A powerful feature of Haskell’s type system is that we can deduce properties of functions by looking only at their type. For example, a function of type
f :: ∀a. a -> a
can only be the identity function: since it must return something of type
a, for any type
a, the only thing it can do is return the argument of type
a that it was given (or crash). Similarly, a function of type
f :: ∀a. a -> a -> a
can only do one of two things: either return the first argument, or return the second. This kind of reasoning is becoming more and more important with the increasing use of types such as this definition of a “lens”:
type Lens s t a b = forall f. Functor f => (a -> f b) -> s -> f t
Since a lens is just a function of a particular type, the only thing we can conclude about such a function is whatever we can deduce from its type.
To reason about the properties of functions based only on their types we make use of the theory of parametricity, which tells how to derive a so-called “free theorem” from a type. This blog post is a tutorial on how to do this; it won’t explain why the theory works, only how it works. A Haskell practitioner’s guide to parametricity, if you will.
This is a two-part blog post. In part 1 (this post) we will cover the basics: constant types, functions and polymorphism (over types of kind
In part 2 we will deal with more advanced material: type constructor (types of kind
* -> *), type classes, polymorphism over type constructors and type constructor classes.
The main theorem of parametricity is the following:
if f :: t then f ℛ(t) f
t is a closed type,
ℛ(t) is a relation between two terms of type
t (we shall see later that the type of
ℛ is actually slightly more general). In words, parametricity states that any term
f of type
t is related to itself by
ℛ(t). Don’t worry if this all looks incredibly abstract! We shall see lots and lots of examples.
Constant types (types of kind
For any constant type
C, the relation
ℛ(C) is the identity relation. In other words,
C) x' x ℛ(iff x ≡ x'
(We will use ≡ throughout to mean mathematical equality, to distinguish it from Haskell’s equality function
Let’s see an example. Suppose that
x :: Int. Then parametricity tells us that
Int) x x ℛ(iff x ≡ x
I.e., it tells us that
x is equal to itself. Not very insightful! Intuitively, this makes sense: if all we know about
x is that it is an integer, we cannot tell anything about its value.
TOOLING. Many of the examples in this blog post (though sadly not all) can also be auto-derived by one of two tools. On the
#haskellIRC channel we can ask
lambdabotto derive free theorems for any types not involving type classes or type constructor classes. If you ask
@free x :: Int
lambdabotwill reply with
x = x
(I recommend starting a private conversation with lambdabot so you avoid spamming the wholeAlternatively, you can also try the online free theorem generator. This free theorem generator is a bit more precise than
lambdabot(which takes some shortcuts sometimes), and supports type classes, but cannot work with type constructors (
lambdabotcan work with unknown type constructors but not with quantification over type constructors, unfortunately).
For functions we map related arguments to related results:
A -> B) f' f ℛ(forall x, x'. iff if x ℛ(A) x' then f x ℛ(B) f' x'
(The types of
x' here depend on what precisely
A is; see The type of ℛ, below.)
f :: Int -> Bool. By parametricity
Int -> Bool) f f ℛ(forall x :: Int, x' :: Int. iff if x ℛ(Int) x' then f x ℛ(Bool) f x' -- both Int and Bool are constant types forall x :: Int, x' :: Int. iff if x ≡ x' then f x ≡ f x' -- simplify iff f ≡ f
Again, not very informative. Parametricity doesn’t tell us anything about functions between constant types. Time to look at something more interesting!
Polymorphism (over types of kind
The definition for polymorphic values is
. t) f' f ℛ(∀aforall A, A', a :: A ⇔ A'. iff @A ℛ(t) f'@A' -- where 'a' can occur free in t f
That is, whenever we pick two types
A', and some relation
A', the function
f@A obtained by instantiating the type variable by
A must be related to the function
f'@A' obtained by instantiating the type variable by
A'. In what follows we will write explicit type instantiation like this only if the type is not clear from the context; specifically, we will omit it when we supply arguments to the function.
The type of ℛ.
∀ab. a -> b -> ais an example of a closed type: all type variables are bound by a universal quantifier. An open type is a type with free type variables such as
∀b. a -> b -> aor even
a -> b -> a. (Note that this distinction is harder to see in Haskell where universal quantifiers are often implicit. We will not follow that convention in this article.)
We said in the introduction that ifGiven two relations
tis a closed type,
ℛ(t)relates two terms of type
t. As we saw, in order to be able to give a meaning to open types we need a mapping from any free variable
ato a relation
a :: A ⇔ A'. In this article we somewhat informally maintain this mapping simply by using the same name for the type variable and the relation.
a :: A ⇔ A'and
b :: B ⇔ B',
ℛ(a -> b -> a)relates terms of type
A -> B -> Awith terms of type
A' -> B' -> A'. It is important to realize that
ℛcan therefore relate terms of different types. (For a more precise treatment, see my Coq formalization of a part of this blog post.)
The interpretation of
ℛ for a free type variable
a is defined in terms of the corresponding relation:
-- the type variable x ℛ(a) x' -- the relationiff (x, x') ∈ a
∀a. a -> a
Let’s consider a number of examples, starting with an
f :: ∀a. a -> a:
. a -> a) f f ℛ(∀a-- parametricity forall A, A', a :: A ⇔ A'. iff @A ℛ(a -> a) f@A' f-- definition for function types forall A, A', a :: A ⇔ A', x :: A, x' :: A'. iff if x ℛ(a) x' then f x ℛ(a) f x'
It might not be immediately evident from the last line what this actually allows us to conclude about
f, so let’s look at this a little closer. A function
g is a special kind of relation, relating any argument
g x; since the property holds for any kind of relation
a : A ⇔ A', it must also hold for a function
a⃯ :: A -> A':
forall x, x'. if x ℛ(a⃯) x' then f x ℛ(a⃯) f x' -- x ℛ(a⃯) x' iff a⃯ x ≡ x' forall x :: A, x' :: A'. iff if a⃯ x ≡ x' then a⃯ (f x) ≡ f x' -- simplify forall x :: A, iff a⃯ (f x) ≡ f (a⃯ x)
We can apply this result to show that any
f :: ∀a. a -> a must be the identity function: picking
a⃯ = const x, we get
const x (f x) ≡ f (const x x), i.e.
x ≡ f x, as required.
NOTE. We are doing fast and loose reasoning in this tutorial and will completely ignore any totality issues. See Automatically Generating Counterexamples to Naive Free Theorems, or the associated web interface, for some insights about what wrong conclusions we can draw by ignoring totality.
∀a. a -> a -> a
Intuitively, there are only two things a function
f :: ∀a. a -> a -> a can do: it can either return its first argument, or it can return its second argument. What does parametricity tell us? Let’s see:
. a -> a -> a) f f ℛ(∀aforall A, A', a :: A ⇔ A'. iff @A ℛ(a -> a -> a) f@A' f-- applying the rule for functions twice forall A, A', a :: A ⇔ A', x :: A, x' :: A', y :: A, y' :: A'. iff if x ℛ(a) x', y ℛ(a) y' then f x y ℛ(a) f x' y'
Let’s again specialize the last line to pick a function
a⃯ :: A -> A' for the relation
forall x :: A, x' :: A', y :: A, y' :: A'. if x ℛ(a⃯) x', y ℛ(a⃯) y' then f x y ℛ(a⃯) f x' y' -- a⃯ is a function forall x :: A, y :: A. iff if a⃯ x ≡ x' and a⃯ y ≡ y' then a⃯ (f x y) ≡ f x' y' -- simplify = f (a⃯ x) (a⃯ y)iff a⃯ (f x y)
So parametricity allows us to “push in” or “distribute”
f. The fact that
f must either return its first or its second argument follows from parametricity, but not in a completely obvious way; see the
∀ab. a -> b
undefined (which we are ignoring), there can be no function
f :: ∀ab. a -> b. Let’s suppose that one did exist; what does parametricity tell us?
. a -> b) f f ℛ(∀ab-- applying the rule for universal quantification, twice forall A, A', B, B', a :: A ⇔ A', b :: B ⇔ B'. iff @A,B ℛ(a -> b) f@A',B' f-- applying the rule for functions forall A, A', B, B', a :: A ⇔ A', b :: B ⇔ B', x :: A, x' :: A'. iff if x ℛ(a) x' then f x ℛ(b) f x'
Picking two functions
a⃯ :: A -> A' and
b⃯ :: B -> B' for
b, we get
. f = f . a⃯b⃯
It’s not too difficult to derive contradiction from this (remember that you can pick any two functions
b⃯ between any types of your choosing). Hence, such a function cannot exist.
∀ab. (a -> b) -> a -> b
The only thing a function of this type can do is apply the supplied function to the supplied argument (alternatively, if you prefer, this must be the identity function). Let’s spell this example out in a bit of detail because it is our first example of a higher order function.
. (a -> b) -> a -> b) f f ℛ(∀ab-- apply rule for polymorphism, twice forall A, A', B, B', a :: A ⇔ A', b :: B ⇔ B'. iff @A,B ℛ((a -> b) -> a -> b) f@A',B' f-- apply rule for functions, twice forall A, A', B, B', a :: A ⇔ A', b :: B ⇔ B'. iff forall g :: A -> B, g' :: A' -> B', x :: A, x' :: A'. if g ℛ(a -> b) g' and x ℛ(a) x' then f g x ℛ(b) f g' x'
Let’s expand what that premise
g ℛ(a -> b) g' means:
-> b) g' g ℛ(a forall y :: A, y' :: A'. iff if y ℛ(a) y' then g y ℛ(b) g' y'
For the special case that we pick functions
a⃯ :: A -> A' and
b⃯ :: B -> B' for
b, that premise collapses to
forall y :: A, y' :: A'. if y ℛ(a⃯) y' then g y ℛ(b⃯) g' y' -- a⃯ and b⃯ are functions forall y :: A, y' :: A'. iff if a⃯ y ≡ y' then b⃯ (g y) ≡ g' y' -- simplify forall y :: A. iff b⃯ (g y) ≡ g' (a⃯ y)-- simplify (extensionality) . g ≡ g' . a⃯iff b⃯
So that the free theorem for
f :: ∀ab. (a -> b) -> a -> b becomes
if b⃯ . g ≡ g' . a⃯ then b⃯ . f g ≡ f g' . a⃯
b⃯ = const g,
g' = g, and
a⃯ = id (verify that the premise holds) we get that indeed
g ≡ f g, as expected.
Useful shortcut. This pattern is worth remembering:whenever
-> b⃯) g' g ℛ(a⃯ . g ≡ g' . a⃯iff b⃯
b⃯are function(al relation)s.
∀ab. (∀c. c -> String) -> a -> b -> String
f :: ∀ab. (∀c. c -> String) -> a -> b -> String is not only higher order, but has a rank-2 type: it insists that the function it is given is itself polymorphic. This makes it possible to write, for example
f g x y = g x ++ g y
Note that since
y have different types, it is important that
g is polymorphic. What is the free theorem for
. (∀c. c -> String) -> a -> b -> String) f f ℛ(∀ab-- apply rule for polymorphism, twice forall A, A', B, B', a :: A ⇔ A', b :: B ⇔ B'. iff . c -> String) -> a -> b -> String) f f ℛ((∀c-- apply rule for functions three times, and simplify ℛ(String) to (≡) forall A, A', B, B', a :: A ⇔ A', b :: B ⇔ B'. iff forall g :: ∀c. c -> String, g' :: ∀c. c -> String. forall x :: A, x' :: A', y :: B, y' :: B'. if . c -> String) g', x ℛ(a) x', y ℛ(b) y' g ℛ(∀cthen f g x y ≡ f g' x' y'
Specializing this theorem to functions
a⃯ :: A -> A' and
b⃯ :: B -> B' we get
forall A, A', B, B', a⃯ :: A -> A', b⃯ :: B -> B'. forall g :: ∀c. c -> String, g' :: ∀c. c -> String. forall x :: A, y :: B. if . c -> String) g' g ℛ(∀cthen f g x y ≡ f g' (a⃯ x) (b⃯ y)
But that is somewhat surprising, because it seems to say that the values of
y cannot matter at all! What is going on? Expanding the first premise:
. c -> String) g' g ℛ(∀cforall C, C', c :: C ⇔ C', iff -> String) g' g ℛ(c forall C, C', c :: C ⇔ C', z :: C, z' :: C'. iff if z ℛ(c) z' then g z = g' z'
Let’s stop for a moment to ponder what this requirement for
g' really says: given any relation
c, and any elements
z' that are related by
c—in other words, for any
z' at all—we must have that
g z and
g' z' give us equal results. This means that
g' must be constant functions, and the same constant function at that. As a consequence, for any function
f of the above type,
f g must itself be constant in
y. In part two we will see a more useful variation which uses the
Show type class.
Incidentally, note that this quantification over an arbitrary relation
c is a premise to the free theorem, not a conclusion; hence we cannot simply choose to consider only functions c.
TOOLING. Indeed, if you enterin the online free theorem generator you will see that it first gives the free theorem using relations only, and then says it will reduce all “permissible” relation variables to functions; in this example, that is all relations except for
(forall c. c -> String) -> a -> b -> String
lambdabotdoesn’t make this distinction and always reduces relations to functions, which is not correct.
To be continued
Part 2 covers type constructors, type classes and type constructor classes. Meanwhile, here are some links to papers on the subject if you want to read more.
- Theorems for free! by Philip Wadler is the seminal paper on the topic. It doesn’t however cover general type classes, higher types, or type constructors.
- Type-safe cast does no harm: Syntactic parametricity for Fω and beyond by Dimitrios Vytiniotis and Stephanie Weirich is a more theoretical paper about free theorems in a calculus with higher rank types and representation types.