Refining Mechanized Metatheory: Subtyping for LF

1
Refining Mechanized Metatheory Subtyping for LF

• William Lovas
• (with Frank Pfenning)

2
LF a framework for defining logics

• (Harper, Honsell, and Plotkin, 1987, 1993)
• Dependently-typed lambda calculus
• Encode deductive systems and metatheory, in a
  machine-checkable way
• e.g. a programming language and its type safety
  theorem
• Guiding principle judgements as types

3
Judgements as types

• On paper
• Syntax
• e
• Judgement
• G ? e t
• Deduction
• D G ? e t
• Proof checking

• In LF
• Simple type
• exp type.
• Type family
• of exp ??tp ? type.
• Well-typed term
• M of E T
• Type checking

4
Inclusion as subtyping

• Some judgements have a natural notion of
  inclusion
• all values are expressions
• all odd natural numbers are positive
• More interesting types means more interesting
  judgements!

5
Example natural numbers
nat type. z nat. s nat ? nat. double nat
? nat ? type. plus rules even nat ?
type. plus some rules odd nat ? type.
plus some rules dbl-even ?Xnat. ?Ynat.
plus cases double X Y ? even Y ? type.
6
Example nats using refinements
nat type. even nat. odd nat. z
even. s even ? odd ? odd ? even. double
nat ? even ? type. plus rules
nat type. z nat. s nat ? nat. double nat
? nat ? type. plus rules even nat ?
type. plus some rules odd nat ? type.
plus some rules dbl-even ?Xnat. ?Ynat.
plus cases double X Y ? even Y ? type.
metatheorem checking problem ? typechecking
problem!
7
Example nats using refinements
nat type. even nat. odd nat. z
even. s even ? odd ? odd ? even. double
nat ? even ? type. dbl-z double z z. dbl-s
?Xnat. ?Yeven. double X Y ? double (s X) (s (s
Y)).
dbl-s ?Xnat. ?Yeven. double X Y ? double (s
X) (s (s Y)).
8
Example the lambda calculus

• Intrinsic values encoding

exp type. val type. lam (val ? exp) ?
val. app exp ? exp ? exp. val ? exp.
lam (?x. app ( x) ( x)) val
val exp.
lam (?x. app x x) val
9
Technology
10
Adequacy

• Does this really mean what I think it means?
• Strategy exhibit a compositional bijection
  between mathematical objects and canonical forms
  following judgements as types.
• canonical forms are ß-normal and ?-long.

11
Canonical forms method

• Represent only the canonical forms.
• ß-normal syntactically
• ?-long through typing
• Hereditary substitutions contract redexes
• Simplifies metatheory, emphasizes adequacy
• Concurrent LF (Watkins, et al, 2003)

12
LF typing

• Bidirectional typing
• Synthesis G ? R ? A
• elims R x c R N
• Checking G ? N ? A
• intros N R ?x. N

13
Checking

• Key rule
• base type, so atoms fully applied
• the only appeal to type equality

G ? N ? A
14
Checking with subtyping!

• Easy to adapt!
• just change equality to subtyping
• subtyping only at base type?

G ? N ? A
15
Intersections

• Kind of like pairs, but the terms dont change

16
Metatheory
17
LF(R) as a logic

• Entailment should be reflexive
• A ? A
• and transitive
• if A ? B and B ? C, then A ? C

18
LF(R) as a logic

• Assume x is a proof of A. Is x a proof of A?
• not necessarily! x A1 ? A2 ? x ? A1 ? A2
• have to ?-expand x A1 ? A2 ? ?y. x y ?
  A1 ? A2

19
LF(R) as a logic

• Assume x is a proof of A. Can M ? A stand in for
  x?
• if substitution is hereditary? M/xA N not
  obviously defined

?
20
Important principles

• Substitutionif G, xA ? N ? B and G ? M ? A
  ,then G ? M/xA N ? M/xA B .
• Identityfor all A, G, xA ? ?A(x) ? A .
• Substitution morally a normalization proof

21
More about subtyping

22
Subtyping

• Key rule
• Bidirectional subtyping only at mode switch
• Canonical mode switch only at base type

G ? N ? A
23
Subtyping at higher types?

• What happened to the structural rules? E.g.,
• Distributivity?

24
Subtyping at higher types!

• Intrinsic subtyping if A B and G ? N ? A ,
  then G ? N ? B .
• Equivalently if A B then xA ? ?A(x) ? B .
• Just like the Identity principle!
• also the Substitution principle
• Usual rules are all sound in this sense.

25
Subtyping at higher types!?

• and also complete!
• Theorem if xA ? ?A(x) ? B then A B .
• Also if G ? N ? A implies G ? N ? B , then A
  B .
• There are no new subtyping principles.

26
Future work

• Two directions
• Extend LFR with Twelf stuff
• type reconstruction
• unification
• proof search
• Extend LFR with CLF stuff
• more type constructors
• subtyping with linearity?

27
Summary

• Refinement types are a useful addition to LF.
• Canonical forms method is up to the task.
• Concentrating only on canonical forms and
  bidirectional typing yields new insights into
  subtyping.

28
secret slides
29
Related work

• Refinement types
• Tim Freeman, Rowan Davies, Joshua Dunfield
• Logical frameworks
• Robert Harper, Furio Honsell, Gordon Plotkin
• Frank Pfenning
• Subtyping and dependent types
• David Aspinall, Adriana Compagnoni

30
LF syntax

• Terms
• Types

no redexes
atomic
R c x R N N R ?x. N
normal
atomic
P a P N A, B P ?xA.B
normal
31
Hereditary substitution

• Substitution must contract redexes
• Example
• Indexed by type subscript for termination
• Sometimes undefined

(?x. d x x) / y y z d z z
M/xA N
(?x. x x) / yA y y fails by induction on A
32
Synthesis
G ? R ? A
hereditary substitution
33
Checking
G ? N ? A
34
Example the lambda calculus
exp type. val ? exp. lam (exp ? exp) ?
exp. app exp ? exp ? exp. value exp ? type.
lam (val ? exp) ? val.
35

• s ? a L

36
Subtyping

• Key rule
• Bidirectional subtyping only at mode switch
• Canonical mode switch only at base type

subtyping only at base type!
37

• ?G, xA ? M ? B e
• abcdefghijklmnopqrstuvwxyz
• ABCDEFGHIJKLMNOPQRSTUVWXYZ
• abcdefghijklmnopqrstuvwxyz
• ABCDEFGHIJKLMNOPQRSTUVWXYZ
• G ? R ? A