The Formalization of Syntax-Based

Mathematical Algorithms Using Quotation and

Evaluation⋆

William M. Farmer⋆⋆
arXiv:1305.6052v2 [cs.LO] 5 Aug 2013

Department of Computing and Software

McMaster University
Hamilton, Ontario, Canada
5 August 2013

Abstract. Algorithms like those for differentiating functional expres-

sions manipulate the syntactic structure of mathematical expressions in
a mathematically meaningful way. A formalization of such an algorithm
should include a specification of its computational behavior, a specifi-
cation of its mathematical meaning, and a mechanism for applying the
algorithm to actual expressions. Achieving these goals requires the ability
to integrate reasoning about the syntax of the expressions with reasoning
about what the expressions mean. A syntax framework is a mathemati-
cal structure that is an abstract model for a syntax reasoning system. It
contains a mapping of expressions to syntactic values that represent the
syntactic structures of the expressions; a language for reasoning about
syntactic values; a quotation mechanism to refer to the syntactic value
of an expression; and an evaluation mechanism to refer to the value of
the expression represented by a syntactic value. We present and compare
two approaches, based on instances of a syntax framework, to formalize
a syntax-based mathematical algorithm in a formal theory T . In the first
approach the syntactic values for the expressions manipulated by the
algorithm are members of an inductive type in T , but quotation and
evaluation are functions defined in the metatheory of T . In the second
approach every expression in T is represented by a syntactic value, and
quotation and evaluation are operators in T itself.

1 Introduction

A great many of the algorithms employed in mathematics work by manipulating

the syntactic structure of mathematical expressions in a mathematically mean-
ingful way. Here are some examples:
⋆
Appears in Intelligent Computer Mathematics (proceedings of CICM 2013), Lec-
ture Notes in Computer Science, Vol. 7961, pp. 35–50, Springer-Verlag, 2013. The
final publication is available at link.springer.com. This research was supported by
NSERC.
⋆⋆
wmfarmer@mcmaster.ca.
2

1. Arithmetic operations applied to numerals.

2. Operations such as factorization applied to polynomials.
3. Simplification of algebraic expressions.
4. Operations such as transposition performed on matrices.
5. Symbolic differentiation and antidifferentiation of expressions with variables.

The study and application of these kinds of algorithms is called symbolic compu-
tation. For centuries symbolic computation was performed almost entirely using
pencil and paper (and similar devices). However, today symbolic computation
can be performed by computer, and algorithms that manipulate mathematical
expressions are the main fare of computer algebra systems.
In this paper we are interested in the problem of how to formalize syntax-
based mathematical algorithms. These algorithms manipulate members of a for-
mal language in a computer algebra system, but their behavior and meaning are
usually not formally expressed in a computer algebra system. However, we want
to use these algorithms in formal theories and formally understand what they
do. We are interested in employing existing external implementations of these
algorithms in formal theories as well as implementing these algorithms directly
in formal theories.
As an illustration, consider an algorithm, say named RatPlus, that adds ra-
tional number numerals, which are represented in memory in some suitable way.
(An important issue, that we will not address, is how the numerals are repre-
sented to optimize the efficiency of RatPlus.) For example, if the numerals 25
and 38 are given to RatPlus as input, the numeral 31 40 is returned by RatPlus as
output. What would we need to do to use RatPlus to add rational numbers in a
formal theory T and be confident that the results are correct? First, we would
have to introduce values in T to represent rational number numerals as syntactic
structures, and then define a binary operator O over these values that has the
same input-output relation as RatPlus. Second, we would have to prove in T
that, if O(a, b) = c, then the sum of the rational numbers represented by a and
b is the rational number represented by c. And third, we would have to devise a
mechanism for using the definition of O to add rational numbers in T .
The second task is the most challenging. The operator O, like RatPlus, ma-
nipulates numerals as syntactic structures. To state and then prove that these
manipulations are mathematically meaningful requires the ability to express the
interplay of how the numerals are manipulated and what the manipulations mean
with respect to rational numbers. This is a formidable task in a traditional logic
in which there is no mechanism for directly referring to the syntax of the expres-
sions in the logic. We need to reason about a rational number numeral 25 both
as a syntactic structure that can be deconstructed into the integer numerals 2
and 5 and as an expression that denotes the rational number 2/5.
Let us try to make the problem of how to formalize syntax-based mathe-
matical algorithms like RatPlus more precise. Let T be a theory in a traditional
logic like first-order logic or simple type theory, and let A be an algorithm that
manipulates certain expressions of T . To formalize A in T we need to do three
things:
 3

1. Define an operator OA in T that represents A: Introduce values in T that

represent the expressions manipulated by A. Introduce an operator OA in
T that maps the values that represent the input expressions taken by A
to the values that represent the output expressions produced by A. Write a
sentence named CompBehavior in T that specifies the computational behavior
of OA to be the same as that of A. That is, if A takes an input expression
e and produces an output expression e′ , then CompBehavior should say that
OA maps the value that represents e to the value that represents e′ .
2. Prove in T that OA is mathematically correct : Write a sentence named
MathMeaning in T that specifies the mathematical meaning of OA to be
the same as that of A. That is, if the value of an input expression e given
to A is related to the value of the corresponding output expression e′ pro-
duced by A in a particular way, then MathMeaning should say that the value
of the expression representing e should be related to the value of the ex-
pression representing e′ in the same way. Finally, prove MathMeaning from
CompBehavior in T .
3. Devise a mechanism for using OA in T : An application OA (a1 , . . . , an ) of OA
to the values a1 , . . . , an can be used in T by instantiating MathMeaning with
a1 , . . . , an and then simplifying the resulting formula to obtain a statement
about the value of OA (a1 , . . . , an ). For the sake of convenience or efficiency,
we might want to use A itself to compute OA (a1 , . . . , an ). We will know
that results produced by A are correct provided A and OA have the same
computational behavior.

If we believe that A works correctly and we are happy to do our compu-

tations with A outside of T , we can skip the writing of CompBehavior and use
MathMeaning as an axiom that asserts A has the mathematical meaning spec-
ified by MathMeaning for OA . The idea of treating specifications of external
algorithms as axioms is a key component of the notion of a biform theory [2,6].
So to use A in T we need to formalize A in T , and to do this, we need
a system that integrates reasoning about the syntax of the expressions with
reasoning about what the expressions mean. A syntax framework [9] is a math-
ematical structure that is an abstract model for a syntax reasoning system. It
contains a mapping of expressions to syntactic values that represent the syn-
tactic structures of the expressions; a language for reasoning about syntactic
values; a quotation mechanism to refer to the syntactic value of an expression;
and an evaluation mechanism to refer to the value of the expression represented
by a syntactic value. A syntax framework provides the tools needed to reason
about the interplay of syntax and semantics. It is just what we need to formalize
syntax-based mathematical algorithms.
Reflection is a technique to embed reasoning about a reasoning system (i.e.,
metareasoning) in the reasoning system itself. Reflection has been employed in
logic [13], theorem proving [12], and programming [5]. Since metareasoning very
often involves the syntactic manipulation of expressions, a syntax framework is
a natural subcomponent of a reflection mechanism.
4

This paper attacks the problem of formalizing a syntax-based mathematical

algorithm A in a formal theory T using syntax frameworks. Two approaches
are presented and compared. The first approach is local in nature. It employs
a syntax framework in which there are syntactic values only for the expressions
manipulated by A. The second approach is global in nature. It employs a syntax
framework in which there are syntactic values for all the expressions of T . We
will see that these two approaches have contrasting strengths and weaknesses.
The local approach offers an incomplete solution at a low cost, while the global
approach offers a complete solution at a high cost.
The two approaches will be illustrated using the familiar example of polyno-
mial differentiation. In particular, we will discuss how the two approaches can be
employed to formalize an algorithm that differentiates expressions with variables
that denote real-valued polynomial functions. We will show that algorithms like
differentiation that manipulate expressions with variables are more challenging
to formalize than algorithms like symbolic arithmetic that manipulate numerals
without variables.
The following is the outline of the paper. The next section, Section 2, presents
the paper’s principal example, polynomial differentiation. The notion of a syntax
framework is defined in Section 3. Sections 4 and 5 present the local and global
approaches to formalizing syntax-based mathematical algorithms. And the paper
concludes with Section 6.

2 Example: Polynomial Differentiation

We examine in this section the problem of how to formalize a symbolic differenti-

ation algorithm and then prove that the algorithm actually computes derivatives.
We start by defining what a derivative is.
Let f : R → R be a function over the real numbers and a ∈ R. The derivative
of f at a, written deriv(f, a), is

f (a + h) − f (a)
lim
h→0 h
if this limit exists. The derivative of f , written deriv(f ), is the function

λ x : R . deriv(f, x).

Notice that we are using the traditional definition of a derivative in which a

derivative of a function is defined pointwise.
Differentiation is in general the process of finding derivatives which ulti-
mately reduces to finding limits. Symbolic differentiation is the process of me-
chanically transforming an expression with variables that represents a function
over the real numbers into an expression with variables that represents the
derivative of the function. For example, the result of symbolically differenti-
ating the expression sin(x2 ) which represents the function λ x : R . sin(x2 ) is the
expression 2 · x · cos(x2 ) which represents the function λ x : R . 2 · x · cos(x2 ).
 5

Symbolic differentiation is performed by applying certain differentiation rules

and simplification rules to a starting expression until no rule is applicable.
Let us look at how symbolic differentiation works on polynomials. A polyno-
mial is an expression constructed from real-valued constants and variables by
applying addition, subtraction, multiplication, and natural number exponentia-
tion. For example, x · (x2 + y) is a polynomial. The symbolic differentiation of
polynomials is performed using the following well-known differentiation rules:
Constant Rule
d
(c) = 0 where c is a constant or a variable different from x.
dx
Variable Rule
d
(x) = 1.
dx
Sum and Difference Rule
d d d
(u ± v) = (u) ± (v).
dx dx dx
Product Rule
d d d
(u · v) = (u) · v + u · (v).
dx dx dx
Power Rule

d n 0 if n = 0
(u ) = d
dx n · un−1 · dx (u) if n > 0.
Written using traditional Leibniz notation, the rules specify how symbolic dif-
ferentiation is performed with respect to the variable x. The symbols u and v
range over polynomials that may contain x as well as other variables, and the
symbol n ranges over natural numbers. Notice that these rules are not meaning
d
preserving in the usual way; for example, the rule dx (c) = 0 is not meaning
preserving if we view c as a value and not as an expression.
Let PolyDiff be the algorithm that, given a polynomial u and variable x,
d
applies the five differentiation rules above to the starting expression dx (u) until
d
there are no longer any expressions starting with dx and then simplifies the
resulting expression using the rules 0 + u = u + 0 = 0 and 1 · u = u · 1 = u and
collecting like terms. Applied to x · (x2 + y), PolyDiff would perform the following
steps:
d d d 2
(x · (x2 + y)) = (x) · (x2 + y) + x · (x + y) (1)
dx dx dx
 d d 
= 1 · (x2 + y) + x · (x2 ) + (y) (2)
dx dx
 d 
= 1 · (x2 + y) + x · 2 · x1 · (x) + 0 (3)
dx
= 1 · (x2 + y) + x · (2 · x1 · 1 + 0) (4)
= 3 · x2 + y (5)
6

Line (1) is by the Product Rule; (2) is by the Variable and Sum and Difference
Rules; (3) is by the Power and Constant Rules; (4) is by the Variable Rule; and
(5) is by the simplification rules. Thus, given the function

f = λ x : R . x · (x2 + y),

using PolyDiff we are able to obtain the derivative

λ x : R . 3 · x2 + y

of f via mechanical manipulation of the expression x · (x2 + y).

Algorithms similar to PolyDiff are commonly employed in informal mathe-
matics. In fact, they are learned and applied by every calculus student. They
should be as available and useful in formal mathematics as they are in informal
mathematics. We thus need to formalize them as described in the Introduction.
The main objective of this paper is to show how syntax-based mathematical
algorithms can be formalized using PolyDiff as an example. We will begin by
making the task of formalizing PolyDiff precise.
Let a theory be a pair T = (L, Γ ) where L is a formal language and Γ is a set
of sentences in L that serve as the axioms of the theory. Define TR = (LR , ΓR ) to
be a theory of the real numbers in (many-sorted) simple type theory. We assume
that LR is a set of expressions over a signature that includes a type R of the
real numbers, constants for each natural number, and constants for addition,
subtraction, multiplication, natural number exponentiation, and the unary and
binary deriv operators defined above. We assume that ΓR contains the axioms
of a complete ordered field as well as the definitions of all the defined constants
in LR (see [8] for further details).
Let Lvar ⊆ LR be the set of variables of type R and Lpoly ⊆ LR be the set
of expressions constructed from members of Lvar , constants of type R, addition,
subtraction, multiplication, and natural number exponentiation. Finally, assume
that PolyDiff : Lpoly × Lvar → Lpoly is the algorithm described in the previous
section adapted to operate on expressions of LR .
Thus to formalize PolyDiff we need to:

1. Define an operator Opd in TR that represents PolyDiff.

2. Prove in TR that Opd is mathematically correct.
3. Devise a mechanism for using Opd in TR .

Formalizing PolyDiff should be much easier than formalizing differentiation

algorithms for larger sets of expressions that include, for example, rational ex-
pressions and transcendental functions. Polynomial functions are total (i.e., they
are defined at all points on the real line) and their derivatives are also total. As
a result, issues of undefinedness do not arise when specifying the mathematical
meaning of PolyDiff.
However, functions more general than polynomial functions as well as their
derivatives may be undefined at some points. Thus using a differentiation algo-
rithm to compute the derivative of one of these more general functions requires
 7

care in determining the precise domain of the derivative. For example, differenti-
ating the rational expression x/x using the well-known Quotient Rule yields the
expression 0, but the derivative of λ x : R . x/x is not λ x : R . 0. The derivative
is actually the partial function

λ x : R . if x 6= 0 then 0 else ⊥.

We restrict our attention to differentiating polynomial functions so that we can

focus on reasoning about syntax without being concerned about issues of unde-
finedness.

3 Syntax Frameworks

A syntax framework [9] is a mathematical structure that is intended to be an

abstract model of a system for reasoning about the syntax of an interpreted
language (i.e., a formal language with a semantics). It will take several definitions
from [9] to present this structure.

Definition 1 (Interpreted Language). An interpreted language is a triple

I = (L, Dsem , Vsem ) where:

1. L is a formal language, i.e, a set of expressions.1

2. Dsem is a nonempty domain (set) of semantic values.
3. Vsem : L → Dsem is a total function, called a semantic valuation function,
that assigns each expression e ∈ L a semantic value Vsem (e) ∈ Dsem . 2

A syntax representation of a formal language is an assignment of syntactic

values to the expressions of the language:

Definition 2 (Syntax Representation). Let L be a formal language. A syn-

tax representation of L is a pair R = (Dsyn , Vsyn ) where:

1. Dsyn is a nonempty domain (set) of syntactic values. Each member of Dsyn

represents a syntactic structure.
2. Vsyn : L → Dsyn is an injective, total function, called a syntactic valuation
function, that assigns each expression e ∈ L a syntactic value Vsyn (e) ∈ Dsyn
such that Vsyn (e) represents the syntactic structure of e. 2

A syntax language for a syntax representation is a language of expressions

that denote syntactic values in the syntax representation:

Definition 3 (Syntax Language). Let R = (Dsyn , Vsyn ) be a syntax repre-

sentation of a formal language Lobj . A syntax language for R is a pair (Lsyn , I)
where:
1
No distinction is made between how expressions are constructed in this definition as
well as in subsequent definitions. In particular, expressions constructed by binding
variables are not treated in any special way.
8

1. I = (L, Dsem , Vsem ) in an interpreted language.

2. Lobj ⊆ L, Lsyn ⊆ L, and Dsyn ⊆ Dsem .
′
3. Vsem restricted to Lsyn is a total function Vsem : Lsyn → Dsyn . 2

Finally, we are now ready to define a syntax framework:

Definition 4 (Syntax Framework in an Interpreted Language).

Let I = (L, Dsem , Vsem ) be an interpreted language and Lobj be a sublanguage
of L. A syntax framework for (Lobj , I) is a tuple F = (Dsyn , Vsyn , Lsyn , Q, E)
where:

1. R = (Dsyn , Vsyn ) is a syntax representation of Lobj.

2. (Lsyn , I) is a syntax language for R.
3. Q : Lobj → Lsyn is an injective, total function, called a quotation function,
such that:
Quotation Axiom. For all e ∈ Lobj ,

Vsem (Q(e)) = Vsyn (e).

4. E : Lsyn → Lobj is a (possibly partial) function, called an evaluation func-

tion, such that:
Evaluation Axiom. For all e ∈ Lsyn ,
−1
Vsem (E(e)) = Vsem (Vsyn (Vsem (e)))

whenever E(e) is defined. 2

A syntax framework is depicted in Figure 1. For e ∈ Lobj, Q(e) is called

the quotation of e. Q(e) denotes a value in Dsyn that represents the syntactic
structure of e. For e ∈ Lsyn , E(e) is called the evaluation of e. If it is defined,
E(e) denotes the same value in Dsem that the expression represented by the
value of e denotes. Since there will usually be different e1 , e2 ∈ Lsyn that denote
the same syntactic value, E will usually not be injective. Q and E correspond
to the quote and eval operators in Lisp and other languages.
Common examples of syntax frameworks are based on representing the syn-
tax of expressions by Gödel numbers, strings, and members of an inductive
type. Programming languages that support metaprogramming — such as Lisp,
F# [10], MetaML [18], MetaOCaml [15], reFLect [11], and Template Haskell [16]
— are instances of a syntax framework if mutable variables are disallowed. See [9]
for these and other examples of syntax frameworks.
The notion of a syntax framework can be easily lifted from an interpreted
language to an interpreted theory. This is the version of a syntax framework that
we will use in this paper.

Definition 5 (Model). Let T = (L, Γ ) be a theory. A model of T is a pair

M M M
M = (Dsem , Vsem ) such that Dsem is a nonempty set of semantic values that
M M
includes the truth values t (true) and f (false) and Vsem : L → Dsem is a total
M
function such that, for all sentences A ∈ Γ , Vsem (A) = t. 2
 9

Vsem
Vsyn
′
Vsem
Lobj Q
L Dsem
E Lsyn Dsyn

Fig. 1. A Syntax Framework

Definition 6 (Interpreted Theory). An interpreted theory is a pair I =

(T, M) where T is a theory and M is a set of models of T . (If T = (L, Γ ),
M M
(L, Dsem , Vsem ) is obviously an interpreted language for each M ∈ M.) 2

Definition 7 (Syntax Framework in an Interpreted Theory).

Let I = (T, M) be an interpreted theory where T = (L, Γ ) and Lobj ⊆ L. A
syntax framework for (Lobj , I) is a triple F = (Lsyn , Q, E) where:

1. Lsyn ⊆ L.
2. Q : Lobj → Lsyn is an injective, total function.
3. E : Lsyn → Lobj is a (possibly partial) function.
M M
4. For all M = (Dsem , Vsem ) ∈ M, F M = (Dsyn M M
, Vsyn , Lsyn , Q, E) is a syn-
M M M M
tax framework for (Lobj , (L, Dsem , Vsem )) where Dsyn is the range of Vsem
M M
restricted to Lsyn and Vsyn = Vsem ◦ Q.

Let I = (L, D, V ) be an interpreted language, Lobj ⊆ L, and F =

(Dsyn , Vsyn , Lsyn , Q, E) be a syntax framework for (Lobj , I). F has built-in quo-
tation if there is an operator (which we will denote as quote) such that, for all
e ∈ Lobj , Q(e) is the syntactic result of applying the operator to e (which we
will denote as quote(e)). F has built-in evaluation if there is an operator (which
we will denote as eval) such that, for all e ∈ Lsyn , E(e) is the syntactic result
of applying the operator to e (which we will denote as eval(e)) whenever E(e)
is defined. There are similar definitions of built-in quotation and evaluation for
syntax frameworks in interpreted theories.
A syntax framework F for (Lobj , I), where I is either an interpreted language
or an interpreted theory, is replete if Lobj = L and F has both built-in quotation
and evaluation. If F is replete, it has the facility to reason about the syntax
10

of all of L within L itself. Examples of a replete syntax framework are rare.

The programming language Lisp with a simplified semantics is the best known
example of a replete syntax framework [9]. T. Æ. Mogensen’s self-interpretation
of lambda calculus [14] and the logic Chiron [7], derived from classical NBG set
theory, are two other examples of replete syntax frameworks [9].

4 Local Approach
In order to formalize PolyDiff in TR we need the ability to reason about the
polynomials in Lpoly as syntactic structures (i.e., as syntax trees). This can
′ ′
be achieved by constructing a syntax framework for (Lpoly , IR ) where IR =
′ ′ ′
(TR , M ) is an interpreted theory such that TR is a conservative extension of
TR . Since we seek to reason about just the syntax of Lpoly instead of a larger
language, we call this the local approach.
The construction of the syntax framework requires the following steps:
1. Define in TR an inductive type whose members are the syntax trees of the
polynomials in Lpoly . The inductive type should include a new type symbol
S and appropriate constants for constructing and deconstructing expressions
of type S. Let Lsyn be the set of expressions of type S. For example, if x + 3
is a polynomial in Lpoly , then an expression like plus(var(sx ), con(s3 )) could
be the expression in Lsyn that denotes the syntax tree of x + 3. Next add
an unspecified “binary” constant Opd of type S → (S → S) to LR (that is
intended to represent PolyDiff). Let TR′ = (L′R , ΓR′ ) be the resulting extension
of TR . TR′ is clearly a conservative extension of TR .
2. In the metatheory of TR′ define an injective, total function Q : Lpoly → Lsyn
such that, for each polynomial u ∈ Lpoly , Q(u) is an expression e that denotes
the syntax tree of u. For example, Q(x + 3) could be plus(var(sx ), con(s3 )).
3. In the metatheory of TR′ define a total mapping E : Lsyn → Lpoly such that,
for each expression e ∈ Lsyn , E(e) is the polynomial whose syntax tree is
denoted by e. For example, E(plus(var(sx ), con(s3 ))) would be x + 3.
′
Let (Lpoly , IR ′
) where IR = (TR′ , M′ ) and M′ is the set of standard models of
′
TR in simple type theory (see [8]). It is easy to check that F = (Lsyn , Q, E) is
′
a syntax framework for (Lpoly , IR ). Notice that E is the left inverse of Q and
hence the law of disquotation holds: For all u ∈ Lpoly , E(Q(u)) = u.
We are now ready to formalize PolyDiff in TR′ . First, we need to define an
operator in TR′ to represent PolyDiff. We will use Opd for this purpose. We write
a sentence CompBehavior
λ a, b : S . is-var(b) ⇒ B(a, b, Opd (a)(b))
in TR′ where, for all u ∈ Lpoly and x ∈ Lvar ,
B(Q(u), Q(x), Opd (Q(u))(Q(x)))
holds iff
PolyDiff(u, x) = E(Opd (Q(u))(Q(x))).
 11

That is, we specify the computational behavior of Opd to be the same as that of
PolyDiff.
Second, we need to prove that Opd is mathematically correct. We write the
sentence MathMeaning
for all u ∈ Lpoly , deriv(λ x : R . u) = λ x : R . E(Opd (Q(u))(Q(x)))
in the metatheory of TR′ that says Opd computes a syntactic value that represents
an expression that denotes the derivative of λ x : R . u at x. And then we prove
in TR′ that MathMeaning follows from CompBehavior. The proof requires showing
that E(Opd (Q(u))(Q(x))) equals deriv((λ x : R . u), x), which is
(λ x : R . u)(x + h) − (λ x : R . u)(x)
lim .
h→0 h
The details of the proof are found in any good calculus textbook such as [17].
Third, we need to show how PolyDiff can be used to compute the derivative of
a function λ x : R . u at x in TR′ . There are two ways. The first way is to simplify
E(Opd (Q(u))(Q(x))) in MathMeaning (e.g., by beta-reduction). The second way
is to replace E(Opd (Q(u))(Q(x))) in MathMeaning with the result of applying
PolyDiff to u and x. The first way requires that PolyDiff is implemented in TR′ as
Opd . The second way does not require that PolyDiff is implemented in TR′ , but
only that its meaning is specified in TR′ .
The local approach is commonly used to reason about the syntax of expres-
sions in a formal theory. It embodies a deep embedding [1] of the object language
(e.g., Lpoly ) into the underlying formal language (e.g., LR ). The local approach
to reason about syntax can be employed in almost any proof assistant in which
it is possible to define an inductive type (e.g., see [1,4,20]).
The local approach has both strengths and weaknesses. These are the
strengths of the local approach:

1. Indirect Reasoning about the syntax of Lpoly in the Theory. In TR′ using Lsyn ,
we can indirectly reason about the syntax of the polynomials in Lpoly . This
thus enables us to specify the computational behavior of PolyDiff via Opd .
2. Direct Reasoning about the syntax of Lpoly in the Metatheory. In the metathe-
ory of TR′ using Lsyn , Q, and E, we can directly reason about the syntax of
the polynomials in Lpoly . In particular, using MathMeaning and the formula
for all u ∈ Lpoly , x ∈ Lvar , PolyDiff(u, x) = E(Opd (Q(u))(Q(x))),
we can specify the mathematical meaning of PolyDiff.

And these are the weaknesses:

1. Syntax Problem. We cannot directly refer in TR′ to the syntax of polynomials.

Also the variable x is free in x+3 but not in Q(x+3) = plus(var(sx ), con(s3 )).
As a result, Q and E cannot be defined in TR′ and thus PolyDiff cannot be
fully formalized in TR′ . In short, we can reason about syntax in TR′ but not
about the interplay of syntax and semantics in TR′ .
12

2. Coverage Problem. The syntax framework F can only be used for reasoning
about the syntax of polynomials. It cannot be used for reasoning, for exam-
ple, about rational expressions. To do that a new syntax framework must be
constructed.
3. Extension Problem. Lpoly , Lsyn , Q, and E must be extended each time a new
constant of type R is defined in TR′ .

In summary, the local approach only gives us indirect access to the syntax of
polynomials and must be modified to cover new or enlarged contexts.
If Lobj (which is Lpoly in our example) does not contain variables, then we can
define E to be a total operator in the theory. (If the theory is over a traditional
logic, we will still not be able to define Q in the theory.) This variant of the local
approach is used, for example, in the Agda reflection mechanism [19].

5 Global Approach
The global approach described in this section utilizes a replete syntax framework.
Assume that we have modified TR and simple type theory so that there is a
replete syntax framework F = (Lsyn , Q, E) for (LR , IR ) where IR = (TR , M)
and M is the set of standard models of TR in the modified simple type theory.
Let us also assume that Lsyn is the set of expressions of type S and LR includes
a constant Opd of type S → (S → S). By virtue of F being replete, F embodies
a deep embedding of LR into itself.
As far as we know, no one has ever worked out the details of how to modify
simple type theory so that it admits built-in quotation and evaluation for the
full language of a theory. However, we have shown how NBG set theory can be
modified to admit built-in quotation and evaluation for its entire language [7].
Simple type theory can be modified in a similar way. We plan to present a version
of simple type theory with a replete syntax framework in a future paper.
We can formalize PolyDiff in TR as follows. We will write quote(e) and eval(e)
as peq and JeK, respectively. First, we define the operator Opd in TR to represent
PolyDiff. We write a sentence CompBehavior
λ a, b : S . is-poly(a) ∧ is-var(b) ⇒ B(a, b, Opd (a)(b))
in TR where, for all u ∈ Lpoly and x ∈ Lvar ,
B(puq, pxq, Opd(puq)(pxq))
holds iff
PolyDiff(u, x) = JOpd (puq)(pxq)K.
That is, we specify the computational behavior of Opd to be the same as that of
PolyDiff.
Second, we prove in TR that Opd is mathematically correct. We write the
sentence MathMeaning
∀ a : S . is-poly(a) ⇒ deriv(λ x : R . JaK) = λ x : R . JOpd (a)(pxq)K
 13

in TR that says Opd computes a syntactic value that represents an expression

that denotes the derivative of λ x : R . JaK at x. And then we prove in TR that
MathMeaning follows from CompBehavior.
Third, we use PolyDiff to compute the derivative of a function λ x : R . u at
x in TR in either of the two ways described for the local approach.
The strengths of the global approach are:

1. Direct Reasoning about the syntax of polynomials in the Theory. In TR using

Lsyn , quote, and eval, we can directly reason about the syntax of the expres-
sions in Lpoly . As a result, we can formalize PolyDiff in TR as described in
the Introduction.
2. Direct Reasoning about the syntax of all expressions in the Theory. In TR
using Lsyn , quote, and eval, we can directly reason about the syntax of the
expressions in the entire language LR . As a result, the syntax framework
F can cover all current and future syntax reasoning needs. Moreover, we
can express such things as syntactic side conditions, formula schemas, and
substitution for a variable directly in TR (see [7] for details).

In short, not only does the global approach enable us to formalize PolyDiff in TR ,
it provides us with the facility to move syntax-based reasoning from the metathe-
ory of TR to TR itself. This seems to be a wonderful result that solves the problem
of formalizing syntax-based mathematical algorithms. Unfortunately, the global
approach has the following serious weaknesses that temper the enthusiasm one
might have for its strengths:

1. Evaluation Problem.
Claim: eval cannot be defined on all expressions in LR .
Proof: Suppose eval is indeed total. TR is sufficiently expressive, in the sense
of Gödel’s incomplete theorem, so apply the diagonalization lemma [3] to
obtain a formula LIAR such that
LIAR = p¬JLIARKq.
Then
JLIARK = Jp¬JLIARKqK = ¬JLIARK,
which is a contradiction. 2
This means that the liar paradox limits the use of eval and, in particular,
the law of disquotation does not hold universally, i.e., there are expressions
e in LR such that JpeqK 6= e.
2. Variable Problem. The variable x is not free in the expression px + 3q (or in
any quotation). However, x is free in Jpx + 3qK because Jpx + 3qK = x + 3.
If the value of the variable e is px + 3q, then both e and x are free in JeK
because JeK = Jpx + 3qK = x + 3.
This example shows that the notions of a free variable, substitution for a
variable, etc. are significantly more complex when expressions contain eval.
14

3. Extension Problem. We can define Lcon ⊆ Lsyn in TR as the language of

expressions denoting the syntactic values of constants in LR .
Claim: Assume the set of constants in L is finite and TR′ = (L′R , ΓR′ ) is an
extension of TR such that there is a constant in L′R but not in LR . Then TR′
is not a conservative extension of TR .
Proof: Let {c1 , . . . , cn } be the set of constants in L. Then

Lcon = {pc1 q, . . . , pcn q}

is valid in TR but not in TR′ . 2

This shows that in the global approach the development of a theory via
definitions requires that the notion of a conservative extension be weakened.
4. Interpretation Problem.
Let T = (L, Γ ) and T ′ = (L′ , Γ ′ ) in be two theories in a simple type theory
that has been modified to admit built-in quotation and evaluation for the
entire language of a theory.
Claim: Let Φ be an interpretation of T in T ′ such that Φ is a homomorphism
with respect to the logical operators of the underlying logic. Then Φ must
be injective on the constants of L.
Proof: Assume that Φ is not injective on constants. Then there are two
different constants a, b such that Φ(a) = Φ(b). paq 6= pbq is valid in T . Hence

Φ(paq 6= pbq) = (pΦ(a)q 6= pΦ(b)q)

since Φ is a homomorphism, and the latter inequality must be valid in T ′

since Φ is an interpretation (which maps valid formulas of T to valid formulas
of T ′ ). However, our hypothesis Φ(a) = Φ(b) implies pΦ(a)q = pΦ(b)q, which
is a contradiction. 2
This shows that the use of interpretations is more cumbersome in a logic
that admits quotation than one that does not.

6 Conclusion

Syntax-based mathematical algorithms are employed throughout mathematics

and are one of the main offerings of computer algebra systems. They are difficult,
however, to formalize since they manipulate the syntactic structure of expres-
sions in mathematically meaningful ways. We have presented two approaches to
formalizing syntax-based mathematical algorithms in a formal theory, one called
the local approach and the other the global approach. Both are based on the no-
tion of a syntax framework which provides a foundation for integrating reason-
ing about the syntax of expressions with reasoning about what the expressions
mean. Syntax frameworks include a syntax representation, a syntax language for
reasoning about the representation, and quotation and evaluation mechanisms.
Common syntax reasoning systems are instances of a syntax framework.
 15

The local approach and close variants are commonly used for formalizing
syntax-based mathematical algorithms. Its major strength is that it provides
the means to formally reason about the syntactic structure of expressions, while
its major weakness is that the mathematical meaning of a syntax-based mathe-
matical algorithm cannot be expressed in the formal theory. Another weakness
is that an application of the local approach cannot be easily extended to cover
new or enlarged contexts.
The global approach enables one to reason in a formal theory T directly
about the syntactic structure of the expressions in T as well as about the inter-
play of syntax and semantics in T . As a result, it is possible to fully formalize
syntax-based algorithms like PolyDiff and move syntax-based reasoning, like the
use of syntactic side conditions, from the metatheory of T to T itself. Unfortu-
nately, these highly desirable results come with a high cost: Significant change
must be made to the underlying logic as illustrated by the Evaluation, Variable,
Extension, and Interpretation Problems given in the previous section.
One of the main goals of the MathScheme project [2], led by J. Carette and
the author, is to see if the global approach can be used as a basis to integrate
axiomatic and algorithmic mathematics. The logic Chiron [7] demonstrates that
it is possible to modify a traditional logic to support the global approach. Al-
though we have begun an implementation of Chiron, it remains an open question
whether a logic modified in this way can be effectively implemented. As part of
the MathScheme project, we are now pursuing this problem as well as developing
the techniques needed to employ the global approach.

Acknowledgments.
The author would like to thank Jacques Carette and Pouya Larjani for many
fruitful discussions on ideas related to this paper. The author is also grateful to
the referees for their comments and careful review of the paper.

References
1. R. Boulton, A. Gordon, M. Gordon, J. Harrison, J. Herbert, and J. Van Tassel. Ex-
perience with embedding hardware description languages in HOL. In V. Stavridou,
T. F. Melham, and R. T. Boute, editors, Proceedings of the IFIP TC10/WG 10.2
International Conference on Theorem Provers in Circuit Design: Theory, Prac-
tice and Experience, volume A-10 of IFIP Transactions A: Computer Science and
Technology, pages 129–156. North-Holland, 1993.
2. J. Carette and W. M. Farmer. Mathscheme: Project description. In J. H. Dav-
enport, W. M. Farmer, F. Rabe, and J. Urban, editors, Intelligent Computer
Mathematics, volume 6824 of Lecture Notes in Computer Science, pages 287–288.
Springer-Verlag, 2011.
3. R. Carnap. Die Logische Syntax der Sprache. Springer-Verlag, 1934.
4. E. Contejean, P. Courtieu, J. Forest, O. Pons, and X. Urbain. Certification of
automated termination proofs. In Frontiers of Combining Systems, volume 4720
of Lecture Notes in Computer Science, pages 148–162. Springer, 2007.
16

5. F.-N. Demers and J. Malenfant. Reflection in logic, functional and object-oriented

programming: A short comparative study. In IJCAI ’95 Workshop on Reflection
and Metalevel Architectures and their Applications in AI, pages 29–38, 1995.
6. W. M. Farmer. Biform theories in Chiron. In M. Kauers, M. Kerber, R. R.
Miner, and W. Windsteiger, editors, Towards Mechanized Mathematical Assistants,
volume 4573 of Lecture Notes in Computer Science, pages 66–79. Springer-Verlag,
2007.
7. W. M. Farmer. Chiron: A set theory with types, undefinedness, quotation, and
evaluation. SQRL Report No. 38, McMaster University, 2007. Revised 2012. Avail-
able at http://imps.mcmaster.ca/doc/chiron-tr.pdf.
8. W. M. Farmer. The seven virtues of simple type theory. Journal of Applied Logic,
6:267–286, 2008.
9. W. M. Farmer and P. Larjani. Frameworks for reasoning about syntax that utilize
quotation and evaluation. McSCert Report No. 9, McMaster University, 2013.
Available at http://imps.mcmaster.ca/doc/syntax.pdf.
10. The F# Software Foundation.
11. J. Grundy, T. Melham, and J. O’Leary. A reflective functional language for hard-
ware design and theorem proving. Journal of Functional Programming, 16, 2006.
12. J. Harrison. Metatheory and reflection in theorem proving: A survey and
critique. Technical Report CRC-053, SRI Cambridge, 1995. Available at
http://www.cl.cam.ac.uk/~ jrh13/papers/reflect.ps.gz.
13. P. Koellner. On reflection principles. Annals of Pure and Applied Logic, 157:206–
219, 2009.
14. T. Æ. Mogensen. Efficient self-interpretation in lambda calculus. Journal of Func-
tional Programming, 2:345–364, 1994.
15. Rice University Programming Languages Team. Metaocaml: A compiled, type-safe,
multi-stage programming language. http://www.metaocaml.org/, 2011.
16. T. Sheard and S. P. Jones. Template meta-programming for Haskell. ACM SIG-
PLAN Notices, 37:60–75, 2002.
17. M. Spivak. Calculus. Publish or Perish, fourth edition, 2008.
18. W. Taha and T. Sheard. MetaML and multi-stage programming with explicit
annotations. Theoretical Computer Science, 248:211–242, 2000.
19. P. van der Walt. Reflection in Agda. Master’s thesis, Universiteit Utrecht, 2012.
20. M. Wildmoser and T. Nipkow. Certifying machine code safety: Shallow versus deep
embedding. In K. Slind, A. Bunker, and G. Gopalakrishnan, editors, TPHOLs, vol-
ume 3223 of Lecture Notes in Computer Science, pages 305–320. Springer-Verlag,
2004.