The Rooster and the Syntactic Bracket

We propose an extension of pure type systems with an algebraic presentation of inductive and co-inductive type families with proper indices. This type theory supports coercions toward from smaller sorts to bigger sorts via explicit type construction, as well as impredicative sorts. Type families in impredicative sorts are constructed with a bracketing operation. The necessary restrictions of pattern-matching from impredicative sorts to types are confined to the bracketing construct. This type theory gives an alternative presentation to the calculus of inductive constructions on which the Coq proof assistant is an implementation.


Introduction
In the Coq proof assistant [14] inductive types are treated as toplevel definitions.If it makes sense from a convenience or an efficiency point of view, the monolithic nature of the definitions make it hard to describe what they precisely mean.As a matter of fact, inductive definitions mean different things depending on the type they are defined in: specifically, some types are interpreted differently in impredicative sorts like Prop or the impredicative variant of Set.
In this article, we present a calculus of inductive and co-inductive constructions where inductive and co-inductive types are presented algebraically.The algebraic presentation is an extension of a PTS [3] with inductive and co-inductive type families.Thanks to its modularity, it is meant to serve as a description which is simpler to expose and more mathematically amenable than the monolithic scheme which is found in a practical system such as Coq.For the sake of clarity, the system is given with a single universe and explicit subtyping, although Coq has an unbounded cumulative hierarchy of universes and implicit subtyping.Apart from these technicalities, it is believed that our calculus of algebraic inductive and co-inductive constructions expresses all the features of the Set-impredicative Calculus of Inductive Constructions that Coq implements, e.g. in its version 8.4 when launched with option -impredicative-set.Γ A : s x is fresh in Γ Γ, x:A x : A Γ u : A Γ B : s x is fresh in Γ Γ, x:B u : A This work draws most of its inspiration from Morris & al [9,10] for the algebraic presentation of inductive type families in a predicative sort, and Awodey & Bauer [2] for the treatment of impredicative sorts.
We use examples from Coq to illustrate the algebraic presentation.To differentiate expressions in Coq from expressions in the algebraic presentation, the former are typeset in a sans-serif font and the latter in a roman font.

2
Pure type systems To model the type system of Coq, we start with the classic presentation of pure type systems (pts) of Barendregt [3], which we will then extend to model type families.A pts is characterised by a single syntactic category of terms which are used both as λ-terms and as types.It has a single form of typing judgment Γ u : A, where u and A are terms, and Γ a context assigning terms to variables.A pts has a set of sorts, which we shall denote schematically by the symbol s.Every sort is an atomic term.A pts has a conversion relation u ≡ v.Here we diverge from the presentation of [3] which always uses β-conversion.Coq, on the other hand, uses βη-conversion on the fragment described in this section.In this article we will take the conversion rule as abstract, not even requiring it to be decidable.We will only require that it contains all the reduction rules which are given in the form u ; v (in this section, we only have β-reduction).
The typing rules of a pts comprise of a set of generic rules given in Figure 1, together with a number of rules of the form s 1 : s 2 called axioms, and rules of the form of product formation rules.As usual we write A → B for x:A B when x does not bind a variable in B.
As a starting point of the algebraic presentation, we shall use a pts with two sorts, Type and 2, together with the following axiom: Γ Type : 2 and the following product formation rule: where max s s = s and max Type 2 = max 2 Type = 2 The sorts Type and 2 are predicative.The sort 2 plays a technical role in allowing type variable and the formation of type-level functions; it cannot, however, be referenced in terms.In the following sections, 2 will also be used to be able to define types by pattern-matching (strong elimination).
To model the entire Coq system, Type and 2 would be replaced with a hierarchy of predicative sorts Type i , such that Γ Type i : Type i+1 are axioms.Adapting the presentation to a hierarchy of sorts is straightforward, but in the interest of keeping to the heart of the matter we give a presentation with two sorts.

Inductive type families
We shall now extend the algebraic presentation with a notion of inductive type families to model (dependent) datatypes.In this section we will stay in the predicative fragment of Coq.Contrary to the inductive types of Coq, where inductive definitions must be named at toplevel, like in: This encoding works as long as all the mutual definitions are all in the same sort.A variant for mutual definition involving Type and Prop is demonstrated in Section 4.3.When the types being defined are in different predicative sorts, however, we have to resort to another encoding which involves nested datatypes [4,Section 8.6].

Inductive
We will not explore the latter kind of mutual definition.However, nested datatypeswhere recursive calls occur as arguments of another type -such as: are indeed modelled in the algebraic presentation.

Regular types
To be able to traverse terms of inductive type, the core pts constructions is extended with a recursive fixed point on functions: Recursive fixed points are unfolded when fully applied To ensure strong normalisation, this reduction rule is limited, and a guard condition is imposed on the recursive calls to f .It is not, however, the object of this article to discuss these restriction or the guard condition.Briefly, Coq currently relies on a single structural argument in the block x 1 , . . ., x n : fixed points are not unfolded until their structural argument starts with a constructor, and the guard condition ensures that each recursive call is performed on a subterm of said structural argument, for a relaxed notion of subterm.Other possibilities exist: Agda2 [11] uses any number of arguments as structural, and tries to find a lexicographic ordering.Yet another possibilities is to use sized types [1].We shall simply assume that an adequate guard condition is given.
We now extend the grammar of type constructors.The presentation of this article is largely inspired by the synthetic definition of strictly positive families by Morris & al [9,10], but is adapted to intensional type theory.The presentation of [9,10] is designed for generic programming inside a type theory, they give codes for strictly positive families which are then decoded into an actual type of the ambient theory.No elimination principle needs to be given for the strictly positive families, as they are implicit in their decoding.Here, we are defining the syntax of inductive type families, including their elimination rules.
The regular type constructors, whose typing rules are given in Figure 2, are the empty type 0, the unit type 1, and the sum of two types.The elimination rules are given in the form of dependent pattern-matching with a syntax made to remind of that of Coq.We shall Sum type  often omit the typing predicate when it is clear from the context, especially when it does not depend on the branch.With this material we can define a first example type, namely the booleans:

Inductive type families
Inductive families differ from regular inductive types in that they are parametrised by indices, that is they are functions F : A → Type for some A. An inductive family of the form λx A .R, is said to be uniformly parametrised by A. In general, inductive families are not uniformly parametrised: the value of the index is allowed to vary in recursive calls, and constructors may build values of F x for certain x only.Remember, for instance, the EvenOdd family: The inductive family constructors, presented in Figure 3, warrant individual discussion.First, notice that as a simplifying hypothesis, inductive families have exactly one index.This is, of course, not a limitation in expressive power as multiple indices can be encoded as a dependent sum, and the unit type allows us to write families without an index.
The construction µX A→Type .F constructs the inductive fixed point of F .It acts on type families, because indices vary through recursive calls to X.To be able to form an inductive fixed point, occurrences of X must be strictly positive in F , rules for strict positivity are given in Figure 4.The rules of Figure 4 are a simple set which suits the needs of this article, however in practice, we may want to consider strict positivity rules involving elimination rules and a finer treatment of application.Strict positivity ensures that no non-terminating term can be written without recursive fixed points, so that the guard condition suffices to enforce termination.Paradoxes which can be derived from non-positive or non-strictly positive inductive fixed points can be found in [13, Chapter 4, Section 4.2][8, Chapter 3][4, Chapter 8].To avoid clutter, we give a presentation where inductive fixed points can be freely rolled and unrolled thanks to the conversion.An alternative can be to give an explicit term constructor for fixed points, see Section 3.4.
We will also use an inductive fixed point on nullary families, defined as: from which we have that µX Type .F can be freely rolled from or unrolled to F X \ µX Type .F .With inductive fixed points, we can, for instance, define the accessibility predicate.In Coq:

Inductive fixed point
This type represents the generic form of termination proofs: any terminating recursive fixed point can be made structural over a proof of accessibility.In the algebraic presentation, it is defined as: Because inductive fixed points are treated transparently, the constructor is rather trivial.However, notice how, in the definition of Acc, the parameter x is treated differently from A and R. The reason is that A and R are uniform parameters, in that they do not vary through recursive calls, whereas x does: it is a non-uniform parameter.The parameter x is, hence, represented as an index.However, such an index is not sufficient to encode types like EvenOdd.
Representing proper indices requires a new type construction, which we write f x:A T .This construction comes from [9,10], where it is inspired by a categorical point of view: in a sufficiently extensional setting, f x:A T is the right adjoint to a pullback functor.The similarity with the usual notation of dependent sum is not fortuitous, indeed we can define dependent sum as a special case of proper indexing: We also write A × B and (u, v) for x:A B and (u, v) x:A.B , respectively, when x is not free in B.
In the case of dependent sums, the index is trivial.When it is not, however, the pattern matching return clause P is allowed to depend on the value of the index.This is the purpose of Coq's in-pattern.With the algebraic presentation, the in-pattern has the pleasant property of being confined to the proper indexing construction, hopefully making its meaning more explicit.The syntax differs a little from that of Coq, however: Coq renders the in clause as a pattern with the type name at the head: match n as n' in EvenOdd b return P n' b with . . .end.
In the algebraic presentation, types not having a name, the in clause simply consists of a name for the index.
The prototype of proper indexing is the identity type, which we name Eq.In Coq: Inductive Eq (A:Type) (x:A) : in the algebraic presentation: In fact, dependent sums and identity types are sufficient to define proper indexing.Indeed f x:A T can be redefined as: It is closer to the spirit of Coq, but in no way essential, to take a proper indexing construction rather than equality as primitive.In Morris & al [9,10], the dependent sum and equality of the ambient type theory is used to define f x:A T which is then taken as primitive.An other choice lies in the use of A + B as primitive.It is the only type construction which allows to define a type with distinct elements.However, a common alternative is to take B as primitive, in which case we can define A + B as: translates, in the algebraic presentation, to: It is encoded in the algebraic presentation as: Contrary to proper indices, the types of non-uniform parameters are allowed to be in 2, this allows the definition of types such as the binary lists [12]: which are rendered in the algebraic presentation as: one = λA Type x A .inl x twice = λA Type l BList (A×A) .inr (inl l) stwice = λA Type x A l BList (A×A) .inr (inr (a, l)) In Coq, where there is a hierarchy of universe, types of proper indices can be in any sort.However, a proper index whose type is in Type i constrains the final type to be in Type i+1 or higher.Uniform parameters, of any type, do not constrain the type they parametrise.

Co-induction
In addition to inductive fixed points, Coq also has support for co-inductive fixed points.Co-inductive fixed points are required to be strictly positive, like inductive fixed points.We choose in this section, a presentation of co-inductive data where fixed points are explicitly introduced with a constructor.Below we will use this explicit presentation to give a variation on Coq's co-inductive fixed points.
Just like inductive data is destructed by a recursive fixed point operation, co-inductive data is constructed by a co-recursive fixed point operation, allowing co-inductive data to be infinite.The guard condition on co-recursive fixed points ensures that a finite number of unfolding will eventually produce a forced value.Co-recursive fixed-point are meant to represent infinite data: they cannot be unfolded eagerly, lest they would fail to terminate.They are unfolded only when they appear at the head of a pattern-matching expression: The dependent elimination rule for co-inductive fixed points asserts, in essence, that every co-inductive data is of the form forced u.Even though it would be fine for inductive fixed points -this is why we could leave the unrolling to the conversion -this does not reflect well the computational aspects of co-inductive data: suspended co-recursive fixed points are values, and won't be evaluated until the context demands it.The fact that the elimination for co-inductive data claims that all values are forced gives rise to undesirable behaviour.
Take for instance the following simple co-inductive type, and data: So that i is effectively an infinite sequence of forced.Using the elimination principle above, it is possible to give a closed proof that Eq T i (forced i): match i as x return Eq T x forced match x with forced y ⇒ y with forced y ⇒ eq refl T y However, i and (forced i) are not convertible, yet, as every closed proof of equality does, this proof reduces to eq refl , hence should relate convertible terms.The dependent elimination rule of co-inductive fixed points compromises the type safety of the logic.Coq uses the above dependent elimination rule for co-inductive fixed points.It was a deliberate decision made for practical purposes.Nonetheless, one may want to weaken it to avoid the incompatibility between equality and conversion.To do so, it suffices to erase the dependency of the return predicate over the matched term: The object of this section is to make syntactically explicit what happens when an inductive type of Coq is declared to be of sort Prop.The description elaborated in this section has strong similarities with the system of bracket-types proposed by Awodey & Bauer [2].They describe the propositions as the subset of types with at most one element, and introduce a left adjoint, written as brackets, to the inclusion of propositions into types.We will reuse their notation, even though, in our intensional setting, T:Prop does not enforce that T has a most one element, and the bracketing operation does not properly form an adjunction with the inclusion from Prop to Type.

Impredicativity
Let us start by introducing the new sort Prop in the algebraic presentation: Γ Prop : Type As in [2], propositions form a subset of types.Coq has a subtyping rule (also known as cumulativity) to make the inclusion transparent.We will, however, render it with a syntactic construct: This definition simply makes {A} a synonym of A, except of sort Type.It is strictly positive in A: The fact that Prop is impredicative -i.e.supports the following product formation rules: is easily understood in terms of proof irrelevance.Indeed, if for all x, B has at most one element, so has the product over x.Even though it uses functional extensionality, which is not provable.

Singleton rules
The types which (ideally) preserve the proof irrelevance property are sometimes called singleton types in the setting of Coq.In our algebraic presentation, they correspond to inductive type family constructors with extra formation rules to make them preserve propositions.The rules are shown in Figure 5.This elucidates why Coq allows elimination over False and And into arbitrary type: False is implemented as 0 and And A B and A × B.
The elimination rules being unchanged, pattern-matching over proofs of False and And are unrestricted.Because restricted pattern-matching is often seen as the default, singleton types are said to enjoy singleton elimination.
Remark that, proofs of propositions being uninformative, there is essentially nothing to be gained from depending on, or being indexed over a proposition.In consequence, the type formation rule for proper indexing in Figure 5 is only useful, in practice, for the subcase of cartesian product.
Coq actually implements two other singleton rules.The first one is for inductive fixed points.In our algebraic presentation: It allows to type the accessibility predicate Acc in Prop.This rule is sound in that fixed points indeed preserve proof irrelevance in presence of functional extensionality.It is also very useful for extraction: structural recursion over Acc allows the definition of functions whose termination cannot be proved automatically by the guard condition.However, the proof is no longer needed to ensure termination in the target languages of extraction.In this sense, at least, it is static data.
The last singleton rule allows properly indexed families in Prop (not how it is stronger than the rule dependent sum of Figure 5): It turns the identity type Eq into a proposition.It is known to be sound to accept that Eq is proof irrelevant [6].It is also useful for extraction, as equal types, in a closed environment, are extracted to the same type.Hence a program may safely eliminate over Eq knowing that it will not affect the performances of the extracted code.In Coq, the index B in the rule above can be of any sort Type i , however, this wisdom has been challenged in recent years with the formulation of the univalence principle [15], of which a simple consequence is that Eq is not proof irrelevant at every type.Indeed, some extracted Coq programs written assuming the univalence principle crash.
To correct for the univalence principle, the singleton rule for proper indices can be simply dropped; but it can also be restricted to the lowest sort: B : Type 0 .More precisely the conjunction of the univalence principle and the proof irrelevance principle is consistent as long as the singleton rule of proper indices is restricted to sorts s such that there is no sort s other than Prop such that s : s.Because, if such a sort s exists, B : s and by univalence, Eq B has two distinct elements contradicting proof irrelevance.
For types which do not enjoy singleton elimination, turning them into propositions means restricting their elimination.We achieve this effect by adding a single type construction coercing from Type to Prop: The important rule is the elimination rule, where the return clause is limited to be of sort Prop, whereas every other type construction can be eliminated to any sort.Apart from this restriction [A] is a synonym of A, except in Prop.In [2], the type theory is extensional, in that the identity type and the conversion relation coincide.The elimination rules for bracket is much finer and reflects precisely the fact that propositions are proof-irrelevant.In an intensional type theory, restricting with respect to sorts approximates this behaviour: even if we constrained propositions to be proof-irrelevant, not every proof irrelevant type will have type Prop.The bracketing construction is also strictly positive: It is actually possible, using only the impredicative dependent product to define a bracketing operation: P :Prop (A → P ) → P .Like [A] it behaves as A except it can only be used to form a proposition.However, the impredicative encoding is positive but not strictly, which motivates the introduction of the extra construction.

Examples
The logical connectives can be defined as follows: Note how, because of the brackets, existentials and disjunctions are prohibited from being eliminated to non-propositional types.Thanks to the singleton rules, however, conjunction and falsity do not require brackets.
As a final example, consider the type Ascending n p of ascending sequences of integers between p and n defined by mutual recursion with the proposition Ge m p which stands from m is greater than or equal to p: As Ascending has type Type, whereas Ge has type Prop, the translation to a single inductive type is not as straightforward as Even and Odd.The translation requires the use of brackets around the recursive calls: In addition to the impredicative sort Prop, Coq has a sort Set which is predicative by default but can be turned impredicative with a flag.Where Prop is meant to be used in the context of separating static and dynamic information, the spirit of the impredicative sort Set is to be as powerful as possible without being inconsistent.In the algebraic presentation, that means being stable by every construction except dependent sums with the first projection in an arbitrary sort (strong sums).
To mirror the optional nature of the impredicativity of Set, the rules for a predicative sort Set are given in Figure 6; to turn impredicativity on, the rules of Figure 7 must be used in addition to those of predicative Set.This presentation makes immediately apparent that impredicative Set is an extension of predicative Set, in that every program of the latter typechecks in the former.
The rules of Set are the same as those of Prop, with the exception of A + B which is in Set when both A and B are -even with predicative Set.Hence, there are types in Set with several elements -e.g.B. As a consequence, the bracketing operation which coerces types in Type to Set does not enjoy an explanation in terms of proof irrelevance, as was the case in Prop.As a matter of fact, there is no clear set-theoretical description at all.A close cousin of Set bracketing, however, can be found in homotopy type theory [15], where, roughly, groupoids are truncated to sets through a quotient of their homsets by the total relation.

Conclusion
The algebraic presentation of Coq makes the conversion between sorts explicit.The toplevel inductive definitions of Coq can be understood as implicitly inserting canonical bracketing operations when an inductive type is declared inside an impredicative sort but should be of a different sort due to its form; and inserting type coercion from a smaller sort to a bigger sort when applying a cumulativity rule.Monolithic type definitions like in Coq have a number of advantages over the algebraic presentation, they boil down to better type errors due to naming, better type inference and better memory representation due to n-ary sums and products.However, the value of the implicit coercions between sorts is less clear.In particular, the bracketing operation to impredicative sorts is probably a better guide for program extraction than the current method of figuring whether or not a given type is a proposition, which interacts badly with universe polymorphism [7].Explicit coercions for extraction are also in the spirit of [5].
All of the algebraic type constructors can actually be defined in Coq, except the two fixed-points because there is no way to abstract over strictly positive type families.So is it clear that expressions of the algebraic presentation which do not use inductive or co-inductive fixed points can be translated into Coq.Occurrences of the fixed points in a type must be λ-lifted and given a toplevel name.Some care must be given to avoiding the duplication of such definitions otherwise types which must be convertible for the expression to typecheck, might be seen as different in the Coq translation.Apart from this technicality, translation from the algebraic presentation to Coq is straightforward.We claim that, at least if we extend the algebraic presentation to a hierarchy of universes and the strict positivity condition is made a bit more fine-grained, Coq terms can be, conversely, translated into the algebraic presentation.

Figure 1
Figure 1 Generic rules of pts Even : Type := | eo : Even | es : Odd → Even with Odd : Type := | os : Even → Odd. the presentation given here is essentially anonymous, and inductive families need not be defined at toplevel prior to use.Mutually inductive types such as Even and Odd are not modelled directly, rather they are encoded using an index: Inductive EvenOdd : bool → Type := | eo : EvenOdd true | es : EvenOdd false → EvenOdd true | os : EvenOdd true → EvenOdd false.Definition Even := EvenOdd true.Definition Odd := EvenOdd false.

Figure 2
Figure 2 Regular type constructors

3. 3 Examples
x) b:B.match b with true ⇒ A false ⇒ B inr = λy B .(false, y) b:B.match b with true ⇒ A false ⇒ B The previous section concludes the description of the predicative fragment of the algebraic presentation.We can now give definitions of the remaining inductive families we have encountered in terms of the algebraic presentation.Starting with EvenOdd: Inductive EvenOdd : bool → Type := | eo : EvenOdd true | es : EvenOdd false → EvenOdd true | os : EvenOdd true → EvenOdd false.
EvenOdd false .inl ((), inr x) true _:1.1 os = λx EvenOdd true .inr ((), x) false _:1.1Here is the definition of List in Coq: Inductive List (A:Type) : Type := | nil : List A | cons : A → List A → List A. The Rooster and the Syntactic Bracket and in the algebraic presentation: Type .µList Type . 1 + A × List nil = λA Type .inl () cons = λA Type x A l List A .inr (x, l) Finally the definition of Tree: Inductive Tree : Type := | node : List Tree → Tree.translates to: Tree = µTree Type .List Tree node = λf List Tree .f Note that in the definition of Tree, we must β-reduce List Tree for the recursive definition to be strictly positive.A more complex example is given by the type of lists indexed by their length, often called vectors: Inductive Nat : Type := | o : Nat | s : Nat → Nat.Inductive Vector (A:Type) : Nat → Type := | vnil : Vector A o | vcons : forall n, A → Vector A n → Vector A (s n).
Inductive types are consumed by recursive fixed points.Using the implicit unfolding of inductive fixed points, we can pattern-match over the top constructor directly.The Coq function Fixpoint add (x y:Nat) : Nat := match y with | o ⇒ x | s y' ⇒ s (add x y') end is rendered in the algebraic presentation as add = fix add x:Nat y:Nat ⇒ match y as _ return Nat with inl _ ⇒ x inr y ⇒ s (add x y )

4 Prop
u return P with forced y ⇒ v : P With all the common baggage for predicative sorts set in place, we can add impredicative sorts to the algebraic presentation.The main such sort in Coq is the sort Prop of propositions.The design of Prop is guided by proof irrelevance: even if it is not actually provable in Coq, different proofs of a proposition are thought of as being equal.This property is useful for program extraction: only the computationally relevant parts of a program need to be executed to get the final result.In other words: propositions are considered as static data.It is why, with disjunction and existential defined as: Inductive Or (A B:Prop) : Prop := | or_introl : A → A ∨ B | or_intror : B → A ∨ B. Inductive Ex (A:Type) (P:A→Prop) : Prop := | ex_intro : forall x:A, P x → Ex A P. the following terms are refused by type-checking: match x with | or_introl _ ⇒ true | or_intror _ ⇒ false end.and match x with | ex_intro x _ ⇒ x end.On the other hand, it is not the case of every inductive type defined in Prop, that they cannot be eliminated into Type.Conjunction  and falsity are two counter-examples: Inductive False : Prop := .Inductive And (A B:Prop) : Prop := | conj : A → B → A ∧ B. Coq allows elimination over these two propositions into Type, and both following terms are well-typed: match x return Bool with end.and match x with | conj _ _ ⇒ true end.

Figure 5
Figure 5 Singleton rules

Inductive
Ascending : Nat → Nat → Type := | top : forall n, Ascending n n | up : forall n p m, Ge m (s p) → Ascending n m → Ascending n p with Ge : Nat → Nat → Prop := | ascend : forall m p, Ascending m p → Ge m p.

Γ
Set : Type Γ A : Set Γ, x:A B : Set Γ x:A B : Set Γ A : Set Γ, x:A P : Set Γ x:AP : Set Γ A : Set Γ B : Set Γ A + B : Set Γ 1 : Set Γ 0 : Set Γ A : s Γ, X:A → Set F : A → Set sp X F Γ µX A→Set .F : A → Set Γ A : Set Γ B : Set Γ, x:A T : Set Γ, x:A f : B Γ f x:A T : B → Set Γ A : s Γ, X:A → Set F : A → Set sp X F Γ νX A→Set .F : A → Set Γ A : Set Γ {A} Set : Type Γ u : A Γ elt u : {A} Set Γ u : {A} Set Γ, x:{A} Set P : s Γ, y:A v : P [ x \ elt y ] Γ match u as x return P with elt y ⇒ v : P [ x \ u ] match elt u as x return P with elt y ⇒ v ; v[ y \ u ] sp X A sp X {A} Set

Figure 6
Figure 6 for predicative Set

Figure 7
Figure 7 Rules for impredicative Set