Subtyping and Parametricity Gordon Plotkin∗ Mart´ınAbadiy Luca Cardelliy Abstract in previous work [ACC93, PA93]. In this paper we extend the formalization of [PA93] to a programming In this paper we study the interaction of subtyping language with subtyping. and parametricity. We describe a logic for a program- A logic serves as the setting for this study. This ming language with parametric polymorphism and sub- logic can be viewed as an analogue of Scott’s LCF, that typing. The logic supports the formal definition and is, as a fairly general system for proving properties of use of relational parametricity. We give two models programs. Here the programs are those of System F , for it, and compare it with other formal systems for the which is an extension of Girard’s System F [Gir72]≤ same language. In particular, we examine the “Penn with subtyping, abstracted from work of Cardelli and interpretation” of subtyping as implicit coercion. Wegner [CW85] by Curien and Ghelli [CG92, CG94]. Without subtyping, parametricity yields, for exam- Our logic for F is an extension of the logic for F pre- ple, an encoding of abstract types and of initial alge- sented in [PA93].≤ Beyond its possible use in program bras, with the corresponding proof principles of simu- verification, the logic provides a language for stating lation and induction. With subtyping, we obtain par- parametricity assumptions and rules for deriving their tially abstract types and certain initial order-sorted al- consequences, formally and without reference to par- gebras, and may derive proof principles for them. ticular models. While it remains to consider what might be the ap- propriate general form for parametric models of F 1 Introduction and of our logic, we do construct particular models—≤ indeed two such. The first is a parametric per model A function is polymorphic if it works on inputs combining the idea of Bruce and Longo [BL90] of of several types. We may distinguish various no- treating subtypes as subpers with that of Bainbridge tions of polymorphism, particularly parametric poly- et al. [BFSS90] of forcing parametricity into per mod- morphism (e.g. [Rey83]) and subtype polymorphism els of System F. The second is a closed-term model, (e.g. [CW85]). These may exist in isolation, as in following an idea of Moggi for System F [Mog86]. Hav- ML [MTH90] or in Amber [Car86], but they can also ing at least one non-trivial model, it follows that if interact, with useful results. For example, a theory two terms of the same type can be proved equal in of object-oriented programming has been based on a our logic, then they are observationally equivalent. certain kind of bounded polymorphism (e.g. [CHC90, A variant F<: of F was given by Cardelli et Bru93]). al. [CMMS94]. A weakened≤ version is derivable within In this paper we study the interaction of subtyp- our logic. Both this version and the full F<: yield some ing and parametricity. A polymorphic function may of the results associated with parametricity, frequently be said to be parametric in Strachey’s sense [Str67, with a limitation to closed terms. Our logic gives these Rey83, PA93] if it can be given by a uniform algo- and other results in full generality, for terms with free rithm or program, independently of the type of its variables. We conjecture that in fact F<: itself is deriv- arguments. A semantic definition of parametricity is able within our logic. Indeed we formulate a stronger due to Reynolds [Rey83], who requires instead that theory, which may be said to embody Strachey’s view instances of the polymorphic function at related types of parametric polymorphism for F , and conjecture be related. Reynolds’ definition has been formalized that it is derivable. ≤ ∗Department of Computer Science, University of Edinburgh, We also examine the “Penn interpretation” of King’s Buildings, Edinburgh EH9 3JZ, UK. Part of this work F [BCGS91], with its view of subtyping as implicit was completed while at Digital Equipment Corporation, Sys- coercion.≤ This interpretation is based on a transla- tems Research Center. Digital Equipment Corporation, Systems Research Center, tion from F to F. We show that this translation y ≤ 130 Lytton Avenue, Palo Alto, California 94301, USA. can be extended to formulae; theorems of the logic for F are translated into theorems of the logic for F from quantifiers to bounded quantifiers. The terms are given≤ in [PA93]. We consider full-abstraction issues extended similarly, with a constant (top) and bounded and show that the translation is not conservative. type abstractions. Type expressions and terms are Parametricity conditions play an important role in given by the grammar: the study of F and of similar languages (e.g. [Rey83, Types: A ::= X A B Top X B: A BFSS90, Wad89]). They appear in semantic construc- j ! j j 8 ≤ tions. They yield useful properties of types, for ex- Terms: t ::= x λx:A: t u(t) top ΛXj B: t tj(A) j j ample that Int = X: ((X X) (X X)), the ≤ j type of Church integers,8 is isomorphic! ! to the! standard Here X ranges over type variables and x over ordinary natural numbers. And they can be exploited in prov- variables. We use notations such as A[X] to indicate ing properties of polymorphic programs, for example possible occurrences of variables in expressions, and that all functions of type X: (X Int) are constant. then may write, for example, A[B] to represent the These results have interesting8 analogues! for F . Just ≤ result of substituting B for X in A (avoiding capture of as the logic for F offers abstract types, initial algebras, bound variables). Unbounded binders abbreviate the and final co-algebras, the logic for F offers partially ≤ corresponding binders with bound Top; so for example abstract types, certain initial order-sorted algebras, X:A stands for X Top:A. Throughout, expressions and certain final order-sorted co-algebras, with corre- are8 understood up8 to≤ α-equivalence. sponding proof principles. Further, we can apply the We build formulae from equations and binary rela- logic to prove theorems about programs from their tions between terms. types, or “theorems for free,” as Wadler calls them. Some of these have an object-oriented flavor, in line Formulae: φ ::= (t =A u) R(t; u) φ ψ with one of the intended applications of F . x:A: φ Xj B: φ j R⊃ A j B: φ ≤ There has been much related work for languages 8 φ ψj 8φ ≤ψ j 8 ⊂ × j without subtyping. However, the combination of para- ?jx:A:^ φ j X_ B:j φ R A B: φ metricity and subtyping has been little considered. As 9 j 9 ≤ j 9 ⊂ × mentioned above, System F<: of Cardelli et al. incor- Here R ranges over relation variables. The equality porates a modest notion of parametricity (partly mo- symbol is subscripted with a type expression, the type tivated by dinaturality considerations). Ma [Ma92] of the terms being equated. In F, this expression is expresses parametricity for F via a translation into a unique, and so can be left implicit, but it proves nec- language with subtyping and intersection types. Ma essary in treating subtyping, as we see below. The focuses on parametricity in F, not on parametricity in basic constructs are implication ( ) and three sorts of ⊃ his target language with subtyping. universal quantification: over values, over types, and The next section introduces our logic and some fun- over relations between types (where R A B is read ⊂ × damental results about it. Discussion of its seman- as “R is a relation between A and B”). The other con- tics appears in section 3. Section 4 treats other theo- structs are useful but not altogether necessary. When ries for F , including one induced by the Penn inter- writing formulae we often make use of evident abbre- pretation.≤ Section 5 provides encodings of extensible viations. While there are primitive notions of subtype records, partially abstract types, and order-sorted al- and of bounded type quantification, there is no need gebras. for a corresponding primitive notion for relations. A second-order environment E is a finite sequence of type variables with bounds X A or typings x : A ≤ 2 Basic logic in which no variable is introduced twice. The typing judgment E t : A and the subtyping judgment E ` ` This section defines the logic. In this paper we A B are defined as in [CG92, CG94]. ≤ sometimes reference or borrow from [PA93] for the To specify the well-formed formulae, we also need fragment that corresponds to F. We emphasize the relation environments, which are finite sequences of novelties, which concern subtyping. relational typings R A B with no relation variable repeated. We define⊂ a judgment× E G REnv to as- ` 2.1 Well-formed formulae sert that G is a well-formed relation environment given E; the judgment holds if whenever R A B appears The type expressions and terms are those of F . in G then A and B are well-formed⊂ type× expressions The type expressions of F are like those of F, with≤ given E. We define a judgment E; G φ Prop to as- the addition of a largest type≤ Top and a generalization sert that φ is a well-formed formula` given E and G. The rules for atomic formulae are: Next, for ρ C D and ρ0 A B, we define ⊂ × ⊂ × ( (Y C; Z D; R ρ): ρ0) ( Y C: A) ( Z D: B) E t:AE u:AE G REnv 8 ≤ ≤ ≤ ⊂ 8 ≤ × 8 ≤ ` ` ` to be: E; G t = u Prop ` A (y :( Y C: A); z :( Z D: B)): E t:AE u:BE G REnv R A B in G 8 ≤ 8 ≤ ` ` ` ⊂ × Y C Z D R Y Z: (R ρ (yY )ρ0(zZ)) E; G R(t; u) Prop 8 ≤ 8 ≤ 8 ⊂ × ≤ ⊃ ` Among the other rules we have, for example: where ρ ρ stands for x : C y : D : (ρ (x; y) 1 ≤ 2 8 18 1 1 ⊃ ρ2(x; y)), for ρ1 C1 D1 and ρ2 C2 D2.