FORMATOS OFIMATIZADOS

Pico comes equipped with a large variety of ways of decomposing an equality to get

out a smaller one—in some sense, these are the inverses of the congruence forms. We will approach these in batches.

5.8.6.1 The argk forms

The coercion form argkextracts a coercion between the kinds of the bound variables in a coercion relating abstractions. The rules appear in Figure 5.10 on the next page. The rules are actually straightforward; look at _{Co_ArgK}for a typical example. This form extracts the equality betweenκ1 andκ2 from the type ofγ. The other forms work

61_{This intuition is hard to state precisely, because of the possibility that the contexts have abstrac-}

tions over coercions. We would somehow need a premise that states that no coercion abstractions are “reachable” fromτ, but defining such a property and then proving this claim seems not to pay its way.

Σ; Γ`co γ : (Πa:ρκ1. σ1) ∼ (Πa:ρκ2. σ2) Σ; Γ`co argkγ :κ1 ∼κ2 Co_ArgK Σ; Γ`coγ : (Πc:(τ1 ∼τ10). σ1)∼ (Πc:(τ2 ∼ τ20). σ2) Σ; Γ`coargk1γ :τ1 ∼τ2 Co_CArgK1 Σ; Γ`coγ : (Πc:(τ1 ∼τ10). σ1)∼ (Πc:(τ2 ∼ τ20). σ2) Σ; Γ`coargk2γ :τ10 ∼τ20 Co_CArgK2 Σ; Γ`coγ : (λa:ρκ1. σ1) ∼(λa:ρκ2. σ2) Σ; Γ`co argkγ :κ1 ∼ κ2 Co_ArgKLam Σ; Γ`co γ : (λc:(τ1 ∼ τ10). σ1) ∼ (λc:(τ2 ∼ τ20). σ2) Σ; Γ`co argk1γ :τ1 ∼ τ2 Co_CArgKLam1 Σ; Γ`co γ : (λc:(τ1 ∼ τ10). σ1) ∼ (λc:(τ2 ∼ τ20). σ2) Σ; Γ`co argk2γ :τ10 ∼ τ20 Co_CArgKLam2

Figure 5.10: The argkrules of coercion formation

analogously. The forms withargk_i are necessary because _Pico has no built-in notion of an equality between equalities: If we tried to extract a relation between propositions like we do in Co_ArgK, we would need something that looks likeφ1 ∼φ2, which

does not exist in _Pico. So, we have to extract either the left side of the propositions or the right side.

Note that these rules are syntax-directed even though their conclusions overlap: we can always find the proposition a coercion proves and then decide which argkrule to use.

5.8.6.2 The instantiation forms

Given a coercion between abstractions, we can instantiate the bound variable and get a coercion between the instantiated bodies. The rules for these coercions are in Figure 5.11 on the following page.

These rules are essentially concrete instances of two rule schemas, one for instanti- ation coercions built with @, and the other for “result” coercions built with res. The instantiation coercions can work with one of three argument types (relevant type, irrelevant type, and coercion) and one of two forms (Π and λ), leading to six very similar rules. Along the same lines, res coercions work with both Π and λ, though this form is agnostic to the argument flavor, so we get only two rules.

Σ; Γ`co γ : Πa:Relκ1. σ1 ∼ Πa:Relκ2. σ2 Σ; Γ`co η :τ1 κ1∼κ2 τ2 Σ; Γ`coγ@η:σ1[τ1/a]∼ σ2[τ2/a] Co_InstRel Σ; Γ`co γ : Πa:Irrelκ1. σ1 ∼Πa:Irrelκ2. σ2 Σ; Γ`co η:τ1 κ1∼κ2 τ2 Σ; Γ`co γ@{η}:σ1[τ1/a] ∼ σ2[τ2/a] Co_InstIrrel Σ; Γ`co η1 : Πc:φ1. σ1 ∼ Πc:φ2. σ2 Σ; Γ`co γ1 :φ1 Σ; Γ`co γ2 :φ2 Σ; Γ`co η1@(γ1, γ2) :σ1[γ1/c]∼ σ2[γ2/c] Co_CInst Σ; Γ`coγ :λa:Relκ1. τ1 ∼λa:Relκ2. τ2 Σ; Γ`coη :σ1 κ1∼κ2 σ2 Σ; Γ`co γ@η:τ1[σ1/a]∼ τ2[σ2/a] Co_InstLamRel Σ; Γ`co γ :λa:Irrelκ1. τ1 ∼ λa:Irrelκ2. τ2 Σ; Γ`co η:σ1 κ1∼κ2 σ2 Σ; Γ`co γ@{η}:τ1[σ1/a] ∼τ2[σ2/a] Co_InstLamIrrel Σ; Γ`coγ :λc:φ1. σ1 ∼λc:φ2. σ2 Σ; Γ`coη1 :φ1 Σ; Γ`co η2 :φ2 Σ; Γ`co γ@(η1, η2) :σ1[η1/c] ∼ σ2[η2/c] Co_CInstLam Σ; Γ`co γ :Π∆? <sub>1</sub>. τ<sub>1</sub> ∼ Π∆? <sub>2</sub>. τ<sub>2</sub> |∆<sub>1</sub>|=|∆<sub>2</sub>|=n Σ; Γ`ty τ1 :Type Σ; Γ`ty τ2 :Type Σ; Γ`co resnγ :τ1 ∼τ2 Co_Res Σ; Γ`coγ :λ∆1. τ1 ∼λ∆2. τ2 |∆1|=|∆2|=n Σ; Γ`ty τ1 :κ1 Σ; Γ`ty τ2 :κ2 Σ; Γ`co resnγ :τ1 ∼τ2 Co_ResLam

of the operational semantics.63

The res coercions are a form of degenerate instantiation, usable when the body of an abstraction (either Π orλ) does not mention the bound variable(s). Note that both res rules require that the body types (τ1 and τ2) are well typed without any

of the bound variables in ∆1 or∆2. These coercions also allow for the possibility of

looking through multiple binders. This ability cannot be emulated by repeated use of res because of the possibility of an intermediate dependency. For example, consider the reflexive coercion γ = hΠ(a:IrrelType),(b:Rela).Typei. We can see that res2γ is

well typed, even thoughres1_{γ is not (because of the appearance of a in the type of b).}

We must use res instead of instantiation when we don’t have a coercion to use for the instantiation. This situation happens in the _{S_KPush}rule, where we need a coercion relating the bodies of two propositionally equal Π-types, but we have no coercions to hand to use in instantiation. See Section 5.9 for more details.

5.8.6.3 Type constants are injective

In_Pico, all type constants are considered injective, as witnessed by thenthcoercions, which extract an equality between arguments of a type constant:

Σ; Γ`co γ :H{κ}ψ ∼ H{κ0}ψ 0 ψi = τ ψ0i = σ Σ; Γ`ty τ :κ1 Σ; Γ`ty σ:κ2 Σ; Γ`co nthiγ :τ ∼ σ Co_NthRel Σ; Γ`co γ :H{κ}ψ ∼ H{κ0}ψ 0 ψi = {τ} ψi0 = {σ} Σ;Rel(Γ)`ty τ :κ1 Σ;Rel(Γ)`ty σ :κ2 Σ; Γ`co nthiγ :τ ∼ σ Co_NthIrrel

Both forms above require that we extract a coercion betweentype arguments, never

coercion arguments. As discussed in Section 5.8.3, we never need an explicit proof of equality between coercions. The last line of premises in the rules are simply to produce the kinds to put in the result proposition, where the kinds are elided in the typesetting.

Injectivity of type constants is sometimes controversial [104] and is known to be anti-classical [47]. However, in a type system with Type:Type, being able to prove absurdity by combining type constant injectivity with, say, the Law of the Excluded Middle, does not weaken any property of the language. Injectivity is vital in the

S_KPush rule and is thus a part of the language.

63_{It is necessary for the system to allow instantiation onΠ-types;λ-types, on the other hand, are}

not strictly necessary to instantiate in order to prove type safety. However, doing so is easy, and so I took the opportunity to make the equality relation stronger.

Σ; Γ`co γ :τ1 ψ1 ∼ τ2 ψ2 Σ; Γ`ty τ1 :’Πδ1. κ1 Σ; Γ`ty τ2 :’Πδ2. κ2 Σ; Γ`co η:’Πδ1. κ1 ∼ ’Πδ2. κ2 Σ; Γ`co leftηγ :τ1 ∼τ2 Co_Left Σ; Γ`co γ :τ1 σ1 ∼ τ2 σ2 Σ; Γ`ty σ1 :κ1 Σ; Γ`ty σ2 :κ2 Σ; Γ`co η:κ1 ∼κ2 Σ; Γ`co rightηγ :σ1 ∼σ2 Co_RightRel Σ; Γ`coγ :τ1 {σ1} ∼τ2 {σ2} Σ; Γ`ty σ1 :κ1 Σ; Γ`tyσ2 :κ2 Σ; Γ`co η:κ1 ∼ κ2 Σ; Γ`corightηγ :σ1 ∼ σ2 Co_RightIrrel

Figure 5.12: Function application decomposition coercions

5.8.6.4 Matchable types are generative and injective

In Section 4.2.4, I definematchable as the conjunction of generative and injective._Pico includes two coercion forms that witness the generativity (left) and injectivity (right) of matchable function types, as shown in Figure 5.12. Note that the applications in the proposition proved by γ are matchable applicationsτ ψ, distinct from unmatchable applications τ

e ψ.

Interestingly, these coercions require an extra coercionη that proves that the kinds of the output types are equal. This kind coercion is necessary to prove the consistency of thekindcoercion (Section 5.8.1). It is curiously absent from my prior work on kind equalities [105], but I now believe that this coercion is necessary—though I have yet to find a counterexample to consistency by omitting it, I am unable to prove consistency without it.

Does adding this extra argument to left andright now weaken _Pico’s expressive- ness, compared to its predecessors? Yes and no:

Yes, fewer coercions are available, when comparing against the system in my prior work [105]. However, I argue in Section 5.10.5.2 that the proof in that prior work is broken, precisely around itskindcoercion. If_Picoreduces expressiveness compared to an unsound system, this may be an improvement.

No fewer coercions are available, when comparing against the System FC before kind equalities (that is, the System FC in GHC 7). Prior to GHC 8, the left and right coercions required the kinds of the output types to be identical. In those cases, the η coercion in _Pico’s left and right would just be reflexive. Though this restriction on the kinds was overlooked in the original publication

on System FC [87], it appears in later treatments [11, 32].64

I thus conclude that adding these extra kind coercions is appropriate, considering that their omission in GHC 8.0 may be unsafe and that including them is conservative with respect to GHC 7.