dependent types with subtyping and late-bound overloading · greatly enhances its ﬂexibility....

Information and Computation168, 1–67 (2001)doi:10.1006/inco.2000.3008, available online at http://www.idealibrary.com on

Dependent Types with Subtyping and Late-Bound Overloading

Giuseppe Castagna

C.N.R.S., LIENS,Ecole Normale Superieure, 45 rue d’Ulm, 75005 Paris, France

and

Gang Chen

School of Computer & Information Science. University of South Australia, The Levels, AustraliaE-mail: [email protected], [email protected]

Received June 23, 1998

We present a calculus with dependent types, subtyping, and late-bound overloading. Besides itstheoretical interest this work is motivated by several practical needs that range form the definition oflogic encodings to proof specialization and reuse and to object-oriented extension of the SML modulesystem. The theoretical study of this calculus is not straightforward. While confluence is relatively easyto prove, subject reduction is much harder. We were not able to add overloading to any existing systemwith dependent types and subtyping, and prove subject reduction. This is why we also define here asby-product a new subtyping system for dependent types that improves previous systems and enjoysseveral properties (notably the transitivity elimination property). The calculus with overloading is thenobtained as a conservative extension of this new system. Another difficult point is strong normalization,which is a necessary condition to the decidability of subtyping and typing relations. The calculus withoverloading is not strongly normalizing. However, we show that a reasonably useful fragment of thecalculus enjoys this property and that its strong normalization implies the decidability of its subtypingand typing relations. The article is divided into two parts: the first three scetions provide a generaloverview of the systems and its motivations and can be read separately; the remaining sections developthe formal study. C© 2001 Academic Press

1. INTRODUCTION

In this article we show how to integrate in a unique logical system three different features: (first order)dependent types, subtyping, and late-bound overloading. We first describe each of these features and inthe next section we illustrate the motivations of our work.

Dependent Types

Dependent types are types depending on terms. A classical example is given by arrays. Consider forexample the arrays of characters. In programming languages there is not a type “array of chars”but rather a family of typeschar[1], char[2], . . . , wherechar[n ] denotes the type of the characterarrays of lengthn. Consider then the functionstringtoarray that maps a strings into the arrayof its characters. Its domain type isstring but its codomain typedependson the length of the stringthe function is applied to. More precisely,stringtoarray is a function that maps a strings into anarray of typechar [length(s )]. By dependent types it is possible to express the type of this functionas follows:

stringtoarray : πs: string.char[length(s )]

In words, the typing judgment above expresses thatstringtoarray is a function that, when appliedto a strings, returns a result of typechar[length(s )] (π is a binder for the term variables).

So dependent types allow the expression of a relationship between the input of a function andthe typeof its output. Dependent types are at the basis of many computer applications, notably automatic proof-checking—e.g., [HHP93, CAB+86]—(since they offer the power of first order-logic) or rich module

1

0890-5401/01 $35.00Copyright C© 2001 by Academic Press

All rights of reproduction in any form reserved.

2 CASTAGNA AND CHEN

systems—e.g., [MQ85, Ler94]—(a module can export functions whose type is defined in the moduleitself, so the type of the result of a transformation of modules may depend on the module—on its typedeclaration part—the transformation is applied to).

Subtyping

Subtyping is a binary relation over types. The introduction of a subtyping relation in a languagegreatly enhances its flexibility. Intuitively, a typeS is a subtype of a typeT (noted S ≤ T) if allexpressions of typeS can be used in every context where an expression of typeT is expected (forexample, integer can be considered a subtype of real and char a subtype of string). The advantage ofsuch a relation is that the code originally written for a given type can be reused for its subtypes (e.g.,the functionstringtoarray can be applied to characters as well). This is obtained by adding to thetyping rules thesubsumptionrule of [Car88],

Subsumption0 ` M : S S≤ T

0 ` M : T,

that states that an expression that has typeS is typed by every supertype ofS, as well.

Late-Bound Overloading

An overloaded function is a function that executes different code according to the type of its arguments.A typical example is the function + that, in several programming languages, performs arithmetic sumif applied to two numbers and concatenation if applied to two strings. Thus + can be thought of asthe union of two different functions, arithmetic sum and string concatenation. More generally, everyoverloaded function consists of a set of functions, one for each possible combination of the types of itsarguments. At type level this can be expressed by typing overloaded functions by sets of arrows. Thusfor our example we have:

+ : {int × int → int, string × string → string}In most programming langauges selection of the code for an overloaded function call is performed atcompile time: a preprocessor replaces every call of an overloaded function by the code that fits thetype of the arguments. This discipline of selection is calledearly binding. In the presence of subtypingthe type of the arguments of a function may change (notably decrease) during computation. Thereforedelaying the code selection to run-time may affect the semantics of programs. In particular we areinterested in alate bindingdiscipline that delays the selection as much as possible so that the selectionis based on the best information about the type of the arguments. The interest of such a discipline isthat, as shown in Section 2.2, it supports code reuse and incremental programming. This last point isalso witnessed by object-oriented programming where (some special cases of) late-bound overloadedfunctions are better known asmulti-methodsor generic functions(see, for example, the languages Cecil[Cha92] and CLOS [DG87]).

In this article we show how to make these three features coexist in a unique formalism calledλ5& .This formalism can be considered as the natural extension with late-bound overloaded functions ofλP≤ [AC96b] (a calculus with dependent types and subtyping) or, equivalently, as the generalization todependent types ofλ& [CGL95] (a calculus with late-bound overloaded functions and subtyping). Froma strictly technical point of view the main contribution of this work is the definition of a type disciplinefor late bound overloaded functions in the presence of dependent types. A subordinate contribution isthe definition of a set of subtyping rules that defines the same typing relation asλP≤ but enjoys muchbetter properties which, among other things, make it prone to extensions.

Our work is not just an “exercice de style” where we try to put together some disparate functionalitiesfor the sake of attempt. The logical difficulties and computational expressiveness ofλ5& should beclear: computation depends on types and possibly ondynamictypes (because of late binding). Section 2shows that, besides these logical aspects,λ5& answers some practical needs also. In Section 3 wegive an overview of the whole system, by describing how we arrived at its definition. To that end wefirst introduce dependent types, we then add subtyping, and we finally extend the result by late-boundoverloaded functions. In Sections 4 and 5 we give the formal definition of the system and study its

DEPENDENT TYPES 3

metatheoretic properties: confluence, soundness, and strong normalization. In Section 6 we study someproperties that are particular to our subtyping deduction system for dependent types, and in Section 7we study the decidability ofλ5& . A conclusion ends our presentation.

In the section of overview we distinguish some text as “excursus”. These excursi discuss some precisetechnical or practical points and can be skipped during the first reading.

2. MOTIVATIONS

There are three main motivations to our work. First and foremost, the need of both subtyping andoverloading is quite felt in theorem proving, and their absence makes logic encodings much moredifficult. Second, the use of late-bound overloading allows greater code reuse, introducing in somesense an object-oriented style in automatic proving. Last, dependent types constitute a theoretical basisof the SML module system; therefore our work may be useful to give a theoretical basis to object-orientedextensions of the SML module systems. Let us examine each motivation in more detail.

2.1. Logic Encodings

The first order dependent type theoryλ5 [HHP93] (see Section 3.2 for a short formal presentation)has been taken as a Logical Framework for the specification of logical systems. For such a purpose,terms in this system are used to encode formulae in logic. Pfenning [Pfe93] demonstrates that in theabsence of subtyping the representation of subsets of logical formulae is very cumbersome. This canbe illustrated by the following example, which is adapted from the one in [Pfe93]. Consider the set ofwell-formed formulae of the propositional calculus characterized by the following abstract syntax:

F ::= A | ¬F | F ∧ F | F ∨ F | F ⇒ F.

HereA ranges over atomic formulae. This definition can be represented by the following set of typingdeclarations:

F : ?

¬ : F → F

∧ : F → F → F

∨ : F → F → F

⇒ : F → F → F.

Intuitively, ? is the set of all types. Thus,F : ? can be read as “F is a type.” An example of formalencoding is

0,a : F, b : F `⇒ (∧ab)a : F,

where0 is a context containing the set of declarations defined above, anda, b are atomic formulae.Now consider the subset ofF defined as:

F1 ::= A | ¬F1 | F1 ∨ F1.

There are several ways to representF1. One way is to introduce a predicate onF , sayB : F → ?,such thatB(t) is true if and only ift is a formula ofF1.1 Another way is to introduce a new typeF1 : ?. Both ways are awkward and lead to inefficient implementation of proof search (see [Pfe93]). Toovercome the problem, Pfenning proposes to extendλ5with intersection types (see [BCDC83, CD80])andsubsorting. The latter, denoted by<:, can be viewed as a restricted form of subtyping. Then, it is

1 The complete represention forB includes the following declarations:

A : F → ? A1 : Ax→ Bx¬1 : Bx→ B(¬x) ∨1 : Bx→ By→ B(∨xy),

whereA(t) is true if and only ift is an atomic formula.

4 CASTAGNA AND CHEN

possible to have a much better representation:

A <: F1 A is a subsort ofF1

F1 <: F F1 is a subsort ofF

¬ : (F → F) ∩ (F1→ F1)

∨ : (F → F → F) ∩ (F1→ F1→ F1).

Instead of using subsorting and intersection types, in this article, we propose to extendλ5with subtyping(denoted by≤) and overloaded types (denoted by curly brackets). In the resulting system, that we dubλ5& , the example above becomes:

A ≤ F1 A is a subtype ofF1

F1 ≤ F F1 is a subtype ofF

¬ : {F → F, F1→ F1}∨ : {F × F → F, F1× F1→ F1}.

Subtyping and overloading are respectively richer than subsorting and intersections.The difference between intersection and overloaded types is that a term belongs to the intersection

A∩ B if and only if it belongs to bothA andB, while a term in the overloaded type{A, B} is the unionof two distinct subterms, one belonging toA, the other toB. Note, however, that{A, B} is defined onlywhen bothA andB are arrow types. In this case the overloading approach is somewhat more expressivesince ultimately a term of an intersection type (of arrow types) can be considered as a special case ofan overloaded term formed by a union of equal subterms.

Furthermore in Pfenning’s system, decidability is obtained by defining subsorting oversorts, whichare refinements of types. Sorts cannot appear in labels ofλ-abstractions so, as Pfenning points out,it is impossible to write functions with domains limited via subsorting. To overcome this weakness,Aspinall and Compagnoni have studiedλP≤ ([AC96b]; see also Section 3.3.2), an extension ofλ5withsubtyping, which does not have such a drawback. However,λP≤ cannot express Pfenning’s examples asit contains neither intersection types nor overloaded types. Here we defineλ5& . Since it has subtyping(but defined differently from [AC96b]) it does not have the weaknesses of the subsorting approach andthanks to overloading it can express Pfenning’s examples.

Pfenning’s study is developed within the proof environment Elf, an implementation of Edinburgh LF.Other groups studying dependent type theory based proof systems found the need of using subtyping, aswell. All the motivating examples are similar to Pfenning’s one. An early work can be found in [Coq92]in the ALT group. LEGO, Coq, and Nuprl groups are studying implementations of abstract algebra, andall of them have proposed extensions of type theory by some sort of subtyping: Luo [Luo96] has studieda coercive subtyping extension for LEGO; in the Nuprl group Hickey [Hic95] has combined object-calculus and dependent types and proposed a form of subtyping based on the inheritance mechanismof objects; Courant in the Coq group is working on an extension of the Calculus of Construction bysubtyping:CC≤ [Cou97]. More references to recent work are discussed in Section 6.3.

The interest in this area is mainly due to the scale. As stated by Luo[Luo96]: “the lack of usefulsubtyping mechanisms in dependent type theories. . . with inductive types and the associated proofdevelopment systems is one of the obstacles in their applications to large-scale formal development.”

What we propose is to add not only subtyping but also late-bound overloading. In fact the associationof these two features allows incremental and modular programming whose utility to large-scale problemshas been widely demonstrated by object-oriented languages.

2.2. Program (Proof) Specialization

Consider again the typesF andF1 defined in the previous section. SinceF1 ≤ F , thenF → Bool≤F1→ Bool.2 Hence, a decision functionp for propositional logic, which is of typeF → Bool, is alsoa decision function forF1 formulae (i.e., it is of typeF1→ Bool).

2 The subtyping rule for arrow types [Car88] states that ifA2 ≤ A1 andB1 ≤ B2 thenA1→ B1 ≤ A2→ B2 (see [Cas95] fora detailed discussion).

DEPENDENT TYPES 5

So subtyping is a first ingredient for code reusing since it allows the use ofp on arguments of typeF1 even if p has been written for arguments of typeF . However, subtyping provides a limited form ofreusing: it just makes some code more polymorphic. A breakthrough for code reusing (brought forwardby object-oriented languages) is code specialization. Consider again the decision functionp. It is wellknown that such a functionp is NP-hard. However, by the specific structure ofF1, it is possible toconstruct a polynomial decision functionp1 for F1. A clever way to define a general decision functiondec is then to usep1 for F1 formulae andp otherwise. A natural way to obtain it is to define ourdecision function as an overloaded function formed by the two termsp andp1. In the notation we use inthis work an overloaded function composed by the termsp andp1 is written asp& p1. Sodec≡ p& p1.The type ofdec is the union of the types of the composing terms, that is{F → Bool,F1→ Bool}. The(overloaded) functionp& p1 automatically chooses the appropriate subterm to execute (i.e., eitherp orp1) according to the type of its argument (that is, according to the form of the formula to decide). Theuse of late binding ensures that the most efficient function will always be selected even in the case thatthe most specific form of the formula is not, or cannot be, statically determined. The user is releasedfrom writing branch selection code. What he or she has to do is just to declare the subtyping structure.

PRACTICAL EXCURSUS. Note that this could be done in an incremental way. We could have first definedjust F with the decision functiondec := p and decided only later to consider the F1-formulae.

By declaring F1 ≤ F we can use for F1-formulae all code written for F-formulae. By specializingdec := dec& p1, every code that uses dec is specialized as well. Thus all code for F is automaticallyspecialized(and, thus, reused)for F1. However, this situation is more complex than the one we presentin this article, since it requiresdec to be dynamically extensible (whence the use of “:=”). This isdiscussed in Section 2.1 of [CGL93]. In this article we focus on the logical aspects of the system andwe do not deal with this issue that looks more related to implementation.

2.3. Extension of the SML Module System

In the SML module system [MTH90] a module may export both some types and the operationsdefined for these types. Thus thetypeof the operation components of a module—and, thus, the type ofthe module itself—may depend on thevalueof the type components of the module. Since we are in thepresence of types that depend on values, a classical approach to characterize the SML module systemis to use first order dependent types [MQ86, MH88, Ler94, HL94].

Modules are handled byfunctors. Functors are functions that transform modules into other modulesand that are subtype polymorphic (intuitively, a functor defined for modules that export some givencomponents works also on modules that export more components). Functors can be considered to bemodules parametrized by some other modules. One of the criticisms to the SML module system isthat although it has subtyping, it is not possible to perform code reuse and specialization as done inobject-oriented programming. In order to make it possible, Aponte and Castagna defined in [AC96a] anextension of the SML module system with late-bound overloaded functors. The starting system is theone of Leroy [Ler94], and the addition of late-bound overloaded functors allows one to choose the mostspecific transformation of a module according to its type. The result is a module programming languagewhose style is very similar to that of CLOS where thegeneric functions(generic functorsin this case)operate on modules rather than on objects, and their behavior can be incrementally specialized as longas new module types (signatures, in the SML terminology) are defined. The idea can be illustrated bythe following example.

Consider a dictionary modulemkDict parametrized by a tree modulet of typeTree:

functor mkDict(t : Tree) : Dict = struct . . .end.

The type of such a functor is a first order dependent type:

mkDict : π t : Tree.Dict(t).

The dependency is necessary since the type of the result depends on (the type of the elements of) theargumentt of the functor (we stress this dependency by writing Dict(t)). If a signatureOrdTree for

6 CASTAGNA AND CHEN

ordered trees is available, andOrdTree ≤Tree, then, by subtyping, it is possible to feedmkDictby ordered trees to make new dictionaries. It is also possible to define a new functormkOrdDict:π t:OrdTree.Dict(t) that provides an optimal search operation by keeping the ordered tree balanced.However, all the code that still usesmkDict will continue to produce inefficient code for ordered trees.

The solution is to overload the functormkDict by the more efficient code for ordered trees (in[AC96a] this is performed by the commandextend functor MkDict by MkOrdDict), so thatthe functor will execute two different pieces of code according to whether the argument module im-plements aTree or anOrdTree. In other words, themkDict will be an overloaded functor of type{π t :Tree.Dict(t), π t :OrdTree.Dict(t)}. An outline of the code of this example can be found in AppendixA.2. For more details the reader can refer to [AC96a].

One of the problems with this system is to prove its type soundness. The standard technique fortype soundness is to prove the subject reduction property (reductions preserve types). Unfortunatelythe subject reduction property does not hold for Leroy’s system and, therefore, it does not hold for the[AC96a] system either. While Leroy was able to prove the soundness of his system by semantic tools(he uses a translation into a system with dependent types, second-order existential types, and6-types[Ler94]), his proof does not extend to overloaded functors whose theoretical bases are not established.λ5& is a first step towards establishing these bases and proving soundness of the work in [AC96a].

3. INFORMAL DESCRIPTION

In this section we give an intuitive description of our systemλ5& . At the risk of some redundancy,we prefer to defer the formal definition ofλ5& to Section 4 and show here, step by step, the path thatleads to the definition of the whole system. So we start by defining dependent types, that is the systemλ5 (Section 3.2). Then, we introduce subtyping for dependent types, that is the systemλ5≤. Evenif λ5≤ owes a lot to the Aspinall and Compagnoni systemλP≤, we show thatλP≤ does not fit ourpurposes since, because of its formalization, it is not prone to extension andλ5≤ is needed (Section3.3). Finally, we introduce overloading for the previous system, yielding the systemλ5& (Section 3.4).We conclude this section by several examples and by summarizing all the technical results that will beshown in the rest of the paper.

3.1. A Brief Introduction to Dependent Type Theory

Types are used to classify terms, but with dependent types we have seen that types and terms arenot completely distinct. For example in Section 1 we described the functionstringtoarray wherethe type of the result depended on the input of the function. This was expressed by a type of theform πs:string. A(s). We have also seentype families, such as the family of arrays of characters{char[1], char[2], . . .}. Type families can be considered as mappings from terms to types; forexample the above family of arrays of characters corresponds to the mapn 7→ char[n ]. Since we use? to classify types then this mapping can be “typed” by the “kind”5n:nat.?.

Type families can be expressed by3-notation. So for example

3n:nat.char[ n] : 5n:nat.?

denotes the type family described right above. Byβ-reduction then (3n:nat.char[n ] )(3) is the typeof the arrays of characters of size 3, that ischar[3].

More generally, we are considering a dependent type system where terms are classified by types andtypes (or, more generally, type families) are classified by kinds. Types are either atomic types (e.g.,int), applications of type families (if they have the kind?), orπ -types of formπx:A.B (that are usedto typeλ-abstractions). In particular,π -types are the generalization of arrow types of simply-typedλ-calculus:A→ B is the special case ofπx:A.B wherex does not appear free inB.

From the point of view of the formula-as-type analogy, the introduction of dependent types bringssignificant progress with respect to simply typed lambda calculus. In the latter case, only propositionalformulae can be represented by types, while dependent types make first order quantification repre-sentable as well. As a result, many logical systems can be encoded in systems based on dependenttypes, as done in LF, the Edinburgh Logical Framework [HHP93].

DEPENDENT TYPES 7

3.2. Dependent Types: The Systemλ5

The systemλ5 [HHP93] is the pure first order dependent type system (a different version of thesystem is calledλP [Bar92]). It is the core of Edinburgh Logical Framework. Our presentation ofλ5

is mainly based on [HHP93]. There are four syntactic categories:

Terms M ::= x | λx:A.M | M MTypes A ::= α | πx:A.A | 3x:A.A | AMKinds K ::= ? | 5x:A.KContexts 0 ::= 〈〉 | 0, x : A | 0, α : K .

1. A term (denoted byM, N, . . .) is a term variable (denoted byx, y, z, . . .), an abstraction, oran application.

2. A type (denoted byA, B,C, . . .) is an atomic type (denoted byα), a π -type of the formπx:A.B, a type applicationAM , or a type family3x:A.M .

3. A kind is either the constant? representing the collection of all types or5x:A.K whichclassifies type families (of the form3x:A.B whereB lives in the kindK ). Thus, the general form of akind is5x1:A1..xn:An.? with n ≥ 0.

4. A context is an ordered list of typing assignments of the formx: A and of kinding assignmentsof the formα: K . If x: A appears in0 then we say thatx ∈Dom(0) and we use0(x) to denoteA. Ifα: K appears in0 then we say thatα ∈ Dom(0) and we useKind0(α) to denoteK .

The atomic typesα play the role of (dependent) type constants;3 typical examples of type constants areint, nat, bool (all declared of kind?), andchar[] (of kind5n : nat.?). We use M [x := N](resp.,B[x := N]) to denote the substitution ofN for every free occurrence ofx in termM (resp., in typeB).β-reduction, denoted by→β , is the compatible closure(see [Bar84]) of the union of the following twonotions of reduction:

(λx:A.M)N →β1 M [x := N]

(3x:A.B)N →β2 B[x := N].

β-conversion, denoted by=β , is the equivalence relation generated fromβ-reduction, that is, the re-flexive, symmetric, and transitive closure of→β .4

The abstract syntax above defines preterms, pretypes, prekinds, and precontexts, namely possiblynot well-formed terms, types, kinds, and contexts. Well-formed terms, types, kinds, and contexts aredetermined by the following four judgments:

0 ` ? 0 is a well-formed context0 ` K K is a kind in context00 ` A : K type A has kindK in context00 ` M : A term M has typeA in context0.

We write0 ` J for an arbitrary judgment of the form0 ` K , 0 ` A : K or 0 ` M : A. The rulesfor deriving the judgments inλ5 are in Fig. 1.

3.3. Adding Subtyping toλ5: The Systemλ5≤

The addition of subtyping to an existing type system is usually performed in a standard two-stepprocess. First, a subtyping relation≤ is defined on the (well-formed) types of the system. Then thesubsumption rule is added to the typing rules (and when the conversion rule is present it replaces it).

3 In [Bar92] and [AC96b] theα’s are called typevariables. This may be misleading since althoughα’s are declared in contexts,they cannot be abstracted.

4 Sinceβ-reduction andβ-conversion arecompatiblerelations, they are defined on terms, types,andkinds (since in the lastone both types and terms may occur).

8 CASTAGNA AND CHEN

FIG. 1. Theλ5 type system.

We already said that the subsumption rule states that if a term is typed by some typeA, then it is alsotyped by every supertype ofA. Usually this rule has the form we saw in the Introduction:

Subsumption0 ` M : A 0 ` A ≤ B

0 ` M : B.

Note that, as the subtyping relation is defined on (well-formed) types, then no kinding judgment isrequired in this rule: ifA andB are in subtyping relation, then they are well formed.

In this work, for reasons that we explain at length in Section 3.3.2, we need to define subtyping in adifferent manner.

More precisely, we do not define the subtyping relation on theλ5’s types and do not substitute thesubsumption rule above for the T-CONV rule of the previous section. Instead, we define the subtypingrelation on theλ5’s pretypes(that may be not well formed) and replace T-CONV by the followingsubsumption rule

T-SUB0 ` M : A 0 ` A ≤ B 0 ` A, B : ?

0 ` M : B,

where0 ` A, B :K is a shorthand for0 ` A: K and0 ` B: K . This rule states exactly the sameproperty as the generic subsumption rule above. However, it has two extra kinding premises that aremade necessary by the fact that, here,≤ is defined on all pretypes.

3.3.1. The Subtyping Relation

The subtyping relation on the pretypes arises from a subtyping relation on atomic types. This relationfor atomic types is declared in a context0 and lifted up to all types by the rules of Fig. 2. More precisely,subtyping declarations occur in a context0 under the form of bounded kind assignmentα ≤ A : K . Inthat case we say thatα ∈ Dom(0) and thatα is boundedin 0; we also use0(α) to denoteA, and stilluseKind0(α) to denoteK .

DEPENDENT TYPES 9

FIG. 2. λ5≤ subtyping rules.

In summary, the systemλ5≤ is defined by the rules in Fig. 2 plus all the rules forλ5 defined inthe previous section, but where0 may contain bounded kind assignments and T-SUB is substituted forT-CONV.5

Since the rules in Fig. 2 do not contain any kinding judgment, then the induced subtyping relationis defined on all pretypes. The restriction of this relation to types (that is, to well-kinded pretypes) hasthe usual general meaning: a term of a given type can be safely used wherever a term of supertype isexpected. Let us comment on each rule starting from the simplest ones:

—The S-π rule is the generalization of the subtyping rule for arrow types. It is contravarianton the domains and covariant on codomains. However, since the bound variablex can appear free inthe codomains, then the codomains are compared under the assumption thatx belongs to the domaincommon to both types, that is, the smaller one.

—The S-3rule “subtypes” type families. Recall that type families are functions from terms totypes. This rule states that two such functions are compared pointwise. (As a matter of fact this rule isuseless inλ5≤ and should be omitted: see the Excursus in Section 4.4.)

—The S-ApSL and S-ApSR rules state that subtyping is invariant byβ2 head reductions: to deducethat aβ2 head redex is in a subtyping relation we must deduce it for its reductum.

—The S-ApR states that≤ is reflexive on atomic types. The reflexivity is extended pointwise toall possible applications of the atomic type.

—The S-ApT (combined with reflexivity) performs the transitive closure of the subtyping decla-rations. Intuitively in order to prove that0 ` α ≤ 0(0(0(α))) three S-ApT rules topped by a S-ApRrule must be used. As for S-ApR the relation is extended pointwise to possible applications.

Note that not all the assignments in a context0 equally contribute to the definition of subtyping. Onlybounded kind assignmentsα ≤ A: K really matter, since they are used by the rule S-ApT. Kindingassignmentsα: K are handled by the rules S-π and S-3only to ensure that for every subtyping rulethe well-kindedness of the types appearing in the conclusion under a given context implies the well-kindedness of the types appearing in the premises under the corresponding contexts.

3.3.2. A Different Presentation of Subtyping (Comparison with [AC96b])

Apart from S-π and S-3, the remaining rules ofλ5≤ are quite technical and do not let the readergrasp the intuition of the subtyping relation. So we decided to add this section in order to provide some

5 We must also add an obvious formation rule for type contexts containing subtyping constraints (see Appendix A.1).

10 CASTAGNA AND CHEN

FIG. 3. λP≤ subtyping rules.

intuition. However, this section is not necessary to the development of this work: it is not used fordefiningλ5& and can be skipped at first reading (as signaled by the detour panel).

In order to provide the reader with the intuition underlying subtyping, we describe a set of subtypingrules different from the ones ofλ5≤. These rules define a subtyping relation equivalent (in the sense wespecify later on) to the one ofλ5≤. The rules are shown in Fig. 3. Apart from some minor differences,6

these rules are those used by Aspinall and Compagnoni [AC96b] to define the systemλP≤ that is oneof the best subtyping systems forλ5 available in the literature. In order to differentiate this secondsystem from all the systems that are the contribution of this article, we use lowercase italicized namesfor rules and insertACsuperscripts. We also use a different symbol,¹, to denote the new relation. Letus comment on theλP≤ subtyping rules:

—TheSAC-var rule deduces the subtyping declarations contained in0.

—TheSAC-π andSAC-3 have the same meaning as the corresponding rules inλ5≤.

—The ruleSAC-app is a direct consequence of the interpretation ofSAC-3: if two functions arepointwise related then the images of a same point are related as well.

—Finally the rulesSAC-conv andSAC-trans state that¹ is a preorder, that is a reflexive and transitiverelation.

The two sets of rules in Figs. 2 and 3 define the same subtyping relation. This is stated by the followingproperty proven in Section 6.3:

Property 3.1. For everyA, B such that0 ` A, B : K we have

0 `AC A ¹ B⇔ 0 ` A ≤ B

(where by0 ` J we mean that the judgment is provable).

It is very important to notice that the property above says that the two sets of rules define the samerelation onλ5’s types (¹ is not defined on pretypes), but it does not say that the two sets of rulesare completely equivalent, namely that it is possible to use either of them without any difference. Inparticular, while the rules ofλ5≤ constitute the core rules of this article, those ofλP≤ are inadequate

6 There are some extra kinding judgments and the S-3 rule here is more general than the one in [AC96b]. See Footnote 10 foran example.

DEPENDENT TYPES 11

to the purposes of this work. Indeed, the rules in Fig. 2 satisfy two crucial properties that those in Fig. 3do not:

1. They do not use kinding judgments. This makes them prone to extension. Indeed, recall thatwe want to extend this system with overloaded types. As we shall see later, the kinding of overloadedtypes depends on the subtyping relation, so it is important to have the definition of subtyping separatedfrom that of kinding since, otherwise, we would have a circularity that is very difficult to handle.

2. They do not use the transitivity rule (which is anadmissiblerule; i.e., it is a consequence of theother rules7). This, intuitively, implies that the addition of new types and new rules to this type systemis likely to yield aconservative extension8 (the explicit use of the transitivity rule may cause a problemwith conservativity since this rule does not satisfy the subformula property). So we have extensions thatdo not interfere with the original theory, independent from its definition.

For these reasons, the definitions of this article never use the rules in Fig. 3 and they can (actually, must)be ignored. However, the reader can use them as a cue to understand the subtyping relation and drawintuition about it. But the reader must also be aware that in case of extension the equivalence of two setof rules may be lost.

TECHNICAL EXCURSUS. The reader may be puzzled by the fact that of two sets of rules defining thesame relation, one set is completely inadequate to certain purposes that the other fits. Apart from thefact thatλ5≤ andλP≤ do not define the same subtyping relation (¹ is not defined for pretypes), thisanomaly mainly concerns the possible extensions of the rules. The fact that two sets of rules definethe same relation does not imply that this holds for every possible extension of these sets. As a trivialexample consider the system formed just by the symmetry rule (that states that if(a, b) belongs to therelation then(b,a) belongs to it, too) and the system with no rules at all. The two deduction systemsdefine the same relation (the empty relation), but it is clear that every nonsymmetric extension of thesesets of rules will not define the same relation.

If we do not consider extensions and we stick to the actual language, then the relation betweenλ5≤ andλP≤ is quite typical.λ5≤ is the algorithmic version ofλP≤ and Property 3.1 is the classicformulation of the soundness and completeness of the algorithmic subtyping9. Note that because ofProperty 3.1,λ5≤ constitutes an important improvement over the subtyping algorithm of [AC96b] forwhich this property does not hold. In fact, for the algorithm defined in [AC96b] only the followingimplications hold

0 ÀC A ¹ B⇒ 0 ÀCA (A)β2 ¹ (B)β2

0 ÀCA (A)β2 ¹ (B)β2 ⇒ 0 ÀC (A)β2 ¹ (B)β2

(where ACA denotes deduction in the Aspinall–Compagnoni algorithm and(A)β2 denotes theβ2-normal-

form of A) which are weaker than Property 3.1.10

However, the interest ofλ5≤ is not confined to this aspect. While Property 3.1 is an interestingproperty in the context ofλP≤, it becomes crucial in the context of this article, since it frees the system

7 Given a set6 of deduction rules a (new) rule isadmissibleif for every instance of the rule it is possible to prove by therules of6 that its premises imply its consequence. Furthermore, the rule isderivable—orderived—if the rule can be obtainedby composing some rules of6.

8 Given a language+ and a notion of derivability on+, a theory7 is a collection of sentences in+ with the property that if7 ` ϕ thenϕ ∈ 7. A theory7′ is anextensionof a theory7 if 7 ⊆ 7′. 7′ is aconservative extensionof 7 if 7′ ∩+ = 7.

9 As is customary, we define the subtyping algorithm by a set of subtyping rules that satisfy the subformula property. When theset of rules is “syntax directed” (i.e., there is a one-to-one correspondence between provable judgments and proof trees), then thealgorithm is deterministic (e.g., see Section 1.3 of [Cas97] for details). The set of subtyping rules ofλ5≤ can be straightforwardlyturned into a deterministic algorithm by adding to the [S-ApSR] rule the conditionC 6≡ (3x:A′.B′)M ′1..M

′m∧C 6≡ αM ′1 . . .M

′m

and to the rule [S-ApT] the conditionA 6≡ αM ′1 . . .M′n (note the indexes). The system with these conditions is equivalent to the

one without the conditions as proved in Section 6.4.10 For example, ifAi →βi Bi (i = 1,2), then0 ÀC A2 ¹ B2 (and thus0 ` A2 ≤ B2) but 0 6ÀC

A A2 ¹ B2. Furthermore,in the original definition of subtyping in [AC96b] one also has0 ÀC

A πx: A1.C ¹ πx: B1.C (and0 ` πx: A1.C ≤ πx: B1.C)but0 6ÀC πx: A1.C ¹ πx: B1.C.


from the transitivity rule without affecting its expressiveness. And while we know how to add late-boundoverloaded functions toλ5≤, the corresponding extension ofλP≤ is still an open problem.

METHODOLOGICAL EXCURSUS. Our first attempt for this work was to add rules for overloaded typesto the Aspinall–Compagnoni system. Thus we obtained a circularity among the definitions of contextformation, kinding, typing, and subtyping. This complicated the proofs. For example proof of the classicalsubstitution lemma for subject-reduction is done in [AC96b] by simultaneous induction over the fourforms of judgment. This same technique did not work in our case because the induction hypothesisdoes not suffice to prove that the conditions for well-kinding of overloaded types (see Section 3.4.4) arepreserved by substitution.

In λ&, this proof does not have that problem since the subtyping system does not depend on thekinding system. The subtyping relation is defined over pretypes, that is, expressions that may not bewell-kinded. Thus our second try was to erase the kinding premises from the Aspinall–Compagnonisubtyping system. This did not work either because of the transitivity rule that became

0 ` A ≤ B 0 ` B ≤ C

0 ` A ≤ C

but in the presence of such a rule it is not possible to deduce the well-kinding of B from the well-kindingof A and C (and so we cannot ensure that the derivations of judgments with well-kinded types containonly well-kinded types). Inλ& the transitivity rule can be eliminated since the structural subtyping rulesextend the transitivity of subtyping on atomic types to higher types. But if we remove the transitivityrule from the Aspinall–Compagnoni system we do not obtain an equivalent system and we cannot usethe algorithmic system of Aspinall and Compagnoni since it is defined onβ2 normalized types, not ontypes (whence the failure of Property 3.1 for this system).

Thus we decided to define a new transitivity free set of rules that did not use kinding jugements andthat defined on (well-kinded) types the same system as the Aspinall–Compagnoni one. The result of thisattempt is the definition ofλ5≤.

3.4. Adding Overloading toλ5≤: The Systemλ5&

In this section we give the description of the complete system, calledλ5& , which includes dependenttypes, subtyping, and late-bound overloaded functions.λ5& is obtained by adding late-bound over-loaded functions toλ5≤. Equivalently, it can also be considered as the generalization to dependenttypes of theλ&-calculus of overloaded functions described in this same journal [CGL95] and revisedin [Cas97].

3.4.1. Overloaded Functions

An overloaded function is a function that executes a different code according to the type of itsargument. Thus an overloaded function is formed by a set of ordinary functions (i.e.,λ-abstractions),each one defining a different code (we call itbranch) of the function. We follow the ideas of theλ&-calculus and glue these functions together into an overloaded one by the symbol & (whence the nameof the calculus). Thus, we add to theλ5≤’s terms the term

(M& N)

which intuitively denotes an overloaded function with two branches,M andN, one of which will beselected according to the type of the argument. We must distinguish ordinary function application fromthe application of an overloaded function since they constitute different mechanisms.11 Thus we use“•” to denoteoverloaded applicationand “·” or simple juxtaposition for the usual application.

We build overloaded functions as lists, starting with anemptyoverloaded function, denoted byε, andconcatenating new branches by means of &. Thus, an overloaded function is a list of ordinary functionsand, in the term above,M is an overloaded function whileN is an ordinary function (a branch of theresulting overloaded function). Therefore, an overloaded function withn branchesM1, M2, . . . ,Mn can

11 The former is implemented by substitution, while the latter is implemented by selection.

DEPENDENT TYPES 13

be written as

((. . . ((ε& M1)& M2) . . .)& Mn)

The type of an overloaded function is the set of the types of its branches. Thus, ifMi :πx:Ai .Bi thenthe overloaded function above has type

{πx: A1.B1, πx: A2.B2, . . . , πx: An.Bn}and if we apply this function to an argumentN of type Aj , then the selected branch isM j . That is

(ε& M1& . . .& Mn) • N³M j · N (1)

where³ means “reduces in zero or more steps” (the introduction of subtyping will require somerestrictions to this reduction).

3.4.2. Subtyping

If we were extendingλ5 by overloaded functions we could (nearly) stop here. But we are extendingλ5≤, so we have subtyping as well. Thus, we have to define the subtyping relation for the new overloadedtypes. The definition follows from the observation that an overloaded function can be used in place ofan overloaded function of different type when, for each branch that can be selected in the latter, there isat least one branch in the former that can replace it. Thus, an overloaded typeS, i.e., a set ofπ -types,is smaller than another overloaded typeT if and only if for every type inT there is at least one type inSsmaller than it. Formally, we add to the rules ofλ5≤ (without the S-3rule) the following subtypingrule:

S-OVER∀ j ∈ J ∃i ∈ I 0 ` πx:Ai .Bi ≤ πy:Cj .Dj

0 ` {πx:Ai .Bi }i∈I ≤ {πy:Cj .Dj } j∈J.

Equivalently, in order to prove that{πx:Ai .Bi }i∈I is a subtype of{πy:Cj .dj } j∈J one has to show thatthere exists a total mapφ from J to I such that for everyj ∈ J it is provable thatπx:Aφ( j ).Bφ( j ) ≤πy:Cj .Dj .

Another consequence of using subtyping is that in a reduction such as (1), the type ofN may matchnone of theAi , but rather be a subtype of some of them. In this case, we choose the branch whoseAi “bestapproximates” the type, sayA, of N. That is, we select the branchj such thatAj = mini=1..n{Ai | A ≤Ai }. A restriction on the formation of overloaded types and the type system will ensure the existenceof this minimum (Section 3.4.4).

It is well known that in presence of subtyping a computation may change—precisely, may decrease—the type of a term.12 If the term at issue is the argument of an overloaded function, then different degreesof computation may lead to different branch selections. Thus we have to determine when the selectionfor an overloaded application must be performed. We follow alate selection(or late binding) disciplinesince it allows a high level of code reuse and an incremental style of programming (see Section 2.1 of[Cas97]). Therefore we impose that a reduction such as (1) can be performed if and only ifN is closed(i.e., without free term variables) and in normal form (i.e., it cannot be reduced any more).

3.4.3. Annotations

Determining a selection discipline is not enough to make the extension a coherent calculus. We alsohave tofreezethe type of overloaded functions. Consider the following example: letM be a term oftypeπx: C.B, a subtype ofπx: A.B. Then the body of the following function (we omit the leadingε)

λy: (πx: A.B).(y& M)

has type{πx: A.B, πx: C.B}. If we apply this function toM itself, this application reduces toM& Mof type {πx: C.B, πx: C.B}, which is nonsensical, since both branches are defined for arguments ofthe same type (so there no longer is a “best approximating” branch). Therefore, in order to record that

12 For example, ifA < B andM : A, then the redex (λx: B.x)M has typeB but its reductum,M , has typeA.


the first branch was intended for arguments of typeA and the second one for arguments of typeC, weannotate the & by the (intended) type of the term:

λy: (πx: A.B).(y& {πx:A.B,πx:C.B}M

).

All the overloaded functions will have their (static) type annotated on the &.

PRACTICAL EXCURSUS. The use of annotations is needed only in the theoretic approach. They areneeded because in an overloaded term(ε& M1& M2& . . .& Mn) the various subterms Mi may be differentfromλ-abstractions. In practice (that is, with multimethods, generic functions, or the overloaded functorsin Section 2.3 and Appendix A.2) this never happens. In all practical implementations of overloading,the composing functions are inλ-abstracted form. We think thatλ5& will not make an exception.Thus, in a possible implementation inspired by this work, overloaded functions would be of the form(λx: A1.M1&λx: A2.M2& . . .&λx: An.Mn), which provides all that is needed in practice: each branchspecifies the domain it was defined for, and its codomain is not strictly necessary to execution.13 Thus,for overloaded functions of this form type annotations are unnecessary.

3.4.4. Kinding

The deep interaction between overloading, subtyping, and late binding makes the language verypowerful and expressive, but it complicates the kinding of overloaded types. In order to satisfy thesubject reduction property not every set ofπ -types can be allowed in the language. Given an enviornment0, a well-kinded overloaded type{πx: Ai .Bi }i∈I , besides being formed by well-kindedπ -types, mustsatisfy three conditions:

(Normal types) For everyi ∈ I the typeπx: Ai .Bi is closed (it does not contain freetermvariables)and in normal form.

(Covariant types) For alli , j ∈ I if 0 ` Ai ≤ Aj then0, x: Ai ` Bi ≤ Bj .

(Unique selection) For every typeA whose free variables are inDom(0) the set{Ai | 0 ` A ≤Ai , i ∈ I } either is empty or has a unique least element.

Note that all these conditions, which define the kinding relation, are defined in terms of the subtypingrelation. This is the reason why it is so important to have a subtyping relation whose definition does notdirectly depend on the kinding one (see Footnote 17).

Let us examine each condition in detail

• Suppose that the condition [normal types] was not fulfilled and open overloaded types wereallowed in the calculus. Then we could write a term such as

M1& {πx:Ay.B,πx:AN.B}M2,

whereA is a type family of the kind5x: A′.? andN a term of the typeA′.Suppose thaty /∈ Fv(M1) ∪ Fv(M2) ∪ Fv(N) and insert this term in a wider context(

λy: S.(M1& {πx:Ay.B,πx:AN.B}M2

))N.

Then afterβ-reduction we would obtain the term

M1[y := N]& {πx:Ay.B,πx:AN.B}[y:=N] M2[y := N]

that is

M1& {πx:AN.B,πx:AN.B}M2

which clearly is not well formed (more precisely, it is untypable) since branch selection is ambiguous.

13 The absence of codomains could cause the subject-reduction property not to hold, but this would not affect the type-safetyof the system.

DEPENDENT TYPES 15

A similar problem appears when the types are not in a normal form.14

• Condition [covariant types] ensures that during computation the type of a term may onlydecrease. More specifically, if we have a two-branched overloaded functionM of type{πx: A1.B1, πx:A2.B2} with A2 < A1 and we apply it to a termN that at compile-time has typeA1, then the compile-time type ofM • N is B1 (more precisely,B1[x := N]). But if the normal form ofN has typeA2 (whichis possible, sinceA2 < A1) then the run-time type ofM • N will be B2 (more precisely,B2[x := N])and thereforeB2 ≤ B1 must hold (more precisely, it must hold under the hypothesis thatx : A2).

• Condition [unique selection] concerns the selection of the correct branch. Recall that if weapply an overloaded function of type{πx: Ai .Bi }i∈I to a term of typeA, then the selected branch hastypeπx: Aj .Bj such thatAj = mini∈I {Ai | A ≤ Ai }. This condition is necessary and sufficient toensure the existence and uniqueness of this branch.15

The last two conditions are already present in theλ&-calculus where they have similar justifications.The first condition instead is new and it resembles the meet-closure property ofF&

≤ [Cas96, Cas97].Note, however, that this restriction is less constraining than meet-closure since it allows dependency ontypes of any form. Indeed, while this condition requires that in{πx: Ai .Bi }i∈I the variousπx: Ai .Bi mustbe closed, no restriction is imposed on the form ofAi andBi which, therefore, may also be dependentor overloaded types (meet-closure requires theAi ’s to be atomic). Thus there is a real, though limited,interaction between overloaded and dependent types.

PRACTICAL EXCURSUS. The condition[normal form]is quite severe. From a practical point of view therequirement that types are in normal form is rather harmless. Instead, the condition that types are closedis very penalizing. The experience with object-oriented programming shows that overloaded functionsare defined only at the top level (that is, not in subterms, so that closure is trivially satisfied) and that inlower levels (in subterms) overloaded functions are used (applied) rather than defined (abstracted). Wethink that in many cases this should also hold for languages with dependent types (even though we haveno evidence to support this claim). However, as a referee pointed out, this restriction rules out someinteresting terms. For example, overloaded functions that return arrays parametrized by their lengthare not allowed, since their type would have open codomains (codomains with free variables differentfrom theπ -abstracted one):

πn : nat.{π x: A.char[n ], π x: B.int[n ]}.

If n is not free in A and B, then such a situation can be dodged by swapping the arguments:

{πx: A.πn : nat.char[n ], π x: B.πn: nat.int[n ]}.

In any case we believe that in practice closure requirement for codomains could be relaxed. We wouldlose subject reduction but this should not affect type soundness (similarly to what happens for the systemof [Ler94] which we cited in the motivation section).

The closure of domains instead is much more severe a restriction. For example, it does not allow oneto write an overloaded function defined on arrays of different types since it would have a type with opendomains, like this one

πn: nat.{π x: char[n ]. A, πx: int[n ]. B}. (2)

In this case there is no simple expedient to satisfy closure. Nor we can easily relax the closure conditionsince while the type in (2) causes no harm to type soundness, a type such as

πn: nat.{π x: char[n ]. A, πx: char[3]. B} (3)

14 Sinceβ-reduction is a compatible reduction (see Footnote 4), then it can take place in every occurrence of a term and thus,in particular, in type annotations of overloaded terms. It is clear that normal forms would not be necessary if we did not reduceannotations.

15 The restriction in [unique selection] that the free variables ofA are in Dom(0), although natural, is quite technical and deep.It is crucial for proving that the satisfaction of [unique selection] is invariant under substitution. See the proof of Lemma 4.9 andnote that it would not have worked if we had, for example, required the stronger condition0 ` A : ?.


must be forbidden since for n= 3 the two domains would be equated. The problem is how to weaken theclosure requirement of[normal form]so that the type in (2) is accepted and the one in (3) is rejected.This issue does not seem to need an immediate solution since one has to ensure some property for allpossible term substitutions in domains. However, the point is well worth studying and we look to it infuture work.

3.4.5. Typing

The typing system is obtained by adding the following three rules to theλ5≤ typing rules:

T-ε0 ` ?

0 ` ε : {}

T-&0 `: M : {πx:Ai.Bi }i≤n 0 ` N :πx:An+1.Bn+1 0 ` {πx:Ai .Bi }i≤n+1 : ?

0 ` M& {πx : Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1

T-OAPP0 ` M : {πx:Ai.Bi }i≤n 0 ` N : Aj

0 ` M • N : Bj [x := N]

These typing rules deserve a few comments. The first rule states that the empty overloaded function hasan empty overloaded type. The second rule states that the type of an overloaded function is obtained bythe union of the types of its branches, provided that the type resulting from this union is well formed.The last rule states that if the argument of an overloaded function has typeAj then thej th branch ofthe function may be selected.16

Note that in (T-&) the well-kindness of the resulting overloaded type (in particular the three conditionswe just saw) must be checked.

3.4.6. Reduction

The reduction for overloaded function applications in a context0 is defined as follows:

If 1. N is closed and in normal form,

2. there existsi ∈ [1..n] s.t.0 ` N: Aj and∀ j ∈ [1..n] 0 ` N: Aj ⇒ 0 ` Ai ≤ Aj

then (M1& {πx:Ah Bh}h=1...n M2

) • N →β&

{M1 • N for i < n

M2 · N for i = n.

Theβ& -reduction is simpler than what the definition above lets one suppose. The rewriting rule statesthat if we pass an argumentN of type Ai to the overloaded function (M1& {πx:Ah.Bh}h=1..n M2) then weselect the branch defined forAi (more precisely we select the branchM2 if it is defined forAi , otherwisethe branch is searched inM1). But in order to perform the reduction two preconditions must be fulfilled.The first condition requires thatN is a closed normal form because, as explained in Section 3.4.2, wewant to implement late-bound overloading. The second condition ensures that the most specific branchcompatible with the type of the argument is selected. Indeed, imagine that an overloaded function withtwo branches, one for integers and the other for reals, is applied to an argument of type integer. Ifinteger is a subtype of real then by subsumption the argument also has type real. Thus either branchcould be executed if the second condition would not ensure that the most specific one, namely the onefor integers, is selected.17

16 Note that the branch effectively selected at run-time may be different from thej th branch either becauseAj does notcorrespond to the “best approximating” branch or becauseN is not a closed normal form (see the next section).

17 Theβ& -reduction depends on typing, which in turn depends on kinding. The subtyping relation depends onβ-conversion(rule S-ApR); therefore, strictly speaking, the subtyping relation is not independent from the typing and kinding relations. So itseems that by defining theβ& -reduction we reintroduced the circularity we struggled against so hard in Section 3.3.2. However,this dependence is far milder than that ofλP≤ and it does not cause any problem in the metatheoretic study. For example, in theproof for substitution of subtyping (Lemma 4.6, Case S-ApR), the induction concerns only the subtyping derivation and not thetyping or kinding judgments.

DEPENDENT TYPES 17

Finally note that when the reduction is performed, all expressions that participate in the selectionare closed. Thus, the definition ofβ& does not depend on the typing assignments in0 but only on itssubtyping declarations.18

TECHNICAL EXCURSUS. The requirement that N is a closed normal form is very strong. As explainedfor λ& in Section 7.2 of [Cas97] this condition may be weakened. For example, one can always safelyperform the reduction when the involved overloaded function has only one branch or when the type ofthe argument is a leaf of the type hierarchy. An interesting choice (but others are possible) is to weakentheβ& rule as follows:

For Ai such that0 ` N : Ai and∀ j ∈ [1..n] 0 ` N : Aj ⇒ 0 ` Ai ≤ Aj ,

If N is closed and in normal formor {Aj | 1≤ j ≤ n, 0 ` Aj ≤ Ai } = {Ai }, then

(M1& {πx:Ah.Bh}h=1..n M2

) • N →β&

{M1 • N for i < n

M2 · N for i = n.

In words, when selecting a branch we check whether there are other branches with smaller domain. Ifnot, we know that the selection cannot change further and therefore we perform the reduction even ifN is not closed.

This rule is interesting because, for example, it allows the deduction under the context n: int that:19

((λx: int. x + x)&(λx: string. x@x)) • n³ n+ n

However, such a rule would complicate the calculus (for example, this same example shows that inthis case reductions depend on the type assignments of the context0, with the problems described inFootnote 18). Furthermore, this modification would not be straightforward (for example, it is not clearhow to prove that some properties are preserved under substitution, such as the property of minimalityin a set of open types). Therefore, we prefer to proceed in this work as forλ& and consider just thesimpler formulation.

3.4.7. Examples

As a first example of the use of overloaded dependent types we can think of generalizing the functionstringtoarray defined in the Introduction so that it can applied to natural numbers as well. Since anatural numbern needsdlog10 ne digits to be represented, such a function will have the following type:

{ πx: nat.char[dlog 10 xe] , πx: string.char[length( x)] }.

To give a more detailed example we show two distinct encodings of the Cartesian product. The first one,which requires indexed types, is more complicated, but also more efficient. The second one is simplerand works for all types, but since it uses late binding, it requires run-time type inference.

Let ι be an atomic type with two constants20, 1:ι and 2:ι, andA a type indexed overι. This can beexpressed by the following context00≡ ι: ?, 1: ι, 2: ι, A :5x: ι.?. Add a further constant? :πx: ι.A1→A2→ Ax (note thatA1, A2, Ax, x1, etc. stand for the applicationsA(1), A(2), A(x), andx(1)) with

18 This greatly simplifies the treatment of reduction. The definition of reduction can be given for a generic context0 but it doesnot have to deal with it. So all the proofs of this article that deal withβ& are given for a generic0. It would be quite different ifthe reduction depended on the type assignment in0. In that case we would have to define rules that handle contexts, such as

0, (x: A) ` M1→β M2

0 ` λx: A.M1→β λx: A.M2,

and deal with them explicitly in the proofs.19 We use the operator @ to denote string concatenation. This example was suggested by one of the referees.20 We did not explicitly consider constants in the formal syntax ofλ5& . Rather, we take the attitude of [Bar92] and call all

variables that we “engage” not to abstract constants.


the following semantics:

?xa1a2 ={

a1 for x = 1

a2 otherwise

(the last example of this section shows how to encode?). Then we can use dependent types to definethe Cartesian products ofA1 andA2:

A1× A2 = πx: ι.Ax

( , ) = λa1:A1.λa2:A2.λx: ι.?xa1a2

fst = λx:A1× A2.x1

snd= λx:A1× A2.x2.

A simpler encoding can be obtained by using overloaded types together with two atomic typesα1 andα2 and two constantsp1:α1 and p2:α2 (in this and in the following example we omit type annotationsandε’s):

A1⊗ A2 = {πx:α1.A1, πx:α2.A2}( , ) = λa1: A1.λa2: A2.(λx:α1.a1&λx:α2.a2)

fst = λx: A1⊗ A2.x • p1

snd= λx: A1⊗ A2.x • p2.

Then it is possible to define genericfirst andsecondoperators that work with both encodings. Forexamplefirst can be defined as

(λx: (A1× A2).x1 & λx: (A1⊗ A2).x • p1)

whose type is

{πx: (πy: ι.Ay).A1, πx: {πy:α1.A1, πy:α2.A2}.A1}.

Note that all these definitions can be applied to pairs of terms whose types are subtypes ofA1 andA2.As a last example, imagine that we want to use dependent types to encode triples. We want to define

the encoding so that we can use triples where pairs are expected (as if they were record types with labels1, 2, and 3). This can be obtained by concatenating the two following contexts:

00 ≡ ι123: ?, ι3 ≤ ι123: ?, ι12 ≤ ι123: ?, ι2 ≤ ι12: ?, ι1 ≤ ι12: ?, 1:ι1, 2: ι2, 3: ι3

01 ≡ A:5x: ι123.?, ⊥ :πx: ι123.Ax.

Context00 declares three singleton typesι1, ι2, andι3 respectively containing constants 1, 2, and 3. Italso declares two unions of these singletons,ι12 (that contains bothι1 andι2) andι123 (that contains allthe other types).21 Context01 declares the typeA indexed overι123, together with a constant⊥ suchthat⊥i : Ai for i = 1, 2, 3. Finally we encode? as

? = λx: ι123.λa1: A1.λa2: A2.λa3: A3.(λy: ι1.a1&λy: ι2.a2&λy: ι3.a3&λy: ι123.⊥y) • x

21 Instead of 2:ι2, 3: ι3 we could equivalently have declareds: {ι1→ ι2, ι2→ ι3}, so as to have 2≡ s• 1 and 3≡ s• (s• 1).

DEPENDENT TYPES 19

whose type22 is πx: ι123.A1→ A2→ A3→ Ax and whose semantics clearly is

?xa1a2a3 =

a1 for x = 1a2 for x = 2a3 for x = 3.

With these declarations the dependent-types-based encoding for pairs is as before. Just the pairingoperator has to be modified to take into account the fourth argument of ?:

A1× A2 = πx: ι12.Ax

( , ) = λa1: A1.λa2: A2.λx: ι12.?xa1a2(⊥3)

fst = λx: A1× A2.x1

snd= λx: A1× A2.x2.

Triples are similar:

A1× A2× A3 = πx: ι123.Ax

( , , ) = λa1:A1.λa2: A2.λa3: A3.λx:ι123.?xa1a2a3.

Note that by the rule S-πA1× A2× A3 ≤ A1× A2. Thus, thanks to subtyping, we need not definefirst and second projections for triples since the functions fst and snd defined for pairs work also fortriples (in object-oriented terminology we would say that triplesinherit first and second projectionsfrom pairs). Instead, we have to define the third projection. A term may be statically typed as a pairand dynamically become a triple. Thus, it is interesting to define the third projection also for pairs. Ifthe pair dynamically becomes a triple then this projection function returns the third component of thetriple; otherwise it returns⊥3. This is obtained by the following overloaded function,

trd= (λy: A1× A2.⊥3) & (λy: A1× A2× A3.y3),

whose type is{πy:(πx: i12.Ax).A3, πy:(πx: i123.Ax).A3}.

3.4.8. Properties

The hardest and most technical part of this work is to prove thatλ5& enjoys good theoreticalproperties. This is what the rest of this article is devoted to. More precisely, after having formallypresentedλ5& (Section 4.1) we proceed as follows.

First, we prove the confluence of the calculus. Namely, letβ = β1 ∪ β2 ∪ β& ; if M³β M1 andM³β M2 then there existsN such thatM1³β N andM2³β N (Section 4.2).

Second, since we started from a set of rules, those ofλ5≤, that do not include (general) transitivityand reflexivity rules we have to prove that the subtyping relation on types is a preorder, that is, that thetwo rules are admissible (Sections 4.3 and 4.4).

Third, we prove that our type system is sound since well-typed terms rewrite only into well-typedterms. That is, if0 ` M : A andM³ N then0 ` N : A (Section 4.5).

Thanks to the absence of transitivity from the subtyping rules, it is then not very difficult to provethatλ5& is a conservative extension of bothλ5≤ andλ& (Section 4.6).

A delicate point is that, sinceλ5& extendsλ&, it inherits from the latter nontermination: inλ& it ispossible to encode a fix-point combinator of type (A→ A)→ A for every typeA (see Section 6.2 of[Cas97]), and this same technique applies toλ5& as well. However, inλ& it is possible to single outan interesting class of subcalculi that are strongly normalizing. We show that this result extends toλ5&

22 Note that, strictly speaking, the type of the inner overloaded function is not well kinded: sinceι1 ≤ ι123, the [covariant types]condition requiresy: ιi ` Ai ≤ Ay. This semantically holds:ιi is a singleton containingi , thusy: ιi implies y = i . But thisequality can be proved only by extending the system with the distinguished singleton types introduced by Aspinall in [Asp95].This would lead us too far.


(Section 5). The interest in normalization properties inλ5& stems from the fact that subtyping relies onβ-conversion. Terms may appear in types andβ-conversion of terms is used to define subtyping. Strongnormalization of terms implies decidability ofβ-equality, which implies decidability of subtyping.Indeed, in the presence of the decidability ofβ-conversion it is easy to lift the proof of the decidabilityof the subtyping (and thus of typing) relation ofλ5≤ (this proof is given in Section 6.4) to the stronglynormalizing subsystems ofλ5& . Thus, in these subsystems ofλ5& we have decidability for bothsubtyping and typing relations (which is the main result of Section 7 and does not hold for the wholeλ5& ).

In Section 6 we prove some properties that are specific toλ5≤, namely that the subtyping rules ofλ5≤ describe an algorithm, thatλ5≤ is equivalent toλP≤, and the already cited proof of decidabilityof the subtyping relation ofλ5≤ that is then used in the last section for studying decidability inλ5&

(Section 7).

4. FORMAL PRESENTATION OFλ5&

In this section we give the formal definition ofλ5& and we prove that it enjoys several fundamentalproperties.

4.1. The Systemλ5&

The systemλ5& is an extension ofλ& with first order types. There are four syntactic categories:contexts, denoted by0, kinds, denoted byK , types, denoted byA, B, C, andD, and terms, denoted byM , N, P, andQ. We useU to range over the last three syntactic categories (all these metavariables mayappear indexed). Sometimes we will denote an overloaded type as a set ofπ -types indexed over a set ofindexes (typically, they will be initial segments of natural numbers); we useI andJ to range over theset of indexes andh, i , j , k to range over indexes. There are four judgment forms on these expressions:

0 ` K K is a kind in context00 ` A : K type A has a kindK in context00 ` M : A term M has typeA in context00 ` A ≤ B A is a subtype ofB in context0.

These judgments are the same as those inλ5≤.Preterms, pretypes, prekinds, and precontexts (i.e., possibly not well-formed terms, types, kinds, and

contexts) are those inλ5≤ extended by an empty overloaded function,ε, nonempty overloaded functionsM& AM , applications of overloaded functionsM •M , and overloaded pretypes,{πx:Ai .Bi }i∈I . Thestructure of kinds and contexts is unchanged.

M ::= x | λx:A.M | M M | ε | M& AM | M •M

A ::= α | πx:A.A | 3x:A.A | AM | {πx:A.A, . . . , πx:A.A}K ::= ? | 5x:A.K

0 ::= 〈〉 | 0, x : A | 0, α:K | 0, α ≤ A : K

4.1.1. Rules

The set of rules definingλ5& is obtained by adding to the rules ofλ5≤ the kinding and subtypingrules for overloaded types and the typing rules for the three new terms for overloading. The completeset of rules is given in Appendix A.1.

The subtyping rule for overloaded types is


0 ` {πx:Ai .Bi }i∈I ≤ {πy:Cj .Dj } j∈J

DEPENDENT TYPES 21

while the kinding rule is:

0 ` ? ∀i ∈ I . 0 ` πx:Ai .Bi : ?∀i ∈ I . πx:Ai .Bi is closed and in normal form

∀i, j ∈ I . 0 ` Ai ≤ Aj ⇒ 0, x : Ai ` Bi ≤ Bj

∀A.Fν(A) ⊆ Dom(0)⇒ ((∀i ∈ I . 0 6` A ≤ Ai ) ∨K-OVER

(∃!i ∈ I . 0 ` A ≤ Ai ∧ ∀ j ∈ I 0 ` A ≤ Aj ⇒ 0 ` Ai ≤ Aj ))

0 ` {πx:Ai .Bi }i∈I : ?.

This huge rule simply formalizes the conditions that we stated in Section 3.4.4. Namely, the first line inthe premises states that a well-kinded overloaded type is formed by well-kindedπ -types (0 ` ? ensuresthat0 is well-formed even for an emptyI ). These types, according to the second line, are closed andin normal form. The third line requies convariance while the last two lines formalize the condition ofunique selection.

Finally we add to the typing rules ofλ5≤ the following rules:

T-ε0 ` ?

0 ` ε : { }

T-&0 ` M : {πx:Ai .Bi }i≤n 0 ` N : πx:An+1.Bn+1 0 ` {πx:Ai .Bi }i≤n+1 : ?

0 ` M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1

T-OAPP0 ` M : {πx:Ai .Bi }i≤n 0 ` N : Aj

0 ` M • N : Bj [x := N]

4.1.2. Notions of Reduction

Theβ-reductin is defined as thecompatible closureof the union of threenotions of reduction(fordefinitions see Section 3.1 of [Bar84]),β1, β2, andβ& defined in Sections 3.2 and 3.4.6.

In the following we use←R to denote the symmetric relation of→R and use³R (respectively=R)to denote reflexive, transitive closure of the reduction→R (respectively of→R ∪ ←R). We useU R todenote the R-normal-form ofU and≡ to denote syntactic identity of expressions.

We write0 ` J to denote an arbitrary judgment and with an abuse of notation we will writeJ →β J ′

to denote thatJ ′ is obtained by replacing aβ-redex inJ by its reductum.

4.2. Confluence

The first property that we prove forλ5& is confluence (expressionsU in this section are not assumedto be well typed. We just require that all the type annotations of overloaded terms occurring in them areclosed, so that substitutions do not affect them). The proof is a simple application of the Hindley–Rosenlemma [Hin64, Ros73].

LEMMA 4.1 (Hindley-Rosen lemma).Let R1, R2 be two notions of reduction. If R1, R2 are confluentand³R1 commutes with³R2 then R1 ∪ R2 is confluent.

Set nowR1 = β1∪β2 andR2 = β& . If we prove that these notions of reduction satisfy the hypothesisof the lemma above, we obtain confluence of our system. The confluence ofβ1∪β2 is easy to prove sinceit essentially reduces to the confluence ofλ5. For β& it is easy to verify that it satisfies the diamondproperty: for example, consider the twoβ& -reductions

M2N ←β& (M1& AM2) • N →β& (M1& AM ′2) • N

where M2→ β& M ′2. A has not been changed in the second reduction, and the branch selection in(M1& AN ′2) • N is determined byA and the typing ofN, so this expressionβ& -reduces toM ′2N. On theother hand,M2N→ β& M ′2N.


Thus it remains to prove that the two notions of reduction commute. To that end we can use the Lemma3.3.6 of [Bar84], which is restated here. For any reduction notionR, let

=→R denote the reflexive closureof R.

LEMMA 4.2 [Bar84]. Let R1, R2 be two notions of reduction, and let U be a term. If N1←R2 U →R1

N2, then∃N, N1³R1 N=←R2 N2. Then³R1,³R2 commute.

Now consider Lemma 4.2. The next proposition shows that forR1 = β& , R2 = β1∪β2 the hypothesesof the lemma are satisfied. Therefore we can conclude that³β& commutes with³β1∪β2.

PROPOSITION4.3 (Weak commutativity). If N1←β1∪β2 U →β& , N2 then∃N3 s.t. N1³β& N3=←β1∪β2

N2.

Confluence ofβ-reduction follows from the Hindley–Rosen lemma:

COROLLARY 4.4 (Confluence). Suppose U,U ′,U ′′ are pre-expressions. If U³βU ′ and U³βU ′′,then there exists a pre-expression V such that U′³βV and U′′³βV .

4.3. Structural Properties andβ2-Reduction

In this section we prove some structural properties of theλ5& typing and subtyping systems, as wellas some properties of theβ2-reduction. All these properties are rather technical and not very interestingby their own sake. But they are necessary to the proofs of Section 4.4. Thus we strongly suggest to thereader to skip this section in the first reading and to pass directly to Section 4.4.

Throughout Section 4.3,J denotes either a typing (M : A), or a kinding (A: K ), or a context formation(K ) judgment (i.e., subtyping judgments are not included).

4.3.1. Substitution

Since the subtyping system is independent from typing and kinding and overloaded types are formedonly by closed types, it is not very difficult to prove substitution property for subtyping; that is if0 ` B ≤ C is derivable, then for any termM , the judgment0[x := M ] ` B[x := M ] ≤ C[x := M ]is derivable as well.

But first let us precisely define substitution for a context.

DEFINITION 4.5 (Substitution of context). The substitution0[x := M ] of a variablex by a termMin the context0 is defined as follows:

〈〉[x := M ] =def 〈〉(01, y : A)[x := M ] =def 01[x := M ], y : A[x := M ]

(01, x : A)[x := M ] =def 01[x := M ].

Note that, if0 is a well-formed context (i.e.,0 ` ?) and0 = 01, x : C, 02, then0[x := M ] =01, 02[x := M ] sincex /∈ 01.

LEMMA 4.6 (Substitution for subtyping).If 0 ` B ≤ C, then0[x := M ] ` B[x := M ] ≤ C[x :=M ]. Furthermore the depth of the derivation of0[x := M ] ` B[x := M ] ≤ C[x := M ] is not greaterthan the depth of the derivation of0 ` B ≤ C.

Proof. By induction on the depth of the derivation of0 ` B ≤ C and performing a case analysison the last rule of the derivation.

Note that in the lemma above there is no requirement onM (e.g., it may be nontypable).If the substitution variable does not appear in the subtyping judgment, then the converse of the above

result holds:

LEMMA 4.7. x /∈ Fv(A) ∪ Fv(B) ∧ 0[x := M ] ` A ≤ B⇒ 0 ` A ≤ B.

DEPENDENT TYPES 23

Proof. Straightforward induction on the depth of the derivation of0 ` A ≤ B.

Next we study the preservation under substitution of the conditions of well-formedness of overloadedtypes. First, we consider the covariance condition:

LEMMA 4.8 (Preservation of covariance by substitution).If x /∈ Fv(A)∪ Fv(A′)∪ Fv(B)∪ Fv(B′)and0 ` A ≤ A′ ⇒ 0 ` B ≤ B′, then0[x := M ] ` A ≤ A′ ⇒ 0[x := M ] ` B ≤ B′.

Proof.

0[x := M ] ` A ≤ A′ ⇒ 0 ` A ≤ A′ Lemma 4.7

⇒ 0 ` B ≤ B′ By assumption

⇒ 0[x := M ] ` B ≤ B′ Lemma 4.6

Then we consider the uniqueness of selection (see also Footnote 15):

LEMMA 4.9 (Preservation of uniqueness by substitution).Let {Ai | i ∈ I } be a set of closed types.Then

∀A s.t.Fv(A) ⊆ Dom(0),

((∀i ∈ I . 0 6` A ≤ Ai ) ∨ (4)

(∃!i ∈ I . 0 ` A ≤ Ai ∧ ∀ j ∈ I 0 ` A ≤ Aj ⇒ 0 ` Ai ≤ Aj ))

implies

∀A s.t. Fv(A) ⊆ Dom(0[x := M ])

((∀i ∈ I . 0[x := M ] 6` A ≤ Ai ) ∨(∃!i ∈ I . 0[x := M ] ` A ≤ Ai ∧

∀ j ∈ I 0[x := M ] ` A ≤ Aj ⇒ 0[x := M ] ` Ai ≤ Aj )).

Proof. Fix an A such thatFv(A) ⊆ Dom(0[x := M ]). Note thatFv(A) ⊆ Dom(0[x := M ]) ⊆Dom(0). Therefore Eq. (4) holds for this particularA.

If the first clause of (4) holds, that is (∀i ∈ I . 0 6` A ≤ Ai ), then (∀i ∈ I . 0[x := M ] 6` A ≤ Ai )holds. Indeed, imagine that there existsh ∈ I such that0[x := M ] ` A ≤ Ah. SinceFv(A) ⊆Dom(0[x := M ]) then x /∈ Fv(A). Therefore we can apply Lemma 4.7 and obtain0 ` A ≤ Ah.Contradiction.

If the second clause of (4) holds, then leth be the unique index inI such that

0 ` A ≤ Ah ∧ ∀ j ∈ I 0 ` A ≤ Aj ⇒ 0 ` Ah ≤ Aj . (5)

We first prove the existence part by showing that

0[x := M ] ` A ≤ Ah ∧ ∀ j ∈ I 0[x := M ] ` A ≤ Aj ⇒ 0[x := M ] ` Ah ≤ Aj . (6)

Observe that

0 ` A ≤ Ah Formula (4)

⇒ 0[x := M ] ` A[x := M ] ≤ Ah[x := M ] Lemma 4.6

⇒ 0[x := M ] ` A ≤ Ah x /∈ Fv(A) andAh is closed


and that

0[x := M ] ` A ≤ Aj ⇒ 0 ` A ≤ Aj Lemma 4.7

⇒ 0 ` Ah ≤ Aj Implication (5)

⇒ 0[x := M ] ` Ah[x := M ] ≤ Aj [x := M ] Lemma 4.6

⇒ 0[x := M ] ` Ah ≤ Aj Ah, Aj are closed.

These two last observations imply (6).In order to prove the uniqueness ofh for (6), assume that there existsk ∈ I that satisfies (6). This

implies that0 ` A ≤ Ak (Lemma 4.7) and that for allj ∈ I

0 ` A ≤ Aj ⇒ 0[x := M ] ` A ≤ Aj Lemma 4.6

⇒ 0[x := M ] ` Ak ≤ Aj Assumption for (6)

⇒ 0 ` Ak ≤ Aj Lemma 4.7

⇒ h = k By the uniqueness ofh for (5).

PROPOSITION4.10 (Context properties).

1. If 0 ` J is provable, then for every prefix0′ of 0,0′ ` ? is provable by a derivation ofstrictly lesser depth.

2. 01, x : A, 02 ` J ⇒ 01 ` A : ?, where01 ` A : ? has a smaller proof than01, x : A, 02 `J .

3. If 0,0′ ` J is provable and0, x : A, 0′ ` ? then also0, x : A, 0′ ` J is provable(weakening).

Proof. The first and third points can be easily proved by induction on the depth of the derivation ofthe judgment0 ` J. The second point is a straightforward consequence of the first one.

PROPOSITION4.11 (Substitution). Let0 ≡ 01, x: C, 02. If 0 ` J and01 ` M :C are derivable, thenalso0[x := M ] ` J[x := M ] is derivable. More precisely:

1. 0 ` K ⇒ 0[x := M ] ` K [x := M ]

2. 0 ` A:K ⇒ 0[x := M ] ` A[x := M ] : K [x := M ]

3. 0 ` N:A⇒ 0[x := M ] ` N[x := M ] : A[x := M ].

(Substitution for subtyping has already been proved in Lemma4.6.)

Proof. By induction on the depth of the derivation of0 ` J, by a case analysis on the last appliedrule. The proof is quite straightforward. We just hint at the following points. Proposition 4.10 must beused for the case F-TERM when the variable introduced by the rule isx. The case for T-VAR is theonly case which uses the hypothesis0 ` M : C. The case T-SUB is proved by applying Lemma 4.6.The case K-CONV uses the property thatK =β K ′ implies K [x := M ] =β K ′[x := M ]. The casesfor the elimination rules (i.e., K-APP, T-APP, T-OAPP) hold because of the propertyU [x := M ][ y :=N[x := M ]] = U [y := N][x := M ]. The case K-OVER uses Lemmas 4.8 and 4.9.

4.3.2. Kinding Properties

LEMMA 4.12. If 0 ` ? and x∈ Dom(0) then0 ` 0(x) : ?.

Proof. A simple induction on the length of0.

A simple but important consequence of the previous result is

PROPOSITION4.13. If 0 ` M : A then0 ` A : ?.

DEPENDENT TYPES 25

Proof. By induction on the depth of the derivation of0 ` M : A and performing a case analysison the last applied rule. Use Lemma 4.12 in the case T-VAR and the second point of Proposition 4.11for the cases T-APP and T-OAPP.

4.3.3. Generation Principle

The generation for kinding tells us what information we can infer from a kinding judgment about akind.

PROPOSITION4.14 (Generation for kinding).

0 ` α : K ⇒ K =β Kind0(α)

0 ` πx:A.B : K ⇒ K ≡ ? ∧ 0, x : A ` B : ?

0 ` 3x:A.B : K ⇒ ∃K ′ s.t.K =β 5x:A.K ′ ∧ 0, x : A ` B : K ′

0 ` AM : K ⇒ ∃B, K ′s.t. 0 ` A : 5x:B.K ′ ∧ 0 ` M : B ∧ K ′[x := M ] =β K

0 ` {πx:Ai .Bi }i∈I : K ⇒ K ≡ ? ∧ ∀i ∈ I , 0, x : Ai ` Bi : ?

Proof. By inspection of the kinding rules.

PROPOSITION4.15 (Uniqueness of kinds).If 0 ` A : K and0 ` A : K ′, then K=β K ′.

Proof. Uniqueness of kinding can be obtained by observing the fact that all kinds are of the form5x1:A1 .. 5xn:An.? and5x1:A1 .. 5xn:An.? =β 5x1:A′1 .. 5xm:A′m.? iff n = m, Ai =β A′i , i =1 .. n.

4.3.4. Context Change

The properties in this subsection concern the preservation of judgment derivability with respect tochange of context.

PROPOSITION4.16 (Bound change for subtyping).If 01, x : A, 02 ` B ≤ C, then01, x : A′, 02 `B ≤ C.

Proof. By induction on the derivation of01, x : A, 02 ` B ≤ C.

This property shows that subtyping does not depend on the types of the context term variables. Theonly declarations in0 that concern subtyping are bounded kind assignments such asα ≤ A : K .23

Now, we study the preservation of the conditions in the overloaded type formation under type changesof term variables in the context. First, we show the preservation of the covariance condition under termbound change.

LEMMA 4.17 (Preservation of covariance by term bound change).If 01, x : C, 02 ` A ≤ A′ im-plies01, x : C, 02 ` B ≤ B′, then01, x : C′, 02 ` A ≤ A′ implies01, x : C′, 02 ` B ≤ B′.

Proof. A trivial application of Proposition 4.16.

The next lemma shows the preservation under bound change of the “unicity of branch” property ofoverloaded types.

LEMMA 4.18 (Preservation of branch unicity by term bound change).Let 0 ≡ 01, x:C, 02 and0′ ≡ 01, x:C′, 02. For every set{Ai | i ∈ I } of closed types,

∀A s.t. Fv(A) ⊆ Dom(0).((∀i ∈ I . 0 6` A ≤ Ai )

∨ (∃!i ∈ I . 0 ` A ≤ Ai ∧ ∀ j ∈ I 0 ` A ≤ Aj ⇒ 0 ` Ai ≤ Aj )).

23 Of course, this holds in our system only because the definition of≤ does not depend on kinding judgments. If instead of thesubtyping relation we had used a kinding relation this would not hold (e.g., see Proposition 4.19).


implies

∀A s.t. Fv(A) ⊆ Dom(0′).((∀i ∈ I . 0′ 6` A ≤ Ai )

∨ (∃!i ∈ I . 0′ ` A ≤ Ai ∧ ∀ j ∈ I 0′ ` A ≤ Aj ⇒ 0′ ` Ai ≤ Aj )).

Proof. Use the same technique as Lemma 4.9 and use Proposition 4.16 instead of Lemmas 4.7 and4.6.

PROPOSITION4.19 (Bound narrowing). Let01 ` A′ ≤ A and01 ` A, A′ : ?. Then01, x : A, 02 ` Jimplies01, x : A′, 02 ` J .

Proof. By induction on the derivation of the judgment. For the case T-VAR perform an applicationof T-SUB. For the case T-Sub use bound change for subtyping (Proposition 4.16). For the case K-OVERuse Lemmas 4.17 and 4.18.

The remaining cases are easy.

PROPOSITION4.20 (Kinding for subtyping). If 0 ` A, B : K , 0 ` A ≤ B, then for every subtypingjudgment0′ ` C ≤ D in the derivation of0 ` A ≤ B, there exists a kind K′ such that0′ ` C, D : K ′.

Proof. First of all note that without loss of generality we can consider only derivations in whichthere are never two consecutive applications of K-CONV. Then proceed by induction on the depth of thederivation of0 ` A ≤ B by performing a case analysis on the last applied rule. The cases for S-ApR,S-OVER, and S-ApT are straightforward. The cases S-ApSR and S-ApSL are direct consequences ofLemma 4.11. A more difficult case is the one for S-π(and S-3which is similar): considerA ≡ πx:C1.D1

andB ≡ πx:C2.D2. From Proposition 4.14 we obtain that0, x: Ci ` Di : ? (i= 1,2). From Lemma4.10, we deduce that0 ` Ci : ?. Therefore it remains to prove that0, x : C2 ` D1 : ?. This can beobtained by using Proposition 4.19. The result follows by the induction hypothesis.

4.3.5.β20 Strong Normalization

In this subsection, we will introduce theβ20-reduction and prove that it is strongly normalizing. Thisfact implies that the maximal number ofβ20-reduction steps from a typeA is always finite. We willuse this number in the induction measure for the proofs of several important results, including the proofof transitivity elimination.

We begin by showing theβ2 subject reduction, which is also a property needed in the proofs oftransitivity elimination and decidability of subtyping.

PROPOSITION4.21 (β2 subject reduction). If 0 ` J, J³β2 J ′, then0 ` J ′.

Proof. This is the classical proof of subject reduction for simply typedλ-calculus performed byinduction on the derivation of0 ` J. It relies on the generation for kinding (Proposition 4.14).

Let 0 be a context. The one step0-reduction, denoted by→0, is defined as the compatible closureof the following reduction:

α→0 0(α).

For the proof ofβ20 strong normalization we proceed in two steps. First, we prove theβ2 strongnormalization; then we use it to prove theβ20 strong normalization. Intuitively, the first assertion holdsbecauseβ2-reduction does not introduce new redexes (an existing redex may be duplicated or modified).The second result is obtained by associating everyβ20-reduction sequence to aβ2-reduction sequencethat binds it, a technique similar to the one introduced in [Che96].

In more detail,β2 strong normalization is straightforward since it suffices to observe thatβ2-reductionconcerns only redexes of the form (3x:A.B)M whereM is a term. Reduction of such redexes mayduplicate redexes inM , but it will not introduce new redexes.

PROPOSITION 4.22 (β2 strong normalization). Let K, A, and M respectively denote a prekind, apretype,and a preterm. Then K, A, and M areβ2 strongly normalizing.

DEPENDENT TYPES 27

Proof. ConsiderM . Define a functionS from preterms to a multiset of natural numbers.

S(M) = {n | n is the size of aβ2 redex inM},

where “the size of aβ2 redex” is the total number of symbols in the redex. IfM →β2 N, then a redexRin M will be erased and some subredexesr ∈ R will be duplicated. Therefore,S(N) is obtained fromS(M) by replacing one big number by a finite sequence of strictly smaller numbers. By the well-knownmultiset order, the reduction will terminate. This holds also if we considerA or K instead ofM .

The0-reduction is obviously strongly normalizing for well-formed0 (circularities are not allowed).Theβ20-reduction is the combination ofβ2- and0-reduction. Note that the combination of two nor-malizing reductions may be not normalizing (e.g., consider the union of these two rewriting rules:a→ b andb→ a). In our specific case, theβ2-reduction may increase the number of0-redexes, andon the other hand, a0-reduction may increase the number ofβ2-redexes. We prove theβ20 strongnormalization by transforming aβ20-reduction into aβ2-reduction by the functionFE which takes anexpression and returns its0-reduction normal form:

FE0(U )def= the0-normal form ofU.

Notice thatFE 0 is well defined on well-formed terms, types, and kinds. We will omit the subscript0

and simply writeFE when it is clear from the context.

PROPOSITION4.23 (β20strong normalization). For β20-reduction,we have the following results:

1. If 0 ` K , then K isβ20 strongly normalizing;

2. If 0 ` A : K , then A isβ20 strongly normalizing;

3. If 0 ` M : A, then M isβ20 strongly normalizing.

Proof. First of all note thatβ2 and0 reductions commute in a very precise way, namely, ifM →0 M1

andM →β2 M2 then there existsN such thatM1→β2 N andM2³0N.

Indeed a0-reduction does not affect an existingβ2-redex while aβ2-reduction may duplicate an existing0-redex or delete it.

LetU,U1,U2, . . . be aβ20-reduction sequence starting fromU and consider a genericUi →R Ui+1.If R is 0 thenFE (Ui )=FE (Ui+1).

If R is β2 then by observing that theβ2-reductum of a0-normal-form is a0-normal-form and bycomposing the commutativity property above we obtain thatFE (Ui )→β2 FE (Ui+1):

So for everyi eitherFE (Ui )→β2 FE (Ui+1) or FE (Ui )→0 FE (Ui+1) (a zero step reduction) holds.


Since0 is strongly normalizing we cannot have an infinite sequence of zero-step reduction (otherwisethese would correspond to an infinite sequence of0-reduction on theUi ’s).

Thus,FE (U ), FE (U1), FE (U2), . . . is aβ2-reduction sequence starting fromFE (U ) whereFE (Ui )=FE (Ui+1) for somei . Sinceβ2-reduction is strongly normalizing and the zero-step reductions are finite,then there exists a numbern such thatFE (Un)=FE (Un+1)=FE (Un+2), . . . . This implies that thereduction sequenceUn,Un+1, . . . is a0-reduction. But0-reduction is normalizing, so the sequenceU,U1,U2 . . . must terminate.

4.4. Admissible Rules

In this section, we prove that the subtyping relation defined forλ5& is a preorder on well-kinded types.More precisely we prove that the rules (S-CONV) and (S-TRANS) (cf. Section 3.3) are admissible (seeFootnote 7 for definitions) in our system. Both properties are proved by joint induction on the concernedexpressions and on the number ofβ20-reduction steps (that are finite, sinceβ20-reduction is stronglynormalizing: Proposition 4.23).

TECHNICAL EXCURSUS. A notable feature of the subtyping system ofλ5& (andλ5≤) is that the proofof subfamily judgments is never needed in the deduction of the type of a term. Observe that, given0 ` A, B : ?, the derivation of0 ` A ≤ B does not contain any instance of the rule S-3. Since thetyping system uses subtyping only on types (and not on type families, rule T-SUB), then the rule S-3canbe harmlessly eliminated from the system (actually, we did not include it in Appendix A.1: the rules inthe appendix really define a subtyping relation). In other words, while inλP≤ the rule S-3 is necessaryto deduce subtypings on types (when the types are applications of type families), inλ5& (andλ5≤) thisrule is only used in the deductions of subfamily judgments such as0 ` 3x1:A1.3x2:A2 . . . 3xn:An.B ≤3x1:A′1.3x2:A′2 . . . 3xn:A′n.B

′.We decided to keep it in our system only becauseλP≤ has it. With this rule we can show the equivalence

of Property 3.1 and state it for all A, B such that0 ` A, B : K (instead just for all A, B such that0 ` A, B : ?).

We ignore this rule in the future. Although it is present in several type systems, the rule S-3 issomewhat anomalous since it defines true subfamily relations (in which expressions could possiblybe kinded by5x1:A1 . . . 5xn: An.? with n ≥ 1). In this sense (and under the assumption that typingmatters more than subtyping), the rules S-ApR, S-ApSL, and S-ApSR are much more reasonable andintuitive since they confine subtyping to pretypes, even in the presence of type families.

This feature, the nonutility of the S-3, also simplifies the metatheoretic study. One of its consequencesis that we need not prove that the general subtyping family application rule SAC-app is admissible inλ5& . In the rest of this article we will heavily use reflexivity and transitivity of subtyping (which weprove in this section), but we will not need the subtyping family application property. The only case inwhich the admissibility of this rule is needed is to prove Property 3.1. That is the reason why we provethe admissibility of this rule forλ5≤ (Proposition 6.2) but not forλ5& .

Let 0 be a context andU an expression. We denote byMaxRed0(U ) the maximal length of aβ20-reduction starting fromU and bySize(U ) the number of distinct symbols appearing inU (so, forexample,Size(λx : α.x) = 5 since we haveλ, :, ., x, andα.)

4.4.1. Admissibility of Reflexivity

PROPOSITION4.24 (Admissibility of reflexivity). If A =β B ∧ 0 ` A, B : ?, then0 ` A ≤ B.

Proof. SinceA, B are well-kinded types, they can only have one of the following forms

αM1..Mn n ≥ 0

πx:C.D

(3x:C.D)M1..Mn n ≥ 1

{πx:Ai .Bi }i∈I

DEPENDENT TYPES 29

Let0 be a context andA, B two types such that0 ` A, B : ?. Define the induction measureWeight0(A,B) as the pair

Weight0(A, B) =def 〈MaxRed0(A)+MaxRed0(B),Size(A)+ Size(B)〉

and use the lexicographical order for pairs (most significative component on the left).By induction onWeight0(A, B) and examination of all possible cases.

With reflexivity, the boundβ equivalence property becomes a special case of bound narrowing.

PROPOSITION4.25 (Boundβ-equivalence). Let A=β A′ and01 ` A, A′ : K. Then:

01, x : A, 02 ` J ⇒ 01, x : A′, 02 ` J

01, α ≤ A : K , 02 ` J ⇒ 01, α ≤ A′ : K , 02 ` J.

Proof. By induction on the derivation of the judgment.

4.4.2. Admissibility of Transitivity

In order to prove that the rule

0 ` A, B,C : ? 0 ` A ≤ C 0 ` C ≤ B

0 ` A ≤ Btrans

is admissible inλ5& we consider the subtyping system extended with the above transitivity rule (wedenote it byλ5&

t and judgments provable in the extended system by`t ) and we perform a transitivity-elimination process. Namely, we prove that for every derivation inλ5&

t there exists a derivation inλ5&

for the same judgment. The method is essentially a process of transforming transitivity applications intoderivations in which transitivity occurs only in a smaller degree, as is usual in cut elimination processes.Therefore, it is necessary to define a well-founded measure over transitivity applications and show thatin each step of transformation, this measure will reduce.

We associate to every application of the transitivity rule

0 ` A, B,C : ? 0 ` A ≤ B 0 ` B ≤ C

0 ` A ≤ C

the lexicographically ordered measureWeight0(A, B,C) defined as

〈MaxRed0(A)+MaxRed0(B)+MaxRed0(C),Size(A)+ Size(B)+ Size(c)〉.

PROPOSITION4.26 (Transitivity elimination inλ5&t ). If 0 `t A ≤ B, then0 ` A ≤ B.

Proof. The proof is done by induction on the number of applications of transitivity appearing in aderivation.

The inductive case is straightforward: if in a given derivation there aren > 1 applications of transitivitythen consider any subderivation containing exactly one transitivity application. By induction we cantransform it into a transitivity free derivation. Thus the global derivation has nown − 1 transitivityapplications. The result follows by using the induction hypothesis once more.

So let us consider the case in which there is exactly one application of the transitivity rule. Considerthe subderivation ending by the transitivity

0 ` A′, B′,C′ : ? 0 ` A′ ≤ B′ 0 ` B′ ≤ C′

0 ` A′ ≤ C′trans.

The derivations of0 ` A′ ≤ B′ and0 ` B′ ≤ C′ are transitivity-free, i.e. they are derivations inλ5& ,whereas0 `t A′ ≤ C′ is aλ5&

t judgment.


We show by induction onWeight that this derivation can be transformed into a transitivity-freederivation.

We proceed by case analysis of the last pair of rules used to derive the premises of the transitivityrule.

Case (S-π, S-π ). The derivation must end by

J K0 ` A2 ≤ A1 0, x:A2 ` B1 ≤ B2

0 ` πx:A1.B1 ≤ πx:A2.B2S-π

0 ` A3 ≤ A2 0, x:A3 ` B2 ≤ B3

0 ` πx:A2.B2 ≤ πx:A3.B3S-π

trans,0 `t πx:A1.B1 ≤ πx:A3.B3

whereJ K is the kinding judgment0 ` πx:A1.B1, πx:A2.B2, πx:A3.B3 : ?.This derivation can be transformed into

J K1 0 ` A3 ≤ A2 0 ` A2 ≤ A1

0 `t A3 ≤ A1

J K2 0, x:A3 ` B1 ≤ B2 0, x:A3 ` B2 ≤ B3

0, x:A3 `t B1 ≤ B3,0 `t πx:A1.B1 ≤ πx:A3.B3

whereJ K1≡ 0 ` A1, A2, A3 : ? andJ K2≡ 0, x:A3 ` B1, B2, B3 : ?.The derivability of the judgmentsJ K1, J K2, and0, x : A3 ` B1 ≤ B2 can be obtained as follows.

0 ` πx:A1.B1, πx:A2.B2, πx:A3.B3 : ?

⇒ 0, x : A1 ` B1 : ? ∧ 0, x : A2 ` B2 : ? ∧ 0, x : A3 ` B3 : ? Prop.4.14

⇒ 0 ` A1, A2, A3 : ? Prop.4.10

0 ` A3, A2 : ? ∧ 0 ` A3 ≤ A2 ∧ 0, x : A2 ` B1 ≤ B2

⇒ 0, x : A3 ` B1 ≤ B2 Prop.4.16

0 ` A3, A2 : ? ∧ 0 ` A3 ≤ A2 ∧ 0, x : A2 ` B2 : ?

⇒ 0, x : A3 ` B2 : ? Prop.4.19

0 ` A3, A2 : ? ∧ 0 ` A3 ≤ A1 ∧ 0, x : A1 ` B1 : ?

⇒ 0, x : A3 ` B1 : ?. Prop.4.19

In the last implication0 ` A3 ≤ A1 follows by the induction hypothesis from0 ` A1, A2, A3 : ?, 0 `A3 ≤ A2, and0 ` A2 ≤ A1.

In conclusion,0 ` A1, A2, A3 : ?, 0, x : A3 ` B1, B2, B3 : ? and0, x : A3 ` B1 ≤ B2 are allderivable without transitivity. Furthermore, we have two new subderivations in which the transitivityappears only once at the end, the sizes of whose types are strictly smaller than those of the origi-nal transitivity application and where maximalβ20-reduction steps do not increase (note indeed thatMaxRed0,x:F (E)=MaxRed0(E) for every0, F andE). SoWeight0(A1, A2, A3) andWeight0,x3:A(B1,

B2, B3) are strictly less thanWeight0(πx:A1.B1, πx:A2.B2, πx:A3.B3). Finally, by the induction hy-pothesis the transitivity application in the new derivations can be eliminated.

Case (S-ApR, S-ApR).By transitivity ofβ-conversion.

Case (S-ApSL,). The derivation must end by

J K

0 ` (B[x := M1])M2..Mn ≤ C

0 ` (3x:A.B)M1..Mn ≤ CS-ApSL

0 ` C ≤ D0 `t (3x:A.B)M1..Mn ≤ D

trans,

DEPENDENT TYPES 31

where J K ≡ 0 ` (3x:A.B)M1..Mn,C, D : ?. By β2 subject-reduction (Lemma 4.21), (B[x :=M1])M2..Mn is well kinded in the context0. So the above derivation can be transformed into

J K ′ 0 ` (B[x := M1])M2..Mn ≤ C 0 ` C ≤ D0 `t (B[x := M1])M2..Mn ≤ D

0 `t (3x:A.B)M1..Mn ≤ DS-ApSL,

trans

whereJ K ′ ≡0 ` (B[x :=M1])M2..Mn, D,C : ?. The sizes of the types in the transitivity applicationmay increase, but the maximal number of steps ofβ20-reduction decreases since (3x:A.B)M1..Mn→β2

(B[x := M1])M2..Mn. So the derivation measureWeightdecreases for the new transitivity application.The result follows by the induction hypothesis.

Case (, S-ApSR). Similar.

Case (S-ApT,). Similar. Just note thatWeightdecreases because there is a0-reduction:

αM1..Mn→0 0(α)M1..Mn.

Case (S-ApR, S-ApT).The derivation must end by

J KM1=βM ′1 · · ·Mn=βM ′n

0 ` αM1..Mn ≤ αM ′1..M ′nS-ApR

0 ` 0(α)M ′1..M′n ≤ C

0 ` αM ′1..M ′n ≤ CS-ApTtrans,

0 `t αM1..Mn ≤ C

whereJ K ≡ 0 ` αM1..Mn, αM ′1..M′n,C : ?. From the kinding assumptionJ K and from the obser-

vation thatα and0(α) have the same kind it follows that

0 ` 0(α)M1..Mn, 0(α)M ′1..M′n,C : ?.

By the reflexivity of subtyping (Proposition 4.24), the judgment0 ` 0(α)M1..Mn ≤ 0(α)M ′1..M′n is

derivable. Therefore, we have a derivation ending by

J K ′ 0 ` 0(α)M1..Mn ≤ 0(α)M ′1..M′n 0 ` 0(α)M ′1..M

′n ≤ C

0 `t 0(α)M1..Mn ≤ C

0 `t αM1..Mn ≤ CS-ApT,

trans

whereJ K ′ ≡ 0 ` 0(α)M1..Mn, 0(α)M ′1..M′n,C : ?. Again theWeightmeasure decreases because of

the0-reduction.

Case (S-ApSR, S-ApSL).The derivation must end by

J K0 ` C ≤ B[x := M1]M2..Mn

0 ` C ≤ (3x:A.B)M1..MnS-ApSR

0 ` B[x := M1]M2..Mn ≤ C′

0 ` (3x:A.B)M1..Mn ≤ C′S-ApSLtrans,

0 `t C ≤ C′

whereJ K ≡ 0 ` C, (3x:A.B)M1..Mn, B[x := M1]M2..Mn : ?. The derivation can be transformedinto

J K ′ 0 ` C ≤ B[x := M1]M2..Mn 0 ` B[x := M1]M2..Mn ≤ C′

0 `t C ≤ C′trans,

whereJ K ′ ≡ 0 ` C, B[x := M1]M2..Mn,C′ : ?. TheWeightdecreases because of theβ2-reduction.


Case (S-OVER,S-OVER).Suppose that the last step of the derivation is

J K 0 ` {πx:Ai .Bi }i∈I ≤ {πx:Eh.Fh}h∈H 0 ` {πx:Eh.Fh}h∈H ≤ {πx:Cj .Dj } j∈J

0 `t {πx:Ai .Bi }i∈I ≤ {πx:Cj .Dj } j∈Jtrans,

whereJ K ≡ 0 ` {πx:Ai .Bi }i∈I , {πx:Eh.Fh}h∈H , {πx:Cj .Dj } j∈J : ?.Since this is the only application of the transitivity rule, the two assumptions can only be derived by

the S-OVER rule. That is,

∀ j ∈ J 0 ` πx:Eφ( j ).Fφ( j ) ≤ πx:Cj .Dj

0 ` {πx:Eh.Fh}h∈H ≤ {πx:Cj .Dj } j∈JS-OVER

and

∀h ∈ H 0 ` πx:Aψ(h).Bψ(h) ≤ πx:Eh.Fh

0 ` {πx:Ai .Bi }i∈I ≤ {πx:Eh.Fh}h∈HS-OVER

with bothφ: J → H andψ : H → I total.For every j ∈ J,

0 ` πx:Aψ(φ( j )).Bψ(φ( j )) ≤ πx:Eφ( j ).Fφ( j ) ∧ 0 ` πx:Eφ( j ) . Fφ( j ) ≤ πx:Cj .Dj .

SinceWeighthas decreased we can apply the induction hypothesis obtaining that for everyj ∈ J

0 ` πx:Aψ(φ( j )).Bψ(φ( j )) ≤ πx:Cj .Dj

which means that

∀ j ∈ J∃i ∈ I 0 ` πx:Ai Bi ≤ πx:Cj .Dj

The result follows by S-OVER.

COROLLARY 4.27 (Admissibility of transitivity). If 0 ` A, B,C : ?, 0 ` A ≤ B, and0 ` B ≤ C,then0 ` A ≤ C.

4.5. Subject Reduction

In this section, we show the generation for typing and prove subject reduction.This result relies on the admissibility of transitivity stated in the previous section. Indeed, the first step

in proving subject reduction consists in proving that every typing derivation can be transformed into aderivation where there are no consecutive applications of the subsumption rule. This follows straight-forwardly from the transitivity of subtyping since whenever there are two consecutive applications ofsubsumption such as

0 ` M : A 0 ` A ≤ B 0 ` A, B : ?

0 ` M : BT-SUB

0 ` B ≤ C 0 ` B,C : ?T-SUB

0 ` M : C

then it is possible to deduce from the transitivity of subtyping that0 ` A ≤ C and, therefore, replacethem by

0 ` M : A 0 ` A ≤ C 0 ` A,C : ?

0 ` M : CT-SUB.

Generation for typing describes the information we can infer about a type from a provable typingjudgment.

DEPENDENT TYPES 33

PROPOSITION4.28 (Generation for typing).

0 ` x : C⇒ 0 ` 0(x) ≤ C

0 ` λx:A.M : C⇒ ∃B s.t. 0, x : A ` M : B ∧ 0 ` πx:A.B ≤ C

0 ` M N : C⇒ ∃A, B s.t. 0 ` M : πx:A.B ∧ 0 ` N : A∧ 0 ` B[x := N] ≤ C

0 ` M • N : C⇒ 0 ` M : {πx:Ai .Bi }i≤n ∧ (∃i ≤ n.0 ` N : Ai ∧ 0 ` Bi [x := N] ≤ C)

0 ` M1& AM2 : C⇒ 0 ` M1 : {πx:Ai .Bi }i=1..n−1 ∧ 0 ` M2 : πx:An.Bn ∧ 0 ` A ≤ C

where A= {πx:Ai .Bi }i=1..n.

Subject reduction is one of the main concerns in the study of dependent types with subtyping. Sincesubtyping is separated from other judgments the proof is quite simple.

PROPOSITION4.29 (Subject reduction).if 0 ` J and J³β J ′. then0 ` J ′.

Proof. It is enough to prove the one step case, since the result follows by induction on the number ofthe steps. We prove the one step case by induction on the derivation of the judgment0 ` J and performa case analysis on the reduction. Without loss of generality, we assume that there are no consecutiveapplications of subsumption.

We show the most significative cases. The others are either similar or straightforward.

Case J≡ 0 ` (λx:A.M)N : B ∧ (λx:A.M)N →β1 M [x := N]. By Proposition 4.28 there existC andD such that0 ` λx:A.M : πx:C.D, 0 ` N : C, and

0 ` D[x := N] ≤ B. (7)

We apply Proposition 4.28 once more and we obtain that there existsF such that0, x:A ` M : F and0 ` πx:A.F ≤ πx:C.D. From this last judgment we deduce that0 ` C ≤ A and that0, x : C ` F ≤D. By Lemma 4.16 we obtain

0, x : A ` F ≤ D. (8)

From0, x:A ` M : F we deduce0, x:A ` ? (Proposition 4.10) and thus0 ` A : ? (rule F-TERM).Since0 ` N : C then0 ` C : ? (Proposition 4.13). We can apply T-SUB to obtain0 ` N : A and bya weakening (third point of Proposition 4.10)

0, x:A ` N : A. (9)

By using Proposition 4.13 and generation for kinding (Proposition 4.14) we obtain0, x:A ` F, D : ?.We can then apply T-SUB to (8) and0, x:A ` M : F and deduce

0, x : A ` M : D. (10)

Finally by (9), (10), and0, x:A ` x : A we can apply the Substitution Lemma 4.11 and obtain

(0, x:A)[x := N] ` M [x := N] : D[x := N].

But 0, x:A ` ?; therefore, by Definition 4.5 (0, x:A)[x := N] = 0. By Proposition 4.130 ` D[x :=N] : ?. Therefore by (7) we can apply T-SUB and deduce0 ` M [x := N] : B, which is the result.

Case0 ` 5x:A.K and A→β A′. In this case, we have a derivation ending by

0, x : A ` K

0 ` 5x:A.KF-5.


It follows from the context property (Proposition 4.10) that0 ` A : ? is derivable by a proof lessdeep than the derivation for0, x : A ` K . Therefore, we can apply the induction hypothesis and get0 ` A′ : ?. By boundβ-equivalence (Proposition 4.25) and the fact that0, x : A ` K andA=β A′, weget0, x : A′ ` K ; the result0 ` 5x:A′.K follows.

Case0 ` (M1& {πx:Ai .Bi }i=1..n M2) • N : C and (M1& {πx:Ai .Bi }i=1..n M2) • N →β& M1 • N. LetA ≡ {πx:Ai .Bi }i=1..n. From0 ` (M1& AM2) • N : C we can deduce that0 ` (M1& AM2) : A, 0 `M1 : {πx:Ai .Bi }i=1..n−1, and

0 ` A : ?. (11)

Acting as in the first case of this proof we can apply Proposition 4.28 twice and couple it with thesubsumption rule to deduce that there existsh ∈ [1..n] such that0 ` N : Ah and0 ` Bh[x := N] ≤ C.

From (11) we deduce that

0, x: Ah ` Bh : ?. (12)

Therefore we have that0, x:Ah ` ? (Proposition 4.10) and thusx /∈ Dom(0) (rule F-TERM).Since0 ` N : Ah and0, x:Ah ` ?, by a weakening (third point of Proposition 4.10) we deduce

0, x:Ah ` N : Ah. We can thus apply the Substitution Lemma 4.11 to (12) and obtain

0 ` Bh[x := N] : ?. (13)

By the definition ofβ& -reduction we have that there existsj ∈ [1..n− 1] such that0 ` N : Aj and

∀Ai 0 ` N : Ai ⇒ Aj ≤ Ai . (14)

Therefore

0 ` N : Ah ⇒ 0 ` Aj ≤ Ah By (14)

⇒ 0, x : Aj ` Bj ≤ Bh By covariance to deduce (11)

⇒ 0[x := N] ` Bj [x := N] ≤ Bh[x := N] Lemma 4.6

⇒ 0 ` Bj [x := N] ≤ Bh[x := N] Sincex /∈ Dom(0).

Finally we have

M1 : {πx:Ai .Bi }i=1..n−1∧0 ` N : Aj ⇒⇒ M1 • N : Bj [x := N] T-OAPP

⇒ M1 • N : Bh[x := N] By (13) and T-SUB

⇒ M1 • N : C By T-SUB and Proposition 4.13.

4.6. Conservativity

In this section, we show thatλ5& is a conservative extension both ofλ5≤ and ofλ&. In other words,let 0 ` J be a judgment derivable inλ5& : if expressions inJ are free of overloaded types and terms,then0 ` J is derivable inλ5≤; if expressions inJ are free of dependent types and terms, then0 ` Jis derivable inλ&.

This is not a straightforward property since, for example, a derivation ending with a judgment free ofoverloading terms and types may contain overloaded terms or types in some judgments in the middleof the derivation. So a judgment not provable inλ5≤ might be provable inλ5& even if the judgmentis free of overloading. For example we might have two overloading free typesA and B and a typeCcontaining overloaded types such thatA ≤ C ≤ B is provable inλ5& but A ≤ B is not provable inλ5≤ (this happens, for example, whenF≤ is extended by recursive types; see [Ghe93]).

DEPENDENT TYPES 35

4.6.1. Conservativity with Respect toλ5≤

DEFINITION 4.30 (Free of overloading). We say a preexpressionU is free of overloading if it doesnot contain overloaded terms (overloaded function and application) or types.

We use=Sβ to denoteβ-conversion in the systemSand`S to denote judgment provable in systemS.

LEMMA 4.31 (Conservativity of conversion).Given the preexpressions U, V , if U , V are free ofoverloading,then

1. U →β U ′ ⇒ U ′ is free of overloading

2. U=βλ5&V ⇒ U=βλ5≤V .

PROPOSITION4.32 (Conservativity of judgment).Suppose that0 is a context in which all expressionsare free of overloading and J is either a typing, kinding, context formation,or subtyping judgment.Then,

0 `λ5&J ⇒ 0 `λ5≤ J.

Proof. The proof is very easy. This is due to the fact that the rules that define our system satisfy thesubformula property. This is important in particular for the subtyping rules, which are transitivity free.

Therefore we can first prove the assertion on the subtyping system by induction on the depth ofthe derivation. The interesting cases are S-ApR and S-3 where there areβ conversions and that arestraightforwardly proved by using Lemma 4.31 (2).

And finally the result is proved by a simultaneous induction on the depth of the derivations of contextformation, typing, and kinding judgments.

4.6.2. Conservativity with Respect toλ&

In this subsection we prove thatλ5& is a conservative extension ofλ&-calculus, whose preexpressionsare defined as follows

M ::= x | λx:A.M | M M | ε | M& AN | M • M

A ::= α | A→ A | {A→ A, . . . , A→ A}K ::= ?0 ::= 〈〉 | 0, x : A | 0, α ≤ A : K .

In the rest of this section,A→ B denotes the typeπx : A.B wherex is not free inB.

DEFINITION 4.1. Let0 be aλ5& context. We useSD(0) andTD(0) to denote respectively the set ofall subtyping declarations and the set of all typing declarations in0. More precisely we have:

SD(0) =〈〉 for 0 ≡ 〈〉

SD(0′), α ≤ A: ? for 0 ≡ 0′, α ≤ A : ?SD(0′) for 0 ≡ 0′, J andJ 6≡ α ≤ A : ?

TD(0) =〈〉 for 0 ≡ 〈〉

TD(0′), x: A for 0 ≡ 0′, x: ATD(0′) for 0 ≡ 0′, J andJ 6≡ x: A

In order to compareλ& with λ5& we give a definition ofλ&, which results in a system that is slightlydifferent from that of [CGL95]. There are two differences between “standard”λ& and λ5& and theyboth concern the subtyping of atomic types. The first is that, inλ&, it is possible to have in a context twosubtyping declarations for the same lower bound (such asα ≤ A, α ≤ B) while this is not allowed inλ5& . The second difference is that, inλ&, the upper bound, sayA, occurring in a subtyping declaration


α ≤ A, must be an atomic type, while inλ5& , A can be any type.24 The variant ofλ& presented belowtakes theλ5& approach and allows at most one subtyping declarationα ≤ A for each atomic typeαbut allowsA to be any type. Finally, sinceλ& does not have dependent types, then no type containsterms. Therefore, context in subtyping judgment do not need to contain typing declarations. Thus, let6 be a generic context of subtyping declarations of the formα ≤ A : ? (whereA is aλ& pretype). Thesubtyping relation induced forλ&-calculus by6 is defined as follows:

Subtyping

Sλ& -REFL6 `λ& α ≤ α Sλ& -→ 6 `λ& A′ ≤ A 6 `λ& B ≤ B′

6 `λ& A→ B ≤ A′ → B′

Sλ& -TRANS6 `λ& 0(α) ≤ A

6 `λ& α ≤ ASλ& -OVER

∀ j ∈ J∃i ∈ I 6 `λ& Ai → Bi ≤ A′j → B′j6 `λ& {Ai → Bi }i∈I ≤ {A′i → Bi } j∈J

.

The remaining rules ofλ&-calculus are given below. Note that the T-SUB rule is, the only connectionbetween subtyping and the rest of the system. Note also that as contexts do not contain kinding decla-rations, all the atomic types are considered well formed.25

Context formation

Fλ& -EMPTY 〈〉 `λ& ?Fλ& -TERM

0 `λ& A : ? x /∈ Dom(0)

0, x : A `λ& ?

Fλ& -SUBTYPE0 `λ& A : ? α /∈ Dom(0)

0, α ≤ A : ? `λ& ?

Kinding

Kλ& -VAR0 ` ?

0 `λ& α : ?Kλ& -→ 0 `λ& A : ? 0 `λ& B : ?

0 `λ& A→ B : ?

0 ` ?∀i ∈ I .0 `λ& Ai → Bi : ?

∀i, j ∈ I .0 `λ& Ai ≤ Aj ⇒ 0 `λ& Bi ≤ Bj

Kλ& -OVER ∀A.(∀i ∈ I .0 `λ& A 6≤ Ai ) ∨∨(∃!i ∈ I .0 `λ& A ≤ Ai ∧ ∀ j ∈ I .0 `λ& A ≤ Aj ⇒ 0 `λ& Aj ≤ Ai )

0 `λ& {Ai → Bi }i∈I : ?

Typing

Tλ& -VAR0 ` ? x ∈ Dom(0)

0 `λ& x : 0(x)Tλ& -ε

0 ` ?0 ` ε : {}

Tλ& -λ0, x : A `λ& M : B

0 `λ& λx : A.M : A→ BTλ& -&

0 `λ& {Ai → Bi }i≤n+1 : ?0 `λ& M : {Ai → Bi }i≤n

0 `λ& N : An+1→ Bn+1

0 `λ& M& {Ai→Bi }i≤n+1 N : {Ai → Bi }i≤n+1

24 These two differences are closely related. They both serve to avoid relating types with different structures (e.g., an overloadedtype and aπ -type). In this work we followed the theoretically oriented approach of [AC96b] in which there is at most one subtypingdeclaration for each atomic type. In [CGL95] instead atomic types may form a lattice, since it is a more practically-orientedsolution (it allows the so-called “multiple-inheritance”). We believe that an implementation ofλ5& should use this secondsolution instead.

25 We preferred to maintain the notation “α ≤ A : ?” for subtyping declarations, even though the “:?” could be clearly omitted.

DEPENDENT TYPES 37

Tλ& -APP0 `λ& M : A→ B 0 `λ& N : A

0 `λ& M N : B

Tλ& -OAPP0 `λ& M : {Ai → Bi }i≤n 0 `λ& N : Ai

0 `λ& M • N : Bi

Tλ& -SUB0 `λ& M : A SD(0) `λ& A ≤ B 0 `λ& A, B : ?

0 `λ& M : B

The notions of reduction areβ& asβ1 as defined forλ5& . It is easy to verify by using Theorems 4.2.2 and4.2.4 of [Cas97] that the above definition is equivalent to the one in [CGL95] (modulo the differenceson the subtyping of atomic types).

DEFINITION 4.33 (Free of dependent types). We say that aλ5& judgment0 ` J is free of dependenttypes iflength(0) = length(SD(0))+ length(T D(0)) (that is,0 does not contain kinding declarationsof the formα : K or α ≤ A : 5x : A′.K ) and

1. if J ≡ A ≤ B, thenA, B areλ& pretypes;

2. if J ≡ A : ?, thenA is aλ& pretype;

3. if J ≡ M : A, thenM is aλ& preterm andA aλ& pretype;

4. for allα ∈ Dom(0), 0(α) is a λ& pretype.

PROPOSITION4.34 (Conservativity of subtyping w.r.tλ&). If 0 ` A ≤ B is free of dependent types,then0 `λ5&

A ≤ B implies SD(0) `λ& A ≤ B.

Proof. By induction on the derivation of0 `λ5&A ≤ B and performing a case analysis on the last

rule of the derivation.

Similarly, we have

PROPOSITION4.35 (Conservativity w.r.t. λ&). If 0 ` J is free of dependent types, then0 `λ5&J

implies0 `λ5 J .

Proof. Straightforward induction on the derivation of0 ` J. The case subsumption requires the useof Proposition 4.34. For the case K-π , note that0, x : A `λ5&

B : ? implies that0 `λ5&B : ?. Indeed,

it is easy to see that well-formation under a context0 depends only on the subtyping declarations of0,that is, that for every judgmentJ of the form? or A : ?, we have that0 `λ& J impliesSD(0) `λ& J.This last observation is used also for the case K-OVER.

5. STRONG NORMALIZATION

Systemλ5& is not strongly normalizing since it is a conservative extension ofλ&-calculus that isnot strongly normalizing [CGL95]. But, as forλ&, strong normalization holds for a subsystem ofλ5&

that we callλ5−& . The study of strong normalization is not undertaken for its own sake, but becausein this framework strong normalization implies decidability of subtyping, which in its turn impliesthe decidability of the type system. Thus thanks to the strong normalization result of this section andthe result of Section 7 we are able to show thatλ5−& is a (type) decidable subsystem ofλ5& (whosetype system is not decidable). In this section we adapt toλ5−& the technique developed in [CGL95] toprove strong normalization forλ&−, a subsystem ofλ&.

In order to prove strong normalization in the subsystemλ&− of λ&-calculus, [CGL95] introduces avariant of the Tait proof technique [Tai67] (improved by Girard in [Gir87]). Recall that the Tait methodconsists of the following steps:

1. define a set of terms called the reducible setR,

2. show thatM ∈ R⇒ M ∈61, where61 is the set of strongly normalizing terms,

3. show thatM : A⇒ M ∈ R; that is, well-typed terms belong to the reducible set.


The reducible set is a union of sets indexed over types:R= ∪A∈TypesRA. For example, for the simplytypedλ-calculusRA is defined inductively as

1. M ∈ RA⇔ M ∈61 A is an atomic type

2. M ∈ RA→B ⇔ ∀N ∈ RA.M N ∈ RB.

A naive (and wrong) generalization of the above definition toλ&-calculus might be

1. M ∈ RA⇔ M ∈61 A is an atomic type

2. M ∈ RA→B ⇔ ∀A′ ≤ A.∀N ∈ RA′ .M N ∈ RB

3. M ∈ R{Ai→Bi }i∈I ⇔ ∀A′ ∈ [ Ai ] i∈I .∀N ∈ RA′ .M • N ∈ RBi

where [Ai ] i∈I denotes the set of types that are less than or equal to at least one of theAi .However, this definition is not well founded. The definition of the setRA→B (andR{Ai→Bi }i∈I ) is given

in terms of a setRA′ that might not be structurally smaller thanRA→B (andR{Ai→Bi }i∈I ). Consider thetypesA ≡ { } andB ≡ {A→ A}. ThenB ≤ A, but B is intuitively “bigger” thanA, sinceA occursin it. This partly explains why theλ&-calculus is not strongly normalizing.26 On the other hand, thisobservation helps to find a normalizing subsystem. A possible solution to this problem is to define ameasure functionrankfrom types to naturals and require that each subtyping rule for a judgmentB ≤ Ahas an additional condition thatrank(B)≤ rank(A). Therank function should have the property that ifB is a proper subexpression ofA, thenrank(B)< rank(A).

To adapt the above technique toλ5& , we define therank function aspSizewhich is a partial approx-imation of the size of a type, where the information relevant to type family is ignored. More precisely,the measurepSizeis defined as follows:

pSize(α) = 0pSize(AM) = pSize(A)pSize(πx:A.B) = pSize(A)+ pSize(B)+ 1pSize(3x:A.B) = pSize(B)pSize({πx:Ai .Bi }i∈I ) = maxi∈I {pSize(πx:Ai .Bi )} + 1.

Obviously, if B is a proper subexpression of a typeA, thenpSize(B)< pSize(A). Furthermore, for anyterm N, pSize(A[x := N])= pSize(A).

DEFINITION 5.1 (λ5−& system). Theλ5−& system is the subsystem ofλ5& where each subtyping rulefor a judgment0 ` B ≤ A has the additional conditionpSize(B) ≤ pSize(A).

The main result of this section is that terms inλ5−& are strongly normalizing.

EXAMPLE. Consider again the typesA ≡ { } andB ≡ {A→ A}. Note thatB ≤ A holds inλ5& butit does not hold inλ5−& sincepSize(A)= pSize({ }) = 1< 4= pSize({{ } → { }})= pSize(B).

Intuitively, it is clear that in a normalizing calculusB ≤ A must not hold. Otherwiseλx:B.x • xwould be well typed (with typeB→ A) and from such a term that it would not be too difficult to derivea nonnormalizing term.

5.1. Typed-Inductive Property

In the Tait method, we need to prove that every well-typed term belongs to the reducible set. Such aproof is difficult in the presence of overloaded types. To make things simpler, in [CGL95], an intermediatenotion of a set of terms being “typed inductive” is introduced.

The main steps in the proof’s strong normalization ofλ&−-calculus (and ofλ5−& ) are:

1. Define when a set6 is typed inductive,

2. Define6∗ as theapplication closureof the typed inductive set,

26 For example, note that the typeB ≡ {{ } → { }} is trivially well-formed. SinceB ≤ { }, then the application of a term oftype B to itself is well-typed. Once we are able to type auto-application it is then very easy to define non-normalizing terms orfix-point combinators (see [CGL95] for details).

DEPENDENT TYPES 39

3. Show thatM ∈6⇔ M ∈6? ⇔ M is well typed,

4. Show that the set of (well-typed) strongly normalizing terms is typed inductive.

In order to ensure that the typed-inductive property and its application closure are well defined, weneed an inductive measure that satisfies the following properties:

Weight0(AM1..Mn) < Weight0(αM1..Mn) if α ≤ A ∈ 0Weight0(B[x := M1]M2..Mn) < Weight0((3x : A.B)M1..Mn).

Weight0 should be based on bothβ2-reduction and0-reduction. This suggests including the maximalnumber of steps ofβ20 reduction in the induction measure. Observe that we only need to consider thereductions such that the redex is at the head of a term. So we define thehead0-reduction, denoted by→h0, and theheadβ2-reduction, denoted by→hβ2, as follows:

αM1..Mn →h0 0(α)M1..Mn

(3x:A.B)M1..Mn →hβ2 B[x := M1]M2..Mn.

The headβ20-reduction, denoted by→hβ20, is defined as the reflexive and transitive closure of→h0 ∪ →hβ2. Sinceβ20-reduction is normalizing, so is the headβ20-reduction. Given a pretypeAand a context0, we define the measureMaxRed0(A) as the maximal length of the headβ20-reductionfrom A. Note that a headβ20-redex forA, if it exists, is alwaysA itself. Note especially that is therehβ20-reduction neither in a type label, such asB in3x:B.C, nor in a term. Hence,MaxRed0 is invariantunder substitutions on term variables:MaxRed0(A[x := N])=MaxRed0(A).

Furthermore, the measurepSizeshould be taken into account. So we defineWeight0 as the lexico-graphical order ofMaxRed, defined in Section 4.4, andpSize:

Weight0(A) = 〈MaxRed0(A), pSize(A)〉.

Observe thatMaxRed0(A), and thusWeight0(A), depends only on the subtyping declarations of0.Therefore, we have, for example,Weight0,x:B(A)=Weight0(A).

The following lemma shows thatWeight0 can be used as an induction measure in the definitions andproofs concerning type structure.

LEMMA 5.2 (Properties ofWeight0). Suppose that all types in the following statements are wellformed under the context0.

1. Weight0(A[x := N])=Weight0(A)

2. α ≤ A ∈ 0⇒Weight0(AM1..Mn)< Weight0(αM1..Mn) for any set M1, ..,Mn

3. Weight0(B[x := M1]M2..Mn)<Weight0((3x : A.B)M1..Mn)

4. Weight0(A), Weight0(B)<Weight0(πx : A.B)

5. Weight0(B[x := N])<Weight0(πx : A.B)

Proof. (1) By the definition ofWeight0(A) and the properties thatMaxRed0(A[x := N]) =MaxRed0(A) and pSize(A[x := N]) = pSize(A); (2) by 0-reduction; (3) byβ2-reduction; (4) bypSize. Note thatWeight0(B)=Weight0,x:A(B); (5) by (1) and (4).

Notation 5.3. (M ◦ N). We useM ◦ N to denote eitherM.N or M • N (according to the type ofM). N ◦ EM denotesN ◦ M1 ◦ . . . ◦ Mn for n ≥ 0.

One of the differences betweenλ5& and λ& is the explicit use of the context0 in the typingrules. Hence, a typed inductive set must be indexed on both type and context:6〈0,A〉. The followingdefinition of a basic set characterizes context related properties that a typed inductive set must satisfy.The definition for typed inductive set is based on the notion of basic set.

DEFINITION 5.4 (Basic set). A family6 of sets of terms{6〈0,A〉}, indexed over well-formed context0 and typeA, is abasic setif


1. M ∈ 6〈0,A〉 ⇒ 0 ` M : A,

2. 0 ` A : ?,

3. 0′ ` ? ∧ 0 ⊆ 0′ ∧ 0 ` A : ?⇒ 6〈0,A〉 ⊆ 6〈0′,A〉,4. 0 ` A, A′ : ? ∧ 0 ` A ≤ A′ ⇒ 6〈0,A〉 ⊆ 6〈0,A′〉,

where0 ⊆ 0′ means that0′ is an extension of0′; that is,0′ = 0,0′′ for some0′′.

An example of a basic set6〈0,A〉 is the set of normalized terms of typeA under the context0.We write M ∈6 if there exists0, A such thatM ∈6〈0,A〉 and EM ∈6 if M1∈6, . . . ,Mn ∈6. When

0 is clear from the context, we may omit the label0 in 6〈0,A〉 and just write6A.A special case of the fourth condition of a basic set is whenA=β A′, we have

FACT 5.5. 0 ` A, A′ : ? ∧ A= β A′ ⇒ 6〈0,A〉 = 6〈0,A′〉.

Proof. By the admissibility of reflexivity.

Now, we need to adapt the notation∈if 6A from [CGL95]. Here we need to add the context to thesubscript. Intuitively,M ∈if 6〈0,A〉 means that “ifM has typeA, thenM belongs to6〈0,A〉.”

Notation 5.6 (∈if 6〈0,A〉).

M ∈if 6〈0,A〉 ⇔ (0 ` M : A⇒ M ∈6〈0,A〉)

The next definition introduces the notionM0,A ◦ EN ∈if 6. Intuitively, it means that forM with typeA under the environment0 if M ◦ EN is well typed, then it belongs to6. M may have some other types,sayB, but the condition here does not require thatM ◦ EN is well typed whenM is considered as a termin type B. More precisely, we have

DEFINITION 5.7 (M0,A ◦ EN ∈if 6). Suppose that6 is a basic set, thatEN ∈6, and that0 ` M : A.The relationM0,A ◦ EN ∈if 6 is defined as follows,

1. M0,A ∈if 6⇔ M ∈if 6〈0,A〉;

2. M0,αM1..Mn ◦ N ◦ EN ′ ∈if 6⇔M0,AM1..Mn ◦ N ◦ EN ′ ∈if 6 for α ≤ A : K ∈ 0;

3. M (0,3x:A.B)M1..Mn ◦ N ◦ EN ′ ∈if 6⇔ M0,B[x:=M1]M2..Mn ◦ N ◦ EN ′ ∈if 6;

4. M0,πx:A.B ◦ N ◦ EN ′ ∈if 6⇔ (N ∈ 6〈0,A〉 ∧ M N ∈if 6〈0,B[x:=N]〉 ∧(M N)0,B[x:=N] ◦ EN ′ ∈if 6);

5. M0,{πx:Ai .Bi }i∈I ◦ N ◦ EN ′ ∈if 6 ⇔ (∃i ∈ I .N ∈ 6〈0,Ai 〉 ∧ M • N ∈if 6〈0,Bi [x:=N]〉 ∧(M • N)0,Bi [x:=N] ◦ EN ′ ∈if 6).

By Weight0(A), the relationM0,A ◦ EN ∈if 6 is well defined.Note that the caseM0,αM1..Mn ◦ EN ∈if 6 whereα : K ∈ 0 is covered in the first case. For such

M,M N1..Nn with n ≥ 1 will never be well typed.For convenience, the above notion is extended to the general notionM ∈i f 6.

DEFINITION 5.8 (M ∈if 6). The relationM ∈if 6 is defined over the structure of termM ,

1. x ∈if 6⇔ (∃0, A. x ∈if 6〈0,A〉)2. ε ∈if 6⇔True

3. λx : C.N ∈if 6⇔ (∃0, A.0 ` λx:C.N : πx:C.A⇒ λx:C.N ∈i f 6〈0,πx:C.A〉)4. M1& W M2 ∈if 6⇔ ∃0M1& W M2 ∈if 6〈0,W〉5. M ◦ N ◦ EN ′ ∈if 6⇔ ∃0, A.M0,A ◦ N ◦ EN ′ ∈if 6.

With these preparations, we can now introduce the notions of a typed inductive set and its applicationclosure.

DEPENDENT TYPES 41

DEFINITION 5.9 (Typed-inductive set). Let6={6〈0,A〉}be a basic set ofλ5−& terms andEN a sequenceof well-typed terms.6 is typed-inductiveif it satisfies the following conditions:

(ε) ε ∈ 6〈0,{}〉(x) ∀x ∈ 6〈0,A〉, EN ∈ 6. x0,A ◦ EN ∈if 6

(&1) ∀M1 ∈ 6〈0,W〉,M2 ∈ 6〈0,πx:A.B〉, EN ∈ 6.(M0,W1 ◦ EN ∈i f 6 ∧ M0,πx:A.B

2 ◦ EN ∈if 6 ⇒(M1& W∪{πx:A.B}M2) ◦ EN ∈if 6)

(λ1) ∀M ∈ 6〈0,A〉, EN ∈ 6 .M [x := N]0,A ◦ EN ∈if 6⇒ (λx:B.M)0,πx:B.A · N ◦ EN ∈if 6

(&2) ∀M1 ∈ 6〈0,W〉,M2 ∈ 6〈0,πx:A.B〉.M1& W∪{πx:A.B}M2 ∈if 6

(λ2) ∀M ∈ 6〈(0,x:A),B〉.λx : A.M ∈if 6〈0,πx:A.B〉.

DEFINITION 5.10 (Application closure of6). Let {6〈0,A〉} be a typed-inductive set. Itsapplicationclosurein λ5−& , denoted by{6∗〈0,A〉}, is inductively defined on the structure ofA as follows:

CaseαM1..Mn: There are two subcases: (1) ifα : K ∈ 0, thenM ∈ 6?〈0,αM1..Mn〉 ⇔M ∈6〈0,αM1..Mn〉.

(2) if α ≤ A : K ∈0, thenM ∈ 6?〈0,αM1..Mn〉 ⇔ M ∈ 6〈0,αM1..Mn〉 ∧ M ∈ 6?

〈0,AM1..Mn〉.

Case(3x:A.B)M1..Mn : M ∈ 6?〈0,(3x:A.B)M1..Mn〉 ⇔ M ∈ 6〈0,(3x:A.B)M1..Mn〉 ∧ M ∈

6?〈0,B[x:=M1]M2..Mn〉.

Caseπx:A.B : M ∈ 6?〈0,πx:A.B〉 ⇔ M ∈ 6〈0,πx:A.B〉 ∧ (∀0′, N.0′ ` ? ∧ 0 ⊆ 0′ ∧ N ∈ 6?

〈0′,A〉 ⇒M N ∈ 6?

〈0′,B[x:=N]〉).

Case{πx:Ai .Bi }i∈I : M ∈ 6?〈0,{πx:Ai .Bi }i∈I 〉 ⇔ M ∈ 6〈0,{πx:Ai .Bi }i∈I 〉 ∧ (∀i ∈ I .∀0′, N.0′ ` ?∧0 ⊆

0′ ∧ N ∈ 6?〈0′,Ai 〉 ⇒ M • N ∈ 6?

〈0′,Bi [x:=N]〉).

This definition is well formed.

LEMMA 5.11 (Well-definedness of6?〈0,A〉). The set6?

〈0,A〉 is well-defined on each well-formedtype A.

Proof. Induction on Weight0(A).

The notion of application closure has a simpler presentation:

LEMMA 5.12 (Equivalent presentation of application closure).M ∈ 6?〈0,A〉 if and only if M ∈

6〈0,A〉 ∧ (∀0′, N.0′ ` ? ∧ 0 ⊆ 0′ ∧ N ∈ 6?〈0′,B〉 ⇒ M0,A ◦ N ∈if 6?).

Proof. Induction on Weight0(A).

5.2. The application closure

A typed-inductive set6 is a basic set, so6 has all four properties of Definition 5.4. The applicationclosure6? is a subset of6 in the sense that6?

〈0,A〉 ⊆ 6〈0,A〉 for each context0 and typeA. Evidently,not all subsets of6 enjoy the nice properties of basic sets. But we can show that6? is still a basic set.Actually we need only to verify that the last two conditions of a basic set hold for6?.

First we show that6?〈0,A〉 enjoys the third property of basic sets.

LEMMA 5.13 (Invariance of6? under context extension).

0′ ` ? ∧ 0 ⊆ 0′ ∧ 0 ` A : ?⇒ 6?〈0,A〉 ⊆ 6?

〈0′,A〉

Proof. By the definition of6?,6 is typed-inductive and thus a basic set. Therefore,

0′ ` ? ∧ 0 ⊆ 0′ ∧ 0 ` A : ?⇒ 6〈0,A〉 ⊆ 6〈0′,A〉.

The proof proceeds by induction onWeight0(A).


Given a termM ∈ 6?〈0,πx:A.B〉, we want to show that, for any termN ∈6?

〈0,A〉, we haveM N ∈6?〈0,B[x:=N]〉. Due to subtyping, it may happen thatM will be applied to an argumentN ∈ 6?

〈0,A′〉 whereA′ ≤ A. Hence, we want to show that

0 ` A′ ≤ A⇒ 6?〈0,A′〉 ⊆ 6?

〈0,A〉.

A special case of this property is whenA′ andA areβ-convertible:

A=β A′ ⇒ 6?〈0,A〉 = 6?

〈0,A′〉.

To prove this property, we first study a special case where theβ conversion is restricted to headβ2-reduction, which has been defined as (see Section 5.1)

(3x:A.B)M1 . . .Mn→hβ2 B[x := M1]M2..Mn.

6? is invariant under headβ2-reduction.

LEMMA 5.14 (6? and headβ2-reduction).

0 ` A : ? ∧ A→hβ2 A′ ⇒ 6?〈0,A〉 = 6?

〈0,A′〉

Let Ahβ2 denote the head normal form ofhβ2-reduction.

COROLLARY 5.15 (β2 hnf and6?). 0 ` A : ?⇒ 6?〈0,A〉 = 6?

〈0,Ahβ2〉.

Now we show that6? is invariant underβ conversion.

LEMMA 5.16 (6? type conversion).

0 ` A, A′ : ? ∧ A=β A′ ⇒ 6?〈0,A〉 = 6?

〈0,A′〉

Proof. First note that0 ` A, A′ : ?∧ A=β A′ ⇒ 6〈0,A〉 = 6〈0,A′〉. The proof proceeds by inductiononWeight0(A).

Now we can show the main result of this section:6?〈0,A〉 is monotonic with respect to subtyping.

LEMMA 5.17 (Subtyping implies application closure containment).

0 ` A ≤ B ∧ 0 ` A, B : ?⇒ 6?〈0,A〉 ⊆ 6?

〈0,B〉

Proof. Since a typed-inductive set is a basic set, we have

0 ` A ≤ B⇒ 6〈0,A〉 ⊆ 6〈0,B〉.

Given A, B satisfying the condition of the lemma andM ∈ 6?〈0,A〉, we need to show thatM ∈ 6?

〈0,B〉.Note that we haveM ∈ 6〈0,B〉.

The proof proceeds by induction on the derivation depth ofWeight0(A)+Weight0(B). Note that forany0′ such that0′ ` ? ∧ 0 ⊆ 0′,

Weight0′ (A)+Weight0′ (B) =Weight0(A)+Weight0(B).

We proceed according to the last rule used to derive0 ` A ≤ B.

Case(S-π). Assume that the last step of the derivation for0 ` A ≤ B is

0 ` C ≤ E 0, x : C ` F ≤ D

0 ` πx:E.F ≤ πx:C.DS-π,

DEPENDENT TYPES 43

whereA ≡ πx:E.F, B ≡ πx:C.D. Let M ∈ 6?〈0,πx:E.F〉; we need to show that

∀0′, N.0′ ` ? ∧ 0 ⊆ 0′ ∧ N ∈ 6?〈0′,C〉 ⇒ M N ∈ 6?

〈0′,D[x:=N]〉.

Let 0′ be such that0′ ` ? ∧ 0 ⊆ 0′. The proof proceeds as follows:

N ∈ 6?〈0′,C〉 ⇒ N ∈ 6〈0′,C〉

⇒ 0′ ` N : C

0′ ` C ≤ E ⇒ 6?〈0′,C〉 ⊆ 6?

〈0′,E〉 induction hypothesis (I H )

0′, x : C ` F ≤ D ⇒ 0′ ` F [x := N] ≤ D[x := N]

∧ pSize(F [x := N]) = pSize(F) < pSize(πx:E.F)

∧ pSize(D[x := N]) = pSize(D) < pSize(πx:C.D)

⇒ 6?〈0′,F [x:=N]〉 ⊆ 6?

〈0′,D[x:=N]〉 I H

6?〈0′,C〉 ⊆ 6?

〈0′,E〉 ⇒ N ∈ 6?〈0′,E〉

M ∈ 6?〈0,πx:E.F〉 ⇒ M ∈ 6?

〈0′,πx:E.F〉⇒ M N ∈ 6?

〈0′,F [x:=N]〉⇒ M N ∈ 6?

〈0′,D[x:=N]〉⇒ 6?

〈0′,πx:E.F〉 ⊆ 6?〈0′,πx:C.D〉.

Case(S-ApR). Suppose that the last step of the derivation for0 ` A ≤ B is

M1=βM ′1 · · ·Mn=βM ′n0 ` αM1..Mn ≤ αM ′1..M ′n

S-ApR.

The result follows from Lemma 5.16.

Case (S-ApT). Suppose the last step of the derivation for0 ` A ≤ B is

0 ` 0(α)M1..Mn ≤ B

0 ` αM1..Mn ≤ BS-ApT.

Then

6?〈0,αM1..Mn〉 = 6?

〈0,0(α)M1..Mn〉 definition of6?

⊆ 6?〈0,B〉 I H .

Cases(S-ApSL) and (S-ApSR). Similar.

Case(S-OVER). Suppose that the last step of the derivation of0 ` A ≤ B is

∀ j ∈ J∃i ∈ I 0 ` πx:Ai .Bi ≤ πx:Cj .Dj

0 ` {πx:Ai .Bi }i∈I ≤ {πx:Cj .Dj } j∈JS-OVER,

whereA ≡ {πx:Ai .Bi }i∈I , B ≡ {πx:Cj .Dj } j∈J .


Assume thatM ∈ 6?〈0,{πx:Ai .Bi }i∈I 〉 andN ∈ 6?

〈0,Cj 〉. Let0′ be such that0′ ` ?∧ 0 ⊆ 0′; we need toprove thatM • N ∈ 6?

〈0′,Dj [x:=N]〉 . We proceed as follows:

0′ ` {πx:Ai .Bi }i∈I ≤ {πx:Cj .Dj } j∈J

⇒∃h ∈ I 0′ ` πx:Ah.Bh ≤ πx:Cj .Dj by definition

∧ pSize(πx:Ah.Bh) < pSize(A) ∧ pSize(πx:Cj .Dj ) < pSize(B)

⇒0′ ` Cj ≤ Ah ∧ 0′, x : Cj ` Bh ≤ Dj S-π

∧ pSize(Cj ) < pSize(πx:Cj .Dj ) ∧ pSize(Ah) < pSize(πx:Ah, Bh)

⇒6?〈0′,Cj 〉 ⊆ 6?

〈0′,Ah〉 I H

⇒ N ∈ 6?〈0′,Ah〉

⇒M • N ∈?〈0′,Bh[x:=N]〉 . by definition of6?

On the other hand,

0′, x : Cj ` Bh ≤ Dj

⇒ 0′ ` Bh[x := N] ≤ Dj [x := N]

∧ pSize(Bh[x := N]) = pSize(Bh) < pSize(πx:Ah.Bh) < pSize(A)

∧ pSize(Dj [x := N]) = pSize(Dj ) < pSize(πx:Cj .Dj ) < pSize(B)

⇒ 6?〈0′,Bh[x:=N]〉 ⊆ 6?

〈0′,Dj [x:=N]〉 I H

⇒ M • N ∈ 6?〈0′,Dj [x:=N]〉

⇒ M ∈ 6?〈0′,{πx:Cj .Dj } j∈J 〉 by definition of6?

⇒ 6?〈0′,{πx:Ai .Bi }i∈I 〉 ⊆ 6?

〈0′,{πx:Cj .Dj } j∈J 〉.

COROLLARY 5.18. 0 ` A ≤ B ∧ 0 ` B ≤ A∧ 0 ` A, B : ?⇒ 6?〈0,A〉 = 6?

〈0,B〉

5.3. Relation between6 and6?

In this section we study the relationship between typed-inductive set6 and its application closure6?.The main result is Corollary 5.22, which states that every typed-inductive set contains all the well-typedterms. Its proof relies on the following lemma. In the following,N ∈ 6? will mean thatN ∈ 6?

〈0,A〉 forsome typeA and environment0.

LEMMA 5.19 (6if implies6?).

M ∈ 6?〈0,A〉 ⇔ 0 ` M : A∧∀ EN ∈ 6?

.M0,A ◦ EN ∈if 6

Proof.

(⇒) We prove the stronger property

M ∈ 6?〈0,A〉 ⇒ ∀ EN ∈ 6?

.M0,A ◦ EN ∈if 6?

by induction on the length ofEN.

(⇐) When EN is empty, by definition, we have

0 ` M : A∧ M0,A ∈if 6⇒ M ∈ 6?〈0,A〉.

The proof proceeds by induction onWeight0(A).

DEPENDENT TYPES 45

The following lemma shows that ifx : A ∈ 0, thenA is a minimal type27 for the term variablex.

LEMMA 5.20 (Minimal type for variable).

01, x : A, 02 ` x : B⇒ 01, x : A, 02 ` A ≤ B

Proof. By observation of the typing rules.

Now we prove the main result of this section.

PROPOSITION5.21. For every typed-inductive set6

0 ` M : A : ?⇒ M ∈ 6∗〈0,A〉.

Proof. We prove the following stronger property, given a context0, termsP1, . . . , Pn,M , and typesC1, . . . ,Cn, B (with n ≥ 0):

∀σ ≡ [x1 := P1, . . . , xn := Pn].

(∀i ∈ [1..n].0, x1 : C1, . . . , xi−1 : Ci−1 ` Pi : Ci ∧ Pi ∈ 6?〈0,Ci [x1:=P1,...,xi−1:=Pi−1]〉)

∧0, x1 : C1, . . . , xn : Cn ` M : B : ?⇒ Mσ ∈ 6?〈0,Bσ 〉

Let σ be the substitution satisfying the condition of the above property,Dom(σ) = {x1, . . . , xn}, 0′ =0, x1 : C1, . . . , xn : Cn. Note that

1. 0′σ = (0, x1 : C1, . . . , xn : Cn)σ = 0 Definition 4.5

2. j > i ≥ 1⇒ xj /∈ Fv(Ci )

3. Ci [x1 := P1, . . . , xi−1 := Pi−1] = Ciσ

4. 0′ ` A ≤ B⇒ 0 ` Aσ ≤ Bσ Lemma 4.6

5. 0 ` Aσ ≤ Bσ : s⇒ 6?〈0,Aσ 〉 ⊆ 6?

〈0,Bσ 〉 Lemma 5.17

6. 0, x1 : C1, . . . , xi−1 : Ci−1 ` Ci : ? ∧ 0 ` Ciσ : ? Proposition 4.11

7. 0 ` Bσ : ? Proposition 4.11

Induction on the size ofM . We analyse the different cases forM .

Case M≡ x. Then,0′ ` x : B⇒ 0 ` xσ : Bσ ⇒ 0 ` Bσ : ?.

1. x /∈ Dom(σ). Then,xσ = x. Let EN ∈ 6?.

EN ∈ 6? ⇒ EN ∈ 6 Definition 5.100′ ` x : B ⇒ 0 ` x : Bσ substitutionEN ∈ 6 ∧ 0 ` x : Bσ ⇒ x0,Bσ ◦ EN ∈if 6 Definition 5.90 ` x : Bσ ∧ x0,Bσ ◦ EN ∈if 6⇒ x ∈ 6?

〈0,Bσ 〉 Lemma 5.19xσ = x ⇒ xσ ∈ 6?

〈0,Bσ 〉

2. x ≡ xi ∈ Dom(σ). Then,

xσ = xiσ = Pi ∈ 6?〈0,Ci [x1:=P1,...,xi−1:=Pi−1]〉 = 6?

〈0,Ci σ 〉.

xi : Ci ∈ 0′ ∧ 0 ` xi : B

⇒ 0′ ` Ci ≤ B Lemma 5.20

⇒ 0 ` Ciσ ≤ Bσ substitution for subtyping

27 We speak of “a minimal type” rather than “the least type” since by subsumption every typeB such that0 ` B ≤ A ≤ B isa minimal type ofx, too.


0 ` Ciσ ≤ Bσ ∧ 0 ` Ciσ, Bσ : ?

⇒ 6∗〈0,Ci σ 〉 ⊆ 6?〈0,Bσ 〉 Proposition 5.17

⇒ xσ ∈ 6?〈0,Bσ 〉

Case M≡ (M1& W∪{πx:C.D}M2). It follows from generation for typing, the substitution property,and the closeness of overloaded type that

0′ ` M1& W∪{πx:C.D}M2 : B⇒ 0′ ` M1 : W ∧ 0′ ` M2 : πx : C.D

∧0′ ` W ∪ {πx:C.D} ≤ B

∧0′ ` W ∪ {πx:C.D} : ?

⇒ 0 ` (W ∪ {πx:C.D})σ : ? Prop.4.11

0′ ` W ∪ {πx:C.D} ≤ B⇒ 0 ` (W ∪ {πx:C.D})σ ≤ Bσ

0 ` (W ∪ {πx:C.D})σ ≤ Bσ : ?⇒ 6?〈0,(W∪{πx:C.D})σ 〉 ⊆ 6?

〈0,Bσ 〉 Lemma 5.17

0′ ` W ∪ {πx:C.D} : ?⇒ (W ∪ {πx:C.D})σ = W ∪ {πx:C.D}⇒ (

M1& W∪{πx:C.D}M2)σ

= (M1σ )& W∪{πx:C.D}(M2σ ).

Let EN ∈ 6?,

0′ ` M1 : W ∧ 0′ ` M2 : πx:C.D

⇒ M1σ ∈ 6?〈0,Wσ 〉 ∧M2σ ∈ 6?

〈0,{πx:C.D}σ 〉 I H

⇒ M1σ ∈ 6?〈0,W〉 ∧M2σ ∈ 6?

〈0,{πx:C.D}〉 W ∪ {πx:C.D} closed

⇒ (M1σ )0,W ◦ EN ∈if 6 ∧ (M2σ )0,πx:C.D ◦ EN ∈if 6 Lemma 5.19

⇒ ((M1& W∪{πx:C.D}M2

)σ)0,(W∪{πx:C.D})σ ◦ EN ∈if 6 Definition 5.9

⇒ (M1& W∪{πx:C.D}M2

)σ ∈ 6?

〈0,(W∪{πx:C.D})σ 〉 Lemma 5.19

⇒ (M1& W∪{πx:C.D}M2

)σ ∈ 6?

〈0,Bσ 〉.

Case M≡ (λx:C.M ′). Let EN ∈ 6?. First prove that ((λx:C.M ′)σ )0,(πx:C.D)σ · EN ∈if 6 for someD. Note that

0′ ` λx:C.M ′ : B⇒ ∃D.0′, x : C ` M ′ : D ∧ 0′ ` πx:C.D ≤ B ∧ 0′ ` πx:C.D: ?

⇒ 0 ` (πx: C.D)σ : ?

0′ ` πx:C.D ≤ B⇒ 0 ` (πx:C.D)σ ≤ Bσ

0 ` (πx:C.D)σ ≤ Bσ : ?⇒ 6?〈0,(πx:C.D)σ 〉 ⊆ 6?

〈0,Bσ 〉.

There are two subcases:

(1) EN ≡ N ∪ EN ′:

0′, x : C ` M ′ : D ⇒ (M ′σ [x := N]) ∈ 6?〈0,Dσ [x:=N]〉 I H

⇒ (M ′σ [x := N])0,Dσ [x:=N] ◦ EN ′ ∈if 6 Lemma 5.19

⇒ (λx:Cσ.M ′σ )0,πx:Cσ.Dσ N ◦ EN ′ ∈if 6 Definition 5.9 (λ1)

DEPENDENT TYPES 47

(2) EN ≡ ∅:

0′, x : C ` M ′ : D ⇒ M ′σ ∈ 6?〈(0,x:Cσ ),Dσ 〉 I H

⇒ M ′σ ∈if 6〈(0,x:Cσ ),Dσ 〉

⇒ λx:Cσ.M ′σ ∈if 6〈0,πx:Cσ.Dσ 〉 Definition 5.9

⇒ ((λx:C.M ′)σ )0,πx:Cσ.Dσ ∈if 6.

We conclude that∀ EN. ((λx:C.M ′)σ )0,(πx:C.D)σ EN ∈if 6. Furthermore,

0 ` (λx:C.M ′)σ : (πx:C.D)σ ∧ ((λx:C.M ′)σ )0,(πx:C.D)σ EN ∈if 6

⇒ (λx:C.M ′)σ ∈ 6?〈0,(πx:C.D)σ 〉 Lemma 5.19

⇒ (λx : C.M ′)σ ∈ 6?〈0,Bσ 〉.

Case M≡ (M ′ • N). Then,

0′ ` M ′ • N : B

⇒ 0′ ` M ′ : {πyi :Ai .Bi }i∈I ∧ 0′ ` N : Ai ∧ 0′ ` Bi [yi := N] ≤ B∧0 ` (Bi [yi := N])σ : ?

⇒ M ′σ ∈ 6?〈0,({πyi :Ai .Bi }i∈I )σ 〉 ∧ Nσ ∈ 6?

〈0,Ai σ 〉 ∧ 0 ` (Bi [yi := N])σ ≤ Bσ I H

⇒ M ′σ ∈ 6?〈0,{πyi :Ai .Bi }i∈I 〉 ∧ Nσ ∈ 6?

〈0,Ai σ 〉 ∧ 0 ` Bi [yi := Nσ ] ≤ Bσ

⇒ (M ′σ )0,{πyi :Ai .Bi }i∈I • (Nσ ) ∈ 6?〈0,Bi [yi :=Nσ ]〉 ⊆ 6?

〈0,Bσ 〉 Definition 5.10

≡ (M ′ • N)σ ∈ 6?〈0,Bσ 〉.

Case M≡ (M ′N). Similar.

COROLLARY 5.22. If S is a typed-inductive set,then

M ∈ 6∗〈0,A〉 ⇔ M ∈ 6〈0,A〉 ⇔ 0 ` M : A.

Proof.

M ∈ 6∗〈0,A〉 ⇒ M ∈ 6〈0,A〉 By definition of6∗

M ∈ 6〈0,A〉 ⇒ 0 ` M : A By definition of6

0 ` M : A ⇒ M ∈ 6∗〈0,A〉. By Proposition 5.21

5.4. Strong Normalization Is Typed-Inductive

Now we can prove that inλ5−& strong normalization is a typed-inductive property, and thereforewell-typed terms inλ5−& are strongly normalizing.

Define61〈0,A〉 = {M | 0 ` M : A∧ M ∈ λ5−& ∧ M is strongly normalizing}and61 ={61〈0,A〉}.PROPOSITION5.23 (61is typed-inductive). 61 is typed-inductive.

Proof. First we have to verify that61 is a basic set. The first three conditions of the definition of abasic set (Definition 5.4) are straightforward. For the fourth condition just note that by the subsumptionrule if 0 ` M : A and0 ` A ≤ A′, then0 ` M : A′.

Then we need to show that61 satisfies the conditions (ε), (x), (&1), (λ1), (&2), and (λ2) of thedefinition of the typed-inductive set. We analyse the case (&1); others are straightforward or similar.

AssumeM1∈61W,M2 ∈ 6〈0,πx:A.B〉, EN ∈ 61, M0,W1 ◦ EN ∈if 61 ∧M0,πx:A.B

2 ◦ EN ∈if 61.Then one-step reductions from (M1& W∪{πx:A.B}M2) ◦ EN will have only three possibilities:M0,W

1 ◦ EN,


M0,πx:A.B2 ◦ EN, or (M ′1& W∪{πx:A.B}M ′2) ◦ EN ′ where in the last case just one of the primed terms is a one-

step reduct of the corresponding nonprimed one. The first two terms are possible only if they are welltyped (subject-reduction) but in that case by assumption they are strongly normalizing. By induction onthe maximal length of reduction of the tuple〈M1,M2, EN〉, we can prove that the last term is stronglynormalizing. Therefore, we have (M1& W∪{πx:A.B}M2) ◦ EN ∈if 61.

Theβ&1 strong normalization follows.

THEOREM 5.24 (β&1 Strong normalization). In λ5−& , if 0 ` N : A, then N isβ&

1 strongly normaliz-ing.

Proof. From the previous proposition and Corollary 5.22.

6. PECULIAR PROPERTIES OFλ5≤

λ5& is a conservative extension ofλ5≤ (see Section 4.6.1). Therefore, several properties we provedin the previous sections forλ5& hold forλ5≤ as well. In particularλ5≤ satisfies confluence,β20-strongnormalization, admissibility of reflexivity and transitivity, and subject reduction.

However, some properties ofλ5≤ are specific to it and do not generalize toλ5& . In this section,after having recalled the definition ofλ5≤, we study three of them:

1. We prove that the rule for subtyping family applications (ruleSAC-app in Section 3.3.2) isadmissible inλ5≤. We already explained in the excursion at the beginning of Section 4.4 why thisproof is interesting forλ5≤ but not forλ5& . We think it is important to show this property here sinceit justifies the presence of the ruleS-3 in λ5≤ [Section 6.2].

2. We show the equivalence betweenλ5≤ andλP≤ (see Section 3.3.2). This result is somewhatoutside the main stream of this article. However, it is interesting to have it here since it shows the “roots”of λ5& and, more importantly than the previous point, it justifies the definition of some rules ofλ5&

that have their form only to have this equivalence to hold. We simply outline the proof of equivalence;the full proof is available on the Web. [Section 6.3]

3. We prove the decidability ofλ5≤ and define a sound and complete algorithmic set of rules.This result is important since it forms the core of the study of decidability ofλ5& of Section 7. Ofcourse we could have studied decidability directly forλ5& without dealing withλ5≤. We preferredto start withλ5≤ for two reasons. First, it is interesting to show how theλ5≤ algorithm modularlyextends toλ5& . Second, while decidability holds forλ5≤, it does not hold for fullλ5& but just forthe normalizing subsystem studied in Section 5; so we preferred to show it also for a less powerful butfull system such asλ5≤, rather than just for a particular subsystem ofλ5& . [Section 6.4]

6.1. Definition ofλ5≤

λ5≤ has the same four syntactic categories asλ5& , as well as the four judgment forms. The syntaxof preterms, pretypes, prekinds, and precontexts are the same as those ofλ5& without overloaded typesand terms.

M ::= x | λx:A.M | M M

A ::= α | πx:A.A | 3x:A.A | AM

K ::= ? | 5x:A.K

0 ::= 〈〉 | 0, x : A | 0, α : K | 0, α ≤ A : K

There are only two notions of reduction, namely,→β1 and→β2. So, here,→β≡→β1∪β2. The formation,kinding, and typing rules forλ5≤ are those ofλ5& (Appendix A.1) from which we erase K-OVERT-ε, T-&, and T-OAPP. The subtyping rules are given in Fig. 3. Note that, although S-ApR has thesame form as inλ5& , theβ conversion occurring there is only a combination ofβ1 andβ2 (β& is notinvolved).

DEPENDENT TYPES 49

6.2. Subtyping Family Application

The theorem of admissibility of the subtyping family application rule

0 ` AM, BM : K 0 ` A ≤ B

0 ` AM ≤ BM

just requires a simple lemma:

LEMMA 6.1. 0 ` αM1..Mn : K ∧ α bound in0 ⇒ 0 ` 0(α)M1..Mn : K.

Proof. By the observation that there existA1, . . . , An andK ′ such thatα ≤ 0(α) : 5x1:A1..5xn:An.K ′ ∈ 0 whereK ′[ x := M ] = K .

THEOREM6.1 (Subtyping family application).

0 ` AM, BM : K ∧ 0 ` A ≤ B⇒ 0 ` AM ≤ BM

Proof. By induction on the depth of derivation of0 ` A≤ B. Cases (S-π ) and (S-ApR) areimmediate. For case (S-3) use Proposition 4.6 while for (S-ApT) use Lemma 6.1. In the case (S-ApSL)we have that the derivation ends by

0 ` A′′[x := M1]M2..Mn ≤ B

0 ` (3x:A′.A′′)M1..Mn ≤ BS-ApSL.

From the assumption, we have:

0 ` ((3x:A′.A′′)M1..Mn)M : K

⇒ ∃D, K ′s.t. 0 ` (3x:A′.A′′)M1..Mn :5y:D.K ′ ∧ K = K ′[x := M ] ∧0 ` M : D Prop.4.14

⇒ 0 ` A′′[x := M1]M2..Mn : 5y:D.K ′ subjectreduction

⇒ 0 ` A′′[x := M1]M2..MnM : K ′[y := M ]. K-APP

By theβ2 subject reduction (Lemma 4.21), (A′′[x := M1])M2..MnM is well kinded in the context0.Therefore,

0 ` A′′[x := M1]M2..MnM, BM : K ∧ 0 ` A′′[x := M1]M2..Mn ≤ B

⇒ 0 ` A′′[x := M1]M2..MnM ≤ BM I H

⇒ 0 ` (3x: A′.A′′)M1..MnM ≤ BM. S-ApSL

Case (S-ApSR) is similar to the last case.

6.3. Equivalence betweenλ5≤ andλP≤

In this section we outline the proof of the equivalence betweenλ5≤ andλP≤. It can be skipped atfirst reading and requires the contents of Section 3.3.2.

Since the key difference between the two systems is in the definition of the subtyping relation, weconcentrate our efforts on this relation. We expect the equivalence to state that whenA andB have thesame kindK , then0 ` A ≤ B holds in our system if and only if0 `AC A ¹ B holds inλP≤. ButshouldA, B be kinded inλP≤ or in λ5≤? If the latter choice is taken, then the difficulty is to showthat every subtyping rule inλ5≤ is admissible inλP≤ (since kindings may be different). If kindingsare assumed inλP≤, then the subject reduction inλ5≤ does not apply and we do not know whetherkinding is preserved (which is critical whenβ-reductions are involved in the proof ).


So we take a different approach and prove equivalence by using an intermediate calculusλP f≤ that

is defined by the same rules asλP≤, except that the subtyping rules and the subsumption rule containkinding judgments for all formulae occurring in them. We show that this system is equivalent both toλ5≤ and toλP≤. We use these two equivalence results to prove the equivalence betweenλ5≤ andλP≤ and in particular to give an answer to the question of the previous paragraph, showing that theequivalence of the subtyping relations must be stated by usingλ5≤ kinding.

Once more in order to avoid confusion we use a different relation symbol4 to denoteλP f≤ subtyping,

use f scripts forλP f≤ rules and judgments, and use lowercase italicized names for rules. The subtyping

rules ofλP f≤ are:

Sf -varα bounded in0

0 ` f α40(α)

Sf -π0 ` f πx:A.B, πx:A′.B′ : ? 0 ` f A′4 A, 0, x : A′ ` f B4 B′

0 ` f πx:A.B4πx:A′.B′

Sf -30 ` f 3x: A.B,3x:A′.B′ : K A′ =β A 0, x : A ` B4 B′

0 ` f 3x:A.B43x:A.B′

Sf -app0 ` f AM, BM : K 0 ` f A4 B

0 ` f AM4 BM

Sf -conv0 ` f A, B : K A=βB

0 ` f A4 B

Sf -trans0 ` f A, B,C : K 0 ` f A4 B 0 ` f B4C

0 ` f A4C.

λP f≤ differs fromλP≤ also in the subsumption rule which contains kinding judgments for the types at

issue (as inλ5& ):

T f -sub0 ` f M : A 0 ` f A4 B 0 ` f A, B : ?

0 ` f M : B.

As announced we do not give a detailed proof of equivalence, but we rather outline it. The interestedreader will find full proofs in [Che96, Che98] available on the Web.

First, it is easy to verify that some structural properties proved in Section 4.3 forλ5& hold forλP f≤ , as well: generation for kinding, context properties, uniqueness of kinds, boundβ-equivalence,

and agreement of judgments. However, the proofs differ from those ofλ5& in that λP f≤ requires

simultaneous induction on formation, kinding, typing, and subtyping, while inλ5& (or λ5≤) twoseparated inductions can be used, one for the first three judgments and another for subtyping.

The circularity between kinding, typing, and subtyping inλP f≤ is also the central difficulty in proving

its equivalence withλ5≤. We handle it by proving the results in the following order (whereJ denoteseither a kindK , a kindingA: K , or a typingM : A, but not a subtyping relation):

1. 0 ` f A, B : K ∧ A=β B⇒ 0 ` A ≤ B

2. 0 ` f AM, BM : K ∧ 0 ` A ≤ B⇒ 0 ` AM ≤ BM

3. 0 ` f A4 B⇒ 0 ` A ≤ B

4. 0 ` A ≤ B ∧ 0 ` A, B : K ⇒ 0 ` f A4 B

5. 0 ` J ⇒ 0 ` f J

6. 0 ` f J ⇒ 0 ` J

7. (0 ` f A4 B⇒ 0 ` f A, B : K ) ∧ (0 ` f A, B : K ⇒ 0 ` A, B : K )

8. 0 ` f A4 B⇔ 0 ` A ≤ B ∧ 0 ` A, B : K .

We can now precisely state the equivalence betweenλP f≤ andλ5≤.

DEPENDENT TYPES 51

THEOREM 6.2 (Equivalence betweenλP f≤ andλ5≤).

0 ` f K ⇔ 0 ` K0 ` f A : K ⇔ 0 ` A : K0 ` f M : A⇔ 0 ` M : A0 ` f A4 B⇔ 0 ` A ≤ B ∧ 0 ` A : K ∧ 0 ` B : K

It still remains to prove the equivalence betweenλP f≤ andλP≤. The proof is quite straightforward.

(Recall that¹ andÀC respectively denote the subtyping relation and judgments (derivable) in Aspinalland Compagnonis’s systemλP≤.)

THEOREM 6.2 (Equivalence betweenλP f≤ andλP≤).

0 ` f K ⇔ 0 ÀC K0 ` f A : K ⇔ 0 ÀC A : K0 ` f M : A⇔ 0 ÀC M : A0 ` f A4 B⇔ 0 ÀC A4 B

Proof. By simultaneous induction, using the agreement of judgments forλP f≤ .

The equivalence betweenλ5≤ andλP≤ then follows:

COROLLARY 6.1 (Equivalence betweenλP≤ andλ5≤).

0 ÀC K ⇔ 0 ` K0 ÀC A : K ⇔ 0 ` A : K0 ÀC M : A ⇔ 0 ` M : A0 ÀC A ¹ B⇔ 0 ` A ≤ B ∧ 0 ` A : K ∧ 0 ` B : K

EXCURSUS ONRECENT WORK. We already explained thatλ5≤ is a byproduct ofλ5& since it wasdefined in preparation to this work. However,λ5≤ is not deprived of interest on its own. Although wejust proved thatλ5≤ is equivalent toλP≤, in Section 3.3.2 we argued thatλ5≤ improvesλP≤ in thatit allows type level transitivity elimination in subtyping. This is obtained thanks to the rules S-ApSRand S-ApSL that embedβ2 head reduction in the subtyping rules. These rules have been generalized in[Che97] (a study on the extension of the calculus of constructions by subtyping) to S-β,

A =β C 0 ` C ≤ D D=β B 0 ` A, B,C, D : s

0 ` A ≤ B,

where0 ` A, B,C, D : s denotes that A, B,C, D are well formed, and to S-β ′ (for the algorithmicsubtyping system)28:

A→β C 0 ` C ≤ D B→β D

0 ` A ≤ B.

Several authors have used similar techniques. In their work on typed operational semantics for (avariant of) Fω≤ , Compagnoni and Goguen [CG97] use the subtyping rule

A→w C 0 ` C ≤ D B→w D

0 ` A ≤ B,

where→w denotes weak-head reduction.

28 A detailed analysis on this technique of achieving transitivity elimination can be found in [Che98].


In his study on coercive subtyping for UTT (a system more expressive than the Calculus of Construc-tions) Luo [Luo97] deals with type conversion by the following rule,

A = C 0 ` C ≤c′ D D = B 0 ` A, B,C, D : ? c = c′

0 ` A ≤c B,

where c, c′ are coercions,= is the type conversion defined in his system, and0 ` A, B,C, D : ? statesthat A, B,C, D, are well formed.

A significant achievement in this direction is the work of Zwanenburg [Zwa99], where transitivityelimination for general PTS systems is obtained by the rule

A→β C 0 ` C ≤ D B→β D

0 ` A ≤ B.

Although very similar to the S-β ′ rule in [Che97], Zwanenburg is the first to provide a direct proof oftransitivity elimination with this rule. This progress allows him to construct and study the subtypingextension to general PTS systems, which includes that of [Che97].

The common feature of all these approaches is that the resulting subtyping systems enjoy the transi-tivity elimination property. As in this work, the solution of this problem is the key step in their studiesof meta theoretic properties.

Compared to these recent and more general approaches the pair of rules S-ApSL and S-ApSR is stillinteresting: it is simple (as part of a subtyping system) and efficient (as part of a subtype checkingalgorithm).

6.4. Decidability and Minimal Typing

We already hinded that the set of subtyping rules forλ5≤ can be straightforwardly turned into adeterministic algorithm by adding to the [S-ApSR] rule the conditionC 6≡ (3x:A′.B′)M ′1..M

′m ∧C 6≡

αM ′1 . . .M′m and to the rule [S-ApT] the conditionA 6≡ αM ′1 . . .M

′n (Footnote 9 in Section 3.3.2).

Of course, it is necessary to prove that every judgment provable by the unrestricted rules can alsobe proved just by using the rules with the extra conditions (the converse is straightforward); that is, wehave to show that the conditions are neutral with respect to the definition of the subtyping relation.

Let us briefly hint to how this equivalence can be proved:

Proof. To show that the condition on the rule [S-ApT] is neutral it suffices to see that whenever0 ` αM1 . . .Mn ≤ αN1 . . . Nn thenMi =β Ni (observe the rules and note that the only way to decom-pose a variable on the right-hand side is to use the rule [S-ApR]). Therefore if we have a proof of0 ` αM1 . . .Mn ≤ αN1 . . . Nn ending by [S-ApT] then we can prove the same judgment just by using[S-ApR].

The proof that the conditions on [S-ApSR] are neutral is instead obtained by induction on the depthof the derivations (with the extra result that the derivation that satisfies the condition does not havegreater depth). For example consider the case in which a derivation of0 ` (3y: C.D)M1 . . .Mm ≤(3x: A.B)N1 . . . Nn ends by the rule [S-ApSR]; then by induction hypothesis there exists a derivationfor 0 ` (3y: C.D)M1 . . .Mm ≤ B[x := N1]N2 . . . Nn that satisfies the conditions. Therefore, the lastrule of this derivation must be [S-ApSL], whence0 ` D[y := M1]M2 . . .Mm ≤ B[x := N1]N2 . . . Nn.By applying [S-ApSR] we deduce0 ` D[y := M1]M2 . . .Mm ≤ (3x: A.B)N1 . . . Nn. This last ruleeither satisfies the conditions or it does not. In the first case we already have a whole derivation thatsatisfies the conditions; in the latter case we can apply once more the induction hypothesis and obtainsuch a derivation. In both cases a further application of the [S-ApSL] rule yields a derivation of theinitial judgment that satisfies the conditions.

The decidability of subtyping follows from the equivalence betweenλ5≤ andλP≤ and the decidabilityof the latter, but it can also be easily obtained directly from the subtyping rules ofλ5≤.

THEOREM 6.3 (Decidability of subtyping). If 0 ` A: K1, 0 ` B: K2, then the subtyping judgment0 ` A ≤ B is decidable.

DEPENDENT TYPES 53

Proof. Associate to each subtyping judgment0 ` A ≤ B the measure Weight0(A, B) ofSection 4.4.1 and note that each subtyping rule decreases this measure.

The next step towards providing decidability is to design algorithmic versions of the remaining judg-ments (typing, kinding, and context formation). Here we describe only the most significative algorithmicrules: all the algorithmic rules can be found in Appendix A.1.3 (just remove the rules specific toλ5& ,that is, AS-OVER, Lub-OVER, AK-OVER, AT-ε, AT-&, and AT-OAPP).

Judgments in algorithmic rules are denoted by0 À J. In particular, we write0 À A ≤ B todenote judgments deduced by using the rules with the extra conditions at the very beginning of thissection (even though in what follows we tend to omit the1A script for subtyping since they virtuallydenote the same system). With the convention that premises are evaluated in order, the rules form analgorithm.

The main step to an algorithmic set of rules is as customary: we remove the subsumption rule (whichis not syntax-directed) and embed the subtyping relation in the elimination rules (those for applications,namely K-APP and T-APP). As usual, the presence of type variables causes the further problem thatthe type to eliminate in an elimination rule may not be in “canonical” form. For example, consider theapplication of two termsM N under a context0. We first try to type each term0 ` M :A and0 ` N:Band then to infer from that a typeC such that0 ` M N : C. When the typeA of M is equivalent to atype of the formπx: D.E, then it suffices to check that0 ` B ≤ D and to infer thatC is E[x := N].But because of type variables the actual form ofA may beαM1..Mn or (3y: A1.A2)M1..Mn. Therefore,we need to infer from these types a type of the formπx: D.E (let us call it aπ -type). InλP≤, this isachieved by using a function FLUB0(A) that returns the leastπ -type super-type (strictly speaking, itreturnsa minimalπ -type super-type ofA). Here we essentially take the same approach with the onlydifference that the leastπ -type is inferred rather than calculated. So we introduce a new relation

0 À A ≤π lub B

to express the fact thatB is the leastπ -type super-type ofA under the context0. The rules to derivethis relation are:

Lub-REFL0 À πx:A.B ≤π lub πx:A.B

Lub-ApT0 À 0(α)M1..Mn ≤π lub A

0 À αM1..Mn ≤π lub A

Lub-ApSL0 À B[x := M1]M2..Mn ≤π lub C

0 À (3x:A.B)M1..Mn ≤π lub C.

The properties of this relation are stated by the following proposition.

PROPOSITION6.3 (Properties ofπ lub judgments).

1. 0 À A ≤π lub B⇒ 0 ` A ≤ B.

2. 0 ` A ≤ πx:B.C⇒ ∃B′,C′ s.t. 0 À A ≤π lub πx:B′.C′ ∧0 ` πx:B′.C′ ≤ πx:B.C.

3. Given a type A,it is decidable if there existsπx:B.C such that0 À A ≤π lub πx:B.C isderivable.

4. 0 À A ≤π lub B ∧ 0 ` A : K ⇒ 0 ` B : K.

5. 0 À A ≤π lub πx:B.C ∧ 0 À A ≤π lub πx:B′.C′ ⇒ B ≡ B′ ∧ C ≡ C′.

Proof. The fourth claim is proved by induction on the depth of the derivation of0 À A ≤π lub Busing subject reduction. The others are straightforward.

While the use of a FLUB function or of theπ lub judgment is a matter of style, the key differencebetween our approach andλP≤ is in the typing and kinding application rules. We define subtyping


directly on types withoutβ2 normalizing them:

AK-APP0 À A : 5x:B.K 0 À M : B′ 0 À B′ ≤ B

0 À AM : K [x := M ]

AT-APP0 À M : A 0 À A ≤π lub πx:B.C 0 À N : B′ 0 À B′ ≤ B

0 À M N : C[x := N].

In the same way as we removed the subsumption rule by embedding subtyping in the applications rules,we eliminate the conversion rule K-CONV by embedding conversions in the context-formation ruleF-SUBTYPE.

To obtain an algorithmic system we also remove from T-VAR and K-VAR the context-formationpremises (yielding AT-VAR and AK-VAR of Appendix A.1.3). In this way typing and kinding becomeindependent from context formation. Therefore,0 À J no longer implies0 ` ?. So additional kindingchecks0 À A : ? must be added to the introduction rules (rules AK-π, AK-3, and AT-λ) and anadditional kinding check0 À K must be added to context formation rule F-SUBTYPE. This sufficesto infer the well-kindedness of contexts in the remaining rules.

Proofs of soundness and completeness of the algorithmic system are a little longer than those inλP≤,but do not require any specific technique or insight.

For the proof of soundness of the algorithmic rules, we need to ensure that well-kindedness of typesin the premises of subsumption is satisfied. This is achieved by using the properties ofπ lub judgmentsand generation for kinding.

THEOREM 6.4 (Soundness of algorithmic system).For all 0, A, K ,M,

1. 0 À K ⇒ 0 ` K2. 0 ` ? ∧ 0 À A : K ⇒ 0 ` A : K3. 0 ` ? ∧ 0 À M : A⇒ 0 ` M : A.

Proof. Simultaneously by induction on the depth of the derivation in the algorithmic system.

Case(AT-APP). Suppose we have a derivation ended by an application of the rule AT-APP

0 À M : A 0 À A ≤π lub πx:B.C 0 À N : B′ 0 À B′ ≤ B

0 À M N : C[x := N]AT-APP.

We have:

0 ` ? ∧ 0 À M : A ⇒ 0 ` M : A I H⇒ 0 ` A : ? Proposition 4.13

0 À A ≤π lub πx:B.C ⇒ 0 ` A ≤ πx:B.C Proposition 6.3(1)0 ` ? ∧ 0 À N : B′ ⇒ 0 ` N : B′ I H

⇒ 0 ` B′ : ? Proposition 4.130 À A ≤π lub πx:B.C ∧ 0 ` A : ? ⇒ 0 ` πx:B.C : ? Proposition 6.3(4)

⇒ 0 ` B : ?. Proposition 4.14, 4.10

So we have the following derivation ending by an instance of the rule T-APP and whose premises arederived by two instances of the rule T-SUB:

0 `M : A 0 ` A≤πx:B.C 0 ` A, πx:B.C : ?

0 `M : πx:B.C

0 ` N : B′ 0 ` B′ ≤ B 0 ` B′, B : ?

0 ` N : B.

0 ` M N : C[x := N]

The case for AK-APP is similar. Others are easy.COROLLARY 6.4.

0 À ? ∧ 0 À A : K ⇒ 0 ` A : K

0 À ? ∧ 0 À M : K ⇒ 0 ` M : A

DEPENDENT TYPES 55

As usual in the presence of subtyping and/or typing conversion the algorithmic system does not proveall the judgments of the original system. Nevertheless it is complete in the sense that every context,type, or term that is well-kinded/typed in the original system is so in the algorithmic one:

THEOREM 6.5 (Completeness of algorithmic system).

1. 0 ` K ⇒ 0 À K

2. 0 ` A : K ⇒ ∃Ka s.t. 0 À A : Ka ∧ Ka=β K ∧ 0 ` Ka

3. 0 ` M : A⇒ ∃Aa s.t. 0 À M : Aa ∧ 0 ` Aa ≤ A

Proof. Simultaneously by induction on derivations in the original system.

Case(K-APP). Suppose the last step of derivation is

0 ` A : 5x:B.K 0 ` M : B

0 ` AM : K [x := M ]K -APP.

We have

0 ` A : 5x:B.K ⇒ ∃Ka s.t. 0 À A : Ka ∧ Ka=β 5x:B.K I H

⇒ ∃B′, K ′s.t.Ka ≡ 5x:B′.K ′ ∧B′ =β B ∧ K ′ =β K confluence

0 ` M : B⇒ 0 À M : B′′ ∧ 0 ` B′′ ≤ B I H

0 ` M : B⇒ 0 ` ? ∧ 0 ` B : ? Prop. 4.10, 4.13

0 ` ? ∧ 0 À A : Ka ⇒ 0 ` A : Ka Theorem 6.4

⇒ 0 ` Ka Prop. 4.13

⇒ 0 ` B′ : ? F-5, Prop. 4.13

0 ` B, B′ : ? ∧ B′ =β B⇒ 0 ` B ≤ B′ Prop. 4.24

⇒ 0 ` B′′ ≤ B′ Prop. 4.27

⇒ 0 À B′′ ≤ B′.

So we have a derivation ending by

0 À A : 5x:B′.K ′ 0 À M : B′′ 0 À B′′ ≤ B′

0 À AM : K ′[x := M ]AK-APP

andK ′[x := M ]=β K [x := M ].

Case(T-APP). Suppose the derivation ends by

0 ` M : πx:A.B 0 ` N : A

0 ` M N : B[x := N]T-APP.

Then there existC, A′, B′, A′′ such that

0 ` M : πx:A.B ⇒ 0 À M : C ∧ 0 ` C ≤ πx:A.B I H

0 ` C ≤ πx:A.B⇒ 0 À C ≤π lub πx:A′.B′ ∧ 0 ` πx:A′.B′ ≤ πx:A.B Prop. 6.3

⇒ 0 ` A ≤ A′ Prop. 4.14

0 ` N : A ⇒ 0 À N : A′′ ∧ 0 ` A′′ ≤ A I H

⇒ 0 ` A′′ ≤ A′ Prop. 4.27

⇒ 0 À A′′ ≤ A′.


Therefore, we have a derivation ending by

0 À M : C 0 À C ≤π lub πx:A′.B′ 0 À N : A′′ 0 À A′′ ≤ A′

0 À M N : B′[x := N]AT-APP

and0 ` B′[x := N] ≤ B[x := N] follows from Proposition 4.11.Other cases are easy.

In the proof of completeness, we have used reflexivity and transitivity of subtyping. To apply re-flexivity, we need a kinding condition, which is proved by context properties, agreement of judgments,and soundness of the algorithmic rules. Generation for kinding has been used to decompose subtypingbetweenπ -types so that transitivity can apply.

A minimal typeof a termM under a context0 is a typeA such that0 ` M : A and for any othertype B if 0 ` M : B, then0 ` A ≤ B. Note that, by this definition, the minimal type of a termMmay not be unique: ifB is a minimal type ofM , then every well-formed typeβ-equivalent toB is alsoa minimal type ofM . But our algorithmic system will always return the same minimal type. This typemay not be in normal form. For example, ifx: A ∈ 0, then the algorithm returnsA for x, even if A isnot in normal form. To obtain the minimal normalized type of a term, one can simply normalize thetype returned by the algorithm.

In order to show the minimal typing property, it remains to show that theAa in the proposition ofcompleteness is unique.

PROPOSITION6.5 (Uniqueness and minimality of algorithmic typing).

0 À M : A∧ 0 À M : B⇒ A ≡ B

0 À M : A∧ 0 ` M : B⇒ 0 ` A ≤ B

Proof. The first implication is proved by induction on the size ofM , using uniqueness ofπ lub(Proposition 6.3). The second implication follows from Theorem 6.5.

The minimal typing property follows.COROLLARY 6.6. [Minimal typing property forλ5≤].

0 ` M : A⇒ (∃B s.t. 0 ` M : B ∧ ∀ C 0 ` M : C⇒ 0 ` B ≤ C)

Decidability results can be straightforwardly proved by showing that the algorithms always terminate.They are summarized in the following proposition.

PROPOSITION6.7 (Decidability of algorithmicλ5≤). For all 0, K ,M, A, and B,the following prob-lems are decidable29:

1. 0 ` A : K ∧ 0 ` B : K ′ ⇒ 0 À A ≤ B?

2. 0 ` ?⇒ ∃K s.t. 0 À A : K?

3. 0 ` ?⇒ ∃A s.t. 0 À M : A?

4. 0 À K?

Proof. The assertions must be proved in the order shown. The first implication was proved inTheorem 6.3. The second and third implications are proved simultaneously by settingWeight(0À

U :V)=Size(U ) and showing that each algorithmic typing and kinding rule strictly decreases Weight.For the last implication setSize(〈〉)= 1, Size(0, α:K )= Size(0, α≤ A:K ) = Size(0)+ Size(K ), andSize(0,x:A)=Size(0); then note that all the algorithmic formation rules strictly decreseWeight(0À

K ) defined as the lexicographical order of the following pair: (Size(0)+Size(K ), length(0)).

By the equivalence between algorithmic rules and the original ones, we obtain the decidability ofjudgments inλ5≤.

29 We say that the problemφ ⇒ ψ? is decidable if, under the hypothesisφ, the formulaψ is decidable. As usual0 ` J standsfor “0 ` J is derivable.”

DEPENDENT TYPES 57

COROLLARY 6.8 (Decidability ofλ5≤). The following problems are decidable: for all 0, K ,M, A,and B,

1. 0 ` A : K ∧ 0 ` B : K ′ ⇒ 0 ` A ≤ B?

2. 0 ` ?⇒ ∃K s.t. 0 ` A : K?

3. 0 ` ?⇒ ∃A s.t. 0 ` M : A?

4. 0 ` K?

7. DECIDABILITY AND ALGORITHMIC SYSTEM FORλ5&

In this section we show how the proofs of Section 6.4 forλ5≤ can be lifted toλ5& . In particular weexamine the algorithmic type system forλ5& , its soundness, and its completeness, and we discuss theminimal type property and decidability results.

The algorithmic subtyping system forλ5& is obtained by adding the subtyping rule for overloadedtypes S-OVER to the algorithmic subtyping system ofλ5≤ (that is, by adding suitable conditions tothe subtyping rules ofλ5& as explained at the beginning of Section 6.4). The algorithmic subtypingsystem is equivalent to the original one,

0 ` S≤ T ⇔ 0 À S≤ T,

whereÀ denotes judgments of the algorithmic system. The proof of this equivalence is strictly thesame as the one outlined in the previous section forλ5≤.

For any subsystem ofλ5& in which the correspondingβ-equivalence is decidable, the terminationof the algorithm can be proved in a similar way asλ5≤, that is by using the measure Weight. In otherwords, the subtyping is decidable in every subsystem ofλ5& with decidableβ-equivalence. An exampleof such a subsystem is the systemλ5−& we introduced in Section 5.

The whole algorithmic system is obtained by a few modifications to the algorithmic system ofλ5≤and it is summarized in Appendix A.1.3. First, the set ofπ lub rules is extended by a new rule

Lub-OVER0 À {πx:Ai .Bi }i≤n ≤π lub {πx:Ai .Bi }i≤n

.

Recall that, inλ5≤, the judgment0 À A ≤π lub B is used to infer the leastπ -type super-type ofA.With the new rule, it will infer either the leastπ -type or the least overloaded-type super-type ofA.

It is easy to verify that all properties for the relation0 À A ≤π lub B (Proposition 6.3) still hold. Inaddition, we have a new property:

0 ` C ≤ {πx:Ai .Bi }i≤n ⇒ 0 À C ≤π lub {πx:A′j .B′j } j≤m ∧ 0 ` {πx:A′j .B

′j } j≤m ≤ {πx:Ai .Bi }i≤n.

The algorithmic context rules are the same as those forλ5≤. We add K-OVER to algorithmic kindingrules ofλ5≤, while the following rules are added to the algorithmic typing rules ofλ5≤:

AT-ε0 À ?

0 À ε : {}0 À M : W1 ≤ {πx:Ai .Bi }i≤n 0 À {πx:Ai .Bi }i≤n : ?

AT-&0 À N : W2 ≤ πx:An+1.Bn+1 0 À {πx:Ai .Bi }i≤n+1 : ?

0 À M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1

0 À M : W ≤π lub {πx:Ai .Bi }i≤n+1 0 À {πx:Ai .Bi }i≤n+1 : ?0 À N : A Aj = min

i≤n+1{Ai | 0 ` A ≤ Ai }

AT-OAPP .0 À M • N : Bj [x := N].

Note that in the rule AT-& the hypothesis0 À {πx:Ai .Bi }i≤n+1 : ? does not imply0 À {πx:Ai .Bi }i≤n : ?, so both kinding hypotheses are needed.


As in the case ofλ5≤, using induction and the subsumption rule, it is easy to prove the soundnessof the algorithmic system.

Notation 7.1. We use0 ` M : A ≤ B : K to denote0 ` M : A∧ 0 ` A ≤ B ∧ 0 ` A, B : K .

THEOREM 7.1 (Soundness of algorithmic system ofλ5& ). For all 0, A, K ,M,

1. 0 À K ⇒ 0 ` K

2. 0 ` ? ∧ 0 À A : K ⇒ 0 ` A : K

3. 0 ` ? ∧ 0 À M : A⇒ 0 ` M : A.

Proof. Simultaneously by induction on the depth of the derivation in the algorithmic system.

Case(AT-&). Suppose that0 ` ? and that the derivation ends by an application of the rule AT-&.We have:

0 À {πx:Ai .Bi }i≤n+1 : ? ⇒ 0 ` {πx:Ai .Bi }i≤n+1 : ?

⇒ 0 ` πx:An+1.Bn+1 : ?

0 À {πx:Ai .Bi }i≤n : ? ⇒ 0 ` {πx:Ai .Bi }i≤n : ?

0 À M : W1 ⇒ 0 ` M : W1

⇒ 0 ` W1 : ?

0 ` M : W ≤ {πx:Ai .Bi }i≤n : ? ⇒ 0 ` M : {πx:Ai .Bi }i≤n

0 À N : W2 ⇒ 0 ` N : W2

⇒ 0 ` W2 : ?

0 ` N : W2 ≤ πx:An+1.Bn+1 : ?⇒ 0 ` N : πx:An+1.Bn+1.


0 ` M : {πx:Ai .Bi }i≤n 0 ` N : πx:An+1.Bn+1 0 ` {πx:Ai .Bi }i≤n+1 : ?

0 ` M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1 T-&.

Case(AT-OAPP). Suppose that0 ` ? and that the derivation ends by an application of the ruleAT-OAPP. We have:

0 À M : W ≤π lub {πx:Ai .Bi }i≤n+1⇒ 0 ` M : W ∧ 0 ` W ≤ {πx:Ai .Bi }i≤n+1

⇒ 0 ` W : ? ∧ ∀i ≤ n+ 1. 0 ` Ai : ?

0 À {πx:Ai .Bi }i≤n+1 : ? ⇒ 0 ` {πx:Ai .Bi }i≤n+1 : ?

0 ` M : W ≤ {πx:Ai .Bi }i≤n+1 : ? ⇒ 0 ` M : {πx:Ai .Bi }i≤n+1

0 À N : A ⇒ 0 ` N : A

⇒ 0 ` A : ?

Aj = mini≤n+1{Ai | 0 ` A ≤ Ai } ⇒ 0 ` A ≤ Aj

0 ` N : A ≤ Aj : ? ⇒ 0 ` N : Aj .


0 ` M : {πx:Ai .Bi }i≤n+1 0 ` N : Aj

0 ` M • N : Bj [x := N]T-OVER.

Other cases are similar to those forλ5≤.

DEPENDENT TYPES 59

Again we have the completeness of the algorithmic system:

THEOREM 7.2 (Completeness of algorithmic system ofλ5& ).

1. 0 ` K ⇒ 0 À K

2. 0 ` A : K ⇒ ∃Ka s.t. 0 À A : Ka ∧ Ka=β K ∧ 0 ` Ka

3. 0 ` M : A⇒ ∃Aa s.t. 0 À M : Aa ∧ 0 ` Aa ≤ A

Proof. Simultaneously by induction on the depth of the derivation in the original system.

Case(T-&). Suppose that the derivation ended by an application of the rule T-&:

T-&0 ` M : {πx:Ai .Bi }i≤n 0 ` N : πx:An+1.Bn+1 0 ` {πx:Ai .Bi }i≤n+1 : ?

0 ` M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1.

Then

0 ` M : {πx:Ai .Bi }i≤n ⇒ ∃W1.0 À M : W1 ≤ {πx:Ai .Bi }i≤n I H

0 ` N : πx:An+1.Bn+1 ⇒ ∃W2.0 À N : W2 ≤ πx:An+1.Bn+1 I H

0 ` M : {πx:Ai .Bi }i≤n ⇒ 0 ` {πx:Ai .Bi }i≤n : ?

⇒ 0 À {πx:Ai .Bi }i≤n : ?

0 ` {πx:Ai .Bi }i≤n+1 : ?⇒ 0 À {πx:Ai .Bi }i≤n+1 : ?.


0 À M : W1 ≤ {πx:Ai .Bi }i≤n 0 À {πx:Ai .Bi }i≤n : ?


0 À M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1.

Let Aa = {πx:Ai .Bi }i≤n+1; the result follows from the reflexivity of subtyping.

Case(T-OAPP). Suppose that the derivation ended by an application of the rule T-OAPP:

T-OAPP0 ` M : {πx:Ai .Bi }i≤n 0 ` N : Ai

0 ` M • N : Bi [x := N]

0 ` M : {πx:Ai .Bi }i≤n ⇒ 0 À M : W ≤ {πx:Ai .Bi }i≤n

⇒ 0 ` W ≤π lub {πx:A′i .B′i }i≤m ∧ 0 ` {πx:A′i .B

′i }i≤m ≤ {πx:Ai .Bi }i≤n

0 À M : W ⇒ 0 ` M : W

⇒ 0 ` W : ?

⇒ 0 ` {πx:A′i .B′i }i≤m : ?

0 ` N : Ai ⇒ 0 À N : A ≤ Ai .


0 À M : W ≤π lub {πx:A′i .B′i }i≤m 0 À {πx:A′i .B

′i }i≤m : ?

AT-OAPP0 À N : A A′j = min

i≤m{A′i | 0 ` A ≤ A′i }

0 À M • N : B′j [x := N].


We continue as follows:

0 ` {πx:A′i .B′i }i≤m ≤ {πx:Ai .Bi }i≤n

⇒ ∃h. 0 ` πx:A′h.B′h ≤ πx:Ai .Bi S-OVER

⇒ 0 ` Ai ≤ A′h ∧ 0, x : Ai ` B′h ≤ Bi generation of typing

⇒ 0 ` A ≤ A′h ∧ 0, x : A ` B′h ≤ Bi 0 ` A ≤ Ai

⇒ 0 ` A′j ≤ A′h A′j =mini≤m{A′i | 0 ` A≤ A′i }⇒ 0, x : A′j ` B′j ≤ B′h covariance

⇒ 0, x : A ` B′j ≤ B′h 0 ` A ≤ A′j⇒ 0, x : A ` B′j ≤ Bi transitivity

0 À N : A⇒ 0 ` N : A

0 ` N : A∧ 0, x : A ` B′j ≤ Bi ⇒ 0 ` B′j [x := N] ≤ Bi [x := N].

Therefore,0 À M • N : B′j [x := N] ≤ Bi [x := N], that is the result.Other cases are similar to those inλ5≤.

By an argument similar to the one forλ5≤, we can prove the minimal typing property forλ5& , thatis that whenever0 À M : A, thenA is a minimal type of the termM .

Finally, note that the rules we added to the algorithmic system ofλ5≤ do not affect the terminationof the algorithm, provided that the correspondingβ conversion is decidable. Therefore from the aboveresults we can also conclude that any subsystem ofλ5& in which β-conversion is decidable, contextformation, kinding, typing, and subtyping are decidable too.

8. CONCLUSION

In this work we have presented how to merge into a unique formalism dependent types, subtyping,and late bound overloading. The logical system we obtained is inevitably rather complex, but also veryexpressive.

The combination of subtyping with first order types does not need to be further justified since its needis acknowledged by several articles in the literature whose references are given in Section 2.1. The samepapers show that some amount of overloading is necessary, as well. Up to now, this need was partiallysatisfied by the use of intersection types, which implement a very limited form of overloading.

The lack of elegant theories and, more generally, of studies of overloading may explain, if not justify,the use of intersection types as an ersatz of overloading. However, it is not very difficult to add overloadedfunctions to first order types, once we dispose of a complete theory of overloading. As a matter of fact,the relative complexity ofλ5& does not come from the use of overloading but from the use of latebinding. It is late binding that requires uneasy conditions on the kinding of types, conditions that enforcethe circularity among kinding, typing, and subtyping. Therefore, it is because of late binding that wecould not start from existing systems of dependent types and subtyping, but we had to develop a brandnew formalization,λ5≤, which because of its broken circularity is prone to extensions. More recentworks of other authors seem to confirm that the techniques we first introduced inλ5≤ are good ones,as we explained in the excursus ending Section 6.3.

The reward of these efforts is a very powerful system that, thanks precisely to late binding, allowsthe same kind of modular and incremental programming that has been made popular by object-orientedlanguages.

In this article we developed the theoretical part of the system and studied a large amount of theoreticalproperties ranging from confluence to subject reduction, from conservativity to transitivity elimination,and from normalization properties to decidability. It is now necessary to explore the practical applicationsof this system by defining appropriate decidable subsystems and by embedding them in programming

DEPENDENT TYPES 61

languages and the technology of theorem provers. In that perspective it will be necessary to explorederived systems in which the formation and rewriting rules of the overloaded types can be weakened.

APPENDIX

A.1. λ5& System

A.1.1. Typing and Subtyping Rules

A.1.1.1. Formation for Kind and Context.

F-EMPTY 〈〉 ` ?

F-TERM0 ` A : ? x /∈ Dom(0)

0, x : A ` ?

F-TYPE0 ` K α /∈ Dom(0)

0, α : K ` ?

F-SUBTYPE0 ` A : K α /∈ Dom(0)

0, α ≤ A : K ` ?

F-50, x:A ` K

0 ` 5x:A.K

A.1.1.2. Kinding Rules.

K-VAR0 ` ? α ∈ Dom(0)

0 ` α : Kind0(α)

K-π0, x : A ` B : ?

0 ` πx:A.B : ?

K-30, x : A ` B : K

0 ` 3x:A.B : 5x:A.K

K-APP0 ` A : 5x:B.K 0 ` M : B

0 ` AM : K [x := M ]

K-CONV0 ` A : K 0 ` K ′ K=βK ′

0 ` A : K ′

0 ` ? ∀i ∈ I . 0 ` πx:Ai .Bi : ?

∀i ∈ I . πx:Ai .Bi is closed and in normal form

∀i, j ∈ I . 0 ` Ai ≤ Aj ⇒ 0, x : Ai ` Bi ≤ Bj

∀A.Fv(A) ⊆ Dom(0)⇒ ((∀i ∈ I . 0 6` A ≤ Ai ) ∨ (∃!i ∈ I . 0 ` A ≤ Ai ∧ ∀ j ∈I0 ` A ≤ Aj ⇒ 0 ` Ai ≤ Aj ))

K-OVER0 ` {πx:Ai .Bi }i∈I : ?

A.1.1.3. Typing Rules.

T-VAR0 ` ? x ∈ Dom(0)

0 ` x : 0(x)

T-λ0, x : A ` M : B

0 ` λx:A.M : πx:A.B

T-APP0 ` M : πx:A.B 0 ` N : A

0 ` M N : B[x := N]


T-ε0 ` ?

0 ` ε : {}T-&

0 ` M : {πx:Ai .Bi }i≤n 0 ` N : πx:An+1.Bn+1 0 ` {πx:Ai .Bi }i≤n+1 : ?

0 ` M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1

T-OAPP0 ` M : {πx:Ai .Bi }i≤n 0 ` N : Ai

0 ` M • N : Bi [x := N]

T-SUB0 ` M : A 0 ` A ≤ B 0 ` A, B : ?

0 ` M : B

A.1.1.4. Subtyping Rules.

S-π0 ` A′ ≤ A 0, x : A′ ` B ≤ B′

0 ` πx:A.B ≤ πx:A′.B′

S-ApRM1=β M ′1 · · ·Mn=β M ′n

0 ` αM1 · · ·Mn ≤ αM ′1 · · ·M ′nS-ApT

0 ` 0(α)M1..Mn ≤ A

0 ` αM1..Mn ≤ A

S-ApSL0 ` B[x := M1]M2..Mn ≤ C

0 ` (3x:A.B)M1..Mn ≤ C

S-ApSR0 ` C ≤ B[x := M1]M2..Mn

0 ` C ≤ (3x:A.B)M1..Mn


0 ` {πx:Ai .Bi }i∈I ≤ {πy:Cj .Dj } j∈J

A.1.2. Reduction

Theβ-conversion is given by context closure of the union of the following three notions of reduction:

(λx:A.M)N →β1 M [x := N]

(3x:A.B)N →β2 B[x := N].

Theβ& -reduction in a context0 is defined as follows:

If 1. N is closed and in normal form,

2. there existsi ∈ [1..n] s.t. 0 ` N : Ai and∀ j ∈ [1..n] 0 ` N : Aj ⇒ 0 ` Ai ≤ Aj

then

(M1& {πx:Ah.Bh}h=1..n M2

) • N →β&

{M1 • N for i ≤ n

M2 · N for i = n.

A.1.3. Algorithmic Rules forλ5&

A.1.3.1. Algorithmic Subtyping Rules.

AS-π0 À A′ ≤ A 0, x:A′ À B ≤ B′

0 À πx:A.B ≤ πx:A′.B′

AS-ApRM1=β M ′1 · · ·Mn=β M ′n

0 À αM1 · · ·Mn ≤ αM ′1 · · ·M ′n

DEPENDENT TYPES 63

AS-ApT0 À 0(α)M1..Mn ≤ A

0 À αM1..Mn ≤ AA 6≡αM ′1···M ′n

AS-ApSL0 À B[x := M1]M2..Mn ≤ C

0 À (3x:A.B)M1..Mn ≤ C

AS-ApSR0 À C ≤ B[x := M1]M2..Mn

0 À C ≤ (3x:A.B)M1..Mn

C 6≡ (3x:A′.B′)M ′1..M′m

C 6≡αM ′1···M ′m

AS-OVER∀ j ∈ J ∃i ∈ I 0 À πx:Ai .Bi ≤ πy:Cj .Dj

0 À {πx:Ai .Bi }i∈I ≤ {πy:Cj .Dj } j∈J

A.1.3.2.π lub Rules.

Lub-REFL0 À πx:A.B ≤π lub πx:A.B

Lub-ApT0 À 0(α)M1..Mn ≤π lub A

0 À αM1..Mn ≤π lub A

Lub-ApSL0 À B[x := M1]M2..Mn ≤π lub C

0 À (3x:A.B)M1..Mn ≤π lub C

Lub-OVER0 À {πx:Ai .Bi }i≤n ≤π lub {πx:Ai .Bi }i≤n

A.1.3.3. Algorithmic Context Formation Rules.

AF-EMPTY 〈〉 À ?

AF-TERM0 À ? 0 À A : ? x /∈ Dom(0)

0, x : A À ?

AF-TYPE0 À K α /∈ Dom(0)

0, α : K À ?

AF-SUBTYPE0 À K 0 À A : K ′ K =β K ′ α /∈ Dom(0)

0, α ≤ A : K À ?

AF-50, x : A À K

0 À 5x:A.K

A.1.3.4. Algorithmic Kinding Rules.

AK-VARα ∈ Dom(0)

0 À α : Kind0(α)

AK-π0 À A : ? 0, x : A À B : ?

0 À πx : A.B : ?

AK-30 À A : ? 0, x : A À B : K

0 À 3x:A.B : 5x:A.K

AK-APP0 À A : 5x:B.K 0 À M : B′ 0 À B′ ≤ B

0 À AM : K [x := M ]


0 À ? ∀i ∈ I . 0 À πx:Ai .Bi : ?

∀i ∈ I . πx:Ai .Bi is closed and in normal form

∀i, j ∈ I . 0 À Ai ≤ Aj ⇒ 0, x : Ai À Bi ≤ Bj

∀A.Fv(A) ⊆ Dom(0)⇒ ((∀i ∈ I . 0 6À A ≤ Ai )∨AK-OVER

(∃!i ∈ I . 0 À A ≤ Ai ∧ ∀ j ∈ I0 À A ≤ Aj ⇒ 0 À Ai ≤ Aj ))

0 À {πx:Ai .Bi }i∈I : ?

A.1.3.5. Algorithmic Typing Rules.

AT-VARx ∈ Dom(0)

0 À x : 0(x)

AT-λ0 À A : ? 0, x : A À M : B

0 À λx:A.M : πx:A.B

AT-APP0 À M : A 0 À A ≤π lub πx : B.C 0 À N : B′ 0 À B′ ≤ B

0 À M N : C[x := N]

AT-ε0 À ?

0 À ε : {}0 À M : W1 ≤ {πx:Ai .Bi }i≤n 0 À {πx:Ai .Bi }i≤n : ?


0 À M& {πx:Ai .Bi }i≤n+1 N : {πx:Ai .Bi }i≤n+1

0 À M : W ≤π lub {πx:Ai .Bi }i≤n+1 0 À {πx:Ai .Bi }i≤n+1 : ?

AT-OAPP0 À N : A Aj = mini≤n+1{Ai | 0 ` A ≤ Ai }

0 À M • N : Bj [x := N]

A.2. Overloaded Functors

signature Item = sig type item;val isequal: item ∗ item -> bool

end

signature Tree = sig structure i: Item;type 'a tree;val empty: 'a tree;val cons: 'a ∗ 'a tree ∗ 'a tree -> 'a tree;...

end

signature OrdItem = sig type item;val isequal: item ∗ item -> bool;val isless: item ∗ item -> bool

end

signature OrdTree = sig structure i: OrdItem;type 'a tree;...

end

DEPENDENT TYPES 65

signature Dict =sig

type keytype 'a dictval empty : 'a dictval isnull: 'a dict -> boolval find: key ∗ 'a dict -> 'aval insert : key ∗ 'a ∗ 'a dict -> 'a dict

end

mkDict =functor(t:Tree): Dict =

structtype key = t.i.item;type 'a dict = (key ∗ 'a) t.treeval empty = t.empty;val isnull = t.isnullfun find (k,d) = if isnull(d) then raise Notfound

else let (k',a) = t.root(d) in if t.i.isequal(k,k')then a ...

fun insert (k,a,d) = ...end

and (∗>>> overloading: "and" stands for "&" <<<∗)functor(t:OrdTree):Dict =

structtype key = t.i.itemtype 'a dict = (key * 'a) t.tree...fun find (k,d) = if isnull(d) then raise Notfound

else let (k',a) = t.root(d) inif t.i.isless(k,k') then find (k,left(d)) else ...

fun insert (k,a,d) = if isnull(d)then t.cons((k,a), empty, empty)

else (∗ Ordered search of a free position∗ )end

ACKNOWLEDGMENTS

Without a doubt the greatest boost to the quality of this work was given by Kathleen Fisher and the other two anonymousreferees of Information and Computation. It is rather unusual to see reports so accurate, precise, and pertinent, and we do thankthe three referees for the time they dedicated to our work. It is the first time that all the reports for an article are of such goodquality. And the merit of that goes to our editor, Mariangiola Dezani, whom we thank for such a wise choice. Giuseppe Longoalso deserves our gratitude, for having patiently commented on several (about five) different versions of this work.

REFERENCES

[AC96a] M.-V. Aponte and G. Castagna (1996), Programmation modulaire avec surcharge et liaison tardive,in “JourneesFrancophones des Langages Applicatifs,” Val Morin, Quebec, Canada. [In French]

[AC96b] D. Aspinall and A. Compagnoni (1996), Subtyping dependent types,in “Proc. 11th Annual Synposium on Logic inComputer Science.” pp. 86–97, IEEE, New York.

[Asp95] D. Aspinall (1995), Subtyping with singleton types,in “Proc. Computer Science Logic. CSL’94,” Lecture Notes inComputer Science, Vol. 933, Springer-Verlag, Berlin/New York.

[Bar84] H. P. Barendregt (1984), “The Lambda Calculus Its Syntax and Semantics,” revised ed., North-Holland, Amsterdam.

[Bar92] H. Barendregt (1992), Lambda calculi with types,in “Handbook of Logic in Computer Science,” Vol. 2, ClarendonPress, Oxford.


[BCDC83] H. Barendregt, M. Coppo, and M. Dezani-Ciancaglini (1983), A filter lambda model and the completeness of typeassignment,J. Symbolic Logic48, 931–940.

[CAB+86] R. L. Constable, S. F. Allen, H. M. Bromley, W. R. Cleaveland, J. F. Cremer, R. W. Harper, D. J. Howe, T. B.Knoblock, N. P. Mender, P. Panangaden, J. T. Sasaki, and S. F. Smith (1986), “Implementing Mathematics in theNuPRL Proof Development System,” Prentice-Hall, Englewood Cliffs, NJ.

[Car88] L. Cardelli (1988), A semantics of multiple inheritance,Inform. and Comput.76, 138–164. A previous version canbe found in Semantics of Data Types, Lecture Notes in Computer Science, Vol. 173, pp. 51–67, Springer-Verlag,Berlin/New York.

[Cas95] G. Castagna (1995), Covariance and contravariance: conflict without a cause,ACM Trans. Programming LanguagesSystems17, 431–447.

[Cas96] G. Castagna (1996), Integration of parametric and “ad hoc” second order polymorphism in a calculus with subtyping,Formal Aspects Comput.8, 247–293.

[Cas97] G. Castagna (1997), Object-oriented programming: A unified foundation,in “Progress in Theoretical ComputerScience,” Birkauser, Boston.

[CD80] M. Coppo and M. Dezani-Ciancaglini (1980), An extension of the basic functionality theory for theλ-calculus,Notre-Dame J. Formal Logic21, 685–693.

[CG97] A. Compagnoni and H. Goguen (1997), “Typed Operational Semantics for Higher Order Subtyping,” TechnicalReport ECS-LFCS-97-361, LFCS University of Edinburgh.

[CGL93] G. Castagna, G. Ghelli, and G. Longo (1993), A semantics forλ&-early: a calculus with overloading and earlybinding, in “International Conference on Typed Lambda Calculi and Applications, (M. Bezem and J. F. Groote,Eds.), Utrecht, The Netherlands, March 1993,” Lecture Notes in Computer Science Vol. 664, pp. 107–123, Springer-Verlag, Berlin/New York.

[CGL95] G. Castagna, G. Ghelli, and G. Longo (1995), A calculus for overloaded functions with subtyping,Inform. andComput.117, 115–135.

[Cha92] C. Chambers (1992), Object-oriented multi-methods in Cecil,in “ECOOP’92,” Lecture Notes in Computer Science,Vol. 615, Springer-Verlag, Berlin/New York.

[Che96] G. Chen (1996), “Dependent Type System with Subtyping,” Technical Report LIENS-96-27. Laboratoired’Informatique, Ecole Normale Superieure, Paris, December 1996.

[Che97] G. Chen (1997), Subtyping calculus of construction, extended abstract,in “22nd International Symposium onMathematical Foundation of Computer Science,” Lecture Notes in Computer Science, Vol: 1295, Springer-Verlag,Berlin/New York.

[Che98] G. Chen (1998),“Subtyping, Type Conversions and Elimination of Transitivity,” Ph.D. thesis, Universite Paris 7,December.

[Coq92] T. Coquand (1992), Pattern matching with dependent types,in “Proceedings on Types for Proofs and Programs,”pp. 71–83.

[Cou97] J. Courant (1997), A module calculus for pure type systems,in “Typed Lambda Calculus and Applications,” LectureNotes in Computer Science, Vol. 1210, pp. 112–128.

[DG87] L. G. DeMichiel and R. P. Gabriel (1987), Common lisp object system overview,in “Proc.of ECOOP ’87 European Conference on Object-Oriented Programming, Paris, France, June 1987” Lecture Notesin Computer Science Vol. 276, pp. 151–170, Springer-Verlag, Berlin/New York.

[Ghe93] G. Ghelli (1993), Recursive types are not conservative over F≤, in (M. Bezem and J. F. Groote, Eds.), “InternationalConference of typed Lambda Calculi and Applications, Utrecht, The Netherlands, March 1993” Lecture Notes inComputer Science. Vol. 664, pp. 146–162. Springer-Verlag, Berlin/New York.

[Gir87] J. Y. Girard (1987), Linear logic,in “Theoretical Computer Science,” Vol. 50, pp. 1–102, North-Holland; Amsterdam.

[HHP93] R. Harper, F. Honsell, and G. Plotkin (1993), A framework for defining logics,J. Assoc. Comput. Mach. 40, 143–184.

[Hic95] J. J. Hickey (1995), “Formal Abstract Data Types,” Unpublished draft, December.

[Hin64] R. Hindley (1964), “The Church-Rosser Property and a Result of Combinatory Logic,” Dissertation, University ofNewcastle-upon-Tyne.

[HL94] R. Harper and M. Lillibridge (1994), A type-theoretic approach to higher-order modules with sharing,in “21stAnnual Symposium on Principles Of Programming Languages, Portland, Oregon,” pp. 123–137, Assoc. Comput.Mach. Press, New York.

[Ler94] X. Leroy (1994), Manifest types, Modules, and separate compilation,in “Proceedings of the 21st Symposium onPrinciples of Programming Languages,” pp. 109–122, ACM Press, New York.

[Luo96] Z. Luo (1996), Coercive subtyping in type theory,in “CSL’96, the 1996 Annual Conference of the EuropeanAssociation for Computer Science Logic. Utrecht,” Lecture Notes in Computer Science. Vol. 1258, Springer-Verlag,Berlin/New York.

[Luo97] Z. Luo (1997), Coercive subtyping,J. Logic Comput.9(13).

[MH88] J. C. Mitchell and R. Harper (1988), The essence of ML,in “15th Ann. ACM Symp. on Principles of ProgrammingLanguages.”

[MQ85] D. B. Mac Queen (1985), Modules for standard ML, Polymorphism2(2).

DEPENDENT TYPES 67

[MQ86] D. B. Mac Queen (1986), Using dependent types to express modular structure: experience with Pebble and ML.in“Proc. 13th Annual ACM Symp. on Principles of Programming Languages.”

[MTH90] R. Milner, M. Tofte, and R. Harper, “The Definition of Standard ML,” The MIT Press, Cambridge, MA, 1990.

[Pfe93] F. Pfenning (1993), Refinement types for logical frameworks,in “Informal Proceedings of the 1993 Workshop onTypes for Proof and Programs.”

[Ros73] B. K. Rosen (1973), Tree manipulation systems and Church-Rosser theorems,Journal of ACM20, 160–187.

[Tai67] W. W. Tait (1967), Intensional interpretation of functional of finite type I,J. Symbolic Logic32, 198–212.

[Zwa99] J. Zwanenburg (1999), Pure type systems with subtyping,in “TLCA’99,” Lecture Notes in Computer Science,Vol. 1581, Springer-Verlag, Berlin/New York.

dependent types with subtyping and late-bound overloading · greatly enhances its ﬂexibility....

Documents