Master 2 Internship ENS Cachan Master Parisien de Recherche en Informatique

Formalizing Categorical Models of Type Theory in Type Theory Alexandre Buisse Under the direction of Peter Dybjer

¨ gskola Chalmers Tekniska Ho ¨ teborg, Sverige Go March - August 2007

Contents Contents

2

1 Fiche de synth` ese 1.1 Le contexte g´en´eral . . . . . . 1.2 Le probl`eme ´etudi´e . . . . . . 1.3 La contribution propos´ee . . . 1.4 Les arguments en faveur de sa 1.5 Le bilan et les perspectives .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

4 4 4 5 5 5

2 Version fran¸ caise 2.1 D´efinitions . . . . . . . . . . . . . . . . . . 2.1.1 Cat´egories avec famille . . . . . . . 2.1.2 Agda 2 . . . . . . . . . . . . . . . 2.2 Formalisation des CwF . . . . . . . . . . . 2.2.1 Cat´egories . . . . . . . . . . . . . . 2.2.2 Seto¨ıdes . . . . . . . . . . . . . . . 2.2.3 CwF . . . . . . . . . . . . . . . . . 2.3 Des limites finies aux Familles . . . . . . . 2.3.1 Id´ee de la transformation . . . . . 2.3.2 Substitutions `a isomorphisme pr`es 2.4 Conclusion . . . . . . . . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

6 6 6 7 8 8 8 9 10 10 11 11

. . . . . . . . . . . . . . . validit´e . . . . .

. . . . .

3 Introduction

12

4 Prerequisites 4.1 Type Theory . . . . . . . . . . . . 4.1.1 Simply Typed λ-calculus . . 4.1.2 Martin-L¨ of’s Type Theory . 4.2 The proof assistant Agda 2 . . . . 4.3 Category Theory . . . . . . . . . . 4.3.1 Main notions . . . . . . . . 4.3.2 Cartesian Closed Categories

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vs simply typed λ-calculus

. . . . . . .

14 14 14 15 15 17 17 20

5 Modeling CwF 5.1 CwF presentation . . . . . . . 5.2 Formalizing Fam . . . . . . . 5.2.1 Formalizing a category 5.2.2 Setoids . . . . . . . . 5.3 The rest . . . . . . . . . . . . 5.3.1 From Fam to CwF . . 5.3.2 Flat vs packed . . . .

. . . . . . .

. . . . . . .

21 21 25 25 26 27 27 28

. . . . . . .

2

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

6 From CwFL to CwF 6.1 The transformation . . . . . . . . . 6.1.1 Finite limits in type theory 6.1.2 Intuitions . . . . . . . . . . 6.1.3 The transformation . . . . . 6.2 “Substitution up to isomorphism”

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

30 30 30 31 31 33

7 Conclusion

34

References

35

Abstract We investigate the possible formalization of categorical metatheory of constructive type theory in (an extension of) itself, using the notion of “internal type theory”. The model chosen is categories with families, which model the most basic part of dependent type theory. We will discuss how to formalize them inside type theory, and also how to formalize the proof that categories with finite limits, another model of type theory, can be seen as categories with families. Our formalization is carried out in the proof assistant Agda 2, developed at Chalmers.

3

1. Fiche de synth` ese 1.1

Le contexte g´ en´ eral

Les math´ematiques sont souvent utilis´ees comme un ensemble de m´ethodes permettant l’´etude de probl`emes donn´es, mais on peut ´egalement d´ecider d’´etudier les math´ematiques elles-mˆemes comme objet de premi`ere classe. Pour ce faire, il est n´ecessaire d’utiliser un langage, math´ematique lui aussi, qui permet de d´ecrire les propri´et´es des objets ´etudi´es. On parlera alors de m´etalangage. Historiquement, le m´etalangage le plus utilis´e est la th´eorie des ensembles, notamment dans sa version dite de Zermelo-Fraenkel avec l’axiome du choix (ZFC) et correspond aux math´ematiques classiques. Mais des alternatives existent, notamment la th´eorie des types de Martin-L¨of, m´etalangage constructif, et suffisamment complet pour d´ecrire d’importantes portions des math´ematiques, en utilisant au besoin des extensions. Puisque cette th´eorie des types est elle aussi un objet math´ematique rigoureusement d´efini, on peut l’´etudier ´egalement. Se pose alors la question du m´etalangage ` a utiliser pour ce faire. Et de mani`ere surprenante, alors mˆeme que toutes les m´ethodes utilis´ees apparaissent constructives, la th´eorie des ensembles classique est presque toujours utilis´ee ! Nous allons ici nous attacher `a montrer qu’on peut parler de th´eorie des types dans un langage lui-mˆeme intrins`equement constructif. Ce n’est pas une id´ee nouvelle, puisque la premi`ere tentative remonte `a Martin-L¨of lui-mˆeme [ML75], bien qu’il n’ait pas utilis´e un m´etalangage formel.

1.2

Le probl` eme ´ etudi´ e

A la diff´erence de la plupart des tentatives pr´ec´edentes de formalisation de la th´eorie des types ` a l’int´erieur de la th´eorie des types, nous n’avons pas utilis´e des mod`eles bas´es sur le λ-calcul mais sur la th´eorie des cat´egories. Notamment les cat´egories avec familles (cwf), variation des cat´egories avec attributs de Cartmell [Car86], mais aussi les cat´egories localement cart´esiennes closes, dont Seely a “prouv´e”1 qu’elles ´etaient ´egalement des mod`eles de la th´eorie des types d´ependants [See84]. Nous avons donc dans un premier temps cherch´e `a formaliser de mani`ere constructive la notion de cat´egories avec familles, puis `a montrer que les cat´egories avec limites finies pouvaient ˆetre interpr´et´ees comme des cat´egories avec familles. Puisque les cat´egories localement cart´esiennes closes sont un cas particulier des cat´egories avec limites finies, cette preuve est un premier pas vers une formalisation constructive de la preuve de Seely et de la solution apport´ee par Curien [Cur93] au probl`eme dit de “substitution `a isomorphisme pr`es”. 1 La preuve de Seely comportait une subtile erreur qui a ´ et´ e corrig´ ee ind´ ependamment par Curien et Hofmann et dont l’´ etude constitue une importante partie du pr´ esent travail.

4

1.3

La contribution propos´ ee

Le travail pr´esent´e ici est une extension de celui de Peter Dybjer dans son article “Internal Type Theory” [Dyb96]. Nous avons utilis´e l’assistant de preuve Agda 2, actuellement en d´eveloppement `a Chalmers [Nor07] pour les formalisations. Bien qu’encore incompl`etes, les principales difficult´es ont ´et´e r´esolues. Afin de formaliser les cat´egories avec familles, nous avons du passer par la cat´egorie Fam dont la version constructive est bas´ee sur des seto¨ıdes et non des ensembles. Le r´esultat final est un type de donn´ees CwF. De mˆeme, la preuve formelle que les cat´egories avec limites finies sont aussi des cat´egories avec familles ne comporte pas, faute de temps, les parties li´ees `a l’extension de contexte, bien que la m´ethode `a utiliser soit connue. N´eanmoins, les parties les plus int´eressantes dans la perspective d’une mod´elisation de la th´eorie des types ont ´et´e effectu´ees, et un ´eclairage nouveau a ´et´e apport´e au fameux probl`eme de la substitution `a isomorphisme pr`es, auquel une solution proche de celle de Pierre-Louis Curien [Cur93] a ´et´e apport´ee. Le r´esultat final de la formalisation est un “compilateur” qui prend en entr´ee un objet de type Cat´egorie ` a limites finies et en renvoit un de type CwF.

1.4

Les arguments en faveur de sa validit´ e

Puisque tout a ´et´e formalis´e `a l’int´erieur d’un assistant de preuves, nous avons fait d’une pierre deux coup : d’une part, Agda 2 a servi de m´etalangage constructif, pouvant ˆetre consid´er´e comme un langage de programmation fonctionnel avec des types d´ependants, et d’autre part, les preuves utilis´ees dans la formalisation, et en particulier celles li´ees `a la d´efinition de la substitution dans les types, ont ´et´e v´erifi´ees par machine.

1.5

Le bilan et les perspectives

Bien que de mani`ere encore incompl`ete, nous avons r´eussi `a montrer qu’il ´etait tout ` a fait faisable d’interpr´eter la th´eorie des types `a l’int´erieur d’une extension d’elle-mˆeme, et qu’il n’´etait pas n´ecessaire de recourir `a des outils de logique classique pour la d´efinir. Plusieurs possibilit´es d’extension de ces r´esultats existent alors, notamment le rajout de structures suppl´ementaires `a nos mod`eles afin de les rendre plus puissants ou la (re)d´emonstration de r´esultats plus complexes sur la th´eorie des types. Notre travail a ´egalement permis de maturer un outil encore en d´eveloppement, Agda 2, de r´esoudre quelques bugs et de confirmer qu’il ne s’agissait pas d’un jouet mais bien d’un logiciel puissant et complet.

5

2. Version fran¸caise Ce rapport est ´ecrit en anglais et non en fran¸cais pour deux raisons : d’une part, le stage a ´et´e effectu´e `a l’´etranger, en Su`ede, et mon maˆıtre de stage, Peter Dybjer, n’est pas francophone. D’autre part, ce rapport est en grande partie bas´e sur l’article que nous avons ´ecrit, en anglais, au cours du stage et qui a ´et´e accept´e dans le workshop LFMTP’07 [BD07] et sera publi´e dans ENTCS.

2.1 2.1.1

D´ efinitions Cat´ egories avec famille

Le mod`ele de la th´eorie des types d´ependants que nous allons utiliser dans tout ce travail est la structure de cat´egorie avec familles (“categories with families”, abr´eg´e ci-apr`es en CwF ). Il s’agit d’une variation des cat´egories avec attributs de Cartmell [Car86], mais o` u certaines notions, comme les termes ou les substitutions, sont pr´esentes de mani`ere native et non d´efinies a posteriori. Les cat´egories avec familles sont ´egalement un mod`ele de la th´eorie des types plus proches de la syntaxe, pouvant ˆetre d´efinies comme une th´eorie alg´ebrique g´en´eralis´ee (GAT). Nous ne pr´esenterons ici que la d´efinition “cat´egorique”, pour la version compl`ete de la d´efinition en tant que GAT, se reporter `a la section 5.1. D´ efinition 2.1.1 (Fam). Fam est la cat´egorie des familles d’ensembles index´ees par des ensembles, dont
les objets sont des paires B = (B 0 , B 1 ) o` u B0 est un ensemble et B 1 = Bb1 b∈B 0 une famille d’ensembles index´es par B 0 . Un morphisme entre B et C est une paire f = (f 0 , f 1 ) o` u f 0 : B 0 → C 0 et
1 1 1 1 1 f = fb b∈B 0 est une famille de morphismes fb : Bb → Cf 0 (b) . D´ efinition 2.1.2 (Cat´egorie avec famille). Une cat´egorie avec famille est un quadruplet: • Une cat´egorie de base C. Ses objets sont appel´es contextes et ses morphismes substitutions. • Un objet terminal < > de C, appel´e le contexte vide. • Un foncteur T : C op → Fam. Si Γ est un objet de C, on ´ecrira
T (Γ) = T ype(Γ), T erm(Γ, A)A∈Type(Γ) Si γ : Γ → ∆ est une substitution, T (γ) interpr`etera les substitutions dans les types et les termes, not´ees respectivement A[γ] et a[γ]. • Une op´eration d’ extension de contexte ; qui construit un contexte Γ; A a partir d’un contexte Γ et d’un ´el´ement A de T ype(Γ). Il existe alors ` deux projections pΓ;A , substitution de Γ; A → Γ et qΓ;A , terme de Γ; A ` 6

A[pΓ;A ] tels que pour tout contexte ∆, substitution γ : ∆ → Γ et terme a : ∆ ` A[γ], il existe un unique morphisme hγ, ai : ∆ → Γ; A tel que pΓ;A:A[pΓ;A ] ◦ hγ, ai = γ et qΓ;A [hγ, ai] = a. 2.1.2

Agda 2

Tous nos travaux de formalisation ont ´et´e effectu´es avec l’assistant de preuves Agda 2, actuellement en d´eveloppement `a Chalmers [Nor07]. Il s’agit d’une impl´ementation du “Logical Framework” de Martin-L¨of permettant l’ajout de familles d´efinies inductivement et de fonctions d´efinies r´ecursivement via pattern matching. On peut ´egalement voir Agda 2 comme un langage de programmation fonctionnel avec types d´ependants, `a la syntaxe proche de Haskell. Outre les types d´ependants, une diff´erence notable avec Haskell concerne le polymorphisme, qu’Agda 2 ne poss`ede pas. On utilisera `a la place une quantification explicite sur les types. Ainsi, l’identit´e ´ecrite id :: a → a en Haskell deviendra id : (A : Set) → A → A en Agda ((x : A) → B d´esigne le type d’une fonction prenant en entr´ee un ´el´ement x de type A et renvoyant un ´el´ement de type B), que l’on pourra ensuite instancier avec n’importe quel type A, donnant par exemple id bool : bool → bool. Afin de ne pas surcharger les notations, on pourra utiliser le syst`eme d’argument implicite d’Agda, en ne sp´ecifiant pas certains arguments que le syst`eme pourra inf´erer seul depuis le contexte. Ainsi, dans l’exemple pr´ec´edent, il suffit d’examiner le type du deuxi`eme argument d’id pour d´eduire la valeur du premier, qu’on pourra donc omettre. Syntaxiquement, il faudra utiliser des accolades en lieu et place des parenth`eses dans la d´eclaration de type pour sp´ecifier qu’un argument est implicite. Une autre notion importante en Agda 2 est celle d’enregistrement (record ), qui correspond ` a une structure de donn´ee contenant des champs, lesquels peuvent ˆetre acc´ed´es ind´ependamment. Un exemple d’enregistrement qui nous sera utile par la suite est la notion de relation d’´equivalence :

record

Equivalence

(A : Set) : Set1 where

==

: A → A → Set

ref l

: {x : A} → x == x

sym trans

: {x y : A} → x == y → y == x : {x y z : A} → x == y → y == z → x == z

7

2.2

Formalisation des CwF

La premi`ere partie de notre travail a donc consist´e `a formaliser la structure des CwF. 2.2.1

Cat´ egories

Avant de s’attaquer ` a une structure complexe comme celle de cat´egorie avec famille, on commencera par formaliser les “briques ´el´ementaires”, `a commencer par la notion de cat´egorie, ´evidemment centrale. On formalisera une cat´egorie comme un enregistrement dont les champs seront non seulement les ´el´ements de la cat´egorie (objets, morphismes...) mais aussi les preuves que la cat´egorie est bien form´ee (par exemple que la loi de composition est associative). Il est ´egalement important de noter que nous avons suivi la litt´erature sur le sujet [HS95] et formalis´e les morphismes entre deux objets non par un ensemble, mais par un seto¨ıde, afin de disposer d’une ´egalit´e sur les fl`eches. Nous n’aurons par contre pas besoin d’´egalit´e sur les objets. Le r´esultat final est : record

Cat

: Set2 where

Obj

: Set1

−→ id

: Obj → Obj → Setoid : {A : Obj} → car(A −→ A)

◦

: {A B C : Obj} → car(B −→ C) → car(A −→ B) → car(A −→ C)

... idL

: {A B : Obj} {f : A −→ B} → == (id ◦ f ) f

(rel(A −→ B))

...

car et rel sont les deux projections permettant d’acc´eder respectivement `a l’ensemble et ` a la relation d’un seto¨ıde. D´eclarer un op´erateur encadr´e par des permet de l’utiliser ensuite de mani`ere infixe. 2.2.2

Seto¨ıdes

La principale difficult´e dans la formalisation des CwF vient de la cat´egorie Fam. En effet, une cons´equence de notre formalisation des cat´egories est que nous ne manipulons plus des familles d’ensembles index´ees par des ensembles, mais des familles de seto¨ıdes index´ees par des seto¨ıdes, ce qui a de lourdes cons´equences formelles, puisqu’il faut syst´ematiquement s’assurer de la coh´erence de nos structures avec les relations d’´equivalences transport´ees dans les seto¨ıdes. Il nous faut commencer par d´efinir la notion de morphisme de seto¨ıde : 8

record

⇒

(S1 S2 : Setoid) : Set where

map

: |S1 | → |S2 |

stab

: {x y : |S1 |} → x == y → (map x) == (map y)

On voit ici que l’on doit rajouter un champ stab pour s’assurer de la coh´erence du morphisme. On retrouve la mˆeme id´ee pour les familles de seto¨ıdes index´ees par des seto¨ıdes :

record

SetoidF am f ibre ι idcoh symcohL

(S : Setoid) : Set1 where : |S| → Setoid : {x x0 : |S|} → x == x0 → (f ibre x0 ) ⇒ (f ibre x) : {x : |S|} → ι (ref l (rel S) {x}) ==⇒ id {f ibre x} : {x y : |S|} → (p : x == y) → ι (sym (rel S) {x} {y} p) ◦ (ι p) ==⇒ id

symcohR transcoh

: ... : {x y z : |S|} → (p : x == y) → (p0 : x == z) → ι (trans (rel S) {x} {y} {z} p p0 ) ==⇒ (ι p) ◦ (ι p0 )

On doit rajouter une fonction de r´eindexation ι pour garder la coh´erence avec la relation du seto¨ıde index, ainsi que plusieurs preuves que cette r´eindexation est elle-mˆeme coh´erente avec le fait qu’il s’agit d’une ´equivalence. La derni`ere ´etape consiste `a d´efinir la notion de morphisme de familles de seto¨ıdes index´ees par des seto¨ıdes, puis `a prouver toutes les propri´et´es habituelles d’une cat´egorie, et ne sera pas d´etaill´ee ici. 2.2.3

CwF

Le reste des structures n´ecessaires `a la d´efinition des CwF, comme celles de foncteur ou d’objet terminal ne posent pas de probl`eme particulier. On arrive alors ` a une formalisation des trois premiers composants d’une cat´egorie avec famille. L’extension de contexte ´etant moins int´eressante pour mod´eliser la th´eorie des types, nous l’avons temporairement laiss´ee de cˆot´e. On peut aussi remarquer qu’il est possible d’“aplatir” nos structures (de la mˆeme mani`ere qu’on peut transformer une liste de listes en liste de mani`ere simple dans les langages fonctionnels), ce qui, dans le cas des CwF, donne un ensemble de r`egles tr`es proche du langage qu’on cherche `a mod´eliser. C’est en ce sens qu’on dit que les cat´egories avec famille sont proches de la syntaxe. Pour cette raison, nous avons ´ecrit deux versions du code : une “structur´ee”, et une “aplatie”. 9

2.3 2.3.1

Des limites finies aux Familles Id´ ee de la transformation

Les cat´egories avec limites finies peuvent ˆetre d´efinies comme ayant un objet terminal et tous les pullbacks. Les cat´egories localement cart´esiennes closes, ´etudi´ees entre autres par Seely [See84], sont donc des cas particuliers de cat´egories ` a limites finies, ce qui justifie notre ´etude. L’id´ee de la transformation d’une cat´egorie `a limite finie en CwF consiste `a consid´erer un contexte comme une chaˆıne finie de morphismes, termin´ee par un morphisme dont le codomaine est l’objet terminal. Un type est alors mod´elis´e par le premier morphisme de la chaˆıne, et le contexte dans lequel il est bien d´efini par le reste. Les termes, de mani`ere usuelle, seront les sections des types (i.e. les morphismes qui neutralisent le morphisme mod´elisant le type). Il devient alors naturel de mod´eliser la substitution dans les types par un pullback, cette op´eration revenant ` a faire une “translation” d’un morphisme. Plus pr´ecis´ement : • La cat´egorie de base reste la mˆeme, C • T ype(Γ) est l’ensemble des objets de la cat´egorie-tranche C/Γ (i.e. l’ensemble des morphismes de C a` codomaine Γ) • T erm(Γ, A) est l’ensemble des sections de A • A[γ] est d´efini par le diagramme 1 • a[γ] est d´efini par un autre pullback non expos´e ici • Γ; A est le domaine du morphisme mod´elisant A • Etc. . . / Γ; σ

∆; σ[γ]

σ

σ[γ]

 ∆

γ

 /Γ

Figure 1: Substitution dans les types

10

2.3.2

Substitutions ` a isomorphisme pr` es

Dans l’article originel de Seely [See84], une subtile erreur ´etait dissimul´ee dans une transformation tr`es similaire `a celle que nous avons pr´esent´ee. En effet, dans la substitution dans les types, le choix de A[γ] est d´ej`a fix´e par la syntaxe, et rien ne permet a priori de choisir le mˆeme pullback. Des solutions ind´ependantes au probl`eme, dit de “substitution `a isomorphisme pr`es”, ont ´et´e apport´ees par Curien [Cur93] et Hofmann [Hof94], et notre solution est tr`es proche de celle de Curien : l’´egalit´e des types est mod´elis´ee par l’isomorphisme entre deux objets, et les CwF jouent le rˆ ole de “langage interne”, suffisamment explicite pour ´eviter les incoh´erences entre syntaxe et s´emantique.

2.4

Conclusion

Il est important de noter que mˆeme si nous pensons en avoir r´esolu les principales difficult´es, aucune des deux formalisations n’est encore compl`ete2 . Les compl´eter est bien ´evidemment la premi`ere tˆache `a accomplir. D’autres voies de recherche consistent ` a chercher ` a ´etendre ces mod`eles, notamment en rajoutant Π et Σ types aux CwF. Enfin, on pourra s’int´eresser `a l’´el´ement initial dans la cat´egorie des CwF (` a commencer par prouver qu’il existe) qui devrait consister en une version inductive de toutes nos structures et paraˆıt particuli`erement int´eressant dans le cadre de la mod´elisation de la th´eorie des types.

2 On pourra consulter la version actuelle du code dans le repository darcs suivant : http://www.cs.chalmers.se/∼buisse/lfmtp07/

11

3. Introduction Mathematics, while often used to reason about “external” objects, can also be studied as a mathematical object itself, thus giving rise to “metamathematics”. But in order to be able to talk about something and describe its properties, we need a language. When it is used to discuss another language, here the mathematics, we call it a metalanguage. Most of the time, mathematics is studied informally, without specifying explicitly which metalanguage is used. When the need to do so arises, however, the most common choice is, by far, classical set theory, in its Zermelo-Fraenkel with axiom of choice (ZFC) version. However, alternatives have been proposed based on constructivism and intuitionist logic, and one of the most complete is Martin-L¨ of’s Type Theory [NPS90], which plays the same role of a general framework for constructive mathematics as ZFC does for classical mathematics. But of course, type theory is also a well defined mathematical object, and as such, can be studied. In fact, theoretical investigations of type theory are much anterior to its use as a metalanguage, It then would seem logical to use the type theoretic metalanguage to describe properties of type theory itself, if only to be certain to be constructive. However, surprisingly enough, with a few exceptions, it is not yet the case, and most metatheoretical investigations of type theory use classical set theory and “features” like partial functions which do not exist in type theory. While most of the time, those proofs are constructively valid, this is not ensured by the metalanguage, and can often lead to increased complexity when trying to formalize them. In this work, we are interested in using type theory as a metalanguage for type theory itself, but it should be noted that this isn’t the first attempt. Martin-L¨ of himself tried to build a constructive model of his theory [ML75], though he wasn’t working with a formal metalanguage, unlike Pollack’s “Lego in Lego” [Pol94] and Barras’ “Coq in Coq” [Bar99]. However, the main difference with our work is that we are not manipulating the “usual” λ-calculus based model, but a categorical one. Categories are algebraic structures with some properties that make them good candidates for modeling computer science notions. For instance, cartesian closed categories have long been known to be models of simply typed λ-calculus. Choosing categories allows us to get a more abstract model, and thus a more canonical formalization, which will depend less on arbitrary choices such as how to encode variables or whether to make substitution explicit. For dependent type theory, which forms the basis of Martin-L¨of’s type theory, the model which interests us, and which has historically been the first one to be presented, is Cartmell’s categories with attributes [Car86], which is modified in categories with families (cwf) [Dyb96] in order to provide something closer to syntax and definable equationally, as a “generalized algebraic theory”, i.e. a many-sorted algebraic theory with dependent types. Here again, none of those ideas are new. Constructive formalizations of categories is a well-known subject, studied for instance by Huet and Sa¨ıbi [HS95]. 12

Likewise, categorical models of dependent type theory have been known for decades [See84] [Hof96]. However, putting all those elements together and making constructive formalizations, machine checked, of categorical models of dependent type theory is something quite new: the only previous work that has been made in this direction is Peter Dybjer’s paper “Internal Type Theory” [Dyb96] where a preliminary investigation and an attempt at formalization of such categorical models had been made. We will here continue and extend this work. Similar ideas are currently being worked on by Nils-Anders Danielsson [Dan07], who is also formalizing type theory in type theory, but doesn’t use categorical models. Finally, this work is also a test for the new proof assistant Agda 2, currently developed by Ulf Norell at Chalmers [Nor07], which we used as the actual implementation of Martin-L¨ of’s type theory: using type theory as a metalanguage effectively became metaprogramming. The first part of this work consists in formalizing the cwf model of dependent type theory in Agda 2. The second part deals with categories with finite limits, a simplified version of locally cartesian closed categories which have tight links to semantics of dependent type theory, and we formally show that they can be interpreted as cwfs. This is a constructive version of a proof first carried by Seely [See84] and then corrected by Curien [Cur93] and Hofmann [Hof94]. We will investigate the so-called “substitution up to isomorphism” problem, resulting from a mismatch between syntax and semantics, and compare our solution with the ones of Curien and Hofmann. In section 4, we’ll quickly introduce some useful prerequisites and present some notions of (dependent) type theory, category theory and the Agda 2 syntax. In section 5, we will present the formalization of our model of type theory, categories with families. Finally, in section 6, we’ll sketch the formalization of the proof that categories with finite limits can be interpreted as categories with families and discuss related issues.

13

4. Prerequisites 4.1

Type Theory

The central object of this work is type theory, and specifically its dependent version as formulated by Martin-L¨of. However, we will first present simply typed λ-calculus, a more basic type system, which, though it hasn’t any direct usefulness in the rest of the work, can be considered as a good introduction to Martin-L¨ of’s type theory and also helps to understand how categorical structures (here “cartesian closed categories”, see subsection 4.3) can model type systems. 4.1.1

Simply Typed λ-calculus

In simply typed λ-calculus, there are three kinds of objects: terms, types and contexts. They are formed following the grammar: M σ Γ

::= x | λx.M | M N | (M, N ) | π1 (M ) | π2 (M ) ::= α | σ → τ | σ × τ ::= [ ] | x : σ, Γ

The usual syntactic conventions of λ-calculus (e.g. for grouping arrows or applications) apply. Once we have well-formed objects, we will want to make judgements of the form “In the context Γ, the term M has type σ”, which is abbreviated in Γ ` M : σ. The typing rules for making those judgements are: Γ, x : σ ` x : σ Γ, x : σ ` M : τ Γ ` λx.M : σ → τ Γ ` M :σ → τ Γ ` N :σ Γ ` MN :τ Γ ` M :σ Γ ` N :τ Γ ` (M, N ) : σ × τ Γ ` M :σ × τ Γ ` π1 (M ) : σ Γ ` M :σ × τ Γ ` π2 (M ) : τ An important property of this system is that if Γ ` M : σ and M can be β-reduced to M 0 , then Γ ` M 0 : σ. 14

4.1.2

Martin-L¨ of ’s Type Theory

The main difference between Martin-L¨of’s type theory and simply-typed λcalculus that we just presented is that the former has dependent types, meaning that when typing λx.M , the type of M can depend on x itself. A basic example of a dependant type is Πn : N.V ecσ (x), the type of vectors of elements of type σ and of fixed size n. Its two constructors are nil : V ecσ (0) and cons : Πn : N . σ → V ecσ (n) → V ecσ (succ(n)). We can then define a head function whose type ensures that it will never raise an exception: hd : Πn : N . V ecσ (succ(n)) → σ. We will present a λ-calculus with dependent types, which is the core of MartinL¨ of’s type theory but is already complex enough for our study. The grammar is now:

M σ Γ

::= x | λx.M | M N | (M, N ) | π1 (M ) | π2 (M ) ::= α | Πx : σ.τ | Σx : σ.τ ::= [ ] | x : σ, Γ

Πx : σ.τ corresponds to a dependent version of σ → τ , but where τ can also depend on x. Likewise, Σ types are a dependent version of product types. The typing rules now become: Γ, x : σ ` x : σ Γ, x : σ ` M : τ Γ ` λx.M : Πx : σ.τ Γ ` M : Πx : σ.τ Γ ` N :σ Γ ` M N : τ [N/x] Γ`M :σ Γ ` N : τ [M/x] Γ ` (M, N ) : Σx : σ.τ Γ ` M : Σx : σ.τ Γ ` π1 (M ) : σ Γ ` M : Σx : σ.τ Γ ` π2 (M ) : τ [π1 (M )/x]

4.2

The proof assistant Agda 2

We will use the proof assistant Agda 2 for formalizing our developments. Agda 2 is an implementation of Martin-L¨of’s logical framework with support for adding new inductively defined sets and recursively defined functions using pattern matching. It is thus suitable for implementing various fragments of Martin-L¨of

15

type theory. It can also be viewed as a dependently typed programming language. Its syntax is quite close to Haskell. The main difference to Haskell (and other standard functional languages such as OCAML) is that it has dependent types. It is important to point out that Agda does not itself force the user to define only well-founded data types and terminating functions, although at a later stage such termination and well-foundedness checkers will be available. Currently it is up to the user to make sure that a specific logical discipline is followed and to explain and justify this discipline. If we remove Agda’s dependent types, we get a language rather close to Haskell. However, Agda doesn’t have the implicit Hindley-Milner polymorphism of Haskell. In Haskell we have for example the polymorphic identity function id ::

a -> a

stating that for any type a we have an identity funciton on it. In Agda we have to explicitly quantify over the type Set of small types. We write id : (A : Set) → A → A which means that for any small type A we have an identity function id A : A → A. (In general Agda uses the notation (x : α) → β for the type of functions which map an object x of type α into a result in β, where the result type β may depend on x. This is equivalent to the Πx : α.β notation of the previous section). This is why one says that Agda is an implementation of Martin-L¨of’s monomorphic type theory: id has a unique type. However, working directly in monomorphic type theory is cumbersome since one has to manipulate large expressions. Therefore Agda make it possible to suppress certain arguments when they can be inferred from the context. We call such arguments implicit. For example, whenever the function id gets a second argument a, Agda tries to infer the first argument A, which is the type of a. The user can inform Agda that the first argument of id is such an implicit argument by enclosing it in braces: id : {A : Set} → A → A Thus, during type-checking of an expression id a the system will know that a is the second argument and try to infer the first argument. Sometimes a user may want to give an implicit argument explicitly, for example, in situations where the system cannot infer it. Such explicit implicit arguments are enclosed in braces. For example, in id {Bool} : Bool → Bool the user has made the first argument Bool explicit. A fairly new construction in Agda 2 is the notion of record, which is a data structure containing some fields. To instantiate it, one needs to instantiate all the fields. The way to access the fields of a record is not completely intuitive, because a record really is a module, and thus the field x of a record r of type 16

R should be accessed with the syntax R.A x: declaring the record type R automatically creates a module with the same name and one projection function for each field, which take as their first argument a structure of type R. An example of record is the notion of equivalence relation, which spells out that it is a quadruple parametered by a set A consisting of a binary relation on A and proofs that this relation is reflexive, symmetric and transitive:

record

Equivalence

(A : Set) : Set1 where

==

: A → A → Set

ref l sym

: {x : A} → x == x : {x y : A} → x == y → y == x

trans

: {x y z : A} → x == y → y == z → x == z

And it is now easy to define what a setoid is:

record

4.3 4.3.1

Setoid

: Set1 where

car

: Set

rel

: Equivalence car

Category Theory Main notions

A category can be seen as a way to abstract mathematical structures which provides some sort of general framework for abstract mathematical constructions. Definition 4.3.1 (Category). A category C consists of: • A collection |C| of objects. • For all elements A, B of |C|, a collection Hom(A, B) of arrows, or morphisms from A to B. If f ∈ Hom(A, B), we usually note f : A → B or f

A → B. A is called domain and B codomain of f . • For all objects A, there is an identity arrow idA : A → A. • For all objects A, B, C, for all arrows f : A → B, g : B → C, there is a composite arrow g ◦ f : A → C. We also require the following two conditions to hold: • Neutrality: For all objects A, B, for all arrows f : A → B, f ◦ idA = f = idB ◦ f . 17

f

g

h

• Associativity: For all A → B → C → D, h ◦ (g ◦ h) = (h ◦ g) ◦ f . An elementary and intuitive example of category is Set, the category where objects are sets and arrows are total functions between those sets. Identity and composition have their usual meaning. Another important notion is the one of functor, which is a mapping between two categories that preserves their structure: Definition 4.3.2 (Functor). If A and B are two categories, a functor F from A to B consists of two elements: • For all X ∈ |A|, there is an object F (X) of |B|. • For all g : X → Y in A, there is an arrow F (g) : F (X) → F (Y ) in B. For F to be well defined, we also require that: • F (idA ) = idF (A) • F (g ◦ h) = F (g) ◦ F (h).

Definition 4.3.3 (Terminal object). A category C is said to have a terminal object iff there is an object 1 such that for all object A of C, there is a unique arrow from A to 1.

Definition 4.3.4 (Product). We say that a category has all products if for any two objects A and B, there is an object A × B and two arrows π1 : A × B → A and π2 : A × B → B. Moreover, whenever there is an object C and arrows f : C → A and g : C → B, we can find a unique arrow h : C → A × B such that the following diagram commutes: AO gOOO OOO OOO OOO OOO f OOO π1 OOO OOO OOO OOO O h_ _ _ _ _ _ _ _ o _ _ _ _ _ A×B oo C ooo o o oo ooo o o π2 ooo ooo g o o oo ooo  woooo B 18

Category theory has many so-called universal constructions. One which will be particularly important to us is that of pullback : Definition 4.3.5 (Pullback). In the following diagram, A0/ @TTTT // @ TTTTT TTTT // @ TTTT // @ h TTTTh2 @ TTTT // @ TTTT // TTTT @ TTTT // @ TTTT @ // TT* f // /B A h1 / // // // g0 // g // //   f0 /D C the inner square is said to be a pullback if it commutes and for any object A0 and arrows h1 : A0 → C, h2 : A0 → B such that g 0 ◦ h2 = f 0 ◦ h1 , there is a unique arrow h : A0 → A such that the two upper triangles commute (that is h1 = g ◦ h and h2 = f ◦ h). In other words, A is unique up to isomorphism.

Definition 4.3.6 (Category with pullbacks). We say that a category has all pullbacks if for all diagrams B

 /D

C

There is an object A and two arrows A → B and A → C such that the square created with those four objects is a pullback.

Definition 4.3.7 (Finite Limits). A category C is said to have finite limits if: • C has a terminal object. • C has all pullbacks. Another categorical structure of importance to us is that of slice category, which builds a new category from just an object: 19

Definition 4.3.8 (Slice Category). Let C be a category and A ∈ |C|. The slice category C/A is defined by: • Its objects are morphisms f : B → A where B is an object of C. • Its arrows from f : B → A to f 0 : B 0 → A are C-arrows h : B → B 0 such that f 0 ◦ h = f . • Composition of h : f → f 0 and h0 : f 0 → f 00 is usual C-composition, h0 ◦ h. • Likewise, identity arrow of f : B → A is idB : B → B.

4.3.2

Cartesian Closed Categories vs simply typed λ-calculus

While Cartesian Closed Categories are not the main subject here and won’t be used directly anywhere, presenting them and explaining quickly their link to simply typed λ-calculus is useful to get intuitions about how categorical structures can model type theories. Definition 4.3.9 (Cartesian Closed Category). We say that a category C is cartesian closed iff: • It has a terminal object 1. • It has all products • It has exponential objects ( i.e. for all objects A and B, there is an object B A and an arrow eval : B A ×A → B such that for every arrow f : C×A → B, there is a unique arrow λf : C → B A such that eval ◦ (λf × A) = f . For a more complete definition, please refer to Barr and Wells [BW95]). Given a simply-typed λ-calculus L, we can then define a model category C(L) by the following transformation: • The objects of C(L) are the types of L. • An arrow from A to B is the equivalence class of terms of type B with one free variable of type A. • σ × τ will be modeled by the product of the interpretation of σ and of τ . • σ → τ will be modeled by the exponential object of the interpretations of σ and τ . • etc. . . A complete proof that C(L) is indeed cartesian closed can be found in Lambek and Scott’s book [LS86]. Interestingly, the reverse result also holds: a cartesian closed category possesses an internal language which is a typed λ-calculus, and the internal language of C(L) is categorically equivalent to L. 20

5. Modeling CwF 5.1

CwF presentation

Categories with Families (hereafter shortened to cwf) are a categorical model of dependent type theory closely related to Cartmell’s categories with attributes but closer to the syntax. Definition 5.1.1 (Fam). Fam is the category of families, which has as objects pairs B = (B 0 , B 1 ) where B 0 is a set and (Bb1 )b∈B 0 is a family of sets indexed over B 0 . A morphism from B to C = (C 0 , C 1 ) is a pair (f 0 , f 1 ) where f 0 : B 0 → C 0 and f 1 = (fb1 )b∈B 0 is a family of functions fb1 : Bb1 → Cf10 (b) . We can now define CwF themselves: Definition 5.1.2 (Category with Families). A Category with Families is a quadruple: • A base category C. Its objects are called contexts and its morphisms substitutions. • A terminal object  of C, called the empty context. • A functor T : C op → Fam. If Γ is an object of C, we write
T (Γ) = T ype(Γ), T erms(Γ, A)A∈T ype(Γ) If γ : Γ → ∆ is a substitution in C, T (γ) will interpret substitution in types and terms. We will note the application of its first component to a type A as A[γ] and the application of its second component to a term a as a[γ]. • A context comprehension operation, which to a context Γ of C and a type A of T ype(Γ) associates a context Γ; A of C together with a substitution p Γ,A : Γ; A → Γ, called the first projection or sometimes display maps and a term q Γ,A of T erms(Γ; A, A [p Γ,A ]) such that for every context ∆, substitution γ : ∆ → Γ and term a : ∆ ` A[γ], there is a unique morphism hγ, ai : ∆ → Γ; A with the property that p Γ;A,A[p Γ,A ] ◦ hγ, ai = γ and q Γ,A [hγ, ai] = a.

N.B. 1. It can seem puzzling at first that T is from C op (the dual of C, i.e. C with all arrows reversed) rather than directly from C. This can be explained by looking at the “real” context substitutions in type theory, which we want to model here: let’s consider a context as a sequence 21

x1 : A1 , . . . , xn : An where the xi are variables and the Ai types. A term in this context is a term with its free variables amongst x1 , . . . xn . A substitution γ : Γ → ∆ is then a tuple of terms (M1 , . . . , Mn ) such that the following properties hold: Γ

`

M 1 : A1

Γ

`

M2 : A2 [M1 /x1 ]

Γ

... `

Mn : An [M1 /x1 ][M2 /x2 ] . . . [Mn−1 /xn−1 ]

Then, if a : ∆ ` A, a[γ] will be a where every occurence of xi is replaced by Mi , thus a[γ] : Γ ` A[γ], which explains why T (γ) is best interpreted by a morphism from T (∆) to T (Γ). Categories with Families are very close to Cartmell’s categories with attributes. The main difference comes from the fact that many notions such as terms or substitutions are not natively present in categories with attributes but rather defined afterwards and shown equivalent to some constructions. A basic example of a cwf is obtained by letting C = Set, the category of small sets, T ype(Γ) be the set of Γ-indexed small sets, and Y Γ`A = A(x) x∈Γ

A[δ](x)

= A(δ(x))

a[δ](x) = a(δ(x)) [] = 1 X Γ; A = A(x) x∈Γ

Definition 5.1.3. Let (C, T ) denote a cwf with base category C and functor T . A morphism of cwfs with source (C, T ) and target (C 0 , T 0 ) is a pair (F, σ), where F : C → C 0 is a functor and σ : T → T 0 F is a natural transformation, such that terminal object and context comprehension are preserved on the nose. Small cwfs and morphisms of cwfs form a category Cwf . As already mentioned the notion of a category with families can be formalized as a generalized algebraic theory in the sense of Cartmell [Car86]. Generalized algebraic theories generalize many-sorted algebraic theories and are based on a framework of dependent types. They have four parts: • A list of sort symbols with dependent typings. • A list of operator symbols with dependent typings. • A list of equations between well-formed sort expressions (not needed here). 22

• A list of equations between well-formed terms. We present sort and operator symbols by their typing rules. As before, we use polymorphic notation and write δ ◦ γ instead of the proper δ ◦Θ,∆,Γ γ, etc. (Also write equations without types, although in the official syntax there should be types.) Sort symbols: Ctxt sort ∆, Γ : Ctxt ∆ → Γ sort Operator symbols: Θ, ∆, Γ : Ctxt

γ:∆→Γ γ◦δ :Θ→Γ

δ:Θ→∆

Γ : Ctxt idΓ : Γ → Γ Equations: (γ ◦ δ) ◦ θ idΓ ◦ γ γ ◦ idΓ

= γ ◦ (δ ◦ θ) = γ = γ

Rules for the functor T Sort symbols: Γ : Ctxt Ty(Γ) sort Γ : Ctxt A : Ty(Γ) Γ ` A sort Operator symbols: ∆, Γ : Ctxt

∆, Γ : Ctxt

A : Ty(Γ) A[γ] : Ty(∆) A : Ty(Γ) a : Γ ` A a[γ] : ∆ ` A[γ]

Equations: A[γ ◦ δ]

= A[γ][δ]

A[idΓ ] = A a[γ ◦ δ] = a[γ][δ] a[idΓ ]

= a

23

γ:∆→Γ

γ:∆→Γ

Rules for the terminal object Operator symbols: [ ] : Ctxt Γ : Ctxt hiΓ : Γ → [ ] Equations hiΓ ◦ γ id[ ]

= hiΓ = hi[ ]

Rules for context comprehension Operator symbols: Γ : Ctxt A : Ty(Γ) Γ; A : Ctxt ∆, Γ : Ctxt

A : Ty(Γ) γ : ∆ → Γ hγ, ai : ∆ → Γ; A

a : ∆ ` A[γ]

Γ : Ctxt A : Ty(Γ) pΓ,A : Γ; A → Γ Γ : Ctxt A : Ty(Γ) qΓ,A : Γ; A ` A[pΓ,A ] Equations: pΓ,A ◦ hγ, ai = γ qΓ,A [hγ, ai] hδ, ai ◦ γ idΓ;A

= a = hδ ◦ γ, a[γ]i = hpΓ,A , qΓ,A i

This completes the description of the generalized algebraic theory of cwfs. Note the correspondence between sort symbols and judgement forms and between operator symbols and inference rules of a substitution calculus for dependent types. But note also that there are no sort symbols which correspond to equality judgements and no operator symbols which correspond to general equality rules. Instead general equality reasoning is inherited from the metalanguage.

24

5.2

Formalizing Fam

We will follow the recipe for formalizing categories with families in type theory (internal cwfs) described in Dybjer [Dyb96]. It is well-known how to formalize basic categorical notions such as category, functor, natural transformation, etc [HS95] in type theory. It is also well-known how to formalize the type-theoretic analogue of the category of sets in type theory. The objects of this category are setoids (or E-sets) that is sets with equivalence relations. The arrows are functions respecting equivalence relations. The crucial issue for the formalization of cwfs is the formalization of the category Fam, and we follow the approach in the paper Internal Type Theory [Dyb96]. Once we have defined the category Fam it is straightforward to formalize the rest of the cwf-structure in type theory. Note that if a cwf is formally represented as a quadruple consisting of the base category, the family valued functor, the terminal object, and context comprehension, where each of these components itself is a tuple, we can “flatten” this structure into a tuple where each component corresponds to a rule in a substitution calculus for type theory. This calculus is closely related to the calculus of explicit substitutions used by Curien [Cur93]. Like this calculus there is an explicit construction for the type conversion rule [Dyb96]. We can thus see how the type-theoretic perspective gives a rational reconstruction of Curien’s calculus. 5.2.1

Formalizing a category

A category in type theory consists of a set of objects, hom-setoids for each pair of objects, an identity arrow for each object, composition respecting equivalence of the arrows in the hom-setoids, and proofs of the identity and associativity laws. (Note that we have explicit proof objects for each law.)

open record

Setoid Cat Obj

: Set2 where : Set1

−→

: Obj → Obj → Setoid

id

: {A : Obj} → car(A −→ A)

◦

: {A B C : Obj} → car(B −→ C) → car(A −→ B) → car(A −→ C)

... idL

: {A B : Obj} {f : A −→ B} → == (id ◦ f ) f

...

25

(rel(A −→ B))

We have chosen to formalize a notion of locally small category where hom-setoids must be “small” (the carrier is a set), but an object can be “large” (a member of the universe Set1 of large sets). Examples of such locally small categories is the category Set of setoids and the category Fam of setoid-indexed families of setoids. Note also the type of locally small categories is “very large” (a member of a second universe Set2 of very large sets). 5.2.2

Setoids

To define the Fam category, we will need the notion of setoid-indexed family of setoids, and of morphism between those (resp. objects and arrows of Fam). We have seen in section 4.2 how to define a setoid as a record. The next step is to define what a setoid morphism is: ⇒

record

(S1 S2 : Setoid) : Set where

map

: |S1 | → |S2 |

stab

: {x y : |S1 |} → x == 3 y → (map x) == (map y)

Identity and composition of setoid morphisms are easy to add. For instance, {S : Setoid} → S ⇒ S

id

:

id

= record {map = \x → x ; stab = \p → p}

We also add an extensional equality ==⇒ : ==⇒ F1 ==⇒ F2

:

{S1 S2 : Setoid} → S1 ⇒ S2 → S1 ⇒ S2 → Set

=

(forall x → (map F1 x) ==⇒ (map F2 x)) → T rue

We are now ready to define what a setoid indexed family of setoids is: a fibre map that indexes setoids by elements of the carrier of the indexing setoid, a reindexing function ι that maps the equivalence relation of the indexing setoid into the indexed setoids and proofs that this reindexing function is coherent with the fact that the relation is an equivalence. 3 Here

we redefined

==

with the type {S : Setoid} → Equivalence. ==

26

(rel S)

record

SetoidF am f ibre

(S : Setoid) : Set1 where : |S| → Setoid : {x x0 : |S|} → x == x0 → (f ibre x0 ) ⇒ (f ibre x)

ι idcoh symcohL

: {x : |S|} → ι (ref l (rel S) {x}) ==⇒ id {f ibre x} : {x y : |S|} → (p : x == y) → ι (sym (rel S) {x} {y} p) ◦ (ι p) ==⇒ id

symcohR transcoh

: ... : {x y z : |S|} → (p : x == y) → (p0 : x == z) → ι (trans (rel S) {x} {y} {z} p p0 ) ==⇒ (ι p) ◦ (ι p0 )

The last important step is to define what a morphism between objects of type SetoidF am is. There will be one map for each component: the indexing setoid, the fibre map and the reindexing function:

record

=⇒

{S1 S2 : Setoid} (F1 : SetoidF am S1 ) (F2 : SetoidF am S2 ) : Set1 where

indexmap f ibremap

: S1 ⇒ S2 : (x : |S1 |) → (f ibre F1 x) ⇒ (f ibre F2 ((map indexmap x))

ιmap

: {x x0 : |S1 |} → (p : x == x0 ) → ((f ibremap x) ◦ (ι F1 p)) ==⇒ (ι F2 (stab indexmap p)) ◦ (f ibremap x0 )

This can be represented as in the figure 2, with the ιmap part being a proof that the upper part forms a commutative diagram. The rest of the properties needed for Fam to be a category are then straightforward, though particularily tedious.

5.3 5.3.1

The rest From Fam to CwF

As in the classical definition a cwf inside type theory is a quadruple consisting of a base category C, a functor T : C op → Fam, a terminal object of C, and a context comprehension. Above we have outlined the type theoretic definition of a category and of the category Fam. The type-theoretic understanding of the notion of a functor is well-known. Furthermore, it is clear what a terminal object is type-theoretically, and there is no difficulty in expressing the structure 27

f ibremap(f ibre x) f ibremap(f ibre x0 )

ιp f ibre x0

f ibre x

p

x

indexmap

x0

Figure 2: Representation of F1 =⇒ F2

of context comprehension type-theoretically. All this leads to the definition of cwf inside type theory (i.e. the notion of internal cwf), although we do not have room to display the details. The notion of internal cwf can be formalized as a record (iterated Σ-type) assuming only the axioms of a version of Martin-L¨of’s logical framework with Σ-types. (This is modelled categorically by cwfs with a universe, Π-types, and Σ-types). (If we want to express the type of locally small categories (and locally small cwf) internally we also need a second universe Set2 . For the purpose of formalizing the notion of small category (and cwf) one universe suffices.) The notion of cwf just models the most basic structure of dependent types: context and variable formation, substitution in types and terms. Therefore we usually want to work with cwfs with extra structure corresponding to adding type formers (Π, Σ, universes, natural numbers, etc) to dependent type theory. This does not give rise to any further formalization problems. See the Internal Type Theory paper [Dyb96] for further explanation. 5.3.2

Flat vs packed

So far, we have defined the CwF as a record, where each component itself is a record, whose elements are possibly new records, and so on. For example, the

28

first component of a CwF is a category, of which one component (Hom) is a setoid, itself a record. An interesting transformation is to “flatten” all those nested structures into a single record, in the same way that we can flatten a list of lists of lists into a list by a standard function in functional programming. While packed versions are easier to work with, being of “higher level”, cwfs, if flattened, look exactly like inference rules to the dependent type theory that they model. For this reason, we have chosen to develop both versions in parallel, writing the proofs first for the packed version and then backporting them to the flat one.

29

6. From CwFL to CwF 6.1

The transformation

Locally cartesian closed categories (LCCC) have been “proven” by Seely [See84] to be models of dependent type theory. Curien [Cur93] and Hofmann [Hof94] have later proposed solutions to a subtle flaw in Seely’s solution, the so-called “substitution up to isomorphism” problem, which arises from a mismatch between syntax and semantics in the interpretation. We will here outline the proof inside type theory that categories with finite limits, a structure closely related to LCCC, are cwfs. This proof will help us understand how cwfs relate to standard ideas in categorical type theory: why types can be modelled as projection arrows, why terms can be modelled as sections of these projections, and why substitution in types can be modelled by pullbacks. We will then discuss the type-theoretic perspective on the problem of “substitution up to isomorphism” and show the similarity with Curien’s approach. We will also contrast it to Hofmann’s, who used standard categorical notions assuming set-theoretic metalanguage. 6.1.1

Finite limits in type theory

Categories with finite limits can be formalized as categories with terminal objects and pullback (officially, this relies on the fact that a category with terminal objects and pullbacks has all finite limits). As a type-theoretic structure a pullback is a function that given three objects and two arrows constructs an object, two arrows, proofs of commutativity of the square, and a proof of the universal property. Here is the formalization in Agda: record

{A B C D : Obj}(f : A −→ B)(g : A −→ C)

IsP ull

(f 0 : C −→ D)(g 0 : B −→ D) (square : g 0 ◦ f == f 0 ◦ g) : Set1 where : (A0 : Obj)(h1 : A0 −→ C)(h2 : A0 −→ B)

h

(triangle : f 0 ◦ h1 == g 0 ◦ h2 ) → ∃ ! \(h : A0 −→ A) → (g ◦ h == h1 ) ∧ (f ◦ h == h2 ) record

P ullback

{B C D : Obj} (g 0 : B −→ D)(f 0 : C −→ D) : Set1 where

A

: Obj

f

: A −→ B

g square pull

: A −→ C : g 0 ◦ f == f 0 ◦ g : isP ull f g f 0 g 0 square 30

record

: Set2 where : {B C D : Obj}(g 0 : B −→ D)(f 0 : C −→ D)

P ullCat pullprop

→ pullback g 0 f 0 Likewise, terminal objects will be formalized by an object T and a function which, given an object A, will return an arrow A → T and a proof that this arrow is unique. 6.1.2

Intuitions

The idea of interpreting dependent type theory in categories with finite limits (and a fortiori in LCCC) is to model contexts as a sequence of composable arrows which ends in the terminal object. Such sequences will then be decomposed in their first arrow modeling some type σ and the rest of the sequence modeling the context Γ under which σ is well-defined as a type. Extending this construction, we get that if a context Γ is modeled by an object A, then T ype(Γ) is modeled by the collection of arrows with codomain A, and if σ is such a type, then the domain of the arrow modeling it corresponds to the context comprehension A; σ. For modeling the effect of a substitution γ : ∆ → Γ on a type σ in Γ, we will want to “translate” the arrow Γ; σ → Γ along γ, and this is exactly what pullbacks do. The idea of Seely’s transformation is to say that σ[γ] is the left arrow of the pullback of σ along γ: / Γ; σ

∆; σ[γ]

σ

σ[γ]

 ∆

γ

 /Γ

Figure 3: Type substitution However, this does not really work, since the interpretation of σ[γ] is already fixed by the syntax, and nothing allows us to prove that it is the chosen pullback arrow. Since pullbacks are only defined up to isomorphism, the best solution we can come up with is that there is an isomorphism between the syntactic (direct) and semantic (through the pullback construction) versions of σ[γ], which is not enough. This is the problem to which Curien [Cur93] and Hofmann [Hof94] have proposed solutions, which we will detail and contrast to our in section 6.2. 6.1.3

The transformation

We get the cwf structure from a category with finite limits following the intuitions of the previous section: 31

• The base categories is the same. We do not need to explicitly give the whole sequence of arrows which form a context, modeling them by the first object of the sequence is enough. • The set of types in a context Γ is the set of objects of the slice category C/Γ. Equality of types is isomorphism in the slice category, which allows us to avoid the “substitution up to isomorphism” problem. • The set of terms of a given type A in context Γ is the set of sections of the arrow in C with target Γ which models A. Equality of terms is inherited from equality of arrows in the base category (proofs that these arrows are sections are not relevant to the equality). • Substitution in types is obtained by the pullback construction shown before. • Substitution of terms is obtained by the pullback construction shown in figure 4. • Terminal object is already part of the finite limits structure. • Context comprehension is the domain of the type arrow which extends a given context. • The first projection of context comprehension is identified with the type arrow. • The second projection is obtained by another pullback construction which we won’t detail here. ∆1 CUUUUU 11 C UUUUU UUUU 11 C 11 C C M [γ] UUUUUUU M ◦ γ UUUU 11 C UUUU C UUUU 11 UUUU C 11 UUUU C 11 UUUU C! UU* 11 / Γ; σ ∆; σ[γ] id 11 W 11 11 11 11 σ σ[γ] M 11 11 1   /Γ ∆ γ Figure 4: Term substitution

32

We here show part of the Agda formalization of how substitution in types is modelled by the pullback construction (types are omitted when not important). An object of the slice category C/Γ is an arrow, but in order to typecheck, we need to also specify the codomain of this arrow: record

SlObj dom arr

(Γ : Obj) : Set1 where : Obj : dom −→ Γ

We are now ready to proceed: Context = Obj Subst Γ ∆ = Γ −→ ∆ T ype Γ = SlObj Γ T ySubst : {Γ ∆ : Context} → T ype Γ → Subst ∆ Γ → T ype ∆ T ySubst {Γ} {∆} T g = let p = pullprop (arr Γ T ) g in record { dom = pullback.A p ; arr = pullback.g p }

Etc. . .

6.2

“Substitution up to isomorphism”

We can compare this proof to the approach taken in the paper “Substitution up to isomorphism” by Curien [Cur93]. Like us, Curien interprets equality of types as isomorphism in the slice category. Another similarity is that he uses an explicit substitution calculus for dependent type theory not unlike our initial cwf which has an explicit constructor for applications of the rule of type equality. This approach can be contrasted to Hofmann’s work on interpreting type theory in locally cartesian closed categories [Hof94]. In this work he shows how to construct a category with attributes from a category with finite limits using a technique due to B´enabou. Since categories with attributes are equivalent to categories with families this ought to be highly relevant to our work. However, Hofmann uses standard category theory relying on set-theoretic metalanguage, and his notion of category with attributes is a “strict” one, just as our settheoretic notion of cwf in Section 2. To show that in this classical setting categories with finite limits form cwfs, we cannot just interpret substitution as 33

“chosen” pullbacks, unless this choice satisfies the laws of substitution in types up to equality. Hofmann states that it is an open problem to find such a choice. When working in type-theoretic metalanguage on the other hand we have the freedom to interpret equality of types as isomorphism of objects, and thus there is no need for B´enabou’s construction. However, what we gain when avoiding B´enabou’s construction we have to pay back when constructing cwfs (with extra structure) from syntax and proving their initiality. This work is similar to the coherence problem discussed by Curien.

7. Conclusion While most of the interesting part of the formalization has been carried out in Agda, it should be noted that this is still work in progress, and that neither the cwf formalization nor the finite limits proof have been completed yet4 . We however expect the main difficulties to have been solved, and the remaining work, for instance formalizing context comprehension, should be tedious but straightforward enough. Likewise, there is no new idea in the rest of the finite limits to families proof, only variations on the pullback properties. When continuing this work, the first step will of course be to complete all the proofs, and then to extend our cwf model to include Π, Σ and extensional equality types, so as to get an equivalence with locally cartesian closed categories instead of just categories with finite limits. This has already been worked on, though in a set-theoretic metalanguage, by Pierre Clairambault [Cla05]. Another direction is to formalize initial cwf, i.e. initial objects of the category of cwfs, which will provide the term model of dependent type theory that we are looking for. Concretely, it means turning the record definition of a cwf to an inductive definition following the generalized algebraic theory model, where each rule will be turned in a constructor for one of the four types context, type, term and substitution. For the initial cwf to be non-trivial, we need to add extra structure (again, Π and Σ types are good candidates). Some progress has already been made, but there are some serious issues that haven’t been solved yet, for instance the fact that some of the definitions fall outside the standard schema of mutual inductive definitions. As a nice side-effect, we found several bugs in Agda 2 and requested some features that make “real world” usage much easier. Though still young—version 2.0.0 has been released in June 2007—, it proved to be quite mature already and very adapted to the formalization work carried here.

4 The current version of the code is publicly available in the darcs repository at http://www.cs.chalmers.se/∼buisse/lfmtp07/

34

References [Bar99] B. Barras. Auto-validation d’un syst`eme de preuves avec familles inductives. Th`ese de doctorat, Universit´e Paris 7, November 1999. [BD07]

Alexandre Buisse and Peter Dybjer. Towards formalizing categorical models of type theory in type theory. In Proceedings of the LFMTP’07 workshop, 2007.

[BW95] Michael Barr and Charles Wells, editors. Category theory for computing science, 3rd ed. Prentice Hall International (UK) Ltd., Hertfordshire, UK, UK, 1995. [Car86] John Cartmell. Generalized algebraic theories and contextual categories. Annals of Pure and Applied Logic, 32:209–243, 1986. [Cla05] Pierre Clairambault. From categories with families to locally cartesian closed categories. Project Report, ENS Lyon, 2005. [Cur93] Pierre-Louis Curien. Substitution up to isomorphism. Fundamenta Informaticae, 19(1,2):51–86, 1993. [Dan07] Nils Anders Danielsson. A formalisation of a dependently typed language as an inductive-recursive family. In Proceedings of the TYPES meeting 2006. Springer-Verlag, 2007. [Dyb96] Peter Dybjer. Internal type theory. In TYPES ’95, Types for Proofs and Programs, number 1158 in Lecture Notes in Computer Science, pages 120–134. Springer, 1996. [Hof94] Martin Hofmann. On the interpretation of type theory in locally cartesian closed categories. In Leszek Pacholski and Jerzy Tiuryn, editors, CSL, volume 933 of Lecture Notes in Computer Science. Springer, 1994. [Hof96] Martin Hofmann. Syntax and semantics of dependent types. In Andrew Pitts and Peter Dybjer, editors, Semantics and Logics of Computation. Cambridge University Press, 1996. To appear. [HS95]

G´erard Huet and Amokrane Saibi. Constructive category theory. In Proceedings of the Joint CLICS-TYPES Workshop on Categories and Type Theory, G¨ oteborg, January 1995.

[LS86]

Joachim Lambek and Phil Scott. Introduction to Higher Order Categorical Logic. Cambridge University Press, 1986.

[ML75] Per Martin-L¨ of. About models for intuitionistic type theories and the notion of definitional equality. In S. Kanger, editor, Proceedings of the 3rd Scandinavian Logic Symposium, pages 81–109, 1975. 35

[Nor07] Ulf Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers, Gothenburg, Sweden, 2007. [NPS90] Bengt Nordstr¨ om, Kent Petersson, and Jan Smith. Programming in Martin-L¨ of ’s Type Theory: an Introduction. Oxford University Press, 1990. [Pol94]

Robert Pollack. The Theory of LEGO: A Proof Checker for the Extended Calculus of Constructions. PhD thesis, University of Edinburgh, Edinburgh, Scotland, 1994.

[See84]

R. A. G. Seely. Locally cartesian closed categories and type theory. Proceedings of the Cambridge Philosophical Society, 95:33–48, 1984.

36