How Are Programs Found?
Speculating About Language Ergonomics With Curry-Howard

Of interest for our analysis is the stance of Henri Poincaré, who was at once appreciative of the quest for certainty and skeptical of the emphasis on formalism. In a 1900 essay, Poincaré identifies “two entirely different kinds of minds” among great mathematicians, “one sort are above all preoccupied with logic”, advancing “step by step, after the manner of a Vauban who pushes on his trenches against the place besieged, leaving nothing to chance”, and the other are “guided by intuition and at the first stroke make quick but sometimes precarious conquests” [Poincaré, 2005, p. 1012]. Poincare believed it was the “very nature of their mind which makes them logicians or intuitionalists”, and while “[the] first are incapable of ‘seeing in space’, the others are quickly tired of long calculations and become perplexed”. But both are “equally necessary for the progress of science”, both “have achieved great things that others could not have done”.

Poincaré however was not blind to the progressive shift towards formality and rigor, even among the “intuitionalists”, as “their readers have required of them greater concessions”. The reason for this shift is the recognition that intuition “cannot give us rigour, nor even certainty”. This is why formalism and logical analysis are necessary to further progress, a kind of cleaning up and clarifying that prevents illicit jumping to conclusions. But “intuition must retain its role as complement, […] or as antidote to logic”, not just for the student but also the creative scientist. To see the unity in a mathematical problem, we need “a faculty which makes us see the end from afar, and intuition is this faculty” (p. 1018). Poincaré uses the example of the concept of a continuous function, which from the image of a continuous mark of chalk gradually turned into a construction “irreproachable in the eyes of the logician”. But even the logician relies on some sort of intuition, only, as in the case of Hermite, “the most abstract entities were for him like living beings”, allowing them to “perceive at a glance the general plan of a logical edifice”. “In rejecting the aid of the imagination, which, as we have seen, is not always infallible, they can advance without fear of deceiving themselves. Happy, therefore, are those who can do without this aid! We must admire them; but how rare they are!”

Poincaré, it seems, was not among them. His thesis adviser characterized him as follows: “It must be said, if one wants to give an accurate idea of how Poincaré worked, that many points of [his thesis] needed correction or explication. Poincaré was an intuitif” [cited after Mclarty, 1997]. Mclarty states that many of Poincaré’s publications offered crucial new insights, laying the foundations to whole fields, all while employing hasty (or no) proofs, and getting substantial details wrong that were later to be worked out by others. Poincaré’s question, “Who would venture to say whether he preferred that Weierstrass had never written or that there had never been a Riemann?”, should be restated for the reader: “Who would wish that there had never been a Poincaré?”

The foundational crisis in the past, and its shocking revelations absorbed or ignored, parts of the formalists’ results and spirit found their way into research mathematics. Probably the prototypical example of 20^th-century formalist mathematics is the highly influential work of Nicolas Bourbaki, a group of predominantly French mathematicians. According to a member, Bourbaki was set up almost in opposition to the intuitif Poincaré, against the older generation that “had learned mathematics in the old-fashioned way”, “it was not the fashion to value Poincaré at all” Senechal [1998]. In the 1960s, this spirit of renewal found its way into primary education in mathematics. Today still known (and often ridiculed) under the moniker “new math”, various educational reform programs in the United States and Europe put set theory, Boolean algebra and further abstract nonsense on schools’ curricula. A cautionary tale of educational reform implemented in haste and abandoned without much analysis or care, new math disappeared as quickly as it had been put on the agenda, as teachers felt unable to teach and parents unable to understand the new materials. The history of the new math is complex and frequently misconstrued [Phillips, 2015, p. 145], but the reactions of contemporary mathematicians to its introduction provide interesting insight into their attitudes. Especially in the United States, the reform efforts led to controversies among professional mathematicians and scientists, triggered not by the new emphasis on and interest in mathematics education, but by the image of mathematics thought to be underlying the reform proposals Phillips [2014].

Physicist Richard Feynman in a commentary on new math stresses the importance of freedom, experimentation and intuition in learning and practicing mathematics Feynman [1965]. While this spirit “does not appear in [a mathematician’s] final proofs, which are simply demonstrations or complete logical arguments which prove that a certain conclusion is correct”, it is present in the way that he works in “in order to obtain a guess as to what it is he is going to prove before he proves it”. To give authority to his claim, he quotes a pure mathematician, J.B. Roberts:

The scheme in mathematical thinking is to divine and demonstrate. There are no set patterns of procedure. We try this and that. We guess. We try to generalize the result in order to make the proof easier. We try special cases to see if any insight can be gained in this way. Finally – who knows how? – a proof is obtained.

Mathematician and educator Morris Kline spent considerable effort arguing against the new curriculum, publishing both an essay, Logic Versus Pedagogy Kline [1970], and a book, Why Johnny Can’t Add Kline [1974]. His protest against the reform was motivated by a strong belief in the importance of intuition and gradual development in mathematical training and practice. The arguments in both texts make much use of historical developments and anecdotes, illustrating the imperfections and intuitive leaps present in the work of accomplished mathematicians. Kline presents as an example the development of calculus from the basic concept of “instantaneous rate of change of a function” [Kline, 1970, p. 267] to the modern formally precise expression. He documents the vague and faulty conceptualization evident in the writings of Newton and Leibniz, and Newton’s defense of his work against “overprecise critics” posing a threat to the “fruits of invention”. The same aspect is highlighted in Cauchy’s use of differentiability where he had only assumed continuity, making, on the whole, substantial progress.

Like Feynman, Kline sees mathematics as “primarily a creative activity, and this calls for imagination, geometric intuition, experimentation, judicious guessing, trial and error, the use of analogies of the vaguest sort, blundering and fumbling” (p. 271). To counter the response that intuition plays this important role only in those new to a subject matter, Kline recounts the anecdote of “the professor who was presenting a logical proof to his class, got stuck in the course of the proof, went over to the corner of the blackboard where he drew some pictures, erased the pictures, and then continued the proof” (p. 280).

In the end Kline concedes, quoting Weyl, that “logic is the hygiene which the mathematician practices to keep his ideas healthy and strong”.

Our third episode is set in 1993–1994, a discussion held in the Bulletin of the American Mathematical Society and triggered by a call for action by Arthur Jaffe and Frank Quinn Jaffe and Quinn [1993]. The authors worried about a perceived trend of an increase in speculative mathematics, due in part to a cultural clash between mathematics and physics. A nearly categorical statement opens the paper: “Modern mathematics is nearly characterized by the use of rigorous proofs”. This is qualified to say that “information about mathematical structures is achieved in two stages”, in the first stage “intuitive insights are developed, conjectures are made, and speculative outlines of justifications are suggested”, in the second “the conjectures and speculations are corrected; they are made reliable by proving them”. The two-stage process is compared to physics, divided in theoretical and experimental physics. For Jaffe and Quinn, theoretical physics is analogous to the speculative, intuitive stage in mathematical discovery, while experimental physics is analogous to verification and proof of speculation. Where in physics there has been productive division of labor along those lines, Jaffe and Quinn decry what they see as an onslaught of speculative mathematics (which they call theoretical mathematics), arguing that the culture of mathematics is unprepared. A list of cautionary tales of speculative mathematics gone wrong is followed by a problem characterization: Speculative work easily goes astray for lack of corrections from rigorous proof, it hinders further work by causing confusion about which parts are reliable, it gives glory to the theorizers while leaving ungrateful cleanup work for others, and finally confuses newcomers. They end with a short list of prescriptions to amend the situation, mostly calling for explicit labeling of speculative work, and thus shifting culture to reserve some glory for the task of rigorous validation.

This call was answered in a later issue of the bulletin Atiyah et al. [1994], in good numbers by some of the speculative perpetrators Jaffe and Quinn had reprimanded. I can only recommend reading the responses, as they provide a fascinating insight into the varieties of approaches and self-images among researchers in mathematics. The reader following this advice will notice that my quotations in the following are highly selective, which should not be reason for concern, considering that my claim is not that every mathematician looks at intuition and formal proof in the way suggested, but only that at least some amount of accomplished mathematicians do.

We find the first commentator, Michael Atiyah, “agreeing with much of the detail”, but rebelling “against their general tone and attitude”, presenting “a sanitized view of mathematics which condemns the subject to an arthritic old age” (p. 178). “But if mathematics is to rejuvenate itself and break exciting new ground it will have to allow for the exploration of new ideas and techniques which, in their creative phase, are likely to be as dubious as in some of the great eras of the past. Perhaps we now have high standards of proof to aim at but, in the early stages of new developments, we must be prepared to act in more buccaneering style”. Providing an example, “Hodge’s own proof was essentially faulty because his understanding of the necessary analysis was inadequate. Correct proofs were subsequently provided by better analysts, but this did not detract from Hodge’s glory”.

In a scathing comment, Armand Borel refers to the periodic waves of innovation and rigorization/systematization that have been a permanent feature of mathematics, accompanied constantly by fears that one might overpower the other. “Of course, […] no part of mathematics can flourish in a lasting way without solid foundations and proofs”.

Benoit Mandelbrot finds “most of it appalling”. For him, Jaffe and Quinn’s proposal is reminiscent of the shunning of great intuitive mathematicians such as Lévy and Poincaré by the mathematical establishment. He even goes so far as to ask why there had been so few great intuitive researchers of recent, and speaks of a “flow of young people” who were “acknowledged as brilliant and highly promising; but they could not stomach the Bourbaki credo” and left mathematics.

Saunders Mac Lane responds with an anecdote about a discussion between Atiyah and himself, “about how mathematical research is done”.

For Mac Lane it meant getting and understanding the needed definitions, working with them to see what could be calculated and what might be true, to finally come up with new “structure” theorems. For Atiyah, it meant thinking hard about a somewhat vague and uncertain situation, trying to guess what might be found out, and only then finally reaching definitions and the definitive theorems and proofs. This story indicates that the ways of doing mathematics can vary sharply, as in this case between the fields of algebra and geometry, while at the end there was full agreement on the final goal: theorems with proofs. Thus differently oriented mathematicians have sharply different ways of thought, but also common standards as to the result.

If only the same could be said about differently oriented programmers! (Mac Lane goes on to say: “The sequence of the understanding of mathematics may be: intuition, trial, error, speculation, conjecture, proof. The mixture and the sequence of these events differ widely in different domains, but there is general agreement that the end product is rigorous proof—which we know and can recognize, without the formal advice of the logicians.”)

We see a wide spectrum of opinions on the role of rigorous proof in professional mathematics. On one end, Mac Lane voices a clear stance against ungrounded speculation and a demand for proof as the golden standard, but paired with a laissez-faire attitude towards the creative habits of individuals. On the other, Mandelbrot finds it sufficient to put forward his discoveries as conjectures, arguing against a unified narrow conception of what is acceptable mathematics. What we find in common among all cited here, however, is insistence on the value and necessity of a multitude of intuitive approaches to mathematical creation.

We shall finally look at some contemporary trends in mathematics. A current issue that has been in the making for much of the twentieth century but only recently has found increased attention is the use of computer-aided proof environments to develop and verify completely rigorous formal proofs. With this, we loop back to Martin-Löf’s theory of types discussed in the very beginning.

Our source is the recently published Type Theory and Formal Proof Geuvers and Nederpelt [2014]. The book builds up a formal system $\lambda D$ somewhat similar to Martin-Löf type theory, extending the Calculus of Constructions with constructs first introduced in the Automath system of N.G. de Bruijn. After having built up the system to a substantial degree, the real work begins, by formalizing a real mathematical theorem (Bézout’s lemma) and its proof in the system, illustrating that it is adequate for capturing serious mathematical content. It may be noted that this shows the adequacy for formalizing an existing and known proof.

Chapter 16, Further perspectives uses observations from the proof of Bézout’s lemma along with general considerations to reflect on the system $\lambda D$ and type-theory-based proof assistants more generally. We collect here some quotes and discuss the implied context under which proof assistants may be used. “The type theory $\lambda D$ provides a system in which mathematical definitions, statements and proofs can be completely spelled out in a very structured way that is still close to ordinary mathematical practice. This enables and facilitates the formalization of mathematics and the checking of its correctness. […] The high level of precision of type theory greatly improves the level of correctness of the formalized mathematics: incomplete proofs, or proofs using illegal logical steps, are not accepted” (p. 379). The diagram on page 381 is relevant, because it uses as inputs informal proof $p$ and informal statement $A$, thus assumes that both have been formed at this point. If however we have not yet fully formed $p$ and $A$, the fact that the “precision of $\lambda D$ guides the proof development” (p. 380) may come back to bite us. It is no doubt a good thing that at some point a precise guide will point to flaws in the details of the development, but doing so early may lead the user astray trying to verify a nonsensical side-show statement that could easily be falsified by a quick series of trial and error. The author has made this experience first-hand working with the Coq proof assistant.

Their chapter closes with a prognosis: “Proof assistants have not yet developed into a standard tool for mathematicians, but we strongly believe they will in the future” (p. 387). In the world of mathematics, there is a culture delineating the phases of discovery and rigorization that suggests methods for the discovery process and may indeed enable publications to spell out results for proof checkers in ways similar to how results are elaborated into semi-formal proofs today. We have seen that there is by no means agreement on this, but at least mathematicians don’t generally assume they have to start with the formal process.

In programming however, I am not aware of a general agreement that problems have first to be solved in pen and paper before their “formalization” as a program is to be started. What is more, programming tasks frequently are embedded in real-world interactions that require experiments instead of just pen-and-paper simulations.

One might think that we already have all the ingredients: Permissive dynamic languages and safe statically typed languages. So it is fine to fumble and blunder in Python or Lisp, but the real work needs to happen in a disciplined language. This does not seem to lead very far, however. The current trend in software development is towards agile and away from waterfall methods. Programs are not discovered in one creative act to then be reconstructed cleanly and rigorously. Software is often long-lived, undergoing constant evolution. A possibly stable and rigorous core needs to be seamlessly integrated with a more provisional, in-flux surface area.

It is often an additional requirement to be able to interact with existing software libraries, such that a separate prototyping environment becomes unwieldy. When asked about the motivation to replace the Structure and Interpretation of Computer Programs course with a Python-based course in the MIT undergraduate curriculum, Gerald Sussman responded that the type of engineering required to write software had changed in the 1990s. Instead of the analysis and synthesis view taught in SICP, what was now needed was a more experimental, science-like approach in which “you grab this piece of library, and you poke at it […] see what it does” Sussman [2016]. Sussman readily admitted that the previous curriculum was more coherent, but engineering had changed, and it was necessary to find a new way to do and teach it, even if they were still in search of the right approach. Not just first-in-class teaching curricula, but also first-in-class programming systems need to adapt to the real contextual usage requirements.

If rigorous methods in practical software construction are to succeed, they can not be hermetically sealed off from environments that allow for creative discovery and preliminary approximations. An ideal programming system would allow for a wide spectrum of program construction, granting freedom for the act of discovery and means for the hygiene of rigorization as an approach crystallizes.

As in mathematics, our goal should be enough rigor to keep our programs healthy and strong, but enough flexibility to enable us to fumble and blunder when still figuring things out. And like in mathematics, we should be able to move fluently, competently, and with confidence between both ends of the spectrum.

In today’s mainstream programming language landscape, programmers have few options other than making a choice between languages with a simple and comprehensible mathematical foundation but with a tightly controlled execution model that disallows or disincentivizes direct experimentation, and languages which will allow for fumbling and blundering but do not offer a clear path towards a rigorous formulation with strong static correctness guarantees.

On one end of the spectrum, Haskell and OCaml are popular statically typed functional languages. Their semantics are relatively simple and amenable to mathematical reasoning, and they possess powerful static type systems that are still growing in expressivity. These are the languages that most seem to correspond to the vision of programming conjured up by Martin-Löf.

On the other end of the spectrum, scripting languages like Ruby, Python or JavaScript are conceptually less predictable and do not lend themselves to mathematical reasoning. The lack of compile-time type checking makes it easy to experiment and write programs by incremental approximation, but also prevents compile-time guarantees about program correctness, and disadvantages the language with respect to tools support.

Languages like Java, C# or C++ provide static type systems that give them compile-time checks, superior tooling, and often superior run-time performance. On the other hand, they are not constructed around principles that allow for straight-forward application of modes of mathematical reasoning. They possess type systems that still leave ample room for fumbling and blundering, but provide little help in eventually leaving that stage.

Especially in the web programming sphere, there have been recent attempts to retrofit dynamic languages such as PHP, JavaScript and Python with static type systems, which often leads to idiosyncratic design choices. Dart and TypeScript sacrifice soundness of the type system to use “optimistic” type compatibility rules, in the interest of making static types easier to use. Runtime errors are trapped by the underlying dynamic language Brandt [2011]. Similarly flawed type systems have appeared before, if with less pride, for example in Java.

If we want to take the programs as proofs metaphor seriously, not just as a theoretical construct, but as something that can actually serve as a practical model for programming, we need to think about ways of combining the best properties of the various systems, or come up with altogether new ways of supporting the modern development process.

For programming systems that support development all the way from initial creation to eventual rigorous codification, we expect supporting capabilities in two phases: discovery and codification.

A programming language that is to support the development process from experimentation to refinement into a well-understood, rigid form, needs to possess a powerful type system that can capture the relevant behavioral properties, but also allows to encode and tolerate a level of indeterminacy to support the phases where the programmer is unwilling or yet unable to formally explain their intention in detail.

Without reference to a particular implementation strategy, this general idea of viewing the static-to-dynamic continuum as a language-internal problem has already been called for in Meijer and Drayton [2004].