an object of type Rw, derw := limw(dq.fn)
:Rw
‘comment’ satisfying: [u:3(der)] derwl := limwl(dq.fn,u)
:
(jw(derw))der
f @ [u:never(der)] derw2 := limw2(dq.fnlu)
: derw=w
f 63 [b:Rl][u:(b)der] der.so.derw := lim.so.limw(dq.fn,b,u)
:
iw(b)=derw
:
(jw(derw))der
f @ [u:def(derw)] derw.def. so.der := limw.def.so.lim(dq.fn,u)
‘comment’ Now we can define the “derived function” of a partial function h as the partial function which has as its value the derivative of h, at any point where this exists, and which is undefined otherwise.
L.S. van Benthern Jutting and R.C. de Vrijer
752
@ [h:pfn]
h @
der.fn := [x:R1]derw (x,h)
: pfn
[d:Rl] [e:Rl][u:(e)der(d,h)] +71 11 :=
der.so.derw(d,h,e,u)
:= su(defd,ll ,pf.T) 13 := Ap(jwab,ll) 12
: iw (e)=derw (d,h) : def( derw (d,h)) : e=jw (derw (d,h))
-71
do.der.fn :=
12 “.71”
va.der.fn := sy(l~“.71”)
:
(d)do(der.fn)
:
(der.fn;d)=e
:
derw(d,h)=w
d 62 [u:never(der(d,h))]
+72 11 := derw.2(dlh,u) 12 := w .so.not .def( derw (d,h),11)
: ldef(derw (d,h))
-72
not.do.der.fn :=
12 “.72”
:
(d)do(der.fn)
1
‘comment’ A corollary of the last result as: d @ (u:l(d)d~(h)] +73 th := T(d)do(der.fn)
[v:3(der (d,h))] 11 :=
derwl(d,h,v)
: (jw(derw(d,h)))
der(d,h)
A text fragment from Zucker’s “Real Analysis” (D.4)
753
: (d)do(h)
:I u @
pf := not.do.der.fn([lx]l3)
: th
-73
not .do.so. not.do.der.fn := pf“.73”
(d)do(der.fn)
1
‘comment’ W e return again to the context ‘Ia:Rl][f:pfn]”, and assume now that f is differentiable at a; i n fact, we assume that we have explicitly given a derivative, at a, off. f @ [b:Rl][b.der.a.f:(b)der]
‘remark’ This context (or an extension of it) will be used in most of the rest of this chapter. ‘comment’ The first interesting thing we can say (in this context) is that f is defined at and near a. +74 t h l := def.at th2 := def.near th3 := def.at.near 11 := lim.so.def.near(dq.fn,b, b.der.a.f)
:
def.near(dq.fn)
:
(d)do(dq.fn)
[6:Rp][u:imp(nd( 6) ,do(dq.fn))] [d:R1][v:(d)nd(6)] 12 :=
(v)(d)u
L.S. van Benthem Jutting and R.C. de Vrijer
754
[w:l(d)dq.cond] 13 :=
v @
:I
:= 2.neg([lx]l3)
: (d)dq.cond
15 :=
:
16
projl(proj2(14)) := proj2(proj2(14))
: (d)do(f)
14
u @
(l*)not.do.dq.fn(d,w)
17 :=
18 :=
[2X]16 ex.i(near.pred(do(f)),6,17)
(a)do(f)
: imp(nd(6) ,do(f)) : th2
dl := a+(projl(6) x hf) 19 := in.nd(6) 110 := 15(d1,19) b.der.a.f @
pfl := ex.e(ll,[2x]llo) pf2 := ex.e(11,[2x]l~) pf3 := at .and.near.so.at .near( dO(f),Pfl,Pf2)
: :
thl th2
: th3
-74
der.so.def. at := pfl“.74”
: def.at
der.so.def. near := pf2“.74”
: def.near
def.so.def at.near := pf3“.74”
‘comment’ Further, f is continuous at a.
+75 b.der.a.f @
th := cont dif.fn := fn.pl.con(id.fn,-a) prod := prod.fn(dq.fn,diff.fn) new.fn := fn.pl.con(prod,f;a)
:
def.at.near
A text fragment from Zucker’s “Real Analysis” (0.4)
755
‘remark’ Then (for (x)do(new.fn)): (new.fn;x)=( ((dq.fn;x)x (x+-a))+(f;a)). [editor’s comment: So (new.fn;x)=(f;x). This is proved in 117 below.] p l := do(f) p2 := ii.eq2(f,new.fn) := der.so.def.at 12 := der.so.def.near
11
: (a)do(f) : near(p1)
[d:Rl][u:d#a] [v:(d)p 11
l3 := do,id.fn(d) l4 := do.fn.pl.con(id.fn,-a,d,l3) 15 := va.fn.pl.con(id.fn,-a,d,l3) 16 := do,dq.fn(d,u,ll ,v) 17 := va.dq.fn(d,u,ll,v) 18 := do.prod.fn(dq.fn,dif.fn,d, 16514) 19 := va.prod.fn(dq.fn,dif.fn,d, 16 914 )
(d)do(id.fn) (d)do(dif.fn) (dif.fn;d)=(d+-a) (d)do(dq.fn) : (dq.fn;d)=dq(d,u)
: : : :
:
: (prod;d)=((dq.fn;d)x
:
(dif.fn;d)) (d)do(new.fn) (new.fn;d)= ((prod;d)+(f;a) ((dq.fn;d)x (dif.fn;d))= (dq(d4)x (d+-a)) (dq(d,u)x(d+-a))= ( (f;d)+- (f;a)) (prod;d)=((f;d)+- (Ca)) ((prod;d)+(f;a))= ( ( ( W + - (f;4 )+(f;a) 1 (((f;d)+-(f;a))+(f;a))= (f;d) (new.fn;d)=(f;d) (d)P2
:
elsewhere(pl‘imp’p2)
do.fn.pl.con(prod,f;a,d,ls) va.fn.pl.con(prod,f;a,d,lg)
:
111 :=
112 :=
ap2(ti,17,15)
:
113 :=
div.ti((f;d)+-(f;a),dif.nz(u))
:
114 :=
tr3(19,112,113) ap(pl.Ri(f;a),ll4)
:
ll0 :=
115 :=
:
:
116 := plmi.pl(f;d,f;a)
:
tr3(111,115,116) 11s := triple(v,llo,sy(ll7))
:
117 :=
119 := [3x]11g b.der.a.f @I 120 := near.so.near.mod(pl,p2, 119912)
(d)do(prod)
: near.eq2(f,new.fn)
756
L.S. van Benthem Jutting and R.C. de Vrijer
127
1im.id.fn lim.fn.pl.con(id.fn,a,l21 ,-a) ~u(lim(dif.fn),pl.mi(a),l22) lim.prod.fn(dq.fn,b, b.der.a.fldif.fn,0,123) := su(lim (prod),ti.a(b) ,124) := lirn.fn.pl.c0n(prod,0,12~,f;a) := su(lim(new.fn),0.pl(f;a),126)
128
:= near.eq2.so.same.lim(fl
:= := 123 := 124 := 121
122
125 126
new.fn,l2o,f;a,l27)
: (a)lim(id.fn) : (a+-a)lim(dif.fn) :
(O)lim(dif.fn)
(b x O)lim(prod) (O)lim(prod) : (O+(f;a))lim(new.fn) : (f;a)lim(new.fn) : :
:
(f;a)lim(f)
:
th
-75
der.so.cont := pf“.75”
: cont
‘heading’ 8. RULES FOR DIFFERENTIATION ‘comment’ We compute the derivative, at the point a, of certain partial functions. (In some cases, we will also give an expression for the derived function of the given partial function.) First, the constant function. a @ [c:Rl] +81
th := (O)der(con.fn(c)) con := con.fn(c) dqf := dq.fn(con) 11 :=
do.con.fn(c,a)
: (a)do(con)
A text fragment from Zucker’s “Real Analysis” (0.4)
757
[d:R1][u:d#a] do.con.fn(c,d) := do.dq.fn(con,d,u,ll,12)
12 := 13
(d)do(con) : (d)do(dqf) :
iv.dif := iv(d+-a,dif.nz(u))
17 := tr3(14,15,16)
(dqf;d)= ((c+-c) xiv.dif) : ((c+-c)xiv.dif)= (0x iv.dif) : (Oxiv.dif)=O : (dqf;d)=O
la := pair(13,17)
: (d) ii .eq (dqf,0)
14 := 15
:= ap(ti.Ri(iv.dif),pl.mi(c))
I6 :=
a
@
va.dq.fn(con,d,u,ll,12)
19 :=
@.ti(iv.dif)
[2X]la
pf := elsewhere.con.so.lim(dqf, 0,191
:
: elsewhere.eq(dqf,O)
:
th
-81
der.con.fn := pf“.81”
: (O)der(con.fn(c))
‘comment’ A s a corollary we have the derived function of a constant function. @ [c:R1] +82 th := der.fn(con.fn(c) )=con. fn(0) con := con.fn(c) derc := der.fn(con)
L.S. van Benthem Jutting and R.C. de Vrijer
758
[d:Rl] (O)der(con) (d)do(derc) : (derc;d)=O : (d)do(con.fn(0)) : (d)ii.eq2(derc, con.fn( 0)) :
12 :=
:
13 14 15
c @
der.con.fn(d,c) da.der.fn(con,d,O,ll) := va.der.fn(con,d,O,ll) := do.con.fn(0,d) := triple(l2,14,13)
11 :=
pf := eq.tot.fn(derc,con.fn(O),[l~]l~): th
-82 der.fn.con.fn := pf “.82”
: der.fn(con.fn(c))=
con.fn(0)
‘comment’ Next, the derivative of the identity function at a, +83
a @
th := (l)der(id.fn) dqf := dq.fn(id.fn) 11 :=
do.id.fn(a)
:
(a)do(id.fn)
[d:Rl][u:d#a]
a @
12 := do.id.fn(d) l3 := do.dq.fn(id.fn,d,u,l1,12) l4 := va.dq.fn(id.fn,d,u,ll,lZ) 15 := ti.iv(dif.nz(u)) 16 := pair(l3,tr(l4,15))
: (d)do(id.fn)
(d)do(dqf) (dqfid)=dq(id.fn,d,u) : dq(id.fn,d,u)=l : (d)ii .eq(dqf, 1)
pf := elsewhere.con.so,lim(dqf, 1 ,x 1~1 ~ )
: th
: :
-83
der.id.fn := pf“.83”
‘comment’ and, again, the derived function.
:
(l)der(id.fn)
A text fragment from Zucker’s “Real Analysis” (0.4)
759
+84
@
th := der.fn(id.fn)=con.fn(l) der.fn := der.fn(id.fn)
a @
@
der.id.fn do.der.fn(id.fn,a,l,ll) l3 := va.der.fn(id.fn,a,l,ll) 14 := do.con.fn( 1,a) l5 := triple(12,14,13) 11 :=
:
12 :=
: : : :
pf := eq.tot.fn(der.fn,con.fn(l), [1X 115)
(l)der(id.fn) (a)do(der.fn) (der.fn;a)=l (a)do(con.fn(l)) (a)ii.eq2(der.fn, con.fn( 1))
: th
-84
der.fn.id.fn := pf“.84”
: der.fn(id.fn)=con.fn(l)
’comment’ The derivative of the sum function of two partial functions. (Note: we return to the context ‘la:Rl][f:pfn][b:Rl][b.der.a.f(b)der(f)] ” and extend it.) b.der.a.f @ [g:pfn] [c:Rl][c.der.a.g: (c)der(g)] +85
th := (b+c)der(sum.fn(f,g))
‘remark’ The idea an this proof (and other proofs in this section) is to define a partial function which is defined and equal to the diflerence quotient function under consideration near a, and for which the limit at a can be computed b y the rules for limits in See. 6. sum dqf dqg dqs sdq
:= := := := :=
sum.fn(f,g) dq.fn(f) dq.fn(g) dq.fn(sum) sumbn(dqf,dqg)
L.S. vm Benthem Jutting and R.C. de Vrijer
760
‘remark’ We want to prove “near.eq2(dqs,sdq)”, since the limit of the partial function sdq at a can be computed. p l := d02(f,g) p2 := ii.eq2(dqs,sdq) 11 := 12 :=
13 := 14 :=
der.so.def.at(f,b,b.der.a.f) der.so.def.at(g,c,c.der.a.g) do.sum.fn(f,g,a,ll,l2) va.sum.fn(flg,a,ll,12)
: (a)do(f) : (a)do(g) : (a)do(sum) : (sum;a)=(f;a)+(g;a)
l5 := der.so.def.near(f,b,b.der.a.f) : near(do(f)) 16 := der.so.def.near(g,c,c.der .a.g) : near( do(g) ) 17 := near.both(do(f),do(g),l5,16) : near(p1) [d:Rl][u:d#a][v:(d)pl] projl(v) : (d)do(f) proj2(v) : (d)do(g) : (d)do(sum) 110 := do.sum.fn(f,g,d,l8,19) 111 := va.sum.fn(f,g,d,l&) : (sum;d)=( (f;d) +(g;d) ) : (d)do(dqf) 112 := do.dq.fn(f,d,u,ll,le) 113 := va.dq.fn(fld,u,ll,18) : (dqf;d)=dq(f,d,u) 114 := do.dq.fn(g,d,u712,19) : (d)do(dqg) lI5 := va.dq.fn(g,d,u,l2,19) : (dqg;d)=dq(g,d,u) 116 := do.dq.fn(sum,d,u,l3,110) : (d)do(dqs) 117 := va.dq.fn(sum,d,u,l3,110) : (dqs;d)=dq( sum,d,u) 118 := do.sum.fn(dqfldqg,d,112,1~~) : (d)do(sdq) 119 := va.sum.fn(dqf,dqg,d,l12,114) : (sdq;d)= ((dqf;d)+ (dqg;d)) 18 :=
19 :=
dif.f := ((f;d)+-(f;a)) dif.g := ((g;d)+-(g;a)) dif.sum := (sum;d)+- (sum;a) 120
:= ap2(dif,lll,l4)
: dif.sum=(((f;d)+(g;d))+-
((f;a)+(g;a)))
dif.sum.is.sum.difs(f;d,g;d, f;a,g;a) := tr(120~121)
121 := 122
: dif.sum=(dif.f+dif.g)
A text fragment from Zucker’s “Real Analysis” ( 0 . 4 )
q l := dif.nz(u) iv.dif := iv(d+-a,ql)
76 1
: (d+-a)#O
123 :=
ap(ti.Ri(iv.dif),lzz)
: dq(sum,d,u)=
124 :=
Ri.dist(dif.f,dif.g,iv.dif)
: ((dif.f+dif.g) xiv.dif)=
((dif.f+dif.g) xiv.dif) (dq(f,d,u)+dq(g,d,u))
c.der.a.g @
129 :=
[3x]lzs
: elsewhere(pl‘imp’p2)
130 :=
near.so.near.mod( p l ,p2, 129’17)
:
near.eql(dqs,sdq)
lim.sum.fn(dqf,b,b.der.a.f, dqg,c,c.der.a.g)
:
(b+c)lim(sdq)
:
th
131 :=
pf := near.eq2.so.same.lim(dqs, ~dq,l3o,b+~,l3i)
-85 der.sum.fn := pf“.85”
: (b+c)der(sum.fn(f,g))
This Page Intentionally Left Blank
763
Checking Landau’s “Grundlagen” in the Automath System Appendices 3 and 4 (The PN-lines; Excerpt for “Satz 27”) L.S. van Benthem Jutting APPENDIX 3.
THE PN-LINES FROM THE PRELIMINARIES
+L *A A*B B * IMP 1 * CON A * NOT A * WEL A* W 2 W*ET B*EC B * AND *SIGMA SIGMA * P P * ALL P * NON P * SOME
._ .._
-----
:= [X,A]B
..-
PN
:= IMP(C0N) :=NOT(NOT(A))
.-._ ._ .-
---
PN
:=IMP(A,NOT(B))
:= NOT(EC(A,B))
.._ ._
---
---
:= P := [X,SIGMA)NOT((X)P) := NOT(NON(P))
;PROP ;PROP ;PROP ; PROP ;PROP ;PROP ; WEL(A) ;A ;PROP ;PROP ;TYPE ; [X,SIGMA]PROP ;PROP ;[X,SIGMA]PROP ;PROP
+E SIGMA * S S*T 3 T * IS 4 S * REFIS P*S S*T TtSP SP*I 5 I * ISP P * AMONE
P * ONE
.._
-----
.._ ._ ..-.-
PN PN
---
:= :=
.-__ :=
__--..-
..-
PN := [X,SIGMA][Y,SIGMA][U,(X)P][V, (Y)PIIS(X,Y) := AND(AMONE(SIGMA,P), SOME(SIGMA,P))
.._ - - P*O1 .6 Ol*IND Pn 7 Ol*ONEAX .- PN .- - - SIGMA t TAU := TAU t F F * INJECTIVE:= ALL((X,SIGMA]ALL([Y,SIGMA]
..._
___
SIGMA SIGMA PROP IS(S,S) SIGMA SIGMA (S)P
; IS(S,T) ; (T)P ; PROP ;PROP ; ONE(SIGMA,P) ; SIGMA ; (1ND)P ; TYPE
; [X,SIGMA]TAU
IMP(IS(TAU,(X)F,(Y)F),IS(X,Y)) ))
; PROP
L.S. van Benthem Jutting
764
8 9 10
11 12
13
14
15 16 17 18 19 20
F*TO TO * IMAGE TAU * F F*G G*I I * FISI P*OT P*O1 OlrIN 01 * INP P * OTAXl P*S S*SP S P t OTAX2 TAU * PAIRTYPE TAU t S S+T T t PAIR TAU * P1 P1 *FIRST P1 *SECOND P 1 * PAIRISl
___
:= ; TAU := SOME([X,SIGMA]IS(TAU,TO,(X)F)) ; PR O P .._ - - ; [X,SIGMA]TAU ._ .- - - ; [X,SIGMA]TAU
._ ._ ._ .._ ..._ .-..-.._ .-
:=
._ ._ .-.-
:=
--PN PN --PN PN PN
___ --PN PN
[X,SIGMA]IS(TAU,(X)F,(X)G) IS( [X,SIGMA]TAU,F,G) TY PE OT SIGMA (WP
INJECTIVE(OT,SIGMA,[X,OT]
IW)) ;SIGMA ; (S)P ; IMAGE(OT,SIGMA,[X, OTlIN(X),S) ; TY PE ;SIGMA ; TAU ; PAIRTYPE ; PAIRTYPE ;SIGMA ; TAU
....._ .._ .-
___
:= := :=
PN PN PN
T * FIRSTISl := T * SECONDISl:=
PN PN
; IS(SIGMA,FIRST(PAIR),S) ; IS(TAU,SECOND(PAIR),T)
._ .._
PN
;TYPE ;SIGMA ; SET ; PR O P ; SET ; SIGMA ; (S)P ;ESTI(S,SETOF(P)) ;ESTI(S,SETOF(P)) ; (S)P ;SET ;SET
. . ~
PN
___
; IS(PAIRTYPE,PAIR(FIFlST,
SECOND),Pl)
-E +*E +ST 21 SI G M A r SET SIGMA * S
s*so
22 23
SO*ESTI P * SETOF P*S S*SP 24 SP*ESTI I S*E 25 E * ESTIE SIGMA t SO SO li TO TO * INCL
:=
._ ...:=
.._ ..-
._ ._ .._ ._
---
___
PN PN
___
--PN
---
PN
-----
:= ALL( [X,SICMA]IMP(ESTI(X,SO),
ESTI(X,TO)))
26 -ST -E -L
TOtI I*J J * ISSETI
:=
.._ ..-
.-.
--PN
;PROP ; INCL(S0,TO) ; INCL(T0,SO) ; IS(SET,SO,TO)
Checking Landau’s “Grundlagen”,Excerpt for “Satz 27” (0.5)
EXCERPT FOR “SATZ 27”
APPENDIX 4. +L *A A+B B * IMP B*A1 Al*I ItMP B*C C*I I +J J + TRIMP + CON A + NOT A * WEL A*A1 A 1 * WELI A +W W+ET AtCl C 1 + CONE
:= :=
---
---
:= [X,A]B :=
._
___
---
:= (A1)I :=
.._
:=
--_
---
___
:= [X,A]((X)I)J
.-
PN
:= I M P ( C 0 N ) := NOT(NOT(A))
._ ._
---
:= [X,NOT(A)](Al)X
._
.._
---
PN
---
:= ET([X,NOT(A)]Cl)
;PROP ;PROP ;P R O P
;A ; IMP(A,B) ;B ;PROP ;IMP(A,B) ; IMP(B,C) ; IMP(A,C) ;P R O P ;P R O P ;P R O P ;A ;WEL(A) ; WEL(A) ;A ; CON ;A
+IMP B+I I +J J: T H 1 BtN N + TH2 BIN N*I 11: T H 3 B*A1 AltN N t TH4 BIN N + TH5 N + TH6 -IMP
._ :=
---
___
; IMP(A,B) ; IMP(NOT(A),B)
:=ET(B,[X,NOT(B)]((TRIMP(CON,I,
._
X))J)X)
;B
._
XI)
; IMP(A,B) ; NOT(B) ; IMP(A,B) ; NOT(A)
--; NOT(A) := TRIMP(CON,B,N,(X,CON]CONE(B, :=
---
---
:= TRIMP(CON,I,N) := _ - -
;A
___ := [X,IMP(A,B)](Al)TH3(N,X) := _ - -
; NOT(B) ;NOT(IMP(A,B)) ; NOT(IMP(A,B))
:= ET([X,NOT(A)](THZ(X))N) := [X,B]([Y,A]X)N
; NOT(B)
:=
;A
765
L.S. van Benthem Jutting
766 BtEC
:=IMP(A,NOT(B))
;PROP
._ ._
; EC(A,B)
+EC BtI I * TH1 BtI I t TH2 -EC BtE EtA1 A1 t E C E l E*B1 B1 t ECEZ B t AND BtA1 A1 t B1 B1 t AND1 B+A1 A1 t A N D E l A1 t ANDEP
._ ._
-----
;A ; NOT(B) ;B :=TH3"-IMP"(NOT(B),WELI(B,Bl),E) ; NOT(A) := NOT(EC(A,B)) ;P R O P := .-;A
:= (A1)E :=
___
._
---
;B
:= TH4"-IMP"(NOT(B),Al,WELI(B,Bl)) ; AND(A,B)
._ ._
---
:= TH5"-IMP"(NOT(B),Al) := ET(B,THG"-IMP"(NOT(B),Al))
; AND(A,B) ;A ;B
+AND BtN N*A1 A1 * T H 3
._
--.
:=
.._
:= E C E l ( E T ( E C , N ) , A l )
; NOT(AND) ;A ; NOT(B)
:= IMP(NOT(A),B)
;PROP
-AND B+OR B*A1 A1 * OR11 B*B1 B 1 * OR12
.-._
--;A :=TH2"-IMP"(NOT(A),B,WELI(Al)) ; OR(A,B) ._ - - ;B := [X,NOT(A)]Bl
; OR(A,B)
+OR B*I I t TH2
._
--; IMP(NOT(B),A) := (X,NOT]ET(B,TH3"L-IMP"(NOT(B), AW)) ; OR(A,B)
-OR Bt Ot Nt Ot Nt
O N ORE2 N ORE1
._ ._
-----
:= (N)O
._
; OR(A,B) ; NOT(A)
;B
--; NOT(B) := ET(TH3"-IMP"(NOT(A),B,N,O)) ; A
Checking Landau’s “Grundlagen”,Excerpt for “Satz 27” (0.5) +*OR BtN N*M M * TH3
._
---
___
:=
; NOT(A) ; NOT(B)
:=TH4“L-IMP”(NOT(A),B,N,M)
; NOT(OR(A,B))
._ ._ ._
; OR(A,B) ; IMP(A,C)
-OR c * o O*I I*J J * ORAPP
-----
.._ ; IMP(B,C) := TH1“-IMP”(C,I,TRIMP(NOT,B,C, QJ)) ;C
:=
+*OR
O*I I I; TH7 O*I I IT H 8 C*D D*O O*I I*J J * TH9
._ __ - - -
; IMP(A,C)
:= TRIMP(NOT(C),NOT,B,[X,NOT(C)]
._ ._
TH3“L-IMP”(A,C,X,I) ,0)
---
:=TRIMP(NOT(A),B,C,O,I)
._ ._ ._ ._
---------
:=THT(A,D,C,TH8( A,B,D,O,J),I)
; OR(C,B)
; IMP(B,C) ; OR(A,C)
;P R O P ; OR(A,B)
; IMP(A,C) ; IMP(B,D) i OR(C,D)
-OR
* SIGMA SIGMA * P P * ALL
._
---
.-._
---
;T Y P E ; [X,SIGMA]PROP ;PROP
---
; SIGMA
:= P
+ALL P*S S*N N * TH1
._
:= - - _ := [X,ALL(SIGMA,P)]((S)X)N
; NOT((S)P)
; NOT(ALL(SIGMA,P))
-ALL
P * NON P * SOME P*S S*SP S P * SOME1
:= [X,SIGMA]NOT((X)P) := NOT(NON(P))
.-._ :=
---
---
:= TH1“-ALL”(NON(P),S,WELI((S)P,
SP))
; [X,SIGMA]PROP ;PROP
; SIGMA ; (S)P ; SOME(SIGMA,P)
+SOME P*N N * TH5 -SOME
:= _ _ . := WELI(NON(P),N)
; NON(P) ; NOT(SOME(SIGMA,P))
767
L.S. van Benthem Jutting
768 P*S s * x X*I
:=
._ ._ ._ ._
___
; SOME(SIGMA,P)
---
; PR O P
---
; [Y,SIGMA]IMP((Y)P,X)
---
; NOT(X)
---
;SIGMA ; NOT((T)P)
+*SOME I*N N*T T*T5 NtT6
.-._ ._
:=TH3'Z-IMP''((T)P,X,N,(T)I) := MP(SOME(SIGMA,P),CON,S,
TH5([Y,SIGMA]T5(Y)))
; CON
-SOME I * SOMEAPP := ET(X,[Y,NOT(X)]T6"-SOME'(Y)) ;X +*SOME P*Q Q*S
S*I
I * TH6
-SOME C * AND3 C*A1 A1 * AND3El A1 * AND3E2 A1 * AND3E3 C*A1 A1 * B1 B 1* C1 C 1* AND31
:= AND(A,AND(B,C))
._
---
; PR O P
; ANDB(A,B,C)
:= ANDEl(AND(B,C),Al) ;A := ANDEl(B,C,ANDEz(AND(B,C),AI)) ;B := ANDEz(B,C,ANDEz(AND(B,C),Al)); C
._ ._ ._ ._
-------
;A ;B ;C
:= ANDI(A,AND(B,C),Al,
ANDI(B,C,Bl,Cl))
; AND3(A,B,C)
+AND3 C*A1 A1 * T H l
._
--AND3E3( Al) ,AND3E1(Al))
-AND3
AND3(A,B,C)
:= AND3I(B,C,A,AND3EZ(Al),
ANDB(B,C,A)
Checking Landau’s “Grundlagen”, Excerpt for “Satz 27’’ (0.5) C t EC3 CtE
:=AND3(EC,EC(B,C),EC(C,A))
E t TH1 E * TH 3 E t TH4
:= ANDBEl(EC,EC(B,C),EC(C,A),E) :=AND3E3(EC,EC(B,C),EC(C,A),E) := THl“L-ANDB”(EC,EC(B,C),EC(C,
._
---
+EC3
‘413) -EC3 EtA1 A1 t EC3E12 A1 t EC3E13 EtB1 B1 t EC3E23 B1 t EC3E21
___
:= := ECEl(THl“-EC3”,Al) := ECE2(C,A,TH3“-EC3” ,Al) := _ - := EC3E12(B,C,A,TH4“-EC3”,Bl) := EC3E13(B,C,A,TH4“-EC3”,Bl)
+*EC3 CtE EtF FtG G * TH6
:= := :=
___ ___ _-.
:= ANDBI(EC,EC(B,C),EC(C,A),E,F, G)
-EC3 +E SIGMA t S StT T * IS S * REFIS PtS StT TtSP SPtI I * ISP SIGMA * S StT TtI I t SYMIS T*U UtI I*J J t TRIS
._ ._ ..._ .-
:=
._ ._ :=
.-.._ ._ ._ :=
---
--PN PN __.
-----
___ PN ----___
:= ISP( [X,SIGMA]IS(X,S),S,T,
._ :=
._ ._
REFIS(S),I)
---
___
---
:=ISP( [X,SIGMA]IS(X,U),T,S,J,
SYMIS( I)) ._ _ - UtI ._ --ItJ := TRIS(S,U,T,I,SYMIS(T,U,J)) J * TRIS2 := TtN N t SYMNOTIS := TH3“L-IMP”(IS(T,S),IS(S,T),N, [X,IS(T,S)]SYMIS(T,S,X))
___
769
L.S. van Benthern Jutting +NOTIS U*N N*I I t TH 3 N*I I * TH4
._ .-._
-----
; NOT(IS(S,T))
IS(T,U)
:= ISP( [X,SIGMA]NOT(IS(S,X)),T,U,
._ ,_
NJ)
---
:= THB(SYMIS(U,T,I))
NOT(IS(S,U)) IS(U,T) NOT(IS(S,U))
-NOTIS UtV VrI I*J JtK K * TR3IS v * w W*I I*J J*K K*L L * TRIIS P * AMONE P
* ONE
PtA1 A1 * S S t ONE1 P*O1 01 t IND 01 t ONEAX SIGMA t TAU TAU t F FtS S*T T*I I t ISF TAU * F F*G G*I I*S S t FISE
GtI I t FISI -E +*E +ST
:=
._ :=
.._
___ --__.
---
:=TRIS(S,U,V,TRIS(I,J),K)
._ ._ ._ .._ ._
----------:= TRIS(S,V,W,TR3IS(I,J,K),L)
SIGMA IS(S,T) IS(T,U) IS(U,V) IS(S,V) SIGMA IS(S,T) IS(T,U) IS(U,V) IS(V,W) IS(S,W)
:= [X,SIGMA][Y,SIGMA][U,(X)P][V,
(Y)PIIS(X,Y)
PROP
:= AND(AMONE(SIGMA,P),
._ .._ .-
SOME(SIGMA,P)) ---
---
PROP AMONE(SIGMA,P) SOME(SIGMA,P)
:= ANDI(AMONE(SIGMA,P),
._ ._ ._ .._ .._ := := :=
._ ._
SOME(SIGMA,P),Al ,S)
---
PN PN
---
___ ___
..-
---
:= ISP(SIGMA,[X,SIGMA]IS(TAU,(S)
ONE(SIGMA,P) ONE(SIGMA,P) SIGMA (1ND)P TY PE [X,SIGMA]TAU SIGMA SIGMA IS(S,T)
F,(X)F),S,T,REFIS(TAU,(S)F),I) IS(TAU,(S)F,(T)F) --; [X,SIGMA]TAU --; (X,SIGMA]TAU --; IS([X,SIGMA]TAU,F,G) --: SIGMA := ISP( [X,SIGMA]TAU,[Y,[X,SIGMA] TAU]IS(TAU,(S)F,(S)Y),F,G,
._ ._ ._ ._ ._ ._ ._
.._ ._ .-
REFIS(TAU,(S)F),I)
--PN
; IS(TAU,(S)F,(S)G) ; [X,SIGMA]IS(TAU,(X)F,(X)G) ; IS([X,SIGMA]TAU,F,G)
Checking Landau’s “Grundlagen”, Excerpt for “Satz 27” (D.5) SIGMA * SET SIGMA * S StSO SO t EST1 P * SETOF P*S S*SP S P * EST11 S*E E * ESTIE
77 1
;TYPE ;SIGMA ; SET ; PROP ; SET ;SIGMA ; (S)P ; ESTI(S,SETOF(P)) ; ESTI(S,SETOF(P)) ; (S)P
+EQ +LANDAU +N
* NAT *X X*Y Y * IS Y * NIS x*s S * IN *P P * SOME P * ALL *1 1; SUC *X X*Y Y*I I * AX2 * AX3 * AX4
*S S I CONDl S * COND2
* AX5
._ .._ ._
PN
; TYPE
-----
; NAT
:= IS“E”(NAT,X,Y) := NOT(IS(X,Y))
.._
---
:= ESTI(NAT,X,S)
._
---
:= SOME“L”(NAT,P)
:= ALL“L”(NAT,P) ._ .- PN ..- P N
._
---
:=
..-
._
---
:= ISF(NAT,NAT,SUC,X,Y,I)
._ .._ .-
PN PN
._ ._
---
:= IN(1,S) := ALL( [X,NAT]IMP(IN(X,S),IN((X)
._ .-
SUC,S))) PN
; NAT ; PROP ; PROP ; SET(NAT) ; PROP ; [X,NAT]PROP ; PROP ; PROP ; NAT ; [X,NAT]NAT ; NAT ; NAT ; IS(X,Y) ;I s ( ( x ) s u c , ( Y ) s u c ) ; [X,NAT]NIS((X)SUC,l) ; [X,NAT][Y,NAT][U,IS((X)SUC,
(Y)SUC)I~S(X,Y) ; SET(NAT) ; PROP ; PROP ; [S,SET(NAT)][U,CONDl(S)]
[V,COND2(S)][X,NAT]IN(X,S)
; [X,NAT]PROP
*P PtlP 1P * XSP XSP * x
+I1 x*s XtT1 X*Y Y+YES YES t T2 YES * T3 XtT4
__-
; SET(NAT) ; CONDl(S) ; NAT
---
; IN(Y,S)
:= SETOF(NAT,P) := ESTII(NAT,P,l,lP) :=
._ ._
:= ESTIE(NAT,P,Y,YES)
(Tl)(S)AX5 -I1
:. (Y)P I I
:= ESTII(NAT,P,(Y)SUC,(T2)(Y)XSP) ; IN((Y)SUC,S) := (X) ([Y,NAT][U,IN(Y,S)]T3(Y,U)) ; IN(X,S)
L.S. van Benthem Jutting
772 X * INDUCTION := ESTIE(NAT,P,X,T4“-11”) *X := := X*Y := Y*N
___ ___ ___
; (X)P ; NAT ; NAT ; NIS(X,Y)
+21
___
N*I IrTl
:=
N * SATZl
:= TH3“L-IMP” (IS( (X)SUC,(Y)SUC),
:= (I)(Y)(X)AX4
;I s ( ( x ) s u c , ( Y ) s u c ) ; IS(X,Y)
-21
IS(X,Y),N,[U,IS((X)SUC,(Y)SUC)l T1“-21”(U))
; NIS((X)SUC,(Y)SUC)
+23 X * PROPl
* T1
:= OR(IS(X,l),SOME([U,NAT]IS(X,
W)SUC)))
; PR O P
:=ORIl(IS(l,l),SOME([U,NAT]IS(l,
XtT2
; PR O Pl ( 1 ) (U)SUC)),REFIS(NAT,l)) := SOMEI(NAT,[U,NAT]IS((X)SUC,(U) SUC),X,REFIS(NAT,(X)SUC)) ; SOME([U,NAT]IS((X)SUC,(U)SUC)
X*T3
:= ORIZ(IS( (X)SUC,l),SOME([U,NAT]
XcT4
IS( (X)SUC,(U)SUC)),T2) ; PROPl((X)SUC) := INDUCTION([Y,NAT]PROPl(Y),Tl, [Y,NATI[U,PROPl(Y)]T3(Y),X); PROPl(X)
)
-23 X*N N * SAT23
:= ... ; NIS(X,l) := OREZ(IS(X,l),SOME([U,NAT]IS(X, (U)SUC)),T4“-23” ,N) ; SOME([U,NAT]IS(X,(U)SUC))
Y*Z
._ ._
---
: NAT
X*F F * PROPl
:=
___
; [Y,NAT]NAT
+24
F * PROP2 X*A A*B BtPA PA * PB PBtY Y * PROP3 P B * T1 PB * T 2 P B * T3
:= ALL((Y,NAT]IS(((Y)SUC)F,((Y)F)
S W )
:= AND(IS((l)F,(X)SUC),PROPl)
:=
___
:=
..-
:=
.--
:= :=
.--
___
:= IS((Y)A,(Y)B) := ANDEl (IS((1)A ,( X) SUC) ,PROP1(A)
; PR O P ; PR O P ; [Y,NAT]NAT ; [Y,NAT]NAT ; PROPZ(A) ; PROPZ(B) ; NAT ; PR O P
,PA) ; IS((1)A,(X)SUC) := ANDEl(IS((l)B,(X)SUC),PROPl(B) ; IS((1)B,(X)SUC) ,PB) := TRISZ(NAT,(l)A,(l)B,(X)SUC,Tl, ; PROP3( 1) T2)
Checking Landau’s “Grundlagen”,Excerpt for “Satz 27” (0.5) :=
P*T6
:=ANDE2(IS((l)B,(X)SUC),PROPl(B)
PtT7 PtT8 P*T9
:= (Y)T5
PB * T11 XtAA
X * PROP4 t t
T12 T13
* T14 X*P P*F FtPF PFtG PFtY Y * T15 PF * T16 PF t T17 Y * T18 Y * T19 Y t T20 Y * T21 PF * T22 PF * T23 PF t T24 P t T25
XtBB -24
___
Y*P PtT4 P*T5
Y * T10
773
:= AX2((Y)A,(Y)B,P) :=ANDE2(IS( (l)A,(X)SUC),PROPI(A)
,PA) J’B)
:= (Y)T6
:= TRBIS(NAT,((Y)SUC)A,( (Y)A)SUC,
((Y)B)SUC,( (Y)SUC)B,TI,TQ, SYM1S“E”(NAT,( (Y)SUC) B,((Y)B) SUC,T8)) ; PROP3((Y)SUC) := INDUCTION([Z,NAT]PROPB(Z),T3, [Z,NAT][U,PROPS(Z)]T9(Z,U),Y) ; PROPB(Y) := FISI(NAT,NAT,A,B,[Y,NAT]TlO(Y)) ; IS“E’’( [Y,NAT]NAT,A,B) := [Z,[Y,NAT]NAT][U,[Y,NAT]NAT] [V,PROP2(Z)][W,PROP2(U)]Tll(Z, U,V,W) ; AMONE([Y,NAT]NAT,[Z,[Y,NAT] NAT]PROP2(Z)) := S0ME“L” ([Y,NAT]NAT,[Z,[Y ,NAT] ; PROP NAT]PROP2(Z)) := [X,NAT]REFIS(NAT,((X)SUC)SUC); PROP1(1,SUC) :=ANDI(IS((l)SUC,(l)SUC), PROPl(l,SUC),REFIS(NAT,( 1)SUC) ,TW ; PROP2(1,SUC) := SOMEI([Y,NAT]NAT,[Z,[Y,NAT] NAT]PROP2(1,Z),SUC,T13) PROP4(1) := _ _ _ PROP4(X) := _ _ _ [Y,NAT]NAT ._ - - PROP2(F) [Y,NAT]NAT := [Y,NAT]((Y)F)SUC := --NAT :=REFIS(NAT,(Y)G) IS((Y)G,((Y)F)SUC) := ANDEl(IS((l)F,(X)SUC),PROPl(F) ,PF) ; IS((1)F,(X)SUC) := TRIS(NAT,(l)G,((l)F)SUC,((X) SUC)SUC,TlB(l),AXS((l)F,X) ( SUC,Tl6)) ; IS( (l)G,( (X)SUC)SUC) := ANDE2(IS((l)F,(X)SUC),PROPl(F) ,PF) ;PROPl(F) := (Y)T18 ; IS(((Y)SUC)F,((Y)F)SUC) := TRIS2(NAT,((Y)SUC)F,(Y)G,((Y) F)SUC,T19,T15) := TRIS(NAT,((Y)SUC)G,(((Y)SUC)F) SUC,((Y)G)SUC,T15((Y)SUC), AX2( ((Y)SUC)F,(Y)G,TBO)) := [Y,NAT]T21(Y) := ANDI(IS((l)G,((X)SUC)SUC), PROPl((X)SUC,G),T17,T22) :=SOMEI((Y,NAT1NAT,[Z,(Y,NAT] NAT]PROP2((X)SUC,.Z);G,T23)’ ; PROP4((X)SUC) :=SOMEAPP([Y,NAT]NAT,[Z,[Y,NAT] NAT]PROP2(Z),P,PROP4( (X)SUC), [Z,[Y,NAT]NAT][U,PROP2(Z)] T24(Z,U)) ; PROP4((X)SUC) := INDUCTION([Y,NAT]PROPI(Y),T14, [Y,NAT][U,PROP4(Y)]T25(Y,U),X) ; PROP4(X)
L.S. van Benthem Jutting
774 X * SATZ4
:=ONEI([Y,NAT]NAT,[Z,[Y,NAT]NAT]
PROP2“-24”(Z),AA“-24”,BB“-24”); ONE“E”([Y,NAT]NAT,[Z,[Y,NAT] NAT]AND(IS((l)Z,(X)SUC), ALL([Y,NAT]IS(((Y)SUC)Z,((Y)
Z)=JC))))
X * PLUS
:= IND([Y,NAT]NAT,[Z,[Y,NAT]NAT]
Y*PL
:= (Y)PLUS
X t T26
:= ONEAX([Y,NAT]NAT,[Z,v,NAT]
PROP2“-24”(Z),SATZ4)
NAT]PROP2(Z),SATZ4)
; [Y,NAT]NAT ; NAT
; PROP2(PLUS)
-24 X * SATZ4A
:= ANDEl(IS((l)PLUS,(X)SUC),
X * T27
:= ANDE2(IS((l)PLUS,(X)SUC),
PROP1“-24”(PLUS),T26“-24”)
; IS(PL(X,l),(X)SUC)
+*24 PROPl(PLUS),T26)
; PROPl(PLUS)
-24 Y t SATZ4B
:= (Y)T27“-24”
; rs(PL(X,(Y)suC),(PL(x,Y))suc)
:=Tll(l,PLUS(l),SUC,T26(1),T13)
; IS”E”([Y,NAT]NAT,PLUS(l),SUC)
+*24
* T28 -24 X * SATZ4C
:= FISE(NAT,NAT,PLUS(l),SUC,
T28“-24”,X)
; IS(PL(1,X),(X)SUC)
+*24 X t T29
:= T1l((X)SUC,PLUS((X)SUC),
[Y,NAT] ((Y)PLUS)SUC,T26((X) SUC),T23(BB,PLUS,T26))
; IS“E”([Y,NAT]NAT,PLUS((X)SUC),
[Y,NAT] ((Y)PLUS)SUC)
-24 Y * SATZ4D X * SATZ4E
Y t SATZ4F X * SATZ4G
:= FISE(NAT,NAT,PLUS((X)SUC),
[Z,NAT] ((Z)PLUS)SUC,T29“-24”, Y) := SYMIS(NAT,PL(X,l),(X)SUC, SATZ4A) :=SYMIS(NAT,PL(X,(Y)SUC),(PL (X,Y))SUC,SATZ4B) :=SYMIS(NAT,PL(l,X),(X)SUC, SATZ4C)
; IS(PL( (x)suc,Y),(PL(x,Y))suc) ; IS((X)SUC,PL(X,1)) ; Is((PL(x,Y))suc,PL(x,(Y)suc)) ; IS((X)SUC,PL(l,X))
Checking Landau's "Grundlagen", Excerpt for "Satz 27" (D.5)
775
Z*I I * ISPLl I * ISPL2
f25 Zt
PROPl
Y*Tl
:= rs(PL(PL(X,Y),z),PL(x,PL(Y,z)) ) ; PROP
:= TR31S(NAT,PL(PL(X,Y),l),(PL
~
ZtP P*T2 P+T3
~
,
~
~
~
~
~
~
-25 Zt
SAT25
:= INDUCTION([U,NAT]PROPl
"-25"
(U),T1"-25" ,[U,NAT][V,PROP1"-25" (U)]T3"-25"(U,V) ,Z) ; IS(PL(PL(X,Y) ,Z) ,PL(X,PL(Y,Z)
Z 1: ASSPLl
:= SAT25
))
; IS(PL(PL(X,Y),Z),PL(X,PL(Y,Z)
1) +26 Y c PROPl Y*Tl YtT2 Y*T3 YtP PrT4 PtT5 PtT6
:= IS(PL(X,Y),PL(Y,X))
:= SATZIA(Y)
:= SATZ4C(Y) := TRIS2(NAT,PL(l,Y),PL(Y,l),(Y)
; PROP ; IS(PL(Y,l),(Y)SUC) ; IS(PL(l,Y),(Y)SUC)
; PROPl(1,Y) SUC,T2,T1) --; PROPl(X,Y) := TRIS(NAT,(PL(X,Y))SUC,(PL(Y,X) )SUC,PL(Y,(X)SUC),AX2(PL(X,Y), PL(Y,X),P),SATZ4F(Y,X)) ; Is((PL(x,Y))suc,PL(Y,(x)suc)) := SATZ4D ; IS(PL((x)suc,Y),(PL(x,Y))suc) :=TRIS(NAT,PL((X)SUC,Y),(PL(X,Y) )SUC,PL(Y, (X) SUC),T5,T4) ; PROPl((X)SUC,Y)
._
- 26
Y I SAT26
Y t COMPL
,
~
PL(X,PL(Y,l)),SATZ4A(PL(X,Y)), SATZQF,ISPLP( (Y)SUC,PL(Y,l),X. SATZ4E(Y))) : PROPl(1) := - _ _ ; PROPl(2) := AXZ(PL(PL(X,Y),Z),PL(X,PL(Y,Z)) P) ; IS((PL(PL(X,Y),Z))SUC,(PL (X,PL(Y,Z)))SUC) := TR4IS(NAT,PL(PL(X,Y),(Z)SUC), (PL(PL(X,Y),Z))SUC,(PL(X,PL ~ Y , Z ~ ~ ~ S U C , P L ~ X , ~ ~ ~ ~ ~ , ~ ~ ~ ~ ~ ~ ~ , PL(X,PL(Y,(Z)SUC)),SATZ4B(PL( X,Y),Z) ,TZ,SATZIF(X,PL(Y ,Z)), ISPL2((PL(Y,Z))SUC,PL(Y,(Z) SUC),X,SATZIF(Y,Z))) ; PROPI((2)SUC)
:= INDUCTION([Z,NAT]PROP1"-26"
(Z,Y),T3"-26 ,[Z,NAT] [U,PROP1"-26b (Z,Y)]T6"-26"(Z, Y,U),X) :=SAT26
L.S. van Benthern Jutting
776 +27 Y * PROP1 XtTl X*TZ Y*P P*T3 P*T4
:=NIS(Y,PL(X,Y)) ; PROP := SYMNOTIS(NAT,(X)SUC,l,(X)AX3); NIS(l,(X)SUC) := TH4"E-NOTIS"(NAT,l,(X)SUC, PL(X,l),Tl,SATZIA) ; PROPl(1) := ; PROPl(Y) NIS( (Y)SUC,(PL(X,Y))SUC) := SATZl(Y,PL(X,Y),P)
-__
:= TH4"E-N0TIS1'(NAT,(Y)SUC,(PL
(X,Y))SUC,PL(X,(Y)SUC),T3, SATZ4B)
PROPl((Y)SUC)
-27 Y * SATZ7
:= INDUCTION([Z,NAT]PROPl"-27"
(Z),T2"-27",[Z,NAT][U,PROPl"-27" ; NIS(Y,PL(X,Y)) (Z)]T4"-27"(Z,U) ,Y) ; PROP Z* DIFFPROP := IS(X,PL(Y,Z))
+29
Y*I Y * I1 Y * 111 Y * ONEl ONEl * U U*Tl UcT2 ONEl * T3 Y*T4 ONEl * T5 Y *T6 Y t TWOl TWOl * THREEl THREEl I U U*DU DU*V V*DV DV * T6A
:= IS(X,Y)
; PROP
.._ ._
;I
; PROP := SOME([U,NAT]DIFFPROP(X,Y,U)) ; PROP := SOME([V,NAT]DIFFPROP(Y,X,V))
----:= TRIS(NAT,PL(U,X),PL(X,U), PL(Y,U),COMPL(U,X), ISPLl(U,ONEl)) := TH3"E-NOTIS"(NAT,X,PL(U,X), PL(Y,U) ,SATZ7(U,X),Tl) := TH5"L-SOME"(NAT,[U,NAT] DIFFPROP(U),[U,NAT]T2(U)) := THl"L-EC"(I,II,[Z,I]T3(Z)) := T3(Y,X,SYMIS(NAT,X,Y,ONEl)) := TH2"L-EC"(III,I,[Z,I]T5(Z)) ._ - - -
DU * T8 THREEl * T9 TWOl * T10
; IS(PL(U,X),PL(Y,U)) ; NIS(X,PL(Y,U))
;NOT(II) ; EC(I.11) ; NOT(II1) ; EC(II1,I) ; I1 ._ - - ; 111 ._ ._ - - ; NAT ._ - - ; DIFFPROP(X,Y,U) ._ ._ - - ; NAT := ___ ; DIFFPROP(Y,X,U) :=TR4IS(NAT,X,PL(Y,U),PL(PL(X,V)
,
DV * T7
: NAT
~
~
,
~
~
~
~
,
~
X),DU,ISPLl(Y,PL(X,V),U,DV), ASSPLl(X,V,U),COMPL(X,PL(V,U)) ) ; IS(X,PL(PL(V>U) 3)) := MP(IS(X,PL(PL(V,U),X)),CON, TSA,SATZ7(PL(V,U),X)) ; CON := SOMEAPP(NAT,[V,NAT]DIFFPROP (Y,X,V),THREEl,CON,[V,NAT] [DV,DIFFPROP(Y,X,V)]T7(V,DV)) ; CON := SOMEAPP(NAT,[U,NAT]DIFFPROP (U),TWOl,CON,[U,NAT] [DU,DIFFPROP(U)]T8(U,DU)) ; CON := [Z,III]TS(Z) ;NOT(III)
~
~
~
Checking Landau’s “Grundlagen”, Excerpt for “Satz 27” ( 0 . 5 )
777
Y*T11 Y*A
:= TH1 “L-EC”(II,III,[Z,II]TlO(Z)) := TH6”L-EC3”(I,II,III,T4,T11 ,T6)
; EC(I1,III) ; EC3(1,11,111)
Y * SATZ9B
:= A“-29”
; EC3(IS(X,Y),SOME([U,NAT]
-29
DIFFPROP(X,Y.U)),SOME(
[V,NAT]DIFFPROP(Y,X,V)))
Y * MORE Y * LESS Y * SATZlOB
:= SOME([U,NAT]DIFFPROP(X,Y,U)) ; PR O P := SOME([V,NAT]DIFFPROP(Y,X,V)) ; PR O P := SATZ9B ; EC3(IS(X,Y),MORE(X,Y),
Y*M M * SATZll Y * MOREIS Y * LESSIS Y*M M t SATZl3
:=
_-_
:= M := OR(MORE,IS(X,Y)) :=OR(LESS,IS(X,Y))
._ ._
---
LESS(X,Y)) ; MORE(X,Y) ; LESS(Y,X) ; PR O P ; PR O P ; MOREIS(X,Y)
:= TH9“L-OR”(MORE,IS(X,Y),
LESS(Y,X),IS(Y,X),M,[Z,MORE] Z*I I*M M * ISMOREl
._
SATZll(Z),[Z,IS(X,Y)] SYMIS(NAT,X,Y ,Z))
; LESSIS(Y,X)
--; IS(X,Y) := - _ ; MORE(X,Z) := ISP(NAT,[U,NAT]MORE(U,Z),X,Y,
; MORE(Y,Z) MA ._ I*M ._ - - ; MOREIS(X,Z) M * ISMOREIS1 := ISP(NAT,[U,NAT]MOREIS(U,Z),X, ; MOREIS(Y,Z) Y,M,I) I*M := -__ ; MOREIS(Z,X) M 8 ISMOREIS2 :=ISP(NAT,[U,NAT]MOREIS(Z,U),X, ; MOREIS(Z,Y) Y,M,I) ._ - - Y*I ; IS(X,Y) I 1: MOREIS12 :=ORI2(MORE(X,Y),IS(X,Y),I) ; MOREIS(X,Y) Y*M := ; MORE(X,Y) M * MOREISIl := ORIl(MORE(X,Y),IS(X,Y),M) ; MOREIS(X,Y) z*u ._ - - ; NAT ._ - - U*I ; IS(X,Y) ._ I*J ._ - - ; IS(Z,U) ._ J*M --; MOREIS(X,Z) M * ISMOREIS12:= ISMOREIS2(Z,U,Y,J, ISMOREISl(X,Y,Z,I,M)) ; MOREIS(Y,U) .._ - - YtM ; MORE(X,Y) M * SATZlOG := TH3“L-OR”(LESS(X,Y),IS(X.Y),
___
.-
__
EC3E23(IS(X,Y),MORE(X,Y), LESS(X,Y),SATZlOB,M),
EC3E21(IS(X,Y),MORE(X,Y), LESS(X,Y),SATZlOB,M)) Y * SATZ18
:= SOMEI(NAT,[U,NAT]
Z*M
.-
; NOT(LESSIS(X,Y))
DIFFPROP(PL(X,Y),X,U),Y,
._
REFIS(NAT,PL( X,Y)))
---
; MORE(PL(X,Y),X) ; MORE(X,Y)
L.S. van Benthem Jutting
778
+319
___
MtU UtDU DU t T 1
:=
DU t T 2
:= TRJIS( NAT,PL(X,Z),PL(PL(U,Y),
._ ._
; NAT
--;DIFFPROP(U) := TRIS(NAT,X,PL(Y,U),PL(U,Y),DU, COMPL(Y ,U))
Z
DU t T3
~
,
; IS(X,PL(U,Y))
~
~
~
~
,ISPLl (X,PL(U,Y),Z,Tl), ASSPLl(U,Y ,Z) ,COMPL(U,PL(Y ,Z)) ) := SOMEI(NAT,[V,NAT]
, ;~
~
~
~
~
~
~
DIFFPROP(PL(X,Z),PL(Y,Z),V),U, T2)
; MORE(PL(X,Z),PL(Y,Z))
-319 M t SATZ19A
:= SOMEAPP(NAT,[U,NAT]DIFFPROP
(U),M,MORE(PL(X,Z),PL(Y,z)), [U,NAT][V,DIFFPROP(U)] T3“-319”(U,V)) ZtM
:=
___
; MORE(PL(X,Z),PL(Y,Z)) ; MOREIS(X,Y)
MtN N * T4
:=
___
; MORE(X,Y)
+*319
M*I I*T5
:= MOREISIl(PL(X,Z),PL(Y,Z),
.-
SATZ19A(N)) ...
; MOREIS(PL(X,Z) ,PL(Y ,Z)) ; IS(X,Y)
:= MOREISI2(PL(X,Z),PL(Y,Z),
ISPLl(X,Y,Z,I))
; MOREIS(PL(X,Z) ,PL(Y ,Z))
-319 M * SATZ19L
M * SATZ19M
:= ORAPP(MORE(X,Y),IS(X,Y),
MOREIS(PL(X,Z),PL(Y,Z)),M,
[U,MORE(X,Y)]T4”-319” (U),[U,IS (X,Y)]T5“-319”(U))
; MOREIS(PL( X,Z) ,PL(Y ,Z))
:= ISMOREISl2(PL(X,Z),PL(Z,X),
PL(Y,Z),PL(Z,Y),COMPL(X,Z), COMPL(Y,Z),SATZlSL)
; MOREIS(PL(Z,X),PL(Z,Y))
+324 X*N NtU UtI ItTl
:= :=
..-
___
._ ._
---
:=TRIS(NAT,X,(U)SUC,PL( l,U),I,
SATZ4G(U)) I*T2
:= ISMOREl(PL(l,U),X,l,
SYMIS(NAT,X,PL( 1,U),Tl), SATZ18( 1,U)) N*T3
;M O R E ( X , l )
:= SOMEAPP(NAT,(U,NAT]IS(X,(U)
SUC),SATZ3( X,N),MORE(X,l),
[U,NAT][V,IS(X,(U)SUC)]TZ(U,V) )
-324
; MORE(X,l)
,
~
~
~
~
~
Checking Landau’s “Grundlagen”, Excerpt for “Satz 27” (D.5) X t SATZ24
:= TH2“L-OR”(MORE(X,l),IS(X,l),
X * SATZ24A YtM
:= SATZ13(X,l,SATZ24) :=
[U,NIS(X, l)]T3“-324”(U))
___
779
; MOREIS(X,l) ; LESSIS(1,X) ; MORE(Y,X)
+325
MtU U*DU DU t T1 DU * T2
___
:=
.._
---
; NAT ; DIFFPROP(Y,X,U)
:= SATZlSM(U,l,X,SATZ24(U)) ; MOREIS(PL(X,U),PL(X,l)) := ISMOREISl(PL(X,U),Y,PL(X,l), SYMIS(NAT,Y,PL(X,U),DU),Tl) ; MOREIS(Y,PL(X,l))
-325 M * SATZ25
:= SOMEAPP(NAT,[U,NAT]DIFFPROP
(Y,X,U),M,MOREIS(Y,PL(X,l)),
[U,NAT][V,DIFFPROP(Y ,X,U)] T2“-325”(U,V))
; MOREIS(Y,PL(X,l))
Y*L L * SATZ25B
:= - - ; LESS(Y,X) := SATZl3(X,PL(Y,l),SATZ25(Y,X,L)
*P P*N
.-._
NrM M t LBPROP
._
NtLB N * MIN PtS
:= ALL([X,NAT]LBPROP“-327”(X)) ; PROP := AND(LB,(N)P) ; PROP
1
._
---
---
; LESSIS(PL(Y,l),X) ; [X,NAT]PROP
: NAT
+327
---
:= IMP((M)P,LESSIS(N,M))
; NAT ; PROP
-327
:=
__-
:=
___
; SOME(P)
+*327
S*N NIT1 ScT2 StL L*Y Y +YP YP * T3 YP t T4 YP * T5 YP * T6 YP t T7 LtT8
:= [X,(N)P]SATZSIA(N)
:= [X,NAT]Tl(X)
; NAT ; LBPROP(1,N)
;LB(1) ; [X,NAT]LB(X) ; NAT : (Y)P := SATZ18(Y,1) ; MORE(PL(Y,l),Y) : NOT(LESSIS(PL(Y,l),Y)) := SATZlOG(PL(Y,l),Y,T3) := TH4“L-IMP”( (Y)P,LESSIS(PL(Y,l) ; NOT(LBPROP(PL(Y,l),Y)) ,Y),YP,W := TH1“L-ALL”(NAT,[X,NAT] ; NOT(LB(PL(Y,l))) LBPROP(PL(Y,l),X),Y,T5) := MP(LB(PL(Y,l)),CON,(PL(Y,l))L, : CON T6) := SOMEAPP(NAT,P,S,CON,[X,NAT] : CON [Y,(X)PlT7(X,Y))
._
:= :=
---
___ ___
L.S. van Benthem Jutting
780 StN
._
--.
; NON(NAT,[X,NAT]AND(LB(X),
NtM MtL LtT9
:=
___
; NAT
---
;W M ) ; NOT(AND(LB(M) ,NOT(LB(PL
L t T10 L t T11 N t T12 S t T13 StM MIA At T14 At T15 A * NMP NMP * N NtNP NP t T16 NP * T17
._
:= (M)N
:= ET(LB(PL(M,l)),
NP * T19 NMP * T20 NMP * T21 A * T22 A t T23
(M.1)))))
TH3"L-AND"(LB(M), ; LB(PL(MJ)) NOT(LB(PL(M,l))),Tg,L)) := ISP(NAT,[X,NAT]LB(X),PL(M,l), ; LB((M)SUC) (M)SUC,TlO,SATZ4A(M)) := [X,NAT]INDUCTION([Y,NAT]LB(Y), T2,[Y,NATl[Z,LB(Y)]Tll(Y,Z),X); (X,NAT]LB(X) := [X,NON(NAT,[X,NAT]AND(LB(X), NOT(LB(PL(X,1)))))]T8(T12(X)) ; SOME([X,NAT]AND(LB(X), NOT(LB(PL(X,1))))) ._ ; NAT ._ - - := .-. ; AND(LB(M),NOT(LB(PL(M,l)))) := ANDEi(LB(M),NOT(LB(PL(M,l))), ;L B W A) := ANDEz(LB(M),NOT(LB(PL(M,l))), ; NOT(LB(PL(M,l))) A) := --; NOT((M)P) ._ ._ - - ; NAT ._ - - ; (N)P ; LESSIS(M,N) := MP((N)P,LESSIS(M,N),NP,(N)T14) :=TH3"L-IMP"(IS(M,N),(M)P,NMP, [X,IS(M,N)]ISP(NAT,P,N,M,NP,
NP t T18
NOT(LB(PL(X,1)))))
SYMIS(NAT,M,N,X))) := OREl(LESS(M,N),IS(M,N),T16, T17) := SATZ25B(N,M,T18) := [X,NAT][Y,(X)P]T19(X,Y) := MP(LB(PL(M,l)),CON,T20,TlS) :=ET((M)P,[X,NOT((M)P)]T21(X)) := ANDI(LB( M),(M)P,T14,T22)
; NOT(IS(M,N))
LESS(M,N) LESSIS(PL(M,l),N) LB(PL(M,1)) CON (M)P MIN(M)
-327 S * SATZ27
:= TH6"L-SOME"(NAT,[X,NAT]
AND(LB(X),NOT(LB(PL(X,l)))), [X,NAT]MIN(X),T13"-327",
[X,NAT][Y,AND(LB(X), NOT(LB(PL( X,l))))]T23"-327"(X, Y)) -N -LANDAU -EQ -ST -E -L
; SOME([X,NAT]MIN(P,X))
PART E Verification
This Page Intentionally Left Blank
783
A Verifying Program for Automath I. Zandleven'
0. SUMMARY
This paper describes the Automath verifier which is being operated [in the beginning of the seventies] at the Technological University at Eindhoven. The description is given in terms of a number of procedures, written in an ALGOL-like language. The contents are: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.
General remarks. The description language. The translator. Some basic notions and procedures. Substitution. Reductions. CAT and DOM. Definitional equality. Correctness of expressions. Correctness of lines. A paragraph system. Final remarks.
For the theoretical background we refer t o the papers of Prof. de Bruijn, D. van Daalen and R. Nederpelt: [ d e Bruijn 70a (A.211, [de Bruijn 73b], [van Daalen 73 (A.3)] and [Nederpelt 73 (C'.3)].
1. GENERAL REMARKS
1.1. The aim of this paper is to give a rough description of how the AUT-68 and AUT-QE verifier is constructed and how it works. Most of the procedures 'The author is employed in the Automath project and is supported by the Netherlands Organization for the Advancement of Pure Science (Z.W.O.).
I . Zandleven
784
are much simplified for the sake of clarity and so as not t o bother the reader with topics like memory organization, error messages etc.
1.2. The whole verifier is embedded in a conversational system (operating via a terminal) in order t o control the amount of work the program might do in certain cases (mostly when an error in the Automath text has been made). The parts of the procedure texts, whose execution is (partly) controlled by human intervention, are placed between the brackets ?( and )? . Furthermore there is the opportunity to the user to debug the text on-line. 1.3. Notations 1.3.1. Expressions are denoted by A, B, ...,A l , A2, ... etc. 1.3.2. Syntactical identity is denoted by
=.
1.3.3. Bound variables in abstraction expressions are denoted by x,y, ...; thus e.g. [z : A] B. 1.3.4. Expression strings are denoted by C, I?, ... . 1.3.5. An expression, occurring in an expression string C is denoted by C with a subscript; thus C = (El, ...,C,), where Ci are the expressions occurring in C ( i = 1,...,n). 1.3.6. Each non-empty string C can be divided into two parts: C+ := the last expression of C C- := the rest of C (which may be empty)
.
Example. If C = A, B, C ( D ,E ) ,F ( G ,H ) then C+ = F ( G ,H ) , C- = A , B , C ( D ,E ) .
1.3.7. The composition of a string is denoted by the parenthesis (( and )) = ((C+, C-)).
e.g.: C
1.3.8. An indicator string [van Daalen 73 ( A . 3 ) , 2.131 is denoted by I , and a context [van Daalen 7 3 (A.3), 2.21 by 0. 1.3.9. Sometimes, in theoretical discussions, the notation of D. van Daalen is used [van Daalen 73 ( A . 3 ) , 5.31.
A verifying program for Automath ( E l )
785
2. THE DESCRIPTION LANGUAGE
2.1. The language used for the description of the verifying procedures, is based upon ALGOL '60. 2.2. Several types (in the sense of ALGOL '60) are added, e.g. expression, defined name, etc.
2.3. A construction case ... of begin ... end is added, to avoid repeated if ... then ...else-constructions. The values of the case selector are placed before the entries, as labels. Examples. The statement if color = red then paint (river valley) if color = white then paint (Christmas) else if color = blue then paint (moon) else paint (nothing) ,
may now be written as: case color of begin red: paint (river valley); white: paint (Christmas); blue: paint (moon); otherwise: paint (nothing); end;
Another possibility is: paint (case color of begin red: river valley; white: Christmas; blue: moon; otherwise: nothing; end);
So the case-construction may be used for both statement selection and assignment selection.
I. Zandleven
786
Some non-ALGOL symbols are used, e.g. t-, 0,..., and sometimes procedure identifiers are defined as infix, e.g. d OLDER THAN b would be written OLDERTHAN(d, b ) in correct ALGOL. 2.4.
2.5. Each procedure, whose identifer is written in capitals or non-ALGOL symbols, is explained.
2.6. No use is made of the parameter device: value. If an actual parameter has to be evaluated, this is done once only at the beginning of the procedure. All further calls are calls by reference to a program variable.
3. THE TRANSLATOR
Before Automath texts are presented with the verifier, they are passed through a translator. One may consider this translator as a preprocessor, checking the context-free part of the Automath syntax (parentheses, commas etc.), coding the identifier-paragraph identification (see 11),completing the expressions written in shorthand, etc.
4. SOME BASIC NOTIONS AND PROCEDURES
4.1. Shapes Most of the procedures must be able to distinguish the different characteristic forms in which expressions appear. For this purpose we introduce the notion shape, which represents the outermost characteristic form of an expression. E.g. the expression:
(4B)) C ( b Dl E ) has the “application shape”, symbolically denoted by an application expression such as ( P )Q or ( E l )E z .
4.1.1. The shapes, and their symbolism, which are used, are:
A verifying program for Automath ( E l )
787
shape
symbolism
type Prop variable bound variable
type Prop variable boundvar
constant shape application shape abstraction shape
d(C)
( A )B [x : A] B
4.1.2. When using this symbolism for the shapes, we will permit ourselves to use the sub-elements of it, as expressions on which to operate (without explicit declaration of and assignment to the program variables). So we may write, for example: if shape ( E ) = [x : A] B then domain := A else ... ,
4.2. Primitive procedures Often, during the verification process of a book B we need the indicator string, the middle expression or the category expression of a certain line of B. Each line in the book U is uniquely indicated by the name introduced in the identifier part of that line (possibly with a paragraph reference, see 11). These names will belong to the ALGOL-type def inedname. Because an indicator string may be considered as a string of expressions, we may introduce the 4.2.1. expressionstring procedure INDSTR ( d ) ; definedname d comment INDSTR becomes the indicator string of the line in which d is defined;
For the middle and category expression procedures:
4.2.2. expression procedure MIDDLE ( d ) ; def inedname d; comment MIDDLE becomes the middle expression of the line in which d is defined. Of course this procedure is only allowed for those d which represent an abbreviation.
I. Zandleven
788
4.2.3. expression procedure CATEGORY ( d ) ; def inedname d; comment CATEGORY becomes the category expression of the line in which d is defined (both for EB lines, PN lines and abbreviations);
The bodies of these procedures cannot be explained without going into details of memory organization, a subject which is beyond the scope of this note. 4.2.4. Another primitive procedure, OLDER THAN, will be explained in 8.2.
5. SUBSTITUTION
5.1. We have introduced two different shapes (and codings) for variables to be able to distinguish properly between all the variables occurring in an expression. By “shape = variable” we code the variables which occur in indicator strings (these variables are sometimes called parameters). By “shape = boundvar” we code the variables which occur in abstractors. Furthermore, in one Automath book, all binding variables (i.e. variables occurring as z in [z : A] ...) get different code-numbers. So the substitution becomes a simple replacement operation. Now there is only one possible way t o get a so-called clash of variables, namely in the following example. Suppose we have an expression like [z : A] (..., ( B ( z ) )[y : C ][z : A] D(y), ...)
.
If we want to reduce the expression between the dots (by &reduction), we will obtain the expression [z : A1 D ( B ( z ) )
and we see that the z in D ( B ( z ) )is bound by the wrong abstractor now. It is claimed by the author that by this coding system no clash (conflict, confusion) of variables arises during the verification process of Automath. 5.2. Substitution for free variables At first we define a procedure SUBST, which will replace free variables (shape = variable) by expressions, as follows:
Let v be a string of free variables (mutually distinct), let r be an equally long string of expressions,
789
A verifying program for Automath [ E l )
let E be an expression. The procedure SUBST constructs a new expression by replacing in E all w, by the corresponding ri. The procedure (function) identifier SUBST will become the resulting expression: ([wl,...,wn/rl,...,r,]lE (see [van Daalen 73 (A.311 for this notation). We call this procedure by e.g.
SUB ST(^, r, E ) . The string analogue of SUBST(v, I?, E ) , STRINGSUBST(v, I', C) means: replace, in all C j , all vi by the corresponding ri.
5.2.1. Procedure text 5.2.1.1. expression procedure SUBST(v, r, E ) ; expression E ; expressionstring v,r; comment shape (vi) must be variable; SUBST := case shape ( E ) of begin variable : if 3io:=i(vi = E ) then rio else E ;
r,
: STRINGSU SUB ST(^, E ) ) ; : SUB ST(^, A ) ) SUB ST(^, B ) ; ( A )B [z : A] B : [z : SUBST(v, A ) ]SUBST(v, I', B ) ; otherwise : E ;
d ( ~ )
r,
r,
r,
end:
5.2.1.2. expressionstring procedure STRINGSUBST(v, r, C); expressionstring v,r,C; comment shape (vi) must be: variable; STRINGSUBST is the string-analogue of SUBST; STRINGSUBST := if C = 0 then 0 else ((STRINGSUBST(v, r,C-), SUBST(w, r, C+))) 5.3. Substitution for bound variables (shape = boundvar) This is like the substitution for free variables (apart from the fact that only one boundvar at a time is substituted for). Therefore we will only give the procedure heading.
1. Zandleven
790
5.3.1. expression procedure BOUNDSUBST(z, A , E ) , boundvar z; expression A , E ; comment A is either an expression or another boundvar to substitute for x in E,.
6. REDUCTIONS The reductions involved in the verification of correctness of =-formulas (cf. 8) are a-,P-, r]- and &reduction. See also [van Daalen 73 (A.3), 2.12 and 6.21.
6.1. a-reduction To perform an a-reduction one can easily use the procedure BOUNDSUBST. For an expression [x: A] B , where z is t o be replaced by y (say), we have simply to construct [y : A] BOUNDSUBST(z, y, B )
(y must be new of course).
6.2. P-reduction The P-reductor is written in the form: A procedure with two parameters, A and B. A typical use of this procedure is e.g. if El
> E2 P
> B,where > represents a boolean P P
then A := E2 else ... .
If a P-reduction is applicable to A (so A = ( A l ) [z : A21 A3) then B becomes 1[z/A1]lA3, and the procedure identifier gets the value true. If A has the form ( A l ) A z , where A2 does not have an abstraction shape, so that no direct P-reduction is possible, then the procedure tries to reduce A2 with 0-and/or &reduction so as to obtain the form [x : A31 Ad. At that point the actual O-reduction can be carried out. 6.2.1. Procedure text 6.2.1.1. boolean procedure A > B;
P
expression A , B; comment if A is reducible by P-reduction, then P-reduct of A ;
B becomes the
A verifying program for Automath ( E l )
791
begin i f shape(A) = ( P )Q then begin boolean possible; possible := shape(Q) = [z : R]T ; i f not possible then begin boolean continue; continue := true; while continue do ?(begincase shape(Q) of begin ( R ) S : continue := Q > U
P
d ( C ) : continue := Q > U 6 otherwise : continue := f a l s e ; end; i f continue then begin Q := U ; possible := shape(Q) = [z : R]T; continue := not possible; end; end)?; end; i f possible then begin B := BOUNDSUBST(z, P,T); > := true;
4
end else end else
>
0
> P
:= f a l s e ;
:= false;
end: 6.3. greduction
The whole procedure runs under cnntrol of the boolean “eta reduction allowed”, which may be set or reset by the user. When reset (eta reduction allowed = f a l s e ) , the verificator can only use a-,P- and &reduction. Interestingly enough, in the Automath texts, checked so far, q-reduction has almost never been used. The 7-reductor is written in the same form as the P-reductor: A > B. 77 We have for A the following cases. (i) A = [z : P] (Q) R. (a) If Q
2 z then the procedure
first tries t o reduce (Q) R.
I. Zandleven
792
(b) If Q 2 z, but z occurs in R then the procedure first tries to remove z in R by reducing R. (c) If Q 2 z and z does not occur in R , then the 77-reduct ( B ) becomes R and > gets the value true.
77
(ii) A = [x : P ] Q , Q = d ( C ) or Q = [y : R] S. Now the procedure first tries to reduce Q, and afterwards tests if an 77reduction is possible. In either case if no 7-reduction is possible, the procedure identifier > gets the 77 value false. There appear two procedures in > , which must still be explained. 77 D Firstly there is the procedure = to declare as boolean procedure El Ez; where El and E2 are expressions. This procedure investigates whether El and E2 are definitionally equal, and is described in 8. Secondly there is the procedure OCCURS IN, which searches an expression for occurrences of a specific bound variable. This procedure is defined as follows. 6.3.1. Procedure text for OCCURS IN 6.3.1.1. boolean procedure z OCCURS IN E ; boundvar x; expression E ; OCCURS IN := case shape(E) of begin boundvar : x = E ; : 3, x OCCURS IN Ci d(C) ( A )B : x OCCURS IN A or x OCCURS IN B; [y : A] B : z OCCURS IN A or z OCCURS IN B; otherwise : false; end; 6.3.2.1. Procedure text for the 77-reductor 6.3.2.1.1. boolean procedure A > B;
77
expression A, B; comment if A is reducible by 77-reduction then B becomes the areduct of A; if eta reduction allowed then
A verifying program for Automath ( E l )
793
begin i f shape(A) = [x : P] Q then case shape(Q) of begin
D
( R ) T : i f x = R then i f not x OCCURS IN T then begin > *- t r u e ; B := T 77 *-
end else ? ( i f T 2 TI and not x OCCURS IN TI then begin > .- t r u e ; B := T
77
end else if Q
.-
> Q1 then := [z : P]Q1 $ B P e l s e > := f a l s e ) ? 77 e l s e i f Q > Q1 then > := [x : PI Q1 $ B P 77 e l s e > := f a l s e ; 77 d ( C ) : i f Q > Q1 then > := [x : P]Q1 $ B 6 77 e l s e > := f a l s e ; 77 [ x : R ] T : i f Q > Q ~ t h e n >:= [ z : P ] Q 1$ B 77 77 e l s e > := f a l s e ; 77 otherwise: > .- f a l s e ; end else end else
>
77
77
>
77
.-
:= f a l s e ;
:= f a l s e ;
6.3.2.2. The part between ?( and )? has not yet been implemented. Although such cases are easily constructed (e.g. [x : XI (z) f(z,y), where f(z,y) > y), 6 in practice this has never occurred up to now. 6.4. &reduction
The b-reductor is written in the same way as the P- and 77-reductor, and tries to perform a single &reduction on the presented expression. If the presented expression has shape d(C), the procedure takes the middle expression of the line where d is defined (= MIDDLE(d)) and replaces the free variables in it (i.e. the elements of INDSTR(d)) by the expressions of C.
I. Zandleven
794
6.4.1. Procedure text 6.4.1.1. boolean procedure A > B;
6
expression A, B; comment if A reducible by &reduction then B becomes the b-reduct of A . begin i f shape(A) = d(C) then i f d represeids a n abbreviation then begin > .- true; B := SUBST(INDSTR(d), C, MIDDLE(d)); end else else
>
end;
6
6 *-
> 6
:= f a l s e
:= f a l s e ;
7. C A T A N D D O M As pointed out in [ v a n Daalen 73 (A.3), 6.41, we need two functions, CAT and DOM, to compute mechanically the category (type) and the domain of an expression respectively.
7.1. The ‘Lmechanicaltype” function CAT is defined by induction on the length of the expressions as follows. Let B be a correct book and (i)
If
0
= z1 E 01,
0
a correct context
...,zn E an then CAT(zi)
:= a1.
(ii) If d is an abbreviation constant, defined in a line of B by d := A E B, with indicator string I , then CAT(d(C)) := I[I/C]l B. (iii) CAT((A) B) := if CAT(B) G [z : PI Q then I[zclAII Q else (A) CAT( B) (iv) CAT([z : A] B) := [z : A] CAT(B) CAT is not defined for variables with shape = boundvar (see 5.1), because in the verification process there is no need for it (9.5). Further CAT is not defined for 1-expressions, of course. It is easy to see that, if the argument for CAT is a correct expression, the outcome will again be correct.
A verifying program for Autornath ( E l )
795
7.2. The procedure text of CAT reflects the given definition completely.
7.2.1. express ion procedure CAT( E ) ; Expression E ; CAT := case shape(E) of begin variable : CATEGORY(E); d(C) : SUBST(INDSTR(d),C, CATEGORY(d)); ( A )B : if shape(CAT(B)) = [z : P]Q then BOUNDSUBST(z, A, Q) else ( A )CAT(B) [z : A] B : [z : A] CAT(B); otherwise : undefined; end; 7.3. The “mechanical domain” f u n c t i o n DOM
This procedure has to yield (where possible), for a given expression A, an expression a , such that F A E [z : a]p or F A = [z : a]/3. For expressions A of the form [z : B ] C , the computing of the domain is trivial: DOM(A) = B. If A is a variable, we may compute the domain of the category of A. More difficult is the case where A has the shape d ( C ) or the shape ( B )C
.
If we try to reduce A, we may end up with a PN (e.g.: d(C) 2 f(I’), f := PN). On the other hand, if we take the category of A by computing CAT(A), we may obtain type or [q, c q ] ... (z, a,] type. To deal with this probem we use the following strategy. At first CAT(A) is computed, and presented t o DOM (N.B. This is a recursive call, so possibly CAT(CAT(A)) is computed.) If DOM(CAT(A)) does not yield a domain at all, then a 6- or &reduction on A is carried out (if possible), and the reduct is again presented to DOM. Since only 1, 2 and 3-expressions are investigated, the whole process can be given by the following tree figure:
796
I . Zandleven
Figure 1 7.3.1. Procedure text 7.3.1.1. expression procedure DOM(A); expression A; case shape(A) of begin [ z : B]C : DOM := B; variable : DOM := DOM(CATEGORY(A)); d ( C ) ,( B )C : begin D := DOM(CAT(A)); if undefined (D)then if A > A1 then DOM := DOM(A1) 6 else if A > A1 then DOM := DOM(A1)
P
otherwise end;
else DOM := undefined else DOM := D end; : DOM := undefined;
8. DEFINITIONAL EQUALITY To verify the correctness of a given =-formula we will use the Church-Rosser theorem: if A = B then A 2 C 5 B for some C (see also [van Daalen 73 (A.,?), 6.3.11).
A verifying program for Automath ( E l )
797
D
This definition is the guide for the procedure = which we will introduce here.
D
8.1. Description of = The type of the procedure is boolean, and the identifier will be written in
D
infix notation, viz. A = B (in the same way as for
D
> > D’ 6
etc.).
Roughly speaking, in order to check A = B, the procedure tries to reduce A
D
and/or B until either the two expressions are identical or the decision A # B can be made. It is not always necessary for both complete expressions to be present during the whole reduction process. If, for example, A = d ( C l , C 2 , C 3 ) and B = d(C1, C4, C,) then the procedure needs only parts of both expressions, namely
D
and CQ,and will check C2 = E d . So, in general, the procedure uses recursive calls, applied to sub-expressions, following the monotonicity rules described in [ v a n Daalen 73 (A.3), 5.5.61. Recursive calls are also used for the reduction sequences. Firstly the p r e cedure tries, if necessary, to reduce one of the expressions A and B. Which is reduced is a matter of strategy. If one of the two expressions is reduced, one could continue the equality-check by using an iterative or a recursive method. A recursive method is chosen in order to make the algorithm more readable. C2
Example. If A = d(C) and B = ( P )Q then the procedure first tries to reduce B by P-reduction. If this succeeds, and the outcome is B1, then the definitional equality of A and B follows from that of A and B1.
D
Otherwise the procedure tries to reduce A to A1 (say) and checks A1 = B.
D
If this also fails, then the procedure identifier = gets the value f a l s e .
8.2. Type inclusion If we want to verify A E B , we check t- A and t- B, compute CAT(A) and
D
check CAT(A) = B ; so CAT(A) is the first parameter and B is the second parameter of the procedure call. D In order to accept type inclusion as well, we add a slight extension to =, namely:
D
[z : A] type = type
will be accepted as correct, but not
D
type = [z : A] type
.
I. Zandleven
798
The same holds for prop. So the procedure is no longer symmetrical for 1expressions. (Notice that calls are sometimes made with reversed order of the arguments D of =, but as one can see in the procedure text these cases can never refer to 1-expressions.) D Now the definition of = is exactly the same as that of E [van Daalen 73 (A.3), 61. 8.3. OLDER THAN
D D The procedure = needs, in one special case, namely d(C) = b ( r ) and d f b, the boolean procedure OLDER THAN, to decide which of d and b must be reduced. It seems a good strategy to start off by reducing the younger of the two, i.e. the constant which was the more recently, for in this way we have a chance of reducing it to the other. 8.3.1. boolean procedure d OLDER THAN b; def inedname d, b; comment OLDER THAN := the line in which b is defined, appears later in the book than the line in which d is defined;
D
8.4. Procedure text of = 8.4.1. D boolean procedure El = expression El, E2;
E2;
Q - ..case (shape(E1), shape(E2)) of begin (type, type) : true; (type, otherwise) : false; (prop, Prop) : true; (prop, otherwise) : false; (variable, variable) : El = E2
D
>
E22
then El =
Ez >
E22
then El =
E22
then El = E22 else f a l s e ;
(variable, d( C))
: i f E2
(variable, ( A )B )
: if
(variable, [z : A ] B )
: i f E2
(variable, otherwise)
: false;
6
P >
9
D
D
E22
else f a l s e ;
E22
else false;
A verifying program for Automath ( E l )
799
(boundvar, boundvar) : El = E2; (boundvar, otherwise) : consider (variable, shape(&)) : i f d = b then
SD
if c = else ? ( i f El
r thentrue
> Ell then 6
Ell
D
=
E2 e l s e f a l s e ) ?
else i f d OLDER THAN b then i f E2
D
>
E22
then El = E 2 2 e l s e f a l s e
>
El1
then Ell = E2 e l s e f a l s e ;
6
else i f El
6
D
> E22 t h e n El D = E22 e l s e P D El > Ell then El1 = E2 e l s e f a l s e ;
: i f E2
if
6
: i f E2
>rl
E22
D
t h e n El = E 2 2 e l s e
D Ell t h e n Ell = E2 e l s e f a l s e ; 6 : consider reverse (i.e. (shape(E2), shape(E1))) D D : i f A = C and B = D then t r u e i f El
>
else ? ( i f El i f E2
> P > P
D
El1
then El1 = E2 e l s e
E22
t h e n El = E 2 2 e l s e f a l s e ) ? ;
D
> Ell then Ell D = E2 e l s e P D E2 > E22 t h e n El = E22 e l s e f a l s e ;
: i f El
if
77
: consider reverse;
:
B D = D B =
:
D D i f A = C then B = BOUNDSUBST(y, z, D )
:
E2; E2;
else false; : consider reverse;
end;
I . Zandleven
800
8.4.2.
sz
boolean procedure expressionstring C1, C2;
C2;
D
SD
comment = is the string analogue of =;
sg := if C1
3
else C;
0 then Cz
s$
0
C, and E:
D
= Xi;
9. CORRECTNESS OF EXPRESSIONS (k) 9.1. Correctness of an expression is checked by the boolean procedure “I-”, operating on an expression (say E ) and the indicator string (say I ) belonging to E. A procedure call is written like I I- E. Mentioning I is necessary, on account of the free variables in E which must all appear in I . Two non-trivial cases arise: (1) If shape(E) = ( A ) B, then the “applicability” (let us say) of B to A has to be checked. D This is done by looking at: CAT(A) = DOM(B) (see also [van Daalen 73 (A.3), 6.4.2.31).
(2) If shape(E) = d(C) then : all Ci must be correct, firstly secondly : all Ci must have the correct categories. In the case 2 there is a difficulty: Let us consider the following book:
0*
Q
:=
EB;type.
*a *f
:=
EB; Q
:=
0*P
:=
P N ;type EB;type
Q
a
P * b := E B ; P b
*g
:=
f(P,b);type.
Now: ( P , b ) I- f ( P , b ) , nevertheless the string of types expected by f is not definitionally equal t o the string of given types:
A verifying program for Automath ( E l )
801
We may conclude that after checking the definitional equality of the first two a ) , the variable Q by categories, we have to replace, in the category string of (a,
0. This replacement (substitution) is, in a more general way, done by the procedure CORRECTCATS (see also [van Daalen 73 (A.3), 2.5 and 5.4.61).
9.2. boolean procedure CORRECTCATS(C, I ) ; expressionstring C, I ;
CORRECTCATS := if C = 8 then I = 8 else CORRECTCATS(C-, I-) and CAT@+)
SUBST(1-, C-,CAT(I+));
9.3. boolean procedure I I- E; expressionstring I ; expression E ; I- :=
case shape(E) of begin type : true; prop : true; variable : 3i(Ii E ) ; d(C) :I C and CORRECTCATS(C, INDSTR(d));
( A )B : I I- A and I I- B and CAT(A) DOM(B); [z : A] B : I I- A and ((I,.)) I- B; (see 9.5) otherwise : false; end;
9.4. boolean procedure I ks C; expressionstring I,C; comment FSis the string analogue of I-; i-* :=
if C E 8 then true else I Fs C- and I i- C+;
9.6. A comment on I I- [z : P] Q In this case, the checker, after checking I I- P , adds a “waste-line” to the book, of the form:
I. Zandleven
802
I
*
waste := E B ; P .
If we denote this new book by
B',then the checker checks the statement
B',( ( I ,waste)) I- I[z/waste]l Q . For this reason the correctness of a bound variable will never be asked for, and its CAT or DOM will never be computed. Only in D = can the shape boundvar occur.
10. THE CORRECTNESS OF LINES The checking for correctness of a n Automath line is now easy to describe in terms of already defined procedures:
10.1. boolean procedure CORRECT(L1NE); Automath line value LINE;
CORRECT := case form of the line is of begin
I I
I
* * *
N := E B ; E . : I t E ; N := P N ; El : I t - E ;
N := El ; E2 otherwise : false;
:
D I t - El and I t E2 and CAT(E1) =
E2;
end;
11. A PARAGRAPH SYSTEM As already mentioned in [wan Daalen 73 ( A . 3 ) , Section 2.161, the syntactical definition of AUT-68 (and AUT-QE) forces us to write mutually exclusive names (identifiers) for both variables and constants. This, of course, is very annoying to the writer of Automath. Therefore we have introduced a paragraph system. Each Automath text may be divided into sections, called paragraphs. A paragraph starts with:
+ paragraph name. and ends with: - paragraph name.
A verifying program for Automath ( E l )
803
In a paragraph one may write Automath lines and other paragraphs (sub- paragraphs). Finally the whole book is contained in one big paragraph, so all paragraphs occur nested. Behind the identifier of a given constant one may write a so-called paragraph reference, t o indicate in which paragraph this identifier has been defined. An identifier b with paragraph reference to (say) paragraph P, is written in the form: b"P1 - P2 - ... - P,", where P2 is a sub-paragraph of P I , P3 is a sub-paragraph of P2, ... , and P, is the paragraph in which b is actually defined. An identifier, not followed by a paragraph reference, refers to a constant or variable defined in the same paragraph, or, if not found there, in the paragraph, which contains that one, and so on.
Example. ( a := ... denotes a definition of a ... ( a )... denotes a reference to a ) line nr
book
1
p :=
2 3
... (p"A")... ... (p"B")...
reference to line nr
+ A. ... + B. + c.
no good reference ( p has not been defined in B ) . 5 6 7
p := ... ... ( p ) ... ... ( p " A - B - C")... ... (p"A")...
8
... ( p ) ...
4
- c.
- 4
4 1 1
- B. - A.
12. FINAL REMARKS 12.1. We repeat that the procedures given here form only an outline of the actual verifier. Many more parameters are passed through the procedures to avoid duplication, to control critical passages, to permit communication with the user and so on.
804
I . Zandleven
12.2. With regard to efficiency, improvements may be possible. For example, D parts of the strategy, implemented in =, are more or less arbitrary, although suggested by reflexion and practical work. Experience and research may lead to better strategies. Also the use of the features of [de Bruijn 726 (C.2)] may lead to a more efficient verifier. 12.3. We are pleased to say, in any event, that the verifier has been working satisfactorily up t o now. 12.4. An example of a text checked with the described verifier is found in [van Benthem Jutting 731.
805
Checking Landau’s “Grundlagen” in the Automath System Parts of Chapter 3 (Verification) L.S. van Benthem Jutting
CHAPTER 3. VERIFICATION
In this chapter the verification of the AUT-QE text is described. features of the program and the possibility of excerpting are discussed.
Some
3.0. Verification of the text
The verification of the AUT-QE translation of Landau’s book was executed on the Burroughs BG700 computer a t t h e Eindhoven University of Technology. T h e last page of the book was checked in September 1975. T h e whole book was checked in a final run on October 18, 1973. The verifying program was conceived by N.G. d e Bruijn and implemented by I. Zandleven. For a description of this program we refer t o [Zandleven 7,?( E l ) ] .Zandleven also provided the program with input and output facilities, and extended it with a conversational mode for on-line checking and correcting of texts. The verification took place in three stages: (i)
First t h e AUT-QE text was fed into the system on a teleprinter. At this stage the main syntactical structure of the text was analyzed. It was checked, for example, t h a t the format of the lines was as it should be, that the bracketing of t h e expressions was correct, and t h a t no unknown identifiers occurred.
(ii)
Secondly t h e AIJT-QE text was coded. At this stage t h e correct use of the context structure, t h e validity of variables, t h e correct use of the shorthand facility [van Daalen 7’+?(A.:?), 2.151 and of the paragraph reference system (cf. Appendix 2 [not in this Volume]),were checked.
(iii) I’inally t h e text was checked with respect to all clauses of the language definition. At this stage t h e degree [van Daalen 7.“3(-4.3), 2.31 and types of
L.S. van Benthem Jutting expressions were calculated. and the correctness of application expressions and constant expressions was checked. Vital for this is t h e verificatioii of the definitional equality of certain types (cf. [aan Daulen 7.”)(.4.:1). 2.101. [Zandleveii 7.3 ( E . l ) ] ) . Runs of the stages (ii) and (iii) generally claimed much of the computers (virtual) memory capacity (over GOO K bytes were needed for the program together with t h e coded text). In order t o avoid congestion in the multi-programming system it was therefore necessary t o have the program executed a t night ( a n d off-line). As Automath texts are checked relative t o correct books. a mechanical provisional debugging device for off-line checking was implemented. by which lines which were found incorrect could be tentatively repaired. E.g., when the middle part [van Daalen 73 (-4..1)?2.13.11 of a line was found incorrect. the debugging device changed it temporarily into I”, thus turning an abbreviation line into a I”-line. T h e line so “corrected” was then again checked, and. if it was found correct. t h e lines following could then be checked relative t o the “corrected” book. By this device i t was not necessary t o stop the checking immediately after the first error had been found. Another feature of t h e verifying program was added because o f t h e fact that proving expressions t o be incorrect (especially proving expressions to be not definitionally equal) is often more difficult and more time-consuniing than proving correctness. Therefore during off-line runs a parameter in the program (viz. the number of decision points, t o be explained in 3.1) has been limited, and lines were considered provisionally incorrect when this limit was exceeded. When the later chapters were checked, we reduced the demands on the coniputers memory capacity by abridging the book relative t o which the text was checked, in t h e following way: In t h e chapters which had already been found correct, t h e proofs of theorems and lemmas were omitted, and t h e final lines of these proofs (where t h e theorems and lemmas are asserted) were changed into I”-lines. Each time a chapter was completely checked (relative t o the book so abridged) it was abridged in its turn. Texts which are correct relative to t h e abridged book will be correct with respect to t h e unabridged book too. On the other hand, as in classical mathematics there is no reference t o proofs but only t o assertions, it is unlikely t h a t texts which are correct relative t o t h e unabridged book will be rejected relative t o t h e abridged book. In actual fact this did not occur. When a chapter, after several off-line runs of t h e program, was found t o be “nearly correct”, the final verification of that chapter took place on-line. In such a n on-line run the remaining errors could be immediately corrected. Moreover, correct lines could be verified, which had been provisionally rejected because t h e number of decision points during verification in off-line runs had exceeded t h e chosen limit. The verification of such complicated lines could be shortened
(:hecking Landau's %rundlageii", L'erification (E.2)
807
by directing (in conversational mode) t h e strategy for establishing definitional equality. After all chapters were verified in this way, the integral AUT-QE text (coniplete and unabridged) was checked during a final on-line run, which took 2 hours (real time). Of this time '12 minutes were spent on verification (not including t h e time needed for coding). In a table we list some d a t a on this final run, concerning verification time, number of performed reductions and memory occupied. hapter hapter
preliiniiiary text
,hapter
~
107.3
secoiids cr-red iictioiis
:Iiapter
~
:hapter
total
text
~
~
verilicatioii time
haplei
1 2 3 4a 5 4 __ __ __ - __ ~
~
143.1
301.2
342.4
405.7
813.1
406.9
2519.7
752 832 1111
1077 460 1318
1455 466 1873
1644 414 27'4
3393 2749 9290
1533 529 3151
10485 6014 20063 2 13433 215138
iii
631 564 596
d-red tictioiis 6-retluctioiis r/-red tictiona iir.
I I ~ .of
-
1
886 12155
1068 9388
of lines
expressions
~
1603 25792
-
~
2181 30327
2779 42067
-
2690 60450
~
2226 34959
Since one coded expression occuL es 30 ytes (mainly used for references t o subespressions), the total nieniory required for t h e coded book is about ti500 K bytes (= 52000 K bits). 3.1. Controlling the strategy of the program
In ordertoestablish definitional equality of two expressions, t h e verification system tries t o find another expression t o which both reduce. T h e choice of efficient reduction steps for this purpose is a matter of strategy ([ziari Daaleii 73 ( A . 3 ) , 6.1.11). The programmed strategy is described in [Zandlcven 73 (/?.I,)], Under this strategy it is possible that intermediate results are obtained which strongly suggest a negative answer t o the question of definitional equality, without definitely settling it. Suppose, for example, that a ( p ) = a ( q ) has t o be established. T h e programs strategy is t o ascertain that t h e constants a and a are idrntical and t o verify whether p = y. If this is not the case, there is a strong sugge\tion that u ( p ) and u ( q ) are not definitionally equal either, but this is yet uncertain. Tor example. they are definitionally equal relative t o the book
* * * *
p
:= :=
y x
:= :=
71
x * * : : =
I" I" I" P
Etype E 71 E ?I E 71 E 11
808
L.S. van Benthem Jutting
It is a matter of strategy how t o proceed in such cases. We may either apply &reduction (in which case the issue will be eventually settled) or we may try t o continue the verification process without using n ( p ) = a ( q ) . Such a situation is called a decision poii2t. In on-line runs the verifiration may be controlled here by t h e human operator. (Actually. in the situation sketched above, information will be supplied, and the question will appear whether 0reduction should be tried.) In off-line runs &reduction will be applied in order t o get a definite answer t o the question, and it will be checked t h a t the total number of decision points passed during the checking of a line does not exceed t h e chosen limit (cf. 3.0).
809
An Implementation of Substitution in a X-Calculus with Dependent Types L.S. van Benthem Jutting 1. INTRODUCTION In this paper we describe an implementation of substitution, which makes use of de Bruijn indices [de Brzlijn 72% (C.211 and of structure sharing (cf. [Wadsworth 711, [Boyer & Moore 721, [Curien 861). This implementation was designed by I. Zandleven about 1972. He used it in the verifying program for Automath, which has been running at Eindhoven for over 10 years. As it was never properly described we have thought it worth while to give a formal description and to prove that the implementation really satisfies its specifications. The implementation of substitution which we describe does not really carry out substitutions, but implements them by considering pairs consisting of an environment and an expression. The environment in such a pair gives a meaning to the free variables which occur in the expression. Substitution for a free variable (or for more free variables) is implemented by changing the environment. Such an implementation is of interest in situations where (like in Automath) the issue is not to normalize an expression, but t o decide whether two expressions are equal, i.e. whether they have a common reduct. In such a situation time as well as space is saved because there is no copying involved in substitution. We start our description by briefly explaining the structure of the system. We also explain the mechanism of relative addressing, known by now as the system of de Bruijn indices. Our system (and also Zandleven’s implementation) makes essential use of this mechanism. We think, however, that similar implementations using absolute addressing might be possible. Then, in Section 2, we give a formal definition of our system of name-free Xcalculus. We formally define single and multiple substitution, stating theorems about commuting these operations. In Section 3 we discuss the implementation of substitution by structure sharing. We define environments, operations upon environments and an interpretation function, mapping pairs ( A ,E ) , where A is an expression and E an environment, to expressions. We prove that our implementation is sound, i.e. that
810
L.S. van Benthem Jutting
the interpretation of ( A , E ) is really the result of the substitution we meant to implement in constructing E . We carry out this program first for multiple substitution, then for single substitution and finally for a combination of both. Then, in Section 4, we treat the implementation of typing. We define a typing operator in the original system, which associates a type t o certain expressions. We give theorems about the connections between typing and substitution. After that we describe in our implementation a corresponding operator which produces a type for the expression denoted by the pair ( A ,E ) (if this expression has a type) and we prove this function to behave as described. We omit proofs, all proofs being by simple induction on the structure of expressions, possibly making use of earlier theorems. Finally we make some concluding remarks in Section 5. In that section we discuss briefly the possibilities of the system and the environment in which it has been used.
1.1. Automath First we give a short description of the main aspects of Automath which are relevant to our discussion. The Automath system is a proof checking system, which can be used for checking large mathematical proofs. As such it can be used also in checking correctness proofs for designs of computer programs. For an introduction into Automath we refer to [ d e Bruajn 80 (A.5)] and [van Daalen 73 (A.3)]. Automath is a typed A-calculus with dependent types. We assume the basic notions of A-calculus, such as substitution and &reduction, to be well known. Incorporated in the system is the notion of definition: if A is an expression and if the free variables of A are among X I ,...,x, (where n 2 0) then we can define an n-ary constant a such that a(x1,...,2), stands for A . Now if B1, ...,B, are expressions then a(&, ...,B,) is an expression, which should be interpreted as the expression obtained from A by simultaneous substitution of Bi for xi (where 1 5 i 5 n). The operation of eliminating a definition, replacing a defined constant by its definiens is called &reduction. In our system it gives rise to the implementation of simultaneous substitution. It is convenient for our description to forget about the arity of constants by postulating them to have infinite arity. We will therefore consider in the following sections expressions of the form a(@ where B’ is an infinite sequence of expressions. As we have said, Automath is a typed A-calculus: terms are typed A-terms, variables are typed. When the variable x has type A this is denoted by x : A . If A , B and C are expressions, x is a variable, and if for x typed by A the type
An implementation of substitution (E.3)
811
of B is C , then the function Ax : A.B has type IIx : A.C (where B and C may depend upon z). We adopt the practice (which is common use in Automath) to denote both expressions Ax : A.B and IIx : A.C in the same way: by [z : A]B and [x : A]C. In Section 4 we come back to this point. The value of the function A for the argument B will be denoted by A { B } . (This conflicts with the habit in Automath to put the argument before the function.) Thus we get the following description of Automath expressions: We assume two disjoint infinite sets C and V to be given: C = {a, b, c, ...} is the set of constants,
V = {z, y, z , ...} is the set of variables. Now if x is a variable then x is an expression, if a is a constant and
B’ is a sequence of expressions then a ( @ is an expression,
if A and B are expressions, and x is a variable then [z : A]B is an expression, if A and B are expressions then A { B } is an expression. On these expressions we can define single and multiple substitution. Also a-conversion and P-reduction can be defined, and for constants which have definitions we can define &reduction (i.e. application of a definition).
1.2. de Bruijn indices When defining substitution formally the main problem is to avoid clash of variables. This is usually done by introducing “fresh” variables where needed. In our presentation we avoid clash of variables by using relative addressing (nameless variables or “de Bruijn indices” [ d e Bruzjn 7 2 b (C.2)]; see also [Berkling & Fehr 821). This concept is important both in Zandleven’s actual implementation of the Automath verifier and in our formal treatment of substitution and its implementation by environments. We will now give an informal description of this representation of variables. As an example we choose the expression
[u: x { z } ][u : [w: u]w] z { u } .
(1)
This expression should be considered relative to a “context”, that is a sequence of distinct variables, containing all its free variables. In this case the context could be
x,y,z, ... .
(2)
L.S. vm Benthem Jutting
812
We represent the expression (1) on its context (2) by a planar tree.
Figure 1 In this tree the nodes labelled ab and ap represent abstraction and, respectively, application. The bold unary dots represent the place where variables are bound, the letters labelling the leaves are the (free and bound) variables. Note that every letter which labels a leaf should be bound by a bold dot, its binder, which is situated either on its path to the root of the tree or in the context. Now we replace every letter at a leaf by a number, which indicates the number of bold (binding) dots which lie on the path t o its binder. Or, in other words, we replace every occurrence of a variable by the number of scopes in which it is contained, and which are strictly contained in its own scope. Doing so we get the tree of Figure 2. It will be clear that, if we identify &-equivalent expressions, the letters labelling the binders are now irrelevant. Forgetting about these we get the “nameless” expression
Note that in this representation of (1) the number 0 denotes the different variables z, u and w, while the variable u is represented by 0 as well as by 1. Let us analyze which numbers denote the same free variable in a tree. Suppose n is a number labelling a node in a (nameless) tree and let m be the number of bold dots on the path from this node to the root. It is clear that n denotes
An implementation of substitution (E.3)
813
Y' X.
Figure 2
a free variable iff n 2 m. We will call the number n - m the depth of n in the tree. And we see that two labels denote the same free variable if they have the same non-negative depth. In the example this is the case with the labels 2 and 4 (which both denote z ; in fact there are two dots on the path from 2 to z , viz. the dots x and 8 , and four dots on the path from 4 t o z , viz. v , u, x and y). Both labels 2 and 4 have depth 2. It is easy to make algorithms which translate ordinary name-carrying expressions into nameless ones and back (given a certain context and forgetting about a-equivalence).
2. NAME-FREE A-CALCULUS 2.1. The language The structure of the expressions and the use of de Bruijn indices have been explained in the previous section. We will now give a formal definition of the language, which is essentially the Automath language defined in Section 1, but uses de Bruijn indices instead of variables. In the following N denotes the set of natural numbers {0,1,2, ...}.
Definition. We assume an infinite set C = {a,b, c, ...} of constants to be given. Now the set L = { A , B, C, ...} of expressions is defined by
L.S. van Benthem Jutting
814
if x E JVthen x is an expression,
if a E C and B’ is a sequence of expressions then a(@ is a n expression, if A and B are expressions then ( [ A ]B ) is a n expression, 0 if A and B are expressions then A { B } is a n expression.
We will omit parentheses around [A]B when this does not present parsing problems. The natural numbers occurring in an expression will be called references. It has been explained in the introduction how references can be interpreted as nameless (free or bound) variables, and that references having the same nonnegative depth can be interpreted as denoting the same free variable. There is, however, no need for defining formally the concept of depth; it will be used only in informal comments. 2.2. Operations 2.1.1. Updating When we substitute an expression A for the free variables in B with depth n we should add n to the references representing free variables of A in order t o preserve their original depth in the result of substitution. The corresponding updating operator is denoted by ug. When we are updating the expression A in this way we do not want the references denoting bound variables to be updated. If, for example, A is the expression [C]D then references in D with depth 0 should remain unchanged, and other references should be updated. Therefore we need operators u; (for every k E N ) which increase the references in A with depth k or more by n. This gives ug as a special case.
Definition.
uEA{B} = uEA{uEB]
u;E.a(A) = a(u;EA).
0
Remarks. In the last clause of this definition we have used @A, which is meant to denote the sequence of expressions obtained from A’ by applying UE
An implementation of substitution (E.3)
815
t o each item. It is possible, of course, to define this concept formally, but this would give rise to an extra clause in our definition. For brevity the present notation has been chosen in all definitions. The second clause of the definition is justified by the fact that references with depth k + 1 or more in B correspond to references in [A]B with depth k or more.
2.2.2. Single substitution We now define the operation s$ of single substitution. s$ A denotes the result of substituting C for the references in A with depth k . The variable denoted by the depth k in A is supposed to disappear from the context. Therefore the references with greater depth are decreased by 1.
Definition. s$ x
x $ [ A ]B
ifx
("
s $ A { B } = s$ A { s$ B }
s$a(A)
= a(s$A) .
0
Remark. The system defined here, with the operations u; and s$, is similar to the A-calculus treated in [Curien 861. 2.2.3. Multiple substitution We define the operation d$ of multiple substitution. That we use the symbol "d" to denote this operation suggests that its main use is in applying definitions (or, in Automath jargon, in &reduction). d$ A denotes the result of substituting C1, Cz, ... for the references in A with depth simultaneously the expressions CO, 0,1,2, ... respectively. We do not want the references denoting bound variables the operation d$ denoting in A to be changed. Therefore we need for k E simultaneous substitution for those references in A which have depth k or more.
Definition.
d$[A]B = [d2A]dF1B
L.S. van Benthem Jutting
816
d$A{B} = d$A{d$B}
dia(A)
= a(d$A) .
0
2.3. Theorems The following theorems treat the properties and relations of the operations defined above. Proofs proceed by easy induction on the structure of the expressions. For some theorems we give an intuitive justification.
Theorem 2.1. if 15 k 5 1 + m
0
ifk>l+m
Theorem 2.2. if 1 5 k
< 1+ m
if k 2 I + m
Theorem 2.3. 5kS1
c
D
-
1
k+l
- 5s;-1D5~
ifkzl
Remark. Theorem 2.3 corresponds to a well-known result on ordinary substitution: Sg S$ A = S:gD Sg A provided x $ y and x is not free in C
0
Theorem 2.4.
Remark. Theorem 2.4 can be understood as follows. Suppose k 2 1. Then, if we apply u r to an expression A, the references in A with depth 2 k are increased by m (together with all other references in A with depth 2 1 ) and become references with depth 2 k m. When we subsequently substitute the expressions 6 for these references, then they are updated with Uk+m , as may be seen in the definition in 2.2.3.
+
An implementation of substitution (E.3)
If, on the other hand, we first substitute
817
6 for
the references with depth
2 k, then the substitution will occur at the corresponding places in A and the
expressions 6 are updated with ut. When we afterwards apply u r , all references with depth 2 1 (which now includes all outside references in 6) are increased by m, which gives the same result. Now suppose k 5 1. If we substitute c' for the references in A with depth 2 k then there are no references left originating from A itself with depth 2 1. Moreover, all expressions in 6 are now updated by u/j. If we subsequently apply this will affect precisely those references in the expressions from c' which had depth 5 1 - k before substitution. Therefore we can reverse the order, beginning 0 with updating c' and doing the substitution afterwards.
ur
Theorem 2.5a.
Theorem 2.5b. ifk>1
Theorem 2.6.
Remark. Theorem 2.6 corresponds to a well-known result on multiple substitution: S< S< A = s C D
; ~A
c provided all free variables in A which are among y' are also among 2
. 0
3. THE IMPLEMENTATION OF SUBSTITUTION
In this section we describe the implementation of substitution by structure sharing. This implementation is used in the Automath verifying program, and has been designed by I. Zandleven. In order to code substitution without really carrying it out (i.e. without constructing new expressions by copying existing expressions) we use environments.
L.S. van Benthem Jutting
818
Expressions can be interpreted with respect to such environments, and the interpretation will be an expression, which we will prove to be the intended result of substitution. By coding substitution in this way the amount of memory space required and the time for carrying out substitutions will decrease, while the time needed for comparison of expressions might increase. We will give in this section mathematical definitions of environments and of the interpretation function and state a theorem that these definitions meet the requirements formulated above. In order to make our description clear we will treat first multiple substitution, then single substitution, and finally the combination of both.
3.1. Multiple substitution In this section we define environments for multiple substitution, called d-
environments. The name suggests that these environments are used when 6reduction (i.e. application of definitions) is performed. We will also define two operations on these environments.
Definition. A d-environment A is a finite sequence of functions A l , A2, ...,Ah, where Ai : N -+ C for 1 5 i 5 k and k E N . The number k will be called the 0 length of A. Let us first explain informally what we intend to picture by such a d-environment. Suppose A is a d-environment of length 1. If we interpret an expression A with respect to A we intend that the free references in A with depth i shall be interpreted to denote the value of the function A1 at i. We could picture this in a diagram as follows:
Figure 3 If we want to interpret an expression A on a longer d-environment A of length k , say, then we think of the free references of A as pointing into &, but an expression &(i) should now be interpreted with respect to the d-environment
An implementation of substitution (E.3)
A l l Az, ...,& - I .
819
This situation is illustrated in the following diagram.
Figure 4 Note that a d-environment might be an empty sequence. The interpretation of an expression A on the empty d-environment is A itself.
3.1.1. Multiple substitution The operation 66 (where c' is a sequence of expressions) is called multiple substitution (because it codes multiple substitution). Its effect is to extend a d-environment with the sequence c'. Deflnition. Let A = A l l ...)Ak be a d-environment. Then 66A = A l l &+I where Ak+l(i) = c, for i E N .
Ahr 0
3.1.2. Cutting The operation y cuts the last segment from a (non-empty) d-environment. Deflnition. Let A = A I ~ . . . ~beA a~ d-environment, and k 2 1. Then 0 YA = All ...l Ak-1. 3.1.3. Interpretation We now define the interpretation ("on depth n") of an expression A with respect to a d-environment A. The definition formalizes our intentions as explained above. The parameter n for the depth is needed for interpreting the bound variables in A. It is intended that the interpretation of A is the result
L.S. van Benthem Jutting
820
of a certain multiple substitution for all free variables of A . Because nothing should be substituted for the bound references in A , these references should be unchanged by interpretation. In the definition recursion is used on the length of A and on A.
Deflnition. Let A = Al, ...,Ak be a d-environment.
We derive two theorems concerning this interpretation. Theorem 3.2 shows us that the interpretation which we have defined has the property we wanted, i.e. that d-environments indeed code multiple substitution.
Theorem 3.1. If1 5 n then
I(uf"A, A, n
+ m) = uf"I ( A ,A, n) .
0
Theorem 3.2.
I ( A ,6eA, n) = dz* A where
c'.= I ( C ,A, 0) .
0
3.2. Single substitution
Now we define another kind of environments, called s-environments, which code single substitution (as is suggested by the "s" in their name). Deflnition. An s-environment is a partial function C : N a finite domain.
+
(L x N ) with 0
Let us explain the intended interpretation of an expression A with respect to an s-environment C. A reference in A with non-negative depth k (which represents a free variable in A ) is intended to denote a variable (i.e. a reference) if k $Z dom(C). If k E dom(C) then this tells us that an expression has been
An implementation of substitution (E.3)
82 1
substituted for k . If C ( k ) is the pair [C,nl then C has been substituted, or rather the interpretation of C with respect t o the prepart of the original environment, which starts n places before the place k of C. We illustrate this in another diagram.
depth = 1
environment for C
C(2) Figure 5
The need for such a construction can be seen when we consider the expression
“A1
PI C ){ D ) {El
where A , B , C, D and E are expressions. We want to consider the interpretation of this expression with respect to a certain s-environment C, and to apply preduction. Let us draw a diagram of this initial situation.
environment C
Figure 6
So we consider the p-redex ([A] [B]C) { D } on the same environment. I t will be clear that its reduct should be represented by the expression [B]C interpreted on the environment C extended by D (where D should also be interpreted on C). The situation is pictured in Figure 7. Its interpretation is the result of substitution of D (or, rather, the interpretation of D ) for the free references of depth 0 in [BIG‘. Now we can reduce again by applying this expression to El i.e. by substituting E for the references with depth 0 in C. But E should be interpreted with respect to the original environment C, and we can indicate this by putting E into the environment with index 1, which will bring about that references in E will be considered as pointing beyond D. The situation is sketched again in the diagram of Figure 8.
L.S. vitn Benthem Jutting
822
.
0
0
.
0
,
cnvironmcnt C
Figure 7
.
.
.
.
*J
environincnt C
Flm
Figure 8 Both D and E are now interpreted with respect t o the original environment C, while references with depth 0 from C point to E and references with depth 1 point to D. Now let us look at the intended interpretation of a reference which does not point into the domain of C. We have seen that references are shifted when a substitution is made for a smaller reference (cf. Definition 2.2.2, the clause concerning s$ z where z > k ) . This indicates that the interpretation of a reference with depth z should be obtained from z by subtracting the number of elements of dom(C) which are below z. Therefore we give the following definition.
Definition. z m o d C := z - #{y
E dom(C) Iy < z} .
0
Then the intended interpretation of a reference with depth z not pointing into dom(C) will be z mod C. On s-environments we define three operations. 3.2.1. Substitution The operation 0 6 , ~ (called substitution because it codes (single) substitution), extends the domain of an s-environment to k, and associates to k as value
An implementation of substitution (E.3)
823
the pair [C,n1. (As has been explained above “n” indicates that C should be interpreted with respect to a shorter s-environment.)
Definition. If k @‘ dom(C) then (g&
C ) ( k )= YCl n1
(g&C)(i) = C(i)
if i E dom(C) .
0
3.2.2. Extension The operation E is called extension because it codes extension of a context with another free variable. Its effect is that the domain of the s-environment is shifted. Definition.
( & C ) (+ i 1) = C ( i )
if i E dom(C)
.
0
3.2.3. Cutting The operation yn, called cutting, codes the removing of variables from the context. Its effect is that the domain of the s-environment is shifted, and possibly becomes smaller. Definition. (yJ)(h)
= C(i
+ n)
if i
+ n E dom(C) .
0
3.2.4. Interpretation With the help of the operations on s-environments defined above we can describe the interpretation of an expression with respect to an s-environment C. As we have seen, the interpretation of a reference with depth x which does not point into dom(C) will be x mod C, which is x minus the number of elements of dom(C) which are smaller than x. First we state some properties of 2 mod C. Clearly the function Xz.(x mod C) is increasing. Moreover we have: Theorem 3.3. If.
$ dom(C) then
xrnodC=(a:+l)modC-l.
0
L.S. van Benthern Jutting
824
The following three theorems show us what the relation is between the three operations defined on C and the value of x mod C.
Theorem 3.4.
x mod C xmodC-1
x mod 0 5 , C~ =
ifx
0 '
Theorem 3.5. xmodEC = (x - 1)modC
+1
0
I
Theorem 3.6. xmodykC=(x+k)modC-IcmodC.
0
Now we will define the interpretation of an expression A with respect to an s-environment C. We use recursion on dom(C) and A . Definition. I(x,C)
=
{
(s+k+l)modC
uo
I ( B ,yz+k+l C)
x mod C
if C(5) = [ B ,k] if x
dom(C)
0
We derive two theorems concerning this interpretation. Theorem 3.8 shows us that the interpretation which we have defined has the property we wanted, i.e. that s-environments indeed code single substitution.
Theorem 3.7.
I(u; A , E~ C) = u;""~' I ( A ,E' yn C) .
0
Corollary 3.7. I(u$ A , C) = u$"'OdC
I ( A ,^In C) .
0
An implementation of substitution (E.3)
Theorem 3.8.
Zf IF
825
@ dom(C) then
Z(A, &, C) = s;YodE Z(A, C) where
c*= U t m o d Y k + l C I(c,Yk+n+l c)
0
3.3. Combination of d-environments and s-environments Now we will combine the techniques described in the previous sections. For doing this we define another kind of environments, which we will call c-enuironments. Here “c” indicates that these environments combine the possibilities of d-environments and s-environments.
Definition. A c-environment is a partial function I? on if with a finite do0 main, and with values in (N --t C) U (C x N ) . The values N + C denote segments of a d-environment, the values in C x N denote values of an s-environment. Let us first sketch the intended interpretation of an expression A with respect to such a combined environment I?. As an example we present the following diagram.
.---
E I
Figure 9
As the diagram suggests, references from A are considered to point either into the first d-environment segment of I? or before that segment. In order to
L.S. van Benthem Jutting
826
picture the intended environments for C, D and E in the situation sketched above we look at the following diagram.
depth = 3
dcpth
=
0
~ ~ ) * j depth
<
=
7
environmcnt for C
.
- * , 1 environment for D
4
meJ
cnvironrncnt for E
1
Figure 10 As may be seen in the diagram, the environments for C and D are obtained by counting back 1 place and 6 places, respectively, just as in the case of an s-environment. The expressions in a d-environment segment, such as E , have as their environment that part of r which lies to the left of the segment. For a c-environment r we define the place of its first d-environment segment. Definition.
a(r)= min { I
E dom(r) I
r(I)E N
+
C} .
Remarks. The minimum is considered to be infinite if the set is empty. For the c-environment in the example above a(r)= 4.
0
0
On c-environments we (re)define the four operations: multiple and single substitution, extension and cutting. 3.3.1. Multiple substitution The c-environment gets a &segment
Definition. If 1
>k
c' at k .
for all 1 E d o m ( r ) then
(a$r)(k) = C (6$r)(i) = r(i)
if i E dom(r)
.
An implementation of substitution (E.3)
827
3.3.2. Single subst it ut ion The domain of the c-environment is extended to Ic, and its value at k is a pair [C,n1. As earlier the “n” indicates that C should be interpreted with respect to a shorter c-environment. Definition. If Ic $ dom(r) then
(4,n r ) ( k ) = [C, n1 if i E dom(r)
(o&F)(i) = r
0
3.3.3. Extension The c-environment is extended (as was previously done with s-environments). The domain of the environment is shifted.
Definition.
(Er)(i+ 1) = r ( i )
if i E dorn(r) .
0
3.3.4. Cutting From the c-environment the last n entries are cut.
Definition.
+
( T J ) ( i ) = r(i n)
if i
+ n E dom(r)
0
3.3.5. Interpret at ion The interpretation of a reference with depth z representing a free variable with respect to a c-environment l? is comparable to its interpretation on an senvironment C. Therefore we define again for z E N the possible interpretation z mod r as follows. Definition. z mod
I < Z} .
:= z - # {y E dom(r) y
0
As before, it is clear that the function X z . ( z m o d r ) is increasing. Also the analogous theorems hold.
L.S. van Benthem Jutting
828
Theorem 3.9. If x fZ dom(r) then x m o d r = (x
+ 1)m o d r - 1 .
Theorem 3.10. xmod6;r
=
x mod r xmodr- 1
ifxsk ifx>k
'
Theorem 3.11. x mod C
r=
T ~ , ~
x mod r xmodr - 1
ifxsk ifx>k
0 '
Theorem 3.12. x mod T k r = (x
+ k ) mod l- - k mod
.
0
Theorem 3.13. zmod&r=(x-l)modr+l
0
Now we will define the interpretation of an expression A with respect to a c-environment I?. We use induction on dorn(r) and A.
The following theorems hold. Theorems 3.15 and 3.16 show that the implementation is sound, coding single as well as multiple substitution.
An implementation of substitution (E.3)
Theorem 3.14. I f n
829
< a(r)then
I ( u ; A , e k r ) = u ; " " ~ ~ I ( A , E ~. ~ ~ I ' ) Corollary 3.14. I f n
< a(r)then
I ( u E A , r )= u ~ m o d r I ( A , ~ n. r ) Theorem 3.15. I f 1 > k for all 1 E dom(r) then
I(A,6; I?) = d'& A where
c*= I ( 6 ,yk+l r) .
Theorem 3.16. Zfk g' dom(r) then
I(A, where
~ 5I?) =, s~
$
I ( A~, I?)
~
c*= U0n m o d Y k + l r I ( c , Yk+n+l r) .
~
~
0
4. TYPING In this section we discuss the way in which certain expressions are typed. First we describe the typing of Automath expressions with named variables. Then we will define the typing of expressions in the name-free A-calculus L defined in Section 2. We will also state some theorems giving the relation between typing, updating and substitution. Finally we will indicate how to find a type for an expression which should be interpreted on a c-environment. And we will state a theorem to the effect that the type found in this way is really the type of the interpreted expression. We start by discussing types in Automath. Consider the expressions A , B and C and the variable x. We have remarked before that, if for x typed by A the type of B is C , then the function Ax : A.B has type IIx : A.C (where B and C may depend upon x). When we apply this function to a n argument D (of type A ) we get a value in SE C, that is the type C, where D is substituted for x. We could also describe this type by saying that it is the co-ordinate indexed by D of the product IIx : A . C . We use, as before, the notation F { D } for the value of the function F at the argument D , and we introduce here locally the notation P ( D ) for that coordinate of the product P which is indexed by D. Then we conclude that if F has type P then F { D } has type P ( D ) .
830
L.S. van Benthem Jutting
Moreover (Xz : A.B) { D } @reduces to Ss B , and also (Hz : A.C) ( D ) preduces to S g C . We see that the product constructor II together with coordinate selection ( ) have the same behaviour with respect to substitution and P-reduction as the functional abstractor X together with application { }. This is the reason for identifying them in our exposition (as is common use in Automath): Hz : A.B and Xz : A.B are both denoted by [z : A]B , and A { B } as well as A ( B )will be denoted by A { B } . Then, if the type of A is C , the type of A { B } will be C { B } . Now, as we are interested here in syntactical issues only, we will not treat the concept of correctness of expressions. We will, however, introduce a typing operator 7, such that for correct expressions A which have a type, it holds that A is of type 7 ( A ) . Let us first consider the proper Automath case, where all constants have a finite arity. We assume that for certain constants a their types are given; i.e. we presuppose a function 0 which associates to certain expressions a(.') a type (i.e. an expression). Here .'is a finite sequence of distinct variables and its length is the arity of a. This sequence should contain all free variables in the type @(a(Z)).We assume also that the notion of simultaneous substitution has been properly defined. If Z is a sequence of distinct variables and l? a sequence of expressions, and if these sequences have the same length, then S; A will denote the result of simultaneous substitution of the expressions for the variables .' in A. The typing operator 7 (which is a partial operator because not all constants have a type) is now defined as follows:
B'
Let A be an expression, let (a be a function associating a type (an expression) to every free variable of A. Now if A is a variable z then 7 ( A ,(a) = (a(z), if A is a(@ and a(.') in dom(@) then 7 ( A ,(a) = S$ @(a(.')), if A is [z : B]C then 7 ( A ,(a) = [z : B]7 ( C ,a*) (where @* is obtained from (a by changing its value at z t o B ) , if A is B {C} then 7 ( A ,@) = 7 ( B ,@){ C } .
Remark. This typing operator corresponds to the one described in [Nederpelt 73 (C.3)],as far as abstraction and application are concerned. The description of various typing operators for defined expressions a(@ can be found in [van 0 Daalen S O ] .
831
An implementation of substitution (E.3)
4.1. Typing in name-free A-calculus; contexts Now we discuss typing in the name-free A-calculus C in Section 2. Expressions will be expressions in L. In particular constants are considered to have infinite arity and sequences of expressions are infinite. For typing such expressions we need types for constants and variables, just as in the case described above. Therefore we assume two functions to be given: a possibly partial function 0 : C + C and a total function @ : N
+C
.
The latter, which gives us the types of variables, will be called a context. The expressions of such a context, i.e. the values @(i), are expressions which may contain free variables (i.e. references). These references should be considered as being typed relative to the prepart of @. More precisely: the type of a reference k 1). with depth k in @(i) must be taken to be @(i We define two operations upon contexts.
+ +
4.1.1. Extension For a context @ we denote by E A @ the extension of @ by an expression A . The consequence is that references with depth 0 in the new context will have type A , while references with depth i > 0 will have the type which was originally the type of a reference with depth i - 1.
4.1.2. Cutting If @ is a context then -yn @ denotes the result of cutting from @ a segment of length n. Hence 71 is the left inverse to E A . Definition.
(m@)(i)
= @(i
+ n)
0
4.1.3. The typing operator We now a.ssume the (partial) function 0 : C + C, which gives the types of constants, to be given and fixed. We define for an expression A and a context @ the type of A relative to @, to be denoted by t ( A , a).
L.S. van Benthem Jutting
832
0
Remark. The update u;" in the first clause of this definition ensures that the type which is defined can be considered relative to the same context as the points to a prepart of (a preexpression which is typed. The expression (a(.) ceding z, as has been indicated above. 4.2. Theorems The following theorems hold for the relation between typing, updating and substitution. The theorems have been formulated so as to make the proofs (by induction) straightforward. The interesting properties are contained in the corollaries.
Theorem 4.1.
Corollary 4.1.
t(uE A, (a) = UE t ( A ,"ln (a) .
Theorem 4.2. If
t(C,(a) = D then
An implementation of substitution (E.3)
833
Corollary 4.2. If
t ( C , @= ) D then
t ( s $ A , @ )= & t ( A , ~ g @ ) .
0
Corollary 4.3. If
t(ci,a) = GI&+’ @(i)
for i E N
then t(d$ A, @) = d$ t ( A ,a) .
0
Remark. For typing to commute with multiple substitution, it is necessary that this substitution is, in some sense, correct. More precisely: it is needed that the type of the expression which is substituted for a reference of depth k is equal to the type of that reference. We have seen, however, that the type of a reference may itself contain free references. Now the substitution operator indicates substitution for all free variables, and therefore the correctness requirement regards the types of the variables with the substitution carried out. The situation resembles the requirement of “fitting of strings into contexts” in Automath languages (cf. [van Daalen 801 and [van Daalen 73 (A.311). 4.3. Typing of expressions in a c-environment In order to describe typing in a c-environment we need, just as above, a (possibly partial) function 0 : C + C describing the typing of constants. This function is implicit in the following. We also need a description of the types of free variables (i.e. references). In our representation we will not give these types explicitly by a function @ : N + C, as we did above, but we will code the types in such a way that they can be retrieved using the c-environment. Let us consider an expression A on a c-environment r. We picture the situation in the following diagram.
L.S. van Benthem Jutting
834
Figure 11 We denote the complement of d o m ( r ) by Fr. As we have explained in Section 3, references from A to Fr denote free references. In the diagram we have indicated that a reference to 1 from A denotes 0, a reference to 3 denotes 1. References from A to 5 are possible only via a reference into dom(P), e.g. by a reference into r ( 4 ) . In this case it will denote a reference 2, etc. Generally a reference t o a number x in F ( r ) will denote z m o d r . We have written down all these interpretations next to the dots which represent the elements of Fr. Looking at these interpretations, we see that they could be considered as an order preserving map from Fr onto n/. We will denote this map by vr and its inverse by $r. Clearly $r is an order preserving enumeration of Fp. Now, as references to Fr should be interpreted as free variables, we choose to code the types of those free variables as a function with domain Fr. We will put the type of the free reference with depth i on the place $ r ( i ) . But we will not put there the type itself of the free reference, but an expression which codes this type, and which should be interpreted itself relative to the environment r. This leads us to the following description. We suppose a function '$ : Fr + C to be given. We will interpret this function as coding the context @ which gives the types of the variables. That is: we will define the "interpretation" U ( Q ,I') of Q with respect to r and this interpretation will be @.
Definition. Let i E N then
U(XP,r)(i)= I ( @ ( j ) , y j + l r ' )
where j = $r(i)
.
0
An implementation of substitution (33.3)
835
It turns out to be necessary to define what is the influence on @ when the environment r is cut or extended. This is done in the following definitions. In the case of extension the type of the extra variable should be given of course.
Definition. (&A
w)(o)
= A if i E dom(9)
( & ~ 9 ) (1)i += Q ( i )
.
Definition. (%) @(i) = @(i
+ n)
if i
+ n E dom(9) .
For these operations the following theorems hold.
Now we define the type T ( A ,I?, 9) of the expression A with respect to the c-environment I' and the function 9 (which codes the types of the free references in A ) .
836
L.S. van Benthem Jutting
4.4. The theorem on typing
We finish this description by stating the following theorem
Theorem 4.6. Let r be a c-environment and Q a function on Fr as described above, then we have:
5. CONCLUSIONS
The main conclusion which can be drawn from the description we have given is that the implementation of substitution we described is sound. It codes substitution without ever copying a given expression and as a consequence it is cheap both in execution time and in memory space, as far as pure substitution is concerned. In comparing expressions it might be slower than systems which use copying. We may add that it has been implemented and tried out extensively in the Automath checker, which has been used in Eindhoven since 1974. The system can be used to implement P-reduction, 77-reduction and so-called &reduction (i.e. application of definitions). Various strategies for deciding convertibility of typed expressions can be implemented using the system. Our description and also the implementation have made essential use of the concept of “de Bruijn indices”, that is of relative addressing of variables. We think, however, that similar implementations using absolute addressing might be possible. A remarkable feature of the system is the difference which is made between single and multiple substitution, as single substitution could be considered as a special case of multiple substitution. The main reason for the distinction is that, when multiple substitution is applied, it is never required to consider the terms which are substituted on a “shorter” environment, as in the case described in Section 3.2. Therefore we would burden multiple substitution with superfluous administration if we tried to incorporate single substitution as a special case. Looking back on the description it can be remarked that it uses the natural numbers for coding various tree-like structures. The advantage of this choice is that formal proofs of our theorems are possible, the disadvantage is that the intuitive background of our definitions is not as clear as might be possible in another presentation. This disadvantage is most obvious in Section 4. We have tried to compensate for it by giving informal explanations for our definitions.
An implementation of substitution (E.3)
837
Finally we situate this implementation into Landin’s SECD machine (for a reference see e.g. [Glaser et al. 841) in order to make clear what its status is. In fact our system is mainly a possible implementation of the E-part of that machine. The rest of the Automath checker has not been discussed here and is rather different from Landin’s machine, and also from the reduction machine for BRL (see [Berkling & Fehr 821)’ CATAR (see [Curien 861) and other functional programming languages. The reason is that the aims of these languages differ somewhat from those of the Automath checker: the latter aims at deciding convertibility of pairs of typed A-expressions, preferably without normalizing them, while Landin’s machine and similar A-calculus machines aim at normalization. Nevertheless our implementation of substitution could be used also for normalizing expressions.
ACKNOWLEDGEMENTS The incentive for writing this paper came from G. Huet and T. Coquand, who asked me (in 1986) how substitution was implemented in the Automath verifier. Of course the paper could not have been written without I. Zandleven who invented (and implemented) the system. I want to thank Rob Wieringa for many valuable comments which helped me in presenting my ideas, for patiently listening to many expositions and for invaluable technical support in preparing the text. Paul Gorissen and Frans Kruseman Aretz spent much effort in reading the manuscript and suggested major improvements in the presentation.
This Page Intentionally Left Blank
PART F Related Topics
This Page Intentionally Left Blank
841
Set Theory with Type Restrictions N.G. de Bruijn
1. It has been stated and it has been believed throughout this century that set theory is the basis of all mathematics. Usually (but not always) people think of the Cantor set theory, with some formalization like the one of Zermelo-F’raenkel. It describes a universe of things called sets, and everything discussed in mathematics is somehow interpreted in this universe. 2. It seems, however, that there is a revolt. Some people have begun to dislike the doctrine “everything is a set”, just at the moment that educational modernizers have pushed set theory even into kindergarten. It is not unthinkable that this educational innovation is one of the things that make others try to get rid of set theory’s grip for absolute power. Mostowski is reputed to have claimed a counterexample by declaring “I am not a set”. At the present state of science it seems to be impossible to find out whether this statement is true or false. Anyway, there is no safe ground for saying that everything is a set. Let us try to be more modest and say: “very many things can be coded as sets”. For example, Beethoven’s 9-th symphony can be coded as a set. But the coding is quite arbitrary, and we are not sure that nothing gets lost in the coding. To quote a more mathematical example: Gauss’ construction of the regular 17-gon may be interpretable as a set, but again such an interpretation is quite arbitrary and does not seem to be illuminating. An expression like “the intersection of the set of even integers with the set of all constructions of the 17-gon” makes sense only after the codings have been stated. Sets have become a very important part of our language. Until 1950 many rigorous texts on mathematical analysis were written with little or no use of the language and notation of sets. This has changed considerably, but quite often the change is very superficial. It is superficial as long as it is nothing but a translation from predicates to sets. One of the reasons for this translation may be that there is a vague opinion that a set is a mathematical object and a predicate is not. Accordingly, it is felt that someone who makes assumptions and proves theorems about predicates is a logician and not a mathematician.
N.G. de Bruijn Nevertheless, there still remains a tremendous use for sets in mathematics. Sets are here to stay, and we have to ask what kind of set theory we should adhere to. The question which set theory is the true set theory, is not a true question, of course. It is all a matter of taste: relevant things are whether a theory is beautiful, economic, powerful, easy t o manipulate, natural, easy to explain, etc. The fact that the Cantor-Zermelo-Fraenkel theory is interesting, correct, rich and deep, does not imply that it is necessarily the tool that should be available for every mathematician’s use. It has some disadvantages too. One is that it makes the foundation of mathematics rather hard for the non-specialist. We have the sad situation that late in the 20th century the average ordinary mathematician has rather vague ideas about the foundation of his science. Another unpopular feature in Cantor set theory is the admission of z E z, which seems t o be rather far away from possible interpretations. 3. The natural, intuitive way to think of a set, is to collect things that belong to a class or type given beforehand. In this way one can try to get theories that stay quite close t o their interpretations, that exclude z E z and are yet rich enough for everyday mathematics. Some of these theories may exclude large parts of the interesting, funny paradise of Cantor’s set theory which has been explored by so many expert mathematicians. For a survey of various type theories we refer to [Fraenkel et al. 581. 4. In this paper we shall try to make a plea for a kind of type theory where the
use of types is very similar to the rBle of types in cases where the objects t o be discussed are not sets. Let us first note that natural languages are confusing when dealing with types. The word “is,’ is used for too many things. We say “5 is a number”, “5 is the sum of 1 and 5”, “5 is the sum of two squares”. It is only in the first sentence that “is” can refer to a type. We shall use the symbol E for this: 5 E number. We shall call such a formula a typing. 5. We think of a type theory where the type of an object is unique. If A E B then B is completely determined by A . This seems to drift us away from the idea that B is something like a set and that A is a member of B, and we have to be careful not to confuse the typing symbol E with the membership symbol E , although there is a conceptual similarity.
We of course run into circumstances where we want to say that our number 5 is also a complex number: 5 E complex number. We have t o make the distinction between the real number 5 and the complex number 5 in order to maintain that in A E E the B is completely determined by A . It is a bit awkward, we have to talk a great deal about identification and embedding (but in de Cantor-
Set theory with type restrictions (F.1)
a43
Zermelo-Fraenkel theory this is not any better). Yet it should be done; let us not forget that most mathematicians would hesitate to identify the real number 5 with the 2 x 2 matrix
(
), and the latter situation is really not
very
much different from the one with the complex numbers.
6. Let us first explain some other cases where E plays a r8le. If B is a theorem and if A is a proof for B, then we can write A E B. The theorem can have several proofs, but a proof proves just one theorem. Another example: Let B be a statement of constructibility of some geometrical figure that can be constructed by means of ruler and compass, and let A be a description of one of the constructions. We again write A E B. There can be several different A’s t o a given B , but if the construction A is given, there is no doubt about what it constructs. A third example: Let A be a computer program and let B be a description of what the execution of the program achieves (i.e., A describes the syntax and B the semantics). In all these cases the A’s and B’s may depend on several variables (of certain types), and the results A E B may be transformed into other results A’ E B’ by means of substitution. Moreover, in all these cases there is a possibility to introduce a name for a thing in B if we do not actually have that thing. There are two ways for this. (i) The thing can be introduced as something primitive and fixed. For example Peano’s first axiom says that there is a natural number t o be denoted by 1, and nothing is assumed about it at that stage. An example with a different interpretation is that B is a proposition and we say that its truth is assumed, i.e. that B is an axiom. From then on, B plays the same r61e as a theorem: we act as if we have a proof, i.e. we have something E B that we do not wish to describe. Let us now look at the case of geometrical constructions. We want t o express that the possibility t o connect the distinct points P and Q by a straight line is a primitive construction, i.e. a construction that cannot be described in terms of simpler constructions. That is, we act as if we have a fixed thing E B, where B is a statement of constructibility. (ii) The thing can be introduced as a variable. Its validity is restricted to a piece of text (a “block”) that is opened by the introduction of the variable; that is why we call it a block opener. The variable is introduced by stating its type: if its name is z, we write something to the effect of “let z E B”. If B is a type like “number”, “point”, then this phrase “let z E B” sounds quite familiar. If B is a statement, however, we may interpret the phrase “let x E B” as “assume that B is true”. That is, we act as if we have a proof for B. (This is not the same thing as the introduction of B as an axiom:
844
N.G. de Bruijn “let x E B” does not reach beyond the block opened by x, and secondly, we can substitute A for x if we later get any proof A for B.) There is a slightly unfamiliar feature: most mathematicians have not got used to giving names to proofs, and here we give names even to would-be-proofs.
7. The parallels between the various interpretations of typings are very strong indeed. The mechanism of substitution is the same for the various interpretations, and actually the various interpretations are happily intermingled. Everything that is said in mathematics is said in a certain context. That context consists of a string of variables (block openers), each one having been introduced as a thing of a certain type. The type of the second variable may depend on the first variable, etc. In such a string some of the variables have to be interpreted as conventional mathematical objects (like numbers, points), others as wouldbe-proofs for assumptions. The linguistic treatment makes no difference as to the interpretations. 8 . The above characteristics are the common root of the mathematical languages of the Automath family [ d e Bruzjn 70a (A.2)]. The definitions of these
languages hardly contain anything on logic or on the foundation of mathematics. Notions like “truth” , “theorem”, “proof”, “set”, “definition”, “and”, “implies”, “inference rule” are either things that can be explained by means of the language (like any other piece of mathematical material) or else they are only meant to emphasize pieces of text to a reader who likes to have a feeling for motivation. To mention an example: a definition, an abbreviation and a theorem have the same linguistic form. It would not be necessary to distinguish between these three, if it were not for the fact that “readability” has something to do with the relation to conventional modes of expressing mathematics. The languages of the Automath family have the property that books written in these languages can be checked for syntactic correctness by means of a computer. We emphasize that syntactic correctness guarantees that the interpretations of the text are correct mathematics. Note that various sets of the typing symbol E can occur on one and the same piece of text, and therefore we can pursue a kind of unification of mathematical theories. It is not the right place t o go into a complete exposition of these languages, but one thing should be made clear; just as they admit to introduce objects of a given type, and to build new objects by means of old ones, it is equally possible to introduce new types (by way of variables or of primitive notions) and to build new types in terms of old. For this purpose we create the extra symbol type and we write things like “number E type”, “let B E type”, etc. 9. Having such type languages available as relatively simple tools, we are in-
Set theory with type restrictions (F.1)
845
duced to base mathematics on a type theory where types can be constructed as abundantly as other mathematical objects, i.e., where types may depend on parameters, are defined under certain assumptions only, where types can be introduced as variables or as primitive notions.
10. There are various ways to do set theory in such a system. One possibility is that we take a primitive type called SET, and from then on, we write A E SET for every A which we want to consider as a set. We can write the complete Cantor-Zermelo-Fraenkel theory this way. The relations A E B, A C B are relations that have a meaning whenever A E SET and B E SET. There is not the slightest danger to confuse E and E. The E is a relational symbol just like any other; it does not occur in the language definition. There is a second, entirely different way, that implements set theory with types, in the sense of the “5 E number” mentioned before. Now the symbol E means something like E. If B is a type, and if P is a predicate on B , we form the set S of all A with A E B for which P ( A ) is true. So sets in B correspond to predicates on B. We write S C B , and we define E by saying that A E S means P ( A ) . Quite often we like to consider S as a new temporary universe, i.e. we wish to have A E S in the form of a formula with an E. To that end we create a type called OWNTYPE(B,P ) and a one-to-one mapping of that type onto S. Some of this work can be simplified by special notation we shall not develop here; such notation can be used both for ordinary and for automated reading. 11. In order to work with the predicates mentioned in the previous section, we want some kind of typed lambda calculus. It is roughly this. If B is a type, and if for every x E B we have a formula of the form A(z) E C(z), then we want t o write [z : B]A(z) E [z : B]C ( x )
The left-hand side is the function that sends x into A ( z ) , defined for all x E B ; the conventional notation in non-typed lambda calculus is X,A(x). The righthand side is slightly unconventional; in the case that C(z) does not depend on z one may think of the class of all mappings that send B into C. This kind of lambda calculus is part of the language definition, independently of the mathematical axioms we are going to write in our books. So there is a primitive idea of mapping available before sets are discussed. In particular, predicates are such mappings, so if sets are introduced by means of predicates, they already require the lambda calculus. Later, one can show that the concept of a mapping as a subset in a Cartesian product is equivalent to the notion of mapping provided by the lambda calculus.
846
N.G. de Bruijn
12. Cantor produced his paradise by means of linguistic constructions. (This created considerable controversies in his time, since he did not specify his language.) Now let us see what we get by linguistic constructions in our typed set theory. Assume we introduce (by means of an axiom) the type N of all natural numbers (and we take a set of axioms like Peano’s). Then we have, whether we want it or not, subscribed to N N , to N”, etc., since the lambda calculus prescribes that we accept the type of all mappings of N into N , etc. However, it seems (we use the phrase “it seems” since no formal proof has been given thus far) that we cannot form something of the strength of the union
The reason is not that we would not allow ourselves to form the union of a countable number of types. That will be provided, anyway, by an axiom we would not like to live without. The reason is that we are unable to index the sets of the sequence (1) in our language. The indexing we want is N1 = N , N2 = ”1, N3 = ” 2 , ... , and this is in terms of our metalanguage, since it requires a discussion of something like the length of a formula. This is a little detail Cantor never made any trouble about. The fact that the union (1) is “inaccessible” does not mean that bigger types are forbidden. After all, we can just start saying “let B be any type (i.e. B E type)” and we can make assumptions about B that cannot be satisfied by the types N , N N ,... . The world where we have N , N N ,... , but where (1) is L‘inaccessible’’,is a world most mathematicians will doubtlessly find big enough to live in. For those who want to have a bigger world, where they cannot be troubled by people asking for interpretations, there is a simple way out: they just take a type SET and provide it with Zermelo-Fraenkel axioms. If they want to have the picture complete, they will not find it hard to embed the types N , N N ,... into a small portion of their paradise.
13. Having discarded the idea that every mathematical object is a set, we should be careful not to fall into the next trap. We might like to say that a mathematical object is either some B with B E type or an A with A E B (where B E type). However, the situation can be more complex than this. Let us consider the notion “group” that occurs in the sentence “let G be a group”. What we want t o say is something like this: assume we have a type A , that we have in A a set B , that in B we have a multiplication rule, that the multiplication is associative, etc. The object we want to handle can be denoted by a string of identifiers 2 1 , ...,xk, where 11 E A l l 2 2 E A2, ...,x k E Ak, but where A2 may depend on 2 1 , A3 on X I and 2 2 , etc. It is not as if the string A1, ...,Ak were something type-like, and 51,...,xk were something chosen in it. Accordingly, we
Set theory with type restrictions ( F . l )
847
cannot write let “G be a group” as a single typing “G E group”. We can of course create, by means of a set of axioms, a new type “group”, but that is a poor remedy: we cannot afford to adopt axioms for every new notion we like to introduce.
14. In Section 10 we compared two different ways to talk about sets by means of typings. The choice between the two has a more general aspect; viz. the question whether we shall or shall not aim at minimal use of typings. The word “minimal” refers to the number of different uses of the typing symbol. In order to say what we mean, we describe a kind of minimal system that seems t o be in the spirit of basing mathematics on Zermelo-Fraenkel set theory. In the first place we use typings ...E SET (as in Section 10). Secondly we create a type called BOOL, and we use “ AE BOOL” in order to express that A is a proposition. Finally, for every X with X E BOOL we create a type called TRUE(X), and we use the typing P E T R U E ( X )for expressing that P is a proof for the truth of X . In this minimal system, the use of typings of the form ...E type is restricted to the above-mentioned three instances right at the beginning of the book of mathematics. The author thinks that talking mathematics in such a minimal system is not always the natural thing to do. There is much to be said for a more liberal use of typings, where typings of the form ...E t y p e are used throughout the book. Let us consider the geometrical constructions mentioned in Section 6. It seems natural to use A E B for saying that A describes a construction and that B says what has been constructed. Let us say that we have created, for every point P , a type CONSTR(P). Hence statement A E B has the form A E CONSTR(P). If we want to phrase this in our minimal system, we get something as follows. The point is a set ( P E S E T) , and so is some coded form A* of A (A* E SET). We form a proposition q(P,A*) (so q(P,A*) E BOOL) that says that A* is a construction for P. Finally we need a proof S for this proposition, whence we write S E TRUE(q(P,A*))
for what was A E CONSTR(P) in the liberal system. In the latter case it is not necessary t o provide a proof corresponding to S, since the type of A can be determined by a simple algorithm. This example shows two advantages of liberal use of typings: one is that many unnatural codings can be suppressed, the other one is that a higher degree of automation can be achieved. Yet there are many other advantages of which we mention two: (i) We are neither forced nor forbidden to introduce the types SET, BOOL and TRUE(X); (ii) There is a possibility that one and the same piece of text gives rise to various pieces of standard mathematics, just by the use of different interpretations.
This Page Intentionally Left Blank
849
Formalization of Constructivity in Automath N.G. de Bruijn
1. INTRODUCTION There are various systems in which a large part of mathematical activity is formalized. The general effect of the activity of putting mathematics into such a system is what one might call the unification of mathematics: different parts of mathematics which used to be cultivated separately get united, and methods available in one part get an influence in other parts. Very typical for twentieth century mathematics is the unifying force of the concepts of set theory. And today one might say that the language of mathematics is the one of the theory of sets combined with predicate logic, even though one might disagree about the exact foundation one should give to these two. Not everyone thinks of set theory and logic as being parts of a single formal system. Set theory deals with objects, and logic deals with proofs, and these two are usually considered as of a different nature. Nevertheless, there are possibilities to treat these two different things in a common system in a way that handles analogous situations analogously indeed. A system that goes very far in treating objects and proofs alike, is the Automath system (see [ d e Bruajn 80 ( A . 5 ) ] ) . In Automath there are expressions on three different levels, called degrees. Each expression of degree 3 has a “type” that is of degree 2, and each expression of degree 2 has a type of degree 1. Expressions of degree 1 do not have a type. There are two basic expressions of degree 1, viz. type and prop. The word type should not be confused with the word type used more or less colloquially when saying that each expression of degree 2 or 3 has a type. We denote typing by a colon. If A has B as its type, we write A : B. So we can have
A : B : type and also C : D : prop
.
The interpretation of (1) is that A is the name of an object (like the number 3), and that B is the name of the class from which that object is taken (it might be
850
N.G. de Bruijn
a symbol for the set of integers). The interpretation of (2) is that C is a name for a proof, and that D somehow represents the statement that is proved by C. The main profit we have from this way of describing proofs and objects is the matter of substitutivity. If we have described an object depending on a number of parameters, that description can be used under different circumstances by means of substitution: we replace the formal parameters by explicit expressions. The same technique is applicable to theorems: a theorem is intended for many applications, and such applications can be effectuated by substitution. The conditions of the theorem are modified by these substitutions too. If we study the matter more closely, we see that some of the parameters are object-like, and othere are proof-like. The substitution machinery is the same for both. All this is effectively implemented in the Automath system.
2. ORIENTATION ON GEOMETRICAL CONSTRUCTIONS On the fringe of mathematics there are mathematical activities which seem to be of a kind that does not fit into the pattern of objects and proofs. One such thing is the matter of geometrical constructions, a subject that goes back to Greek mathematics. A construction is neither an object nor a proof, but constructions are discussed along with geometrical objects, and along with proofs that show that the constructions construct indeed what is claimed to be constructed. Since these geometrical constructions can also admit substitution for formal parameters, there is a case for creating facilities which handle a new kind of things along with objects and proofs. So we can think of a system that handles objects, proofs and geometrical constructions in more or less the same way. If we think of geometrical constructions, there is a peculiarity that may not arise easily with other kinds of constructions: it is the matter of observability. Let us study a particular example in order to stress this point. Let there be given four points A , B, C and D in the plane. We assume that A , B and C are not on a line. Let M be the centre of the circle through A , B and C. We wish to construct the point P that is defined as follows. P is obtained from D by multiplication, with A4 as the multiplication center, and multiplication factor 1, 2 or 3. The factor is 1 if D lies inside the circle, 2 if D lies on the circle, and 3 if D lies outside the circle. If we want to carry out the construction of P , we have to know whether we are allowed to observe what the position of D with respect to the circle is. In particular this problem comes up for the practical question what should happen if there is insufficient precision for concluding whether D is inside or outside. If we think of a construction with actual physical means like paper, pencil,
Formalization of constructivity in Automath (F.2)
851
ruler and compass, then the case of D lying exactly on the circle is, of course, undecidable. The above construction problem may seem to be very artificial, but yet its main characteristic turns up in very many geometrical constructions: it is the fact that, at some point of the construction the result of some observation will decide the further course of the construction. An example where this will happen is the case of geometrical constructions that have to be carried out inside a given finite part of the plane. The naive approach t o observability may be formulated as the slogan “truth is observable’’ (see Section 4). Other possibilities will be sketched in Sections 8-10. A further thing one might like to formalize is selectability: one wants to be able to select a n object from a set of objects one has constructed. For example, a construction of the intersection of two circles may produce two points, and we may wish to be able to “take one of them”. In this case such a selection principle is not indispensable: one might describe the effect of the construction of the intersection as giving a labelled “first point” and a labelled “second point”. But there is a stronger reason for implementing a selection principle: so often we have to “take an arbitrary point” at some stage of a construction. It should be noted that in such cases the final result of the entire construction does not depend on the particular point that was taken. In Section 5 we come back to this, in particular to the matter of the difference between “giving” and “taking” arbitrary points. A description of all these features is possible in Automath. We have various options for doing it. The way we present this matter is necessarily arbitrary. It is certainly not the intention of this note to give a particular basis for geometrical construction theory. The only thing that will be attempted is to provide a framework into which such a basis might be placed. If we formalize a thing like constructability we of course dislike t o do it in the style of classical logic. We do not want to consider constructability of a point as a proposition in the ordinary sense. We do not want to admit arguments where we get a contradiction from the assumption that the point P is not constructable, and then conclude the constructability of P. Therefore we want to put constructability (and the same thing might apply to observability and selectability) in a framework of positive logic, where we have no negation at all. In fact we can be even more restrictive, and refrain from introducing the ordinary logical connectives (like A , V, +) for this logic. The only thing we want to do is to register statements about constructability, observability and selectability (possibly provided with a number of parameters), and to keep them available for later use.
852
N.G. de Bruijn
We can provide facilities for such a positive logic in Automath by adding a new expression of degree 1, to be called pprop (the first p stands for “positive”). For this pprop we shall not proclaim any logical axioms, and we shall not introduce the notion of negation. Moreover, we do not feel the need to have abstraction in the world of pprop. That is, if u: pprop we shall not take abstractors [x:u] like we would have in cases with prop or type. Accordingly, in this pprop world we shall not consider application (..) ... either. That means: we take pprop entirely in the style of PAL (see [de Bruzj’n 80 ( A . 5 ) ] ) . There is a case for doing something similar in the world of type. Let us create a new expression of degree 1, to be called ctype (the ‘c’ stands for ‘construction’, since we intend to use it in the world of constructions). The difference between ctype and type is similar to the difference between pprop and prop. In ctype we intend to be free from all the assumptions that might have been made about type. In particular we shall not necessarily implement set-theoretical notions. And we shall not even introduce the notion of equality. That is, if a : C : ctype and b : C : ctype, then we will not introduce the equality of a and b as a proposition. Moreover, we shall treat ctype entirely in the style of PAL: no application and no abstraction. For a description of Automath versions where various sets of rules apply to various expressions of degree 1, we refer to [de Bruijn 74al. It has to be admitted that geometry is not the easiest example for the study of constructions. It is not so much the fact that the geometrical universes like planes, spaces, are uncountable. The most troublesome thing is neither that in the geometrical plane there is no fixed origin and no fixed direction. The real course of trouble is that there are so many situations where we have to except some of the cases. If we want to say that points p and q have just one connecting line we have to exclude the case p = q. Such things cause a steady flow of exceptions, which even has distorted the meaning of the word “arbitrary”. In past centuries the word “arbitrary” often had the meaning: “arbitrary, but avoiding some obvious exceptions”, and these exceptions were usually unspecified. If one took an arbitrary point and an arbitrary line then the point should not be so arbitrary t o lie accidentally on the line! A full description of all these exceptions has the tendency to make geometrical construction theory unattractive. Yet there is still another source of irritation: so often we have to split into cases (two circles may have 0, 1 or 2 points of intersection), and these situations might pile up to an entangled mess. Nevertheless we may be grateful t o geometry for having confronted us with the notion of constructability. What we have learned from geometry might be applied t o other areas. Computer science might be one of them. Observability, as a formal element in geometrical construction theory, was considered by D. Kijne [Kijne 621. That paper also attempts a formal treatment
Formalization of constructivity in Automath (F.2)
853
of selectability (with selection from finite sets only), and considers “giving arbitrary points” by means of a kind of algebraical adjunction operation.
3. THE BASIS OF FORMAL GEOMETRY
Before we discuss a formal basis for geometrical constructions we have to say what “formal geometry” or more generally, formal mathematics is. Here we are not concerned about the contents of formal geometry, but just about the spirit in which it is written. We may assume that it is written in an Automath book, using the full power of typed lambda calculus. And that it is written in a setting of logic and set theory, the details of which are still open to discussion. One might or might not take the rules of classical logic (e.g. in the form of the double negation law), and we might differ in taking or not taking a thing like the axiom of choice. Such distinctions hardly influence the spirit in which geometry is presented. They might influence the content, i.e. the set of all provable geometrical statements (but it should be remarked that there are areas of mathematics which are much more susceptible to foundational differences than classical geometry seems to be). Just to give an idea of the spirit, we give a small piece of Hilbert’s axiomatization of geometry. Hilbert starts with: there are things we call points and there are things we call lines (in Hilbert’s system the notion of a line is not presented as a special kind of point set). In Automath we say this by creating primitive types “line” and “point”. These types are undefined, just introduced as primitive notions (PN’s). As a primitive we also have the notion “incidence” of a point and a line. Next we can express axioms like: if two points are different, then there is exactly one line incident to both points. Something should be said about “different”. We take it that our geometry text is written in a mathematics book in which for any two objects a, b of type A there is a proposition that expresses equality of a and b, and that for any proposition we can form the negation. In this way the fact that a and b are different can be expressed in Automath by means of NOT(IS(A, a, b ) ) . But in order to keep this paper readable we shall just write a # b instead of this. We now give a piece of Automath text that can be considered as the start of a Hilbert-style geometry book (we display our Automath texts in a flag-andflagpole format: the block openers are written on flags, and the poles indicate their range of validity).
N.G. de Bruijn
854
point := PN : type line := PN : type
I
p : point
m : line
q : point
ax1 := P N : incident(p, conn) ax2 := PN : incident(q, conn)
m : line
I
ax3 := P N : m =conn So if p , q are points, and m is a line, then incident(p,m) is a proposition; if pr is a proof of p # q then conn(p,q,pr) is the connecting line of p and q . In Axioms 1 and 2 we have expressed that this line is incident to p and q, in axiom 3 it is stated that if a line m is incident to both p and q then m is equal to the connecting line. Although the above fragment is still a meagre piece of geometry it is hoped that it shows the spirit of a formalization. We shall refer to such a presentation of geometry as 0.
4. A NAIVE APPROACH TO OBSERVABILITY
What we shall call the naive approach is expressed by the slogan “Truth is Observable”. Let us explain what this means by mentioning two cases. In the first case we use knowledge obtained from geometrical theory 0 in order t o prove that some object we have to construct is already in our possession. We do not bother whether that proof is L‘constructive’’or not: truth is just truth. One might find this a poor example, since within the sope of usual geometrical theories and usual constructions it seems that “non-constructive” proofs can
Formalization of constructivity in Automath (F.2)
855
always be replaced by very constructive ones, but it is easy to imagine fields where the situation is different. In the second case we have a construction that started from a point that was chosen arbitrarily. At some stage of the construction we have a point P and a circle c, and subsequently our course of actions is depending on whether P lies inside c, outside c or on c. The naive point of view says that on the basis of the theory in G we have exactly one of the three alternatives. We can observe which one of the three occurs, and we act accordingly. In Sections 6 and 7 we offer two different implementations for the naive point of view.
5. TAKING ARBITRARY OBJECTS Before going on, we have to make it clear that there are two entirely different situations where in traditional geometry it was said that an arbitrary object (like a point) was taken. Let us call these situations V and S, (these letters abbreviate “data” and “selection”). If we think of a problem where a teacher requires a pupil to construct something, then 2) is the case where the data have been chosen arbitrarily by the teacher. On the other hand, S is the case where the pupil, in the course of the construction, selects some point arbitrarily. Quite often the final result does not depend on the particular point that was chosen, but there may be other cases. It may happen that the final result itself has a kind of arbitrariness. An example: given points A , B and C, not on a line, construct a point inside the triangle formed by A, B and C. In the opinion of the pupil, the points taken in situation 2) are not called “arbitrary”: they are called “given” or possibly “arbitrarily given”. The pupil has no freedom in case V . In the S-case, however, the pupil is completely free, and the teacher has no say in the matter. In a formal presentation like in Automath the difference between V and S is very pronounced. 2) is effectuated by means of the introduction of a new variable, S is implemented by means of a primitive notion (PN). We shall show this in detail in Section 6 and 7. There is something about the PN-implementation of the S-situation that might be felt as strange. If we describe a construction by such a PN, then we select exactly the same point if we are requested to do the construction a second time. If the second time we would insist on selecting a point that is actually different from the one chosen the first time, then we have to do this on the basis of some new selection principle, of course. But if we just want to take a point again, without any restriction as t o its being different from or equal to the first one, our P N provides us with the same point we had before. This means that we
N.G. de Bruijn
856
get more information than we intended to have. Nevertheless, such information cannot possibly do any harm. What shall we do about this weirdness of the PN-implementation? Shall we invent unpopular remedies in order to cure a completely harmless disease? Let us not prescribe a definite attitude in this, and admit that there are several ways to live with the situation. Either we leave the harmless disease for what it is, or we take one of the remedies. Let us mention two remedies. The first one is to take a notion of time t , and adhere a value o f t to every construction step. The arbitrarily selected points will depend on t. If we have to repeat the construction some other day, t has a different value, so nothing is known about the selected point in comparison to the one selected the previous day. As a second remedy we suggest to implement arbitrary selection not by an axiom but by some axiom scheme. The scheme proclaims the right to create as many copies of the axiom as one might wish, each time with a different identifier. We leave it at these scanty remarks. The author’s opinion is that unless we invent a much simpler cure, we’d better learn to live with the harmless disease.
6. FIRST IMPLEMENTATION OF THE NAIVE POINT OF VIEW We have to express in some way or other that some of our mathematical objects have been constructed. This can be thought of as a property of those objects, but for reasons sketched in Section 2 we prefer to take this property as a pprop rather than as a prop. We shall create, for every type X and for every z of type X, the expression have(X,z) with have(X,z) : pprop. In particular we can abbreviate have(point,z) t o havep(z) and have(line,z) to havel(z). (Since we use “have” for points and lines only, one might think of taking just “havep” and “havel” as primitives, without taking “have” for general types.) We now give some Automath text. It is supposed to be added to a book that contains geometrical theory G (see Section 3) already. First we introduce “have”, and abbreviations “havep” and “havel”.
I I
have := PN : pprop
Formalization of constructivity in Automath (F.2)
I
857
havep := have(point,u) : pprop
v : line have(line,v) : pprop Next we display how we take an arbitrary object in the sense of the D-situation of Section 5 (“given objects”). In order to talk about a given point we need two block openers, expressing (i) that u is a point, and (ii) that havep(u) holds; inside that context the point u can be considered as given. We shall now express: if u and v are given points and if u # v then we can construct the line connecting u and v. According to our naive point of view the condition that u and v are different is simply expressed in the terminology of 9.
I
u :point
J
-1
ass11 : havep(u)
v : point
1
Next we describe a case of “taking arbitrary points” in the S-situation of Section 5. We express that if m is a given line then we are able to take a point not on m (we use the identifier “up” to suggest “arbitrary point”).
I
m : line
I
ass14 : havel(m)
I
up := PN : point az12 := PN : NOT(incident(ap, m ) ) ax13 := PN : havep(ap)
N.G. de Bruijn
858
These pieces of text display the form in which the basic constructions are introduced. If we want to describe a more complicated construction, we mention the relevant objects one by one, in the order of the construction, and each time we express that we “have” them. We give a (still very simple) example.
assl6:p#q
1
L1 := conn(p, q, assl6) : line H1 := a z l l ( p , assl4, q, assl5, assl6) : havel( L1) P1 := ap(L1, H1) : point : NOT(incident(P1, L l ) ) N i l := az12(L1, H1) H2 := az13(L1, H1) : havep(P1) Here L1 is an abbrevation for the line connecting p and q; H1 can be used as a reference for the fact that we actually have that line. P1 is the result of the construction, N i l assures us that P1 does not lie on L1, and H 2 assures us that we actually have P1. Altogether the text line with identifier P1, Nil, H1 represent the “derived construction’’ expressing that if p and q are given different points then we can take a point P1 such that p , q, P1 are not on one line. This derived construction can be applied later without referring to how it came about. It can be constructed as a kind of “subroutine”. The example of a derived construction we gave here is ridiculously simple, of course. Yet the pattern is the same as in more complicated cases. It shows the old idea of subroutines, which existed in constructive geometry many centuries before it came up in computer programming.
7. SECOND IMPLEMENTATION OF THE NAIVE POINT OF VIEW In the second implementation we take a construction plane which we conceive as being different from the geometrical plane. We might think of the original geometrical plane as abstract, and the construction plane as concrete, consisting
Formalization of constructivity in Automath (F.2)
859
of a piece of paper we can draw on. But, of course, our construction plane is still abstract: it is a mathematical model of a concrete plane. The objects in the constructed plane will be called cpoints and clines. In the back of our minds we think of a one-to-one mapping between the two planes: every cpoint has a point as its companion, and every cline has a line as its companion. Yet we shall not express all of this in our mathematical formalism. We shall just talk about a mapping (to be called semp) of cpoints to points and a mapping (to be called seml) of clines to lines. The reason for this reticence lies in the interpretation. If p l is a point, and if we are able to name a cpoint cpl that is mapped t o p l in our mapping, then for us this means that we “have” p l . We do not want to say that every point in the geometrical plane is a point we “have” just by being able to express that point mathematically. Therefore we do not want to be able to express the inverse mapping. Related to this reticence is the fact that we do not want to be able to discuss equality of two cpoints. Such equality has to be discussed for the companion points in the geometrical plane. And we do not want to admit as mathematical objects things like “the set of all cpoints” with some prescribed property. We achieve these restrictions by putting “cpoint” and “cline” into ctype, which is a world without equality, without set theory, without quantification. As a consequence we do not have constructability questions in our theory. A statement: “the point P is not constructable with ruler and compass” will not be a proposition in our Automath book. If we would be able to quantify over the construction plane we would be able to express that ‘‘there is no cpoint that is mapped onto P” and that would express the non-existence of the construction. Constructability questions belong to the meta-theory. They express that something “cannot be obtained on the basis of the PN’s displayed thus far”, and we cannot say such things in Automath itself. What we call our second implementation starts with the introduction of cpoint, cline and the mappings semp and semf. The latter abbreviations suggest the word “semantics”: we might say that the geometrical plane forms the semantics of the construction plane. If P is a cpoint then semp(P) is its semantics. Off we go: cpoint cline
:= PN : ctype
:= PN : ctype
1
c p : point
I
1
semp := PN : point
N . G . de Bruijn
860
I
I
cl : cline
1
semi:= PN : line
In order to take an arbitrary point in the construction plane, a single block opener “x : cpoint” plays the role of the pair “U : point”, “ass11 : havep(u)” of the first implementation. We show this with the fundamental construction that connects two points: x : cpoint
cconn := PN : cline ax21 := PN : seml(cconn) = conn(semp(x), semp(y), ass21) The fact that cconn is the line we are looking for, is expressed (in ax21) by means of equality in 4. If we have to take an arbitrary point in the S-situation we again get one PN less than in the corresponding case of Section 6. In order to express that, we can take a point outside a line, we write cm : cline := PN : cpoint ax22 := PN : NOT(incident(semp(acp),seml(cm)))
We also show the text corresponding t o the one with P1, N i l , H2 in Section 6: p : cpoint
:
Ni2 := ax22(CL1) N i 3 := ...
cpoint
: NOT(incident(semp(CPl),seml(CLl)))
: NOT(incident(semp(CPl),
conn(semp(p),semp(q) 1 ass221))
Formalization of constructivity in Automath (F.2)
861
We have not displayed the proof N i 3 . It will depend on applying general axioms about equality, and will make use of N i 2 and ax21. Passages like the one from N i 2 to N i 3 might be superfluous in many cases, since it is practical to keep the discussion as long as possible in the construction plane. To that end we might copy notions from E to the construction plane. The simplest example is
7 x : cpoint
cincident := incident(semp(z),seml(y)) : prop
8. RESTRICTED OBSERVABILITY In Sections 4, 6, 7 we described the naive point of view, where every truth in the geometrical theory is considered to be “observable”. Observability has its meaning in the process of taking decisions about the course of our constructions. Let us describe two different motives for restricting observability. One is practical, the other one is fundamentalistic. We shall discuss these in Section 9 and 10, respectively.
9. PRACTICAL RESTRICTIONS ON OBSERVABILITY The practical point of view is connected to questions of precision. This can be compared t o the matter of rounding off errors in numerical analysis. If in a construction two points turn out to be so close together that our construction precision does not guarantee that they are different, then we can not claim to be able to connect them by a line. And even if the points are different, the line will be ill-defined. Although these practical matters give rise to quite complicated considerations, we cannot say that they are necessarily essentially different from what we did in Sections 6 and 7. One can still go on the basis that truth is observable: the question is just a matter of which propositions we consider the truth of. Instead of claiming the possibility t o connect two points p , q if p # q in the geometrical world G, we take a thing like d(p,q) > 1 (distance exceeds unity) as our criterion. Nevertheless we can make things a little livelier than this. Let us start from what we developed in the beginning of Section 7: just the four PN’s that were called cpoint, cline, semp and semi. We now introduce a primitive notion
N.G. de Bruijn
862 “obsdif” ( “observationally different”) in the construction plane: p : cpoint
obsdif := PN : prop And now instead of introducing the cconn, ax21, etc. of Section 7, we go on like this: z : cpoint
I
ass31 : obsdif(x, y)
1
cconnl := PN : cline ax31 := PN : 2 # y ax32 := P N : seml(cconn1) = conn(semp(z),semp(y),az31) Knowledge about obsdif can come from different sources. In the first place we can axiomatize things like: if d(semp(x),semp(y)) > 1 then z and y are observationally different. A second source arises if we axiomatize in the construction plane, in some situations, that if cpoints u and w are observationally different, then the cpoints z and y, derived from u and w in one way or other, are observationally different. A very simple case of this is an axiom stating that obsdif(s, y) implies obsdif(y, z). It will be clear that this subject will become very complicated without being very rewarding. Therefore it seems definitely unattractive.
10. FUNDAMENTALISTIC RESTRICTIONS ON OBSERVABILITY In Section 9 we still had the uncritical acceptance of all truth that can be obtained in the geometrical world. There is a clear reason for restriction. If we have to use geometrical propositions for taking decisions in the world of constructions, it is reasonable to require that we also have a “constructive” way for actually deciding whether such propositions hold or do not hold. We can implement such restrictions in Automath by selecting some “constructive” basis for logic and mathematics, like intuitionistic mathematics, and building our geometry G according to these principles. We might even mix
Formalization of constructivity in Automath (F.2)
863
a constructive kind of mathematics with the ordinary kind, using pprop and ctype for the constructive kind. In particular it seems to be reasonable to take the “obsdif” we had in Section 9 as a pprop rather than as a prop. The latter remark suggests that it might be simpler to shift life entirely to the construction plane, and to forget 0 altogether. But this is not what we usually want. Let us imagine that we want to describe the theory of Mascheroni constructions (constructions with compass but without ruler). The subject matter concerns both circles and straight lines, the constructions deal with circles only. This difference can be implemented by discussing both circles and straight lines in 0, but just “cpoints” and “ccircles” in the construction plane.
11. COMPARISON WITH COMPUTER PROGRAM SEMANTICS It is very natural to compare the field of geometrical constructions with the one of computer programming. In both cases there is a number of actions that produce one or more objects, and in both cases it is very essential that it is proved that these objects satisfy the problem specification that was given beforehand. In a computer program we usually think of a “state space”; the input is an element of that state space and the output is again such an element. In the case of geometrical constructions one would say that the input is (vaguely speaking) the given figure, and the output is the required figure. Let us admit different spaces for input space and output space, and try to describe at least the specification of a geometrical construction in terms of input and output. As an example we take the following (trivial) construction problem. Given two different points P , Q and a line rn. Construct a line q that intersects m, passes through P but not through Q. Let us talk in the style of Section 7, and let us moreover decide to introduce a name R for a cpoint of intersection of q and m (otherwise we would need existential quantification). An element of the input space is a triple ( P , Q , m ) where P : cpoint, Q : cpoint, rn : cline, and where we have semp(P) # semp(Q). An element of the output space is a pair (9, R) where q : cline and R : cpoint. The problem specification is given by the conditions that seml(q) is incident with semp(P) and semp(R) but not with semp(Q). This kind of problem specification is entirely in the style of what is called “relational semantics’’ in computing science. If we deal with geometrical constructions, the role of “subroutines” is more or less the same as in computer programming. In particular we can say that descriptive geometry consists of a large body of subroutines. In computer programs we can have loops. Sometimes pieces of a program
N.G. de Bruijn
864
have to be repeated until some condition is satisfied. The geometrical constructions we discussed in the previous sections have no such loops. This reveals essential restrictions on the class of constructions we can describe in the various systems that were suggested in these sections. An example of a construction with loop is the following one. Let A , B , C be given points on a given line, B between A and C. It is required to construct a point D on that line, such that C is between B and D , and such that the length of the line segment BD is an integral multiple of the length of the segment AB. This construction requires a loop. Our treatment of geometrical constructions in Sections 3-10 might be called “operational” or anyway “functional”. All the time uniquely determined outputs are obtained step by step, and in the slightly more sophisticated case of the use of subroutines the only thing we actually do is taking sequences of steps together and considering them as a single step. The reason is that the treatment is based on what we shall call the interior approach. In the interior approach we talk in terms of the constructed objects. The constructed objects are treated in the same style as ordinary mathematical objects and (but this is a typical Automath feature) proofs. In our Automath book we discuss the objects, but the action of construction is felt as subject matter of some metalanguage. An entirely different way to deal with constructions is that we consider constructions as objects, seemingly more abstract than the ordinary objects, but nevertheless on the same linguistic level. Let us call this the exterior approach. (The name is suggested by the fact that if we work in the interior approach then the metalinguistic discussion of construction is felt as being something at the outside.) With the exterior approach we can get rid of the limitations of our “functional style” of construction description. Anyway we can remove the last differences there might be between geometrical construction and computer programming. We might try to start the exterior treatment with the introduction of a primitive notion “construction” like: construction := P N : ctype but it has to be more complicated than this. The notion of construction has to depend on the input space and the output space as parameters, and this is not so easy t o describe.
865
The Mat hernat ical Vernacular, A Language for Mathematics with Typed Sets N.G. de Bruijn
1. INTRODUCTION 1.1. The body of this paper is from an unpublished manuscript (“Formalizing the Mathematical Vernacular”) that was started in 1980, had a more or less finished form in the summer of 1981, and a revision in July 1982. [The Sections 1 to 17 were published for the first time i n [de Bruijn 87a (F.3)]. A t that occasion the (very essential) Sections 12-1 7 were revised in order to adapt them to typed set theory, and the Introduction was extended. For this 1994 version the old Sections 18-22 have been revised i n order to let them match the revised Sections 12-1 7.1 1.2. The word “vernacular” means the native language of the people, in contrast to the official, or the literary language (in older days in contrast to the latin of the church). In combination with the word “mathematical”, the vernacular is taken to mean the very precise mixture of words and formulas used by mathematicians in their better moments, whereas the “official” mathematical language is taken to be some formal system that uses formulas only. We shall use MV as abbreviation for “mathematical vernacular”. This MV obeys rules of grammar which are sometimes different from those of the “natural” languages, and, on the other hand, by no means contained in current formal systems. 1.3. It is quite conceivable that MV, or variations of it, can have an impact on computing science. A thing that comes at once into mind, is the use of MV as an intermediate language in “expert systems”. Another possible use might be formal or informal specification language for computer programs. 1.4. Many people like to think that what really matters in mathematics is a formal system (usually embodying predicate calculus and Zermelo-F’raenkel
866
N.G. de Bruijn
set theory), and that everything else is loose informal talk about that system. Yet the current formal systems do no adequately describe how people actually think, and, moreover, do not quite match the goals we have in mathematical education. Therefore it is attractive to try to put a substantial part of the mathematical vernacular into the formal system. One can even try to discard the formal system altogether, making the vernacular so precise that its linguistic rules are sufficiently sound as a basis for mathematics. An attempt to this effect will be made in this paper. We shall try to do more than just define what the formalized vernacular is: much of our effort (certainly in Sections 2, 3, 4) will go into showing its relation to standard mathematical practice. 1.5. Putting some kind of order in such a complex set of habits as the mathematical vernacular really is, will necessarily involve a number of quite arbitrary decisions. The first question is whether one should feel free to start afresh, rather than adopting all pieces of organization that have become more or less customary in the description of mathematics. We have not chosen for a system that is based on what many people seem to have learned to be the only reasonable basis of mathematics, viz. classical logic and Zermelo-Fraenkel set theory, with the doctrine that “everything is a set”. Instead, we shall develop a system of typed set theory, and we postpone the decision to take or not to take the line of classical logic to a rather late stage.
1.6. The idea to develop MV arose from the wish to have an intermediate stage between ordinary mathematical presentation on the one hand, and fully coded presentation in Automath-like systems on the other hand. One can think of the MV texts being written by a mathematician who fully understands the subject, and the translation into Automath by someone who just knows the languages that are involved. [For general information on Automath the following paper may be adequate: [de Bruijn 80 (A.5)l.l Experience with teaching MV was acquired in a course ‘
1.7. Even a superficial inspection of mathematical literature shows that it is very hard to get anywhere as long as we take the term “mathematical vernacular” so wide as to contain all language mathematicians use for convincing one another. We shall try t o isolate a fragment of the language and polish it up so as to turn it into a basis for mathematics. It is this fragment that is called MV.
The mathematical vernacular (F.3)
867
The rules of MV do not just explain how mathematical sentences have t o be formed, but also how they have to be manipulated in order t o build new correct material. In particular they will help us to disclose the rules of the game of axioms, definitions, theorems and proofs.
1.8. Roughly speaking, the MV part of a piece of mathematics will be the rigorous part. In order to make a bit clear at this stage what this MV part is, we mention a few things that we do not want to belong t o it. Without being very systematic, we mention: Argumentation in the form of references to previous material, and indications of the kind of reasoning. Typical of what we mean here is: “Replacing x by p in Theorem 25 we find ...”. Indications for reconstructing pieces of texts that have been omitted. Example: “The second part of the proof can be given by interchanging the roles of x and y”. References t o the syntactical form of presented material, like “the lefthand side of this equation”. Interpretation in terms of notions that belong to an entirely different area, like the use of geometrical terminology for discussing the graph of a function, in a case where the rigorous part of the text has no geometry at all. Remarks about the relation between the human writer or reader and the text. Example: “It is easy to see that ...”. It may help the reader to draw a figure of this situation. Commands, like “Show that
...”.
Surveys of what is to be expected in later parts of the text. Historical remarks. It would not be hard to extend this list of non-MV items. Quite often non-MV components and MV-components occur in one and the same sentence. Example: “Obviously we have f(z) > 1 for all x, but that does not help us to prove the lemma”. The only MV-part here is “f(z)> 1 for all z”.
1.9. In a system where we expect to have our mathematics checked by a machine it will certainly be worth while to take both the MV-part and the argumentations as essential parts of the formal language, as has been done in Automath. But even if that is considered as a sound basis for mathematical communication,
868
N.G. de Bruijn
it is questionable whether it can ever replace that communication. It has the disadvantage that it makes sense only for texts that have been elaborated in every silly little detail. For communication this is rather inconvenient. We wish to write in a style in which we omit what we think is trivial. What things can be considered to be trivial depends on the experience the reader is expected to have. Therefore we shall define correctness of MV in such a way that proofs where pieces of the derivation are omitted, can be considered as still correct. A text would become incorrect if we omit definitions of notions that are used in later parts of the book. A proof written in MV may be restricted to showing a sequence of resting points only. The derivation from point to point may be suppressed, or at least be treated quite informally. This seems to come close to the current ideal of mathematical presentation: impeccable statements, connected by suggestive remarks.
1.10. In contrast to what one might expect at first sight, the grammar of the mathematical vernacular is not harder, but very much easier than the one of natural language. We can get away with only three grammatical categories (the sentence, the substantive and the name), because mathematicians can take a point of view that is very different from the one of linguists. The main thing is that mathematical language allows mathematical notions to be defined; it can even define words and sentences. In choosing these new words and sentences we have almost absolute freedom, just like in mathematical notation. We hardly need linguistic rules for the formation of new words and new sentences. It usually pleases us to form them in accordance with natural language traditions, but it is neither necessary nor adequate to set linguistic rules for them. 1.11. The language definition of MV will be presented in two rounds. In the first round we express the general framework of organization of mathematical texts. It is about books and lines, introduction of variables, assumptions, definitions, axioms and theorems. All this is condensed in the rules BR1-BR9 in Sections 9 and 10. In the second round we get the rules about validity. These cover Sections 11-17. These two rounds describe a language for mathematics. It would go too far to call them the foundation of mathematics. The language of mathematics allows us to write mathematical books, and in these books we can axiomatize the rest of what we call the foundation of mathematics. Part of that axiomatic basis might be considered as foundation of mathematics as a whole, but other sets of axioms just serve for particular mathematical theories. The dividing line between the two is traditional, not essential. Part of the axiomatic basis in the book may be of logical nature, and that part will certainly be considered to
The mathematical vernacular (F.3)
869
belong to the foundation. Most of the validity rules of the second round have been put in that second round since they cannot be expressed in the books. In other words, they cannot be expressed in MV itself. But a very large part of what is called the foundation of mathematics can just be written in the books, more or less to our own taste. As examples we mention here: falsehood, negation, conjunction, disjunction, the law of the excluded middle, existential quantification, the empty set, the axioms for the system of natural numbers, the axiom of choice. One might try to reduce the second round to an absolute minimum and to put as much as possible in the MV books. We have not gone that far, in most cases because it seems to be nicer to keep things together that belong together. In the case of Section 15 (rules for Cartesian products) the reason to keep it in the second round may seem peculiar. It is just because of the fact that if we want to refer to elements ( a ,b) of the Cartesian product of A and B , we would hate to have t o mention A and B as parameters all the time. We would have to, if that section would be shifted to the book.
1.12. Let us try to compare MV and Automath. In the first place it must be said that MV has been inspired by the structure of Automath as well as by the tradition of writing in Automath. In that tradition elementhood, i.e. the fact that an object belongs to a set, is expressed by the typing mechanism available in Automath. So in order to say that p is an element of the set S, this is coded as p : S, so S is the type of p . This is in accordance with the tradition in standard mathematical language. If we say that p is a demisemitriangle, one does not think of the set or the class of all demisemitriangles in the first place, but rather thinks as “demisemitriangle” as the type of p . It says what kind of thing p is. In order to keep this situation alive, MV does not take sets as the primitive vehicles for describing elementhood, but substantives (in the above example semidemitriangle is a substantive). It is important to see the difference between substantives and names. Grammatically they play different roles. If we say that a b is an integer, then “integer” is a substantive and a b plays the role of the name of an object. Coming to a situation like a E b E c E d, the Automath style does not allow to write this as a chain of typings like a : b : c : d. If 6 is a set, then let us write 61 for the substantive “element of b”. The chain becomes a : 61, b : c l , c : dl. An important difference between Automath and MV is that in Automath typirigs are unique (up t o definitional equivalence), and in MV they are not. MV is adapted to the tradition of ordinary mathematical language in which 5 is a real number and at the same time the same 5 is an integer. One does
+
+
870
N.G. de Bruijn
not feel a conflict since “integer” is just a special kind of “real number”. In Automath it is always a bit troublesome to express that an object belongs to a subtype: The fact that 5 is a positive real number is described in Automath by two consecutive typings. The first one says that 5 is a real number, the second one says that some particular expression u is a proof for the statement that 5 is positive. This is often felt as a burden. A consequence of the way we treat typing by means of substantives in MV is that a typing like “5 : real number” has the nature of a proposition. This is one of the rules of MV (see T1 in Section 12), but is not done in Automath. Another difference between Automath and MV, already mentioned in 1.9, is that Automath has exact proof references inside the formal text, whereas MV either does not have them at all or has them informally in the margin. This provides a serious (but quite clear) task for those who implement MV into Automat h. There is another trouble with the implementation. In MV we have quite strong equality rules, more or less corresponding to the standard feeling that “between two equal things there is no difference at all, they are just the same”. In Automath it may cause quite some work to show the equality of two expressions whose only difference is that, somewhere inside, the first one has p and the second one has q, and where p is equal to q. One has to bring the equality from the inside to the outside, and that may cause a lot of Automath text. Fortunately the writing of that text can be automated. In our version of MV we have a strong set of equality axioms (in particular EQ10a-EQ10c of Section 13.2) which make all this much easier. 1.13. One might think of direct machine verification of books written in MV, but this will be by no means so “trivial” as in Automath. Checking books in MV may require quite some amount of artificial intelligence. In the first place MV allows us to omit parts of proofs, at least as long as no definitions are suppressed (see Section 1.9). But even if the steps in an MV book are ridiculously small, a checker may have a hard time, since in MV proof indications are not given in the formal text itself. To make a book in MV better readable, one can provide the text with proof references in the form of hints, so to speak in the margin. In order to make automatic checking of MV books feasible, one has to invent some system t o pass those informal hints to the artificially intelligent machine.
1.14. The formation rules of MV allow us to form sub-substantives to a given substantive. The relation is denoted by <, like ‘%quare < rectangle” in geometry. Once we have the substantive “rectangle”, we can form smaller ones, but our rules do not allow us to form bigger ones. The effect is that for every object
The mathematical vernacular (F.3)
871
in an MV book one can find a “largest” substantive it is typed by. Let us call that one the archetype of the object. Likewise, this largest substantive can also be called the archetype of all the substantives it contains in the sense of <. These archetypes can be on the back of our minds, but they are never mentioned explicitly in the MV book. Moreover, archetypes are nowhere mentioned in the language rules. One advantage of this system of “anonymous archetypes” is that we are never obliged to state the archetypes as a kind of parameters (actually this is what we have to do in Automath). Another advantage is that the MV text we produce can also be appreciated by readers who have bigger archetypes in mind. For example, a book on real numbers where complex numbers are never mentioned, can be used by anyone who started from the complex numbers, and wants to see the reals as special cases. In other words, our MV books can always be embedded into book with bigger archetypes. Since all objects, all substantives and all sets have an archetype, we can refer to our MV as a kind of typed set theory.
1.15. Our effort in describing a large part of the language in terms of both substantives and sets, instead of sets only, gives some duplication in the language rules that might be considered as superfluous. We of course would like t o try to eliminate one of the two, and deal with sets only, or with substantives only. Both can be done, of course, but none of the two seems to give anything that looks more satisfactory than what we have in our MV. It has some advantage to describe both: it liberates us from the nasty decision to discard either of them. Substantives (like point, number, function) seem to be the things we handle in our natural language, and sets are things we have learned, more or less artificially, to use instead of substantives. Before the advent of New Math (or should we say, before the rise and fall of New Math) talking by means of substantives was general, and set language was only introduced if strictly necessary. This is roughly what we have done in our presentation of the MV rules. Talking and thinking in terms of substantives is so strongly traditional that one might even call it “natural”.
1.16. In MV it is not true that “every object is a set”. If we introduce a substantive as a variable or as a primitive, then the objects which are typed by that substantive can not be considered as sets. Elements of a Cartesian product (see Section 15) are no sets.
1.17. Some of the decisions we have to take about MV involve questions about what to put in the language and what in the metalanguage. In particular we have a kind of meta-typing (the “high typing”, see Section 3.6) in the language,
872
N.G. de Bruijn
whereas most other systems would have such things in the metalanguage. The high typing is used for saying that something is a substantive or that something is a statement. We note here that ‘‘statement” is a synonym for “sentence”. We use “statement” in MV, but there would be no harm in replacing it by “proposition”. Linguists would probably dislike the use of the word “sentence” for phrases which are no full sentences. The distinction between high typing and low typing corresponds in Automath to the distinction between typing by means of expressions of degree 1 and typing by means of expressions of degree 2.
1.18. It is customary to make the distinction between sets and classes. Roughly speaking, sets are classes over which we allow quantification. Usually we think of the classes which are no sets as those which are just too big to be sets, like the class of all sets. In our MV we allow quantification over every substantive, and substantives directly correspond to sets. Classes over which we cannot quantify are not discussed in MV itself, neither by means of low typing nor by means of high typing. We can discuss them in the metalanguage: the class of all statements, the class of all substantives. In Automath the class of all proofs for a given proposition is treated as a type. There is nothing of that kind in MV. 1.19. Let us devote some attention to the role played by adjectives. An adjective belongs to a substantive, and serves a double purpose: (i) t o form a new substantive, and (ii) to form a new sentence. Example: Having the substantive “triangle”, we can form the adjective “isosceles”. With this one we can form the new substantive “isosceles triangle” as well as the new sentence “... is isosceles”. It may be just because of this double usage that mathematicians like to express things by means of adjectives. Many definitions in mathematics are in the form of the introduction of a new adjective. A warning must be given: an adjective belongs to a substantive, but not automatically to the archetype of that substantive.
2. SOME TERMINOLOGY
2.1. Before we start explaining what MV really is, we say something about the terminology to be used in this paper. We of course distinguish between the language MV and texts written in the language. Instead of “texts” we shall speak of “books”. The language MV has to be defined by stating its rules of grammar, or, as we might say, its language definition.
The mathematical vernacular (F.3)
873
A certain amount of usage of MV in an MV-book will depend on constructions and notions that are introduced in the language definition. This kind of usage will be called primary MV. All the rest of MV that is used somewhere in the book depends on terms and phrases that were chosen previously in that book. Such book material will be called secondary MV. We quote some examples. A phrase like “for all z” will conveniently belong to the language definition, but “logz”, “normal subgroup”, will be things we prefer to define in some book. There are things on the borderline for which the language design has to choose between introduction in grammar or in book, and that choice might be a matter of taste. Examples of things about which one might hesitate are: use of the equality sign, elementary notions about logic, and the treatment of sets and functions. A mathematics book contains what we called (in Section 1.8) an MVfragment, and all the rest is non-MV. A part of the non-MV fragment consists of material that speaks about the MV-fragment. One might think of words and phrases like “left-hand side”, “equation”, “notation” “symbol”, “formula”, “substitution”, “unknowns”, “integration”, “algebraic”, and of the material mentioned in Section 1.8, (i) and (ii). We shall not study this kind of language systematically, but just vaguely refer to it as metalanguage. It should be noted that the borderline between language and meta-language has shifted over the centuries. There was a time when “set”, “function” were definitely metalanguage, and right now there are things on the threshold between language and metalanguage which might shift into the language in the next few decades. As such, one might suspect terms like “proposition”, “condition”, “proof”, “algorithm”. Quite often a word occurs in two different languages, with related but different meanings. This has its reasons: it is always hard to find new words for new notions, and we like t o have words with some suggestive power rather than new words that do not mean anything to us. For example, the word ‘Lalgebra” is used in metalanguage t o indicate a branch of mathematics, and in the language itself to denote a special kind of ring. And if we say “this system of three equations has two solutions”, then “three” and “two” may be on different sides of the border. In this paper we shall develop some new terminology. Some of it will be incorporated in the primary part of the language MV, some of it will be metaMV. We have to be explicit about this, especially since we shall shift things into MV that are commonly considered metalanguage. In particular words like “substantive”, “statement” will become (primary) MV. 2.2.
2.3. Let us give a survey of the abbreviations for the various languages to
874
N.G. de Bruijn
be referred to in this paper. Quite often a sentence does not belong to any of these, simply because the sentence is intended t o relate these languages to each other. But for separate words in this kind of discussion it may be possible t o state more precisely to what language they belong. In many cases we shall indicate this, and we use the abbreviations OMV, gL, MV, pMV, sMV, mMV, smMV, imMV. OMV. This stands for “ordinary mathematical vernacular”. This is the language today’s mathematicians actually use when they want to be precise but not absolutely formal.
gL stands for “general language”. This refers to words and phrases outside mathematics, in our case usually as a kind of meta-OMV. Since we do not suggest an exact definition of OMV, the boarderline between OMV and gL will be vague. MV stands for the “stylized” form of OMV, and is to be described in this paper. This MV is a language that can be defined completely (see Sections 3-17). pMV stands for primary MV, as explained in Section 2.1. Words and other constructs of pMV appear for the first time in the language definition. Authors of MV books do not have the right to deviate from pMV. sMV stands for secondary MV, as explained in Section 2.1. Words, symbols and phrases of sMV are chosen by the author of an MV-book. mMV. This stands for meta-MV. We shall consider two kinds, smMV and imMV. smMV stands for syntax-oriented meta-MV. It is the language we use for expressing the rules of MV. imMV stands for interpretation-oriented meta-MV. It is the language we use for discussion of the relation between MV and its popular variant OMV. We use imMV for explaining how pieces of existing mathematics can be expressed in MV. Many of the words we introduce in pMV, sMV, smMV will be borrowed from gL, and the usage will be related to their usage in gL. In order to give an impression what distinctions can be made, we give a list of terms which all mean something like “group of words or symbols that express something”, and in each case we indicate the possible languages. In several cases the set of possible languages might be extended, and in some cases it is not very
The mathematical vernacular (F.3)
875
clear what that list should be. What is important for us here is the question which cases are pMV, sMV, imMV, smMV. The matter of what belongs to gL is more vague, of course. word ............................ gL ......................................................... sentence ...................... gL ......................................................... proposition .... OMV ........................ sMV ................................ statement ............................. pMV ............................................ substantive ........................... pMV ............................................ formula .......... OMV .................................... smMV ................. expression ...................gL ........................... smMV ................. phrase ......................... gL ......................................................... theorem ..........OMV .................................... smMV .. imMV .. assertion ........ OMV .. gL ........................... smMV .. imMV .. assumption .... OMV .. gL ........................... smMV .. imMV .. condition ....... OMV .. gL ........................... smMV .. imMV .. definition ....... OMV .. gL ........................... smMV .. imMV .. predicate ........OMV .................................... smMV .. imMV .. clause ............................................................ smMV ................. name ........................... gL ........................... smMV .. imMV ..
3. INGREDIENTS OF MV
3.1. We shall point out some of the characteristics of MV, with special emphasis on those aspects which might be considered novelties. We shall comment on the following points: context indication (Section 3.2) , mixing natural language and formulas (Section 3.3), grammatical categories (Sections 3.4 and 3.5), typing (Section 3.6). 3.2. The context indication system, as described in Section 4, is little more than a systematic description of what all mathematicians are aware of when they are talking or writing mathematics. It is certainly worth while to give it a predominant place in the description of what mathematics is. In particular it gives insight in what “variables” are. Moreover it opens the way to natural deduction as a basis for mathematical reasoning. 3.3. Mixing natural language and formulas is a very typical aspect of a mathematician’s lingo (both OMV and MV). In most cases formulas become part of a sentence as if they were just words or sequences of words, in complete accordance with the grammar of the natural language. When we say “if a / / b then
N.G. de Bruijn
876
p E V ” ,then “affb” and “ p E V” play grammatically the role of sub-sentences, just like in “if it rains then we get wet”. And when we say “b satisfies ...” then b is the subject of the sentence just as if b were a person. But there are also cases where the mathematician’s lingo does not follow the rules of the natural language. We mention “for all integers z we have ...’I, where the z does not play a role that any ordinary word can play in a natural language sentence. And we mention “for all z we have ...”, where 2 does seem to play such a role, but the wrong one. For these little irritations we offer as explanation that our natural languages do not admit anything corresponding to bound variables. 3.4. In natural languages one analyses the structure of a sentence by attaching
grammatical categories t o words or word groups. Such categories can be “sentence”, “noun”, “verb”, etc. In our discussion of MV we shall restrict ourselves to a rather small number of categories. We shall only use the following: statement,
substantive,
name.
There might be a case for the adjective (cf. Section 1.19) as a fourth category, but we ignore them in our presentation of MV. The reason why we do not need to go into the finer shades of grammatical analysis lies in the fact that in the MV-book we can introduce words, symbols and other kinds of phrases by means of definitions (see Section 7.2). As far as the defined things are words or phrases, we usually choose them according to what sounds right in ordinary language, and that is why they seem to ask for linguistic analysis. But such an analysis is unnecessary. The only thing we do with the new words and phrases is to repeat them in other circumstances. As an example we quote a definition: “We say that the vectors p and q are locally independent in the sense of Prlwtzkowsky if ...”. Later we just repeat this phrase, with p and q replaced by other names. The fact that the words “in the sense of” have been taken just in this order, does not play a role we consider to be essential for MV. It plays a role in readability, memorizability and possibly in parsability (cf. Section 23). It is like choosing notation: as a function symbol for the hyperbolic cosine we might select “cos hyp” or “cosh” or “csh” but not “ggrrr”, since that would not be very suggestive, and certainly not “gg?(rg[?” since that would be asking for trouble with parsing. 3.5. Let us say a few informal things (expressed in gL) on the categories “state-
ment”, ‘Lsubstantive”, “name” and “adjective” , A statement is a group of words or formulas that might play the role of a complete sentence, although it can occur as just a part of some other phrase (the word “phrase” is used here to indicate any sequence of words or formulas that somehow is considered in its entirety at some moment). Example: In the
The mathematical vernacular (F.3)
877
phrase “if a > b then p is divisible by 5” the parts “a > b” and “ p is divisible by 5” are statements, and the whole phrase is a statement. A substantive is a generic term for a class. Examples: “circle”, “positive integer with exactly three divisors”, “point”. A generic term for a class is not the same as a name for that class. The difference is small: it is only the way we use them. If C is the class of all circles, then the phrases “P is a circle” and “ P is an element of C” are intended to mean the same thing. A warning: sometimes a phrase has the grammatical form of a substantive without playing that role in a mathematical text. In the phrase “ P is the orthocenter of triangle ABC”, the word “orthocenter” is not t o be considered as a generic name for a class. One should not think that it had first been explained what an orthocenter is, and that later it was proved that a triangle has just one orthocenter, so that finally we can speak of “the orthocenter”. No: the phrase “the orthocenter of triangle ABC” can be used by virtue of a previous definition in the book, where it was introduced as a name with the same status as a name like Oc(A, B, C) would have had. Therefore there is no question of parsing it into separate components like “the” “orthocenter”, etc. A n a m e is a phrase we consider as a sufficient indication of an object. Without going into the question whether we have or do not have objects in mathemat,ics, we note that our linguistic handling of mathematics seems to treat mathematical names as if they were names of objects. Examples of names are “the center of the unit circle”, “the point M ” , “ M ” , “a b”. As to adjectives we mention that adjectives are always attached directly or indirectly to a substantive. Once we know what a triangle is we can say what it means that a triangle is “isosceles”. It can be used in two ways: (i) in statements like “triangle A B C is isosceles”, and (ii) in order to form the new substantive “isosceles triangle”. This humble role of adjective does not seem to suffice as a reason for taking them as building blocks in our rudimentary grammar of MV. Nevertheless there is a reason to take them seriously: mathematicians seem to like them so much. They seem to like definitions where a new notion is presented in the form of a new adjective. We shall say more about adjectives in Section 22.14.
+
3.6. In our version of MV we use typing on two levels: low typing and high typing. Low typing is used to express that some “object” is of a certain “kind” like “ p is an integer”. In MV we have a preference for writing a colon instead of “is a”, so we write “ p : integer”. This colon is the notation for a kind of relation between “p” (which is grammatically a name) and “integer” (which is grammatically a substantive). In the metalanguage smMV we say that “ p : integer” is a (low)
878
N.G. de Bruijn
typing. High typing is a thing that in most other systems would be put into the metalanguage rather than into the language itself. We denote it by a double colon. On the right we have either “statement” or “substantive”. Examples of ‘‘z > y :: statement”. high typings are “integer :: We can as well say right here that low typings “ p : q” will occur only in cases where the high typing “q :: substantive” has been established already. In this connection we mention that one might say in the metalanguage smMV that p is a name, or that p is the name of some ql but we do not express this in MV itself. We mention a question that often turns up among mathematicians: is 3 a number or is 3 the name of a number? We can agree to both alternatives, depending on the language we use. In MV we say “3 : number”, but in smMV we say that 3 is a name, and more precisely that 3 is the name of a number. For a moment we consider the word “object”. There is the old philosophical question whether mathematical objects exist. Those who believe in the existence are called platonists. One might suspect that all mathematicians are platonists, even those who fiercely deny it. The matter is clear for those who consider it as their job to provide useful communication language for mathematicians: platonism is not right or wrong, platonism is irrelevant. At least it is irrelevant for matters of truth and falsehood of mathematical statements. It may be relevant for mathematical taste, but that is a personal matter anyway. The most important thing to say about platonism is possibly that platonism is dangerous. It may seduce mathematicians in thinking that they can get away with incomplete definitions of objects since these objects exist anyway. And it might give the false suggestion that slightly different definitions of a mathematical object are not harmful since after all they refer to one and the same platonic object. Another danger of the idea of platonic existence is that many people find it hard t o understand the meaning of existence in mathematics. The statement in OMV that “there exists a positive number whose square equals 9” has nothing to do with the platonic existence of the number 3. We shall give a kind of linguistic interpretation to the word “object”. We take it as a word used in smMV. If S is a substantive, and if we have in MV that p : S, then we might say in smMV that “ p is the name of an object”. Continuing in smMV, one might ask “what kind of object?”. The answer t o this will be in smMV that p is the name of an S, and in MV itself that p : S (which expresses that p is an S). We of course have not expressed here what the word “object” means, but only how the word is used.
3.7. In the next section we will use the word clause (smMV). It will get its exact description in the language definition (from Section 6 onward), but we may as well say right here that a clause is either a typing or a statement. This
The mathematical vernacular (F.3)
879
cannot serve as a definition of the word “clause”, however. We even note that Yyping” and “statement” belong to different languages. In order to give a preliminary idea, we say here that a clause will be either a high typing,
A :: substantive or
P :: statement or something of the form
P
(3.7.1)
in situations where
P
::
statement
(3.7.2)
had already been recognized as a valid clause. The interpretation of (3.7.2) is “P is a well-formed statement”, and the one of (3.7.1) is “P is true”. Note that in (3.7.1) and (3.7.2) P itself can be a low typing like “ a : A ” , where “ A :: substantive” has already been recognized as a valid clause. There will be cases where we establish that “ a : A” is a well-formed statement, and there will be cases where we establish that “u : A” is true. High typings will be different from low typings in the sense that they cannot be considered as statements. There will be no valid clauses of the form
( A :: substantive) :: statement (P :: statement) :: statement
4. STRUCTURE
OF MV BOOKS
4.1. In this section we give a first outline of what a book is. The following terms will be all smMV: “book”, “line”, “older”, “younger”, “context”, “context item”, “declarational”, “assumptional”, “body of a line”, “context length”, “empty context”, “flag”, “flagstaff”, “flagstaff form”, “flagless form”, “block”, “block opener”, “nested blocks”, “sub-block”. A book is a finite partially ordered set of lines. The order relation is called “older than” (“line p is older than line q” and “line q is younger than line p” are synonymous). A line consists of two parts: a context and a body. A context is a finite sequence of context items. There are two kinds of context items: declarational items and assumptional items. The sequence of context
880
N.G. de Bruijn
items may be empty, and in that case we speak of the empty context. In general, the number of items in the sequence is called the length of the context; the empty context has length zero. This is all we say here about context items; for further information we refer to Section 6. We refer to Section 7 for a description of the body of a line; for the time being we do not need such a description. 4.2. We sketch the interpretation of the words introduced in Section 4.1 in terms of gL. A book is t o be interpreted as any connected piece of mathematics that starts from scratch. Lines are primitive building blocks of books. One aspect of lines is that if we omit the last line of a book then it is still a book, but if we omit just a part of that line then it is no longer a book. Usually we think of a book as a linearly ordered set (i.e.l a sequence of lines, and we were thinking that way when using the words “last line” in the previous sentence), where the first line is “the oldest” and the last line is “the youngest”, but we need not go so far as to prescribe this linearity. The meaning of old and young is that younger material may make use of older material, but not the other way round. Since every finite partially ordered set can be put into a linear order that is consistent with the partial order, we see that the generalization from linear t o partial is a very superficial one. Nevertheless, the presentation in a non-linear form may make a book easier to understand. In particular, if two pieces A and B are logically independent of each other, then this independence would be muffled if, only for the sake of typography, we would proclaim A to be older than B. Saying thct a book remains a book if we omit the last line (or in the case of non-linear order, if we omit a line that is not older than any other line in the book), means that it remains a book in the sense of syntactic structure; it need not be an interesting book. An assumptional context item is t o be interpreted as an assumption, like “assume p > q ” . A declarational context item is t o be interpreted as the introduction of a variable of a specified type, like “let y be a real number”. A context is to be interpreted as a sequence of such items, arranged in the order in which they were introduced. As an example (in OMV) we give a context of length 4: “let n be a positive integer, let S be a subset of the set of real numbers, assume that S has n elements, let s be an element of S”. The body of a line is interpreted as a piece of true information we provide in the considered context. As an example (in OMV) we give, with the above context of length 4, “if n > 1 then S contains an element different from s”. 4.3. In this section we present examples of the structure of a book. Throughout
Sub-sections 4.3, 4.4, 4.5 we think of a linearly ordered book. The examples are
The mathematical vernacular (F.3)
88 1
abbreviated, in the sense that context items are replaced by symbols I1,12,13,... , line bodies by 61, bz, b3, ... . Contexts are represented as sequences of items separated by commas, and we write an asterisk between context and body of the line. Now a book can look like this:
The contexts in this example look a bit untidy. In a mathematics text the contexts usually do not change from line t o line, but are constant over a larger piece of text. And if the context changes, it is either by adding a few context items on the right or by deleting one or more from the right. So contexts grow and shrink on the right in the course of a mathematical discussion. Assumptions that were once introduced are no longer valid from a certain point onwards, and the same thing holds for variables: a variable is born, is alive during some time, and then dies. In OMV it is customary to announce birth of assumptions and of variables, but it is left to the reader to guess (possibly on the basis of the typographical layout, possibly on the basis of “understanding the author’s intentions”) at what point in the text they are dismissed. For the sake of further discussion we give a typical example:
4.4. The information contained in a book is completely preserved if we write
it in what we call its flagstaff form. In contrast to this, the form presented in Section 4.3 is called the flagless form. In the flagstafl form, the context items are written on flags. The staff of a flag is vertical, and marks the set of lines where the flag’s item is a part of the context. The following example, where the second example of Section 4.3 has been put into flagstaff form, speaks for itself.
N.G. de Bruijn
882
Needless to say, the way back from flagstaff form to flagless form is immediate. For every one of the bodies b l , ...,blo we get the context if we assemble the items on the flags carried by the flagstaffs we see on the left of that body. Later we shall use rectangular flags for assumptions and pointed flags for declarations, in order to make a clear distinction between those two kinds of context items. We did not do it here, since the relation between flagless form and flagstaff form is independent of such a distinction. In our formal presentation of MV we handle the flagless form; in examples we may switch to the flags (see Section 18). Sometimes we use the word block (smMV) to denote the material to the right of a flagstaff, including the flag itself. So every flag determines a block, and the item on the flag is called a block opener (smMV). As an example we quote that 4.5.
P
P
The mathematical vernacular (F.3)
883
are blocks of the book of Section 4.4.The block openers are 1 4 and 16, respectively. The blocks are always nested, that is to say that if two blocks are not disjoint then one of the two is a sub-block of the other one.
5. IDENTIFIERS
5.1. In this section the following terms of smMV will be introduced: “identifier”, “fresh identifier”, “constant”, “parametrized constant”, “modified parametrized constant”, “variable”, “dummy”, “variables of a context”. Note that a word like “variable” is smMV, but that the variables themselves are sMV. Similar things hold for the other notions. 5.2. An identifier is a symbol or a string of symbols to be considered as an atomic piece of text. We might say that an identifier is a symbol, but since we need a very large number of symbols we use strings of symbols instead, taken from a relatively small collection. It is a matter of parsing how to isolate these identifiers in a given piece of text. We shall not go into these parsing questions since they are not very essential here: if we had an unlimited amount of useful identifiers the matter would not have arisen at all. We refer to Section 23 for further remarks. Examples of identifiers in OMV are “z”,“2”, “the complex number field”, “parallelogram”. We note that if we describe “the complex number field” as a string of symbols, then we have t o consider the empty spaces between the separate words as symbols too. These are produced by key strokes on a typewriter just like the letters, but they do not leave a visible imprint on the paper. Therefore it is better to replace the empty spaces by a visible character that is not used otherwise. One can take the underlining symbol for this, and write “the_complexnumberfield”. In our examples we shall not do this, however. It is one of the aspects in which the paper remains informal. 5.3. An identifier is called fresh at some specified place of the book if it has
not appeared yet at older places of that book. In MV and in OMV we often need fresh identifiers, but in practice this is taken with a grain of salt. Since the number of short identifiers is rather small, we are inclined to use some of them repeatedly, in different circumstances, with different meanings. We shall not pay attention to this matter and act as if there were an unrestricted amount of easily recognizable symbols.
884
N.G. de Bruijn
5.4. In an MV book there are various kinds of identifiers. First there are the pMV symbols that occur in the definition of MV, like
USUbStantiVe7,, LIStatement)!,
U:,l,
.. ,
U..!,
.- .
U.-ll
Another class of identifiers is the class of variables (the word “variable” is smMV, the variables in the book will be sMV). A variable is an identifier that occurs for the first time in an MV book in a declarational context item (see Section 6.3). Other identifiers are bound variables (also called dummies), for which we refer to Section 20. Finally we have identifiers that are called constants. They are the identifiers whose first occurrence in an MV-book is on the left of a symbol ‘?=”. The interpretation is that a constant is the name given to a defined object like “2”, “e” ( e is the basis of natural logarithms). 5.5. Related to the constants are the parametrized constants, which are not identifiers in the proper sense. A parametrized constant is a kind of finite sequence of symbols in which there occur variables at various places. The notion is relative with respect to a context. A context has a number of variables, i.e., the variables introduced in the declarational items of that context. These variables will be referred to as the “variables of the context”. It is essential that each one of the context variables occurs at least once in the parametrized constant. The constants of Section 5.4 can be considered as parametrized constants for the case that there are no declarational items in the context. If z and y are the variables of the context, then the following things may be parametrized constants:
“f(2, y)”,
“z
+ y”,
“the distance from z to y”.
A parametrized constant is called fresh (smMV) somewhere in the book if it has not appeared at older places in that book, not even with different variables. Parametrized constants can be used later in the book by repeating them, with the variables replaced by other expressions. We do not say here what kind of expression we have in mind, but just mention as examples
+
+ +
“f(a b, 3)”, ‘‘(a 6 ) 4”, “the distance from P to the center of c”.
In smMV such modified repetitions will be called modified parametrized constants. Clearly, these modified constants will generate new parsing problems, but again we lightheartedly neglect these.
The mathematical vernacular (F.3)
885
The condition that in a parametrized constant all variables of the context occur, is usually taken with a grain of salt. We return to this in Section 21.6. 5.6. Many of the parametrized constants in our examples will have the form b(z1,...,x n ) , where X I , ...,zn are all the variables of the context, in the order in which they are introduced in the declarational context items. In these cases we often take the liberty to write just b instead of b(z1,...,z), on the left-hand side of the definitional line (and sometimes at other places where it is obvious what the abbreviation b stands for).
6. STRUCTURE OF CONTEXT ITEMS
6.1. A context item is a pair, consisting of a clause and a label. For a first orientation on what a clause is, we refer t o Section 3.7. The label is either “(asrn)” or “(dcl)”. See Section 6.4 for the reason why these labels are used. The phrases ‘‘context item”, “clause” and “label” are smMV; both “(asm)” and “(dcl)” are pMV. 6.2. An assumptional context item has the form “ P (asm)”. As a first orientation we say that this P is a clause, but that not every clause will be admitted: “P (asrn)” will only be allowed in cases where the high typing “P :: statement” can be established in the book, at least in the context formed by the sequence of context items preceding this item “ P (asrn)”. For details we refer to Section 9.
6.3. Declarational context items have one of the following forms: x : P (dcl) x :: substantive (dcl) z :: statement (dcl) where x is a fresh identifier and P is some expression. As said in Section 5.4, z is called the variable of the context item. Not every P will be admitted here, but only those P for which the high typing “ P :: substantive” can be established in the book, in the context formed by the sequence of context items preceding this item “x : P (decl)”. For details we refer to Section 9. 6.4. It is essential that context items are explicitly labeled as being either declarational or assumptional. In the flagstaff form this can be done by using pointed flags for declarations and rectangular flags for assumptions (see Section 18). The reason for the use of labels that distinguish between the two kinds of
N.G. de Bruijn
886
items, is the fact that the form of the context item does not always reveal to which one of the two categories it belongs. The following example of a context of length 2 in OMV shows what we mean: “Let p be a quadrilateral, assume that p is a rectangle” (of course no one would say this in one breath, but quite often the various items of a single context are pages apart). The labels “let be” and “assume that” are no luxury, for if we would say “ p is a quadrilateral, p is a rectangle” then it would not have been made clear that in the first item p is introduced and that in the second item p is a thing we already know about.
7. STRUCTURE OF LINE BODIES
7.1. There are four kinds of line bodies: (i)
definitional line bodies
(Sections 7.2 and 7.6)
(ii) primitive line bodies
(Sections 7.3 and 7.10)
(iii) assertional line bodies
(Sections 7.4 and 7.11)
(iv) axiomatic line bodies
(Sections 7.5 and 7.12)
(all these terms are smMV). 7.2. The interpretation in OMV of lines of the type (i) is that they represent definitions. That word has to be taken in a wide sense, and contains much more than what a text in OMV would label as “Definition”. Whenever we select a new symbol to represent a longer expression, usually for the sake of brevity, we essentially have a definition. We consider three kinds of definitions, according to the syntactic category of the things to be defined. There are “name definitions”, where a new name is introduced for an “object”. Next there are k b s t a n t i v e definitions”, where a new substantive is introduced, and finally “statement definitions”, where a new phrase is coined to represent a statement. As examples of the three kinds of definitions we quote
“the orthocenter of triangle t is ...”, “A rhombus is ...”, “We say that the sequence s converges t o the real number c if
...”.
In MV these three categories will be represented by (7.6.1), (7.6.2), (7.6.3), respectively. For further examples and comments see Sections 7.7-7.9. Many definitions in OMV have the form of the introduction of a new adjective. We shall not put these into MV since they can be circumvented (cf. Sections 3.5 and 22.14).
The mathematical vernacular (F.3)
887
7.3. The interpretation (in OMV) of lines with bodies of the type (ii) is that they introduce primitive notions. Such lines are rare in mathematics, and have the same status as axioms. Together with the axioms they may form the basis of a theory. As an example we quote from Hilbert’s axioms for plane geometry, which state “there are things we call points and things we call lines”, where the words “point” and “line” are introduced as new substantives but, in contrast to the substantive definitions of Section 7.6, without explanation in terms of known things. In MV the introductions of these primitives get the form (7.10.2). An example of a primitive of the form (7.10.3) is that, after points and lines have been mentioned, the notion “point A lies on line q” is introduced without explanation. Finally we give an example of what is expressed in (7.10.1). One of Peano’s axioms is: “there is a special natural number which we shall denote by the symbol 1”. Here the new object is introduced without definition. Instead of defining it we just say of what kind it is. 7.4. The interpretation of lines with bodies of the type (iii) is that assertions are made that follow from previous material. Some of these are called “theorems”, others L‘lemmas’l,but most of them (in particular the assertions inside proofs) do not get such a stately name. And it is certainly not common practice to apply words like “theorem”, “lemma” to cases with high typings like “ A :: substantive”, “P :: statement”, which are likewise admitted here (see Section 7.11). When saying that theorems and lemmas follow from previous material, we have to interpret the habit in OMV to print a proof after the announcement of the theorem instead of before. If we wish to have a similar announcement in MV, we might give a name to the thing stated in the theorem, claiming that it is a statement P , like in (3.7.2). The proof will end with the assertional line body P (see (3.7.1)). The interpretation of the first line in OMV is “ P is a well-formed proposition”, and of the last one ‘‘P is true”.
7.5. Lines with a body of the type (iv) are to be interpreted as axioms. They can be applied in the same way as theorems, but in the case of axioms we do not require that their content follows from previous material.
7.6. In MV, a definitional line body has one of the forms P : = Q : R P := Q :: substantive P := Q :: statement
(7.6.1) (7.6.2) (7.6.3)
where P stands for a parametrized constant. Note that “substantive” and
N.G. de Bruijn
888
‘‘statement” are pMV, as well as the symbols “:=”, Y’, “::”, but that Q is definitely not the pMV symbol “PN”.
7.7. We remark that it will be a consequence of our later rules that (7.6.1) appears only in situations where “R :: substantive” is valid. The interpretation of (7.6.1) is that the definition provides a new (possibly short) name P for an object of which the full description is Q. Example (in OMV): “Let S(n) denote the real number exp(1) ... +exp(n)”. In this example S ( n ) plays the role of P , “exp(1) ... exp(n)” the role of &, and ‘‘real number” the role of R. In MV we write it as “ S ( n ):= ... : real number” (we do not attempt right now to write exp( 1) ... exp(n) in official MV).
+ +
+
+ +
7.8. The interpretation of (7.6.2) is that it provides a (usually short) expression P for a (usually longer) description Q that represents a substantive. Example: the role of Q can be played by the substantive “positive integer with exactly two divisors” and the role of P by the new substantive “prime number”. 7.9. The interpretation of (7.6.3) is that the definition provides a new (usually short) expression for a (usually longer) statement. Example: “We say that p is orthogonal to q if the inner product of p and q is zero”. Here “ p is orthogonal to q” plays the role of P , and ‘the inner product of p and q is zero” plays the role of Q. 7.10. In MV a primitive line body has one of the forms
P := PN : R P := PN :: substantive P := PN :: statement
(7.10.1) (7.10.2) (7.10.3)
We note that “:=”, “PN”, “:”, “::”, “substantive” and “statement” are all pMV (“PN” has been chosen at mnemonic for the OMV-term “primitive notion”). P stands for a parametrized constant. In the case of (7.10-1) it will be required that “R :: substantive” is valid in the context in which (7.10.1) is written.
7.11. An assertional line body in MV is nothing but a single clause (cf. Section 3.7).
7.12. An axiomatic line body has the form c [Axiom]
(7.12.1)
where c is a clause, and the symbol “[Axiom]” is a pMV term. By virtue of language rules still to be formulated, there are two differences between axiomatic and assertional line bodies. In the first place, the assertional line body
The mathematical vernacular (F.3)
889
has to “follow” from the previous part of the book, and secondly, in the axiomatic case the clause c has to be restricted to cases for which the high typing “c :: statement” can be established in the book. The latter is similar t o the restriction made on assumptional context items (Section 6.2).
7.13. We introduce the notion clause of a lane body (smMV). In the cases of Sections 7.10-7.12 the body has just one clause. In a n assertional line body that clause is the line body itself. In lines with axiomatic line body “c [Axiom]” the clause of the line is just that c. In lines with bodies (7.10.1), (7.10.2), (7.10.3) the clause of the body is ‘‘P : R”, “P :: substantive”, “P :: statement”, respectively. A definitional line body has two clauses. The old clauses of the lines of Section 7.6 are “Q : R”, “Q :: substantive” and “Q :: statement”, respectively. The new clauses of these lines are “ P : Q”, “P :: substantive” and “ P :: statement”, respectively.
8. GENERAL REMARKS ON RULES OF MV 8.1. In Section 4, 6 and 7 we have explained the structure of books, contexts and lines. The question is now: what contexts and what lines are allowed? It will not be trivial to state a complete set of rules for this. A part of these rules will be felt as rules for language manipulation; these rules will be explained in Sections 9 and 10. Another part (Sections 12-17) will be more like a piece of the foundation of mathematics. However, the rules of MV will not contain all of what is usually called the foundation of mathematics. Once we have reached a certain level, the language is strong enough to allow us to write the rest of the foundation of mathematics in an MV book. It is attractive to put as little as possible in the language definition and as much as possible in the books, but we shall not aim at extremes in this respect. The state of affairs can be compared to the way a ship is built. The ship is constructed ashore only until the stage that it is just able to float. Then it is launched, and after that, the construction goes on. The reason for this is, of course, that a ship cannot be launched if it is too heavy. In the case of MV the reason is different. The MV ship can be used by many different customers in different ways. After MV is launched, every customer can finish the construction according to his own wishes. After the launching of a ship, two things happen: (i) the construction is completed, and (ii) the ship will be sailing the seas. Here our analogy is less satisfactory. The action of the ship’s construction in the water near the shipyard is very different from the action of sailing the seas. In the case of MV these
890
N.G. de Bruijn
two actions are alike. To (i) there corresponds the writing of the fundamental portions of the book, and what corresponds to (ii) is writing a (possibly long) book or set of books based on that fundamental chapter. But all the time the action consists of writing books and nothing else. 8.2. As said before, our MV will be modelled after OMV, i.e. the way mathematicians write and speak today, but we cannot just copy OMV. There is no consensus in OMV about how things should be said. We are not in a position to derive all rules of MV by observation of OMV. We have to invent new rules, and that may mean making arbitrary choices. We have to give definitive shape to things which are not properly revealed in OMV. In particular this refers to the fact that this paper tries to interpret OMV as a typed language. One might argue that such an interpretation is not really called for, and that it is about as arbitrary as interpreting OMV as a non-typed language. The most-favored method of coping with life without types is to maintain that “everything is a set”. One might try to arrange a typed language in such a way that this set-loving point of view can be obtained by just creating a single type, viz. the type “set”. Yet we have not taken the trouble to keep this possibility open in our presentation of MV. Conversely, one might try to code typed material in terms of a non-typed language, but this seems t o be very unattractive.
8.3. We first say something about the notion of validity (smMV). The word valid (smMV) means: having been built according to the grammar of MV (and that grammar has still to be disclosed). The rules of that grammar will be production rules, in the sense that they all describe ways to extend a valid book by adding a new line. In the course of the description of how the new line is t o be built, we have certain resting-points where certain phrases are discussed as being acceptable ingredients of the line t o be added. Important resting points are clauses (see Section 3.7 and Section 7.13). In a given context there is a set of such clauses which are called valid clauses. The production rules explain how our knowledge about that set can be extended, describing how by means of a number of elements of that set a new one can be constructed. 8.4. Validity is expressed with respect to a book.
As already said in Section 4, a book is a partially ordered set of lines. For any given line we can consider the set of all lines which are older than the given line; this is again a partially ordered set of lines and therefore a book. We shall refer to the given line as “the new line” and to that book as “the set of old lines”. Whether a new line will be called valid, depends on the set of old lines, and not on what happens in other lines. The same remark applies to parts of
The mathematical vernacular (F.3)
89 1
new lines, like clauses and contexts. Only for the identifiers, and more generally for the parametrized constants we have a condition that goes beyond the set of old lines: we have to stipulate that they are all different throughout the whole book. We usually think of a book as having been written line by line, where older lines precede newer lines in time. If this is the case, then the condition for the parametrized constants is that at each moment the parametrized constant introduced in a line (on the left of a sign :=) is different from all the parametrized constants used before. We still have to say how the context for the new line has to be built, and what clauses are valid in that context. This will be said in Sections 9 and 10. 8.5. From Section 9 onwards we shall give a formal definition of the notion of an MV book in flagless form. Except for the syntactic matters referred to in Section 8.6, we shall not make use of what was said in the preceding sections. Those sections were intended to give interpretations, and t o help the reader to get an insight into the complex set of definitions we shall display in the next sections. First a few things about the terminology. The smMV-terms “MV book” and “valid book” are synonymous. We shall not define notions “context” and “clause” as such, but we shall define “valid context with respect to a set of lines”, “valid clause with respect to a valid context and a set of lines” (in both cases that set is referred to as the set of “old lines”, and in the second caSe it will be required that the valid context is a valid context with respect to that same set of old lines), “valid book”, “line”, “body of a line”, “clause of the body of a line”, “context of a line”. The pMV symbols to be used are
.,
u.13
..
it..”,
“:=”, “substantive”, “statement”, “PN”, “[Axiom]”
and “(dcl)”, “(asm)”, %”. (The symbols of the second row do not appear in the flagstaff form: their role is taken over by the pointed and rectangular flags and flagstaffs.) A few general things can be said here about the format of things. A book is a finite (possibly empty) partially ordered set of lines. A line is a pair consisting of a (valid) context and a line body. A (valid) context is a finite (possibly empty) sequence of context items. 8.6. We mention some things that should have been formally discussed in the next sections, but are nevertheless treated very superficially. They are of a syntactical nature. We mention:
N.G. de Bruijn
892 (i)
substitution,
(ii) variables of a context, (iii) fresh identities and fresh parametrized constants, (iv) parsing. We take it that Section 5 (and 23) are sufficiently clear as an indication of how these notions are to be formalized. A complete formalized treatment of them would not quite fit into the general style of this paper.
9. VALID CONTEXTS AND VALID CLAUSES
9.1. Everything that has been said thus far is to be considered as introduction, providing an orientation about what we are going to describe. It also served to build up a feeling for the interpretation. From now on, however, we shall attempt a more complete and more formal description. Many things that have been referred to earlier in vague terms, will now get a more serious treatment. The rules are about books, lines and validity. They will get their content by means of rules BR1-BR9 (BR stands for “basic rule”). We need not say beforehand what these notions mean. These rules BR1 to BR9 are hardly of a logical or a mathematical nature. Or, rather, they describe how to handle logic and mathematics. In order to get to logic and mathematics themselves we have to add a number of rules in Sections 12-17 that describe more ways to produce valid clauses. As to the production of valid contexts and books no rules will be issued beyond these BR1-BR9. 9.2. The symbols c, C, 11, I,, P, A, x, 21, xk, X I , xk that are used in this section for explaining language rules are meta-variables. They are used in smMV in order to denote expressions occurring in an MV book. In the rules BR1-BR7 there is a set S of lines (“the set of old lines”), and “valid” stands for “valid with respect to S”.
9.3. BR1. If an old line has context C, and if c is a clause of the body of that line, then C is a valid context, and c is a valid clause in that context. 9.4. BR2. The empty context is valid. 9.5.
BR3. If 11,...,I, is a valid context (if n = 0 we mean the empty con-
text), and if
The mathematical vernacular (F.3)
893
P :: statement is a valid clause in that context, then 11,...,I,, I,+l is a valid context, where In+l stands for “P(asm)”. (As already explained in Section 6.3, the additional “(asm)” serves to label it as an assumptional context item; it is not superfluous since P may have the form of a typing.)
9.6. BR4. If 1 1 , ..., I, is a valid context (if n = 0 it is the empty context), and if 2 is a fresh identifier, then the following contexts of length n 1
+
11, 11,
...,I,,z ...,I,, z
::
substantive (dcl) (dcl)
:: statement
are valid contexts. If, moreover,
A :: substantive is a valid clause in the context 11,
...,I,,z
:
A
11,
...,I,, then
(dcl)
is a valid context.
9.7. BR5. If 11,...,I,, is a valid context, and if one of these n items is 2 : A (dcl), then 2 : A is a valid clause in that context. Similarly, if one of the n items is 5 :: statement (dcl), then z :: statement is a valid clause in the context. If one of the items is P(asm), then P is a valid clause in the context. 9.8. BR6. Let C and CO be valid contexts, let 21,...,~k be the variables of the context CO (this notion was explained informally in Section 5.5), and let c be a valid clause in the context Co. Let X I , ...,xk be expressions with the property that if we replace 21,...,xkby X I , ...,xk,then all context items of CO, with the labels “(dcl)” and “(asm)” deleted, become clauses which are valid in the context C. Then the clause we get if we replace 2’s by X ’ s in c becomes a clause that is valid in the context C.
9.9. BR7. If 11, ...,I, is a valid context, and if k < n, then I1 ,...,I k is a valid context. If c is a valid clause in the latter context, then c is a valid clause in the context 11, ...,I,.
N.G. de Bruijn
894
10. VALID BOOKS 10.1. The notion of a valid book is obtained by saying that the empty book is valid and by explaining how a valid book can be extended.
10.2. BR8. The empty book is valid.
10.3. BR9. Consider a valid book, and take any set of lines as set of old lines. Let C be a valid context with respect to this set. The following list indicates what line bodies can be used to form, together with the context C, a line that produces a valid book again if it is added to the book, making the new line younger than all the old lines. The line bodies are on the right. In the cases (iii), (iv), (v), (vi), (vii), (viii) we require, as an extra condition, that the clause on the left is valid in the context C with respect to the set of old lines. P := P N :: statement P := P N :: substantive (iii)
Q
:: statement
(iv)
Q
::
(v)
c :: statement
substantive
(4
I ~
P := Q :: statement P := Q :: substantive c [Axiom] C
C
(vii)
R
(viii)
Q :R
:: substantive
P
:=
PN : R
P : = Q : R
In all cases P stands for some fresh parametrized constant, containing the variables of the context and no others. As the “clause of the line body” we take, in the cases (i) to (vii), respectively, (i)
P :: statement
(ii)
P :: substantive
(iii)
both P :: statement and Q :: statement
(iv)
both P :: substantive and Q :: substantive
(v)
c
(vi)
c
(vii)
P
(viii)
both P : R a n d Q : R.
:
R
The mathematical vernacular (F.3)
895
10.4. We have a comment on case (ii) of BR9. Some people may say it is not customary to use, or to admit the use of, lines like this in any arbitrary context. They might like to admit them in the empty context only. Essentially this comes down to starting a mathematics book with the creation of a number of types, and then off we go. This restricted use of case (ii) has the advantage that it becomes much easier to describe the collection of all types that can occur in a book. Nevertheless we keep this rule (ii) as it stands, i.e. we allow it in any context. We leave it to the user of the language to make or not to make the more restricted use of the rule. It is as with roads: one can build a road that technically admits speeds of 200 mph, the legal authorities may prescribe a speed limit of 100, and the individual user may restrict himself to a maximum of 60. We note that if a substantive is introduced as primitive by means of a line of the type (ii), then this substantive is an archetype (see Section 12.1). And if the line has a context like the line z : A(dc1)
*
P ( z ) := P N :: substantive,
then the only way to make special instances P ( u ) and P ( v ) comparable, is to require 2~ = 21.
11. COMMON STRUCTURE OF FURTHER RULES 11.1. All further rules are about the validity of clauses, where “validity” is taken with respect to a set of old lines and with respect to a context (which in its turn is assumed to be valid with respect to that set of old lines). In the simplest case such a rule will be of the form
........................................................................ (11.1) Q .............................................................................
P
and will express the following: if P is a valid clause, then Q is a valid clause too. A variation on the scheme (11.1) is
.......................................................................... Pl p2
Qi
Q2 Q3
.............................................................................
N.G. de Bruijn
896
which means to express the rule that if PI and P2 are both valid, then Q1, Q2, and Q3 are valid.
11.2. Some of the rules will be slightly more intricate in the sense that they deal with context extension. This can happen in entries on either side. We take a case where it happens on the left only:
......................................................................... Pl
*
J
Pz
Q
p3
......................................................................... (the * is an smMV symbol here). The meaning of this is as follows. We are dealing with a set of old lines (which is not going to be changed in this rule), and a context C. Assume that PI is a valid clause in the context C, that P2 is a valid clause in the extended context C, J (if C = I1, ....I,, then C, J represents the context I1, ....I,, J ) , and finally that P3 is a valid clause in the context C. Then Q is a valid clause in the context C. The validity of J as a context item will not be open to doubt in the cases we present. This validity will always follow from the assumptions. In rule T6 there is a case where the role of J will be taken over by two context items (separated by a comma) instead of a single one. As remarked in Section 11.1,a rule like the one above is intended to hold in any context. If I is such a context, this means that the rule also includes the following one:
........................................................................ I * PI I,J * 9 I
*
I * &
P3
............................................................................. 11.3. In all our rules, the phrases that were represented above by P , P I , P2, P3, Q, Q1, Q2, 9 3 , J will be expressions in terms of one or more meta-variables. Actually all symbols that have not been introduced explicitly as pMV, are to be considered as meta-variables in this kind of rules. For example, in rule T8' the letters A and B are meta-variables. In applications of that rule, they may be replaced by any pair of expressions.
11.4. Except for rule EQ11, all rules to be presented in the next sections have the form sketched in Sub-sections 11.1 and 11.2.
The mathematical vernacular (F.3)
897
11.5. We sometimes use the term derived rule (smMV). Derived rules are rules whose validity follows from earlier rules. In other words, what such a rule proclaims to be valid, can be shown to be valid already because of the other rules. We shall use a rule number with asterisk if we claim that the rule is a derived rule. The remaining rules are called fundamental rules, although we do not claim our set of fundamental rules to be minimal. In some cases one might be able to write such derived rules as theorems in an MV book, and then it is a matter of taste whether we present them as language rules or as theorems. There are derived rules whose derivation requires induction over the length of the book. As an example we take the observation that a : A can appear in the book only when A :: substantive. Another example is the observation that if A and B are substantives, and ( A = ) B :: statement, then there is a substantive C such that both A << C and B << C. We shall not actually use this kind of derived rules, but rather consider them as part of the metatheory of MV books. Therefore we shall refer to such rules as metatheory rules. 11.6. In some rules we deal with substitution (smMV). We use as smMV notaIf z is an identifier, if P and Q are expressions, then [[z/P]] Q denotes tion [[ the expression we get if every occurrence of 2 in Q is replaced by the expression P. Since P may also contain z, there may arise new occurrences of z, but these new ones are not to be replaced by P , of course. Example: [[s/g(z, y)]] f(z,g) stands for f Mz,Y), Y).
/I].
12. RULES ABOUT TYPING 12.1. We start with an informal introduction on the relation “<<”,a relation that can hold between substantives. If A and B are substantives then “ A << B” is to be interpreted as “every A is a B”. Example: “square << rectangle”, “rectangle << rectangle”. In smMV we say that “ A << B” is a clause, and that it intends to express that “ A is a sub-substantive of B”. The clause “ A << B” can appear in books also in cases where A << B is not true. For example, although “rectangle << square” is not true, it can still be considered as a well-formed statement. Here we speak smMV, but in MV it would be expressed as rectangle << square :: statement.
Our rules will have the effect that A << B can only appear in our books if A and B have a common ancestor E , i.e., a substantive E such that A << E and B << E are both true. If there is not such a common ancestor, then A << B will not be a statement. Our production rules for valid clauses will never produce
N.G. de Bruijn
898
such a thing as “rectangle < complex number :: statement”. One might derive in the metalanguage that “A << B :: statement” is an equivalence relation on the set of all substantives, and that every equivalence class is completely characterized by an “archetype” E , i.e., a substantive E with the property that all A of the class are sub-substantives of E . Similarly, if an ‘‘object” x is typed by x : A, then x has an archetype E. These archetypes do not appear in our rules, and neither in our MV books. For a comment on why the rules of MV were designed without explicit archetypes we refer t o Section 1.14. Since formula A < B will not be a statement for arbitrary substantives A and B, we will be unable to state it as an assumption in an MV book. We cannot say in such a book: “let A and B be substantives and assume that A < B”. The fact that we do say such things in some of our rules (like in T4) is quite a different matter. These rules are not written in an MV book. In T4 it means the assumption “A << B is a valid clause”, and this is said in smMV, not in MV. In none of our rules there is a conclusion drawn from the mere fact that A << B :: statement. We refrain from such rules in the philosophy that in such cases we will always have some substantive C with A << C and B << C . Formulas a : A will only appear in our books in situations where A is a substantive. Likewise, A < B will only appear when both A and B are substantives. Therefore we need not add assumptions like A :: substantive on the left in the rules Tl-T6. As to use of the substantive binder S in rule T6 we refer to Section 20.4.
12.2. Rules T1-T11. (See Section 11 for notational conventions.)
............................................................................. T1
a : A
a : A :: statement
............................................................................. T2
A c C
A << B :: statement
B
............................................................................. T3
A
B
a : B :: statement
a : A :: statement
.............................................................................
899
The mathematical vernacular (F.3) T4
A
2
: A(dc1)
*z
:
B
............................................................................. T5
z : A(dc1)
*
z : B
A
.........................................................................
............................................................................. We mention some derived rules. Indications for derivations are: T7*: from BR5 and T5, T8*: from T7* and T2, T9* and T10*: from T3 and T7*, Tll*: from T4 and BR5, T12*: from T4, BR7, T11* and T5, T13*: from T6 and T11*.
. ....................................................................... . A :: substantive
A
............................................................................. T8*
A< B
A < B :: statement
............................................................................. T9*
A
a : B :: statement
............................................................................. T10* A
............................................................................. T11’
A< B a : A
a : B
.............................................................................
900
N.G. de Bruijn A
T12’
A
B e C
............................................................................. T13’
2 :
Y
:
A(dc1) Sz:AP
*P
:: statement
y :A “X/Yll
p
......................................................................... 13. RULES ABOUT EQUALITY
13.1. We shall consider equality between names of objects, between statements and between substantives. The effect of our rules will be that objects will be comparable by equality (being “comparable by equality” means that their equality is a statement) only if they have the same archetype (cf. Section 12.1), and substantives will be comparable by equality only if they are sub-substantives of a common archetype. Any two statements will always be comparable by equality. As a metatheory rule (which we shall never explicitly use) we mention that if p = q appears in a book, then p and q are either both objects typed by a substantive, or both substantives, or both statements. In the (quite strong) rules EQ10a-10c the symbols p and q stand for phrases that possibly show one or more occurrences of the identifier t . 13.2. We first present the fundamental rules of the form displayed in Section 11.
........................................................................... EQ1
a : A :: statement
a = b :: statement
b : A :: statement
............................................................................. EQ2
a : A
a=a
........................................................................ EQ3
a : A
b:A
a = b
.............................................................................
The mathematical vernacular (F.3) EQ4
A
90 1
A = B :: statement
............................................................................. EQ5
A :: substantive B :: substantive A=B
A
............................................................................. EQ6
A
A=B
............................................................................. EQ7
P :: statement Q :: statement
P =Q
:: statement
............................................................................. EQ8
P :: statement Q :: statement P(asm) * Q &(am) * P
............................ EQ9
P = Q
...
......................................
P :: statement Q :: statement P=Q
................................
... ..........................................
EQlOa u : A
w : A “tl4lP = “WlQ u=w t : A(dc1) . . * p = q (for notation of substitution see Section 11.6) ~
............................................................................. EQlOb As EQlOa, but with “:: substantive” instead of “: A”.
............................................................................. EQlOc As EQlOa, but with “:: statement” instead of “: A”.
.............................................................................
N.G. de Bruijn
902
13.3. The following rule E Q l l is not of the general form described in Section 11.
............................................................................ E Q l l If the set of old lines contains a line of one of the forms
C * P : = Q : R C * P := Q :: substantive C * P := Q :: statement (cf. the first three cases of Section 10.3), then P = Q is a valid clause in the context C.
............................................................................. 13.4. We mention the following derived rules, mainly on reflexivity, symmetry and transitivity of equality. Hints for derivation are:
EQ12': EQ13': EQ14': EQ15': EQ16': EQ17': EQ18': EQ19': EQ20': EQ21': EQ22': EQ23': EQ24': EQ25':
from EQ5 and Tll', from T9 and EQ1, from T7* and EQ6, from EQ5 and EQ6, from EQ5, T12' and EQ6, from BR5 and EQ8, from EQ9 and EQ8, from EQ9 and BR6, from EQ9, BR6 and EQ8, from EQ1, EQ17', EQlOa, EQ2 and EQ18*, from EQ1, EQ17*, EQlOa, from EQ6, T6, T13*, BR6, EQ19', T5 and EQ6, from T6, EQl2' and EQ8, from T5 and EQ6.
............................................................................. EQ12* A :: substantive B :: substantive a : A A=B
a : B
.............................................................................
The mathematical vernacular (F.3) EQ13'
a : A :: statement b : B :: statement
903
a = b :: statement
A
........................................................................... EQ14'
A :: substantive
A=A
........................................................................... EQ15'
A :: substantive B :: substantive A=B
B=A
............................................................................. EQlG* A :: substantive B :: substantive C :: substantive
A=C
A=B B=C
.......................................................................... EQ17'
P
::
statement
P=P
........................................................................... EQ18'
P :: statement Q :: statement
Q=P
P=Q
......................................................................... EQ19'
P :: statement Q :: statement P=Q P
.......................................................................... EQ20'
P :: statement Q :: statement R :: statement P=Q Q=R
P=R
..........................................................................
904
N.G. de Bruijn
EQ2l* a : A a=b
b=a
............................................................................. EQ22* a : A a=b b=c
a=c
............................................................................. EQ23* A :: substantive z : A(dc1) * P :: statement z : A(dc1) * Q :: statement z : A(dc1) * P = Q
S x :P ~= S x : Q~
....................................................................... EQ24* A :: substantive z : A(dc1) * P :: statement z : A(dc1) * Q :: statement Sx:A p = Sx:A Q
z : A(dc1)
*
P =Q
............................................................................. EQ25* A :: substantive B :: substantive z : A(dc1) * z : B z : B(dc1) * z : A
A=B
............................................................................. 14. RULES ABOUT SETS 14.1. In this section we shall provide rules that take care of the translation of the language of substantives into the language of sets. This translation is not very essential, and whether we prefer sets over substantives is partly a matter of fashion. But one thing is really important for us: we want to be able to speak of the collection of all subsets of a set, and to quantify over that collection. The symbols “-set”, “1”are pMV. We use “A-set” as a substantive formed from the substantive A (like “pointset” is derived from “point”). The notation “At” can be pronounced as “the set of all A’s”, and if T is an A-set, then 7’1 can be pronounced as the substantive “element of T’ .
The mathematical vernacular (F.3)
905
14.2. Fundamental rules.
............................................................................. s1
A :: substantive
A-set :: substantive A t : A-set
.......................................................................... s2
Ti :: substantive T1< A (Tl)t= T
A :: substantive T : A-set
........................................................................... s3
A = (At11
A :: substantive
.......................................................................... s4
A :: substantive B :: substantive A
A-set
< B-set
.......................................................................... 14.3. In order to get t o the ordinary notations about sets we have to introduce
some typographical abbreviations (for this notion we refer to Section 21):
aET
stands for
a : TJ
TIc T2 stands for T11< T21 , A = T1. {z E T I P ( z ) } stands for (&:A P ( z ) ) f where 14.4. We mention a number of derived rules. Hints for derivation are:
S5': from S1, S4 and T l l * , S6*: from S4, T2, EQ4, S1, T1, T3, S7': from S2, T11*, BR5, EQ20*, EQ24*, S8*: from BR5, S1, EQ14*, EQlOb, S1, EQ2, EQlOb, S9': from S4, S3, S2, EQ14*, EQlOa, S2, EQ15*, EQ16*, S10*: from S1, EQ14*, EQlOa, S11*: from S2, S8*, EQ23*, EQ24'.
............................................................................. S5*
A :: substantive B :: substantive A
A t : B-set
.............................................................................
N.G. de Bruijn S6*
A :: substantive B :: substantive C :: substantive A<
A-set (< B-set :: statement A-set = B-set :: statement A t : B-set :: statement
............................................................................. S7*
A :: substantive Ti : A-set Ti = Tz TZ : A-set z : A(dc1) * (ZE Ti) = (ZE Tz)
........................................................................ S8*
A :: substantive B :: substantive A=B
A-set = B-set AT= BT
............................................................................. S9*
A :: substantive B :: substantive C :: substantive A c C B c C AT= Bt
A=B
............................................................................. S10'
A :: substantive Ti : A-set Tz : A-set Ti = Tz
............................................................................. S11*
A :: substantive TI : A-set TZ : A-set
Ti = Tz
Til= Tzl
.........................................................................
907
The mathematical vernacular (F.3)
15. RULES ABOUT PAIRS 15.1. If we have two substantives, “point” and “line”, say, we want to speak of pairs, the first component of which is a point, the second one a line. Such pairs are called “point-line-pairs” . The symbols “-pair”, “proj1”, “proj2”, “the pair” axe pMV. 15.2. Fundamental rules about pairs.
............................................................................. P1
A :: substantive B :: substantive
A-B-pair :: substantive
............................................................................. P2
a : A
the pair (a, b ) : A-B-pair
b : B
............................................................................. A B
P3
:: substantive :: substantive u : A-B-pair
projl(u) : A proj2(u) : B the pair (projl(u),proj2(u)) = u
............................................................................. P4
a : A b : B
projl(the pair (a,b ) ) = a proj2(the pair(a, b ) ) = b
............................................................................. 15.3. We mention two derived rules. Hints for derivation are:
P5*: from P3, T11*,P2, EQ22*, T5, P6*: from P5*, T2, EQ4.
............................................................................. A-B-pair < C-D-pair P5* A
............................................................................. P6*
A<E
C<E B
A-B-pair < C-D-pair :: statement A-B-pair = C-D-pair :: statement
D < F
...........................................................................
N.G. de Bruijii
908
16. RULES ABOUT FUNCTIONS 16.1. If A and B are substantives we shall introduce a new substantive “mapping of A’s to B’s”. We write this in MV as “A ---* B”; the symbol + is pMV. The fact that the same arrow is used for implication (Section 17) will give no confusion. Actually the rules for the two are alike (compare F2 and F3 with L2 and L3). For the value of the function f at the point p we shall write in MV “Val( f , p ) ” , instead of the usual f ( p ) . The notations V a l and X are pMV. 16.2. Fundamental rules about functions.
........................................................................... F1
A :: substantive B :: substantive
A + B :: substantive
............................................................................. F2
A :: substantive B :: substantive f : A+B p : A
val(f,p) : B
............................................................................. F3
A :: substantive B :: substantive z : A(dc1) * F : B
X z : ~F : A
+B
............................................................................. F4
A :: substantive B :: substantive z : A(dc1) * F : B y : A
val(Xz:A F, y) = “z/yl] F
............................................................................. F5
A :: substantive B :: substantive f : A+B f = g g : A+B z : A(dc1) * Val( f , z) = val(g, z)
.............................................................................
909
The mathematical vernacular (F.3)
16.3. Here are two derived rules. Hints for derivation are: F6’: from F2, F4, F5, F7’: from T l l * , EQ12*, F3, F6*, EQ22*, T5.
........................................................................... F6*
A :: substantive B :: substantive f : A-B
Xz:A val(f,
x) = f
............................................................................. F7*
A :: substantive B :: substantive C :: substantive D :: substantive A=C
A+B<
B e D
............................................................................. 16.4. Many mathematicians would prefer to express the notion of function by means of a graph in a Cartesian product, which has the advantage to reduce the number of basic rules. On the other hand the function concept seems to be such a natural one, and the way we think of functions is usually so far from Cartesian products, that it is attractive to describe the function concept independently.
17. RULES ABOUT LOGIC 17.1. The only things to be presented in this section are the rules for implication and for universal and existential quantification. Treatment of negation, conjunction and disjunction can be postponed to the MV book. For this possibility we refer to Section 18.1. The symbol ‘I-” is pMV; the same arrow was used in Section 15 for the notation of mappings.
17.2. We first present the fundamental rules L1, L2, L3.
........................................................................... L1
P :: statement Q :: statement
P
-
Q :: statement
.............................................................................
N.G. de Bruijn
910
P :: statement Q :: statement P‘Q
L2
P(asm)
*
Q
............................................................................. P :: statement Q :: statement P(asm) * Q
L3
P“Q
............................................................................. 17.3. We mention some simple derived rules about implication. Hints for proofs are:
L4*: from BR5, L3, L5*: from L2, EQ8, L6*: from L4*, EQlOb.
....
.....................................................................
L4*
P :: statement
I . .
P+P
. . . . . . . . ................................................................. P :: statement Q :: statement P‘Q Q’P
L5*
... L6*
..
P=Q
.................................................................. P :: statement Q :: statement
P‘Q Q“P
P=Q
............................................................................. 17.4. We finally present derived rules on universal quantification. Let P be an expression (possibly containing the identifier z). Then we take “ V z : ~P” as P”. typographical abbreviation (see Section 21) for “A = For this new quantifier the following rules can be derived.
........................................................................ L10*
A :: substantive z : A(dc1) * P :: statement
V z : ~P :: statement
.............................................................................
The mathematical vernacular (F.3)
L11’
A :: substantive z : A(dc1) * P :: statement 2 : A(dc1) * P
911
V x :P ~
............................................................................. L12’
A :: substantive z : A(dc1)
*
P :: statement
vx:Ap
“x/aIl p
a : A
............................................................................. 17.5. The reader might have expected a treatment of existential quantification too. This can easily be postponed t o the MV book. I t can be built upon axioms for a statement exist(A), where A is a substantive. It seems t o be nicer to postpone that to the book, since it is of the same nature as the axioms for disjunction in propositional calculus. 18. EXAMPLE OF AN MV BOOK 18.1. Having completed our presentation of the rules of MV, we can now start writing books. In the beginning of an MV book we still have t o write a number of fundamentals in the form of primitive notions and axioms. These might have been taken as language rules too, but we would rather leave it t o the user of the language to have it in his own way. Moreover, the language definition is simplified if we shift t o the book whatever we can. Nevertheless there are several things in our language rules that have a form that would enable us to write them in the book. As examples we mention EQ2, EQ3, S3, F1, F2, F5, L1, L2, L3 as far as “fundamental” rules are concerned. In the case of S1, F1, L1 we had serious reasons for not shifting them t o the book: they were needed for the formulation of further rules that had to stay in the language definition because of their form. For the others there is no other reason than the wish to keep related material together. T h e fact that some of them play a role in the derivation of derived rules (like EQ2 is used in the derivation of EQ21*), is not a serious reason. The derived rules do not belong to the definition and theory of MV, and might as well be postponed until after a piece of the book has been written. In Section 19.4 we show that some book material might also have been put in the form of rules of the type of Section 17.
18.2. In the following MV book with pointed and rectangular flags (cf. Section
N.G. de Bruijn
912
6.4) we have numbers (l), (2), ... on the left. These do not belong to the book, but serve as labels for our comments in Section 19.
a :: statement> :: statement a then b := a
>
a-b b then a
+
-
b :: statement
b
El and b := PN :: statement or b := PN :: statement
4
a or b [ Axiom ]
P
a and b [ Axiom ] b and a
El
a or b [ Axiom ]
1a [ Axiom ] b [ Axiom ] b and a aorb I I c :: statement
>
a -+ ( b or a ) b -+ ( b or a ) b or a contradiction := PN :: statement no := contradiction :: statement a :: statement>
I
The mathematical vernacular (F.3) not(a) := a + no :: statement no a [ Axiom ] ( ( a -+ no) + a) + a [ Axiom ] -+
(a
-
no)
-+
not(not(a))
a
+a
'al
11-
r
not(6) a ot(a) + a d 6 = not(a b = not(a) I a or not(a)
not(b)) b
-+
-+
1 :: substantive> xist(A) := PN :: statement exist(A)
[ Axiom ]
exist(A)] :: statement
not (Vz:Ano)
not(tl,,Ano)I not exist A
913
N.G. de Bruijn
I
exist(A) no Vx:Ano no 2t (not(exist(A))) tist(A) st(A) = not(V,,A no) re is exactly one A := exist(S,,AVb,A (b = a ) ) :: statement iere is exactly one A I ie A := P N : A b =the A
A) Z}A :=fx:A
(x = a ) : A-set
e=
X:> {a}A
{ a , b}A :=fz:A (x = a or x = b) : A-set a E {a,
~IA
Ea,
b E {a,b)A
b ) and ~ not (c = a )
I
A :: substantive B :: substantive
IA
union(A, B , f ) :=fb:B 3,:Ab E
Vd(f, U )
: B-Set
:: substantive>
D
A) P :: statement> selected(A, a, b, P ) := S Z : ~ ( (= ( za ) and P ) or ((x = b) and not P ) ) :: substantive there is exactly one selected(A, a,b, P ) selection(A, a, b, P ) := the selected(A, a , b, P ) : A if P then (selection(A, a , b, P ) = a ) if not(P) then (selection(A, a, b, P ) = b)
The mathematical vernacular (F.3)
915
natural number := PN :: substantive nat := natural number :: substantive N := nat T: nat -set 1 : = PN : n a t
suc(n) := successor of n : nat not(suc(n) = 1) [ Axiom ]
propagate(S) := V n : ~ ( ( nE S) -+ (suc(n) E S)) :: statement if start(S) and propagate(S) then S = N [ Axiom ]
m divides n := 3k:nat ( k m = n) divisor of n := Sk:nat ( k divides n) :: substantive (divisor of n) << nat prime number := Sp:nat(not(p= 1) and vk:&visor of p ( k = 1 or k = p ) ) :: substantive prime number << nat 9
II
not ( p . q : prime number) :: statement
point := PN ::substantive line := PN :: substantive
r
A := P N :: statement
B : oint
A and B := ( b goes thr. A ) and ( b goes thr. B )
pzz>
one
(Sc:line
(c goes thr. A and B)) [ Axiom
1
N.G. de Bruijn
916
(147) (148) (149)
P
b : line A , B, C on 6 := ( b goes thr. A and B ) and (6 goes thr. C) :: statement
3A:point 3B:point 3C:point
not(%:line ( A , B ,
c on d ) ) [ Axiom ]
19. COMMENTS O N THE EXAMPLE OF AN MV BOOK 19.1. In Section 18.2 the text from (1) to (59) represents a piece of propositional logic. It is not complete in the sense that it contains everything one might ever need, but it is sufficiently representative for showing the following things. (i)
Some logic can indeed be developed in the book, so we do not need to put all of it in the language rules.
(ii) The logical statements we derive in the book can be applied later as inference rules, in the same way as mathematical theorems are applied. So there is hardly a borderline between logic and mathematics. A much more prominent borderline is the one between language definition and book material. (iii) The book starts with minimal propositional logic (lines (1) to (32)): just the rules for introduction and elimination of implication, conjuction and disjunction, without any negation. Next there is the introduction of contradiction and negation (lines (33) to (36)) and the “falsum rule” (37) as a logical axiom. This part of the book ((1) t o (37)) might be used as a basis for intuitionistic mathematics. It is not very likely, however, that our system would satisfy all intuitionists. They might dislike some of the things we have preferred to put in the language rules, like the possibility to introduce arbitrary substantives, and the rules Sl-S4 (which make it possible to talk about the set of all subsets of a set). The extra axiom (38) takes us into classical logic, with the double negation rule (44) and the rule of the excluded third (59) as results. From there on we are in classical logic. It has to be admitted that if classical logic had been our only goal, the number of primitives and axioms might have been reduced considerably. But reducing the number of axioms, important as it might be for metatheory, is completely irrelevant from the practical point of view: later in the book old axioms and primitives are applied in exactly the same way as old theorems and old defined notions. (iv) The spirit of the treatment is natural deduction. There is no trace of treating logic by means of truth values. Contrary to popular opinion, it
The mathematical vernacular (F.3)
917
is hard, if possible at all, to explain logical reasoning by means of truth values, unless one cheats by using a priori knowledge of logical reasoning in order to explain what such reasoning is. But nothing is lost by discarding truth tables. Everything that can be done with truth tables, can be done in natural deduction, usually faster, and usually closer to our actual way of thinking.
19.2. We now comment on some of the details of the MV book of Section 18.2. The book starts with implication. Line (3) introduces an alternative notation for the +. Lines (4) to (8) are meant as a little exercise with the introduction of implication, according to rule L3. Note that we have (6) by the fact that we had “b” in an old line in a smaller context (BR5 and BR7). Now (7) follows by L3. Similarly the little theorem (8) follows from (7). Lines (9) to (11) apply rule L2 for the elimination of implication, the so-called “modus ponens” rule. Actually it makes the rule available as a book theorem: any further case of modus ponens can be seen as an application of this theorem (11). A similar remark holds for many mathematical theorems. We need not always transform results obtained inside a block into results with a shorter context by means of L3 and L11*. We can just leave them quietly in their context, ready for the application of the powerful rule BR6. Lines (12) and (13) introduce the conjunction and disjunction as primitives. The introduction rule for the conjunction is given in (17) and (18); note that (18) need not be labeled as an axiom since it can be obtained from (17) by substitution: b for a and a for b. The elimination rule for the conjunction is given by (22) and (23)) and here both have to be axioms. The introduction rule for the conjunction is expressed by the two axioms (15) and (20). Elimination of disjunction is achieved by the more complex rule (29). It is the basis for “proof by cases”: if we want to prove c and we know that a or b, then it suffices to derive c from a and from b separately. In (33) the primitive notion “contradiction” is introduced. Thus far there was no question of “falsehood”, since all validity rules in the language definition are formulated in a positive way. In an MV book there is no reason to say that a thing is true: a man is not more honest because he says that he is honest. But we do say sometimes that a thing is false, by saying that it implies a contradiction. This is expressed in (36). In (34) we just abbreviated “contradiction” to “no”. This has the same function as the typographical abbreviations (Section 21), but we prefer to restrict the use of typographical abbreviations t o cases that can not be expressed in the book. The same remark applies to the notation -.a instead of not(a) : it can be introduced in a definitional line in the MV book if we wish.
N.G. de Bruijn
918
Classical logic is obtained by adding the double negation law (45): it says that if the negation of a is not true, then a is true. In the present text it is a theorem instead of an axiom, derivable from the two axioms (37) and (38). The first one is the intuitionistic “falsum rule”, the second one is a special case of Peirce’s law ( ( a + b) a ) a. We have taken (38) as an axiom since it gives rise t o interesting exercises in natural deduction. Let us assume that we did not have the rules (12) to (32) in our book. Then we can still say that the rule (38) (holding for all statements a ) has the eflect of a disjunction, viz. the disjunction of b and not(b) (for all b). Line (56) shows that a can be proved by cases, just as if “b or not (b)” had been available. In (45) we have the double negation law: the negation of the negation of a statement implies that statement itself. If we would have taken the double negation rule (45) as a n axiom, we might have derived both (37) and (38) as theorems. In a certain sense (37) and (38) form an orthogonal decomposition of (45). This is to be interpreted with the following notion of orthogonality: statements p and q are called orthogonal if p ) + p . In a way that means that q and p both ( p -, q ) -, q and ( q do not give any information about each other: if we can prove q under the assumption p then we can prove q all by itself, and if we can prove p under the assumption q then we can prove p all by itself. And indeed, without using the a and book from (1) to (32) it can be shown directly after line (35) that no ( ( a + no) a ) a are orthogonal. A few lines about the derivation of (45). By modus ponens we have -+
-+
-+
-+
-+
-+
not(not(a)) (ass), not(a) (ass)
*
no,
*
a.
so the falsum rule leads to not(not(a)) (ass), not(a) (ass) Therefore not(not(a)) (ass)
*
( a -+ no) + a ,
so applying (38) with modus ponens we get not(not(a)) (ass)
*
a.
Line (59) is the so-called rule of the excluded third. Abbreviating “a or not(a)” to c , we get it from (56), with a replaced by c and b by a. Notice that both a and not(a) lead to c, because of (15) and (20). The basic rules BR1-BR7 and the equality rules EQ1-EQ25’ soon become second nature to us, and therefore we shall hardly notice their application any more.
The math em at ical vernacular (F.3)
919
19.3. At this point we note that it is hard to give a satisfactory description of the word “proof” as an smMV term. Looking ahead from a line (i) to a line (j) (where i < j ) one might say that the text between (i) and (j) is a proof of (j). Others might only count the material between (i) and (j) as far as it is actually used for the derivation of (j). More important is the question whether explanations of the type given in Section 19.2 belong to the proof. If the steps in the MV book are so small that each line requires just a single application of a single rule, then most people would call it a very detailed proof, even if it is not mentioned in the text what rules were applied. We can omit lines here and there such that most people will be able to find intermediate steps themselves by mental exercise. In the case of (24) most people will be able to find the missing link in a split second. In the case of (57) there is a sequence of missing links, and we will feel the need for scrap paper, even if we are experienced in this kind of natural deduction. We can go quite far in this respect. It was pointed out already in Section 1.9 that the rules of MV allow to omit intermediate steps, even to such an extent that readers may find that the essence of the proof is lacking. This is caused by the fact that validity in MV is defined recursively. Something can be valid because of the existence of a sequence of intermediate steps; it is not required that these steps have actually been written down in the book. 19.4. Some of the logical parts of the text of Section 18.2 give us the same rights as if we had added a number of further rules in Section 17. We shall display them in that form here, labeled with two asterisks instead of one, since they are not derived from the fundamental rules of Sections 9-17 but from material of the particular book of Section 18.
............................................................................. L13**
P :: statement Q :: statement
PandQ
P
Q ......................................................................... L14”
P :: statement Q :: statement PandQ
P
Q
............................................................................. L15**
P :: statement Q :: statement
P or Q
P
.............................................................................
N.G. de Bruijn
920 L16**
P :: statement Q :: statement
P or Q
Q ............................................................................. L19**
P :: statement Q :: statement R :: statement P-R Q’R P or Q
R
............................................................................. 19.5. In (60)-(97) we show a few things about sets, sufficiently representative for showing how one should go on. Lines (60)-(67) introduce the notion of existence on a negation-free basis. Once we have classical logic, we can do more. In (64)-(80) we show the equivalence of “exist(A)” and “not(Vz:A no)”, which is t h e basis for expressing existential quantifiers into universal ones, and vice versa. We mention that (69) is obtained by application of (67) with c replaced by no; with this value of c assumption (66) is valid because of (68). Next, (70) rests on L3, (69) and, of course, (36). One gets (74) from (63), replacing a by 2, and (75) from L2, using (72) and (74). Then (76) follows from L11*, using (75), next (77) from L2 with (71), (76), and (78) from L3 and (77). Finally we get (79) from (78) and (45), and (80) from (70), (79) by virtue of L5*. In (83) we introduce (as a primitive notion) the definite article “the” in front of a substantive, if that substantive has the uniqueness property assumed in (82). In (85) we assert that if the uniqueness property holds then every A equals ”the A” . A detailed proof of (85) can be given as follows. Abbreviate K(A) := S a : ~ V b :(b~ = a ) . Then (82) says exist(K(A)). We want to apply (67), replacing A by K(A) and c by “b = the A”. To that end we have to satisfy what the condition (66) amounts to in this case, i.e., va:K(A)(b = the A ) . In order to prove the latter statement, we extend the context by means of a : K(A) (dcl). In the extended context we have to show b = the A. In this context we have a : K(A), and therefore V ~ : A(d = a). Using L12* we get both b = a and the A = a, so by EQ21* and EQ22* we infer b = the A. Note that this derivation uses no classical logic. It is entirely negation-free. In (87) we define the singleton { a } as ~ an A-set. In usual untyped set theory the subscript A is superfluous, but here it is not. Nevertheless, having to write
The mathematical vernacular (F.3)
92 1
the subscript is a formal duty only, for if the same a also satisfies a : B then { a } = ~ { a } ~ .We know (by metatheory) that the typings a : A and a : B can hold simultaneously only if A and B are sub-substantives of a common K (which might be the archetype of a ) , and therefore (90) helps us out. Note that in (87) and (92) the typographical abbreviation f z : A us used (see (20.7.2)). In the context of (87) we can define the empty set too: A :: substantive(dec1)
*
emptysetA :=Tz:A no : A-set
.
Note that we do not have a universal empty set: every archetype has one of its own. In (90) we wanted t o express that if A and C are substantives with C
as the thing denoted by { a l , . . , ,a,}. number in the metalanguage smMV.
t
In this case n is a variable natural
The two ways (i) and (ii) can be connected in the MV book for every single value of n, but not for all n simultaneously. We note that the length of the derivation (i.e. the number of applications of language rules) is more or less proportional to n. In (101) we define the union of an indexed collection of sets.
922
N.G. de Bruijn
Lines (102)-(110) present the “if-then-else” selector, which can be used as a basis for definition of functions by cases. We omit indications of the proofs. Note that (108) uses the “the” of (83).
19.6. The text from (111) to (135) deals with the natural number system. The Peano axioms are (112), (113), (114), (116), (118), (124). In (127) we have presented the notion of the product of two natural numbers by means of a PN. This can of course be avoided (the product can be defined), but the text would become lengthy, and it is our present purpose to get rapidly to divisibility. In (129) we define a substantive “divisor of n”, in (130) it is noted that it is a sub-substantive of ‘hat”, and (131) gives the definition of “prime number”. In (135) we form the statement that the product of two primes is not a prime. Note that this contains an example of a typing ( p . q : prime number) playing the role of a statement, which is allowed by virtue of (132) since p . q : nat. It would be wrong to claim “not ( p . q : prime number)” as a theorem here: a proof would require more information about products than what is expressed in (127). 19.7. The text from (136) to (149) is based on the beginning of Hilbert’s axiomatization of geometry. Hilbert starts by saying “We conceive three different systems of things: the things of the first system are called “points”, those of the second system are called “lines”, those of the third system “planes”.” Hilbert does not make any use of his “systems” as systems: what he actually does is just handling the words “point”, “line”, “plane” as new substantives. Therefore we interpreted his words in MV by taking them as PN’s. As to (143) one might hesitate. Does this really require a mathematical definition or is it just one of the linguistic transformations we want to admit anyway? We refer to Section 22 for such matters.
20. BINDERS 20.1. We have not spent much attention on quantification by means of bound variables and quantifiers. Formal treatment of quantification in lambda calculus is well known, of course. One of the hard things in quantification is the treatment of the names of bound variables, which have to be refreshed occasionally. In this section we do not go into these standard matters of non-typed lambda calculus. Instead, we shall indicate a number of points in which our present proposal of MV differs from more usual ways to treat quantification. 20.2. First we mention that our MV is a typed language, and that, accordingly, the bound variables in the quantifications run over a certain range. The range
The mathematical vernacular (F.3)
923
can be indicated by a substantive A , using a typing “x : A ” , or by a set S, and then we use z E S. By 14.3 .we can easily pass from one to the other, and so we restrict our discussions to the case ‘‘2: A ” .
20.3. In OMV the “value” of a result of quantification is either a statement or an object. Examples of the first kind are Vnmatural number
P(n)
%natural
1
number
p(n>,
where P ( n ) is a statement. Examples of the second kind are
2f
(n)
1
u V(n)
1
{. E SIP(z))
t
nES
n= 1
where f (n)is a number, V ( n )is a set, P ( z ) a statement. 20.4. In MV, where substantives are taken seriously, we can also admit quan-
tification where the value of the result is a substantive. One of the possibilities is given by the binder S, introduced in rule T6, Section 12.2. Its meaning is shown in the following example. We consider ‘‘quadrilateral with the property that its diagonals are perpendicular to each other” as a new substantive. It can be written by means of a quantifier as Sz:qudrilateral(thediagonals of z are perpendicular)
.
20.5. The following example demonstrates a second case where quantification leads to a new substantive. We have the name “square of p” if p is a prime number. We want to despecify the variable p , and get to the substantive ‘‘square of a prime”, or “prime square”. For this we can use the binder “despo” and write
despop:prime(the square of p ) (despo is short for “despecified object”). This binder can be considered as a typographical abbreviation (see Section 21.2).
20.6. Many quantifiers can be expressed once we have the functional bander (Church’s A). If A and B are substantives, if F ( ...z...) is an expression containing z at one or more places, with the property that z : A implies F ( ...z...) : B, then
F ( ...z...) is the function that attaches, for each z, the value F ( ...z...) to x. Example:
N.G. de Bruijn
924
(20.6.1)
Azpositive
integer(2’
+
’
Some other quantifiers can be expressed in terms of this one. For example, the sum
c
(20.6.2)
(n2+n)-2
n:positive integer
might be written as (20.6.3)
SUm(Xn:positive integer(n’
+ n)-’) .
This means that the quantification (20.6.2) can be obtained by application of the unary operator “sum” to the function (20.6.1). In contrast to (20.6.2), all the binding in (20.6.3) is in the function, and nothing of it in the operation. 20.7. The binder S of rule T6, Section 12.2, plays a similar central role as
Church’s A. In Section 20.6 we had the unary operator “sum”, acting on an expression quantified by a A, in the present case we take as examples the unary operators “exist” (from Section 18.2, formula (61)) and “t” (from Section 14.2). The operator “exist” maps substantives into statements, the “1”maps substantives into names. If P is an expression containing z, such that for all z : A we ~ agreeing that have P :: statement, then we can form a new statement 3 z : by (20.7.1)
&:A
P ( z ) = exist(S,:AP(z))
and the new name (20.7.2)
tz:A
P ( z ) = (Sz:AP(z))f .
This (20.7.2) is usually written on OMV as {z : A ( P ( z ) } . We get the standard rules for introduction and elimination of the quantifiers 3 , : ~and t=:A from T6 (Section 12.2) in combination with the rules for the unary operator “exist” (Section 18.2, (60)-(67)) and the rules for the unary operator t (Section 14.2). At this point it should be noted that we have not provided facilities in MV to deal explicitly with predicates. If A is a substantive then we cannot express in mV that something is a predicate over A . Instead, we have to use the rules of Section 14. A predicate is usually seen as a mapping from objects to statements. As an example, we consider the property of-a natural number to be > 5. One might suggest ArInat(z > 5) that sends any natural number z into the statement z > 5. It seems attractive, but we have not incorporated this into MV. It would not not quite fit into our system to attach a type to such a thing, and therefore it would not help us to create arbitrary predicates. 20.8.
The mathematical vernacular (F.3)
925
The set-forming rules of Section 14 help us out. Instead of discussing a predicate in MV, we discuss the set of all objects satisfying that predicate. So instead of that A z : n a t ( ~ > 5) we talk about the set fz:A P ( z ) (cf. (20.7.2). And instead of taking arbitrary predicates we take an arbitrary A-set, as in formula (88) of Section 18.2.
20.9. MV does not allow the introduction of new quantifiers in the book. The reason is that the language is not equipped with means for saying ”an expression containing I”. Have only two basic quantifiers in the language definition, viz. the substantive binder S and the functional binder A. All other binders have to be expressed in terms of these two in the way indicated in Section 20.6. If we insist on using notations like (20.6.2), (20.7.1), (20.7.2), we have to treat them as typographical abbreviations, to be discussed in Section 21.
21. TYPOGRAPHICAL ABBREVIATIONS 21.1. Of course we like to use OMV notations in MV as much as possible. We can do this in an informal way by using what we shall call typographical abbreviations. We can agree that if we write (20.6.2) in an MV book, this is just an informal abbreviation for (20.6.3). The agreement to use that abbreviation cannot be made in the book itself, but has to be written in the margin somehow. A similar remark applies to (20.7.1) and (20.7.2). 21.2. As a further example we take the “despo” of Section 20.5. If A and B are substantives, and if P( ...I...)is an expression containing I such that for all z : A we have P( ...I...): B , then despoz:A P( ...z...) can be considered as typographical abbreviation of
21.3. The words “typographical abbreviations” indicate unofficial abbreviations, usually (but not always) invented for the sake of typography. When reading a text that uses such abbreviations we first have to translate them into what they stand for, and only after that translation we are assumed to be able t o understand the text as an M V book. Typographical abbreviations are superficial, when compared to the abbreviations we introduce in the MV book itself by means of definitional lines (see
N.G. de Bruijn
926
Section 7.6). Definition and theory of the language have t o take these definitional lines as essential parts of the language, but never deal with typographical abbreviations. As an example of a typographical abbreviation outside the world of quantifiers we quote the notation { 1,.. . , n } for the set of integers from 1 to n. We refer to the discussion in Section 19.5.
21.4. When studying mathematical notation, we discover many other cases of abbreviations that we would prefer t o consider as informal. Some examples are: (i)
We write a = b
< c = d instead of the conjunction of a = b, b < c, c = d.
(ii) We write a(l),a(2), . . . to denote an infinite sequence. (iii) We have baroque notations for 17-th and 18-th century mathematics, on integrals, derivatives, differential equations, etc. (iv) We have many unwritten conventions by which we omit things that, strictly speaking, would be necessary for parsing. These may be local conventions in a certain area of mathematics. In trigonometry one interprets sin z cos y as the product (sin z)(cos y); the alternative sin (z cos y) occurs in the theory of Bessel functions but not in trigonometry.
21.5. Many formulas in OMV are written in a form that do not fit into a single line. A simple example is the old notation for quotients by means of a horizontal bar. If we think of MV having to be processed by a computer it seems that such notations have to be avoided, but it is not a matter of principle. Formats which do not have the form of a string of characters might be admitted in MV just as well. As a simple example we note that sometimes the value that a function takes at the point n is denoted by using the letter n as a subscript, like in c,. This should not be confused with the habit of using cl, c2, . . . as new identifiers. The difference between the two is of the same type as the difference between the two ways to look at al, . . . ,a,, discussed in Section 19.5. 21.6. There will be many cases where one is easily tempted to interpret the rigid rules of MV with a little grain of salt. At least, as long as the texts are intended to be read by human beings only. If we present them to machines, we have to be much more careful. It was already mentioned in Section 5.3 that we often cheat with the rules that require identifiers to be fresh. But it is not necessary to be so rigid in
The mathematical vernacular (F.3)
927
cases of variables introduced by means of declarations. It suffices to have them different from all previous variables of that same context and different from all previously introduced constants (either by definition or by PN). But the rule that all introduced constants should have different identifiers, will often be felt as a burden: in mathematics constants occurring in distinct subjects will often have the same name. When writing for human readers, there does not seem to be any harm. When writing for machines, we should do something like the paragraph system that was used in Automath, where identifiers are always interpreted in the sense given to them in the local paragraph. An old constant with the same name can only be referred to if we add some kind of paragraph indication. Another case for grains of salt was already mentioned in Section 5.5. The condition that all context variables occur in the name of a defined notion is quite different from habits in OMV. In Automath there is a systematic way to weaken this rule: in parentheses expressions like F ( A 1 , .. . , A n ) we may just omit the first k entries A 1 , . . . , Ak if t.hey are identical to the first k variables of the context. In particular that has the effect that in a definitional line in a context with variables 21,.. . ,zn the parametrized constant on the left of sign ":=" can be written as a single identifier (cf. Section 5 . 6 ) . But it should be noticed that in MV and in OMV not all parametrized constants have the form of such parentheses expressions. That makes it harder to formulate what liberties can be taken in the matter of omission of a number of context variables.
22. GETTING CLOSER TO NATURAL LANGUAGE 22.1. In the examples of Section 18.2 we inserted a small piece of what one might call natural language. On a small scale it showed how mathematics can be described in words and sentences, not just in symbols and formulas. If we want to insert more natural language, or even if we want our MV book to look like an ordinary mathematics book, we can do this on three levels:
(i)
the primary MV level (pMV),
(ii) the secondary MV level (sMV), (iii) the level of typographical abbreviations. 22.2. As to primary MV we can discuss how some of the basic notations on typing, on context and on quantification are to be expressed in terms of words. In several cases it is not quite clear how to do this: there may arise ambiguities,
N.G. de Bruijn
928
in particular just those which the MV notations intended to avoid. Right now we do not try to suggest how to solve all these difficulties. We hardly go beyond a first orientation. 22.3. The typing “p:prime number” can of course be pronounced “ p is a prime number”. A definitional line body “ p := Q : prime number” can be pronounced as “denote the prime number Q by p” (in this case Q is an expression and p is an identifier). The declaration ‘$:prime number” (the case of a pointed flag) is “let p be a prime”. The assumption “p:prime number” can be “assume that p is a prime number” (the case of a rectangular flag). The case of “assume...” is essentially different from “let...”: in the case of “let ...” the p is a new variable, in the case of “assume...” it is a variable or a constant that was introduced earlier in the book (cf. the assumption (89) in Section 18.2). Unfortunately there is not a very strong feeling in english OMV that “let ...” is to be restricted t o the case of declaration. One might consider to replace the “let ...” by something that cannot be misinterpreted, like “take any prime number p”. In OMV there is no clear way to tell where the flagstaffs end. Quite often it is suggested by the typographical layout, mainly by the subdivision of the text into sentences, paragraphs, sub-sections, sections and chapters. There is certainly a need for explicit rules for this. Right now there are just some unwritten conventions. One might express a rule like this: If an assumption is a part of a sentence, then it does not reach beyond that sentence. If it is the first sentence of a paragraph, and not a paragraph of its own, then it does not reach beyond its paragraph. Similarly, if a sequence of assumptions form the first sentence of a paragraph, and not a whole paragraph, then these assumptions are intended just for this paragraph. The rules for declarations are the same as those for assumptions. As an example we quote
(22.3.1)
If x is a real number then sin x
<2 .
It is considered to be bad manners to refer to x in the next sentence. Actually one may doubt what (22.3.1) means. It can be (i) a block, opened by the declaration “x:real number”, (ii) the universal statement VZzrealnumber sinx
< 2.
Fortunately the two are equivalent by virtue of the language rules of MV. But sometimes (22.3.1) means an implication: just imagine that the sentence (22.3.1) is preceded by “let x be any complex solution of the equation 4 cos x - 1 = 0”. In that case we can consider (22.3.1) as an implication, but also as a block (starting with the assumption “let x be a real number”). Fortunately again, the two possibilities are equivalent because of the language rules of MV.
The mathematical vernacular (F.3)
929
22.4. Expressing quantification in natural language is reasonably established: “for all points P . . .”, “for every point P * . .”, “there exists a point P such that ...”, are sufficiently clear, also if the quantifier “for all points P” is shifted to the end of the sentence: a machine should be able to translate them into V’s and 3’s. Nevertheless there is something wrong from the linguistic point of view: the name P does not play a role any ordinary word could ever play in a sentence. Writing “for every point, P say” does not make it any better. Natural language simply does not have anything corresponding to dummy variables! We (and the linguists) just have to learn t o live with the strange P in “for every point P”. 22.5. In our natural languages it is often possible to express quantification without the use of a dummy. The sentence “all dogs sleep” is equivalent to “for every dog P , P sleeps”. This can be done because of the fact that P is the subject of the sentence “P sleeps”. In other cases it can be done by means of pronouns. “There is a dog whose master trims its hair every day” will (although it is not very elegant English) mean: “there is a dog d such that the master of d trims d’s hair every day”. Correct interpretation of such sentences may depend on subtleties (see what happens if “d’s hair” is replaced by “his hair”), in particular in cases of more than one quantification in a single sentence. Special care should be taken with the words we use when applying the rule for elimination of the existence quantifier, mentioned at the end of Section 20.7. One usually says: “We know the existence of an z : A such that P ( z ) . Take such an 2”. Then one starts deriving a statement Q (which does not contain z). That is, one derives z : A(decl), P(z)(ass)
*
Q
and then the existence of an z : A such that P ( z ) guarantees that Q holds outside the block too. It would be nice to have a standard way of saying these things in a world where it is not customary to indicate the end of a block. A suggestion: open the argument with “We may assume that we have an z with the property P(z)”. The word “assume” stresses the fact that the life of z is short! 22.6. The situation with the substantive binder (see T6 in Section 12) is similar to the situation with logical quantifiers. The example in Section 20.4, viz. “quadrilateral with the property that its diagonals are orthogonal to each other” again shows that names of dummies can sometimes be avoided by means of a pronoun (in this case “its”). Another example is “prime number dividing nr’l where the gerund “dividing n” is derived from the statement “ p divides n”.
N . G . de Bruijn 22.7. It is not hard to get good translations for our formalism describing sets. If A is a substantive, we can pronounce “AT’, as ‘‘the set of all A’S’’. If S is
an A-set then the substantive “Sl” can be pronounced as “element of S”.So s : Sl is to be pronounced as “s is an element of S”,and this amounts to the same thing as “s E S ”. 22.8. Now coming to secondary MV, we of course depend on the special book we prefer to write. If it contains the material of Section 18.2, we first get to the discussion of natural language for negation. If P is a statement, the statement not(P) can be written as “it is not true that P”, and actually such a thing could be written as a book definition like this:
P :: statement(dec1)
*
it is not true that P := not(P) :: statement.
Nothing much is gained by this, of course (and some people might object that “not true” has too much of a metalinguistic flavor), but it seems to be the only construction that works the same way in all possible cases. In many sentences the negation can be worked into the statement P, usually by putting “does not” in front of the main verb, but that is impossible if P has the form of a quantified statement or of an implication. 22.9. Getting deeper into an MV book, we are no longer dealing with fundamentals, and this may imply that we are mainly sticking to the kind of sentences we have invented ourselves in definitions, especially since it is so easy for us to introduce new terminology in the book. We discuss the example of line (140) in Section 18.2. In natural language we like to have some synonyms available for a phrase like “b goes through A”, and there is no objection against codifying some of these in the M V book. We might insert directly after (140) a definition like
A lies on b := b goes through A :: statement
.
And we may introduce a new substantive “point of b” as “point lying on b” (the substantive binder with suppressed dummy, cf. Section 22.5). And from now on we have another way to say that “b goes through A” by means of the typing statement “A is a point of b”.
22.10. Natural language can have productive rules for getting synonyms. The rules we discuss here are connected with possession, with conjunction and with disjunction. Possession (to have or not to have) seems to be overwhelmingly important for human beings, and therefore they have made facilities for expressing it in
The mathematical vernacular (F.3)
93 1
many different ways, so as to fit in every linguistic situation. In the name “the derivative of g” the “of” suggests that g possesses something, and we rapidly accept that “f is the derivative of g” and “g has f as its derivative” are synonymous. Therefore we feel that in the MV book it is sufficient to define “the derivative of g” and that we can take the other constructions as implicitly defined by it. The phrases for describing possession of course depend on the question whether somebody can possess more that one thing of the kind mentioned, and also on the question whether he is or is not the sole proprietor. For example: “ A is a point of b” turns into “b has A as one of its points”, and the existence statement “exist(point of b)” is synonymous to “b has at least one point”. In conjunctive statements synonyms can lead to shorter sentences. The statement “ A lies on b and B lies on b” is synonymous to “ A and B lie on b”, and similarly “ A lies on b and A lies on c” is synonymous to “ A lies on b and c”. Still the matter is tricky: ‘‘a implies c and b implies c” can not be contracted t o ‘‘a and b imply c”. There are similar contractions for disjunction. “ A lies on b or on c” is synonymous to “ A lies on b or A lies on c”. In general one will go as far as one can with such contractions as long as there is no danger of ambiguities. Try “ P is the only point of S and P is the only point of T”, “ P is a point of the limit set of 5’and P is a point of the limit set of T”. Quite often synonym production rules are not safe enough for mathematics. “I hear John and Mary” can be considered to be synonymous to “I hear Mary and John”. But in “the Cartesian product of X and Y” we cannot just interchange the X z.nd the Y . And a rule that “not for all points P we have &” is synonymous to “there is a point P such that not(&)” is a thing we want to be able to discuss as a logical rule; we do not want t o be forced t o accept it for the sake of linguistics.
22.11. From Section 22.10 we may conclude that it is not easy at all to decide about synonym production rules. Forbidding them will make our language inelegant, admitting them makes it unsafe. Obviously the best thing we can do is that as long as we do not fully understand the synonym production rules, we refuse to consider them as a part of “official” MV. We can put them on the list of the “grains of salt”, if we wish. In many cases we can take the effects of synonym production rules seriously without proclaiming them as rules. An example of this was presented in Section 18, line (143), where a synonym was provided by a book definition. Many things can be developed that way, although it may become monotonous on the long run. 22.12. It requires quite some mathematical experience to understand sentences
N.G. de Bruijn
932
involving indefinite articles (“a” and “an”). Quite often such sentences are ambiguous, and their interpretation may depend on whether they are labeled as “definition” or as “theorem”. Example: (22.12.1) a rhombus is a quadrilateral with property P has three interpretations, viz. (22.12.2) rhombus Q quadrilateral with property P (22.12.3) rhombus := quadrilateral with property P (22.12.4) rhombus = quadrilateral with property P
.
If (22.12.1) is labeled with “theorem” or “lemma”, we choose for (22.12.2), but if the label is “definition”, we choose (22.12.3). If instead of (22.12.1) we would have had “rhombuses are quadrilaterals with property P”, with a theorem-like label, we might have hesitated between (22.12.2) and (22.12.4). If we really want to express (22.12.4) we might prefer “A quadrilateral is a rhombus if and only if it has property P”. We may test our abilities for understanding mathematical sentences by trying cases where some of the words have been replaced by symbols that conceal the meaning of the words. As an example we consider
Definition. An A of a B is a C whose D intersects that B. This we rapidly interpret as z : B (dcl)
*
:= S,,c((the
A of z :=
D of y) intersects Z)
::
substantive
.
A second example is
Definition. We say that the A of a B hibernates if it is skew to that B” This we interpret as z : B (dcl) := the
*
the A of z hibernates :=
A of z is skew to z
at least if the terms “the A of book.
Z”
:: statement
,
and “is skew to” have been defined in the
The mathematical vernacular (F.3)
933
There is an objection against the choice of the phrase ”the A of 2 hibernates” in the above definition. It asks for trouble with parsing. Let us be more specific by taking as a n example: “We say that the orthocenter of triangle d hibernates if it lies inside d”. Now take two triangles d and e with common orthocenter P. We might argue: if P lies inside d then P hibernates, and therefore P lies inside e. This is obviously false! The thing is that there never has been a definition explaining what it means that a point hibernates. Nevertheless this is suggested by the phrase “We say that the orthocenter of d hibernates”, since “the orthocenter of d” is the name of a point. Therefore it is in vain to appeal to EQlOa (Section 13) in order to say that in this phrase “the orthocenter of d” may be replaced by “the orthocenter of e”. We cannot say that
t : point (dcl) * t hibernates
:: statement
.
A way to avoid this inconvenience is to define “the orthocenter of triangle d hibernates with respect to d”. Or, still simpler, we define hibernation of a point with respect to a triangle, and then apply it t o the orthocenter. We note that the definite article “the” is used in two different ways. In a case like “the orthocenter of d” it originates from a line in the book where in a context “d:triangle (dcl)” we have defined the name “the orthocenter of d”. But a case like “the positive root of f ” has to be parsed as a substantive (“positive root of f ” ) preceded by the “the” of Section 18.2 (83), which requires a proof of the uniqueness statement (82). In the case of ‘‘the orthocenter of d” there has been no previous introduction of a substantive ‘Lorthocenterof d”, and therefore it can not be parsed as a substantive preceded by a definite article. 22.13. A line in an MV book can be labeled “theorem” or “lemma” if the line body is a statement (case (vi) of BR9 (Section 10)). That, is, if it is considered “important” enough for such a stately name. Otherwise it can just be considered as a stepping stone in a proof, or as a minor remark. Lines with a body of the form (iii), (iv) or (viii) of BR9, can be labeled “definition”, although very often (in particular in case (iii) ) we prefer to call them abbreviations. These cases (iii), (iv)l (vii) can be called “statement definition”, “substantive definition” and “name definition”, respectively, and each case has its own phraseology in OMV. Very many definitions in OMV are definitions of adjectives; we shall discuss the use of adjectives in Section 22.14. 22.14. In our grammar of MV we have not discussed adjectives thus far, but they are easily incorporated. We should always bear in mind that an adjective is to be defined with respect to a substantive. Let us take the substantive
N.G. de Bruijn
934 “triangle” as an example. If z : triangle (dcl)
*
P
:: statement
is valid, then P (which may be an expression containing z) expresses a property of z. In natural language such a property may be expressed by an adjective. Let us choose the word “blue” for it. Then we can consider the new substantive “blue triangle” and the new statement “x is blue”. This statement can be considered as an abbreviation for “z is a blue triangle”. The substantive can be defined as (22.14.1) blue triangle := Sz:triangle P :: substantive . The statement “z is blue” can be introduced by z : triangle (dcl)
*
z is blue :=
(x : blue triangle)
:: statement .
We can agree that we express both (22.14.1) and (22.14.2) by the single line
Definition. A triangle z is called blue when P. A nice way to write this with a new binder “Adj” is as follows: (22.14.3) blue := Adjz:triangleP
.
Working with adjectives has some other nice features. One is, that if an adjective like “yellow” is defined with respect to the substantive A , and if B << A , then we can speak of yellow B’s too. And if we have defined both “yellow” and “round” on the substantive A , then we can use the new substantive “yellow round A ” , and that is synonymous with “round yellow A”. Misunderstandings can arise if the adjective “round” was not defined with respect to the substantive A but with respect to the substantive “yellow A ” .
23. REMARKS O N PARSING The situation about parsing is like this. What we really want to say in a sentence or a formula, has the structure of a tree (to be more precise, of a planted planar tree). Such a tree is a finite directed graph where (i) every point has just one incoming edge (except for a single point, the root, which has none), (ii) at each point a linear order of the outgoing edges is given (the order from left t o right), (iii) every point can be reached by means of a finite path that starts at the root. Finally we mention that to the points of the tree there may be attached letters or words, i.e., identifiers.
The mathematical vernacular (F.3)
935
The difficulty is that we want to put such tree-shaped information in a linear form, in order to be expressed in speech or writing, and that we want this linearized form to reveal the original tree structure. Mathematicians have solved this problem centuries ago, coding their trees in linearized form with the aid of sets of nested pairs of parentheses. In natural languages, however, this has never been done. It is quite probable that parsing trouble had its influence on our natural languages before writing was invented, in particular in the shaping of inflexions and conjugations. Quite some effort in learning languages, and in studying their structure, is connected with parsing and with the constructs people invented for the benefit of parsability. In spite of the fact that parsing is an immense problem in the study of natural languages, we can be very casual about it when discussing MV. As long as we are able to create a language it is no serious problem at all. We can just be generous with the use of parentheses or any other means for describing the tree structure in a linear format. Admittedly, we do not want to go all the way: we want our MV to look like natural language as much as possible. This can be achieved to a large extent by sensible choice of the terms and phrases we introduce in our books (in the form of sMV material). Combined with the use of just a few parentheses, this can reduce parsing trouble to a bearable extent. Making a serious study of this would, for the moment, be a waste of time, since the trouble can so easily be eliminated by adding enough parentheses.
This Page Intentionally Left Blank
937
Relational Semantics in an Integrated System R.M.A. Wieringa 0. ABSTRACT
This paper contains the description of a system for handling semantics of computer programs. The methodology used for the description of semantics is the relational semantics: - possibly incomplete - information about programs is represented by binary relations. For the description we use the language Automath in which logic, mathematics, syntax and semantics are integrated. Moreover, the correctness of texts written in Automath can be checked mechanically by a computer. We consider an ALGOLGO-like programming language. The axiomatic basis of it is kept small, but it is large enough to make the definition of many ALGOL constructs possible. In the basis are included assignment, binary selection, concatenation, block structures and recursive parameterless procedures. For these basic constructs semantics is presented, and some examples are given how new program constructs can be described in terms of these basic ones.
1. INTRODUCTION We shall present a formalism for the description of syntax and semantics of programs in a n ALGOLGO-like programming language (i.e. a block-structured programming language with variables of various kinds, assignment to these variables] binary selection] recursion, etc.). An essential point is that program correctness proofs have to be subjected to an automatic verification system. So we have to deal with (a) the organisation of the variables, the so-called state space,
(b) the description of the syntax of the language: what kind of programs do we consider, (c) the description of the semantics of the programs: what information do we state about the programs.
R.M.A. Wieringa
938
The method we shall use to describe semantics will be relational semantics with strong emphasis on dealing with incomplete information about the relation between initial and final state. A system for verification of the correctness of programs has to be able to cope with mathematical theories (e.g. number theory) and to keep track of the mathematical interpretation of values of state space variables. In practice, the verification of the correctness of a program appears to be long and tedious, since it consists of very many elementary steps. We feel the need for a mechanical verification. So alltogether, we need a language in which various formal systems (e.g. semantics, logic, mathematics) are integrated, and the correctness of what is written in the language should be decidable by a computer. Automath ( [ d eBruijn 70a ( A . 2 ) ] )is such a wide-scope language. In an Automath book we can express all primitives we need about logic, mathematics, programming language, semantics, and on the basis of these primitives we can define particular programs and derive truths about their semantics. We use the following notatioan for some of the essentials of Automath. Typing is denoted by colons ( P : Q means P has type Q). Abstraction is written as [z : A] B , denoting the function with domain A and values B (this B may contain z). Application is written as ( A )B (i.e. the value of the function B at the point A ) . We use Q : type for saying that Q is a type, and R : prop for saying that R represents a proposition (if S : R then S is a proof of that proposition). The semantical framework described here is essentially based on various proposals by N.G. de Bruijn [de Bruijn 73d], [de Bruijn 75b]. In the present form it is used by the author of this paper for the development of an operational system intended to be useful for proving correctness of big programs.
2. T H E STATE SPACE Since programs act on variables, we have to pay some attention to these variables and their possible values; in other words, to the state space. Roughly speaking a state is a set of variables each of a certain type (think e.g. on the types integer, boolean etc. in ALGOLGO) and having a value corresponding to that type. So we introduce the notion datatype, and several datatypes, like datatype : type boo1 : datatype int : datatype
.
Relational semantics in an integrated system (F.4)
939
For each datatype dt the type of the corresponding values will be denoted by elts(dt) : type
.
Since our programming language has an ALGOL-like block structure, we put our variables on stacks: one for each datatype. For simplicity we do not assume the stacks to have a bottom. The places in each stack are indexed by 0,1,2,...; the 0 refers to the top of the stack. In the stack corresponding to dt the values have type elts(dt). Each pair (dt, i) of a datatype and an index now identifies a program variable: we do not talk about names of variables. So we define (written in Automath) State := [dt : datatype] [i : nat] elts(dt) : type (where nat is the type of the naturals). For a visual interpretation see Fig. 1.
Figure 1, A state space There are several operations on states. Let us fix a state a. By value(o, dt, i) we denote the value in a of the variable (dt, i); it has type elts(dt). Furthermore there are some operations transforming states into states: (a) adapt(a, dt, i, u ) is the state that is obtained from a by replacing the value of (dt, i) by a new value u ; (b) extend(u,dt,u) is the state we get when in (T we push an element with value u on the stack corresponding to dt. So, when 0’= extend(a, dt, v) we have value(a’, dt, 0) = v, value(a’, dt, i 1) = value(o, dt, i), value(a’, t, i) = value(a, t, i) when t # dt;
+
(c) restrict(a,dt) is the state we get when in a we remove the top element of the stack corresponding to dt. So when a’ = restrict(a,dt) we have value(a’, dt, i) = value(a, dt, i+ l),value(a‘, t , i) = value(a, t, i) when t # dt.
R.M.A. Wieringa
940
Having defined these operations on states, we can prove properties about them, e.g. value(extend(a, d t , v), dt, i
+ 1) = value(0, dt, i)
restrict(extend(0, dt, v), dt) = 0 and write these in our Automath book. In order to deal with nontermination, abortion because of thing like “divide by zero”, indexing outside array bounds etc., we add an extra datatype ref (standing for refuser). The variables belonging to ref are quasi-variables,i.e. they do not appear in a program itself but only in its semantics. There are two values connected to refusers: ON and OFF, ON meaning “there is something wrong”. The datatype ref plays an exceptional role in our discussions. In most cases we shall stipulate that datatypes are # ref.
3. SYNTAX What kind of programs do we consider? It is our intention to have a rich class of programs with a set of primitives that is as small as possible. Therefore we do not consider expressions of complex shape in our primitive programs. The following programs are primitive (the word “Program” will be used as the type of all programs).
(1) If dt : datatype, u : dt # ref (i.e. u proves dt we have
# ref), i
: nat, v : elts(dt),
Const_ass(dt,u, i, v) : Program corresponding to “z := d’in ALGOL (where z corresponds to (dt, i) and v is a constant of type dt).
(2) If dt : datatype, u
: dt
# ref, il
: nat, i2 : nat, we have
Var_ass(dt,u,illi2) : Program corresponding to “x := y” in ALGOL, y being a variable.
(3)
If b : nat, nl : Program, a2 : Program, we have Binselect@, irl,n2) : Program corresponding to “ i f b then irl else ~ 2 ” .
Relational semantics in
illl
integrated system (F.4)
94 1
If ~l : Program, 7r2 : Program, we have Concat(Rl,R2) : Program corresponding to “ ~ 1~ ;2 ” . If dt : datatype, u : dt
# ref, R
: Program, we have
Block(dt, u, R ) : Program corresponding to “begin dt x ; R end” (where dt is one of the types in ALGOL). If dt : datatype, u : dt
# ref, R
: Program, we have
Injection(dt, u, R ) : Program In ALGOL there is no construction corresponding to this. It intends the following: Program R acts on a state space. When we want to use R in a situation where that state space has been extended with a variable of datatype dt, x has to act on that extended state space. For formal reasons this program has to get a new name. If cp : Program we have
+ Program
(i.e. cp is a function from programs to programs)
Recurs(cp) : Program more or less corresponding to “procedure p ; ( p ) cp”. The idea behind this approach is the following: ALGOL uses in recursive procedures a kind of circular definition: in the specification of procedure p , p itself may appear: p := ( p ) cp. The essential part of the procedure is cp, the program-program function. By the formula p := Recurs(cp) we turn cp into a program. The above list of primitive programs is a reasonable basis for a programming language. We do not state it to be complete; if desirable we can add further primitives later, e.g. primitives about array assignment, and operations on records (as in PASCAL). And users of the system, handling special algorithms requiring special datatypes can add primitive notions for private use. By means of the seven primitive program constructs given above we can build other program constructs. Once they have been written in our Automath book they are available for later use, just like the primitive ones. We give some examples.
R.M.A. Wieringa
(8)
To the boolean assignment “ b l := b2 V b3” in ALGOL (where b l , b2 and b3 are variables) corresponds the statement “if b2 then b l := true else b l := b3”. It is written in Automath as follows: if b l : nat, b2 : nat, b3 : nat. we define Bool_or..ass(bl, b2, b3) := Binselect (b2, Const .ass( bool,boolnotref, b l T ) , Varass(bool,boolnotref, b l , b3)) : Program (where boolnotref states boo1 # ref, and T : elts(boo1) denotes the value true).
(9)
The empty statement in ALGOL can be mimicked as follows: Dummy := Var-ass(bool,boolnotref,0,O) : Program so “b := b” in ALGOL where b corresponds t o (boo1,O).
(10) To the statement “if b l V b2 then A” corresponds the block “begin boolean b; b := b l V b2; if b then A else end”. If b l : nat, b2 : nat, T : Program, we describe it by Or-cond(b1, b2, T ) := Block(bool,boolnotref,Concat(Bool_or_ass(O, bl
+ 1, b2 + l),
Binselect( 1,Injection(bool,boolnotref, A),Dummy))) : Program Notice the effect of the introduction of a new boolean. It transforms b l , b2 and T into b l 1, b2 1 resp. Injection(bool,boolnotref, A).
+
+
(11) To the while statement “while b do A” corresponds the recursive procedure “procedure p ; if b then begin T ; p end else”. If b : nat, A : Program, we describe it by While(b, T ) := Recurs([nl : Program] Binselect(b, Concat(T, TI), Dummy)) : Program.
+
We did not yet discuss integers and assignments like “ a := b c”. We can define the integers as sequences of bits 0 and 1 and write programs for addition, multiplication etc. It is a long way t o go, but whatever we produce is available forever.
Relational semantics in an integrated system (F.4)
943
4. SEMANTICS
Semantics as we describe it is closely related to the methodology of denotational semantics with one of its central ideas the presentation of meaning of a program as a function from states to states (cf. [Scott & Strachey 711). We take a different point of view: we do not consider functions from states t o states but binary relations over the state space. This is called relational semantics (cf. [Hichcock & Park 731). When discussing semantics of a program in a particular situation it is, fortunately, often sufficient to deal with incomplete information. Some parts of the program may have semantic properties which are partly irrelevant for the properties of the program as a whole. Such incomplete information has the form of a binary relation, and can be treated in our system. As an extra advantage we mention that we do not have the slightest trouble with non-deterministic programs. We connect relations to programs by stating that a relation p presents information about a program x. In our Automath book we take this notion to be primitive, but we can give the following interpretation from an executional point of view: For every pair a1 : State, a2 : State where a1 and a2 are initial and final state of some execution of x, the relation p holds. Because of the possible incompleteness of the information, the converse (i.e. when p holds for a1 and a2, x can transform a1 into a2) need not be true. In the jargon of Automath, a relation is a function that adds t o every u1 : State and a2 : State a proposition. So the type of all relations is Reln := [a1 : State] [a2 : State] prop
.
So given p : Reln, a1 : State, a2 : State, “ p holds for a1 and u2” is expressed by (a2) (01)p. Further we write, given x : Program, p : Reln, the primitive notion info(a,p) : prop
.
The interpretation of info(x, p ) is the proposition ‘‘p presents information about T” *
The basic properties embodied in this interpretation are given by the following axioms (where a : Program, p l : Reln, p2 : Reln) 0
info(T, p l ‘and’ p2) ‘eqv’ (info(a, p l ) ‘and’ info(x, p 2 ) )
0
( p l ‘imp’ p2) ‘imp’ (info(a, p l ) ‘imp’ info(x, p 2 ) )
(We use ‘and’, ‘imp’, ‘eqv’ for the connectives A , calculus.)
+, = of ordinary propositional
R.M .A. Wieringa
944
The relations p we claim by axiom to present information about the seven primitive programs in Section 3 all have a standard form, viz. [a1 : State] [a2 : State] i f Someref-on(a1) then a1 = a 2 e l s e P ( a 1 , a2)
where P ( a 1 , a2) is a proposition, and Some_ref_on(o) := 377 : nat(value(a,ref,r) = ON)
.
The motivation for this is the following: Once a refuser is in ON position (because of things like nontermination, abortion), we do not want to “execute” the rest of the program anymore; in other words: this rest is equivalent to a skip, for which we present the information m 1 = 02.
So to each primitive program T we have a relation p in standard form and an axiom stating info(T, p ) . In this paper we do not give the relations in standard form, but only the essential part, i.e. the proposition P(a1,a 2 ) in the e l s e part. (1) To Const-ass(dt, u,i, w) is connected the proposition (playing the role of P(aL02)) a 2 = adapt(a1, dt, i, w) . (2) To Var-ass(dt, u,i l , i2) is connected a2 = adapt(a1, d t , il, value(a1, d t , i2)) . (3) Given p l : Reln, p2 : Reln, info(T1, p l ) , i n f o ( ~ 2p2), , to Binselect(b, ~ 1 , 7 r 2 ) is connected i f value(a1, bool, b ) = T then (a2) (al)p l else (a2) (01)p2
.
(4) Given p l : Reln, p2 : Reln, info(T1, pl), i n f o ( ~ 2p2), , to Concat(xl,7r2) is
connected 3a : State ( ( a )(al)p l ‘and’ (a2) ( a )p2)
.
(5) Given p : Reln, info(T, p ) , to Block(&, u,T ) is connected 3wl : elts(dt) 3w2 : elts(dt) ((extend(a2,d t , w2)) (extend(a1, d t , wl)) p )
.
Relational semantics in an integrated system (F.4)
945
Since a1 and a 2 are states belonging t o the state space outside the block and p is a relation between states inside the block, we have to extend a1 and a2 with appropriate values when connecting them with p . They are extended with v l and v2, representing the initial and final value of the variable local in the block.
( 6 ) Given p : Reln, info(n, p ) , to Injection(& u, n) is connected (restrict(a2, dt)) (restrict(a1,dt)) p ‘and’ value(a2, dt, 0) = value(a1, dt, 0)
.
Now p acts on a “smaller” state space than the one 01 and a 2 belong to, so we have to restrict a1 and u2. The second part of ‘and’ states that the value of the added variable does not change.
(7) In order t o describe information on the recursive program Recurs(cp), we have to consider a sequence of relations with special properties. Given Seq : nat
+
Reln,
with
V a l : State Va2 : State ((02) (al)( 0 )Seq ‘eqv’ i f SomeIef.on(a1) then a2 = a1
else value(a2, ref,nonterm) = ON))
V k : nat V.rr : Program (info(n, ( k ) Seq) ‘imp’ info((n) cp, ( k
+ 1)Seq))
to Recurs(cp) is connected
Vn : nat 3k : nat ( k ‘gtr’ n ‘and’ (02) (al) ( k )Seq)
.
The interpretation is as follows: We start from a program TO to which we connect the proposition value(a2,ref,nonterm) = ON. (TO can be considered as a non-terminating program.) We now build the programs (nO)cpo := no, (x0)pl := (xO)cp, (nO)cp2 := ((.rrO)p)p,.... For every k , ( k )Seq is a relation that presents information on (TO) cpk, by induction: (0) Seq presents information about no, and for any k and n holds info(n, ( k ) Seq) ‘imp’ info((x) cp, ( k + 1)Seq). The information presented on Recurs(cp) is now the least upperbound of the sequence Seq: [a1 : State] [a2 : State] Vn : nat 3k : nat
( k ‘gtr’ n ‘and’ (a2) (01) ( k )Seq)
.
Starting from our semantics of the seven primitive programs, we can define relations for higher-level constructs and prove that these relations present information. Especially the while statement deserves some attention, and the
946
R.M.A. Wieringa
+
programs that effect the arithmetic operations, such as ‘‘a := 6 c”. Once all such standard programs have been written in our book, we gradually can start to write more complex programs and to present information about them. This set-up is completely parallel to the situation in mathematics where we start from very simple primitives, and gradually learn to say everything we want. Much of the work we have to do when writing programs and proving semantics about them, is more or less standard. All the time we deal with complex expressions in terms of the operations on states (as given in Section 2). Those can be simplified by application of the rules we have mentioned at the end of 2, applying elementary logic and elimination of if-then-else constructs. At this moment we feel the need for a (limited) automatic simplifier. Given a complex expression in terms of extend, adapt, restrict etc. such a simplifier is supposed to deliver a simpler equivalent form of this expression (and written in Automath a proof of this equivalence). Occasionally, some human interaction might be helpful.
947
Computer Program Semantics in Space and Time N.G. de Bruijn
1. INTRODUCTION This note can be considered as an addition to [de Bruijn 73d] (see also [ Wzeringa 80 (F'.4)]). We aim at a new treatment of recursive procedures, i.e., a new version of Section 11 of [de Bruijn 73dl. This new treatment also effects the other sections, but there the alterations that have to be made are quite obvious. In [de Bruijn 73d] we used a state space R that was extended to a space R+ by adding a single element m. This element m played a role in the semantics only: it is not something that can be referred to in the programs. Its semantic role is to indicate non-termination. In the present note we follow a system that handles some further information, i.e., something corresponding to runtime. Where the system of [de Bruijn 73d] only distinguished between runtime being finite or infinite, the present system might be able to say exactly what the runtime is in cases where it is finite. For practical applications it might be interesting to develop runtime administration for terminating programs, but this was not the main motivation for this study. The reason was rather of a theoretical nature. The semantic treatment of [de Bruijn 73d] (Sect. 11) turned out to be hard to combine with fixed points semantics. Mr. R. Wieringa, who implemented a large part of [de Bruijn 73d] in Automath, had to introduce a new notion of order between predicates and had to impose slightly awkward monotonicity restrictions in order t o establish a correspondence between the recursion semantics of [de Bruijn 73d] and fixed point theory. The system proposed in this note is much easier in this respect. Yet, if we weaken the runtime information by distinguishing between finite and infinite runtime only, the semantics can be expected to be the one of [de Bruijn 73d]. Our present system takes care of runtime by describing a relation between the moment t where the execution of a program starts, and the moment t' where the execution ends. Semantical information about a program will have the form of a predicate on (0 x 2') x (0 x T ) (whereas in [de Bruijn 73d] it had the form of a predicate on R+ x Of. It is quite reasonable to think of predicates in which
N.G. de Bruijn
948
the relation between t and t‘ is expressed in a form like
t + f ( w , w‘) I t’ I t
+ g(w, w’) ,
and it is also quite reasonable t o choose the semantics of primitive program constructs in accordance with this form. Nevertheless we shall not set it as a rule that our predicates should necessarily have this form. What we do require, however, is that t 5 t’ is somehow enforced, and we shall realize this by restricting our predicates to the set of all those quadruples (w, t , w‘, t’) for which t
5 t’.
The interpretation of t and t’ is obvious. In a case where t < 00, t‘ = 00 we of course say that the program does not terminate. In cases where t = 00, t’ = 00 we can say that the program execution never started, since some other program that had to be executed first, took infinitely long. In order to be able to say that the sum of the lengths of infinitely many time intervals is infinite, we restrict ourselves t o time moments which are either integers or the symbol 00. Just like in [de Bruijn 73d], where programs never explicitly referred to the element 00, in our present system the programs will usually not refer to t in any way, except for the program “delay”. In this note we shall discuss the relation between t and t’ only as far as it is relevant for the treatment of recursion. In fact we take the point of view that no program takes time, except for the “overhead” of a procedure call. This overhead is connected with the fake program we call “delay”, which takes time without doing anything else: its semantics may be described by (w = w’) A (t‘ = t 1). One might say that every case of non-termination is already caused by an infinity of executions of “delay”, in spite of the fact that other program components might try to make it worse. Another point of view in which this note differs from [de Bruijn 73d] is a simplification: we have given up the “relativistic” attitude (see Section 3). Part of the philosophy underlying the note [de Bruijn 73d] was that semantical discussion can be kept on a mathematical level without entering into the syntax of a programming language. The correctness of the code in which the program is presented t o a computer is a matter we can reduce to the question of the correctness of a compiler. This is not essentially different from the problem of the correctness of the translation of programs in higher order languages. The philosophy that semantics can be built up without entering into syntax, is elaborated in Section 8 of this paper.
+
Computer program semantics in space and time (F.5)
949
2. PREDICATES ON THE SET A We start from a set fl (which is called ‘%ate space”). And we introduce the “time space” T , defined as
(where X is the set of integers and 00 is a new element). In T we have addition and order. The ordinary addition of Z is extended by 00 t = t 00 = 00 for all t E T , and the ordinary order of Z is extended by agreeing that k < 00 for all k E Z. The set A is defined as
+
+
Given a point (w, t , d , t’),we may refer to the pair ( w , t ) as “initial”, and t o the pair (w‘, t ’ ) as “final”. We write Pred(A) for the collection of all predicates on A. Particular predicates are (i)
‘ITRUE”,which is identically true on A,
(ii)
“FALSE”,which is identically false on A,
(iii) “NONTERM” (for non-termination), which has as its value the proposition t’ = 00, (iv) a predicate which we shall denote by J , given by
J ( w , t, w’, t‘) = (t = t’) A ((t’ < m) + (w = w ’ ) )
.
(1)
It is inconvenient t o admit all arbitrary predicates on A, for in cases where t’ = 00 the value of w’ has no sensible interpretation, and for our semantics it would be awkward to make the distinction between different final pairs (w’, 00). (Of course it neither makes sense to distinguish between different initial pairs (w,m), but there it causes no trouble for our semantic system.) Somehow we want to consider all the (w‘,00)’s as equal, but we do not want to loose the Cartesian product structure of our space. Therefore we shall restrict predicates to being ‘konstant at infinity”. We say that a predicate P E Pred(A) is constant at infinity if P(w,t , ~ ’00), = P ( w ,t , w ; , 00) for all w,w‘,w; E R and all t E I. The set of all P E Pred(A) which are constant at infinity will be called Pred*(A). For every P E Pred(A) we construct a P* E Pred*(A) as follows:
950
N.G. de Bruijn P*(w,t ,w’, t’) = P(w,t ,w’, t’)
if t‘
<m ,
and
P * ( W , t ,w’, 00) = 3,En P(w,t , p, m) for all w,w‘ E R, t E T . If P is itself in Pred*(A) already, we obviously have P’ = P. This applies in particular to the examples TRUE, FALSE, NONTERM and J , mentioned above. We shall write P c Q for predicate implication (rather than using the dubious Q), so P c Q means notation P -+
P(wl t , u‘,t’)
V(u,t,ut,tt)
+
Q(w, t , w’, t‘)
.
We use the sign = for equivalence of predicates (and we shall often just call it equality), so P = Q means ( P c Q) A (Q c P ) . The notation P c Q helps us to remind that the set of points satisfying P is a subset of the set of points satifying Q. Quite often we interpret a predicate as an amount of information, and then we have to keep in mind that P c Q does not mean that Q gives more information than P. I t is just the other way around: P gives all the information presented by Q, but possibly more. With the above notation P*, Q’ we obviously have
(Pc
Q)
+
(P’
c Q’)
for all P,Q E Pred(A). Quite often we want to describe a predicate by means of some expression E containing w ,t , w’,t’. We shall use the notation XE in order to denote the predicate P for which P(w,t,w’,t’) = E for all w , t , w’,t’. And if P is obtained from E this way, we write X*E for the P* corresponding to P. As examples we mention X*((w = w’) A (t’ = 00)) = X*(t’ = m) = X ( t ’ = m) = NONTERM
,
X’((W = w’)A ( t = t‘)) = x(((w = w’)A ( t = t’)) V ( t = t’ = m)) = = X ( ( t = t’) A ((t’ < 03)
+
(w = w ’ ) ) ) = J
.
If P and Q are in Pred(A) we define the “boolean matrix product”, or “boolean convolution”, denoted by P * Q, as follows:
P
* Q=
3 0 ~ n . 1st i~s g~ f ( P ( w t, , 0 1
8)A
We note that this convolution is associative:
( P * Q)
*
R= P
*
(Q
* R).
It is not hard to show that for all P E Pred(A)
Q(.,
3,w’, t ‘ ) )
.
Computer program semantics in space and time (F.5)
P*J=P*,
95 1
(2)
and therefore ( P * Q)* = P * Q * J = P * Q*. In particular, if Q is constant at infinity, then P * Q is constant at infinity. As a special case of (2) we mention
J * J=J*=J.
3.
SEMANTIC INFORMATION
We assume that we have a set called Prog(0). The elements of this set are called programs (or “programs on 0”).And we assume to have a mapping “Totinf” (which stands for “total information”), mapping Prog(0) into Pred*(A). The interpretation is that if 7r is a program, then Totinf(.rr) is a predicate on A that presents all the semantic information about x. That is to say in terms of operational interpretation: there is an execution of x leading from initial state (w , t ) to final state (w’, t ’ ) if and only if the quadruple ( w , t, w’, t’) satisfies the predicate Totinf(T ) . Quite often it happens that for a given program x it is hard to find Totinf(7r) and, moreover, this total information is not always important in all its details. We can usually be quite happy with something that is simpler and weaker. That means that we work with some R E Pred*(A) such that Totinf(7r)
cR.
(1)
In most cases we start from the other end. We have some predicate R as our goal, and we want to find a program T such that (1)holds. Then we say that R is a program specification, and that x is a program that satisfies the specification. In [de Bruijn 73d] we tried to avoid the introduction of a thing like Totinf. The idea behind this is that it might be useful to have a semantic system in which people with different ideas about the total information are still able to communicate about things they do agree on, and also that it leaves some freedom t o those who implement a programming language. This idea of [de Bruijn 73d], if extended to our present system, means that we work with a predicate w on Prog(R) x Pred*(A), with the interpretation that W ( T , P ) expresses that P(w,t, w’, t ‘ ) is true if (but not necessarily “only if”) there is an execution for which ( w , t, w’, t‘) presents the initial and final state. The connection with Totinf is if Totinf(T) c P then
W(T,
P)
N.G. de Bruijn
952
for all K E Prog(R), P E Pred*(h). In the present note we shall not follow this line of [de Bruijn 73d]. The advantage of avoiding Totinf(7r) might not compensate the disadvantage that the basic properties of W ( K , P ) are harder to formulate than those of Totinf(.rr). There is an analogy in topology, where there is a possibility (“point-free topology”) to restrict the discussions t o “open sets” as basic objects, without bothering whether these objects are sets (of “points”) indeed. The price that has to be paid for this “relativistic” point of view is a complication of the axiomatic structure, a structure that can only be understood with the non-relativistic structure in mind. The interpretation of Totinf(a) makes it hard to attach a meaning to cases where w , t are such that there is not a single pair w‘, t’ such that Totinf(s)(w, t , w‘, t ’ ) is true. Nevertheless we do not exclude these cases by means of a general condition on Totinf(K), partly since it still might turn out to come in handy for special kinds of abortion (cf. Section 10). On the basis of Totinf we can define a transitive relation between programs. If both 7r and u are in Prog(R) we write x
If both
K
5 u if and only if Totinf(7r) c Totinf(u)
5 u and
u
5 K we say that
K
.
and u are semantically equivalent.
4. SEMANTICS OF PRIMITIVE PROGRAMS In this section we consider the programs “skip” , “delay” , “adlibitum”, “nonterm” and a class of programs called “assignments”. We ignore other primitive programs like 2 := 2 y , etc. The programs “skip”, “delay”, “adlibitum” and “nonterm” will hardly ever occur in actual programs, but are just added to the collection of all programs in order to smooth the semantic dicussion. The program “skip” does nothing, that is to say that it leaves both w and t untouched, at least as long as t < 00. Its semantics is
+
Totinf(skip) = X*((w = w’) A (t = t ’ ) ) . The program “delay” is just like “skip” in as far as w = w‘, but it “consumes a unit of time”: Totinf(de1ay) = X*((w = w’) A (t’ = t
+ 1)) .
The program “adlibitum” is a non-deterministic program that instructs the computer to do as it pleases, possibly even to use a n infinite amount of time.
953
Computer program semantics in space and time (F.5)
(The term “adlibiturn” is used in music with the same meaning, although one would not usually admit the performer to play infinitely long.) The semantics is “no information at all”, “anything may happen”, and is expressed formally by Totinf(ad1ibitum) = TRUE. The program “nonterm” instructs the computer to go on for ever, and requires nothing about w’. Its semantics is Totinf(nonterm) = X ( t ’ = co) = X * ( t ’ = 00) = NONTERM
.
The trouble with a formal treatment of assignments is this: they contain expressions in some syntactic form, intended to represent elements of R, but the language in which they are formulated (the computer programming language) should not be confused with the (so much richer) mathematical language in which we discuss the semantics. Let us say that somehow we have defined a class of expressions (in the programming language) and that t o each E of that class we have assigned a mapping g of R into R. Then something like “x := E” is a program; we note that E may contain a symbol x referring t o the initial value w , but no symbols referring to w’, t or t’. We shall not say precisely how g is obtained from E; one usually has the “naive” interpretation that the value g ( w ) is obtained if we just replace z by w in E. But whatever the relation between E and g might be, the semantics is Totinf(x := E ) = X*((w‘ = g(u))A ( t = t‘)) . We have chosen the (unrealistic) point of view that the execution of z := E does not take time. If one wants t o attach some time consumption to this program, it is easily administered by adding (in concatenation) a number of executions of “delay”.
5. LOWER PRIMITIVE PROGRAM CONSTRUCTS
One of the simplest lower primitive program constructs is K o r a, if both K and a are in Prog(R). The interpretation is that for every input the computer is free to choose which one of K and a is to be executed. The semantics is described, if P = Totinf(?r), Q = Totinf(a), R = Totinf(n o r a), by
R(w,t ,w‘, t’) = P(w,t ,w’, t‘) V Q(w, t ,w’, t’) for all (w, t ,w’, t’) E A. Since both P and Q are constant at infinity, the same thing holds for R.
N.G. de Bruijn
954
Next we consider the well-known construct “A ; u ” , called the concatenation of the programs x and u. The semantics is given by means of the convolution Totinf(x; u ) = Totinf(x)
* Totinf(u) .
We note that Totinf(x ; 0)is constant at infinity, since the second factor is constant at infinity. We also note that because of the associativity of the convolution the programs x ; ( u ; T ) and ( x ; u ) ; T are semantically equivalent. With the construct “if E then x else u” we have a situation similar to the one with the assignment statement we considered in Section 4. Somehow we have defined a class of expressions in the programming language, and to each E of that class we have associated a predicate B on R. The expression E may contain a symbol z referring to the input value w , but no symbols referring to w’, t or t’. (The usual “naive” point of view if that the program text contains B itself, and that it reads “if B(z) then x else u ” . ) The intuitive (operational) meaning of “if E then x else u ” ,is that if B(w) is true then x is to be executed, if B(w) is false then u is to be executed. The formal semantics is described as follows. Let P , Q , R be the Totinf’s of x,u and “if E then x else u”. Then we have
R(w,t , w‘, t’) = = (B(w) A P(w,t,w’,t’)) V (-B(w) A Q ( w , t , w ’ , t ’ ) )
and we note that the right-hand side is equivalent to
( B ( w )+ P(w, t , w ’ , t’))A (-B(w) + Q(w, t , w‘, t’)). We have to check that R is constant at infinity. This follows directly from the fact that both P and Q are constant at infinity. In the lower primitive program constructs of this section we have not administered any run time for the “overhead” of the constructs: the only time consumption is in the execution of the sub-programs x , u , ... . It would not be very hard to alter this by adding a number of executions of the program “delay”.
6. HIGHER PRIMITIVE PROGRAM CONSTRUCTS
Let cp be a program-to-program function, i.e., a mapping of Prog(R) into itself. As an example we start from some expression E to which there corresponds a predicate B (like in Section 5), and for any x E Prog(R) we define cp(x) by cp(x) = if
E then x else s k i p .
Computer program semantics in space and time (F.5)
955
For any program-to-program function cp we have a program to be called R E CURS(cp). We may think of a program p that can be described in ALGOL60 by the procedure declaration and procedure body procedure p ; cp(p)
.
In order to describe the semantics of RECURS(cp)we first define the programto-program function $ by $(A)
= cp((de1ay; A ) )
.
(1)
Next we introduce the functions q k (k = 0,1, ...) by iteration: $ ‘ ( A ) = A , qhk++’(a) = $ ( g k ( r ) ) .We apply the q k to the primitive program “adlibitum”. Abbreviating Rk
= Totinf($k(adlibitum))
(2)
we now define the semantics of RECURS(cp) by Totinf(RECURS(cp)) = R
(3)
R(U,t ,U ’ , t’) = V k G N & ( U , t ,W ’ , t’)
(4)
where
for all U,W’ E R and t , t‘ E T . IV is the set (1, 2,3, ...}, but it would do no harm t o include k = 0 as well, since & = Totinf(ad1ibitum) = TRUE. We have to check that R E Pred*(A), i.e., that R is constant at infinity. This is trivial from (4), since each Rk is constant at infinity. In Section 9, we shall comment on the definition (3), and discuss its relation to fixed point semantics. We postpone the discussion since we want to show first that (3) is good enough for a practical case: the “while” statement.
7. THE WHILE STATEMENT We consider the program that is usually written as while E do r
,
(1)
where r is a program, and E is an expression that plays the same role as in Section 4 in the construct “ if E then A else d’.We form a program-toprogram function cp by c p ( ~ ) = if E then ( r ; A ) else skip
(2)
N.G. de Bruijn
956
and we claim that the semantics of RECURS((p) is able to explain the semantics usually attached to (1). We shall do this both for partial correctness and for total correctness. In both cases B is the predicate on that corresponds t o E .
Theorem 1 (“Partial correctness”). Let C be a predicate on R and abbreviate
D = X((t = t’) A ( ( B ( w )A C ( w ) ) + c ( w ’ ) ) ) , F = X((C(w)
A
(3)
(t‘ < m)) + (C(W’) A -B(w’))) .
(4)
Assume that the semantics of I- satisfies Totinf(I-) c D*
.
Then the one of RECURS((p) satisfies Totinf(RECURS(q7)) C F
.
Proof. As in Section 6 we abbreviate
,
Rk = Totinf($’(adlibiturn)) and we note that qk++’(adlibitum)= = i f E then
(7; delay
; $k(adlibitum)) else skip
.
By the rules of Section 5 we get Rk+l C Wk+l where wk+l = X((B(w)
+
Hk(w,t,w’,t’))A ( l B ( w )
Hk = X(ausu,s, (D*(W,t,a,s) A (S‘ = S
+
s(w, t,W’, t’)))
1
(7)
+ 1) A (a‘ = a ) A
.
A Rk(o’, S’,W ‘ , T’)))
(8)
S = Totinf(skip) = X*((w = w’) A ( t = t’)) .
By (3) we have
D*(w,t , w‘, T’)
-+
t = t’
and therefore (8) can be simplified to
Hk = ~ ( ~ , ~ ~ D * ( ~ , t , ~ , t ) A R ~ ( ~ , ~ + 1 , W ’ , t ’ ) ) . (9) We define a sequence of predicates Pk
= X ( ( C ( W ) A (t’ +
Pk
E Pred(A) by
+ 1 5 k + t ) A (t‘ <
(C(w‘)A-B(w’)))
.
00))
-+
Computer program semantics in space and time (F.5)
957
We remark that for all k
i.e., that
Pk
= Pl
Pk
is constant at infinity: we even have
,
(11)
pk(w, t,w‘, m)
(12)
for all k , w , t , w’ because of the subexpression t‘ We shall show that Rk
cPk
( k = 0, 1,2, ...)
< 00 on the left in (10).
.
(13)
Once this has been shown we rapidly get to (6): by Section 6 Totinf(RECURS(9)) C Rk for all k , and for all (w, t , ~ ’t’) , E A we have (vk
Pk(w, t ,W ‘ , t’)) + F ( w , t ,U ‘ , t’) .
(14)
If t‘ = 03 this is trivial since the right-hand side is true, if t’ < rn we can (given w, t , w’, t’) take k such that t ’ + l 5 k + t , whence Pk(W, t , w ’ , t’) + F ( w , trw’, t’). We shall prove (13) by induction. First
Ro c Po
(15)
is trivial: P = TRUE since t’+ 1 5 t is false on A. next we take a fixed k we assume Rk C P k and we shall show C &+I. It suffices to show wk+1
c pk+1
> 0, (16)
To this end we fix ( w , t , w’, t’) E A, we assume
Rk C
Pk
and
wk+l( W , t , W ‘ ,
t’)
(17)
and our goal is Pk+l(w, t , w’, t‘). w e split in two cases: B ( w ) and +(w), according to (15) and (7) we can reach our goal by proving
so
In order to show (18) we assume its left-hand side. By (9) and Rk C conclude that n exists such that
we
B(U)A
D * ( W , t , 0,t’) A Pk(C7,
t
I, W ’ , t’) .
Pk
(20)
If t‘ < 00 we can just replace D’ by D , and from (20), (3), (4) we derive ( C ( w ) A (t’
+ 1 5 k + t + 1)) + (C(W‘)A i B ( w ’ ) )
(21)
N.G. de Bruijn
958
and that means Pk+l(W,t,W’,t’). If t’ = 00 we get Pk+l(W,t,W‘,t’) from (12). Next we show (19). We assume S(w, t,w’, t‘) A l B ( w ) , and have to prove Pk+l(w,t,w’,t’). If t‘ = 00 this is trivial by (12), so we take t’ < m. w e assume C ( w ) A (t’ 1 k 1 t ) A (t’ < 00) and want to show C(w‘) A +?(w’). From S(w, t,w’, t’) and t’ < 00 we get w = w’, so by C ( w ) and +(w) we have 0 C(w’) A -B(w’). This finishes the proof of Theorem 1.
+ < + +
Theorem 2 (“Total correctness”). Let C be a predicate on R, and let Q be a mapping of R into the set of integers 2 0 . We abbreviate
D = X ( ( ( B ( w )A C ( w ) )
+
F = X ( ( C ( w )A ( t < 0 0 ) )
< Q(w)))) A ( t = 0 ),
(22)
< t + Q(w)) A -B(w’))) .
(23)
(C(w’)A ( Q ( 4
+
( C ( w ‘ ) A (t’
Assume that the semantics of r satisfies Totinf(r) c D*
.
(24)
Then the one of RECURS((p) satisfies Totinf(RECURS(p)) c F
.
(25)
Proof. With the new D and F we follow the proof of Theorem 1. We also take new Pk’s:
Pk = X((C(W) +
A
(Q(W) < k) A (t < 0 O ) )
+
((t‘+ 1 < t + k) A c ( w ‘ ) A iB(w‘))) .
(26)
Since we have altered D, F and Pk, we have to supply new proofs for the details ( l l ) ,(14), (15), (18), (19) of the proof of Theorem 1. We note that the simplification of (8) to (9) is again valid. We have (11) since
Pk(w,t , W ’ ,
0O)
*y(C(W)
A (&(id)
< k ) ) V ( t = 00)
and the right-hand side does not depend on w‘. In order to show (14) we take any (w, t , w’, t’) E A, we assume all pk(W,t , w’, t’) and c ( w ) A ( t < 00). Taking k > Q(w) + 1 we infer from Pk(w,t , w ’ , t ‘ ) that t‘+l t + k and C ( w ’ ) A - B ( w ’ ) and therefore (t’ 5 t+Q(w))AC(w‘)A-B(w’). Thus we have proved F ( w , t ,w‘, t‘). We now show (15): since Q(w) < 0 is false for all w we have from (26)
<
Po = TRUE. Next we take any (w, t , d , t’) E A and any k E { O , l , ...} and we shall prove (18). We do this by showing that (20) leads to Pk+l(W,t,W‘,t‘). Assume (20). Moreover, assume C ( w ) A (Q(w) < k + 1) A ( t < 0 0 ) , and try to get (t’ 5 t k) A C ( w ‘ ) A (-B(u’)).The D*(w,t , 0,t ) of (20) equals D(w, t , n, t )
+
Computer program semantics in space and time (F.5)
<
959
and therefore implies in the present context C ( a )A (Q(u) < Q ( w )). Hence c(0)A ( Q ( u ) < k ) . The Pk(0,t l,w’,t’) of (20) now gives (t’ 5 t k ) A C ( w ‘ ) A +l(w’) as we wanted. This finishes the proof of (18). We finally turn to (19). We assume (with some fixed (w, t ,w’, t’) E A and fixed k ) that S(w, t , w ‘ , t’) A i B ( w ) ,and moreover C ( w ) A (&(w) < k 1) A (t < 03). If t’ < 00 then S(w, t , w ‘ , t’) says that w = w’ and t = t’, and we get (t’ 1 5 t k 1) A c ( w ‘ ) A -.B(w’). This proves Pk+l(w,t,w’,t’). The case t’ = 03 does not occur, since S(w, t,w’, t‘) would still say t = t’, which conflicts with t < 03. This finishes the proof of (19)) and completes the proof of Theorem 2.
since t
00,
+
+
+
+
+ +
0
Sometimes we can definitely conclude to non-termination of a while-statement. Rather than stating general theorems we present a single example. The proof will again follow the pattern of the proof of Theorem 1. In this example we take for R the set of all integers. The predicate B corresponding to the E in “while E do T” is given by B(w) = (w > 0). And T is a program for which we assume Totinf(.r) C D*, where
D = X ( ( t = t‘) A (w’ = w
+ 1)).
(27)
(In ALGOL one can think of the while-statement “while z > 0 do 2 := z+ l”.) We shall derive the semantical statement Totinf(RECURS(cp)) c F , where
F = X((w > 0 ) + (t’ = w)) .
(28)
This corresponds to the intuitively obvious statement that if the initial value of > 0 do z := z 1” is non-terminating. Again we follow the proof of Theorem 1. We take
+
z is positive, then “while z
= x((w
> 0 ) + (t + k 5 t’ 5 w)) .
(29)
Since D*(w,t,w‘, t‘) + ( t = t’) we can again simplify (8) t o (9). Now again it suffices to check (11)) (14)) (15), (18) and (19). We have (11) since w’ does not occur in (29). And (14) is trivial by (29) and (28). Next (15) is obvious since Po = TRUE (note that t 5 t’ 5 00 in all points of A). Now we turn to (18). We assume the left-hand side, i.e., Hk(W,t , w ’ , t ’ ) and w > 0. Turning to (9) we note that D*(w,t , u,t ) implies (t = 00) A (0= w 1). so by the induction assumption Rk C Pk we derive from H k ( W , t , w ’ , t ’ ) that u exists such that
+
( ( t = w) V (0= w + 1)) A
> 0 ) + ( t + 1+ k 5 t’ 5 w)) .
((0
I f w > 0 we deduce ( t = w ) v ( a > 0), so ( t = w ) V ( t + l + k 5 t’ 5 t + 1+ k 5 t’ 5 00.
03),
whence
960
N.G. de Bruijn
Therefore we have proved (18). Finally (19) is trivial since already -B(u) implies Pk+l(u,t,u’,t’) by (29).
8. A CONTEMPLATION ON SYNTAX AND SEMANTICS There is a world of semantics and a world of syntax. We use the word “world” in order to avoid to have to be very precise. It means something like “area of attention”. Let us call these worlds SEM and SYN. In SEM we talk about sets, relations and mappings in the usual mathematical sense. These mathematical “objects” are discussed in ordinary mathematical language. In SYN we talk about strings of characters, and in particular about special strings which are called “programs”. Again we use ordinary mathematical language to discuss these linguistic objects. So both for SEM and for SYN we use mathematical language, but the “objects” are different. Gradually we discover possibilities to link objects in SYN to objects in SEM, but there is always trouble with the metalanguages of SEM and SYN, in particular in those cases where we use one and the same word (like “variable”) in different meanings in the two metalanguages. In spite of the formidable amount of knowledge about formal languages it must be said that SYN is a poor man’s world, an underdeveloped country. SYN cannot really live without SEM, but SEM can certainly live very comfortably without SYN, just by developing a bit of extra metalanguage. Let us compare the situation of computer programs with a subject that came up about two thousand years earlier: geometrical constructions with ruler and compass. In this geometrical case SEM is the world of geometrical objects and logical discussions about those objects. Since the whole of mathematics is available to SEM, it includes sets and mappings. As an example we mention that there is a mapping that attaches to each pair ( P , r ) , where P is a point and r a line segment, the set circle(P,r), which is the set of all points in our plane which have the distance r to P. Let us call the act of getting the set circle(P, r ) from P and r a construction. In the metalanguage we now describe sequences of such constructs, which lead from a set of objects we are assumed t o “have” at the start, t o the objects which somehow interest us. We say that this sequence constructs these interesting objects. Parallel to this sequence we have a sequence of actions in our physical world on physical paper with physical ruler, compass and pencil, and for this sequence of physical actions the sequence in SEM is a mathematical model. But we have to emphasize that the world of SEM is bigger than this. We might
Computer program semantics in space and time (F.5)
961
study constructions for which no physical realization is available. Now where is SYN in this case? Let us hire people to carry out the geometrical constructions we invented. Assume these people are unable to understand our metalanguage. We have to instruct them very precisely what to do at each step. To that end we invent a system for coding instructions, and these coded instructions are the programs of SYN. (One might say that LOGO is a kind of programming language for at least some geometrical constructions.) The question whether a sequence of commands in SYN corresponds exactly t o the sequence we had in SEM’s metalanguage, is independent of the question whether we actually execute or can execute these commands physically. Let us not get to computer programs. The historical order seems to be somewhat different from the old geometrical case. Most of it started with programs (which had to be very precisely defined) plus a somewhat informal notion of state space and a possibly even more informal notion of time. At the moment the need for “program correctness proofs” was felt, SYN was much better developed than SEM. It is quite natural that this resulted in various ways to treat program correctness which were mostly SYN-centered. It became SYN with a tiny bit of SEM (like state space and predicates), or SYN with a lot of SEM (like fixed point theory). Even the term “program correctness” itself bears the traces of this. The term suggests syntactical correctness, but means something different: it means that a program is correct with respect t o some semantical specification. In the geometrical case one of course feels that the matter of correctness of a geometrical construction (like the question of whether our construction for a regular pentagon really leads to a pentagon that is regular) is a matter of SEM only, and that the question has nothing to do with the way we have coded the construction in SEM. Yet we can of course raise the question whether the execution of a given coded description of a construction leads to a proper pentagon. But it would be a clear case for “separation of concerns” to split this question into (i) whether the program is correct, and (ii) whether the coding is correct. There does not seem to be a good reason for tying things to SYN. In ordinary mathematical language we can define anything we need, like sets and mappings, without ever bothering about the kind of notation we use. There is a strong notion of equality in mathematics, with the effect that one and the same object can be described in various syntactically different ways. This is true for “objects” as well as for “actions”. So let us try to keep the matter of program semantics away from SYN. In SEM we can express in ordinary mathematical language everything we want for
N.G. de Bruijn
962
program correctness, and in a formal checking system (like Automath) we can speak of integrated semantics. In integrated semantics we can describe logic, mathematics, programs and program semantics all in one and the same system. And a compiler would be able to read these mathematically defined programs and to translate them into machine language without ever using the computer languages we usually think of. The total effect of integrated semantics will be simplification. It might also be a satisfactory framework in which other semantical systems can be placed and compared. In SYN-free semantics one can consider programs which are not representable syntactically at all. It might be possible to characterize the representable programs in the set of all programs by means of properties like monotonicity (see Section 9), and show that things like fixed point theory can be developed on the basis of such properties. But why go into all that trouble? In Section 6 we showed an example where an important ingredient of practical programming was treated semantically without any reference to such properties, and it seems likely that we can go quite a distance in this style. In SYN-free semantics it seems to be attractive t o identify the notions of a “program” with the notion of the semantic information of that program. Yet there is something to say for the idea of creating a separate set (the set of programs) and to map it into the set of relations by a mapping “Totinf”, as we did in Section 2. This policy anyway leaves various possibilities open. In particular we keep the possibility to add equality and equivalence assumptions in the set of programs, and such assumptions might be adjustable to later mappings of the programs in SYN into this set of programs. So we do not require that every element of Prog(R) is representable in SYN, and we do not require that two elements of Prog(R) are equal if they have the same semantics. Note that sometimes the notion of equality in SYN might be stronger than the one in Prog(R). For example, the repeated concatenations 2 :=
(2 :=
zS1;
2+1;
(2
:= 2 + 2 ;
2 := 2 + 2 ) ;
2 := 5
2-1)
:= 2-1
might be considered as equal in SYN, and their counterparts in Prog(R) are different but semantically equivalent. On the other hand the programs 2
:= s + l ;
2 :=
2+2;
5 := 2
2+3
:= 2 + 2
will be considered to be different in SYN, as well as different in Prog(R), but yet semantically equivalent.
Computer program semantics in space and time (F.5)
963
For the time being we just leave it open what Prog(R) is. Followers of SYNful semantics might like to identify it with the set of all their programs, and their antagonists might like to identify it with the set of all relations, like Pred(A).
9. COMMENTS ON THE SEMANTICS OF RECURSION In Section 6 we defined the semantics of RECURS (for any program-toprogram function cp) by means of formulas (l), (2), (3), (4). In this section we give some arguments for this choice, and we compare it with other possibilities. In the process of evaluating and comparing we shall appeal to more or less intuitive ideas on the structure and execution of computer programs. It should be stipulated that those ideas are certainly not substantiated in all respects by the treatment of program semantics as explained thus far in this paper. Let us first ignore the 1c, of Section 6, and just work with the iterates of cp itself. If p is a program then
are programs. In order t o facilitate the discussion we assume for a moment that all these programs are deterministic. We take any initial value w , and we ask what happens in the execution. Our intuition says: either the recursive program the p is is non-terminating, or there is a k such that in the execution of @(I) not executed at all. This also means that the executions of cp'(p), cp"'(p), ... are all equal, as far as the initial value w is concerned, and that they are all ), ... for any other program v. In the equal to the executions of ( ~ ' ( v cp"+'(v), case of non-deterministic programs these things are harder t o explain, but the idea remains the same. In the preparation of note [de Bruijn 73d] this idea led to a particular choice of p: p is a program with Totinf(p) = X ( t ' = 00)
,
which means that every execution of p is non-terminating. Consequently: if any execution of @ ( p ) actually executes p , then that execution of @ ( p ) is nonterminating too. So we get the semantics we expect, if we say that ( w , t ,w', t ' ) satisfies the predicate Totinf(cp'(p)) for all large k (or at least for infinitely many k). In the case of termination the p in cpk(p) is not executed at all if k is large. In the case of non-termination the p is executed in all these cpk(p), and that takes care of the truth of Totinf(cpk(p))at ( w , t , w ' , 00) for some w'. The objection one might make is the lack of monotonicity in the sequence. Let us discuss monotonicity first in general terms. If cp is a program-to-program
N.G. de Bruijn
964
function we can “expect” cp t o be monotonic in the sense that 7r
5
+
I cp(a)
cp().
(with 5 defined as in Section 3) for all programs x , 0: if we know more about 7r than about c7, then we know more about c p ( ~ )than about cp(c7). Unfortunately we cannot apply this in the case of the sequence p, cp(p),cp2(p),... since there is cp(p) or cp(p) 5 p for the “non-termination” prono guarantee that either p I gram p. We are so much better off with adlibitum: adlibitum cp(adlibitum), and if cp is monotonic this leads to
>
adlibitum
> cp(ad1ibitum) > @(adlibiturn) > ... .
Unfortunately we do not get the proper semantics this way. The simplest example is the one where cp is the identity: c p ( ~ ) = 7r for all programs 7r. Then the limit of the sequence with entries Totinf(cp’(ad1ibitum)) is just Totinf(ad1ibitum). This means that the sequence provides no semantic information at all: it just says that anything may happen, and not that RECURS(cp) is definitely non-terminating. This objection has been overcome in Section 6 of this paper by taking $ instead of cp. The extra executions of “delay” have the effect that for this particular cp Totinf(Q’(ad1ibitum)) = X ( t
+ k 5 t’ 5
00)
.
Taking limits for k + 00 we get X(t’ = oo),and that is what we wanted. Here we use the following definition of the limit of a monotonically decreasing sequence 7r1
> 7r2 2 7r3 1 ...
*
(1)
We say that T k + 7r
(k + m)
(2)
if for all (w, t , w’, t’) t/k p k ( W , t ,W ’ , t’) = P ( W , t,W ’ , t‘) , where P k = TOtinf(Tk), P = Totinf(T). w e note that Totinf(7r) is uniquely determined by the sequence T I , K Z , ... , and moreover that “k
>
(3)
for all k . In [de Bruijn 73d] we did not have monotonicity of the sequence of programs, and we had to have “lim sup” instead of “lirn”. The fact that we have monotonicity in the present semantics has the obvious advantage that the lim of a
Computer program semantics in space and time (F.5)
965
monotonic sequence is nicer to deal with than the lim sup of a non-monotonic sequence. If we have (1) and (2), then for any arbitrary k we can use Totinf(ak) as information about A , since (3) expresses Totinf(nk) 2 Totinf(n). This is much simper than with lim sup, where we can obtain information about the lim sup only if we have information about Totinf(7rk) for infinitely many k . Let us now discuss the idea of RECURS(cp) being a fixed point. Intuitive ideas about execution suggest the "fixed point statement" Totinf($( RECURS(cp)))= Totinf (RECURS(cp)),
(4)
but it is not easy to actually prove this without making restrictive assumptions about the class of constructs we take cp from. Just monotonicity will not do. Monotonicity does suffice for the weaker result
$(RECURS(cp)) 5 RECURS(cp) .
(5)
This follows if we apply 11, to both sides of the inequality (cf. (3))
RECURS(cp) 5 +'(adlibiturn) and take limits for k -B 00. The equality (4) is easy if we assume that $ is not just monotonic but also continuous. We take the latter notion in the sense that lirn $(Ah) = $(lim(wk))
(6)
for any sequence satisfying (1). However, it may be quite hard to establish continuity, even in this weak sense, for all $'s arising from a given set of program constructs. In particular we have t o bear in mind that we may wish to apply RECURS to functions cp which in their definition contain applications of RECURS already. If we take our set of program constructs a bit too wide, it is easy to kill continuity even for very simple program functions. We shall present an example that might give an idea of the kind of restrictions we might have to build in. Let R be the set of integers, and imagine that for every k we have a program r k with Totinf(7rk) = x*(((w'2 k) A ( t = t ' ) )V (t' = 0 0 ) ) . we let 0 be described similarly by Totinf(a) = X*((w'= 0)A ( t = t ' ) ) . We define the program-to-program function 19 by means of concatenation with a:
6(7)= (7; 0 )
N.G. de Bruijn
966
for all T . We have T I 2 7r2 2 ... . If we call the limit T it follows from the monotonicity of cp that cp(n1) 2 cp(x2) 2 ... . Let us put p = lim V ( n k ) . We hope that p and I ~ ( T are ) semantically equivalent, but unfortunately this is not the case: Totinf(p) = X*(((w’ = 0) A ( t = t’))V (t’ = 00)) Totinf(lS(w)) = X*(t’ = 00)
.
So a general proof of (4), which means (6) with T k = $,“(adlibiturn) has t o then just monotonicity. depend on more knowledge about the sequence Another point that has to be raised is the maximality. Let us assume that Q is a “predicate transformer” which is such that Totinf($(n)) = @(Totinf(n)) for all T . Then if P = Totinf(REGURS(cp)) we can read (4) as
@ ( P )= P Now let Q be any other predicate with @ ( Q )= Q. Then just assuming monotonicity we can show that Q c P , in other words: P is the maximal fixed point of Q. In order to show Q c P we remark that TRUE ZI @(TRUE) ZI Q2( TRUE), .. and that the limit of the sequence sequence
ak(TRUE) is P.
Comparing this with the
(of which all entries equal Q) we infer from Q c TRUE, by monotonicity of Q, that Q c Q k ( TRUE), and therefore Q c P . The question arises whether it is really worth the trouble of finding satisfactory restrictions on $ that guarantee (4).After all, we have shown in Section 7 that we can get to quite practical statements on actual programs without ever going into notions like continuity and fixed points. We did not even have to mention monotonicity! It might be easier t o prove (4) under restrictive assumptions like finiteness of state space, or exclusion of non-determinism. But such restrictions do not seem to be attractive for the practical discussion of actual programs. Anyway there is quite a distance between the definition of recursion semantics by means of lim(Totinf($k((adlibitum)))and any definition based on the idea of a maximal fixed point. It is a matter of opinion which one of the two ideas is preferable as the definition of the semantics of recursion.
Computer program semantics in space and time (F.5)
967
The two kinds of semantics get closer together if we take a more liberal interpretation of non-termination. In this more liberal version a semantical statement that says (with w , t given), that t‘ = 00 is a possible effect, has to be interpreted as that there is no upper bound to the values of the t’ of the possible executions (with initial values w , t ) . After all, if we are interested in having our programs terminated, a statement that a program might run for a million years does not give us much more comfort than a statement that it might go on for ever. Therefore, it is quite reasonable to identify “unpredictably long” with “infinitely long”. This “liberal version” is related to the following definition. If P E Pred(A) then instead of the P” of Section 2 we define P+ by: P+(w,t,w’, t’) = P(w,t , w ’ , t ’ ) if t’ < co,and
P + bt,w’, 00) = VU€T\{oo}
%JET I v>u
3,€n P(w,t , P,
.
If the set of all P+ with P E Pred(A) is denoted by Pred+(A), we have Predf(A)
c Pred*(A) c Pred(A) .
In determinietic cases there is no difference between P* and P+. To be more precise, if w , t are such that there is at most one pair w’,t’ with t‘ < co and P(w,t , ~ ‘t’), , then P+(w,t , w ’ , t’) = P*(w,t , ~ ’t’), for all w’, t‘. In general, if P describes the semantics of a program in the original version (where P ( w ,t , w’, co) means that the program can actually run for ever), then P+ is the liberal semantics (where P+(w,t ,w‘, co) means that there is no upper bound to the runtime). If we take the liberal semantics, then our prospects for proving the fixed point property for recursion become much more promising. The difference between P* and P+, and its being related to having nondeterminism and infinite state space, can be connected to Konig’s well known infinity lemma. In order to make the notation sufficiently clear for further discussion, we explain it in a few words. Let ( S , r , f ) be a rooted tree. That is, S is a set (the set of “points”), r is a special element of S (called the “root”) and f is a mapping of S\{r} into S (f(z)is called the “father” of x). It is assumed that for every z (z # r ) there is an integer n such that the n-th iterate f ” maps z into r . This n is uniquely determined, and is called the “level” of z. The level of r is zero. If z E S , the set of all y E S\{r} with f ( y ) = z is called the “offspring” of z, and denoted
Ob). If 3: E S we denote by IP(x) the proposition that there is an infinite path starting from z, that is a sequence 20,z1, 2 2 , ... with zo = z and f(zCn+l) = zn for n = 0 , 1 , 2 , ... . And by UL(x) (UL abbreviates “unbounded level”) we denote
N.G. de Bruijn
968
the proposition that for every natural number m there is a path 20,. . . l zm, again with zo = z, f(z,+l) = zn for n = 0, ...,m - 1. We note that for all z IP(2) + UL(2)
.
Finally we formulate the “finite offspring condition”. It says that for every z E S the offspring O(z) is a finite set.
Konig’s lemma expresses: If the finite offspring condition holds, and UL(T) is true, then we have IP(T). Coming back to semantics, we shall try to explain that IP(T)can be compared with infinite runtime, and UP(T) with unpredictably long runtime, in both cases with initial value T. And the finite offspring condition corresponds to a condition that says that the number of possible outputs is finite, for every given input. This condition is certainly guaranteed if the state space is finite, but also if the program is deterministic. We describe a typical case of a tree where UL(T) holds but IP(T) does not. . points of S are the pairs ( i , j ) with integers i, j Let us call it ( S , T , ~ ) The satisfying either 0 < i 5 j or i = j = 0. The point (0,O) is taken as the root. For all other points we define the “father” by
fo(i,j) =
{
< i 5 j ) A (i #
(i - 1,j)
if (0
(090)
ifl=i<j.
1)
The tree is depicted in Figure 1. In that figure the arrows run from points to their fathers.
Figure 1 Coming back to the general tree ( S ,T, f ) , we describe programs for which S is the state space. As a primitive program we take the program “step”. Its semantics is described by Totinf(step) = (t’ = t ) A (w’ E O ( w ) ) .
Computer program semantics in space and time (F.5)
969
Note that “step” is a non-deterministic program, at least if there exist points w where O ( w ) has more than one element. If O(w) is empty (such an w is called an end-point), then there is no possible output w’ to the input w . If this is considered unacceptable, one might take any arbitrary value of w’ as output, like w’ = w . That means that in the definition of Totinf(step) we replace w’ E O ( w )
by w’ E O ( w ) V ( ( O ( W= ) 8) A (w’ = w ) )
.
But actually the case of empty O(w) is unimportant since the program “step” will not be used there. Let us now discuss the program (see the beginning of Section 7) while E do s t e p , where E corresponds to the predicate B given by = (O(w)#
0) .
In the notation of Formula (2) of Section 7 this program denotes RECURS(cp), where cp is given by c p ( ~ )= i f
E then (step; T ) else skip
.
The “intuitive”, or, if one prefers, “operational” semantics of this program is the following one. Let w (the input) be any point of the tree. If w’ is an end-point such that fk(w’)= w for some lc 2 0 then w’is a possible output (and t’ = t k). If IP(w) holds then there is a non-terminating execution. If IP(w) is false but UL(w) still holds then there exist unpredictably long executions. If UL(w) does not hold then all executions starting with w terminate, and there is an upper bound to their runtime. Let us now investigate Totinf(RECURS(w)) as defined by (4) in Section 6. As far as terminating executions are concerned, it produces the same results as the intuitive semantics. For values of w where IP(w) holds, it proclaims the possibility that t’ = 00, as it should. But in points where UL(w) holds but IP(w) does not, the semantics of Section 6 still says that t’ = 00 is possible, and the intuitive semantics says it is not. The difference between these two kinds of semantics vanishes (at least for this program) if we identify “Unpredictably long runtime’’ and “non-termination” . In the tree program described here, it is also easy to illustrate that $(RECURS(cp))and RECURS(cp) can have different semantics in the system of Sec, UL(z) is false tion 6. We take the special tree (SO,TO, fo). We have U L ( T ~ )but for all z with f(z)= TO. From this it can be derived that at (TO, t , d ,00) (where w‘ irrelevant) RECURS(cp) is true but $(RECURS(cp))is not.
+
N.G. de Bruijn
970
Things look much better in the non liberal Pred' semantics. We briefly discuss the changes that have to be made. First, in Section 2 we have to introduce Predf(A) instead of Pred*(A). We have to give up the idea of a J such that always P * J = P+, like in Formula (2) of Section 2, and it is not generally true that ( P * Q)+ = P * Q+. (A counterexample: 0 = N ,
P ( ~ , t , w ' , t ' ) =( t ' = t ) , Q ( w , t , ~ ' , t ' )= ( ( w ' = ~ ) A ( t ' = t + w ) ) . In Section 3 we have to introduce Totinf+ as a mapping of Prog(R) into Pred+(A). The changes in Section 4 are trivial. In Section 5 the semantics of the concatenation has to be described by Totinf(r; 0)= (Totinf(a)
* Totinf(o))+ .
In Section 6 the semantics of RECURS(9) can be given by Totinf(RECURS(9)) = R+
,
although the definition of R in (4) will guarantee that there is no difference between R and R+ as soon as we have monotonicity. We note that if PO2 PI 2 P2 3 ... with P, = P$ for all n, and if P = V, P,, then P = P+. In Theorems 1 and 2 of Section 7 the new semantics makes no difference, since they deal with cases with bounded runtime. In the non-termination example at the end of Section 7 there is neither any difference, since the program is deterministic. From the tree program discussed earlier in this section it can be seen that $(RECURS((p)) and RECURS(9) need not have the same Pred*-semantics in nondeterministic cases with infinite state space. If we turn to Pred+-semantics, however, it seems that we only need monotonicity properties in order to show that Totinft ($( RECURS(9))) = Totinf+( RECURS((p)) , which means that RECURS(9) can be considered as the maximal fixed point.
10. A COMMENT ON ABORTION
We have not yet described the notion of abortion in our semantical system. Here we first discuss an attempt to treat abortion in a way that seems to be promising at first, and we shall explain why it is not satisfactory. The attempt is this one. If R is a program, and w , t are initial state and time such that there do not exist any w', t' (not even with t' = m) such that Totinf(w, t , w', t') holds, then we might try to interpret this as abortion. This means: with the initial w , t the execution of T will have been interrupted at
Computer program semantics in space and time (F.5)
971
some point. The semantical system does not disclose at exactly which point further execution is refused by the machine, simply because it never discusses executional details. This point of view seems to be very promising for Dijkstra’s guarded command statement i f El
+ a1
0
... 0 E,++.ak
fi
(1)
where each Ei corresponds t o a predicate B (like in our discussion of the “ i f then e l s e ” in Section 4). The semantics is: “select at random an i such that Bi(w)holds, and then execute ai;if there is no such i then abort”. If abortion is interpreted in the style “no possible w’, t’” we indicated above, then the total information of the progam (1) is given by (&(w) A
Pi(W,t,w’, t‘))V ... V ( B ~ ( wA )P k ( ~ , t , w ’t’)) , ,
(2)
where Pi = Totinf(ai) (i = 1,...,Ic). The simplicity of (2) seems to be a positive point both for Dijkstra’s semantics and for the “no possible w’, t’ ” interpretation of abortion. Unfortunately we have to admit that the “no possible w’, t‘” interpretation of abortion conflicts with the idea of nondeterministic programs. We show this with a concatenation “a ; u” where a is a nondeterministic program and u is a program that sometimes aborts. Let b and c be two different elements of 0, and let Totinf(a)(w, t,w’, t’) = ((w’ = b) V (w’ = c)) A ( t = t’) Totinf(u)(w, t , ~ t’) ‘ , = (w
# b) A (w = w’) A ( t = t’) .
So u leads to abortion with the initial state 6, but is harmless with all other initial states. By our semantic rule on concatenation we have Totinf(a ; u ) ( w ,t , d ,t’) = (w’ = c ) A (t’ = t )
(3)
so here there is no abortion for any w ,t. Therefore (3) does not describe the situation adequately, since we expect that the semantics of “a ; u” is: whatever w , t is, we have either abortion or (w’ = c) A (t’ = t ) . A more satisfactory way to incorporate abortion into a semantical system is by means of a special boolean variable. Let us call it ab (for “abortion”). At the start of a program we add the assignment ‘lab := f a l s e ” (interpretation: no abortion thus far), and every sub-program u of the program is replaced by “ i f Tab then u e l s e skip”. If in the final state we have ab = t r u e then we interpret this by saying that the program execution has been aborted. In addition to this the sub-programs may contain assignments ‘lab := t r u e ” in those cases where we actually want abortion to take place. We might want to
972
N.G. de Bruijn
do this in the guarded command statement. Another example is overflow: if we do not wish to handle numbers exceeding m, we might transform “y := l/p” into “ i f Il/pl 2 m then y := l / p e l s e ab := true”. Let us use the word “refuser” for such an extra boolean variable like ab. The essential thing for a refuser T is that subprograms 0 are to be remodelled into “ i f -rr then 0 e l s e skip”. Refusers can be used for semantic discussion of forward goto’s as well.
Bibliography
This Page Intentionally Left Blank
975
References
[A.1] de Bruijn, N.G., Verification of mathematical proofs b y a computer, A preparatory study for a project AUTOMATH (formerly unpublished, 1967). [A.2] de Bruijn, N.G., The mathematical language AUTOMATH, its usage and some of its extensions, in: Laudet, M., Lacombe, D. and Schuetzenberger, M., eds., Symposium on Automatic Demonstration, IRIA, Versailles, 1968 (Berlin, Springer Verlag, 1970), 2 9 4 1 . (Lecture Notes in Math., 125). [A.3] van Daalen, D.T., A description of Automath and some aspects of its language theory, in: Braffort, P., ed., Proceedings of the Symposium APLASM (Orsay, 1973), Vol. I. Also in [van Benthem Jutting 771, 48-77. [A.4] Zucker, J., Formalization of classical mathematics in Automath, in: Colloque International de Logique, Clermont-Ferrand, France, 1975 (Paris, CNRS, 1977), 135-145. (Colloques Internationaux du Centre National de la Recherche Scientifique, 249). [A.5] de Bruijn, N.G., A survey of the project AUTOMATH, in: Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/London, Academic Press, 1980), 579-606. [A.6] van Daalen, D.T., The language theory of Automath, Ph.D. thesis (Eindhoven University of Technology, 1980), Chapter 1, Sections 1 - 5 (Introduction). [A.7] de Bruijn, N.G., Reflections on Automath (Eindhoven University of Technology, 1990). [A.8] Nederpelt, R.P., Type systems - basic ideas and applications, in: van de Goor, A.J., ed., Proceedings of CSN '90, Computing Science in the Netherlands (Amsterdam, Stichting Mathematisch Centrum, 1990), 367383. [B.1] van Benthem Jutting, L.S., Description of A UT-68(Eindhoven University of Technology, 1981). (Memorandum 1981-12, Dept. of Math.).
976
References
[B.2] de Bruijn, N.G., AUT-SL, a single line version of AUTOMATH (Eindhoven University of Technology, 1971). (Notitie 71-22, Dept. of Math.). [B.3] de Bruijn, N.G., Some extensions of AUTOMATH: the AUT-4 family (Eindhoven University of Technology, 1974). (Internal Report, Dept. of Math.). [B.4] de Bruijn, N.G., A UT-QE without type inclusion (Eindhoven University of Technology, 1978). (Memorandum 1978-04, Dept. of Math.). [B.5] van Benthem Jutting, L.S., Checking Landau’s LiGrundlagen”in the A UTOMATH system, Ph.D. thesis (Eindhoven University of Technology, 1977), Appendix 9 (AUT-SYNT). [B.6] van Daalen, D.T., The language theory of Automath, Ph.D. thesis (Eindhoven University of Technology, 1980), Chapter VIII, 1 and 2 (AUT-II).
[B.7]de Bruijn, N.G., Generalizing Automath by means of a lambda-typed lambda calculus, in: Kueker, D.W., Lopez-Escobar, E.G.K. and Smith, C.H., eds., Mathematical Logic and Theoretical Computer Science, Proceedings of the Maryland 1984/85 Special Year in Mathematical Logic and Theoretical Computer Science (New York, Marcel Dekker, 1987), 71-92. (Lecture Notes in Pure and Appl. Math., 106).
[B.8] Balsters, H., Lambda calculus extended with segments, Ph.D. thesis (Eindhoven University of Technology, 1986), Chapter 1, Sections 1.1 and 1.2 (Introduction). [C.1] van Benthem Jutting, L.S., A normal form theorem in a A-calculus with types, in: Mitt. d. Gesellsch. f. Math. u. Datenverarb. 17, Tagung ub. form. Sprachen u. Programmiersprachen, Oberwolfach, Germany (1971), 27-32. [C.2] de Bruijn, N.G., Lambda calculus notation with nameless dummies, a tool
for automatic formula manipulation, with application to the Church-Rosser theorem, Indagationes Math. 34, 5 (1972), 381-392.
[C.3] Nederpelt, R.P., Strong normalisation in a typed lambda calculus with lambda structured types, Ph.D. thesis (Eindhoven University of Technology, 1973). [C.4] de Vrijer, R.C., Big trees in a A-calculus with A-expressions as types, in: Bohm, C., ed., A-Calculus and Computer Science Theory (Berlin, Springer Verlag, 1975), 252-271. (Lecture Notes in Comp. Sc., 37). Also: de Vrijer, R.C., Surjective pairing and strong normalization, Ph.D. thesis (University of Amsterdam, 1987), Chapter 5.
References
977
[C.5] van Daalen, D.T., The language theory of Automath, Ph.D. thesis (Eindhoven University of Technology, 1980), Parts of Chapters 11, IV, V - VIII.
[C.6] van Benthem Jutting, L.S., The language theory of A,, a typed lambda calculus where terms are types (Eindhoven University of Technology, 1985). (Memorandum 1985-02, Dept. of Math. and Comp. Sc.). [ D . l ] de Bruijn, N.G., Example of a text written in Automath (formerly unpublished, 1968).
[0.2] van Benthem Jutting, L.S., Checking Landau’s “Grundlagen” in the A UTOMATH system, Ph.D. thesis (Eindhoven University of Technology, 1977), Parts of Chapters 0, 1 and 2 (Introduction, Preparation, Translation). [ 0 . 3 ] van Benthem Jutting, L.S., Checking Landau’s iiGrundlagenJJin the
A UTOMATH system, Ph.D. thesis (Eindhoven University of Technology, 1977), Chapter 4 (Conclusions).
ID.41 van Benthem Jutting, L.S. and de Vrijer, R.C., A text fragment from Zucker’s ”Real Analysis” (1994). [ 0 . 5 ] van Benthem Jutting, L.S., Checking LandauJs “Grundlagen” in the A UTOMATH system, Ph.D. thesis (Eindhoven University of Technology, 1977), Appendices 3 and 4 (The PN-lines from the preliminaries; Excerpt for “Satz 27”).
[E.1] Zandleven, I., A verifying program for Automath, in: Braffort, P., ed., Proceedings of the Symposium APLASM (Orsay, 1973), Vol. I.
[E.2]van Benthem Jutting, L.S., Checking Landau’s “Grundlagen” in the AUTOMATH system, Ph.D. thesis (Eindhoven University of Technology, 1977), Parts of Chapter 3 (Verification).
[E.3] van Benthem Jutting, L.S., An implementation of substitution in a Xcalculus with dependent types (Philips Research Laboratories Eindhoven, Eindhoven University of Technology, 1988). [F.1] de Bruijn, N.G., Set theory with type restrictions, in: Hajnal, A., Rado R. and Sos, V.T., eds., Infinite and Finite Sets, I, International Colloquium, Keszthely, Hungary, 1973 (1975), 205-214. (Colloquia Math. SOC.J&nos Bolyai, 10).
[F.2] de Bruijn, N.G., Formalization of constructivity in Automath, in: de Doelder, P.J., de Graaf, J. and van Lint, J.H., eds., Papers dedicated to J.J.
978
References
Seidel (Eindhoven University of Technology, 1984), 76-101. (EUT-Report 84-WSK-03).
[F.3] de Bruijn, N.G., The Mathematical Vernacular, a language for mathematics with typed sets, in: Dybjer, P. et al., eds., Proceedings of the Workshop on Programming Languages, Marstrand, Sweden 1987. Plus: Formalizing the Mathematical Vernacular (formerly unpublished, 1982), Examples of an MV Book.
[F.4] Wieringa. R.M.A., Relational semantics in an integrated system (Eindhoven University of Technology, 1980). (Internal Report, Dept. of Math.). [F.5] de Bruijn, N.G., Computer program semantics in space and time (Eindhoven University of Technology, 1983). (Internal Report, Dept. of Math. and Comp. Sc.). [Abadi et al. 911 Abadi, M., Cardelli, L., Curien, P.-L. and Lkvy, J.-J., Explicit substitutions, Functional Programming 1, 4 (1991), 375-416. [Andrews 711 Andrews, P., Resolution in type theory, Journ. of Symb. Logic 36 (1971), 414-432. [Backhouse et al. 891 Backhouse, R., Chisholm, P. and Malcolm, G . , Do-ityourself type theory, Formal Aspects of Computing 1 (1989), 19-84.
[Balsters 861 Balsters, H., Lambda calculus extended with segments, Ph.D. thesis (Eindhoven University of Technology, 1986). See also [B.8]. [Barendregt 711 'Barendregt, H.P., Some extensional models for combinatory logics and A-calculi, Ph.D. thesis (Utrecht University, 1971). [Barendregt 741 Barendregt, H.P., Pairing without conventional restraints, Zeitschr. f. math. Logik u. Grundl. d. Math. 20 (1974), 289-306. [Barendregt 771 Barendregt, H.P., The type free A-calculus, in: Barwise, J., ed., Handbook of Mathematical Logic (North Holland Publishing Co., Amsterdam, 1977), 1091-1132. (Studies in Logic and the Foundations of Math., VOl. 90). [Barendregt 811 Barendregt, H.P., The Lambda Calculus: Its Syntax and Semantics (North Holland Publishing Co., Amsterdam, 1981). [Barendregt 84a] Barendregt, H.P., The Lambda Calculus: Its Syntax and Semantics, Revised edition (North Holland Publishing Co., Amsterdam, 1984).
References
979
[Barendregt 84b] Barendregt, H.P., Introduction to lambda calculus, Nieuw Archief voor Wiskunde 4 , 2 (1984), 337-372. [Barendregt 911 Barendregt, H.P., Introduction to generalized type systems, Journal of Functional Programming 1, 2 (1991), 125-154. [Barendregt 921 Barendregt, H.P., Lambda calculi with types, in: Abramsky, S., Gabbay, D. M. and Maibaum, T., eds., Handbook of Logic in Computer Science (Oxford, Clarendon Press, 1992), Vol. 2, 117-309. [Barendregt et al. 761 Barendregt, H.P., Bergstra, J., Klop, J.W. and Volken, H., Representability in lambda algebras, Indagationes Math. 38 (1976), 377-387. [Barendregt and Hemerik 901 Barendregt, H.P. and Hemerik, C., Types in lambda calculi and programming languages, in: Jones, N., ed., European Symposium on Programming (Berlin, Springer Verlag, 1990), 1-36. (Lecture Notes in Comp. Sci., 432). [Barendsen 891 Barendsen, E., Representation of logic, data types and recursive functions in typed lambda calculus, Master’s thesis (University of Nijmegen, 1989). [van Benthem Jutting 71a] van Benthem Jutting, L.S., On normal forms in A UTOMATH (Eindhoven University of Technology, 1971). (Notitie 71-24, Dept. of Math.). [van Benthem Jutting 71b (C.1)] van Benthem Jutting, L.S., A normal form theorem in a A-calculus with types, in: Mitt. d. Gesellsch. f. Math. u. Datenverarb. 17, Tagung ub. form. Sprachen u. Programmiersprachen, Oberwolfach, Germany (1971), 27-32. [van Benthem Jutting 731 van Benthem Jutting, L.S., The development of a text in AUT-QE, in: Braffort, P., ed., Proceedings of the Symposium APLASM (Orsay, 1973), Vol. I. [van Benthem Jutting 761 van Benthem Jutting, L.S., A translation of Landau’s “Grundlagen” in AUTOMATH, Vol. 1-5 (Eindhoven University of Technology, 1976). [van Benthem Jutting 771 van Benthem Jutting, L.S., Checking Landau’s “Grundlagen” in the Automath system, Ph.D. thesis (Eindhoven University of Technology, 1977). Published as Mathematical Centre Tracts nr. 83 (Amsterdam, Mathematisch Centrum, 1979). See also [ B . 5 ] ,[ 0 . 2 ] , [ 0 . 3 ] , [D.5] and [E.2].
980
References
[van Benthem Jutting 81 (B.1)] van Benthem Jutting, L.S., Description of A UT-68 (Eindhoven University of Technology, 1981). (Memorandum 198112, Dept. of Math.). [van Benthem Jutting 85 (C.6)] van Benthem Jutting, L.S., The language theory of A,, a typed lambda calculus where terms are types (Eindhoven University of Technology, 1985). (Memorandum 1985-02, Dept. of Math. and Comp. Sc.). [van Benthem Jutting 88 (E,3)] van Benthem Jutting, L.S., An implementation of substitution in a A-calculus with dependent types (Philips Research Laboratories Eindhoven, Eindhoven University of Technology, 1988). [van Benthem Jutting and Wieringa 791 van Benthem Jutting, L.S. and Wieringa, R.M.A., Representatie van expressies in het verificatieprogramma VERA 1979 (Eindhoven University of Technology, 1980). (Memorandum 1979-15, Dept. of Math.).
[van Benthem Jutting and de Vrijer 94 (D.4)] van Benthem Jutting, L.S. and de Vrijer, R.C., A text fragment from Zucker’s ”Real Analysis” (1994). [Ben-Yelles 811 G-stratification is equivalent to F-stratification, Zeitschr. f. Math. Logilc u. Grundl. d. Math. 27 (1981), 141-150. [Berkling and Fehr 821 Berkling, K.J. and Fehr, E., A modification of the Acalculus as a base for functional programming languages, in: Nielsen, M. and Schmidt, E.M., eds., Automata, Languages and Programming, 9th International Colloquium, Aarhus (Berlin, Springer Verlag, 1982), 35-47. (Lecture Notes in Computer Science, 140). [Bishop 671 Bishop, E., Foundations of Constructive Analysis (New York, McGraw-Hill, 1967). [de Boer 751 de Boer, S., De ondefinieerbaarheid van Church’ 6-functie in d e A-calculus en Barendregt’s lemma, Master’s thesis (Eindhoven University of Technology, 1975). [Boyer and Moore 721 Boyer, R.S. and Moore, J.S., The sharing of structure in theorem-proving programs, Machine Intelligence 7 (Edinburgh, Edinburgh University Press, 1972), 101-113. [Boyer and Moore 881 Boyer, R.S. and Moore, J.S., A Computational Logic Handbook (Boston, Academic Press, 1988).
References
98 1
[ d e Bruijn 67 (A.1)] de Bruijn, N.G., Verification of mathematical proofs b y a computer, A preparatory study for a project AUTOMATH (formerly unpublished, 1967).
[ d e Bruijn 68a (D.l)] de Bruijn, N.G., Example of a text written in Automath (formerly unpublished, 1968). [de Bruijn 68b] de Bruijn, N.G., AUTOMATH, a language for mathematics (Eindhoven University of Technology, 1968). (T.H.-Report 68-WSK-05).
[ d e Bruijn 7Oa (A.Z)] de Bruijn, N.G., The mathematical language AUTOMATH, its usage and some of its extensions, in: Laudet, M., Lacombe, D. and Schuetzenberger, M., eds., Symposium on Automatic Demonstration, IRIA, Versailles, 1968 (Berlin, Springer Verlag, 1970), 29-61. (Lecture Notes in Math., 125). [de Bruijn 70b] de Bruijn, N.G., On the use of bound variables in AUTOMATH (Technological University, Eindhoven, 1970). (Notitie 70-9, Dept. of Math.). [ d e Bruijn 71 (B.Z)] de Bruijn, N.G., AUT-SL, a single line version of AUTOMATH (Eindhoven University of Technology, 1971). (Notitie 71-22, Dept. of Math.).
[de Bruijn 72a] de Bruijn, N.G., Some abbreviations in the input language for A UTOMATH (Eindhoven University of Technology, 1972). (Notitie 72-15, Dept. of Math.). [ d e Bruijn 72b (C.2)] de Bruijn, N.G., Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem, Zndagationes Math. 34 (1972), 381-392. [de Bruijn 73a] de Bruijn, N.G., A theory of generalized functions, with applications to Wigner distribution and Weyl correspondence, Nieuw Archief woor Wiskunde 3, 21 (1973), 205-280. [de Bruijn 73b] de Bruijn, N.G., AUTOMATH, a language for mathematics, A series of lectures at the SCminaire de mathkmatiques supbrieures, UniversitC de MontrCal, 1971, Lecture Notes by B. Fawcett (Les Presses de 1’UniversitC de MontrCal, 1973). [de Bruijn 73c] de Bruijn, N.G., The AUTOMATH Mathematics Checking Project, in: Braffort, p., ed., Proceedings of the Symposium APLASM (Orsay, 1973), Vol. I. Reprinted in: Kopania, J., ed., Studies in Logic, Grammar and Rhetoric, Humanities, Vol. I1 (Bialystok, 1983). (Papers of Warsaw University, 40).
982
References
[de Bruijn 73d] de Bruijn, N.G., A system for handling syntax and semantics of computer programs in terms of the mathematical language A UTOMATH (Eindhoven, unpublished, 1973). [de Bruijn 74a] de Bruijn, N.G., A framework for the description of a number of members of the A UTOMATH family (Eindhoven University of Technology, 1974). (Memorandum 1974-08, Dept. of Math.).
[ d e Bruijn 74b (B.3)) de Bruijn, N.G., Some extensions of AUTOMATH: the A UT-4 family (Eindhoven University of Technology, 1974). (Internal Report, Dept. of Math.). [ d e Bruijn 75a (F.1)]de Bruijn, N.G., Set theory with type restrictions, in: Hajnal, A., Rado R. and Sos, V.T., eds., Infinite and Finite Sets, I, International Colloquium, Keszthely, Hungary, 1973 (1975), 205-214. (Colloquia Math. SOC.Ja'nos Bolyai 10). [de Bruijn 75b] de Bruijn, N.G., The use of the language AUTOMATH for syntax and semantics of programming languages (Eindhoven, unpublished, 1975). [de Bruijn 761 de Bruijn, N.G., Modifications of the 1968 version of AUTOMATH (Eindhoven University of Technology, 1976). (Memorandum 197614, Dept. of Math.). [de Bruijn 771 de Bruijn, N.G., Some auxiliary operators in A UT-Pi (Eindhoven University of Technology, 1977). (Memorandum 1977-15, Dept. of Math.). [de Bruijn 78a] de Bruijn, N.G., A namefree lambda calculus with facilities for internal definition of expressions and segments (Eindhoven University of Technology, 1978). (T.H.-Report 78-WSK-03). [de Bruijn 78b] de Bruijn, N.G., Lambda calculus with namefree formulas involving symbols that represent reference transforming mappings, Indagationes Math. 40 (1978), 348-356. [ d e Bruijn 78c (B.4)] de Bruijn, N.G., AUT-QE without type inclusion (Eindhoven University of Technology, 1978). (Memorandum 1978-04, Dept. of Math.). [de Bruijn 78d] de Bruijn, N.G., A note on weak diamond properties (Eindhoven University of Technology, 1978). (Memorandum 1978-08, Dept. of Math.). [de Bruijn 79a] de Bruijn, N.G., Wees contextbewust in WOT, Euclides 55 (1979/1980), 7-12.
References
[de Bruijn 79b] de Bruijn, (1979/1980), 66-72.
983
N.G.,
Grammatica van WOT, Euclides 55
[de Bruijn 79c] de Bruijn, N.G., Van alles en nog wat over gebonden variabelen in wiskundige taal, Euclides 55 (1979/1980), 262-268.
[ d e Bruijn 80 (A.5)] de Bruijn, N.G., A survey of the project AUTOMATH, in: Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/London, Academic Press, 1980), 579-606.
[ d e Bruijn 83 (F.5)] de Bruijn, N.G., Computer program semantics in space and time (Eindhoven University of Technology, 1983). (Internal Report, Dept. of Math. and Comp. Sc.). [ d e Bruijn 84 (F.Z)] de Bruijn, N.G., Formalization of constructivity in Automath, in: de Doelder, P.J., de Graaf, J. and van Lint, J.H., eds., Papers dedicated to J . J . Seidel (Eindhoven University of Technology, 1984), 76101. (EUT-Report 84-WSK-03). [de Bruijn 86) de Bruijn, N.G., Checking mathematics with the aid of a computer, in: Howson, A.G. and Kahane, J.-P., eds., The Influence of Computers and Informatics on Mathematics and its Teaching (Cambridge, Cambridge University Press, 1986), 61-68. [ d e Bruijn 87a (F.3)] de Bruijn, N.G., The Mathematical Vernacular, a language for mathematics with typed sets, in: Dybjer, P. et al., eds., Proceedings of the Workshop on Programming Languages, Marstrand, Sweden 1987. Plus: Formalizing the Mathematical Vernacular (formerly unpublished, 1982), Examples of an MV Book. [ d e Bruijn 87b (B.7)] de Bruijn, N.G., Generalizing Automath by means of a lambda-typed lambda calculus, in: Kueker, D.W., Lopez-Escobar, E.G.K. and Smith, C.H., eds., Mathematical Logic and Theoretical Computer Science, Proceedings of the Maryland 1984/85 Special Year in Mathematical Logic and Theoretical Computer Science (New York, Marcel Dekker, 1987), 71-92. (Lecture Notes in Pure and Appl. Math., 106). [de Bruijn 891 de Bruijn, N.G., Machinale verificatie van redeneringen, in: Lemniens, P.W.H., ed., Bewijzen in de Wiskunde (Amsterdam, Centrum voor Wiskunde en Inforrnatica, 1989), 61-79. [de Bruijn 9Oa] de Bruijn, N.G., The use of justification systems for integrated semantics, in: Martin-Lof, P. and Mints, G., eds., Colog-88 (Berlin, Springer Verlag, 1990), 9-24. (Lecture Notes in Comp. Sc., 417).
984
References
[ d e Bruijn 906 (A.7’1 de Bruijn, N.G., Reflections on Automath (Eindhoven University of Technology, 1990). [de Bruijn 91a] de Bruijn, N.G., Telescopic mappings in typed lambda calculus, Information and Computation 91 (1991), 189-204. [de Bruijn 91b] de Bruijn, N.G., A plea for weaker frameworks, in: Huet, G. and Plotkin, G., eds., Logical Frameworks, Proceedings of the BRA workshop, Sophia Antipolis, 1990 (Cambridge, Cambridge University Press, 1991), 40-67. [de Bruijn 91c] de Bruijn, N.G., Checking mathematics with computer assistance, Notices American Mathematical Society, 8 , 1 (1991), 8-15. [de Bruijn 921 de Bruijn, N.G., On the role of types i n mathematics (to be published, 1992). [de Bruijn 931 de Bruijn, N.G., Algorithmic definition of lambda-typed lambda calculus, in: Huet, G. and Plotkin, G., eds., Logical Environments (Cambridge, Cambridge University Press, 1993), 131-146. [Bulnes-Rozas 791 Bulnes-Rozas, J.P., GOAL: A goal oriented commend language for interactive proof construction, Ph.D. thesis, Stanford A.I. Lab., Stanford (1979). (Memo AIM-328). [Cardelli and Wegner 851 Cardelli, L. and Wegner, P., On understanding types, data abstraction, and polymorphism, Computing Surveys 17,4 (1985), 471522. [Church 321 Church, A., A set of postulates for the foundation of logic, Ann. of Math. 33 (1932), 346-366 and 34 (1933), 839-864. [Church 361 Church, A., An unsolvable problem of elementary number theory, Amer. Journal of Math. 58 (1936), 345-363. [Church 401 Church, A,, A formulation of the simple theory of types, Journ. of Symb. Logic 5 (1940), 56-68. [Church 411 Church, A., The Calculi of Lambda Conversion (Princeton University Press, 1941). (Annals of Math. Studies, 6). [Constable et al. 861 Constable, R.L.et al., Implementing Mathematics with the NuPRL Proof Development System (Englewood Cliffs, Prentice-Hall, 1986). [Coppo and Dezani 781 Coppo, M. and Dezani-Ciancaglini, M., New type assignment for A-terms, Archiv. Math. Logik 19 (1978), 139-156.
References
985
[Coppo et al. 811 Coppo, M., Dezani-Ciancaglini, M. and Venneri, B., Functional characters of solvable terms, Zeitschr. f. Math. Logik u. Grundl. d. Math. 27 (1981), 45-58. [Coquand 851 Coquand, Th., Une the‘orie des constructions, Thkse de troisibme cycle (Paris, Universite Paris VII, 1985). [Coquand 861 Coquand, Th., An analysis of Girard’s paradox, Proceedings of the first Symposium on Logic i n Computer Science, Cambridge Mass. (Washington DC, IEEE Computer Society), 227-236. [Coquand 901 Coquand, Th., Metamathematical investigations of a calculus of constructions, in: Odifreddi, P.G., ed., Logic and Computer Science (London, Academic Press, 1990), 91-122. (APIC series, 31). [Coquand and Huet 851 Coquand, Th. and Huet, G., Constructions: a higher order proof system for mechanizing mathematics, in: Buchberger, B., ed., Computer Algebra, Proceedings of the European conference EUROCAL ’85, Linz (1985), 151-184. (Lecture Notes in Comp. Sc., 203). [Coquand and Huet 881 Coquand, T. and Huet, G., The calculus of constructions, Information and Computation 76 (1988), 95-120. [Curien 861 Curien, P.-L., Categorical Combinators, Sequential Algorithms and Functional Programming (London, Pitman, 1986). [Curry and Feys 581 Curry, H.B. and Feys, R., Combinatory Logic (Amsterdam, North Holland Publishing Co., 1958), Vol. 1. [Curry et al. 721 Curry, H.B., Hindley, J.R. and Seldin, J.P., Combinatory Logic (Amsterdam, North Holland Publishing Co., 1972), Vol. 2. [van Daalen 701 van Daalen, D.T., Verzamelingstheorie, de axioma’s van Zermelo-Frankel (Eindhoven University of Technology, 1970). (Internal Report, Dept. of Math.).
[van Daalen 73 (A.3’11 van Daalen, D.T., A description of Automath and some aspects of its language theory, in: Braffort, P., ed., Proceedings of the Symposium A P L A S M (Orsay, 1973), Vol. I. Also in [van Benthem Jutting 771, 48-77. [van Daalen 801 van Daalen, D.T., The language theory of Automath, Ph.D. thesis (Eindhoven University of Technology, 1980). See also [A.6], (B.6) and [ C. 51.
986
References
[van Dalen et al. 781 van Dalen, D., Doets, H.C. and de Swart, H., Sets: Naive, Axiomatic and Applied (Oxford, Pergamon Press, 1978). [Dowek et al. 911 Dowek, G., Felty, A., Herbelin, H., Huet, G., Paulin-Mohring, Ch. and Werner, B., The Cop proof assistant version 5.6, user’s guide (Rocquencourt, INRIA - Lyon, CNRS ENS, 1991). [Fitch 521 Fitch, F.B., Symbolic Logic, an Introduction (New York, The Ronald Press Co., 1952). [Fraenkel et al. 581 Fraenkel, A.A., Bar-Hillel, Y. and LBvy, A., Foundations of Set Theory (Amsterdam, North Holland Publishing Co., 1958). [Frege 18791 Frege, G., Begriflsschrift, eine der arithmetischen nachgebildete Formelsprache des reinen Denkens (Halle, Verlag von Louis Nebert, 1879). [Frege 18931 Frege, G., Grundgesetze der Arithmetik, begriflsschriftlich abgeleitet (Jena, H. Pohle, 1893, 1903). [Gandy 801 Gandy, R.O., Proofs of Strong Normalization, in: Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/London, Academic Press, 1980), 475477. [Gentzen 351 Gentzen, G., Untersuchungen uber das logische Schliessen, Math. Zeitschr. 39 (1935), 176-210, 405-431. [Gentzen 361 Gentzen, G., Die Widersprachsfreiheit der reine Zahlentheorie, Math. Annalen 112 (1936), 493-565. [Geuvers 881 Geuvers, J.H., The interpretation of logic in type systems, Master’s thesis (University of Nijmegen, 1988). [Geuvers 931 Geuvers, J.H., Logics and type systems, Ph.D. thesis (Catholic University of Nijmegen, 1993). [Geuvers and Nederhof 911 Geuvers, J.H. and Nederhof, M.J., A modular proof of strong normalization for the Calculus of Constructions, Journal of Functional Programming 1, 2 (1991), 155-189. [Girard 711 Girard, J.-Y., Une extension de l’interprktation de Godel a l’analyse, et son application A 1’Climination des coupures dans l’analyse et la thCorie des types, in: Fenstad, J.E., ed., Proceedings of the 2nd Scandinavian Logic Symp. (Amsterdam, North-Holland Publishing Co., 1971), 63-92.
References
987
[Girard 721 Girard, J.-Y., Interpre'tation fonctionelle et dimination des coupures dans l'arithm6tique d 'ordre supe'rieur, Thbse d ' Etat (Paris, UniversitC Paris VII, 1972). [Girard et al. 891 Girard, J.-Y., Lafont, Y. and Taylor, P., Proofs and Types (Cambridge, Cambridge University Press, 1989). [Glaser et al. 841 Glaser, H., Hankin, C. and Till, D., Principles of Functional Programming (Englewood Cliffs, Prentice-Hall, 1984). [Gordon and Melham 931 Gordon, M.J.C. and Melham, T.F., Introduction to HOL, A theorem proving environment for higher order logic (Cambridge, Cambridge University Press, 1993). [Gordon et al. 791 Gordon, M., Milner, R. and Wadsworth, C., Edinburgh LCF, A mechanised Logic of Computation (Berlin, Springer Verlag, 1979). (Lecture Notes in Comp. Sc., 78). [Hall 671 Hall Jr., M., Combinatorial Theory (Chichester, Wiley, 1967). (Blaisdell book in pure and applied mathematics). [Harper et al. 861 Harper, R., MacQueen, D. and Milner, R., Standard ML (Edinburgh University, 1986). (Report ECS-LFCS-86-2). [Harper et al. 871 Harper, R., Honsell, F. and Plotkin, G., A framework for defining logics, in: Proceedings of the second Symposium on Logic in Computer Science, Ithaca, N.Y. (Washington DC, Computer Society of the IEEE, 1987), 194-204. [Hichcock and Park 731 Hichcock, P. and Park, D., Induction rules and termination proofs, in: Nivat, M., ed., Automata, Languages and Programming (Amsterdam, North-Holland Publishing Co., 1973), 225-252. [Hilbert and Ackermann 19281 Hilbert, D. and Ackermann, W., GrundzGge der theoretischen Logzk (Berlin, Springer Verlag, 1928). [Hindley 691 Hindley, J.R., The principal type scheme of an object in combinatory logic, Transactions of the American Math. SOC.146 (1969), 29-60. [Hindley 791 Hindley, J.R., Combinatory reductions and lambda reductions compared, Zeitschr. f. Math. Logik u. Grundl. d. Math. 23 (1979), 169180. [Hindley et al. 721 Hindley, J.R., Lercher, B. and Seldin, J.P., Introduction to Combinatory Logic (Cambridge, Cambridge University Press, 1972).
References
988
[Hindley and Seldin 861 Hindley, J.R. and Seldin, J.P.,
Introduction to Combinators and A-Calculus (Cambridge, Cambridge University Press, 1986). [Howard 801 Howard, W.A., The formulae-as-types notion of construction, in: Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/London, Academic Press, 1980), 479-490. (Manuscript 1969). [Jervell 711 A normal form in first order arithmetic, in: Fenstad, J.E., ed., Proceedings of the 2nd Scandinavian Logic Symp. (Amsterdam, North-Holland Publishing Co., 1971), 93-108. [Kamareddine and Nederpelt 93) Kamareddine, F. and Nederpelt, R., On stepwise explicit substitution, Int. Journal of Found. of Comp. Sc. 4, 3 (1993), 197-240. [Kijne 621 Kijne, D., Construction geometries and construction fields, in: Algebraical and Topological Foundations of Geometry, Proceedings of a Colloquium held in Utrecht, 1959 (Oxford, Pergamon Press, 1962). [Kleene 521 Kleene, S.C., Introduction to Metamathematics (New York, Van Nostrand, 1952). [Klop SO] Klop, J.-W., Combinatory reduction systems, Ph.D. thesis (Utrecht University, 1980). [Klop 921 Klop, J.W., Term rewriting systems, in: Abramsky, S. Gabbay, D. M. and Maibaum, T. eds., Handbook of Logic in Computer Science (Oxford, Clarendon Press, 1992), Vol. 2, 1-116. [Kneale and Kneale 621 Kneale, W. and Kneale, M., The Development of Logic (Oxford, Clarendon Press, 1962). [Kreisel 721 Kreisel, G., Five notes on the application of proof theory to computer science (Stanford University, 1972). (Techn. report no. 182). [Landau 301 Landau, E., Grundlagen der Analysis (First ed.: Leipzig, 1930; Third ed.: New York, Chelsea Publ. Comp., 1960). [Landin 641 Landin, P.J., The mechanical evaluation of expressions, Computer Journal 6, 4 (1964), 308-320. [Lauchli 70) Lauchli, H., An abstract notion of realizability for which intuitionistic predicate calculus is complete, in: Kino, A., Myhill, J. and Vesley,
References
989
R.E., eds., Intuitionism and Proof Theory, Proc. Summer Conference at Buffalo, 1968 (Amsterdam, North-Holland Publishing Co., 1970). [Leivant 751 Leivant, D., Strong normalization for arithmetic (variations on a theme of Prawitz), in: Proof Theory Symposium Kiel1974 (Berlin, Springer Verlag, 1975), 182-197. (Lecture Notes in Math., 500). [LCvy 741 LCvy, J.J., Re'ductions sures dans le lambda-calcul, These 3' Cycle (Paris, 1974). [LBvy 751 LCvy, J.J., An algebraic interpretation of the APK-calculus and a labelled A-calculus, in: Bohm, C., ed., A-Calculus and Computer Science Theory (Berlin, Springer Verlag, 1975), 147-165. (Lecture Notes in Comp. sc., 37). [Luo 891 Luo, Z., ECC: An extended Calculus of Constructions, in: Proceedings of the fourth Annual Symposium on Logic in Computer Science, Asilomar, Cal. (Washington DC, IEEE Computer Society Press, 1989), 386-395. [Magnusson and Nordstrom 941 Magnusson, L. and Nordstrom, B., The ALF proof editor and its proof engine, in: Barendregt, H. and Nipkow, T., eds., Types for Proofs and Programs (Berlin, Springer Verlag, 1994), 238-262. (Lecture Notes in Comp. Sc., 806.) [Mann 731 Mann, C.R., The connections between proof theory and category theory, Ph.D. thesis (Oxford, 1973). [Martin-Lof 71a] Martin-Lof, P., A theory of types (1971). (Manuscript). [Martin-Lof 71b] Martin-Lof, P., Hauptsatz for the theory of species, in: Fenstad, J.E., ed., Proceedings of the 2nd Scandinavian Logic Symp. (Amsterdam, North-Holland Publishing Co., 1971), 217-233. [Martin-Lof 75a] Martin-Lof, P., An intuitionistic theory of types: predicative part, in: Rose, H.E. and Shepherdson, J.C., eds., Logic Colloquium '73 (Amsterdam, North-Holland Publishing Co., 1975), 73-118. [Martin-Lof 75b] Martin-Lof, P., About models for intuitionistic type theory and the notion of definitional equality, in: Karger, S., ed., Proceedings of the third Scandinavian Logic Symp. (Amsterdam, North Holland Publishing CO., 1975), 81-109. [Martin-Lof 821 Martin-Lof, P., Constructive mathematics and computer programming,' in: Logic, Methodology and Philosophy of Science, VI, 1979 (Amsterdam, North-Holland Publishing Co., 1982), 153-175.
990
References
[Martin-Lof 841 Martin-Lof, P., Intuitionistic Type Theory, Studies in Proof Theory (Napoli, Bibliopolis, 1984). [Mitchell and Plotkin 851 Mitchell, J.C. and Plotkin, G.D., Abstract types have existential type, in: Proceedings of the 12th Annual Symposium on Principles of Programming Languages (New York, ACM, 1985), 37-51. [Mitschke 761 Mitschke, G., A-Kalkul, 6-Konversion und axiomatische Rekursions- Theorie, Habilit. Schr. (Darmstadt, 1976). [Mohring 861 Mohring, Ch., Algorithm development in the calculus of constructions, in: Proceedings of the first Symposium on Logic in Computer Science, Cambridge, Mass. (Washington DC, IEEE Computer Society, 1986), 84-91. [Nederpelt 71a] Nederpelt, R.P., Lambda-Automath (Eindhoven University of Technology, 1971). (Notitie 71-17, Dept. of Math.). [Nederpelt 71b] Nederpelt, R.P., Lambda-Automath IZ (Eindhoven University of Technology, 1971). (Notitie 71-25, Dept. of Math.). [Nederpelt 72a] Nederpelt, R.P., Strong normalisation in a A-calculus uiith Aexpressions as types (Eindhoven University of Technology, 1972). (Notitie 72-18, Dept. of Math.). [Nederpelt 72b] Nederpelt, R.P., The closure theorem in A-typed A-calculus (Eindhoven University of Technology, 1972). (Notitie 72-22, Dept. of Math.).
[Nederpelt 73 (C.3)] Nederpelt, R.P., Strong normalisation in a typed lambda calculus with lambda structured types, Ph.D. thesis (Eindhoven University of Technology, 1973). (Nederpelt 771 Nederpelt, R.P., Presentation of natural deduction, Receuil des Travaux d e l’lnstitut Math., Nouvelle SCrie, tome 2, 10, Symp. Set Theory, Foundations of Math. (Beograd, 1977), 115-126. [Nederpelt 801 Nederpelt, R.P., An approach to theorem proving on the basis of a typed lambda-calculus, in: 5th Conference on Automated Deduction (Berlin, Springer Verlag, 1980), 182-194. (Lecture Notes in Comp. Sc., 87). [Nederpelt 871 Nederpelt, R.P., De Taal van de Wiskunde (Almere, Versluys, 1987).
[Nederpelt 90 (A.S)] Nederpelt, R.P., Type systems - basic ideas and applications, in: van de Goor, A.J., ed., Proceedings of CSN ’90, Computing Science in the Netherlands (Amsterdam, Stichting Mathematisch Centrum, 1990), 367-383.
References
991
[Nederpelt 921 Nederpelt, R.P., The fine-structure of lambda calculus (Eindhoven University of Technology, 1992). (Computing Science Notes, 92/07). [Newman 421 Newman, M.H.A., On theories with a combinatorial definition of “equivalence”, Ann. of Math. 2, 43 (1942), 223-243. [Nordstrom et al. 901 Nordstrom, B., Petersson, K. and Smith, J.M., Programming in Martin-Loj’s Type Theory (Oxford, Oxford University Press, 1990). [Osswald 731 Osswald, H., Ein syntaktischer Beweis fur die ZulGsigkeit der Schnittregel im Kalkul von Schutte fur die intuitionistischen Typenlogik, Manusc. Math. 8 (1973), 243-249. [Paulin-Mohring 891 Paulin-Mohring, Ch., Extraction des programmes dans le calcul des constructions, Thhse (Paris, UniversitC Paris VII, 1989). [Paulson 871 Paulson, L.C., Logic and Computation (Cambridge, Cambridge University Press, 1987). (Cambridge Tracts in Theor. Comp. Sc., 2). [Penning 771 Penning, P., Automath-bewijzen voor tautologieen (Eindhoven, unpublished, 1977). [Peremans 941 Peremans, W., Ups and Downs of Type theory (Eindhoven University of Technology, 1994). (Computing Science Notes, 94/14). [Plotkin 801 Plotkin, G., Lambda-definability in the full type hierarchy, in: Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/London, Academic Press, 1980), 363-373. [Pohlers 731 Pohlers, W., Ein starkes Normalisationssatz fur die intuitionistischen Typen, Manusc. Math. 8 (1973), 371-387. [Pottinger 771 Pottinger, G., Letter to Prawitz (unpublished, 1977). [Pottinger 791 Pottinger, G., On analysing relevance constructively, Studia Logica 38 (1979), 171-185. [Pottinger 801 Pottinger, G., A type assignment to the strongly normalizable terms, in: Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/ London, Academic Press, 1980), 561-577. [Prawitz 651 Prawitz, D., Natural Deduction, a Proof- Theoretical Study (Stockholm, Almquist and Wiksell, 1965).
992
References
[Prawitz 711 Prawitz, D., Ideas and results in proof theory, in: Fenstad, J.E., ed., Proceedings of the 2nd Scandinavian Logic Symp. (Amsterdam, NorthHolland Publishing Co., 1971), 235-307. [Reynolds 741 Reynolds, J.C., Towards a theory of type structure, in: Robinet, B., ed., Proceedings of the Colloque sur la Programmation (Berlin, Springer Verlag, 1974), 408-425. (Lecture Notes in Comp. Sc., 19). [Reynolds 851 Reynolds, J.C., Three approaches to type structure, in: Ehrig, H. et al., eds., Mathematical Foundations of Software Development (Berlin, Springer Verlag, 1985), 97-138. (Lecture Notes in Comp. Sc., 185). [Sanchis 671 Sanchis, L.E., Functionals defined by recursion, Notre Dame Journal of Formal Logic 8 (1967), 161-174. [Schulte Monting 731 Schulte Monting, H., Yet another proof of the ChurchRosser theorem (unpublished, 1973). [Scott 701 Scott, D., Constructive validity, in: Laudet, M., Lacombe, D. and Schuetzenberger, M., eds., Symposium on Automatic Demonstration, IRIA, Versailles, 1968 (Berlin, Springer Verlag, 1970), 237-275. (Lecture Notes in Math., 125). [Scott 731 Scott, D.S., Models for various type-free calculi, in: Suppes, P. et al., eds., Logic, Methodology and Philosophy of Science, IV, 1971 (Amsterdam, North Holland Publishing Co., 1973), 157-187. [Scott and Strachey 711 Scott, D. and Strachey, C., Towards a mathematical semantics for computer languages (Oxford, Oxford University, 1971). [Seldin 751 Seldin, J.P., Review of ‘Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem’, Journ. of Symb. Logic 40 (1975), 470. [Seldin 761 Seldin, J.P., A theory of generalized functionality I (unpublished, 1976). See also: Seldin, J.P., Progress report on generalized functionality, Ann. Math. Logic 17 (1979), 29-59. [Seldin and Hindley 801 Seldin, J.P. and Hindley, J.R., eds., To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism (New York/London, Academic Press, 1980). [Shoenfield 671 Shoenfield, J.R., Mathematical Logic (Reading MA, Addison Wesley, 1967).
References
993
[Smorynski 771 Smorynski, C., The incompleteness theorems, in: Barwise, J., ed., Handbook of Mathematical Logic (Amsterdam, North-Holland Publishing Co., 1977), 821-865. (Studies in Logic and the Foundations of Math., VOl. 90). [Staples 751 Staples, J., Church-Rosser theorems for replacement systems, in: Crossley, J.N., ed., Algebra and Logic (Berlin, Springer Verlag, 1975), 291306. (Lecture Notes in Math., 450). [Staples 771 Staples, J., A lambda calculus with naive substitution (Brisbane, unpublished, 1977). [Stenlund 721 Stenlund, S., Combinators, A-terms and Proof Theory (Dordrecht, Reidel, 1972). [Tait 671 Tait, W.W., Intentional interpretations of functionals of finite type I, Journ. of Symb. Logic 32 (1967), 198-212. [Troelstra 731 Troelstra, A S . , ed., Metarnathematical Investigation of Intuitionistic Arithmetic and Analysis (Berlin, Springer Verlag, 1973). (Lecture Notes in Math., 344). [Troelstra 771 Troelstra, AS., Aspects of constructive mathematics, in: Barwise, J., ed., Handbook of Mathematical Logic (Amsterdam, North Holland Publishing Co., 1977), 973-1052. (Studies in Logic and the Foundations of Math., Vol. 90). [Troelstra and van Dalen 881 Troelstra, AS. and van Dalen, D., Constructivism in Mathematics (Amsterdam, North-Holland Publishing Co., 1988), Vol. 1. [Trybulec 901 Trybulec, A., Introduction, Formalized Mathematics 1, 1 (1990), 7-8. [Turner 791 Turner, D.A., Another algorithm for bracket abstraction, Journ. of Symb. Logic 44 (1979), 267-270. [Udding 801 Udding, J.T., A Theory of Real Numbers and its Presentation in Automath, Vol. 1-3, Master’s thesis (Eindhoven University of Technology, 1980).
[de Vrijer 75 (C.4)] de Vrijer, R.C., Big trees in a A-calculus with A-expressions its types, in: Bohm, C., ed., A-Calculus and Computer Science Theory, (Berlin, Springer Verlag, 1975), 202-221. (Lecture Notes in Comp. Sc., 37). Also: de Vrijer, R.C., Surjective pairing and strong normalization, Ph.D. thesis (University of Amsterdam, 1987), Chapter 5.
994
References
[de Vrijer 87a] de Vrijer, R.C., Surjective pairing and strong normalization: two themes in lambda calculus, Ph.D. thesis (University of Amsterdam, 1987). See also [de Vrijer 75 (C.4)]. [de Vrijer 87b] de Vrijer, [de Vrijer 87al.
R.C.,
“Stelling” to
his Ph.D.
thesis.
See
[de Vrijer 87c] de Vrijer, R.C., Exactly estimating functionals and strong normalization, Proc. of the Koninklijke Nederlandse Akademie van Wetenschappen, Series A 90, 4 (1987), 479493. [Wadsworth 711 Wadsworth, C.P., Semantics and pragmatics of the lambdacalculus, Ph.D. thesis (Oxford, 1971). [Weyhrauch 771 Weyhrauch, R.W., A users manual for FOL (Stanford, Computer Science Dept., 1977). (Artificial Intelligence Project M235). [Whitehead and Russell 19101 Whitehead, A.N. and Russell, B., Principia Mathematica (Cambridge, Cambridge University Press, 1910-1913), Vol. 1-3. [Wieringa 761 Wieringa, R.M.A., Binaire optelling en vermenigvuldiging in AUT-QE (Eindhoven, unpublished, 1976). [Wieringa 781 Wieringa, R.M.A., Een notatie-systeem voor lambda-calculus met definities, Master’s thesis (Eindhoven University of Technology, 1978).
[ Wieringa 80 (F.4)] Wieringa. R.M. A., Relational semantics in a n integrated system (Eindhoven University of Technology, 1980). (Internal Report, Dept. of Math.). [Zandleven 73 (E.l)] Zandleven, I., A verifying program for Automath, in: BrafFort, P., ed., Proceedings of the Symposium APLASM (Orsay, 1973), VOl. I. [Zucker 741 Zucker, J . , Cut-elimination and normalization, Annals of Math. Logic 7 (1974), 1-112. [Zucker 77 (A.4)] Zucker, J., Formalization of classical mathematics in Automath, in: Colloque International de Logique, Clermont-Ferrand, France, 1975 (Paris, CNRS, 1977), 135-145. (Colloques Internationaux du Centre National de la Recherche Scientifique, 249).
Indexes
This Page Intentionally Left Blank
Index of Names Berkling & Fehr 119821, 811, 837 Bernays, P., 192 Beth, E.W., 26, 203 Bishop [1967], 130 de Boer, S., 503 - (19751, 503, 505 Bourbaki, N., 206 Boyer & Moore (19723, 809 - [1988], 12 Braun, W.C.P., 252 van Bree, L.G.F.C., 73 Brouwer, L.E. J., 26, 204, 236 de Bruijn, N.G., 6, 111, 127, 128, 133,139,163,164,169, 175177, 187, 194, 216, 230, 231, 235, 238, 240, 242, 252, 306, 339,345, 390,393,394,473, 590, 687, 688, 722, 729, 783, 805, 809, 811, 813, 836, 838 - [1968b],8, 15, 74, 141, 150, 394 - [197Oa], 8, 128, 141, 150, 169, 283, 285, 286, 334, 371, 387, 393, 394, 469, 470, 783,844, 938 - [1970b],277 - [1971], 147, 313, 334, 393, 590 - [1972a], 158, 737 - [1972b], 116, 156, 175, 177, 192, 319, 327, 390, 656, 673, 804, 809, 811 - [1973b],141, 283, 285, 286, 334, 396, 722, 783 - [1973~],127, 141 - [1973d], 53, 938, 947, 948, 951,
Abadi et al. (19911, 35, 50 Ackermann, W., 4 Aristotle, 3 Augustsson, L., 12 Balsters, H.,8 - [1986],35, 45, 170, 306, 368 Barendregt, H.P., 11, 229, 230, 235, 239, 243, 248, 376, 391,399, 443, 503, 505, 611 - [1971], 375, 376, 389-391, 427, 448 - [1981],327, 503 - [1984a],339, 340, 572 - 119921, 5, 11, 26, 27, 34, 36, 37, 46 - & Hemerik [1990], 5, 26 - et al. [1976], 503 von Beethoven, L., 841 Ben-Yelles [1981], 187, 633 van Benthem Jutting, L.S., 6, 73, 156, 169, 170, 216, 222, 247, 252, 303, 306, 331, 396, 508, 509, 578 - [1971a], 155, 396, 508 - [1971b],473, 633 - 119731, 101, 127, 160, 804 - [1976], 157, 159 - [1977], 7, 44, 141, 147, 157, 159, 163, 169,170,175, 188-190, 197, 198, 303, 306, 334, 471, 570, 578 - [1981], 339, 687, 688, 733 - (19881, 177 - & Wieringa [1979], 170, 177 997
Index of Names
998 952, 963, 964
- [1974a],289, 334, 852 - [1974b], 148, 159, 187 - [1975a], 144, 192
- & Feys [1958], 8, 150, 168, 175, 195,371,375,376,389,391393, 415, 443, 572, 585 - et al. [1972],195
- [1975b],53, 160, 938
- (19761, 159 - [1977], 159, 289, 306, 652
- [1978a], 33, 156, 160, 177, 339, 355
- [1978b], 177, 342 - [1978~],159, 306, 335, 652 - [1980], 163, 169, 171, 189, 197, 334, 339, 655, 673, 810, 849, 852, 866 - [1987a],865 - [1991a],11, 21, 44 - [1991b], 30, 32 Bulnes, J.P., 166 Bulnes-Rozas [1979],166, 170 Cantor, G., 203-205, 221, 229, 841, 842, 845, 846, 848 Church, A., 5, 34,36,37,41, 75, 168, 205, 229, 230, 232, 235, 246, 389, 391, 392, 503 - (19321, 5, 389 - [1936],5 - (19401, 5, 13, 135, 136, 340, 355 - [1941],375 Constable et al. [1986],9, 11 Coppo & Dezani [1978], 188 Coppo et al. [1981], 188 Coquand, Th., 12, 235, 837 - [1985], 10 - [1986], 8 - [1990], 10 - & Huet [1985], 10 - & Huet [1988], 10 Curien [1986], 809, 815, 837 Curry, H.B., 5, 128, 175, 195, 230, 232, 235, 248, 250
van Daalen,
D.T., 7, 252, 264, 396,
485, 783
- [1970], 144 - [1973], 127, 141, 155, 163, 172, 177,289,301,303,469-471, 474, 493, 517, 522, 523, 558, 591, 592, 701, 783, 787, 810, 833 - [1980], 7, 23, 31, 38, 155, 303, 314, 327, 331, 334, 339, 473, 508, 515, 526, 539, 545, 550, 574, 579, 590, 592, 612, 629, 637, 655, 830, 833 van Dantzig, D., 203 Dedekind, R., 713, 714 Dijkstra, E.W., 207 Dowek et al. [1991], 11 Erdos, P., 26, 204, 212 Euclid, 219, 717 Euler, L., 219 Fitch, F.B., 687 - [1952], 52, 687 Fleischhacker, L., 371 Fraenkel, A.A., 50, 220, 226, 841843, 845-847, 865, 866, 912 - et al. [1958],842 Frege, G., 3, 228 - [1879],3 - [1893], 3 Freudenthal, H., 205, 206 Gandy [1980],41, 655, 664 Gauss, C.F., 841 Geuvers [1993], 11 - & Nederhof [1991], 11
Index of Names Girard, J.-Y., 8, 111, 188, 200, 230, 235, 393 - [1971], 9, 188, 393 - [1972], 8, 9, 111, 123, 150, 168, 188, 520 Glaser et al. [1984],837 Godel, K., 9, 192, 229, 393 Gordon, M.J.C., 12 - & Melham [1993], 12 - et al. [1979], 9, 166 Gorissen, P., 837 Harper et al. [1987], 10 Helmink, L., 11 Heyting, A., 26, 204, 205, 211, 216, 218, 236 Hichcock & Park [1973], 943 Hilbert, D., 4, 52, 93, 94, 101, 142, 152, 163, 203, 205, 216, 217, 219, 728, 730, 733 853, 865, 887, 911, 922, 936 - & Ackermann [1928], 4 Hindley [1979], 177 - et al. [1972], 469 Howard, W.A., 8,111,128,235,248, 393, 469, 473 - [1980], 8, 111, 150, 168, 393, 469, 473 Huet, G., 235, 837 Kamareddine & Nederpelt [1993],50 Kijne (19621, 852 Klop [1980],36 - (19921, 36 Kneale & Kneale [1962], 3 Kolmogorov, A.N., 236 Kornaat, A., 7, 138, 156, 158, 170, 252, 303, 306, 733 Kramers, H.A., 203 Kreisel [1972], 395 Kronecker, L., 217, 218 Kruseman Aretz, F.E.J., 837
999 Lauchli, H., 161, 393 - [1970], 161, 393 LCvy, J.J., 503, 508, 509 - [1974],508 - [1975],503 Landau, E., 73, 144, 157, 159, 160, 169, 222, 223, 252,303,306, 578 701-706, 709-711, 713, 715, 723-725, 729-732, 805 - [1930],44 45 157 159701, 709 Landin, P.J., 243, 837 von Leibniz, G.W., 3 142 Leivant, D., 635 - [1975],633 635 Luo, z., 11 - [1989], 11 Magnusson & Nordstrom [1994], 12 Marcelis, J.G., 252 Martin-Lof, P., 8, 111, 128, 188, 194, 200,230,391,393,398,427429, 472, 474, 655 - [1971a], 8, 168, 194 - [1975a], 9, 25, 111, 123, 128, 130, 134, 150, 188, 192, 393, 474, 517, 520, 655 - [1984],9 Milner, R., 9, 166 Mitschke (19761, 503 Mostowski, A., 841 Nederpelt, R.P., 6, 28, 123, 165, 174, 175, 183, 186, 187, 193, 252, 264, 278, 281, 333, 371, 473, 517, 518, 551, 559, 577, 581, 591,592,596,605,616,626-
628, 655, 683, 783 - [1971a], 275, 393, 590, 628 - [1971b], 28, 393, 590 - [1972b], 400 - [1973], 123, 124, 147, 155, 163, 175, 177, 281, 314, 327, 331,
Index of Yames
1000 333, 345, 473, 482, 517, 518, 522, 577, 592, 626, 633, 655, 783, 830 - (19771, 144 - [1987],23, 52 von Neumann, J., 192 Nordstrom, B., 12 - et al. [1990], 9 Paulin-Mohring, Ch., 11 - [1989], 11 Paulson [1987], 10 Peano, G., 52, 137, 141, 218, 221, 228, 241, 246, 249, 711, 715, 717, 718, 720, 843, 846, 848, 887, 912, 922 Penning, P., 252 - [1977], 170 Plotkin [1980], 191 Pollack, R., 11 Pottinger, G., 635 - (19771, 305, 635 - (19793, 305 - [1980], 189 Prawitz, D., 111, 392, 393, 508, 632, 635 - [1965],305, 392, 509, 632 - [1971], 111, 123, 150, 168, 392, 393, 487, 488 Pythagoras, 3 Reynolds, J.C.,9 - [1974], 9 Rosser, J.B., 38, 42 Russell, B., 4, 229 Sanchis, L.E., 393 - (19671, 393 Schuh, F., 202, 203 Schulte Monting [1973], 391 Scott, D., 9, 26, 100, 161, 167, 169, 188, 193, 194, 216, 473
- [1970], 25, 168, 169, 188, 194,
200, 473
- [1973], 9, 128, 134 - & Strachey (19711, 943 Seidel, J.J., 6 Seldin, J.P., 177, 188, 195, 200, 230 - [1975], 177 - [1976], 25, 188, 195 - & Hindley (19801, 22 Shakespeare, W., 217 Smorynski [1977],5 Staples, J., 175 - [1977], 175
Tait, W.W., 118, 376, 391, 392, 396, 398, 427-429, 655 - [1967], 392, 396, 487 Tarski, A., 5 Thales, 3 Trybulec [1990], 12 Turing, A.M., 229 Turner [1979], 49, 177 Udding, J.T., 160, 252 - [1980], 160 de Vrijer, R.C., 7, 175, 185, 252, 396, 503, 517, 601, 647, 689 - [1975], 155, 163, 173, 175, 185, 517, 591, 601, 608, 647 .. . - [1987a], 37, 174 - [1987~],41, 655, 664 Wadsworth (19711, 177, 809 Weyhrauch, R.W., 166 - [1977], 166 Whitehead, A.N., 4, 229 - & Russell [1910],4 Wieringa, R.M.A., 8, 157, 160, 170, 177, 252, 837, 947 - [1976], 171 - [1978], 160
Index of Names - [1980], 947 Wittgenstein, L., 151
Zandleven, F., 7, 121, 126, 156, 158, 169, 170, 176, 252, 725, 805, 809,811, 817, 837 - 119731, 101, 115, 121, 127, 156, 169, 570, 572, 805-807 Zermelo, E., 51, 144, 220, 226, 841843, 865, 866, 912 Zucker, J., 7, 147, 158, 160, 169, 170, 224, 252, 303, 306, 724, 729, 733,736, 737,739-742,746, 748, 749 - [1974],635 - [1977], 158, 163, 169-171, 177, 188, 189, 197,289,303,305, 306,470, 706, 722, 724,729, 733, 736, 741, 742, 746
1001
This Page Intentionally Left Blank
Index of Notations +, 309, 493
a,116
+’, 311
P, 108
C9, 304
Pq-CR, 577 PTVU-SN, 638 p r , 603 bool, 688 bool, 16, 41, 723 b o o l , 53 BOUNDSUBST, 790 BT, 38 BT, 600, 601
507 >, 494, 518 >1,493 > p , 790 >6, 794 >,, 792 51,494 2 , 494, 518 A sub B, 493 A 1 B, 494, 519 A c B, 493 [ti : V ] ,149 E [z := p ] , 148 E, 52 00, 53 P I r 11 486 +, 599 -‘btr 473 ,: 599 c,583 El 493 N, 518 =, 494
cantyp, 539, 558 CAT, 49, 125, 795 CAT, 299, 739 CAT, 31 CATEGORY, 788 CL, 519, 534 CL1, 534 CL’, 612 CL& 612 CLPT, 534 CLPT1, 535 CORRECT, 802 CORRECTCATS, 801 CR, 494 CR’, 612 CR;, 612 CR1, 494 cus, 648
El 798 $ ’,
800 T, 747 I-, 723, 801 I-N, 626 I-*,801 :, 52 ::, 52
Deg, 399, 450 6 , 108, 493 dn, 594 dnc, 594 1003
1004
DOM, 48,795, 796 DOM,739 DOM, 31 dom, 561 E, 116
EB, 109 E , 304, 493 Eait, 311 77, 108 EUD, 519, 536 IF, 638 ij-pp, 494 INDSTR, 787 i n t , 53 IS,41
Lq, 519, 536 LR, 605 MIDDLE, 787 F , 39 N, 494 nonempty, 688
OCCURS IN, 792 OFF, 940 OLDER THAN,798 w , 346 %(x)4 89 ON,940 P'T, 596 PD, 596 n, 32,306,736 K , 304, 493 PN, 109 PROP, 723 prop, 19, 22, 43, 152,196,728 PT, 519, 534, 536,596 PT1, 534
Index of Notations
9, 116
&-, 518 r, 601 RECURS, 955 p, 38, 399,457 rst, 601 rt, 601 s, 601 519, 596 sc, 597 C,11, 736 6 ,304,493 SN, 494 STRINGSUBST, 789 SUBST, 789 SYNT, 739 synt, 31, 299 SA,
T,53 t, 601 r , 34,260,603 r', 482 381 0,468 el,467 0 2 , 466 Totinf, 53 TRUE, 688 TRUE, 16,41, 53,87, 723 Typ, 399, 450 Typn, 449 Typ', 399, 452, 482 typ, 184, 186 typ', 593 type, 16, 19, 22, 43, 75, 148, 181, 258, 395, 728 UD, 519,536 UT, 519,536 weak ij-pp, 494
Index of Subjects function -, 231 functional -, 90 - index, 294 lambda -, 18 abstractor, 398, 403 abstractor chain, 398, 403 abstractor string, 616, 626 absurdity, 236 acceptable, 84 adequacy, 10 adjective, 52, 872, 876, 877 ALF, 12 ALGOLGO, 206, 279, 937 algorithm, 387 algorithmic correctness check, 329 algorithmic definition, 172, 517, 554, 558, 563, 591 all-quantifier, 93 a--conversion, 116 modulo -, 175 -equality, 107 -equivalence, 390 -reduction, 47, 413, 790 alphabet, 401 ancestor, 738 anonymous archetype, 871 Another Logical Framework, 12 applicability condition, 37, 39, 395, 452, 472 application, 28, 148, 178, 231, 377, 396 - condition, 234, 592 -expression, 129, 178, 255, 736
+-language, 185, 309, 526 +-reduction, 40, 493 +‘-reduction, 311 rst-reduction, 601 rt-reduction, 601 r-reduction, 601 s-reduction, 601 t-reduction, 601 1-expression, 258, 371 2-expression, 258, 371 3-expression, 258, 371 Cexpression, 722 lpexpression, 706 It-expression, 706 Ppexpression, 706 2t-expression, 706 3pexpression, 706 3t-expression, 706 V-elimination, 46 $-function, 304 $-type, 304 (-context, 360 ij-postponement, 494 abbreviating expression, 737 abbreviation, 105, 179, 241 abbreviation system, 76, 147 abbreviation-line, 707 abortion, 940, 970 abstract algebra, 139 abstract data type, 28, 245 abstract linear order, 138 abstraction, 28, 148, 178, 231, 396, 470 - expression, 129, 178, 254 1005
Index of Subjects
1006 function -, 231 legitimate Q-,452 - restriction, 19, 107 - rule, 532 self -, 392, 530 applicator, 403 applicator chain, 403 arbitrary, 52, 204, 852, 855 archetype, 205, 871, 898 argument degree, 186, 525 arithmetical typed A-calculus, 168 artificial intelligence, 870 ascendant, 32, 321 assertion, 875 assertion category, 87 assertion type, 688, 722 assertional line body, 886 assignment, 53, 54 assumption, 153, 240, 844, 875 assumptional context item, 880, 885 assumptional item, 879 AT-couple, 324 AT-pair, 32, 324 AT-removal, 33, 37, 325 attachment, 157 AUT-Ah, 30, 32 AUT-A, 36, 37 AUT-II, 31, 40, 44, 127, 147, 158, 289, 294, 303, 724, 733 AUT-II line, 734 AUT-no, 633 AUT-IIl, 634, 636 AUT-4, 187, 284 AUT-68, 41, 147, 251, 687, 721, 722 AUT-LAMBDA, 335 AUT-QE, 127, 147, 183, 230, 276, 289, 303, 396, 469, 471, 701, 721 AUT-QE-NTI, 289, 294, 335 AUT-SL, 28, 32, 147, 154, 186, 275, 314, 393
AUT-SYNT, 30, 43! 158, 299, 725, 737 ACT-synt, 169 Automath, 6, 230, 393, 394, 869 Automath book, 127 Automath project, 169 Automath verifier, 47, 49 automatic expression simplifier, 946 automatic formula manipulation, 375 automatic theorem proving, 23, 98, 157, 221, 240 axiom, 88, 153, 234, 241, 843, 888 axiom of choice, 94, 152, 205, 216 axiom of reducibility, 4 axiomatic line body, 886 Barendregt's cube, 235 Barendregt's lemma, 505 base, 401, 478, 479 Begriffsschrift, 3
P-chain complex, 432 -conversion, 421 -equality, 107, 108 -equivalent, 421 -normal, 460 -normal form, 460 -normalizable, 460 -reduction, 47, 49, 122, 242, 257, 288, 326, 382, 386, 390, 417, 789 n-step -, 417 P1-
-equivalence, 424 -nf, 466 -normal, 463 -normal form, 463, 466 -normalizable, 463 -normalization theorem, 466 -reduction, 36, 398, 422, 424 n-step -, 425
Index of Subjects
P2-
-equivalence, 424 -normal, 463 -normal form, 463 -normalizable, 463 -reduction, 36, 422, 424 n-step -, 424 Pq-Church-Rosser , 577 Or-reduction, 603 big tree, 37, 473, 484, 519, 577, 600 big tree theorem, 38, 175, 485, 486, 591, 600, 601 binary predicate, 132 binary sum, 40 binary tree, 316 binary union, 311 binder, 922 binding abstractor, 407 binding influence, 408 binding instance, 318 binding occurrence, 406 binding variable, 176, 233 block, 15, 75, 843, 882 - opener, 76, 145, 882 - mechanism, 14 - structure, 53, 939 body of a line, 880 Bolzanc-Weierstrass theorem, 138 book, 28, 29, 74, 108, 144, 253, 474, 872, 879 Automath -, 127 correct -, 172 correct PAL -, 84 empty -, 894 - equality, 16, 19, 22, 41, 112, 154, 159, 219 MV -, 879, 891, 911 nested -, 79 valid -, 891, 894 zero abstraction index -, 294 bookkeeping pairs, 601, 607
1007 bool, 87 bool-style, 153, 213 boolean convolution, 950 borderline between language and metalanguage, 873 bound expression, 406 bound instance, 318 bound occurrence, 406 bound variable, 76, 89, 175, 375, 884 Boyer-Moore Theorem Prover, 12 Brouwer-Heyting-Kolmogorov interpretation, 236 de Bruijn index, 49, 809, 811 but for a-reduction, 418 calculated type, 31 Calculus of Constructions, 9, 10, 235 calculus of lambda conversion, 389 calculus ratiocinator, 3 Cambridge LCF, 9 CAML, 11 canonical type, 28, 39, 48, 539, 555 Cantor’s paradise, 205, 846 capacity, 606 Cartesian product, 131, 244, 736 case-construction, 245 category, 15, 48, 75, 76, 128 - of all propositions, 131 - of all types, 130 cc, 10 chain, 403 Characteristica Universalis, 3 chastity belt system, 223 checker, 156 checking, 142, 251, 337 Church’s thesis, 5 Church-numeral, 246 Church-Rosser, 326 h-,577 weak -, 494 - for hq, 596
1008
Index of Subjects
- property, 36, 123, 391, 472, 494 - for PI-reduction, 427
- theorem, 35, 155, 171, 371, 386,390,485, 655,663 Church-typing, 232 clash of variables, 605, 788 class, 372, 872 classical 17 rule, 133 classical logic, 133, 152, 236,866 classical mathematics, 133 classical real analysis, 136 clause, 875,878, 885 clause of a line body, 889 closed expression, 406 closure, 11, 40,418,519,655,676 - for AUT-II, 629 - for Pv-AUT-QE, 537 - for P@-AUT-QE+, 543 - for A, 596 - proofs for simpler languages, 551 - property, 37, 123, 173, 473, 517 - theorem, 155,483 combinatorics, 138 combinatory logic, 177 comment, 739 comment line, 739 common reduct, 173 compatibility condition, 180 compatibility of def and typ, 523, 595 compatible, 231 complete linear order, 139 complete ordered field, 139 completion, 82 complex, 432 composite &reduction, 417 compound notion, 76 comprehension, 136
computability, 5, 489,647 computability under substitution, 648 computable functions, 229 computer program semantics, 843, 863 computer programming, 858 concatenation, 54,954 condition, 875 confluent, 494 confusion of variables, 415 conjunction, 132 conservative extension, 544 constant, 60,230, 377,471, 883 - at infinity, 949 - function, 756 - symbol, 474 constructibility, 51 construction, 470 construction irrelevance, 288 constructive existence, 202 constructive reasoning, 167 constructive validity, 25 constructivist, 87 constructivity, 50 Constructor, 11 content, 253 context, 15, 28, 77, 103, 104, 144, 222, 233, 253, 879 E-, 360 assumptional - item, 880, 885 declarational - item, 880,885 empty -, 128,880 - extension, 734 - indicator, 75, 734 - item, 879,885 - line, 128,265, 734 - mechanism, 14 renaming of -s, 581 valid -, 891,892 variable of a -, 883,884 continuity, 44,748
Index of Subjects continuous, 965 continuum problem, 221 contractum, 179 contradiction, 28, 45, 236, 708 conversion, 28, 390 a-, 116 modulo -, 175 p -, 421 calculus of lambda -, 389 - rule, 234 type -, 308, 530 convertibility, 179 conveyor belt, 209 coq, 11 correct, 372 - book, 172 - PAL book, 84 - expression, 172 - formula, 172 - term, 34 correctness, 172, 263, 327, 328 algorithmic - check, 329 degree -, 307, 312 degree norm -, 593 mathematical -, 166 - in h, 592 - in AUT-QE, 119 - of a 9-formula, 524 - of an E-formula, 524 - of a category, 524, 528 - of an expression, 523, 800 - of a line, 802 partial -, 54, 956 program -, 53 semi -, 333 substitutivity of -, 597 total -, 54, 958 - of strings, 801 - of types, 597 CR for &-reduction, 427, 436 CR for ?-reduction, 436
1009 CR for full 07-reduction, 581 criteria for a good notation, 376 cube of typed lambda calculi, 11 Curry-Howard isomorphism, 235 Curry-typing, 232 d-system, 620 data bank, 164 data type, 10, 53, 938 daughter, 738 dead end set, 639 decidability, 37, 102, 173, 265, 472, 518, 554, 569 feasible -, 18, 25, 167, 173 formal -, 25, 173 decidable, 485 deciding @formulas, 124 decision procedure, 172, 555 declarational context item, 880, 885 declarational item, 879 decomposition, 417, 439, 571 defined constant, 493 defined constant-expression, 493 definiendum, 735 definiens, 735 defining line, 734 definite article, 920 definition, 14, 76, 88, 202, 225, 241, 735, 875, 876 algorithmic - , 172, 517, 554, 558, 563, 591 E-, 39, 172, 517, 554 inductive -, 402 language -, 872 - line, 128 - scheme, 493 unfolding a -, 242 definitional, - constants in h, 620 - equality, 19, 22, 28, 83, 90, 108, 133, 154, 219, 257, 281,
1010
Index of Subjects
394,494, 796
- extension, 185,522, 544 - line, 146
- line body, 886
- reduction, 47 degree, 16, 29, 32, 103, 130, 148, 181,283,307,320-322, 324, 393,450 argument -, 186, 525 - correctness, 307,312 domain -, 186, 525 function -, 185, 525 higher -, 148 - norm, 593 - norm correct, 591 - norm correctness, 593 value -, 185,525 6-equality, 107 -reduction, 39, 50, 154, 219, 256,493, 793, 794 -string, 345 -lambda, 327 A, 36,40,397 -constructible, 409 Ah, 33,313,327 denotational semantics, 943 dependent product, 234 derivation rule, 154 derivation step, 402 derivative, 137, 744,751,753,756 derived rule, 897 descendant, 738 despecify, 923 despo, 923,925 Dialectica interpretation, 9 diamond property, 123 didactics, 251 difference quotient, 744, 750 differentiable, 745 differentiation, 44,733,744,750,756
direct consequence, 417 disjoint one-step i-reduction, 496 disjoint one-step reduction, 527 disjoint reduction, 494 disjoint sum, 132,244, 736 disjoint union, 32,304 disjunction, 28,305 distinction between replacement and substitution, 605 distinctly bound, 397,407 domain, 126,232 - degree, 186,525 - function, 561 mechanical -, 795 - of a term, 48 preservation of -s, 596 Q-, 453 uniqueness of -s, 126,174,519, 535 extended -, 519,535 double negation axiom, 236 double negation law, 216, 728, 748 dummy, 231,318, 883,884 dummy-binding, 376 EB-line, 707 ECC, 11 Edinburgh LCF, 9 E-definition, 39, 172, 517, 554 - for A, 533 E-formula, 116,119, 177,517,524 elementary &reduction, 416 elementary PI-reduction, 424 elementary Pz-reduction, 424 elementary q-reduction, 439 elementary tc-reduction, 443 elementary mathematics, 143 elimination of primitive constants, 616 elimination rule, 234 embedding, 41 empty block opener, 109
Index of Subjects empty book, 894 empty context, 128, 880 empty line, 739 end-point, 316 environment, 49, 817 €-reduction, 40, 304, 493 &,It -reduct ion, 311 equality, 46, 135, 293, 708, 900 Q-, 107 0-, 107, 108 book-, 16,19,22,41,112,154, 159, 219 definitional -, 19, 22, 28, 83, 90, 108, 133, 154, 219, 257, 281, 394, 494, 796 extended -, 583 6-, 107 rj-, 107, 108 intensional -, 192 left hand - rule, 178, 536 - of booleans, 41 - of elements, 41 - of proofs, 306 - on types, 46 right hand - rule, 178 equivalence, 327 equivalence proof, 554, 563 equivalent, 172 77--equality, 107, 108 -reduction, 39, 43, 47, 48, 288, 382, 390, 726, 791, 792 n-step -, 440 T!-reduction, 441 k-fold -, 441 qd-system, 620 excerpt, 45, 48 excluded middle, 205 excluded third, 45, 216, 285 existence, 93 existential quantification, 132, 748
1011 existential quantifier, 237 existential type, 246 expert system, 865 explicit substitution, 50 explicit typing, 232 exponential function, 138 expression, 28, 59, 254, 402, 736, 875 1-, 258, 371 2-, 258, 371 3-, 258, 371 4-, 722 lp-, 706 It-, 706 2p-, 706 2t-, 706 3 p , 706 3t-, 706 abbreviating -, 737 abstraction -, 129, 178, 254 application -, 129, 178, 255, 736 bound -, 406 closed -, 406 correct -, 172 defined constant -, 493 fix -, 736 head -, 254, 736 inhabitable -, 307 lambda -, 736 legal -, 233 legitimate -, 452, 482 name carrying -, 380 NF -, 172, 379 normable -, 507 p, 20, 130 n-, 736 plus -, 493 primitive constant -, 493 pseudo -, 233 quasi -, 114, 149, 286 saturated -, 59 C-, 736
1012 t-, 20, 130 ext-postponement, 499 ext-reduction, 493, 496 extended definitional equality, 583 extended reduction, 583 extended system, 24 extended typed /\-calculus, 168, 303 extended uniqueness of domains, 519, 535 extension, 172, 544 definitional -, 185, 522, 544 unessential -, 185 extensional reduction, 175, 493 extensionality, 47, 136, 192 extensions of Automath, 98 exterior approach, 864 external reference, 322 factor, 404 failure of &-SN, 652 feasibility, 21, 24 feasible decidability, 18, 25, 167, 173 field, 139 finite product, 32 finite sum, 32 first-order language, 158 first-order system, 114, 637 fix expression, 736 fix symbol, 735 fixed point, 965 fixed point semantics, 54 flag, 891 flagless form, 881 flagstaff, 891 flagstaff form, 52, 881, 891 FOL, 166 formal decidability, 25, 173 formula, 875 correct -, 172 E-, 177 Q-, 177
Index of Subjects formulae-as-types, 8, 199, 393, 469 fourth degree identification, 283 fragment p-, 196 t-, 189 free occurrence, 406 free variable, 76, 118 fresh, 884 fresh identifier, 883 fresh variable, 412 function, 17, 231, 389, 908 - abstraction, 231 - application, 231 - degree, 185, 525 - like, 113 - type, 17 type-valued -, 131 - value, 17, 389 functional abstraction, 90 functional binder, 923 functional interpretation, 111 functional interpretation of logic, 19 fundamental rule, 897 y-equivalence, 430 y-type, 357 Godel’s general recursive functions, 5
general language rules, 177 general reduction, 446 generalized - Cartesian product, 239 - conjunction, 132, 711 - functionality, 25 - if-then-else, 711 - logic, 171 -implication, 131, 197, 704, 711 - product, 17, 40, 234 - sum, 32, 40 - typed A-calculus, 40, 168 generate, 402, 417, 424, 439
Index of Subjects generic form, 494 geometrical construction, 50,54?226,
843,850,960 Girard’s paradox, 8 gL, 874 GOAL, 167 grains of salt, 927,931 grammatical category, 876 graph reduction, 177 Grundlagen, 157 Hall-Konig theorem, 138 hardware verification, 12 head expression, 254, 736 head reduction, 571 heading, 739 Heine-Bore1 theorem, 138 high typing, 871, 877 higher degree, 148 higher mathematics, 143 higher order language, 158,187 Higher Order Logic, 12 higher order system, 200 higher order typing, 50 Hilbert operator, 93,728 Hilbert’s &-operator, 152 Hilbert’s axiomatization of geometry, 853,922 Hilbert’s axioms, 887 Hilbert’s program, 5 Hilbert’s selection operator, 205 HOL, 12 identifier, 15, 58, 75, 76,735, 883 identity - function, 758 syntactic -, 175 IEreduction, 493,496, 634 if-then-else, 41, 54,711 illative combinatory logic, 195 immune form, 571,638 imMV, 874
1013 implantation, 32! 322 implementation, 809 - of substitution, 809,817 implication, 41,45,91,132,152,153,
205, 211, 236 generalized -, 197 implicit typing, 232 impredicativity, 8 improper reduction, 585,632 improper symbol, 401 improved dead end set, 641 incomplete information, 53,943 incompleteness theorem, 12 increasing reduction, 36 indicator, 15, 75-77 - string, 79 individual, 45, 136,708 - variable, 401 induction, 46 - on p , 508 - on reducts, 598 - on subexpressions, 598 - on the length of proof, 402 inductive definition, 402 Inductive Definitions, 11 ineffective P-chain, 464 inference rule, 87 infinite binary tree, 315 inhabitability condition, 307 inhabitable, 186,309 - degree condition, 523 - expression, 307 inhabitant, 17 inhabited, 235 injection, 32,40,304,493 instantiate, 129 instantiation, 149,180,193,222,308 - condition, 593 integers, 137 integrated, 938 integration, 227
1014 intensional equality, 192 interactive program. 47 interior approach, 864 internal reference, 322 internalization, 218 interpretation, 143 interpretation-oriented meta-MV, 874 introduction of a variable, 240 introduction rule, 234 introduction-elimination reduction, 493 introduction-elimination rule, 634 intuitionism, 205, 236 intuitionistic Irule, 133 intuitionistic logic, 236 intuitionistic reasoning, 41 intuitionistic type theory, 8,25, 230 inverse mapping theorem, 138 irrelevance of objects, 134 irrelevance of proofs, 20,29,43,132, 133, 169,710,722,724 justification, 240 ereduction, 443 Konig’s lemma, 968 kind, 236 knowledge frame, 328 label, 316,885 labeling, 317 lambda abstraction, 18 Lambda Automath, 393 lambda equivalence, 399,447 lambda expression, 736 lambda notation, 389 lambda phrase, 403 lambda phrase chain, 403 lambda term, 231 lambda tree, 32, 317 A, 40, 186,314, 393, 397, 452, 473, 590,591 A,, 41, 655,673
Index of Subjects
Aq, 591 Aqc, 616 Avdr 620 Ac, 616 Ad, 620 A-Automath, 275 A-Calculus, 5, 229 arithmetical typed -, 168 cube of typed -, 11 extended typed -, 168,303 generalized typed -, 39, 168 A-typed -, 313 name-free -, 156,813 polymorphic -, 9, 193 polymorphic predicate -, 10,167 pure typed -, 168 second order -, 230, 235 typed -, 232,845 untyped -, 230 A-definability, 5 A-definable functions, 5 A-typed lambda calculus, 313 A-SEMIPAL, 146 AV, 340 A+, 34 A+-Church, 34 AX, 38, 175, 185,469, 601 AX-1, 185,472 AX-p, 486 AX-theory, 471,478 Xu, 33,339, 340 ATU, 340, 354 A(-term, 343 language, 143 -, 185 non -, 525 closure proofs for simpler -s, 551 - definition, 872 first order -, 158 general - rules, 177
+
Index of Subjects higher order -, 158, 187 meta -, 4, 143, 208, 873 object -, 4 programming - semantics, 23, 160 regular -, 181, 525 specification -, 865 superimposed -, 97 - theory, 155, 171, 172 type in a programming -, 244 large category, 130, 134 lazy evaluation, 49 LCF, 9, 167 left hand equality, 519 - rule, 178, 535 left projection, 736 legal expression, 233 legitimate expression, 452, 482 legitimate Q-application, 462 legitimate term, 38, 39, 472 LEGO, 11 length, 402 length of proof, 424 let-construction, 28, 244 level of a variable, 379 lexicographical order, 321 library, 251 life without types, 890 limit, 743 line, 28, 108, 128, 253, 734, 879 linear order, 139 list, 243 literary replacement, 513, 605 local P-reduction, 242, 244, 325, 382 local reduction, 32 logic, 268, 688, 706, 721, 909 classical -, 236 combinatory -, 177 functional interpretation of -, 19 generalized -, 171
1015 illative combinatory -, 195 intuitionistic -, 236 minimal predicate -, 166 predicate -, 236 propositional -, 236 Logic for Computable Functions, 9 logical constant, 241 Logical Framework, 10 logical paradox, 4 loops, 863 loss factor, 23, 44, 160 low typing, 877 machine verification, 18 macro-operation, 60 main line, 328 main reduct, 572 main reduction, 506 many-step reduction, 122 Mascheroni constructions, 863 mathematical correctness, 166 Mathematical Vernacular, 23, 27, 52, 161, 211, 224, 865 mathematics produced in Automath, 159 mechanical domain, 795 mechanical type, 31, 125 memory, 48 meta language, 4, 143, 208, 873 meta-MV, 874 meta-typing, 871 metalingual discussion, 376 metric space, 138 micro-operation, 61 mimicking, 159 mini-reduction, 33, 242, 326 minimal logic, 132 minimal predicate logic, 166 mixed string, 401 MIZAR, 12 ML, 9, 167, 230
1016 mMV, 874 mock typing, 150, 289 modified parametrized constant, 883 modulo a-conversion, 175 modulo a-reduction, 493 Modus Ponens, 45,91,214, 236,917 monotonic functional, 666 monotonicity, 390 monotonous, 231 monotony rule, 416, 425, 430, 439, 443,447 more-step reduction, 494 mother, 738 multi-step proof, 152 multiple P-reduction, 382, 384 multiple substitution, 39, 49, 501, 512, 815 MV, 52, 865, 874 - book, 879, 891, 911 name, 52, 253, 266, 376, 875-877 -carrying expression, 380 - clash, 33, 35, 47, 156 - of the proof, 47 named variable, 35 name-free, 35, 379 - A-Calculus, 156, 813 - notation, 34, 231, 342 - variable, 25, 343 nameless dummy, 33, 343, 375 nameless variable, 40, 49, 50, 656, 811 natural deduction, 14, 238, 721, 875, 916 natural language, 927 natural number, 46, 137, 241 nearness, 742 Nederpelt’s norm, 278 negation, 28 nested book, 79 nested one step reduction, 663
Index of Subjects nested reduction, 428 new clause of a line, 889 NF expression, 379 non-+-language, 525 non-termination, 53, 54, 940, 947 nonempty, 41 norm, 34, 37,371, 373,456, 507, 664 -correct, 331, 334 normability, 40 normable, 41, 331, 601 - expression, 507 - term, 664, 666 normal, 460 - reduction, 572 - term, 664 normal form, 82, 155, 173, 277, 281, 371, 391, 456, 460 uniqueness of -s, 173 - theorem, 155, 373 normalizable, 460 normalization, 123, 173, 391 - for 0-reduction, 508 - property, 494 strong -, 29, 36,37, 39-41, 123, 173, 391, 463, 472, 649, 655, 664 - theorem, 463 weak -, 34, 39 norming functional, 41, 664 notation rule, 401 Kuprl, 9, 230 object, 128, 130, 878 - language, 4 - name, 76 observability, 51, 850, 854, 861 occurrence, 401 old, 880 old clause of a line, 889 OMV, 874 one-step 0-reduction, 231
Index of Subjects one-step preservation of types, 534 one-step reduction, 121,493 order, 441 order-completeness, 137 ordered field, 139 osmosis, 202, 223 outer shape lemma, 506 p-expression, 20, 130 p-fragment, 196 p-part, 25 p-reduction, 634 pair, 31, 131,244,304,493, 736,907 pair rule, 310 pairing, 40 PAL, 15, 74,79, 146, 148,852 PAL-FT, 146, 147 paradox, 4,208 paragraph, 701 - closing line, 738 - indicator, 738 - line, 734, 737 - marker, 45 - opening line, 738 - reopening line, 738 - system, 44,48,110,147,156, 802 parameter, 128 parametrized constant, 883 parsing, 876,883,926,934 Part P,25 t-, 25, 191 partial correctness, 54,956 partial function, 137, 709, 724, 733, 742,744 Peano’s axioms, 137,241, 846,887 permissible, 449 permutative reduction, 632,634 phrase, 875 ?r-
1017
n-
-reduction, 40, 304, 493, 607 -type, 358
-expression, 736 -operator, 289 -type, 40 platonism, 203, 217,220,878 plus-expression , 493 pMV, 874 PN, 253 PN-line, 16,43, 146, 707 pointed flag, 882,885 polymorphic A-calculus, 9,193 polymorphic predicate A-calculus, 10, 167 polymorphism, 28, 243 positive logic, 851 postponed substitution, 176 postponement, 39,498 - of 1.)-reduction,399,442 power series, 44, 138 powertype, 21, 136 PPA, 10, 167 predicate, 41,93, 132,135, 196,875 predicate logic, 236 predicativity, 9 preservation - of domain, 596 - of types, 174,310, 519,834 - of C u t Y p , 540 - of typ, 596 - of typ*, 596 primary MV, 873 primitive constant-expression, 493 primitive line body, 886 primitive notion, 17, 76, 104, 109, 241 primitive notion line, 128, 734 primitive program, 952 primitive program construct, 953 principal type scheme, 230,232
1018 procedure, 54 processing, 143 processor, 73, 96, 570 product, 28, 45 - formation, 305 - type, 17, 233, 306, 708 program, 279, 951 - abortion, 54 - correctness, 53 - specification, 951 -to-program function, 954 programming language semantics, 23, 160 programming variable, 937 projection, 32, 304, 493 - function, 244 - of pairs, 40 - rule, 310 proof, 88, 128, 131, 242, 251, 919 - by cases, 966 - checking, 166, 167 - class, 211 - irrelevance, 22, 159 - object, 235 - type, 152, 153 proofs-as-objects, 5, 211 prop-inclusion, 114 prop-style, 153, 213 prop-type, 235 propagation, 525 proper identifier, 76 proper reduction sequence, 122, 585 proper subexpression, 403, 493 proposition, 87, 131, 153, 240, 872, 875 propositional logic, 236 propositional variable, 153 propositions-as-types, 5, 16, 18, 22, 27, 41, 111, 150, 168, 196, 198, 211, 235 pseud+expression, 233
Index of Subjects PTS, 11, 27, 233 PTS-rules, 37 pure system, 24, 517 Pure Type System, 11, 27, 233 pure typed A-calculus, 168 Q-applicable, 452 Q-domain, 452 Q-function, 452 @formula, 116, 120, 177, 517, 524 &propagation, 308, 529 quadruple, 53 quantification, 59. 106, 185, 396, 923 quantifier, 135, 225 quasi-expression, 114, 149, 286 quasi-type, 358 quasi-variable, 940 ramified theory of types, 4 rationals, 137 real analysis, 21, 733 realizer, 196 reals, 137 reasoning, 85, 150 rectangular flag, 882, 885 recursion, 21, 28, 53, 246, 963 recursive algorithm, 572 recursive procedure, 942 redex, 179 reduction, 28, 155, 390, 446 +-, 40, 493 +’-, 311 Q-, 47, 413, 790 single-step -, 414 modulo -, 493 p-, 47, 49, 122, 242, 257, 288, 326, 382, 386, 390, 417, 789 composite -, 417 elementary -, 416 local -, 325 multiple -, 382, 384 n-step -, 417
Index of Subjects one-step -, 231 single-step -, 416 PI--, 36, 398, 422, 424 elementary -, 424 n-step -, 424 CR for -, 427, 436 single-step -, 424 P2-, 37, 423, 425 elementary -, 424 n-step -, 424 single-step -, 424 PT-, 603 CR for ,&-, 581 definitional -, 47 delta -, 219 6--, 39, 50, 154, 219, 256, 493, 793, 794 disjoint -, 496 disjoint one-step i-, 496 disjoint one-step -, 527 E-, 40, 304, 493 Ea1t-r 311 7-, 39, 43, 47, 48, 288, 382, 390, 726, 791, 792 elementary - 439 n-step - 439 restricted - 578 single-step -, 439 ?!-, 441 k-fold - 441 extensional -, 175, 493 ext -, 493, 496 extended -, 583
Y-
-, 436 single-step -, 429 graph - , 177 head -, 571 IE-, 493, 496, 634 improper -, 585, 632 increasing -, 36 CR for
1019 introduction-elimination -, 493 6-, 443 elementary -, 443 single-step -, 443 local -, 32 main-, 506 many-step -, 122 mini-, 33, 242, 326 more-step -, 494 - of order p , 441 nested one-step -, 663 nested -, 428 single-step -, 428 normal -, 572 P-, 634 permutative -, 632, 634 A-, 40, 304, 493, 607 r-, 601 rst-, 601 rt-, 601 9-, 601 - sequence, 122, 173, 390 proper -, 122, 585 U-, 40, 304, 493 single-step -, 446 - step, 173 - strategy, 125, 173, 570 t-, 601 twin -, 495 - under substitution, 39, 503, 505 redundancy, 167 reference, 814 - depth, 176, 378 - mapping, 34, 344, 354 - number, 33, 35, 343 - transforming mapping, 177 reflexivity, 136 refmap, 354 refuser, 940, 972 regular language, 181, 525
1020 regular system, 517 relation, 132 relational semantics, 53, 938 relative addressing, 49 remark, 739 renaming, 48, 375 - of contexts, 581 renovation, 411 reopening of a paragraph, 46 replacement, 411 - property, 606 - theorem for P ~ T - S N , 621 - theorem for PT-SN, 606 restricted q-reduction, 578 pnormable, 399, 458, 460 pA-normable, 458 ptype, 360 right hand equality rule, 178 right projection, 736 root, 316 rule of the excluded third, 41 rules of grammar, 872 runtime, 947 saturated expression, 59 scar, 422 scheme, 193 second order lambda calculus, 230, 235 secondary MV, 873 segmap, 350 segment, 23, 33, 241, 339, 345 - calculus, 44 - mapping, 350 semantically equivalent, 952 semantics, 171, 859, 960 -of computer programs, 51, 54 - of programs, 937 semicorrectness, 333 SEMIPAL! 15, 74, 81, 146 sentence, 52, 872, 875
Index of Subjects sequential composition, 53, 54 set, 41, 45, 136, 240, 709, 871, 904 - extensionality, 136 - theory, 50, 138, 841 - type, 236 shape, 571, 786 shorthand facility, 110 C-expression, 736 o-reduction, 40, 304, 493 C-type, 11, 40, 246 similarity, 431 simple replacement, 411 simple theory of types, 5 simple type, 34 simple type theory, 4 simultaneous substitution, 118 simultaneous substitution theorem, 5 14 single line, 29, 32, 40, 590 single line Automath, 590 single substitution, 49 single-step a-reduction, 413 single-step P-reduction, 416 single-step PI-reduction, 424 single-step ,&-reduction, 424 single-step q-reduction, 439 single-step ?-reduction, 429 single-step &-reduction, 443 single-step nested reduction, 428 single-step proof, 152 single-step reduction, 446 skip line, 734, 738 smMV, 874 sMV, 874 sort, 234 sound applicability, 519, 596 soundness of applicability, 535 specification, 53 - language, 865 square brackets lemma, 503,505,510 square brackets lemma for >or, 610
Index of Subjects
stack, 245, 939 standardization, 391 - theorem, 503 Stanford LCF, 9. state space, 937 state transformation, 939 statement, 233, 872, 875, 876 strategy, 156 strengthening, 308, 613 - rule, 521, 525 string, 44, 158 strong ,@normalizability, 466 strong &normalization, 509 strong &normalization theorem, 468 strong PI-normalizability, 466 strong PI-normalization theorem, 467 strong Pz-normalizability, 466 strong ,&-normalization theorem, 466 strong 7-normalizability, 466 strong q-normalization theorem, 468 strong existence, 134 strong normal form theorem, 155 strong normalizability, 468 strong normalization, 29, 36, 37,3941, 123, 173, 391, 463, 472, 649, 655, 664 - property, 494 - theorem, 468 strongly normalize, 123 structure of line bodies, 886 structure sharing, 49, 809, 817 subdivided lambda tree, 328 subexpression, 403, 493 subroutine, 858, 863 substantive, 52,210,870, 871, 875877 sub-, 870, 897 substitution, 14, 28, 47, 49, 51, 59, 89, 118, 129, 380, 414, 809, 815 - lemma, 41
1021 - lemma for
P-N,
509
postponed -, 176 - theorem for P-SN, 509 - theorem for Pr-SN, 611 substitutivity, 136, 747 - of correctness, 597 subtype, 41, 45, 708 successor, 137, 241, 246 sugaring, 226 sum, 28 - rule, 310 - type, 304 superimposed language, 97 supertype, 114, 236, 303, 470 suppression mechanism, 167 surjectivity of pairing, 40 syllogism, 3 symmetry, 747 syntactic identity, 175, 493 syntactic similarity, 583 syntactic variable, 401 syntax, 54, 960 syntax checker, 571 syntax-oriented meta-MV, 874 system F, 9, 230, 235 t-expression, 20, 130 t-fragment, 189 t-part, 25, 191 tail, 405 r-expansion, 607 r-redex, 603 taxonomy of type systems, 229 teaching, 223, 224 telescope, 11, 21, 44, 139, 158, 224, 729 telescopic mapping, 11 term, 390 termination of verification algorithm, 573 text, 872
1022 theorem, 88, 241, 875 theorem proving, 167 theory of real numbers, 733 Theory of Types, 8 time space, 53 to fit in, 650 total correctness, 54, 958 transitivity, 747 translation, 711 translator, 570, 786 tree, 77, 314 tree of knowledge, 78 truth, 747 truth value, 916 twin case, 496 twin occurrence, 495 twin reduction, 495 type, 15, 32, 76, 128, 130, 210, 232, 258, 395, 449, 708, 735 $-, 304 abstract data -, 28, 245 anonymous arche-, 871 arche-, 205, 871, 898 assertion -, 688, 722 - assignment, 179, 478 calculated -, 31 canonical -, 28, 39, 48, 539, 555 category of all -s, 130 - check list, 330 - conversion, 308, 530 correctness of -, 597 data -, 10, 53, 938 equality on -s, 46 existential -, 246 extended -d A-calculus, 168,303 function -, 17 y-, 357 - in a programming language, 244 - inclusion, 19, 25, 30, 32, 39,
Index of Subjects 114, 150, 184, 285, 289, 305, 314, 335, 470, 479, 483, 531, 538, 651 intuitionistic - theory, 8, 25, 230 - label, 493, 497 -d lambda calculus, 313, 845 lambda -d lambda calculus, 313 mechanical -, 31, 125 - of a lambda tree, 320, 323 - of pairs, 131
II-, 40 358 power-, 21, 136 preservation of -s, 174,310, 519, 534 one-step -, 534 principal - scheme, 230, 232 product -, 17, 233, 306, 708 proof -, 152, 153 prop-, 235 quasi-, 358 ramified theory of -s, 4 - reduction, 285 - restriction, 50 P-, 360 -d set theory, 871 set-, 236 C-, 11, 40, 246 simple theory of -s, 5 simple -, 34 simple - theory, 4 - structure, 469 sub-, 41, 45, 708 sum-, 304 super-, 114, 236, 303, 470 - system, 229 taxonomy of - systems, 229 - theory, 5, 229 ultimate -, 19 uniqueness of -s, 11, 19, 102, T-,
Index of Subjects 174, 178, 306, 312,472, 519, 535, 869 - valued function, 131, 303 typing, 232, 449, 897 Church-, 232 Curry-, 232 explicit -, 232 - function, 554 high -, 871, 877 higher order -, 50 implicit -, 232 low -, 877 meta -, 871 mock -, 150, 289 - operation, 50 - operator, 260 ultimate -, 19 typographical abbreviation, 224, 905, 910, 921, 925 ultimate type, 19 understanding, 143 unessential extension, 185, 521, 522, 544 unfolding a definition, 242 unification of mathematics, 849 uniqueness - of domains, 126, 174, 519, 535 extended -, 519, 535 - of normal forms, 123, 173, 392 - of types, 11, 19, 102, 174, 178, 306, 312, 472, 519, 535, 869 - quantifier, 136 universal generator, 391 universal quantification, 132,290, 748 universal quantifier, 237 unstability, 174 update function, 34
1023 updating, 814
val, 908 valid, 60, 81, 890 - book, 891, 894 - clause, 891: 892 - context, 891, 892 - inference, 3 validity, 109 valuation, 423 value degree, 185, 525 variable, 230, 377, 402, 843, 875, 883 binding -, 176, 233 bound -, 76, 89, 175, 375, 884 clash of -s, 605, 788 confusion of -s, 415 free -, 26, 118 fresh --, 412 individual -, 401 introduction of a -, 240 level of a -, 379 name-free -, 25, 343 named -, 35 nameless -, 40,49, 50, 656, 811 - of a context, 884 programming -, 937 propositional -, 153 quasi -, 940 segment -, 33, 346 syntactic -, 401 verification, 23, 155, 556, 569, 805 - algorithm, 572 - of E-formulas, 574 - program, 47-49, 570 verifying program, 170,783,805,809 vernacular, 865 vicious circle, 4 waiting list, 328 weak ij-postponement, 494 weak 6-advancement, 500 weak Church-Rosser, 494
1024 weak disjunction, 134 weak existence, 20, 134 weak functional behaviour, 34 weak normalization, 34, 39 weakening, 527, 581 weight, 348,352 where-construction, 28, 244 while-statement, 54,945,955 Wiener Kreis, 203 word, 875 WOT, 161, 211 young, 880 Zermelo-Fraenkel axioms, 51, 846 Zermelo-Fraenkel set theory, 50,866 zero abstraction index book, 294 Zorn's lemma, 138
Index of Subjects
