Relational Type Theory (All Proofs)
aa r X i v : . [ c s . L O ] J a n Relational Type Theory (All Proofs)
Aaron Stump
Computer ScienceThe University of IowaIowa City, Iowa, 52242Email: [email protected]
Benjamin Delaware
Computer SciencePurdue UniversityWest Lafayette, Indiana, 47907Email: [email protected]
Christopher Jenkins
Computer ScienceThe University of IowaIowa City, Iowa, 52242Email: [email protected]
Abstract —This paper introduces Relational Type Theory(RelTT), a new approach to type theory with extensionalityprinciples, based on a relational semantics for types. The typeconstructs of the theory are those of System F plus relationalcomposition, converse, and promotion of application of a termto a relation. A concise realizability semantics is presented forthese types. The paper shows how a number of constructions oftraditional interest in type theory are possible in RelTT, including η -laws for basic types, inductive types with their inductionprinciples, and positive-recursive types. A crucial role is playedby a lemma called Identity Inclusion, which refines the IdentityExtension property familiar from the semantics of parametricpolymorphism. The paper concludes with a type system forRelTT, paving the way for implementation. I. I
NTRODUCTION
Modern constructive type theories have long wish listsof features, from inductive and coinductive types, to type-specific extensionality principles, quotient types, higher-orderdatatypes, and more. In tension with this, there are excellentreasons to seek to keep the core type theory small andtrustworty. This has been done, in different ways, for Lean [1]and recently Coq [2]. Both those systems implement (variantsof) the Calculus of Inductive Constructions, which lacks type-specific extensionality principles.The present paper proposes Relational Type Theory (RelTT)for deriving expressive type constructs, with type-specificextensionality principles, from a formally small core theory.The approach followed is, to the authors’ knowledge, novel:RelTT is based a semantics for types as binary relations onuntyped terms. For example, the semantics for a function type R Ñ R makes it the set of pairs of terms p t , t q that jointlymap inputs related by the meaning of R to outputs related bythe meaning of R (the semantics familiar from the field oflogical relations). The notion that a term “is” a function isexpressed only by saying that it is related to itself at functiontype. So relations between terms are the primary concern ofthe theory, and expression of program behavior in isolation(i.e., traditional typing) is secondary.This commitment to relational semantics leads us in anunexplored direction: we extend the set of type constructs withrelational constructs. We may use these to express asymmetricrelations, which are crucial for developing reasoning princi-ples, like induction principles, within the theory. Interestingly,dependent types are unnecessary for this. The relational se-mantics already gives us a form of dependency which is all terms t :: “ x | λ x. t | t t types R :: “ X | R Ñ R | @ X. R | R Y | R ¨ R | t Fig. 1. Syntax for relational types ( X ranges over type variables) we need for inductive reasoning about terms. So RelTT is anextension, with relational type constructs, of System F, not theCalculus of Constructions. Avoiding dependent types notablysimplifies the semantics. The power of System F is neededbecause the terms that the theory (relationally) types are thoseof pure lambda calculus, so we adopt impredicative lambdaencodings to represent inductive types.The contributions of the paper are: ‚ The syntax and semantics of relational types (Section II) ‚ Basic properties of the semantics, crucially including βη -closure (Section III) ‚ Interesting derived type forms and examples (Section IV),and basic type-specific extensionality principles (Sec-tion V). ‚ Classes of types whose interpretations are proved tobe, respectively, symmetric (Section VI) and transitive(Section VII). The proof of transitivity crucially relies ona novel theorem dubbed Identity Inclusion (Lemma 32).The intricate proof of this makes use of duality betweentypes where all quantifiers occur only positively ( @ ` types), and ones where they occur only negatively. ‚ Derivation of induction principles from types for Church-encodings (Section X). This covers any inductive typedefinable by a type scheme which is positive and, due toa critical use of Identity Inclusion, @ ` . Positive-recursivetypes are also derived (Section XI). ‚ A proof system called RelPf (Section VIII) and typesystem RelTy (Section XII), which are proven sound withrespect to the semantics, and are intended as the startingpoint for implementation of RelTT as a proof assistant.We will reference lemmas and theorems by name, with thetheorem number following in braces (e.g., “ βη -Closure { } ”).We will label assumptions and proven local facts with numbers(e.g., “(1)”), and goals with capital letters (e.g., “(A)”).II. R ELATIONAL TYPES AND THEIR SEMANTICS
The syntax of relational types R is given in Figure 1. Terms t are those of pure untyped lambda calculus. Relational type X K γ “ γ p X q J R Ñ R K γ “ J R K γ Ñ J R K γ J @ X. R K γ “ Ş r P R J R K γ r X ÞÑ r s J R Y K γ “ J R K Y γ J R ¨ R K γ “ J R K γ ¨ J R K γ J ˆ t K γ “ tp t, t q | ˆ t t “ βη t u where: t r r Ñ r s t “ @ a. @ a . a r r s a Ñ t a r r s t a t r r Y s t “ t r r s tt r r ¨ r s t “ D t . t r r s t ^ t r r s t Fig. 2. Semantics for relational types; relational operators Ñ , Y , and ¨ constructs include those of System F, plus R Y for converse ofa relation, R ¨ R for composition of relations, and promotionof terms t to relations, to be explained shortly. Usual parsingprecedences from type theory are followed; additionally, R Y binds most tightly, R ¨ R second most tightly, and the otherconstructs after these. We also follow the usual conventionthat distinct meta-variables ranging over variables denotedistinct variables (so x and y denote different variables), andtreat terms and types up to α -equivalence. Capture-avoidingsubstitution of R for X in R is denoted r R { X s R (similarly r t { x s t for terms). The set of free variables of any syntacticentity e is denoted FV p e q . The obvious definitions of thesesyntactic notions are omitted. Definition 1.
A relation r on terms of pure untyped λ -calculusis βη -closed iff t r r s t , t “ βη t , and t “ βη t imply t r r s t . Write R for the set of all such relations, and usemeta-variable r to range over R The relational semantics of types is defined in Figure 2,where environment γ is a function mapping a finite set oftype variables to elements of R . We use infix notation forapplication of a relation to a pair of terms and, following [3],we sometimes put square brackets around the relation forreadability; for example, in the three equations at the bottom ofthe figure. In those equations, operators like “ Ñ ” on the right-hand sides have their standard meaning in the backgroundmeta-logic.The interpretation J R K γ is defined iff γ is defined for allfree type variables of R . When referencing J R K γ in theorems,we assume it is defined. The semantics extends γ from typevariables to arbitrary types. Promotion of term t is the graphof the meta-level operation mapping t to t t . Many examplesare below.While the semantics of universal types quantifies (at themeta-level) over all relations in R , we will restrict ourselvesin all examples below to instantiating such quantifiers onlywith definable relations (i.e., ones of the form J R K γ ). InSections VIII and XII below, we will consider deductivesystems for RelTT where this restriction will be enforced. III. B ASIC PROPERTIES
Lemma 2 ( βη -Closure) . J R K γ P R .Proof. The proof is by induction on R . Suppose t “ βη t and t “ βη t , assume (1) t J R K γ t , and show t J R K γ t .Case X : γ p X q P R by specification of γ .Case R Ñ R : assume (2) a J R K γ a , and show t a J R K γ t a . From (1) and (2) we have t a J R K γ t a .From this, the IH gives us the required conclusion, as t a “ βη t a and t a “ βη t a .Case @ X. R : assume r P R , and show t J R K γ r X ÞÑ r s t . By(1), we have t J R K γ r X ÞÑ r s t , from which the IH then yieldsthe desired conclusion.Case R Y : this follows by the IH (using symmetry of “ βη ).Case R ¨ R : from (1), there exists t such that t J R K γ t and t J R K γ t . By the IH, t J R K γ t and t J R K γ t . These implythe desired conclusion.Case t : from (1), we have t t “ βη t ; t t “ βη t thenfollows. Lemma 3 (Symmetry Properties) . J p@ X. R q Y K γ “ J @ X. R Y K γ J p R Ñ R q Y K γ “ J R Y Ñ R Y K γ J p R ¨ R q Y K γ “ J R Y ¨ R Y K γ Proof. (1): assume t J p@ X. R q Y K γ t , and hence t J p@ X. R q K γ t . For any r P R , t J R K γ r X ÞÑ r s t ,hence t J R Y K γ r X ÞÑ r s t . From this, t J @ X. R Y K γ t asrequired. Conversely, assume t J @ X. R Y K γ t , and r P R .Then t J R Y K γ r X ÞÑ r s t , hence t J R K γ r X ÞÑ r s t . From this, t J @ X. R K γ t , hence the required t J p@ X. R q Y K γ t .(2): Assume t J p R Ñ R q Y K γ t and a J R Y K γ a . Fromthese, t J p R Ñ R q K γ t and a J R K γ a , which yield t a J R K γ t a . Thus, t a J R Y K γ t a as required. Conversely,assume t J R Y Ñ R Y K γ t and a J R K γ a . From the latter, a J R Y K γ a , so t a J R Y K γ t a . From this, t a J R K γ t a ,as required.(3): assume t J p R ¨ R q Y K γ t , hence t J R ¨ R K γ t . Sothere exists t with t J R K γ t and t J R K γ t . From these, t J R Y K γ t and t J R Y K γ t ; thus, t J R Y ¨ R Y K γ t . Conversely,assume t J R Y ¨ R Y K γ t . So there exists t with t J R Y K γ t and t J R Y K γ t . From these, t J R K γ t and t J R K γ t . So t J p R ¨ R q Y K γ t . Lemma 4 (Deapplication) . t J t ¨ R K γ t “ t t J R K γ t t J R ¨ t Y K γ t “ t J R K γ t t Proof.
For the first fact: first, assume t J t ¨ R K γ t . Thesemantics gives t such that (1) t J t K γ t and (2) t J R K γ t .But (1) is equivalent to t t “ βη t . Applying βη -Closure { } , t t J R K γ t as required. Next, assume t t J R K γ t . Then thereis a t , namely t t , such that t J t K γ t and t J R K γ t . Hence t J t ¨ R K γ t as required.For the second: assuming t J R ¨ t Y K γ t , the semanticsgives t such that (1) t J R K γ t and (2) t J t Y K γ t . But(2) is equivalent to t t “ βη t . Applying βη -Closure { } , : “ λ x. xK : “ λ x. λ y. xt ˝ t : “ λ x. t p t x q Fig. 3. Some standard definitions and notations for terms, used below t J R K γ t t as required. Next, assume t J R K γ t t . Thenthere is a t , namely t t , such that t J R K γ t and t J t Y K γ t .Hence t J R ¨ t Y K γ t as required.We make use of a few definitions for terms in Figure 3. Lemma 5 (Relational Laws) . J R ¨ p R ¨ R q K γ “ J p R ¨ R q ¨ R K γ J p R Y q Y K γ “ J R K γ J R ¨ I K γ “ J I ¨ R K γ “ J R K γ Proof. (1) follows from the semantics of ¨ as relationalcomposition, (2) from the semantics of Y as relational con-verse, and (3) from Deapplication { } (applying also βη -Closure { } ).We may observe that Symmetry Properties { } part (3) andRelational Laws { } validate the complement- and union-freeaxioms of the Calculus of Relations (RelTT omits complementand union) [4]. Lemma 6 (Interpretation Over Substitution) . J r R { X s R K γ “ J R K γ r X ÞÑ J R K γ s Proof.
The proof is by induction on R . Let γ denote γ r X ÞÑ J R K γ s .Case X : J r R { X s X K γ “ J R K γ “ J X K γ Case Y : J r R { X s Y K γ “ γ p Y q “ J Y K γ Case R Ñ R : J r R { X sp R Ñ R q K γ “ J r R { X s R K γ Ñ J r R { X s R K γ “ J R K γ Ñ J R K γ “ J R Ñ R K γ Case @ X. R : J r R { X s@ X. R K γ “ Ş r P R J r R { X s R K γ r X ÞÑ r s Ş r P R J R K γ r X ÞÑ r s J @ X. R K γ Case R Y : J r R { X sp R Y q K γ “ J r R { X s R K Y γ “ J R K Y γ “ J R Y K γ Case R ¨ R : J r R { X sp R ¨ R q K γ “ J r R { X s R K γ ¨ J r R { X s R K γ “ J R K γ ¨ J R K γ “ J R ¨ R K γ Case ˆ t : J r R { X s ˆ t K γ “ J ˆ t K γ “ J ˆ t K γ Lemma 7 (Environment Extension) . If X R FV p R q , then J R K γ r X ÞÑ r s “ J R K γ “ J r X { Y s R K γ r X ÞÑ γ p Y qs If R is closed, then J R K γ “ J R K γ .Proof. The first fact is by an obvious induction on R . Thesecond follows by iterating the first one to shrink γ to theempty environment, and then build it back up to γ (recallthat environments map a finite set of type variables).IV. B ASIC EXAMPLES AND DEFINITIONS
Lemma 8 (Identity) . I J X Ñ X K γ I Proof.
Assume (1) t r γ p X qs t and show I t r γ p X qs I t . Butthis follows from (1) by βη -Closure { } . Definition 9. r t s R : “ p K t q ¨ R R r t s : “ R ¨ p K t q Y We can express within the theory the property of being relatedto term t by R with the relational types r t s R and R r t s . Inparticular, this gives us a form of internalized typing: forexample, we may use the type r I s@ X. X Ñ X r I s to expressthe property that I has the expected polymorphic type. Thesenotations are to be parsed with highest precedence. Lemma 10 (Internalized Typing) . t J r t s R K γ t “ t J R K γ t t J R r t s K γ t “ t J R K γ t Proof.
For (1), use βη -Closure { } : p t J r t s R K γ t q “ p K t t J R K γ t q “ p t J R K γ t q For (2), use βη -Closure { } and also Deapplication { } : p t J R r t s K γ t q “ p t J R K γ K t t q “ p t J R K γ t q The following operations are reminiscent of conjugation ingroup theory:
Definition 11. t .R.t : “ t ¨ R ¨ t Y Definition 12. t ˚ R : “ t.R.t Lemma 13 (Conjugation) . t J t.R.t K γ t “ t t J R K γ t t . t J t ˚ R K γ t “ t t J R K γ t t .roof. Apply Deapplication { } .We may internalize inclusion of relations as a type, usingterm promotions: Definition 14. R Ď R : “ p K I q ˚ p R Ñ R q Lemma 15 (Subset) . t J R Ď R K γ t iff J R K γ Ď J R K γ .Proof. Making use of Conjugation { } , deduce t J R Ď R K γ t “ K I t J R Ñ R K γ K I t “ I J R Ñ R K γ I The semantics (Figure 2) states that this latter relational typingis true in environment γ iff for all p x, x q P J R K γ , p I x, I x q P J R K γ , which by βη -Closure { } is equivalent to p x, x q P J R K γ .Term promotions also enable us to derive implicit prod-ucts [5]. In traditional type theories, implicit products areused to express quantifications without corresponding λ -abstractions in the subject. One may think of them as describ-ing specificational (or “ghost”) inputs to functions. In RelTT,we express this by stating that the subject has a function typebut erases its input; i.e., it is of the form K t for some t . Definition 16. R ñ R : “ K ˚ p R Ñ R q Note in the following theorem the essential feature ofimplicit products: we conclude by relating (with R ) just t and t , not their applications to x and x respectively. Lemma 17 (Implicit Product) . t J R ñ R K γ t iff for all p x, x q P J R K , t J R K γ t .Proof. t J R ñ R K γ t “ K t J R Ñ R K γ K t And the latter holds iff for all p x, x q P J R K , K t x J R K γ K t x . By βη -Closure { } , this is equivalentto t J R K γ t .Finally, using internalized inclusion, we may neatly expressequality of relations as a type: Definition 18. R “ R : “ p R Ď R q ¨ p R Ď R q Lemma 19 (Relational Equality) . t J R “ R K γ t iff J R K γ “ J R K γ .Proof. First, suppose t J R “ R K γ t . Then by semantics ofcomposition, there exists some t such that ‚ t J R Ď R K γ t , and ‚ t J R Ď R K γ t .Applying Subset { } , these facts are equivalent to ‚ J R K γ Ď J R K γ , and ‚ J R K γ Ď J R K γ .This proves the two relations are equal.Next, suppose J R K γ “ J R K γ . Then similarly, applyingSubset { } , we may arbitrarily choose I for t to satisfy ‚ t J R Ď R K γ t , and ‚ t J R Ď R K γ t .which suffices, again by the semantics of composition. Lemma 20 (Substitutivity Of Relational Equality) . If t J R “ R K γ t , then J r R { X s R K γ “ J r R { X s R K γ Proof.
The proof is by induction on R , making use of Envi-ronment Extension { } as we induct on the bodies of universaltypes (in extended environments). We omit the details, asall cases are obvious thanks to the compositionality of thesemantics (Figure 2).V. E XTENSIONALITY PRINCIPLES
We prove a few examples of standard type-specific exten-sionality principles.
Lemma 21 ( η -Unit) . If t J @ X. X Ñ X K γ t , then t J @ X. X Ñ X K γ I .Proof. Assume (1) t J @ X. X Ñ X K γ t . Next, assume r P R with y r r s y . Instantiate (1) with J X r y s K X ÞÑ r (note this is adefinable relation) to get t J X Ñ X K γ r X ÞÑ J X r y s K X ÞÑ r s t Simplifying using Interpretation Over Substitution { } andalso Environment Extension { } , this gives us t J X r y s Ñ X r y s K γ r X ÞÑ r s t We may apply this to y r X r y ss y which we have from (1) byInternalized Typing { } . This application yields t y J X r y s K γ r X ÞÑ r s t y Again applying Internalized Typing { } , this gives us t y r r s y , as required. Definition 22. R ˆ R : “ @ X. p R Ñ R Ñ X q Ñ X pair : “ λ x. λ y. λ c. c x y p t, t q : “ pair t t t. “ t λ x. λ y. xt. “ t λ x. λ y. y Lemma 23 (Surjective Pairing) . If t J R ˆ R K γ t , then p t. , t. q J R ˆ R K γ t Proof.
Assume (1) t r R ˆ R s t . Then assume r P R and (2) c J R Ñ R Ñ X K γ r X ÞÑ r s c , and show pair p t. q p t. q c r r s t c (A)Instantiate (1) with J λ x. x c ¨ X K r X ÞÑ r s (note this is a definablerelation). Then (A) follows from pair J R Ñ R Ñ X K γ r X ÞÑ J λ x. x c ¨ X K r X ÞÑ r s s c (B)Let us apply Environment Extension { } implicitly to simplifyenvironments. To prove (B), assume (3) r J R K γ r and (4) r J R K γ r , and show pair r r J λ x. x c ¨ X K r X ÞÑ r s c r r y Deapplication { } , this is equivalent to pair r r c r r s c r r By βη -Closure { } , this is equivalent to c r r r r s c r r This follows from (2), (3), and (4) by the semantics.VI. S
YMMETRIC TYPES
Definition 24.
Call a type symmetric iff it does not use R ¨ R ,and every occurrence of a promotion of a term t either has t “ βη I or occurs as t in subexpressions of the form t ˚ R .Use S as a metavariable for symmetric types. Definition 25. γ Y p X q “ p γ p X qq Y ; i.e., the converse ofrelation γ p X q . Lemma 26. p γ Y q Y “ γ . Theorem 27 (Symmetric types) . J S K γ “ J S Y K γ Y Proof.
The proof is by induction on S .Case X : J X K γ “ γ p X q “ p γ Y q Y p X q “ J X Y K γ Y .Case S Ñ S : assume t J S Ñ S K γ t . To show t J S Ñ S K γ Y t , assume a J S K γ Y a . By the IH, a J S K γ a , so t a J S K γ t a . By the IH again, t a J S K γ Y t a , as required.Conversely, assume t J S Ñ S K γ Y t , and assume a J S K γ a .By the IH, a J S K γ Y a , so t a J S K γ Y t a . By the IH again, t a J S K γ t a , as required.Case @ X. S : assume t J @ X. S K γ t , and r P R . So t J S K γ r X ÞÑ r Y t , and by the IH, t J S K γ Y r X ÞÑ r s t , as re-quired. Conversely, assume t J @ X. S K γ Y t , and r P R . So t J S K γ Y r X ÞÑ r Y s t , and by the IH, t J S K γ r X ÞÑ r s t , as required.Case S Y : assume t J S Y K γ t . By the IH, t J S K γ Y t as required.Conversely, assume t J S K γ Y t . Then by the IH, t J S Y K γ t ,as required.Case ˆ t ˚ S : assume t J ˆ t ˚ S K γ t . By Conjugation { } , thisis equivalent to ˆ t t J S K γ ˆ t t . By the IH, ˆ t t J S K γ ˆ t t ,which is then similarly equivalent to the desired typing. Theconverse follows similarly, applying Symmetry Properties { } and Relational Laws { } .Case ˆ t “ βη I : p t J ˆ t K γ t q “ p ˆ t t “ βη t q “ p t “ βη t q “ p t “ βη ˆ t t q “p t J ˆ t K γ t q VII. T
RANSITIVE TYPES
Definition 28.
Use metavariable p to range over the set t´ , `u of polarities . ¯ p denotes the other polarity from p . The following notion extends a similar one due to Kriv-ine [6, Section 8.5], put also to good use in other workslike [7].
Definition 29 ( @ p ) . Define a property @ p of types inductivelyby the following clauses. Type variables X are @ p . If R is @ ¯ p and R is @ p , then R Ñ R is @ p . If R is @ ` then so is @ X. R .If R is @ p , then so is R Y . If t “ βη I , then the promotion of t to a type is @ p . Note that @ p types are symmetric types(Definition 24). We let P range over @ ` types, and N over @ ´ types. Recall the following fact from classical lambda calculus(e.g., Chapter 7 of [8]).
Lemma 30 (Zeta) . If t x “ βη t x and x R FV p t t q , then t “ βη t .Proof. From the assumption, deduce λ x. t x “ βη λ x. t x .The sides of this equation are η -equal to t and t , respectively. Definition 31.
Let e denote the environment where e p X q isthe relation “ βη , for all type variables X . As discussed further in Section XIII, RelTT by design doesnot satisfy Identity Extension (a property proposed originallyby Reynolds [9]). The following is a partial refinement:
Theorem 32 (Identity Inclusion) . J P K e Ď “ βη . “ βη Ď J N K e .Proof. Proceed by induction on the assumption of R in @ p .Case X P @ p : J X K e “ e p X q , which is “ βη .Case R Ñ R P @ ` : assume (1) t J R Ñ R K e t . ByZeta { } , it suffices to prove t x “ βη t x . Since R P @ ´ ,the IH applies to x “ βη x to yield x J R K e x . Combining thiswith (1) gives t x J R K e t x . Then by the IH, t x “ βη t x ,as required.Case R Ñ R P @ ´ : assume (1) t “ βη t and (2) a J R K e a ,and show t a J R K e t a . Since R P @ ` , the IH applies to (2)yielding a “ βη a . Combining this with (1) gives t a “ βη t a ,from which the IH yields t a J R K e t a .Case @ X. R
P @ ` : assume (1) t J @ X. R K e t , and show t “ βη t . From (1), we have t J R K e r X ÞÑ “ βη s t . By the IH, this yields t “ βη t , as required.Case R Y P @ ` : assume t J R Y K e t , which implies t J R K e t .By the IH, t “ βη t , hence t “ βη t as required.Case R Y P @ ´ : assume t “ βη t , hence t “ βη t . By the IH, t J R K e t , which equals the required t J R Y K e t .Case ˆ t P @ p : J ˆ t K e is then just “ βη .Using the terminology of [10], Identity Inclusion { } identifies @ ` types as extensive (they are included in theequality relation), and @ ´ types as parametric (the equalityrelation is included in them). Lemma 33 (Transitivity For @ ` -Types) . I J P ¨ P Ñ P K e I .Proof. Assume (1) x J R K e y and (2) y J R K e z , and show x J R K e z . By Identity Inclusion { } , (1) implies x “ βη y .From this and (2), βη -Closure { } yields the desired conclu-sion. Corollary 34 ( @ ` Per) . If R is @ ` and closed, then J R K γ isa partial equivalence relation (i.e., symmetric and transitive;abbreviated per).roof. Since R is closed, J R K γ “ J R K e by EnvironmentExtension { } . Transitivity for @ ` -Types { } then impliestransitivity. Symmetry follows from Symmetric Types { } ,since @ ` types are symmetric types (Definition 24). Definition 35 (simple transitive types) . Simple transitive types T are defined by the following grammar: T :: “ P | P Ñ T | N Ñ T | t ˚ T Lemma 36 (transitivity for simple transitive types) . I J T ¨ T Ñ T K e I Proof.
The proof is by induction on T , in each case assuming(1) x J T K γ y and (2) y J T K γ z .Case P : Transitivity for @ ` -Types { } .Case P Ñ T : assume (3) a J P K e a . By SymmetricTypes { } , a J P K e a (as e Y “ e ). By Transitivity for @ ` -Types { } , this can be combined with (3) to obtain a J P K e a . Using this with (1), x a J T K e y a . Using (3) with(2), y a J T K e z a . By the induction hypothesis, x a J T K e z a as required.Case N Ñ T : assume (3) a J N K e a . By Identity Inclu-sion { } , since N is @ ´ , a J N K e a (since a “ βη a ). Usingthis with (1), x a J T K e y a . Then as in the previous case,we obtain y a J T K e z a using (3) with (2), and the required x a J T K e z a by the induction hypothesis.Case ˆ t ˚ T : by Conjugation { } , it suffices to show ˆ t x J T K γ ˆ t z . This follows by the IH from assumptions (1) and(2), since these are equivalent to ˆ t x J T K γ ˆ t y and ˆ t y J T K γ ˆ t z by Conjugation { } .VIII. A RELATIONAL PROOF SYSTEM
Figure 6 presents a proof system, RelPf, for judgments ofthe form Γ $ t r R s t . (Here, the square brackets are partof the syntax for the judgment; in our meta-language, we areusing them for application of a mathematical relation.) RelPfSoundness { } below shows that this system is sound withrespect to the semantics of Figure 2 (extended for contexts).In Section XII, we will develop a type theory based on RelPf,but introduce the proof system here because the fragment forSystem F types will be useful in Section X on inductive types.A few details: ‚ typing contexts Γ are described by the grammar Γ :: “ ¨ | Γ , t r R s t We may elide ¨ in examples. ‚ There is an introduction and elimination rule for eachconnective. ‚ The introduction rule for term promotions is the axiom Γ $ t r t s t t . This states that t is related to t t by therelation (i.e., term promotion) t . ‚ The rule allowing to change the sides of the relationaltyping to βη -equal terms is called conversion . While βη -equality is undecidable in general, we may view the sideconditions on conversion as license for an implementationto check reductions to as deep a finite depth as desired.So we view reduction as being implicitly bounded in Γ $ tt r Bool s ff Γ $ tt r R Ñ R Ñ R s ff Γ $ x r R s x Γ $ tt x r R Ñ R s ff x y Γ $ y r R s y Γ $ tt x y r R s ff x y Γ $ x r R s y Fig. 4. Derivation of True Different From False { } . The final inference isby the conversion rule, noting tt x y “ βη x and ff x y “ βη y x : T P ΓΓ $ x : T Γ , x : T $ t : T Γ $ λ x. t : T Ñ T Γ $ t : T Ñ T Γ $ t : T Γ $ t t : T Γ $ t : T X R FV p Γ q Γ $ t : @ X. T Γ $ t : @ X. T Γ $ t : r T { X s T Fig. 5. Typing rules for Curry-style System F applications of this rule, making type-checking decidable.We do not formalize bounded reduction.Here is an example in RelPf, deriving a form of incon-sistency from an assumption that different constructors of aninductive type are equal. It states that if tt and ff are equalas booleans, then any relation R is trivial in the sense that R “ dom p R q ˆ ran p R q . Definition 37.
Bool : “ @ X. X Ñ X Ñ X tt : “ λ x. λ y. x ff : “ λ x. λ y. y Lemma 38 (True Different From False) . For any type R , let Γ be a context with the following assumptions: tt r Bool s ff x r R s x y r R s y Then Γ $ x r R s y .Proof. A derivation is in Figure 4.Turning now to meta-theory: let σ range over term substi-tutions (finite functions from term variables to terms). Denotecapture-avoiding application of a substitution σ to a term t as σ t . Apply substitutions σ to types R by applying them to allterms contained in R . Now we will define an interpretationof contexts Γ as sets of substitutions satisfying the contextsconstraints. Definition 39. J Γ K γ is defined by recursion on Γ : σ P J Γ , t r R s t K γ “ σ P J Γ K γ ^ σt J σR K γ σt σ P J ¨ K γ “ True r R s t P ΓΓ $ t r R s t Γ , x r R s x $ t r R s t p˚q Γ $ λ x. t r R Ñ R s λ x . t Γ $ t r R Ñ R s t Γ $ t r R s t Γ $ t t r R s t t Γ $ t r@ X. R s t Γ $ t rr R { X s R s t Γ $ t r R s t X R FV p Γ q Γ $ t r@ X. R s t Γ $ t r R s t t “ βη t t “ βη t Γ $ t r R s t Γ $ t r R s t Γ $ t r R Y s t Γ $ t r R Y s t Γ $ t r R s t Γ $ t r t s t t Γ $ t r t s t Γ $ r t { x s t r R s r t { x s t Γ $ r t t { x s t r R s r t t { x s t Γ $ t r R ¨ R s t Γ , t r R s x, x r R s t $ t r R s t p˚˚q Γ $ t r R s t Γ $ t r R s t Γ $ t r R s t Γ $ t r R ¨ R s t Side condition (*) is x R FV p Γ , R, R q .Side condition (**) is x R FV p Γ , t , t , t, t , R, R , R q . Fig. 6. Proof system for relational typing.
Theorem 40 (RelPf Soundness) . Suppose γ is defined on allfree type variables of Γ and R . If Γ $ t r R s t , and σ P J Γ K γ ,then σ t J σ R K γ σ t .Proof. The proof is by induction on the RelPf derivation. Ineach case we assume arbitrary σ P J Γ K γ .Case: t r R s t P ΓΓ $ t r R s t From t r R s t P Γ we obtain the desired σ t J σ R K γ σ t fromthe semantics of contexts.Case: Γ , x r R s x $ t r R s t p˚q Γ $ λ x. t r R Ñ R s λ x . t Assume arbitrary t and t with (1) t J σ R K γ t . Let σ denote σ r x ÞÑ t , x ÞÑ t s . By the IH, σ t J σ R K γ σ t By side condition (*), σ R “ σ R . Applying then βη -Closure { } , we have p σ λ x. t q t J σ R K γ p σ λ x . t q t By the semantics of arrow types, the fact that this holds for all t and t satisfying (1) implies the desired σ λ x. t J σ p R Ñ R q K γ σ λ x . t .Case: Γ $ t r R Ñ R s t Γ $ t r R s t Γ $ t t r R s t t By the IH, σ t J R Ñ R K γ σ t and σ t J R K γ σ t .The semantics of arrow types then gives the desired σ p t t q J R K γ σ p t t q .Case: Γ $ t r@ X. R s t Γ $ t rr R { X s R s t By the IH, we have (1) σ t J σ @ X. R K γ σ t . By the conditionon γ , J R K γ is defined, and we use it to instantiate (1). Thisgives σ t J σ R K γ r X ÞÑ J R K γ s σ t By Interpretation Over Substitution { } , this implies thedesired σ t J σ r R { X s R K γ σ t Case: Γ $ t r R s t X R FV p Γ q Γ $ t r@ X. R s t Assume arbitrary r P R . Then by the IH, σ t J σ R K γ r X ÞÑ r s σ t . The desired σ t J σ @ X. R K γ σ t then follows by the semantics of universal quantification.Case: Γ $ t r R s t t “ βη t t “ βη t Γ $ t r R s t This case follows easily by the IH and βη -Closure { } .Case: Γ $ t r R s t Γ $ t r R Y s t By the IH, σ t J R K γ σ t . By the semantics of converse, thisimplies the required σ t J R Y K γ σ t .Case: Γ $ t r R Y s t Γ $ t r R s t By the IH, σ t J R Y K γ σ t . By the semantics of converse, thisimplies the required σ t J R K γ σ t .Case: Γ $ t r t s t t The desired conclusion is equivalent to σ p t t q “ βη σ p t t q ,which holds.Case: Γ $ t r t s t Γ $ r t { x s t r R s r t { x s t Γ $ r t t { x s t r R s r t t { x s t y the IH, we have ‚ σ p t t q “ βη σ t σ r t { x s t J σ R K γ σ r t { x s t Using basic properties of βη -equivalence and substitution,these facts imply the desired σ r t t { x s t J σ R K γ σ r t t { x s t Case: Γ $ t r R ¨ R s t Γ , t r R s x, x r R s t $ t r R s t p˚˚q Γ $ t r R s t By the IH and semantics for composition we have that thereexists t such that(1) σ t J σ R K γ t (2) t J σ R K γ σ t Let σ denote σ r x ÞÑ t s . Using (1) and (2), we may prove that σ is in the interpretation of the context in the right premiseof the inference. Side condition (**) is used to deduce that σ satisfies the two constraints added to Γ in that context, from(1) and (2) (where only σ appears). Then by the IH and (**),we have the required σ t J σ R K γ σ t Case: Γ $ t r R s t Γ $ t r R s t Γ $ t r R ¨ R s t By the IH, we have ‚ σ t J σ R K γ σ t σ t J σ R K γ σ t These imply the desired σ t J σ p R ¨ R q K γ σ t by the semanticsof composition. IX. E MBEDDING S YSTEM
FSimilar to the Abstraction Theorem of Reynolds [9], wemay prove that each term typable in System F is relatedto itself by the relational interpretation of its type. Figure 5recalls the typing rules of Curry-style System F (also knownas λ - Curry [11]). We consider the set of types of SystemF a subset of the set of relational types (Figure 1). We firstshow that typing derivations in System F can be translatedto RelTT in the obvious way. Then we may appeal to RelTTSoundness { } . Definition 41.
Partition the set of variables by an injection ´ .Assume t does not contain any variables of the form x with x P FV p t q . Then let t be the term where every variable x (freeor bound) is renamed to x . Definition 42.
Define x ´ y recursively on typing contexts Γ ofSystem F by: x ¨ y “ ¨ x Γ , x : T y “ x Γ y , x r T s x Theorem 43 (Soundness Of System F) . If Γ $ t : T (inSystem F), then x Γ y $ t r T s t (in RelPf), assuming t is defined.Proof. The proof is by induction on the typing derivation inSystem F.Case: x : T P ΓΓ $ x : T From x : T P Γ we derive x r T s x P x Γ y , and conclude usingthe assumption rule of RelPf.Case: Γ , x : T $ t : T Γ $ λ x. t : T Ñ T By the IH, we have x Γ y , x r T s x $ t r T s t From this, use arrow introduction (of RelPf) to derive thedesired x Γ y $ λ x. t r T Ñ T s λ x. t Case: Γ $ t : T Ñ T Γ $ t : T Γ $ t t : T By the IH we have x Γ y $ t r T Ñ T s t x Γ y $ t r T s t Use arrow elimination (of RelPf) to deduce the desired x Γ y $ t t r T s t t Case: Γ $ t : T X R FV p Γ q Γ $ t : @ X. T
By the IH, we have x Γ y $ t r T s t . Apply forall introduction(of RelPf) to conclude the desired x Γ y $ t r@ X. T s t Case: Γ $ t : @ X. T Γ $ t : r T { X s T By the IH, we have x Γ y $ t r@ X. T s t . Apply forall elimination(of RelPf) to conclude the desired x Γ y $ t rr T { X s T s t . Corollary 44 (Soundness Of System F For Closed Terms) . If ¨ $ t : T (in System F), then t J T K γ t .Proof. Use Soundness of System F { } (noting that t “ α t since t closed), and then RelTT Soundness { } .Below we will also need this basic syntactic property: Proposition 45 (Weakening for System F) . If Γ , Γ $ t : T ,then Γ , x : R, Γ $ t : T where x is not declared in Γ , Γ . . I NDUCTIVE TYPES
Following a relational, and functorial, generalization of [10],this section shows how to derive a relational form of inductionwithin RelTT. For this section, except as noted in Section X-A,let R be a type of System F, possibly containing specifiedvariable X free. Under the usual requirement of positivity,we prove equal the following two relational types, where inthe second one, we make use of our notation for internalizedtyping (Definition 9): Definition 46. ‚ D param : “ @ X. p R Ñ X q Ñ X ‚ D ind : “ @ X. pr in X,R s p R Ñ X q r in X,R sq ñ X in X,R represents the constructors of the inductive datatype ina standard way, and is defined below (Definition 54).
A. Variable Polarity and Monotonicity
The first step to proving equality of D param and D ind is toextend the usual notion of a type variable’s occurring freeonly positively or only negatively, to relational types (recallDefinition 28 for polarities p ). For inductive types, our resultshold only for @ ` types of System F. For positive-recursivetypes, however (Section XI), our derivation works for anyrelational type R . So we begin by defining when a variableoccurs only with polarity p ( X P p R ) generally for anyrelational type R : Definition 47.
Define X P p R inductively by the clauses: ‚ X P ` X ‚ X P p Y ‚ X P p p R Ñ R q iff X P ¯ p R and X P p R X P p @ Y. R iff X P p R ‚ X P p p R ¨ R q iff X P p R and X P p R X P p p R Y q iff X P p R ‚ X P p t (The intention is that X P ` R means X occurs only positivelyin R , and X P ´ R only negatively.) The following form ofmonotonicity then holds for any relational type. The statementof the lemma using a polarity meta-variable p consolidatesmany dual cases in the proof (cf. [12]). Lemma 48 (Monotonicity) . Suppose r ` and r ´ are in R ,with r ` Ď r ´ . If X P p R , then J R K γ r X ÞÑ r p s Ď J R K γ r X ÞÑ r ¯ p s .Proof. The proof is by induction on X P p R , assuming (1) r ` Ď r ´ and (2) t J R K γ r X ÞÑ r p s t .Case X P ` X : by (1).Case X P p Y : by (2), as J Y K γ r X ÞÑ r p s “ J Y K γ “ J Y K γ r X ÞÑ r ¯ p s .Case X P p p R Ñ R q : assume (3) t a J R K γ r X ÞÑ r ¯ p s t b . Fromthis, the IH for R gives t a J R K γ r X ÞÑ r p s t b (instantiating thequantified polarity in the IH with ¯ p ). Combine this with (2)to obtain t t a J R K γ r X ÞÑ r p s t t b . From this, the IH for R gives t t a J R K γ r X ÞÑ r ¯ p s t t b , as required.Case X P p @ Y. R : assume r P R , and instantiate (2)with r . Then apply the IH to obtain the required t J R K γ r X ÞÑ r ¯ p ,Y ÞÑ r s t . Case X P p p R ¨ R q : (2) implies that there exists t such that t J R K γ r X ÞÑ r P s t and t J R K γ r X ÞÑ r p s t . Applying the IH,we obtain t J R K γ r X ÞÑ r ¯ P s t and t J R K γ r X ÞÑ r ¯ p s t , whichsuffices.Case X P p p R Y a q : (2) implies t J R a K γ r X ÞÑ r p s t . From this,the IH gives t J R a K γ r X ÞÑ r ¯ p s t , which suffices.Case X P p t : by (2), as J t K γ r X ÞÑ r p s “ J t K γ “ J t K γ r X ÞÑ r ¯ p s . B. Fmap, Fold, and In
Following a standard approach to derivation of inductivetypes (cf. [13]), we will define operations fmap
X,R , fold ,and finally in X,R , and prove relational typings about them.Because we will be considering terms related to themselves,it is convenient to introduce notation t :: r : Definition 49. p t :: r q : “ t r r s t Definition 50.
Define a term fmap
X,R by recursion on types R of System F (also, recall Figure 3):fmap X,X “ I fmap X,Y “ K I fmap
X,R Ñ R “ λ f. λ a. fmap X,R f ˝ a ˝ fmap X,R f fmap X, @ Y. R “ λ f. fmap X,R f Note that as we treat expressions up to α -equivalence, we donot need a case for fmap X, @ X. R , as this will be handled as fmap X, @ Y. r Y { X s R . Lemma 51 (Fmap (System F)) . Suppose X ` and X ´ are typevariables. Suppose X p R FV p R q , for all p . If X P p R , then inSystem F we have ¨ $ fmap X,R : p X ` Ñ X ´ q Ñ r X p { X s R Ñ r X ¯ p { X s R Proof.
The proof is by induction on X P p R , implicitlyapplying Weakening for System F { } .Case X P ` X : the goal is ¨ $ I : p X ` Ñ X ´ q Ñ p X ` Ñ X ´ q which is derivable.Case X P p Y : the goal is ¨ $ K I : p X ` Ñ X ´ q Ñ p Y Ñ Y q which is derivable.Case X P p p R Ñ R q : let Γ be the context f : p X ` Ñ X ´ q , a : r X p { X sp R Ñ R q , x : r X ¯ p { X s R Using the typing rules of System F, it suffices to show Γ $ fmap X,R f p a p fmap X,R f x qq : r X ¯ p { X s R By the IH, since X P ¯ p R , we have ¨ $ fmap X,R : p X ` Ñ X ´ q Ñ pr X ¯ p { X s R Ñ r X p { X s R Hence we may derive ¨ $ p fmap
X,R f x q : r X p { X s R nd then ¨ $ a p fmap X,R f x q : r X p { X s R . From this, usingthe IH with X P p R , we obtain the desired goal.Case X P p @ Y. R : by the IH we have ¨ $ fmap
X,R : p X ` Ñ X ´ q Ñ r X p { X s R Ñ r X ¯ p { X s R From this we obtain f : p X ` Ñ X ´ q $ fmap X,R f : r X p { X s R Ñ r X ¯ p { X s R Applying @ -introduction, we get f : p X ` Ñ X ´ q $ fmap X,R f : @ Y. r X p { X s R Ñ r X ¯ p { X s R Applying Ñ -introduction gives the desired conclusion (notewe needed the η -expanded definition of fmap X, @ Y. R ). Definition 52 (Fold) . fold : “ λ a. λ x. x a Lemma 53 (Fold) . Let X be possibly free in R . Then inSystem F: ¨ $ fold : @ X. p R Ñ X q Ñ D param Ñ X Proof.
Let Γ be the context a : R Ñ X, x : D param . It sufficesto prove Γ $ x a : X . Instantiating the type variable in D param with X , we obtain Γ $ x : p R Ñ X q Ñ X So applying x to a indeed has type X in context Γ . Definition 54. in X,R : “ λ x. λ a. a p fmap X,R p fold a q x q Lemma 55 (In For D param (System F)) . If X P ` R , then inSystem F we have ¨ $ in X,R : r D param { X s R Ñ D param Proof.
Let Γ be the context x : r D param { X s R, a : R Ñ X .Applying typing rules of System F, it suffices to show Γ $ a p fmap X,R p fold a q x q : X This holds if Γ $ fmap X,R p fold a q x : R . Using theassumption that X P ` R , instantiate Fmap (System F) { } with D param for X ` and X for X ´ to obtain: ¨ $ fmap X,R : p D param Ñ X q Ñ r D param { X s R Ñ R The desired typing follows using Γ $ fold a : D param Ñ X ,which holds by Fold { } . Lemma 56 (In For D param (RelTT)) . If X P ` R , thenin X,R :: J r D param { X s R Ñ D param K γ Proof.
Apply Soundness Of System F For Closed Terms { } to In For D param (System F) { } .We can prove a similar lemma about in X,R and D ind , butsince D ind is not a System F type we cannot use SoundnessOf System F { } . We first need: Lemma 57 ( D ind Containment) . If in
X,R :: J R Ñ X K γ r X ÞÑ r s , then J D ind K γ Ď r . Proof. Call the hypothesis of the lemma (1), and suppose also(2) t J D ind K γ t . We must show t r r s t . Instantiating X in D ind with r , by Implicit Product { } (1) indeed implies t r r s t . Lemma 58 (In for D ind (RelTT)) . If X P ` R , thenin X,R :: J r D ind { X s R Ñ D ind K γ Proof.
Assume (1) t J r D ind { X s R K γ t and show in X,R t J D ind K γ in X,R t Unfolding the definition of D ind and applying InternalizedTyping { } and Implicit Product { } , it suffices to assume r P R with in X,R J R Ñ X K γ r X ÞÑ r s in X,R (2)and show in X,R t r r s in X,R t This will follow from (2) if we can show (A) t J R K γ r X ÞÑ r s t .To derive this, first instantiate Monotonicity { } with D ind for X ` and r for X ´ . That tells us that if (B) J D ind K γ Ď r ,then also (applying Interpretation Over Substitution { } ) J r D ind { X s R K γ Ď J R K γ r X ÞÑ r s This together with (1) proves (A). And (B) follows from (2)by D ind Containment { } . C. Reflection
Next, we prove a property known as reflection (cf. [14]).For the specific case of natural numbers, a similar result isProposition 14 of [10]. Recall the definitions of fold and in from Section X-B. Definition 59. rebuild
X,R : “ fold in X,R
Lemma 60 (Reflection) . If X P ` R , thenrebuild X,R J D param Ñ D param K γ I Before we can prove this, we need:
Lemma 61 (Fmap Fold) . Suppose Y R FV p R q . Let r ` “ J f ¨ X K γ and r ´ “ γ p X q . If X P p R , then, letting γ “ γ r Y ÞÑ r p , X ÞÑ r ¯ p s , we havefmap X,R f J r Y { X s R Ñ R K γ I Proof.
The proof is by induction on the derivation of X P p R .We simplify implicitly using βη -Closure { } .Case X P ` X : since fmap X,X “ I , the goal becomes I f r r ` Ñ r ´ s I So assume t r r ` s t , which is equivalent (by Deapplica-tion { } ) to (1) f t r γ p X qs t ; and show I f t r γ p X qs t but this simplifies to (1).Case X P p Z : since fmap X,Z “ K I , the goal becomes
K I f J Z Ñ Z K γ I urther simplifying, it becomes I J Z Ñ Z K γ I which holds obviously (Identity { } ). Since Y R FV p R q byassumption, this concludes the variable cases.Case X P p p R Ñ R q : the goal becomes λ a. p fmap X,R f q ˝ a ˝ p fmap X,R f q J r Y { X s R Ñ R K γ I So assume (1) a J r Y { X sp R Ñ R q K γ a , and show p fmap X,R f q ˝ a ˝ p fmap X,R f q J R K γ a Next, assume (2) b J R K γ b , and show fmap X,R f p a p fmap X,R f b q J R K γ a b Since X P p R , this follows by the IH from a p fmap X,R f b q J r Y { X s R K γ a b In turn, this follows by (1) from fmap
X,R f b J r Y { X s R K γ b Since X P ¯ p R , this follows by the IH from (2).Case X P ` @ Z. R : the goal becomes fmap X,R f J r Y { X s R Ñ R K γ I So assume (1) a J @ Z. r Y { X s R K γ a , and show fmap X,R f a J @ Z. R K γ a For this, assume r P R , and show fmap X,R f a J R K γ r Z ÞÑ r s a Since X P p R , this follows by the IH from a J r Y { X s R K γ r Z ÞÑ r s a But this follows by instantiating (1) with r .We may now return to: Proof of Reflection { } . Assuming (1) t J D param K γ t , it suf-fices (applying βη -Closure { } ) to show t in X,R J D param K γ t For this, assume r P R and (2) a J R Ñ X K γ r X ÞÑ r s a , andshow t in X,R a r r s t a (A)The key idea (generalizing Wadler’s Proposition 14 alreadymentioned) is to instantiate (1) with the asymmetric relation J fold a ¨ X K r X ÞÑ r s Let us call this r a . (A) will follow from that instantiation ifwe can prove in X,R J R Ñ X K γ r X ÞÑ r a s a So assume (3) t J R K γ r X ÞÑ r a s t , and show in X,R t r r a s a t This follows, by Deapplication { } and βη -Closure { } , from in X,R t a r r s a t Further applying βη -Closure { } , this follows from a p fmap X,R p fold a q t q r r s a t By (2), this follows from p fmap X,R p fold a q t q J R K γ r X ÞÑ r s t which follows from (3) by Fmap Fold { } , applying alsoEnvironment Extension { } to get the contexts and types inthe required form; and using X P ` R . D. Equating D param and D ind Theorem 62 (Inductive Types) . Suppose FV p R q “ t X u and X P ` R . i. t J D ind Ď D param K γ t ii. If R is @ ` , then t J D param Ď D ind K γ t iii. If R is @ ` , then t J D ind “ D param K γ t Proof.
Recall the definitions: D param : “ @ X. p R Ñ X q Ñ XD ind : “ @ X. pr in X,R s p R Ñ X q r in X,R sq ñ X For this proof, let us apply Subset { } implicitly. (iii)follows from (i) and (ii). To show (i), assume t J D ind K γ t , andinstantiate X in this assumption with D param . This impliesthe required t J D param K γ t , as long as (applying InterpretationOver Substitution { } ) in X,R J r D param { X s R Ñ D param K γ in X,R
But this is exactly In For D param { } .To show (ii), assume (1) t J D param K γ t , and instantiate X inthis assumption with D ind to get t J pr D ind { X s R Ñ D ind q Ñ D ind K γ t (Here we again applied Interpretation Over Substitution { } .)From this and In For D ind { } , we obtain (2) t in X,R J D ind K γ t in X,R
This is close to what we want. Applying Reflection { } to(1), we obtain t in X,R J D param K γ t Since FV p R q “ X , D param is closed, so we may change γ to e here and in (1), by Environment Extension { } . Then since R is @ ` , D param is also, and we can apply Identity Inclusion { } to get: t in X,R “ βη t t “ βη t Using these facts with βη -Closure { } , we may simplify (2)to the desired t J D ind K γ t .In light of this result, we denote D param for particular X and R as D X,R , and freely change between it and D ind as long as R is @ ` . . Example: Nat In this section, we consider the basic example of naturalnumbers. To express this type using the parameter R of D X,R ,we first need some standard types (namely A ` B and ) andassociated term definitions: for A ` B , constructors inl and inr , and eliminator x n, m y ; and for , constructor unit . Definition 63. A ` B : “ @ X. p A Ñ X q Ñ p B Ñ X q Ñ X “ @ X. X Ñ X inl : “ λ a. λ x. λ y. x a inr : “ λ b. λ x. λ y. y b x n, m y : “ λ c. c n m unit : “ I Now we define
Nat and its constructors as expected, withaddition as an example operation:
Definition 64.
Nat : “ D X, ` X zero : “ in X, ` X p inl unit q succ : “ in X, ` X ˝ inradd : “ λ n. λ m. n x m, succ y Thanks to Soundness of System F For Closed Terms { } and the usual System F typings of the above term definitions(including In For D param (System F) { } ), we have thefollowing relational typings: Lemma 65 ( Nat
Operations) . zero :: J Nat K γ succ :: J Nat Ñ Nat K γ add :: J Nat Ñ Nat Ñ Nat K γ Following a very similar development as for InductiveTypes { } , we may also equate A ` B and with inductivevariants: Definition 66. A ` i B : “ @ X. r inl s p A Ñ X q r inl s ñr inr s p B Ñ X q r inr s ñ X i : “ @ X. r unit s X r unit s ñ X Recall the notation R “ R (Definition 18). Proposition 67. t J A ` B “ A ` i B K γ t t J “ i K γ t Finally, let us prove a basic inductive property of add , asan example.
Lemma 68. λ n. add n zero J Nat Ñ Nat K γ I Proof.
For (i): Assume (1) n J Nat K γ n , and show add n zero J Nat K γ n (A) Applying Inductive Types { } to (1) allows us to reasoninductively; we instantiate the type variable X in D ind withthe interpretation of r : “ λ n. add n zero ¨ Nat
We must show this is preserved by in X, ` X ; that is in X, ` X :: J p ` r q Ñ r K γ (B)By Deapplication { } this suffices for (A). For (B), assume(2) v J ` r K γ v , and show in X, ` X v J r K γ in X, ` X v Switch to the inductive view of ` r in (2), and induct usingthe interpretation of r : “ in X, ` X ˚ r By Deapplication { } , this is sufficient for (B). We must prove ‚ inl unit :: J r K γ ‚ inr :: J r Ñ r K γ Unfolding definitions of r and r using Deapplication { } ,we confirm the following using βη -Closure { } and Nat
Operations { } ‚ add p in X, ` X p inl unit qq zero J Nat K γ p in X, ` X p inl unit qq ‚ add p in X, ` X p inr x qq zero J Nat K γ p in X, ` X p inr x qq from add x zero J Nat K γ x F. Discussion
Wadler proves a result similar to Inductive Types { } forthe special case of the natural numbers, in Section 5 of [10].He shows, as a theorem of a second-order logic, that beingrelated by the relational interpretation of Nat param is the sameas being equal natural numbers that satisfy a predicate ofunary induction. The result here is more general, coveringany inductive datatype defined by a positive type scheme R .The equivalence is expressed not in a second-order logic, butin RelTT. So the proof is in terms only of binary relations,including a binary-relational form of induction (instead ofusing unary induction). Another technical difference is thatthe proof here relies on Identity Inclusion { } . This doesnot show up in Wadler’s proof, but only because he considersjust the simple example of natural numbers, with the type @ X. p X Ñ X q Ñ X Ñ X . One may confirm that acategorical version, as we consider here, would require ananalogous property for the proof of his Proposition 14 [10].Thanks to Inductive Types { } , we can transport propertiesbetween the denotations of D ind and D param . For a simpleexample: Lemma 69.
Suppose R is @ ` . Then J D ind K is a per.Proof. If R is @ ` , then so is D param , and hence J D param K γ isa per by @ ` Per { } . This implies D ind is also a per, byInductive Types { } .Proving this lemma directly is not hard, but using InductiveTypes { } , unnecessary. Richer examples are enabled thanksto Substitutivity Of Relational Equality { } .I. P OSITIVE - RECURSIVE TYPES
A very useful type form from standard type theory is therecursive type rec
X. R , where X is bound in R , and X occursonly positively in R . The type should be isomorphic to itsunfolding r rec X. R { X s R , where we desire that the functionswitnessing the isomorphism are identity functions. (This formof recursive type can be seen as unifying the standardlydistinguished isorecursive and equirecursive .) This sectionshows how a relational version of this type can be derived inRelTT. The development is a (nontrivial) adaptation of ideasfrom [15], to our relational setting. It is built on the derivationsof subset type and implicit product from Section III, and makescrucial use of Montonicity { } . Let us assume that type R may contain type variable X free. Definition 70. rec
X. R : “ @ X. p R Ď X q ñ X Lemma 71 ( Rec
Body) . If J R K γ r X ÞÑ r s Ď r , then J rec X. R K γ Ď r .Proof. Assume (1) t J rec X. R K γ t , and instantiate this with r , to obtain t J p R Ď X q ñ X K γ r X ÞÑ r s t From this, applying Subset { } and Implicit Product { } ,we have the desired t r t , as long as J R K γ r X ÞÑ r s Ď r . Butthe latter is a condition of the lemma. Lemma 72 ( Rec
Fold) . If X P ` R , then t J r rec X. R { X s R Ď rec X. R K γ t .Proof. By Subset { } , it suffices to show J rec X. R { X s R K γ Ď J rec X. R K γ . So assume (1) t J r rec X. R { X s R K γ t , and show t J rec X. R K γ t . Applyingthe semantics, Implicit Product { } , and Subset { } , itsuffices to assume r P R and (2) J R K γ r X ÞÑ r s Ď r , and show t r r s t . Applying Interpretation Over Substitution { } to(1), we have (3) t J R K γ r X ÞÑ J rec X. R K γ s t . By Rec
Body { } with (2), J rec X. R K γ Ď r . By Monotonicity { } , (3) implies t J R K γ r X ÞÑ r γ s t . Combining this with (2), we obtain thedesired t r r s t . Lemma 73 ( Rec
Unfold) . If X P ` R , then t J rec X. R Ďr rec X. R { X s R K γ t .Proof. By Subset { } , it suffices to show J rec X. R K γ Ď J rec X. R { X s R K γ . So assume (1) t J rec X. R K γ t and show t J r rec X. R { X s R K γ t . Instantiate (1) with J r rec X. R { X s R K γ to obtain t J p R Ď X q ñ X K γ r X ÞÑ J r rec X. R { X s R K γ s t Applying Interpretation Over Substitution { } , this is equiva-lent to t J prr rec X. R { X s R { X s R Ď r rec
X. R { X s R q ñr rec X. R { X s R K γ t By Implicit Product { } and Subset { } , this implies thedesired typing as long as J rr rec X. R { X s R { X s R K γ Ď J r rec X. R { X s R K γ But this follows by Monotonicity { } (since X P ` R ) from J r rec X. R { X s R K γ Ď J rec X. R K γ And this follows (by Subset { } ) directly from Rec
Fold { } . Theorem 74 (Recursive Types) . If X P ` R , then t J rec X. R “ r rec X. R { X s R K γ t Proof.
Using Relational Equality { } , this follows from Rec
Fold { } and Rec
Unfold { } XII. A
RELATIONAL TYPE SYSTEM
Having considered now some of the expressive power ofRelTT, in its ability to derive types which are often taken asprimitive – for example, inductive types are derived here, butprimitive for the Calculus of Inductive Constructions [16] –let us turn to the question of an implementable type systemfor RelTT. We follow the approach suggested by the Curry-Howard correspondence, to to devise a system of proof termsfor derivations in RelPf.Figure 7 gives the syntax for contexts Γ and proof terms p of RelTy, together with an erasure function mapping theseback to pure λ -calculus. Proof terms p p, p q and π p ´ x.u.v.p are used for composition; the π -term is like an existentialelimination. Erasure will indeed treat proofs of relationaltypings by compositions as pairs (Definition 22). The typingrules for RelTy are given in Figure 8.Given a context Γ and a proof term p , the rules may be readbottom-up as an algorithm to compute the relational typing t r T s t (if any) proved by the proof term. Proofs are organizedin natural-deduction style: each type construct has introductionand elimination forms. For example, the introduction formfor an identity t r t s t t is ι t t, t u . The elimination is morecomplicated, unfortunately, as we must describe substitution,using a proven identity t r t s t , into the terms in some otherrelational typing. The syntax for the elimination form uses a“guide” t x.t , t u to give a mechanism for locating instancesof t in the left and right terms of the relational typing, to berewritten to t . The variable x in terms t and t marks theselocations.By design, RelTy exactly follows the structure of RelPf.Define z Γ { by z ¨ { “ ¨ z Γ , x : t r R s t { “ z Γ { , t r R s t This maps RelTy contexts to RelPf contexts. A reverse map-ping x Γ y can be defined as x Γ y k where k is the length of Γ ,and the helper function is defined as follows, using a canonicalordering x , x , . . . for assumption variables: x¨y k “ ¨x Γ , t r R s t y k “ x Γ y k ´ , x k : t r R s t heorem 75 (RelTy-RelPf Isomorphism) . i. If Γ $ p : t r R s t in RelTy, then z Γ { $ t r R s t in RelPf. ii. If Γ $ t r R s t in RelPf, then there exists p such that x Γ y $ p : t r R s t in RelTy.Proof. For (i): because RelTy just expands RelPf with proofterms, the proof amounts to erasing all proof terms (includingassumptions u in contexts) from RelTy derivations. For (ii):by design, RelTy has proof-term constructs corresponding toall proof rules of RelPf, so the proof amounts to recursivelyadding in those terms.If we project even further, we can map from RelTy toSystem F. Recall the definition of pairs (Definition 22), whichare used in projecting composition. Definition 76.
Define | R | recursively by: | X | “ X | R Ñ R | “ | R | Ñ | R ||@ X. R | “ @ X. | R || R Y | “ | R || R ¨ R | “ | R | ˆ | R || t | “ @ X. X Ñ X Extend this to contexts by recursively defining | Γ | : | ¨ | “ ¨| Γ , u : t r R s t | “ | Γ | , u : | R | Theorem 77 (RelTy Projection) . If Γ $ p : t r R s t then | Γ | $| p | : | R | in System F.Proof. The proof is by induction on the assumed RelTyderivation.Case: x : t r R s t P ΓΓ $ x : t r R s t From x : t r R s t P Γ we get x : | R | P Γ and hence the desiredconclusion.Case: Γ , u : x r R s x $ p : t r R s t p˚q Γ $ λ u : R. p : λ x. t r R Ñ R s λ x . t By the IH we have | Γ | , u : | R | $ p : | R | , from which wededuce the desired | Γ | $ λ u. | p | : | R Ñ R | .Case: Γ $ p : t r R Ñ R s t Γ $ p : t r R s t Γ $ p p : t t r R s t t By the IH we have | Γ | $ | p | : | R Ñ R | and | Γ | $ | p | : | R | ,from which we deduce the desired | Γ | $ | p p | : | R | .Case: Γ $ p : t r@ X. R s t Γ $ p t R u : t rr R { X s R s t By the IH we have | Γ | $ | p | : @ X. | R | , from which thedesired | Γ | $ | p | : |r R { X s R | follows. Case: Γ $ p : t r R s t X R FV p Γ q Γ $ Λ X. p : t r@ X. R s t By the IH we have | Γ | $ | p | : | R | , from which the desired | Γ | $ | p | : @ X. | R | follows.Case: Γ $ p : t r R s t t “ βη t t “ βη t Γ $ t đ p § t : t r R s t The erasure of t đ p § t is | p | , so the desired conclusion isjust | Γ | $ | p | : | R | , which we have by the IH.Case: Γ $ p : t r R Y s t Γ $ Y e p : t r R s t Similar to the previous case.Case: Γ $ p : t r R s t Γ $ Y i p : t r R Y s t Similar to the previous case.Case: Γ $ ι t t, t u : t r t s t t | ι t t, t u| is I and erasure of the term promotion t is @ X. X Ñ X . So this inference translates to the familiar typing of theidentity function in System F.Case: Γ $ p : t r t s t Γ $ p : r t t { x s t r R s r t t { x s t Γ $ ρ t x.t , t u p ´ p : r t { x s t r R s r t { x s t By the IH we have | Γ | $ | p | : | R | . Since the ρ -proof erasesto just the erasure of its leftmost subproof, this suffices for thedesired conclusion.Case: Γ $ p : t r R ¨ R s t p˚˚q Γ , u : t r R s x, v : x r R s t $ p : t r R s t Γ $ π p ´ x.u.v.p : t r R s t By the IH we have | Γ | $ | p | : | R | ˆ | R | and | Γ | , u : | R | , v : | R | $ | p | : | R | . By the definition of producttypes in System F, from these derivations we may easilyestablish | Γ | $ | p | λ u. λ v. | p | : | R | , which suffices since | π p ´ x.u.v.p | “ | p | λ u. λ v. | p | .Case: Γ $ p : t r R s t Γ $ p : t r R s t Γ $ p p, p q : t r R ¨ R s t By the IH we have | Γ | $ | p | : | R | and | Γ | $ | p | : | R | .With these we may deduce | Γ | $ p| p | , | p |q : | R | ˆ | R | by thedefinition of product types in System F.This result is interesting, because it shows that any validRelTy proof term proves a property of its own erasure: Proposition 78 (RelTy Self) . If Γ $ p : t r R s t , then Γ $ p : | p | r R s | p | . :: “ ¨ | Γ , u : t r R s t proof terms p : “ u | λ u : T. p | p p | p t T u | Λ X. p | t đ p § t |Y i p | Y e p | ι t t, t u | ρ t x.t , t u p ´ p |p p, p q | π p ´ x.u.v.p | u | “ u | λ u : T. p | “ λ u. p | p p | “ | p | | p || p t T u| “ | p || Λ X. p | “ | p || t đ p § t | “ | p || Y i p | “ | p || Y e p | “ | p || ι t t, t u| “ I | ρ t x.t , t u p ´ p | “ | p ||p p, p q| “ p| p | , | p |q| π p ´ x.u.v.p | “ | p | λ u. λ v. | p | Fig. 7. Syntax for proof terms of RelTy, and erasure to pure λ -calculus Proof sketch.
From the assumed RelTy derivation we get to Γ $ | p | r R s | p | using RelTy Projection { } and Soundnessof System F { } . We need then just a somewhat more infor-mative version of part (ii) of RelTy-RelPf Isomorphism { } ,which maps RelPf derivations to particular proof terms p (notjust showing that some such p exists) in correspondence withthe RelPf derivations.XIII. R ELATED WORK
RelTT’s semantics (Figure 2) is a relational realizability se-mantics, where realizers are terms of untyped lambda calculus(cf. [17], [18]). Relational semantics for types has been studiedextensively in the context of logical relations; see Chapter 8of [19]. An influential branch of this work was initiated byReynolds, on what is now called parametricity [9]. [20] framessome recent results, using categorical semantics.[21] proposes a similar realizabiliity semantics, for theCalculus of Constructions plus an extensional equality type.The major difference is that in RelTT, we propose a notationfor asymmetric relations, which is lacking in [21]. Instead,constructions based on the semantics are done at the meta-level (where asymmetric relations can be described). Indeed,the denotable relations of [21] are partial equivalences – albeitof a modified form due to basing the semantics on “zig-zagcomplete” relations. In contrast, we have seen above somefamilies of types whose denotations are partial equivalences(unmodified) in RelTT. But by design, not all types denotepartial equivalences in RelTT, since reasoning about termsgenerally involves asymmetric relations; an important examplewe saw is Reflection { } . Observational Type Theory (OTT) is an approach to type-specific extensionality principles in an intensional dependenttype theory, based on a primitive heterogeneous equality typeand associated operators [22]. RelTT is similar in derivingextensionality principles, but more radical in design: whereOTT extends a traditional (i.e., unary) type theory including W -types with an extensional form of equality, RelTT takes abinary view of all types, and does not use dependent types atall. The resulting system is hence formally quite a bit simpler.Unlike [9] and subsequent works like [23]), RelTT lacksIdentity Extension. This property states that when free typevariables are interpreted by identity relations, the relationalmeaning of a type T is the identity relation on the unary (or“object”) interpretation of T . This is a very strong property,showing that the object interpretation of types gives canonicalforms for the equivalence defined by the relational interpre-tation of types. But it rules out expression of asymmetricrelations as types. RelTT preserves this possibility, at the costof weakening Identity Extension to Identity Inclusion { } .In [24], Plotkin and Abadi introduce a second-order logicfor reasoning about (typable) terms of System F by quan-tification over relations, and using a parametricity axiom. Incontrast, RelTT uses relational types to express relations in amore compact way. A parametricity axiom would not makesense here, for there is no separate notion of unary typingfrom which relational typing could be stated to follow. Theonly typings are relational.RelTT may be compared with previous work of Stump et al.on Cedille [25], [26], [27]. Both systems aim at a minimalisticextension of a small pure type system as a foundation for typetheory. Cedille extends the Curry-style Calculus of Construc-tions with dependent intersections, implicit products, and anequality type over untyped terms. RelTT extends System Fwith three relational operators based on a relational semantics.While the systems are roughly equivalent in formal complexity– with RelTT having the simplifying advantage of eschewingdependent types – RelTT delivers type-specific extensionalityprinciples, which Cedille lacks.[28] considers how parametricity results can be embedded inconstructive type theory, by elaborating types into correspond-ing theorems in the logic of so-called “reflective” pure typesystems. Subsequent work built an extended PTS internalizingthese theorems [29]. These papers consider fairly rich Church-style lambda calculi, in contrast to the more compact Curry-style calculus of RelTT.Finally, RelTT may be compared with Homotopy TypeTheory (HoTT), a line too active in recent years to summarizehere [30]. Both theories support functional extensionality. Thetwo approaches have different origins: logical relations andparametricity for RelTT, homotopy theory and higher categorytheory for HoTT. A major point of difference is univalence:while RelTT allows one to express and derive relational equal-ities within the theory, these are based on semantic inclusions,not isomorphisms (as in univalence). Thus, transporting resultsbetween isomorphic types as done in HoTT is not (in anobvious way) directly possible in RelTT. Another point of : t r R s t P ΓΓ $ x : t r R s t Γ , p : x r R s x $ p : t r R s t p˚q Γ $ λ x : R. p : λ x. t r R Ñ R s λ x . t Γ $ p : t r R Ñ R s t Γ $ p : t r R s t Γ $ p p : t t r R s t t Γ $ p : t r@ X. R s t Γ $ p t R u : t rr R { X s R s t Γ $ p : t r R s t X R FV p Γ q Γ $ Λ X. p : t r@ X. R s t Γ $ p : t r R s t t “ βη t t “ βη t Γ $ t đ p § t : t r R s t Γ $ p : t r R Y s t Γ $ Y e p : t r R s t Γ $ p : t r R s t Γ $ Y i p : t r R Y s t Γ $ ι t t, t u : t r t s t t Γ $ p : t r t s t Γ $ p : r t t { x s t r R s r t t { x s t Γ $ ρ t x.t , t u p ´ p : r t { x s t r R s r t { x s t Γ $ p : t r R ¨ R s t Γ , u : t r R s x, v : x r R s t $ p : t r R s t p˚˚q Γ $ π p ´ x.u.v.p : t r R s t Γ $ p : t r R s t Γ $ p : t r R s t Γ $ p p, p q : t r R ¨ R s t Side condition (*) is x R FV p Γ , R, R q .Side condition (**) is x R FV p Γ , t , t , t, t , R, R , R q . Fig. 8. RelTy typing rules comparison is the compactness of the theory. RelTT is basedon a very compact semantics for a small number of relationaltype forms. In contrast, systems like, for one notable example,Cubical Agda, are based on a larger array of primitives [31].Whereas the free theorems provided by parametricity allowsproofs to be transported to observationally equivalent terms,HOTT uses explicit equivalences between terms for this pur-pose. Only very recent work has considered how to combinethese two complementary approaches inside of univalent typetheories [32].XIV. C
ONCLUSION AND FUTURE WORK
Based on a binary relational semantics, RelTT is a newminimalistic extensional type theory, where inductive andpositive-recursive types are derivable. The theory does nothave dependent types, and indeed, an indirect conclusion ofthe paper is that type theory does not require dependent typesfor reasoning about programs. Just passing from the traditionalunary semantics to a binary-relational one opens the possibilityfor formal (extensional) reasoning about programs. Futurework includes direct support for existential types, for derivingcoinductive types; the standard double-negation encoding ofexistentials is problematic due to the requirement of forall-positivity for Identity Inclusion { } .A CKNOWLEDGMENTS
We gratefully acknowledge NSF support under award1524519, and DoD support under award FA9550-16-1-0082(MURI program). First author: St. Jer., AMDG.R
EFERENCES[1] L. M. de Moura, S. Kong, J. Avigad, F. van Doorn, and J. von Raumer,“The Lean Theorem Prover (System Description),” in
AutomatedDeduction - CADE-25 - 25th International Conference on AutomatedDeduction, Berlin, Germany, August 1-7, 2015, Proceedings , ser.Lecture Notes in Computer Science, A. P. Felty and A. Middeldorp,Eds., vol. 9195. Springer, 2015, pp. 378–388. [Online]. Available:https://doi.org/10.1007/978-3-319-21401-6 26 [2] M. Sozeau, S. Boulier, Y. Forster, N. Tabareau, and T. Winterhalter,“Coq coq correct! verification of type checking and erasure for coq,in coq,”
Proc. ACM Program. Lang. , vol. 4, no. POPL, pp. 8:1–8:28,2020. [Online]. Available: https://doi.org/10.1145/3371076[3] C. Hermida, U. S. Reddy, and E. P. Robinson, “Logicalrelations and parametricity - A reynolds programme for categorytheory and programming languages,”
Electron. Notes Theor.Comput. Sci. , vol. 303, pp. 149–180, 2014. [Online]. Available:https://doi.org/10.1016/j.entcs.2014.02.008[4] S. Givant, “The calculus of relations as a foundation for mathematics,”
J. Autom. Reason. , vol. 37, no. 4, p. 277–322, Nov. 2006. [Online].Available: https://doi.org/10.1007/s10817-006-9062-x[5] A. Miquel, “The Implicit Calculus of Constructions,” in
Typed LambdaCalculi and Applications , ser. Lecture Notes in Computer Science, vol.2044. Springer, 2001, pp. 344–359.[6] J. Krivine,
Lambda-calculus, types and models , ser. Ellis Horwood seriesin computers and their applications. Masson, 1993, available fromKrivine’s web page.[7] P. Pistone, “On completeness and parametricity in the realizabilitysemantics of system F,”
Log. Methods Comput. Sci. , vol. 15, no. 4,2019. [Online]. Available: https://doi.org/10.23638/LMCS-15(4:6)2019[8] J. R. Hindley and J. P. Seldin,
Lambda-Calculus and Combinators: AnIntroduction , 2nd ed. USA: Cambridge University Press, 2008.[9] J. C. Reynolds, “Types, Abstraction and Parametric Polymorphism,” in
Information Processing 83, Proceedings of the IFIP 9th World ComputerCongress, Paris, France, September 19-23, 1983 , R. E. A. Mason, Ed.North-Holland/IFIP, 1983, pp. 513–523.[10] P. Wadler, “The Girard-Reynolds isomorphism (second edition),”
Theor.Comput. Sci. , vol. 375, no. 1-3, pp. 201–226, 2007. [Online]. Available:https://doi.org/10.1016/j.tcs.2006.12.042[11] H. P. Barendregt, “Lambda Calculi with Types,” in
Handbook of Logicin Computer Science (Vol. 2) , S. Abramsky, D. M. Gabbay, and S. E.Maibaum, Eds. New York, NY, USA: Oxford University Press, Inc.,1992, pp. 117–309.[12] H. D. E. III, A. Stump, and R. McCleeary, “Dualized simple typetheory,”
Log. Methods Comput. Sci. , vol. 12, no. 3, 2016. [Online].Available: https://doi.org/10.2168/LMCS-12(3:2)2016[13] P. Wadler, “Recursive types for free!” 1990, available athttps://homepages.inf.ed.ac.uk/wadler/papers/free-rectypes/free-rectypes.txt.[14] T. Uustalu and V. Vene, “Primitive (Co)Recursion and Course-of-Value (Co)Iteration, Categorically,”
Informatica, Lith. Acad.Sci.
CoRR , vol. abs/2001.02828, 2020, insecond round of reviewing as of November, 2020. [Online]. Available:http://arxiv.org/abs/2001.02828[16] B. Werner, “Une Th´eorie des Constructions Inductives,” Ph.D.dissertation, Universit´e Paris-Diderot - Paris VII, 1994. [Online].Available: https://tel.archives-ouvertes.fr/tel-0019652417] J. van Oosten, “Realizability: A historical essay,”
Math. Struct.Comput. Sci. , vol. 12, no. 3, pp. 239–263, 2002. [Online]. Available:https://doi.org/10.1017/S0960129502003626[18] A. Troelstra, “Chapter vi - realizability,” in
Handbook of Proof Theory
Foundations for programming languages , ser. Foundationof computing series. MIT Press, 1996.[20] K. Sojakova and P. Johann, “A general framework for relational para-metricity,” in
Proceedings of the 33rd Annual ACM/IEEE Symposium onLogic in Computer Science, LICS 2018, Oxford, UK, July 09-12, 2018 ,A. Dawar and E. Gr¨adel, Eds. ACM, 2018, pp. 869–878.[21] N. R. Krishnaswami and D. Dreyer, “Internalizing Relational Parametric-ity in the Extensional Calculus of Constructions,” in
Computer ScienceLogic 2013 (CSL 2013), CSL 2013, September 2-5, 2013, Torino, Italy ,ser. LIPIcs, S. R. D. Rocca, Ed., vol. 23. Schloss Dagstuhl - Leibniz-Zentrum f¨ur Informatik, 2013, pp. 432–451.[22] T. Altenkirch, C. McBride, and W. Swierstra, “Observational equality,now!” in
Proceedings of the ACM Workshop Programming Languagesmeets Program Verification, PLPV 2007, Freiburg, Germany, October5, 2007 , A. Stump and H. Xi, Eds., 2007, pp. 57–68.[23] R. Atkey, “Relational parametricity for higher kinds,” in
ComputerScience Logic (CSL’12) - 26th International Workshop/21stAnnual Conference of the EACSL, CSL 2012, September 3-6, 2012, Fontainebleau, France , ser. LIPIcs, P. C´egielski andA. Durand, Eds., vol. 16. Schloss Dagstuhl - Leibniz-Zentrum f¨ur Informatik, 2012, pp. 46–61. [Online]. Available:http://drops.dagstuhl.de/opus/portals/extern/index.php?semnr=12009[24] G. D. Plotkin and M. Abadi, “A Logic for Parametric Polymorphism,”in
Typed Lambda Calculi and Applications, International Conferenceon Typed Lambda Calculi and Applications, TLCA ’93, Utrecht,The Netherlands, March 16-18, 1993, Proceedings , ser. LectureNotes in Computer Science, M. Bezem and J. F. Groote, Eds.,vol. 664. Springer, 1993, pp. 361–375. [Online]. Available:https://doi.org/10.1007/BFb0037093[25] A. Stump, C. Jenkins, S. Spahn, and C. McDonald, “Strong functionalpearl: Harper’s regular-expression matcher in cedille,”
Proc. ACMProgram. Lang. , vol. 4, no. ICFP, pp. 122:1–122:25, 2020. [Online].Available: https://doi.org/10.1145/3409004[26] D. Firsov, R. Blair, and A. Stump, “Efficient mendler-style lambda-encodings in cedille,” in
Interactive Theorem Proving , J. Avigad andA. Mahboubi, Eds. Cham: Springer International Publishing, 2018, pp.235–252.[27] A. Stump, “From realizability to induction via dependent intersection,”
Ann. Pure Appl. Logic , vol. 169, no. 7, pp. 637–655, 2018.[28] J.-P. Bernardy, P. Jansson, and R. Paterson, “Parametricity anddependent types,” in
Proceedings of the 15th ACM SIGPLANInternational Conference on Functional Programming , ser. ICFP ’10.New York, NY, USA: Association for Computing Machinery, 2010, p.345–356. [Online]. Available: https://doi.org/10.1145/1863543.1863592[29] J.-P. Bernardy and G. Moulin, “A computational interpretation ofparametricity,” in
Proceedings of the 2012 27th Annual IEEE/ACMSymposium on Logic in Computer Science , ser. LICS ’12. USA:IEEE Computer Society, 2012, p. 135–144. [Online]. Available:https://doi.org/10.1109/LICS.2012.25[30] T. Univalent Foundations Program,
Homotopy Type Theory: Univa-lent Foundations of Mathematics . Institute for Advanced Study:https://homotopytypetheory.org/book, 2013.[31] A. Vezzosi, A. M¨ortberg, and A. Abel, “Cubical agda: a dependentlytyped programming language with univalence and higher inductivetypes,”
Proc. ACM Program. Lang. , vol. 3, no. ICFP, pp. 87:1–87:29,2019. [Online]. Available: https://doi.org/10.1145/3341691[32] N. Tabareau, E. Tanter, and M. Sozeau, “The marriage of univalenceand parametricity,”