On the Power of Coercion Abstraction

On the Power of Coercion Abstraction

Julien Cretin Didier Rémy

INRIA

{julien.cretin,didier.remy}@inria.fr

Abstract

Erasable coercions in SystemFη, also known as retyping functions, are well-typedη-expansions of the identity. They may change the type of terms without changing their behavior and can thus be erased before reduction. Coercions inFηcan model subtyping of known types and some displacement of quantifiers, but not sub- typing assumptions nor certain forms of delayed type instantiation.

We generalizeFηby allowing abstraction over retyping functions.

We follow a general approach where computing with coercions can be seen as computing in theλ-calculus but keeping track of which parts of terms are coercions. We obtain a language where coercions do not contribute to the reduction but may block it and are thus not erasable. We recover erasable coercions by choosing a weak reduc- tion strategy and restricting coercion abstraction to value-forms or by restricting abstraction to coercions that are polymorphic in their domain or codomain. The latter variant subsumesFη,F<:, andMLF in a unified framework.

Categories and Subject Descriptors D.3.1 [Programming Lan- guages]: Formal Definitions and Theory

General Terms Design, Languages, Theory

Keywords Type, System F, F-eta, Polymorphism, Coercion, Con- version, Retyping functions, Type containment, Subtyping, Bounded Polymorphism.

1. Introduction

Parametric polymorphism and subtyping polymorphism are the two most popular means of increasing expressiveness of type systems:

although first studied independently, they can be advantageously combined together. Each mechanism alone is relatively simple to understand and has a more or less canonical presentation. However, their combination is more complex. The most popular combination is the language F<: [Cardelli 1993]. However, this is just one (relatively easy) spot in the design space. In fact, much work in the 90’s has been devoted to improving the combination of parametric and subtyping polymorphism, motivated by its application to the typechecking of object-oriented features.

Contravariance, the key ingredient of subtyping polymorphism, is already modeled in the languageFηproposed by Mitchell [1988].

On the one-hand,Fηis the closure of SystemFbyη-conversion. On the other-hand it is a language of coercions: a retyping context from

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

POPL’12, January 25–27, 2012, Philadelphia, PA, USA.

Copyright c2012 ACM 978-1-4503-1083-3/12/01. . . $10.00

τtoσinFηis a one hole contextGsuch thatλ(x:τ)Ghxiis an η-expansion of the identity and has typeτ →σin SystemF. For now, we writeGhMifor filling a contextGwith a termM and

♦^τ for the empty context of typeτ. By definition ofFη, ifGis a retyping context fromτtoσandMis a term of typeτ, thenGhMi is a term of typeσ. Contravariance is induced byη-expansion as follows: ifGiis a retyping context fromτitoτi⁰foriin{1,2}, thenλ(x: τ1) G2h♦^τ10→τ2 (G1hxi)iis a retyping context from typeτ₁⁰→τ2toτ1 →τ₂⁰.

Besides contravariance, η-expansion also introduces opportu- nities for inserting type abstractions and type applications, which may change polymorphism a posteriori. For instance, the term λ(x : ∀α. τ) λβ¯ ♦^{∀α. τ→σ}ρ (x ρ) is a retyping context from

∀α. τ → σto(∀α. τ) → (∀β. σ[α¯ ← ρ])providedβ¯does not appear free in∀α. σ. Such retypings are not supported inF_<:where polymorphism can only be introduced and eliminated explicitly at the topmost part of expressions.

Conversely, F<: allows reasoning under subtyping assump- tions, whichFη does not support. Indeed, bounded quantification Λ(α <:τ)M ofF<:introduces a type variable αthat stands for any subtype ofτinsideM. In particular, acovariant occurrenceof αinMcan be converted to typeτby subtyping.

Is there a language that supersedes both Fη and F<:? Before we tackle this question, let us first consider another form of re- typing assumptions that have been introduced inMLF[Le Botlan and Rémy 2009]: instance-bounded polymorphismΛ(α≥τ)M introduces a type variableαthat stands for any instance ofτinside M. That is, an occurrence of typeαwithinM in aninstantiable positioncan be converted to any instance ofτ. Instance-bounded quantification delays the choice of whether a polymorphic expres- sion should be instantiated immediately or kept polymorphic. This mechanism enables expressions to have more general types and has been introduced inMLFto enable partial type inference in the pres- ence of first-class second-order polymorphism and some type an- notations.

Notice that bounded type instantiation allows for deep type in- stantiation of binders asFηdoes, but using a quite different mecha- nism (sinceFηdoes not support it). Bounded type instantiation has also similarities with bounded quantification ofF<:, but the two also differ significantly, since for instance, type conversion is not congruent on arrow types inMLF.

Surprisingly, among the three languagesFη,F<:, andMLF, any combination of two have features in common that the other one lacks! Hence, the challenge becomes whether all their features can be simultaneously combined together. This question has in fact already been raised in previous work on MLF[Rémy and Yakobowski 2010].

Our contributions We answer positively by introducing a lan- guageF_ι^pthat extendsFηwith abstraction over retyping functions, combining all features simultaneously in a unified framework (§5).

The languageFι^p subsumes Fη, F<:, and MLF(§6); it also fixes

and extends a previous language of coercions designed for model- ingMLFalone [Manzonetto and Tranquilli 2010]. Our subset of F_ι^pthat coincides withMLFiswell-behaved: it satisfies the subject reduction and progress lemmas and strongly normalizes. It also has an untyped semantics.

Actually, the extension ofFη with abstraction over coercion functions leads to a larger languageFι of which F_ι^pis a restric- tion (§2). The languageFιis well-behaved. We show thatFιcan be simulated into SystemF. Hence, reduction rules inFιare just par- ticular instances ofβ-reduction (§4).Fιcan also be simulated into the untypedλ-calculus, by dropping coercions, which shows that coercions do not contribute to the computation. Unfortunately, they may block it, and are thus not erasable (§3). Erasability can be re- covered if we choose a weak reduction strategy (§7), but this is not entirely satisfactory either so that other restrictions or extensions ofFιwith erasable coercions are still to be found. Nevertheless, we believe thatFιis a solid ground for understanding erasable coer- cions (§9).

SystemFas the origin All languages we consider are second or- der calculi which have SystemFat their origin. SystemFcomes in two flavors: in Curry-style, terms do not carry type information and are thus a subset of the untypedλ-calculus, while in Church- style, terms carry explicit type information, namely type abstrac- tions, type applications, and annotations of function parameters.

Of course, both presentations are closely related, since there is a bisimulation between the reduction of terms in Church-style and terms in Curry-style via type erasure where the reduction of type application between terms in Church-style is reflected as an equality on terms in Curry-style. That is, callingιthe reduction of type applications andβthe reduction of term applications, the type erasures of two explicitly-typed terms related byβ-reduction (resp.ι-reduction) are related byβ-reduction (resp.equality); and conversely, if the erasure of a termM β-reduces to a termM⁰, then Malso reduces by a sequence ofι-reductions followed by a single β-reduction to a term whose erasure isM⁰.

Both views are equally useful: we prefer source expressions to be explicitly typed, so that type checking is a trivial process and types can be easily maintained during program transformations;

we also wish types to be erasable after compilation for efficiency of program execution after its compilation. Moreover, a source lan- guage with an untyped semantics is generally simpler to understand and deal with. We may argue that even if the source language has intentional polymorphism, it should first be compiled in a type- dependent way to an intermediate language that itself has an un- typed semantics [Crary et al. 2002].

From types to type conversions Our approach to coercions is sim- ilar because we focus here on retyping functions that are erasable.

In some circumstances, one may useotherforms of coercions that may have some computational content,e.g.change the represen- tation of values, and thus not be erasable. Then, as for types, we should compile source expressions into an intermediate language where remaining coercions, if any, are erasable; this is then the lan- guage we wish to study here.

Erasability also means that the dynamic semantics of our lan- guage is ultimately that of the underlyingλ-calculus—possibly en- riched with more constructs. Therefore the semantics only depends on the reduction strategy we choose and not on the typechecking details nor on the coercions we may use. Types are useful for pro- grammers to understand their programs. It is also useful for pro- grammers that types do not determine the semantics of their pro- grams. At least, we should give them an intermediate representation in which this is true.

Coercions may also be introduced a posteriori to make type conversions explicit inside source terms, in which case they must

be erasable not to alter the semantics of the language. Coercions usually simplify the meta-theoretical study of the language by pro- viding a concrete syntax to manipulate typing derivations. Proofs such as subject reduction becomecomputationon concrete terms instead ofreasoningon derivations which are only objects of the mathematical discourse.

While in practice programming languages use weak evaluation strategies, strong evaluation strategies provide more insight into the calculus by also modeling reduction of open terms. Since our prior focus is onunderstandingthe essence of coercions, and the meta- theoretical properties, we prefer strong reduction strategies. Impos- ing a weak reduction strategy on a well-behaved strong calculus af- terward is usually easy—even if all properties do not automatically transfer while, conversely, properties for weak reduction strategies do not say much about strong reduction strategies.

The two faces ofFη Let us first return to the definition of Fη, which in Mitchell’s original presentation is given in Curry-style.

It is defined by adding to SystemFatype containmentrule that allows to convert a termMof typeτ to one of typeσwhenever there exists a retyping context from typeτ toσ, which we write

` τ . σ. This judgment, called type containment, is equivalent to the existence of a (closed) retyping functionM<sup>0</sup> of SystemF such that` M⁰ : τ → σ. Interestingly, Mitchell gave another characterization of type containment, exhibiting a proof system for the judgment`τ . σ, which can be read back as the introduction of a language of coercions whose expressions G witness type containment derivations. Then, we write`G:τ . σwhereGfully determines the typing derivation (much as a Church-style System- FtermM fully determines its typing derivation). For example, G1→G2is a coercion that, given a functionM, returns a function that coerces its argument withG1, passes it toM, and coerces the result withG2—using the contravariance of type containment. (A full presentation of coercions appears in §2 whereFηis described as a subset ofFι.)

The interpretation of coercions asλ-terms is more intuitive than coercions as proof witnesses. Unfortunately, its formal presentation F_ι^λ, which is equivalent toFι, is technically more involved. Hence, we prefer to presentFιfirst in §2 and only introduceF_ι^λinformally in §4. Interestingly, the reification ofFιinto SystemFgiven in §3.3 already reveals this intuitive interpretation of coercions—without the technicalities—and we refer to it when describing the typing rules and reduction rules ofFι.

In Church-style SystemF, the use of a coercion Garound a termMis witnessed explicitly asGhMi. (We may continue seeing a coercionGas a retyping context and reading this as filling the hole ofGor, equivalently, seeGas a retyping function and read this as an application of a coercion to a term.) Reduction rules are added to reduce such applications when bothGandM have been sufficiently evaluated—in a way depending on the form of both—

so that a coercionGis never stuck in the middle of a (well-typed) redex as in(Ghλ(x:τ)Mi) N. The type system ensures thatG is of a certain shape for which a reduction exists. For example,G may beG1

→σ G2 and thenGhλ(x : τ) Mican be reduced to λ(x:σ)G2hM[x←G1hxi]i.

The genesis ofFι To abstract over coercion functions, we intro- duce a new formλ(c : τ . σ) M inFι, where the parameterc stands for a coercion function that can be used insideMto convert an expression of typeτ to one of typeσ. This abstraction can be typed as(τ . σ)⇒ρwhereρis the type ofM. Correspondingly, we need a new application formM{G}to pass a coercionGto a coercion abstraction,i.e.a termMof type(τ . σ)⇒ρ.

By typing constraints, coercion abstractions can only be instan- tiated with coercions, which by construction are erasable. Thus, intuitively, coercions do not really contribute to the computation.

x, y variables M ::= x|λx.M | M M terms C ::= λx.[]|[]M | M[] reduction contexts

REDCONTEXT

M M⁰ C[M] C[M⁰]

REDBETA

(λx.M)M⁰ M[x← M⁰]

Figure 1. λ-calculus: syntax and semantics

Is this enough to erase them? Formally, we can exhibit a forward simulation between reduction of terms inFι and of their erasure in the untyped λ-calculus. Moreover,Fι has the subject reduc- tion property and is strongly normalizing. Still, coercions cannot be erased in Fι, since although they do not create new evalua- tion paths, they may block existing evaluation paths: a subterm may be stuck while its erasure could proceed. Since coercions are erasable inFη, this can only be due to the use of a coercion vari- able. Indeed, a coercion variablecmay appear in the middle of a β-redex as in (chλ(x : τ) Mi) N. This is irreducible because reduction of coercion applicationsGhMidepends simultaneously on the shapes ofGand M so that no rule fires when Gis un- known. More generally, we call a wedge an irreducible term of the form(Ghλ(x : τ) Mi) N. Notice that the erasure of a wedge (λ(x : τ) bMc) bNccan be reduced, immediately. Hence, the existence of wedges in reduction contexts prevents erasability.

Taming coercions inF_ι^p An obvious solution to recover erasabil- ity is to make wedge configurations ill-typed—so that they never appear during the reduction of well-typed programs. One interest- ing restriction, calledF_ι^p(read ParametricFι), is to request that co- ercion parameters be polymorphic in either their domain or their codomain. This allows coercion variables to appear either applied to a function or inside an application, but not both simultaneously.

Another solution is to change the semantics: choosing a weak reduction strategy for coercion abstractions and restricting them to appear only in front of value forms, coercion variables, hence wedges, cannot occur in a reduction context any more. This variant is calledF_ι^w(read WeakFι).

Although our main goal—combining Fη, F<:, and MLFin a same language—is reached, bothF_ι^pandF_ι^ware restrictions ofFι. We may thus wonder whether other yet more interesting solutions exist. We further discuss some of the issues in §9, argue about some of the difficulties in the general case, and suggest other restrictions worth exploring. We defer a discussion of related works to §8.

2. The language F

The languageFι generalizes Fη with abstraction over coercions.

We recall the definition of the (untyped)λ-calculus on Figure 1.

We normally include pairs and projections both to have non trivial errors (otherwise, even untyped terms cannot be stuck) and to have more interesting forms of subtyping. However, we omit them in this summary for conciseness of exposition. We occasionally refer to them informally to explain how the definitions generalize to pairs.

We assume an enumerable collection of term variables, ranged over by lettersxandy. Untyped terms, writtenM, include variables, abstractions λx.M, and applications M M⁰. The semantics of untypedλ-terms is given by a small-step strong reduction relation.

Reduction contexts of the λ-calculus are all one-hole contexts, written C. We now writeC[M] for the term obtained by filling the hole ofCwithMandM[x← M⁰]for the capture avoiding substitution ofM⁰forxinM. Expressions are considered equal up to the renaming of bound variables, which are defined in the

τ, σ ::= α|τ →τ | ∀α.τ| > Types

| ϕ⇒τ coercion abstraction

ϕ ::= τ . τ coercion type

M, N ::= x|λ(x:τ)M |M M Terms

| λα M|M τ type abs & app

| GhMi term coercion

| λ(c:ϕ)M |M{G} coercion abs & app G ::= c|Top^τ|♦^τ |G→^τ G Coercions

| Dist^∀α.τ→τ |Dist^ϕ⇒τ→τ distributivity

| λα G|G τ type abs & app

| GhGi coercion coercion

| λ(c:ϕ)G|G{G} coercion abs & app

Γ ::= ∅ |Γ, α|Γ, x:τ|Γ, c:ϕ Typing environments

Figure 2. Syntax ofFι.

usual way. This convention applies to theλ-calculus, as well as to all typed languages presented below.

2.1 Syntax ofFι

The languageFι is explicitly typed. Types are described on Fig- ure 2. We assume given an enumerable set of type variables, ranged over byαandβ. Types are type variables, arrow typesτ → τ, polymorphic types∀α. τ, the top type>, or coercion abstractions ϕ⇒τwhere the coercion typeϕis of the formτ . τ. Coercions are not first class, hence a coercion typeϕis not itself a type.

The language of expressions is split intotermsandcoercions.

We reuse the term variables of theλ-calculus. In addition, we assume an enumerable set of coercion variables writtenc. Terms are an extension of Church-style SystemF. Hence, they include type variablesx, abstractionsλ(x:τ)M, applicationsM M, type abstractionsλα M, and type applicationsM τ. A construct already present inFηis the use of the applicationGhMiof a coercionGto a termM. There are two new constructs specific toFιand not present inFη: coercion abstractionλ(c : ϕ) M which is annotated with the coercion typeϕ; and coercion applicationM{G}that passes a coercionGto a termM—and should not be confused with the earlier constructGhMiof Fηthat places a coercionGaround a termM.

Since the main purpose of coercions is to change types, we could postpone the description of coercion constructs together with their typing rules—and their associated reduction rules that justify the typing rules. Still, each coercion expression can be understood as a one-hole retyping context witnessing some type-containment rule. So we introduce each construct with the retyping context it stands for, also preparing for the reification of coercions as System- Fterms given in §3.3.

A coercion variablecstands for the coercion it will be bound to.

The opaque coercionTop^τ is a downgraded version of existential types (we currently do not handle existential types for reasons explained in §9): it turns a term of any type into an opaque term of type>that can only be used abstractly. The empty coercion

♦^τ stands for the empty retyping context and witnesses reflexivity of type containment. The arrow coercionG1

→τ G2 stands for λ(x : τ) G2h[] (G1hxi)i and witnesses contravariance of the arrow type constructor. The distributivity coercionDist^∀α.τ→σstands forλ(x : τ) λα []α xand permutes a type abstraction with a term abstraction: assuming the hole has type∀α. τ →σwhereα does not appear free inτ, it returns a term of typeτ → ∀α. σ. For instance, the coercion of a polymorphic functionλα λ(y :τ) N

bxc=x bλ(x:τ)Mc=λx.bMc

bM Nc=bMc bNc

bλα Mc=bM τc=bMc bGhMic=bMc bλ(c:ϕ)Mc=bM{G}c=bMc Figure 3. Coercion erasure

makes it appear as if it had been defined asλ(y:τ)λα N—which is actually what it will reduce to. The other distributivity coercion Dist^ϕ⇒τ→σ, which stands forλ(x:τ)λ(c:ϕ) ([]{c}x), is similar but permutes a coercion abstraction with a term abstraction.

We may need more distributivity coercions when extending the language of terms. Hence, the notationDist^a_b→cuses the following mnemonic: the superscript a and the subscript b → c indicate the kind of the first and second type constructs, respectively. They can be combined into ab → c to form the type of the hole, or recombined into b → ac to form the type of the coerced term. For example,Dist^∀α.τ→σ is a coercion from∀α.(τ → σ)to τ →(∀α. σ), whileDist^ϕ⇒_τ→σis a coercion fromϕ⇒(τ →σ)to τ→(ϕ⇒σ).

The remaining coercions are the lifting of all term constructs without computational content to coercions: type abstractionλα G and type applicationG τ; coercion of a coercionG⁰hGiwhich intu- itively stands forG⁰hGh[]iiand witnesses transitivity of coercions:

it has typeρ . σifG⁰andGhave coercion typesτ . σandρ . τ, respectively; finally, coercion abstractionλ(c:ϕ)Gand coercion applicationG⁰{G}. All these coercions are of the formP[G]where Pis one of the contexts λα[],[]τ,G⁰h[]i,λ(c:ϕ) [], or[]{G⁰}, where the hole is filled withG. It is convenient to overload the no- tationPwhen the hole holds a term instead of a coercion, although this is formally another syntactic node.

We recover the syntax of System Fη by removing coercion types from types and coercion variables, coercion abstractions and applications from both terms and coercions. We recover the syntax of SystemFby further removing the top type, term coercions, and all coercion forms, which become vacuous.

The coercion erasure, written b·c, defined on Figure 3, is as expected: type annotations on function parameters and coercions are erased, while other constructs are projected on their equivalent constructs in the untypedλ-calculus.

2.2 Typing rules

Typing environments, writtenΓ, are lists of bindings where bind- ings are either type variablesα, coercion variables along with their coercion typec:ϕ, or term variables along with their typex:τ (Figure 2). We writeΓ`M :τif termMhas typeτunderΓand Γ`G:ϕif coercionGhas coercion typeϕunderΓ.

The two typing judgments are recursively defined on figures 4 and 5. They use auxiliary well-formedness judgments for types and typing contexts: we writeΓ`okto mean that typing environment Γis well-formed andΓ ` τ orΓ ` ϕto mean that type τ or coercion typeϕis well-formed inΓ.

As usual, we require that typing contexts do not bind twice the same variable, which is not restrictive as all expressions are considered equal up to renaming of bound variables (details can be found in the extended version).

Typing rules for terms are described in Figure 4. RulesTERM- VAR,TERMTERMLAM,TERMTERMAPP,TERMTYPELAM, andTERM- TYPEAPPare exactly the typing rules of SystemF. RuleTERMCOER

is similar to ruleTERMTERMAPP, except that a coercionGof coer- cion typeτ . σis used instead of a functionM of typeτ → σ.

RuleTERMCOERLAMis similar toTERMTERMLAM, except that the parametercstands for a coercion of coercion typeϕinstead of a term of typeσ: the result is a coercion abstraction of typeϕ⇒τ.

p ::= x|p v|p τ|p{G} |chvi Prevalues

| Dist^∀α._τ→τhpi |Dist^∀α._τ→τhλα pi |(G→^τ G)hpi

| Dist^ϕ⇒_τ→τhpi |Dist^ϕ⇒_τ→τhλ(c:ϕ)pi

v ::= p|λ(x:τ)v|λα v|λ(c:ϕ)v|Top^τhvi Values C ::= λ(x:τ) []|[]M |M []|P Reduction contexts P ::= λα[]|[]τ|Gh[]i |λ(c:ϕ) []|[]{G}Retyping contexts

Figure 6. SystemFι: values and reduction contexts

Consistently,TERMCOERAPPapplies a term that is a coercion ab- straction of typeϕ⇒τto a coercionGof coercion typeϕ.

Typing rules for coercions are described in Figure 5. They are all straightforward when read with the retyping context that the co- ercion stands for in mind. RuleCOERVARreads the coercion type of a coercion variable from its typing context. The empty coercion has typeτ . τprovidedτis well-formed in the current context. As all basic coercions, it contains just enough type information so that its typing rule is syntax-directed. The top coercionTop^τ converts an expression of typeτto the top type, providedτis well-formed.

The arrow coercionG1 τ₁

→G2turns an arrow typeτ1⁰ →τ2into an arrow typeτ1 → τ₂⁰, providedGicoerces typeτi intoτ_i⁰for iin{1,2}. The distributivity coercionDist^∀α.τ→σ turns an expres- sion of type∀α. τ →σinto one of typeτ → ∀α. σprovidedτis well-formed in the current environment, which preventsαfrom ap- pearing free inτ, andσis well-formed in the current environment extended withα. Finally, RuleCOERDISTCOERARROWis similar to COERDISTTYPEARROW, but swaps a coercion abstraction and a term abstraction.

The remaining rules COERTYPELAM, COERTYPEAPP, COER- COER, COERCOERLAM, and COERCOERAPP are similar to their counterpart for terms, but where the termM of typeτ has been replaced by a coercion (i.e.a one-hole context)Gof coercion type τ1. τ2, whereτ1 is the type of the hole andτ2 the type of the body. RuleCOERTYPELAMfor typingλα Gintroduces a variable αthat is bound inGand can be used in the type of the body of Gbut not in the type of its hole, which is enforced by the first premise. In particular,λα Gbuilds a coercion to a polymorphic typeτ .∀α. σand not a polymorphic coercion∀α. τ . σ. Accord- ingly, only the codomain of the type of the conclusion is polymor- phic. RuleCOERCOERLAMis typed in a similar way:λ(c :ϕ) G has typeτ1.(ϕ⇒τ2)and notϕ⇒(τ1. τ2)as one could naively expect—which would be ill-formed. Type and coercion applica- tions are typed accordingly (COERTYPEAPPandCOERCOERAPP).

The typing rules forFηare obtained by removingTERMCOER- LAMandTERMCOERAPPfor terms and their counter partsCOERCO- ERLAMandCOERCOERAPPfor coercions as well as RuleCOERVAR

for coercion variables and RuleCOERDISTCOERARROWfor distribu- tivity of coercion abstraction.

The type superscripts that appear in reflexivity, distributivity, and top coercions make type checking syntax directed. The type superscript in arrow coercions is not needed for typechecking but to keep reduction a local rewriting rule. (We may leave superscripts implicit when they are unimportant or can be unambiguously re- constructed from the context.)

Our presentation ofFιis in Church-style. Curry-styleFι is the image ofFι by coercion erasure. That is, it is the subset of terms of the untypedλ-calculus that are the erasure of a term of Church- style SystemFι. We writeΓ` M:τto mean that there existsM such thatΓ`M:τandbMcisM.

TERMVAR

Γ`ok x:τ∈Γ Γ`x:τ

TERMTERMLAM

Γ, x:τ `M :σ Γ`λ(x:τ)M :τ →σ

TERMTERMAPP

Γ`M:τ →σ Γ`N :τ Γ`M N:σ

TERMTYPELAM

Γ, α`M :τ Γ`λα M :∀α. τ

TERMTYPEAPP

Γ`M:∀α. τ Γ`σ Γ`M σ:τ[α←σ]

TERMCOER

Γ`G:τ . σ Γ`M:τ Γ`GhMi:σ

TERMCOERLAM

Γ, c:ϕ`M :τ Γ`λ(c:ϕ)M :ϕ⇒τ

TERMCOERAPP

Γ`M:ϕ⇒τ Γ`G:ϕ Γ`M{G}:τ Figure 4. SystemFι: term typings

COERDOT

Γ`τ Γ`♦^τ :τ . τ

COERFORGET

Γ`τ Γ`Top^τ:τ .>

COERARROW

Γ`G1:τ1. τ<sub>1</sub><sup>0</sup> Γ`G2:τ2. τ₂⁰ Γ`G1

τ₁

→G2: (τ₁⁰ →τ2).(τ1→τ₂⁰)

COERDISTTYPEARROW

Γ`τ Γ, α`σ

Γ`Dist^∀α.τ→σ:∀α.(τ→σ). τ→ ∀α. σ

COERDISTCOERARROW

Γ`τ Γ`ϕ Γ`σ

Γ`Dist^ϕ⇒τ→σ : (ϕ⇒(τ→σ)).(τ →(ϕ⇒σ))

COERTYPELAM

Γ`τ Γ, α`G:τ . σ Γ`λα G:τ .∀α. σ

COERTYPEAPP

Γ`G:τ<sup>0</sup>.∀α. σ Γ`τ Γ`G τ :τ⁰. σ[α←τ]

COERCOER

Γ`G:τ . σ Γ`G⁰:ρ . τ Γ`GhG⁰i:ρ . σ

COERCOERLAM

Γ, c:ϕ`G:τ . σ Γ`λ(c:ϕ)G:τ .(ϕ⇒σ)

COERCOERAPP

Γ`G<sup>0</sup>:τ .(ϕ⇒σ) Γ`G:ϕ Γ`G⁰{G}:τ . σ

COERVAR

Γ`ok c:ϕ∈Γ Γ`c:ϕ Figure 5. SystemFι: coercion typings

REDCONTEXTBETA

M βN C[M] βC[N]

REDCONTEXTIOTA

M ιN C[M] ιC[N]

REDTERM

(λ(x:τ)M)N β M[x←N]

REDTYPE

(λα M)τ ιM[α←τ]

REDCOER

(λ(c:ϕ)M){G} ιM[c←G]

REDCOERARROW

(G1

→τ G2)hλ(x:σ)Mi ιλ(x:τ)G2hM[x←G1hxi]i

REDCOERDISTTYPEARROW

Dist^∀α._τ0→σ⁰hλα λ(x:τ)Mi ιλ(x:τ)λα M

REDCOERDISTCOERARROW

Dist^ϕ_τ0⁰→σ^{⇒ 0}hλ(c:ϕ)λ(x:τ)Mi ιλ(x:τ)λ(c:ϕ)M

REDCOERDOT

♦^τhMi ιM

REDCOERFILL

(P[G])hMi ιP[GhMi]

Figure 7. Reduction rules forFι

2.3 Dynamic semantics

The dynamic semantics of SystemFιis given by a standard small- step strong reduction relation. The syntax of values and reduction contexts is recalled on Figure 6.

A value is an abstraction of a value, an opaque valueTop^τhvi, or a prevalue. A prevalue is a variable, a prevalue applied to a value, type, or coercion, a value coerced by a coercion variable, or a partial application of a distributivity coercion. Reduction contextsCare all one-hole term contexts. For convenience, we have distinguished a subset of reduction contextsP, calledretyping reduction contexts:

a termMplaced in a retyping reduction context is just a retyping ofM,i.e.a term that behaves asMbut possibly with another type.

Reduction rules are defined on Figure 7. We have indexed the reduction rules so as to distinguish betweenβ-steps with compu- tational content (REDTERM), that are preserved after erasure, and

ι-steps (REDTYPE) that become equalities after erasure. We write

βιfor the union of βand ι.

Hence, RuleREDCONTEXTis split into two rules, so as to pre- serve the index of the premise. The onlyβ-redex isREDTERM; all other reductions areι-reductions. RuleREDTYPEis type reduction (aι-reduction). The first four rules cover SystemF. Notice that REDCONTEXTallows all possible contexts. Hence, there is no par- ticular reduction strategy and a call-by-value evaluation would be a particular case of reduction.

Rule REDCOER is the counterpart ofβ-reduction for coercion applicationM{G}. It only reduces a term applied to a coercion;

a coercion applied to a coercion is a coercion and is not reduced directly, but only when it is applied to a term so that ruleREDCO- ERCOERAPPeventually applies.

All other rules reduce the applicationGhMiof a coercionGto a termM, which plays the role of a destructor: bothGandMmust be sufficiently evaluated before it reduces—except whenGis the opaque coercion or a variable sinceTop^τhviandchviare values.

Other coercion nodes are all constructors. We thus have one rule for each possible shape ofG. The most interesting rules are:

• WhenGis an arrow coercionG1

→τ G2andM is a function λ(x:σ)M, RuleREDCOERARROWreduces the application by pushingG1on all occurrences ofxinMandG2outside ofM. This changes the type of the parameterxfromσtoτ, hence the need for the annotationτon arrow coercions.

• WhenGis a distributivity coercionDist^∀α._τ0→σ⁰andMis a poly- morphic function λα λ(x : τ) M, Rule REDCOERDISTTY- PEARROWreduces the application toλ(x : τ) λα M by ex- changing the type and value parameters; this is sound sinceα cannot be free inτ.

• WhenGis a distributivity coercionDist^ϕ_τ0⁰→σ^{⇒ 0}andMis a coer- cion abstraction followed by a value abstractionλ(c:ϕ)λ(x: τ)M, RuleREDCOERDISTCOERARROWreduces the application toλ(x:τ)λ(c:ϕ)Mby exchanging the parameters.

The remaining cases forGcan be factored asP[G⁰]. RuleREDCO- ERFILLfillsG⁰withM, transformingP[G⁰]hMiintoP[G⁰hMi].

Notice that the two occurrences ofP are different abstract nodes on each side of the rule—a coercion on the left-hand side and a

term on the right-hand side. RuleREDCOERFILLis actually a meta- rule that could be expanded into, and should be understood as, the following five different rules:

(λα G)hMi ι λα(GhMi) REDCOERTYPELAM

(G τ)hMi ι (GhMi)τ REDCOERTYPEAPP

(G2hG1i)hMi ι G2hG1hMii REDCOERCOER

(λ(c:ϕ)G)hMi ι λ(c:ϕ) (GhMi) REDCOERCOERLAM

(G1{G2})hMi ι (G1hMi){G2} REDCOERCOERAPP

The use of the meta-rule emphasizes the similarity between all five cases; it is also more concise.

For example, the applicationG1{G2}of a coercion abstraction G1to a coercionG2is only reduced when it is further applied to a termM (as other complex coercions), by first wrapping elements ofGaroundM (two first steps below) so that RuleREDCOERcan finally fire (last step):

((λ(c:τ . σ)G){G⁰})hMi ι((λ(c:τ . σ)G)hMi){G⁰}

ι(λ(c:τ . σ) (GhMi)){G⁰}

ι(GhMi)[c←G⁰]

The reduction rules for SystemFη are obtained by removing rulesREDCOER,REDCOERCOERLAM,REDCOERCOERAPP, andRED- COERDISTCOERARROW.

Optional reduction rules Our presentation ofFι could be ex- tended with additional reduction rules for arrow and distributivity coercions such as((G1

→τ G2)hMi) N ι G2hM (G1hNi)i.

However, this narrows the set of values and reestablishing progress would requirebinding coercions, as forF_ι^λdescribed in §4, which are technically more involved. For sake of simplicity, the current presentation has fewer, but sufficiently many, reduction paths.

2.4 Examples

Let us first see examples in theFηsubset. Retyping functions inFη

allow for the commutation of quantifiers and removal of useless quantifiers. They also let terms have more principal types. For example, in SystemF, theS-combinatorλx.λy.λz.x z(y z)can be given the two incomparable types:

∀α.∀β.∀γ.(α→β→γ)→(α→β)→α→γ (∀α. α→α)→(∀α. α→α)→(∀α. α→α)→(∀α. α→α) However, the former type is more general as it can be coerced to the latter (already inFη), using threeη-expansions. This example does not use distributivity, but the following example, still inFη, does. (In the examples, we use type constructorsListandD, which we assume to be covariant.) The map function has type:

∀α.∀β.(α→β)→List α→List β (1) It can also be given the type

(∀α. α→D α)→ ∀α.List(D α)→List(D(D α)) (2) for some type constructorD, using the following coercion, which is already typable inFη:

(♦→λα♦(D α))hDist^∀i

hλα(♦α→♦)h♦α(D α)ii Indeed, applying the coercionλα(♦α→♦)h♦α(D α)iturns a term of type (1) into one of type:

∀α.(∀α. α→D α)→List(α)→List(D α)) (3) which in turn (♦ → λα ♦(D α))hDist^∀i coerces to type (2).

This example also illustrates the low-level nature of the language of coercions, to which we will come back in §4.

The next example, which is inspired fromF<:and is not typable inFη, illustrates coercion abstraction. It defines a functionfirstthat

implements the first projection for non-empty tuples of arbitrary length. Tuples are encoded as chained pairs ending with>. (We assume pairs have been added toFιand writeleftandrightfor the projections.) The functionfirst

λβ λα λ(c:α .(β∗ >))λ(x:α)left(chxi)

of type∀β.∀α.(α .(β∗ >)) ⇒ α → β, sayτ, abstracts over a coercioncfrom arbitrary tuples to the singleton tuple. It can be applied to any non-zero tuple by passing the appropriate coercion.

Finally, passingfirstto a functionchooseof type∀γ. γ→γ→ γthat picks one of its two arguments randomly can be defined as λγ λ(c:τ . γ)choose γ(chfirsti)of type∀γ.(τ . γ)⇒γ→γ.

We have delayed the choice of whether and how to instantiate the type of first, since we can recover the different resulting types a posteriori by choosing appropriate coercions. For example, it can be coerced to type ∀α.(σ . α) ⇒ α → α where σ is

∀β.∀β⁰.∀α.(α.β∗β⁰∗>)⇒α→β, which is the first projection for tuples of length greater than one.

3. Properties of F

In this section, we show thatFι is well-behaved; moreover, there is a forward simulation between terms of Fι and their coercion erasure. Hence, coercions do not really contribute to the reduction.

However, coercions are not erasable as they may sometimes appear in wedges and block the reduction.

3.1 Soundness

Type soundness ofFιfollows as usual from the subject reduction and progress lemmas. The proof of subject reduction uses substi- tution lemmas for terms, types, and coercions, which in turn use weakening. The proof is easy because coercions are explicit. So the reduction rules actuallyarethe proof.

Proposition 1(Subject Reduction). IfΓ`M :τandM βιN hold, thenΓ`N :τholds.

Proposition 2(Progress). IfΓ`M :τholds, then eitherM is a value orM reduces.

3.2 Termination of reduction

The termination of reduction forFι can be piggybacked on the termination of reduction in SystemF: following Manzonetto and Tranquilli [2010], we show a forward simulation betweenFι and SystemF, by translatingFιinto SystemFso that every reduction step inFιis simulated by at least one reduction step in SystemF.

3.3 Reification ofFιin SystemF

There is indeed a natural translation ofFιinto SystemFobtained by reifying coercions as actual computation steps: even though we ultimately eraseι-steps, we do not actually need to do so, and on the contrary, we may see them as computation steps in SystemF.

Reification is described on Figure 8. We write dMe for the reification ofM. Coercions of coercion typeτ . σare reified as functions of typeτ → σ. Hence, a coercion abstractionλ(c : τ . σ) M is reified as a higher-order functionλ(xc : dτe → dσe) dMe. A coercion variablecis reified as a term variablexc

(we assume an injective mapping of coercion variables to reserved term variables). Thus, the type(τ . σ) ⇒ ρof a term abstracted over a coercion is translated into the type (dτe → dσe) → dρeof a higher-order function. Other type expressions are reified homomorphically. The application of a coercion to a term and the application of a term to a coercion are both reified as applications.

The remaining cases are the translation of coercionsG, which are all done in two steps: we first translateGinto someFι-term performingη-expansions to transform a coercion fromτ toσinto

dαe=α

dτ→σe=dτe → dσe d∀α. τe=∀α.dτe dϕ⇒τe=dϕe → dτe

d>e=∀α.(∀β. β→α)→α dτ . σe=dτe → dσe

dxe=x

dλ(x:τ)Me=λ(x:dτe)dMe dM Ne=dMe dNe

dλα Me=λαdMe dM τe=dMe dτe dGhMie=dGe dMe dλ(c:ϕ)Me=λ(xc:dϕe)dMe

dM{G}e=dMe dGe

d∅e=∅ dΓ, Be=dΓe,dBe

dαe=α d(x:τ)e= (x:dτe) d(c:ϕ)e= (xc:dϕe)

dce=dxce d♦^τe=dλ(x:τ)xe

dTop^τe=dλ(y:τ)λα λ(x:∀β. β→α)x τ ye

dG1

→τ G2e=dλ(y:dom(G1

→τ G2))λ(x:τ)G2hy(G1hxi)ie dDist^∀α.τ→σe=dλ(y:dom(Dist^∀α.τ→σ))λ(x:τ)λα y α xe dDist^ϕ⇒τ→σe=dλ(y:dom(Dist^ϕ⇒τ→σ))λ(x:τ)λ(c:ϕ)y{c}xe

dP[G]e=dλ(x:dom(G))P[Ghxi]e Figure 8. Reification ofFιinto SystemF

a function fromτ toσ. For atomic coercions (variables, identity, or distributivity), the result of this step is in the System-Fsubset ofFι. However, for complex coercions, the result still contains inner coercions. Hence, in the second step, we recursively translate the result of the first step. This translates types and residual coercions.

Notice that the first step may introduce applications of coercions to terms, which are then turned into applications of terms to terms.

The translation ofP[G]covers five subcases, one for each form ofP. Here as in the reduction rules, the two occurrences ofPare different abstract nodes sinceP is a coercion on the left-hand side and a term on the right-hand side.

The translation uses an auxiliary predicatedomthat computes the domain of a coercion: the domain of a coercionGin environ- mentΓis the unique typeτsuch thatΓ`G:τ . σfor some type σ. This cannot be computed locally. Hence, we assume that terms ofFιhave been previously typechecked and all coercions have been annotated with their domain type. Alternatively, we can define the reification as a translation of typing derivations. We actually use such a translation to show that reification preserves well-typedness (easy but lengthy details can be found in the extended version).

Proposition 3(Well-typedness of reification). IfΓ` M :τthen dMeis well-defined anddΓe ` dMe:dτe.

It is easy to verify that reduction inFι can be simulated in the translation, which implies the termination of reduction inFι. Lemma 4(Forward simulation). IfΓ`M :τholds, then:

1. IfM βN, thendMe dNe;

2. IfM ιN, thendMe ⁺dNe.

Corollary 5(Termination). Reduction inFιis terminating.

3.4 Confluence

Reduction inFιis allowed in any term-context. Since coercions do not contain terms and coercions are never reduced alone, we may equivalently allow reduction in all coercion contexts, since no rule will ever apply. Hence, reduction inFιis a rewriting system.

An analysis of reduction rules inFιshows that there are no criti- cal pairs. Hence, the reduction is weakly confluent. Since reduction is also terminating, it is confluent. In fact, the relation ιalone is confluent. Moreover, the reduction βand ^?ι commute.

Corollary 6(Confluence). Reduction inFιis confluent.

Lemma 7. IfM β M1andM ι M2 hold, then there is a termNsuch thatM1 ?

ι NandM2 β N.

3.5 Forward simulation

Coercion erasure sends terms ofFιinto the (untyped)λ-calculus. It also induces a simulation from the reduction inFιby the reduction in theλ-calculus, whereι-steps becomes equalities.

Lemma 8(Forward simulation). IfΓ`M :τholds, then:

1. IfM βN, thenbMc bNc.

2. IfM ιN, thenbMc=bNc.

Unfortunately, the backward simulation fails. The wedgeλ(c : τ → τ . τ → τ)λ(y : τ) chλ(x : τ) xi yis a well-typed closed value inFιwhile its erasureλy.(λx.x)y β-reduces toλy.y.

To recover bisimulation, the definition of the language must be adjusted so that wedge configurations cannot appear in a reduction context. This observation leads to two opposite solutions, which we present in §5 and §7.

4. Coercions as retyping functions: F

While the reification ofFι into SystemFcarries good intuitions about what coercions really are, it lacks the ability to distinguish coercions from expressions with computational content. There is an alternative presentation ofFι, calledF_ι^λand described in the extended version, that maintains the distinction between coercions and expressions while remaining closer to the reified form of co- ercions:F_ι^λis mainly a coercion decoration of SystemF. In this sense, it can be seen as an explicit version (with coercion abstrac- tion) of Mitchell’s presentation ofFη as SystemFwith retyping functions.

The reification ofFιinto SystemFcan be redefined as the com- position of a translation fromFιtoF_ι^λthat keeps the distinction be- tween coercions and terms and the final erasing of this difference.

The first part, along with its inverse, define translations between FιandF_ι^λthat preserves well-typedness and coercion erasure. Al- though we have not proved it,FιandF_ι^λshould be the same up to their representation of coercions.

Unfortunately, typechecking inF_ι^λis more involved than inFι, as we need to typecheck coercions asbindingexpressions.

The reason is that coercions are notexactlyλ-expressions. Hav- ing coercions asλ-expressions would require an even more elab- orated type system, as it would have to ensure that coercions are η-expansions, which means maintaining a stack of the currentlyη- expanded variables to remember closing them. For example, con- sider typechecking the retyping contextλ(x : τ) λα []α xthat permutes term abstraction and type abstraction (known as distribu- tivity): when typechecking the subtermλα[]α x, we must verify that it is the body of anη-expansion with the variablex. We ini- tially followed this approach and it was cumbersome; moreover, it did not scale to products as the type system must also ensure that two sub-derivation trees have the same coercion erasure.

Instead, we make theη-expansion of a termMan atomic con- struct, namelyλ(φ1 : τ)G2{φ2←M G1}. This can be inter- preted asλ(x : τ) G⁰₂[M G⁰₁[x]]which is theη-expansion of M(i.e.λx.M x) using coercionG1(interpreted asG⁰₁) around the argument and coercionG2 (interpreted asG⁰₂) around the result.

By looking at the interpretation, it should be obvious thatG2may bind variables that are used insideMandG1. Hence, the type sys- tem must keep track of those variables with their types when type-

/. ::= /|. bounds τ ::= . . .6 | ϕ⇒τ| ∀(α /. τ)⇒τ types M ::= . . .6 | λ(c:ϕ)M |λ(α /. c:τ)M expressions

6 | M{G} |M{τ /. G}

G ::= . . .6 | Dist^ϕ⇒τ→τ |Dist^∀α/.ττ→τ ^⇒ coercions 6 | λ(c:ϕ)G|λ(α /. c:τ)G

6 | G{G} |G{τ /. G}

Γ ::= . . .6 | Γ, c:ϕ|Γ, α /. c:τ environments

Figure 9. ParametricFι: syntax restrictionwrtFι

checkingG2and extend the typing environment accordingly when typecheckingMandG1.

We presentedFι rather than its more intuitive versionF_ι^λ to avoid the additional complexity in the type system; moreover, it is not obvious how to extendF_ι^λwith projectors, as discussed in §9.

5. Parametric F

ParametricFι, writtenF_ι^p, restricts the language so as to rule out wedge configurations by means of typechecking. The restriction is on the typeϕof coercion abstractionsλ(c:ϕ)M,i.e.on the type of coercion variables. Observe that a coercion variable appearing in a wedge positionchλ(x: τ) MiN has a coercion typeσ . ρ whereσandρare both arrow types. To prevent this situation from happening inF_ι^p, we require that either the domain or the codomain of the type of a coercion parameter be a variable. Hence, we only allowλ(c:α . ρ)Morλ(c:σ . α)M.

In order to preserve this invariant by reduction, we must request the type variable to be introduced simultaneously. So, we may write λα λ(c : α . τ) M but notλ(c : α . τ) M alone. This is a form of parametricity since either the domain or the codomain ofc must be treated abstractly (and thus not as an arrow type) inM. To enforce this restriction we stick a type abstraction to every coercion abstraction and seeλα λ(c:α . τ)M as a single syntactic node, which we writeλ(α . c:τ)Mto avoid confusion. Although, we modify the syntax of source terms,F_ι^pcan still be understood as a syntactic restriction ofFι.

5.1 Syntax changes

The syntax of ParametricFι is defined on Figure 9 as a patch to the syntax ofFι(we write 6 | for removal of a previous grammar form). We replace coercion abstractionλ(c : τ . σ)M ofFιby two new constructsλ(α . c :τ)M andλ(α / c :τ)M to mean λα λ(c : α . τ)M andλα λ(c: τ . α)M but atomically. For conciseness, we introduce a mode/. that ranges over .and /.

Hence, we writeλ(α /. c : τ)M for eitherλ(α . c : τ)M or λ(α / c:τ)M. Note that the type variableαis bounded in bothτ andM. As a mnemonic device, we can read the type of the coercion variable by moving “c:” in front,i.e.α . c:τ becomesc:α . τ whileα / c:τbecomesc:α / τwhich can also be readc:τ . α.

The reason to keep the type variableαbefore the coercion variable is to preserve the order of the abstractions inFι.

We say thatλ(α . c:τ)M andλ(α / c: τ)M arenegative andpositivecoercion abstractions, respectively. The positive form is parametric on the codomain of the coercion and implements a lower bounded quantificationτ . α, as inxMLF. The negative form is parametric on the domain of the coercion and implements an upper bounded quantificationα . τ, as inF<:.

Continuing with the definition ofF_ι^p, we replace coercion appli- cationM{G}byM{τ /. G}to perform type and coercion appli- cations(M τ){G}atomically. Both positive and negative versions

p ::= . . .6 |p{G} |p{τ /. G} prevalues 6 |Dist^ϕ⇒τ→τhpi |Dist^∀α/.ττ→τ ^⇒hpi

6 |Dist^ϕ⇒τ→τhλ(c:ϕ)pi |Dist^∀α/.τ⇒τ→τ hλ(α /. c:τ)pi v ::= . . .6 |λ(c:ϕ)v|λ(α /. c:τ)v values P ::= . . .6 |λ(c:ϕ) []|λ(α /. c:τ) [] retyping contexts

6 |[]{G} |[]{τ /. G}

Figure 11. ParametricFι: changes in valueswrtFι

have the same meaning, but different typing rules. Typeτappears beforeGto remind that the type application is performed before the coercion application in the expanded form. As a mnemonic device, the/.is oriented towards the side of the variable it instantiates in the coercion type ofM. Hence, ifMisλ(α . c:σ)N, we must writeM{τ . G}.

We must change types accordingly, replacing coercion types ϕ⇒τby∀(α /. τ)⇒σ, which factors the two forms∀(α . τ)⇒ σand∀(α / τ)⇒σwhose expansions inFιare∀α.(α . τ)⇒σ and ∀α.(τ . α) ⇒ σ, respectively. Typing environments are modified accordingly. Notice thatΓ, α /. c:τstands forΓ, α, c: α /. τ(c:α / τshould be read asc:τ . α) and thereforeαmay appear free inτ—as for coercion abstractions.

In the syntax of coercions, we replace coercion abstractions and coercion applications as we did for expressions. We also change the distributivity coercion that exchanges term abstraction with coercion abstraction to reflect the change in coercion types: it must simultaneously permute the term abstraction with the type abstraction and coercion abstraction that are stuck together.

5.2 Adjustments to the semantics

The syntactic changes imply corresponding adjustments to the se- mantics of the language. Notice that all restrictions are captured syntactically, so no further restriction of typing rules is necessary.

Typing rules Consistently with the change of syntax, we re- place the typing rulesTERMCOERLAMandTERMCOERAPPby rules TERMTCOERLAM and TERMTCOERAPP given on Figure 10. The corresponding typing rulesCOERCOERLAMandCOERCOERAPPfor coercions are changed similarly. We also replace COERVAR by TCOERVAR. Finally, the modified distributivity coercion is typed as described by Rule COERDISTTCOERARROW. Notice that /.is a meta-variable asM orτ and different occurrences of the same meta-variable can only be instantiated simultaneously all by.or all by/. (We use different meta-variables /.1 and /.2 when we mean to instantiate them independently.)

The new typing rules forF_ι^pare derived from the typing rules of the corresponding nodes inFι. For example,TERMTCOERLAMis the combination of rulesTERMCOERLAMandTERMTYPELAMinFι. Well-formedness judgments are adjusted in the obvious way (details can be found in the extended version).

Operational semantics The operational semantics is modified in the obvious way. The syntax of values forF_ι^p is defined on Fig- ure 11 as a modification of the syntax ofFι. The adjustments in the reduction rules are the replacement of REDCOER by REDT- COER,REDCOERDISTCOERARROWbyREDCOERDISTTCOERARROW, and the change of retyping contexts that induces a change inRED- COERFILLas described in Figure 11.

5.3 Properties

SinceF_ι^pcan be seen as a restriction ofFιwhere coercion abstrac- tion is always preceded by a type abstraction, some properties of Fι^pcan be derived from those ofFι. In particular, normalization and