Page 1

Appears in Computer Science Logic: Proceedings of the 18th International

Workshop CSL 2004, Karpacz, Poland, September 20–24, 2004, Lecture

Notes in Computer Science 3210, pages 235–249. Springer-Verlag, 2004.

A Dependent Type Theory with Names and Binding

Ulrich Sch¨ opp and Ian Stark

LFCS, School of Informatics, University of Edinburgh

JCMB, King’s Buildings, Edinburgh EH9 3JZ

Abstract. We consider the problem of providing formal support for working

with abstract syntax involving variable binders. Gabbay and Pitts have shown in

their work on Fraenkel-Mostowski (FM) set theory how to address this through

first-class names: in this paper we present a dependent type theory for program-

ming and reasoning with such names. Our development is based on a categori-

cal axiomatisation of names, with freshness as its central notion. An associated

adjunction captures constructions known from FM theory: the freshness quanti-

fier

N , name-binding, and unique choice of fresh names. The Schanuel topos —

the category underlying FM set theory — is an instance of this axiomatisation.

Working from the categorical structure, we define a dependent type theory which

it models. This uses bunches to integrate the monoidal structure corresponding

to freshness, from which we define novel multiplicative dependent products Π∗

and sums Σ∗, as well as a propositions-as-types generalisation H of the freshness

quantifier.

1Introduction

Thehandlingofvariablebindinginabstractsyntaxisarecognisedchallengeformachine-

assisted reasoning about programming languages and logics. The problem is that a sig-

nificant part of the formalisation effort may go into dealing with issues that are normally

suppressed in informal practice: namely that one is working with α-equivalence classes

of terms rather than raw terms.

Gabbay and Pitts have shown that FM set theory supports a notion of names that can

make precise the informal practise of using concrete names for α-equivalence classes.

Theygiveanumberofusefulconstructions:abstractsyntaxwithbinderscanbeencoded

asaninductivedatatype,thereisausefulsyntax-independentnotionofname-freshness,

and a freshness quantifier simplifies reasoning with names.

The approach of Gabbay and Pitts has been studied in a number of other set-

tings, among which are the first-order Nominal Logic [18], the higher-order logic FM-

HOL [6] as well as the programming language FreshML [19]. Related [9] to FM the-

ory, the Theory of Contexts [11] provides an axiomatisation of reasoning with names

in dependent type theory. The ideas underlying FM have also proved useful in other

areas such as Spatial Logic [2] or programming with semi-structured data with hid-

den labels [1]. These approaches typically focus either on programming with names, or

reasoning about them. The Theory of Contexts, for example, supports reasoning with

names, but does not admit functions that compare names or which (locally) choose fresh

names.

Page 2

In this paper we take the first steps towards a dependent type theory incorporating

FM concepts for both programming and reasoning with names. We introduce a depen-

dent type theory, using as guidance the categorical structure of Schanuel topos, which is

the category corresponding to FM set theory. In contrast to FM set theory, where swap-

ping is the primitive notion for working with names, we take freshness as the central

primitive of our type theory. This allows us to describe the constructions with names

and binding in terms of universal constructions, and also avoids problems with exten-

sional equality, which seems to be necessary for defining α-equivalence classes using

swapping.

As the first contribution of the paper we introduce a bunched dependent type the-

ory. Since freshness corresponds to a monoidal structure, bunches provide a natural

way of integrating it into the type theory. Our bunched type theory may be seen as

a generalisation of the αλ-calculus of O’Hearn and Pym [17,20]. The αλ-calculus is

a simple type theory corresponding to a category which is both cartesian closed and

monoidal closed. Our type theory extends this situation, but only in the additive di-

rection: we consider a category which is locally cartesian closed as well as monoidal

closed.Inthisstructure,wecanmodeladependenttypetheorywithtwofunctionspaces

Πx:A.B and Π∗x:C.D. The first comes from the locally cartesian closed structure and

consists of normal dependent functions. The second, which is subject to the restriction

that C is closed, comes from the monoidal closed structure and may be thought of as

consisting of functions which are only defined on arguments x : C that contain just

fresh names. In particular, with a type of names N, we can use Π∗n:N.D to model

α-equivalence classes, which corresponds to the well-known approach of modelling

α-equivalence classes as ‘fresh functions’ [7,4,9,5]. Another way of representing α-

equivalence classes, as given in [7], is to consider them as pairs n.x of a term x with a

distinguished name n in such a way that the identity of n is hidden in the pair. This rep-

resentation is also available in our type theory as fresh sum types Σ∗, dual to Π∗. The

inhabitants of Σ∗x:C.D may be thought of as pairs M.N where M :C and N :D(M)

and in which all the names in M have been hidden. To formulate Σ∗-types, we intro-

duce a type B∗(M:A), thought of as those elements of B which are free from all the

names in the term M :A. These freefrom types are used to enforce that no use of a pair

M.N in Σ∗x:C.D can reveal the hidden names.

As a second contribution of the paper, we give a new categorical axiomatisation of

names and binding. The main feature of this axiomatisation is a propositions as types

generalisation of the freshness quantifier of Gabbay and Pitts. To recall the freshness

quantifier, consider quantifiers ∃∗x:A.ϕ and ∀∗x:A.ϕ expressing ‘ϕ holds for some x

containing only fresh names’ and ‘ϕ holds for any x containing only fresh names’ re-

spectively. The freshness quantifier

N

arises because, for the type of names N, the

propositions ∃∗n:N.ϕ and ∀∗n:N.ϕ are equivalent; and

of them. We have a propositions-as-types correspondence between ∃∗and Σ∗as well as

between ∀∗and Π∗, so one may generalise the equivalence of ∃∗n:N.ϕ and ∀∗n:N.ϕ

to an isomorphism between Σ∗n:N.D and Π∗n:N.D.

This motivates our categorical axiomatisation of names. The central concept is

freshness, giving rise to a certain ‘fresh weakening’ functor W. The types Σ∗and Π∗

are left and right adjoints to W. Names are given by an object N having decidable

N n.ϕ is used to denote either

Page 3

equality. Moreover, we require an isomorphism Σ∗

quantifier. We show that this structure includes not only the freshness quantifier, but

also binding (n.x) as in [7,16] as well as unique choice of fresh names (new n.M) as

in FreshML [19].

The semantics leads us to a type theory with names and binding. Based on the iso-

morphism Σ∗

freshness quantifier. We may think of the elements of Hn.D as elements of Σ∗n:N.D,

i.e. pairs with hidden names, but also as elements of Π∗n:N.D, i.e. functions taking

only fresh names. In analogy to the freshness quantifier, which has the rules from both

∃∗and ∀∗, the rules for H are those from both Σ∗and Π∗. This dual view of hidden-

name types turns out to be useful for working with abstract syntax: it allows us to use

both HOAS-style constructions and FM-style constructions at the same time.

N∼= Π∗

Ngeneralising the freshness

N∼= Π∗

N, we introduce hidden-name types Hn.D as a generalisation of the

2 A Bunched Dependent Type Theory

In this section we introduce a first-order bunched dependent type theory and identify

the categorical structure corresponding to it. The type theory has the following forms

of sequents: (? Γ Bunch) — Γ is a bunch, or context; (Γ ? A Type) — A is a

type in context Γ; (Γ ? M : A) — M is a term of type A in context Γ; as well as

corresponding sequents for definitional equalities.

2.1 Bunches and Structural Rules

Bunches are built from the empty bunch ♦ using two kinds of extension. First, the fa-

miliar additive context extension from dependent type theory, which takes a bunch Γ to

the bunch Γ, x:A. Second, a multiplicative extension taking two bunches Γ and ∆ to

a new bunch Γ ∗ ∆. This extension is non-dependent in that no dependency is allowed

across the ∗. The bunch Γ ∗∆ should be thought of as the context Γ,∆ with the restric-

tion that the names occurring in Γ are disjoint from those in ∆. For example, if Lam is

a type which encodes object-level λ-terms, then the bunch (x:Lam,y:Lam)∗(z:Lam)

declares three terms x, y and z with the property that the names (representing the free

variables of the encoded terms) in x and y are disjoint from those in z.

? ♦ Bunch

In the side condition of these rules, we write v(Γ) for the set of variables declared in Γ.

We will frequently omit such side-conditions on the variable names, assuming tacitly

that we encounter only bunches in which no variable is declared more than once.

We use the notation Γ(∆) to indicate that Γ has a sub-bunch ∆, where sub-bunches

are defined as follows: ∆ is a sub-bunch of itself, and if ∆ is a sub-bunch of Γ then it

is also a subbunch of (Γ, x:A), and Γ ∗ Φ, and Φ ∗ Γ. We write Γ(Φ) for the bunch

which results from Γ(∆) by replacing the (unique) occurrence of ∆ in Γ with Φ.

Using this notation, we can formulate the structural rules:

Γ ? A Type

? Γ, x:A Bunch

x ?∈ v(Γ)

? Γ Bunch

? Γ ∗ ∆ Bunch

? ∆ Bunchv(Γ) ∩ v(∆)=∅

(Proj)

Γ ? A Type

Γ, x:A ? x : A

x ?∈ v(Γ)

Page 4

(Weak)Γ(∆) ? J

∆ ? A Typex ?∈ v(Γ,∆)

Γ(∆, x:A) ? J

Γ(∆) ? J

= = = = = = = = = = =

Γ(∆ ∗ ♦) ? J

In these rules, we use J for an arbitrary judgement and double lines for bi-directional

rules. We highlight the rule (Unit) which requires the empty bunch ♦ to be a unit for ∗,

thus making ∗ affine. In particular, the multiplicative weakening rule

(∗-Weak)Γ(∆) ? J

Γ(∆ ∗ Φ) ? J

becomes admissible by using (Unit) together with (Weak).

Semantically, the bunches and structural rules can be modelled by a comprehension

category [12] that in addition has an affine (i.e. the unit is isomorphic to the termi-

nal object) symmetric monoidal structure ∗ in its base. We model the additive context-

extension Γ, x:A by the comprehension, and the multiplicative context-extension Γ∗∆

by the monoidal product. To simplify the development, we make an additional assump-

tion on the monoidal structure, given by the following definition [10].

(Subst)∆ ? M : AΓ(∆, x:A) ? J

Γ(∆)[M/x] ? J [M/x]

(Assoc)Γ((∆ ∗ Φ) ∗ Ψ) ? J

= = = = = = = = = = = = = = =

Γ(∆ ∗ (Φ ∗ Ψ)) ? J

(Unit) (Swap)Γ(∆ ∗ Φ) ? J

= = = = = = = = = = =

Γ(Φ ∗ ∆) ? J

? Γ(∆ ∗ Φ) Bunch

Definition 1. An affine linear category is a category B with finite products and an affine

symmetric monoidal structure ∗ such that, for any two objects A and B of B, the canon-

ical map ?π1,π2? : A ∗ B → A × B is a monomorphism.

In most of the paper, we take a special comprehension category: the codomain fibra-

tion cod : B→→ B for an affine linear category B having all pullbacks. Although tech-

nically the interpretation uses a corresponding split fibration to deal with well-known

coherence issues [8], in the following we elide such details. We assume the reader to be

familiar with the semantics of (first-order) dependent type theory, see e.g. [12,22,21].

2.2Type Formers

In this section, we consider the types and terms, motivating them semantically. Starting

from a codomain fibration cod : B→→ B with an affine linear base B, we step-by-step

add more structure and introduce syntax based on it.

Type and term constants. Basic types and terms are given by constants. These can be

formulated as usual. For example, a type constant T in context Γ may be introduced

as (Γ ? T(x) Type), where x is the list of variables defined in Γ. That it is enough

to annotate the constants just with the list of variables in Γ, ignoring any bunching

structure, is a consequence of the assumption that the canonical map A ∗ B ? A × B

is a monomorphism.

Additive types (Σ, Π). Types found in Martin-L¨ of type theory can also be formulated

as usual. In this paper, we use dependent sums and products, but others such as identity

types can be added without problem. To model Π-types in the codomain fibration, we

assume B to be locally cartesian closed [21,12].

Page 5

Monoidal product (*). We add types A∗B which internalise the context multiplica-

tion Γ ∗ ∆. The type A∗B may be thought of as containing all pairs ?M,N? in A×B

for which the sets of names underlying M and N are disjoint.

(∗-Ty)? A Type

? B Type

? A∗B Type

(∗-I)? A∗B TypeΓ ? M : A∆ ? N : B

Γ ∗ ∆ ? M∗N : A∗B

Γ(x:A ∗ y:B)[x∗y/z] ? N : C [x∗y/z]

(∗-E)Γ(z:A∗B) ? C Type

Note that the type A∗B requires both A and B to be closed. This is because of substitu-

tion, as (A∗B)[σ] and (A[σ]∗B[σ]) would not always have isomorphic interpretations.

Since the rule (∗-Weak) is admissible, we can derive an inclusion ıA,B of type

A∗B → A×B, given by the term ıA,B =df λp : A∗B.(let p be x∗y in ?x,y?). Us-

ing this, we can state the equations for the monoidal product:

∆ ? M : A∗B

Γ(∆)[M/z] ? (let M be x∗y in N) : C [M/z]

(∗-β)

Γ ? let M∗N be x∗y in R : C

Γ ? (let M∗N be x∗y in R) = R[M/x][N/y] : C

∆ ? M : A∗B

Γ(∆)[M/z] ? N [M/z] = let M be x∗y in (N [x∗y/z]) : C[M/z]

(∗-η)

Γ(z:A∗B) ? N : C

(Inject)Γ ? M : A∗BΓ ? N : A∗B

Γ ? M = N : A∗B

Γ ? ıA,B(M) = ıA,B(N) : A×B

Fresh dependent products (Π∗). We now make the further assumption on B that, for

eachobjectAinB,thefunctor−∗ApreservespullbacksandhasarightadjointA −∗ −.

This gives rise the following situation. Let gl(− ∗ A) be the fibration defined by

change-of-base as in the left square below. Let WA: B→→ B/(− ∗ A) be the functor

which maps an object f : B → G to f ∗A : B∗A → G∗A. The assumption that −∗A

preserves pullbacks amounts to saying thatWAis a fibred functor from cod to gl(−∗A).

Moreover, it follows that WAhas a fibred right adjoint Π∗

e.g. [14]. Explicitly, Π∗

the pullback on the right.

A: B/(− ∗ A) → B→, see

Amaps an object g : C → G∗A to the the morphism Π∗

Ag as in

B/(− ∗ A)

gl(−∗A)??

??

??

B→

cod

??

B

−∗A

??B

Π∗

AC

??

Π∗

Ag??

??

A −∗ C

A−∗g

??

G

η

??A −∗ (G ∗ A)

Proposition 1. For any object A of B, the functor WAas defined above has a fibred

rightadjointΠ∗

AifandonlyifA∗−preservespullbacksandhasarightadjointA −∗ −.

In this way, we can recast the monoidal closed structure in terms of a fibred adjunction,

and introduce syntax for the fibred adjunction as follows.

(Π∗-Ty)

Γ ∗ x:A ? B Type

Γ ? Π∗x:A.B Type

Page 6

(Π∗-I)

Γ ∗ x:A ? M : B

Γ ? λ∗x:A.M : Π∗x:A.B

(Π∗-β)

Γ ∗ ∆ ? (λ∗x:A.M)@N = M [N/x] : B [N/x]

(Π∗-η)

Γ ? λ∗x:A.(M@x) = M : Π∗x:A.B

NoticethatthefreshdependentproductΠ∗x:A.B isonlywell-formedforclosedtypesA,

as bunching does not allow dependency across the ∗ in the bunch Γ ∗ x:A.

The rules of Π∗derive from the adjoint correspondence

(Π∗-E)Γ ? M : Π∗x:A.B

Γ ∗ ∆ ? M@N : B [N/x]

Γ ∗ x:A ? M : B

∆ ? N : A

∆ ? N : A

Γ ? M : Π∗x:A.B

1G∗A = WA(1G) → C

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

1G → Π∗

in B/(G ∗ A)

in B/G

A(C)

,

since morphisms 1G→ D in B/G correspond to terms in context G. Here, 1Gdenotes

the terminal object in B/G. That Π∗

behaves as expected, that is we have (Π∗x:A.B)[M/y] = Π∗x:A.(B[M/y]) as well as

(λ∗x:A.N)[M/y] = λ∗x:A.(N[M/y]).

Ais a fibred right adjoint means that substitution

Freefrom types (A∗(N:B)). Having considered a fibred right adjoint Π∗

natural to ask for a fibred left adjoint Σ∗

we need to account for a one-to-one correspondence between maps B → WA(C) in

B/(G∗A) and Σ∗

B → WA(C), and so must introduce syntax for WA(C). Note that this is not necessary

for Π∗, since there we only need the value of WA(1G), which is 1G∗A.

We introduce types B∗(M:A)as a syntax for working with WA(B). Intuitively, the

type B∗(M:A)comprises all those p : B∗A whose second component π2(p) is M : A.

The functor WAmay then be understood as a ‘fresh weakening’ functor, taking the

type (Γ ? B Type) to (Γ ∗ x:A ? B∗(x:A)Type). Here, type A is necessarily closed,

while B may in general depend on Γ. However, in the present paper we avoid the

complexity of managing substitution in B by restricting to closed freefrom types:

Ato WA, it is

Ato WA. To add syntax for such a left adjoint,

A(B) → C in B/G. Hence, we need a syntactic equivalent for the map

(F-Ty)? A Type

? B Type

∆ ? B∗(N:A)Type

Γ ? M : B

Γ ∗ ∆ ? M∗N: B∗(N:A)

∆ ? M : B∗(N:A)

∆ ? N : A

(F-I)? A,B Type∆ ? N : A

(F-E)Γ(x:A, z:B∗(x:A)) ? C TypeΓ(y:B ∗ x:A) ? R : C[y∗x/z]

Γ(∆)[N/x][M/z] ? let M be y∗xin R : C[N/x][M/z]

The equations1, in which Γ ? Q : B∗(N:A), are:

(β) let M∗Nbe y∗xin R = R[N/x][M/y]

(η) let Q be y∗xin R[y∗x/z] = R[N/x][Q/z]

1For brevity, from now on, we omit the contexts and typeability assumptions in the formu-

lation of equations. Nevertheless, all equations are to be understood as equations-in-context,

formulated under suitable typeability assumptions.

Page 7

Furthermore, we add a constant to ‘join’ two elements of freefrom types.

(F-join)Γ ? M : A∗(R:C)

Γ ? joinA,B,C(M,N) : (A × B)∗(R:C)

This constant is part of the syntax for WA, arising from the fact that WAis a fibred

functor, equivalently that − ∗ A preserves pullbacks. It makes available the important

property of freshness that if two objects x and y are fresh for some z then so is the

pair ?x,y?. The behaviour of join is described by the equations

let joinA,B,C(M,N) be y∗xin (π1y)∗x= M,

let joinA,B,C(M,N) be y∗xin (π2y)∗x= N.

Γ ? N : B∗(R:C)

The semantic interpretation of (F-Ty) is given by the following diagram.

•

??

B∗(N:A)??

??

B ∗ A

π2

??

??

B ∗ A

!∗A

??

∆

N

??A

∼

=

??1 ∗ A

To see how this corresponds to WA, recall that a closed type B in context Γ corresponds

to the projection πB: Γ ×B → Γ. Using pullback-preservation of −∗A, the following

square is easily seen to be a pullback.

(Γ × B) ∗ A

πB∗A??

Γ ∗ A

π2∗A??

??

B ∗ A

π2

??

π2

??A

Since the bottom row of this diagram corresponds to the term Γ ∗ x:A ? x : A, this

means that (Γ ∗x:A ? B∗(x:A)Type) receives an interpretation isomorphic to πB∗A,

which, by definition, is just WA(πB).

Fresh dependent sums (Σ∗). We now assume that WAhas a fibred left adjoint Σ∗

Using freefrom types as syntax for WA, this gives rise to the following rules for Σ∗

A.

A.

(Σ∗-Ty)Γ ∗ x:A ? B Type

Γ ? Σ∗x:A.B Type

Γ ? M : A

Γ ? bind(M,N) : (Σ∗x:A.B)∗(M:A)

(Σ∗-E)Γ ? M : Σ∗x:A.B

Γ ? let M be x.y in N : C

M.N =df (let bind(M,N)be u∗min u)

Theserulesarebestexplainedusingtheintendedmodelofnames.Thetermbind(M,N)

in (Σ∗-I) may be understood as the pair ?M,N? with all the names in M made private,

together with a proof that the names in M are indeed fresh for the pair. The abbrevia-

tion M.N is a short-hand for the pair without the proof of freshness. The introduction

rule (Σ∗-I) has a freefrom type in its conclusion because the constructor bind(N,M)

(Σ∗-I)x:A ? B TypeΓ ? N : B[M/x]

(Γ ∗ x:A), y:B ? N : C∗(x:A)

Page 8

comes from the unit η : B → WAΣ∗

is the semantic equivalent of (Σ∗x:A.B)∗(x:A). The elimination rule (Σ∗-E) formalises

the intuition that an element M of type Σ∗x:A.B is a pair with name-hiding. For this

intuition to be valid, it should only be possible to use the components of the pair M in

such a way that none of the hidden names is revealed. In (Σ∗-E) this is achieved using

freefrom types: the term N has type C∗(x:A), and such a term can be understood as an

element of C whose value does not depend on the names in x.

Theequations,inwhich(Γ∗x:A),y:B ? R :C∗(x:A)andΓ,z:Σ∗x:A.B ? Q :D,

follow from the triangular identities for the adjunction Σ∗

AB of the adjunction, whose codomain WAΣ∗

AB

A? WA.

(β)

(η)

let bind(M,N)be z∗uin (let z be x.y in R)∗u= R[M/x][N/y]

let M be x.y in (let bind(x,y)be z∗xin Q∗x) = Q[M/z]

We remark that the restriction on freefrom types that B must be closed in B∗(M:A)

makes the rules for Σ∗incomplete. For example, we have to restrict (Σ∗-I) so that B

can only depend on x. More general rules are possible with unrestricted freefrom types.

2.3Examples and Applications

As a simple example, we show that one can go from Πx:A.B to Π∗x:A.B, as is the

case in the affine αλ-calculus.

...

(Proj)

f :Πx:A.B ? f : Πx:A.B

(f :Πx:A.B) ∗ ♦ ? f : Πx:A.B

(f :Πx:A.B) ∗ x:A ? f : Πx:A.B

(Unit)

(Weak)

...

(Proj)

(Unit)

x:A ? x : A

x:A ∗ ♦ ? x : A(Swap)

♦ ∗ x:A ? x : A

(f :Πx:A.B) ∗ x:A ? x : A(Π-E)

(Π∗-I)

(Weak)

(f :Πx:A.B) ∗ x:A ? f x : B

f :Πx:A.B ? λ∗x:A.f x : Π∗x:A.B

With type dependency and freefrom types, we can express freshness assumptions

more precisely than with simply-typed bunches alone. For example, the freshness as-

sertions in the context x : A, y : A, u : A∗(x:A), v : A∗(?x,y?:A×A)cannot be expressed

with simply-typed bunches. On the other hand, the only way the freshness information

in freefrom types B∗(M:A)can ever be used is via bunches. We then have to ask the

question if this is enough to derive useful statements involving freefrom types.

A useful set of rules for working with freefrom types appears in the type system of

FreshML [19], which may be seen as a simply typed system with restricted freefrom

types. Rules similar to those in FreshML are admissible in our system, thus allowing

us to work with freefrom types in the style of FreshML. The main use of freshness in

FreshML is for abstraction types (α-equivalence classes) and for the choice of fresh

names (new n.M). Since we will see below that both constructions arise as instances

of Π∗and Σ∗, we expect to have at our disposal at least the uses of names and binding

as found in FreshML.

Furthermore, with dependent types we can also work with types that are not avail-

able in FreshML. For example, assume an inductive type L of lists of names. By struc-

tural recursion, we can define a function remove of type Πn:N.(L→L∗(n:N)) taking

Page 9

a name n and a list l to the list which results by removing n from l. As can be seen

from the type, remove also provides a proof that n is fresh for the resulting list. Such

freshness information is crucial for defining functions out of α-equivalence classes, to

guarantee that the definition is independent of the choice of representative. An example

of this, the function computing the free variables of a term, is given in Sec. 3.1 below.

2.4 Models

We summarise the structure required of a category B so that its codomain fibration

models all of the syntax. The interpretation itself also requires this structure to be split,

but due to space restrictions we omit the details of the interpretation.

Definition 2. An affine linear category B is a model of the bunched dependent type

theory if it is locally cartesian closed, and if, for each object A in B, the functor WAas

defined above is a fibred functor from cod to gl(−∗A) having both fibred left and right

adjoint Σ∗

We have seen that the fibred adjunction WA? Π∗

monoidal structure. We know of no such non-fibred restatement for Σ∗

A? WA? Π∗

A.

Acan be formulated in terms of the

A? WA.

3Names and Binding

In this section we consider how the bunched type theory can be used for working with

names and binding. To this end, we consider a particular model of the type theory, the

SchanueltoposS,whichisbeingwidelyusedasauniverseinwhichtoworkwithnames

and binding. The Schanuel topos may be thought of as a category of sets involving

names. For lack of space, we cannot present it in any detail; the reader is referred to e.g.

[7]foritsusefornamesandbinding,andtoe.g.[15,13,16]forcategoricalpresentations.

For the type theory we use the following categorical structure of S.

Proposition 2. The Schanuel topos S is a model of the bunched type theory having the

following additional structure.

1. Finite coproducts which are stable under pullback.

2. An object N for which [δ,ı] : N + (N ∗ N) → (N × N) is an isomorphism. Here

δ is the diagonal map and ı is the canonical monomorphism.

3. A vertical natural isomorphism i : Σ∗

mutes.

WNΣ∗

N

????????

N→ Π∗

Nsuch that the triangle below com-

WN(i)

??WNΠ∗

N

ε

????????

Id

η

Here η is the unit of Σ∗

4. For each object A and each monomorphism m : B ? C, the commuting square

below is a pullback.

N? WNand ε is the counit of WN? Π∗

N.

B ∗ A

m∗A??

C ∗ A

??

π1

??

B

m

??

π1

??C

Page 10

In the rest of this section we explain the structure in this proposition and how it can

be integrated in the type theory. We argue informally towards the relation of the above

structure to constructions in FM set theory.

As a model of the bunched type theory, S has both Σ∗and Π∗types. The fresh sums

Σ∗x:A.B may be constructed by taking certain equivalence classes of pairs ?M,N?

with M :A and N :B[M/x]. Fresh products Π∗x:A.B may be constructed as certain

partial functions from A to B. This underpins the view of Σ∗x:A.B and Π∗x:A.B as

non-standard sums and products. The difference from the standard sums and products

is determined only by the names in A. For a type A that does not contain names, such as

the natural numbers, the non-standard sums and products agree with the standard ones.

In Prop. 2.2 we ask for an object N of names with the property that any two names

are either equal, i.e. a single element of N, or they are fresh, i.e. an element of N∗N.

Thus, names have decidable equality, with two names being different precisely when

they are fresh. This object of names plays the same role as the set of atoms A in FM set

theory. We omit the rules for the type of names and its decidable equality, but remark

that stable coproducts are used in the formulation of the term for deciding the equality.

Prop. 2.3 concerns the structure of the types Σ∗n:N.B and Π∗n:N.B. Both types

can be used for encoding of α-equivalence classes. An element n.x of type Σ∗n:N.B

is, by construction, an equivalence class and may be understood as the α-equivalence

class of x with respect to n. This encoding of α-equivalence classes agrees with that

of FM set theory. Indeed, for a closed type B, the construction of Σ∗n:N.B is (essen-

tially) the same as that of the abstraction set [A]B of FM set theory. In the work on

FM sets, it was also observed that α-equivalence classes may be constructed as partial

functions from N to B. This construction is captured by the type Π∗n:N.B. Therefore,

Σ∗n:N.B and Π∗n:N.B are different encodings of the same α-equivalence classes,

which means that the types should be isomorphic. This explains the isomorphism in

Prop. 2.3. The isomorphism is useful for working with α-equivalence classes, as it al-

lows us, for example, to form an α-equivalence class as a pair n.x in Σ∗n:N.B, and

then to use it as a function in Π∗n:N.B to instantiate it at some other name (n.M)@m.

We give further examples of this in Sec. 3.1, see also [7].

We integrate the isomorphism i in the type theory by means of hidden-name types

Hn.B which are isomorphic to both Σ∗n:N.B and Π∗n:N.B. The rules for Hn.B are

those from both Σ∗and Π∗, giving H a self-dual nature.

(H-Ty)Γ ∗ n:N ? B Type

Γ ? Hn.B Type

(H-E1)Γ ? M : Hn.B

(H-I1)

Γ ∗ n:N ? M : B

Γ ? λ∗

(H-I2)n:N ? B Type

Hn.M : Hn.B

∆ ? N : N

Γ ∗ ∆ ? M@HN : B [N/n]

Γ ? M : N

Γ ? bindH(M,N) : (Hn.B)∗(M:N)

(H-E2)Γ ? M : Hn.B

Γ ? let M be n.Hy in N : C

M.HN =df (let bindH(M,N)be u∗min u)

The type Hn.B may be interpreted as either Σ∗

terpretation of λ∗

Γ ? N : B[M/n]

(Γ ∗ n:N), y:B ? N : C∗(n:N)

NB or Π∗

NB. In the first case, the in-

Hn.M and M@HN is given by i−1(λ∗n : N.M) and (i(M))@N

Page 11

respectively. With this interpretation, (β) and (η)-equations for H derive from those

for Σ∗and Π∗. A further equation, which we omit, arises from the naturality of i.

(β1)

(η1)

(β2)

(η2)

(λ∗

λ∗

let bindH(M,N)be z∗uin (let z be x.y in R)∗u= R[M/x][N/y]

let M be x.Hy in (let bindH(x,y)be z∗xin Q∗x) = Q[M/z]

Hn.M)@HN = M [N/n]

Hn.(M@Hn) = Mn ?∈ FV(M)

The commuting diagram in Prop. 2.3 provides two additional equations, which ex-

plain (to some extent) the interaction between the two roles of Hn.B as Σ∗n:N.B

and Π∗n:N.B. The equations are formulated in context Γ ∗ n:N.

(β3)let bindH(n,N)be x∗min x@Hm = N

(η3) bindH(n,let Mbe x∗min x@Hm) = M

From Prop. 2.4 it follows that hidden-name types are in propositions as types cor-

respondence with the freshness quantifier

N

subobjects of S. From the fibred adjunction Σ∗

adjunction ∃∗

ping a subobject m : B ? C to m ∗ A : B ∗ A ? C ∗ A (note that − ∗ A preserves

pullbacks, and so also monos). Prop. 2.4 then means that WS

along the projection π1: (−) ∗ A → (−). Thus, the propositions as types analogues

∃∗

In the particular case where A is N, it follows from Σ∗

have thus shown that, along the projection π1: (−) ∗ N → N, the existential and the

universal quantifier agree, and it may be seen [16] that this amounts the the freshness

quantifier

N , i.e.

N

= ∃∗

they thus correspond to

N .

of Gabbay and Pitts. Consider the logic of

A? WA ? Π∗

Aon Sub(S), where WS

Awe can derive a fibred

Ais the endofunctor on Sub(S) map-

A? WS

A? ∀∗

Ais nothing but substitution

Aof Σ∗

Aand ∀∗

Aof Π∗

Aarise in terms of ordinary quantification along this projection.

N∼= Π∗

Nthat ∃∗

N= ∀∗

N. We

N= ∀∗

N. As hidden-name types correspond to both ∃∗

Nand ∀∗

N,

3.1 Examples and Applications

Unique choice of fresh names. For programming with names and binders, it is useful to

have the ability to generate fresh names. In FreshML, one can write a term (new n.M),

which is thought of as the unique value of M for an arbitrary freshly chosen name n.

The existence of such a unique value can be guaranteed by a freshness condition on M.

Using our notation, the introduction rule for new may be written as follows.

Γ ∗ n:N ? M : C∗(n:N)

Γ ? new n.M : C

This is derivable in our system by means of the following derivation, in which we

write 1 for the unit type with unique element ?:1.

···

Γ ∗ n:N ? ? : 1

Γ ? λ∗

Γ ? let (λ∗

Hn.? : Hn.1

Γ ∗ n:N ? M : C∗(n:N)

(Γ ∗ n:N),u:1 ? M : C∗(n:N)

Γ, z:Hn.1 ? let z be n.u in M : C(Subst)

Hn.?) be n.u in M : C

(Weak)

(Weak), (H-E2)

Page 12

We use (new n.M) as an abbreviation for the term in the conclusion of this derivation.

In this way, we are using the fact that Hn.1 is inhabitated to obtain a supply of fresh

names. This generalises the situation in FM set theory or the Theory of Contexts, where

one uses the truth of the proposition ( N n.?) as a supply of fresh names for reasoning.

Abstract Syntax with Variable Binding. A key application of names and binding is for

working with abstract syntax involving variable binders. We encode abstract syntax as

an inductive type, using hidden-name types Hn.A for object-level binders. The duality

of H offers two styles of working with abstract syntax: viewing H as Π∗allows us to

work in the style of weak Higher Order Abstract Syntax (wHOAS) [3,11], and view-

ing H as Σ∗supports the style of FM set theory. In the rest of this section, we give

examples illustrating the advantages of both views as well as showing the benefits of

mixing the two styles.

We take the syntax of the untyped λ-calculus as an example, encoding it as an

inductive type Lam with three constructors: var : N→Lam, app : (Lam×Lam)→Lam

and lam : (Hn.Lam) → Lam. For example, the term λx.λy.(x y) can be encoded

as lam(λ∗

and y, it may also be encoded as lam(x.Hlam(y.Happ(var(x),var(y)))).

Semantically, Lam corresponds to an initial algebra, which lets us define functions

by structural recursion. The following recursion principle follows from the initial alge-

bra when Hn.Lam is viewed as Π∗n:N.Lam.

Hx.lam(λ∗

Hy.app(var(x),var(y)))). In a context with two different names x

x:Lam ? A(x) Type

Γ ? f : Πn:N.A(var(n))

Γ ? g : ΠM,N:Lam.A(M) → A(N) → A(app(M,N))

Γ ? h : ΠM:(Hn.Lam).(Hn.A(M@Hn)) → A(lam(M))

Γ ? rec(f,g,h) : ΠM:Lam.A(M)

with equations (in which we write rec for rec(f,g,h))

rec var(n) = f n

rec app(M,N) = g M N (rec M) (rec N)

rec lam(M) = h M (λ∗

Hn.(rec (M@Hn))).

For a closed type A, this structural recursion produces a unique function Lam → A

for given functions f :N → A, g:Lam → Lam → A → A → A and h:(Hn.Lam) →

(Hn.A) → A. In FM set theory one has an apparently different recursion principle,

where instead of h one is essentially given a function k : Hn.Lam → A → A∗(n:N).

The above recursion principle is also applicable in this case, since from k we can define

h =df λu : (Hn.Lam).λv : (Hn.A).new n.((k@Hn) (u@Hn) (v@Hn)). In this way,

we get a second recursion operator rec?(f,g,k) with the following equation for the lam-

case: (rec?(f,g,k) lam(M)) = new n.((k@Hn) (M@Hn) (rec?(f,g,k) (M@Hn))).

As a first example of a recursively defined function, we define capture-avoiding

substitution in the style of wHOAS and compare the definition to an FM-style encoding.

Page 13

Given m:N and R:Lam, we can use rec to define subst : Lam → Lam satisfying

subst(var(n)) = ifeq ?m,n? then n.R else n.var(n)

subst(app(M,N)) = app(subst(M),subst(N))

subst(lam(M)) = lam(λ∗

Hn.subst(M@Hn)).

This definition uses only the view of H as Π∗and is similar in spirit to wHOAS defini-

tions. We can also define substitution in FM-style using rec?. For the lam-case, we then

have subst(lam(M)) = new n.(let bindH(n,subst(M@Hn))be w∗nin (lam(w))∗n).

However, this definition is more complex than the first one, since it involves a unique

choice of fresh names via new. In the first definition we could do without the choice of

a fresh name by using λ∗

As a second example, we define the function computing the free variables of a term.

This example makes essential use of the view of H as Σ∗. We assume an inductive

type L of lists of names, together with suitably defined functions singleton : N → L,

concat : L → L → L, and remove : Πn:N.(L → L∗(n:N)). Using rec, we can define

fv : Lam → L to satisfy the equations

fv(var(n)) = singleton(n)

fv(app(M,N)) = concat(fv(M),fv(N))

fv(lam(M)) = let (λ∗

Hto ‘rebind’ the fresh name n.

Hn.fv(M@n)) be n.Hy in (remove n y)

This example demonstrates how let-terms can be used for ‘pattern matching’ elements

of Hn.A. A similar pattern matching appears in FreshML. Moreover, the example

shows that it is useful to mix the views of H as Π∗and Σ∗.

Note that, in the equation for lam, the subterm (remove n y) has type L∗(n:N), and

that this freshness information is necessary for the let to be typeable. Intuitively, this is

because the choice of representative n.y must not affect the computation. Dependency

in the type of remove is therefore essential for the pattern matching in the definition

of fv. Without dependency we could write remove with type N → L → L, but then

fv as above would not be typeable. Indeed, this problem arises in FreshML, where fv

cannot be defined using a remove function of this type (Nevertheless, fv can be defined

in FreshML).

Again, we can use rec?to give an alternative definition of fv so that it satisfies the

equation fv(lam(M)) = new n.(remove n (fv(M@n))). Note that, by means of new,

this encoding also uses the view of H as Σ∗, and this is in fact essential. The Theory of

Contexts, for example, axiomatises a ‘is not free in’-predicate rather than defining fv.

4Discussion and Further Work

We have introduced a bunched dependent type theory that integrates FM concepts for

working with names and binding.

One decision in the design of the bunches was to allow dependency for additive

context extension but to forbid any dependency for multiplicative context extension.

There are other possibilities for combining bunches and dependency. Pym [20, §15.15],

Page 14

for example, outlines a bunched dependent calculus allowing more dependency. The

problem with using this for names and binding, which has lead us to the current design,

is that it would require to generalise the monoidal product ∗ to a monoidal product on

the slices of S, and there seems to be no sensible way of doing this.

We stress that, although the examples in this paper concentrate on programming,

reasoning with names and binding can also be accommodated in the type theory. In-

deed, it is possible to define a higher-order logic over the dependent type theory [12,

§11]. In addition to the usual logical connectives, this logic also features the multi-

plicative quantifiers ∃∗and ∀∗, similar to ∀newand ∃newfrom BI [20], as well as the

freshness quantifier

N . This higher-order logic supports reasoning with names similar to

the Theory of Contexts. For example, the Theory of Contexts has an ‘extensionality’ ax-

iom, which may be expressed as Γ | ∃∗n:N.(M@Hn =AN@Hn) ? (M =Hn.AN),

where M and N have type Hn.A and =Adenotes Leibniz equality. Making essential

use of the equation (η3), this sequent is derivable in the logic. In another direction, one

may also ask how the logic relates to Nominal Logic [18]. For this it is necessary to

consider swapping, an essential ingredient of Nominal Logic that is absent from the

type theory. We briefly discuss the possibilities of adding swapping below.

Another possibility for reasoning is to use dependent types to encode propositions

as types. Alongside the usual encodings of ∀ as Π and ∃ as Σ, one can encode ∀∗as

Π∗, ∃∗as Σ∗, and

restricted, because the rules for Σ∗use types of the form ϕ∗(n:N), and, at least in this

paper, we allow such types only when ϕ is closed. Considering a higher-order logic is a

way of side-stepping this problem, since, because of Prop. 2.4, we have an equivalence

of ϕ∗(n:N)and ϕ, so that freefrom types can be avoided altogether in the logic.

Although we have based our type theory on freshness rather than swapping, we

nevertheless think that swapping can be useful in type theory. Swapping can be added

to the type theory as a special kind of explicit substitution, as is done in [1,23]. One

application of swapping is to make available more information about the isomorphism

Σ∗

plains the instantiation of n.Hx at n. With swapping, we can explain the instantiation

of n.Hx at names other than n by adding the equation (n.Hx)@Hm = (m n) · M. Fur-

thermore, with swapping, we should get a logic close to Nominal Logic; see also [16].

Regarding the categorical semantics of the type theory, it is natural to ask how it

compares to other categorical approaches to names and binding. Besides the Schanuel

topos, two other categories used frequently [9,4,5, ...] for names and binding are SetV,

where V is the category of finite cardinals and all functions between them, and SetI,

where I is the category of finite cardinals and injections. However, neither category has

all of the structure of Prop. 2. In SetVnames do not have decidable equality, whereas

SetIdoes not have a freshness quantifier and not all the canonical maps A∗B → A×B

are monomorphic. In this light, Prop. 2 should be viewed as identifying the categorical

structure underlying the work with names and binding, while for particular applica-

tions it may well be sufficient to have only some of this structure. Another example of

such a substructure is Menni’s axiomatisation of binders [16]. Nevertheless, there are

categories other than the Schanuel topos having the structure of Prop. 2. One such cat-

egory is a variation of the Schanuel topos in which the elements are allowed to contain

N

as H. Although such an encoding is possible, the use of ∃∗is very

N∼= Π∗

Nthan is given by the commuting triangle in Prop. 2.3. The triangle only ex-

Page 15

countably many names rather than just finitely many, see [18, p.13]. There is also a

realisability category having almost all of the structure of Prop. 2, the only restriction

being that the type Σ∗x:A.B can only be formed when A belongs to a certain restricted

class of types (which includes all types with decidable equality). Moreover, this cate-

gory models an impredicative universe, so that it should provide the basis for a bunched

calculus of constructions.

There are many directions for further work. First, an immediate point requiring

further work is the restriction that B∗(M:A)can only be formed for closed B. Second,

the proof theory of the bunched type theory needs further work. Also, variants such as a

non-affine version of the type theory should be possible. Finally, algorithmic questions

such as the decidability of type-checking should be considered.

Acknowledgements. We would like to thank Alex Simpson and John Power for inter-

esting discussions on this work.

References

1. L. Cardelli, P. Gardner, and G. Ghelli. Manipulating trees with hidden labels. In Proceedings

of FOSSACS’03, volume 2620 of LNCS. Springer, 2003.

2. L. Cardelli and A. Gordon. Logical properties of name restriction.

TLCA’01, volume 2044 of LNCS. Springer, 2001.

3. J. Despeyroux, A. Felty, and A. Hirschowitz. Higher-order abstract syntax in Coq. In Pro-

ceedings of TLCA’95, 1995.

4. M. Fiore, G. Plotkin, and D. Turi. Abstract syntax and variable binding. In Proceedings of

LICS99, 1999.

5. M. Fiore and D. Turi. Semantics of name and value passing. In Proceedings of LICS01,

2001.

6. M. Gabbay. FM-HOL, a higher-order theory of names. In Workshop on Thirty Five years of

Automath, 2002.

7. M. J. Gabbay and A. M. Pitts. A new approach to abstract syntax with variable binding.

Formal Aspects of Computing, 13:341–363, 2002.

8. M. Hofmann. On the interpretation of type theory in locally cartesian closed categories. In

Proceedings of CSL94, volume 933 of LNCS. Springer, 1994.

9. M.Hofmann. Semanticalanalysisofhigher-orderabstractsyntax. InProceedingsofLICS99,

1999.

10. M.Hofmann. SaferecursionwithhighertypesandBCK-algebra. AnnalsofPureandApplied

Logic, 104(1–3):113–166, 2000.

11. F. Honsell, M. Miculan, and I. Scagnetto. An axiomatic approach to metareasoning about

nominal algebras in HOAS. In Proceedings of ICALP01, 2001.

12. B. Jacobs. Categorical Logic and Type Theory. Elsevier Science, 1999.

13. P.T. Johnstone. Sketches of an Elephant: A Topos Theory Compendium. Oxford University

Press, 2002.

14. P. Lietz. A fibrational theory of geometric morphisms. Master’s thesis, TU Darmstadt, May

1998.

15. S. MacLane and I. Moerdijk. Sheaves in Geometry and Logic: A First Introduction to Topos

Theory. Springer-Verlag, 1992.

16. M. Menni. About

N -quantifiers. Applied Categorical Structures, 11(5):421–445, 2003.

17. P. O’Hearn. On bunched typing. Journal of Functional Programming, 13(4):747–796, 2003.

In Proceedings of

Page 16

18. A. M. Pitts. Nominal logic, a first order theory of names and binding. Information and

Computation, 186:165–193, 2003.

19. A. M. Pitts and M. J. Gabbay. A metalanguage for programming with bound names modulo

renaming. In Proceedings of MPC2000, volume 1837 of LNCS. Springer, 2000.

20. D. Pym. The Semantics and Proof Theory of the Logic of Bunched Implications. Kluwer

Academic Publishers, 1999.

21. R.A.G. Seely. Locally cartesian closed categories and type theory. In Math. Proc. Cambridge

Philos. Soc., volume 95, pages 33–48, 1984.

22. P. Taylor. Practical Foundations of Mathematics. Cambridge University Press, 1999.

23. C. Urban, A. M. Pitts, and M. J. Gabbay. Nominal unification. In Proccedings of CSL’03,

volume 2803 of LNCS. Springer, 2003.