The Delta-Framework

LIPICS - Leibniz International Proceedings in Informatics, Nov 2018

We introduce the Delta-framework, LF_Delta, a dependent type theory based on the Edinburgh Logical Framework LF, extended with the strong proof-functional connectives, i.e. strong intersection, minimal relevant implication and strong union. Strong proof-functional connectives take into account the shape of logical proofs, thus reflecting polymorphic features of proofs in formulae. This is in contrast to classical or intuitionistic connectives where the meaning of a compound formula depends only on the truth value or the provability of its subformulae. Our framework encompasses a wide range of type disciplines. Moreover, since relevant implication permits to express subtyping, LF_Delta subsumes also Pfenning's refinement types. We discuss the design decisions which have led us to the formulation of LF_Delta, study its metatheory, and provide various examples of applications. Our strong proof-functional type theory can be plugged in existing common proof assistants.

A PDF file should load here. If you do not see its contents the file may be temporarily unavailable at the journal website or you do not have a PDF plug-in installed and enabled in your browser.

Alternatively, you can download the file locally and open with any standalone PDF reader:

http://drops.dagstuhl.de/opus/volltexte/2018/9936/pdf/LIPIcs-FSTTCS-2018-37.pdf

The Delta-Framework

F S T T C S The Δ-Framework Furio Honsell 0 1 2 3 0 Claude Stolze Université Côte d'Azur , INRIA Sophia Antipolis - Méditerranée 2004 Route des Lucioles - BP 93 FR-06902 Sophia Antipolis , France 1 Luigi Liquori Université Côte d'Azur , INRIA Sophia Antipolis - Méditerranée 2004 Route des Lucioles - BP 93 FR-06902 Sophia Antipolis , France 2 Dept. of Mathematics , Computer Science and Physics , University of Udine , Via delle Scienze, 206, 33100 Udine , Italy 3 Ivan Scagnetto Dept. of Mathematics , Computer Science and Physics , University of Udine , Via delle Scienze, 206, 33100 Udine , Italy We introduce the Δ-framework, LFΔ, a dependent type theory based on the Edinburgh Logical Framework LF, extended with the strong proof-functional connectives, i.e. strong intersection, minimal relevant implication and strong union. Strong proof-functional connectives take into account the shape of logical proofs, thus reflecting polymorphic features of proofs in formulae. This is in contrast to classical or intuitionistic connectives where the meaning of a compound formula depends only on the truth value or the provability of its subformulae. Our framework encompasses a wide range of type disciplines. Moreover, since relevant implication permits to express subtyping, LFΔ subsumes also Pfenning's refinement types. We discuss the design decisions which have led us to the formulation of LFΔ, study its metatheory, and provide various examples of applications. Our strong proof-functional type theory can be plugged in existing common proof assistants. 2012 ACM Subject Classification Theory of computation → Logic and verification and phrases Logic of programs; type theory; λ-calculus - This paper provides a unifying framework for two hitherto unreconciled understandings of types: i.e. types-as-predicates à la Curry and types-as-propositions (sets) à la Church. The key to our unification consists in introducing strong proof-functional connectives [ 40, 3, 4 ] in a dependent type theory such as the Edinburgh Logical Framework (LF) [22]. Both Logical Frameworks and Proof-Functional Logics consider proofs as first class citizens, albeit differently. Strong proof-functional connectives take seriously into account the shape of logical proofs, thus allowing for polymorphic features of proofs to be made explicit in formulae. Hence they provide a finer semantics than classical/intuitionistic connectives, where the meaning of a compound formula depends only on the truth value or the provability of its subformulae. However, existing approaches to strong proof-functional connectives are all quite idiosyncratic in mentioning proofs. Existing Logical Frameworks, on the other hand, provide a uniform approach to proof terms in object logics, but they do not fully capitalize on subtyping. This situation calls for a natural combination of the two understandings of types, which should benefit both worlds. On the side of Logical Frameworks, the expressive power of the metalanguage would be enhanced thus allowing for shallower encodings of logics, a more principled use of subtypes [37], and new possibilities for formal reasoning in existing interactive theorem provers. On the side of type disciplines for programming languages, a principled framework for proofs would be provided, thus supporting a uniform approach to “proof reuse” practices based on type theory [38, 12, 20, 9, 6]. Therefore, in this paper, we extend LF with the connectives of strong intersection, strong union, and minimal relevant implication of Proof-Functional Logics [ 40, 3, 4 ]. We call this extension the Δ-framework (LFΔ), since it builds on the Δ-calculus [31]. Moreover, we illustrate by way of examples, that LFΔ subsumes many expressive type disciplines in the literature [37, 3, 4, 38, 12]. It is not immediate to extend the judgments-as-type, Curry-Howard paradigm to logics supporting strong proof-functional connectives, since these connectives need to compare the shapes of derivations and do not just take into account the provability of propositions, i.e. the inhabitation of the corresponding type. In order to capture successfully strong logical connectives such as ∩ or ∪, we need to be able to express the rules: D1 : A D2 : B A ∩ B D1 ≡ D2 (∩I) D1 : A ⊃ C D2 : B ⊃ C C A ∪ B D1 ≡ D2 (∪E) where ≡ is a suitable equivalence between logical proofs. Notice that the above rules suggest immediately intriguing applications in polymorphic constructions, i.e. the same evidence can be used as a proof for different statements. Pottinger [ 40 ] was the first to study the strong connective ∩. He contrasted it to the intuitionistic connective ∧ as follows: “The intuitive meaning of ∩ can be explained by saying that to assert A ∩ B is to assert that one has a reason for asserting A which is also a reason for asserting B ... (while) ... to assert A ∧ B is to assert that one has a pair of reasons, the first of which is a reason for asserting A and the second of which is a reason for asserting B”. A logical theorem involving intuitionistic conjunction which does not hold for strong conjunction is (A ⊃ A) ∧ (A ⊃ B ⊃ A), otherwise there should exist a closed λ-term having simultaneously both one and two abstractions. Lopez-Escobar [32] and Mints [35] investigated extensively logics featuring both strong and intuitionistic connectives especially in the context of realizability interpretations. Dually, it is in the ∪-elimination rule that proof equality needs to be checked. Following Pottinger, we could say that asserting (A ∪ B) ⊃ C is to assert that one has a reason for (A ∪ B) ⊃ C, which is also a reason to assert A ⊃ C and B ⊃ C. The two connectives differ since the intuitionistic theorem ((A ⊃ B) ∨ B) ⊃ A ⊃ B is not derivable for ∪, otherwise there would exist a term which behaves both as I and as K. Following Barbanera and Martini [4], Minimal Relevant Implication, ⊃r, can be viewed as a special case of implication whose related function space is the simplest possible one, namely the one containing only the identity function. The operators ⊃ and ⊃r differ, since A ⊃r B ⊃r A is not derivable. Relevant implication allows for a natural introduction of subtyping, in that A ⊃r B morally means A 6 B. Relevant implication amounts to a notion of “proof-reuse”. Combining the remarks in [4, 3], minimal relevant implication, strong B, x:σ ` M : ρ (∪Il) B, x:τ ` M : ρ B ` M [N/x] : ρ B ` N : σ ∪ τ (∪E) x:σ ∈ B B ` x : σ (V ar) B ` M : σ → τ B ` N : σ (App) B ` M N : τ B ` M : τ B ` M : σ ∪ τ (∪Ir) σ ≤ τ (Sub) B ` M : σ B ` M : τ B, x:σ ` M : τ B ` λx.M : σ → τ (Abs) (1) σ 6 σ ∩ σ (2) σ ∪ σ 6 σ (3) σ ∩ τ 6 σ, σ ∩ τ 6 τ (4) σ 6 σ ∪ τ, τ 6 σ ∪ τ (5) σ 6 ω (6) σ 6 σ [14]. This line of research was later explored by Abramsky [1] in a full-fledged Stone duality. Union types were introduced semantically, by MacQueen, Plotkin, and Sethi [33, 3]. In [3] strong intersection, union and subtyping were thoroughly studied in the context of typeassignment systems, see Figure 1. A classical example of the expressiveness of union types is due to Pierce [38]: without union types, the best information we can get for (Is_0 Test) is a boolean type. Test Is_0 def = : : (Is_0 Test) F if b then 1 else −1 : P os ∪ N eg (N eg → F ) ∩ (Zero → T ) ∩ (P os → F ) 1 A terminological comment is in order. We refer to (⊃r) as “relevant implication” in order to be faithful to the original logical literature, since this constructor satisfies the logical properties of implication in the minimal relevant logical system introduced in [34]. And precisely in this sense it was used later in [4]. This use of the word “relevant” is therefore considerably stronger than, but not totally unrelated to, the one arising in the context of λI−calculus and linear logic, where it expresses the requirement that the variable “is used at least once” in the function, in contrast to affine “at most one use” and linear “exactly one use”. Designing a λ-calculus à la Church with intersection and union types is problematic. The usual approach of simply adding types to binders does not work, as shown in Figure 2. Same difficulties can be found with union types. Intersection and union type disciplines started to be investigated in a explicitly typed programming language settings à la Church, much later by Reynolds and Pierce [41, 38], Wells et al. [48, 49], Liquori et al. [29, 18], Frisch et al. [21] and Dunfield [19]. From a logical point of view, there are many proposals to find a suitable logics to fit intersection: among them we cite [35, 37, 47, 42, 36, 11, 10, 39]. The LFΔ, introduced in this paper extends [31] with union types, dependent types and minimal relevant implication. The novelty of LFΔ in the context of Logical Frameworks, lies in the full-fledged use of strong proof-functional connectives, which to our knowledge has never been explored before. Clearly, all Δ-terms have a computational counterpart. Pfenning’s work on Refinement Types [37] pioneered an extension of the Edinburgh Logical Framework with subtyping and intersection types. His approach capitalises on a tame and essentially ad hoc notion of subtyping, but the logical strength of that system does not go beyond the LF (i.e. simple types). The logical power of LFΔ allows to type all strongly normalizing terms. Furthermore, subtyping in LFΔ arises naturally as a derived notion from the more fundamental concept of minimal relevant implication, as illustrated in Section 2. Miquel [36] discusses an extension of the Calculus of Constructions with implicit typing, which subsumes a kind of proof-functional intersection. His approach has opposite motivations to ours. While LFΔ provides a Church-style version of Curry-style type assignment systems, Miquel’s Implicit Calculus of Constructions encompasses some features of Curry-style systems in an otherwise Church-style Calculus of Constructions. In LFΔ we can discuss also ad hoc polymorphism, while in the Implicit Calculus only structural polymorphism is encoded. Indeed, he cannot assign the type ((σ ∩ τ ) → σ) ∩ (ρ → ρ)) to the identity λx.x [28]. Kopylov [27] adds a dependent intersection type constructor x:A ∩ B[x] to NuPRL, allowing the resulting system to support dependent records (which are a very useful data structure to encode mathematics). The implicit product-type of Miquel, together with the dependent intersection type of Kopylov, and a suitable equality-type is used by Stump [46] to enrich the impredicative second-order system λP 2, in order to derive induction. In order to achieve our goals, we could have carried out simply the encoding of LFΔ in LF. But, due to the side-conditions characterizing proof-functional connectives, this would have be achieved only through a deep encoding. As an example of this, in Figure 8, we give an encoding of a subsystem of [3], where subtyping has been simulated using relevant arrows. This encoding illustrates the expressive power of LF in treating proofs as first-class citizens, and it was also a source of inspiration for LFΔ. All the examples discussed in this paper have been checked by an experimental proof development environment for LFΔ [45] (see Bull and Bull-Subtyping in [44]). Synopsis. In Section 2, we introduce LFΔ and outline its metatheory, together with a discussion of the main design decisions. In Section 3, we provide the motivating examples. In Section 4, we outline the details of the implementation and future work. Kinds The syntax of LFΔ pseudo-terms is given in Figure 3. For the sake of simplicity, we suppose that α-convertible terms are equal. Signatures and contexts are defined as finite sequence of declarations, like in LF. Observe that we could formulate LFΔ in the style of [23], using only canonical forms and without reductions, but we prefer to use the standard LF format to support better intuition. There are three proof-functional objects, namely strong conjunction (typed with σ ∩ τ ) with two corresponding projections, strong disjunction (typed with σ ∪ τ ) with two corresponding injections, and strong (or relevant) λ-abstraction (typed with →r). Indeed, a relevant implication is not a dependent one because the essence of the inhabitants of type σ →r τ is essentially the identity function as enforced in the typing rules. Note that injections ini need to be decorated with the injected type σ in order to ensure the unicity of typing. We need to generalize the notion of essence, introduced in [17, 30] to syntactically connect pure λ-terms (denoted by M ) and type annotated LFΔ terms (denoted by Δ). The essence function compositionally erases all type annotations, see Figure 4. One could argue that the choice of Δ1 in the definition of strong pairs/co-pairs is arbitrary and could have been replaced with Δ2: however, the typing rules will ensure that, if hΔ1 , Δ2i (resp. [Δ1 , Δ2]) is typable, then we have that o Δ1 o =η o Δ2 o. Thus, strong pairs/co-pairs are constrained. The rule for the essence of a relevant application is justified by the fact that the operator amounts to just a type decoration. The six basic reductions for LFΔ objects appear on the left in Figure 5. Congruence rules are as usual, except for the two cases dealing with pairs and co-pairs which appear on the right of Figure 5. Here redexes need to be reduced “in parallel” in order to preserve identity of essences in the components. We denote by =Δ the symmetric, reflexive, and transitive closure of →Δ, i.e. the compatible closure of the reduction induced by the first six (λx:σ.Δ1) Δ2 −→β prl hΔ1 , Δ2i −→prl prr hΔ1 , Δ2i −→prr [Δ1 , Δ2] inlσ Δ3 −→inl [Δ1 , Δ2] inrσ Δ3 −→inr (λrx:σ.Δ1) r Δ2 −→βr Δ1[Δ2/x] Δ1 Δ2 Δ1 Δ3 Δ2 Δ3 Δ1[Δ2/x] rules on the left in Figure 5, with the addition of the last two congruence rules in the same figure. In order to make this definition truly functional as well as to be able to prove a simple subject reduction result, we need to constrain pairs and co-pairs, i.e. objects of the form hΔi , Δji and [Δi , Δj] to have congruent components up-to erasure of type annotations. This is achieved by imposing o Δi o ≡ o Δj o in both constructs. We will therefore assume that such pairs and co-pairs are simply not well defined terms, if the components have a different “infrastructure”. The effects of this choice are reflected in the congruence rules in the reduction relation, in order to ensure that reductions can only be carried out in parallel along the two components. The restriction on reductions in pairs/co-pairs and the new constructs do not cause any problems in showing that →Δ is locally confluent: I Theorem 1 (Local confluence). The reduction relation on well-formed LFΔ-terms is locally confluent. The extended type theory LFΔ is a formal system for deriving judgements of the forms: Γ ` `Σ `Σ Σ Γ K Σ is a valid signature Γ is a valid context in Σ K is a kind in Γ and Σ Γ Γ `Σ `Σ σ : K Δ : σ σ has kind K in Γ and Σ Δ has type σ in Γ and Σ The set of rules for object formation is defined in Figure 6, while the sets of rules for signatures, contexts, kinds and families are defined as usual in the Appendix: all typing rules are syntax-directed. Note that proof-functionality is enforced by the essence side-conditions in rules (→rI), (∩I), and (∪E). In the rule (Conv) we rely on the external notion of equality =Δ. An option could have be to add an internal notion of equality directly in the type system (Γ `Σ σ =Δ τ ), and prove that the external and the internal definitions of equality are equivalent, as was proved for semi-full Pure Type Systems [43]. Yet another possibility could be to compare type essences o σ o =Δ o τ o, for a suitable extension of essence to types and kinds. Unfortunately, this would lead to undecidability of type checking, in connection with relevant implication, as the following example shows. Consider two constants c1 of type σ →r (Πy:σ.σ) and c2 of type (Πy:σ.σ) →r σ: the following Δ-term is typable with σ and its essence is Ω. ΔΩ d=ef (λx:σ.c1 r x x) (c2 r (λx:σ.c1 r x x)) o ΔΩ o = Ω Since the intended meaning of relevant implication is “essentially” the identity, introducing variables or constants whose type is a relevant implication, amounts to assuming axioms Valid Objects `Σ Γ c:σ ∈ Σ (Const) Γ `Σ c : σ Γ, x:σ `Σ Δ : τ Γ `Σ λx:σ.Δ : Πx:σ.τ (ΠI) Γ, x:σ `Σ Δ : τ o Δ o =η x Γ `Σ λrx:σ.Δ : σ →r τ (→rI) `Σ Γ x:σ ∈ Γ (Var) Γ `Σ x : σ Γ `Σ Δ1 : Πx:σ.τ Γ `Σ Δ2 : σ (ΠE) Γ `Σ Δ1 Δ2 : τ [Δ2/x] Γ `Σ Δ1 : σ →r τ Γ `Σ Δ2 : σ (ΠrE) Γ `Σ Δ1 r Δ2 : τ Γ `Σ Δ1 : σ Γ `Σ Δ2 : τ o Δ1 o =η o Δ2 o (∩I) Γ `Σ hΔ1 , Δ2i : σ ∩ τ Γ `Σ Δ : σ ∩ τ (∩El) Γ `Σ prl Δ : σ Γ `Σ Δ : σ ∩ τ (∩Er) Γ `Σ prr Δ : τ Γ `Σ Δ : σ Γ `Σ σ ∪ τ : Type Γ `Σ inlτ Δ : σ ∪ τ (∪Il) Γ `Σ Δ1 : Πy:σ.ρ[inlτ y/x] o Δ1 o =η o Δ2 o Γ `Σ Δ2 : Πy:τ.ρ[inrσ y/x] Γ, x:σ ∪ τ `Σ ρ : Type Γ `Σ [Δ1 , Δ2] : Πx:σ ∪ τ.ρ corresponding to type inclusions such as those that equate σ and σ → σ. As a consequence, β-equality of essences becomes undecidable. Thus, we rule out such options in relating relevant implications in LFΔ to subtypes in the type assignment system B of [3]. We compare and contrast certain design decisions of LFΔ to the type assignment system B of [3]. The proof of strong normalization for LFΔ will rely, in fact, on a forgetful mapping from LFΔ to B. As pointed out in [3], the elimination rule for union types in B breaks subject reduction for one-step β-reduction, but this can be recovered using a suitable parallel β-reduction. The well-known counter-example for one-step reduction, due to Pierce is x ((I y) z) ((I y) z) −→β 1β x (y z) ((I y) z) %β %β x ((I y) z) (y z) 1β x (y z) (y z), def where I is the identity. In the typing context B = x:(σ1 → σ1 → τ ) ∩ (σ2 → σ2 → τ ), y:ρ → (σ1 ∪ σ2), z:ρ, the first and the last terms can be typed with τ , while the terms in the fork cannot. The reason is that the subject in the conclusion of the (∪E) rule uses a context which can have more than one hole, as in the present case2. In LFΔ, the formulation of the (∪E) rule takes a different route which does not trigger the counterexample. Indeed, we have introduction and elimination constructs inl , inr and [ , ] which allow to reduce the term 2 The problem would not arise if (∪E) is replaced by the rule schema B, x1:σ, . . . , xn:σ ` M : ρ B, x1:τ, . . . , xn:τ ` M : ρ B ` Ni : σ ∪ τ B ` M [N1/x1 . . . Nn/xn] : ρ Ni =β Nj i, j = 1 . . . n (∪E0) Removing the non-static clause on the Ni’s would yield a more permissive type system than B. only if we know that the argument, stripped of the introduction construct, has one of the types of the disjunction. Pierce’s critical term can be expressed and typed in LFΔ with the following judgment (the full derivation is in the Appendix): where Γ d=ef x:(Πx1:σ1.Πx2:σ1.τ ) ∩ (Πx1:σ2.Πx2:σ2.τ ), y:ρ → σ1 ∪ σ2, z:ρ, and Σ d=ef τ :Type. Notice that there is only one redex, namely Δ3 y, and the reduction of this redex leads to [Δ1, Δ2] (y z), and no other intermediate (untypable) Δ-terms are possible. The following result will be useful in the following section. I Theorem 2. The system B without ω gives types only to strongly normalizing terms. A proof is embedded in Theorem 4.8 of [3]. It can also be obtained using the general computability method presented in [25] Section 4, by interpreting intersection and union types precisely as intersections and unions in the lattice of computability sets. 2.2 LFΔ metatheory LFΔ can play the role of a Logical Framework only if decidable. Due to the lack of space, we list here only the main results: the complete list appears in the Appendix. The first important step states that if a Δ-term is typable, then its type is unique up to =Δ. I Theorem 3 (Unicity of types and kinds). 1. If Γ `Σ Δ : σ and Γ `Σ Δ : τ , then σ =Δ τ . 2. If Γ `Σ σ : K and Γ `Σ σ : K0, then K =Δ K0. Strong normalization is proved as in LF. First we encode LFΔ-terms into terms of the type assignment system B such that redexes in the source language correspond to redexes in the target language and we use Theorem 2. Then, we introduce two forgetful mappings, namely || · || and | · |, defined in Figure 11 of the Appendix, to erase dependencies in types and to drop proof-functional constructors in Δ-terms and we conclude. Special care is needed in dealing with redexes occurring in type-dependencies, because these need to be flattened at the level of terms. I Theorem 4 (Strong normalization). 1. LFΔ is strongly normalizing, i.e., a. If Γ `Σ K, then K is strongly normalizing. b. If Γ `Σ σ : K, then σ is strongly normalizing. c. If Γ `Σ Δ : σ, then Δ is strongly normalizing. 2. Every strongly normalizing pure λ-term can be annotated so as to be the essence of a Δ-term. Local confluence and strong normalization entail confluence, so we have I Theorem 5 (Confluence). LFΔ is confluent, i.e.: 1. If K1 −→∗Δ K2 and K1 −→∗Δ K3, then ∃K4 such that K2 −→∗Δ K4 and K3 −→∗Δ K4. 2. If σ1 −→∗Δ σ2 and σ1 −→∗Δ σ3, then ∃σ4 such that σ2 −→∗Δ σ4 and σ3 −→∗Δ σ4. 3. If Δ1 −→∗Δ Δ2 and Δ1 −→∗Δ Δ3, then ∃Δ4 such that Δ2 −→∗Δ Δ4 and Δ3 −→∗Δ Δ4. Then, we have subject reduction, whose proof relies on technical lemmas about inversion and subderivation properties (see Appendix). I Theorem 6 (Subject reduction of LFΔ). 1. If Γ `Σ K and K →Δ K0, then Γ `Σ K0. 2. If Γ `Σ σ : K and σ →Δ σ0, then Γ `Σ σ0 : K. 3. If Γ `Σ Δ : σ and Δ →Δ Δ0, then Γ `Σ Δ0 : σ. Finally, we define a possible algorithm for checking judgements in LFΔ by computing a type or a kind for a term, and then testing for definitional equality, i.e. =Δ, against the given type or kind. This is achieved by reducing both to their unique normal forms and checking that they are identical up to α-conversion. Therefore we finally have: I Theorem 7 (Decidability). All the type judgments of LFΔ are recursively decidable. Minimal Relevant Implications and Type Inclusion. Type inclusion and the rules of subtyping are related to the notion of minimal relevant implication, see [4, 17]. The insight is quite subtle, but ultimately very simple. This is what makes it appealing. The apparently intricate rules of subtyping and type inclusion, which occur in many systems, and might even appear ad hoc at times, can all be explained away in our principled approach, by proving that the relevant implication type is inhabited by a term whose essence is essentially a variable. In the following theorem we show how relevant implication subsumes the type-inclusion rules of the theory Ξ of [3], without rules (5) and (13) (dealing with ω) and rule (10) (distributing ∩ over ∪) in Figure 1: we call Ξ0 such restricted subtype theory. Note that the reason to drop subtype rule (10) is due to the fact that we cannot inhabit the type σ ∩ (τ ∪ ρ) →r (σ ∩ τ ) ∪ (σ ∩ ρ)3. I Theorem 8 (Type Inclusion). The judgement hi `Σ Δ : σ →r τ (where both σ and τ do not contain dependencies or relevant families) holds iff σ ≤ τ holds in the subtype theory Ξ0 of B enriched with new axioms of the form σ1 ≤ σ2 for each constant c : σ1 →r σ2 ∈ Σ. As far as the λΠ& system of Refinement Types introduced by Pfenning in [37], we have the following theorem: I Corollary 9 (Pfenning’s Refinement Types). The judgment `Σ σ ≤ τ in λΠ& can be encoded in LFΔ by adding a constant of type σ →r τ to Σ0, where the latter is the signature obtained from Σ by replacing each clause of the form a1 :: a2 or a1 ≤ a2 in Σ by a constant of type a1 →r a2. Moreover, while Pfenning needs to add explicitly the rules of subtyping (i.e. the theory of ≤) in λΠ&, we inherit them naturally in LFΔ from the rules for minimal relevant implication. 3 Examples As we have argued in the previous sections, the point of this paper is a uniform and principled approach to the encoding of a plethora of type disciplines and systems which ultimately stem or can capitalize from strong proof-functional connectives and subtyping. 3 To encompass also the subtype rule (10) of the type theory Ξ, besides adding a special constant, we can strengthen the form of the (∪E) type rule as follows: Γ `Σ Δ1 : Πy:χ ∩ σ.ρ hprl y , inlτ prr yi o Δ1 o =η o Δ2 o Γ `Σ Δ2 : Πy:χ ∩ τ.ρ hprl y , inrσ prr yi Γ `Σ ρ : Πy:χ ∩ (σ ∪ τ).Type Γ `Σ [Δ1 , Δ2] : Πx:χ ∩ (σ ∪ τ).ρ x Similarly we can treat the remaining rules of the type theory Π in [3]. (∪E) Atomic propositions, non-atomic goals and non-atomic programs: α, γ0, π0 : Type Goals and programs: γ = α ∪ γ0 π = α ∪ π0 Constructors (implication, conjunction, disjunction). impl : (π → γ → γ0) ∩ (γ → π → π0) impl1 = λx:π.λy:γ.inrα (prl impl x y) impl2 = λx:γ.λy:π.inrα (prr impl x y) and : (γ → γ → γ0) ∩ (π → π → π0) and1 = λx:γ.λy:γ.inrα (prl and x y) and2 = λx:π.λy:π.inrα (prr and x y) or : (γ → γ → γ0) or1 = λx:γ.λy:γ.inrα (or x y) solve p g indicates that the judgment p ` g is valid. bchain p a g indicates that, if p ` g is valid, then p ` a is valid. solve : π → γ → Type bchain : π → α → γ → Type Rules for solve: − : Π(p:π)(g1,g2:γ)solve p g1 → solve p g2 → solve p (and1 g1 g2) − : Π(p:π)(g1,g2:γ)solve p g1 → solve p (or1 g1 g2) − : Π(p:π)(g1,g2:γ)solve p g2 → solve p (or1 g1 g2) − : Π(p1,p2:π)(g:γ)solve (and2 p1 p2) g → solve p1 (impl1 p2 g) − : Π(p:π)(a:α)(g:γ)bchain p a g → solve p g → solve p (inlγ0 a) Rules for bchain: − : Π(a:α)(g:γ)bchain (impl2 g (inl π0a)) a g − : Π(p1,p2:π)(a:α)(g:γ)bchain p1 a g → bchain (and2 p1 p2) a g − : Π(p1,p2:π)(a:α)(g:γ)bchain p2 a g → bchain (and2 p1 p2) a g − : Π(p:π)(a:α)(g,g1,g2:γ)bchain (impl2 (and1 g1 g2) p) a g → bchain (impl2 g1 (impl2 g2 p)) a g − : Π(p1,p2:π)(a:α)(g,g1:γ)bchain (impl2 g1 p1) a g → bchain (impl2 g1 (and2 p1 p2)) a g − : Π(p1,p2:π)(a:α)(g,g1:γ), bchain (impl2 g1 p2) a g → bchain (impl2 g1 (and2 p1 p2)) a g The framework LFΔ, presented in this paper, is the first to accommodate all the examples and counterexamples that have appeared in the literature. The complete developments of both the implementation of the Δ-framework and example encodings can be found in [44]. We start the section showing the expressive power of LFΔ in encoding classical features of typing disciplines with strong intersection and union. Auto application. The judgement `B λx.x x : σ ∩ (σ → τ ) → τ in B, is rendered in LFΔ by the LFΔ-judgement `Σ λx:σ ∩ (σ → τ ).(prr x) (prl x) : σ ∩ (σ → τ ) → τ . Polymorphic identity. The judgement `B λx.x : (σ → σ) ∩ (τ → τ ) in B, is rendered in LFΔ by the judgement `hi hλx:σ.x , λx:τ.xi : (σ → σ) ∩ (τ → τ ). Commutativity of union. The judgement λx.x : (σ ∪ τ ) → (τ ∪ σ) in B is rendered in LFΔ by the judgement λx:σ∪τ.[λy:σ.inτr y , λy:τ.inlσ y] x : (σ ∪ τ ) → (τ ∪ σ). Pierce’s expression of page 2. is rendered in LFΔ by N eg : Type Is_0 Is_0_Test : def = Zero : Type P os : Type T : Type F : Type (N eg → F ) ∩ (Zero → T ) ∩ (P os → F ) [λx:N eg.(prl prl Is_0) x , λx:P os.(prr Is_0) x] Test Test : P os ∪ N eg The above example illustrates the advantages of taking LFΔ as a framework. In LF we would render it only encoding B deeply, ending up with the verbose code in pierce_program.v [44]. The expressive power of union types highlighted by Pierce Hereditary Harrop Formulae. The encoding of Hereditary Harrop’s Formulae is one of the motivating examples given by Pfenning for introducing refinement types in [37]. In LFΔ it can be expressed as in Figure 7 and type checked in the environment [45] using our concrete syntax (file pfenning_harrop.bull [44]), without any reference to intersection types, by a subtle use of union types. We add also rules for solving and backchaining. Hereditary Harrop formulae can be recursively defined using two mutually recursive syntactical objects called programs (π) and goals (γ): γ := α | γ ∧ γ | π ⇒ γ | γ ∨ γ π := α | π ∧ π | γ ⇒ π Using Corollary 9, we can provide an alternative encoding of atoms, goals and programs which is more faithful to the one by Pfenning. Namely, we can introduce in the signature the constants c1 : α →r γ and c2 : α →r π in order to represent the axioms atom ≤ goal and atom ≤ prog in Pfenning’s encoding. Our approach based on union types, while retaining the same expressivity permits to shortcut certain inclusions and to rule out also certain exotic goals and exotic programs. Indeed, for the purpose of establishing the adequacy of the encoding, it is sufficient to avoid variables involving union types in the derivation contexts. Natural Deductions in Normal Form. The second motivating example for intersection types given in [37] is natural deductions in normal form. We recall that a natural deduction is in normal form if there are no applications of elimination rules of a logical connective immediately following their corresponding introduction, in the main branch of a subderivation. The encoding we give in LFΔ is a slightly improved version of the one in [37]: as Pfenning, we restrict to the purely implicational fragment. o : Nf ≡ : : ⊃I ⊃E T ype ⊃: o → o → o Elim, Nf0 : o → Type ΠA:o.Nf0(A) ∪ Elim(A) ΠA, B:o.(Elim(A) → Nf(B)) → Nf0(A ⊃ B) ΠA, B:o.Elim(A ⊃ B) → Nf0(A) → Elim(B). As in the previous example, we use union types to define normal forms (Nf(A)) either as pure elimination-deductions from hypotheses (Elim(A)) or normal form-deductions (Nf0(A)). As above we could have used also intersection types. This example is interesting in itself, being the prototype of the encoding of type systems using canonical and atomic syntactic categories [23] and also of Fitch Set Theory [26]. Adequacy, Canonical Forms, Exotic terms. In the presence of union types, we have to pay special attention to the exact formulation of Adequacy Theorems, as in the Harrop’s formulae example above. Otherwise exotic terms arise, such as [λx:σ.C(x) , λx:τ.D(x)] y, where C(·) and D(·) are distinct contexts (i.e. terms with holes), which cannot be naturally simplified even if o C o ≡ o D o. More work needs to be done to streamline how to exclude, or even capitalize on exotic terms. Metacircular Encodings. The following diagram summarizes the network of adequate encodings/inclusions between LFΔ, LF, and B that can be defined. LF B sh dp +3 LF (* Define our types *) Axiom o : Set. (* Axiom omegatype : o. *) Axioms (arrow inter union : o → o → o). (* Transform our types into LF types *) Axiom OK : o → Set. (* Define the essence equality as an equivalence relation *) Axiom Eq : forall (s t : o), OK s → OK t → Prop. Axiom Eqrefl : forall (s : o) (M : OK s), Eq s s M M. Axiom Eqsymm : forall (s t : o) (M : OK s) (N : OK t), Eq s t M N → Eq t s N M. Axiom Eqtrans : forall (s t u : o) (M : OK s) (N : OK t) (O : OK u), Eq s t M N → Eq t u N O → Eq s u M O. (* constructors for arrow (→ I and → E) *) Axiom Abst : forall (s t : o), (( OK s) → (OK t)) → OK (arrow s t). Axiom App : forall (s t : o), OK (arrow s t) → OK s → OK t. (* constructors for intersection *) Axiom Proj_l : forall (s t : o), OK (inter s t) → OK s. Axiom Proj_r : forall (s t : o), OK (inter s t) → OK t. Axiom Pair : forall (s t : o) (M : OK s) (N : OK t), Eq s t M N → OK (inter s t). (* constructors for union *) Axiom Inj_l : forall (s t : o), OK s → OK (union s t). Axiom Inj_r : forall (s t : o), OK t → OK (union s t). Axiom Copair : forall (s t u : o) (X : OK (arrow s u)) (Y : OK (arrow t u)), OK (union s t) → Eq (arrow s u) (arrow t u) X Y → OK u. (* define equality wrt arrow constructors *) Axiom Eqabst : forall (s t s’ t’ : o) (M : OK s → OK t) (N : OK s’ → OK t’), (forall (x : OK s) (y : OK s’), Eq s s’ x y → Eq t t’ (M x) (N y)) → Eq (arrow s t) (arrow s’ t’) (Abst s t M) (Abst s’ t’ N). Axiom Eqapp : forall (s t s’ t’ : o) (M : OK (arrow s t)) (N : OK s) (M’ : OK (arrow s’ t’)) (N’ : OK s’), Eq (arrow s t) (arrow s’ t’) M M’ → Eq s s’ N N’ → Eq t t’ (App s t M N) (App s’ t’ M’ N’). (* define equality wrt intersection constructors *) Axiom Eqpair : forall (s t : o) (M : OK s) (N : OK t) (pf : Eq s t M N), Eq (inter s t) s (Pair s t M N pf) M. Axiom Eqproj_l : forall (s t : o) (M : OK (inter s t)), Eq (inter s t) s M (Proj_l s t M). Axiom Eqproj_r : forall (s t : o) (M : OK (inter s t)), Eq (inter s t) t M (Proj_r s t M). (* define equality wrt union *) Axiom Eqinj_l : forall (s t : o) (M : OK s), Eq (union s t) s (Inj_l s t M) M. Axiom Eqinj_r : forall (s t : o) (M : OK t), Eq (union s t) t (Inj_r s t M) M. Axiom Eqcopair : forall (s t u : o) (M : OK (arrow s u)) (N : OK (arrow t u)) (O : OK (union s t)) (pf: Eq (arrow s u) (arrow t u) M N) (x : OK s), Eq s (union s t) x O → Eq u u (App s u M x) (Copair s t u M N O pf). We denote by S1 =⇒ S2 the encoding of system S1 in system S2, where the label sh (resp. dp), denotes a shallow (resp. deep) embedding. The notation S1 ,→ S2 denotes that S2 is an extension of S1. Due to lack of space, but with the intention of providing a better formal understanding of the semantics of strong intersection and union types in a logical framework, we provide in Figure 8 a deep LF encoding of a presentation of B à la Church [17]. A shallow encoding of B in LFΔ (file intersection_union.bull [44]) can be mechanically type checked in the environment [45]. A shallow encoding of LF in LFΔ (file lf.bull) making essential use of intersection types can be also type checked. LF encoding of B. Figure 8 presents a pure LF encoding of a presentation of B à la Church in Coq syntax using HOAS. We use HOAS in order to take advantage of the higher-order features of the frameworks: other abstract syntax representation techniques would not be much different, but more verbose. The Eq predicate plays the same role of the essence function in LFΔ, namely, it encodes the judgement that two proofs (i.e. two terms of type (OK _)) have the same structure. This is crucial in the Pair axiom (i.e. the introduction rule of the intersection type constructor) where we can inhabit the type (inter s t) only when the proofs of its component types s and t share the same structure (i.e. we have a witness of type (Eq s t M N), where M has type (OK s) and N has type (OK t)). A similar role is played by the Eq premise in the Copair axiom (i.e. the elimination rule of the union type constructor). We have an Eq axiom for each proof rule. Examples of this encoding can be found in intersection_union.v [44]. 4 Implementation and Future Work In a previous paper [45], we have implemented in OCaml suitable algorithms for type reconstruction, as well as type checking. In [30] we have implemented the subtyping algorithm which extends the well-known Hindley algorithm for intersection types [24] with union types. The subtyping algorithm has been mechanically proved correct in Coq, extending the Bessai’s mechanized proof of a subtyping algorithm for intersection types [8]. A Read-Eval-Print-Loop allows to define axioms and definitions, and performs some basic terminal-style features like error pretty-printing, subexpressions highlighting, and file loading. Moreover, it can type-check a proof or normalize it, using a strong reduction evaluator. We use the syntax of Pure Type Systems [7] to improve the compactness and the modularity of the kernel. Binders are implemented using de Brujin indexes. We implemented the conversion rule in the simplest way possible: when we need to compare types, we syntactically compare their normal form. Abstract and concrete syntax are mostly aligned: the concrete syntax is similar to the concrete syntax of Coq (see Bull and Bull-Subtyping [44]). We are currently designing a higher-order unification algorithm for Δ-terms and a bidirectional refinement algorithm, similar to the one found in [2]. The refinement can be split into two parts: the essence refinement and the typing refinement. In the same way, there will be a unification algorithm for the essence terms, and a unification algorithm for Δ-terms. The bidirectional refinement algorithm aims to have partial type inference, and to give as much information as possible to a hypothetical solver, or the unifier. For instance, if we want to find a ?y such that `Σ hλx:σ.x , λx:τ.?yi : (σ → σ) ∩ (τ → τ ), we can infer that x:τ `?y : τ and that o ?y o = x. LFΔ in Canonical Form. We presented LFΔ in the standard LF format in order to support intuition. It would be worthwhile however, to attempt to formulate LFΔ in the style of [23], using only canonical forms without reductions, especially in view of Adequacy Theorems. The term constructs peculiar to LFΔ would then introduce new clauses in the definition of canonical and atomic terms. The principle to follow in this task is that atomic terms synthesize their type, while canonical terms are checked against their type. We are currently exploring with the following extension: M ::= . . . | λrx.M | hM , M i | [M , M ] | inl M | inr M R ::= . . . | prl R | prr R | R r M Notice the somewhat surprising treatment of the [ , ] constructor, which is not really an elimination construct but rather behaves as another form of abstraction. Accordingly hereditary substitution needs to be extended. An intriguing issue raised by one of the referees is to explore the connections between strong implication and the singleton type of the identity function. This could lead also to an internalization of the essence function. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 36 37 38 39 40 41 42 43 Simona Ronchi Della Rocca and Luca Roversi. Intersection logic. In CSL, volume 2142 of Lecture Notes in Computer Science, pages 421–428. Springer-Verlag, 2001. Vincent Siles and Hugo Herbelin. Equality Is Typable in Semi-full Pure Type Systems. In Proceedings of the 25th Annual IEEE Symposium on Logic in Computer Science, LICS, pages 21–30, 2010. Claude Stolze. Δ-framework implementation. Bull and Bull-Subtyping, 2017. Claude Stolze, Luigi Liquori, Furio Honsell, and Ivan Scagnetto. Towards a Logical Framework with Intersection and Union Types. In 11th International Workshop on Logical Frameworks and Meta-languages, LFMTP, pages 1–9, 2017. Aaron Stump. From realizability to induction via dependent intersection. Annals of Pure and Applied Logic, 169(7):637–655, 2018. Betti Venneri. Intersection Types as Logical Formulae. J. Log. Comput., 4(2):109–124, 1994. Joe B. Wells, Allyn Dimock, Robert Muller, and Franklyn Turbak. A calculus with polymorphic and polyvariant flow types. J. Funct. Program., 12(3):183–227, 2002. Joe B. Wells and Christian Haack. Branching Types. In ESOP, volume 2305 of Lecture Notes in Computer Science, pages 115–132. Springer-Verlag, 2002. A Appendix Let Figure 9 denote Valid Signatures and Contexts and Figure 10 denote Valid Kinds and Families. LFΔ can play the role of a logical framework only if decidable. The road map which we follow to establish decidability is the standard one, see e.g. [22]. In particular, we prove in order: uniqueness of types and kinds, structural properties, normalization for raw wellformed terms, and hence confluence. Then we prove the inversion property, the subderivation property, subject reduction, and finally decidability. I Lemma 10. Let α be either σ : K or Δ : σ. Then: 1. Weakening: If Γ `Σ α and `Σ Γ, Γ0, then Γ, Γ0 `Σ α. 2. Strengthening: If Γ, x:σ, Γ0 `Σ α, then Γ, Γ0 `Σ α, provided that x 6∈ F V (Γ0) ∪ F V (α). 3. Transitivity: If Γ `Σ Δ : σ and Γ, x:σ, Γ0 `Σ α, then Γ, Γ0[Δ/x] `Σ α[Δ/x]. 4. Permutation: If Γ, x1:σ, Γ0, x2:τ, Γ00 `Σ α, then Γ, x2:τ, Γ0, x1:σ, Γ00 `Σ α, provided that x1 does not occur free in Γ0 or in τ , and that τ is valid in Γ. I Theorem 3 (Unicity of Types and Kinds). 1. If Γ `Σ Δ : σ and Γ `Σ Δ : τ , then σ =Δ τ . 2. If Γ `Σ σ : K and Γ `Σ σ : K0, then K =Δ K0. In order to prove strong normalization we follow the pattern used for pure LF. Namely, we map LFΔ-terms into terms of the system B in such a way that redexes in the source language are mapped into redexes in the target language, and then take advantage of Theorem 2. Special care is needed in dealing with redexes occurring in type-dependencies, because these need to be flattened at the level of terms. I Definition 11. Let the forgetful mappings || · || and | · | be defined as in Figure 11. The forgetful mappings are extended to contexts and signatures in the obvious way. The clauses for strong pairs/co-pairs are justified by the following lemma: I Lemma 12. If Γ `Σ hΔ1 , Δ2i : σ or Γ `Σ [Δ1 , Δ2] : σ, then | Δ1 |=β | Δ2 |. The following lemmas are proved by straightforward structural induction. Let Γ d=ef {x1:σ1, . . . , xn:σn} (i 6= j implies xi 6≡ xj), and Γ, x:σ d=ef Γ ∪ {x:σ} Let Σ d=ef {c1:σ1, . . . , cn:σn}, and Σ, c:σ d=ef Σ ∪ {c:σ} Σ sig `ΣΣ, Ka:K asi6∈g dom(Σ) (KΣ) Σ sig `Σ σ : Type c 6∈ dom(Σ) Σ, c:σ sig (σΣ) Valid Signatures hi sig ( Σ) ΓΓ,`xΣ:σΠ`xΣ:σ.ττ ::TTyyppee (ΠI) Γ `Σ Γσ `: ΣTyσpe→r Γτ `:ΣTyτpe: Type (→r I) Γ `Σ σ : Type Γ `Σ τ : Type Γ `Σ σ ∩ τ : Type (∩I) I Lemma 15. 1. If Γ `Σ σ : K, then || Γ ||`B+ | σ | : || K ||. 2. If Γ `Σ Δ : σ, then || Γ ||`B+ | Δ | : || σ ||. where `B+ denotes the type system B, augmented by c× : > → > → > and the infinite set of axioms c||σ|| : > → (|| σ ||→ >) → >, for each type σ. Notice that the function o o and | | treat differently relevant implication. (a special constant) || σ →r τ || = || σ ||→|| τ || || σ Δ || = || σ || || σ ∩ τ || = || σ || ∩ || τ || || σ ∪ τ || = || σ || ∪ || τ || | a | = a | c | = c | x | = x | σ Δ | = | σ | | Δ | | Δ1 | | Δ2 | | Δ1 | | Δ2 | | Δ1 Δ2 | | Δ1 r Δ2 | | λrx:σ.Δ | = = (λy.λx. | Δ |) | σ | y 6∈ f v(Δ) | Πx:σ.τ | = c||σ|| | σ | (λx. | τ |) Figure 11 The forgetful mappings || · || and | · | (λy.λx. | Δ |) | σ | y 6∈ f v(Δ) I Lemma 16. 1. If σ −→β τ , then | σ |−→β+| τ |. 2. if Δ1 −→β Δ2, then | Δ1 |−→β+| Δ2 |. | σ →r τ | = c× | σ | | τ | | σ ∩ τ | = c× | σ | | τ | | σ ∪ τ | = c× | σ | | τ | | hΔ1 , Δ2i | Parallel reduction enjoys the strong normalization property, i.e. I Theorem 4 (Strong normalization). 1. The LFΔ is strongly normalizing, i.e., a. If Γ `Σ K, then K is strongly normalizing. b. If Γ `Σ σ : K, then σ is strongly normalizing. c. If Γ `Σ Δ : σ, then Δ is strongly normalizing. 2. Every strongly normalizing pure λ-term can be annotated so as to be the essence of a Δ-term. Proof. 1) Strong normalization derives directly from Lemmas 15, 16 and Theorem 2. 2) By induction on the specification of strongly normalizing terms which can be inductively defined as i) Δ1 . . . Δn ∈ SN ⇒ λx1, . . . , xn.x Δ1 . . . Δn ∈ SN for x possibly among the xi’s, ii) Δ[Δ0/x] Δ1 . . . Δn ∈ SN , and iii) Δ0 ∈ SN ⇒ (λx:σ.Δ) Δ0 Δ1 . . . Δn ∈ SN . J Local confluence (Proposition 1) and strong normalization (Theorem 4) entail confluence, so we have I Theorem 5 (Confluence). LFΔ is confluent, i.e.: 1. If K1 −→∗Δ K2 and K1 −→∗Δ K3, then ∃K4 such that K2 −→∗Δ K4 and K3 −→∗Δ K4. 2. If σ1 −→∗Δ σ2 and σ1 −→∗Δ σ3, then ∃σ4 such that σ2 −→∗Δ σ4 and σ3 −→∗Δ σ4. 3. If Δ1 −→∗Δ Δ2 and Δ1 −→∗Δ Δ3, then ∃Δ4 such that Δ2 −→∗Δ Δ4 and Δ3 −→∗Δ Δ4. The following lemmas are proved by structural induction. I Lemma 17 (Inversion properties). 1. If Πx:σ.τ =Δ τ 00, then τ 00 ≡ Πx:σ0.τ 0, for some σ0, τ 0, such that σ0 =Δ σ, and τ 0 =Δ τ . 2. If σ →r τ =Δ τ 00, then τ 00 ≡ σ0 →r τ 0, for some σ0, τ 0, such that σ0 =Δ σ, and τ 0 =Δ τ . 3. If σ ∩ τ =Δ ρ, then ρ ≡ σ0 ∩ τ 0, for some σ0, τ 0, such that σ0 =Δ σ, and τ 0 =Δ τ . 4. If σ ∪ τ =Δ ρ, then ρ ≡ σ0 ∪ τ 0, for some σ0, τ 0, such that σ0 =Δ σ, and τ 0 =Δ τ . 5. If Γ `Σ λx:σ.Δ : Πx:σ.τ , then Γ, x:σ `Σ Δ : τ . 6. If Γ `Σ λrx:σ.Δ : Πx:σ.τ , then Γ, x:σ `Σ Δ : τ and o Δ o =η x. 7. If Γ `Σ hΔ1 , Δ2i : σ ∩ τ , then Γ `Σ Δ1 : σ, Γ `Σ Δ2 : τ , and o Δ1 o =β o Δ2 o. 8. If Γ `Σ [Δ1 , Δ2] : Πx:σ ∪ τ.ρ, then Γ `Σ Δ1 : Πy:σ.ρ (inlτ y), Γ `Σ Δ2 : Πy:τ.ρ (inrσ y), and o Δ1 o =β o Δ2 o. 9. If Γ `Σ prl Δ : σ, then Γ `Σ Δ:σ ∩ τ , for some τ . 10. If Γ `Σ prr Δ : τ , then Γ `Σ Δ:σ ∩ τ , for some σ. 11. If Γ `Σ inlτ Δ : σ ∪ τ , then Γ `Σ Δ : σ and Γ `Σ σ ∪ τ : Type. 12. If Γ `Σ inrσ Δ : σ ∪ τ , then Γ `Σ Δ : τ and Γ `Σ σ ∪ τ : Type. I Proposition 18 (Subderivation). 1. A derivation of `Σ hi has a subderivation of Σ sig. 2. A derivation of Σ, a:K sig has subderivations of Σ sig and `Σ K. 3. A derivation of Σ, f :σ sig has subderivations of Σ sig and `Σ σ:Type. 4. A derivation of `Σ Γ, x:σ has subderivations of Σ sig, `Σ Γ, and Γ `Σ σ:Type. 5. A derivation of Γ `Σ α has subderivations of Σ sig and `Σ Γ. 6. Given a derivation of the judgement Γ `Σ α, and a subterm occurring in the subject of this judgement, there exists a derivation of a judgement having this subterm as a subject. I Theorem 6 (Subject reduction of LFΔ). 1. If Γ `Σ K, and K →Δ K0, then Γ `Σ K0. 2. If Γ `Σ σ : K, and σ →Δ σ0, then Γ `Σ σ0 : K. 3. If Γ `Σ Δ : σ, and Δ →Δ Δ0, then Γ `Σ Δ0 : σ. Finally, we define a possible algorithm for checking judgements in LFΔ by computing a type or a kind for a term, and then testing for definitional equality, i.e. =Δ, against the given type or kind. This is achieved by reducing both to their unique normal forms and checking that they are identical up to α-conversion. Therefore we finally have: I Theorem 7 (Decidability). All the type judgments of LFΔ are recursively decidable. Minimal Relevant Implications and Type Inclusion. Type inclusion and the rules of subtyping are related to the notion of minimal relevant implication, see [4, 17]. The insight is quite subtle, but ultimately very simple. This is what makes it appealing. The apparently intricate rules of subtyping and type inclusion, which occur in many systems, and might even appear ad hoc at times, can all be explained away in our principled approach, by proving that the relevant implication type is inhabited by a term whose essence is essentially a variable. The following theorem we show how relevant implication subsumes the type-inclusion rules of the theory Ξ of [3], without rule (10): we call Ξ0 the resulting set. I Theorem 8 (Type Inclusion). The judgement hi `Σ Δ : σ →r τ (where both σ and τ do not contain dependencies or relevant families) holds iff σ ≤ τ holds in the subtype theory Ξ0 of B enriched with new axioms of the form σ1 ≤ σ2 for each constant c : σ1 →r σ2 ∈ Σ. Proof. (if ). Follows directly from Lemma 17. (only if ). It is possible to write a Δ-term whose essence is an η−expansion of the identity (λx.x) corresponding to each of the axioms and rules in Ξ0. The Δ-term is obtained by defining a function kσ ≤ τ kΔ, where σ ≤ τ is a subtyping derivation tree in the type theory Ξ0, which coerce a Δ-term from type σ to type τ : (1) (2) (3) (4) (6) (7) (8) (9) (12) (14) kσ 6 σ ∩ σkΔ kσ ∪ σ 6 σkΔ kσ1 ∩ σ2 6 σikΔ kσi 6 σ1 ∪ σ2kΔ hΔ , Δi [λx:σ.x , λx:σ.x] Δ pri Δ ini Δ def = def = def = def = def = def = def = def = def = ) ) vn E o Π C ( ( ) z → ∪ 1 σ ` :σ 1 Γ x Samson Abramsky . Domain theory in logical form . Annals of Pure and Applied Logic , 51 ( 1 ): 1 - 77 , 1991 . Andrea Asperti , Wilmer Ricciotti, Claudio Sacerdoti Coen, and Enrico Tassi . A BiDirectional Refinement Algorithm for the Calculus of (Co)Inductive Constructions . Logical Methods in Computer Science , 8 ( 1 ), 2012 . Franco Barbanera , Mariangiola Dezani-Ciancaglini, and Ugo de'Liguoro . Intersection and union types: syntax and semantics . Inf. Comput. , 119 ( 2 ): 202 - 230 , 1995 . Archive for Mathematical Logic , 33 : 189 - 211 , 1994 . Henk Barendregt , Mario Coppo, and Mariangiola Dezani-Ciancaglini. A Filter lambda model and the completeness of type assignment . Journal of Symbolic Logic , 48 ( 4 ): 931 - 940 , 1983 . Gilles Barthe and Olivier Pons . Type Isomorphisms and Proof Reuse in Dependent Type Theory . In Foundations of Software Science and Computation Structures , 4th International Conference, FOSSACS 2001 , pages 57 - 71 , 2001 . Stefano Berardi . Towards a mathematical analysis of the Coquand-Huet calculus of constructions and the other systems in Barendregt's cube . PhD thesis , Dipartimento Matematica, Universita di Torino , 1988 . Jan Bessai . Extracting a formally verified Subtyping Algorithm for Intersection Types from Ideals and Filters . Talk at COST Types , 2016 . Olivier Boite . Proof Reuse with Extended Inductive Types . In Theorem Proving in Higher Order Logics, 17th International Conference, TPHOLs 2004 , pages 50 - 65 , 2004 . Viviana Bono , Betti Venneri, and Lorenzo Bettini . A typed lambda calculus with intersection types . Theor. Comput. Sci. , 398 ( 1-3 ): 95 - 113 , 2008 . Beatrice Capitani , Michele Loreti, and Betti Venneri . Hyperformulae, Parallel Deductions and Intersection Types . BOTH, Electr. Notes Theor. Comput. Sci. , 50 ( 2 ): 180 - 198 , 2001 . In SSR , pages 106 - 113 , 1995 . Arch. Math. Log., 19 ( 1 ): 139 - 156 , 1978 . Mario Coppo , Mariangiola Dezani-Ciancaglini, Honsell Furio , and Longo Giuseppe . Extended Type Structures and Filter Lambda Models . In Logic Colloquium , pages 241 - 262 , 1983 . Mario Coppo , Mariangiola Dezani-Ciancaglini, and Patrick Sallé . Functional characterization of some semantic equalities inside λ-calculus . In International Colloquium on Automata, Languages, and Programming , pages 133 - 146 . Springer-Verlag, 1979 . Mario Coppo , Mariangiola Dezani-Ciancaglini, and Betti Venneri . Functional characters of solvable terms . Zietschrift für Mathematische Logik und Grundlagen der Mathematik , 27 ( 2-6 ): 45 - 58 , 1981 . Daniel J. Dougherty , Ugo de'Liguoro , Luigi Liquori , and Claude Stolze . A Realizability Interpretation for Intersection and Union Types . In APLAS , volume 10017 of Lecture Notes in Computer Science, pages 187 - 205 . Springer-Verlag, 2016 . Daniel J. Dougherty and Luigi Liquori . Logic and Computation in a Lambda Calculus with Intersection and Union Types . In LPAR , volume 6355 of Lecture Notes in Computer Science, pages 173 - 191 . Springer-Verlag, 2010 . Joshua Dunfield . Elaborating intersection and union types . J. Funct. Program. , 24 ( 2- 3 ): 133 - 165 , 2014 . Amy P. Felty and Douglas J. Howe . Generalization and Reuse of Tactic Proofs . In Proc. of Logic Programming and Automated Reasoning , 5th International Conference, LPAR, pages 1 - 15 , 1994 . Alain Frisch , Giuseppe Castagna, and Véronique Benzaken . Semantic subtyping: Dealing set-theoretically with function, union, intersection, and negation types . Journal of the ACM (JACM) , 55 ( 4 ): 19 , 2008 . ACM , 40 ( 1 ): 143 - 184 , 1993 . Funct. Program. , 17 ( 4-5 ): 613 - 673 , 2007 . J. Roger Hindley . The simple semantics for Coppo-Dezani-Sallé types . In International Symposium on Programming , pages 212 - 226 , 1982 . Furio Honsell and Marina Lenisa . Semantical Analysis of Perpetual Strategies in lambdaCalculus. Theor. Comput. Sci. , 212 ( 1-2 ): 183 - 209 , 1999 . Furio Honsell , Marina Lenisa, Luigi Liquori, and Ivan Scagnetto . Implementing Cantor's Paradise . In Proc. of Programming Languages and Systems - 14th Asian Symposium , APLAS, pages 229 - 250 , 2016 . Alexei Kopylov . Dependent intersection: a new way of defining records in type theory . In Proc. of 18th Annual IEEE Symposium of Logic in Computer Science , LICS, pages 86 - 95 , 2003 . Luigi Liquori , Andreas Nuyts, and Claude Stolze . Privates communications, 2017 . Information and Computation , 9 ( 205 ): 1371 - 1386 , 2007 . Luigi Liquori and Claude Stolze . A Decidable Subtyping Logic for Intersection and Union Types . In Proc of TTCS , volume 10608 of Lecture Notes in Computer Science, pages 74 - 90 . Springer-Verlag, 2017 . Luigi Liquori and Claude Stolze . The Delta-calculus: syntax and types . Research report, Inria , July 2018 . URL: https://arxiv.org/abs/ 1803 .09660. Edgar G. K. Lopez-Escobar . Proof functional connectives . In Methods in Mathematical Logic , volume 1130 of Lecture Notes in Mathematics, pages 208 - 221 . Springer-Verlag, 1985 . David B. MacQueen , Gordon D. Plotkin , and Ravi Sethi . An Ideal Model for Recursive Polymorphic Types . Information and Control , 71 ( 1 /2): 95 - 130 , 1986 . Robert K Meyer and Richard Routley. Algebraic analysis of entailment I. Logique et Analyse , 15 : 407 - 428 , 1972 . Grigori Mints . The Completeness of Provable Realizability. Notre Dame Journal of Formal Logic , 30 ( 3 ): 420 - 441 , 1989 . Alexandre Miquel . The Implicit Calculus of Constructions . In TLCA, pages 344 - 359 , 2001 . Frank Pfenning . Refinement Types for Logical Frameworks . In TYPES , pages 285 - 299 , 1993 . Benjamin C. Pierce . Programming with intersection types, union types, and bounded polymorphism . PhD thesis , Technical Report CMU-CS-91-205 . Carnegie Mellon University, 1991 . Elaine Pimentel , Simona Ronchi Della Rocca, and Luca Roversi . Intersection Types from a Proof-theoretic Perspective . Fundam. Inform., 121 ( 1-4 ): 253 - 274 , 2012 . Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism , pages 561 - 577 . Academic Press, 1980 . John C. Reynolds . Preliminary Design of the Programming Language Forsythe . Report CMU-CS-88-159 , Carnegie Mellon University, 1988 .


This is a preview of a remote PDF: http://drops.dagstuhl.de/opus/volltexte/2018/9936/pdf/LIPIcs-FSTTCS-2018-37.pdf

Furio Honsell, Luigi Liquori, Claude Stolze, Ivan Scagnetto. The Delta-Framework, LIPICS - Leibniz International Proceedings in Informatics, 2018, 37:1-37:21, DOI: 10.4230/LIPIcs.FSTTCS.2018.37