Syntactic Metatheory - Combining Proofs and Programs

We begin our examination of λθ_{’s metatheory with a syntactic proof of type safety}

via progress and preservation lemmas [65]. As mentioned above, we will focus on explaining the structure of our proofs and how they differ from those for a more traditional language.

3.2.1 Canonical Forms and Progress

Canonical forms lemmas are used to classify the possible closed values for each type. For example, we have the following lemma for sum types:

Lemma 3.2.1 (Canonical forms for sums). If · `θ _v _:_B

1+B2 then there is some v0

such that v =inlv0 orv =inrv0.

This lemma is usually proved directly by induction on the given typing derivation. However, in our setting, this approach gets stuck in the case for the ruleTUnboxVal. Instantiated for our lemma, it has the form:

· `θ v : (A+B)@θ0

· `θ0 _v _:_A₊_B TUnboxVal

The problem is that the conclusion of this rule matches the theorem but the hypothesis does not, so we have no induction hypothesis to tell us about v. The solution is to generalize the statement of the lemma to account for the possibility of@ types:

Lemma 3.2.2 (Generalized canonical forms for sums). Suppose · `θ _v _: _A _and

A=B1+B2 or A= (...((B1+B2)@θ1)...)@θn for some θ1, ..., θn. Then there is some v0 such that v =inlv0 orv =inrv0.

This generalized statement of the canonical forms lemma is provable directly by induction on the typing derivation. The original statement follows immediately as a corollary. We prove canonical forms lemmas for the other types using the same technique.

Lemma 3.2.3 (Canonical forms for Unit). If · `θ _v _:_Unit _then _v _{= ()}_.

Lemma 3.2.4 (Canonical forms for arrows). If· `θ _v _:_A_→_B _then_v ₌_rec_{f x}_._b _for

some f, x and b.

Lemma 3.2.5 (Canonical forms for recursive types). If· `θ _v _:_{µ α.}_A_then_v ₌_roll_v0

for some v0.

With these lemmas, we can prove a standard progress theorem. We show only the application case. The other cases are similarly straightforward.

Theorem 3.2.6 (Progress). If · `θ _a _:_A _{then either} _a _{is a value or} _a _a0 _{for some} a0.

Proof. By induction on the typing derivationD::· `θ _a _:_A_{. Consider the application}

• D= D1 · `θ _b _:_A_→_B D2 · `θ _a _:_A · `θ b a :B TApp

Since b a is not a value, we must show that it steps.

The IHs forD1 andD2 give us that bothb and aeither step or are themselves

values. If b steps, then b a steps because Ea is an evaluation context. Similarly, if b is a valuev but a steps, b a steps because vE is an evaluation context.

So suppose both b and a are values. By canonical forms for arrow types (Lemma 3.2.4) and D1, we know that b = recf x.b0 for some f, x and b0. Thus,

b a = (recf x.b0)a steps by rule _SBeta, since a is a value.

3.2.2 Substitution, Inversion and Preservation

For preservation, a substitution lemma is required. Because variables are values and our language includes a value restriction (in the _TBoxLV rule), we prove the substitution lemma only when the term being substituted in is a value.

Lemma 3.2.7 (Substitution). If Γ,x :θ0 _B _`θ _a _: _A _and _Γ _`θ0 _v _: _B_{, then} _Γ _`θ

[v/x]a :A.

The proof goes by induction on the first typing derivation and is entirely standard. Since we employ a call-by-value operational semantics, the value-restricted substitution lemma is enough for the beta-reduction cases of the preservation theorem.

Preservation also requires inversion lemmas which describe the types that can be given to certain term forms. Like the canonical forms lemmas in the previous section, the inversion lemmas are slightly complicated because the introduction of @-types is not marked in the syntax of terms. For example, we might expect the following lemma to hold:

Lemma. If Γ `θ _inl_a _: _A _then _A ₌ _B

1 +B2 for some types B1 and B2 such that

Γ`θ _a _:_B

However, this lemma is false because it may also the case that A has the form (B1+B2)@θ1 or ((B1+B2)@θ1)@θ2, and so on. Additionally, the fragment in which

a typechecks will depend on whether an @-type was used. The following modified inversion lemma can be proved by a straightforward induction on the typing derivation:

Lemma 3.2.8 (Inversion forinl). Suppose Γ`θ _inl_a _:_A_{. Then either:}

• or A= (...((B1+B2)@θ1)...)@θn for some B1, B2 and θ1,...,θn such that Γ`θ1 a :

B1.

It is convenient to prove the following corollary for the common case that the type has the expected form. This arises in the proof of preservation.

Lemma 3.2.9(Inversion forinlat sum types). IfΓ`θ _inl_a _:_B

1+B2thenΓ`θ a :B1.

After proving similar lemmas for the term forms inra, recf x.b and rolla, we are prepared for preservation itself.

Theorem 3.2.10 (Preservation). If Γ`θ _a _:_A _and _a _a0_{, then}_Γ_`θ _a0 _:_A_.

Proof. By induction on the typing derivation, examining the possible forms of the reduction step in each case.

In document Combining Proofs and Programs (Page 57-60)