Anti-Symmetry of Higher-Order Subtyping

Anti-Symmetry of Higher-Order Subtyping

and

Equality by Subtyping∗

Adriana Compagnoni† Healfdene Goguen‡

Abstract

This paper gives the first proof that the subtyping relation of a higher-order lambda calculus, Fω

≤, is anti-symmetric, establishing in the processthat the subtyping relation is a partial order—reflexive, transitive, andanti-symmetric up to β-equality. While a subtyping relation is reflexiveand transitive by definition, anti-symmetry is a derived property. Theresult, which may seem obvious to the non-expert, is technically challeng-ing, and had been an open problem for almost a decade. In this context,typed operational semantics for subtyping offers a powerful new technol-ogy to solve the problem: of particular importance is our extended rulefor the well-formedness of types with head variables. The paper also givesa presentation of Fω

≤ without a relation for β-equality, apparently the firstsuch, and shows its equivalence with the traditional presentation.

1 Introduction

During the last decade, object-oriented programming languages such as Smalltalk,C++, Modula 3, and Java have become popular because they encourage andfacilitate software reuse and abstract design. One attempt to give a theoreti-cal understanding of these object-oriented programming languages has been tointroduce type systems with features to model constructs from object-orientedprogramming languages [8, 12], for example bounded quantification [22] andrecursive types [2].

Metatheoretic properties of the type systems are important to justify theprogramming languages being modeled. Two central results about type sys-tems are established in our earlier paper about Fω

≤ [17]. The first important

∗An extended abstract of this work was published in [16].†Stevens Institute of Technology, Castle Point on Hudson, Hoboken, NJ 07030, USA.

[email protected]. Tel:201-216-5328. Fax:201-216-8249.‡AT&T Labs, 180 Park Ave., Florham Park, NJ 07932, USA. [email protected]. Most of this

author’s work was carried out at LFCS, University of Edinburgh, JCMB, The King’s Buildings,Edinburgh, EH9 3JZ, UK.

1

property is subject reduction or type preservation, which states that evaluationof programs preserves their type. The second important property shown in ourearlier article is the decidability of type-checking and subtyping: a compilershould be able to process basic type information reliably without help from theprogrammer in order to prevent basic programming errors. Decidability of type-checking ensures that this will always be possible, and decidability of subtypingis a crucial step to proving this. In the process of showing decidability, we definean algorithm and show it equivalent with the logical presentation of the system.

The subtyping relation has been extensively researched because of its impor-tance in applications to programming languages [1, 6, 23, 30], proof assistants[3, 27, 31], and metatheoretical studies [4, 5, 7, 12, 17, 18, 20, 21, 26, 34], toname a few. However, none of these studies has established the anti-symmetryof the subtyping relation for a higher-order calculus. In some cases it has beenconjectured, as in [36]. In other cases, the problem is avoided by taking anequality that satisfies anti-symmetry by definition: A = B is defined as A ≤ Band B ≤ A, evidently an equivalence relation but not obviously the same re-lation as β-equality. Steffen [33] has showed the simpler property, appropriateto his setting of polarized subtyping, that A ≤ B and B ≤ A, where bothderivations are without uses of promotion1, if and only if A =β B. However,in most higher-order subtyping calculi, including ours, the problem in showinganti-symmetry is exactly to show that the derivations of A ≤ B and B ≤ Acontain no uses of promotion.

Anti-symmetry has been demonstrated for F≤ [22]. For Mitchell’s secondorder λ-calculus a la Curry with subtyping, a completely different style of sub-typing from the one we consider here, anti-symmetry has been studied underthe name of equational axiomatization of bicoercibility [35]. There, A and B arecalled bicoercible if A ≤ B and B ≤ A, and the paper proves that if A and Bare bicoercible then A ≡ B, for an appropriate equivalence relation ≡. However,the problem of bicoercibility of F≤ is considerably easier than anti-symmetryof higher-order subtyping, because there is no notion of computation on types,and in particular no β-reduction on types.

The rest of the paper is structured as follows. In the remaining sectionsof the introduction we discuss technical points relating to typed operationalsemantics and anti-symmetry of subtyping. In Section 2 we introduce the basiclanguage of Fω

≤. In Section 3 we introduce the typed operational semantics,which as explained above plays a central role in our proof of anti-symmetry byproviding a powerful induction principle. Section 5 outlines the proof of anti-symmetry using the typed operational semantics and sketches an approach toimplementing subtyping and equality simultaneously. In Section 6 we give givea new presentation of Fω

≤ without judgemental equality or conversion. Finally,we draw conclusions in Section 7. The appendices contain an outline of theresults that we use from our earlier development of typed operational semanticsfor Fω

≤, rules for the traditional presentation of Fω≤, and rules for the typed

1Promotion is a step of transitivity along the bound of the head variable, and consists ofreplacing the head variable by its bound in a given context.

2

operational semantics.

Typed Operational Semantics

Our proof of anti-symmetry of higher-order subtyping relies on our understand-ing of subtyping built up using typed operational semantics. Typed opera-tional semantics [24] gives an alternative induction principle for type theories,by presenting type theory operationally rather than declaratively. The typedoperational semantics for Fω

≤ has judgements for reduction to weak-head andnormal form for types, and for subtyping comparison between types in weak-head normal form and arbitrary types. Because the system is presented fromthe perspective of computation, many properties about the relationship betweenreduction and typing are particularly easy to show by induction on derivationsof the typed operational semantics. This topic is dealt with extensively in anearlier article [17].

A typed approach like typed operational semantics is essential to study-ing anti-symmetry. Similar to Church–Rosser for βη-reduction in type the-ories, which is only true for typed terms, anti-symmetry is only true for well-formed judgements. For example, in the invalid context Y≤(ΛX≤A:?.(X X)):?→?, Z≤Y :?, where the operator variable Y is a subtype of the self-applicationoperator and Z is a subtype of Y , we can show that Z Z ≤ Y Z and Y Z ≤ Z Z,but the two types are clearly not β-equal.

A key property in our proof of anti-symmetry, that Γ(X)(A1, . . . , An) ≤X(A1, . . . , An) is underivable in the context Γ (where Γ(X) denotes the boundof X in Γ), also relies on the well-formedness of the judgement. Intuitively, ifΓ(X)(A1, . . . , An) and X(A1, . . . , An) are well-formed then they can never beβ-equal. While the base case, that Γ(X) ≤ X is impossible, is straightforward,the complication in the general case is that X may appear in some Ai, so itis not obvious that Γ(X)(A1, . . . , Am) may not β-reduce to X(A1, . . . , Am), forexample. The type system rules out cases like Γ(X) being ΛY≤A:K.(Y Y ) andA1 being X.

Essential to our approach is the extended rule ST-TApp from our recent paperon decidability of subtyping [17]. This rule contains as a premise the well-formedness of the bound Γ(X) applied to a sequence of types, in order to con-clude the well-formedness of the variable X applied to that sequence of terms.This rule is justified by an extension of the logical relation proof of Soundness(Theorem 4.8) using saturated sets. It is the powerful induction principle aris-ing out of this rule, already crucial to our proof of decidability, that allows usto show the underivability of Γ(X)(A1, . . . , Am) ≤ X(A1, . . . , Am).

Induced Equivalence Relations

The equivalence relation induced by A ≤ B and B ≤ A may be stronger than theusual intensional equality associated with type theory, syntactic equivalence onnormal forms. One such case occurs in [32], where the types ∀(X <: Bot)X→X

3

and ∀(X <: Bot)Bot→Bot are “equivalent in the subtype relation2, even thoughthey are not syntactically identical.” A similar situation appears in intersectiontypes disciplines, where > = A→> and also A→> ≤ > and > ≤ A→>. A finalexample is extensible records [13], where the extension operator is associativeand commutative in the subtyping relation. These equivalence relations havemodels in existing frameworks, for example game semantics [15] or PER models[19].

Such equivalences also arise in the context of programming languages. Forexample, consider object types with a private section and a public interface,where two object types O1 and O2 may satisfy O1 ≤ O2 and O2 ≤ O1 butdiffer in their private section. The equivalence relation that only considers thepublic interface will be more useful to the programmer than intensional equality,because it is more permissive.

In our current work on Fω≤, the equivalence relation is the usual notion of

β-equality at the type level. However, Martin-Lof [28] has demonstrated howto capture more sophisticated equivalence relations in intensional type theory.He allows the equality on elements of a type to include an arbitrary decidableequivalence relation on the normal forms of a type, rather than taking simplesyntactic equivalence of normal forms. To extend our work to the example aboveof public and private sections of an object type, we can take an equivalenceon object types in normal form that simply compares the fields of the publicinterfaces.

Metatheoretic Consequences of Anti-Symmetry

In addition to providing the answer to a long-standing open problem, our workhas several consequences in the development of the metatheory of type systemswith subtyping. First, in the presence of anti-symmetry for subtyping, we canshow the equivalence between traditional presentations, either with judgementalequality or untyped β-conversion, and a system without the notion of equality.This means that the proof of soundness for model constructions, such as thatfor proofs of strong normalization or PER models, can be more concise. InSection 6 we give a sketch of a new presentation of Fω

≤ without judgementalequality or conversion, apparently not found elsewhere in the literature, anddiscuss how the development of the metatheory proceeds for this system. Thelack of a notion of equality may also have consequences for the implementationof type theories with subtyping.

Another consequence of this result is that we can now prove the MinimumTypes Property, as opposed to the Minimal Types Property normally proved.A type inference algorithm can be shown to find one of many minimal types fora term. We can now clearly state the relationship between all of these minimaltypes: whereas before we knew that any two minimal types were subtypes ofeach other, we now know that they are β-equal.

2A and B are equivalent in the subtyping relation if A ≤ B and B ≤ A.

4

2 Syntax

We now present the rules for kinding, subtyping, and typing in Fω≤. The rules

are presented as simultaneously defined inductive relations with the followingjudgement forms:

Γ ` ok well-formed contextΓ ` K well-formed kindΓ ` K =β K ′ kind equalityΓ ` A : K well-kinded typeΓ ` A =β B : K type equalityΓ ` A ≤ B : K subtypeΓ `M : A well-typed term.

We sometimes use the metavariable J to range over statements (right-hand sidesof judgements) of any of these judgement forms.

2.1 Syntactic Categories

The kinds of Fω≤ are the kind ? of proper types and the kinds ΠX≤A:K1.K2 of

type operators or functions on types.

K ::= ? types| ΠX≤A:K.K type operators

The language of types of Fω≤ is a straightforward higher-order extension of

F≤, Cardelli and Wegner’s second-order calculus of bounded quantification. LikeF≤, it includes type variables X; function types A→B; and polymorphic types∀X≤A:K.B, in which the bound type variable X ranges over all subtypes ofthe upper bound A. Moreover, like Fω, we allow types to be abstracted ontypes, but we also allow bounds on the abstraction ΛX≤A:K.B. We can alsoapply types to argument types A B; in effect, these forms introduce a simplytyped λ-calculus with subtyping at the level of types. We shall sometimes usethe word “types” to mean types and type operators.

The capture-avoiding substitution of A for X in B is written B[X←A]. Weidentify types that differ only in the names of bound variables. We shall writeA(B1, . . . , Bn) for ((A B1) . . . Bn). If A is of the form X(B1, . . . , Bn) then A hashead variable X. We write HV(−) for the partial function returning the headvariable of a type. We also extend the top type T? to any kind K by defininginductively TΠX≤A:K1.K2 = ΛX≤A:K1.TK2 .

5

A ::= X type variable| A→A function type| ∀X≤A:K .A polymorphic type| ΛX≤A:K .A operator abstraction| A A operator application| T? top type

The language of terms includes the variables (x), applications (M N), andfunctional abstractions (λx:A.M) of the simply typed λ-calculus, as well asbounded type abstraction (λX≤A:K.M) and application (M A) of Fω. Asin F≤, each type variable is given an upper bound at the point where it isintroduced. We use the same notation for capture-avoiding substitution as thatfor types, and again identify α-equivalent terms.

M ::= x variable| λx:A.M abstraction| M M application| λX≤A:K .M type abstraction| M A type application

The operational semantics of Fω≤ is given by the following reduction rules on

terms and types.

Definition 2.1 (Untyped Reduction)

1. (λx:A.e1)e2 →β1 e1[x←e2]

2. (λX≤A:K1.e)B →β1 e[X←B]

3. (ΛX≤A:K.B)C →β2 B[X←C]

Each relation (→β1 and→β2) is extended to a compatible relation with respectto term or type formation. The reduction →β is defined by →β1 ∪ →β2. Wewrite �R for the transitive and reflexive closure of →R and ≡R for the leastequivalence relation containing →R and closed under α-equivalence.

2.2 Contexts

A context Γ is a finite sequence of typing and subtyping assumptions for a setof term and type variables.

The empty context is written ∅. Term variable bindings have the form x:A;type variable bindings have the form X≤A:K, where A is the upper bound ofX and K is the kind of A.

6

Γ ::= ∅ empty context| Γ, x:A term variable declaration| Γ, X≤A:K type variable declaration

We call the set of term and type variables defined in a context Γ the domainof Γ, written dom(Γ). The functions FV(—) and FTV(—) give the sets of freeterm variables and free type variables of a term, type, context, or statement.Since we are careful to ensure that no variable is bound more than once, wesometimes abuse notation and consider contexts as finite functions: Γ(X) yieldsthe bound of X in Γ, where X is implicitly asserted to be in dom(Γ).

We now give the rules of inference for the system Fω≤.

2.3 Structural Rules

This section presents general structural rules for Fω≤. In fact, each of the rules

is admissible, which we shall show when we prove the equivalence of this systemwith the typed operational semantics. We shall write Γ `− J for judgements inthe restricted system without these rules.

In the following J is not a typing statement (J 6≡M : A).

Γ1, Γ2 ` J Γ1 ` A : ? x 6∈ dom(Γ1, Γ2)

Γ1, x:A, Γ2 ` J(Thin)

Γ1, Γ2 ` J Γ1 ` A : K X 6∈ dom(Γ1, Γ2)

Γ1, X≤A:K, Γ2 ` J(TThin)

Γ1, X≤B:K, Γ2 ` J Γ1 ` A≤B : K

Γ1, Γ2[X←A] ` J [X←A](Subst)

Γ1, x:A, Γ2 ` J Γ1 ` A =β B : ?

Γ1, x:B, Γ2 ` J(Context-Eq)

Γ1, X≤A:K, Γ2 ` J Γ1 ` A =β B : K Γ1 ` K =β K′

Γ1, X≤B:K′, Γ2 ` J(Context-T-Eq)

Γ ` B : K

Γ ` K(Kind-Agreement)

2.4 Context Formation

The context formation rules are:∅ ` ok (C-Empty)

Γ ` A : ? x 6∈ dom(Γ)

Γ, x:A ` ok(C-Var)

Γ ` A : K X 6∈ dom(Γ)

Γ, X≤A:K ` ok(C-TVar)

7

2.5 Kind Formation

The well-formed kinds are those derived with the following rules.Γ ` ok

Γ ` ?(K-?)

Γ, X≤A:K1 ` K2

Γ ` ΠX≤A:K1.K2(K-Π)

2.6 Kind Equality

The interconvertibility of kinds is the propagation of the interconvertibility oftypes within kinds.

Γ ` K

Γ ` K =β K(K-Eq-Refl)

Γ ` K =β K′

Γ ` K′ =β K(K-Eq-Sym)

Γ ` K =β K′ Γ ` K′ =β K′′

Γ ` K =β K′′ (K-Eq-Trans)

Γ ` ok

Γ ` ? =β ?(K-Eq-?)

Γ ` K1 =β K′1 Γ ` A =β A′ : K1 Γ, X≤A:K1 ` K2 =β K′

2

Γ ` ΠX≤A:K1.K2 =β ΠX≤A′:K′1.K

′2

(K-Eq-Π)

2.7 Type Formation

For each type constructor, we give a rule specifying how it can be used to buildwell-formed type expressions. The new rules for type formation are the onesthat deal with bounded type abstraction (T-TAbs), type application (T-TApp),and kind conversion (T-Conv).

Γ ` ok

Γ ` T? : ?(T-Top)

Γ1, X≤A:K, Γ2 ` ok

Γ1, X≤A:K, Γ2 ` X : K(T-TVar)

Γ ` A1 : ? Γ ` A2 : ?

Γ ` A1→A2 : ?(T-Arrow)

Γ, X≤A1:K ` A2 : ?

Γ ` ∀X≤A1:K.A2 : ?(T-All)

Γ, X≤A1:K1 ` A2 : K2

Γ ` ΛX≤A1:K1.A2 : ΠX≤A1:K1.K2(T-TAbs)

Γ ` A : ΠX≤B:K1.K2 Γ ` C≤B : K1

Γ ` A C : K2[X←C](T-TApp)

8

Γ ` A : K Γ ` K =β K′

Γ ` A : K′ (T-Conv)

2.8 Type Equality

The judgemental type equality is generated by the typed beta-equality rule(T-Eq-Beta). It is a congruence with respect to type formation, and incorporateskind equivalence so that equal kinds contain the same equality relation on types.

Γ, X≤A1:K1 ` A2 : K2 Γ ` C ≤ A1 : K1

Γ ` (ΛX≤A1:K1.A2) C =β A2[X←C] : K2[X←C](T-Eq-Beta)

Γ ` A : K

Γ ` A =β A : K(T-Eq-Refl)

Γ ` A =β B : K

Γ ` B =β A : K(T-Eq-Sym)

Γ ` A =β B : K Γ ` B =β C : K

Γ ` A =β C : K(T-Eq-Trans)

Γ ` A1 =β B1 : ? Γ ` A2 =β B2 : ?

Γ ` A1→A2 =β B1→B2 : ?(T-Eq-Arrow)

Γ ` A1 =β B1 : K Γ, X≤A1:K ` A2 =β B2 : ? Γ ` K =β K′

Γ ` ∀X≤A1:K.A2 =β ∀X≤B1:K′.B2 : ?(T-Eq-All)

Γ ` A1 =β B1 : K1 Γ, X≤A1:K1 ` A2 =β B2 : K2 Γ ` K1 =β K′1

Γ ` ΛX≤A1:K1.A2 =β ΛX≤B1:K′1.B2 : ΠX≤A1:K1.K2

(T-Eq-TAbs)

Γ ` A =β B : ΠX≤E:K1.K2 Γ ` C =β D : K1 Γ ` C ≤ E : K1

Γ ` A C =β B D : K2[X←C](T-Eq-TApp)

Γ ` A =β B : K Γ ` K =β K′

Γ ` A =β B : K′ (T-Eq-Conv)

2.9 Subtyping

The subtyping rules are those of Fω<: [9, 10, 11, 12, 29], except for those dealing

with bounded type abstraction and type application shown below and the rulefor subtyping the quantifier. We chose Cardelli and Wegner’s kernel Fun rulefor quantifiers with equal bounds [14]. The contravariant rule for quantifiersrenders the system undecidable, and transitivity elimination in the presence ofsuch a rule in the higher-order case remains an open problem.

Γ ` A : K

Γ ` A ≤ TK : K(S-Top)

Γ ` A =β B : K

Γ ` A ≤ B : K(S-Conv)

9

Γ ` A ≤ B : K Γ ` B ≤ C : K

Γ ` A ≤ C : K(S-Trans)

Γ1, X≤A:K, Γ2 ` ok

Γ1, X≤A:K, Γ2 ` X ≤ A : K(S-TVar)

Γ ` B1 ≤ A1 : ? Γ ` A2 ≤ B2 : ?

Γ ` A1→A2 ≤ B1→B2 : ?(S-Arrow)

Γ, X≤C:K ` A ≤ B : ?

Γ ` ∀X≤C:K.A ≤ ∀X≤C:K.B : ?(S-All)

Γ, X≤C:K1 ` A ≤ B : K2

Γ ` ΛX≤C:K1.A ≤ ΛX≤C:K1.B : ΠX≤C:K1.K2(S-TAbs)

Γ ` A ≤ B : ΠX≤D:K1.K2 Γ ` C ≤ D : K1

Γ ` A C ≤ B C : K2[X←C](S-TApp)

Γ ` A ≤ B : K Γ ` K =β K′

Γ ` A ≤ B : K′ (S-K-Conv)

2.10 Term Formation

The term formation rules are those of the second-order calculus of boundedquantification with the difference that we include kind annotations in terms,types, contexts, and subtyping judgements.

Γ1, x:A, Γ2 ` ok

Γ1, x:A, Γ2 ` x : A(t-Var)

Γ, x:A `M : B

Γ ` λx:A.M : A→B(t-Abs)

Γ `M : A→B Γ ` N : A

Γ `M N : B(t-App)

Γ, X≤A:K `M : B

Γ ` λX≤A:K.M : ∀X≤A:K.B(t-TAbs)

Γ `M : ∀X≤A:K.B Γ ` C ≤ A : K

Γ `M C : B[X←C](t-TApp)

Γ `M : A Γ ` A ≤ B : ?

Γ `M : B(t-Sub)

3 The Typed Operational Semantics

We now introduce the typed operational semantics for Fω≤, which is organized

in five judgement forms.

10

Γ `S ok well-formed contextΓ `S K �n K ′ kind normalizationΓ `S A �w B w�n C : K type reductionΓ `S A ≤W B : K weak-head subtypingΓ `S A ≤ B : K subtyping

The informal meaning of these judgements is as follows. In Γ `S K �n K ′, K ′

is the normal form of K. In Γ `S A �w B w�n C : K, B is the weak-headnormal form of A and C its normal form. In Γ `S A ≤W B : K, A and B are inweak-head normal form, and in Γ `S A ≤ B : K, A and B are arbitrary typesor type operators.

Definition 3.1 (Weak-Head Normal)

T?, A1→A2, ∀X≤A:K.B, and ΛX≤A:K.B are weak-head normal.X(A1, . . . , An) is weak-head normal if A1, . . . , An are in normal form.

In order to prove the admissibility of transitivity in the semantics, we needto consider a stronger definition of weak-head normal form. We consider ex-pressions of the form X(A1, . . . , An) weak-head normal only if each Ai is fullynormalized.

We use the following notations:

• Γ `S A : K is notation for Γ `S A �w B w�n C : K, for some B,C.

• Γ `S K is notation for Γ `S K �n K ′, for some K ′.

• Γ `S A w�n B : K is notation for Γ `S A �w A w�n B : K.

• Γ `S A �w B : K is notation for Γ `S A �w B w�n C : K, for some C.

• Γ `S A �n B : K means Γ `S A �w C w�n B : K, for some C.

• Γ `S A,B �n C : K means Γ `S A �n C : K and Γ `S B �n C : K.

• Γ `S K, K ′ �n K ′′ means Γ `S K �n K ′′ and Γ `S K ′ �n K ′′.

The rules are presented as simultaneously defined inductive relations.

3.1 Context Formation

∅ `S ok (SC-Empty)

Γ `S A : ? x 6∈ dom(Γ)

Γ, x:A `S ok(SC-Var)

Γ `S A : K′ Γ `S K �n K′ X 6∈ dom(Γ)

Γ, X≤A:K `S ok(SC-TVar)

3.2 Kind Normalization

Γ `S ok

Γ `S ? �n ?(SK-?)

11

Γ `S K1 �n K′1 Γ `S A �n B : K′

1 Γ, X≤A:K1 `S K2 �n K′2

Γ `S ΠX≤A:K1.K2 �n ΠX≤B:K′1.K

′2

(SK-Π)

The context formation and kind normalization rules follow from modificationsto the context formation and kind equality rules of the system in Sections 2.4and 2.6. For example, in the type variable rule SC-TVar the kind of A and thekind in the declaration of X are β-equal but not necessarily identical.

3.3 Type Reduction

Γ `S ok

Γ `S T? �w T? w�n T? : ?(ST-Top)

Γ `S A �w B w�n C : K′ Γ `S K �n K′ Γ `S C : K′ (X≤A : K) ∈ Γ

Γ `S X �w X w�n X : K′

(ST-TVar)

Γ `S A �w X(A1, . . . , Am) : ΠX≤C:K1.K2

Γ `S B �w E w�n F : K1 Γ `S E ≤W C : K1

Γ `S Γ(X) �n D : K′

Γ `S D(A1, . . . , Am, F ) : K

Γ `S K2[X←B] �n K

Γ `S A B �w X(A1, . . . , Am, F ) w�n X(A1, . . . , Am, F ) : K(ST-TApp)

Γ `S A1 �n B1 : ? Γ `S A2 �n B2 : ?

Γ `S (A1→A2) �w (A1→A2) w�n (B1→B2) : ?(ST-Arrow)

Γ `S A �n C : K′ Γ, X≤A:K `S B �n D : ? Γ `S K �n K′

Γ `S ∀X≤A:K.B �w ∀X≤A:K.B w�n ∀X≤C:K′.D : ?(ST-All)

Γ `S K1 �n K′1 Γ `S A �n C : K′

1 Γ, X≤A:K1 `S B �n D : K2

Γ `S ΛX≤A:K1.B �w ΛX≤A:K1.B w�n ΛX≤C:K′1.D : ΠX≤C:K′

1.K2

(ST-TAbs)

Γ `S B �w ΛX≤A:K1.D : ΠX≤A′:K′1.K2

Γ `S D[X←C] �w E w�n F : K

Γ `S K2[X←C] �n K

Γ `S C ≤ A : K′1

Γ `S B C �w E w�n F : K(ST-Beta)

The rules for type reduction combine kinding information and computationalbehavior in the form of weak-head and β-normal forms. For example, the rule forarrow types says how to obtain the weak-head and β-normal forms of (A1→A2)in ? from those for A1 and A2 in ?.

The rule of inference for well-formedness of type variables applied to a se-quence of types includes the usual information about well-formedness of the ap-plicand and applicator. We also add information in the premises, not found else-where in the literature, stating that the bound of the variable has a normal form,and that replacing the variable by this normal form in the subject of the judge-ment is well-typed (Γ `S Γ(X) �n D : K ′ and Γ `S D(A1, . . . , Am, F ) : K).These new premises strengthen the induction hypothesis when reasoning by

12

induction on derivations of the typed operational semantics. The extra infor-mation this represents is enough to prove the decidability of subtyping for Fω

≤directly by induction on derivations. The subtyping algorithm exactly needs toconsider the replacement of a variable by its bound when determining whethersuch a type is a subtype of another type, so the derivations in the operationalsemantics give a measure that is a bound for the algorithm. We then need toshow that the strong premises can be satisfied in the proof of soundness: thisis a new application of the Tait-Girard method of logical relations, and it turnsout to be possible because of the bound information for variables in the con-text. The beta rule, besides uncovering the outermost redex of the applicationB C and contracting it, finds the weak-head normal form E and the normalform F . The premise Γ `S K2[X←C] �w K ensures that B C and D[X←C]have β-equal kinds, and the subtyping premise Γ `S C ≤ A : K1

′ enforces thewell-formation of B C.

The subtyping relation is defined using two judgements: one deals with typesin weak-head normal form (Γ `S A ≤W B : K) and the other with arbitrarytypes (Γ `S A ≤ B : K).

3.4 Weak-Head Subtyping

Γ `S A w�n B : ? HV(A) undefined

Γ `S A ≤W T? : ?(SWS-Top)

Γ `S X(A1, . . . , Am) w�n C : K

Γ `S Γ(X) �n B : K′

Γ `S B(A1, . . . , Am) �w E : K

Γ `S E ≤W A : K

A 6≡ X(A1, . . . , Am)

Γ `S X(A1, . . . , Am) ≤W A : K(SWS-TApp)

Γ `S X(A1, . . . , Am) w�n B : K

Γ `S X(A1, . . . , Am) ≤W X(A1, . . . , Am) : K(SWS-Refl)

Γ `S B1 ≤ A1 : ? Γ `S A2 ≤ B2 : ?

Γ `S A1→A2 ≤W B1→B2 : ?(SWS-Arrow)

Γ, X≤A1:K `S A2 ≤ B2 : ?

Γ `S A1, B1 �n C : K′′ Γ `S K, K′ �n K′′

Γ `S ∀X≤A1:K.A2 ≤W ∀X≤B1:K′.B2 : ?(SWS-All)

Γ, X≤A1:K1 `S A2 ≤ B2 : K2

Γ `S K1, K′1 �n K′′

1

Γ `S A1, B1 �n C : K′′1

Γ `S ΛX≤A1:K1.A2 ≤W ΛX≤B1:K′1.B2 : ΠX≤C:K′′

1 .K2(SWS-TAbs)

The weak-head subtyping rules are motivated by the algorithmic rules in [18].The rules SWS-Arrow, SWS-All, and SWS-TAbs are structural. The rule for the max-imal type T? has a side condition to ensure that the algorithm is deterministic,and applications are only handled by SWS-TApp or SWS-Refl.

A particular instance of SWS-TApp is the rule for type variables. To check ifΓ `S X ≤W A : K, we have to check that the bound of X in Γ is a subtype

13

of A and that Γ `S Γ(X) ≤ A : K. The premise Γ `S E ≤W A : K enforcesthat A be in weak-head normal form. The side condition A 6≡ X is to ensuredeterminism; if A ≡ X, the judgement instead follows by reflexivity.

3.5 Subtyping

Γ `S A �w C : K Γ `S B �w D : K Γ `S C ≤W D : K

Γ `S A ≤ B : K(SS-Inc)

There is no rule for transitivity of subtyping in the semantic rules, but tran-sitivity is a property of the “operational” subtyping (Lemma 4.6). Moreover,the rule SWS-TApp includes a step of transitivity along the bound of a variablein the context. We interleave weak-head normalization steps in the subtypingalgorithm via SS-Inc. An alternative formulation would weak-head normalize thearguments of the hypothesis in the rules for weak-head subtyping.

4 Metatheory

This section outlines results from [17].

Lemma 4.1 (Adequacy)

1. If Γ `S K �n K ′ then K �β K ′.

2. If Γ `S A �w B w�n C : K then A �β B �β C.

Lemma 4.2 (Context Conversion) If Γ `S K �n K ′ and Γ `S A �n A′ : K ′

and Γ, X≤A:K `S J then Γ, X≤A′:K ′ `S J .

Lemma 4.3 (Determinacy)

1. If Γ `S A �w B w�n C : K and Γ `S A �w D w�n E : K ′ then B ≡ D,C ≡ E and K ≡ K ′.

2. If Γ `S K �n K ′ and Γ `S K �n K ′′ then K ′ ≡ K ′′.

Lemma 4.4 (Subject Reduction) Γ `S A �w B w�n C : K and A →β A′

imply there is a B′ such that B �β B′ and Γ `S A′ �w B′w�n C : K.

Lemma 4.5 (Subtyping Conversion) Suppose that Γ `S A ≤W B : K. Then:

1. If Γ `S A,A′w�n C : K then Γ `S A′ ≤W B : K.

2. If Γ `S B,B′w�n C : K then Γ `S A ≤W B′ : K.

Similarly for Γ `S A ≤ B : K.

Lemma 4.6 (Transitivity) If Γ `S A ≤ B : K and Γ `S B ≤ C : K thenΓ `S A ≤ C : K.

14

Our choice of terminology for Soundness and Completeness below comesfrom proofs of strong normalization using saturated sets, where the Soundnesstheorem says that everything derivable in the syntax is satisfied in the saturatedsets model.

Proposition 4.7 (Completeness)

1. Γ `S K �n K ′ implies Γ ` K and Γ ` K =β K ′.

2. Γ `S A �w B w�n C : K implies Γ ` A : K, Γ ` A =β B : K andΓ ` A =β C : K.

3. Γ `S A ≤W B : K implies Γ ` A ≤ B : K.

4. Γ `S A ≤ B : K implies Γ ` A,B : K and Γ ` A ≤ B : K.

Theorem 4.8 (Soundness)

1. If Γ ` K then there is a K ′ such that Γ `S K �n K ′; if Γ ` K =β K ′

then there is a K ′′ such that Γ `S K �n K ′′ and Γ `S K ′ �n K ′′.

2. If Γ ` A : K then there are K ′, B and C such that Γ `S K �n K ′ andΓ `S A �w B w�n C : K ′; if Γ ` A =β B : K then there are C and K ′

such that Γ `S K �n K ′, Γ `S A �n C : K ′ and Γ `S B �n C : K ′.

3. If Γ ` A ≤ B : K then there is a K ′ such that Γ `S K �n K ′ andΓ `S A ≤ B : K ′.

Lemma 4.9 (Upper Bound) If Γ ` X(A1, . . . , Am) : K then Γ ` Γ(X)(A1, . . . , Am) :K.

Lemma 4.10 If Γ `S A ≤ B : K then Γ `S A : K and Γ `S B : K.

5 Anti-Symmetry

Our goal is to prove that if Γ ` A ≤ B : K and Γ ` B ≤ A : K thenΓ ` A =β B : K.

We obtain this, Proposition 5.8, as a consequence of the corresponding prop-erty in the typed operational semantics using the equivalence expressed in Sec-tion 4. In the semantics, the way to say that two types are equal is that theyhave the same normal form.

The main difficulty appears when A is of the form X(A1, . . . , Am). Intu-itively, in this case B can only be X(A1, . . . , Am). To discard the possibilitythat B could be other than A, we need to prove that Γ `S Γ(X)(A1, . . . , Am) ≤X(A1, . . . , Am) : K is impossible.

15

5.1 Basic Properties

In this section we establish some preliminary lemmas.The typed operational semantics is deterministic (Lemma 4.3), so there is

only one derivation for each judgement, and we can invert the rules derivingpremises from conclusions. We sometimes use this fact without mentioning it.

Lemma 5.1 Suppose Γ `S A �n B : ΠX≤E:K1.K2, Γ `S C ≤ E : K1 andΓ `S K2[X←C] �n K ′

2. Then there is an F such that Γ `S A C �n F : K ′2

and Γ `S B C �n F : K ′2.

Proof: By Completeness, equational reasoning and Soundness. �As shown in [17], if Γ `S A �w B w�n C : K then B is the weak-head nor-

mal form of A and C the normal form of A. Therefore, the following structuralproperty of the typed operational semantics can be read as follows: if B is theweak-head normal form of A, then B is its own weak-head normal form, and ifC is the normal form of A, then C has itself as weak-head and normal forms.

Lemma 5.2

1. If Γ `S A �w B w�n C : K then Γ `S B �w B w�n C : K andΓ `S C �w C w�n C : K.

2. If Γ `S K �n K ′ then Γ `S K ′ �n K ′.

Proof: By simultaneous induction on derivations, where most cases are imme-diate or follow by the induction hypothesis, as is the case for ST-Beta.

The interesting case is ST-TApp in Cases 1 and 2. By the induction hypothesis,Γ `S X(A1, . . . , Am) �w X(A1, . . . , Am) : ΠX≤C:K1.K2, Γ `S E �w E w�n

F : K1 and Γ `S F �w F w�n F : K1. By Subtyping Conversion (Lemma 4.5),Γ `S F ≤W C : K1. Then, Γ `S X(A1, . . . , Am, F ) �w X(A1, . . . , Am, F ) w�n

X(A1, . . . , Am, F ) : K, by ST-TApp. �The following lemma says that a type variable applied to a list of arguments

has the same kind as its bound applied to the same list. It also says that if atype variable applied to a list of arguments is a subtype of (but not equal to)a given type, then its bound applied to the same list is also a subtype of thatgiven type.

Lemma 5.3 (Upper Bound)

1. If Γ `S X(A1, . . . , Am) : K then Γ `S Γ(X)(A1, . . . , Am) : K.

2. If Γ `S X(A1, . . . , Am) ≤ B : K and B 6≡ X(A1, . . . , Am) then Γ `SΓ(X)(A1, . . . , Am) ≤ B : K.

3. If Γ `S X(A1, . . . , Am) ≤W B : K and B 6≡ X(A1, . . . , Am) then Γ `SΓ(X)(A1, . . . , Am) ≤ B : K.

Proof:

16

1. By Soundness and Completeness from Lemma 4.9, because Γ `S K �n K.

2. The only rule to derive the assumption is SS-Inc. By Determinism, thepremises are Γ `S B �w D w�n E : K, Γ `S X(A1, . . . , Am) �w C : Kand Γ `S C ≤W D. By inversion of ST-TApp, C ≡ X(A′

1, . . . , A′m),

where Γ `S Ai �n A′i : Ki for some Ki and i ∈ {1..m}. By Ade-

quacy, Ai �β A′i, and by definition of β-reduction Γ(X)(A1, . . . , Am) �β

Γ(X)(A′1, . . . , A

′m). By Upper Bound, Γ `S Γ(X)(A1, . . . , Am) �n F : K,

by Subject Reduction Γ `S Γ(X)(A′1, . . . , A

′m) �n F : K, and by the

induction hypothesis Γ `S Γ(X)(A′1, . . . , A

′m) ≤W D : K. By Lemma 5.2,

Γ `S D �w D w�n E : K, and by Subtyping Conversion Γ `S Γ(X)(A′1, . . . , A

′m) ≤W

B : K and then Γ `S Γ(X)(A1, . . . , Am) ≤W B : K.

3. There are only two rules to derive Γ `S X(A1, . . . , Am) ≤W B : K. CaseSWS-Top follows by Case 1 and SWS-Top.

For Case SWS-TApp, by Adequacy Γ(X) �β D and D(A1, . . . , Am) �β E,and by definition of β-reduction Γ(X)(A1, . . . , Am) �β E. By Case 1,Γ `S Γ(X)(A1, . . . , Am) �n C : K, and Γ `S E �n C : K by SubjectReduction. Γ `S E ≤W B : K is a premise, from which the result followsby Subtyping Conversion. �

5.2 An Impossible Judgement

In this section we show that the judgement:

Γ `S Γ(X)(A1 . . . Am) ≤ X(A1 . . . Am) : K

is underivable.The particular property that drives our proof of this result is that the typ-

ing rule ST-TApp in the typed operational semantics, for variables applied to asequence of types, has a subderivation stating the well-formedness of the typeresulting from the replacement of the variable with its bound. This rule of in-ference is justified by our earlier proofs of Soundness and Completeness of theusual rules of inference for the typed operational semantics, published elsewhere[17].

The development of the full metatheory of typed operational semantics isquite complex, and in particular the proof of Soundness is similar to proofs ofstrong normalization and relies on logical relations. However, once we have es-tablished the equivalence of the original presentation and the typed operationalsemantics, we can define a measure, from derivations to natural numbers, thatcounts the number of uses of promotion (replacing a variable by its bound in theoperational semantics) before reaching Top. Clearly, the number of uses of therule SWS-TApp in a derivation of Γ `S X(A1, . . . , An) ≤ T : K must be greaterthan the number of uses in a derivation of Γ `S Γ(X)(A1, . . . , An) ≤ T : K,because the latter is a subderivation of the former. On the other hand, we canalso show that if Γ `S A ≤ B : K then the number of uses of the rule SWS-TApp

in Γ `S A ≤ T : K is greater than or equal to the number in Γ `S B ≤ T : K.

17

Hence, if we have a derivation of Γ `S Γ(X)(A1, . . . , An) ≤ X(A1, . . . , An) : Kthen we can derive a contradiction.

We introduce a length function from derivations in the typed operationalsemantics to numbers, informally capturing the number of uses of the rule ofinference that a variable is less than its bound. We do not have a good nota-tion for defining a function on derivations because such definitions do not occurcommonly in the literature. We therefore abbreviate in the following defini-tion Γ(X) for the subderivation of the bound of X in Γ for the case ST-TVar;Γ(X)nf(A1, . . . , Am) for the subderivation of the normal form of the bound ap-plied to the arguments of X for the case ST-TApp; and β for a derivation of B Cusing ST-Beta and reduct for the subderivation of the β-reduct of B C.

Definition 5.4 We define ](−), from derivations of Γ `S A �w B w�n C : Kto numbers, by induction on derivations:

ST-Top ](T?) = 0

ST-TVar ](X) = ](Γ(X)) + 1

ST-TApp ](X(A1, . . . , Am)) = ](Γ(X)nf(A1, . . . , Am)) + 1

ST-Arrow ](A1→A2) = 0

ST-All ](∀X≤A1:K.A2) = 0

ST-TAbs ](ΛX≤A1:K.A2) = 0

ST-Beta ](β) = ](reduct)

Notice that if Γ `S A ≤ B : K then Γ `S A : K and Γ `S B : K byLemma 4.10, so ](A) and ](B) are defined.

We now show that this length function is invariant with respect to well-formed types or type-operators that have the same normal form. This lemmajustifies our later informality in writing types or type-operators in place of theirderivations of well-formedness.

Lemma 5.5 If D is a derivation of Γ `S A �w C w�n E : K and D′ is aderivation of Γ `S B �w D w�n E : K then ](D) = ](D′).

Proof: By induction on derivations D.In each case where E is a type constructor or a variable, we perform a

nested induction on D′, and there are two interesting cases. The first is whenthe nested case is the same rule as for the outermost induction. In this case thelengths are equal by assumption for rules ST-Top, ST-Arrow, ST-All and ST-TAbs.For ST-TVar and ST-TApp, we know Γ(X) is a function, so the result follows by De-terminacy and the induction hypothesis. In the case ST-TApp we have that Γ `SA′

1 A′2 �w X(A1, . . . , Am, F ) w�n X(A1, . . . , Am, F ) : K and Γ `S B1 B2 �w

X(A1, . . . , Am, F ) w�n X(A1, . . . , Am, F ) : K. Then D and D′ have subderiva-tions of the same judgement Γ `S D(A1, . . . , Am, F ) : K. Hence, by the induc-tion hypothesis and definition of ](−) we have ](D) = ](D(A1, . . . , Am)) + 1 =](D′).

The second interesting case in the nested inductions is ST-Beta, where the re-sult follows by the induction hypothesis. All of the other nested cases contradictthe assumption that the normal forms are the same.

18

The final outermost case is ST-Beta, which follows by the induction hypothesis.�

Then, if Γ `S X(A1, . . . , Am) : K we have

](X(A1, . . . , Am)) = ](Γ(X)nf(A1, . . . , Am)) + 1= ](Γ(X)(A1, . . . , Am)) + 1> ](Γ(X)(A1, . . . , Am)),

where by Lemma 5.1 there is a B such that Γ `S Γ(X)nf(A1, . . . , Am) �n B : Kand Γ `S Γ(X)(A1, . . . , Am) �n B : K, and by Lemma 5.5 they have the samelength.

Now, we come to the main lemma about ](A):

Lemma 5.6

1. If Γ `S A ≤ B : K then ](A) ≥ ](B).

2. If Γ `S A ≤W B : K then ](A) ≥ ](B).

Proof: By simultaneous induction on derivations. In Case 1, the only possiblerule for Γ `S A ≤ B : K is SS-Inc, which follows by Determinacy, Lemma 5.5, andthe induction hypothesis. In Case 2 the only interesting case is SWS-TApp, whereby the induction hypothesis ](E) ≥ ](A), so ](X((A1, . . . , Am)) = ](Γ(X)nf(A1, . . . , Am))+1 = ](E)+1 > ](E) ≥ ](A), where we know that ](Γ(X)nf(A1, . . . , Am)) = ](E)by Determinacy. �

Lemma 5.7 There can be no derivation of Γ `S Γ(X)(A1, . . . , Am) ≤ X(A1, . . . , Am) :K.

Proof: Suppose that there were a derivation of Γ `S Γ(X)(A1, . . . , Am) ≤X(A1, . . . , Am) : K. By Lemma 5.6 we have ](Γ(X)(A1, . . . , Am)) ≥ ](X(A1, . . . , Am)),contradicting the fact that ](X(A1, . . . , Am)) > ](Γ(X)(A1, . . . , Am)). �

Based on our understanding of the behavior of bounds in Lemma 5.3, thenegative result Lemma 5.7 seems intuitive and believable. However, the resultsin Lemma 5.3 have been known for systems of higher-order subtyping, whileLemma 5.7 has remained a conjecture, so this was the major challenge of ourdevelopment.

5.3 Main Result

We can now prove our main result. Observe that in the case SWS-TApp we useour key lemma (Lemma 5.7).

Lemma 5.8 (Anti-Symmetry of TOS)

1. If Γ `S A ≤ B : K and Γ `S B ≤ A : K then Γ `S A,B �n C : K.

2. If Γ `S A ≤W B : K and Γ `S B ≤W A : K then Γ `S A,B �n C : K.Furthermore, the derivations of Γ `S A ≤W B : K and Γ `S B ≤W A : Khave no top-level uses of SWS-TApp.

19

Proof: The argument is by simultaneous induction on derivations.

1. The only rule to derive both assumptions is SS-Inc. By Determinacy, thepremises are Γ `S A �w C w�n E : K, Γ `S B �w D w�n F : K,Γ `S C ≤W D : K, and Γ `S D ≤W C : K. By Lemma 5.2 Γ `SC �w C w�n E : K and Γ `S D �w D w�n F : K. By the inductionhypothesis Γ `S C w�n G : K and Γ `S D w�n G : K. Finally,E ≡ F ≡ G by Determinacy.

2. The proof is by induction on the derivation of Γ `S A ≤W B : K.

SWS-Top Then B ≡ T?, and HV(A) undefined, which means that A isnot a type application or a type variable. Therefore the only rule toderive Γ `S T? ≤W A : K is SWS-Top, which means that A ≡ T?. ByLemma 4.10 and Determinacy, Γ `S T? �w T? w�n T? : ?.

SWS-TApp We are going to show that this case is not possible. Assume thatit is. We have that A ≡ X(A1, . . . , Am) and B 6≡ X(A1, . . . , Am). ByUpper Bound (Lemma 5.3), Γ `S Γ(X)(A1, . . . , Am) ≤ B : K, andby transitivity Γ `S Γ(X)(A1, . . . , Am) ≤ X(A1, . . . , Am) : K, whichis a contradiction, by Lemma 5.7.

SWS-Refl By the premise.

SWS-Arrow The only rule to derive Γ `S B ≤W A : K is also SWS-Arrow, sothe result follows by the induction hypothesis and ST-Arrow.

SWS-All The only rule to derive Γ `S B ≤W A : K is also SWS-All. Thepremises are, Γ, X≤A1:K `S A2 ≤ B2 : ?, Γ, X≤B1:K ′ `S B2 ≤A2 : ?, Γ `S A1, B1 �n C1 : K ′′, and Γ `S K, K ′ �n K ′′. ByContext Conversion (Lemma 4.2), Γ, X≤A1:K `S B2 ≤ A2 : ?. Wecan now apply the induction hypothesis to obtain Γ, X≤A1:K `SA2, B2 �n C2 : ?. Finally, Γ `S (∀X≤A1:K.A2), (∀X≤B1:K ′.B2) �n

∀X≤C1:K ′′.C2 : ?, by ST-All.

SWS-TAbs Similar to case SWS-All. �

Theorem 5.9 (Anti-Symmetry) If Γ ` A ≤ B : K and Γ ` B ≤ A : K thenΓ ` A =β B : K.

Proof: By Soundness (Theorem 4.8), Γ `S A ≤ B : K ′, Γ `S B ≤ A : K ′, andΓ `S K �n K ′. By Proposition 5.8, Γ `S A,B �n C : K ′. By Completenessand symmetry of kind equality Γ ` K ′ =β K. By Completeness Γ ` A =β

C : K ′ and Γ ` B =β C : K ′. Finally, by T-Eq-Sym, T-Eq-Trans, and S-K-Conv,Γ ` A =β B : K. �

5.4 Equality by Subtyping

Part of the statement of Anti-Symmetry of the typed operational semantics isthat if Γ `S A ≤ B : K and Γ `S B ≤ A : K then the derivations do notcontain any uses of the promotion rule SWS-TApp. This fact is used to show that:

20

Lemma 5.10 If Γ ` A =β B : K then the derivation of Γ `S A ≤ B : K ′ doesnot contain any uses of SWS-TApp, where Γ `S K �n K ′.

Proof: Since Γ ` A =β B : K by S-Conv and T-Eq-Sym we have that Γ ` A ≤B : K and Γ ` B ≤ A : K. By Soundness and Determinacy, Γ `S A ≤ B : K ′

and Γ `S B ≤ A : K ′ and Γ `S K �n K ′. Then, by Anti-Symmetry of TOS(Theorem 5.8) we know that the derivation of Γ `S A ≤ B : K ′ does not containany uses of SWS-TApp. �

Furthermore, if one of the subtyping derivations does not use SWS-TApp thenthe other derivation does not either.

Lemma 5.11

1. If it is not the case that Γ `S A �w C : K ′, C 6≡ T? and Γ `S B �w T? :K ′ then if the derivation of Γ `S A ≤ B : K ′ contains no uses of SWS-TApp,then Γ `S B ≤ A : K ′ and the derivation contains no uses of SWS-TApp.

2. If it is not the case that A 6≡ T? and B ≡ T? then if the derivation ofΓ `S A ≤W B : K ′ contains no uses of SWS-TApp, then Γ `S B ≤W A : K ′

and the derivation contains no uses of SWS-TApp.

Proof: By simultaneous induction on the derivations of Γ `S A ≤ B : K ′ andΓ `S A ≤W B : K ′, using that Context Conversion (Lemma 4.2) creates nonew uses of SWS-TApp in the cases SWS-All and SWS-TAbs.

1. The only case is SS-Inc, and the result follows by the induction hypothesis.

2. The proof is by induction on the derivation of Γ `S A ≤W B : K.

SWS-Top By the condition, A ≡ T?. Then by SWS-Top, Γ `S T? ≤W T? : ?in one step without using SWS-TApp.

SWS-TApp Impossible.

SWS-Refl The derivations are identical.

SWS-Arrow By the induction hypothesis and SWS-Arrow.

SWS-All The premises are that Γ, X≤A1:K `S A2 ≤ B2 : ?, Γ `SA1, B1 �n C1 : K ′′, and Γ `S K, K ′ �n K ′′. By the inductionhypothesis, Γ, X≤A1:K `S B2 ≤ A2 : ?, and the derivation doesnot use SWS-TApp. By Context Conversion Lemma 4.2, which createsno new uses of SWS-TApp, Γ, X≤B1:K ′ `S B2 ≤ A2 : ?. Finally, theresult follows by ST-All.

SWS-TAbs Similar to case SWS-All. �

In light of Lemmas 5.10 and 5.11, an algorithm may implement equality andsubtyping simultaneously: to check if A =β B it is sufficient to check whetherthe algorithm uses a step corresponding to promotion (the application rule) inshowing A ≤ B, rather than checking both A ≤ B and B ≤ A. If there are nouses of promotion then A =β B, and otherwise A ≤ B.

21

The only exception is the case in which the derivation does not containpromotion and is of the form:

A �w C C 6≡ T? B �w T? C ≤W T?

A ≤ B

where C ≤W T? is obtained by the rule SWS-Top. This is the only case in whicha subtyping derivation not containing promotion relates two types which arenot β-equal. To exclude this case Lemma 5.11 Case 1 has the added restrictionson the normal forms of A and B.

6 Replacing Equality with Subtyping

In this section we present Fω≤ without judgemental equality or conversion: we

simply add β-expansion to the left- and right-hand sides of the subtyping judge-ment, and allow the rules for transitivity and compatible closure of subtypingto handle the extension to full β-equality. To our knowledge, this is the firstsuch presentation for a higher-order subtyping calculus. This leads to a simplerproof of soundness for models of the system, because we remove equality andall of the rules of inference that rely on it.

We write Γ `≶ J for judgements derived in the system without an equalityjudgement, and Γ `≶ A ≶ B : K if Γ `≶ A ≤ B : K and Γ `≶ B ≤ A : K.

6.1 Modifications to Inference Rules

The system requires several changes in order to accommodate the removal ofequality. First, the inclusion of the equality relation in subtyping, and in par-ticular reflexivity and the rule for β-equality, needs to be recovered in the rulesfor subtyping itself:

Γ `≶ A : K

Γ `≶ A ≤ A : K(SE-Refl)

Γ, X≤A1:K1 `≶ A2 : K2 Γ `≶ C ≤ A1 : K1 Γ `≶ A2[X←C] ≤ D : K2[X←C]Γ `≶ (ΛX≤A1:K1.A2) C ≤ D : K2[X←C]

(SE-BetaL)

The rule SE-BetaR similarly introduces a β-expansion on the right-hand side.

Γ, X≤A1:K1 `≶ A2 : K2 Γ `≶ C ≤ A1 : K1 Γ `≶ D ≤ A2[X←C] : K2[X←C]Γ `≶ D ≤ (ΛX≤A1:K1.A2) C : K2[X←C]

(SE-BetaR)

Furthermore, we still need an equivalence relation on kinds in order to allowthe kinded judgements to vary with respect to equal kinds. We simply lift theequivalence induced by subtyping to kinds.

Γ `≶ okΓ `≶ ? ≶ ?

(KE-Type)

22

Γ `≶ K1 ≶ K ′1 Γ `≶ A ≶ B : K1 Γ, X ≤ A:K1 `≶ K2 ≶ K ′

2

Γ `≶ ΠX≤A:K1.K2 ≶ ΠX≤B:K ′1.K

′2

(KE-Π)

We also include the rules for Γ `≶ K ≶ K ′ to be an equivalence relation forconvenience. We replace Γ ` K = K ′ with Γ `≶ K ≶ K ′ in rules where itappears, namely Context-T-Eq, T-Conv, T-Eq-Conv and S-K-Conv.

The rule for subtyping applications does not allow the argument to vary.This restriction is for a good reason: allowing subtyping in the argument isunsound. However, we need to recapture the behavior of equality in allowingequal types on the right-hand side of an application:Γ `≶ A ≤ B : ΠX≤E:K1.K2 Γ `≶ C ≶ D : K1 Γ `≶ C ≤ E : K1

Γ `≶ A C ≤ B D : K2[X←C](SE-TApp)

Showing the soundness of this rule for the system with the usual rule S-TApp

will need to use anti-symmetry, because S-TApp requires β-equality of the argu-ments of the type application.

We also replace the equality judgement Γ `≶ A = B : K in rules whereit occurs in a premiss, namely Context-Eq and Context-T-Eq, with the judgementΓ `≶ A ≶ B : K.

6.2 Additional Structural Rules

We also need to add some additional structural rules in order to show theequivalence of ` and `≶. Our original development of the metatheory of Fω

≤did not include an exhaustive presentation of the possible structural rules, butinstead included rules that were convenient for the particular metatheoreticresults we were interested. Specifically, we do not have the following rules:

Γ ` A ≤ B : K

Γ ` A : K(S-Split-L)

Γ ` A ≤ B : K

Γ ` B : K(S-Split-R)

Γ1, X≤A:K, Γ2 ` okΓ1, X≤A:K, Γ2 ` A : K

(T-Bound)

We add these rules to the system `, as well as equivalent rules SE-Split-L,SE-Split-R and TE-Bound to the system `≶. We need the property expressed bythe rule SE-Split-L to show the rule S-TApp admissible, since S-TApp contains animplicit use of the fact that C is well-formed.

These new rules would ordinarily be proved admissible by induction onderivations. In our setting, they can be easily justified through the equivalencebetween the declarative presentation ` and the typed operational semantics.For example, for S-Split-L, assume that Γ ` A ≤ B : K. By Soundness we knowthat there is a K such that Γ `S K �n K ′ and Γ `S A ≤ B : K ′, by inversionΓ `S A �w A′ : K ′, by Completeness Γ ` A : K ′ and Γ ` K = K ′, and so byT-Conv Γ ` A : K.

23

6.3 Equivalence with Fω≤ with Equality

The new presentation without judgemental equality is equivalent to the systempresented in Section 2.

Lemma 6.1 (Equivalence)

• Γ ` ok iff Γ `≶ ok.

• Γ ` K iff Γ `≶ K.

• Γ ` A : K iff Γ `≶ A : K.

• Γ `M : A iff Γ `≶ M : A.

• Γ ` K = K ′ iff Γ `≶ K ≶ K ′.

• Γ ` A ≤ B : K iff Γ `≶ A ≤ B : K.

• Γ ` A = B : K iff Γ `≶ A ≶ B : K.

Proof: By induction on derivations of each system. The rules of inferencefor the judgements Γ ` ok, Γ ` K, Γ ` A : K and Γ ` M : A are identicalto those for the corresponding rules for Γ `≶ ok, Γ `≶ K, Γ `≶ A : K andΓ `≶ M : A, and so both directions follow directly by induction hypothesis forthese rules. Similarly, for Γ ` K = K ′ implies Γ `≶ K ≶ K ′, each rule followsdirectly by induction hypothesis; the other direction also follows directly exceptKE-Π, where Γ ` A ≤ A′ : K1 and Γ ` A′ ≤ A : K1 imply Γ ` A = A′ : K1

by Anti-Symmetry. The structural rules, including the new structural rulesintroduced in the previous section, similarly all follow by induction hypothesisin both directions, where we need to use Anti-Symmetry for Context-Eq andContext-T-Eq.

For Γ ` A ≤ B : K implies Γ `≶ A ≤ B : K, all rules but S-TApp followdirectly by the induction hypothesis. S-TApp follows because by SE-Split-L Γ `≶

C : K, by SE-Refl Γ `≶ C ≶ C : K, and so by SE-TApp Γ `≶ A C ≤ B C :K2[X←C].

For Γ `≶ A ≤ B : K implies Γ ` A ≤ B : K, rule SE-Refl follows by T-Eq-Refl

and S-Conv. Rules SE-BetaL and SE-BetaR follow by the induction hypothesis,T-TAbs, T-TApp, T-Eq-Beta and appropriate equational reasoning. For rule SE-TApp,by the induction hypothesis, T-TApp, T-Eq-Refl and S-Conv Γ ` A C ≤ B C :K2[X←C], and by the induction hypothesis and Anti-Symmetry Γ ` C = D :K1, so by T-Eq-TApp Γ ` B C = B D : K2[X←C], and so by S-Conv and S-Trans

Γ ` A C = B D : K2[X←C].The last case to consider is the equivalence of Γ ` A = B : K with Γ `≶

A ≤ B : K and Γ `≶ B ≤ A : K. We first show Γ ` A = B : K impliesΓ `≶ A ≤ B : K and Γ `≶ B ≤ A : K. Rule T-Eq-Beta follows by the inductionhypothesis and rules SE-BetaL and SE-BetaR. Rules T-Eq-Refl, T-Eq-Sym, T-Eq-Trans,T-Eq-Arrow and T-Eq-Conv follow by their corresponding rules for subtyping. RuleT-Eq-TApp follows by the induction hypothesis and rule SE-TApp. Finally, rules

24

T-Eq-All and T-Eq-TAbs follow by the induction hypothesis, rule Context-T-Eq for`≶, and SE-All and SE-TAbs.

For Γ `≶ A ≤ B : K and Γ `≶ B ≤ A : K imply Γ ` A = B : K, we knowby the induction hypothesis that Γ ` A ≤ B : K and Γ ` B ≤ A : K, so byAnti-Symmetry Γ ` A = B : K. �

The full metatheory of Fω≤ could instead be developed using this simpler

system without judgemental equality. Soundness can be proved over the systemΓ `≶ J , Completeness can be left as is into the system Γ ` J , and the aboveproof that Γ ` J implies Γ `≶ J completes the cycle showing the equivalence ofthe three systems.

The typed operational semantics without equality could probably be devel-oped by itself, with no reference to equality or anti-symmetry. In our setting,this would require a small change in the rule SWS-Refl, to allow type argumentsthat are subtypes of each other on the left- and right-hand sides rather than thesame normal form. However, the proof of the equivalence of this system withthe traditional presentation with equality relies on anti-symmetry.

7 Conclusions

We have solved a long-standing open problem, giving a general approach toshowing the anti-symmetry of higher-order subtyping. To our knowledge, thisis the first proof of anti-symmetry for higher-order subtyping: even for systemslike Fω

<:, defined roughly ten years ago, the result was unknown. We havealso showed this result for the subtyping relation of Fω

≤, a higher-order lambdacalculus with bounded operator abstraction. Typed operational semantics wasessential to our proof, especially the refined understanding of the behavior oftypes as embodied in the extended rule ST-TApp.

This result has several consequences for the metatheory of type systems withhigher-order subtyping. First, it implies that we can now prove the MinimumTypes Property, as opposed to the Minimal Types Property which is normallyproved. For our system, we can now say what is the relation between all theminimal types of a given term; before we knew that any two minimal types weresubtypes of each other, we can now say that they are β-equal. Secondly, we cansimplify the basic judgements of type systems with subtyping by eliminatingeither judgemental equality or conversion.

A practical consequence of this work is that the implementation of higher-order type systems with subtyping can be simplified, and the equality and sub-typing judgements can be implemented with a single pass of a syntax-directedalgorithm.

Acknowledgments

We would like to thank Benjamin Pierce and Juliusz Chroboczek for interestingdiscussions to type equality and anti-symmetry, Giorgio Ghelli for the reference

25

about anti-symmetry for F≤, and Jan Zwanenburg for comments on an earlierversion.

References

[1] M. Abadi and L. Cardelli. A Theory of Objects. Springer-Verlag, 1996.

[2] R. M. Amadio and L. Cardelli. Subtyping recursive types. ACM Transactions onProgramming Languages and Systems, 15(4):575–631, 1993.

[3] D. Aspinall and A. B. Compagnoni. Heap bounded assembly language. Journal ofAutomated Reasoning, 31:261–302, 2003. Special Issue on Proof-Carrying Code.

[4] H. Barendregt, M. Coppo, and M. Dezani-Ciancaglini. A filter lambda model andthe completeness of type assignment. Journal of Symbolic Logic, 48(4):931–940,1983.

[5] V. Breazu-Tannen, T. Coquand, C. Gunter, and A. Scedrov. Inheritance asimplicit coercion. Information and Computation, 93:172–221, 1991.

[6] K. B. Bruce. Typing in object-oriented languages: Achieving expressiveness andsafety. Unpublished, June 1996.

[7] K. B. Bruce and G. Longo. A modest model of records, inheritance, and boundedquantification. Information and Computation, 87:196–240, 1990.

[8] L. Cardelli. A semantics of multiple inheritance. Information and Computation,76:138–164, 1988.

[9] L. Cardelli. Types for data-oriented languages. In First Conference on ExtendingDatabase Technology, volume 303 of Lecture Notes in Computer Science. Springer-Verlag, May 1988.

[10] L. Cardelli. Notes about Fω<:. Unpublished manuscript, Oct. 1990.

[11] L. Cardelli. Typeful programming. In E. J. Neuhold and M. Paul, editors, FormalDescription of Programming Concepts. Springer-Verlag, 1991.

[12] L. Cardelli and G. Longo. A semantic basis for Quest. Journal of FunctionalProgramming, 1(4):417–458, Oct. 1991.

[13] L. Cardelli and J. Mitchell. Operations on records. Mathematical Structures inComputer Science, 1:3–48, 1991. Also in [25], and available as DEC SystemsResearch Center Research Report #48, August, 1989, and in the proceedings ofMFPS ’89, Springer LNCS volume 442.

[14] L. Cardelli and P. Wegner. On understanding types, data abstraction, and poly-morphism. Computing Surveys, 17(4), Dec. 1985.

[15] J. Chroboczek. Game Semantics and Subtyping. PhD thesis, University of Edin-burgh, 2003. Supervisor: Prof. Samson Abramsky.

[16] A. Compagnoni and H. Goguen. Anti-symmetry of higher-order subtyping. InProceedings of Computer Science Logic, volume 1683 of Lecture Notes in Com-puter Science. Springer–Verlag, Sept. 1999.

[17] A. Compagnoni and H. Goguen. Typed operational semantics for higher-ordersubtyping. Information and Computation, 184(2):242–297, Aug. 2003.

26

[18] A. B. Compagnoni. Higher-Order Subtyping with Intersection Types. PhD thesis,University of Nijmegen, The Netherlands, Jan. 1995. Supervisor: Prof. Baren-dregt. ISBN 90-9007860-6.

[19] A. B. Compagnoni and B. C. Pierce. Higher-order intersection types and multipleinheritance. Mathematical Structures in Computer Science, 6:469–501, 1996.

[20] M. Coppo and M. Dezani-Ciancaglini. A new type-assignment for λ-terms. Archiv.Math. Logik, 19:139–156, 1978.

[21] P.-L. Curien and G. Ghelli. Subtyping + extensionality: Confluence of βη-reductions in F≤. In T. Ito and A. R. Meyer, editors, Theoretical Aspects ofComputer Software (Sendai, Japan), number 526 in Lecture Notes in ComputerScience, pages 731–749. Springer-Verlag, Sept. 1991.

[22] P.-L. Curien and G. Ghelli. Coherence of subsumption: Minimum typing andtype-checking in F≤. Mathematical Structures in Computer Science, 2:55–91,1992.

[23] D. Duggan and A. Compagnoni. Subtyping for object type constructors. InFoundations of Object-Oriented Languages (FOOL 6). 1999.

[24] H. Goguen. Typed operational semantics. In Proceedings of the InternationalConference on Typed Lambda Calculi and Applications, volume 902 of LectureNotes in Computer Science, pages 186–200. Springer–Verlag, Apr. 1995.

[25] C. A. Gunter and J. C. Mitchell. Theoretical Aspects of Object-Oriented Program-ming: Types, Semantics, and Language Design. The MIT Press, 1994.

[26] M. Hofmann and B. Pierce. Positive subtyping. Information and Computation,126(1), 1996.

[27] A. Jones, Z. Luo, and S. Soloviev. Some algorithmic and proof-theoretical aspectsof coercive subtyping. In E. Gimenez and C. Paulin-Mohring, editors, Proceedingsof TYPES’96, volume 1512 of Lecture Notes in Computer Science, 1996.

[28] P. Martin-Lof. Intuitionistic Type Theory. Bibliopolis, 1984.

[29] J. C. Mitchell. Toward a typed foundation for method specialization and inheri-tance. In Proceedings of the 17th ACM Symposium on Principles of ProgrammingLanguages, pages 109–124, Jan. 1990.

[30] J. C. Mitchell, F. Honsell, and K. Fisher. A lambda calculus of objects andmethod specialization. In 1993 IEEE Symposium on Logic in Computer Science,June 1993.

[31] F. Pfenning. Refinement types for logical frameworks. In Informal Proceedings ofthe 1993 Workshop on Types for Proofs and Programs, pages 315–328, May 1993.

[32] B. C. Pierce. Bounded quantification with bottom. Technical Report 492, Com-puter Science Department, Indiana University, 1997.

[33] M. Steffen. Polarized Higher-Order Subtyping. PhD thesis, Lehrstuhl fur Infor-matik VII, Friedrich Alexander Universitat Erlangen-Nurnberg, 1998.

[34] M. Steffen and B. Pierce. Higher-order subtyping. Theoretical Computer Science,176(1–2):235–282, 1997. corrigendum in TCS vol. 184 (1997), p. 247.

[35] J. Tiuryn. Equational axiomatization of bicoercibility for polymorphic types.Proceedings of FST–TCS ’95, 1995.

[36] J. Zwanenburg. Object-Oriented Concepts and Proof Rules: Formalization inType Theory and Implementation in Yarrow. PhD thesis, Eindhoven Universityof Technology, 1999. Supervisor: Prof. Hemerik.

27

Anti-Symmetry of Higher-Order Subtyping

Documents

Transcript of Anti-Symmetry of Higher-Order Subtyping