then n=min else super.add(i)} public int min() {min} ..... xi. Ï2=Ï2 à Ï2 â (Ï1=Ï1ÃÏ1 ⧠Sâ£Ï1â¤Ï2 ⧠Sâ£Ï1 â¤Ï2 ) xii. Ï2=µt .Ï ...... [13] C. League and Z. Shao. Formal ...
Completely Subtyping Iso-recursive Types Technical Report CSE-071012
Jeremy Blackburn
Ivory Hernandez
Jay Ligatti
Michael Nachtigal
Department of Computer Science and Engineering University of South Florida {jhblackb,ihernan4,ligatti,mnachtig}@cse.usf.edu
Abstract Well-known techniques exist for proving the soundness of subtyping relations with respect to type safety. However, completeness has not been treated with widely applicable techniques, as far as we are aware. This paper develops some techniques for stating and proving that a subtyping relation is complete with respect to type safety and applies the techniques to the study of iso-recursive subtyping. The common subtyping rules for iso-recursive types—the “Amber rules”—are shown to be incomplete with respect to type safety. That is, there exist iso-recursive types τ1 and τ2 such that τ1 can safely be considered a subtype of τ2 , but τ1 ≤τ2 is not derivable with the Amber rules. This paper defines new, algorithmic rules for subtyping isorecursive types and proves that the rules are sound and complete with respect to type safety. Categories and Subject Descriptors D.3.1 [Programming Languages]: Formal Definitions and Theory—Semantics; D.3.3 [Programming Languages]: Language Constructs and Features—Data types and structures
1.
Introduction
When defining a subtyping relation for a type-safe language, one takes into account both the soundness and the completeness of the subtyping relation with respect to type safety. Soundness alone can be satisfied by making the subtyping relation the least reflexive and transitive relation over types (i.e., τ1 is a subtype of τ2 if and only if τ1 =τ2 ); completeness alone can be satisfied by making the subtyping relation the greatest reflexive and transitive relation over types (i.e., all types are subtypes of all other types). These extremes rather defeat the purpose of subtyping, which may be thought of as allowing terms of one type to stand in for terms of another type when it would be safe to do so. A standard strategy for defining a subtyping relation would be to aim for the most complete definition possible without sacrificing soundness. Despite the importance of both soundness and completeness, completeness has not been treated as widely as soundness. Wellknown techniques exist for proving the soundness of subtyping relations with respect to type safety. Standard type-safety proofs in languages with subtyping prove the soundness of the languages’ subtyping relations; an unsound subtyping relation would break type safety by statically allowing (via a subsumption rule in the type system) terms of some type τ1 to stand in for terms of another
[Copyright notice will appear here once ’preprint’ option is removed.]
1
type τ2 , when operations could be performed on τ2 -type terms that are not defined for τ1 -type terms, potentially leading to dynamically “stuck” states. This paper develops some techniques for stating and proving that a subtyping relation is complete with respect to type safety and applies the techniques to the problem of subtyping recursive types, in particular, iso-recursive types. Recursive types, along with product and sum types, are fundamental for typing aggregate data structures. A standard example of a recursive type would be a natural-number-list type L ≡ µt.(unit+(nat × t)). The type variable t refers to the nat-list type (L) being defined. Lists of natural numbers according to this definition could be empty (i.e., have type unit) or could be a natural number (the list head) paired with another list (the tail). Iso-recursive (also called weakly recursive) types require programmers to manually roll and unroll (also called fold and unfold) recursive types. Unrolling converts a term of type µt.τ to a term of type [µt.τ /t]τ , while rolling performs the inverse conversion (where [τ /t]τ 0 is the capture-avoiding substitution of τ for t in τ 0 ). For example, a programmer could create a value of type L defined above by writing roll(inlunit+(nat×L) ()); the inl value has type unit+(nat×L), so rolling it produces a value of type L. Languages like ML and Haskell support iso-recursive types. In contrast, type checkers in languages with equi-recursive (also called strongly recursive) types automatically roll and unroll terms as needed, so programmers don’t have to. 1.1
Related Work
Research into subtyping completeness has focused on proving subtyping algorithms complete with respect to definitions of subtyping relations (e.g., [6, 11, 15, 23]). Sekiguchi and Yonezawa also proved a type-inference algorithm sound and complete in the presence of subtyped recursive types [19]. This paper approaches subtyping from a type-safety perspective, investigating the greatest subtyping relation possible without violating type safety; however, other notions of when one type can or should be a subtype of another may be preferred in other contexts. For example, subtyping may be based on particular behaviors of objects in OOPLs [14, 17]. Another possibility is to consider the denotation of a type τ to be the set of terms of type τ ; then a subtyping relation ≤ is sound when τ1 ≤τ2 ⇒ [[τ1 ]]⊆[[τ2 ]] and complete when [[τ1 ]]⊆[[τ2 ]] ⇒ τ1 ≤τ2 [25]. Using these definitions, Vouillon has shown that the standard subtyping variance rules for function, union, and intersection types are sound and complete (under some assumptions but overall for a broad class of languages) [25]. In contrast with these other approaches to subtyping, soundness and completeness in this paper are structural properties that, like normal type safety, specify relationships between languages’ static and (here, SOS-style [18]) dynamic semantics. The research on subtyping recursive types seems to have focused more on equi-recursive than iso-recursive systems. For example, Amadio and Cardelli presented rules and an algorithm for subtyping equi-recursive types [1]. The rules and algorithm are proved sound and complete with respect to type trees that result from “in2012/7/11
finitely unrolling” equi-recursive types (i.e., the rules and algorithm determine τ1 ≤τ2 precisely when the type obtained by infinitely unrolling τ1 is a subtype of the type obtained by infinitely unrolling τ2 ). Other papers have since refined equi-recursive subtyping analyses and algorithms (e.g., [4, 6, 8, 9, 12, 22]). For subtyping iso-recursive types, the most commonly used rules are the Amber rules [5]: S ∪ {t≤t0 } ` τ ≤τ 0 A MBER 1 S ` µt.τ ≤ µt0 .τ 0
S ∪ {t ≤ t0 } ` t ≤ t0
A MBER 2
These rules are elegant: “a recursive type rec(t)T is included in a recursive type rec(u)U , if assuming t included in u implies T included in U ” [5]. The Amber rules (or less-complete versions of the Amber rules tailored to specific domains, e.g., [2]) are the standard approach to defining iso-recursive subtyping (e.g., [3, 7, 10, 11, 16, 20, 21]). 1.2
Section 2 formalizes what it means for a subtyping relation to be sound, complete, and precise with respect to type safety. Intuitively, a precise (i.e., sound and complete) subtyping relation derives that τ1 is a subtype of τ2 if and only if terms of type τ1 can always stand in for terms of type τ2 without compromising type safety. Section 2 uses evaluation contexts to formalize this intuition. Section 3 shows that the Amber rules are incomplete for subtyping iso-recursive types. In particular, the Amber rules cannot derive that types like µa.(((µb.((b + nat) + a)) + nat) + a) are subtypes of types like µc.((c + real) + c), though it’s always safe for expressions of type µa.(((µb.((b + nat) + a)) + nat) + a) to stand in for expressions of type µc.((c + real) + c). Given the incompleteness of the Amber rules, Section 4 presents new subtyping rules that do not exhibit such incompleteness. The main finding here is that, for the sake of completeness, the Amber rules can be replaced by the following rules: (µt.τ ≤ µt0 .τ 0 ) ∈ /S S ∪ {µt.τ ≤ µt0 .τ 0 } ` [µt.τ /t]τ ≤ [µt0 .τ 0 /t0 ]τ 0 R EC 1 S ` µt.τ ≤µt0 .τ 0 R EC 2
These new rules simultaneously unroll the iso-recursive types under consideration, matching the types obtained when recursivetype values are eliminated (using unroll expressions). Moreover, these new rules imply a deterministic algorithm for deciding whether one type is a subtype of another. Section 5 proves that the subtyping relation defined in Section 4 is precise with respect to type safety. As far as we’re aware, this is the first proof that iso-recursive subtyping rules are in some way complete. The preciseness proof’s layout, and its proof techniques, are rather general and may be helpful for proving the preciseness of other inductively defined subtyping relations.
2.
Basic Definitions
This paper’s analysis relies on several definitions. 2.1
Definition 1 (Preciseness, Soundness, and Completeness). Let metavariables E, e, and τ respectively range over evaluation contexts, expressions, and types. Then a subtyping relation ≤ (i.e., a reflexive, transitive, binary relation on types) is precise with respect to type safety when, for all types τ1 and τ2 : � � ¬∃ E, τ, e, e0 : τ1 ≤τ2 ⇐⇒ E[τ ]:τ ∧ e:τ ∧ E[e]7→∗ e0 ∧ stuck(e0 ) 2
Overview and List of Contributions
S ∪ {µt.τ ≤ µt0 .τ 0 } ` µt.τ ≤ µt0 .τ 0
by τ1 -type expressions without causing well-typed programs to “get stuck.” The definition assumes typing judgments of the form e:τ and SOS-style single- and multi-step judgments e 7→ e0 and e 7→∗ e0 , with the usual meanings. The definition also uses evaluation contexts in the standard way; an evaluation context is an expression with a “hole” that can be filled by a subexpression. The judgment form E[τ 0 ]:τ means that filling evaluation context E’s hole with a τ 0 -type expression produces a τ -type expression (formally, E[τ 0 ]:τ ⇐⇒ {x:τ 0 }`E[x]:τ , where x is not free in E).
Soundness, Completeness, Preciseness
Intuitively, we wish for a language’s subtyping relation to define τ1 ≤τ2 precisely when such a definition could not compromise type safety. By the principle of subsumption, which states that a term of type τ1 also has type τ2 when τ1 ≤τ2 , then, we wish to define τ1 ≤τ2 precisely when any term of type τ2 could be replaced by any term of type τ1 without breaking type safety. The following definition formalizes this requirement that τ1 ≤τ2 if and only if τ2 -type expressions can—in any context—be replaced 2
1
When the only-if direction (⇒) of this formula holds, we say that the subtyping relation is sound with respect to type safety; when the if direction (⇐) holds, we say that the subtyping relation is complete with respect to type safety. 2.2
A Simple Language, L→µ +×
To more concretely understand and apply these definitions, we consider a simple language L→µ +× , having function types, binary (disjoint) sum and product types, and iso-recursive types. Figures 1–3 present the syntax and static and dynamic semantics. All the notation is intended to have the usual meanings, with the usual assumptions being made (e.g., variables are consistently renamed, through alpha-conversion, whenever necessary to avoid reintroducing variables into contexts). The base types in L→µ +× are nat (natural numbers) and real (nonnegative real numbers), the idea being that nat≤real. Squareroot operations are defined on natural and real numbers, and a successor operation is defined on natural, but not real, numbers. Functions are named and may be recursive. The decision to allow recursive functions was made because (1) real languages sophisticated enough to have iso-recursive types and subtyping seem likely to also have recursive functions, and (2) allowing general recursion prevents our proofs from relying on normalization properties of the language being analyzed. There are two categories of types, one for closed types τ (having no free type variables) and the other for possibly open types τ (possibly having free type variables). This paper assumes that all closed types τ (1) never use undeclared variables and (2) have been alpha-converted to ensure the uniqueness of every declared variable. Note that unrolling a closed recursive type τ = µt.τ produces another closed type, [µt.τ /t]τ . The typing rules for L→µ +× , shown in Figure 2, are standard. Section 4 will define the subtyping judgment used by rule TS UBSUME. The operational rules for L→µ +× , shown in Figure 3, are also standard. Figure 3 uses evaluation contexts to define the operational semantics. Evaluation contexts mark where beta-reductions may occur; contexts here specify a left-to-right, call-by-value evaluation strategy.
3.
Incompleteness of the Amber Rules
Consider the recursive types τ and τ 0 defined as follows. τ = µi.{add:i→unit} 0
0
τ = µl.{add:(µi .{add:i0 →unit})→unit, min:unit→int}
2012/7/11
Closed typesClosed types
Possibly open types open types Possibly τ :: = nat |τreal | τ → τ | τ + τ | τ × τ | µt.¯ τ τ :: = nat | real | τ1 → τ2 | |τ1τ +→ τ2τ| τ|1τ×+ τ2τ| µt.τ |t 1 2 :: = nat | real | 1τ1 →2τ2 |1τ1 +2τ2 | τ1 × τ2 | µt.¯ τ τ :: = nat | real 1 2 1 2 | τ1 × τ2 | µt.τ | t
ExpressionsExpressions Γ �Γe � : τeΓ Γ �:� eτΓ:e τ� : τe : τ �e � e: nat : τ nat e�:ereal ΓΓ�Γ Γ �Γe � : real Γ e)�|:� eΓ: nat Γ �:inl e :τUCC nat �: real e T-S : real Γ| �sqrt(e) e : τ | fun e :: =T-N n |T-N r e| AT succ(e) f (x:τ | |inr nat Γ |�Γ:e real Γ � e : nat 1 ):τ2 = e |e1 (e2Γ τ (e) | T-R EAL UCC T-S QRTQRT AT T-R EAL T-S QRT :: = n | r | succ(e) | sqrt(e) | fun f (x:τ ):τ = xee:||enat (e2T-S )(e) |T-S xT-S inl (e)Γ|Γinr T-N AT T-R EAL UCC Γ � e : τ Γ � e : τ 1 2 1 τ: (e) Γ �Γe �: Γτn �: nat T-N AT T-R EAL T-SτUCC T-S QRT � e nat Γ � e : real T-S T-N AT Γ �Γr � T-R EAL Γ �Γsuc(e) UCC T-S QRT T-N AT EAL T-S n : nat r : real � suc(e) � sqrt(e) : T-R real : real : nat Γ � sqrt(e) :�real real ΓΓΓ ��� neΓn ::case nat � r : real Γ � suc(e) : nat Γ � sqrt(e) : real � n : nat Γ � r : real Γ � suc(e) : nat Γ sqrt(e) : real Γ�e:τ τ: nat Γ � e : nat Γ � e :: nat real T Γ � e : nat Γ � e : real Γ � e : nat Γ � e : Γ � r : real Γ � suc(e) : nat Γ � sqrt(e) : real Γ � n : nat Γ � r : real Γ � suc(e) T-N AT T-R EAL T-S UCC e ofcase inlx e⇒Γ e else inry ⇒ e (e , e ) | e.fst | e.snd | roll(e) | unroll(e) 1 of ⇒T-R e1EAL else ⇒Γ e� e2 ) Γ| e.fst |UCC e.snd |ΓΓ roll(e) | unroll(e) T-N2ATinry EAL UCCQRT T-N EAL T-S QRT : real 2 (e Γ1 � 2eT-R : nat � eT-R : nat ��T-S esuc(e) : UCC real : real ΓAT �inlx n : nat r 1: ,real : natΓ � eT-S Γ � sqrt(e) T-NAT T-S T-S Γ � n : nat Γ � r : real Γ � suc(e) : nat Γ � sqrt(e) : real Γ � n : nat Γ � r : real Γ � suc(e) : nat Γ � sqrt(e) : real Γ � n : nat Γ � r : real Γ � suc(e) : nat Γ � sqrt(e) : real T-N AT T-N AT T-R EAL T-R EAL T-S UCC T-S UCC T-S QRT T-S QRT f →τ : τn1: :2→τ :eτreal :1τ1: 2→τ e� e1τ:sqrt(e) 1 2e � 2 11e→τ 2 Γ �Γe2� x∪ : τx :τ21τer �Γe1� ττ21� τ e� 2 :� Γ ∪1 ,:∪ xfτΓx ::,τΓ � :e τ� ΓΓ:eΓ �τ� e:2τfe1:2�:τ:T-A ΓΓ:τΓ �τ� eττ1:� Γ � Γn ∪ :Γ nat Γ Γ � rΓ: real nat �:→µ suc(e) :Γ real 1 1 ∪:τ11τ,� x1fΓ ,e�τf→τ :τ� : τ2UN Γe11. �τ:1eSyntax τ21Γ2→τ :PPτΓ12 �� sqrt(e) : :τereal →µ 2 11:→τ 2Γ 11 Γ ,: fτ�1τ:nat →τ :2τe2UN �suc(e) τ→τ �Γ e τ:τ1Γ τe1T-L ∪Γx :Γ τe:τ12nat e : τ2 Γ � � : T-L τEFT Γ � e 2 : τ1 T-F T-L 1 2→τ 1→τ 1 ,.Γ 1 →τ2 Figure of L T-F T-A PP EFT : →µ Figure 1. Syntax of L . T-F UN T-A PP EFT +× . Γ � e1T-A T-L EFT +× Γ2 ∪ x : T-F τ1 , UN fT-F : τUN :eτ1:T-A →τ �τ1UN e+τ τ1:+ Γ � τ e : τ1 PP EFT T-F T � f:(x : τ: 1:τ)τ21:= τ2 = e1 →τ :eτ1: 2→τ Γe:1� : )of τ: L � inl τ1:ττ2+1 τ+2Γτ2� e T-L 1 →τ 2Γ��e 2Γinl 2 :2:τe 1. 1)(e Γ �Γfun (x τ�)� Γτ::1τPP �→τ 22fun τ +τ Γ fun �f � fun (x τ::1ττ→τ Γeτ(e2eΓ e2Γ:1Γ2eT-F (e τ:τfe2+× Γ �Γ inl 1Γ 2e τ1e +τ Γ:fun (x :1= τ,:2feτ2= e11→τ :Γ τ2Γ12∪ →τ e1212� )→τ Γ� �τ� inl ττ2real : τ�1Figure →τ :�2Syntax τ� Γinl e1:21+τ :τ)= �xe2e:: τ:nat eΓUN Γ2�e� τ11→τ � 1ττ+ eΓ ::� 21τ +τ Γ ∪ x τ�τ1f1,fun : τf:1Γ →τ e1 :2 τ� τ2:τ1e21τT-A Γ f) (x τ)1∪:):eτx :2:1τ� →τ ):(e Γ � e1 :2PP τeΓ1:+ (x τ21 ) Γ:Γτ� =1 ee:2nat 1τ,2f Γ 2 2 2real 1e1 (e2 ) :Γτ2� τ e : τ1 2τ 1 →τ 2 2 1 2τe 2 1 (e 2e:: τ τ 2 � Γ � ::τΓ T-N AT T-R EAL T-S UCC T-S e QRT T-F UN T-A PP T-F UN T-A PP T-L EFT Γ ∪ x : τ , f : τ →τ Γ ∪ x � : e τ : τ , f : τ →τ � e : τ Γ � e : τ →τ Γ � Γ e � e : τ : →τ τ � e : τ Γ � τ e : τ Γ � τ e : τ Γ � fun f (x : τ ) : τ = e : τ →τ Γ � e (e ) : τ Γ � inl : τ + T-F UN T-A PP T-L EFT 1 1 2 1 2 1 2 2 1 1 2 1 2 1 1 2 2 1 1 1 1 2 1 2 1 2 2 τ +τ 1 1 2 T-NAT EAL T-S T-S �: nτT-F nat � Γ2 )�:suc(e) :�nat Γ :1T-L real τUN τ2rUCC =:eΓreal e�τ: 1eτ11+(e →τ ΓQRT e1� � τinl fe(x :1:τ→τ )Γ :Γτ�2�fun = e f: (x τ1T-F →τ ΓT-A � PP �+ inl + Γ � fun f (xreal : τΓ1Γ ) �T-R : τfun =Γ )2Γ : τ�2xΓ, Γ τ�2τ1sqrt(e) 12)Γ: Γ 2 ) :τ1τ+τ 2 2 :e τ:ΓτT-L UN T-A PP EFT EFT 1 +τ2 e : τΓ 2 τ1 +τ2 e : τ1 2 1 τ22Γ :ex�:1τ(e �1:real eτ1 τeΓ :2τ τΓ, Γ, y2(e:inl nat ::nat 1 2 einl ττe221� Γ :(e τΓ + τx21)Γ, τΓ, τ+ 2 1::� � τ:→τ eτττ2:e� Γ �12:)� e:Γ:eτττ� ττΓ, y�τ2:eτ2� ττ:1eτ+τ (xΓ: � τ1r)Γ::Γ� τ2�fun =τ e� eΓf::τΓ (x :Γ ):2τ:τe2τ2: τ=2T-R e :IGHT τsuc(e) Γ� � ee1� � e1sqrt(e) (e τ:eΓ, inl τ2Γ1:τye� � τ222e:2�T-C τ12+ τ2 21τ2 :+ + τ: 2Γ, x� :e�τ:11eτ�:1� eτ1y τ::1τ+τ :�τT-C :2τeΓ :�τ1e + 12τ 1 →τ2 2:1τe+ 2τ 2 ASE x τ : Γ, : Γ τ : τ Γ, x : τ1 � 2 ey:Γ, 1 1 2 2 Γ �Γe �: τfunΓΓf`� T-R IGHT ASE ee :: ττΓ � inlτ +τ e : τ1 + τ2 T-R IGHT T-C: ASE T-R Γ IGHT �: ττe : ΓτΓ einry :ΓΓ τinry + τ:2⇒ Γ, τ T-C Γ, e2 : τ IGHT ASE ASE T-R IGHT � e`Γcase eΓ21 e� else τxe: τ:: eτreal 2�Γ 1�⇒ 1 � e1 T-C 2 �case eτ :case nat Γ � inl :2inl τ:1Γτ2 + τxτ2:1:τeΓ eτΓcase of inlx ⇒ e⇒ else eτreal :e⇒ τΓ 1e τ 1τ 2τ ΓΓ �1Γ+τ inl eτ∪1:e+τ �+ case eof inlx ⇒ else inry ⇒ eτ:` τ+ ,ττf21ττ:2e+τ:T-R →τ �Γ, einlx ::1inl τinlx →τ � e1e21τinry Γτ2Γ�: � τ case eyΓ,:: τyτ12: e� Γ ::of nat 2 τ1e +τ 1e 2e 1:+ 1ττ 2Γ 1 1 1 Γ � � e of inlx ⇒ e else inry ⇒ τ � τ e : τ Γ � τ + Γ, x e : τ � e τ ⇒AS � Γ � : τ + Γ, x � e : Γ, y τ � e τ 22 2 � e Γ 1:+ 2: :τ � τ � e x τ � e : τ Γ, y : τ � τ 2: Γ 2 1: � 1 2of 2 : T-C � inl Γ � e of ⇒ e else e τ Γ � : τ inlx Γ � e nat Γ � e : real T-R IGHT 2 1 2 2 2 1 2 1 1 2 2 τ +τ 1 1 2 τ +τ 1 2 1 2 1 2 T-N AT T-R EAL T-S UCC T-S QRT τ1 , f : τ1 →τ2 � e : τ2 Γ � τ e : τ2 T-N ΓΓ��e1τ e: τ:1τT-R →τ Γ e2+τ :T-S τx 2 1 :+ 1 UCC UN PP AT T-S QRT Γe� T-R � e :EAL :2τΓτeIGHT �: nat exT-R :: ττIGHT �Γτe21�Γ:τ� τe eΓ, Γ, :)Γ τy:1�� �sqrt(e) τcase eT-L eτ2e ::of τT-A Γ, y : τ⇒ �e1eΓASE �= inl τT-F τ2Γ Γ, inlx ⇒ ASE eτ2 + : τ T-L EFTT-C T-N AT� EAL T-S UCC T-Sinry QRT T-C 2 IGHT 1�T-A 2 11 + 2 1�: EFT 2 T-C 2else τ 1τ+ 1τT-R Γ � n : natΓΓ Γ r+ :fIGHT real real T-F UN PP Γ2 eΓ � fun (x :Γ+τ τ`1�2)err:Γ:τ: τreal :T-R (eelse τ:Γ �1:2 τinl ` n : nat Γ Γ ` succ(e) : nat Γ ` sqrt(e) : real 2real 1τ→τ 22 esucc(e) 1e 2Γ 2 � τ1 +τ 1 e2 τ:2τ Γ � inl : τ + τ case e of inlx ⇒ e else inry Γ � inl + τ Γ � case of inlx ⇒ e else inry ⇒ : τ 2 e :⇒ +τ 1 2 � inl : τ τ Γ � case e of inlx ⇒ e inry ⇒ e : τ T-R T-R IGHT T-C ASE T-C ASE � n : nat Γ � succ(e) : nat Γ � sqrt(e) : real τ 1 2 1 τ +τ 1 2 1 2 1 1 1 :1Γτ1:2�τΓ Γ �: :τeΓ Γe2�:) τ:e�1τ:× ×Γ �:Γ�τe� :× τ1:eττ� × τ× e�⇒ :eµt.τ (x : τ1 ) : τΓ : :τe� �Γe1�(e � e inry :×τ1τ +⇒τ2ee12 else 2τ 2τ 2 = 2 τ else +τ �Γe1� τ111→τ eΓ e� : µt.τ 1case 2 Γ einl �1τ22� e:2Γτeinl eτΓ1:eττ2� einl Γ Γ + � τ2:22�τ:T-P case of��Γ inlx ⇒ eeΓ :Γ τ �Γinry : τ2Γ eτ× τST ×STτe2 ΓΓ � e:×:τ τµt.τ 2e 21τ2 21e ττ2 2Γ � 1:11τ 2e : τ1 + τΓ 22 Γ� � e1τ:11e+τ τ11�2: eτ21Γ Γ :1τT-F � × τinlx Γ� � eΓ �2τND : τND Γ eΓ:e: eµt.τ τ:21µt.τ 12+τ ROD T-F T-S ND T-U NROLL Γ � e : τ1 × τ2 1�:× 1 :of 1 :Γτ 1 Γe 2 2 T-P ROD T-S T-U NROLL T-P ROD T-F STST T-S T-U NROLL T-P ROD T-F ST �Γe.snd T-S ND T-U Γ � e : τ Γ � e : τ � e : τ × τ Γ � e : τ × τ ΓNROLL � e : µt.τ T-P ROD T-F T-S ND NROLL T-P ROD T� (e , e ) : τ × τ Γ � e.fst : τ Γ : τ Γ � unroll(e) : [µt.τ /t]τ 1 1 2 2 1 2 1 2 1 2 1 2 1 2 Γ∪ , f :τ →τ } � e : τ Γ � e : τ →τ Γ � e : τ Γ � e : τ ΓΓ {x:τ ��Γ(e e ) : τ × τ Γ � e.fst : τ Γ � e.snd : τ Γ � unroll(e) : [µt.τ /t]τ 1 1 2 2 1 1 2 2 1 1 2 1 2 1 2 ττ�eΓ :Γ Γ � ee:τe.snd :τ:::1ττΓτ:1τ× + ττ2:2ST Γ,τ2xΓ:Γ �unroll(e) ee1Γ :` τ e× Γ, y:1/t]τ :T-F τe2:ST �/t]τ eT-U Γ :Γ �Γ (e ,�1e,2Γ )1211� :,),,fτfe:1:τ × ττ2121τ222× �τ: 2� e.fst :Γ τΓ:` Γe(e �:Γ e.snd �τΓ1� unroll(e) :τT-S [µt.τ ∪ →τ }} ` : τ e : →τ Γ ` e : τ 2 : τ �Γe.snd Γ (e ) : τ Γ � e.fst : τ Γ � : Γ � unroll(e) [µt.τ 1{x:τ 1� 211 Γ � : Γ � e � e � e : τ � e : µt.τ 1 22 e: 1τΓ 1 22� 222 1 Γ e � e × τ � e τ × Γ � µt.τ 2 2ee� 1ττ1 1 2 2 1 2 e τ : τ e τ × τ Γ τ × Γ � : µt.τ � (e e τ × e.fst τ Γ � e.snd τ : [µt.τ /t]τ , e ) τ Γ � e.fst : τ : τ2 Γ ∪ {x:τ :τ →τ � : τ Γ e : →τ Γ � Γ � e : τ T-P ROD T-F ND 1 2 1 2 1 1 1 2 1 2 1 1 1 2 1 2 2 1 1 1 T-F UN T-A PPe2 : τ T-AT-F T-L EFTND T-L EFT ΓT-C ΓΓ��τ ee1: :τ2τ1 Γ � e : τ + τ Γ, x : τ � e : τ Γ, y : τ � 1 2 1 1 2 T-R IGHT ASE T-F UN PP T-P ROD ST T-S ΓτT-R Γ � � e e : τ : τ Γ � e Γ : τ � e : τ × τ Γ � e : τ Γ × � τ e : τ × τ Γ � e : τ × τ Γ � e : µt.τ Γ � e : µt.τ T-P ROD T-F ST T-S ND T-U NROLL Γ � (e , e ) : τ × τ Γ � e.fst : τ Γ � e.snd : τ Γ � unroll(e) : [µt.τ /t T-P ROD T-F ST T-S ND T-U NROLL T-F UN T-A PP T-L EFT 2 1 2 1 2 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 Γ � fun Γf (x : ) : τ = e : τ →τ Γ � e (e ) : τ Γ � inl e : τ + τ 1 2(x 2) e 2 Γ τ� +τ 1 else inl of ee.snd ⇒ 2⇒ eτT-U : τ/t]τ + τe222 ::τ[µt.τ Γ `�1fun ::× ττ�11τ))(e :1:1ττ,22e= e:eΓ11τST (e )) Γ :: T-S ττ�22 e.fst Γ ` τ22 +τ 1 ΓT-P (e e2: )τT-F : τ+1:STτ× τΓ21� :�τ�T-C :2�inry Γ �T-U unroll(e) : [µt.τ 11 +τ :Γ × τcase e.snd :Γτinlx /t]τ 1Γ 1 eASE 2unroll(e) ,fun e2IGHT )ff:Γ τ� �12e,ee.fst τ21 ⇒ � e.snd ::Γττ2�Γ�case :Γ2[µt.τ ROD ND T-S ND NROLL NROLL (x e τ::� →τ Γ `�2T-F (e ΓΓ �� �inl inl 2 2= 1ττ1 2� 1 22 21 unroll(e) 1Γ 2ROD 1→τ 1 +τ � inlτ1 +τ : τ11, e+2�)Γτ(e e1Γe.fst inry eT-P /t]τ τunroll(e) τΓ:1� �τ�ττ�1unroll(e) � τ ΓΓ� : 1[µt.τ τ e≤τ: Γ ττ:≤��ττ2≤ Γ�τ�≤Γeτ� : τeΓ Γ 2�e (e :2 τ1 × τ�2 e(e , e:� )Γ:e/t]τ :[µt.τ τ/t]τ ΓΓT-R ��/t]τ e.fst : τ1of inlx Γ � e.fst :else �τ1e.snd : τ⇒ eΓ2 � e.snd [µt.τ /t]τ Γ � e2[µt.τ Γ �: :� eΓ 1e × 2 � : /t]τ [µt.τ e� UBSUME : τ � � : [µt.τ /t]τ Γ :τ[µt.τ ≤ e : τ Γ � [µt.τ /t]τ OLL T-V AR 2 T-S � T-R OLL T-V AR T-S UBSUME T-R OLL T-V T-S UBSUME T-R OLL T-V AR T-S UBSUME /t]τ τ ≤ � eT-V : τAR � T-R AR UBSUME T-R OLL roll(e) : µt.τ Γ x�e:Γ Γ(x) :Γ ττ∪ � τΓ � eΓ: µt.τ Γ �Γe�:ΓΓ τ2� � �eΓ:eΓ�τ:1�e[µt.τ + τ:`� ∪x: τ{x:τ }AR � e1{x:τ : τ 1 }}τ` : τ 2τ}} ` roll(e) x :τ2τ1eΓ 2Γ(x) 1τ 2�{y:τ � τ:1Γµt.τ � e2OLL :Γτ2Γ � τ:221Γ(x) ×T-V �� e:Γττeµt.τ :� × ΓΓ � Γ x:/t]τ Γ(x) Γ �}T-V e� :e∪ :µt.τ Γ� ∪ eT-S 1ττ 2Γ Γeroll(e) 2:/t]τ 11� � e:e� :T-R :Γτx τ:Γ + τOLL Γ ∪ ��Γe≤ eΓ11∪ Γ �ASE e:Γ:µt.τ [µt.τ τe2eτ� ≤ Γ22 �:� τe Γ:ττ��≤ e:Γ` :roll(e) τ::{y:τ �Γ :T-S � : �µt.τ Γe� :e+ Γ(x) :{y:τ τeτ �:τND roll(e) x τ: Γ(x)Γ � e : τT-S UBSUME T-R AR 2 1 2T-C �{x:τ �Γ �� IGHT Γ � e 2 : τ2 Γ[µt.τ ��eΓΓ τ[µt.τ τroll(e) Γ /t]τ �Γe �:T-P τroll(e) ×OLL τ:2Γ[µt.τ ΓT-F �Γ e≤�:T-V µt.τ 1 × 2e 1 ROD ST T-U NROL T-R IGHT T-C ASE T-R OLL T-V AR T-S UBSUM T-R IGHT T-C ASE Γ � e : /t]τ Γ � : [µt.τ /t]τ τ τ Γ � e τ : τ ≤ τ Γ � e : τ T-R AR T-S UBSUME : µt.τ Γ � x : Γ(x) Γ � e : τ T-R OLL T-V AR T-S UBSUME ΓT-P � ROD inrτ1 +τ e inr :� τroll(e) τΓ2 �eT-R �Γ case eΓ inlx eT-V else inry ⇒ ::τ:τNROLL T-F T-S ND T-U 1 τ++τ 1inlx 2inry ,+ e�2ST Γ �of : ee⇒ τx1of e.snd τ2⇒ � unroll(e) ΓΓ2` ::(e τ)τroll(e) `�e.fst case eeΓ11��else ee22Γ:: τ� e : τΓ T-S 22: τ1 × τ:2T-R Γ �Γroll(e) :Γ(x) µt.τ Γ xΓ :�eΓ(x) Γ � e: :[µt.τ τ /t]τ � inr :1τµt.τ τ1OLL Γ case of inlx ⇒ else inry ⇒ Γ µt.τ Γ � : Γ(x) OLL T-V AR AR ⇒ T-S UBSUME UBSUME Γ � x : e τ11 +τ22e 1+ →µ ) : τ1 × τ2 Γ � e.fst : τ Γ � e.snd : τ Γ � unroll(e) : [µt.τ /t]τ →µ 2 2. Static L.+× .Γ→µ Γ � roll(e) : µt.τΓ � roll(e) : µt.τ Γ � Figure x Figure : 2. Γ(x) Γ 2. �semantics xStatic : Γ(x) e : .τ Γ�e:τ Figure Static ofsemantics Lof 2. 2.semantics Static semantics of L→µ .� Figure L→µ +× +× Figure Static semantics of Lof Figure 2. Static semantics of L→µ +× .+× +× . � L→µ . � Γ � e1 : τ1 ΓΓ `� eΓ � e : τ Γ � e : τ × τ Γ � e : τ × τ Γ � e : µt.τ Figure 2. Static semantics of 2 2 1 2 1 2 →µ Γ � e : [µt.τ /t]τ τ ≤ τ Γ � e : τ : τ Γ ` e : τ Γ ` e : τ × τ Γ ` e : τ × τ Γ ` e : µt.τ →µ +× 11 : τ11 22 : τ22 11 × τ22 � 11�→µ 22 e Γ � e Γ � e : τ Γ � e : τ × τ Γ � Figure 2. Static semantics of L . Figure 2. Static semantics of L . T-P ROD T-F ST T-S ND T-U NROLL Figure Γ � e : [µt.τ /t]τ τStatic ≤STτsemantics Γ→µ � eof: L τ +× . T-S +× T-R2.OLL T-V AR +× T-S UBSUME T-U NROLL T-P T-F T-P ROD T-F ND Γ � (e1 , e2 )Γ:T-R × ,τe2 ) : τ × τ ΓROD :ΓAR τ`� Γ �ST e.snd : +× τ`2Γe.snd Γ �ND unroll(e) :unroll(e) [µt.τ /t]τ Figure 2. Static Figure 2.ofStatic L .semantics ofT-S L→µ . 1 :e.fst T-V T-S Γ� �e.fst roll(e) µt.τ � x : Γ(x) Γ :�[µt.τ e : τ/t]τ T-U NROLL `τ1(eOLL Γ :: ττ11semantics Γ : τ UBSUME Γ +× e.fst Γ` � unroll(e) Γ � roll(e) : µt.τΓ � (e11 , e22 ) : τ11 × τ22Γ � x : Γ(x) Γ � eΓ: τ� e.snd : τ22 � 0→µ Γ � e : [µt.τ � e :semantics τ� Γ ΓΓ/t]τ `� ee :: [µt.τ /t]τ :: τL ττ0� ≤ Figure 2. Γ Static . UBSUME [µt.τ /t]τ Γ` �τeeof≤ ττ�+× ≤τ →µ T-R OLL T-V AR T-S T-R OLL T-V AR T-S Figure 2. Static semantics of L . T-R OLL T-V AR T-SUBSUME UBSUME +× Γ � roll(e) Γ ∪ {x:τ } � τ }} `� xx :: ττ Γ�e:τ Γ ΓΓ :`�µt.τ roll(e) Γ ∪ roll(e) :: µt.τ µt.τ Γx ∪:{x:τ {x:τ Γ` � ee :: ττ
0 Γ � E[τ � ] :ΓΓτ `� E[τ E[τ �]] :: ττ� Γ ∪ } ΓΓ �∪ E[x] : 0�τ}(e) not free in Evaluation contexts E [(E) ](x|(E) succ(E) sqrt(E) ||E) E (e) v (E) | inl |1inr Einry | case ⇒ e1 els {x:τ ττ|E (x not in τ τinry Evaluation contexts []|][ suc(E) |::= sqrt(E) E inl inr case E of inlx ⇒ eelse else e| 2 ⇒ |of einlx Evaluation contexts EEE::= [E | {x:τ sqrt(E) |(e) E (e) |` v||E[x] |::|inl ||EE) inr E case E| |case of inlx eE e2 eE ∪ {x:τ }::= E[x] (x not in E) τ τE τ| E τfree 1e Evaluation contexts E contexts ::= [::= suc(E) |]|sqrt(E) |E || vE(e) (E) inl inr |free case E of inlx ⇒ e⇒ else e⇒ |⇒ τv τcontexts 2| ⇒ Evaluation contexts ]|[succ(E) suc(E) || sqrt(E) || E vv||(e) | inl ||Einr inlx ⇒ else inry Evaluation [suc(E) succ(E) | sqrt(E) |� (E) E ||E ET-C E of inlx ⇒ else τ |Einl τTXT 2e|2| |inl τ case 1⇒ 2 τ| E | inrτ E TXT �E Evaluation contexts E]|::= ::= ]| | sqrt(E) (e) v(E) (E) |τT-C inr E| case |::= Eofof inlx ⇒1einry inry ⇒ Evaluation E [ ]|E suc(E) |1sqrt(E) |eE (e) vinry (E) T-C TXT τinr 1 else 0|� inlτ E Γ � E[τ ] : τ e)E[τ | (v, | E.snd | roll(E) Γ `� :unroll(E) ττ | E.fst Evaluation contexts E ::=| [roll(E) ]||(E, | ]sqrt(E) | E (e) | v (E) | inlτ E || unroll(E) inrτ E | case E of inlx ⇒ e1 else in Γ E[τ :unroll(E) (E,| e) e)e) |E) (v, E) |[E.fst E.fst E.snd |[suc(E) roll(E) |(E, (v, E) |E|E.snd roll(E) |]|E) (E,(E, (v, |e) E.fst E.snd unroll(E) Evaluation E|E.snd ::= ]|| roll(E) suc(E) Eτ E (e)| E |inr v of (E) inlE) inr Einry case inlx|⇒ ⇒ | (v, E) E.fst |(e) τ Ee | |(v, E) || E.fst roll(E) | τunroll(E) Evaluation contexts E ]|| contexts suc(E) E|| →µ (e) (E) | inl Einlx | (v, case of τinlx ⇒⇒e1eE ee21 |else Evaluation contexts E ::= [e)]|(E, suc(E) |::= sqrt(E) | |vE.snd (E) inl |vunroll(E) E || case ⇒ else | of inry τe) τ E|||sqrt(E) 1|E.fst (E, e) |]| (v, E) | |E.fst |sqrt(E) E.snd ||roll(E) ||inr unroll(E) (E, |inlx |E | |E.snd |2else unroll(E) Evaluation contexts E ::= [ ]| succ(E) | sqrt(E) | E (e) | v (E) | inl E inr E | case E of ⇒ eτ 1(v) else ⇒inry eroll(E) Evaluation contexts Evaluation E values ::= [ ]| contexts suc(E) E | sqrt(E) ::= [ suc(E) | E (e) | | sqrt(E) v (E) | inl | E (e) E | | inr v (E) | | inl case E | inr of inlx E | case ⇒ e E else of inry inlx ⇒ |else τ|.E τ)E 2 | ⇒ e2 | →µ τ τ τ τ 1 1, v Values v ::= n | r fun f (x : τ : τ = e | inl (v) | inr | (veinry →µ (E, e) | (v, E) E.fst | E.snd | roll(E) | unroll(E) Figure 2. Static semantics of L 1 2 τ 12 2 ) | roll(v) Values v ::= n | r | fun f (x : τ ) : τ = e | inl (v) | inr (v) | (v , v ) | roll(v) v ::= n | r | fun f (x : τ ) : τ = e | inl (v) | inr (v) | (v , v ) | roll(v) Figure 2. Static semantics of L . +× 1 2 τ τ 1 2 1 2 τ τ 1 2 values v ::= n | r | fun f (x : τ ) : τ = e | inl (v) | inr (v) | (v , v ) | roll(v) Figure 2. Static semantics of L . e) (v, | |E.fst ||2|)roll(E) unroll(E) 1 τroll(E) 1+× values v ::= | |r(v, | fun f(E, (x :fτ2:(x |e inl (v) inr (v) (v Values v ne) ::= nr ||E) rfun | |fun τ:E) ) 2= : |τ= = einl inl (v) (v) (v e) E.fst |τ|E.snd roll(E) +× (E, E.fst |:E.snd |(E, |ττ|E) unroll(E) 1| )(v, τ inr 1E.snd 12τ 2e τ| 2 values ::= fE.snd (x | inr (v) || (v ,2v)12,|)nvroll(v) roll(v) v|,|1vunroll(E) ::= r| |roll(v) fun f| (x : τ1 ) : τ2 = e | inlτ (v) | inrτ (v) | (v1 τ (v) τvalues e)n|||(v, E) unroll(E) (E, e) |v(E, (v, E) E.fst (E, e)| |E.fst (v, E)τ|1|v)|E.snd E.fst roll(E) |||unroll(E) values ::= n ||| roll(E) rE.snd fun |f|roll(E) (x : τ1 ) : |τunroll(E) 2 = e | inlτ (v) | inrτ (v) | (v1 , v2 ) | roll(v) values v ::= n | r | fun f (x : τ ) : τ = e | inl (v) | inr v2 ) | ⇒ roll(v) 1 2 τ τ n | r | fun f (x : τ ) : τ = e | inl (v) | inr (v) | (v , v ) | roll(v) values vEvaluation ::= n |values rcontexts | funv f::= (x : τ ) : τ = e | inl (v) | inr (v) | (v , v ) | roll(v) 1 τ 2 | E (e) τ (E) 1 E2 | case(v) 1 [ ]| suc(E) 2 τ 1 |2inlττ E | inr sqrt(E) E| (v of1 ,inlx e1 else inry ⇒ e2 | Values n | vr|fv|(x fun :fun τ= :einr τ(x (v) inr (v v2 ) inry roll(v) values|vsqrt(E) ::= nv| r|::= values | fun ::= : τn1||f)� E r(x : τ| 2::= |2inl := τ1τ)|e(v) :||τinl = ||inl | (v ,⇒ v|2|v)|inr |1roll(v) | (v v2 )e|2τroll(v) 1 )| f τE 1else 2| inr τe(v) ττ(v) 1(v) τ, (v) 1, ⇒ contexts E ::= [ ]| suc(E) E (e) (E) inl E case of inlx e | τ E(e) τ(E) � � Evaluation contexts E ::= [ ] | succ(E) | sqrt(E) | E | v | inl E | inr E | case E of inlx ⇒ e else inry ⇒ e | e → � e τ (E) | inl τ 1 inlx ⇒ e else2 inry ⇒ e | � �→ � e e e → � e � Evaluation contexts E ::= [ ] | succ(E) | sqrt(E) | E (e) | v E | inr E | case E of � inlx ⇒ 11 (E, e) | (v, E) | vE.fst | E.snd | roll(E) |eunroll(E) E (e) (E) � e contexts E ::= [ ] | succ(E) | sqrt(E) e �→ eeEvaluation ττE | inr ττE | case 22 e|e(v, � e|� inl �→Eβ eof ee)�→ e�→ � β � � (E,�→ E) | E.fst E.snd |E.fst roll(E) | unroll(E) � ee�ee�→ β � eE.snd �→eβe�→ (E,� e) || (v, E) |e) | E.snd | roll(E) || unroll(E) e�→ �→ e�→ e �→ evalues e2 �TEP TEP β τβ � E) βτO-S e → � e e → � (E, | (v, E) | E.fst | roll(E) | unroll(E) TEPe | inlτ (v) | inrτ� (v) | (v � 1O-S � O-S β e v ::= n | r fun f (x : ) : = , v ) | roll(v) (E, e) | (v, | E.fst | E.snd | roll(E) | unroll(E) 1 2 e → � e O-S TEP � � e� �→ O-S O-S e �→ e � | fun f (x ] � roll(v) e E[e] �→β e�→ E[e � O-S TEP� TEP O-S TEP � TEP E[e] �→ ]� ]|E[e E[e] → � E[e ] values : nτe1|)r: |τfun | inl | inr (v) | (v , v ) | �E[e 2 = fe(x τ)(v) τ 1E[e] 2 � E[e] → � E[e ] e �→v e�::=e n�→| erValues e �→v e::= : τ : τ = e | inl (v) | inr (v) (v , v ) | roll(v) e → � e → � E[e E[e] → � ] 1 τ E[e 1�→β 2(v) β einr e || (v TEP e�→ E[e] �→ E[e� ] �e �→ Values vv ::= ::= nn || rr || fun fun (x :: ττ11e)) �→ = e |β|βinl inl (v) (vO-S vTEP roll(v) � O-SO-S 1,, v Values ff2(x :: ττβ22 τe= ||]inr || roll(v) 1 22))�→ TEP e eE[e] �→ e� τ�τe(v) �→ e� ττ(v) β TEP O-S E[e] E[e ] TEP E[e] �→ E[e� ] stuck(e) TEP�] O-S O-S �TEP E[e] �→ ] E[e]� �→O-S E[e stuck(e) stuck(e) � E[e stuck(e) e �→ e� stuck(e) stuck(e) E[e]] �→ E[e stuck(e) E[e] �→stuck(e) E[e E[e] ]� �¬∃v : (e = v) � E[e stuck(e) stuck(e) �] �→ �→ ee�� ¬∃e� : (e �→ e� ) � � ee �→ �(e �e e : :(e ¬∃e : :¬∃e )� )�→ :=(e === v):v) ¬∃e :�→ �→)�→ )(e �(e � e stuck(e) ¬∃v¬∃v � � )� :¬∃v (e¬∃v v) ¬∃e :¬∃e (e¬∃e e(e � � ¬∃v (e v) → � e ¬∃v (e = v) : TUCK : (e = v) : (e → � e ) = v) ¬∃e� : (e �→ e� ) e → � e stuck(e) S TUCK � S: βTUCK ¬∃v : (e = ¬∃v v) (e stuck(e) �→¬∃e e )�� : (e �→ e�� )¬∃v :S(e e �→β e stuck(e) � stuck(e) S TUCK TUCK (eS¬∃e = v)S:O-S TUCK eO-S �→βTEP β ee ¬∃v : (e = v) ¬∃e : (e → � e ) e → � � � S TUCK S TUC stuck(e) e �→ e� stuck(e) TEP stuck(e) S TUCK stuck(e)stuck(e) � � � � stuck(e) � = v) � � � := : :(e(e ¬∃e : (e �→ eSS)TUCK TUCK O-S TEP: (e = ¬∃v :stuck(e) ¬∃e ¬∃v v) �estuck(e) ¬∃e �→E[e] estuck(e) stuck(e) stuck(e) TEP �→ E[e � (ev) � �)¬∃v �] �→ e ) E[e] �→ E[eE[e] ] �→ E[e �→ e(e �� ]: O-S β�→ stuck(e) S TUCK ¬∃v : (e ¬∃v =¬∃e v): (e ¬∃e :)(e → � e ) ¬∃v (e = v) : (e = v) e ¬∃e : (e → � e ) stuck(e) S TUCK S TUCK E[e] → � E[e ] ∗ � TEP stuck(e) � O-S e �→ e Sstuck(e) TUCK S TUCK S TUCK �∗ ∗ stuck(e) e∗�e� � � ∗ e� E[e] �→eE[e ∗] � � � e �→e∗e�→ e�→ �→ stuck(e) �∗ � ��∗ ∗ �� �� stuck(e) stuck(e) e �→ e� e� �→∗ e�� e �→ee∗ �→ e �→ e� �→e e e�� ��→ stuck(e) � �→ ∗ e�∗�� ��∗ �� ��→ ∗ � e e ∗ � e → � e e � e → � e e ∗ �� e → � e e → � e e → � e → � e e → � e e → � e � � M STEP -TeRANS ∗ M STEP -R EFL e → � e e → � e �→ e� e� �→ ∗ � M STEP -T RANS ∗ �: (e ∗= v) ∗ � M STEP RANS � �→ EFL MM STEP -R-R EFL � ∗ ∗ �� �� ¬∃v : ��(e �→ e-T )M ee∗STEP �→ eeSTEP -TM RANS �� M STEP ∗M � �→ �� ��∗ ∗ �� ¬∃e -R EFL e M STEP -TSTEP RANS -T RANS �M �-R EFL M STEP -RSTEP EFL M e e e → � e ∗e ∗e ∗e � e → � e e → � e ∗ �e �→ ∗ e ��→ � � ∗ �� STEP -T RANS ∗ ∗ �� � � ∗ �� ∗ ∗ stuck(e) STEP -R EFL M STEP -R EFL → � e → � e e → � e e → � e e → � e e → � e � � ∗ �� � � ∗ �� = v) (e �→ e ) ��e ∗ �� e �→ e �→ e �→ e e �→ e e �→ e ¬∃v : (e ee �→ e ∗ ��e �→ eM STEP -T RANS e �→ e∗ �→ �→ eSTEP �→ e � EFL �→ ee∗�e�→ e � e∗�→ e ��∗�→ �→ ee� STEP eRANS � �e -R � �→ ∗�→ e �→e∗¬∃e e M:eSTEP eS TUCK � Me ∗e �� M -R EFL: S ∗ e¬∃e stuck(e) TUCK ∗ �� M STEP -T RANS e �→ e ¬∃v =-R :eSTEP (e ee�→ �→ e�→�→ e)�→ �→e-T e��eM M�→ STEPe-T -T RANS eM�→ -R M(e STEP -R EFL �→ ee∗EFL STEP STEP ev)e�→ e�→ e-T M STEP EFL ∗ eeM ∗ RANS �� M STEP ∗ ��e e �-R EFL∗∗ e ∗ -T �� RANS stuck(e) ∗e �→ �� � � S TUCK e → � e e → � e e → � e � e �→ M STEP RANS e → � e M STEP -T RANS M STEP -T RANS M STEP -R EFL e → � e STEP M STEP � β e �→ e -R EFL stuck(e) ∗ � ��e �→ ∗ e �� e �→ e β eM�→ ∗ e-R EFL � e�→eee��→ � e �→eβ�→eeβ�→ e β�→ e �→ e e �→∗ e�� �→∗∗ ee� e �→ e e� �→∗ e β ββ ee�β e ee �→ e e�→�→ β ee ee �→ e → � e � � � β � � �� � � root of e �→ er=� =root en� of �→∗root e�� ofofn n e �→ e n square =� successor nroot r = square rroot r = square root ofsquare r = square root of n rroot n� = of � � ∗ of�� e ���→ e� of e �→ e∗= nsuccessor rr= of n� successor successor n nn of r� �square square root of r �rrr of rsquare square r= = square root of � successor �esquare �ofR-T r��= = square of =βsuccessor successor of nnβr = of nnof r = root of r r root of e → � e → � e STEP RANS enβ�→ M STEP -R EFL n�e=�= = successor of = square root of nne�successor = r = square root r β-S UCC β-S r = square root n r = square of n NN e �→β e� e �→ �→ β-S QRT NMnQRT β-S UCC β-S QRT R β ee ∗ ∗ �� β n = of n r = square root of r n = successor of n rroot = square root of r β-S UCC β-S QRT R r = square root of n � β-Sβ-S UCC � β-S UCC e �→ e β-Sβ-S Rβ-S �QRT � ∗ �� β-S QRT β-S QRT � � �β-S UCC � � � QRT β-S QRT N β-S QRT R β-S QRT R � � β-S QRT N M STEP -T RANS e → � e M STEP -R EFL β-S UCC QRT R UCC R sqrt(n) → � r N root N QRTsqrt(n) succ(n) �→ sqrt(r) �→ r r�→β�→ �→of ��→n �� β �→ e� root β �→ �→�→ n sqrt(r) �→esqrt(r) n UCC =� successor of =QRT of ∗ �succ(n) ∗sqrt(r) �� βr n �→ β β rnR �esquare r QRT =β-S square β-S Rsquare β-S UCC β-S QRT �� β-S �� e� �→� e r β β β-S QRT succ(n) �→ sqrt(n) suc(n) rβrrr�→ sqrt(n) r rr�→β r β-S sqrt(n) r�→ �β n ��→ β � sqrt(r) β β β � ββ n succ(n) → � n sqrt(r) → � suc(n) → � n → � r sqrt(n) → � r e → � e e → � n = successor of n r = root of r β β β succ(n) sqrt(r) r sqrt(n) suc(n) → � n sqrt(r) → � sqrt(n) → � r =βNsquare root of β-S n M STEP -T RANS β β β β n = successor of n r = square root of r M STEP -R EFL β-S UCC β-S QRT R n � = successor ofβ n r � = square root rβ-S =�→ square root �→ of nr� root of suc(n) �→ sqrt(r) �→of sqrt(n) rn sqrt(r) suc(n) � � � ∗ ∗ �→ �� β n r = square β rr β R � r � β-S UCC QRT n = successor of n r = square root of r β-A PP n� = successor nof =nsuccessor of n r = square root = of square r root of r r = square root of n r = square root r = of square n root of n e → � e e → � e β-S UCC β-S QRT R suc(n) → � n sqrt(r) → � r sqrt(n) → � r β-S UCC β-S QRT R � � � β-S QRT N β-S QRT N β-A PP β β β β-A PPPP �β-S �β-Ssqrt(r) � (x �: τQRT β-A β-A PP e → � e → � (fun f : τ ) : τ = e)(v) → � [(fun f (x : τ ) = e)/f ][v/x]e suc(n) → � n → � r sqrt(n) → � r β-S UCC β-S QRT R β-S UCC UCC β-S R QRT R β β-S QRT N 1 2 1 2 β �→ βPP β-A β QRT n:: τ:τ11τ))1:): ττ:22τβ2= �→ ][v/x]e rβ-S QRT N suc(n) sqrt(r) r �sqrt(r) �→ β-A (fun f(x (x:::ττ:τ11τ�1)�→ ):)::βττ:τ22rτ22= =e)/f e)(v) �→β-A [(fun fPP (x : β-S τrPP : τ2N= e)/f � �→β n � suc(n) ��→ ��→ β(x �→ (fun = e)(v) e)(v) [(fun = e)/f ][v/x]e β 1 )sqrt(n) β sqrt(n) β�→ PPβ (fun f(x e)(v) [(fun f(x e)/f (fun ff:(x �→ [(fun ][v/x]e β β succ(n) �→ �→ r(xβff:[(fun sqrt(n) �→ (x τf(fun : :τfτ2:sqrt(r) �→ f�→ τf(x :r:τfτ)21:1(x suc(n) �→ suc(n) �→ n(fun �→ r[(fun sqrt(r) �→ �→ rβ-A �→β r β β n (fun β r 1(x 1(x β n βf(fun β (x )= :sqrt(r) τ ββ= e)(v) )= :][v/x]e τsqrt(n) =][v/x]e e)/f ][v/x]e )1:):e)(v) ττ:21τ= e)(v) �→ [(fun )1:):e)/f ττ:21τ= e)/f ][v/x]e 2e)/f 1 β β β-A PPf (x : τ1 ) : τ2 = e f) (x τ= f)β (x τ= ][v/x]e (fun f (x : τsqrt(n) 2 =2e)(v) �→ 2 = 1 ) : τ2 = e)(v) �→β [(fun β [(fun � � : τ ) : τ = e �→β e� β-L EFT β-A PP (fun f (x e)(v) → � [(fun f (x : τ ) : τ = e)/f ][v/x]e β-A PP β-A β-L EFTn 1 2 1 βr β-L EFTPP n inl = successor of n fe(x ref3= square root of square root of EFT EFT β-R IGHT (v) of inlx ⇒ else inry ⇒e)(v) �→ � case (fun (x :βinl )[(fun :(v) = e)(v) [(fun finry (x][v/x]e :β-A τ1⇒ ) 2r:eτ= =βe)/f ][v/x]e τf 2β-L 1[v/x]e 22 β-A β EFT β-R IGHT β-A PP (fun : τβ-L τ[(fun = fof τ�→ )⇒ : eτβ-L = e)/f (fun (x⇒ : τeinl )�→ :τr τ(v) =of e)(v) �→ fcase (x :�→ ττinl )⇒ ττe(v) = e)/f ][v/x]e β-L EFT β-R IGHT β-L EFT IGHT case of inlx else [v/x]e 1 )⇒ 2 1⇒ inl (v) of inlx inry �→ [v/x]e 2 β: β-L τ:root 32β�→ 2 β-R β(x β-S UCC QRT R PP uccessor case ofcase ninl r = square root of β-R IGHT β-L EFT ee[(fun else inry ⇒ �→ [v/x]e β-S QRT N = square n:τ⇒ inl ofof inlx |2:inry [v/x]e inry e3βPP �→ [v/y]e 22 EFT 332][v/x]e β τ�(v) 2e 2τ[v/x]e 2 e|][v/x]e 3 [v/y]e β �τ �inlx (fun fcase :⇒ τ13⇒ )n3f[v/x]e :⇒ τ2β-S = e)(v) ττ1β1(v) )case τof = (fun (x τ| 1⇒ )case :2(x = e)(v) (x :�→ τ[v/x]e )inlx [(fun :βR =⇒ fe)(v) (x :relse τ�→ [(fun τinl = e)/f f:τeinl (x :(v) τof )of :(v) = (v) of inlx ⇒ e⇒ |feinry eτ3|2(fun �→ case (v) of inlx e22β-S |2e2inry inry ⇒ e⇒ �→ [v/y]e 1 2�→ β 22�→ 1 )f 2 :case 1e)/f 2][v/x]e τ UCC 2 inlx 2�1�→ 2e)/f 3 3�→ β β:(x βe case inl of ⇒ e inry e inl of inlx ⇒ e | inry ⇒ e case inl inlx ⇒ inry → � case inl inlx ⇒ | inry ⇒ e → � [v/y]e τ (v) 3 2 τ 2 3 3 β τ (v) τ 2 3 3 β β β-L EFT β-S QRT case inl (v) of inlx ⇒ e | inry e [v/x]e (v) of inlx ⇒ e | inry ⇒ e → � [v/y]e case inl inlx ⇒ e | ⇒ e → � [v/x]e case inlτ (v) of suc(n) → � sqrt(r) → � r sqrt(n) → � r β-S QRT N τ 2 3 2 τ 2 3 3 τ 2 3 2 β = square root of r β β β of n β n = successor of case n r r = square root � � β β-L EFT inl (v) of inlx ⇒ e | inry ⇒ e → � [v/x]e case inl (v) of inlx ⇒ e | inry ⇒ eβ-R β-L EFT β-R IGHT β-L EFT β-R IGHT c(n) �→β n sqrt(r) → � r sqrt(n) → � r τ 2 3 2 τ 2 3 �→IGHT β β β β-S UCC β-S QRT R β-S QRT N NROLL β-F ST of β-S ND β-R IGHT case inl (v) ofe2EFT inlx ⇒ eββ-R |⇒ inry ⇒ e3[v/y]e �→τβ-S [v/x]e case inl (v) ofNROLL inlx ⇒ IGHT eβ-F |ND inry ⇒ e β�→[v/y �2ND τ2ST 2 inl τ2β-U ST β [v EFT β-L β-L β-R IGHT β-R ST β-S case inl (v) e�→ |(v) inry ⇒ eβ-L �→ [v/x]e case (v) of inlx ⇒ e�→ | β-U inry ⇒ eβ-R case inr (v) ⇒ else inry �→β-S ⇒ ⇒ ⇒ ⇒ �→ β-U β-F case inlτ (v) inlx ⇒ eβ�2|β-F |1of inry ⇒ST⇒ [v/x]e of inlx ⇒ e2β-F |IGHT inry ⇒ eβ-U [v/y]e β-F ND 3 ⇒ τβ-R 3 �→ 3ND 3 τinlx 3EFT 3ND β2 [v/y]e β inl IGHT ST β-S 3inlx 22sqrt(r) 3v 3 NROLL β succ(n) �→ n �→ sqrt(n) �→ rvNROLL β-A PP β-U NROLL β-F β-S ND β-F ST β-SIGHT (v ,of vinl �→ v⇒ (v ,inlx v[v/y]e ).fst ve2rcase unroll(roll(v)) �→ case inr of inlx e2�→ else inry ⇒ e|β(v) �→ [v/y]e ⇒ |eST ⇒ ⇒ | inry ⇒ �→ βτ β β 2, ).fst 1(v β β τβ 2v 3 �→ 3 β [v/y]e case inr (v) of ⇒ e else inry ⇒ e (v , ).fst → � v (v ).sn of inlx ⇒ e | inry ⇒ e → � [v/x]e case inr (v) of inlx ⇒ e | inry ⇒ e → � [v/y]e case inlcase (v) inl of inlx ⇒ e (v) | inry of inlx e ⇒ → � e | [v/x]e inry ⇒ e → � [v/x]e case inl (v) of case inlx inl ⇒ e (v) | of inlx ⇒ e ⇒ → � e | [v/y]e inry ⇒ e → � [v/y]e (v1case v(v) ).fst → � v (v , v ).fst → � unroll(roll(v)) → � v τ 2 3 3 1 2 1 1 , v2NRO τ,τ(v) 2 3 2 τ 2 3 3 β β τ τ 2 3 2 2 3 2 τ τ 2 3 2 3 3 3 β β β β β β 21(v 1 1 2 2 β β β (v , v ).fst → � v (v , v ).fst → � v unroll(roll(v)) → � v v ).fst → � v , v ).fst → � v unroll(roll(v)) → � case inr of inlx ⇒ e else inry ⇒ e → � (v , v ).fst → � v (v , v ).snd → � v 1 2 1 1 2 2 β β β 1 2 1 1 2 2 β β β 2 3 3 1 2 1 1 2 2 β β β β-U β-F ST β-S ND (fun(vf1(x τ1 ) : τβ-F =ST e)(v) (xβunroll(roll(v)) : vτ1 ) : τ2 =β-S e)/f ][v/x]e (v1 , v2 ).fst �→β v1 , v2: ).fst v2 PP(v�→ → � v 2�→ 1 ,βv[(fun 2 ).fst f�→ 1 , v2 ).fst �→β v2 β β-A β (v ND β-U NROLL (v v: 2τβ-F vβ-S (v1(v , v2β-S ).fst unroll(roll(v)) �→β�→v v β-U N β-U NROLL ND �→ β-U β-F β-F ST β-S ND (fun f (x : τ1 ) : τ2 = e)(v) �→ [(fun fβ-F (x : τ2 �→ =β�→ e)/f 1 ,ST 1 ][v/x]e β NROLL 1v) ST β ST PP β-S ND �→β-S β-U NROLL ,).fst vND vunroll(roll(v)) �→vβ2 β-A v unroll(roll(v)) unroll(roll(v)) 21).fst 1(v 1 ,�→ 2β).fst β β-S β β-U NROLL ND NROLL β-U β-U ST ST (v ).fst v(v v2β-S ).fst �→ v (v(v �→β-F v (v ).snd �→ v).snd , 2v).fst �→ v1 ,1 v(fun , vvβ22).fst �→ v1v,2unroll(roll(v)) �→βNROLL v β-U 2β-F 1 ,1v 1 β β NROLL 1 ,β-F 2 �→ β-U NROLL 2 ).fst βv βND EFT β-R IGH (x :βv1τ2,1Figure )121:).fst τ(v = [(fun (xof :β-L τ2of )unroll(roll(v)) : .→µ τvND = e)/f ).fst �→ST v11�→ unroll(roll(v)) �→ββ 2vv�→ (v �→ 2 1→µ 22unroll(roll(v)) βv →µ][v/x]e →µ 1,, e)(v) 2 f�→ βfv βv Figure 3. Dynamic semantics L . v (v1 , v2 ).fst (v v(v111,,�→ vvβinl (v v → � (v v , ).fst v unroll(roll(v)) → � → � v (v vβ-L (v v ).snd → � unroll(roll(v)) → � v 22).fst 2 1 2 1 , v�→ 2 ).fst 1(v)�→ 1 2 2 β β case β β β β β β β →µ →µ 3. Dynamic semantics L +× unroll(roll(v)) → � v Figure 3. βDynamic . inlβ-R β 3. 3. semantics ofof L+× .Lcase of inlx ⇒ e2 |Figure inry ⇒ eDynamic �→ [v/x]e of inlx ⇒ e | inry ⇒ e → � [v/y]e +× IGHT τ EFT 3 Dynamic 2 semantics τ (v) 2 3 3of L β +× Figure semantics Lof . Figure 3. Dynamic semantics . →µ +× +× of inlx ⇒ e2 | inry ⇒ e3 �→β [v/x]e2 case inlτ (v) ofβ-L inlx ⇒ e | inry ⇒ e → � [v/y]e 2 →µ 3→µ 3 →µ Figure 3. βDynamic semantics of L . . →µ EFT β-R IGHT +× →µ Figure 3. Dynamic semantics of L . Figure 3. Dynamic semantics of L →µ +× Figure 3. Dynamic semantics of L . +× Figure 3. Dynamic semantics of L . Figure 3. Dynamic semantics of L . β-U NROLL β-F ST23. Dynamic semantics β-S case inlτ (v) of inlx ⇒ e2 | inry Figure ⇒ e3 �→ [v/x]e (v) of e2 | semantics inry ⇒ eof →µ inr →µND →µ 3 �→→µ β [v/y]e3 Figure ofLτ+× L . inlx +× →µ +× 3.βFigure Dynamic Figure semantics 3. Dynamic of1case L .semantics . ⇒+× Figure 4. Dynamic L+× . 4.4. Dynamic semantics ofof (v1 , v2 ).fst β-S �→βND vFigure (v , v+× �→ vof unroll(roll(v)) �→β v +× Dynamic semantics L .2 L +× NROLL β-F ST 1 2 ).fst β.β-U +× , v2 ).fst �→β v1 (v1 , v2 ).fst β-F �→βSTv2 unroll(roll(v)) β-S ND �→β v β-U NROLL (v1 , v2 ).fst �→β v1 (v1 , v2 ).snd �→β v2 unroll(roll(v)) �→β v Figure 3. Dynamic semantics of L→µ +× . →µ 3 2012/7/10 The Integer type may be encoded as τ , and the LowBoundNat recursive types get eliminated Figure 3. encoded Dynamicassemantics L+× . The Integer type may be τ , and theofLowBoundNat recursive types expectby unrolling, so 3 2012/7/10 →µget eliminated by unrolling, so one would2012/7/11 3 � � �type as τ � . OneFigure � � µt.τ to be a subtype of µt� .τ � if the un Dynamic semantics of L . a subtype would4.expect τ ≤τ in an iso-recursive system type +× 3 2011/7/8 type as τ . One would expect τ ≤τ in an iso-recursive system type µt.τ to be of µt .τ if the unrolled version of 3 2011/7/82011/7/8 2011/7/10 3 3 3 2011/7/8 because thecan only a τ -type be eliminated is a of subtype the3 unrolled version of µ because the only way a τ -type expression be way eliminated is expression µt.τ iscan a subtype of the unrolledµt.τ version µt� .τ � .ofWhen con3 is 3 by unrolling it,{add:τ to produce an3expression of type {add:τthese →unit}, sideringare whether these 2011/7/8 unrolled versions2011/7/8 are in a 3 whether by unrolling it, to produce an expression of type →unit}, sidering unrolled versions in a subtype relation3 3 2011/7/8 2011/7/8 ⇓ unrolling Derivation fails here ⇓produces � � whether [µt.τ /t]τ ≤[µt� .τ � /t� ]τ � ), on while a τ � -type expression an expression of type while unrolling a τ � -type expression produces an expression of type ship (i.e., whether [µt.τ /t]τ ≤[µt�ship .τ � /t(i.e., ]τ ), one can assume that
These types arise naturally when encoding the following OOPL classes into a language like L→µ +× (extended to have record, unit, and int types). class Integer { public Integer(int i) {n=i} public void add(Integer i) {n = n + i.n} protected int n=0 } class LowBoundNat extends Integer { public LowBoundNat(int lowBound, int i) {if 0 f a l s e ) orelse case ( et1 , et2 ) of ( ENat , EReal ) => t r u e ( ∗ S−Base ∗ ) | ( ENat , ENat ) => t r u e ( ∗ S−Nat ∗ ) | ( EReal , EReal ) => t r u e ( ∗ S−R e a l ∗ ) | ( EFun ( t 1 , t 2 ) , EFun ( t 1 ’ , t 2 ’ ) ) => ( ∗ S−Fun ∗ ) s u b h t 1 ’ t 1 ( n o t swapped ) a n d a l s o s u b h t 2 t 2 ’ swapped
15
2012/7/11
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
in
| ( ESum ( t 1 , t 2 , ) , ESum ( t 1 ’ , t 2 ’ , ) ) => ( ∗ S−Sum ∗ ) s u b h t 1 t 1 ’ swapped a n d a l s o s u b h t 2 t 2 ’ swapped | ( EProd ( t 1 , t 2 , ) , EProd ( t 1 ’ , t 2 ’ , ) ) => ( ∗ S−Prod ∗ ) s u b h t 1 t 1 ’ swapped a n d a l s o s u b h t 2 t 2 ’ swapped | ( EVar (m, ) , EVar ( n , ) ) => ( ∗ S−Rec1 and S−Rec2 ∗ ) i f swapped t h e n # 2 ( S [ n ] [m] ) o r e l s e s u b h ( S [ n ] [m] : = ( # 1 ( S [ n ] [m] ) , t r u e ) ; u t 2 [m] ) ( u t 1 [ n ] ) swapped else # 1 ( S [m] [ n ] ) o r e l s e s u b h ( S [m] [ n ] : = ( t r u e , # 2 ( S [m] [ n ] ) ) ; u t 1 [m] ) ( u t 2 [ n ] ) swapped | ( ERec ( , , ) , ) => r a i s e e r r o r | ( , ERec ( , , ) ) => r a i s e e r r o r | => f a l s e
subh e t 1 e t 2 f a l s e end ;
16
2012/7/11
