a lambda-free logical framework y

PAL+: a lambda-free logical frameworky Zhaohui Luo Department of Computer Science University of Durham South Rd, Durham DH1 3LE, U.K. Email: [email protected] October 31, 2000

Abstract

A lambda-free logical framework takes parameterisation and de nitions as the basic notions to provide schematic mechanisms for speci cation of type theories and their use in practice. The framework presented here, PAL+, is a logical framework for speci cation and implementation of type theories, such as Martin-Lof's type theory or UTT. As in Martin-Lof's logical framework [NPS90], computational rules can be introduced and are used to give meanings to the declared constants. However, PAL+ only allows one to talk about the concepts that are intuitively in the object type theories: types and their objects, and families of types and families of objects of types. In particular, in PAL+ , one cannot directly represent families of families of entities, which could be done in other logical frameworks by means of lambda abstraction. PAL+ is in the spirit of de Bruijn's PAL for Automath [dB80]. Compared with PAL, PAL+ allows one to represent parametric concepts such as families of types and families of non-parametric objects, which can be used by themselves as totalities as well as when they are fully instantiated. Such parametric objects are represented by local de nitions (letexpressions). We claim that PAL+ is a correct meta-language for specifying type theories (eg, dependent type theories), as it has the advantage of exactly capturing the intuitive concepts in object type theories, and that its implementation re ects the actual use of type theories in practice. We shall study the meta-theory of PAL+ by developing its typed operational semantics and showing that it has nice meta-theoretic properties.

 This work is based on some notes I wrote in 1997 of the same title, which I did not nish, and a further development in my note in LFM'00 [Luo00]. y This work is partly supported by UK EPSRC grants GR/K79130 and GR/M75518.

1

1 Motivations and introduction A lambda-free logical framework takes parameterisation and de nitions as the basic notions to provide schematic mechanisms for speci cation of type theories and their use in practice. The reasons to consider lambda-free logical frameworks include:  Parametric constants/de nitions and the associated operations of instantiation (substitution or cut) are more basic and arguably simpler notions/mechanisms than that of lambda-abstraction as found in other logical frameworks such as Martin-Lof's logical framework [NPS90]. A parametrically de ned entity represents a family of entities, rather than a functional operation.  The user of a proof system based on a lambda-free framework does not have to understand the meta-level lambda-abstraction that can be used to represent concepts such as families of families of entities, which do not exist in object type theories. Rather, one only has to grasp concepts of the object type theory and the de nitional mechanism.  The introduction of lambda-free logical framework makes clear that a logical framework is a meta-language that provides the schematic mechanisms for specifying type theories and the de nitional mechanism for pragmatic use. It is worth remarking that such mechanisms are necessary for any framework to be used in practice, with or without -abstraction.1 The logical framework presented here, PAL+ , is such a framework in the spirit of de Bruijn's PAL for Automath [dB80]. PAL+ is a logical framework for speci cation and implementation of type theories such as Martin-Lof's type theory [NPS90] and UTT [Luo94]. As in Martin-Lof's logical framework [NPS90], computational rules can be introduced and are used to give meanings to the declared constants. However, PAL+ only allows one to talk about the concepts that are intuitively in the object type theories: types and their objects, and families of types and families of objects of types. In particular, in PAL+ , one cannot directly represent families of families of entities, which could be done in other logical frameworks by means of lambda abstraction. Compared with PAL, PAL+ allows one to represent parametric concepts such as families of types and families of non-parametric objects, which can be used by themselves (as totalities) as well as when they are fully instantiated. An implementation of a proof development system based on PAL+ can truly re ect the intended use of a type theory. After a type theory is speci ed (and implemented), the user is concerned only with the object type theory and uses the de nitional mechanism for abbreviation. When an object type theory has types of functions, say -types, there is usually a confusion between the object-level functions and the meta-level functional operations, if the latter exist in the meta-framework. For example, in systems like ALF [MN94], one tends to use the meta-level functional operations as functional programs while ignoring the object level functions. 1

2

Parametric objects are represented as let-expressions. One of the distinctive features of PAL+ , compared with other logical frameworks, is that it takes de nitions rather than lambda abstractions as basic. Let-expressions do not only represent local de nitions, but parametric objects. The meta-theory for PAL+, therefore, is new and the rst for such a calculus as far as we know. We develop typed operational semantics [Gog94] for PAL+ and show that PAL+ has nice meta-theoretic properties. The following section gives a formal presentation of PAL+ : its parameterisation mechanism and de nitional mechanism, together with some informal explanations. We also explain how parametric abstractions, which represent families of types or objects, can be represented as let-expressions. Section 3 shows how PAL+ can be used in speci cation of type theories. In Sections 4 and 5, we consider the meta-theoretic properties of the logical framework PAL+ by developing its typed operational semantics and proving its computational properties such as Church-Rosser, Subject Reduction, and Strong Normalisation. In the Conclusion, we brie y discuss some issues about implementation of PAL+ and possible further extensions of the framework with other metatheoretic features such as coercive subtyping.

2 PAL+

In PAL+ , we have objects and kinds. Kinds include non-parametric kinds of the form Type or El(A) and parametric kinds of the form (
)T , where
is a non-empty context and T is a non-parametric kind. Non-parametric objects, objects of non-parametric kinds, represent types and objects of types; parametric objects, objects of parametric kinds, represent families of types and families of non-parametric objects. Let-expressions, representing local de nitions, can be used to form kinds and objects. In particular, parametric objects are represented by let-expressions. In the following, we give a formal description of PAL+ , with some informal explanations.

2.1 Terms

Terms are either object expressions or kind expressions. For presentational purposes and meta-theoretic reasons, we introduce terms associated with arities, which are natural numbers. The arity of an object expression indicates the number of arguments it should take when forming a term of instantiation. The arity of a kind expression indicates the number of arguments its objects should take. We write V ar(i) and DV (i) for the sets of ordinary variables and de nitional variables with arity i, respectively. We assume that V ar(i) and DV (j ) be all disjoint. Furthermore, [ [ V ar = V ar(i) and DV = DV (i): i2!

i2!

De nition 2.1 (expressions, contexts, pure contexts, and terms) The following are de ned simultaneously by structural induction.

3

1. The set of object expressions with arity i 2 !, Obj (i), is de ned as follows:

V ar(i)  Obj (i).  DV (i)  Obj (i).  f [k1 ; :::; kn ] 2 Obj (0) if f 2 Obj (n) and ki are object expressions.2  let v [
] = t:T in k 2 Obj (i) if k 2 Obj (i), t 2 Obj (0), T 2 Kind(0),
is a pure context of length n, and v 2 DV (n). 2. The set of kind expressions with arity i 2 !, Kind(i), is de ned as follows:  Type 2 Kind(0).  El(A) 2 Kind(0) if A 2 Obj (0).  (
)T 2 Kind(i) if
is a pure context of length i and T 2 Kind(0).3  let v [
] = t:T in K 2 Kind(i) if K 2 Kind(i), t 2 Obj (0), T 2 Kind(0),
is a pure context of length n, and v 2 DV (n). 3. A pure context (
) is a sequence of entries of the form x:K such that for some i, x 2 V ar(i) and K 2 Kind(i). A context (?) is a sequence of entries of the form x:K (as above) or v[
] = t:T , where t 2 Obj (0), T 2 Kind(0),
is a pure context of length n, and v 2 DV (n). The length of a context, l(?), is the number of its entries. The set of terms with arity i, Term(i), is de ned as Obj (i) [ Kind(i). We shall write Arity(M ) for the arity of term M . 

Notation The following notations are used: 





When
is the empty context (hi, which does not have any entry), we write v = t:T for v[
] = t:T in a context and let v = t:T in M for the let-expression let v[
] = t:T in M . A pure context
of the form x1 :K1 ; :::; xn :Kn is often abbreviated as x:K and we also use
i to stand for x1 :K1 ; :::; xi :Ki . We shall sometimes write
x for
to indicate that
 x:K for some K . We use FV (M ) to denote the set of free variables in term M . This extends to contexts as well. Also, V ar(M ) and DV (M ) are similarly de ned for ordinary variables and de nitional variables, respectively. We identify terms which are -convertible.

2.2 Judgement forms

The judgement forms are, where ? is a context, K and K 0 are kind expressions, and k and k0 are object expressions:  ? valid | ? is a valid context. 2 3

Convention: f [] is taken as the same as f . Convention: ()T (or (hi)T ) is taken as the same as T .

4

   

? ` K kind | K is a kind in ?. ? ` k : K | k is an object of kind K in ?. ? ` K = K 0 | K and K 0 are equal kinds. ? ` k = k0 : K | k and k0 are equal objects of kind K .

Notation  



For
 x1 :K1 ; :::; xn :Kn and
0  x1 :K10 ; :::; xn :Kn0 , we write ? `
=
0 for the sequence of judgements ?;
i?1 ` Ki = Ki0 (i = 1; :::; n). We shall write ? ` k : K for the sequence of judgements ? ` k1 : K1 , ? ` k2 : [k1 =x1 ]K2 , ..., ? ` kn : [kn?1 =xn?1 ]:::[k1 =x1 ]Kn and similarly the notation ? ` k = k0 : K stands for the sequence of judgements ? ` k1 = k10 : K1 , ? ` k2 = k20 : [k1 =x1 ]K2 , ..., ? ` kn = kn0 : [kn?1 =xn?1 ]:::[k1 =x1 ]Kn . The simultaneous substitution [k=x]M stands for [kn =xn ]:::[k1 =x1 ]M ; note that when this notation is used, we can always assume that x 62 FV (ki ) and so the order of substitutions does not matter.

2.3 Basic rules

The basic rules are given in Figure 1 and Figure 2, the latter of which contain the substitution rules. Formally, these rules are the general inference rules of the logical framework LF (see Figure 9.1 in Chapter 9 of [Luo94]).4 The kind Type represents the conceptual universe of types to be introduced, and for each type A of kind Type, the kind El(A) is the kind of objects of type A.

2.4 Parametric kinds and instantiations

Parametric objects represent families of types or families of non-parametric objects. They can either be used as a totality or when they are fully instantiated. The rules for parametric kinds of the form (
)T are given in Figure 3. Note that a parametric entity of a parametric kind cannot be used by partial instantiation. Only when given appropriate indexing objects k, can a parametric object f , ie, an object of a parametric kind, be instantiated into f [k]. Besides variables of a parametric kind, parametric objects also include parametric constants (introduced when specifying an object type theory) and some let-expressions (see below.) We should point out that LF, a typed version of Martin-Lof's logical framework, is dierent from the Edinburgh Logical Framework (ELF) [HHP87]. Though quite similar formally, the intended ways of use are very dierent. 4

5

Contexts and assumptions hi valid

? ` K kind x 62 FV (?) and x 2 V ar(Arity(K )) ?; x:K; ? valid ?; x:K valid ?; x:K; ? ` x : K 0

0

General equality rules ? ` K kind ? ` K = K ? ` K = K ? ` K = K ?`K =K ?`K =K ?`K =K ?`k:K ?`k=k :K ?`k=k :K ?`k =k :K ?`k=k:K ?`k =k:K ?`k=k :K 0

0

0

0

00

00

0

0

0

0

00

00

Equality typing rules ?`k:K ?`K=K ?`k=k :K ?`K =K ?`k:K ?`k=k :K 0

0

0

0

0

0

The kind Type ? valid

? ` A : Type ? ` El(A) kind

? ` Type kind

? ` A = B : Type ? ` El(A) = El(B )

Figure 1: The basic rules of PAL+ .

Substitution rules ?; x:K; ? valid ? ` k : K ?; [k=x]? valid 0

0

?; x:K; ? ` K kind ? ` k : K ?; x:K; ? ` K kind ? ` k = k : K ?; [k=x]? ` [k=x]K kind ?; [k=x]? ` [k=x]K = [k =x]K ?; x:K; ? ` k : K ? ` k : K ?; x:K; ? ` k : K ? ` k1 = k2 : K ?; [k=x]? ` [k=x]k : [k=x]K ?; [k1 =x]? ` [k1 =x]k = [k2 =x]k : [k1 =x]K ?; x:K; ? ` K = K ? ` k : K ?; x:K; ? ` k = k : K ? ` k : K ?; [k=x]? ` [k=x]K = [k=x]K ?; [k=x]? ` [k=x]k = [k=x]k : [k=x]K 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

00

0

0

0

00

0

Figure 2: The substitution rules of PAL+ . 6

0

0

0

0

00

0

0

0

0

0

0

0

0

0

0

00

0

Formation rules for parametric kinds kind

?;
` T


6 hi and T 2 Kind(0) ? ` (
)T kind

? `
=
?;
` T = T T; T 2 Kind(0) ? ` (
)T = (
)T 0

0

0

0

0

Instantiation rules for parametric objects ? ` f : (x:K )T ? ` k : K ? ` f = f : (x:K )T ? ` k = k : K ? ` f [k] : [k=x]T ? ` f [k] = f [k ] : [k=x]T 0

0

0

0

Figure 3: Rules for parametric kinds in PAL+ .

Introduction rule for global de nitions ?;
` t : T v 62 FV (?); v 2 DV (l(
)); and T 2 Kind(0) ?; v[
] = t:T valid

Typing and equality rules for global de nitions ?; v[
] = t:T; ? valid ?; v[
] = t:T; ? valid ?; v[
] = t:T; ? ` v : (
)T ?; v[
] = t:T; ? ` v = let v[
] = t:T 0

0

0

0

in v : (
)T

Figure 4: Rules for global de nitions.

2.5 De nitions in PAL+

We introduce in PAL+ both global de nitions of the form v[
] = t:T as entries in contexts and local de nitions or let-expressions of the form let v[
] = t in M , where variables x in
x are bound in t and T and the de nitional variable v is bound in M .

2.5.1 Global de nitions Global de nitions can be introduced into contexts and used by means of the rules in Figure 4. We also have substitution rules in Figure 5, where in the last rule, J is of the form K kind, k : K , K = K 0 , or k = k0 : K .

Remark Several remarks are in order. 

Note that, in the introduction rule for global de nitions, we require T to be a kind of arity 0, ie, it is equal to either Type or El(A). Hence the 7

Substitution rules for global de nitions ?; v[
] = t:T; ? ` J ?; v[
] = t:T; ? valid ?; [[
]t=v]? valid ?; [let v[
] = t:T in v=v]? ` [let v[
] = t:T 0

0

0

0

in v=v]J

Figure 5: Substitution rules for global de nitions.

let-introduction rules ?; v[
] = t:T ` K kind ?; v[
] = t:T ` k : K ? ` let v[
] = t:T in K kind ? ` let v[
] = t:T in k : let v[
] = t:T in K Congruence rules for let-expressions ? `
=
?;
` T = T ?;
` t = t : T ?; v[
] = t:T ` K = K ? ` (let v[
] = t:T in K ) = (let v[
] = t :T in K ) 0

0

0

0

0

0

0

0

? `
=
?;
` T = T ?;
` t = t : T ?; v[
] = t:T ` k = k : K ? ` (let v[
] = t:T in k) = (let v[
] = t :T in k ) : let v[
] = t:T in K 0

0

0

0

0

0

0

0

Figure 6: Introduction and congruence rules for let-expressions.

 

body of a global de nition must be a type or an object of a type. Also, when
is empty, the rules specialise into those for non-parametric kinds. The de niendum of a global de nition can either be used when it is fully applied, or as a totality. The `meaning' of a globally de ned entity v is given directly by means of let-expressions of the form let v[
] = t:T in v.

2.5.2 Local de nitions

Local de nitions, or let-expressions, can be introduced by the let-introduction rules in Figure 6. They abide by the congruence rules in Figure 6 and the equality rules in Figure 7.

2.6 Parametric abstraction

The let-expressions in PAL+ plays a role of `parametric abstraction' as well as local de nitions. In particular, when
is not empty, the term let v[
] = t:T in v can be viewed as a form of abstraction { parametric abstraction. We may introduce a new notation: a parametric abstraction is of the form [
]t 8

Equality rules for let-expressions (let )

?; v[x:K ] = t:T valid ? ` k : K ? ` (let v[x:K ] = t:T in v)[k] = [k=x]t : [k=x]T

?; v[
x ] = g[x]:T ` k : K ? ` g : (
)T ? ` let v[
] = g[x]:T in k = [g=v]k : [g=v]K ?; v[
x ] = g[x]:T ` K kind ? ` g : (
)T (letK ) ? ` let v[
] = g[x]:T in K = [g=v]K ; v[
] = t:T ` k : K (letd)? ` let v[
] = t:T in k =?[let v[
] = t:T in v=v]k : let v[
] = t:T ?; v[
] = t:T ` K kind (letKd ) ? ` let v[
] = t:T in K = [let v[
] = t:T in v=v]K (let )

in K

Figure 7: Equality rules for let-expressions. and represents either a family of types or non-parametric objects, indexed by (sequences of) objects of
. The variables in
are bound variables. One may introduce parametric abstractions independently by adding the following rules. (This was the case in [Luo00].) ?;
` t : T T 2 Kind(0) ? `
=
0 ?;
` t = t0 : T T 2 Kind(0) ? ` [
]t : (
)T ? ` [
]t = [
0 ]t0 : (
)T ?; x:K ` t : T ? ` k : K T 2 Kind(0) ? ` f : (x:K )T x 62 FV (f ) ? ` [x:K ]f [x] = f : (x:K )T ? ` ([x:K ]t)[k ] = [k=x]t : [k =x]T However, parametric abstractions are a special form of let-expressions. The following de nitional rule de nes parametric abstraction in terms of let-expressions in PAL+ . ?; v[
] = t:T valid ? ` [
]t = let v[
] = t:T in v : (
)T With this de nition, all of the above rules for parametric abstractions are derivable. In the following, we sometimes use the notation of parametric abstraction in examples.

Remark One might want to take parametric abstraction and its application

as basic and de ne let-expressions by means of parametric abstraction. There is come technical diculty in doing so (note that let-expressions have kind information T which is not present in parametric abstraction). But more importantly, we remark that let-expressions are more general than parametric abstractions as they can be used for all expressions including parametric kinds. Furthermore, local de nitions are useful in any proof development or programming environment. It is therefore natural to take let-expressions as basic while taking parametric abstraction as a de ned notion. 9

2.7 Distribution laws for let-expressions

Let-expressions satisfy a number of distribution laws, which say that local de nitions can be distributed for all structured expressions. (See [Luo00] for details, where distribution rules are taken to replace the equality rules in Figure 7.) For example, ?; v[
] = t:T ` (
0 )T 0 kind ? ` (let v[
] = t:T in (
0 )T 0 ) = (let v[
] = t:T in
0 )let v[
] = t:T in T 0 In PAL+ as presented in this paper, the distribution rules are all admissible.

3 Speci cation of type theories in PAL+ As in Martin-Lof's type theory [NPS90], we specify type theories in the logical framework PAL+ . One of the key observations is that we can specify type theories with the simpler logical framework without arbitrary lambda-abstraction. For example, all of the types in UTT [Luo94] can be speci ed, including the impredicative universe of logical propositions, the inductive types and inductive families covered by the inductive schemata, and predicative universes. In general, a speci cation of a type theory in PAL+ will consist of a collection of declarations of new constants (either non-parametric or parametric) and a collection of associated computational equality rules. Like other parametric objects, a parametric constant cannot be used by partial instantiation. Given a kind K , one may introduce a constant f by declaring the following:

f : K; which has the eect of introducing the following rule: ? valid ?`f :K One can introduce computation rules for such constants by asserting

t = t0 : T for ki : Ki (i = 1; :::; n); which extends the type theory with the following rule: ? ` ki : Ki (i = 1; :::; n) ? ` T kind T 2 Kind(0) ? ` t = t0 : T Note that T is a non-parametric kind; in other words, computational equality can only be introduced between two objects of a type, or between two types.5 In the following, we give several examples of introducing type constructors and their associated operators as constants. We omit El to write A for El(A) in the examples. 5 This conforms to the restriction considered in [Luo99], where LF is used to specify type theories.

10

Example 3.1 Examples of parametric constants include those for introducing the type of natural numbers:

N : Type 0 : N s : (x:N ) N R : (C :(x:N )Type; c:C [0]; f :(x:N; y:C [x])C [s[x]]; z:N ) C [z] The corresponding computation rules are:

R[C; c; f; 0] = c : C [0] R[C; c; f; s[x]] = f [x; R[C; c; f; x]] : C [s[x]]

Example 3.2 The -types, [A; B ] for a type A and a family of types B , can be introduced as follows:

 : (A:Type; B :(x:A)Type) Type  : (A:Type; B :(x:A)Type; f :(x:A)B [x]) [A; B ] E : (A:Type; B :(x:A)Type; C :(F :[A; B ])Type; f :(g:(x:A)B [x])C [[A; B; g]]; z:[A; B ]) C [z] The corresponding computation rule is: E [A; B; C; f; [A; B; g ]]

= f [g] : C [[A; B; g]]

We can de ne the application operator

app : (A:Type; B :(x:A)Type; F :[A; B ]; x:A) B [x] as follows:

app[A; B; F; a] =df

E [A; B; [G:[A; B ]]B [a]; [g :(x:A)B [x]]g [a]; F ]

Note that parametric abstraction is used in the above de nition. We can show the expected equalities hold. For example, we can show that the usual -equality

app[A; B; [A; B; g]; a] = g[a]: Furthermore, for propositional equality =[A;B] (eg, the Leibniz equality), we can show that logical -rule holds, i.e., the following logical proposition is provable:

[A; B; [x:A]app[A; B; F; x]] =[A;B] F:

11

Example 3.3 The family of types of vectors of objects of type A can be introduced as follows, where N is the type of natural numbers as introduced above.

V ec : (A:Type; x:N ) Type nil : (A:Type) V ec[A; 0] cons : (A:Type; n:N; a:A; l:V ec[A; n]) V ec[A; succ[n]] EV : (A:Type; C :(n:N; v :V ec[A; n])Type; c:C [0; nil[A]]; f :(n:N; x:A; v:V ec[A; n]; y:C [n; v])C [succ[n]; cons[A; x; v]]; n:N; v:V ec[A; n]) C [n; v]; The corresponding computation rules are: EV [A; C; c; f; 0; nil[A]]

= c : C [0; nil[A]]; EV [A; C; c; f; succ[n]; cons[A; n; a; v ]] = f [n; a; v; EV [A; C; c; f; n; v]] : C [succ[n]; cons[A; n; a; v]]:

Example 3.4 The W-types, W [A; B ] for a type A and a family of types B , can be introduced as follows:

W : (A:Type; B :(x:A)Type) Type sup : (A:Type; B :(x:A)Type; x:A; y:(v:B [x])W [A; B ]) W [A; B ] EW : (A:Type; B :(x:A)Type; C :(w:W [A; B ])Type; f :(x:A; y:(v:B [x])W [A; B ]; g:(v:B [x])C [y[v]])C [sup[A; B; x; y]]; z:W [A; B ]) C [z] The corresponding computation rule is: EW [A; B; C; f; sup[A; B; x; y ]]

= f [x; y; [v:B [x]]EW [A; B; C; f; y[v]]] : C [sup[A; B; x; y]]:

Special cases of W-types include the type of ordinals etc. Note that parametric abstraction is used in the computation rule above.

The following simple example shows how local de nitions may be used.

Example 3.5 The application operator for -types can be de ned by means of local de nitions as follows.

app[A; B; F; a] = let C [G:[A; B ]] = B [a]:Type in let f [g:(x:A)B [x]] = g[a]:B [a] in E[A; B; C; f; F ]

12

4 Typed operational semantics for PAL+

In the next two sections, we study the meta-theory of PAL+ . In this section, we develop the typed operational semantics for PAL+ , which is taken as the basis for development of the meta-theory for PAL+ in the next section. Typed operational semantics (TOS) was developed for the type theory UTT in Goguen's thesis [Gog94], and a concise account of TOS for LF can be found in [Gog99]. In [Luo00], we have developed TOS for PAL+ with only parametric abstractions (and without global de nitions or let-expressions.) In this paper, we take let-expressions as basic and develop the TOS and meta-theory. As far as we know, this is the rst treatment of meta-theory concerning such a calculus with basic let-expressions (and -rules).

4.1 TOS

The typed operational semantics for PAL+ has the following judgement forms:  j= ? ! ?0 | context ? has normal form ?0 .  ? j= K ! K 0 | kind K is a well-typed and has normal form K 0 in context ?.  ? j= k ! k0 ! k 0 : K | k , k0 , and k 0 are of kind K in ?, and k has weak-head normal form k0 and normal form k0 . We shall use the following notations:  For
 x :K and
0  x0 :K 0 of the same length, we shall use the notation ? j=
!
0 to stand for the sequence of judgements ? j= K1 ! K10 , ?;
1 j= K2 ! K20 , ..., ?;
n?1 j= Kn ! Kn0 . 0 , and K of the same length, we shall use ? j= k ! k0 ! k0 : K  For k , k0 , k to stand for the sequence of judgements ? j= k1 ! k01 ! k10 : K1 ; ? j= 2 k2 ! 2 k02 ! 2 k20 : 2 K2 ;

:::;

? j= n kn ! n k0n ! n kn0 : n Kn ; where i (i = 2; :::; n) is the substitution [k1 ; :::; ki?1 =x1 ; :::; xi?1 ]. The rules of TOS for PAL+ are given in Figure 8 and Figure 9.

4.2 Basic properties and completeness of the TOS

The TOS de ned above has the basic properties concerning sub-derivations and variable occurrences in contexts. Furthermore, it has the properties as given by the following two lemmas, which are proved by induction on derivations of TOS judgements. 13

Contexts j= ? ! ? ? j= K ! K x 2= FV (?) and x 2 V ar(Arity(K )) j= hi ! hi j= ?; x:K ! ? ; x:K j= ? ! ? ? j=
!
?;
j= T ! T ?;
j= t ! t0 ! t : T v 62 FV (?); v 2 DV (l(
)) and T 2 Kind(0) j= ?; v[
] = t:T ! ? ; v[
] = t :T 0

0

0

0

0

0

0

0

0

0

0

0

0

Kinds ? j= A ! A0 ! A : Type j= ? ! ? ? j= Type ! Type ? j= El(A) ! El(A ) ? j=
!
?;
j= T ! T T 2 Kind(0) ? j= (
)T ! (
)T 0

0

0

0

0

0

0

Variables ? j= K ! K j= ?; x:K; ? ! ?1 ?; x:K; ? j= x ! x ! x : K 0

0

0

0

? j=
!
?;
j= T ! T ?; v[
] = t:T; ? j= let v[
] = t:T in v ! k0 ! k : (
)T ?; v[
] = t:T; ? j= v ! k0 ! k : (
)T 0

0

0

0

0

0

0

0

0

0

Instantiations ? j= f ! x ! x : (x:K )T x 2 V ar and x:K 6 hi ? j= k ! k0 ! k : K ? j= [k=x]T ! T ? j= f [k] ! x[k] ! x[k ] : T 0

0

0

0

? j= f ! let v[x:K ] = t:T in v ! f : (x:K )T ? j= k ! k0 ! k : K ? j= [k=x]T ! T ? j= [k=x]t ! t0 ! t : T x:K 6 hi ? j= f [k] ! t0 ! t : T 0

0

00

0

0

0

00

0

00

Figure 8: Basic TOS rules for PAL+ .

14

0

0

let-expressions for objects ?; v = t:T j= k ! k1 ! k2 : K ? j= let v = t:T ? j= [t=v]k ! k0 ! k : K ? j= let v = t:T in k ! k0 ! k : K 0

in K ! K

0

0

0

0

? j=
!
?;
j= T ! T j= ?; v[
] = t:T ! ?1
6 hi ?;
x j= t ! t0 ! t : T t 6 g[x] such that x 62 FV (g) ? j= let v[
] = t:T in v ! let v[
] = t:T in v ! let v[
] = t :T in v : (
)T 0

0

0

0

0

0

0

0

0

? j=
!
?;
j= T ! T j= ?; v[
] = t:T ! ?1
6 hi ?;
x j= t ! t0 ! g[x] : T ? j= g ! g ! g : (
)T ? j= let v[
] = t:T in v ! let v[
] = t:T in v ! g : (
)T 0

0

0

0

0

0

0

?; v[
] = t:T j= k ! k1 ! k2 : K k 6 v and
6 hi ? j= let v[
] = t:T in K ! K ? j= [let v[
] = t:T in v=v]k ! k0 ! k : K ? j= let v[
] = t:T in k ! k0 ! k : K 0

0

0

0

0

let-expressions for kinds ?; v[
] = t:T j= K ! K1 ? j= [let v[
] = t:T ? j= let v[
] = t:T in K ! K

0

in v=v]K ! K

Figure 9: The TOS rules for let-expressions in PAL+ .

15

0

0

Lemma 4.1 

If j= ? ! ?0 , then ? is a context and l(?) = l(?0 ).



If ? j= K ! K 0 , then ? is a context and K and K 0 are kind expressions of the same arity.



If ? j= k ! k0 ! k0 : K , then ? is a context, and K is a kind expression and k, k0 and k0 are object expressions of the same arity.

Lemma 4.2 The following properties fold for the TOS: 1. (Determinacy)   

If j= ? ! ?0 and j= ? ! ?00 , then ?0  ?00 . If ? j= K ! K 0 and ? j= K ! K 00 , then K 0  K 00 . If ? j= k ! k1 ! k2 : K and ? j= k ! k10 ! k20 : K 0 , then k1  k10 , k2  k20 , and K  K 0 .

2. (Weakening) If ? j= J , j= ?1 ! ?01 , and ?1 contains all entries of ?, then ?1 j= J .

3. (Strengthening) Let z 2 V ar [ DV and Z be either z :K (when z 2 V ar) or z [
] = t:T (when z 2 DV ).   

If j= ?; Z; ?0 ! ?1 and z 62 FV (?0 ), then j= ?; ?0 ! ?2 for some ?2 . If ?; Z; ?0 j= K ! K 0 and z 62 FV (?0 ; K ), then ?; ?0 j= K ! K 0 . If ?; Z; ?0 j= k ! k0 ! k0 : K and z 62 FV (?0 ; k), then ?; ?0 j= k ! k0 ! k0 : K .

By induction on derivations of TOS, we can prove that it is complete with respect to PAL+0 { PAL+ without the substitution rules in Figures 2 and 5. We use `0 to represent the judgements in PAL+0 .

Theorem 4.3 (Completeness)  If j= ? ! ?0 , then ? valid in PAL+ 0.  If ? j= K ! K 0 , then ? `0 K kind and ? `0 K = K 0 . 

If ? j= k ! k0 ! k0 : K , then ? `0 k : K , ? `0 k = k0 : K , ? `0 k = k0 : K , and ? `0 K = K .

5 Meta-theoretic properties of PAL+ In this section, we rst de ne the notions of reduction, weak-head normal form, and normal form, and then, based on TOS, show that PAL+ has the desirable properties such as Chruch-Rosser, Subject Reduction, and Strong Normalisation. 16

5.1 Reduction, subject reduction, and normalisation

De nition 5.1 (reduction) The reduction relation is denoted by ? ` M  N ,

where ? is a context and M and N are terms. Reduction is the re exive and transitive closure of the one-step reduction (? ` M 1 N ) de ned inductively by the following rules:  Basic rules (in the rst three rules below, it is possible that
 hi):

(v)?; v[
] = t:T; ?0 ` v 1 let v[
] = t:T in v ( )? ` (let v[
x ] = t:T in v)[k ] 1 [k=x]t ()? ` let v[
x ] = t[x]:T in M 1 [t=v]M (d)? ` let v[
] = t:T in M 1 [let v[
] = t:T in v=v]M 

(l(
) = l(k)) (x 62 FV (t)) (M 6 v and
6 hi)

Congruence rules:6

? ` A 1 B ? ` El(A) 1 El(B )

?;
` T 1 T 0 ? ` (
)T 1 (
)T 0

?;
i?1 ` Ki 1 Ki0 ? ` (x1 :K1 ; :::; xn :Kn )T 1 (x1 :K1 ; :::; xi :Ki0 ; :::; xn :Kn )T ? ` f 1 f 0 ? ` ki 1 ki0 ? ` f [k1 ; :::; kn ] 1 f 0 [k1 ; :::; ki0 ; :::kn ] ? ` f [k] 1 f 0 [k ] ?; v[
] = t:T ` M 1 M 0 ? ` let v[
] = t:T in M 1 let v[
] = t:T in M 0 (M 6 v) ?;
` t 1 t0 ? ` let v[
] = t:T in M 1 let v[
] = t0 :T in M ?;
` T 1 T 0 ? ` let v[
] = t:T in M 1 let v[
] = t:T 0 in M ?;
i?1 ` Ki 1 Ki0 ? ` let v[x1 :K1 ; :::; xn :Kn ] = t:T in M 1 let v[x1 :K1 ; :::; xi :Ki0 ; :::; xn :Kn ] = t:T in M

Lemma 5.2 (Adequacy for reduction)  If ? j= K ! K 0 , then ? ` K  K 0 .  If ? j= k ! k0 ! k 0 : K , then ? ` k  k0 and ? ` k0  k 0 . De nition 5.3 (whnf and nf) A term M is in weak-head normal form (whnf) if

M  x[k1 ; :::; kn ] such that x 2 V ar(n) for some n  0; or  M  let v [
] = t:T in v such that
6 hi. A term M is in normal form, notation M 2 NF , if 

6

Note that we assume that the expressions involved be terms.

17

    

M  x[k1 ; :::; kn ] such that x 2 V ar(n) for some n  0 and ki 2 NF ; M  let v[
] = t:T in v with
 x1 :K1 ; :::; xn :Kn , such that
6 hi, Ki 2 NF , t 2 NF , T 2 NF , and t 6 g[x] such that x 62 FV (g); M  Type; M  El(A) such that A 2 NF ; or M  (
)T with
 x1 :K1 ; :::; xn :Kn, such that Ki 2 NF and T 2 NF .

Lemma 5.4 (Adequacy of whnf and nf)

1. For any term M , M 2 NF if and only if M has no reductions, i.e., for any context ? and any term N , DV (M )  DV (?) implies that ? 6` M 1 N . 2. If ? j= K ! K 0 , then K 0 is in normal form. If ? j= k ! k0 ! k0 : K , then k0 is in whnf and k0 and K are in normal form.

Proof (1) by induction on the structure of M and (2) by induction on derivations in TOS. 2

5.2 Subject reduction and normalisation

The subject reduction theorem captures both subject reduction and ChurchRosser. Therefore, a notion of parallel reduction is called for.

De nition 5.5 (parallel reduction) The parallel reduction relation, ? ` M )

N , is de ned as the least relation satisfying the following rules: v 2 DV (?) ?`x)x ?`v)v 0 0 ? `
)
?;
` t ) t ?;
` T ) T 0 ?; v[
] = t:T ` v ) let v[
0 ] = t0 :T 0 in v ? ` k ) k0 ?;
` t ) t0 l(
) = l(k ) ? ` (let v[
x ] = t:T in v)[k ] ) [k0 =x]t0 ?;
x ` t ) t0 [x] ?; v[
x ] = t:T ` M ) M 0 x 62 FV (t0 ) ? ` let v[
x ] = t:T in M ) [t0 =v]M 0 ? `
)
0 ?;
` t ) t0 ?;
` T ) T 0 ?; v[
] = t:T ` M ) M 0 M 6 v and
6 hi ? ` let v[
] = t:T in M ) [let v[
0 ] = t0 :T 0 in v=v]M 0 ? ` f ) f 0 ? ` k ) k0 ? ` f [k] ) f 0[k0 ] ? `
)
0 ?;
` t ) t0 ?;
` T ) T 0 ?; v[
] = t:T ` M ) M 0 ? ` let v[
] = t:T in M ) let v[
0 ] = t0 :T 0 in M 0

We omit the obvious rules for kinds and contexts.

18

Lemma 5.6 Parallel reduction has the following properties: 1. ? ` M ) M for any context ? and term M . 2. If ? ` M 1 N , then ? ` M ) N . 3. If ? ` M ) N , then ? ` M  N .

Lemma 5.7 (parallel subject reduction)  j= ? ! ?0  

and ` ? ) ?0 , then ` ?0 ) ?0 .

? j= K ! K0 , ` ? ) ?0 , and ? ` K ) K 0 , then ?0 j= K 0 ! K0 . ? j= k ! k0 ! k0 : K , ` ? ) ?0 , and ? ` k ) k1 , then for some k10 and k01 , ?0 j= k1 ! k10 ! k0 : K , ? ` k0 ) k01 , and ? j= k01 ! k10 ! k0 : K .

Proof By induction on derivations in TOS. 2 Corollary 5.8 (subject reduction) If ? j= k ! k0 ! k0 : K , ` ? ) ?0 , and ? ` k 1 k1 , then ? j= k1 ! k10 ! k0 : K for some k10 such that ? ` k0  k10 : K . Proof By Lemmas 5.7, 5.2, and 5.6. 2 Corollary 5.9 (Church-Rosser) If ? j= k ! k0 ! k0 : K , ? ` k  K1 , and ? ` k  k2 , then ? ` k1  k0 and ? ` k2  k0 . Proof By Corollary 5.8 and Lemma 5.2. 2 The following shows that TOS only types strongly normalisable terms. For any term M , we say that M is strongly normalisable in context ?, notation M 2 SN (?), if for any term N , ? ` M 1 N implies that N 2 SN (?).

Lemma 5.10 (strong normalisation) 

If ? j= K ! K 0 , then K 2 SN (?).



If ? j= k ! k0 ! k0 : K , then k 2 SN (?).

Proof By induction on derivations in TOS. We brie y consider the case of

the second instantiation rule (the last rule in Figure 8). By IH, we have f , k, [k=x]t 2 SN (?). We show that, if f [k] 1 k, then k 2 SN (?), by considering all possible one-step reductions leading to k. For example, consider the case k  f1[k] such that ? ` f 1 f1. By Lemma 5.7, for some f10 and f01 , we have ? j= f1 ! f10 ! f 0 : (x:K 0 )T 0 ? j= f01 ! f10 ! f 0 : (x:K 0 )T 0 ? ` let v[
] = t:T in v ) f01 Then, by case analysis of f10 being a whnf (by Lemma 5.4), we can show that f1 [k] 2 SN (?). 2 19

5.3 Soundness of TOS

Now, we are ready to prove the soundness of TOS wrt PAL+ . First, we prove the following lemma about admissibility of substitution and instantiation. This lemma is proved by induction on the following measure on kinds:  jTypej = jEl(A)j = 0.  j(x1 :K1 ; :::; xn :Kn )T j = jK1 j + ::: + jKn j + n, where n  1.  jlet v [
] = t:T in K j = jK j.

Lemma 5.11

1. Let Z be a context entry. When Z is of the form z :K , k is an object expression such that ? j= k ! k0 ! k0 : K 0 and ? j= K ! K 0 . When Z is of the form z [
] = t:T , k  let z [
] = t:T in z . Then we have  If j= ?; Z; ?0 ! ?1 , then j= ?; [k=z ]?0 ! ?2 for some ?2 .  If ?; Z; ?0 j= K ! K1 , then ?; [k=z ]?0 j= [k=z ]K ! K2 for some K2 .  If ?; Z; ?0 j= k0 ! k1 ! k2 : K , then ?; [k=z ]?0 j= [k=z ]k0 ! k10 ! k20 : K 0 , ?; [k=z]?0 j= [k=z]k1 ! k10 ! k20 , and ?:[k=z] j= [k=z]K ! K 0 for some k10 , k20 and K 0. 2. If ? j= f ! f0 ! f 0 : (x:K )T and ? j= k ! k0 ! k0 : K , then ? j= f [k] ! t0 ! t0 : T 0 and ? j= [k=x]T ! T 0 for some t0 , t0 and T 0 .

Theorem 5.12 (Soundness)  If ? valid, then j= ? ! ?0 for some ?0 .  If ? ` K kind, then ? j= K ! K 0 for some K 0 .

If ? ` K1 = K2 , then ? j= K1 ! K 0 and ? j= K2 ! K 0 for some K 0 .  If ? ` k : K , then ? j= K ! K 0 and ? j= k ! k0 ! k 0 : K 0 for some K 0 , k0 , and k0.  If ? ` k1 = k2 : K , then ? j= K ! K 0 , ? j= k1 ! k10 ! k 0 : K 0 , and ? j= k2 ! k20 ! k0 : K 0 , for some K 0 , k0 , k10 , and k20 . Proof By induction on derivations in PAL+. 

With soundness and completeness of the TOS for PAL+ and the relationship between reduction and TOS, we can easily show that the system PAL+ has nice meta-theoretic properties. These include admissibility results of the structural rules (eg, the substitution rules), and computational properties for the reduction relation such as Church-Rosser, Subject Reduction, and Strong Normalisation for well-typed terms.

Remark When PAL+ is extended with new constants of the object type

theories, we remark that the techniques developed for TOS in [Gog94] can be used to prove the meta-theoretic results of the object type theories such as UTT. 20

6 Conclusions

We have presented and studied PAL+ , a logical framework based on parameterisation and de nitions rather than lambda-abstraction. Further extensions of meta-features such as coercive subtyping (see eg, [Luo99]) may be considered. PAL+ is developed partly as an underlying framework for implementing proof development systems. We expect that the simplicity gained would bene t implementation as well as the user (eg, it is expected that the use of de Bruijn indices would be simpli ed, and the treatment of meta-variables may be dealt with using the simple method as proposed in [Luo97] and implemented in Plastic [CL00].) Paul Callaghan at Durham has implemented a prototype of PAL+ , based on his implementation of LF in the system Plastic. We have done some experiments on proof development (eg, about inductive types and universes) based on the prototype implementation. A better understanding of what we can gain in implementations requires further research and a real development of a proof system. The development of meta-theory here uses the TOS tool heavily, which shows that TOS is a robust approach that can be adapted to other calculi. Among other related work, Severi and Poll has considered meta-theory of adding de nitions into PTS [SP94], but they do not consider let-expressions as basic and PTS does not have -rules either. Another interesting aspect is to consider categorical theories corresponding to PAL+ , in a similar way as Cartmell's notion contextual categories [Car78, Car86] corresponds to Martin-Lof's logical framework.

Acknowledgements I am grateful to Paul Callaghan, Conor McBride, Bengt

Nordstrom, Randy Pollack, and an LFM'00 referee, who have read earlier versions of this paper and given useful suggestions. Callaghan's prototype implementation of PAL+ has been extremely useful. I am also grateful to the discussions on this topic I have had with members of the Computer-Assisted Reasoning Group at Durham.

References [Car78] J. Cartmell. Generalized Algebraic Theories and Contextual Category. PhD thesis, University of Oxford, 1978. [Car86] J. Cartmell. Generalized algebraic theories and contextual category. Annals of Pure and Applied Logic, 32, 1986. [CL00] P. Callaghan and Z. Luo. Plastic: an implementation of lf with coercive subtyping and universes. Journal of Automated Reasoning, 2000. To appear. [dB80] N.G. de Bruijn. A survey of the project AUTOMATH. In J. Hindley and J. Seldin, editors, To H. B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism. Academic Press, 1980. 21

[Gog94] H. Goguen. A Typed Operational Semantics for Type Theory. PhD thesis, University of Edinburgh, 1994. [Gog99] H. Goguen. Soundness of typed operational semantics for the logical framework. Typed Lambda Calculi and Applications (TLCA'99), 1999. [HHP87] R. Harper, F. Honsell, and G. Plotkin. A framework for de ning logics. Proc. 2nd Ann. Symp. on Logic in Computer Science. IEEE, 1987. [Luo94] Z. Luo. Computation and Reasoning: A Type Theory for Computer Science. Oxford University Press, 1994. [Luo97] Z. Luo. Meta-variables and existential judgements. Notes, August 1997. [Luo99] Z. Luo. Coercive subtyping. Journal of Logic and Computation, 9(1):105{130, 1999. [Luo00] Z. Luo. pal+ : a lambda-free logical framework. Proc of Inter Workshop on Logical Frameworks and Meta-languages (LFM'2000), Santa Barbara, California, 2000. [MN94] L. Magnusson and B. Nordstrom. The ALF proof editor and its proof engine. In Types for Proof and Programs, LNCS, 1994. [NPS90] B. Nordstrom, K. Petersson, and J. Smith. Programming in MartinLof's Type Theory: An Introduction. Oxford University Press, 1990. [SP94] P. Severi and E. Poll. Pure type systems with de nitions. Proc of LFCS'94, LNCS 813, 1994.

22