The systemT T0makes a rigid distinction between types, such asN,A∧B and I(A, a, b), and the objects which inhabit them, 0, (a, b), r(a) and so on. There are situations in which this distinction can usefully be blurred.
• We may wish to make an object depend upon a type parameter — this is often called type polymorphism.
5.9. UNIVERSES 175
• We might want to assert the existence of a type with certain properties — this is the content of anabstract type definition.
• Some functions are most naturally defined over the collection of all objects of all types.
For these and other reasons, we can see the merit of introducing a typeT
of all types, and this was indeed what Martin-L¨of did in an early version [ML71] of his type theory. It was later shown by Girard [Gir72] that this addition made the logic of type theory inconsistent, in the sense that every proposition became provable. Girard’s proof is based on the set-theoretic Burali-Forti paradox, which proves the inconsistency of the set of all well- founded sets, which is a member of itself, and therefore not well-founded.
A common thread to paradoxes such as this and Russell’s is theimpred- icativity of the objects defined: in describing what the members of T are, we have to mentionT itself. This is one point at which the logical and pro- gramming interpretations of type theory diverge; the logical inconsistency of the system means in programming terms that every type has a member. This inhabitation is something we are used to in languages such as Miranda, since every type contains an undefined element, identified by the semantics with the bottom element of a domain. Of course, also, the self-reference in the definition of T is simply that of general recursion, and inconsistency becomes partiality. For detailed analysis of the computational behaviour of the paradox, see [MR86] and Howe’s analysis in [How88, Chapter 4] of the paradox in the related system Nuprl.
If it is our aim to maintain a coherent logical interpretation of the system, T must be avoided. Instead of introducing a single universe, we introduce a hierarchy of universes, Un for n= 0,1,2, . . .. The types given
by the formation rules ofT T0are in U0; hence the subscript ofT T0. If we then addU0as a type, using the same formation rules we form types inU1, and so on, through the hierarchy.
Formally, we obtain the systemT T by modifying the formation rules as follows. Occurrences of the judgementsA is a typeare replaced by
A:Un
and the rule
A1is a type · · · Ak is a type T(A1, . . . , Ak)is a type (T F) is replaced by A1:Un1 · · · Ak:Unk T(A1, . . . , Ak) : Umax(n1,...,nk) (T F)
In other rules which have premisses of the formA is a type, those premisses are replaced byA:Un. We also add the following formation rule
Formation Rule forU Un : Un+1
(U F)
The system of universes is not cumulative; each type is a member of exactly one universe,Uksay, rather than being a member of all the universes
Uk, Uk+1, . . ..
We end this introduction by remarking that the results of section 5.6 carry over toT T with no modification, so that
Theorem 5.36 T T is strongly normalising, has the Church-Rosser prop- erty, and both convertibility and the derivability of judgements of the form
a:A are decidable.
Proof: Exactly as section 5.6. 2
5.9.1
Type families
Because the universes are types just like any other, we can form new objects of these types. For example, we have
x:bool ⊥:U0 >:U0
if x then⊥else> : U0
(bool E)
The termB≡df(if tr then ⊥else>) is a type family over the variable
x:bool, with the property that
B(T rue) → ⊥
B(F alse) → >
This gives a more direct definition of type family than that described in section 4.10.3 above.
Now we prove a theorem using the universeU0to give a result we cannot prove inT T0.
Theorem 5.37 InT T we can derive ¬(T rue=boolF alse).
Proof: Suppose that we havep: T rue=boolF alse. Applying the function
λx .(if x then⊥else>) to the two sides, and reducing, we find
5.9. UNIVERSES 177 If we then perform the substitution of⊥for>in
T riv : >
we have the result
T riv : ⊥
Discharging the original assumption, we have an element of
¬(T rue=boolF alse)
which we assumed as an axiom inT T0. 2 Smith gives a formal proof that the result cannot be derived in (an extension of)T T0in his paper [Smi87]
5.9.2
Quantifying over universes
Many functions can be derived for arbitrary types; among the examples are all the functions of section 4.5. We can rewrite the derivation of the identity function thus
U0 : U1 (U F) [A : U0]2 (AS) [x:A]1 (AS) λxA. x : (A⇒A) (⇒I)1 λAU0. λxA. x : (∀A:U0).(A⇒A) (∀I)2
The informal assumption thatA is a typehad been derived is replaced here by the formal assumptionA : U0, which is subsequently discharged. The function defined will give the identity function over any typeAinU0when applied to that type. For example,
(λAU0. λxA. x)N → λxN. x : (N ⇒N)
This gives a form of polymorphism; the identity function is thus defined for all ‘small’ types (as we call the members ofU0) uniformly.
If we are given an abstract type, this usually means that we are given a type which we can access only through certain operations over that type, rather than all the operations available over the type.
Consider a type like (∃A:U0). P(A)
What do objects of this type look like? They are pairs (A, p) of objects,
Ais a (small) type, andpis a proof that it has the propertyP(A). Suppose we have definedP(A) to be
(A⇒A)∧(A⇒A)
then an object of the existential type will be a typeAtogether with
p : (A⇒A)∧(A⇒A)
that is a pair of functions fromAto itself. An object of this type is equiv- alent to an implementation of an abstract type, with signature (written in Miranda notation)
abstype A
with f1 :: A -> A f2 :: A -> A
wheref1andf2are the first and second projections ofp, of course. We shall have more to say about quantified types in the following chap- ter, where we look at a series of examples.
5.9.3
Closure axioms
The usual way that we characterise the members of a type is by a pair of rules: the introduction rule explains what objects are permitted to be ele- ments of the type, and the elimination rule (together with the computation rule) characterises these elements as the only elements of the type. We could call the latter rules theclosureaxioms for the type. It is the closure axioms for a type Awhich allow us to prove properties for all elements of
A, and to define functions by recursion overA.
The rules we have given for universes correspond to introduction rules; if we wish to define functions by recursion over the universe we need a closure axiom to that effect. In Martin-L¨of’s treatment of the system, these axioms have been omitted deliberately; for philosophical reasons he has chosen to make the universes open-ended, so that other type forming operations can be added to the system without violating the closure axioms.
The closure axioms permit us to define polymorphic functions which fail to be parametric ([Str67]). We could, for instance, define a function which was the identity function on all types butN, and which was the successor functionλn .(succ n) onN. This would have the type
(∀A:U0).(A⇒A)
just as did the polymorphic identity function, which had a parametric def- inition — we did not perform any analysis on the type variable A in the definition of the identity function, it was simply aparameter.