Variable Arity for LF Work in Progress John Tang Boyland Tian Zhao ETH Zürich, Switzerland University of Wisconsin-Milwaukee, USA University of Wisconsin-Milwaukee, USA [email protected] [email protected] ABSTRACT The metatheorem can be expressed in the LF-based proof The dependently-typed lambda calculus (LF) supports use system Twelf [6] as of meta-level binding in reasoning about bindings and hy- %theorem subst: potheticals in programming languages. That is, lambda ex- forall* {T} {F} {T'} {E} pressions in LF can be used to model binders and hypothet- forall {T1: {x} has-type x T ical judgments depending on fixed-size contexts. However, -> has-type (F x) T'} because LF does not have a concept of variable-arity func- {T2: has-type E T} tions, a hypothetical judgment depending on a variable-size exists {T3: has-type (F E) T'} context cannot be modeled as an LF function. This paper true. extends LF to support variable-arity functions. As a result, one can model hypothetical judgments with variable con- As the reader may have noticed, the LF meta-theorem is texts directly in the extended LF. The extended LF allows trivial, since the desired result can be obtained by meta-level one to represent statements more transparently than previ- application: t1 E t2. The same is true of the Twelf formula- ous work that uses complex meta-machinery to type the LF tion. This example shows the simplicity and power of LF- context. This is work in progress: we are still in the process based higher order abstract syntax and in particular of using of constructing a proof of correctness. LF functions for hypotheticals. In general, one may not be able to use the same family for both hypotheticals and judg- 1. INTRODUCTION ments, but instead has a separate type family (say \assm- type") for hypotheticals. Then the substitution lemma re- Using LF as the metatheory for a proof system allows one quires an inductive proof which is straight-forward.1 to model name binding and hypotheticals as LF functions. An important aspect is that the LF context is used for Γ. For example, the classic substitution lemma has the follow- In other words, the metatheorem itself operates in the scope ing form in Pierce's TAPL [8] of other bindings. Often a metatheorem is not true in all Lemma 1 (Substitution). If Γ; x:S ` t : T and Γ ` possible LF contexts (for example, one in which new \super- s : S, then Γ ` t[x 7! s]:T natural" numbers are posited) and thus the description of allowable LF contexts is part of the statement of a metathe- If we use the LF type families \exp" and \ty" for expressions orem. Twelf uses the concept of \regular worlds" [9] and and types respectively, and the LF type family \has-type" to Beluga [7] (another LF-based proof system) extends these represent both hypotheticals and also the typing judgment with more powerful context descriptors. But the basic idea itself, and if we use the LF context itself to represent Γ is shared between most (all?) LF-based proof systems. (explained in more detail later), we end up with the following When one cannot use the LF context to express a con- metatheorem (theorem about terms of LF): text of unknown size, the simple technique breaks down. Lemma 2. If we have LF terms of the following types: Consider the following lemma for F<: from the POPLmark challenge [2] T : ty, T0 : ty, E : exp, F : exp ! exp 0 t1 :Πx : exp: has-type x T ! has-type (F x) T Lemma 3 (Narrowing). If Γ; X<:Q; ∆ ` M <: N and t2 : has-type ET Γ ` P <: Q, then Γ; X<:P; ∆ ` M <: N. then we can construct an LF term of type: has-type (FE) T0 Here, one cannot express the lemma in LF since ∆ may . depend on X. If ∆ is placed in the LF context, then any bindings in it that depend on X would be out of scope, a meta-level type error. Twelf's POPLmark solution splits the assumption X<:Q into two parts: the binding of the X which goes into the LF context whereas the subtyping assumption remains an explicit parameter. Basically, one could say that Γ; X<:Q; ∆ is represented by Γ; X; ∆; assume X<:Q and then DRAFT (June 21, 2014) of paper to be pre- 1Unless the type system (and Γ) permits dependent types, sented July 17 at LFMTP 2014, Vienna, Aus- in which case, one must use more complex techniques, or tria. indeed use the extension in this paper. 1 all but the last assumption are pushed into the LF context. a 2 A constant type family Beluga and SASyLF [1] (an LF-based proof system geared c 2 C constant term to teaching) prove narrowing for the empty ∆ case using x 2 X variable meta-level application (as with Substitution above), thus b 2 B tuple type constructor avoiding the need to express or prove the narrowing lemma g ::= x:T j @x:@T bindings in full generality. [@] K ::= [@] type j Πg. [@] K kinds This paper proposes @LF, LF extended with variable- arity functions. Then the narrowing lemma can be repre- T ::= a j T [@] e j Πg.T types sented as follows (for simplicity, we continue to use the LF @T ::= b e variable type context for Γ): e ::= x j c j e [@] e j λg.e terms Lemma 4. If we have @LF terms of type Γ ::= · j Γ; g contexts S ::= · j S; s signatures P : ty, Q : ty, D : ty ! desc, M :ΠX : ty:(ctx(DX)) !@ ty, U ::= () j Σg.U j λg.U tuple type @ N :ΠX : ty:(ctx(DX)) ! ty, s ::= signature element: t1 :ΠX : ty: assm-sub XQ ! Π@G : ctx (DX): a :: K type family sub-type (M X @G)(N X @G) j c : T constructor t2 : sub-type PQ j b :: Πx : a. @type tuple type family (here D represents ∆ with its dependency on the type vari- j b+c = U tuple constructor equation able being narrowed) then we can construct an @LF term of type Figure 1: Syntax of @LF, extensions highlighted. ΠX : ty: assm-sub XP ! Π@G : ctx (DX): sub-type (M X @G)(N X @G) The extension includes variable-arity functions for which the head of \newt empty X"). We apply the expansion to the formal and actual parameters are marked with \@." For ex- arguments and then after noting that \ctx+empty" expands ample, the M term represents a type term but can depend on to the empty tuple type, we end up with the following tuple X (a normal parameter) and on ∆ (represented with variable type: parameter G of type \ctx (DX)"). Here D returns a context ΣY : ty: Σb : (assm-sub YX): () \descriptor": a normal LF type family whose values describe the shape of elements of an @LF \tuple type" family, here When the explicit tuple here is substituted for the variable \ctx." The \@" over the arrow on the type of M reminds us arity parameter, it is flattened out, Σ becomes Π, and we that this is a variable-arity function type. end up with the following as the type of M (and N): The (LF) type family \desc" and the @LF type family ΠX : ty: ΠY : ty: Πb : (assm-sub YX): ty \ctx" can be defined (the latter using equations to dependent tuple types U, written () or Σg:U): If ∆ is larger still, we will use a larger descriptor D. In the proof of Lemma 4, one would use induction on t1 and thus empty : desc the fact that D gets bigger is not an issue. @ newt : ΠD : desc: (ctx D ! ty) ! desc Thus the main contribution of @LF is that it permits a context of unknown size to be typed using a descriptor in ctx+empty = () such a way that we can form types of judgments that depend @ ctx+newt = λD : desc: λT : (ctx D ! ty): on these contexts. Σ@G : ctx D:ΣX : ty: Σa : assm-sub X (T @G): () In general, since the descriptor is a normal LF type, using @LF, one can reason about contexts much more generally. The equations are used to replace known instances of @LF One can define well-formedness conditions on contexts in types families with dependent tuple types which are ex- the same way as for any other type. This ability would be panded in place. The syntax here is chosen for simplicity; welcome, since (with more than seven years experience using in practice, a pattern-matching style would be preferable. Twelf), the first author finds it frustrating that one cannot To help understand how this works, consider the following express and use the fact that (say) all natural numbers used examples. First suppose that D = λX : ty:empty; in other in a particular context are unique. words, the context ∆ in the Lemma 3 is empty. In that The remainder of this paper gives a precise definition of case, because of the equation for ctx+empty, the type \ctx the extension, and then discusses current directions. (DX)" is the empty tuple type which flattens to mean no parameters. In that case M and N have type ty ! ty; they depend on X and the (implicit) LF context representing Γ 2. DEFINITIONS but nothing else. Similarly t1 will have the type: Figure 1 gives the syntax of @LF including LF; the changes are highlighted. There are two kinds of bindings: normal ΠX : ty: assm-sub XQ ! sub-type (MX)(NX) bindings and variable bindings; the latter are typed by \b e," Next suppose instead that D ends up being\λX.newt empty a tuple type constructor b applied to an expression e, nor- X", means that ∆ consists of a single (new) type variable Y mally a variable.