We conjecture that Assaf's proof can be adapted to obtain the strong conservativity lemma:
Conjecture 1 (Strong conservativity lemma). Ift is a term of the λΠ-calculus modulo of type ObjA in contextΓ such that ψ is dened on A and Γ, then t reduces to a term t′ on which φis dened.
Contrary to the previous lemmata, this conjecture is far from trivial because the ς- calculus does not terminate so it is not sucient to look at the normal forms.
A simple corollary of this conjecture can then be stated in terms of the direct translation functions only:
Corollary 1. Ift is a term of the λΠ-calculus modulo of typeObj JAKin the context J∆K then t reduces to some JaK such that ∆⊢a:A in the ς-calculus with subtyping.
5.6 Canonicity
Thanks to transitivity of subtyping, we can optionally add the following rewrite rule to ensure that the size of annotations does not grow faster than the term:
def trans (A : type ) (B : type ) (C : type ) ( stAB : subtype A B)
( stBC : subtype B C) : subtype A C :=
l : label =>
D : type =>
p : mem l D C =>
stAB l D ( stBC l D p).
[A,B,C,stAB ,stBC ,a]
coerce _ C stBC ( coerce A B stAB a) -->
coerce A C
( trans A B C stAB stBC ) a.
This is however hard to prove conuent. For example, the conuence of this rule alone relies on the associativity of trans so it is sensible to our denition of subtyping. The transitivity of thesubtype' relation for example is also provable but not in an associative way. Moreover, this is a kind of rewrite rule that makes CSIHO slow: after hours, CSIHO nally replies MAYBE.
5.6. CANONICITY
An argument in favor of this rule is that it eliminates a source of non-canonicity, the other source is dummy coercion from a type to itself which is eliminated by the following non-linear rule:
[A,a] coerce A A _ a --> a.
When both rules are present, the system is canonical:
Theorem 13 (Canonicity). Letaanda′ be two well-typed terms of typeObjJAKsuch that φ(a)≡φ(a′), then a≡a′.
Proof. We rst remark that the rewrite system consisting of these two rewrite rules is strongly normalizing because the number of coercions decreases by one at each application of a rewrite rule.
Without loss of generality, we assume a and a′ in normal form with respect to these rules.
Since φ is dened on a and a′, they both have a shape among x, pnil A, pcons A l B C m o, selectA l B p o, updateA l B p m o, and coerce A B s o. All these shapes but the last are mapped to dierent syntactic constructs of the ς-calculus so the only interesting case occur when at least one ofaanda′ is a coercion. The cases where one of them is a coercion and the other one is a selection or an update are treated using the rules of Section 5.4, the cases where one is a coercion and the other one is a variable or an object violate normalization with respect to the rewrite rule[A,a]coerce A A _ a --> a.. The most interesting case is when bothaand a′ are coercions.
The term a is coerce B A stBA b and the term a′ is coerce B' A stB'A b'. Our as- sumption is φ(b) ≡φ(b′) but the typesB and B' are not a priori related. The ς-calculus with subtyping admits minimal typings [1]. If we denote byCthe translation of the mini- mal type of theς-termc:=φ(b), thenCis a subtype of both Band B'and both Band B' are strict subtypes of A.
Since Cis a subtype of B, we can translatecat typeBasJcK:=coerce C B stCB c and
apply the induction hypothesis to getb≡coerce C B stCB chencea≡coerce B A stBA (coerce C B stCB c). By symmetry, we get a′ ≡ coerce B' A stB'A (coerce C B' stCB' c). Using the
5.6. CANONICITY
rewrite rule for composition of coercions, we obtaina≡coerce C A stCA c≡a′.
The translations that we have presented in this chapter and the previous one simplify the translations that we proposed in [42]. In [42], the inductive functions on the Dedukti and Coq sides such as select and update were dened by induction over positions of labels in types whereas here we consider only positions of (label, type) pairs in types. Contrary to [42], we do not need to put positions inside preobjects, which simplies the denitions of selection and update: when positions are packed in preobjects, we need to ensure that the positions we nd in the preobjects are the same as the one we used to access them.
In Dedukti, this was done using non-linearity (which stops us from automatic verication of conuence) and in Coq it was done by adding an extra parameter to pcons asserting that the added label was not already present (hence we can prove that types of objects are duplicate-free so positions are unique). Another simplication in the presentation of our translation with respect to [42] concerns the role of minimal typing. In [42], two versions of the translation function for terms are mutually dened, the rst one is annotated with theς-type of the term, the second one is not annotated and translates the term according to its minimal type. The translations dened in [42] are really translations of well-typed terms whereas this chapter presents a translation of typing derivations so we end-up with several possible translations of the same well-typed term that can be related thanks to the canonicity result.
5.6. CANONICITY
Chapter 6
The Implementation Sigmaid
We have implemented the translation functions presented in the previous chapters as a translator named Sigmaid (SIGMA-calculus In Dedukti) from ς-calculus to Coq and Dedukti. Our code is available at the following URL: http://sigmaid.gforge.inria.fr.
This chapter is devoted to the improvements that have been integrated in this im- plementation. These improvements in the translation do not aect the semantics of the translated terms but only their syntax.
The rst improvement, described in Section 6.1, deals with the representation of con- crete objects. We dene additional Dedukti functions to shorten the translation of concrete objects and make it more readable. This alternative denition of the translation of concrete objects relies on the subtyping relation that we introduced in Chapter 5, this is the reason why we have chosen not to give it in Chapter 4.
The second improvement, described in Section 6.2, is the removal from the translation of the position arguments needed for the selection and update functions. Sigmaid does not need to justify precisely at which position the labels occur in types but relies on decidability lemmata.
In Section 6.3, we evaluate the time eciency of Sigmaid once these two improvements are applied. The result heavily depends on the chosen representation for the labels. In Section 6.4, we make good use of Dedukti at the meta-level to perform label operations independently of the representation and speed-up Sigmaid.