Severalproblemshistoricallypreventedlambdaencodingsfrombeingadoptedinp - PDF document

1 Severalproblemshistoricallypreventedlamb
Severalproblemshistoricallypreventedlambdaencodingsfrombeingadoptedinpracticaltypetheories.Scottencodingsareecientbutdonotinherentlyprovideaformofiterationorrecursion.Churchencodingsinherentlyprovideiteration,andaretypableinSystemF.DuetostrongnormalizationofSystemF[15],theyarethussuitableforuseinatotal(impredicative)typetheory,but:1.ThepredecessorofntakesO(n)timetocomputeinsteadofconstanttime.2.Wecannotprove06=1withtheusualdenitionof6=.3.Inductionisnotderivable[13].TheseissuesmotivatedthedevelopmentoftheCalculusofInductiveConstruc-tions(cf.[22]).Problem(1)isbestknownbuthasasurprisinglyunderappreci-atedsolution:ifweacceptpositiverecursivedenitions(whichpreservenormal-ization),thenwecanuseParigotnumerals,whicharelikeChurchnumeralsbutbasedonrecursorsnotiterators[20].NormalformsofParigotnumeralsareex-ponentialinsize,butareasonableterm-graphimplementationshouldbeabletokeepthemlinearviasharing.Theotherthreeproblemshaveremainedunsolved.Inthispaper,weproposesolutionstoproblems(2)and(3).Forproblem(2)weproposetochangethedenitionoffalsehoodfromexplosion(8X:X,everythingistrue)toequationalinconsistency(8X:x:X:y:X:x=Xy,everythingisequalforanytype).Wep

2 ointoutthat06=1isderivablewiththisnotion
ointoutthat06=1isderivablewiththisnotion.Ourmaincontributionisforproblem(3).WeadaptCCtosupportdependenteliminationwithChurchorParigotencodings,usinganoveltypeconstructcalledselftypes,x:T,toexpressdependencyofatypeonitssubject.Thisallowsderivinginductionprinciplesinatotaltypetheory,andwebelieveitisthemissingpieceofthepuzzlefordependenttypingofpurelambdacalculus.Wesummarizethemaintechnicalpointsofthispaper:{SystemS,whichenablesustoencodeChurchandParigotdataandderiveinductionprinciplesforthesedata.{WeprovestrongnormalizationofSbyerasuretoaversionofF!withpositiverecursivetypedenitions.WeprovestrongnormalizationofthisversionofF!byadaptingastandardargument.{TypepreservationforSisprovedbyextendingBarendregt'smethod[4]tohandleimplicitproductsandmakinguseofacon uenceargument.Detailedargumentsomittedheremaybefoundinanextendedversion[11].2OverviewofSystemSSystemSextendsatype-assignmentformulationoftheCalculusofConstruc-tions(CC)[9].Weallowglobalrecursivedenitionsinaformwecallaclosure:f(xi:Si)7!tigi2N[f(Xi:i)7!Tigi2MThexiaretermvariableswhichcannotappearinthetermsti,butcanappearinthetypesTi.AndN;Marenonemptyindexset.Occurrencesintypesareused2 isNat!Natandth

3 etypeof0isNat.SothetypingofNatwillb
etypeof0isNat.SothetypingofNatwillbemutuallyrecursive.ObservethattherecursiveoccurrencesofNatareallatthetype-annotatedpositions;i.e.,therightsideofthe\:".NotethatthesubdataofnisresponsibleforonerecursiveoccurrenceofNat,namely,y:Nat.Ifonenevercomputeswiththesubdata,thenthesenumeralswillbehavejustlikeChurchnumerals.ThisinspiresustouseMiquel'simplicitproduct[18].Inthiscase,wewanttoredeneNattobesomethinglike:8P:Nat!:8y:Nat:(Py!P(Sy))!P0!Pnforanyn.Here8y:Natistheimplicitproduct.NowournotionofnumeralsareexactlyChurchnumeralsinsteadofParigotnumerals.Evenbetter,thisdenitionofNatcanbeerasedtoF!.SinceF!'stypesdonothavedependencyonterms,P:Nat!willgeterasedtoP:.Itisknownthatonecanalsoerasetheimplicitproduct[3].TheerasureofNatwillbeP::(P!P)!P!P,whichisthedenitionofNatinF!.Thesecondproblemisaboutquantication.WewanttodeneatypeNatforanyn,butrightnowwhatwereallyhaveisoneNatforeachnumeraln.Wesolvethisproblembyintroducinganewtypeconstructx:Tcalledaselftype.Thisallowsustomakethisdenition(forChurch-encodednaturals):Nat:=x:8P:Nat!:8y:Nat:(Py!P(Sy))!P0!PxWerequirethattheselftypecan

4 onlybeinstantiated/generalizedbyitsownsu
onlybeinstantiated/generalizedbyitsownsubject,soweaddthefollowingtworules:�`t:[t=x]T �`t:x:TselfGen�`t:x:T �`t:[t=x]TselfInstWehavethefollowinginferences1:n:8P:Nat!:8y:Nat:(Py!P(Sy))!P0!Pn n:x:8P:Nat!:8y:Nat:(Py!P(Sy))!P0!Px2.2TheNotionofContradictionInCCalaCurry,itiscustomarytouse8X::Xasthenotionofcontradiction,sinceaninhabitantofthetype8X::Xwillinhabitanytype,sothelawofex-plosionissubsumedbythetype8X::X.However,thisnotionofcontradictionistoostrongtobeuseful.Lett=At0denote8C:A!:Ct!Ct0witht;t0:A.Then0=Nat1canbeexpandedto8C:Nat!:C0!C1(0isLeibnizequalsto1).Onecannotderiveaprooffor(8C:Nat!:C0!C1)!8X::X,becausetheerasureof(8C:Nat!:C0!C1)!8X::XinSystemFwouldbe(8C::C!C)!8X::X,andweknowthat8C::C!Cisinhabited.Sotheinhabitationof(8C:Nat!:C0!C1)!8X::Xwillimplytheinhabitationof8X::XinSystemF,whichdoesnothold.IfwetakeLeibnizequalityanduse8X::Xascontradiction,thenwecannotproveanynegativeresultsaboutequality. 1Thedoublebarmeansthattheconverseoftheinferencealsoholds.4 �`t:T1�`T1=T2�`T2: �`t:T2Conv(x:T)2� �`x:TVar �`t:[t=x]T

5 �`x:T: �`t:x:TSelfGe
�`x:T: �`t:x:TSelfGen �`t:x:T �`t:[t=x]TSelfInst �;x:T1`t:T2�`T1:x=2FV(t) �`t:8x:T1:T2Indx �`t:8x:T1:T2�`t0:T1 �`t:[t0=x]T2Dex�`t:x:T1:T2�`t0:T1 �`tt0:[t0=x]T2App�;X:`t:T�`: �`t:8X::TPoly�`t:8X::T�`T0: �`t:[T0=X]TInst�;x:T1`t:T2�`T1: �`x:t:x:T1:T2FuncReductions�`t!t0 ,�`T!T0 (x7!t)2� �`x!t �`(x:t)t0![t0=x]t(X7!T)2� �`X!T �`(x:T)t![t=x]T �`(X:T)T0![T0=X]T4LambdaEncodingsinSNowletusseesomeconcreteexamplesoflambdaencodinginS.Forconvenience,wewriteT!T0forx:T:T0withx=2FV(T0),andsimilarlyforkinds.4.1NaturalNumbersDenition1(ChurchNumerals).Letcbethefollowingclosure:(Nat:)7!x:8C:Nat!:(8n:Nat:Cn!C(Sn))!C0!Cx(S:Nat!Nat)7!n:s:z:s(nsz)(0:Nat)7!s:z:zWiths:8n:Nat:Cn!C(Sn);z:C0;n:Nat,wehavec`wf(usingselfGenandselfInstrules).Alsonotethatthecsatisestheconstraintsonrecursivedenitions.Similarly,ifwechoosetouseexplicitproduct,thenwecandeneParigotnumerals.Denition2(ParigotNumerals).Letpbethef

6 ollowingclosure:(Nat:)7!x:8C:Na
ollowingclosure:(Nat:)7!x:8C:Nat!:( n:Nat:Cn!C(Sn))!C0!Cx(S:Nat!Nat)7!n:s:z:s n(nsz)(0:Nat)7!s:z:z7 NotethattherecursiveoccurencesofNatinParigotnumeralsareatpositivepositions.TherestoftheexamplesareaboutChurchnumerals,butasimilardevelopmentcanbecarriedoutwithParigotnumerals.Theorem2(InductionPrinciple).c`Ind:8C:Nat!:(8n:Nat:Cn!C(Sn))!C0!n:Nat:CnwhereInd:=s:z:n:nszwiths:8n:Nat:Cn!C(Sn);z:C0;n:Nat.Proof.Let�=c;C:Nat!;s:8n:Nat:Cn!C(Sn);z:C0;n:Nat.Sincen:Nat,byselfInst,n:8C:Nat!:(8y:Nat:Cy!C(Sy))!C0!Cn.Thusnsz:Cn.ItisworthnotingthatitisreallythedenitionofNatandtheselfInstrulethatgiveustheinductionprinciple,whichisnotderivableinCC[8].Denition3(Addition).m+n:=IndSnmOnecancheckthatc`+:Nat!Nat!NatbyinstantiatingtheCinthetypeofIndbyy:Nat,thenthetypeofIndis(Nat!Nat)!Nat!(Nat!Nat).Denition4(Leibniz'sEquality).Eq:=A[:]:x[:A]:y[:A]:8C:A!:Cx!Cy.Notethatweusex=AytodenoteEqAxy.Weoftenwritet=t0whenthetypeisclear.Onecancheckthatif`A:and`x;y:A,then`x=Ay:.Theorem3.c`x:Nat:x+0=NatxProof.Weprovethisbyinduction.WeinstantiateCinthetypeofInd

7 withn:(n+0)=Natn.Sobybetareductiona
withn:(n+0)=Natn.Sobybetareductionattypelevel,wehave(8n:Nat:(n+0=Natn)!((Sn)+0=NatSn))!0+0=Nat0!n:Nat:n+0=Natn.Soforthebasecase,weneedtoshow0+0=Nat0,whichiseasy.Forthestepcase,weassumen+0=Natn(InductionHypothesis),andwanttoshow(Sn)+0=NatSn.Since(Sn)+0!S(nS0)=S(n+0),bycongruenceontheinductionhypothesis,wehave(Sn)+0=NatSn.Thusx:Nat:x+0=Natx.TheabovetheoremisprovableinsideS.Itshowshowtoinhabitthetypex:Nat:x+0=Natxgivenc,usingInd.4.2VectorEncodingDenition5(Vector).Letvbethefollowingdenitions:(vec:!Nat!)7!U::n:Nat: x:8C: p:Nat:vecUp!:(m:Nat:u:U:8y:vecUm:(Cmy!C(Sm)(consmuy)))!C0nil!Cn x(nil:8U::vecU0)7!y:x:x(cons:n:Nat:8U::U!vecUn!vecU(Sn))7!n:v:l:y:x:ynv(lyx)wheren:Nat;v:U;l:vecUn;y:m:Nat:u:U:8z:vecUm:(Cmz!C(Sm)(consmuz));x:C0nil.8 Denition8(SyntaxforF!withpositivedenitions).Termst::=xjx:tjtt0Kinds::=j0!TypesT::=Xj(8X:T)j(T1!T2)j(X1:T2)1!2j(T1!21T12)2Context�::=
j�;x:Tj�;Denitions::=f

8 (xi:Si)7!tigi2N[fXi7!Tigi
(xi:Si)7!tigi2N[fXi7!Tigi2MTermdenitions::=fxi7!tigi2NNotethatforeveryx7!t;X7!T2,werequireFV(t)=;andFVar(T)fXg;andtheXcanonlyoccuratthepositivepositioninT,nomutuallyrecusivedenitionsareallowed.Weelidethetypingrulesforspacereason.Denition9(Erasureforkinds).WedeneafunctionFwhichmapskindsinStokindsinF!withpositivedenitions.F():=F(x:T:):=F()F(X:0:):=F(0)!F()Denition10(Erasurerelation).Wedenearelation�`T.T0(intuitively,itmeansthattypeTcanbeerasedtoT0underthecontext�),whereT;�aretypesandcontextinS,T0isatypeinF!withpositivedenitions.F(0)=(X:0)2� �`X.X�`T.T1 �`x:T.T1�;X:`T.T1 �`8X::T.(8XF():T1)�`T1.Ta�`T2.Tb �`x:T1:T2.(Ta!Tb)�`T2.T �`8x:T1:T2.T�`T1.T1!2a�`T1b �`T1T2.(T1!2aT1b)2�;X:`T.T0a �`X:T.(XF():T0a)!0�`T.T1 �`Tt.T1�`T.T1 �`x:T.T1Denition11(Erasu

9 reforContext).Wedenerelation�.&#
reforContext).Wedenerelation�.�0inductively.�`T.TF()a�.�0 �;(X:)7!T.�0;XF()7!TF()a�`�0 �;X:.�0
.
�`T.Ta�.�0 �;(x:T)7!t.�0;x:Ta7!t�`T.Ta�.�0 �;x:T.�0;x:TaTheorem4(ErasureTheorem).1.If�`T:,thenthereexistsaTF()asuchthat�`T.TF()a.2.If�`t:Tand�`wf,thenthereexistTaand�0suchthat�`T.Ta,�.�0and�0`t:Ta.10 NowthatweobtainedanerasurefromStoF!withpositivedenitions.Wecon-tinuetoshowthatthelatterisstronglynormalizing.ThedevelopmentbelowisinF!withpositivedenitions.LetRbethesetofallreducibilitycandidates5.LetbeamappingbetweentypevariableofkindtoelementofJK.Denition12.{JK:=R.{J!0K:=ffj8a2JK;f(a)2J0Kg.{JXK:=(X).{J(T1!T2)K:=ftj8u:2JT1K;tu2JT2Kg.{J(8X:T)K:=Tf2JKJTK=X].{J(X0:T)0!K:=fwherefisthemapa7!JTK=X]foranya2J0K.{J(T0!1T0

10 2)K:=JT0!1K
2)K:=JT0!1K(JT02K).Letj
jbeafunctionthatretrievesallthetermdenitionsfromthecontext�.Denition13.Let=j�j,andFVar(�)bethesetoffreetypevariablesin�.Wedene2J�Kif(X)2JKforundenedvariableX;and(X)=lfp(b7!JTK=X])forb2JKifX7!T2�.Notethattheleastxpointoperationinlfp(b7!JTK=X])isdenedsincewecanextendthecompletelatticeofreducibilitycandidatetocompletelattice(JK;;\).Denition14.Let=j�jand2J�K.Wedenetherelation2J�Kinductively:
2J
K2J�Kt2JTK [t=x]2J�;x:TK2J�K 2J�;(x:T)7!tKTheorem5(Soundnesstheorem6).Let=j�j.If�`t:Tand�`wf,thenforany;2J�K,wehavet2JTK,withJTK2R.Theorem4and5implyallthetypableterminSisstronglynormalizing.5.2Con uenceAnalysisThecomplicationsofprovingtypepreservationareduetoseveralruleswhicharenotsyntax-directed.Toprovetypepreservation,o

11 neneedstoensurethatifx:T:T0canbetran
neneedstoensurethatifx:T:T0canbetransformedtox:T1:T2,thenitmustbethecasethatTcanbetransformedtoT1andT0canbetransformedtoT2.Thisiswhyweneedtoshowcon uencefortype-levelreduction.WerstobservethattheselfGenruleandselfInstrulearemutuallyinverse,andmodelthechangeofselftypebythefollowingreductionrelation.Denition15.�`T1!T2ifT1x:T07andT2[t=x]T0forsomextermt. 5Thenotionofreducibilitycandidatehereslightlyextendsthestandardone[15]tohandledenitionalreduction:`x!t,wherex7!t2.Soitisparametrizedby.6PleasenotethatsinceweareinCurrystyleassignment,theinnitereductionse-quenceintermwillnotbethrownaway.7Weusetomeansyntacticidentity.11 Denition18.([�];T)=;([�];T0)if�`T=;T0and�`T:and�`T0:.ThebestwaytounderstandtheE;GmappingsbelowisthroughunderstandingLemmas4and5.Theygiveconcretedemonstrationsofhowtosummarizeasequenceofmorphingrelations.Denition19. E(8X::T):=E(T)E(X):=XE(x:T1:T2):=x:T1:T2E(X:T):=X:TE(T1T2):=T1T2E(8x:T0:T):=8x:T0:TE(x:T):=x:TE(Tt):=TtE(x:T):=x:TDenition20.G(8X::T):=8X::TG(X):=XG(x

12 :T1:T2):=x:T1:T2G(X:T):=X:
:T1:T2):=x:T1:T2G(X:T):=X:TG(T1T2):=T1T2 G(8x:T0:T):=G(T)G(x:T):=x:TG(Tt):=TtG(x:T):=x:TLemma3.E([T0=X]T)[T00=X]E(T)forsomeT00;G([t=x]T)[t=x]G(T).Proof.ByinductiononthestructureofT.Lemma4.If([�];T)!i;g([�0];T0),thenthereexistsatypesubstitutionsuchthatE(T)E(T0).Proof.Itsucestoconsider([�];T)!i;g([�0];T0).IfT08X::Tand�=�0;X:,thenE(T0)E(T).IfT8X::T1andT0[T00=X]T1and�=�0,thenE(T)E(T1).ByLemma3,weknowE(T0)E([T00=X]T1)[T2=X]E(T1)forsomeT2.Lemma5.If([�];T)!I;G([�0];T0),thenthereexistsatermsubstitutionsuchthatG(T)G(T0).Proof.Itsucestoconsider([�];T)!I;G([�0];T0).IfT08x:T1:Tand�=�0;x:T1,thenG(T0)G(T).IfT8x:T2:T1andT0[t=x]T1and�=�0,thenE(T)E(T1).ByLemma3,weknowE(T0)E([t=x]T1)[t=x]E(T1).Lemma6.If([�];x:T1:T2)!i;g([�0];x:T01:T02),thenthereexistsatypesubsti-tutionsuchthat(x:T1:T2)x:T01:T02.Proof.ByLemma4.Lemma7.If([�];x:T1:T2)!I;G([�0];x:T01:T02),thenthereexistsatermsubsti-tutionsuchthat(&

13 #5;x:T1:T2)x:T01:T02.Proof.ByLe
#5;x:T1:T2)x:T01:T02.Proof.ByLemma5.Let!;;i;g;I;Gdenote(!i;g;I;G[=;).Let!;;i;g;I;Gdenote!i;g;I;G[=;.Thegoalofcon uenceanalysisandmorphanalysisistoestablishthefollowingcompatibilitytheorem.Theorem7(Compatibility).If([�];x:T1:T2)!;;i;g;I;G([�0];x:T01:T02),thenthereexistsamixedsubstitution8suchthat([�];(x:T1:T2))=;([�];x:T01:T02).Thus�`T1=T01and�`T2=T02(byTheorem6).Proof.ByLemma7and6,makinguseofthefactthatif�`t=;t0,thenforanymixedsubstitution,wehave�`t=;t0.Theorem8(TypePreservation).If�`t:Tand�`t!t0and�`wf,then�`t0:T. 8Asubstitutionthatcontainsbothtermsubstitutionandtypesubstitution.13 606=1inSTheproofof06=1followsthesamemethodasinTheorem1,whileemptinessof?needstheerasureandpreservationtheorems.Noticethatinthissection,bya=b,wemean8C:A!:Ca!Cbwitha;b:A.Denition21.?:=8A::8x:A:8y:A:x=y.Theorem9.Thereisnotermtsuchthatc`t:?Proof.Supposec`t:?.Bytheerasuretheorem(Theorem4)inSection5.1,wehaveF(c)`t:8A::8C::C!CinF!.Weknowthat8A::8C::C!

14 Cisthesingletontype9,whichisinhabitedby&
Cisthesingletontype9,whichisinhabitedbyz:z.Thismeanst!z:z(thetermreductionsofF!withlet-bindingsarethesameasS)andc`z:z:?inS(bytypepreservation,Theorem8).Let�=c;A:;x:A;y:A;C:A!;z:Cx.Thenwewouldhave�`z:Cy.Sobyinversion,wehave�`Cx!;;i;g;I;GCy,whichmeans�`Cx!Cy.Weknowthisisimpossiblebycon uenceof!.Theorem10.c`0=1!?.Proof.ThisprooffollowsthemethodinTheorem1.Let�=c;a:(8B:Nat!:B0!B1);A:;x:A;y:A;C:A!;c:Cx.WewanttoconstructatermoftypeCy.LetF:=n[:Nat]:n[p:Nat:A](q[:A]:y)x,andnotethatF:Nat!A.WeknowthatF0=xandF1=y.SowecanindeedconvertthetypeofcfromCxtoC(F0).AndthenweinstantiatetheBin8B:Nat!:B0!B1withx[:Nat]:C(Fx).SowehaveC(F0)!C(F1)asthetypeofa.Soac:C(F1),whichmeansac:Cy.Sowehavejustshownhowtoinhabit0=1!?inS.7ConclusionWehaverevisitedlambdaencodingsintypetheory,andshownhowanewselftypeconstructx:Tsupportsdependenteliminationswithlambdaencodings,includingin-ductionprinciples.WeconsideredSystemS,whichincorporatesselftypestogetherwithimplicitproductsandarestrictedversionofglobalpositiverecursivedenition.Thecorrespondinginductionprinc

15 iplesforChurch-andParigot-encodeddatatyp
iplesforChurch-andParigot-encodeddatatypesarederivableinS.Bychangingthenotionofcontradictionfromexplosiontoequationalin-consistency,weareabletoshow06=1inbothCCandS.Weprovedtypepreservation,whichisnontrivialforSsinceseveralrulesarenotsyntax-directed.WealsodenedanerasurefromStoF!withpositivedenitions,andprovedstrongnormalizationofSbyshowingstrongnormalizationofF!withpositivedenitions.Futureworkincludesfurtherexplorationsofdependentlytypedlambdaencodingsforpracticaltypetheory.Inparticular,wewouldliketoimplementoursystemandcarryoutsomecasestudies.Lastbutnotleast,wewanttothankanonymousreviewersfortheirhelpfulcomments.References1.M.AbadiandL.Cardelli.ATheoryofPrimitiveObjects-Second-OrderSystems.InEuropeanSymposiumonProgramming(ESOP),pages1{25,1994. 9NotethatwearedealingwithCurry-styleF!.14 2.A.AbelandB.Pientka.Wellfoundedrecursionwithcopatterns:auniedapproachtoterminationandproductivity.InG.MorrisettandT.Uustalu,editors,Inter-nationalConferenceonFunctionalProgramming(ICFP),pages185{196,2013.3.K.Y.Ahn,T.Sheard,M.Fiore,andA.M.Pitts.SystemFi.InTypedLambdaCalculiandApplications,pages15{30.2013.4.H.Barendregt.Lambdacalculiwithtypes,handbookoflogicincomput

16 erscience(vol.2):background:computationa
erscience(vol.2):background:computationalstructures,1993.5.B.Barras.Setsincoq,coqinsets.JournalofFormalizedReasoning,3(1),2010.6.V.Capretta.Generalrecursionviacoinductivetypes.LogicalMethodsinComputerScience,1(2),2005.7.A.Church.TheCalculiofLambdaConversion.(AM-6)(AnnalsofMathematicsStudies).1985.8.T.Coquand.Metamathematicalinvestigationsofacalculusofconstructions.Tech-nicalReportRR-1088,INRIA,September1989.9.T.CoquandandG.Huet.Thecalculusofconstructions.Inf.Comput.,76(2-3):95{120,February1988.10.H.B.Curry,J.R.Hindley,andJ.P.Seldin.CombinatoryLogic,VolumeII.1972.11.P.FuandA.Stump.SelfTypesforDependentlyTypedLambdaEncodings,2014.Extendedversionavailablefromhttp://homepage.cs.uiowa.edu/~pfu/document/papers/rta-tlca.pdf.12.H.Geuvers.InductiveandCoinductiveTypeswithIterationandRecursion.InB.Nordstrom,K.Petersson,andG.Plotkin,editors,Informalproceedingsofthe1992workshoponTypesforProofsandPrograms,pages183{207,1994.13.H.Geuvers.InductionIsNotDerivableinSecondOrderDependentTypeTheory.InTypedLambdaCalculiandApplications(TLCA),pages166{181,2001.14.E.Gimenez.Uncalculdeconstructionsinniesetsonapplicationalavericationdesystemescommunicants.PhDthesis,1996.15.J.-Y.Gira

17 rd.Interpretationfonctionnelleet

rd.Interpretationfonctionnelleeteliminationdescoupuresdel'arithmetiqued'ordresuperieur,1972.16.J.Hickey.Formalobjectsintypetheoryusingverydependenttypes.InK.Bruce,editor,InFoundationsofObjectOrientedLanguages(FOOL)3,1996.17.P.Mendler.Inductivedenitionintypetheory.Technicalreport,CornellUniver-sity,1987.18.A.Miquel.LeCalculdesConstructionsimplicite:syntaxeetsemantique.PhDthesis,PhDthesis,UniversiteParis7,2001.19.M.Odersky,V.Cremet,C.Rockl,andM.Zenger.ANominalTheoryofObjectswithDependentTypes.InL.Cardelli,editor,17thEuropeanConferenceonObject-OrientedProgramming(ECOOP),pages201{224,2003.20.M.Parigot.ProgrammingwithProofs:ASecondOrderTypeTheory.InH.Ganzinger,editor,Proceedingsofthe2ndEuropeanSymposiumonProgram-ming(ESOP),pages145{159,1988.21.D.Schepler.bijectivefunctionimpliesequaltypesisprovablyinconsistentwithfunctionalextensionalityincoq.messagetotheCoqClubmailinglist,December12,2013.22.B.Werner.ANormalizationProofforanImpredicativeTypeSystemwithLargeEliminationoverIntegers.InB.Nordstrom,K.Petersson,andG.Plotkin,editors,InternationalWorkshoponTypesforProofsandPrograms(TYPES),pages341{357,1992.23.B.Werner.Unetheoriedesconstr

18 uctionsinductives.PhDthesis,Universit

uctionsinductives.PhDthesis,UniversiteParisVII,1994.15 ACoqCodeThefollowingcodeformalizestheproofoftheorem1inCoq.Definitioneq:=fun(A:Prop)(ab:A)�=forallC:A�-Prop,Ca�-Cb.Definitionfalse:=forallA:Prop,foralla:A,forallb:A,eqAab.DefinitionNat:=forallA:Prop,(A�-A)�-A�-A.Definitionzero:Nat:=fun(A:Prop)(s:A�-A)(z:A)�=z.Definitionsucc:Nat�-Nat:=fun(n:Nat)(A:Prop)(s:A�-A)(z:A)�=s(nAsz).Definitionone:Nat:=succzero.TheoremzeroNeqOne:eqNatzeroone�-false.unfoldfalse.unfoldeq.introsuAabC.exact(u(fun(n:Nat)�=C(nA(fun(q:A)�=b)a))).Qed.BFullSpecicationofReductionsinSDenition22(MetalevelAbbrieviation).Objectso::=tjTjClassiersc::=TjReductionContextC::=jx:CjCt0jtCj8X::Cjx:T:Cjx:C:Tj8x:T:Cj8x:C:TjX:Cjx:CjTCjCTjx:C:jX:C:jx::Cj8X::CDenition23(BetaReductions).(x7!t)2� �`x!t �`(x:t)t0![t0=x]t �`(X:T)T0![T0=X]T(X7!T)2� �`X!T �`(x:T)t![t=x]T�`o!o0 �`C[o]!C[o0]CFullSpecicationsofF!withPositiveRecursiveDenitionDe&

19 #12;nition24(Syntax).16 Denition29(
#12;nition24(Syntax).16 Denition29(BetaReductions).(x7!t)2� �`x!t �`(x:t)t0![t0=x]t(X7!T)2� �`X!T �`((X:T0)!0T1)0![T1=X]T0C.1StrongNormalizationInthissectionweuse!todenote!.Denition30(Neutralterms).Atermisneutralifitisoftheformx;tu.Denition31(ReducibilityCandidate).AreducibilitycandidateRisasetoftermssuchthat:{(CR1)Ift2R,then`tisstronglynormalizing.{(CR2)Ift2Rand`t!t0,thent02R.{(CR3)Iftisneutralandforallt0suchthat`t!t0witht02R,thent2R.LetRbethesetofallreducibilitycandidates.LetbeamappingbetweentypevariableofkindtoelementofJK.Lemma8.(R;;T)isacompletelattice(orcompletemeet-semilattice)10.Proof.Obvious.Notethat(R;;\)isparametrizedby.Denition32.{JK:=R.{J!0K:=ffj8a2JK;f(a)2J0Kg.Denition33.Foranya;b2JK,wedeneabinductively:{ab:=ab.{a!0b:=8c2JK;a(c)0b(c).Denition34.ForanySJK,wedeneT

20 ;Sinductively:{TS:=TS,whereTissetint
;Sinductively:{TS:=TS,whereTissetintersectioninJK.{T!0S:=c7!T0ff(c)jf2Sgwherec2JK.Lemma9.(JK;;\)isacompletelattice. 10Itisnotthecasethat(R;;[)isacompletejoin-semilattice.18 Proof.Weelidetheproofofpartialorderof,weareconrmingthatforanysubsetSJK,ithasagreatestlowerbound.Byinductionon.Basecaseisobvious.Suppose1!2andSJ1!2K.First,weneedtoshowT1!2S1!2fforanyf2S.Foranya2J1K,wewanttoshowT2ff(a)jf2Sg2f(a).Thisisbyinduction.Second,weneedtoshowforanyB2J1!2K,ifB1!2AforanyA2J1!2K,thenB1!2T1!2S.Foranya2J1K,wewanttoshowB(a)2(T1!2S)(a)=T2ff(a)jf2Sg.SinceB(a)2f(a),wecanuseinductiontoshowB(a)2(T1!2S)(a).Denition35.{JXK:=(X).{J(T1!T2)K:=ft2j8u:2JT1K;tu2JT2Kg.{J(8X:T)K:=Tf2JKJTK=X].{J(X0:T)0!K:=fwhe

21 refisthemapa7!JTK=X]for
refisthemapa7!JTK=X]foranya2J0K.{J(T0!1T02)K:=JT0!1K(JT02K).Lemma10.JTK2JK.Proof.ByinductiononT.BaseCase:TX.Obvious.StepCase:T(Y1:A2)1!2.WeneedtoshowJ(Y1:A2)1!2K=f2J1!2K,wherefisthemapa7!JA2K=Y]witha2J1K.ByIH,weknowthatJA2K=Y]2J2K.Soitisthecase.StepCase:T(T1!21T12)2.WeneedtoshowJ(T1!21T12)2K=JT1!21K(JT12K)2J2K.Thisisbyinduction.StepCase:T(T1!T2).WeneedtoshowJT1!T2K=ftj8u:2JT1K;tu2JT2Kg2JK.Lett2JT1!T2Kandu2JT1Kandtu2JT2K.(CR1).Sincetuanduisstronglynormalizing,tisstronglynormalizing.(CR2).Sup-pose`t!t0.ByIH,weknowthatt0u2JT2K.Sot02JT1!T2K.(CR3).Supposetisneutral,andforanyt0suchthat`t!t0,t02JT1!T2K.Letu2JT1K

22 .Weneedtoshowtu2JT2K.Wepro
.Weneedtoshowtu2JT2K.Weprovethisbyinductiononthelengthofreductionofu,namely,(u).Suppose`tu!t0u.If(u)=0,itmeansuisnormal,so`tu!t0u2JT2K.SobyIH(CR3)onT2weknowthattu2JT2K.Suppose(u)�0and`tu!tu0.ThenbyIH((u))weknowthattu02JT2K.Thustu2JT2K.Therearenootherpossibilitysincetisneutral.StepCase:T(8X::T).WeneedtoshowJ8X::TK=Tf2JKJTK=X]2JK.Lett2J8X::TK.(CR1,CR2)isbydirectinduction.(CR3).Supposet!t02J8X::TK=Tf2JKJTK=X]2JK.Again,thisisbyIH.Lemma11.1.Iffisamapa7!JTK=X]whereXoccursinTpositivelyanda2J0K,thenfismonotone.2.Iffisamapa7!JTK=X]whereXoccursinTnegativelyanda2J0K,thenfisanti-monotone.Proof.ByinductiononthestructureofT.BaseCase:TX.Obvious.StepCase:T(Y1:A2)1!2.19 Case:�`t:T1�`T1=T2�`T2 �`t:T2Conv(1,2).For;2J�K,weneedtoshowt2JT2K.ByIH,wekn

23 owthatt2JT1K.Bylemma1
owthatt2JT1K.Bylemma14,weknowthatt2JT2K.Case:�;x:T1`t:T2 �`x:t:T1!T2Func(1,2).For;2J�K,weneedtoshow(x:t)2JT1!T2K.Bydenition,wejustneedtoshowthat8a2JT1K,(x:t)a2JT2K.If(x:t)a,thenbyIHweknowthat[a=x](t)2JT2K.If(x:t)a!(x:t)a0,wherea!a0;or(x:t)a!(x:t0)awheret!t0,thensincetandaarestronglynormalizing,weneedtoprove(x:t)a0;(x:t0)a2JT2K.Thiscanbeprovedbyinductiononlengthofreductionsofa;t.Case:�`t:T1!T2�`t0:T1 �`tt0:T2App(1,2).For;2J�K,weneedtoshow(t)(t0)2JT2K.ByIH,weknowthatt2JT1!T2Kandt02JT2K.Case:�`t:(8X:T) �`t:[T0=X]TInst(1,2).For;2J�K,weneedtoshow(t)2J[T0=X]TK.ByIH,weknowthatt2J(8X:T)K=Ta2JKJTK=X].SinceJT0K2JK,wehavet2JT&#

24 3;K[JT0K=X].Byl
3;K[JT0K=X].Bylemma12,wehave(t)2J[T0=X]TK.Case:�`t:TX=2FVar(�) �`t:(8X:T)Poly(1,2).For;2J�K,weneedtoshow(t)2J(8X:T)K=Ta2JKJTK=X].ByIH,weknowthatt2JTK=X]foranya2JK.DProofsforSection5.1Lemma15.1.F()F([t=x]),F([T=X])F().22 2.If�`T.Ta,then�`[t=x]T.Ta.3.If�`X:T.(X1:T2a)1!2and�`T0.T1b,then�`[T0=X]T.[T01=X1]T2a.4.If�;X:1`T.T2aand�`T0.TF(1)bwith�`T0:1,then�`[T0=X]T.[T0F(1)=XF(1)]T2a.Lemma16.If�`T1.Ta,�`T2.Tb,�.�0and�`T1!T2,then�0`Ta,!Tb.Proof.Byinductiononderivationof�`T1!T2,uselemma15above.Lemma17.If�`T:,thenthereexitaTF()asuchthat�`T.TF()aProof.Byinductiononderivationof�`T:.Case:X:2� �`X:Weknowthat�`X.XF().SoF(�)`x:XF().Case:�;X:`T:�`: �`8X::T:ByIH,weknow�;X:`T.Ta.S

25 o�`8X::T.(8XF():Ta)
o�`8X::T.(8XF():Ta).Soitisthecase.Case:�;x:x:T`T: �`x:T:ByIH,weknow�;x:x:T`T.Ta.So�`x:T.Ta.Case:�;X:`T:0�`: �`X:T:X::0ByIH,weknow�;X:`T.TF(0)a.So�`X:T.(XF():TF(0)a)F()!F(0).NotethatF(X::0)F()!F(0).Case:�;x:T0`T:�`T0: �`x:T:x:T0:ByIH,wehave�;x:T0`T.TF()a.Wehave�`T.TF()a.Thus�`x:T.TF()a.Case:�`S:x:T:�`t:T �`St:[t=x]23 ByIH,wehave�`S.TF()a.Thus�`Tt.TF()a.NotethatF(x:T:)F()andF([t=x])F().Case:�`S:X:0:�`T:0 �`ST:[T=X]ByIH,wehave�`S.TF(0)!F()aand�`T.TF(0)b.So�`ST.(TF(0)!F()aTF(0)b)F().NotethatweusethefactthatF([T=X])F().Case:�;x:T1`T2:�`T1: �`8x:T1:T2:ByIH,weknow�;x:T1`T2.Ta.Wehave�`T2.Ta.Thus�`8x:T1:T2.Ta.Theorem12.If�`t:Tand�`wf,then�0`t:TafortheTasuchthat�`T.Taand�.�0.Proof.Weprovethisbyi

26 nductiononderivationof�`t:T.BaseCase:
nductiononderivationof�`t:T.BaseCase:(x:T)2� �`x:T�`wfimplies�`T:.Bylemma17,weknowthat�`T.Ta.Weknowthatx:T.x:Ta,wherex:Ta2�0.StepCase:�`t:T1�`T1=T2�`T2: �`t:T2Conv�`wfimpliesthat�`T1:.ByIH,weknowthat�0`t:Tc,where�`T1.Tcand�.�0.And�`T2:implies�`T2.Td.Bylemma16,wehave�0`Tc=Td.So�0`t:Td.StepCase:�`t:[t=x]T�`x:T: �`t:x:TSelfGenWeknowthat�`x:T.Ta.So�`[t=x]T.Ta.ByIHandlemma15,wehavethat�.�0and�0`t:Ta.StepCase:24 �`t:x:T �`t:[t=x]TSelfInstWeknowthat�`x:T:.So�`x:T.Ta.ByIHandlemma15,weknow�0`t:Taand�.�0.StepCase:�;x:T1`t:T2�`T1:x=2FV(t) �`t:8x:T1:T2Indx�`wfand�`T1:imply�;x:T1`wf.ByIH,weknow�;x:T1.�0;x:Taand�0;x:Ta`t:Tb,where�`T1.Taand�`T2.Tb.Sincex=2FV(t),weget�0`t:Tb.StepCase:�`t:8x:T1:T2�`t0:T1 �`t:[t0=x]T2DexByIH,wehave�.�0and�0`t:Tawhere�`8x:T1:T2.Ta.Bylemma15,weknow�`[t0=x]T2.Ta.StepCase:�;X:`t:T�`: �`t:8X::TPolyByI

27 H,weknow�;X:.�0and�0`t:T&#
H,weknow�;X:.�0and�0`t:Tawhere�;X:`T.Ta.So�0`t:(8XF():Ta)(sinceX=2FVar(�0))with�`8X::T.(8XF():Ta).StepCase:�`t:8X::T�`T0: �`t:[T0=X]TInstByIH,weknow�.�0and�0`t:(8XF():Ta)with�;X:`T.Ta.Since�`T0.TF()b,bylemma15,so�`[T0=X]T.[TF()b=XF()]Ta.So�0`t:[TF()b=XF()]Ta.StepCase:�;x:T1`t:T2�`T1: �`x:t:x:T1:T2FuncByIH,weknow�;x:T1.�0;x:Taand�0;x:Ta`t:Tbwith�`T1.Taand�;x:T1`T2.Tb.So�0`x:t:(Ta!Tb)with�`x:T1:T2.(Ta!Tb).StepCase:�`t:x:T1:T2�`t0:T1 �`tt0:[t0=x]T2App25 Proof.Byinductiononthestructureofo1.BaseCases:o1=x;X;.Obvious.StepCase:o1=y:t.Wehave�`y:[o2=x]tIH)y:[o02=x]t.StepCase:o1=tt0.Wehave�`[o2=x]t[o2=x]t0IH)([o02=x]t)[o02=x]t.Theothercasesaresimilar.Lemma20.If�`o1)o01and�`o2)o02,then�`[o2=y]o1)[o02=y]o01and�`[o2=Y]o1)[o02=Y]o01.Proof.Weprovethisbyinductiononthederivationof�`o1)o01.BaseCase: �`t)t �`T)T �`

28 0;)Bylemma19.BaseCase:(x7!t)2&
0;)Bylemma19.BaseCase:(x7!t)2� �`x)tInthiscase,wedonotallowdenedvariablextobesubstitutedatall.StepCase:�`ta)t0a�`tb)t0b �`(x:ta)tb)[t0a=x]t0bWehave�`(x:[t2=y]ta)[t2=y]tbIH)[[t02=y]t0b)=x][t02=y]t0a[t02=y]([t0b=x]t0a).Herewerstapplyinductionhypothesistoreduce,thenapply).StepCase:�`t)t0 �`x:t)x:t0Wehave�`x:[t2=y]tIH)x:[t02=y]t0.StepCase:27 �`ta)t0a�`tb)t0b �`tatb)t0at0bWehave�`[n2=y]na[n2=y]nbIH)[n02=y]n0a[n02=y]n0b.Theothercasesaresimilarasabove.Lemma21(DiamondProperty).If�`o)o0and�`o)o00,thenthereexistso000suchthat�`o00)o000and�`o0)o000.Proof.Byinductiononthederivationof�`o)o0.BaseCase: �`t)tObvious.BaseCase:(x7!t)2� �`x)tObvious.StepCase:�`t1)t01�`t2)t02 �`(x:t1)t2)[t02=x]t01Suppose�`(x:t1)t2)(x:t001)t002,where�`t1)t001and�`t2)t002.ByIH,thereexistt0001;t0002suchthat�`t001)t0001and�`t01)t0001and�`t02)t0002and�`t02)t0002.Bylemma20,�`[t01=x]t02)[t0001=

29 x]t0002,also�`(x:t001)t002)
x]t0002,also�`(x:t001)t002)[t0001=x]t0002.Suppose�`(x:t1)t2)[t002=x]t001,where�`t1)t001and�`t2)t002.ByIH,thereexistt0001;t0002suchthat�`t001)t0001and�`t01)t0001and�`t02)n0002and�`t02)t0002.Bylemma20,�`[t01=x]t02)[t0001=x]t0002and�`[t001=x]t002)[t0001=x]t0002.Theothercasesareeithersimilartotheoneaboveoreasy.Bylemma21andlemma18,weconcludethecon uenceof!.Lemma22.!iscon uent.Proof.Thisisobvioussince!isdeterministic.Lemma23.If�`o!o0,then�`[o1=x]o![o1=x]o0and�`[o1=X]o![o1=X]o0foranyo1.Proof.Obvious.28 Lemma24.!commuteswith!.i.e.if�`T1!T2and�`T1!T3,thenthereexistsT4suchthat�`T2!T4and�`T3!T4.Proof.Since�`T1!T3,weknowthatT1x:T0andT3[t=x]T0.Wealsohave�`T1x:T0!T2.Byinversion,weknowthatT2x:T00with�`T0!T00.Bylemma23,weknowthat�`[t=x]T0![t=x]T00.ThusT4[t=x]T00and�`x:T00![t=x]T00.FTypePreservationProofsLemma25.Let([�;
];T1)!;;i;g;I;G([�];T2).If�;
`t:T1withdom(
)#FV(t),then�`t:T2.Note:Wewritet!&

30 #12;;;i;g;I;Gtomeanthesamethingas!&
#12;;;i;g;I;Gtomeanthesamethingas!;;i;g;I;Gwithanemphasisonthesubjectt.Lemma26.If([�];T1)t!;;i;g;I;G([�0];T2)and�`t=t0,then([�];T1)t0!;;i;g;I;G([�0];T2).Proof.Byinductiononthelengthof([�];T1)t!;;i;g;I;G([�];T2).Notethatthislemmaisnotsubjectexpansion,donotgetconfused.Lemma27(InversionI).If�`x:T,thenexist
;T1suchthat([�;
];T1)!;;i;g;I;G([�];T)and(x:T1)2�.Lemma28(InversionII).If�`t1t2:T,thenexist
;T1;T2suchthat�;
`t1:x:T1:T2and�;
`t2:T1and([�;
];[t2=x]T2)!;;i;g;I;G([�];T).Lemma29(InversionIII).If�`x:t:T,thenexist
;T1;T2suchthat�;
;x:T1`t:T2and([�;
];x:T1:T2)!;;i;g;I;G([�];T).Lemma30(Substitution).1.If�`t:T,thenforanymixedsubstitutionwithdom()#FV(t),�`t:T.2.If�;x:T`t:T0and�`t0:T,then�`[t0=x]t:[t0=x]T0.Proof.Byinductiononderivation.Theorem13.If�`t:Tand�`t!t0and�`wf,then�`t0:T.Proof.Byinductiononderivationof�`t:T.Welistafewinterestingcases.Case:x:T2� �`x:TIf�`x!t0,thismeans(x:T)7!t02�and�`t0:Tsince�`wf