Proof Assistants for Natural Language Semantics

. In this paper we discuss the use of interactive theorem provers (also called proof assistants) in the study of natural language semantics. It is shown that these provide useful platforms for NL semantics and reasoning on the one hand, and allow experiments to be performed on various frameworks and new theories, on the other. In particular, we show how to use Coq, a prominent type theory based proof assistant, to encode type theoretical semantics of various NL phenomena. In this respect, we can encode the NL semantics based on type theory for quan-tiﬁers, adjectives, common nouns, and tense, among others, and it is shown that Coq is a powerful engine for checking the formal validity of these accounts as well as a powerful reasoner about the implemented semantics. We further show some toy semantic grammars for formal semantic systems, like the Montagovian Generative Lexicon, Type Theory with Records and neo-Davidsonian semantics. It is also explained that experiments on new theories can be done as well, testing their validity and usefulness. Our aim is to show the importance of using proof assistants as useful tools in natural language reasoning and veriﬁcation and argue for their wider application in the ﬁeld.


Introduction
Interactive theorem provers (also called proof assistants) have come a long way since they were first introduced in the late 60's as tools to formalise mathematics (cf., the AUTOMATH project [3]).Today, a number of state-of-the-art proof assistants exist and their uses have been proven fruitful both in formalisation of mathematics and software verification, among other things; see, for example, [13] for the proof of the four colour theorem in the proof assistant Coq 3 .The importance and usefulness of proof assistants have also been further proven by some recent research projects, including the very attractive research on Univalent Foundations [27] that aims to develop alternative foundations of mathematics, where the proof assistants Coq and Agda [1] play a crucial role to the whole endeavour (see [33] for an example of formalization of part of the project in Coq).The use of constructive type theories for the study of NL semantics has also seen a revival in the last decade. 4A number of approaches that directly employ constructive type theories or are inspired by them have been put forth by various researchers in the recent years and have provided interesting accounts on classic problems of formal semantics (see [9,22,25,29,15,2,32] for examples, although this is not a complete list).In this context, it is worth noting the following: -Some of the proof assistants, like Coq and Agda, implement constructive type theories; -The proof assistants are extremely powerful reasoning engines; and -Constructive type theories have been shown to be a nice alternative to the simple type theory usually in formal semantics.
It seems that the time is right to look at the combination of these three in order to use proof assistants as natural language reasoners and as checkers of the formal validity of formal semantics accounts.Indeed, we have taken the first step in this direction and have used Coq as a natural language reasoner [6,5].
In this paper, we extend this work and create a number of small Coq libraries to show that proof assistant like Coq can provide useful platforms for: -Formalising NL semantics and, based on it, formally describe various NL phenomena, including co-predication, individuation, common nouns, adjectives and tense, among others.(These libraries are based on earlier theoretical work using Luo's Type Theory with Coercive Subtyping (TTCS for short) [19,20,22].)-Experimenting with various semantic frameworks: we show how to use Coq to formalise them by implementing some small examples in Rétore's Montagovian Generative Lexicon [29], Cooper's Type Theory with Records (TTR) [9], and neo-Davidsonian event semantics [26].-Experimenting with new theories: we formalise in Coq a newly developed theory [8] of predicational forms to give semantics to negative sentences and conditionals in constructive type theory.We also look at the issue of individuation and its interaction with copredication from the same perspective.
The current paper is structured as follows: in §2, we provide an introduction to TTCS and the implementation of some of the ideas casted in TTCS with respect to NL semantics in the Coq proof assistant, especially its use in formalising NL semantics in TTCS.In §3, we present several small libraries: first the one based on our work in type theory, introducing the relevant formal features of TTCS when needed, then several small libraries for other semantic frameworks and, finally, the library for the theory of predicational forms and individuation criteria.In the conclusion, some future work is discussed.

Type Theoretical Semantics for NL in Coq
In this section, we shall first introduce formal semantics in a constructive type theory and then how we will discuss the use of Coq to implement the semantics for various features in natural language.

Formal Semantics in Type Theory with Coercive Subtyping
Type Theory with Coercive Subtyping (TTCS) is a constructive type theory based on Luo's UTT [17] with the addition of an effective subtyping mechanism, that of coercive subtyping [18,25].TTCS has been effectively used in the study of NL semantics for a range of phenomena including common nouns, adjectives, adverbs and belief intensionality among other things [19,20,22,5,7].TTCS is a dependent type theory with rich type structures which are exploited for the study of NL semantics.We will refer to this type of semantics in this paper as Modern Type Theoretical (MTT) semantics. 5In MTT-semantics, some of the major linguistic categories and their interpretation are shown below: 1.A common noun (CN) can be interpreted as a type.2. A verb (IV) can be interpreted as a predicate over the type D that interprets the domain of the verb (i.e., a function of type D → P rop, where P rop is the type of logical propositions 3.An adjective (ADJ) can be interpreted as a predicate over the type that interprets the domain of the adjective (i.e., a function of type D → P rop).4. Modified common nouns (MCNs) can be interpreted by means of Σ-types, types of (dependent) pairs. 5.A sentence (S) is interpreted as a proposition of type P rop.
See Figure 1 for a summary with examples.

NL Semantics in Coq
Coq [11] implements pCIC, a type theory whose major part is essentially6 TTCS (UTT with coercive subtyping), based on which the formal semantics briefly described in the previous subsection has been implemented.The encoding of NL semantics based on TTCS is quite straightforward in most of the cases.Let us see some basics of how this can be done.Starting with the type of logical propositions, nothing needs to be encoded, since Coq already involves a universe of logical propositions, P rop.The next step, is to see what the universe of entities would be taken to be.In MG, a coarse-grained type of entities exists, i.e. the type e of all entities.In MTTsemantics, the common nouns constitute a universe, denoted as cn; the type cn contains the (interpretations of) CNs, each of which is further interpreted as a type that contains entities belonging to them.CNs are interpreted as types rather than predicates.However, since universe construction (i.e., defining new universes) is not an option in Coq, we equate cn with Coq's predefined universe Set.
Σ-types (types of dependent pairs), which are used to give semantics to some modified common nouns among other things, are encoded using Coq's dependent record type mechanism 7 and adjectives and verbs are defined as predicates (objects of type A → P rop).Subsective adjectives like large are encoded as polymorphic predicates (see [4]), extending over the universe cn. 8 Subtyping is encoded using Coq's coercion mechanism and the proper names are given suitable domain types: e.g., John is assumed to be of type M an.
The Coq codes for this basic set up are as follows.
Definition Quantifiers can be given polymorphic types as well: a quantifier takes a CN argument A : cn and returns a function of type (A → P rop) → P rop.Thus, if A is M an the type for the quantified NP will be (M an → P rop) → P rop and, if A is Object, it is of type (Object → P rop) → P rop, and so on.As examples, we define the quantifiers some, all, no as follows: Definition some := fun A:CN => fun P:A->Prop => exists x:A, P(x).Definition all := fun A:CN => fun P:A->Prop => forall x:A, P(x).Definition no := fun A:CN => fun P:A->Prop => forall x:A, not(P(x)).
Note that the typing is the one we have been describing, taking an A:cn argument, an A → P rop argument and returning a proposition.Now, let us see how one can exploit Coq in order to reason with NL sentences based on the implemented semantics.First of all, if one wants to check typing, the command Check followed by the element we want to check can be used.Note that Coq is a strongly typed language, so by definition ill-typed constructs cannot be defined, since they will be blocked by Coq.Let us see an NL reasoning example, the one shown below: (1) John walked ⇒ Some man walked Formalizing this example in Coq, we consider the following 'theorem' whose name is JOHN (to be proved): Theorem JOHN : walked John -> (some Man) walked.
This will put Coq into proof-mode.We unfold the definition for some using cbv and use the tactic intro, which will introduce the antecedent as a hypothesis: 9 JOHN < cbv.intro.subgoal H : walked John ============================ exists x : Man, walked x What we need to do is substitute John for x and using the tactic assumption, which matches a goal in case there is an identical premise in the context of the proof, the proof is completed and we can save the proof using Qed.The whole proof is then the steps: so because of its rich representational structures as well as its internal logic. 11herefore, it has a wide coverage of linguistic features and can be compared to Montague semantics in this respect.It is also proof-theoretic, in the sense of [14], because MTTs are specified proof-theoretically and the meanings of MTTjudgements, that are used to give semantics to NL sentences, can be understood by means of their inferential roles.Therefore, reasoning with NL can be directly performed in proof assistants like Coq that implement MTTs.This is unique for MTTs and MTT-semantics: such a possibility of having a semantics which is both model-theoretic and proof-theoretic is not available to us until we have the MTT-semantics (for example, if one considers that the traditional modeltheoretic semantics is set theory, we simple would not have a proof-theoretic representational language: set theory is not proof-theoretic.)

Libraries for NL Semantics
We have created a number of small libraries in Coq, encoding NL semantics.They may be classified as follows: -MTT-semantics and reasoning: We have studied various NL phenomena using MTT-semantics and formalised them in Coq.-Platform for other semantic frameworks: We have looked at several semantic frameworks and provided some examples including, for example, Rétore's Montagovian Generative Lexicon [29], Cooper's Type Theory with Records (TTR) [9], and a toy semantic grammar for neo-Davidsonian event semantics [26].-Experiments on new semantic theories: We have done interesting experiments in Coq about some new semantic theories, including that about predicational forms in MTT-semantics [8], as reported here.

MTT semantics for NL in Coq
The main file for MTT-semantics is MainCoq.v.This includes the Coq implementation of a number of ideas in MTT-semantics.The universe CN includes a number of types (e.g., M an, Human, Delegate, W oman, Animal, Object) and subtyping relations between them.Synonym relations are encoded via the letcommand in Coq.Adjectives are defined in the way specified in the previous section and sometimes some added lexical semantics are inserted.For example, small is defined as the opposite of large, and both are polymorphically defined as follows: Parameter Large Normalsized: forall A:CN, A->Prop.Definition Small := fun A:CN => fun a:A => not (Large A a) /\ not (Normalsized A a).
Basically the idea here is that small is defined as being not large but furthermore not of normal size.This reflects the idea that something which is not large is not necessarily small. 12This is needed in order to get the relevant inferences right (see [5]).
In MTT-semantics, there is also a widespread use of Σ-types for factive verbs, adverbs and comparatives.We have not the space here to go in full detail but the idea can be briefly described as follows, taking the case of veridical sentence adverbs as an example.What we need to capture is that the proposition without the adverb is implied by the proposition including the adverb.In order to do this, we first define an auxiliary object: Parameter ADVS : forall (v:Prop), sigT (fun p:Prop => p->v).
This basically takes a proposition v and returns a pair whose first component is a proposition p and whose second component is the proposition that p implies v.Then, veridical sentence adverbs (we use fortunately as an example) are defined as the first projection of this auxiliary pair: Similar uses of Σ-types can be found for VP adverbs, comparatives as well as factive verbs in the library (see [5] for more details.) For comparatives, we introduce indexed types for common nouns; for example, humans of type Human may be indexed by a height parameter.Then, a comparative adjective takes two Human i arguments with i: : Height.
A simple model of tense is defined and an attempt to deal with some aspects of tense exists.There is a type T ime and a date is defined as triple, taking year, and day arguments and returning a result in T ime.A default date is defined which consists of the defaults for year, month and day.Then, verbs are defined with an extra time argument.Present, past and future are then defined using the precedes relation with respect to the default time.For example, an adverb like currently is defined as identifying the time argument with the default time: Definition currently := fun P : Time -> Prop => P default_t.
The next file is adjectives.v,which involves some more fine-grained issues in adjectival semantics.In particular it deals with multidimensional adjectives and introduces a hack in order to take care of the fact that Coq does not allow subtyping to propagate through constructors (as it is the case in TTCS). 13Multidimensional adjectives do not just involve one dimension (e.g., the dimension of height in the case of tall ), but more than one.Classical cases are the adjectives like healthy and sick or even adjectives like big.The idea is that an adjective like healthy quantifies over a number of dimensions, e.g., blood pressure, cholesterol etc. [31].Similarly, big may involve different dimensions like height, width etc.For an adjective like healthy, we define health as an enumerated type including all the relevant dimensions.Then, Healthy is defined as taking an argument of type Human and assuming that human is healthy in all dimensions.For sick, the assumption is that the argument is not healthy w.r.t. to at least one dimension.This follows the ideas set out in [31]: Inductive Health:CN:=Heart|Blood|Cholesterol.Parameter Degree:R.Parameter healthy:Health->Human->Prop.Definition Sick:=fun y:Human=>~(forall x:Health,healthy x y).Definition Healthy:=fun y:Human=>forall x:Health,healthy x y.
The files FracasCoq.vand test.vare meant to be used in conjunction.Actually FracasCoq loads test.v.FracasCoq.vcontains a number of FraCaS test suite examples formalized in Coq along with their proofs.The FraCas Test Suite [10] arose out of the FraCas Consortium, a huge collaboration with the aim to develop a range of resources related to computational semantics.The FraCas test suite is specifically designed to reflect what an adequate theory of NL inference should be able to capture.It comprises NLI examples formulated in the form of a premise (or premises) followed by a question and an answer.Here is a typical example from the suite: (2) Some Irish delegates finished the survey on time.
Did any delegate finish the report on time [Yes, FraCaS 055] The modified CN Irish delegates is defined as a Σ type.Given that π 1 is defined as a coercion, the inference will go through easily.Please see [5] for more details and the code for the actual

Other Semantic Frameworks
Proof assistants can be used as platforms to experiment with different semantic frameworks.In this respect, there are three files that have some very small toy semantic grammars of other frameworks that have been used in the study of linguistic semantics.Note that these implementations are shallow implementations in the sense that no deep implementation of the underlying formal systems is done.In other words, we are not doing a faithful implementation of a semantic framework; instead, we emphasise the quick return so that examples can be done.For instance, Retoré's Generative Montagovian Lexicon [29] is based on system F [12,30], but no implementation of system F is done on our part.
In MontagovianLexiconToy.v,we encode some of the ideas in presented in Generative Montagovian Lexicon as presented in [29].Note that the idea that, representing the interpretation of a common noun, each type has its corresponding predicate cannot be implemented since it is not clear how such correspondence will be formally defined. 14We, however, encode the idea that a word like book has a principal lambda term and then a number of coercions that take care of its dot-type status.This is done by using type overloading via unit types.We further formalize the polymorphic conjunction of [29] and prove that it is equivalent to the semantics of regular conjunction.For example, the definition of polymorphic conjunction is given as follows: Definition PAND := fun a:e => fun b:e => fun P:a->t => fun Q:b->t => fun x:e => fun y:x => fun f:x->a => fun g:x->b => and (P(f(y))) (Q(g(y))).
Records.v has some very simple experimentations on encoding ideas from Cooper's TTR [9].For example, the record for a man owns a donkey is encoded as: Record amanownsadonkey : Type := mkamanownsadonkey{ x : Ind; c1 : man x; y : Ind; c2 : donkey y; c3 : own x y}.
From this record type in Coq, one can prove any of the individual fields.For example, one can show that a man exists, that a donkey exists (man and donkey are defined here as predicates), and that the man owns the donkey.Lastly, Davidson.vcontains a typed neo-Davidsonian toy semantic grammar.It has some simple examples and the welcoming inferential properties of neo-Davidsonian semantics where each modifier adds a conjunct.The grammar presents a typed version of neo-Davidsonian semantics where predicates like agent as seen as functions from an individual and an event to a proposition (see [24] for formal details).Similarly, a transitive verb like stabs is defined as taking an event argument e and two arguments x and y of type Ind and returning a proposition which specifies that there is a stabbing event e1 such that stabs(x)(y)(e1), x is the agent, y is the theme and e = e1.This toy semantic grammar can take care of inferences like the following (proofs are in the file): (3) Brutus stabbed Caesar with a knife in Rome ⇒ Brutus stabbed Caesar with a knife (4) Brutus stabbed Caesar with a knife in Rome ⇒ Brutus stabbed Caesar (5) Brutus stabbed Caesar with a knife in Rome ⇒ the agent of the stabbing was Brutus Remark 2. As we have already mentioned, the above implementations are shallow implementations of fragments of other semantic theories.Coq implements an MTT, which in itself is a very powerful language to represent NL semantics.
In a sense, one way of using Coq would be to use this very powerful language in order to embed different semantic theories as kind of modules within Coq's MTT.For example, one might want to define a Natural Logic component (as for example [16] has done), or a neo-Davidsonian fragment as we have very briefly done here.We believe that this is a nice way of looking at the use of systems like Coq can be used for NL semantics.Different comparisons can then be performed as regards the different frameworks based e.g. on the predictions they make as regards inference.(THIS RELATES TO REVIEWER'S 2 COM-MENT AS REGARDS WHETHER LIBRARIES HAVE SHOWN ANYTHING ABOUT CURRENT SEMANTIC THEORIES)

Experiments with New Semantic Theories
Systems like Coq can play a useful role in verifying newly proposed theories in semantics.Here, we consider two cases.The first concerns the theory of predicational forms as studied in [8].The theory is to deal with negated sentences or conditionals in a type theory where some CNs are interpreted as types in a multi-sorted type system (e.g., the MTT-semantics) and the file predhyp.vcontains the experiments done in Coq that formalizes the theory of predicational forms and considered many relevant examples.Consider the simplest example, where (7) is the (judgemental) interpretation of ( 6): (6) John is a man.(7) j : M an Note that j : M an is a judgment and not a proposition.How do we give semantics to its negation like (8)? (8) John is not a man.
Similarly, a negated sentence like (9) needs to be given semantics, but it would be simply negating the semantics of 'Tables talk' since the latter is meaningless (i.e., ill-typed) 15 .
(9) Tables do not talk.Also, some conditionals correspond to hypothetical judgements and require a treatment as well (we omit the details here).
The theory of predicational forms [8] is a logical theory to deal with the above issues.Based on it, suitable semantic interpretations can be given to negated sentences and conditionals as intended.
The formalisation of the theory (and examples) can be found in predhyp.v. 16or instance (just showing one example), the following sentences and inferences have been done: (10)It is not the case that John is not a man.(11)It is not the case that every human is a logician (12)Some red tables do not talk ⇒ Some tables do not talk Another theory is to consider how to deal with inferences concerning CNs.Individuation.v contains an account of how individuation criteria should be decided within an MTT.The general idea is that every common noun is associated with its own identity criteria (IC) which can be inherited by other common nouns (see [21] for the theory on this and more detailed discussions on ICs.)For example, one can assume that M an inherits its IC from Human.Given this assumption, common nouns are not simple types but setoids whose first component is a type (the domain of the CN), in DomCN (which is the old cn universe) and whose second component is its IC.So under this view, the common noun Human will be represented by the following (we use capitals to denote the new formalization and retain the first letter with uppercase notation to denote the type in DomCN): (13) HU M AN = Σ(Human, = H ) Several IC criteria are defined for different common nouns and dot.types like book are given two different IC criteria depending on whether their physical or informational aspect is individuated.Thus, we have: In this paper, we have argued for the use of the proof assistant technology for natural language semantics.In particular, we have argued, that the time is mature for such an endeavor given the progress made in both the proof technology itself as well as the use of constructive type theories for natural language semantics.We have prepared a number of small libraries for NL semantics using the proof assistant Coq based on Luo's TTCS and have shown the benefits of such an endeavor by exemplifying the use of proof assistants as natural language reasoners or as checkers of the formal validity of proposals in formal semantics.We have lastly shown how experiments with semantic accounts proposed in several semantic frameworks can also be implemented in Coq.
As future work, we are envisaging the extension of work as regards inference by endorsing a system where a tight correspondence between syntax and semantics exists, in the same way such a correspondence is found in categorial grammar.This builds on theoretical work of second author, where a proposal for extending the Lambek calculus with dependent types can be found.Given such a development one can then define a parser based on this extended Lambek calculus with dependent types, which will automatically give us MTT-semantics as output.These semantics will then be used by Coq to perform reasoning tasks.The ultimate goal is to develop a wide-coverage, robust parser that will then be able to output semantics for larger pieces as well as open text.Similar work using multi-modal categorial grammars or combinatory categorial grammar has been shown to be feasible.If this is the case, this is a great chance of using a more structured semantic framework as well as a specific purpose reasoning device (Coq) in order to deal with NLI.

⋆
Partially supported by Centre for Linguistic Theory and Studies in Probability, University of Gothenburg.⋆⋆ Partially supported by EU COST Action CA15123 and CAS/SAFEA Inter.Partnership Program.

( 14 )
BOOK 1 = Σ(Book, = P ) (15) BOOK 2 = Σ(Book, = I ) A number of proofs then follow including, for example, a proof of the following: (16) John picked up and mastered three books ⇒ John picked up three physical objects and mastered three informational objects 4 Conclusions and Future Work