A subtyping algorithm forintersection and union types
Claude Stolze
IRIF Université de Paris
Journée CoGITARe November 7, 2019
Outline
• Polymorphism in the λ-calculus
• Subtyping as an effective semantic tool to increase expressivity onprogramming languages
• The power of intersection⋂
and union⋃
types assigned to purelambda-calculus
• Description of the subtyping algorithm
Claude Stolze – A subtyping algorithm for intersection and union types 2
Simply typed λ-calculus (Curry-style)• Types: σ ::= ϕ | σ1 → σ2 ϕ is an atomic type
• We note σ → τ → ρ for σ → (τ → ρ)
• Typing rules:(x :σ) ∈ Γ ⇒ Γ ` x : σ
Γ ` M : σ → τ and Γ ` N : σ ⇒ Γ ` M N : τΓ, x :σ ` M : τ ⇒ Γ ` λx .M : σ → τ
• Preferred notation for the typing rules:
(x :σ) ∈ Γ
Γ ` x : σ(Var)
Γ ` M : σ → τ Γ ` N : σΓ ` M N : τ
(→E)
Γ, x :σ ` M : τ
Γ ` λx .M : σ → τ(→I)
Claude Stolze – A subtyping algorithm for intersection and union types 3
Example
f :σ → τ, x :σ ` f : σ → τ f :σ → τ, x :σ ` x :σ
f :σ → τ, x :σ ` f x : τ
f :σ → τ ` λx .f x : σ → τ` λf .λx .f x : (σ → τ)→ σ → τ
Notice that, in this case, the type is not unique: there is an infinity ofpossible types:• ` λf .λx .f x : (τ → σ)→ τ → σ
• ` λf .λx .f x : (σ → σ)→ σ → σ
• ` λf .λx .f x : (σ → τ → ρ)→ σ → τ → ρ
• . . .
Claude Stolze – A subtyping algorithm for intersection and union types 4
Example
f :σ → τ, x :σ ` f : σ → τ f :σ → τ, x :σ ` x :σ
f :σ → τ, x :σ ` f x : τ
f :σ → τ ` λx .f x : σ → τ` λf .λx .f x : (σ → τ)→ σ → τ
Notice that, in this case, the type is not unique: there is an infinity ofpossible types:• ` λf .λx .f x : (τ → σ)→ τ → σ
• ` λf .λx .f x : (σ → σ)→ σ → σ
• ` λf .λx .f x : (σ → τ → ρ)→ σ → τ → ρ
• . . .
Claude Stolze – A subtyping algorithm for intersection and union types 4
Girard’s parametric polymorphism (λ2)
• Idea: add the quantifier ∀ in types, on order to deal withpolymorphism
• Rules: the same as in the simply-typed λ-calculus, and:
Γ ` M : σ α 6∈ FV (Γ)
Γ ` M : ∀α.σ (∀I) Γ ` M : ∀α.σΓ ` M : σ[α := τ ]
(∀E)
• OCaml implements a subset of λ2, thanks to the Damas-Milnertype inference algorithm:# (fun f -> fun x -> f x);;- : (’a -> ’b) -> ’a -> ’b = <fun>
Claude Stolze – A subtyping algorithm for intersection and union types 5
Barendregt-Coppo-Dezani’s ad hocpolymorphism (λ∩)
• No ∀ quantifier
• Instead, a ∩ operator indicating that a term can have several types:
Γ ` M : σ Γ ` M : τΓ ` M : σ ∩ τ (∩I)
Γ ` M : σ1 ∩ σ2
Γ ` M : σi(∩Ei )
• Example : ` λf .λx .f x : ((σ → τ)→ σ → τ) ∩ ((τ → σ)→ τ → σ)
• Example : ` λx .x x : ((σ → τ) ∩ σ)→ τ
Claude Stolze – A subtyping algorithm for intersection and union types 6
Barbanera-Dezani-de’Liguoro union types(λ∩∪)
• Another form of ad hoc polymorphism
Γ ` M : σi
Γ ` M : σ1 ∪ σ2(∪Ii )
Γ, x :σ1 ` M : σ3Γ, x :σ2 ` M : σ3 Γ ` N : σ1 ∪ σ2
Γ ` M[N/x ] : σ3(∪E)
• Example : ` λx .x : (σ → σ) ∪ σ
• Example : ` λf .λx .f x : ((σ → ρ) ∩ (τ → ρ))→ (σ ∪ τ)→ ρ
Claude Stolze – A subtyping algorithm for intersection and union types 7
Subtyping in programming languages 1/3• Subtyping, denoted by 6 is a form of implicit polymorphism
(aka implicit type conversion or type coercion)
• Subtyping allows us to implicitly and safely promote somevariables of some type into another typeint x = 3; x is an integerfloat y = 4.0; y is a floatfloat z = x + y; x is is implicitly coerced into a float
// the result is 7.0
• Subtyping is not an explicit type conversion (aka type casting)float x = 3.3; x is an floatfloat y = 4.7; y is an floatint z = (int)x + (int)y; x and y are casted into integers
// the result is 7
Claude Stolze – A subtyping algorithm for intersection and union types 8
Subtyping in programming languages 1/3• Subtyping, denoted by 6 is a form of implicit polymorphism
(aka implicit type conversion or type coercion)
• Subtyping allows us to implicitly and safely promote somevariables of some type into another typeint x = 3; x is an integerfloat y = 4.0; y is a floatfloat z = x + y; x is is implicitly coerced into a float
// the result is 7.0
• Subtyping is not an explicit type conversion (aka type casting)float x = 3.3; x is an floatfloat y = 4.7; y is an floatint z = (int)x + (int)y; x and y are casted into integers
// the result is 7
Claude Stolze – A subtyping algorithm for intersection and union types 8
Subtyping in programming languages 1/3• Subtyping, denoted by 6 is a form of implicit polymorphism
(aka implicit type conversion or type coercion)
• Subtyping allows us to implicitly and safely promote somevariables of some type into another typeint x = 3; x is an integerfloat y = 4.0; y is a floatfloat z = x + y; x is is implicitly coerced into a float
// the result is 7.0
• Subtyping is not an explicit type conversion (aka type casting)float x = 3.3; x is an floatfloat y = 4.7; y is an floatint z = (int)x + (int)y; x and y are casted into integers
// the result is 7
Claude Stolze – A subtyping algorithm for intersection and union types 8
Subtyping in programming languages 2/3Subtyping hierarchy in C
Subtyping ruleΓ ` M : σ σ 6 τ
Γ ` M : τ(6)
Claude Stolze – A subtyping algorithm for intersection and union types 9
Subtyping in OO programming languages 3/3• Subtyping lurks also in object-oriented programming
“An object of class T may be substituted with any object of asubclass S” (Barbara Liskov substitution principle)
• Inheritance as subtyping
• Subtyping hierarchy in Java
class Point { int x = 0; int y = 0; }class ColPoint extends Point with { String col = "red"; }
Point p = new Point();ColPoint q = new ColPoint();
����q = p; reject
q = (ColPoint) p; accept (explicit cast), but runtime error
p = q; accept
Claude Stolze – A subtyping algorithm for intersection and union types 10
Subtyping in OO programming languages 3/3• Subtyping lurks also in object-oriented programming
“An object of class T may be substituted with any object of asubclass S” (Barbara Liskov substitution principle)
• Inheritance as subtyping
• Subtyping hierarchy in Java
class Point { int x = 0; int y = 0; }class ColPoint extends Point with { String col = "red"; }
Point p = new Point();ColPoint q = new ColPoint();
����q = p; reject
q = (ColPoint) p; accept (explicit cast), but runtime error
p = q; accept
Claude Stolze – A subtyping algorithm for intersection and union types 10
Subtyping in OO programming languages 3/3• Subtyping lurks also in object-oriented programming
“An object of class T may be substituted with any object of asubclass S” (Barbara Liskov substitution principle)
• Inheritance as subtyping
• Subtyping hierarchy in Java
class Point { int x = 0; int y = 0; }class ColPoint extends Point with { String col = "red"; }
Point p = new Point();ColPoint q = new ColPoint();
����q = p; reject
q = (ColPoint) p; accept (explicit cast), but runtime error
p = q; accept
Claude Stolze – A subtyping algorithm for intersection and union types 10
Ad hoc vs. Parametric polymorphism• Intersection types
⋂[Barendregt-Coppo-Dezani 82] characterize
the set of “strongly normalizable” λ-terms
• Ad hoc (C)int a, b;
float x, y;printf(“%d %f”, a+b, x+y);
• The type of the operator + is+ : (int × int -> int) ∩ (float × float -> float)
• Parametric (caml)> fun x -> x : ’a -> ’a or ∀α.α→ α
• Well known: Girard’s parametric polymorphism (System F) isequivalent to ad hoc polymorphism
∀α.σ ≈⋂
i=1...∞
σi
Claude Stolze – A subtyping algorithm for intersection and union types 11
Union types as a dual of intersection types
• Union types⋃
[McQueen-Plotkin-Sethi 85] are considered as adual of intersection types
• Union corresponds “roughly” to OCaml match constructtype ’a or = In1 of ’a | In2 of ’a ;; ‘a is a type variablelet f x = match x with case analysis on the shape of x| In1 y -> "case 1" first case| In2 y -> "case 2" second case;;
• The big difference between sum types and union types is that, forunion types, both cases should have the same structure
Claude Stolze – A subtyping algorithm for intersection and union types 12
Ex: Type assignment judgments with⋂
and⋃
• The Forsythe code [by Pierce 91]
Test 4= if b then 1 else−1 : Pos ∪ Neg
Is_0 : (Neg → F ) ∩ (Zero → T ) ∩ (Pos → F )
(Is_0 Test) : F
Without union types the best information we can get for (Is_0 Test)is a Boolean type
Claude Stolze – A subtyping algorithm for intersection and union types 13
Subtyping rules 1/4
A subtyping relation is a preorder, ie. a reflexive and transitive order. Uis a universal type, corresponding to the > constant in the lattice oftypes (with ∪ as t and ∩ as u)
σ 6 σ Reflexivity
σ 6 τ and τ 6 ρ⇒ σ 6 ρ Transitivity
σ 6 U Universal type
U 6 U→ U Universal type is also a function
Claude Stolze – A subtyping algorithm for intersection and union types 14
Subtyping rules 2/4
Main rules for intersection:σ 6 σ ∩ σ
σ ∩ τ 6 σ
σ ∩ τ 6 τ
σ1 6 σ2 and τ1 6 τ2 ⇒ σ1 ∩ τ1 6 σ2 ∩ τ2 Intersection compositionality
Main rules for union:σ ∪ σ 6 σ
σ 6 σ ∪ τ
τ 6 σ ∪ τ
σ1 6 σ2 and τ1 6 τ2 ⇒ σ1 ∪ τ1 6 σ2 ∪ τ2 Union compositionality
Claude Stolze – A subtyping algorithm for intersection and union types 15
Subtyping rules 2/4
Main rules for intersection:σ 6 σ ∩ σ
σ ∩ τ 6 σ
σ ∩ τ 6 τ
σ1 6 σ2 and τ1 6 τ2 ⇒ σ1 ∩ τ1 6 σ2 ∩ τ2 Intersection compositionality
Main rules for union:σ ∪ σ 6 σ
σ 6 σ ∪ τ
τ 6 σ ∪ τ
σ1 6 σ2 and τ1 6 τ2 ⇒ σ1 ∪ τ1 6 σ2 ∪ τ2 Union compositionality
Claude Stolze – A subtyping algorithm for intersection and union types 15
Subtyping rules 3/4
σ ∩ (τ ∪ ρ) 6 (σ ∩ τ) ∪ (σ ∩ ρ) Distributivity of intersection over union
(σ → τ) ∩ (σ → ρ) 6 σ → (τ ∩ ρ) Codomain factorization
(σ → ρ) ∩ (τ → ρ) 6 (σ ∪ τ)→ ρ Domain factorization
Distributivity of union over intersection can be inferred, so there is noneed for another distributivity axiom
Claude Stolze – A subtyping algorithm for intersection and union types 16
Subtyping rules 4/4
Domain contravariance & codomain variance
σ2 6 σ1 and τ1 6 τ2 ⇒ σ1 → τ1 6 σ2 → τ2
Claude Stolze – A subtyping algorithm for intersection and union types 17
The subtyping algorithm A in a nutshell
Fully detailed in [Stolze Liquori TTCS’17]
We note σ ∼ τ if σ 6 τ and τ 6 σ
Idea:• First step: we rewrite the types into an equivalent form that is
easier to process, using four subroutines R1,R2,R3,R4
• Second step: we apply A on these normal forms- A proceeds by case analysis:
- we decompose the unions and intersections
- and we proceed by structural recursion
Claude Stolze – A subtyping algorithm for intersection and union types 18
Rewriting subroutine R1 1/3
We can show that:
U ∩ σ ∼ σ
U ∪ σ ∼ U
σ → U ∼ U
This subroutine simplifies all the subterms containing U
• U ∩ σ and σ ∩ U rewrite to σ
• U ∪ σ and σ ∪ U rewrite to U
• σ → U rewrites to U
Claude Stolze – A subtyping algorithm for intersection and union types 19
Rewriting subroutines R2,R3 2/3
We can show that:
σ ∪ (τ ∩ ρ) ∼ (σ ∪ τ) ∩ (σ ∪ ρ)
σ ∩ (τ ∪ ρ) ∼ (σ ∩ τ) ∪ (σ ∩ ρ)
These subroutines rewrite types into conjunctive normal form (CNF)and disjunctive normal form (DNF).
• R2: σ ∪ (τ ∩ ρ) rewrites to (σ ∪ τ) ∩ (σ ∪ ρ)
• R3: σ ∩ (τ ∪ ρ) rewrites to (σ ∩ τ) ∪ (σ ∩ ρ)
Well known: DNF and CNF can grow exponentially in size
Claude Stolze – A subtyping algorithm for intersection and union types 20
Rewriting subroutine R4 3/3We can show that:
σ → (τ ∩ ρ) ∼ (σ → τ) ∩ (σ → ρ)
(σ ∪ τ)→ ρ ∼ (σ → ρ) ∩ (τ → ρ)
Mixing these equivalences with CNF and DNF, we get two mutuallydefined new normal forms CANF and DANF :
• R2 ◦ R4 ◦ R1: Conjunctive arrow normal form (CANF):- for any subterm σ → τ , rewrite σ in DANF and τ in CANF,
- rewrite σ → (τ ∩ ρ) into (σ → τ) ∩ (σ → ρ)
- rewrite (σ ∪ τ)→ ρ into (σ → ρ) ∩ (τ → ρ)
Then rewrite the resulting type in CNF
• R3 ◦ R4 ◦ R1: Disjunctive arrow normal form (DANF): . . . as above(but rewrite the resulting type in DNF)
Claude Stolze – A subtyping algorithm for intersection and union types 21
Subtyping algorithm A 1/2
Idea:• Lemma
σ ∪ τ 6 ρ iff σ 6 ρ and τ 6 ρ
• Lemmaσ 6 τ ∩ ρ iff σ 6 τ and σ 6 ρ
• TheoremIf σ 4
= ∪i (∩jσi,j) is in DANF
and τ 4= ∩h (∪kτh,k ) is in CANF
then σ 6 τ iff ∀i, h, ∃j, k , σi,j 6 τh,k
Claude Stolze – A subtyping algorithm for intersection and union types 22
Subtyping algorithm A 2/2We start by asking A if σ 6 τ , with σ in DANF and τ in CANF• Case ∪i (∩jσi,j ) 6 ∩h(∪kτh,k ):
for every i ,h, find j , k , such that that σi,j 6 τh,k ;
• Case σ 6 U: accept;
• Case U 6 φ: reject;
• Case U 6 σ → τ : reject;
• Case φ 6 φ′: accept if φ ≡ φ′, else reject;
• Case φ 6 σ → τ : reject;
• Case σ → τ 6 φ: reject;
• Case σ → τ 6 σ′ → τ ′: accept if σ′ 6 σ and τ 6 τ ′, else reject.
Claude Stolze – A subtyping algorithm for intersection and union types 23
Previous Pierce’s example 1/4
Six atomic types: Pos,Zero,Neg,Err ,T ,F .
x : Pos ∪ Neg ∪ Err
is_0 : (Pos → F ) ∩ (Zero → T ) ∩ (Neg → F ) ∩ (Err → Err)
is_0 x should have type F ∪ Err .
We have to prove that
(Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
(Pos ∪ Neg ∪ Err)→ (F ∪ Err)
Claude Stolze – A subtyping algorithm for intersection and union types 24
Rewriting preprocessing 2/4
• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err) is alreadyin DANF
• (Pos ∪ Neg ∪ Err)→ (F ∪ Err) is not in CANF. It is rewritten into(Pos → (F ∪ Err)) ∩ (Neg → (F ∪ Err)) ∩ (Err → (F ∪ Err))
• We now have the judgement
(Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
(Pos → (F ∪ Err)) ∩ (Neg → (F ∪ Err)) ∩ (Err → (F ∪ Err))
Claude Stolze – A subtyping algorithm for intersection and union types 25
Algorithm A 3/4• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
Pos → (F ∪ Err)
• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
Neg → (F ∪ Err)
• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
Err → (F ∪ Err)
Claude Stolze – A subtyping algorithm for intersection and union types 26
Algorithm A 3/4• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
Pos → (F ∪ Err)
• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
Neg → (F ∪ Err)
• (Pos → F ) ∩ (Zero → T ) ∩ (Neg → Neg) ∩ (Err → Err)
6
Err → (F ∪ Err)
Claude Stolze – A subtyping algorithm for intersection and union types 27
Algorithm A 4/4• Either:
- Pos → F 6 Pos → (F ∪ Err)- or Zero → T 6 Pos → (F ∪ Err)- or Neg → F 6 Pos → (F ∪ Err)- or Err → Err 6 Pos → (F ∪ Err)
• Either:- Pos → F 6 Neg → (F ∪ Err)- or Zero → T 6 Neg → (F ∪ Err)- or Neg → F 6 Neg → (F ∪ Err)- or Err → Err 6 Neg → (F ∪ Err)
• Either:- Pos → F 6 Err → (F ∪ Err)- or Zero → T 6 Err → (F ∪ Err)- or Neg → F 6 Err → (F ∪ Err)- or Err → Err 6 Err → (F ∪ Err)
Claude Stolze – A subtyping algorithm for intersection and union types 28
Correctness
The algorithm has been proven (on paper and on Coq) to be correct,that is:
• Theorem (Soundness): if the algorithm accepts that σ 6 τ , thenσ 6 τ ;
• Theorem (Completeness): if σ 6 τ , then the algorithm accepts thatσ 6 τ .
Claude Stolze – A subtyping algorithm for intersection and union types 29
Coq implementation
The Coq implementation is done in three steps:• Defining the problem
• Proving the interesting properties
• Proving the specification of the algorithms
Claude Stolze – A subtyping algorithm for intersection and union types 30
Definition of subtyping in Coq
Inductive Subtype : term −> term −> Prop :=| R_InterMeetLeft : ∀ σ τ , σ ∩ τ ≤ σ| R_InterMeetRight : ∀ σ τ , σ ∩ τ ≤ τ| R_InterIdem : ∀ τ , τ ≤ τ ∩ τ| R_UnionMeetLeft : ∀ σ τ , σ ≤ σ ∪ τ| R_UnionMeetRight : ∀ σ τ , τ ≤ σ ∪ τ| R_UnionIdem : ∀ τ , τ ∪ τ ≤ τ| R_InterDistrib : ∀ σ τ ρ, (σ → ρ) ∩ (σ → τ ) ≤ σ → ρ ∩ τ| R_UnionDistrib : ∀ σ τ ρ, (σ → ρ) ∩ (τ → ρ) ≤ σ ∪ τ → ρ| R_InterSubtyDistrib: ∀ σ σ’ τ τ ’, σ ≤ σ’ −> τ ≤ τ ’ −> σ ∩ τ ≤ σ’ ∩ τ ’| R_UnionSubtyDistrib: ∀ σ σ’ τ τ ’, σ ≤ σ’ −> τ ≤ τ ’ −> σ ∪ τ ≤ σ’ ∪ τ ’| R_InterUnionDistrib: ∀ σ τ ρ, σ ∩ (τ ∪ ρ) ≤ (σ ∩ τ ) ∪ (σ ∩ ρ)| R_CoContra : ∀ σ σ’ τ τ ’, σ ≤ σ’ −> τ ≤ τ ’ −> σ’→ τ ≤ σ → τ ’| R_OmegaTop : ∀ σ, σ ≤ U| R_OmegaArrow : U ≤ U→ U| R_Reflexive : ∀ σ, σ ≤ σ| R_Transitive : ∀ σ τ ρ, σ ≤ τ −> τ ≤ ρ −> σ ≤ ρwhere "σ ≤ τ" := (Subtype σ τ ).
Claude Stolze – A subtyping algorithm for intersection and union types 31
Normal Forms• Definition of arbitrary unions and arbitrary intersectionsInductive Generalize (c : term −> term −> term) (P : term −> Prop)
: term −> Prop :=| G_nil : ∀ σ, P σ −> Generalize c P σ| G_cons : ∀ σ τ , Generalize c P σ −> Generalize c P τ −>
Generalize c P (c σ τ ).Notation "[
⋂P ]" := (Generalize (∩ ) P).
Notation "[⋃
P ]" := (Generalize (∪ ) P).
• Definition of Arrow Normal Forms:Inductive ANF : term −> Prop :=| VarisANF : ∀ α, ANF (Var α)| ArrowisANF : ∀ σ τ , [
⋂ANF] σ −> [
⋃ANF] τ −> ANF (σ → τ )
| ArrowisANF’ : ∀ τ , [⋃
ANF] τ −> ANF (U→ τ ).
• Definition of CANF and DANF:Definition CANF (σ : term) : Prop := [
⋂[⋃
ANF]] σ ∨ σ = U.Definition DANF (σ : term) : Prop := [
⋃[⋂
ANF]] σ ∨ σ = U.
Claude Stolze – A subtyping algorithm for intersection and union types 32
Filters and ideals
• We define a predicate isFilter σ, and a predicate ↑[ σ ] τ• We prove
Theorem Filter_correct : ∀ σ τ , ↑[σ] τ −> σ ≤ τ .Theorem Filter_complete : ∀ σ, isFilter σ −> ∀ τ , σ ≤ τ −> ↑[σ] τ .
• We define a predicate ↓[ σ ] τ• We prove
Theorem Ideal_correct : ∀ σ τ , ↓[σ] τ −> τ ≤ σ.Theorem Ideal_complete : ∀ σ, [
⋃ANF] σ −> ∀ τ , τ ≤ σ −> ↓[σ] τ .
Claude Stolze – A subtyping algorithm for intersection and union types 33
Implementation of the algorithms
• Functions return a value and a proof the value verify a specification
Fixpoint deleteOmega (σ : term) : {τ | τ ∼ σ ∧ (Omega_free τ ∨ τ = U)}.
• We have functions which rewrite terms to CANF and DANF:
Fixpoint _CANF (σ : term) : (Omega_free σ ∨ σ = U) −> {τ | τ ∼ σ ∧ CANF τ }with _DANF (σ : term) : (Omega_free σ ∨ σ = U) −> {τ | τ ∼ σ ∧ DANF τ }.
• The main algorithm, A, takes as input terms in normal form
Definition main_algo : ∀ pair : term ∗ term,DANF (fst pair) −> CANF (snd pair) −>
{fst pair ≤ snd pair} + {¬ fst pair ≤ snd pair}.
• We then have a certified program:
Definition decide_subtype : ∀ σ τ , {σ ≤ τ } + {¬ σ ≤ τ }.
Claude Stolze – A subtyping algorithm for intersection and union types 34
Thank you for your attention
Questions are welcomed
Claude Stolze – A subtyping algorithm for intersection and union types 35
Extra Coq codeInductive isFilter : term −> Prop :=| OmegaisFilter : isFilter U| VarisFilter : ∀ α, isFilter (Var α)| ArrowisFilter : ∀ σ τ , isFilter (σ → τ )| InterisFilter : ∀ σ τ , isFilter σ −> isFilter τ −> isFilter (σ ∩ τ ).
Definition decide_subtype : ∀ σ τ , {σ ≤ τ } + {¬ σ ≤ τ }.Proof.intros.refine (let (σ1,pfσ) := deleteOmega σ in let (Hσ1,pfσ) := pfσ in
let (τ1,pfτ ) := deleteOmega τ in let (Hτ1,pfτ ) := pfτ inlet (σ2,pfσ) := _DANF σ1 pfσ in let (Hσ2,pfσ) := pfσ inlet (τ2,pfτ ) := _CANF τ1 pfτ in let (Hτ2,pfτ ) := pfτ inmatch main_algo (σ2,τ2) pfσ pfτ with| left H⇒ left _| right H⇒ right _end);
rewrite← Hτ1,← Hσ1,← Hτ2,← Hσ2; assumption.Defined.
Claude Stolze – A subtyping algorithm for intersection and union types 36
Extra Coq codeInductive Filter : term −> term −> Prop :=| F_Refl : ∀ σ : term, isFilter σ −> ↑[σ] σ| F_Inter : ∀ σ τ ρ : term, ↑[σ] τ −> ↑[σ] ρ −> ↑[σ] τ ∩ ρ| F_Union1 : ∀ σ τ ρ : term, ↑[σ] τ −> ↑[σ] τ ∪ ρ| F_Union2 : ∀ σ τ ρ : term, ↑[σ] ρ −> ↑[σ] τ ∪ ρ| F_Arrow1 : ∀ σ1 σ2 τ1 τ2 : term, σ2 ≤ σ1 −> τ1 ≤ τ2 −> ↑[σ1→ τ1] σ2→ τ2| F_Arrow2 : ∀ σ1 σ2 τ1 τ2 ρ1 ρ2 : term, ↑[σ1 ∩ σ2] τ1→ ρ1 −> τ2 ≤ τ1 −>
ρ1 ≤ ρ2 −> ↑[σ1 ∩ σ2] τ2→ ρ2| F_OmegaTopV : ∀ (α : V.t) (τ : term), ↑[U] τ −> ↑[Var α] τ| F_OmegaTopA : ∀ σ1 σ2 τ : term, ↑[U] τ −> ↑[σ1→ σ2] τ| F_OmegaTopI : ∀ σ1 σ2 τ : term, isFilter (σ1 ∩ σ2) −> ↑[U] τ −> ↑[σ1 ∩ σ2] τ| F_Omega : ∀ σ τ : term, ↑[U] τ −> ↑[U] σ → τ| F_Inter1 : ∀ σ1 σ2 τ : term, isFilter σ2 −> ↑[σ1] τ −> ↑[σ1 ∩ σ2] τ| F_Inter2 : ∀ σ1 σ2 τ : term, isFilter σ1 −> ↑[σ2] τ −> ↑[σ1 ∩ σ2] τ| F_ArrowInter : ∀ σ1 σ2 τ ρ1 ρ2 : term, ↑[σ1 ∩ σ2] (τ → ρ1) ∩ (τ → ρ2) −>
↑[σ1 ∩ σ2] τ → ρ1 ∩ ρ2| F_ArrowUnion : ∀ σ1 σ2 τ1 τ2 ρ : term, ↑[σ1 ∩ σ2] (τ1→ ρ) ∩ (τ2→ ρ) −>
↑[σ1 ∩ σ2] τ1 ∪ τ2→ ρwhere "↑[σ ] τ" := (Filter σ τ ).
Claude Stolze – A subtyping algorithm for intersection and union types 37
Extra Coq code
Inductive Ideal : term −> term −> Prop :=| I_Refl : ∀ σ : term, [
⋃ANF] σ −> ↓[σ] σ
| I_Inter1 : ∀ σ τ ρ : term, ↓[σ] τ −> ↓[σ] τ ∩ ρ| I_Inter2 : ∀ σ τ ρ : term, ↓[σ] ρ −> ↓[σ] τ ∩ ρ| I_Union : ∀ σ τ ρ : term, ↓[σ] τ −> ↓[σ] ρ −> ↓[σ] τ ∪ ρ| I_Arrow1 : ∀ σ1 σ2 τ1 τ2 : term, [
⋂ANF] σ1 −> ↑[σ1] σ2 −> ↓[τ1] τ2 −>
↓[σ1→ τ1] σ2→ τ2| I_Arrow2 : ∀ σ τ1 τ2 : term, ↑[U] σ −> ↓[τ1] τ2 −> ↓[U→ τ1] σ → τ2| I_Union1 : ∀ σ1 σ2 τ : term, [
⋃ANF] σ2 −> ↓[σ1] τ −> ↓[σ1 ∪ σ2] τ
| I_Union2 : ∀ σ1 σ2 τ : term, [⋃
ANF] σ1 −> ↓[σ2] τ −> ↓[σ1 ∪ σ2] τwhere "↓[σ ] τ" := (Ideal σ τ ).
Claude Stolze – A subtyping algorithm for intersection and union types 38
Top Related