Erasable coercions: a unified approach to type systems Julien - PowerPoint PPT Presentation

Framework idea: we distinguish two sorts of typing rules Erasable rules Computational rules (Γ , Σ i ⊢ a i : τ i ) i ∈ 1 .. n Γ , Σ ⊢ a : τ J 1 . . . J m J 1 . . . J m Γ ⊢ node ( a 1 , . . . a n ) : ρ Γ ⊢ a : ρ We factor all erasable rules into a unique erasable rule: Unique erasable rule Coercion rules TermCoer J 1 . . . J m Γ , Σ ⊢ a : τ Γ ⊢ (Σ ⊢ τ ) ⊲ ρ Γ ⊢ (Σ ⊢ τ ) ⊲ ρ Γ ⊢ a : ρ 15 / 34

Framework idea: we distinguish two sorts of typing rules Erasable rules Computational rules (Γ , Σ i ⊢ a i : τ i ) i ∈ 1 .. n Γ , Σ ⊢ a : τ J 1 . . . J m J 1 . . . J m Γ ⊢ node ( a 1 , . . . a n ) : ρ Γ ⊢ a : ρ We factor all erasable rules into a unique erasable rule: Unique erasable rule Coercion rules TermCoer J 1 . . . J m Γ , Σ ⊢ a : τ Γ ⊢ (Σ ⊢ τ ) ⊲ ρ Γ ⊢ (Σ ⊢ τ ) ⊲ ρ Γ ⊢ a : ρ The unique erasable rule looks like the usual term subtyping rule. Besides changing the type, coercions may also extend the environment. 15 / 34

Framework gain: composable features It looks like we only played with the syntax of typing rules. 16 / 34

Framework gain: composable features It looks like we only played with the syntax of typing rules. However, this change makes a clear distinction between terms and type annotations: terms are totally absent from coercion rules. J 1 . . . J m Γ ⊢ (Σ ⊢ τ ) ⊲ ρ 16 / 34

Framework gain: composable features It looks like we only played with the syntax of typing rules. However, this change makes a clear distinction between terms and type annotations: terms are totally absent from coercion rules. J 1 . . . J m Γ ⊢ (Σ ⊢ τ ) ⊲ ρ More essentially, rule TermCoer enforces a unique interface for all erasable features: Γ ⊢ (Σ ⊢ τ ) ⊲ ρ this change is a preliminary to have composable features. this enables to decompose existing features into atomic parts. 16 / 34

Framework: all term typing rules STLC (canonical, minimal set of typing rules) a 1 a 2 a ρ τ 1 τ 2 Γ , ( x : τ ) Γ Γ � , � λ x τ → ρ τ 1 × τ 2 Γ Γ x a a b Γ( x ) Γ τ → ρ τ 1 × τ 2 Γ Γ τ Γ π i @ τ i ρ Γ Γ 17 / 34

Framework: all term typing rules STLC (canonical, minimal set of typing rules) a 1 a 2 a ρ τ 1 τ 2 Γ , ( x : τ ) Γ Γ � , � λ x τ → ρ τ 1 × τ 2 Γ Γ x a a b Γ( x ) Γ τ → ρ τ 1 × τ 2 Γ Γ τ Γ π i @ τ i ρ Γ Γ Term coercion rule a a TermCoer   τ τ Γ , Σ ⊢ a : τ ⇒ Γ ⊢ (Σ ⊢ τ ) ⊲ ρ Γ , Σ Γ , Σ G     +Σ +Σ τ τ   Γ ⊢ a : ρ   G G ρ ρ Γ Γ 17 / 34

Feature: polymorphism We write τ ⊲ ρ for ( ∅ ⊢ τ ) ⊲ ρ . This is actually how subtyping is encoded. 18 / 34

Feature: polymorphism We write τ ⊲ ρ for ( ∅ ⊢ τ ) ⊲ ρ . This is actually how subtyping is encoded. Coercion rules OldInst + ∅ ∀ α τ Inst Γ ⊢ a : ∀ α τ ⇒ Γ ⊢ ∀ α τ ⊲ τ [ α/ρ ] [ ρ ] [ ρ ] Γ ⊢ a : τ [ α/ρ ] τ [ α/ρ ] Γ 18 / 34

Feature: polymorphism We write τ ⊲ ρ for ( ∅ ⊢ τ ) ⊲ ρ . This is actually how subtyping is encoded. Coercion rules OldGen + α τ Gen Γ , α ⊢ a : τ ⇒ Γ ⊢ ( α ⊢ τ ) ⊲ ∀ α τ Λ α Λ α Γ ⊢ a : ∀ α τ Γ ∀ α τ OldInst + ∅ ∀ α τ Inst Γ ⊢ a : ∀ α τ ⇒ Γ ⊢ ∀ α τ ⊲ τ [ α/ρ ] [ ρ ] [ ρ ] Γ ⊢ a : τ [ α/ρ ] τ [ α/ρ ] Γ 18 / 34

Feature: polymorphism We write τ ⊲ ρ for ( ∅ ⊢ τ ) ⊲ ρ . This is actually how subtyping is encoded. Coercion rules OldGen + α τ Gen Γ , α ⊢ a : τ ⇒ Γ ⊢ ( α ⊢ τ ) ⊲ ∀ α τ Λ α Λ α Γ ⊢ a : ∀ α τ Γ ∀ α τ OldInst + ∅ ∀ α τ Inst Γ ⊢ a : ∀ α τ ⇒ Γ ⊢ ∀ α τ ⊲ τ [ α/ρ ] [ ρ ] [ ρ ] Γ ⊢ a : τ [ α/ρ ] τ [ α/ρ ] Γ STLC + polymorphism = System F 18 / 34

Extending the framework We internalize the reflexivity and transitivity of coercions. Coercion rules τ + ∅ Refl ⇒ Γ ⊢ τ ⊲ τ ♦ ♦ τ Γ These rules are now part of the framework. 19 / 34

Extending the framework We internalize the reflexivity and transitivity of coercions. Coercion rules τ + ∅ Refl ⇒ Γ ⊢ τ ⊲ τ ♦ ♦ τ Γ τ 1 +Σ 1 Trans ⇒ Γ ⊢ (Σ 2 ⊢ τ 2 ) ⊲ τ 3 G 1 G 2 τ 1 +Σ 2 , Σ 1 ⇒ Γ , Σ 2 ⊢ (Σ 1 ⊢ τ 1 ) ⊲ τ 2 Γ , Σ 2 τ 2 G 1 if then G 2 ◦ G 1 ⇒ Γ ⊢ (Σ 2 , Σ 1 ⊢ τ 1 ) ⊲ τ 3 τ 2 +Σ 2 G 2 ◦ G 1 τ 3 Γ G 2 conclusion τ 3 Γ premises These rules are now part of the framework. 19 / 34

Extending the framework We internalize the reflexivity and transitivity of coercions. Coercion rules τ + ∅ Refl ⇒ Γ ⊢ τ ⊲ τ ♦ ♦ τ Γ τ 1 +Σ 1 Trans ⇒ Γ ⊢ (Σ 2 ⊢ τ 2 ) ⊲ τ 3 G 1 G 2 τ 1 +Σ 2 , Σ 1 ⇒ Γ , Σ 2 ⊢ (Σ 1 ⊢ τ 1 ) ⊲ τ 2 Γ , Σ 2 τ 2 G 1 if then G 2 ◦ G 1 ⇒ Γ ⊢ (Σ 2 , Σ 1 ⊢ τ 1 ) ⊲ τ 3 τ 2 +Σ 2 G 2 ◦ G 1 τ 3 Γ G 2 conclusion τ 3 Γ premises These rules are now part of the framework. 19 / 34

Extending the framework We internalize the reflexivity and transitivity of coercions. Coercion rules τ + ∅ Refl ⇒ Γ ⊢ τ ⊲ τ ♦ ♦ τ Γ τ 1 +Σ 1 Trans ⇒ Γ ⊢ (Σ 2 ⊢ τ 2 ) ⊲ τ 3 G 1 G 2 τ 1 +Σ 2 , Σ 1 ⇒ Γ , Σ 2 ⊢ (Σ 1 ⊢ τ 1 ) ⊲ τ 2 Γ , Σ 2 τ 2 G 1 if then G 2 ◦ G 1 ⇒ Γ ⊢ (Σ 2 , Σ 1 ⊢ τ 1 ) ⊲ τ 3 τ 2 +Σ 2 G 2 ◦ G 1 τ 3 Γ G 2 conclusion τ 3 Γ premises These rules are now part of the framework. 19 / 34

Feature: eta-expansion (rules) Eta-expansion is at the root of subtyping. Coercion rules EtaProd Γ ⊢ (Σ ⊢ τ 1 ) ⊲ ρ 1 Γ ⊢ (Σ ⊢ τ 2 ) ⊲ ρ 2 Γ ⊢ (Σ ⊢ τ 1 × τ 2 ) ⊲ ρ 1 × ρ 2 EtaArr Γ , Σ ⊢ ρ 1 ⊲ τ 1 Γ ⊢ (Σ ⊢ τ 2 ) ⊲ ρ 2 Γ ⊢ (Σ ⊢ τ 1 → τ 2 ) ⊲ ρ 1 → ρ 2 These coercion rules extend the subtyping congruence rules of computational types to our notion of coercions. Note: You need one such rule for each of your computational types. 20 / 34

Feature: eta-expansion (rules) Eta-expansion is at the root of subtyping. Coercion rules EtaProd ⇒ Γ ⊢ (Σ ⊢ τ 1 ) ⊲ ρ 1 ⇒ Γ ⊢ (Σ ⊢ τ 2 ) ⊲ ρ 2 G 1 G 2 ⇒ Γ ⊢ (Σ ⊢ τ 1 × τ 2 ) ⊲ ρ 1 × ρ 2 G 1 × G 2 EtaArr ⇒ Γ , Σ ⊢ ρ 1 ⊲ τ 1 ⇒ Γ ⊢ (Σ ⊢ τ 2 ) ⊲ ρ 2 G 1 G 2 ⇒ Γ ⊢ (Σ ⊢ τ 1 → τ 2 ) ⊲ ρ 1 → ρ 2 G 1 → G 2 These coercion rules extend the subtyping congruence rules of computational types to our notion of coercions. Note: You need one such rule for each of your computational types. 20 / 34

Feature: eta-expansion (consequences) STLC + polymorphism + eta-expansion ≡ System F η (Mitchell 1988) 21 / 34

Feature: eta-expansion (consequences) STLC + polymorphism + eta-expansion ≡ System F η (Mitchell 1988) Our presentation is improved: (thanks to the use of coercions instead of just subtyping) polymorphic type congruence rule is derivable: ∀ α τ [ α ] τ Λ α ◦ G ◦ [ α ] G ρ + α Λ α ∀ α ρ distributivity rules are derivable: ([ α ] → Λ α ) ◦ [ α ] (Λ α × Λ α ) ◦ [ α ] 21 / 34

Feature: lower bounded polymorphism Lower bounded polymorphism is a form of coercion abstraction. Coercion rules LowerInst LowerGen Γ ⊢ ( σ ⊲ α )[ α/ρ ] Γ ⊢ ( α ⊳ σ ⊢ τ ) ⊲ ∀ ( α ⊳ σ ) τ Γ ⊢ ∀ ( α ⊳ σ ) τ ⊲ τ [ α/ρ ] 22 / 34

Feature: lower bounded polymorphism Lower bounded polymorphism is a form of coercion abstraction. Coercion rules LowerInst LowerGen Γ ⊢ ( σ ⊲ α )[ α/ρ ] Γ ⊢ ( α ⊳ σ ⊢ τ ) ⊲ ∀ ( α ⊳ σ ) τ Γ ⊢ ∀ ( α ⊳ σ ) τ ⊲ τ [ α/ρ ] 22 / 34

Feature: lower bounded polymorphism Lower bounded polymorphism is a form of coercion abstraction. Coercion rules LowerInst LowerGen Γ ⊢ ( σ ⊲ α )[ α/ρ ] Γ ⊢ ( α ⊳ σ ⊢ τ ) ⊲ ∀ ( α ⊳ σ ) τ Γ ⊢ ∀ ( α ⊳ σ ) τ ⊲ τ [ α/ρ ] STLC + lower bounded polymorphism ≡ MLF (Le Botlan, Rémy, Yakobowski, 2003-2010) This permits to prove the strong normalization of MLF. 22 / 34

Feature: upper bounded polymorphism Upper bounded polymorphism is also a form of coercion abstraction. Coercion rules UpperInst UpperGen Γ ⊢ ( α ⊲ σ )[ α/ρ ] Γ ⊢ ( α ⊲ σ ⊢ τ ) ⊲ ∀ ( α ⊲ σ ) τ Γ ⊢ ∀ ( α ⊲ σ ) τ ⊲ τ [ α/ρ ] 23 / 34

Feature: upper bounded polymorphism Upper bounded polymorphism is also a form of coercion abstraction. Coercion rules UpperInst UpperGen Γ ⊢ ( α ⊲ σ )[ α/ρ ] Γ ⊢ ( α ⊲ σ ⊢ τ ) ⊲ ∀ ( α ⊲ σ ) τ Γ ⊢ ∀ ( α ⊲ σ ) τ ⊲ τ [ α/ρ ] 23 / 34

Feature: upper bounded polymorphism Upper bounded polymorphism is also a form of coercion abstraction. Coercion rules UpperInst UpperGen Γ ⊢ ( α ⊲ σ )[ α/ρ ] Γ ⊢ ( α ⊲ σ ⊢ τ ) ⊲ ∀ ( α ⊲ σ ) τ Γ ⊢ ∀ ( α ⊲ σ ) τ ⊲ τ [ α/ρ ] STLC + eta-expansion + upper bounded polymorphism � System F < : (Canning, Cook, Hill, Olthoff, Mitchell, 1989) Our version is more expressive than all variants of F < : because coercions are composable, i.e. distributivity and congruence rules are derivable. 23 / 34

Properties: bisimulation We can define a reduction relation M � N for explicit terms. We label reduction steps with ι (iota) for erasable steps β (beta) for computational steps 24 / 34

Properties: bisimulation We can define a reduction relation M � N for explicit terms. We label reduction steps with ι (iota) for erasable steps β (beta) for computational steps Bisimulation (how explicit and implicit reduction relations relate) ⋆ explicit: M N M N M N ι β ι β implict: a a = b b a b Forward simulation Backward simulation We write a (resp. b ) for the type erasure of M (resp. N ). 24 / 34

Properties: soundness and strong normalization We prove soundness with the usual scheme: preservation + progress. preservation: reduction preserves well-typedness progress: errors are not well-typed 25 / 34

Properties: soundness and strong normalization We prove soundness with the usual scheme: preservation + progress. preservation: reduction preserves well-typedness progress: errors are not well-typed Since explicit terms represent typing derivations, the explicit version of these two lemmas is much simpler to prove than the implicit version. 25 / 34

Properties: soundness and strong normalization We prove soundness with the usual scheme: preservation + progress. preservation: reduction preserves well-typedness progress: errors are not well-typed Since explicit terms represent typing derivations, the explicit version of these two lemmas is much simpler to prove than the implicit version. We factor the difficulties in the bisimulation lemma, and prove the implicit versions from the explicit ones. 25 / 34

Properties: soundness and strong normalization We prove soundness with the usual scheme: preservation + progress. preservation: reduction preserves well-typedness progress: errors are not well-typed Since explicit terms represent typing derivations, the explicit version of these two lemmas is much simpler to prove than the implicit version. We factor the difficulties in the bisimulation lemma, and prove the implicit versions from the explicit ones. Strong normalization is proved by reification into System F. 25 / 34

System F p ι (POPL 2012) F p Erasable feature F F MLF � F < : η ι √ √ √ Polymorphism - - √ √ √ Eta-expansion - - √ √ Bottom - - - √ √ Top - - - √ √ Lower bounded polymorphism - - - √ √ Upper bounded polymorphism - - - We have a general framework with a clear distinction between programs and type annotations, composable modular coercion rules (for all erasable features), the preservation, progress, and bisimulation properties, strongly normalizing, and generalizing MLF, F < : , and F η (thus ML and F) 26 / 34

Part II In this general approach to coercions, System F p ι seems a local optimal (with respect to coercion abstraction) that is syntactical. 27 / 34

Part II In this general approach to coercions, System F p ι seems a local optimal (with respect to coercion abstraction) that is syntactical. System F p ι can only model bounded polymorphism with a single bound, which does not even cover subtyping constraints in ML. 27 / 34

Part II In this general approach to coercions, System F p ι seems a local optimal (with respect to coercion abstraction) that is syntactical. System F p ι can only model bounded polymorphism with a single bound, which does not even cover subtyping constraints in ML. We now lift this restriction following a semantical approach. 27 / 34

Coherent polymorphism We get general coercion abstraction by simultaneously abstracting over types and coercions. 28 / 34

Coherent polymorphism We get general coercion abstraction by simultaneously abstracting over types and coercions. We factor this operation with coherent polymorphic types ∀ ( α : κ ) τ using kinds and propositions. κ ::= 1 | κ × κ | ⋆ | { α : κ | P } Kinds P ::= ⊤ | P ∧ P | (Σ ⊢ τ ) ⊲ τ Propositions 28 / 34

Coherent polymorphism We get general coercion abstraction by simultaneously abstracting over types and coercions. We factor this operation with coherent polymorphic types ∀ ( α : κ ) τ using kinds and propositions. κ ::= 1 | κ × κ | ⋆ | { α : κ | P } Kinds P ::= ⊤ | P ∧ P | (Σ ⊢ τ ) ⊲ τ Propositions Examples System F: ∀ α ρ becomes ∀ ( α : ⋆ ) ρ MLF: ∀ ( α ⊳ τ ) ρ becomes ∀ ( α : { β : ⋆ | τ ⊲ β } ) ρ Constraint ML: ∀ ( α : { β : ⋆ | τ 1 ⊲ β ∧ β ⊲ τ 2 } ) ρ is new ∀ ( α : { β : ⋆ × ⋆ | π 1 β ⊲ ( π 1 β ) → ( π 2 β ) } ) ρ is new 28 / 34

Why coherence? We write τ ≡ ρ for erasable isomorphisms. It desugars to τ ⊲ ρ ∧ ρ ⊲ τ . 29 / 34

Why coherence? We write τ ≡ ρ for erasable isomorphisms. It desugars to τ ⊲ ρ ∧ ρ ⊲ τ . Abstracting over { α : ⋆ | ( α ≡ α → α ) ∧ ( α ≡ α × α ) } looses soundness (which we must forbid) 29 / 34

Why coherence? We write τ ≡ ρ for erasable isomorphisms. It desugars to τ ⊲ ρ ∧ ρ ⊲ τ . Abstracting over { α : ⋆ | ( α ≡ α → α ) ∧ ( α ≡ α × α ) } looses soundness (which we must forbid) { α : ⋆ | α ≡ α → α } looses normalization (which we may want to forbid) 29 / 34

Why coherence? We write τ ≡ ρ for erasable isomorphisms. It desugars to τ ⊲ ρ ∧ ρ ⊲ τ . Abstracting over { α : ⋆ | ( α ≡ α → α ) ∧ ( α ≡ α × α ) } looses soundness (which we must forbid) { α : ⋆ | α ≡ α → α } looses normalization (which we may want to forbid) Coherence A type abstraction over κ is coherent if there is a witness ρ of kind κ . (if κ is { α : ⋆ | α ⊲ τ } , this implies the existence of a coercion of type ρ ⊲ τ ) Notice that coherence holds by construction in System F p ι (witnesses are either top or bottom) . Coherence is a premise of the type abstraction rule in System F cc (it is undecidable in the general case) . 29 / 34

Incoherent polymorphism Some type system features (such as GADTs) rely on blocking constructs. To study them, we extend our calculus with simple blocking and unblocking constructs. Blocks (typing rules and reduction rule) a a a Γ , ( α : κ ) τ Π( α : κ ) τ Γ ∂ · a ∂ · ·♦ ·♦ Γ Π( α : κ ) τ Γ τ [ α/ρ ] κ coherent This construct is similar to the zero-cost abstraction of FC (Peyton Jones, Vytiniotis, 2011). Note: This construct breaks confluence, but confluence can easily be restored. 30 / 34

System F cc We have a general framework with a clear distinction between programs and annotations, composable first-class coercion propositions, a quite rich logic (quantifiers and coinduction), soundness and strong normalization, and generalizing F p ι and Constraint ML (thus MLF, F < : , F η , ML, and F) 31 / 34

Features not presented in this talk Computational features (sum, unit, and void types) are easy. Erasable features Type language: top and bottom types (easy) equi-recursive types (requires step-indexed semantics) (partially done) function types as in F ω Proposition language: polymorphic propositions (easy) existential propositions (derives from coherence and constrained kind) coinduction (requires step-indexed semantics) 32 / 34

Formalization The soundness and normalization results are shown using a semantic approach. Both proofs are similar, largely shared, and formalized in Coq. Techniques normalization uses reducibility candidates (Tait’s method) soundness generalizes step-indexed techniques for recursive types (Appel, McAllester, 2001) to strong reduction 33 / 34

Future work There is little work to have a complete kernel type system: Redesign function types Verify that side effects can be added (with value restriction) 34 / 34

Future work There is little work to have a complete kernel type system: Redesign function types Verify that side effects can be added (with value restriction) Some interesting research remain to be done: Primitive existential types (call-by-constructor reduction) Higher-order recursive types Which restrictions of System F cc would allow a syntactical approach? Intersection types need multi-premises erasable rules (partially explored, design parallel to polymorphism) Dependent type version of the framework? 34 / 34

Extra slides Extra slides 34 / 34

Intersection types Intro Elim Γ ⊢ a : τ 1 Γ ⊢ a : τ 2 Γ ⊢ a : τ 1 ∩ τ 2 Γ ⊢ a : τ 1 ∩ τ 2 Γ ⊢ a : τ i Coercions Γ ⊢ (Σ ⊢ τ ) ⊲ ρ now become Γ ⊢ { Σ i ⊢ τ i } i ⊲ ρ which can be understood as Γ ⊢ � i (Σ i ⊢ τ i ) ⊲ ρ . Fusion Intro Elim Γ ⊢ { τ, . . . τ } ⊲ ρ Γ ⊢ { τ 1 , τ 2 } ⊲ τ 1 ∩ τ 2 Γ ⊢ τ 1 ∩ τ 2 ⊲ τ i Γ ⊢ τ ⊲ ρ Weak Intro Elim Γ ⊢ (Σ ⊢ τ ) ⊲ ρ Γ ⊢ ( α ⊢ τ ) ⊲ ∀ α τ Γ ⊢ ∀ α τ ⊲ τ [ α/ρ ] Γ ⊢ τ ⊲ ρ 34 / 34

Intersection types: terms The term typing rules are done point-wise and written a : { Γ i ⊢ τ i } i TermLam TermVar a : { Γ i , ( x : τ i ) ⊢ ρ i } i x : { Γ i ⊢ Γ i ( x ) } i λ x a : { Γ i ⊢ τ i → ρ i } i TermApp a : { Γ i ⊢ τ i → ρ i } i b : { Γ i ⊢ τ i } i a b : { Γ i ⊢ ρ i } i TermCoer a : { { Γ i , Σ j ⊢ τ j } j } i { Γ i ⊢ { Σ j ⊢ τ j } j ⊲ ρ i } i a : { Γ i ⊢ ρ i } i 34 / 34

Intersection types: coercions Trans � i Γ , Σ 2 i ⊢ { Σ 1 j ⊢ τ 1 j } j ⊲ τ 2 i Γ ⊢ { Σ 2 i ⊢ τ 2 i } i ⊲ τ 3 � { Σ 2 i , Σ 1 j ⊢ τ 1 j } j � i ⊲ τ 3 � Γ ⊢ EtaArr Weak � Γ , Σ i ⊢ τ ′ ⊲ τ i Γ ⊢ { Σ i ⊢ ρ i } i ⊲ ρ ′ � i Γ ⊢ { Σ ⊢ τ, . . . } ⊲ ρ Γ ⊢ { Σ i ⊢ τ i → ρ i } i ⊲ τ ′ → ρ ′ Γ ⊢ τ ⊲ ρ We derive the usual subtyping rules: Γ ⊢ ρ ⊲ τ 1 Γ ⊢ ρ ⊲ τ 2 Γ ⊢ ( τ → ρ 1 ) ∩ ( τ → ρ 2 ) ⊲ τ → ρ 1 ∩ ρ 2 Γ ⊢ ρ ⊲ τ 1 ∩ τ 2 34 / 34

Push τ 1 Γ 2 Γ 1 Γ ′ 1 M N Γ ′ 1 = Γ 1 , ( x : τ 1 ) Γ ′ 2 = Γ 2 , ( x : τ 2 ) ρ 1 M ⇒ a ⊢ Γ ′ 1 : ρ 1 τ 2 λ λ N ⇒ b ⊢ Γ 2 : τ 2 LG LG ⇒ Γ 2 ⊢ (Σ 1 ⊢ τ 1 → ρ 1 ) ⊲ τ 2 → ρ 2 τ 1 → ρ 1 G τ 1 @ @ ρ 1 N τ 1 RG Γ 2 Γ 1 Γ ′ 1 τ 2 ρ 2 M LG LG τ 1 τ 2 Γ 2 Γ 1 ρ 1 LG LG M M λ λ N τ 1 τ 1 → ρ 1 Γ 2 Γ ′ 2 Γ ′ 1 G G ρ 1 τ 2 → ρ 2 τ 2 M M @ RG RG ρ 2 ρ 2 ρ 1 RG RG ρ 2 N λ λ τ 2 → ρ 2 τ 2 @ ρ 2 34 / 34

GADTs Existentials def ∃ ( α : κ ) τ = ∀ β ( ∀ ( α : κ ) ( τ → β )) → β coherent def def pack a = λ x x a unpack a as x in b = a ( λ x b ) def Σ( α : κ ) τ = ∀ β (Π( α : κ ) ( τ → β )) → β incoherent def def ipack a = λ x x ♦ a iunpack a as x in b = a ( ∂ λ x b ) def Term α = Σ( β 1 , β 2 | α ≡ ( β 1 → β 2 )) α + ∃ β Term ( β → α ) × Term β def Lam x = inl ( ipack x ) : ∀ α ∀ β ( α → β ) → Term ( α → β ) def App y x = inr ( pack � y , x � ) : ∀ α ∀ β Term ( α → β ) → Term α → Term β eval x = case x of { inl x 1 �→ iunpack x 1 as y in y | inr x 2 �→ unpack x 2 as y in ( eval ( π 1 y )) ( eval ( π 2 y )) } 34 / 34

Why block abstraction? We studied an alternate version of F cc where type and coercion abstraction are separate constructs. Namely, the usual type abstraction ∀ α τ and the coercion abstraction ( τ 1 ⊲ τ 2 ) ⇒ ρ . However, the test of coherence has to be done by block since some coercions hold only for some particular instances of the context. The additional flexibility we get is thus negligible, since they are just η -expansion variants. 34 / 34

Weakening To simplify readability, we add a proof of coercion weakening. Weak ⇒ Γ ⊢ (Σ ⊢ τ ) ⊲ ρ G ⇒ Γ ⊢ τ ⊲ ρ ∗ G τ + ∅ τ +Σ G ρ Γ 34 / 34

Extremes Top and bottom permit to illustrate subtyping. Coercion rules τ + ∅ Top ⇒ Γ ⊢ τ ⊲ ⊤ ⊤ ⊤ Γ ⊤ + ∅ Bot ⊥ ⇒ Γ ⊢ ⊥ ⊲ τ ⊥ τ ⊥ τ τ Γ 34 / 34

Existentials Existential types are inherently difficult (breaks preservation). ( x 1 x 2 : ∃ α ( α → Int ) × α ) ⊢ unpack α, x = b x 1 x 2 in ( π 1 x ) ( π 2 x ) : Int erases to let x = b x 1 x 2 in ( π 1 x ) ( π 2 x ) � ( π 1 ( b x 1 x 2 )) ( π 2 ( b x 1 x 2 )) There is at least four solutions: 1 keep the calculus and use dependent types, 2 keep the calculus and use a standardization argument (Riba 2007), 3 change the calculus and use a simple argument, or 4 use the CPS encoding. Only the second solution does not restore preservation. 34 / 34

Eta-expansion τ ′ → ρ ′ τ ′ 1 × τ ′ +Σ +Σ 2 G 1 × G 2 G 1 → G 2 τ → ρ τ 1 × τ 2 Γ Γ x τ τ ′ 1 × τ ′ τ ′ 1 × τ ′ 2 2 G 1 π 1 π 2 τ ′ → ρ ′ τ ′ τ ′ τ ′ +Σ +Σ @ 1 2 G 1 G 2 ρ ′ +Σ τ 1 τ 2 Γ Γ G 2 � , � ρ Γ , ( x : τ ) τ 1 × τ 2 Γ λ x τ → ρ Γ 34 / 34

Eta-expansion: distributivity ∀ α τ → ρ [ α ] τ → ρ + α [ α ] → Λ α ( ∀ α τ ) → ∀ α ρ ⇒ Γ ⊢ ( α ⊢ ρ ) ⊲ ∀ α ρ ⇒ Γ , α ⊢ ∀ α τ ⊲ τ Λ α [ α ] ⇒ Γ ⊢ ( α ⊢ τ → ρ ) ⊲ ( ∀ α τ ) → ∀ α ρ [ α ] → Λ α 34 / 34

Recursive types To subsume Constraint ML, we need equi-recursive types. We extend types with recursive types µα τ , coercions with folding and unfolding, and propositions with coinduction. The two rules of equi-recursive types (Amadio, Cardelli, 1993) are admissible: EquivPeriod α �→ ρ : WF Σ ⊢ τ 1 ≡ ρ [ α/τ 1 ] Σ ⊢ ρ [ α/τ 2 ] ≡ τ 2 Σ ⊢ τ 1 ≡ τ 2 EtaMu Σ , ( α : ⋆, β : ⋆ | α ⊲ β ) ⊢ τ ⊲ ρ Σ ⊢ µα τ ⊲ µβ ρ 34 / 34

Type functions It is possible to extend the type system with arrow kinds. The result kind may mention the argument variable. κ ::= ⋆ | 1 | κ × κ | ( α : κ ) → κ | { α : κ | P } Kinds The design of this extension is not satisfactory yet. 34 / 34