¹¹institutetext: Imperial College London, United Kingdom

Depending on Session-Typed Processes

Bernardo Toninho Nobuko Yoshida

Abstract

This work proposes a dependent type theory that combines functions and session-typed processes (with value dependencies) through a contextual monad, internalising typed processes in a dependently-typed $\lambda$ -calculus. The proposed framework, by allowing session processes to depend on functions and vice-versa, enables us to specify and statically verify protocols where the choice of the next communication action can depend on specific values of received data. Moreover, the type theoretic nature of the framework endows us with the ability to internally describe and prove predicates on process behaviours. Our main results are type soundness of the framework, and a faithful embedding of the functional layer of the calculus within the session-typed layer, showcasing the expressiveness of dependent session types.

1 Introduction

Session types [26, 14] are a typing discipline for communication protocols, whose simplicity provides an extensible framework that allows for integration with a variety of functional type features. One useful instance arising from the proof theoretic exploration of logical quantification is value dependent session types [27]. In this work, one can express properties of exchanged data in protocol specifications separately from communication, but cannot describe protocols where communication actions depend on the actual exchanged data (e.g. [17, § 2]). Moreover, it does not allow functions or values to depend on protocols (i.e. sessions) or communication, thus preventing reasoning about dependent process behaviours, exploring the proofs-as-programs paradigm of dependent type theory, e.g. [18, 8].

Our work addresses the limitations of existing formulations of session types by proposing a type theory that integrates dependent functions and session types using a contextual monad. This monad internalises a session-typed calculus within a dependently-typed $\lambda$ -calculus. By allowing session types to depend on $\lambda$ -terms and $\lambda$ -terms to depend on typed processes (using the monad), we are able to achieve heightened degrees of expressiveness. Exploiting the former direction, we enable writing actual data-dependent communication protocols. Exploiting the latter, we can define and prove properties of linearly-typed objects (i.e. processes) within our intuitionistic theory.

To informally demonstrate how our type theory goes beyond the state of the art in order to represent data-dependent protocols, consider the following session type (we write $\tau\wedge A$ for $\exists x{:}\tau.A$ where $x$ does not occur in $A$ and similarly $\tau\supset A$ for $\forall x{:}\tau.A$ when $x$ is not free in $A$ ), $T\triangleq\mathsf{Bool}\supset\oplus\{\mathtt{t}:\mathsf{Nat}\wedge\mathbf{1},\mathtt{f}:\mathsf{Bool}\wedge\mathbf{1}\}$ , representable in existing session typing systems. The type $T$ denotes a protocol which first, inputs a boolean and then either emits the label $\mathtt{t}$ , which will be followed by an output of a natural number; or emits the label $\mathtt{f}$ and a boolean. The intended protocol described by $T$ is to take the $\mathtt{t}$ branch if the received value is $\mathtt{t}$ and the $\mathtt{f}$ branch otherwise, which we can implement as $Q$ with channel $z$ typed by $T$ as follows:

\begin{array}[]{lcl}Q&\triangleq&z(x).\mathsf{case}\;x\;\mathsf{of}\;(\mathsf{true}\Rightarrow z.\mathtt{t};z\langle 23\rangle.\boldsymbol{0},\ \mathsf{false}\Rightarrow z.\mathtt{f};z\langle\mathsf{true}\rangle.\boldsymbol{0})\end{array}

where $z(x).P$ denotes an input process, $z.\mathtt{t}$ is a process which selects label $\mathtt{t}$ and $z\langle 23\rangle.P$ is an output on $z$ . However, since the specification is imprecise, process $z(x).\mathsf{case}\;x\;\mathsf{of}\;(\mathsf{false}\Rightarrow z.\mathtt{t};z\langle 23\rangle.\boldsymbol{0},\ \mathsf{true}\Rightarrow z.\mathtt{f};z\langle\mathsf{true}\rangle.\boldsymbol{0})$ is also a type-correct implementation of $T$ that does not adhere to the intended protocol. Using our dependent type system, we can narrow the specification to guarantee that the desired protocol is precisely enforced. Consider the following definition of a session-type level conditional where we assume inductive definition and dependent pattern matching mechanisms ( $\mathsf{stype}$ denotes the kind of session types):

\begin{array}[]{l}\mathtt{if}::\mathsf{Bool}\rightarrow\mathsf{stype}\rightarrow\mathsf{stype}\rightarrow\mathsf{stype}\\ \mathtt{if}\ \mathsf{true}\,A\,B\ =\ A\quad\quad\mathtt{if}\ \mathsf{false}\,A\,B\ =\ B\end{array}

The type-level function above case analyses the boolean and produces its first session type argument if the value is $\mathsf{true}$ and the second otherwise. We may now specify a session type that faithfully implements the protocol:

T^{\prime}\triangleq\forall x{:}\mathsf{Bool}.\mathtt{if}\,x\,(\mathsf{Nat}\wedge\mathbf{1})\,(\mathsf{Bool}\wedge\mathbf{1})

A process $R$ implementing such a type on channel $z$ is given below:

\begin{array}[]{lcl}R\triangleq z(x).\mathsf{case}\;x\;\mathsf{of}\;(\mathsf{true}\Rightarrow z\langle 23\rangle.\boldsymbol{0},\ \mathsf{false}\Rightarrow z\langle\mathsf{true}\rangle.\boldsymbol{0})\end{array}

Note that if we flip the two branches of the case analysis in $R$ , the session is no longer typable with $T^{\prime}$ , ensuring that the protocol is implemented faithfully.

The example above illustrates a simple yet useful data-dependent protocol. When we further extend our dependent types with a process monad [31], where $\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}$ is a functional term denoting a process that may be spawned by other processes by instantiating the names in $\overline{u_{j}}$ and $\overline{d_{i}}$ , we can provide more powerful reasoning on processes, enabling refined specifications through the use of type indices (i.e. type families) and an ability to internally specify and verify predicates on process behaviours. We also show that all functional types and terms can be faithfully embedded in the process layer using the dependently-typed sessions and process monads.

Contributions.

§ 2 introduces our dependent type theory, augmenting the example above by showing how we can reason about process behaviour using type families and dependently-typed functions (§ 2.3). We then establish the soundness of the theory (§ 2.4). § 3 develops a faithful embedding of the dependent function space in the process layer (Theorem 3.4). § 4 concludes with related work. This article is a long version of [34] containing omitted definitions, proofs and additional examples.

2 A Dependent Type Theory of Processes

$\begin{array}[]{llcl}\mbox{Kinds }&K,K^{\prime}&::=&\mathsf{type}\mid\mathsf{stype}\mid\Pi x{:}\tau.K\mid\Pi t{:}K.K^{\prime}\\ \mbox{Functional}&\tau,\sigma&::=&\Pi x{:}\tau.\sigma\mid\lambda x{:}\tau.\sigma\mid\tau\;M\mid\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}\mid\lambda t::K.\tau\mid\tau\,\sigma\\ \mbox{Sessions}&A,B&::=&{!}A\mid A\multimap B\mid A\otimes B\mid\forall x{:}\tau.A\mid\exists x{:}\tau.A\mid\mathbf{1}\\ &&\mid&\mathbin{\binampersand}\{\overline{l_{i}:A_{i}}\}\mid\oplus\{\overline{l_{i}:A_{i}}\}\mid\lambda x{:}\tau.A\mid A\;M\mid\lambda t{::}K.A\mid A\,B\\ \mbox{Terms }&M,N&::=&\lambda x{:}\tau.M\mid\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}\mid M\,N\mid x\\ \mbox{Processes }&P,Q&::=&\overline{c}\langle d\rangle.P\mid({\boldsymbol{\nu}}c)P\mid c(x).P\mid c\langle M\rangle.P\mid{!}c(x).P\\ &&\mid&c.\mathsf{case}\{\overline{l_{i}\Rightarrow P_{i}}\}\mid c.l;P\mid[c\leftrightarrow d]\mid\boldsymbol{0}\mid c\leftarrow M\leftarrow\overline{u_{j}};\overline{d_{i}};Q\end{array}$

Figure 1: Syntax of Kinds, Types, Terms and Processes

This section introduces our dependent type theory combining session-typed processes and functions. The theory is a generalisation of the line of work relating linear logic and session types [4, 27, 31], considering type-level functions and dependent kinds in an intensional type theory with full mutual dependencies between functions and processes. This generalisation enables us to express more sophisticated session types (such as those of § 1) and also to define and prove properties of processes expressed as type families with proofs as their inhabitants. We focus on the new rules and judgements, pointing the interested reader to [27, 5, 28] for additional details on the base theory.

2.1 Syntax

The calculus is stratified into two mutually dependent layers of processes and terms, which we often refer to as the process and functional layers, respectively. The syntax of the theory is given in Fig. 1 (we use $x,y$ for variables ranging over terms and $t$ for variables ranging over types).

Types and Kinds.

The process layer is able to refer to terms of the functional layer via appropriate (dependently-typed) communication actions and through a spawn construct, allowing for processes encapsulated as functional values to be executed. Dually, the functional layer can refer to the process layer via a contextual monad [31] that internalises (open) typed processes as opaque functional values. This mutual dependency is also explicit in the type structure on several axes: process channel usages are typed by a language of session types, which specifies the communication protocols implemented on the used channels, extended with two dependent communication operations $\forall x{:}\tau.A$ and $\exists x{:}\tau.A$ , where $\tau$ is a functional type and $A$ is a session type in which $x$ may occur. Moreover, we also extend the language of session types with type-level $\lambda$ -abstraction over terms $\lambda x{:}\tau.A$ and session types $\lambda t{::}K.A$ (with the corresponding elimination forms $A\,M$ and $A\,B$ ). As we show in § 1, the combination of these features allows for a new degree of expressiveness, enabling us to construct session types whose structure depends on previously communicated values.

The remaining session constructs are standard, following [5]: ${!}A$ denotes a shared session of type $A$ that may be used an arbitrary (finite) number of times; $A\multimap B$ represents a session offering to input a session of type $A$ to then offer the session behaviour $B$ ; $A\otimes B$ is the dual operator, denoting a session that outputs $A$ and proceeds as $B$ ; $\oplus\{\overline{l_{i}:A_{i}}\}$ and $\mathbin{\binampersand}\{\overline{l_{i}:A_{i}}\}$ represent internal and external labelled choice, respectively; $\mathbf{1}$ denotes the terminated session.

The functional layer is a $\lambda$ -calculus with dependent functions $\Pi x{:}\tau.\sigma$ , type-level $\lambda$ -abstractions over terms and types (and respective type-level applications) and a contextual monadic type $\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}$ , denoting a (quoted) process offering session $c{:}A$ by using the linear sessions $\overline{d_{i}{:}A_{i}}$ and shared sessions $\overline{u_{j}{:}B_{j}}$ [31]. We often write $\{A\}$ for $\{\cdot;\cdot\vdash c{:}A\}$ . The kinding system for our theory contains two base kinds $\mathsf{type}$ and $\mathsf{stype}$ of functional and session types, respectively. Type-level $\lambda$ -abstractions require dependent kinds $\Pi x{:}\tau.K$ and $\Pi t{::}K.K^{\prime}$ , respectively. We note that the functional connectives form a standard dependent type theory [11, 23].

Terms and Processes.

Terms include the standard $\lambda$ -abstractions $\lambda x{:}\tau.M$ , applications $M\,N$ and variables $x$ . In order to internalise processes within the functional layer we make use of a monadic process wrapper, written $\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}$ . In such a construct, the channels $c$ , $\overline{u_{j}}$ and $\overline{d_{i}}$ are bound in $P$ , where $c$ is the session channel being offered and $\overline{u_{j}}$ and $\overline{d_{i}}$ are the session channels (linear and shared, respectively) being used. We write $\{c\leftarrow P\leftarrow\epsilon\}$ when $P$ does not use any ambient channels, which we abbreviate to $\{P\}$ .

The syntax of processes follows that of [5] extended with the monadic elimination form $c\leftarrow M\leftarrow\overline{u_{j}};\overline{d_{i}};Q$ . Such a process construct denotes a term $M$ that is to be evaluated to a monadic value of the form $\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}$ which will then be executed in parallel with $Q$ , sharing with it a session channel $c$ and using the provided channels $\overline{u_{j}}$ and $\overline{d_{i}}$ . We write $c\leftarrow M\leftarrow\epsilon;Q$ when no channels are provided for the execution of $M$ and often abbreviate this to $c\leftarrow M;Q$ . The process $\overline{c}\langle d\rangle.P$ denotes the output of the fresh channel $d$ along channel $c$ with continuation $P$ , which binds $d$ ; $({\boldsymbol{\nu}}c)P$ denotes channel hiding, restricting the scope of $c$ to $P$ ; $c(x).P$ denotes an input along $c$ , bound to $x$ in $P$ ; $c\langle M\rangle.P$ denotes the output of term $M$ along $c$ with continuation $P$ ; ${!}c(x).P$ denotes a replicated input which spawns copies of $P$ ; the construct $c.\mathsf{case}\{\overline{l_{i}\Rightarrow P_{i}}\}$ codifies a process that waits to receive some label $l_{j}$ along $c$ , with continuation $P_{j}$ ; dually, $c.l;P$ denotes a process that emits a label $l$ along $c$ and continues as $P$ ; $[c\leftrightarrow d]$ denotes a forwarder between $c$ and $d$ , which is operationally implemented as renaming; $P\mid Q$ denotes parallel composition and $\boldsymbol{0}$ the null process.

2.2 A Dependent Typing System

We now introduce our typing system, defined by a series of mutually inductive judgements, given in Fig. 2. We use $\Psi$ to stand for a typing context for dependent $\lambda$ -terms (i.e. assumptions of the form $x{:}\tau$ or $t::K$ , not subject to exchange), $\Gamma$ for a typing context for shared sessions of the form $u{:}A$ (implicitly subject to weakening and contraction) and $\Delta$ for a linear context of sessions $x{:}A$ . The context well-formedness judgments $\Psi\vdash$ and $\Psi;\Delta\vdash$ require that types and kinds (resp. session types) in $\Psi$ (resp. $\Delta$ ) are well-formed. The judgments $\Psi\vdash K$ , $\Psi\vdash\tau::K$ and $\Psi\vdash A::K$ codify well-formedness of kinds, functional and session types (with kind $K$ ), respectively. Their rules are standard.

\small\begin{array}[]{ll}\Psi\vdash&\mbox{Context $\Psi$ is well-formed.}\\ \Psi;\Delta\vdash&\mbox{Context $\Delta$ is well-formed, under assumptions in $\Psi$.}\\ \Psi\vdash K&\mbox{$K$ is a kind in context $\Psi$.}\\ \Psi\vdash\tau::K&\mbox{$\tau$ is a (functional) type of kind $K$ in context $\Psi$.}\\ \Psi\vdash A::K&\mbox{$A$ is a session type of kind $K$ in context $\Psi$.}\\ \Psi\vdash M:\tau&\mbox{$M$ has type $\tau$ in context $\Psi$.}\\ \Psi;\Gamma;\Delta\vdash P::z{:}A&\mbox{$P$ offers session $z{:}A$ when composed with processes}\\ &\mbox{offering sessions specified in $\Gamma$ and $\Delta$ in context $\Psi$.}\\ \Psi\vdash K_{1}=K_{2}&\mbox{Kinds $K_{1}$ and $K_{2}$ are equal.}\\ \Psi\vdash\tau=\sigma::K&\mbox{Types $\tau$ and $\sigma$ are equal of kind $K$.}\\ \Psi\vdash A=B::K&\mbox{Session types $A$ and $B$ are equal of kind $K$.}\\ \Psi\vdash M=N:\tau&\mbox{Terms $M$ and $N$ are equal of type $\tau$.}\\ \Psi\vdash\Delta=\Delta^{\prime}::\mathsf{stype}&\mbox{Contexts $\Delta$ and $\Delta^{\prime}$ are equal, under the assumptions in $\Psi$.}\\ \Psi;\Gamma;\Delta\vdash P=Q::z{:}A&\mbox{Processes $P$ and $Q$ are equal with typing $z{:}A$.}\\ \end{array}

Figure 2: Typing Judgements

Typing.

An excerpt of the typing rules for terms and processes is given in Fig. 3 and 4, respectively, noting that typing enforces types to be of base kind $\mathsf{type}$ (respectively $\mathsf{stype}$ ). The rules for dependent functions are standard, including the type conversion rule which internalises definitional equality of types. We highlight the introduction rule for the monadic construct, which requires the appropriate session types to be well-formed and the process $P$ to offer $c{:}A$ when provided with the appropriate session contexts.

In the typing rules for processes (Fig. 4), presented as a set of right and left rules (the former identifying how to offer a session of a given type and the latter how to use such a session), we highlight the rules for dependently-typed communication and monadic elimination (for type-checking purposes we annotate constructs with the respective dependent type – this is akin to functional type theories). To offer a session $c{:}\exists x{:}\tau.A$ we send a term $M$ of type $\tau$ and then offer a session $c{:}A\{M/x\}$ ; dually, to use such a session we perform an input along $c$ , bound to $x$ in $Q$ , warranting a use of $c$ as a session of (open) type $A$ . The rules for the universal are dual. Offering a session $c{:}\forall x{:}\tau.A$ entails receiving on $c$ a term of type $\tau$ and offering $c{:}A$ . Using a session of such a type requires sending along $c$ a term $M$ of type $\tau$ , warranting the use of $c$ as a session of type $A\{M/x\}$ .

The rule for the monadic elimination form requires that the term $M$ be of the appropriate monadic type and that the provided channels $\overline{u_{j}}$ and $\overline{y_{i}}$ adhere to the typing specified in $M$ ’s type. Under these conditions, the process $Q$ may then use the session $c$ as session $A$ . The type conversion rules reflect session type definitional equality in typing.

\small\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\Pi I)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 58.51054pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\vdash M:\sigma}$}}}\vbox{}}}\over\hbox{\hskip 47.23216pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\Pi E)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 57.91542pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\Pi x{:}\tau.\sigma\quad\Psi\vdash N:\tau}$}}}\vbox{}}}\over\hbox{\hskip 40.81242pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M\,N:\sigma\{N/x\}}$}}}}}}$}}}\\[13.87491pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\{\}I)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 83.41368pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\forall i,j.\Psi\vdash A_{i},B_{j}::\mathsf{stype}\quad\Psi;\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash P::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 66.80363pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}:A_{i}}\vdash c{:}A\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{Conv})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 56.40291pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\tau\quad\Psi\vdash\tau=\sigma::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 20.44588pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\sigma}$}}}}}}$}}}\end{array}

Figure 3: Typing for Terms (Excerpt – See Appendix 0.A.4)

\small\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\exists}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 78.68091pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M{:}\tau\quad\Psi;\Gamma;\Delta\vdash P::c{:}A\{M/x\}}$}}}\vbox{}}}\over\hbox{\hskip 76.36896pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c\langle M\rangle_{\exists x{:}\tau.A}.P::c{:}\exists x{:}\tau.A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\exists}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 87.5016pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\mathrel{;}\Gamma;\Delta,c{:}A\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 79.25394pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\mathrel{;}\Gamma;\Delta,c{:}\exists x{:}\tau.A\vdash c(x{:}\tau).Q::d{:}D}$}}}}}}$}}}\\[13.87491pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\forall}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 75.20087pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\mathrel{;}\Gamma;\Delta\vdash P::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 67.72401pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c(x{:}\tau).P::c{:}\forall x{:}\tau.A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\forall}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 90.98164pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M{:}\tau\quad\Psi;\Gamma;\Delta,c{:}A\{M/x\}\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 88.6697pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}\forall x{:}\tau.A\vdash c\langle M\rangle_{\forall x{:}\tau.A}.Q::d{:}D}$}}}}}}$}}}\\[13.87491pt] {\vbox{\hbox{\hbox{\small\sc($\displaystyle\{\}E$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 127.48303pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Delta^{\prime}=\overline{d_{i}:B_{i}}\quad\overline{u_{j}{:}C_{j}}\subseteq\Gamma\quad\Psi\vdash M:\{\overline{u_{j}{:}C_{j}};\overline{d_{i}{:}B_{i}}\vdash c{:}A\}\quad\Psi;\Gamma;\Delta,c{:}A\vdash Q::z{:}C}$}}}\vbox{}}}\over\hbox{\hskip 74.16861pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta^{\prime},\Delta\vdash c\leftarrow M\leftarrow\overline{u_{j}};\overline{y_{i}};Q::z{:}C}$}}}}}}$}}}\\[13.87491pt] {\vbox{\hbox{\hbox{\small\sc($\displaystyle{{\mathsf{Conv}}\mathsf{R}}$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 79.10013pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A\quad\Psi\vdash A=B::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 38.50598pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}B}$}}}}}}$}}}\par\quad\par{\vbox{\hbox{\hbox{\small\sc($\displaystyle{{\mathsf{Conv}}\mathsf{L}}$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 80.98608pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma^{\prime};\Delta^{\prime}\vdash P::z{:}A\quad\Psi;\Gamma^{\prime};\Delta^{\prime}=\Psi;\Gamma;\Delta}$}}}\vbox{}}}\over\hbox{\hskip 38.25026pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A}$}}}}}}$}}}\\[13.87491pt] \raise 6.125pt\hbox{$\hbox{$\hbox{\small\sc$(\mathsf{cut})$}\,$}{\hbox{$\displaystyle\displaystyle{\hbox{\hskip 94.14183pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::c{:}A\quad\Psi;\Gamma;\Delta^{\prime},c{:}A\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 63.01134pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,\Delta^{\prime}\vdash({\boldsymbol{\nu}}c)(P\mid Q)::d{:}D}$}}}}}}$}}\hbox{}$}\end{array}

Figure 4: Typing for Processes (Excerpt – See Appendix 0.A.5)

Definitional Equality.

The crux of any dependent type theory lies in its definitional equality. Type equality relies on equality of terms which, by including the monadic construct, necessarily relies on a notion of process equality.

Our presentation of an intensional definitional equality of terms follows that of [12], where we consider an intrinsically typed relation, including $\beta$ and $\eta$ conversion (similarly for type equality which includes $\beta$ and $\eta$ principles for the type-level $\lambda$ -abstractions). An excerpt of the rules for term equality is given in Fig. 5. The remaining rules are congruence rules and closure under symmetry, reflexivity and transitivity. Rule $(\mathsf{TMEq}\beta)$ captures the $\beta$ -reduction, identifying a $\lambda$ -abstraction applied to an argument with the substitution of the argument in the function body (typed with the appropriately substituted type). We highlight rule $(\mathsf{TMEq}\{\}\eta)$ , which codifies a general $\eta$ -like principle for arbitrary terms of monadic type: We form a monadic term that applies the monadic elimination form to $M$ , forwarding the result along the appropriate channel, which becomes a term equivalent to $M$ .

Definitional equality of processes is summarised in Fig. 6. We rely on process reduction defined below. Definitional equality of processes consists of the usual congruence rules, (typed) reductions and the commutting conversions of linear logic and $\eta$ -like principles, which allows for forwarding actions to be equated with the primitive syntactic forwarding construct. Commutting conversions amount to sound observational equivalences between processes [24], given that session composition requires name restriction (embodied by the $(\mathsf{cut})$ rule): In rule $(\mathsf{PEqCC}\forall)$ , either process can only be interacted with via channel $c$ and so postponing actions of $P$ to after the input on $c$ (when reading the equality from left to right) cannot impact the process’ observable behaviours. While $P$ can in general interact with sessions in $\Delta$ (or with $Q$ ), these interactions are unobservable due to hiding in the $(\mathsf{cut})$ rule.

\small\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\beta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 82.20187pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\vdash M:\sigma\quad\Psi\vdash N:\tau}$}}}\vbox{}}}\over\hbox{\hskip 83.95088pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash(\lambda x{:}\tau.M)\,N=M\{N/x\}:\sigma\{N/x\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\eta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 64.19199pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\Pi x{:}\tau.\sigma\quad x\not\in fv(M)}$}}}\vbox{}}}\over\hbox{\hskip 61.74527pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.M\,x=M:\Pi x{:}\tau.\sigma}$}}}}}}$}}}\\[13.87491pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\{\}\eta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 42.14647pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}}$}}}\vbox{}}}\over\hbox{\hskip 116.3443pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\{c\leftarrow(y\leftarrow M;\overline{u_{j}};\overline{d_{i}};[y\leftrightarrow c])\leftarrow\overline{u_{j}};\overline{d_{i}}\}=M:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}}$}}}}}}$}}}\end{array}

Figure 5: Definitional Equality of Terms (Excerpt – See Appendix 0.A.9)

\small\begin{array}[]{c}\raise 5.875pt\hbox{$\hbox{$\hbox{\small\sc$(\mathsf{PEqRed})$}\,$}{\hbox{$\displaystyle\displaystyle{\hbox{\hskip 95.35843pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A\quad P\xrightarrow{}Q\quad\Psi;\Gamma;\Delta\vdash Q::z{:}A}$}}}\vbox{}}}\over\hbox{\hskip 48.06464pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P=Q::z{:}A}$}}}}}}$}}\hbox{}$}\\[9.24994pt] \raise 6.125pt\hbox{$\hbox{$\hbox{\small\sc$(\mathsf{PEq}\forall\eta)$}\,$}{\hbox{$\displaystyle\displaystyle{\hbox{}\over\hbox{\hskip 122.9155pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;d{:}\forall x{:}\tau.A\vdash c(x).d\langle x\rangle.[d\leftrightarrow c]=[d\leftrightarrow c]::c{:}\forall x{:}\tau.A}$}}}}}}$}}\hbox{}$}\\[9.24994pt] \raise 6.125pt\hbox{$\hbox{$\hbox{\small\sc$(\mathsf{PEqCC}\forall)$}\,$}{\hbox{$\displaystyle\displaystyle{\hbox{\hskip 104.88333pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::d{:}B\quad\Psi,x{:}\tau;\Gamma;\Delta^{\prime},d{:}B\vdash Q::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 125.10547pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,\Delta^{\prime}\vdash({\boldsymbol{\nu}}d)(P\mid c(x).Q)=c(x).({\boldsymbol{\nu}}d)(P\mid Q)::c{:}\forall x{:}\tau.A}$}}}}}}$}}\hbox{}$}\par\par\end{array}

Figure 6: Definitional Equality of Processes (Excerpt – See Appendix 0.A.10)

Operational Semantics.

The operational semantics for the $\lambda$ -calculus is standard, noting that no reduction can take place inside monadic terms. The operational (reduction) semantics for processes is presented below where we omit closure under structural congruence and the standard congruence rules [4, 27, 31]. The last rule defines spawning a process in a monadic term.

\small\begin{array}[]{ll}c\langle M\rangle.P\mid c(x).Q\xrightarrow{}P\mid Q\{M/x\}&\overline{c}\langle x\rangle.P\mid c(x).Q\xrightarrow{}({\boldsymbol{\nu}}x)(P\mid Q)\\[4.62497pt] {!}c(x).P\mid\overline{c}\langle x\rangle.Q\xrightarrow{}{!}c(x).P\mid({\boldsymbol{\nu}}x)(P\mid Q)&c.\mathsf{case}\{\overline{l_{i}\Rightarrow P_{i}}\}\mid c.l_{j};Q\xrightarrow{}P_{j}\mid Q\,\,\,\,(l_{j}\in\overline{l_{i}})\\[4.62497pt] ({\boldsymbol{\nu}}c)(P\mid[c\leftrightarrow d])\xrightarrow{}P\{d/c\}&\hskip-28.45274ptc\leftarrow\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}\leftarrow\overline{u_{j}};\overline{d_{i}};Q\xrightarrow{}({\boldsymbol{\nu}}c)(P\mid Q)\end{array}

2.3 Example – Reasoning about Processes using Dependent Types

The use of type indices (i.e. type families) in dependently typed frameworks adds information to types to produce more refined specifications. Our framework enables us to do this at the level of session types.

Consider a session type that “counts down” on a natural number (we assume inductive definitions and dependent pattern matching in the style of [23]):

\begin{array}[]{lcl}\mathsf{countDown}&::&\Pi x{:}\mathsf{Nat}.\mathsf{stype}\\ \mathsf{countDown}\,(\mathsf{succ}(n))&=&\exists y{:}\mathsf{Nat}.\mathsf{countDown}(n)\\ \mathsf{countDown}\,\,\,\mathsf{z}&=&\mathbf{1}\end{array}

The type family $\mathsf{countDown}(n)$ denotes a session type that emits exactly $n$ numbers and then terminates. We can now write a (dependently-typed) function that produces processes with the appropriate type, given a starting value:

\begin{array}[]{lcl}\mathsf{counter}&:&\Pi x{:}\mathsf{Nat}.\{\mathsf{countDown}(x)\}\\ \mathsf{counter}\,\,\,(\mathsf{succ}(n))&=&\{c\leftarrow c\langle\mathsf{succ}(n)\rangle.\,d\leftarrow\mathsf{counter}(n);[d\leftrightarrow c]\}\\ \mathsf{counter}\,\,\,\mathsf{z}&=&\{c\leftarrow\boldsymbol{0}\}\end{array}

Note how the type of $\mathsf{counter}$ , through the type family $\mathsf{countDown}$ , allows us to specify exactly the number of times a value is sent. This is in sharp contrast with existing recursive (or inductive/coinductive [19, 32]) session types, where one may only specify the general iterative nature of the behaviour (e.g. “send a number and then recurse or terminate”).

The example above relies on session type indexing in order to provide additional static guarantees about processes (and the functions that generate them). An alternative way is to consider “simply-typed” programs and then prove that they satisfy the desired properties, using the language itself. Consider a simply-typed version of the counter above described as an inductive session type:

\begin{array}[]{lcl}\mathsf{simpleCounterT}&::&\mathsf{stype}\\ \mathsf{simpleCounterT}&=&\oplus\{\mathsf{dec}:\mathsf{Nat}\wedge\mathsf{simpleCounterT},\mathsf{done}:\mathbf{1}\}\end{array}

There are many processes that correctly implement such a type, given that the type merely dictates that the session outputs a natural number and recurses (modulo the $\mathsf{dec}$ and $\mathsf{done}$ messages to signal which branch of the internal choice is taken). A function that produces processes implementing such a session, mirroring those generated by the $\mathsf{counter}$ function above, is:

\begin{array}[]{lcl}\mathsf{simpleCounter}&:&\mathsf{Nat}\rightarrow\{\mathsf{simpleCounterT}\}\\ \mathsf{simpleCounter}\,\,\,(\mathsf{succ}(n))&=&\{c\leftarrow c.\mathsf{dec};({\boldsymbol{\nu}}d)(d\langle\mathsf{succ}(n)\rangle.\boldsymbol{0}\mid d(x).c\langle x\rangle.\\ &&\,\,\,d\leftarrow\mathsf{simpleCounter}(n);[d\leftrightarrow c]\}\\ \mathsf{simpleCounter}\quad\mathsf{z}&=&\{c\leftarrow c.\mathsf{done};\boldsymbol{0}\}\\ \end{array}

The process generated by $\mathsf{simpleCounter}$ , after emiting the $\mathsf{dec}$ label, spawns a process in parallel that sends the appropriate number, which is received by the parallel thread and then sent along the session $c$ . Despite its simplicity, this example embodies a general pattern where a computation is spawned in parallel (itself potentially spawning many other threads) and the main thread then waits for the result before proceeding.

While such a process is typable in most session typing frameworks, our theory enables us to prove that the counter implementation above indeed counts down from a given number by defining an appropriate (inductive) type family, indexed by monadic values (i.e. processes):

\begin{array}[]{lcl}\mathsf{corrCount}&::&\Pi x{:}\mathsf{Nat}.\Pi y{:}\{\mathsf{simpleCounterT}\}.\mathsf{type}\\ \mathsf{corr}_{z}&:&\mathsf{corrCount}\,\mathsf{z}\,\{c\leftarrow c.\mathsf{done};\boldsymbol{0}\}\\ \mathsf{corr}_{n}&:&\Pi n{:}\mathsf{Nat}.\Pi P{:}\{\mathsf{simpleCounterT}\}.\mathsf{corrCount}\,n\,P\rightarrow\\ &&\mathsf{corrCount}\,(\mathsf{succ}(n))\,\{c\leftarrow c.\mathsf{dec};c\langle\mathsf{succ}(n)\rangle.d\leftarrow P;[d\leftrightarrow c]\}\end{array}

The type family $\mathsf{corrCount}$ , indexed by a natural number and a monadic value implementing the session type $\mathsf{simpleCounter}$ , is defined via two constructors: $\mathsf{corr}_{z}$ , which specifies that a correct $0$ counter emits the $\mathsf{done}$ label and terminates; and $\mathsf{corr}_{n}$ , which given a monadic value $P$ that is a correct $n$ -counter, defines that a correct $(n+1)$ -counter emits $n+1$ and then proceeds as $P$ (modulo the label emission bookkeeping).

The proof of correctness of the $\mathsf{simpleCounter}$ function above is no more than a function of type $\Pi n{:}\mathsf{Nat}.\mathsf{corrCount}\,n$ $(\mathsf{simpleCounter}(n))$ , defined below:

\begin{array}[]{lcl}\mathsf{prf}&:&\Pi n{:}\mathsf{Nat}.\mathsf{corrCount}\,n\,(\mathsf{simpleCounter}(n))\\ \mathsf{prf}\quad\mathsf{z}&=&\mathsf{corr}_{z}\\ \mathsf{prf}\quad(\mathsf{succ}(n))&=&\mathsf{corr}_{n}\,n\,(\mathsf{simpleCounter}(n))\,(\mathsf{prf}\,n)\end{array}

Note that in this scenario, the processes that index the $\mathsf{corrCount}$ type family are not syntactically equal to those generated by $\mathsf{simpleCounter}$ , but rather definitionally equal.

Typically, the processes that index such correctness specifications tend to be distilled versions of the actual implementations, which often perform some additional internal computation or communication steps. Since our notion of definitional equality of processes includes reduction (and also commuting conversions which account for type-preserving shuffling of internal communication actions [28]), the type conversion mechanism allows us to use the techniques described above to generally reason about specification conformance.

We may also consider a variant of the example above which does not force outputs to match precisely with the type index:

\begin{array}[]{lcl}\mathsf{countDown}^{\prime}&::&\Pi x{:}\mathsf{Nat}.\mathsf{stype}\\ \mathsf{countDown}^{\prime}\,(\mathsf{succ}(n))&=&\exists y{:}\mathsf{Nat}.\mathsf{countDown}^{\prime}(n)\\ \mathsf{countDown}^{\prime}\,\,\,\mathsf{z}&=&\mathbf{1}\end{array}

The type $\mathsf{countDown}^{\prime}\,n$ will still require $n$ outputs to be performed, but unlike with $\mathsf{countDown}$ we do not enforce a relation between the iteration and the number being sent. An implementation of such a type is given below, using fundamentally the same code as for $\mathsf{counter}$ :

\begin{array}[]{lcl}\mathsf{counter}^{\prime}&:&\Pi x{:}\mathsf{Nat}.\{\mathsf{countDown}^{\prime}(x)\}\\ \mathsf{counter}^{\prime}\,\,\,(\mathsf{succ}(n))&=&\{c\leftarrow c\langle\mathsf{succ}(n)\rangle.\\ &&\qquad\,\,\,d\leftarrow\mathsf{counter}^{\prime}(n);\\ &&\qquad\,\,\,[d\leftrightarrow c]\}\\ \mathsf{counter}^{\prime}\,\,\,\mathsf{z}&=&\{c\leftarrow\boldsymbol{0}\}\end{array}

We may then use an heterogeneous equality (a special case of the so-called John Major equality [20]) of the form

\begin{array}[]{lcl}\mathsf{JMEq}&::&\Pi A{:}\mathsf{stype}.\Pi B{:}\mathsf{stype}.\Pi x{:}\{A\}.\Pi y{:}\{B\}.\mathsf{type}\\ \mathsf{JMEqRefl}&:&\lambda A{:}\mathsf{stype}.\lambda x{:}\{A\}.\mathsf{JMEq}\,A\,A\,x\,x\end{array}

to inductively show that the processes produced by $\mathsf{counter}$ and $\mathsf{counter}^{\prime}$ are indeed the same.

\begin{array}[]{l}\mathsf{eqs}:\Pi n{:}\mathsf{Nat}.\mathsf{JMEq}\,(\mathsf{countDown}(n))\,(\mathsf{countDown}^{\prime}(n))\,(\mathsf{counter}(n))\,(\mathsf{counter}^{\prime}(n))\\ \mathsf{eqs}\,z=\mathsf{JMEqRefl}\,\mathbf{1}\,\{c\leftarrow\boldsymbol{0}\}\\ \mathsf{eqs}\,(\mathsf{succ}(n))=\mathsf{case}\,(\mathsf{eqs}\,n)\,\mathsf{of}\,\{\_\Rightarrow\mathsf{JMEqRefl}\,(\mathsf{countDown}(\mathsf{succ}(n)))\\ \qquad\qquad\qquad\qquad\qquad\qquad\qquad\qquad\qquad\quad\,\,\,(\mathsf{counter}(\mathsf{succ}(n))))\}\\ \end{array}

We note that the example above makes extensive use of dependent pattern matching, using some implicit assumptions on its behaviour that have not been formalised in this paper and are left for future work.

2.4 Type Soundness of the Framework

The main goal of this section is to present type soundness of our framework through a subject reduction result. We also show that our theory guarantees progress for terms and processes. The development requires a series of auxiliary results (detailed in Appendix 0.B) pertaining to the functional and process layers which are ultimately needed to produce the inversion properties necessary to establish subject reduction. We note that strong normalisation results for linear-logic based session processes are known in the literature [3, 32, 28], even in the presence of impredicative polymorphism, restricted corecursion and higher-order data. Such results are directly applicable to our work using appropriate semantics preserving type erasures.

In the remainder we often write $\Psi\vdash\mathcal{J}$ to stand for a well-formedness, typing or definitional equality judgment of the appropriate form. Similarly for $\Psi;\Gamma;\Delta\vdash\mathcal{J}$ . We begin with the substitution property, which naturally holds for both layers, noting that the dependently typed nature of the framework requires substitution in both contexts, terms and in types.

Lemma 2.1 (Substitution)

Let $\Psi\vdash M:\tau$ :

1.

If $\Psi,x{:}\tau,\Psi^{\prime}\vdash\mathcal{J}$ then $\Psi,\Psi^{\prime}\{M/x\}\vdash\mathcal{J}\{M/x\}$ ;
2.

If $\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta\vdash\mathcal{J}$ then $\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash\mathcal{J}\{M/x\}$

Combining substitution with a form of functionality for typing (i.e. that substitution of equal terms in a well-typed term produces equal terms) and for equality (i.e. that substitution of equal terms in a definitional equality proof produces equal terms), we can establish validity for typing and equality, which is a form of internal soundness of the type theory stating that judgments are consistent across the different levels of the theory.

Lemma 2.2 (Validity for Typing)

(1) If $\Psi\vdash\tau::K$ or $\Psi\vdash A::K$ then $\Psi\vdash K$ ; (2) If $\Psi\vdash M:\tau$ then $\Psi\vdash\tau::\mathsf{type}$ ; and (3) If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ then $\Psi\vdash A::\mathsf{stype}$ .

Lemma 2.3 (Validity for Equality)

1.

If $\Psi\vdash M=N:\tau$ then $\Psi\vdash M:\tau$ , $\Psi\vdash N:\tau$ and $\Psi\vdash\tau::\mathsf{type}$
2.

If $\Psi\vdash\tau=\sigma::K$ then $\Psi\vdash\tau::K$ , $\Psi\vdash\sigma::K$ and $\Psi\vdash K$
3.

If $\Psi\vdash A=B::K$ then $\Psi\vdash A::K$ , $\Psi\vdash B::K$ and $\Psi\vdash K$
4.

If $\Psi\vdash K=K^{\prime}$ then $\Psi\vdash K$ and $\Psi\vdash K^{\prime}$
5.

If $\Psi;\Gamma;\Delta\vdash P=Q::z{:}A$ then $\Psi;\Gamma;\Delta\vdash P::z{:}A$ , $\Psi;\Gamma;\Delta\vdash Q::z{:}A$ and $\Psi\vdash A::\mathsf{stype}$

With these results we establish the appropriate inversion and injectivity properties which then enable us to show unicity of types (and kinds).

Theorem 2.4 (Unicity of Types and Kinds)

1.

If $\Psi\vdash M:\tau$ and $\Psi\vdash M:\tau^{\prime}$ then $\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}$
2.

If $\Psi\vdash\tau::K$ and $\Psi\vdash\tau::K^{\prime}$ then $\Psi\vdash K=K^{\prime}$
3.

If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ and $\Psi;\Gamma;\Delta\vdash P::z{:}A^{\prime}$ then $\Psi\vdash A=A^{\prime}::\mathsf{stype}$
4.

If $\Psi\vdash A::K$ and $\Psi\vdash A::K^{\prime}$ then $\Psi\vdash K=K^{\prime}$

All the results above, combined with the process-level properties established in [29, 28, 5] enable us to show the following:

Theorem 2.5 (Subject Reduction – Terms)

If $\Psi\vdash M:\tau$ and $M\xrightarrow{}M^{\prime}$ then $\Psi\vdash M^{\prime}:\tau$

Theorem 2.6 (Subject Reduction – Processes)

If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ and $P\xrightarrow{}P^{\prime}$ then $\exists Q$ such that $P^{\prime}\equiv Q$ and $\Psi;\Gamma;\Delta\vdash Q::z{:}A$

Theorem 2.7 (Progress – Terms)

If $\Psi\vdash M:\tau$ then either $M$ is a value or $M\xrightarrow{}M^{\prime}$

As common in logical-based session type theories, typing enforces a strong notion of global progress which states that closed processes that are waiting to perform communication actions cannot get stuck (this relies on a notion of live process, defined as $\mathsf{live}(P)$ iff $P\equiv({\boldsymbol{\nu}}\tilde{n})(\pi.Q\mid R)$ for some process $R$ , sequence of names $\tilde{n}$ and a non-replicated guarded process $\pi.Q$ ). We note that the restricted typing for $P$ is without loss of generality, due to the $(\mathsf{cut})$ rule.

Theorem 2.8 (Progress – Processes)

If $\Psi;\cdot;\cdot\vdash P::c{:}\mathbf{1}$ and $\mathsf{live}(P)$ then $\exists Q$ such that $P\xrightarrow{}Q$

3 Embedding the Functional Layer in the Process Layer

Having introduced our type theory and showcased some of its informal expressiveness in terms of the ability to specify and statically verify true data dependent protocols, as well as the ability to prove properties of processes, we now develop a formal expressiveness result for our theory, showing that the process level type constructs are able to encode the dependently-typed functional layer, faithfully preserving type dependencies.

Specifically, we show that (1) the type-level constructs in the functional layer can be represented by those in the process layer combined with the contextual monad type, and (2) all term level constructs can be represented by session-typed processes that exchange monadic values. Thus, we show that both $\lambda$ -abstraction and application can be eliminated while still preserving non-trivial type dependencies. Crucially, we note that the monadic construct cannot be fully eliminated due to the cross-layer nature of session type dependencies: In the process layer, simply-kinded dependent types (i.e. types with kind $\mathsf{stype}$ ) are of the form $\forall x{:}\tau.A$ where $\tau$ is of kind $\mathsf{type}$ and $A$ of kind $\mathsf{stype}$ (where $x$ may occur). Operationally, such a session denotes an input of some term $M$ of type $\tau$ with a continuation of type $A\{M/x\}$ . Thus, to faithfully encode type dependencies we cannot represent such a type with a non-dependently typed input (e.g. a type of the form $A\multimap B$ ).

3.1 The Embedding

A first attempt.

Given the observation above, a seemingly reasonable option would be to attempt an encoding that maintains monadic objects solely at the level of type indices and then exploits Girard’s encoding [9] of function types $\tau\rightarrow\sigma$ as ${!}\llbracket\tau\rrbracket\rightarrow\llbracket\sigma\rrbracket$ , which is adequate for session-typed processes [30]. Thus a candidate encoding for the type $\Pi x{:}\tau.\sigma$ would be $\forall x{:}\{\llbracket\tau\rrbracket\}.{!}\llbracket\tau\rrbracket\multimap\llbracket\sigma\rrbracket$ , where $\llbracket{-}\rrbracket$ denotes our encoding on types. If we then consider the encoding at the level of terms, typing dictates the following (we write $\llbracket M\rrbracket_{z}$ for the process encoding of $M:\tau$ , where $z$ is the session channel along which one may observe the “result” of the encoding, typed with $\llbracket\tau\rrbracket$ ):

\begin{array}[]{lcl}\llbracket\lambda x{:}\tau.M\rrbracket_{z}&\triangleq&z(x).z(x^{\prime}).\llbracket M\rrbracket_{z}\\ \llbracket M\,N\rrbracket_{z}&\triangleq&({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{y}\}\rangle.\overline{x}\langle x^{\prime}\rangle.({!}x^{\prime}(y).\llbracket N\rrbracket_{y}\mid[x\leftrightarrow z])\\ \end{array}

However, this candidate encoding breaks down once we consider definitional equality. Specifically, compositionality (i.e. the relationship between $\llbracket M\{N/x\}\rrbracket_{z}$ and the encoding of $N$ substituted in that of $M$ ) requires us to relate $\llbracket M\{N/x\}\rrbracket_{z}$ with $({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{y}\}/x\}\mid{!}x^{\prime}(y).\llbracket N\rrbracket_{y})$ , which relies on reasoning up-to observational equivalence of processes, a much stronger relation than our notion of definitional equality. Therefore it is fundamentally impossible for such an encoding to preserve our definitional equality, and thus it cannot preserve typing in the general case.

A faithful embedding.

We now develop our embedding of the functional layer into the process layer which is compatible with definitional equality. Our target calculus is reminiscent of a higher-order (in the sense of higher-order processes [25]) session calculus [21]. Our encoding $\llbracket{-}\rrbracket$ is inductively defined on kinds, types, session types, terms and processes. As usual in process encodings of the $\lambda$ -calculus, the encoding of a term $M$ is indexed by a result channel $z$ , written $\llbracket M\rrbracket_{z}$ , where the behaviour of $M$ may be observed.

$\begin{array}[]{lcllcl}\text{\bf Kind:}\\ \ \llbracket\mathsf{type}\rrbracket&\triangleq&\mathsf{stype}&\llbracket\mathsf{stype}\rrbracket&\triangleq&\mathsf{stype}\\ \ \llbracket\Pi x{:}\tau.K\rrbracket&\triangleq&\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket&\llbracket\Pi t::K_{1}.K_{2}\rrbracket&\triangleq&\Pi t{::}\llbracket K_{1}\rrbracket.\llbracket K_{2}\rrbracket\\ \text{\bf Functional:}\\ \ \llbracket\Pi x{:}\tau.\sigma\rrbracket&\triangleq&\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket&\llbracket\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}B_{i}}\vdash c{:}A\}\rrbracket&\triangleq&\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket B_{i}\rrbracket}\multimap\llbracket A\rrbracket\\ \ \llbracket\lambda x{:}\tau.\sigma\rrbracket&\triangleq&\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket&\llbracket\tau\,M\rrbracket&\triangleq&\llbracket\tau\rrbracket\,\{\llbracket M\rrbracket_{c}\}\\ \ \llbracket\lambda t{::}K.\tau\rrbracket&\triangleq&\lambda t{::}\llbracket K\rrbracket.\llbracket\tau\rrbracket&\llbracket\tau\,\sigma\rrbracket&\triangleq&\llbracket\tau\rrbracket\,\llbracket\sigma\rrbracket\\ \text{\bf Session:}\\ \ \llbracket\forall x{:}\tau.A\rrbracket&\triangleq&\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket A\rrbracket&\llbracket\exists x{:}\tau.A\rrbracket&\triangleq&\exists x{:}\{\llbracket\tau\rrbracket\}.\llbracket A\rrbracket\\ \ \llbracket\lambda x{:}\tau.A\rrbracket&\triangleq&\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket A\rrbracket&\llbracket A\,M\rrbracket&\triangleq&\llbracket A\rrbracket\,\{\llbracket M\rrbracket_{c}\}\end{array}$
$\begin{array}[]{l}\text{\bf Terms:}\\ \ \llbracket\lambda x{:}\tau.M\rrbracket_{z}\triangleq z(x{:}\{\llbracket\tau\rrbracket\}).\llbracket M\rrbracket_{z}\quad\quad\llbracket M\,N\rrbracket_{z}\triangleq({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{y}\}\rangle.[x\leftrightarrow z])\\ \ \llbracket x\rrbracket_{z}\triangleq y\leftarrow x;[y\leftrightarrow z]\quad\quad\llbracket\{z\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}\rrbracket_{z}\triangleq z(u_{0}).\dots.z(u_{j}).z(d_{0}).\dots.z(d_{n}).\llbracket P\rrbracket\end{array}$
$\begin{array}[]{lcl}{\text{\bf Processes:}}\\ \ \llbracket({\boldsymbol{\nu}}x)(P\mid Q)\rrbracket&\triangleq&({\boldsymbol{\nu}}x)(\llbracket P\rrbracket\mid\llbracket Q\rrbracket)\quad\llbracket\boldsymbol{0}\rrbracket\triangleq\boldsymbol{0}\quad\llbracket\overline{x}\langle y\rangle.(P\mid Q)\rrbracket\triangleq\overline{x}\langle y\rangle.(\llbracket P\rrbracket\mid\llbracket Q\rrbracket)\\ \ \llbracket x\langle M\rangle.P\rrbracket&\triangleq&x\langle\{\llbracket M\rrbracket_{y}\}\rangle.\llbracket P\rrbracket\quad\llbracket x(y).P\rrbracket\triangleq x(y).\llbracket P\rrbracket\\ \ \llbracket c\leftarrow M\leftarrow\overline{u_{j}};\overline{y_{i}};Q\rrbracket&\triangleq&({\boldsymbol{\nu}}c)(\llbracket M\rrbracket_{c}\mid\overline{c}\langle v_{1}\rangle.(\overline{u_{1}}\langle a_{1}\rangle.[a_{1}\leftrightarrow v_{1}]\mid\dots\mid\\ &&\overline{c}\langle d_{1}\rangle.([y_{1}\leftrightarrow d_{1}]\mid\dots\mid\overline{c}\langle d_{n}\rangle.([y_{n}\leftrightarrow d_{n}]\mid\llbracket Q\rrbracket)\dots)\end{array}$

Figure 7: An embedding of dependent functions into processes

The embedding is presented in Fig. 7, noting that the encoding extends straightforwardly to typing contexts, where functional contexts $\Psi,x{:}\tau$ are mapped to $\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}$ . The mapping of base kinds is straightforward. Dependent kinds $\Pi x{:}\tau.K$ rely on the monad for well-formedness and are encoded as (session) kinds of the form $\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket$ . The higher-kinded types in the functional layer are translated to the corresponding type-level constructs of the process layer where all objects that must be $\mathsf{type}$ -kinded rely on the monad to satisfy this constraint. For instance, $\lambda x{:}\tau.\sigma$ is mapped to the session-type abstraction $\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket$ and the type-level application $\tau\,M$ is translated to $\llbracket\tau\rrbracket\,\{\llbracket M\rrbracket_{c}\}$ . Given the observation above on embedding the dependent function type $\Pi x{:}\tau.\sigma$ , we translate it directly to $\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket$ , that is, functions from $\tau$ to $\sigma$ are mapped to sessions that input processes implementing $\llbracket\tau\rrbracket$ and then behave as $\llbracket\sigma\rrbracket$ accordingly. The encoding for monadic types simply realises the contextual nature of the monad by performing a sequence of inputs of the appropriate types (with the shared sessions being of ${!}$ type).

The mutually dependent nature of the framework requires us to extend the mapping to the process layer. Session types are mapped homomorphically (e.g. $\llbracket A\multimap B\rrbracket\triangleq\llbracket A\rrbracket\multimap\llbracket B\rrbracket$ ) with the exception of dependent inputs and outputs which rely on the monad, similarly for type-level functions and application.

The encoding of $\lambda$ -terms is guided by the embedding for types: the abstraction $\lambda x{:}\tau.M$ is mapped to an input of a term of type $\{\llbracket\tau\rrbracket\}$ with continuation $\llbracket M\rrbracket_{z}$ ; application $M\,N$ is mapped to the composition of the encoding of $M$ on a fresh name $x$ with the corresponding output of $\{\llbracket N\rrbracket_{y}\}$ , which is then forwarded to the result channel $z$ ; monadic expressions are translated to the appropriate sequence of inputs, as dictated by the translation of the monadic type; and, the translation of variables makes use of the monadic elimination form (since the encoding enforces variables to always be of monadic type) combined with forwarding to the appropriate result channel.

The mapping for processes is mostly homomorphic, using the monad constructor as needed. The only significant exception is the encoding for monadic elimination which must provide the encoded monadic term $\llbracket M\rrbracket_{c}$ with the necessary channels. Since the session calculus does not support communication of free names this is achieved by a sequence of outputs of fresh names combined with forwarding of the appropriate channel. To account for replicated sessions we must first trigger the replication via an output which is then forwarded accordingly.

We can illustrate our encoding via a simple example of an encoded function (we omit type annotations for conciseness):

\begin{array}[]{l}\llbracket(\lambda x.x)\,(\lambda x.\lambda y.y)\rrbracket_{z}=({\boldsymbol{\nu}}c)(\llbracket\lambda x.x\rrbracket_{c}\mid c\langle\{\llbracket\lambda x.\lambda y.y\rrbracket_{w}\}\rangle.[c\leftrightarrow z])=\\ \qquad({\boldsymbol{\nu}}c)(c(x).y\leftarrow x;[y\leftrightarrow c]\mid c\langle\{w(x).w(y).d\leftarrow y;[d\leftrightarrow w]\}\rangle.[c\leftrightarrow z])\\ \xrightarrow{}^{+}z(x).z(y).d\leftarrow y;[d\leftrightarrow z]\ =\ \llbracket\lambda x.\lambda y.y\rrbracket_{z}\end{array}

3.2 Properties of the Embedding

We now state the key properties satisfied by our embedding, ultimately resulting in type preservation and operational correspondence. For conciseness, in the statements below we list only the cases for terms and processes, omitting those for types and kinds (see Appendix 0.C). The key property that is needed is a notion of compositionality, which unlike in the sketch above no longer falls outside of definitional equality.

Lemma 3.1 (Compositionality)

1.

$\Psi;\Gamma;\Delta\vdash\llbracket M\{N/x\}\rrbracket_{z}=\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{y}\}/x\}::z{:}\llbracket A\{N/x\}\rrbracket$
2.

$\Psi;\Gamma;\Delta\vdash\llbracket P\{M/x\}\rrbracket::z{:}\llbracket A\{M/x\}\rrbracket$ iff $\Psi;\Gamma;\Delta\vdash\llbracket P\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::z{:}\llbracket A\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$

Given the dependently typed nature of the framework, establishing the key properties of the encoding must be done simultaneously (relying on some auxiliary results – see Appendix 0.C).

Theorem 3.2 (Preservation of Equality)

1.

If $\Psi\vdash M=N:\tau$ then $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}=\llbracket N\rrbracket_{z}::z{:}\llbracket\tau\rrbracket$
2.

If $\Psi;\Gamma;\Delta\vdash P=Q::z{:}A$ then $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket=\llbracket Q\rrbracket::z{:}\llbracket A\rrbracket$

Theorem 3.3 (Preservation of Typing)

1.

If $\Psi\vdash M:\tau$ then $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}::z{:}\llbracket\tau\rrbracket$
2.

If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ then $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket::z{:}\llbracket A\rrbracket$

Theorem 3.4 (Operational Correspondence)

If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ and $\Psi\vdash M:\tau$ then:

1.

(a) If $P\xrightarrow{}P^{\prime}$ then $\llbracket P\rrbracket\xrightarrow{}^{+}Q$ with $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash Q=\llbracket P^{\prime}\rrbracket::z{:}\llbracket A\rrbracket$ and (b) if $\llbracket P\rrbracket\xrightarrow{}P^{\prime}$ then $P\xrightarrow{}^{+}Q$ with $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash P^{\prime}=\llbracket Q\rrbracket::z{:}\llbracket A\rrbracket$
2.

(a) If $M\xrightarrow{}M^{\prime}$ then $\llbracket M\rrbracket_{z}\xrightarrow{}^{+}N$ with $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash N=\llbracket M^{\prime}\rrbracket_{z}::z{:}\llbracket\tau\rrbracket$ and (b) if $\llbracket M\rrbracket_{z}\xrightarrow{}P$ then $M\xrightarrow{}N$ with $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket N\rrbracket_{z}=P::z{:}\llbracket\tau\rrbracket$

In Theorem 3.4, (a) is commonly referred to as operational completeness, with (b) establishing soundness. As exemplified above, our encoding satisfies a very precise operational correspondence with the original $\lambda$ -terms.

4 Related and Future Work

Enriching Session Types via Type Structure.

Exploiting the linear logical foundations of session types, [27] considers a form of value dependencies where session types can state properties of exchanged data values, while the work [31] introduces the contextual monad in a simply-typed setting. Our development not only subsumes these two works, but goes beyond simple value dependencies by extending to a richer type structure and integrating dependencies with the contextual monad. Recently, [1] considers a non-conservative extension of linear logic-based session types with sharing, allowing true non-determinism. Their work includes dependent quantifications with shared channels, but their type syntax does not include free type variables, so the actual type dependencies do not arise (see [1, 37:8]). Thus none of the examples in this paper can be represented in [1]. The work [17] studies gradual session types. To the best of our knowledge, the main example in [17, § 2] is statically representable in our framework as in the example of § 1, where protocol actions depend on values that are communicated (or passed as function arguments).

In the context of multiparty session types, the theory of multiparty indexed session types is studied in [7], and implemented in a protocol description language [22]. The main aim of these works is to use indexed types to represent an arbitrary number of session participants. The work [33] extends [27] to multiparty sessions in order to treat value dependency across multiple participants. Extending our framework to multiparty [16] or non-logic based session types [15] is an interesting future topic.

Combining Linear and Dependent Types.

Many works have studied the various challenges of integrating linearity in dependent functional type theories. We focus on the most closely related works. The work [6] introduced the Linear Logical Framework (LLF), integrating linearity with the LF [11] type theory, which was later extended to the Concurrent Logical Framework (CLF) [35], accounting for further linear connectives. Their theory is representable in our framework through the contextual monad (encompassing full intuitionistic linear logic), depending on linearly-typed processes that can express dependently typed functions (§ 3).

The work of [18] integrates linearity with type dependencies by extending LNL [2]. Their work is aimed at reasoning about imperative programs using a form of Hoare triples, requiring features that we do not study in this work such has proof irrelevance and computationally irrelevant quantification. Formally, their type theory is extensional which introduces significant technical differences from our intensional type theory, such as a realisability model in the style of NuPRL [10] to establish consistency.

Recently, [8] proposed an extension of LLF with first-class contexts (which may contain both linear and unrestricted hypotheses). While the contextual aspects of their theory are reminiscent of our contextual monad, their framework differs significantly from ours, since it is designed to enable higher-order abstract syntax (commonplace in the LF family of type theories), focusing on a type system for canonical LF objects with a meta-language that includes contexts and context manipulation. They do not consider additives since their integration with first-class contexts can break canonicity.

While none of the above works considers processes as primitive, their techniques should be useful for, e.g. developing algorithmic type-checking and integrating inductive and coinductive session types based on [28, 32, 19].

Dependent Types and Higher-Order $\pi$ -calculus.

The work [37] studies a form of dependent types where the type of processes takes the form of a mapping $\Delta$ from channels $x$ to channel types $T$ representing an interface of process $P$ . The dependency is specified as $\Pi(x{:}T)\Delta$ , representing a channel abstraction of the environment. This notion is extended to an existential channel dependency type $\Sigma(x{:}T)\Delta$ to address fresh name creation [36, 13]. Combining our process monad with dependent types can be regarded as an “interface” which describes explicit channel usages for processes. The main differences are (1) our dependent types are more general, treating full dependent families including terms and processes in types, while [37, 36, 13] study only channel dependency to environments (i.e. neither terms nor processes appear in types, only channels); and (2) our calculus emits only fresh names, not needing to handle the complex scoping mechanism treated in [36, 13]. In this sense, the process monad provides an elegant framework to handle higher-order computations and assign non-trivial types to processes.
Acknowledgements. The authors would like to thank the anonymous reviews for their comments and suggestions. This work is partially supported by EPSRC EP/K034413/1, EP/K011715/1, EP/L00058X/1, EP/N027833/1 and EP/N028201/1.

References

[1] Balzer, S., Pfenning, F.: Manifest sharing with session types. PACMPL 1(ICFP), 37:1–37:29 (2017)
[2] Benton, N.: A mixed linear and non-linear logic: Proofs, terms and models (extended abstract). In: CSL. pp. 121–135 (1994)
[3] Caires, L., Pérez, J.A., Pfenning, F., Toninho, B.: Behavioral polymorphism and parametricity in session-based communication. In: ESOP 2013. pp. 330–349 (2013)
[4] Caires, L., Pfenning, F.: Session types as intuitionistic linear propositions. In: CONCUR 2010. pp. 222–236 (2010)
[5] Caires, L., Pfenning, F., Toninho, B.: Linear logic propositions as session types. Mathematical Structures in Computer Science 26(3), 367–423 (2016)
[6] Cervesato, I., Pfenning, F.: A linear logical framework. Inf. Comput. 179(1), 19–75 (2002)
[7] Deniélou, P., Yoshida, N., Bejleri, A., Hu, R.: Parameterised multiparty session types. Logical Methods in Computer Science 8(4) (2012), http://dx.doi.org/10.2168/LMCS-8(4:6)2012
[8] Georges, A.L., Murawska, A., Otis, S., Pientka, B.: LINCX: A linear logical framework with first-class contexts. In: ESOP. pp. 530–555 (2017)
[9] Girard, J.: Linear logic. Theor. Comput. Sci. 50, 1–102 (1987)
[10] Harper, R.: Constructing type systems over an operational semantics. Journal of Symbolic Computation 14(1), 71 – 84 (1992)
[11] Harper, R., Honsell, F., Plotkin, G.D.: A framework for defining logics. J. ACM 40(1), 143–184 (1993)
[12] Harper, R., Pfenning, F.: On equivalence and canonical forms in the LF type theory. ACM Trans. Comput. Log. 6(1), 61–101 (2005)
[13] Hennessy, M., Rathke, J., Yoshida, N.: safeDpi: a language for controlling mobile code. Acta Inf. 42(4-5), 227–290 (2005)
[14] Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: ESOP’98. pp. 122–138 (1998)
[15] Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type disciplines for structured communication-based programming. In: ESOP’98. vol. 1381, pp. 22–138 (1998)
[16] Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: POPL’08. pp. 273–284 (2008)
[17] Igarashi, A., Thiemann, P., Vasconcelos, V.T., Wadler, P.: Gradual session types. PACMPL 1(ICFP), 38:1–38:28 (2017)
[18] Krishnaswami, N.R., Pradic, P., Benton, N.: Integrating linear and dependent types. In: POPL’15. pp. 17–30 (2015)
[19] Lindley, S., Morris, J.G.: Talking bananas: structural recursion for session types. In: ICFP 2016. pp. 434–447 (2016)
[20] McBride, C.: Elimination with a motive. In: TYPES 2000,. pp. 197–216 (2000)
[21] Mostrous, D., Yoshida, N.: Two session typing systems for higher-order mobile processes. In: TLCA07. pp. 321–335 (2007)
[22] Ng, N., Yoshida, N.: Pabble: parameterised Scribble. Service Oriented Computing and Applications 9(3-4), 269–284 (2015)
[23] Norell, U.: Towards a practical programming language based on dependent type theory. Ph.D. thesis, Department of Computer Science and Engineering, Chalmers University of Technology (2007)
[24] Pérez, J.A., Caires, L., Pfenning, F., Toninho, B.: Linear logical relations for session-based concurrency. In: ESOP. pp. 539–558 (2012)
[25] Sangiorgi, D., Walker, D.: The pi-calculus: A theory of mobile processes. C.U.P (2001)
[26] Takeuchi, K., Honda, K., Kubo, M.: An interaction-based language and its typing system. In: PARLE’94. pp. 398–413 (1994)
[27] Toninho, B., Caires, L., Pfenning, F.: Dependent session types via intuitionistic linear type theory. In: PPDP’11. pp. 161–172 (2011)
[28] Toninho, B.: A Logical Foundation for Session-based Concurrent Computation. Ph.D. thesis, Carnegie Mellon University and New University of Lisbon (2015)
[29] Toninho, B., Caires, L., Pfenning, F.: Dependent session types via intuitionistic linear type theory. Tech. Rep. CMU-CS-11-139, School of Computer Science, Carnegie Mellon University (2011)
[30] Toninho, B., Caires, L., Pfenning, F.: Functions as session-typed processes. In: FOSSACS 2012. pp. 346–360 (2012)
[31] Toninho, B., Caires, L., Pfenning, F.: Higher-order processes, functions, and sessions: A monadic integration. In: ESOP. pp. 350–369 (2013)
[32] Toninho, B., Caires, L., Pfenning, F.: Corecursion and non-divergence in session-typed processes. In: TGC 2014. pp. 159–175 (2014)
[33] Toninho, B., Yoshida, N.: Certifying data in multiparty session types. Journal of Logical and Algebraic Methods in Programming 90(C), 61–83 (2017)
[34] Toninho, B., Yoshida, N.: Depending on session-typed processes. In: FoSSaCS (2018), to appear
[35] Watkins, K., Cervesato, I., Pfenning, F., Walker, D.: A concurrent logical framework: The propositional fragment. In: TYPES’03. pp. 355–377 (2003)
[36] Yoshida, N.: Channel dependent types for higher-order mobile processes. In: POPL’04. pp. 147–160 (2004)
[37] Yoshida, N., Hennessy, M.: Assigning types to processes. Inf. Comput. 174(2), 143–179 (2002)

Appendix 0.A Appendix – Dependently-typed Calculus

0.A.1 Complete Rules for Dependently-Typed System

We recall the meaning of the several judgments of our type theory:

\begin{array}[]{ll}\Psi\vdash&\mbox{Context $\Psi$ is well-formed.}\\ \Psi\vdash K&\mbox{$K$ is a kind in context $\Psi$.}\\ \Psi\vdash\tau::K&\mbox{$\tau$ is a (functional) type of kind $K$ in context $\Psi$.}\\ \Psi\vdash A::K&\mbox{$A$ is a session type of kind $K$ in context $\Psi$.}\\ \Psi\vdash M:\tau&\mbox{$M$ has type $\tau$ in context $\Psi$.}\\ \Psi;\Gamma;\Delta\vdash P::z{:}A&\mbox{$P$ offers session $z{:}A$ when composed with processes according}\\ &\mbox{to $\Gamma$ and $\Delta$ in context $\Psi$.}\\ \Psi\vdash K_{1}=K_{2}&\mbox{Kinds $K_{1}$ and $K_{2}$ are equal.}\\ \Psi\vdash\tau=\sigma::K&\mbox{Types $\tau$ and $\sigma$ are equal of kind $K$.}\\ \Psi\vdash A=B::K&\mbox{Session types $A$ and $B$ are equal of kind $K$.}\\ \Psi\vdash M=N:\tau&\mbox{Terms $M$ and $N$ are equal of type $\tau$.}\\ \Psi;\Gamma;\Delta\vdash P=Q::z{:}A&\mbox{Processes $P$ and $Q$ are equal with typing $z{:}A$.}\\ \end{array}

0.A.1.1 Well-formed Contexts

We write $\cdot$ for the empty context. We write $\Psi,x{:}\tau$ for the extension of context $\Psi$ with the binding $x{:}\tau$ . We assume that $x$ does not occur in $\Psi$ . We use a similar notation for the session typing contexts $\Delta$ and $\Gamma$ .

\begin{array}[]{c}\cdot\vdash\quad\Psi,x{:}\tau\vdash\lx@proof@logical@and\Psi\vdash\Psi\vdash\tau::\mathsf{type}\quad\Psi,t{::}K\vdash\lx@proof@logical@and\Psi\vdash\Psi\vdash K\quad\Psi;\Delta,x{:}A\vdash\lx@proof@logical@and\Psi\vdash\Psi;\Delta\vdash\Psi\vdash A::\mathsf{stype}\\[5.0pt] \Psi;\Gamma,x{:}A\vdash\lx@proof@logical@and\Psi\vdash\Psi;\Gamma\vdash\Psi\vdash A::\mathsf{stype}\end{array}

0.A.1.2 Well-formed Kinds

\begin{array}[]{c}\Psi\vdash\mathsf{type}\Psi\vdash\quad\Psi\vdash\mathsf{stype}\Psi\vdash\quad\Psi\vdash\Pi x{:}\tau.K\lx@proof@logical@and\Psi,x{:}\tau\vdash K\Psi\vdash\tau::\mathsf{type}\quad\Psi\vdash\Pi x{:}\tau.K\lx@proof@logical@and\Psi,x{:}\tau\vdash K\Psi\vdash\tau::\mathsf{stype}\\[5.0pt] \Psi\vdash\Pi t{::}K.K^{\prime}\Psi\vdash K\quad\Psi,t{::}K\vdash K^{\prime}\end{array}

0.A.2 Well-formed (Functional) Types

\begin{array}[]{c}\Psi\vdash\Pi x{:}\tau.\sigma::\mathsf{type}\lx@proof@logical@and\Psi\vdash\tau::\mathsf{type}\Psi,x{:}\tau\vdash\sigma::\mathsf{type}\quad\Psi\vdash\lambda x{:}\tau.\sigma::\Pi x{:}\tau.K\lx@proof@logical@and\Psi\vdash\tau::\mathsf{type}\Psi,x{:}\tau\vdash\sigma::K\\[5.0pt] \Psi\vdash\tau\,M::K\{M/x\}\Psi\vdash\tau::\Pi x{:}\sigma.K\quad\Psi\vdash M:\sigma\quad\Psi\vdash\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}::\mathsf{type}\lx@proof@logical@and\forall i,j.\Psi\vdash A_{i}::\mathsf{stype}\Psi\vdash B_{j}::\mathsf{stype}\Psi\vdash A::\mathsf{stype}\\[5.0pt] \Psi\vdash\lambda t{::}K.\sigma::\Pi t{::}K.K^{\prime}\Psi\vdash K\quad\Psi,t{::}K\vdash\sigma::K^{\prime}\quad\Psi\vdash\tau\,\sigma::K^{\prime}\{\sigma/t\}\Psi\vdash\tau::\Pi t{::}K.K^{\prime}\quad\Psi\vdash\sigma::K\\[5.0pt] \Psi\vdash t::Kt{::}K\in\Psi\quad\Psi\vdash\end{array}

0.A.3 Well-formed Session Types

\begin{array}[]{c}\Psi\vdash\mathbf{1}::\mathsf{stype}\Psi\vdash\quad\Psi\vdash{!}A::\mathsf{stype}\Psi\vdash A::\mathsf{stype}\quad\Psi\vdash A\multimap B::\mathsf{stype}\lx@proof@logical@and\Psi\vdash A::\mathsf{stype}\Psi\vdash B::\mathsf{stype}\\[5.0pt] \Psi\vdash A\otimes B::\mathsf{stype}\lx@proof@logical@and\Psi\vdash A::\mathsf{stype}\Psi\vdash B::\mathsf{stype}\quad\Psi\vdash\forall x{:}\tau.A::\mathsf{stype}\lx@proof@logical@and\Psi\vdash\tau::\mathsf{type}\Psi,x{:}\tau\vdash A::\mathsf{stype}\\[5.0pt] \quad\Psi\vdash\exists x{:}\tau.A::\mathsf{stype}\lx@proof@logical@and\Psi\vdash\tau::\mathsf{type}\Psi,x{:}\tau\vdash A::\mathsf{stype}\quad\Psi\vdash\mathbin{\binampersand}\{\overline{l_{i}:A_{i}}\}::\mathsf{stype}\forall i.\Psi\vdash A_{i}::\mathsf{stype}\\[5.0pt] \Psi\vdash\oplus\{\overline{l_{i}:A_{i}}\}::\mathsf{stype}\forall i.\Psi\vdash A_{i}::\mathsf{stype}\quad\Psi\vdash\lambda x{:}\tau.A::\Pi x{:}\tau.K\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\vdash A::K\\[5.0pt] \Psi\vdash A\,M::K\{M/x\}\lx@proof@logical@and\Psi\vdash A::\Pi x{:}\tau.K\Psi\vdash M:\tau\quad\Psi\vdash A::K^{\prime}\lx@proof@logical@and\Psi\vdash A::K\Psi\vdash K=K^{\prime}\\[5.0pt] \Psi\vdash\lambda t{::}K.A::\Pi t{::}K.K^{\prime}\Psi,t{::}K\vdash A::K^{\prime}\quad\Psi\vdash A\,B::K^{\prime}\{B/x\}\Psi\vdash A::\Pi t{::}K.K^{\prime}\quad\Psi\vdash B::K\quad\Psi\vdash t::K\Psi\vdash\quad t{::}K\in\Psi\end{array}

0.A.4 Typing for $\lambda$ -Terms

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\Pi I)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 63.28737pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\vdash M:\sigma}$}}}\vbox{}}}\over\hbox{\hskip 51.11723pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\Pi E)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 62.68314pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\Pi x{:}\tau.\sigma\quad\Psi\vdash N:\tau}$}}}\vbox{}}}\over\hbox{\hskip 44.2631pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M\,N:\sigma\{N/x\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{var})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 32.54329pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\quad x{:}\tau\in\Psi}$}}}\vbox{}}}\over\hbox{\qquad\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash x{:}\tau}$}}}}}}$}}}\par\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\{\}I)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 89.61742pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\forall i,j.\Psi\vdash A_{i},B_{j}::\mathsf{stype}\quad\Psi;\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash P::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 71.4263pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}:A_{i}}\vdash c{:}A\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{Conv})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 60.9853pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\tau\quad\Psi\vdash\tau=\sigma::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 22.14166pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\sigma}$}}}}}}$}}}\end{array}

0.A.5 Typing for Processes

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\exists}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 85.16693pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M{:}\tau\quad\Psi;\Gamma;\Delta\vdash P::c{:}A\{M/x\}}$}}}\vbox{}}}\over\hbox{\hskip 81.949pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c\langle M\rangle_{\exists x{:}\tau.A}.P::c{:}\exists x{:}\tau.A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\exists}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 94.62903pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\mathrel{;}\Gamma;\Delta,c{:}A\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 85.73376pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\mathrel{;}\Gamma;\Delta,c{:}\exists x{:}\tau.A\vdash c(x{:}\tau).Q::d{:}D}$}}}}}}$}}}\\[5.0pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\forall}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 81.31107pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}\quad\Psi,x{:}\tau\mathrel{;}\Gamma;\Delta\vdash P::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 73.2491pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c(x{:}\tau).P::c{:}\forall x{:}\tau.A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\forall}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 98.4849pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M{:}\tau\quad\Psi;\Gamma;\Delta,c{:}A\{M/x\}\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 95.26698pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}\forall x{:}\tau.A\vdash c\langle M\rangle_{\forall x{:}\tau.A}.Q::d{:}D}$}}}}}}$}}}\\[5.0pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{id})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 49.93048pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma\vdash\quad[\Psi\vdash A::\mathsf{stype}]}$}}}\vbox{}}}\over\hbox{\hskip 58.76823pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;d{:}A\vdash[d\leftrightarrow c]::c{:}A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\mathbf{1}}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\qquad\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma\vdash}$}}}\vbox{}}}\over\hbox{\hskip 29.9276pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\cdot\vdash\mathbf{0}::c{:}\mathbf{1}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\mathbf{1}}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 41.96579pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 50.61566pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}\mathbf{1}\vdash P::d{:}D}$}}}}}}$}}}\\[15.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{{!}}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 36.69258pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\cdot\vdash P::x{:}A}$}}}\vbox{}}}\over\hbox{\hskip 49.90903pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\cdot\vdash{!}c(x).P::c{:}{!}A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{{!}}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 54.41135pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma,u{:}A;\Delta\vdash P::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 70.40555pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}{!}A\vdash P\{c/u\}::d{:}D}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc(copy)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 67.40779pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma,u{:}A;\Delta,x{:}A\vdash P::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 75.45882pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma,u{:}A;\Delta\vdash({\boldsymbol{\nu}}x)u\langle x\rangle.P::d{:}D}$}}}}}}$}}}\\[15.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\otimes}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 90.54724pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta_{1}\vdash P_{1}::x{:}A\quad\Psi;\Gamma;\Delta\vdash P_{2}::c{:}B}$}}}\vbox{}}}\over\hbox{\hskip 95.49002pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta_{1},\Delta_{2}\vdash({\boldsymbol{\nu}}x)c\langle x\rangle.(P_{1}\mid P_{2})::c{:}A\otimes B}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\otimes}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 67.60649pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,x{:}A,c{:}B\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 75.60364pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}A\otimes B\vdash c(x).Q::d{:}D}$}}}}}}$}}}\\[15.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\multimap}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 54.28853pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,x{:}A\vdash P::c{:}B}$}}}\vbox{}}}\over\hbox{\hskip 64.50789pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c(x).P::c{:}A\multimap B}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\multimap}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 106.15652pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta_{1}\vdash Q_{1}::x{:}A\quad\Psi;\Gamma;\Delta_{2},c{:}B\vdash Q_{2}::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 112.46732pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta_{1},\Delta_{2},c{:}A\multimap B\vdash({\boldsymbol{\nu}}x)c\langle x\rangle.(Q_{1}\mid Q_{2})::d{:}D}$}}}}}}$}}}\\[15.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\mathbin{\binampersand}}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 95.6768pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P_{1}::c{:}A_{1}\;\dots\;\Psi;\Gamma;\Delta\vdash P_{n}::c{:}A_{n}}$}}}\vbox{}}}\over\hbox{\hskip 62.0497pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c.\mathsf{case}(\overline{l_{j}\Rightarrow P_{j}})::c{:}\mathbin{\binampersand}\{\overline{l_{j}{:}A_{j}}\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\mathbin{\binampersand}}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 54.59244pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}A_{i}\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 70.42982pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}\mathbin{\binampersand}\{\overline{l_{j}{:}A_{j}}\}\vdash c.l_{i};Q::d{:}D}$}}}}}}$}}}\\[15.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\oplus}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 42.66331pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::c{:}A_{i}}$}}}\vbox{}}}\over\hbox{\hskip 58.22295pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash c.l_{i};P::c{:}\oplus\{\overline{l_{j}{:}A_{j}}\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle({{\oplus}\mathsf{L}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 119.53503pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}A_{1}\vdash Q_{1}::d{:}D\;\dots\;\Psi;\Gamma;\Delta,c{:}A_{n}\vdash Q_{n}::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 76.4305pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,c{:}\oplus\{\overline{l_{j}{:}A_{j}}\}\vdash c.\mathsf{case}(\overline{l_{j}\Rightarrow Q_{j}})::d{:}D}$}}}}}}$}}}\\[15.00002pt] {\vbox{\hbox{\hbox{\small\sc(cut)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 104.80031pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta_{1}\vdash P::x{:}A\quad\Psi;\Gamma;\Delta_{2},x{:}A\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 71.84335pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta_{1},\Delta_{2}\vdash({\boldsymbol{\nu}}x)(P\mid Q)::d{:}D}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc(cut$\displaystyle{}^{!}$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 96.15218pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\cdot\vdash P::x{:}A\quad\Psi;\Gamma,u{:}A;\Delta\vdash Q::d{:}D}$}}}\vbox{}}}\over\hbox{\hskip 75.58177pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash({\boldsymbol{\nu}}u)({!}u(x).P\mid Q)::d{:}D}$}}}}}}$}}}\\[5.0pt] {\vbox{\hbox{\hbox{\small\sc($\displaystyle\{\}E$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 137.66548pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Delta^{\prime}=\overline{d_{i}:B_{i}}\quad\overline{u_{j}{:}C_{j}}\subseteq\Gamma\quad\Psi\vdash M:\{\overline{u_{j}{:}C_{j}};\overline{d_{i}{:}B_{i}}\vdash c{:}A\}\quad\Psi;\Gamma;\Delta,x{:}A\vdash Q::z{:}C}$}}}\vbox{}}}\over\hbox{\hskip 80.43236pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta^{\prime},\Delta\vdash x\leftarrow M\leftarrow\overline{u_{j}};\overline{y_{i}};Q::z{:}C}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc($\displaystyle{{\mathsf{Conv}}\mathsf{R}}$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 85.56223pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A\quad\Psi\vdash A=B::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 41.67345pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}B}$}}}}}}$}}}\par\quad\par{\vbox{\hbox{\hbox{\small\sc($\displaystyle{{\mathsf{Conv}}\mathsf{L}}$)}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 87.13007pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma^{\prime};\Delta^{\prime}\vdash P::z{:}A\quad\Psi;\Gamma^{\prime};\Delta^{\prime}=\Psi;\Gamma;\Delta}$}}}\vbox{}}}\over\hbox{\hskip 41.38005pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A}$}}}}}}$}}\par}\end{array}

0.A.6 Definitional Equality for Kinds

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{KEqR})$}}\hbox{$\displaystyle\displaystyle{\hbox{\qquad\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K}$}}}\vbox{}}}\over\hbox{\hskip 25.5971pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K=K}$}}}}}}$}}}\par\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{KEqS})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 62.38878pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{1}=K_{2}\quad\Psi\vdash K_{2}=K_{3}}$}}}\vbox{}}}\over\hbox{\hskip 28.69438pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{1}=K_{3}}$}}}}}}$}}}\par\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{KEqT})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 28.69438pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{2}=K_{1}}$}}}\vbox{}}}\over\hbox{\hskip 28.69438pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{1}=K_{2}}$}}}}}}$}}}\\[5.0pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{KEq}\Pi)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 79.36375pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\sigma::\mathsf{type}\quad\Psi,x{:}\tau\vdash K_{1}=K_{2}}$}}}\vbox{}}}\over\hbox{\hskip 59.17458pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\Pi x{:}\tau.K_{1}=\Pi x{:}\sigma.K_{2}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{KEqK}\Pi)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 77.15263pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{1}=K_{3}\quad\Psi,t{::}K_{1}\vdash K_{2}=K_{4}}$}}}\vbox{}}}\over\hbox{\hskip 69.05537pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\Pi t::K_{1}.K_{2}=\Pi t::K_{3}.K_{4}}$}}}}}}$}}}\end{array}

0.A.7 Definitional Equality for (Functional) Types

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqR})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 24.99126pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 33.84364pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\tau::\mathsf{type}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqT})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 76.10413pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau_{1}=\tau_{2}::\mathsf{type}\quad\Psi\vdash\tau_{2}=\tau_{3}::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 35.55206pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau_{1}=\tau_{3}::\mathsf{type}}$}}}}}}$}}}\\[5.0pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqS})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 34.51494pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\sigma=\tau::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 34.51494pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\sigma::\mathsf{type}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEq}\Pi)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 85.21216pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}\quad\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 66.68959pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\Pi x{:}\tau.\sigma=\Pi x{:}\tau^{\prime}.\sigma^{\prime}::\mathsf{type}}$}}}}}}$}}}\\[5.0pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEq}\lambda)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 82.2885pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}\quad\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::K}$}}}\vbox{}}}\over\hbox{\hskip 77.00372pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.\sigma=\lambda x{:}\tau^{\prime}.\sigma^{\prime}::\Pi x{:}\tau.K}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqApp})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 87.27852pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\sigma::\Pi x{:}\tau^{\prime}.K\quad\Psi\vdash M=N:\tau^{\prime}}$}}}\vbox{}}}\over\hbox{\hskip 60.9141pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau\,M=\sigma\,N::K\{M/x\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEq}\beta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 60.36371pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi,x{:}\tau\vdash\sigma::K\quad\Psi\vdash M:\tau}$}}}\vbox{}}}\over\hbox{\hskip 91.84749pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash(\lambda x{:}\tau.\sigma)\,M=\sigma\{M/x\}::K\{M/x\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEq}\eta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 67.69713pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\sigma::\Pi x{:}\tau.K\quad x\not\in fv(\sigma)}$}}}\vbox{}}}\over\hbox{\hskip 64.92908pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.\sigma\,x=\sigma::\Pi x{:}\tau.K}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEq}\{\})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 145.96251pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\forall i,j.\quad\Psi\vdash A_{i}=B_{i}::\mathsf{stype}\quad\Psi\vdash C_{j}=D_{j}::\mathsf{stype}\quad\Psi\vdash A=B::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 81.59296pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\{\overline{u_{j}{:}C_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}=\{\overline{u_{j}{:}D_{j}};\overline{d_{i}{:}B_{i}}\vdash c{:}B\}::\mathsf{type}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqT}\lambda)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 82.29259pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{1}=K_{2}\quad\Psi,t{::}K_{1}\vdash\tau=\sigma::K_{3}}$}}}\vbox{}}}\over\hbox{\hskip 92.37236pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda t{::}K_{1}.\tau=\lambda t{::}K_{2}.\sigma::\Pi x{:}K_{1}.K_{3}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqTApp})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 94.87712pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau_{1}=\sigma_{1}::\Pi t{::}K_{1}.K_{2}\quad\Psi\vdash\tau_{2}=\sigma_{2}:K_{1}}$}}}\vbox{}}}\over\hbox{\hskip 61.58385pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau_{1}\,\tau_{2}=\sigma_{1}\,\sigma_{2}::K_{2}\{\tau_{2}/t\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqT}\beta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 65.11893pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi,t{::}K\vdash\tau::K^{\prime}\quad\Psi\vdash\sigma::K}$}}}\vbox{}}}\over\hbox{\hskip 85.49799pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash(\lambda t{::}K.\tau)\,\sigma=\tau\{\sigma/t\}::K^{\prime}\{\sigma/t\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TEqConv})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 63.59117pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\sigma::K\quad\Psi\vdash K=K^{\prime}}$}}}\vbox{}}}\over\hbox{\hskip 32.99405pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\sigma::K^{\prime}}$}}}}}}$}}}\end{array}

0.A.8 Definitional Equality for Session Types

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqR})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 28.47217pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 38.88878pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=A::\mathsf{stype}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqS})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 39.18217pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash B=A::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 39.18217pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=B::\mathsf{stype}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqT})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 83.5456pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=B::\mathsf{stype}\quad\Psi\vdash B=C::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 40.88596pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=C::s\mathsf{type}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}{!})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 39.18217pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=B::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 41.95996pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash{!}A={!}B::\mathsf{stype}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\!\multimap)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 83.78067pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=C::\mathsf{stype}\quad\Psi\vdash B=D::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 64.05846pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A\multimap B=C\multimap D::\mathsf{stype}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\otimes)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 83.78067pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=C::\mathsf{stype}\quad\Psi\vdash B=D::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 59.61403pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A\otimes B=C\otimes D::\mathsf{stype}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\forall)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 89.19418pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}\quad\Psi,x{:}\tau\vdash A=B::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 70.3938pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\forall x{:}\tau.A=\forall x{:}\tau^{\prime}.B::\mathsf{stype}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\exists)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 89.19418pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}\quad\Psi,x{:}\tau\vdash A=B::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 70.3938pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\exists x{:}\tau.A=\exists x{:}\tau^{\prime}.B::\mathsf{stype}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\mathbin{\binampersand})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 47.28963pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\forall i.\Psi\vdash A_{i}=B_{i}::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 51.3889pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\mathbin{\binampersand}\{\overline{l_{i}{:}A_{i}}\}=\mathbin{\binampersand}\{\overline{l_{i}{:}B_{i}}\}::\mathsf{stype}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\oplus)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 47.28963pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\forall i.\Psi\vdash A_{i}=B_{i}::\mathsf{stype}}$}}}\vbox{}}}\over\hbox{\hskip 53.61107pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\oplus\{\overline{l_{i}{:}A_{i}}\}=\oplus\{\overline{l_{i}{:}B_{i}}\}::\mathsf{stype}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\lambda)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 84.35385pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}\quad\Psi,x{:}\tau\vdash A=B::K}$}}}\vbox{}}}\over\hbox{\hskip 79.06909pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.A=\lambda x{:}\tau^{\prime}.B::\Pi x{:}\tau.K}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqApp})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 86.94577pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=B::\Pi x{:}\tau.K\quad\Psi\vdash M=N:\tau}$}}}\vbox{}}}\over\hbox{\hskip 63.66467pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A\,M=B\,N::K\{M/x\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\beta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 61.25665pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi,x{:}\tau\vdash A::K\quad\Psi\vdash M:\tau}$}}}\vbox{}}}\over\hbox{\hskip 93.63338pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash(\lambda x{:}\tau.A)\,M=A\{M/x\}::K\{M/x\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEq}\eta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 69.48302pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A::\Pi x{:}\tau.K\quad x\not\in fv(A)}$}}}\vbox{}}}\over\hbox{\hskip 66.71497pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.A\,x=A::\Pi x{:}\tau.K}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqT}\lambda)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 85.04317pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash K_{1}=K_{2}\quad\Psi,t{::}K_{1}\vdash A=B::K_{3}}$}}}\vbox{}}}\over\hbox{\hskip 95.12294pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda t{::}K_{1}.A=\lambda t{::}K_{2}.B::\Pi x{:}K_{1}.K_{3}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqTApp})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 97.37775pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=C::\Pi t{::}K_{1}.K_{2}\quad\Psi\vdash B=D:K_{1}}$}}}\vbox{}}}\over\hbox{\hskip 62.03241pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A\,B=C\,D::K_{2}\{B/t\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqT}\beta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 67.8695pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi,t{::}K\vdash A::K^{\prime}\quad\Psi\vdash B::K}$}}}\vbox{}}}\over\hbox{\hskip 92.18549pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash(\lambda t{::}K.A)\,B=A\{B/t\}::K^{\prime}\{B/t\}}$}}}}}}$}}}\quad\par\par{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{STEqConv})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 66.34175pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=B::K\quad\Psi\vdash K=K^{\prime}}$}}}\vbox{}}}\over\hbox{\hskip 35.74463pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash A=B::K^{\prime}}$}}}}}}$}}}\end{array}

0.A.9 Definitional Equality for $\lambda$ -Terms

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEqR})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 21.47037pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\tau}$}}}\vbox{}}}\over\hbox{\hskip 33.5328pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=M:\tau}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEqS})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 32.69946pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash N=M:\tau}$}}}\vbox{}}}\over\hbox{\hskip 32.69946pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=N:\tau}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEqT})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 69.59344pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=N^{\prime}:\tau\quad\Psi\vdash N^{\prime}=N:\tau}$}}}\vbox{}}}\over\hbox{\hskip 32.69946pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=N:\tau}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEqVar})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 32.54329pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\quad x{:}\tau\in\Psi}$}}}\vbox{}}}\over\hbox{\hskip 28.45642pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash x=x:\tau}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\lambda)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 97.04874pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\begin{array}[]{c}\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma\quad\Psi\vdash\lambda x{:}\tau^{\prime}.N:\Pi x{:}\tau^{\prime}.\sigma^{\prime}\\ \Psi\vdash\Pi x{:}\tau.\sigma=\Pi x{:}\tau^{\prime}.\sigma^{\prime}::\mathsf{type}\quad\Psi,x{:}\tau\vdash M=N:\sigma\end{array}}$}}}\vbox{}}}\over\hbox{\hskip 78.09799pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.M=\lambda x{:}\tau^{\prime}.N:\Pi x{:}\tau.\sigma}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEqApp})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 86.00252pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=M^{\prime}:\Pi x{:}\tau.\sigma\quad\Psi\vdash N=N^{\prime}:\tau}$}}}\vbox{}}}\over\hbox{\hskip 63.13805pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M\,N=M^{\prime}\,N^{\prime}:\sigma\{N/x\}}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\beta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 91.70218pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{[\Psi\vdash\tau::\mathsf{type}]\quad\Psi,x{:}\tau\vdash M:\sigma\quad\Psi\vdash N:\tau}$}}}\vbox{}}}\over\hbox{\hskip 91.0112pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash(\lambda x{:}\tau.M)\,N=M\{N/x\}:\sigma\{N/x\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\eta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 69.63867pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\Pi x{:}\tau.\sigma\quad x\not\in fv(M)}$}}}\vbox{}}}\over\hbox{\hskip 66.87062pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\lambda x{:}\tau.M\,x=M:\Pi x{:}\tau.\sigma}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\{\}\eta)$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 45.19833pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}}$}}}\vbox{}}}\over\hbox{\hskip 124.62756pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\{c\leftarrow(y\leftarrow M;\overline{u_{j}};\overline{d_{i}};[y\leftrightarrow c])\leftarrow\overline{u_{j}};\overline{d_{i}}\}=M:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEq}\{\})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 129.12569pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{[\forall i,j.\Psi\vdash B_{j}::\mathsf{stype}\quad\Psi\vdash A_{i}::\mathsf{stype}]\quad\Psi;\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash P=Q::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 109.76497pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}=\{c\leftarrow Q\leftarrow\overline{u_{j}};\overline{d_{i}}\}:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{TMEqConv})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 72.2144pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=N:\tau\quad\Psi\vdash\tau=\sigma::\mathsf{type}}$}}}\vbox{}}}\over\hbox{\hskip 33.37076pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi\vdash M=N:\sigma}$}}}}}}$}}}\end{array}

0.A.10 Definitional Equality for Processes

\begin{array}[]{c}{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{PEqRefl})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 41.38005pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A}$}}}\vbox{}}}\over\hbox{\hskip 51.95117pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P=P::z{:}A}$}}}}}}$}}}\quad{\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{PEqS})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 51.99944pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash Q=P::z{:}A}$}}}\vbox{}}}\over\hbox{\hskip 51.99944pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P=Q::z{:}A}$}}}}}}$}}}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{PEqT})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 108.92943pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P=Q::z{:}A\quad\Psi;\Gamma;\Delta\vdash Q=R::z{:}A}$}}}\vbox{}}}\over\hbox{\hskip 51.88173pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P=R::z{:}A}$}}}}}}$}}}\\[10.00002pt] {\hbox{$\displaystyle\displaystyle{\hbox{\hskip 103.16566pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::z{:}A\quad P\xrightarrow{}Q\quad\Psi;\Gamma;\Delta\vdash Q::z{:}A}$}}}\vbox{}}}\over\hbox{\hskip 51.99944pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P=Q::z{:}A}$}}}}}}$}}\\[10.00002pt] \raise 7.25pt\hbox{$\hbox{$\hbox{\small\sc$(\mathsf{PEq}\forall\eta)$}\,$}{\hbox{$\displaystyle\displaystyle{\hbox{}\over\hbox{\hskip 132.99133pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;d{:}\forall x{:}\tau.A\vdash c(x).d\langle x\rangle.[d\leftrightarrow c]=[d\leftrightarrow c]::c{:}\forall x{:}\tau.A}$}}}}}}$}}\hbox{}$}\\[10.00002pt] \raise 7.25pt\hbox{$\hbox{$\hbox{\small\sc$(\mathsf{PEqCC}\forall)$}\,$}{\hbox{$\displaystyle\displaystyle{\hbox{\hskip 113.36952pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash P::d{:}B\quad\Psi,x{:}\tau;\Gamma;\Delta^{\prime},d{:}B\vdash Q::c{:}A}$}}}\vbox{}}}\over\hbox{\hskip 135.27559pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta,\Delta^{\prime}\vdash({\boldsymbol{\nu}}d)(P\mid c(x).Q)=c(x).({\boldsymbol{\nu}}d)(P\mid Q)::c{:}\forall x{:}\tau.A}$}}}}}}$}}\hbox{}$}\\[10.00002pt] {\vbox{\hbox{\hbox{\small\sc$\displaystyle(\mathsf{PEq}{{\forall}\mathsf{R}})$}}\hbox{$\displaystyle\displaystyle{\hbox{\hskip 161.44868pt\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\begin{array}[]{c}\Psi;\Gamma;\Delta\vdash z(x{:}\tau).P::z{:}\forall x{:}\tau.A\quad\Psi;\Gamma;\Delta\vdash z(x{:}\tau^{\prime}).Q::z{:}\forall x{:}\tau^{\prime}.B\\ \Psi\vdash\forall x{:}\tau.A=\forall x{:}\tau^{\prime}.B::\mathsf{stype}\quad\Psi,x{:}\tau;\Gamma;\Delta\vdash P=Q::z{:}A\end{array}}$}}}\vbox{}}}\over\hbox{\hskip 103.90027pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{\Psi;\Gamma;\Delta\vdash z(x{:}\tau).P=z(x{:}\tau^{\prime}).Q::z{:}\forall x{:}\tau.A}$}}}}}}$}}}\\[10.00002pt] \mbox{(Other congruence, $\eta$ and CC rules)}\end{array}

Appendix 0.B Type Soundness

We use $\Psi\vdash\mathcal{J}$ to signify any of the judgments $\Psi\vdash K$ , $\Psi\vdash A::K$ , $\Psi\vdash\tau::K$ and respective definitional equality judgments. We use $\Psi;\Gamma;\Delta\vdash\mathcal{J}$ in a similar fashion.

Lemma 0.B.1 (Subderivation Properties)

1.

Every derivation of $\Psi\vdash\mathcal{J}$ has a proof of $\Psi\vdash$ as a sub-proof.
2.

Every derivation of $\Psi,x{:}\tau\vdash$ has a proof of $\Psi\vdash\tau::\mathsf{type}$ as a sub-proof.
3.

Every derivation of $\Psi,t{::}K\vdash$ has a proof of $\Psi\vdash K$ as a sub-proof.
4.

Every derivation of $\Psi,x{:}K\vdash$ has a proof of $\Psi\vdash K$ as a sub-proof.
5.

If $\Psi\vdash\tau::K$ or $\Psi\vdash A::K$ then $\Psi\vdash K$
6.

If $\Psi\vdash M:\tau$ then $\Psi\vdash\tau::\mathsf{type}$
7.

If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ then $\Psi\vdash A::\mathsf{stype}$

Proof

By induction on the given derivation.

Case:: Kind well-formedness

Straightforward by induction.
Case:: Functional type well-formedness

Straightforward by induction.
Case:: Session type well-formedness

Straightforward by induction.
Case:: Typing for terms

Straightforward by induction. Base-case is immediate.
Case:: Typing for processes

Straightforward by induction. Base-cases are immediate.
Case:: Kind equivalence

Straightforward, base case is reflexivity (from i.h. for well-formedness).
Case:: Type Equivalence

As above.
Case:: Session type equivalence

As above.

Lemma 0.B.2 (Weakening)

If $\Psi\vdash$ and $\Psi^{\prime}\vdash$ and $\Psi\subseteq\Psi^{\prime}$ then:

1.

$\Psi\vdash\mathcal{J}$ implies $\Psi^{\prime}\vdash\mathcal{J}$
2.

$\Psi;\Gamma;\Delta\vdash\mathcal{J}$ implies $\Psi^{\prime};\Gamma;\Delta\vdash\mathcal{J}$

Proof

Straightforward induction on the given derivation.

See 2.1

Proof

By induction on the second given derivation. We show only some illustrative cases.

Case:

$\mathsf{TypeAppWF}$

\Psi,x{:}\tau,\Psi^{\prime}\vdash\tau^{\prime}::\Pi y{:}\sigma.K

and

\Psi,x{:}\tau,\Psi^{\prime}\vdash M^{\prime}:\sigma

by inversion

\Psi,\Psi^{\prime}\vdash\tau^{\prime}\{M/x\}::\Pi y{:}\sigma\{M/x\}.K\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\vdash M^{\prime}\{M/x\}:\sigma\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\vdash\tau^{\prime}\{M/x\}\,M^{\prime}\{M/x\}:K\{M^{\prime}/y\}\{M/x\}

\mathsf{TypeAppWF}

Case:

$\mathsf{KindConv}$

\Psi,x{:}\tau,\Psi^{\prime}\vdash\tau::K

and

\Psi,x{:}\tau,\Psi^{\prime}\vdash K=K^{\prime}

by inversion

\Psi,\Psi^{\prime}\vdash\tau\{M/x\}::K\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\vdash K\{M/x\}=K^{\prime}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\vdash\tau\{M/x\}::K^{\prime}\{M/x\}

\mathsf{KindConv}

Case:

$\mathsf{Var}$

Subcase:

x=y

\Psi\vdash M:\tau

by assumption

\Psi,\Psi^{\prime}\{M/x\}\vdash M:\tau

by weakening

Subcase:

x\neq y

\Psi,x{:}\tau,\Psi^{\prime},y{:}\tau^{\prime}\vdash y{:}\tau^{\prime}

by weakening and

\mathsf{Var}

Case:

$\mathsf{TEq}\beta$

\Psi,x{:}\tau,\Psi^{\prime},y{:}\tau^{\prime}\vdash\sigma::K

and

\Psi,x{:}\tau,\Psi^{\prime}\vdash M^{\prime}:\tau^{\prime}

by inversion

\Psi,\Psi^{\prime}\{M/x\},y{:}\tau^{\prime}\{M/x\}\vdash\sigma\{M/x\}::K\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash M^{\prime}\{M/x\}:\tau^{\prime}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash(\lambda y{:}\tau^{\prime}\{M/x\}.\sigma\{M/x\})\,M^{\prime}\{M/x\}=\sigma\{M/x\}\{M^{\prime}\{M/x\}/y\}::K\{M^{\prime}/x\}\{M\{M/x\}/y\}

\mathsf{TEq}\beta

Case:

$\mathsf{TEq}\eta$

\Psi,x{:}\tau,\Psi^{\prime}\vdash\sigma::\Pi y{:}\tau^{\prime}.K

and

y\not\in fv(\sigma)

by inversion

\Psi,\Psi^{\prime}\{M/x\}\vdash\sigma\{M/x\}::\Pi y{:}\tau^{\prime}\{M/x\}.K\{M/x\}

by i.h

\Psi,\Psi^{\prime}\{M/\}\vdash\lambda y{:}\tau^{\prime}\{M/x\}.(\sigma\{M/x\}\,y)=\sigma\{M/x\}::\Pi y{:}\tau^{\prime}\{M/x\}.K\{M/x\}

\mathsf{TEq}\eta

Case:

$\mathsf{PEqRed}$

\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta\vdash P::z{:}A

P\xrightarrow{}^{*}Q

and

\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta\vdash Q::z{:}A

by inversion

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}::z{:}A\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash Q\{M/x\}::z{:}A\{M/x\}

by i.h.

P\{M/x\}\xrightarrow{}^{*}Q\{M/x\}

by compatibility of reduction with substitution

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=Q\{M/x\}::z{:}A\{M/x\}

\mathsf{PEqRed}

Lemma 0.B.3 (Type Substitution)

1.

If $\Psi\vdash\tau::K$ and $\Psi,t{::}K,\Psi^{\prime}\vdash\mathcal{J}$ then $\Psi,\Psi^{\prime}\{\tau/t\}\vdash\mathcal{J}\{\tau/t\}$ ;
2.

If $\Psi\vdash\tau::K$ and $\Psi,t{::}K,\Psi^{\prime};\Gamma;\Delta\vdash\mathcal{J}$ then $\Psi,\Psi^{\prime}\{\tau/t\};\Gamma\{\tau/t\};\Delta\{\tau/t\}\vdash\mathcal{J}\{\tau/t\}$
3.

If $\Psi\vdash A::K$ and $\Psi,t{::}K,\Psi^{\prime}\vdash\mathcal{J}$ then $\Psi,\Psi^{\prime}\{A/t\}\vdash\mathcal{J}\{A/t\}$ ;
4.

If $\Psi\vdash A::K$ and $\Psi,t{::}K,\Psi^{\prime};\Gamma;\Delta\vdash\mathcal{J}$ then $\Psi,\Psi^{\prime}\{A/t\};\Gamma\{A/t\};\Delta\{A/t\}$

Lemma 0.B.4 (Context Conversion)

Let $\Psi,x{:}\tau\vdash$ and $\Psi\vdash\tau^{\prime}::K$ . If $\Psi,x{:}\tau\vdash\mathcal{J}$ and $\Psi\vdash\tau=\tau^{\prime}::K$ then $\Psi,x{:}\tau^{\prime}\vdash\mathcal{J}$ .

Proof

Straightforward from the properties above.

\Psi,x{:}\tau^{\prime}\vdash x{:}\tau^{\prime}

by variable rule

\Psi\vdash\tau^{\prime}=\tau::K

by symmetry

\Psi,x{:}\tau^{\prime}\vdash x{:}\tau

by conversion

\Psi,x^{\prime}{:}\tau\vdash\alpha\{x^{\prime}/x\}

renaming assumption

\Psi,x{:}\tau^{\prime},x^{\prime}{:}\tau\vdash\alpha\{x^{\prime}/x\}

by weakening

\Psi,x{:}\tau^{\prime}\vdash\alpha\{x^{\prime}/x\}\{x/x^{\prime}\}

by substitution

\Psi,x{:}\tau^{\prime}\vdash\alpha

by definition

Lemma 0.B.5 (Context Conversion – Processes)

Let $\Psi,x{:}\tau;\Delta\vdash$ , $\Psi,x{:}\tau;\Gamma\vdash$ and $\Psi\vdash\tau::\mathsf{type}$ . If $\Psi,x{:}\tau;\Gamma;\Delta\vdash\mathcal{J}$ and $\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}$ then $\Psi,x{:}\tau^{\prime};\Gamma;\Delta\vdash\mathcal{J}$

Proof

Straightforward by Lemma 0.B.4.

Lemma 0.B.6 (Context Conversion – Types)

Let $\Psi,t{::}K\vdash$ and $\Psi\vdash K^{\prime}$ . If $\Psi,t{::}K\vdash\mathcal{J}$ and $\Psi\vdash K=K^{\prime}$ then $\Psi,t{::}K^{\prime}\vdash\mathcal{J}$

Proof

Identical to Lemma 0.B.4

Lemma 0.B.7 (Functionality of Typing)

Assume $\Psi\vdash M=N:\tau$ , $\Psi\vdash M:\tau$ and $\Psi\vdash N:\tau$ :

1.

If $\Psi,x{:}\tau,\Psi^{\prime}\vdash M^{\prime}:\tau^{\prime}$ then $\Psi,\Psi^{\prime}\{M/x\}\vdash M^{\prime}\{M/x\}=M^{\prime}\{N/x\}:\tau^{\prime}\{M/x\}$
2.

If $\Psi,x{:}\tau,\Psi^{\prime}\vdash\tau^{\prime}::K$ then $\Psi,\Psi^{\prime}\{M/x\}\vdash\tau^{\prime}\{M/x\}=\tau^{\prime}\{N/x\}::K\{M/x\}$
3.

If $\Psi,x{:}\tau,\Psi^{\prime}\vdash A::K$ then $\Psi,\Psi^{\prime}\{M/x\}\vdash A\{M/x\}=A\{N/x\}::K\{M/x\}$
4.

If $\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta\vdash P::z{:}A$ then $\Psi;\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=P\{N/x\}::z{:}A\{N/x\}$
5.

If $\Psi,x{:}\tau,\Psi^{\prime}\vdash K$ then $\Psi,\Psi^{\prime}\{M/x\}\vdash K\{M/x\}=K\{N/x\}$

Proof

By induction on the given typing derivation.

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash x{:}\tau$ by variable rule

\Psi\vdash M=N:\tau

by assumption

\Psi,\Psi^{\prime}\{M/x\}\vdash M=N:\tau

by weakening

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash y{:}\sigma$ with $y{:}\sigma\in\Psi$ or $\Psi^{\prime}$

y:\sigma\in\Psi

y{:}\sigma\{M/x\}\in\Psi^{\prime}\{M/x\}

by definition

\Psi,\Psi^{\prime}\{M/x\}\vdash y=y:\sigma\{M/x\}

by reflexivity

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash M_{0}\,N_{0}:\sigma_{0}\{N_{0}/y\}$ from $\Pi E$

\Psi,\Psi^{\prime}\{M/x\}\vdash M_{0}\{M/x\}=M_{0}\{N/x\}:\Pi y{:}\sigma_{1}\{M/x\}.\sigma_{0}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash N_{0}\{M/x\}=N_{0}\{N/x\}:\sigma_{1}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash M_{0}\{M/x\}\,N_{0}\{M/x\}=M_{0}\{N/x\}\,N_{0}\{N/x\}:(\sigma_{0}\{M/x\})\{(N_{0}\{M/x\})/y\}

\mathsf{TMEqApp}

rule

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash\lambda y{:}\tau_{0}.M_{0}:\Pi y{:}\tau_{0}.\tau_{1}$ by $\Pi I$ rule

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{N/x\}::\mathsf{type}

by i.h.

\Psi,\Psi^{\prime}\{M/x\},y{:}\tau_{0}\{M/x\}\vdash M_{0}\{M/x\}=M_{0}\{N/x\}:\tau_{1}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}::\mathsf{type}

by substitution lemma

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{M/x\}::\mathsf{type}

by reflexivity

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{N/x\}=\tau_{0}\{M/x\}::\mathsf{type}

by symmetry

\Psi,\Psi^{\prime}\{M/x\}\vdash\lambda y{:}\tau_{0}\{M/x\}.M_{0}\{M/x\}=\lambda y{:}\tau_{0}\{N/x\}.M_{0}\{N/x\}:\Pi y{:}\tau_{0}\{M/x\}.\tau_{1}\{M/x\}

\mathsf{TMEq}\lambda

rule

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}:\{\Gamma;\Delta\vdash c{:}A\}$ by $\{\}I$

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=P\{N/x\}::c{:}A\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\overline{A_{j}\{M/x\}}::\mathsf{stype}

by substitution lemma

\Psi,\Psi^{\prime}\{M/x\}\vdash\overline{B_{i}\{M/x\}}::\mathsf{stype}

by substitution lemma

Conclude by

\mathsf{TMEq}\{\}

rule

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash M_{0}:\tau_{0}$ by conversion rule

\Psi,\Psi^{\prime}\{M/x\}\vdash M_{0}\{M/x\}=M_{0}\{N/x\}:\tau_{0}^{\prime}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}^{\prime}\{M/x\}::\mathsf{type}

by substitution lemma

\Psi,\Psi^{\prime}\{M/x\}\vdash M_{0}\{M/x\}=M_{0}\{N/x\}:\tau_{0}\{M/x\}

by conversion rule

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash\Pi y{:}\tau_{0}.\tau_{1}::\mathsf{type}$ by $\Pi$ formation rule

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}::\mathsf{type}

by substitution

\Psi,\Psi^{\prime}\{M/x\},y{:}\tau_{0}\{M/x\}\vdash\tau_{1}\{M/x\}=\tau_{1}\{N/x\}::\mathsf{type}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{N/x\}::\mathsf{type}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\Pi y{:}\tau_{0}\{M/x\}.\tau_{1}\{M/x\}=\Pi y{:}\tau_{0}\{N/x\}.\tau_{1}\{N/x\}::\mathsf{type}

\Pi

formation rule

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash\lambda y{:}\tau_{0}.\sigma::\Pi y{:}\tau_{0}.K_{0}$ by $\lambda$ formation rule

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{N/x\}::\mathsf{type}

by i.h.

\Psi,\Psi^{\prime}\{M/x\},y{:}\tau_{0}\{M/x\}\vdash\sigma\{M/x\}=\sigma\{N/x\}::K_{0}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\lambda y{:}\tau_{0}\{M/x\}.\sigma\{M/x\}=\lambda y{:}\tau_{0}\{N/x\}.\sigma\{N/x\}::\Pi y{:}\tau_{0}\{M/x\}.K_{0}\{M/x\}

\lambda

formation rule

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash\tau_{0}\,M_{0}::K_{0}\{M/y\}$ by type application formation rule

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{N/x\}::\Pi y{:}\tau_{1}\{M/x\}.K_{0}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash M_{0}\{M/x\}=M_{0}\{N/x\}:\tau_{1}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}\,M_{0}\{M/x\}=\tau_{0}\{M/x\}\,M_{0}\{M/x\}::K_{0}\{M_{0}/y\}\{M/x\}

by type app. formation rule and def. of substitution

Case:

$\{\}$ formation rule

Straightforward by i.h.

Case:

$\Psi,x{:}\tau,\Psi^{\prime}\vdash\tau_{0}::K_{0}$ by conversion rule

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{N/x\}::K_{1}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash K_{1}\{M/x\}=K_{0}\{M/x\}

by substitution lemma

\Psi,\Psi^{\prime}\{M/x\}\vdash\tau_{0}\{M/x\}=\tau_{0}\{N/x\}::K_{0}\{M/x\}

by conversion

Case:

$\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta\vdash c\langle M_{0}\rangle.P_{0}::c{:}\exists y{:}\tau_{0}.A_{0}$ by ${{\exists}\mathsf{R}}$

\Psi,\Psi^{\prime}\{M/x\}\vdash M_{0}\{M/x\}=M_{0}\{N/x\}:\tau_{0}\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P_{0}\{M/x\}=P_{0}\{N/x\}::c{:}A_{0}\{M_{0}/y\}\{M/x\}

by i.h.

Conclude by

\mathsf{PEq}{{\exists}\mathsf{R}}

Case:

$\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta,y{:}\exists w{:}\sigma.A\vdash y(w{:}\sigma).P_{0}::z{:}C$ by ${{\exists}\mathsf{L}}$

\Psi,\Psi^{\prime}\{M/x\},w{:}\sigma\{M/x\};\Gamma\{M/x\};\Delta\{M/x\},y{:}A\{M/x\}\vdash P_{0}\{M/x\}=P_{0}\{N/x\}::z{:}C\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash\sigma\{M/x\}::\mathsf{type}

by substitution lemma

Conclude by

\mathsf{PEq}{{\exists}\mathsf{L}}

Case:

$\Psi,x{:}\tau,\Psi^{\prime};\Gamma;\Delta\vdash P::z{:}B$ by ${{\mathsf{Conv}}\mathsf{R}}$

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=P\{N/x\}::z{:}A\{M/x\}

by i.h.

\Psi,\Psi^{\prime}\{M/x\}\vdash A\{M/x\}=B\{M/x\}::\mathsf{stype}

by substitution lemma

\Psi,\Psi^{\prime}\{M/x\};\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=P\{N/x\}::z{:}B\{M/x\}

by conversion

Remaining cases follow similar patterns, relying on the inductive hypothesis and the substitution lemmata.

We omit the analogue functionality property for type substitution.

Lemma 0.B.8 (Inversion for Products)

1.

If $\Psi\vdash\Pi x{:}\tau.\sigma::K$ then $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash\sigma::\mathsf{type}$
2.

If $\Psi\vdash\Pi x{:}\tau.K$ then $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash K$

Proof

$(1)$ follows straightforwardly by induction on the given derivation. $(2)$ is immediate by inversion.

Lemma 0.B.9 (Inversion for $\forall\exists$ )

1.

If $\Psi\vdash\forall x{:}\tau.A::K$ then $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash A::\mathsf{stype}$
2.

If $\Psi\vdash\exists x{:}\tau.A:K$ then $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash A::\mathsf{stype}$

Proof

Straightforwardly by induction on the given derivation.

See 2.3

Proof

By simultaneous induction on the given derivation.

Case:

$\mathsf{TMEqR}$

\Psi\vdash M:\tau

by inversion

\Psi\vdash\tau::\mathsf{type}

by subderivation lemma

Case:

$\mathsf{TMEqS}$ and $\mathsf{TMEqT}$

Immediate by i.h.

Case:

$\mathsf{TMEq}\lambda$

\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma

\Psi\vdash\lambda x{:}\tau^{\prime}.N:\Pi x{:}\tau^{\prime}.\sigma^{\prime}

\Psi\vdash\Pi x{:}\tau.\sigma=\Pi x{:}\tau^{\prime}.\sigma^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash M=N:\sigma

by inversion

\Psi,x{:}\tau\vdash M:\sigma

\Psi,x{:}\tau\vdash N:\sigma

and

\Psi,x{:}\tau\vdash\sigma::\mathsf{type}

by i.h.

\Psi\vdash\Pi x{:}\tau.\sigma::\mathsf{type}

\Psi\vdash\Pi x{:}\tau^{\prime}.\sigma^{\prime}::\mathsf{type}

and

\Psi\vdash\mathsf{type}

by i.h.

\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma

(\Pi I)

\Psi\vdash\lambda x{:}\tau^{\prime}.N:\Pi x{:}\tau^{\prime}.\sigma^{\prime}

by (

\Pi I)

\Psi\vdash\lambda x{:}\tau^{\prime}.N:\Pi x{:}\tau.\sigma

by conversion (and symmetry)

Case:

$\mathsf{TMEqApp}$

\Psi\vdash M=M^{\prime}:\Pi x{:}\tau.\sigma

and

\Psi\vdash N=N^{\prime}:\tau

by inversion

\Psi\vdash M:\Pi x{:}\tau.\sigma

\Psi\vdash M^{\prime}:\Pi x{:}\tau.\sigma

and

\Psi\vdash\Pi x{:}\tau.\sigma::\mathsf{type}

by i.h.

\Psi\vdash N:\tau

\Psi\vdash N^{\prime}:\tau

and

\Psi\vdash\tau::\mathsf{type}

by i.h.

\Psi,x{:}\tau\vdash\sigma::\mathsf{type}

by inversion for products

\Psi\vdash\sigma\{N/x\}::\mathsf{type}

by substitution

\Psi\vdash M\,N:\sigma\{N/x\}

(\Pi E)

\Psi\vdash M^{\prime}\,N^{\prime}:\sigma\{N^{\prime}/x\}

(\Pi E)

\Psi\vdash\sigma\{N/x\}=\sigma\{N^{\prime}/x\}::\mathsf{type}

by functionality

\Psi\vdash M^{\prime}\,N^{\prime}:\sigma\{N/x\}

by conversion (and symmetry)

Case:

$\mathsf{TMEq}\beta$

\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma

\Psi\vdash N:\tau

and

\Psi,{:}\tau\vdash M:\sigma

by inversion

\Psi\vdash(\lambda x{:}\tau.M)\,N:\sigma\{N/x\}

(\Pi E)

\Psi\vdash\Pi x{:}\tau.\sigma::\mathsf{type}

by subderivation lemma

\Psi\vdash\tau::\mathsf{type}

and

\Psi,x{:}\tau\vdash\sigma::\mathsf{type}

by inversion for products

\Psi\vdash\sigma\{N/x\}::\mathsf{type}

by substitution

\Psi\vdash M\{N/x\}:\sigma\{N/x\}

by substitution

Case:

$\mathsf{TMEq}\eta$

\Psi\vdash M:\Pi x{:}\tau.\sigma

by inversion

\Psi\vdash\lambda x{:}\tau.(M\,x):\Pi x{:}\tau,\sigma

(\Pi E)

(\mathsf{var})

and

(\Pi I)

\Psi\vdash\Pi x{:}\tau.\sigma::\mathsf{type}

by subderivation lemma

Case:

$\mathsf{TMEq}\{\}$

\Psi;\Gamma;\Delta\vdash P=Q::c{:}A

by inversion

\Psi;\Gamma;\Delta\vdash P::c{:}A

\Psi;\Gamma;\Delta\vdash Q::c{:}A

and

\Psi\vdash A::\mathsf{stype}

by i.h.

\Psi\vdash\{c\leftarrow P\leftarrow\dots\}:\{\Gamma;\Delta\vdash c{:}A\}

\{\}I

\Psi\vdash\{c\leftarrow Q\leftarrow\dots\}:\{\Gamma;\Delta\vdash c{:}A\}

\{\}I

\Psi;\Gamma\vdash

and

\Psi;\Delta\vdash

by subderivation lemma

\Psi\vdash\{\Gamma;\Delta\vdash c{:}A\}

\{\}

well-formedness

Case:

$\mathsf{TMEq}\{\}\eta$

\Psi\vdash M:\{\Gamma;\Delta\vdash c{:}A\}

by inversion

\Psi\vdash\{\Gamma;\Delta\vdash c{:}A\}

by subderivation lemma

Typing follows straightforwardly

Case:

$\mathsf{TEqR}$

Straightforward by subderivation lemma.

Case:

$\mathsf{TEqS}$ and $\mathsf{TEqT}$

Straightforward by i.h.

Case:

$\mathsf{TEq}\Pi$

\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::\mathsf{type}

by inversion

\Psi\vdash\tau::\mathsf{type}

\Psi\vdash\tau^{\prime}::\mathsf{type}

and

\Psi\vdash\mathsf{type}

by i.h.

\Psi,x{:}\tau\vdash\sigma::\mathsf{type}

\Psi,x{:}\tau\vdash\sigma^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash\mathsf{type}

by i.h.

\Psi\vdash\Pi x{:}\tau.\sigma::\mathsf{type}

\Pi

rule

\Psi,x{:}\tau^{\prime}\vdash\sigma^{\prime}::\mathsf{type}

by context conversion

\Psi\vdash\Pi x{:}\tau.\sigma^{\prime}::\mathsf{type}

\Pi

rule

Case:

$\mathsf{TEq}\lambda$

\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::K

by inversion

\Psi\vdash\tau::\mathsf{type}

\Psi\vdash\tau^{\prime}::\mathsf{type}

and

\Psi\vdash\mathsf{type}

by i.h.

\Psi,x{:}\tau\vdash\sigma::K

\Psi,x{:}\tau\vdash\sigma^{\prime}::K

and

\Psi,x{:}\tau\vdash K

by i.h.

\Psi\vdash\lambda x{:}\tau.\sigma::\Pi x{:}\tau.K

\lambda

rule

\Psi,x{:}\tau^{\prime}\vdash\sigma^{\prime}::K

by context conversion

\Psi\lambda x{:}\tau^{\prime}.\sigma^{\prime}::\Pi x{:}\tau^{\prime}.K

\lambda

rule

\Psi\vdash\lambda x{:}\tau^{\prime}.\sigma^{\prime}::\Pi x{:}\tau.K

by conversion

\Psi\vdash\Pi x{:}\tau.K

\Pi

well-formedness rule

Case:

$\mathsf{TEqApp}$

\Psi\vdash\tau=\sigma::\Pi x{:}\tau^{\prime}.K

and

\Psi\vdash M=N:\tau^{\prime}

by inversion

\Psi\vdash\tau::\Pi x{:}\tau^{\prime}.K

\Psi\vdash\sigma::\Pi x{:}\tau^{\prime}.K

and

\Psi\vdash\Pi x{:}\tau^{\prime}.K

by i.h.

\Psi\vdash M:\tau^{\prime}

\Psi\vdash N:\tau^{\prime}

and

\Psi\vdash\tau^{\prime}::\mathsf{type}

by i.h.

\Psi\vdash\tau\,M:K\{M/x\}

by app. wf rule

\Psi\vdash\sigma\,N:K\{N/x\}

by app. wf rule

\Psi,x{:}\tau^{\prime}\vdash K

by inversion for products

\Psi\vdash K\{M/x\}=K\{N/x\}

by functionality

\Psi\vdash\sigma\,N:K\{M/x\}

by conversion

\Psi\vdash K\{M/x\}

by substitution

Case:

$\mathsf{TEq}\beta$

\Psi,x{:}\tau\vdash\sigma::K

and

\Psi\vdash M:\tau

by inversion

\Psi\vdash\lambda x{:}\tau.\sigma::\Pi x{:}\tau.K

\Pi

rule

\Psi\vdash(\lambda x{:}\tau.\sigma)\,M::K\{M/x\}

by app. rule

\Psi\vdash\sigma\{M/x\}::K\{M/x\}

by substitution

\Psi,x{:}\tau\vdash K

by subderivation lemma

\Psi\vdash K\{M/x\}

by substitution

Case:

$\mathsf{TEq}\eta$

\Psi\vdash\sigma::\Pi x{:}\tau.K

by inversion

\Psi\vdash\lambda x{:}\tau.(\sigma\,x)::\Pi x{:}\tau.K

by wf rules

\Psi\vdash\Pi x{:}\tau.K

by subderivation lemma

Case:

$\mathsf{TEq}\{\}$

Straightforward by i.h.

Case:

(3) is identical to (2), appealing to inversion for $\forall\exists$ as needed.

Case:

$\mathsf{PEqRefl}$

Immediate + subderivation lemma.

Case:

$\mathsf{PEqT}$ and $\mathsf{PEqS}$

i.h.

Case:

$\mathsf{PEqRed}$

\Psi;\Gamma;\Delta\vdash P::z{:}A

P\xrightarrow{}Q

and

\Psi;\Gamma;\Delta\vdash Q::z{:}A

by inversion

\Psi\vdash A::\mathsf{stype}

by subderivation lemma

Case:

$\mathsf{PEq}{{\forall}\mathsf{R}}$

Straightforward by i.h.

Case:

$\mathsf{PEq}{{\forall}\mathsf{L}}$

\Psi\vdash M_{0}=M_{1}:\tau

and

\Psi;\Gamma;\Delta,x{:}A\{M_{0}/y\}\vdash P_{0}=Q_{0}::z{:}C

by inversion

\Psi;\Gamma;\Delta,x{:}A\{M_{0}/y\}\vdash P_{0}::z{:}C

\Psi;\Gamma;\Delta,x{:}A\{M_{0}/y\}\vdash Q_{0}::z{:}C

and

\Psi\vdash C::\mathsf{stype}

by i.h.

\Psi\vdash M_{0}:\tau

\Psi\vdash M_{1}:\tau

and

\Psi\vdash\tau::\mathsf{type}

by i.h.

\Psi;\Gamma;\Delta,x{:}\forall y{:}\tau.A\vdash x\langle M_{0}\rangle.P_{0}::z{:}C

{{\forall}\mathsf{L}}

\Psi;\Delta,x{:}\forall y{:}\tau.A\vdash

by subderivation lemma

\Psi\vdash\forall y{:}\tau.A::\mathsf{stype}

by definition

\Psi,y{:}\tau\vdash A::\mathsf{stype}

by inversion for

\forall\exists

\Psi\vdash A\{M_{0}/y\}=A\{M_{1}/y\}::\mathsf{stype}

by functionality

\Psi\vdash A\{M_{1}/y\}::\mathsf{stype}

by substitution

\Psi;\Gamma;\Delta,x{:}A\{M_{1}/y\}\vdash Q_{0}::z{:}C

by context conversion rule

\Psi;\Gamma;\Delta,x{:}\forall y{:}\tau.A\vdash x\langle M_{1}\rangle.Q_{0}::z{:}C

{{\forall}\mathsf{L}}

Case:

${{\mathsf{PEqConv}}\mathsf{R}}$

\Psi;\Gamma;\Delta\vdash P=Q::z{:}A

and

\Psi\vdash A=B::\mathsf{stype}

by inversion

\Psi;\Gamma;\Delta\vdash P::z{:}A

\Psi;\Gamma;\Delta\vdash Q::z{:}A

\Psi\vdash A::\mathsf{stype}

and

\Psi\vdash B::\mathsf{stype}

by i.h.

\Psi;\Gamma;\Delta\vdash P::z{:}B

{{\mathsf{PEqConv}}\mathsf{R}}

\Psi;\Gamma;\Delta\vdash Q::z{:}B

{{\mathsf{PEqConv}}\mathsf{R}}

Remaining cases are identical.

Theorem 0.B.10 (Functionality for Equality)

Assume $\Psi\vdash M=N:\tau$ :

1.

If $\Psi,x{:}\tau\vdash M_{0}=M_{1}:\sigma$ then $\Psi\vdash M_{0}\{M/x\}=M_{1}\{N/x\}:\sigma\{M/x\}$
2.

If $\Psi,x{:}\tau\vdash\sigma_{1}=\sigma_{2}::K$ then $\Psi\vdash\sigma_{1}\{M/x\}=\sigma_{2}\{N/x\}::K\{M/x\}$
3.

If $\Psi,x{:}\tau\vdash A=B::K$ then $\Psi\vdash A\{M/x\}=B\{N/x\}::K\{M/x\}$
4.

If $\Psi,x{:}\tau\vdash K_{1}=K_{2}$ then $\Psi\vdash K_{1}\{M/x\}=K_{2}\{N/x\}$
5.

If $\Psi,x{:}\tau;\Gamma;\Delta\vdash P=Q::z{:}A$ then $\Psi;\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=Q\{N/x\}::z{:}A\{M/x\}$

Proof

(1)

\Psi,x{:}\tau\vdash M_{0}=M_{1}:\sigma

assumption

\Psi\vdash M=N:\tau

assumption

\Psi\vdash M:\tau

\Psi\vdash N:\tau

and

\Psi\vdash\tau::\mathsf{type}

by validity

\Psi,x{:}\tau\vdash M_{0}:\sigma

\Psi,x{:}\tau\vdash M_{1}:\sigma

and

\Psi,x{:}\tau\vdash\sigma::\mathsf{type}

by validity

\Psi\vdash M_{0}\{M/x\}=M_{1}\{M/x\}:\sigma\{M/x\}

by substitution

\Psi\vdash M_{1}\{M/x\}=M_{1}\{N/x\}:\sigma\{M/x\}

by functionality

\Psi\vdash M_{0}\{M/x\}=M_{1}\{N/x\}:\sigma\{M/x\}

by transitivity

(2)

\Psi,x{:}:\tau;\Gamma;\Delta\vdash P=Q::z{:}A

assumption

\Psi\vdash M=N:\tau

assumption

\Psi\vdash M:\tau

\Psi\vdash N:\tau

and

\Psi\vdash\tau::\mathsf{type}

by validity

\Psi,x{:}\tau;\Gamma;\Delta\vdash P::z{:}A

\Psi,x{:}\tau;\Gamma;\Delta\vdash Q::z{:}A

and

\Psi,x{:}\tau\vdash A::\mathsf{stype}

by validity

\Psi;\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=Q\{M/x\}::z{:}A\{M/x\}

by substitutition

\Psi;\Gamma\{M/x\};\Delta\{M/x\}\vdash Q\{M/x\}=Q\{N/x\}::z{:}A\{M/x\}

by functionality

\Psi;\Gamma\{M/x\};\Delta\{M/x\}\vdash P\{M/x\}=Q\{N/x\}::z{:}A\{M/x\}

by transitivity

Remaining cases are identical, appealing to validity, substitution and functionality of typing.

We omit the analogue functionality property for type substitution.

Lemma 0.B.11 (Inversion)

1.

If $\Psi\vdash x{:}\tau$ then $x{:}\sigma\in\Psi$ with $\Psi\vdash\tau=\sigma::\mathsf{type}$
2.

If $\Psi\vdash M_{1}\,M_{2}:\sigma$ then $\Psi\vdash M_{1}:\Pi x{:}\tau_{1}.\tau_{2}$ , $\Psi\vdash M_{2}:\tau_{1}$ and $\Psi\vdash\sigma\{M_{2}/x\}=\tau_{2}::\mathsf{type}$
3.

If $\Psi\vdash\lambda x{:}\tau.M:\sigma$ then $\Psi\vdash\sigma=\Pi x{:}\tau.\sigma^{\prime}::\mathsf{type}$ , $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash M:\sigma^{\prime}$
4.

If $\Psi\vdash\Pi x{:}\tau_{1}.\tau_{2}::K$ then $\Psi\vdash K=\mathsf{type}$ , $\Psi\vdash\tau_{1}::\mathsf{type}$ and $\Psi,x{:}\tau_{1}\vdash\tau_{2}::\mathsf{type}$
5.

If $\Psi\vdash\lambda x{:}\tau.\sigma::K$ then $\Psi\vdash K=\Pi x{:}\tau.K^{\prime}$ , $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash\sigma::K^{\prime}$
6.

If $\Psi\vdash\tau\,M::K$ then $\Psi\vdash\tau::\Pi x{:}\tau_{0}.K_{1}$ , $\Psi\vdash M:\tau_{0}$ and $\Psi\vdash K=K_{1}\{M/x\}$
7.

If $\Psi\vdash\lambda t{::}K.\tau::K^{\prime}$ then $\Psi\vdash K^{\prime}=\Pi t{::}K.K^{\prime\prime}$ , $\Psi\vdash K$ and $\Psi,t{::}K\vdash\tau::K^{\prime\prime}$
8.

If $\Psi\vdash\tau\,\sigma::K$ then $\Psi\vdash\tau::\Pi t{::}K_{0}.K_{1}$ , $\Psi\vdash\sigma:K_{0}$ and $\Psi\vdash K=K_{1}\{\sigma/t\}$
9.

If $\Psi\vdash\Pi x{:}\tau.K$ then $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash K$
10.

If $\Psi\vdash\Pi t{::}K_{1}.K_{2}$ then $\Psi\vdash K_{1}$ and $\Psi,t{::}K_{1}\vdash K_{2}$
11.

If $\Psi\vdash\{\Gamma;\Delta\vdash c{:}A\}::K$ then $\Psi\vdash K=\mathsf{type}$ , $\Psi\vdash\Gamma::\mathsf{stype}$ , $\Psi\vdash\Delta::\mathsf{stype}$ and $\Psi\vdash A::\mathsf{stype}$
12.

If $\Psi;\Gamma;\Delta\vdash z(x{:}\tau).P::z{:}A$ then $\Psi\vdash A=\forall x{:}\tau.A^{\prime}$ and $\Psi\vdash\tau::\mathsf{stype}$ and $\Psi,x{:}\tau;\Gamma;\Delta\vdash P::z{:}A^{\prime}$
13.

If $\Psi;\Gamma;\Delta,x{:}A\vdash x\langle M\rangle_{\forall x{:}\tau.A^{\prime}}.P::z{:}C$ then $\Psi\vdash A=\forall y{:}\tau.A^{\prime}::\mathsf{stype}$ , $\Psi\vdash\tau::\mathsf{type}$ , $\Psi\vdash M:\tau$ and $\Psi;\Gamma;\Delta,x{:}A^{\prime}\{M/y\}\vdash P::z{:}C$
14.

If $\Psi;\Gamma;\Delta\vdash z\langle M\rangle_{\exists x{:}\tau.A^{\prime}}.P::z{:}A$ then $\Psi\vdash A=\exists x{:}\tau.A^{\prime}::\mathsf{stype}$ , $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,y{:}\tau;\Gamma;\Delta,x{:}A^{\prime}\vdash P::z{:}C$
15.

If $\Psi\vdash\forall x{:}\tau.A::K$ then $\Psi\vdash K=\mathsf{stype}$ , $\Psi\vdash\tau::\mathsf{type}$ , $\Psi,x{:}\tau\vdash A::\mathsf{stype}$
16.

If $\Psi\vdash\exists x{:}\tau.A::K$ then $\Psi\vdash K=\mathsf{stype}$ , $\Psi\vdash\tau::\mathsf{type}$ , $\Psi,x{:}\tau\vdash A::\mathsf{stype}$
17.

If $\Psi\vdash\lambda x{:}\tau.A::K$ then $\Psi\vdash K=\Pi x{:}\tau.K^{\prime}$ , $\Psi\vdash\tau::\mathsf{type}$ and $\Psi,x{:}\tau\vdash A::K^{\prime}$
18.

If $\Psi\vdash A\,M::K$ then $\Psi\vdash A::\Pi x{:}\tau_{0}.K^{\prime}$ , $\Psi\vdash M:\tau_{0}$ and $\Psi\vdash K=K^{\prime}\{M/x\}$
19.

If $\Psi\vdash\lambda t{::}K.A::K^{\prime}$ then $\Psi\vdash K^{\prime}=\Pi t{::}K.K^{\prime\prime}$ , $\Psi\vdash K$ and $\Psi,t{::}K\vdash A::K^{\prime\prime}$
20.

If $\Psi\vdash A\,B::K$ then $\Psi\vdash A::\Pi t{:}K_{0}.K_{1}$ , $\Psi\vdash B::K_{0}$ and $\Psi\vdash K=K_{1}\{B/t\}$

Proof

By induction on the given derivation. Most cases require validity.

Theorem 0.B.12 (Equality Inversion)

1.

If $\Psi\vdash\tau=\Pi x{:}\tau_{0}.\tau_{1}::\mathsf{type}$ then $\Psi\vdash\tau=\Pi x{:}\sigma_{0}.\sigma_{1}::\mathsf{type}$ with $\Psi\vdash\sigma_{0}=\tau_{0}::\mathsf{type}$ and $\Psi,x{:}\sigma_{0}\vdash\sigma_{1}=\tau_{1}::\mathsf{type}$
2.

If $\Psi\vdash K=\mathsf{type}$ then $K=\mathsf{type}$
3.

If $\Psi\vdash K=\Pi x{:}\tau_{0}.K^{\prime}$ then $\Psi\vdash K=\Pi x{:}\sigma_{0}.K^{\prime\prime}$ with $\Psi\vdash\sigma_{0}=\tau_{0}::\mathsf{type}$ and $\Psi,x{:}\sigma_{0}\vdash K^{\prime\prime}=K^{\prime}$
4.

If $\Psi\vdash K=\Pi t{::}K_{1}.K_{2}$ then $\Psi\vdash K=\Pi t{::}K_{1}^{\prime}.K_{2}^{\prime}$ with $\Psi\vdash K_{1}^{\prime}=K_{1}$ and $\Psi,t{::}K_{1}^{\prime}\vdash K_{2}^{\prime}=K_{2}$
5.

$\Psi\vdash A=\forall x{:}\tau_{0}.A_{0}::\mathsf{stype}$ then $\Psi\vdash A=\forall x{:}\sigma_{0}.B_{0}::\mathsf{stype}$ with $\Psi\vdash\sigma_{0}=\tau_{0}::\mathsf{type}$ and $\Psi,x{:}\sigma_{0}\vdash B_{0}=A_{0}::\mathsf{stype}$
6.

$\Psi\vdash A=\exists x{:}\tau_{0}.A_{0}::\mathsf{stype}$ then $\Psi\vdash A=\exists x{:}\sigma_{0}.B_{0}::\mathsf{stype}$ with $\Psi\vdash\sigma_{0}=\tau_{0}::\mathsf{type}$ and $\Psi,x{:}\sigma_{0}\vdash B_{0}=A_{0}::\mathsf{stype}$
7.

$\Psi\vdash\tau=\lambda x{:}\tau_{0}.\sigma::K$ then $\Psi\vdash\tau=\lambda x{:}\tau_{1}.\sigma^{\prime}::\Pi x{:}\tau_{1}.K_{0}$ with $\Psi\vdash\tau_{1}=\tau_{0}::\mathsf{type}$ and $\Psi,x{:}\tau_{1}\vdash\sigma^{\prime}=\sigma::K_{0}$ , for some $K_{0}$
8.

$\Psi\vdash\tau=\tau_{0}\,M::K$ then $\Psi\vdash\tau=\tau_{1}\,N::K$ with $\Psi\vdash\tau_{1}=\tau_{0}::\Pi x{:}\sigma.K_{0}$ , $\Psi\vdash N=M:\sigma$ and $K=K_{0}\{N/x\}$
9.

$\Psi\vdash\tau=\lambda t{::}K.\sigma::K^{\prime}$ then $\Psi\vdash\tau=\lambda t{::}K_{0}.\sigma^{\prime}::\Pi t{::}K_{0}.K^{\prime\prime}$ with $\Psi\vdash K_{0}=K$ and $\Psi,t{::}K_{0}\vdash\sigma^{\prime}=\sigma::K^{\prime\prime}$ , for some $K^{\prime\prime}$
10.

$\Psi\vdash\tau=\tau_{0}\,\sigma_{0}::K$ then $\Psi\vdash\tau=\tau_{1}\,\sigma_{1}::K$ with $\Psi\vdash\tau_{1}=\tau_{0}::\Pi t{::}K_{1}.K_{0}$ , $\Psi\vdash\sigma_{1}=\sigma_{0}::K_{1}$ and $K=K_{0}\{\sigma_{1}/t\}$
11.

$\Psi\vdash A=\lambda x{:}\tau_{0}.A_{0}::K$ then $\Psi\vdash A=\lambda x{:}\tau_{1}.A_{0}^{\prime}::\Pi x{:}\tau_{1}.K_{0}$ with $\Psi\vdash\tau_{1}=\tau_{0}::\mathsf{type}$ and $\Psi,x{:}\tau_{1}\vdash A_{0}^{\prime}=A_{0}::K_{0}$ , for some $K_{0}$
12.

$\Psi\vdash A=A_{0}\,M::K$ then $\Psi\vdash A=A_{1}\,N$ with $\Psi\vdash A_{1}=A_{0}::\Pi x{:}\sigma.K_{0}$ , $\Psi\vdash N=M:\sigma$ and $K=K_{0}\{N/x\}$
13.

$\Psi\vdash B=\lambda t{::}K.A::K^{\prime}$ then $\Psi\vdash B=\lambda t{::}K_{0}.A^{\prime}::\Pi t{::}K_{0}.K^{\prime\prime}$ with $\Psi\vdash K_{0}=K$ and $\Psi,t{::}K_{0}\vdash A^{\prime}=A::K^{\prime\prime}$ , for some $K^{\prime\prime}$
14.

$\Psi\vdash A=A_{0}\,B_{0}::K$ then $\Psi\vdash A=A_{1}\,B_{1}::K$ with $\Psi\vdash A_{1}=A_{0}::\Pi t{::}K_{1}.K_{0}$ , $\Psi\vdash B_{1}=B_{0}::K_{1}$ and $K=K_{0}\{B_{1}/t\}$

Proof

By induction on the given equality derivations.

(1)

Case:

$\mathsf{TEqT}$

\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}

and

\Psi\vdash\tau^{\prime}=\Pi x{:}\tau_{0}.\tau_{1}::\mathsf{type}

assumption

\tau^{\prime}=\Pi x{:}\tau^{\prime}_{0}.\tau^{\prime}_{1}

with

\Psi\vdash\tau^{\prime}_{0}=\tau_{0}::\mathsf{type}

and

\Psi,x{:}\tau^{\prime}_{0}\vdash\tau^{\prime}_{1}=\tau_{1}::\mathsf{type}

by i.h.

\tau=\Pi x{:}\sigma_{0}.\sigma_{1}

with

\Psi\vdash\sigma_{0}=\tau_{0}^{\prime}::\mathsf{type}

and

\Psi,x{:}\sigma_{0}\vdash\sigma_{1}=\tau^{\prime}_{1}::\mathsf{type}

by i.h.

\Psi\vdash\sigma_{0}=\tau_{0}::\mathsf{type}

by transivitity

\Psi,x{:}\sigma_{0}\vdash\tau_{1}^{\prime}=\tau_{1}::\mathsf{type}

by context conversion

\Psi,x{:}\sigma_{0}\vdash\sigma_{1}=\tau_{1}::\mathsf{type}

by transitivity

Case:

$\mathsf{TEq}\beta$

\Psi,y{:}\tau\vdash\sigma::\mathsf{type}

and

\Psi\vdash M:\tau

K\{M/y\}=\mathsf{type}

and

\Pi x{:}\tau_{0}.\tau_{1}=\sigma\{M/y\}

by inversion

\Psi\vdash(\lambda y{:}\tau.\sigma)\,M=\Pi x{:}\tau_{0}.\tau_{1}::\mathsf{type}

assumption

\sigma=\Pi x{:}\tau.\sigma

by definition of substitution

\Psi,y{:}\tau\vdash\Pi x{:}\tau.\sigma::\mathsf{type}

by def.

\Psi\vdash(\lambda y{:}\tau.\sigma)\,M=\Pi x{:}\tau.\sigma\{M/y\}::\mathsf{type}

by rule

\Psi\vdash\tau::\mathsf{type}

by validity

\Psi\vdash\tau=\tau::\mathsf{type}

by reflexivity

\Psi\vdash\sigma\{M/y\}::\mathsf{type}

by substitution

\Psi\vdash\sigma\{M/y\}=\sigma\{M/y\}::\mathsf{type}

by reflexivity

The other cases follow similar patterns.

Lemma 0.B.13 (Injectivity of Products)

1.

If $\Psi\vdash\Pi x{:}\tau.\sigma=\Pi x{:}\tau^{\prime}.\sigma^{\prime}::\mathsf{type}$ then $\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}$ and $\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::\mathsf{type}$
2.

If $\Psi\vdash\Pi x{:}\tau_{1}.K_{1}=\Pi x{:}\tau_{2}.K_{2}$ then $\Psi\vdash\tau_{1}=\tau_{2}::\mathsf{type}$ and $\Psi,x{:}\tau_{1}\vdash K_{1}=K_{2}$
3.

If $\Psi\vdash\forall x{:}\tau_{1}.A_{1}=\forall x{:}\tau_{2}.A_{2}::\mathsf{stype}$ then $\Psi\vdash\tau_{1}=\tau_{2}::\mathsf{type}$ and $\Psi,x{:}\tau_{1}\vdash A_{1}=A_{2}::\mathsf{stype}$

Proof

By equality inversion.

See 2.4

Proof

By induction on the structure of the given term/type/process.

Case:

$M$ is $\lambda x{:}\tau_{0}.M^{\prime}$

\Psi,x{:}\tau_{0}\vdash M^{\prime}:\sigma

\Psi,x{:}\tau_{0}\vdash M^{\prime}:\sigma^{\prime}

with

\Psi\vdash\tau=\Pi x{:}\tau_{0}.\sigma::\mathsf{type}

\Psi\vdash\tau_{0}::\mathsf{type}

and

\Psi\vdash\tau^{\prime}=\Pi x{:}\tau_{0}.\sigma^{\prime}::\mathsf{type}

by inversion

\Psi,x{:}\tau_{0}\vdash\sigma=\sigma^{\prime}::\mathsf{type}

by i.h.

\Psi\vdash\Pi x{:}\tau_{0}.\sigma=\Pi x{:}\tau_{0}.\sigma^{\prime}::\mathsf{type}

\mathsf{TEq}\Pi

rule

Case:

$M$ is $M^{\prime}\,N^{\prime}$

\Psi\vdash M^{\prime}N^{\prime}:\tau

and

\Psi\vdash M^{\prime}N^{\prime}:\tau^{\prime}

assumption

\Psi\vdash M^{\prime}:\Pi x{:}\tau_{0}.\sigma_{0}

and

\Psi\vdash M^{\prime}:\Pi x{:}\tau_{0}^{\prime}.\sigma_{0}^{\prime}

with

\Psi\vdash\tau=\sigma_{0}\{N^{\prime}/x\}::\mathsf{type}

\Psi\vdash N^{\prime}:\tau_{0}

\Psi\vdash N^{\prime}:\tau_{0}^{\prime}

and

\Psi\vdash\tau^{\prime}=\sigma_{0}^{\prime}\{N^{\prime}/x\}::\mathsf{type}

by inversion

\Psi\vdash\Pi x{:}\tau_{0}.\sigma_{0}=\Pi x{:}\tau_{0}^{\prime}.\sigma_{0}^{\prime}::\mathsf{type}

by i.h.

\Psi\vdash\tau_{0}=\tau_{0}^{\prime}::\mathsf{type}

by i.h.

\Psi,x{:}\tau_{0}\vdash\sigma_{0}=\sigma_{0}^{\prime}::\mathsf{type}

by injectivity

\Psi\vdash\sigma_{0}\{N^{\prime}/x\}=\sigma_{0}^{\prime}\{N^{\prime}/x\}::\mathsf{type}

by functionality

Case:

$M$ is $\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}$

\Psi\vdash M:\{\Gamma;\Delta\vdash c{:}A\}

and

\Psi\vdash M:\{\Gamma;\Delta\vdash c{:}A^{\prime}\}

assumption

\Psi;\Gamma;\Delta\vdash P::c{:}A

and

\Psi;\Gamma;\Delta\vdash P::c{:}A^{\prime}

by inversion

\Psi\vdash A=A^{\prime}::\mathsf{stype}

by i.h.

Conclude by reflexivity and

\mathsf{TEq}\{\}

Case:

$M$ is $x$

Direct by inversion lemma.

(2)

Case:

$\tau$ is $\Pi x{:}\tau_{0}.\sigma_{0}$

\Psi\vdash\Pi x{:}\tau_{0}.\sigma_{0}::K

and

\Psi\vdash\Pi x{:}\tau_{0}.\sigma_{0}::K^{\prime}

assumption

\Psi,x{:}\tau_{0}\vdash\sigma_{0}::\mathsf{type}

and

\Psi,x{:}\tau_{0}\vdash\sigma_{0}::\mathsf{type}

and

K=K^{\prime}=\mathsf{type}

by inversion lemma

Case:

$\tau$ is $\lambda x{:}\tau_{0}.\sigma_{0}$

\Psi\vdash\lambda x{:}\tau_{0}.\sigma_{0}::K

and

\Psi\vdash\lambda x{:}\tau_{0}.\sigma_{0}::K^{\prime}

assumption

\Psi,x{:}\tau_{0}\vdash\sigma_{0}::K_{0}

\Psi,x{:}\tau_{0}\vdash\sigma_{0}::K_{0}^{\prime}

\Psi\vdash\tau_{0}::\mathsf{type}

with

K=\Pi x{:}\tau_{0}.K_{0}

and

K^{\prime}=\Pi x{:}\tau_{0}.K_{0}^{\prime}

by inversion lemma

\Psi,x{:}\tau_{0}\vdash K_{0}=K_{0}^{\prime}

by i.h.

\Psi\vdash\Pi x{:}\tau_{0}.K_{0}=\Pi x{:}\tau_{0}.K_{0}^{\prime}

by rule

Case:

$\tau$ is $\tau_{0}\,M$

\Psi\vdash\tau_{0}\,M::K

and

\Psi\vdash\tau_{0}\,M::K^{\prime}

assumption

\Psi\vdash\tau_{0}::\Pi x{:}\sigma.K_{0}

and

\Psi\vdash\tau_{0}::\Pi x{:}\sigma^{\prime}.K_{0}^{\prime}

\Psi\vdash M:\sigma

and

\Psi\vdash M:\sigma^{\prime}

with

K=K_{0}\{M/x\}

and

K^{\prime}=K_{0}^{\prime}\{M/x\}

by inversion lemma

\Psi\vdash\Pi x{:}\sigma.K_{0}=\Pi x{:}\sigma^{\prime}.K_{0}^{\prime}

by i.h.

\Psi\vdash\sigma=\sigma^{\prime}::\mathsf{type}

by i.h.

\Psi,x{:}\sigma\vdash K_{0}=K_{0}^{\prime}

by injectivity

\Psi\vdash K_{0}\{M/x\}=K_{0}^{\prime}\{M/x\}

by substitution

Case:

$\tau$ is $\{\Gamma;\Delta\vdash c{:}A\}$

Straightforward by i.h.

(3)

Case:

$P$ is $z(x).P_{0}$

\Psi;\Gamma;\Delta\vdash z(x{:}\tau_{0}).P_{0}::z{:}A

and

\Psi;\Gamma;\Delta\vdash z(x{:}\tau_{0}).P_{0}::z{:}A^{\prime}

assumption

A=\forall x{:}\tau_{0}.A_{0}

A^{\prime}=\forall x{:}\tau_{0}.A_{0}^{\prime}

\Psi,x{:}\tau_{0};\Gamma;\Delta\vdash P_{0}::z{:}A_{0}

\Psi,x{:}\tau_{0};\Gamma;\Delta\vdash P_{0}::z{:}A_{0}^{\prime}

, and

\Psi\vdash\tau_{0}::\mathsf{type}

by inversion lemma

\Psi,x{:}\tau_{0}\vdash A_{0}=A_{0}^{\prime}

by i.h.

\Psi\vdash\forall x{:}\tau_{0}A_{0}=\forall x{:}\tau_{0}A_{0}^{\prime}

by rule

Case:

$P$ is $x\langle M\rangle_{\forall x{:}\tau_{0}.A_{0}}.P_{0}$

\Psi;\Gamma;\Delta,x{:}A\vdash x\langle M\rangle_{\forall x{:}\tau_{0}.A_{0}}.P_{0}::z{:}C

and

\Psi;\Gamma;\Delta,x{:}A\vdash x\langle M\rangle.P_{0}::z{:}C

assumption

A=\forall x{:}\tau_{0}.A_{0}

\Psi\vdash M:\tau_{0}

\Psi;\Gamma;\Delta,x{:}A_{0}\{M/x\}\vdash P_{0}::z{:}C

and

\Psi;\Gamma;\Delta,x{:}A_{0}\{M/x\}\vdash P_{0}::z{:}C^{\prime}

by inversion lemma

\Psi\vdash C=C^{\prime}::\mathsf{stype}

by i.h.

Case:

$P$ is $z\langle M\rangle_{\exists x{:}\tau_{0}.A_{0}}.P_{0}$

\Psi;\Gamma;\Delta\vdash z\langle M\rangle.P_{0}::z{:}A

and

\Psi;\Gamma;\Delta\vdash z\langle M\rangle.P_{0}::z{:}A^{\prime}

assumption

A=\exists x{:}\tau_{0}.A_{0}

A^{\prime}=\exists x{:}\tau_{0}.A_{0}

\Psi\vdash M:\tau_{0}

\Psi;\Gamma;\Delta\vdash P_{0}::z{:}A_{0}\{M/x\}

and

\Psi;\Gamma;\Delta\vdash P_{0}::z{:}A_{0}\{M/x\}

by inversion lemma

Remaining cases follow similarly.

Theorem 0.B.14

If $\Psi\vdash M:\tau$ and $M\xrightarrow{}M^{\prime}$ then $\Psi\vdash M=M^{\prime}:\tau$

Proof

By induction on $\xrightarrow{}$ relation.

Case:

\displaystyle\displaystyle{\hbox{\qquad\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{M\xrightarrow{}M^{\prime}}$}}}\vbox{}}}\over\hbox{\hskip 25.48604pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{M\,N\xrightarrow{}M^{\prime}\,N}$}}}}}}

\Psi\vdash M:\Pi x{:}\tau_{0}.\sigma_{0}

\Psi\vdash\tau_{0}::\mathsf{type}

\Psi\vdash N:\tau_{0}

and

\Psi\vdash M\,N:\sigma_{0}\{N/x\}

by inversion lemma

\Psi\vdash M=M^{\prime}:\Pi x{:}\tau_{0}.\sigma_{0}

by i.h.

\Psi\vdash\Pi x{:}\tau_{0}.\sigma_{0}::\mathsf{type}

by validity

\Psi\vdash N=N:\tau_{0}

by reflexivity

\Psi\vdash M\,N=M^{\prime}\,N:\sigma_{0}\{N/x\}

\mathsf{TMEq}\Pi

Case:

\displaystyle\displaystyle{\hbox{\qquad\vbox{\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{N\xrightarrow{}N^{\prime}}$}}}\vbox{}}}\over\hbox{\hskip 25.48604pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{M\,N\xrightarrow{}M\,N^{\prime}}$}}}}}}

\Psi\vdash M:\Pi x{:}\tau_{0}.\sigma_{0}

\Psi\vdash\tau_{0}::\mathsf{type}

\Psi\vdash N:\tau_{0}

and

\Psi\vdash M\,N:\sigma_{0}\{N/x\}

by inversion lemma

\Psi\vdash N=N^{\prime}:\tau_{0}

by i.h.

\Psi\vdash M=M:\Pi x{:}\tau_{0}.\sigma_{0}

by reflexivity

\Psi\vdash M\,N=M\,N^{\prime}:\sigma_{0}\{N/x\}

\mathsf{TMEq}\Pi

\displaystyle\displaystyle{\hbox{}\over\hbox{\hskip 64.17181pt\vbox{\vbox{}\hbox{\thinspace\hbox{\hbox{$\displaystyle\displaystyle{(\lambda x{:}\tau_{0}.M_{0})\,N_{0}\xrightarrow{}M_{0}\{N_{0}/x\}}$}}}}}}

\Psi\vdash\lambda x{:}\tau_{0}.M_{0}:\Pi x{:}\tau_{0}.\sigma_{0}

\Psi\vdash\tau_{0}::\mathsf{type}

\Psi\vdash N_{0}:\tau_{0}

\Psi\vdash(\lambda x{:}\tau_{0}.M_{0})\,N_{0}:\sigma_{0}\{N_{0}/x\}

by inversion lemma

\Psi,x{:}\tau_{0}\vdash M_{0}:\sigma_{0}

by inversion lemma

\Psi\vdash(\lambda x{:}\tau_{0}.M_{0})\,N_{0}=M_{0}\{N_{0}/x\}:\sigma_{0}\{N/x\}

\mathsf{TMEq}\beta

See 2.5

Proof

Immediate from Theorem 0.B.14 and validity for equality.

See 2.6

Proof

The proof follows by Theorem 0.B.14 and a series of lemmas that relate typed processes and their reducts under a cut (which now crucially rely on the inversion lemmas and validity). See [29, 28, 5].

See 2.7

Proof

By induction on typing, using the standard canonical forms-based reasoning and noting that monadic terms are values.

Appendix 0.C Appendix – Embedding

Lemma 0.C.1 (Compositionality)

1.

$\Psi\vdash\llbracket K\{M/x\}\rrbracket$ iff $\Psi\vdash\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$
2.

$\Psi\vdash\llbracket K_{1}\{\tau/t\}\rrbracket$ iff $\Psi\vdash\llbracket K_{1}\rrbracket\{\llbracket\tau\rrbracket/t\}$
3.

$\Psi\vdash\llbracket K_{1}\{A/x\}\rrbracket$ iff $\Psi\vdash\llbracket K_{1}\rrbracket\{\llbracket A\rrbracket/x\}$
4.

$\Psi\vdash\llbracket\tau\{M/x\}\rrbracket::\llbracket K\{M/x\}\rrbracket$ iff $\Psi\vdash\llbracket\tau\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$
5.

$\Psi\vdash\llbracket A\{M/x\}\rrbracket::\llbracket K\{M/x\}\rrbracket$ iff $\Psi\vdash\llbracket A\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$
6.

$\Psi;\Gamma;\Delta\vdash\llbracket M\{N/x\}\rrbracket_{z}=\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{y}\}/x\}::z{:}\llbracket A\{N/x\}\rrbracket$
7.

$\Psi;\Gamma;\Delta\vdash\llbracket P\{M/x\}\rrbracket::z{:}\llbracket A\{M/x\}\rrbracket$ iff $\Psi;\Gamma;\Delta\vdash\llbracket P\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::z{:}\llbracket A\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$

Proof

By mutual induction on the structure of the given kind/type/session type/etc.

Case:

$K=\mathsf{type}$ or $K=\mathsf{stype}$

Trivial.

(1)

Case:

$K=\Pi y{:}\tau.K^{\prime}$

Subcase:

\Rightarrow

\llbracket\Pi y{:}\tau.K^{\prime}\{M/x\}\rrbracket=\llbracket\Pi y{:}\tau\{M/x\}.K^{\prime}\{M/x\}\rrbracket=\Pi y{:}\{\llbracket\tau\{M/x\}\rrbracket\}.\llbracket K^{\prime}\{M/x\}\rrbracket

by definition

\Pi y{:}\{\llbracket\tau\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket K^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by i.h.(3) and i.h.(1)

=(\Pi y{:}\{\llbracket\tau\rrbracket\}.\llbracket K^{\prime}\rrbracket)\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition, satisfying

\Rightarrow

Subcase:

\Leftarrow

\llbracket\Pi y{:}\tau.K^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=(\Pi y{:}\{\llbracket\tau\rrbracket\}.\llbracket K^{\prime}\rrbracket)\{\{\llbracket M\rrbracket_{c}\}/x\}=

\Pi y{:}\{\llbracket\tau\rrbracket\}\{\{\llbracket M\rrbracket_{c}\}/x\}.\llbracket K^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

\Pi y{:}\{\llbracket\tau\{M/x\}\rrbracket\}.\llbracket K^{\prime}\{M/x\}\rrbracket

by i.h.(3) and i.h.(1)

=\llbracket\Pi y{:}\tau.K^{\prime}\{M/x\}\rrbracket

by definition, satisfying

\Leftarrow

Case:

$K=\Pi t{:}K_{1}.K_{2}$

Same argument as above, appealing to i.h.(1)

(2)

As above, appealing to i.h.(2)

(3)

As above, appealing to i.h.(3)

(4)

Case:

$\tau=\Pi y{:}\tau^{\prime}.\sigma$

Subcase:

\Rightarrow

\llbracket\Pi y{:}\tau^{\prime}.\sigma\{M/x\}\rrbracket=\llbracket\Pi y{:}\tau^{\prime}\{M/x\}.\sigma\{M/x\}\rrbracket=\forall y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket\sigma\{M/x\}\rrbracket

by definition

\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by i.h.(3)

=(\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma\rrbracket)\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition, satisfying

\Rightarrow

Subcase:

\Leftarrow

\llbracket\Pi y{:}\tau^{\prime}.\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=(\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma\rrbracket)\{\{\llbracket M\rrbracket_{c}\}/x\}=\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

\forall y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket\sigma\{M/x\}\rrbracket

by i.h.(3)

=\llbracket\Pi y{:}(\tau^{\prime}\{M/x\}).(\sigma\{M/x\})\rrbracket=\llbracket\Pi y{:}\tau^{\prime}.\sigma\{M/x\}\rrbracket

by definition, satisfying

\Leftarrow

Case:

$\tau=\lambda y{:}\tau^{\prime}.\sigma$

As above.

Case:

$\tau=\tau^{\prime}\,M^{\prime}$

\llbracket\tau^{\prime}\,M^{\prime}\{M/x\}\rrbracket=\llbracket\tau^{\prime}\{M/x\}\,M^{\prime}\{M/x\}\rrbracket=\llbracket\tau^{\prime}\{M/x\}\rrbracket\,\{\llbracket M^{\prime}\{M/x\}\rrbracket_{c}\}

by definition

\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{d}\}/x\}\,\{\llbracket M^{\prime}\rrbracket_{c}\{\{\llbracket M\rrbracket_{d}\}/x\}\}

by i.h.

\llbracket\tau^{\prime}\,M^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{d}\}/x\}=(\llbracket\tau^{\prime}\rrbracket\,\{\llbracket M^{\prime}\rrbracket_{c}\})\{\{\llbracket M\rrbracket_{d}\}/x\}=

\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{d}\}/x\}\,\{\llbracket M^{\prime}\rrbracket_{c}\{\{\llbracket M\rrbracket_{d}\}/x\}\}

by definition

Case:

$\tau=\lambda y::K.\tau^{\prime}$

\llbracket\lambda y::K.\tau^{\prime}\{M/x\}\rrbracket=\lambda y::L\{M/x\}.\tau^{\prime}\{M/x\}\rrbracket=\lambda y::\llbracket K\{M/x\}\rrbracket.\llbracket\tau^{\prime}\{M/x\}\rrbracket

by definition

\llbracket\lambda y::K.\tau^{\prime}\rrbracket\{\{M\}_{c}/x\}=\lambda y::\llbracket K\rrbracket\{\{M\}_{c}/x\}.\llbracket\tau^{\prime}\rrbracket\{\{M\}_{c}/x\}

by definition

=\lambda y::\llbracket K\{M/x\}\rrbracket.\llbracket\tau^{\prime}\{M/x\}\rrbracket

by i.h.

Case:

$\tau=\tau^{\prime}\,\sigma$

Straightforward by i.h. as above.

(5)

Case:

$A=\mathbf{1}$

Trivial.

Case:

$A=A_{1}\multimap A_{2}$

\llbracket A_{1}\multimap A_{2}\{M/x\}\rrbracket=\llbracket A_{1}\{M/x\}\rrbracket\multimap\llbracket A_{2}\{M/x\}\rrbracket

by definition

\llbracket A_{1}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\multimap\llbracket A_{2}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by i.h.

\llbracket A_{1}\multimap A_{2}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=\llbracket A_{1}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\multimap\llbracket A_{2}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

Case:

$A=A_{1}\otimes A_{2}$

Identical to $\multimap$ case.

Case:

$A=\mathbin{\binampersand}\{\overline{l_{i}{:}A_{i}}\}$

See above.

Case:

$A=\oplus\{\overline{l_{i}{:}A_{i}}\}$

See above.

Case:

$A=\forall x{:}\tau.A_{0}$

\llbracket\forall x{:}\tau.A_{0}\{M/x\}\rrbracket=\forall x{:}\{\llbracket\tau\{M/x\}\rrbracket\}.\llbracket A_{0}\{M/x\}\rrbracket

by definition

\forall x{:}\{\llbracket\tau\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket A_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by i.h.

\llbracket\forall x{:}\tau.A_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket A_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=

\forall x{:}\{\llbracket\tau\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket A_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

Case:

$A=\exists x{:}\tau.A_{0}$

As above.

Case:

$A=\lambda x{:}\tau.A_{0}$

As above.

Case:

$A=A_{0}\,M^{\prime}$

\llbracket A_{0}\,M^{\prime}\{M/x\}\rrbracket=\llbracket A_{0}\{M/x\}\rrbracket\,\{\llbracket M^{\prime}\{M/x\}\rrbracket_{c}\}

by definition

(\llbracket A_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})\,\{\llbracket M^{\prime}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}

by i.h.

\llbracket A_{0}\,M^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=(\llbracket A_{0}\rrbracket\,\{\llbracket M^{\prime}\rrbracket_{d}\})\{\{\llbracket M\rrbracket_{c}\}/x\}

=(\llbracket A_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})\,\{\llbracket M^{\prime}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}

by definition

Case:

$A=A_{0}\,A_{1}$

Straightforward by i.h.

Case:

$A=\lambda t::K.A_{0}$

Straightforward by i.h.

(6) $\Psi;\Gamma;\Delta\vdash\llbracket M\{N/x\}\rrbracket_{z}=\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{y}\}/x\}::z{:}\llbracket A\{N/x\}\rrbracket$

Case:

$M=\lambda y{:}\tau.M_{0}$

\llbracket\lambda y{:}\tau.M_{0}\{N/x\}\rrbracket_{z}::z{:}\llbracket\Pi y{:}\tau.\sigma\{N/x\}\rrbracket

\llbracket\lambda y{:}\tau.M_{0}\{N/x\}\rrbracket_{z}=\llbracket\lambda y{:}\tau\{N/x\}.M_{0}\{N/x\}\rrbracket_{z}=z(y).\llbracket M_{0}\{N/x\}\rrbracket_{z}::z{:}\forall y{:}\{\llbracket\tau\{N/x\}\rrbracket\}.\llbracket\sigma\{N/x\}\rrbracket

by definition

z(y).\llbracket M_{0}\{N/x\}\rrbracket_{z}=z(y).\llbracket M_{0}\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}::z{:}\forall y{:}\{\llbracket\tau\rrbracket\{\{\llbracket N\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket N\rrbracket_{c}\}/x\}

by i.h.

\llbracket\lambda y{:}\tau.M_{0}\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}=z(y).\llbracket M_{0}\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}

by definition

Case:

$M=M_{1}\,M_{2}$

\llbracket M_{1}\,M_{2}\{N/x\}\rrbracket_{z}::z{:}\llbracket(\sigma\{M_{2}/y\})\{N/x\}\rrbracket

=({\boldsymbol{\nu}}y)(\llbracket M_{1}\{N/x\}\rrbracket_{y}\mid y\langle\{\llbracket M_{2}\{N/x\}\rrbracket_{y}\}\rangle.[y\leftrightarrow z])

by definition

=({\boldsymbol{\nu}}y)(\llbracket M_{1}\rrbracket_{y}\{\{\llbracket N\rrbracket_{c}\}/x\}\mid y\langle\{\llbracket M_{2}\rrbracket_{y}\{\{\llbracket N\rrbracket_{c}\}/x\}\}\rangle.[y\leftrightarrow z])

by i.h.

\llbracket M_{1}\,M_{2}\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}=({\boldsymbol{\nu}}y)(\llbracket M_{1}\rrbracket_{y}\mid y\langle\{\llbracket M_{2}\rrbracket_{y}\}\rangle.[y\leftrightarrow z])\{\{\llbracket N\rrbracket_{c}\}/x\}

=({\boldsymbol{\nu}}y)(\llbracket M_{1}\rrbracket_{y}\{\{\llbracket N\rrbracket_{c}\}/x\}\mid y\langle\{\llbracket M_{2}\rrbracket_{y}\{\{\llbracket N\rrbracket_{c}\}/x\}\}\rangle.[y\leftrightarrow z])

by definition

Case:

$M=\{z\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}$

\llbracket M\{N/x\}\rrbracket_{z}=z(u_{0}).\dots.z(u_{j}).z(d_{0}).\dots.z(d_{n}).\llbracket P\{N/x\}\rrbracket

by definition

z(u_{0}).\dots.z(u_{j}).z(d_{0}).\dots.z(d_{n}).\llbracket P\rrbracket\{\{\llbracket N\rrbracket_{c}\}/x\}

by i.h.

\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}=z(u_{0}).\dots.z(u_{j}).z(d_{0}).\dots.z(d_{n}).\llbracket P\rrbracket\{\{\llbracket N\rrbracket_{c}\}/x\}

by definition

Case:

$M=y$ with $y\neq x$

\llbracket y\{N/x\}\rrbracket_{z}=w\leftarrow y;[w\leftrightarrow z]

by definition

\llbracket y\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}=w\leftarrow y;[w\leftrightarrow z]

by definition

Case:

$M=y$ with $y=x$

\llbracket x\{N/x\}\rrbracket_{z}=\llbracket N\rrbracket_{z}

by definition

\llbracket x\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}=w\leftarrow\{\llbracket N\rrbracket_{c}\};[w\leftrightarrow z]

by definition

w\leftarrow\{\llbracket N\rrbracket_{c}\};[w\leftrightarrow z]\xrightarrow{}^{+}\llbracket N\rrbracket_{z}

by reduction semantics

w\leftarrow\{\llbracket N\rrbracket_{c}\};[w\leftrightarrow z]=\llbracket N\rrbracket_{z}

\mathsf{PEqRed}

(7) $\Psi;\Gamma;\Delta\vdash\llbracket P\{M/x\}\rrbracket::z{:}\llbracket A\{M/x\}\rrbracket$ iff $\Psi;\Gamma;\Delta\vdash\llbracket P\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::z{:}\llbracket A\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$

Case:

$P=({\boldsymbol{\nu}}y)(P_{1}\mid P_{2})$

\llbracket({\boldsymbol{\nu}}y)(P_{1}\mid P_{2})\{M/x\}\rrbracket=({\boldsymbol{\nu}}y)(\llbracket P_{1}\{M/x\}\rrbracket\mid\llbracket P_{2}\{M/x\}\rrbracket)

by definition

({\boldsymbol{\nu}}y)(\llbracket P_{1}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\mid\llbracket P_{2}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})

by i.h.

\llbracket({\boldsymbol{\nu}}y)(P_{1}\mid P_{2})\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=({\boldsymbol{\nu}}y)(\llbracket P_{1}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\mid\llbracket P_{2}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})

by definition

Case:

$P=z\langle M_{0}\rangle.P_{0}$ by ${{\exists}\mathsf{R}}$

\llbracket z\langle M_{0}\rangle.P_{0}\{M/x\}\rrbracket=z\langle\{\llbracket M_{0}\{M/x\}\rrbracket_{d}\}\rangle.\llbracket P_{0}\{M/x\}\rrbracket

by definition

z\langle\{\llbracket M_{0}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}\rangle.\llbracket P_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by i.h.

\llbracket z\langle M_{0}\rangle.P_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=z\langle\{\llbracket M_{0}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}\rangle.\llbracket P_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

Case:

$P=x\leftarrow M_{0}\leftarrow\overline{u_{j}};\overline{y_{i}};P_{0}$

\llbracket P\{M/x\}\rrbracket=({\boldsymbol{\nu}}c)(\llbracket M_{0}\{M/x\}\rrbracket_{c}\mid\overline{c}\langle v_{1}\rangle.(\overline{u_{1}}\langle a_{1}\rangle.[a_{1}\leftrightarrow v_{1}]\mid\dots\mid

\overline{c}\langle d_{1}\rangle.([y_{1}\leftrightarrow d_{1}]\mid\dots\mid\overline{c}\langle d_{n}\rangle.([y_{n}\leftrightarrow d_{n}]\mid\llbracket P_{0}\{M/x\}\rrbracket)\dots)

by definition

({\boldsymbol{\nu}}c)(\llbracket M_{0}\rrbracket_{c}\{\{\llbracket M\rrbracket_{c}\}/x\}\mid\overline{c}\langle v_{1}\rangle.(\overline{u_{1}}\langle a_{1}\rangle.[a_{1}\leftrightarrow v_{1}]\mid\dots\mid

\overline{c}\langle d_{1}\rangle.([y_{1}\leftrightarrow d_{1}]\mid\dots\mid\overline{c}\langle d_{n}\rangle.([y_{n}\leftrightarrow d_{n}]\mid\llbracket P_{0}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})\dots)

by i.h.

=\llbracket P\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

Remaining process cases are straightforward by i.h.

Lemma 0.C.2 (Compositionality – Reflection in Equality)

1.

$\Psi\vdash\llbracket K\{M/x\}\rrbracket=\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}$
2.

$\Psi\vdash\llbracket K_{1}\{\tau/t\}\rrbracket=\llbracket K_{1}\rrbracket\{\llbracket\tau\rrbracket/t\}$
3.

$\Psi\vdash\llbracket K_{1}\{A/x\}\rrbracket=\llbracket K_{1}\rrbracket\{\llbracket A\rrbracket/x\}$
4.

$\Psi\vdash\llbracket\tau\{M/x\}\rrbracket=\llbracket\tau\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\{M/x\}\rrbracket$
5.

$\Psi\vdash\llbracket A\{M/x\}\rrbracket=\llbracket A\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\{M/x\}\rrbracket$
6.

$\Psi;\Gamma;\Delta\vdash\llbracket M\{N/x\}\rrbracket_{z}=\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{y}\}/x\}::z{:}\llbracket A\{N/x\}\rrbracket$
7.

$\Psi;\Gamma;\Delta\vdash\llbracket P\{M/x\}\rrbracket=\llbracket P\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::z{:}\llbracket A\{M/x\}\rrbracket$

Proof

(1-3) is identical to corresponding statements in Lemma 0.C.1.

(4) $\Psi\vdash\llbracket\tau\{M/x\}\rrbracket=\llbracket\tau\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\{M/x\}\rrbracket$

Case:

$\tau=\Pi y{:}\tau^{\prime}.\sigma$

\llbracket\Pi y{:}\tau^{\prime}.\sigma\{M/x\}\rrbracket=\llbracket\Pi y{:}\tau^{\prime}\{M/x\}.\sigma\{M/x\}\rrbracket=\forall y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket\sigma\{M/x\}\rrbracket

by definition

\llbracket\Pi y{:}\tau^{\prime}.\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=(\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma\rrbracket)\{\{\llbracket M\rrbracket_{c}\}/x\}=\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

\Psi\vdash\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}=\{\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}::\mathsf{type}

by i.h. and

\mathsf{TEq}\{\}

\Psi,y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}\vdash\llbracket\sigma\{M/x\}\rrbracket=\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\mathsf{stype}

by i.h.

\Psi\vdash\forall y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket\sigma\{M/x\}\rrbracket=\forall y{:}\{\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\mathsf{stype}

\mathsf{STEq}\forall

Case:

$\tau=\lambda y{:}\tau^{\prime}.\sigma$

\llbracket\lambda y{:}\tau^{\prime}.\sigma\{M/x\}\rrbracket=\lambda y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket\sigma\{M/x\}\rrbracket

by definition

\llbracket\lambda y{:}\tau^{\prime}.\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=\lambda y{:}\{\llbracket\tau^{\prime}\rrbracket\}\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

\Psi\vdash\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}=\{\llbracket\tau^{\prime}\rrbracket\}\{\{\llbracket M\rrbracket_{c}\}/x\}\}::\mathsf{type}

by i.h. and

\mathsf{TEq}\{\}

\Psi,y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}\vdash\llbracket\sigma\{M/x\}\rrbracket=\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\{M/x\}\rrbracket

by i.h.

\Psi\vdash\lambda y{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket\sigma\{M/x\}\rrbracket=\lambda y{:}\{\llbracket\tau^{\prime}\rrbracket\}\{\{\llbracket M\rrbracket_{c}\}/x\}\}.\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\Pi x{:}\{\llbracket\tau^{\prime}\{M/x\}\rrbracket\}.\llbracket K\{M/x\}\rrbracket

\mathsf{STEq}\lambda

Case:

$\tau=\tau^{\prime}\,M^{\prime}$

\llbracket\tau^{\prime}\,M^{\prime}\{M/x\}\rrbracket=\llbracket\tau^{\prime}\{M/x\}\rrbracket\,\{\llbracket M^{\prime}\{M/x\}\rrbracket_{d}\}

by definition

\llbracket\tau^{\prime}\,M^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=(\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})\,\{\llbracket M^{\prime}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}

by definition

\Psi\vdash\llbracket\tau^{\prime}\{M/x\}\rrbracket=\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\Pi y{:}\{\llbracket\tau^{\prime\prime}\{M/x\}\rrbracket\}.\llbracket K\{M/x\}\rrbracket

by i.h

\Psi\vdash\{\llbracket M^{\prime}\{M/x\}\rrbracket_{d}\}=\{\llbracket M^{\prime}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}:\{\llbracket\tau^{\prime\prime}\{M/x\}\rrbracket\}

by i.h. and

\mathsf{TEq}\{\}

\Psi\vdash\llbracket\tau^{\prime}\{M/x\}\rrbracket\,\{\llbracket M^{\prime}\{M/x\}\rrbracket_{d}\}=

\qquad(\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\})\,\{\llbracket M^{\prime}\rrbracket_{d}\{\{\llbracket M\rrbracket_{c}\}/x\}\}::\llbracket K\{M/x\}\rrbracket\{\{\llbracket M^{\prime}\{M/x\}\rrbracket_{d}\}/y\}

\mathsf{STEqApp}

Case:

$\tau=\lambda t::K^{\prime}.\tau^{\prime}$

\llbracket\lambda t::K^{\prime}.\tau^{\prime}\{M/x\}\rrbracket=\lambda t::\llbracket K^{\prime}\{M/x\}\rrbracket.\llbracket\tau^{\prime}\{M/x\}\rrbracket

by definition

\llbracket\lambda t::K^{\prime}.\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=\lambda t::\llbracket K^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}.\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

\Psi\vdash\llbracket K^{\prime}\{M/x\}\rrbracket=\llbracket K^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by i.h.

\Psi,t::\llbracket K^{\prime}\{M/x\}\rrbracket\vdash\llbracket\tau^{\prime}\{M/x\}\rrbracket=\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K^{\prime\prime}\{M/x\}\rrbracket

by i.h.

\Psi\vdash\lambda t::\llbracket K^{\prime}\{M/x\}\rrbracket.\llbracket\tau^{\prime}\{M/x\}\rrbracket=

\qquad\lambda t::\llbracket K^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}.\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\Pi t::\llbracket K^{\prime}\{M/x\}\rrbracket.\llbracket K^{\prime\prime}\{M/x\}\rrbracket

\mathsf{STEqT}\lambda

Case:

$\tau=\tau^{\prime}\,\sigma$

\llbracket\tau^{\prime}\,\sigma\{M/x\}\rrbracket=\llbracket\tau^{\prime}\{M/x\}\rrbracket\,\llbracket\sigma\{M/x\}\rrbracket

by definition

\llbracket\tau^{\prime}\,\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}=\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}\,\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by definition

\Psi\vdash\llbracket\tau^{\prime}\{M/x\}\rrbracket=\llbracket\tau^{\prime}\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\Pi t:\llbracket K\{M/x\}\rrbracket.\llbracket K^{\prime}\{M/x\}\rrbracket

by i.h.

\Psi\vdash\llbracket\sigma\{M/x\}\rrbracket=\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\{M/x\}\rrbracket

by i.h.

Remaining cases are identical.

Lemma 0.C.3 (Preservation of Equality)

1.

If $\Psi\vdash K_{1}=K_{2}$ then $\{\llbracket\Psi\rrbracket\}\vdash\llbracket K_{1}\rrbracket=\llbracket K_{2}\rrbracket$
2.

If $\Psi\vdash\tau_{1}=\tau_{2}::K$ then $\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau_{1}\rrbracket=\llbracket\tau_{2}\rrbracket::\llbracket K\rrbracket$
3.

If $\Psi\vdash A=B::K$ then $\{\llbracket\Psi\rrbracket\}\vdash\llbracket A\rrbracket=\llbracket B\rrbracket::\llbracket K\rrbracket$
4.

If $\Psi\vdash M=N:\tau$ then $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}=\llbracket N\rrbracket_{z}::z{:}\llbracket\tau\rrbracket$
5.

If $\Psi;\Gamma;\Delta\vdash P=Q::z{:}A$ then $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket=\llbracket Q\rrbracket::z{:}\llbracket A\rrbracket$

Proof

By induction on the given judgment.

Case:

$\mathsf{KEqR}$ , $\mathsf{KEqS}$ , $\mathsf{KEqT}$ and $\mathsf{KEq}\Pi_{2}$

Immediate by i.h.

Case:

$\mathsf{KEq}\Pi_{1}$

\Psi\vdash\tau=\sigma::\mathsf{type}

and

\Psi,x{:}\tau\vdash K_{1}=K_{2}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket=\llbracket\sigma\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket\tau\rrbracket\}=\{\llbracket\sigma\rrbracket\}::\mathsf{type}

\mathsf{TEq}\{\}

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket K_{1}\rrbracket=\llbracket K_{2}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K_{1}\rrbracket=\Pi x{:}\{\llbracket\sigma\rrbracket\}.\llbracket K_{2}\rrbracket

\mathsf{KEq}\Pi_{1}

(2)

Case:

$\mathsf{TEqR}$ , $\mathsf{TEqT}$ , $\mathsf{TEqS}$

Immediate by i.h.

Case:

$\mathsf{TEq}\Pi$

\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::\mathsf{type}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket=\llbracket\tau^{\prime}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket\tau\rrbracket\}=\{\llbracket\tau^{\prime}\rrbracket\}::\mathsf{type}

\mathsf{TEq}\{\}

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket\sigma\rrbracket=\llbracket\sigma^{\prime}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket=\forall x{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma^{\prime}\rrbracket::\mathsf{stype}

\mathsf{STEq}\forall

Case:

$\mathsf{TEq}\lambda$

\Psi\vdash\tau=\tau^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash\sigma=\sigma^{\prime}::K

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket=\llbracket\tau^{\prime}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket\tau\rrbracket\}=\{\llbracket\tau^{\prime}\rrbracket\}::\mathsf{type}

\mathsf{TEq}\{\}

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket\sigma\rrbracket=\llbracket\sigma^{\prime}\rrbracket::\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket=\lambda x{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma^{\prime}\rrbracket::\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket

\mathsf{STEq}\lambda

Case:

$\mathsf{TEq}T\lambda$

\Psi\vdash K=K^{\prime}

and

\Psi,t::K\vdash\tau=\sigma::K^{\prime\prime}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket K\rrbracket=\llbracket K^{\prime}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\},t::\llbracket K\rrbracket\vdash\llbracket\tau\rrbracket=\llbracket\sigma\rrbracket::\llbracket K^{\prime\prime}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\lambda t::\llbracket K\rrbracket.\llbracket\tau\rrbracket=\lambda t::\llbracket K^{\prime}\rrbracket.\llbracket\sigma\rrbracket::\Pi t::\llbracket K\rrbracket.\llbracket K^{\prime\prime}\rrbracket

\mathsf{STEq}T\lambda

Case:

$\mathsf{TEqApp}$

\Psi\vdash\tau=\sigma::\Pi x{:}\tau^{\prime}.K

and

\Psi\vdash M=N:\tau^{\prime}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket=\llbracket\sigma\rrbracket::\Pi x{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}=\llbracket N\rrbracket_{z}::z{:}\llbracket\tau^{\prime}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket M\rrbracket_{z}\}=\{\llbracket N\rrbracket_{z}\}:\{\llbracket\tau^{\prime}\rrbracket\}

\mathsf{TEq}\{\}

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket\,\{\llbracket M\rrbracket_{z}\}=\llbracket\sigma\rrbracket\,\{\llbracket N\rrbracket_{z}\}::\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{z}\}/x\}

\mathsf{STEqApp}

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket\,\{\llbracket M\rrbracket_{z}\}=\llbracket\sigma\rrbracket\,\{\llbracket N\rrbracket_{z}\}::\llbracket K\{M/x\}\rrbracket

by compositionality and conversion

Case:

$\mathsf{TEqTApp}$

\Psi\vdash\tau=\tau^{\prime}::\Pi t::K_{1}.K_{2}

and

\Psi\vdash\sigma=\sigma^{\prime}::K_{1}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket=\llbracket\tau^{\prime}\rrbracket::\Pi t::\llbracket K_{1}\rrbracket.\llbracket K_{2}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\sigma\rrbracket=\llbracket\sigma^{\prime}\rrbracket::\llbracket K_{1}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket\,\llbracket\sigma\rrbracket=\llbracket\tau^{\prime}\rrbracket\,\llbracket\sigma^{\prime}\rrbracket::\llbracket K_{2}\rrbracket\{\llbracket\sigma\rrbracket/t\}

\mathsf{STEqTApp}

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket\,\llbracket\sigma\rrbracket=\llbracket\tau^{\prime}\rrbracket\,\llbracket\sigma^{\prime}\rrbracket::\llbracket K_{2}\{\sigma/t\}\rrbracket

by compositionality and conversion

Case:

$\mathsf{TEq}\beta$

\Psi,x{:}\tau\vdash\sigma::K

and

\Psi\vdash M:\tau

by inversion

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket\sigma\rrbracket::\llbracket K\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{c}::c{:}\llbracket\tau\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket M\rrbracket_{c}\}:\{\llbracket\tau\rrbracket\}

\{\}I

\{\llbracket\Psi\rrbracket\}\vdash(\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket)\,\{\llbracket M\rrbracket_{c}\}=\llbracket\sigma\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}::\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

\mathsf{STEq}\beta

\{\llbracket\Psi\rrbracket\}\vdash(\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket)\,\{\llbracket M\rrbracket_{c}\}=\llbracket\sigma\{M/x\}\rrbracket::\llbracket K\{M/x\}\rrbracket

by compositionality and conversion

Case:

$\mathsf{TEq}T\beta$

\Psi\vdash\sigma::K

and

\Psi,t::K\vdash\tau::K^{\prime}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\sigma\rrbracket::\llbracket K\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\},t::\llbracket K\rrbracket\vdash\llbracket\tau\rrbracket::\llbracket K^{\prime}\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\}\vdash(\lambda t::\llbracket K\rrbracket.\llbracket\tau\rrbracket)\,\llbracket\sigma\rrbracket=\llbracket\tau\rrbracket\{\llbracket\sigma\rrbracket/t\}::\llbracket K^{\prime}\rrbracket\{\llbracket\sigma\rrbracket/t\}

\mathsf{STEq}T\beta

\{\llbracket\Psi\rrbracket\}\vdash(\lambda t::\llbracket K\rrbracket.\llbracket\tau\rrbracket)\,\llbracket\sigma\rrbracket=\llbracket\tau\{\sigma/t\}\rrbracket::\llbracket K^{\prime}\{\sigma/t\}\rrbracket

by compositionality and conversion

Case:

$\mathsf{TEq}\eta$

\Psi\vdash\sigma::\Pi x{:}\tau.K

and

x\not\in fv(\sigma)

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\sigma\rrbracket::\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\}\vdash\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket\,x=\llbracket\sigma\rrbracket::\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket

\mathsf{STEq}\eta

\{\llbracket\Psi\rrbracket\}\vdash\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket\,\{c\leftarrow(y\leftarrow x;[y\leftrightarrow c])\}=\llbracket\sigma\rrbracket::\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket

\mathsf{STEqT}

\mathsf{STEqApp}

and

\mathsf{TMEq}\{\}\eta

Case:

$\mathsf{TEqT}\eta$

\Psi\vdash\tau::\Pi t::K_{1}.K_{2}

and

t\not\in fv(\tau)

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket::\Pi t::\llbracket K_{1}\rrbracket.\llbracket K_{2}\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\}\vdash\lambda t::\llbracket K\rrbracket.\llbracket\tau\rrbracket\,t=\llbracket\tau\rrbracket::\Pi t::\llbracket K\rrbracket.\llbracket K^{\prime}\rrbracket

\mathsf{STEqT}\eta

Case:

$\mathsf{TEq}\{\}$

\forall i,j.\Psi\vdash A_{i}=B_{i}::\mathsf{stype}

\Psi\vdash C_{j}=D_{j}::\mathsf{stype}

and

\Psi\vdash A=B::\mathsf{stype}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket C_{j}\rrbracket=\llbracket D_{j}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A_{i}\rrbracket=\llbracket B_{i}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A\rrbracket=\llbracket B\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\overline{{!}\llbracket C_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket=\overline{{!}\llbracket D_{j}\rrbracket}\multimap\overline{\llbracket B_{i}\rrbracket}\multimap\llbracket B\rrbracket::\mathsf{stype}

\mathsf{STEq}\multimap

and

\mathsf{STEq}{!}

(3)

All cases are identical to those of (2).

(4)

Case:

$\mathsf{TMEqR}$

\Psi\vdash M:\tau

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}::z{:}\llbracket\tau\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}=\llbracket M\rrbracket_{z}::z{:}\llbracket\tau\rrbracket

\mathsf{PEqR}

Case:

$\mathsf{TMEqS}$ $\mathsf{TMEqT}$

Immediate by i.h. and the corresponding definitional equality rules for processes.

Case:

$\mathsf{TMEq}\lambda$

\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma

\Psi\vdash\lambda x{:}\tau^{\prime}.N:\Pi x{:}\tau^{\prime}.\sigma^{\prime}

\Psi\vdash\Pi x{:}\tau.\sigma=\Pi x{:}\tau^{\prime}.\sigma^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau\vdash M=N:\sigma

by inversion

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}=\llbracket N\rrbracket_{z}::z{:}\llbracket\sigma\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket=\forall x{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma^{\prime}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash z(x).\llbracket M\rrbracket_{z}=z(x^{\prime}).\llbracket N\rrbracket_{z}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

\mathsf{PEq}{{\forall}\mathsf{R}}

Case:

$\mathsf{TMEqApp}$

\Psi\vdash M=M^{\prime}:\Pi x{:}\tau.\sigma

and

\Psi\vdash N=N^{\prime}:\tau

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{x}=\llbracket M^{\prime}\rrbracket_{x}::x{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket N\rrbracket_{y}=\llbracket N^{\prime}\rrbracket_{y}::y{:}\llbracket\tau\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket N\rrbracket_{y}\}=\{\llbracket N^{\prime}\rrbracket_{y}\}:\{\llbracket\tau\rrbracket\}

\mathsf{TMEq}\{\}

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{y}\}\rangle.[x\leftrightarrow z])=

\qquad({\boldsymbol{\nu}}x)(\llbracket M^{\prime}\rrbracket_{x}\mid x\langle\{\llbracket N^{\prime}\rrbracket_{y}\}\rangle.[x\leftrightarrow z])::z{:}\llbracket\sigma\rrbracket\{\{\llbracket N\rrbracket_{y}\}/x\}

\mathsf{PEq}\mathsf{cut}

\mathsf{PEq}{{\forall}\mathsf{L}}

\mathsf{PEqID}

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{y}\}\rangle.[x\leftrightarrow z])=

\qquad({\boldsymbol{\nu}}x)(\llbracket M^{\prime}\rrbracket_{x}\mid x\langle\{\llbracket N^{\prime}\rrbracket_{y}\}\rangle.[x\leftrightarrow z])::z{:}\llbracket\sigma\{N/x\}\rrbracket

by compositionality and conversion

Case:

$\mathsf{TMEq}\beta$

\Psi\vdash\lambda x{:}\tau.M:\Pi x{:}\tau.\sigma

and

\Psi\vdash N:\tau

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash y(x).\llbracket M\rrbracket_{y}::y{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket N\rrbracket_{w}::w{:}\llbracket\tau\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket N\rrbracket_{w}\}:\{\llbracket\tau\rrbracket\}

\{\}I

To show:

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket(\lambda x{:}\tau.M)\,N\rrbracket_{z}=\llbracket M\{N/x\}\rrbracket_{z}::z{:}\llbracket\sigma\{N/x\}\rrbracket

S.T.S:

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}y)(y(x).\llbracket M\rrbracket_{y}\mid y\langle\{\llbracket N\rrbracket_{w}\}\rangle.[y\leftrightarrow z])=\llbracket M\{N/x\}\rrbracket_{z}::z{:}\llbracket\sigma\{N/x\}\rrbracket

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}y)(y(x).\llbracket M\rrbracket_{y}\mid y\langle\{\llbracket N\rrbracket_{w}\}\rangle.[y\leftrightarrow z])::z{:}\llbracket\sigma\rrbracket\{\{\llbracket N\rrbracket_{w}\}/x\}

by above,

\mathsf{id}

{{\forall}\mathsf{L}}

and

\mathsf{cut}

\xrightarrow{}\xrightarrow{}\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{w}\}/x\}

by operational semantics

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{w}\}/x\}::z{:}\llbracket\sigma\rrbracket\{\{\llbracket N\rrbracket_{w}\}/x\}

by type preservation

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}y)(y(x).\llbracket M\rrbracket_{y}\mid y\langle\{\llbracket N\rrbracket_{w}\}\rangle.[y\leftrightarrow z])=\llbracket M\{N/x\}\rrbracket_{z}::z{:}\llbracket\sigma\{N/x\}\rrbracket

by above,

\mathsf{PEqRed}

, compositionality and conversion

Case:

$\mathsf{TMEq}\eta$

\Psi\vdash M:\Pi x{:}\tau.\sigma

and

x\not\in{fv}(M)

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{y}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash z(x).({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid y\langle x\rangle.[y\leftrightarrow z])=

z(x).({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid y\langle\{c\leftarrow(y\leftarrow x;[y\leftrightarrow c])\leftarrow\cdot\}\rangle.[y\leftrightarrow z])::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

\mathsf{PEqCut}

\mathsf{PEq}{{\forall}\mathsf{L}}

\mathsf{PEqID}

\mathsf{TMEq}\{\}\eta

and

\mathsf{PEqR}

To show:

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash z(x).({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid y\langle\{c\leftarrow(y\leftarrow x;[y\leftrightarrow c])\leftarrow\cdot\}\rangle.[y\leftrightarrow z])=

\qquad\llbracket M\rrbracket_{z}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash z(x).({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid y\langle x\rangle.[y\leftrightarrow z])=({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid z(x).y\langle x\rangle.[y\leftrightarrow z])::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

\mathsf{PEqCC}\forall

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid z(x).y\langle x\rangle.[y\leftrightarrow z])=({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid[y\leftrightarrow z])::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

\mathsf{PEq}\forall\eta

({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid[y\leftrightarrow z])\xrightarrow{}\llbracket M\rrbracket_{z}

by the operational semantics

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

by type preservation

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid[y\leftrightarrow z])=\llbracket M\rrbracket_{z}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

\mathsf{PEqRed}

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash z(x).({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\mid y\langle\{c\leftarrow(y\leftarrow x;[y\leftrightarrow c])\leftarrow\cdot\}\rangle.[y\leftrightarrow z])=\llbracket M\rrbracket_{z}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

by the above reasoning and

\mathsf{PEqT}

Case:

$\mathsf{TMEq}\{\}$

\Psi;\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash P=Q::c{:}A

by inversion

\{\llbracket\Psi\rrbracket\};\overline{u_{j}{:}\llbracket B_{j}\rrbracket};\overline{d_{i}{:}\llbracket A_{i}\rrbracket}\vdash\llbracket P\rrbracket=\llbracket Q\rrbracket::c{:}\llbracket A\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash c(u_{0}).\dots c(u_{j}).c(d_{0}).\dots c(d_{n}).\llbracket P\rrbracket=

\qquad c(u_{0}).\dots c(u_{j}).c(d_{0}).\dots c(d_{n}).\llbracket Q\rrbracket::c{:}\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket

\mathsf{PEq}{{\multimap}\mathsf{R}}

\mathsf{PEq}{{{!}}\mathsf{L}}

Case:

$\mathsf{TMEq}\{\}\eta$

\Psi\vdash M:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}::\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket

To show:

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash c(u_{0}).\dots c(u_{j}).c(d_{0}).\dots c(d_{n}).\llbracket z\leftarrow M;\overline{u_{j}};\overline{d_{i}};[z\leftrightarrow c]\rrbracket

\qquad\qquad=\llbracket M\rrbracket_{c}::c{:}\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket

S.T.S:

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash c(u_{0}).\dots c(u_{j}).c(d_{0}).\dots c(d_{n}).({\boldsymbol{\nu}}z)(\llbracket M\rrbracket_{z}\mid

\qquad\overline{z}\langle v_{1}\rangle.(\overline{u_{1}}\langle a_{1}\rangle.[a_{1}\leftrightarrow v_{1}]\mid\dots\mid\overline{z}\langle d_{1}\rangle.([y_{1}\leftrightarrow d_{1}]\mid\dots\mid\overline{z}\langle d_{n}\rangle.([y_{n}\leftrightarrow d_{n}]\mid[z\leftrightarrow c])\dots)

\qquad=\llbracket M\rrbracket_{c}::c{:}\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket

\mathsf{PEqCC}\multimap

and

\mathsf{PEqCC}{!}

and

\mathsf{PEq}\multimap\eta

and

\mathsf{PEq}{!}\eta

\mathsf{PEqR}

and

\mathsf{PEqRed}

Case:

$\mathsf{PEqR}$

\Psi;\Gamma;\Delta\vdash P::z{:}A

by inversion

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket::z{:}\llbracket A\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket=\llbracket P\rrbracket::z{:}\llbracket A\rrbracket

\mathsf{PEqR}

Case:

$\mathsf{PEqS}$ and $\mathsf{PEqT}$

Straightforward by i.h.

Case:

$\mathsf{PEqRed}$

\Psi;\Gamma;\Delta\vdash P::z{:}A

P\xrightarrow{}^{*}Q

and

\Psi;\Gamma;\Delta\vdash Q::z{:}A

by inversion

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket::z{:}\llbracket A\rrbracket

by type preservation of the encoding

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket Q\rrbracket::z{:}\llbracket A\rrbracket

by type preservation of the encoding

\llbracket P\rrbracket\xrightarrow{}^{*}\llbracket Q\rrbracket

by operational correspondence

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket=\llbracket Q\rrbracket::z{:}\llbracket A\rrbracket

\mathsf{PEqRed}

Case:

$\mathsf{PEq}\{\}E$

\Psi\vdash M=N:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}

\Psi;\Gamma;\Delta,c{:}A\vdash Q=Q^{\prime}::z{:}C

\overline{u_{j}{:}B_{j}}\subseteq\Gamma

and

\overline{d_{i}{:}A_{i}}=\Delta^{\prime}

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{y}=\llbracket N\rrbracket_{y}::y{:}\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket,c{:}\llbracket A\rrbracket\vdash\llbracket Q\rrbracket=\llbracket Q^{\prime}\rrbracket::z{:}\llbracket C\rrbracket

by i.h.

We conclude by

\mathsf{PEqCut}

, (repeated)

\mathsf{PEq}{{\multimap}\mathsf{L}}

\mathsf{PEq}{{{!}}\mathsf{L}}

and

\mathsf{PEqID}

All other process cases follow fairly straightforwardly by i.h.

Lemma 0.C.4 (Preservation of Typing)

1.

If $\Psi\vdash$ then $\llbracket\Psi\rrbracket\vdash$ and $\{\llbracket\Psi\rrbracket\}\vdash$ .
2.

If $\Psi\vdash K$ then $\{\llbracket\Psi\rrbracket\}\vdash\llbracket K\rrbracket$
3.

If $\Psi\vdash\tau::K$ then $\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket::\llbracket K\rrbracket$
4.

If $\Psi\vdash A::K$ then $\{\llbracket\Psi\rrbracket\}\vdash\llbracket A\rrbracket::\llbracket K\rrbracket$
5.

If $\Psi\vdash M:\tau$ then $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}::z{:}\llbracket\tau\rrbracket$
6.

If $\Psi;\Gamma;\Delta\vdash P::z{:}A$ then $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P\rrbracket::z{:}\llbracket A\rrbracket$

Proof

By induction on the given judgement. (1) is immediate by induction.

Case:

$\tau=\Pi x{:}\tau^{\prime}.\sigma$

\Psi\vdash\tau^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau^{\prime}\vdash\sigma::\mathsf{type}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau^{\prime}\rrbracket\}\vdash\llbracket\sigma\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\forall x{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma\rrbracket::\mathsf{stype}

\{\}

and

\forall

rules

Case:

$\tau=\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}B_{i}}\vdash c{:}A\}$

Straightforward by induction.

Case:

$\tau=\lambda x{:}\tau^{\prime}.\sigma$

\Psi\vdash\tau^{\prime}::\mathsf{type}

and

\Psi,x{:}\tau^{\prime}\vdash\sigma::\mathsf{type}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau^{\prime}\rrbracket\}\vdash\llbracket\sigma\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\lambda x{:}\{\llbracket\tau^{\prime}\rrbracket\}.\llbracket\sigma\rrbracket::\mathsf{stype}

\{\}

and

\lambda

rules

Case:

$\tau=\tau^{\prime}\,M$

\Psi\vdash\tau^{\prime}::\Pi x{:}\sigma.K

and

\Psi\vdash M:\sigma

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket::\Pi x{:}\{\llbracket\sigma\rrbracket\}.\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{c}::c{:}\llbracket\sigma\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket M\rrbracket_{c}\}::c{:}\{\llbracket\sigma\rrbracket\}

\{\}I

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket\,\{\llbracket M\rrbracket_{c}\}::\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

by application well-formedness rule

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket\,\{\llbracket M\rrbracket_{c}\}::\llbracket K\{{M}/x\}\rrbracket

by compositionality

Case:

$\tau=\lambda t::K.\tau^{\prime}$

\Psi,t::K\vdash\tau^{\prime}::K_{2}

by inversion

\{\llbracket\Psi\rrbracket\},t::\llbracket K\rrbracket\vdash\llbracket\tau^{\prime}\rrbracket::\llbracket K_{2}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\lambda t::\llbracket K\rrbracket.\llbracket\tau^{\prime}\rrbracket::\Pi t::\llbracket K\rrbracket.\llbracket K^{\prime}\rrbracket

T\lambda

well-formedness rule

Case:

$\tau=\tau^{\prime}\,\sigma$

\Psi\vdash\tau^{\prime}::\Pi t{::}K_{1}.K_{2}

and

\Psi\vdash\sigma::K_{1}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket::\Pi t{::}\llbracket K_{1}\rrbracket.\llbracket K_{2}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\sigma\rrbracket::\llbracket K_{1}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket\,\llbracket\sigma\rrbracket::\llbracket K_{2}\rrbracket\{\llbracket K_{1}\rrbracket/t\}

Tapp

well-formedness rule

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket\,\llbracket\sigma\rrbracket::\llbracket K_{2}\{K_{1}/t\}\rrbracket

by compositionality

Case:

$\tau=\tau^{\prime}$ by conversion rule

\Psi\vdash\tau^{\prime}::K

by inversion

\Psi\vdash K=K^{\prime}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket::\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket K\rrbracket=\llbracket K^{\prime}\rrbracket

by preservation of equality

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau^{\prime}\rrbracket::\llbracket K^{\prime}\rrbracket

by conversion rule

Case:

$A=\mathbf{1}$

Immediate from the definition.

Case:

$A={!}A^{\prime}$

Immediate by i.h and ${!}$ well-formedness rule.

Case:

$A=A_{1}\multimap A_{2}$

Immediate by i.h. and $\multimap$ well-formedness rule.

Case:

$A=A_{1}\otimes A_{2}$

Immediate by i.h. and $\otimes$ well-formedness rule.

Case:

$A=\forall x{:}\tau.A_{0}$

\Psi\vdash\tau::\mathsf{type}

and

\Psi,x{:}\tau\vdash A_{0}::\mathsf{stype}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket A_{0}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket A_{0}\rrbracket::\mathsf{stype}

\forall

well-formedness rule

Case:

$A=\exists x{:}\tau.A_{0}$

\Psi\vdash\tau::\mathsf{type}

and

\Psi,x{:}\tau\vdash A_{0}::\mathsf{stype}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket A_{0}\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\exists x{:}\{\llbracket\tau\rrbracket\}.\llbracket A_{0}\rrbracket::\mathsf{stype}

\exists

well-formedness rule

Case:

$A=\mathbin{\binampersand}\{\overline{l_{i}{:}B_{i}}\}$

Immediate by i.h. and $\mathbin{\binampersand}$ well-formedness rule.

Case:

$A=\oplus\{\overline{l_{i}{:}B_{i}}\}$

Immediate by i.h. and $\oplus$ well-formedness rule.

Case:

$A=\lambda x{:}\tau.A^{\prime}$

\Psi\vdash\tau::\mathsf{type}

and

\Psi,x{:}\tau\vdash A^{\prime}::K

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\tau\rrbracket::\mathsf{stype}

by i.h.

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\}\vdash\llbracket A^{\prime}\rrbracket::\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket A^{\prime}\rrbracket::\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket

S\lambda

well-formedness rule

\{\llbracket\Psi\rrbracket\}\vdash\lambda x{:}\{\llbracket\tau\rrbracket\}.\llbracket A^{\prime}\rrbracket::\llbracket\Pi x{:}\tau.K\rrbracket

by compositionality

Case:

$A=A_{0}\,M$

\Psi\vdash A_{0}::\Pi x{:}\tau.K

and

\Psi\vdash M:\tau

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A_{0}\rrbracket::\Pi x{:}\{\llbracket\tau\rrbracket\}.\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{c}::c{:}\llbracket\tau\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket M\rrbracket_{c}\}:\{\llbracket\tau\rrbracket\}

\{\}

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A_{0}\rrbracket\,\{\llbracket M\rrbracket_{c}\}::\llbracket K\rrbracket\{\{\llbracket M\rrbracket_{c}\}/x\}

S

app well-formedness rule

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A_{0}\rrbracket\,\{\llbracket M\rrbracket_{c}\}::\llbracket K\{M/x\}\rrbracket

by compositionality

Case:

$A=\lambda t::K.A^{\prime}$

\Psi,t::K\vdash A^{\prime}::K_{2}

and

\Psi\vdash K_{1}

by inversion

\{\llbracket\Psi\rrbracket\},t::\llbracket K\rrbracket\vdash\llbracket A^{\prime}\rrbracket::\llbracket K_{2}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket K_{1}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\lambda t::\llbracket K_{1}\rrbracket.\llbracket A^{\prime}\rrbracket::\Pi t::\llbracket K_{1}\rrbracket.\llbracket K_{2}\rrbracket

S\Pi

well-formedness rule

\{\llbracket\Psi\rrbracket\}\vdash\lambda t::\llbracket K_{1}\rrbracket.\llbracket A^{\prime}\rrbracket::\llbracket\Pi t::K_{1}.K_{2}\rrbracket

by compositionality

Case:

$A=A^{\prime}\,B$

\Psi\vdash A^{\prime}::\Pi t::K_{1}.K_{2}

and

\Psi\vdash B::K_{1}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A^{\prime}\rrbracket::\Pi t::\llbracket K_{1}\rrbracket.\llbracket K_{2}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket B\rrbracket::\llbracket K_{1}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A^{\prime}\rrbracket\,\llbracket B\rrbracket::\llbracket K_{2}\rrbracket\{\llbracket B\rrbracket/x\}

by S

app

well-formedness rule

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A^{\prime}\rrbracket\,\llbracket B\rrbracket::\llbracket K_{2}\{B/x\}\rrbracket

by compositionality

Case:

$A=A^{\prime}$ by conversion rule

\Psi\vdash A^{\prime}::K

and

\Psi\vdash K=K^{\prime}

by inversion

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A^{\prime}\rrbracket::\llbracket K\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket K\rrbracket=\llbracket K^{\prime}\rrbracket

by preservation of equality

\{\llbracket\Psi\rrbracket\}\vdash\llbracket A^{\prime}\rrbracket::\llbracket K^{\prime}\rrbracket

by conversion rule

Case:

$M=\lambda x{:}\tau.M^{\prime}$

\Psi,x{:}\tau\vdash M:\sigma

by inversion

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}::z{:}\llbracket\sigma\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash z(x).\llbracket M\rrbracket_{z}::z{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

{{\forall}\mathsf{R}}

Case:

$M=M^{\prime}\,N$

\Psi\vdash M^{\prime}:\Pi x{:}\tau.\sigma

and

\Psi\vdash N:\tau

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M^{\prime}\rrbracket_{x}::x{:}\forall x{:}\{\llbracket\tau\rrbracket\}.\llbracket\sigma\rrbracket

by i.h.

\{\llbracket\tau\rrbracket\};\cdot;\cdot\vdash\llbracket N\rrbracket_{y}::y{:}\llbracket\tau\rrbracket

by i.h.

\{\llbracket\tau\rrbracket\}\vdash\{\llbracket N\rrbracket_{y}\}:\{\llbracket\tau\rrbracket\}

\{\}I

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}x)(\llbracket M^{\prime}\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{y}\}\rangle.[x\leftrightarrow z])::z{:}\llbracket\sigma\rrbracket\{\{\llbracket N\rrbracket_{y}\}/x\}

\mathsf{cut}

{{\forall}\mathsf{L}}

and

\mathsf{id}

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash({\boldsymbol{\nu}}x)(\llbracket M^{\prime}\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{y}\}\rangle.[x\leftrightarrow z])::z{:}\llbracket\sigma\{N/x\}\rrbracket

by compositionality

Case:

$M=x$

\Psi,x{:}\tau\vdash x{:}\tau

by assumption

\{\llbracket\Psi\rrbracket\},x{:}\{\llbracket\tau\rrbracket\};\cdot;\cdot\vdash y\leftarrow x;[y\leftrightarrow z]::z{:}\llbracket\tau\rrbracket

\{\}E

and

\mathsf{id}

rules

Case:

$M=\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}$

\Psi\vdash\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}:\{\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash c{:}A\}

by assumption

\Psi;\overline{u_{j}{:}B_{j}};\overline{d_{i}{:}A_{i}}\vdash P::c{:}A

by inversion

\{\llbracket\Psi\rrbracket\};\overline{u_{j}{:}\llbracket B_{j}\rrbracket};\overline{d_{i}{:}\llbracket A_{i}\rrbracket}\vdash\llbracket P\rrbracket::c{:}\llbracket A\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash z(u_{0}).\dots.z(u_{j}).z(d_{0}).\dots.z(d_{n}).\llbracket P\rrbracket::z{:}\overline{{!}\llbracket B_{j}\rrbracket}\multimap\overline{\llbracket A_{i}\rrbracket}\multimap\llbracket A\rrbracket

{{{!}}\mathsf{L}}

\mathsf{copy}

and

{{\multimap}\mathsf{R}}

(repeated)

Case:

$M=M^{\prime}$ by conversion rule

\Psi\vdash M^{\prime}:\sigma

by inversion

\Psi\vdash\sigma=\tau::\mathsf{type}

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M^{\prime}\rrbracket::z{:}\llbracket\sigma\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\llbracket\sigma\rrbracket=\llbracket\tau\rrbracket::\mathsf{stype}

by preservation of equality

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M^{\prime}\rrbracket::z{:}\llbracket\tau\rrbracket

by conversion rule

Case:

$P=z\langle M\rangle.P_{1}$ by ${{\exists}\mathsf{R}}$

\Psi\vdash M:\tau

and

\Psi;\Gamma;\Delta\vdash P_{1}::z{:}A\{M/x\}

by inversion

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{y}::y{:}\llbracket\tau\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\}\vdash\{\llbracket M\rrbracket_{y}\}:\{\llbracket\tau\rrbracket\}

\{\}I

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P_{1}\rrbracket::z{:}\llbracket A\{M/x\}\rrbracket

by i.h.

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash\llbracket P_{1}\rrbracket::z{:}\llbracket A\rrbracket\{\{\llbracket M\rrbracket_{y}\}/x\}

by compositionality

\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash z\langle\{\llbracket M\rrbracket_{y}\}\rangle.\llbracket P_{1}\rrbracket::z{:}\exists x{:}\{\llbracket\tau\rrbracket\}.\llbracket A\rrbracket

{{\exists}\mathsf{R}}

All other process cases follow straightforwardly by i.h. (and compositionality/preservation of equality when needed).

Theorem 0.C.5 (Operational Correspondence – Completeness)

1.

Let $\Psi;\Gamma;\Delta\vdash P::z{:}A$ . If $P\xrightarrow{}P^{\prime}$ then $\llbracket P\rrbracket\xrightarrow{}^{+}Q$ with $\{\llbracket\Psi\rrbracket\};\llbracket\Gamma\rrbracket;\llbracket\Delta\rrbracket\vdash Q=\llbracket P^{\prime}\rrbracket::z{:}A$
2.

Let $\Psi\vdash M:\tau$ . If $M\xrightarrow{}M^{\prime}$ then $\llbracket M\rrbracket_{z}\xrightarrow{}N$ with $\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash N=\llbracket M^{\prime}\rrbracket_{z}::z{:}\llbracket\tau\rrbracket$

Proof

By induction on the reduction relation.

Case:

$({\boldsymbol{\nu}}x)(x\langle M\rangle.P\mid x(y).Q)\xrightarrow{}({\boldsymbol{\nu}}x)(P\mid Q\{M/y\})$

\llbracket({\boldsymbol{\nu}}x)(x\langle M\rangle.P\mid x(y).Q)\rrbracket=({\boldsymbol{\nu}}x)(x\langle\{\llbracket M_{c}\rrbracket\}\rangle.\llbracket P\rrbracket\mid x(y).\llbracket Q\rrbracket)

by definition

\xrightarrow{}({\boldsymbol{\nu}}x)(\llbracket P\rrbracket\mid\llbracket Q\rrbracket\{\{\llbracket M_{c}\rrbracket\}/y\})

by operational semantics

\llbracket({\boldsymbol{\nu}}x)(P\mid Q\{M/y\})\rrbracket=({\boldsymbol{\nu}}x)(\llbracket P\rrbracket\mid\llbracket Q\{M/y\}\rrbracket)

by definition

\Psi;\Gamma;\Delta\vdash({\boldsymbol{\nu}}x)(\llbracket P\rrbracket\mid\llbracket Q\rrbracket\{\{\llbracket M_{c}\rrbracket\}/y\})=({\boldsymbol{\nu}}x)(\llbracket P\rrbracket\mid\llbracket Q\{M/y\}\rrbracket)::z{:}C

by compositionality, type preservation and

\mathsf{PEqCut}

Case:

$c\leftarrow M\leftarrow\overline{u_{j}};\overline{d_{i}};Q\xrightarrow{}c\leftarrow M^{\prime}\leftarrow\overline{u_{j}};\overline{d_{i}};Q$ with $M\xrightarrow{}M^{\prime}$

Straightforward by i.h.

Case:

$c\leftarrow\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}\leftarrow\overline{u_{j}};\overline{d_{i}};Q\xrightarrow{}({\boldsymbol{\nu}}c)(P\mid Q)$

\llbracket c\leftarrow\{c\leftarrow P\leftarrow\overline{u_{j}};\overline{d_{i}}\}\leftarrow\overline{u_{j}};\overline{d_{i}};Q\rrbracket\xrightarrow{}^{+}({\boldsymbol{\nu}}c)(\llbracket P\rrbracket\mid\llbracket Q\rrbracket)

by definition and operational semantics

\llbracket({\boldsymbol{\nu}}c)(P\mid Q)\rrbracket=({\boldsymbol{\nu}}c)(\llbracket P\rrbracket\mid\llbracket Q\rrbracket)

by definition

We conclude by

\mathsf{PEqR}

Case:

$(\lambda x{:}\tau.M)\,N\xrightarrow{}M\{N/x\}$

\llbracket(\lambda x{:}\tau.M)\,N\rrbracket_{z}=({\boldsymbol{\nu}}y)(y(x).\llbracket M\rrbracket_{y}\mid y\langle\{\llbracket N\rrbracket_{c}\}\rangle.[y\leftrightarrow z])

by definition

\xrightarrow{}({\boldsymbol{\nu}}y)(\llbracket M\rrbracket_{y}\{\{\llbracket N\rrbracket_{c}\}/x\}\mid[y\leftrightarrow z])\xrightarrow{}\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}

by operational semantics

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash\llbracket M\rrbracket_{z}\{\{\llbracket N\rrbracket_{c}\}/x\}=\llbracket M\{N/x\}\rrbracket_{z}::z{:}\llbracket\sigma\{N/x\}\rrbracket

by compositionality and type preservation

Case:

$M\,N\xrightarrow{}M^{\prime}\,N$ with $M\xrightarrow{}M^{\prime}$

\llbracket M\,N\rrbracket_{z}=({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{c}\}\rangle.[x\leftrightarrow z])

by definition

\llbracket M\rrbracket_{x}\xrightarrow{}M_{0}

with

\{\llbracket\Psi\rrbracket\};\cdot;\cdot\vdash M_{0}=\llbracket M^{\prime}\rrbracket_{z}::z{:}A

by i.h.

({\boldsymbol{\nu}}x)(\llbracket M\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{c}\}\rangle.[x\leftrightarrow z])\xrightarrow{}({\boldsymbol{\nu}}x)(M_{0}\mid x\langle\{\llbracket N\rrbracket_{c}\}\rangle.[x\leftrightarrow z])

by the operational semantics

=({\boldsymbol{\nu}}x)(\llbracket M^{\prime}\rrbracket_{x}\mid x\langle\{\llbracket N\rrbracket_{c}\}\rangle.[x\leftrightarrow z])::z{:}A

by type preservation,

\mathsf{PEqCut}

and

\mathsf{PEqR}

Depending on Session-Typed Processes

Abstract

1 Introduction

Contributions.

2 A Dependent Type Theory of Processes

2.1 Syntax

Types and Kinds.

Terms and Processes.

2.2 A Dependent Typing System

Typing.

Definitional Equality.

Operational Semantics.

2.3 Example – Reasoning about Processes using Dependent Types

2.4 Type Soundness of the Framework

Lemma 2.1 (Substitution)

Lemma 2.2 (Validity for Typing)

Lemma 2.3 (Validity for Equality)

Theorem 2.4 (Unicity of Types and Kinds)

Theorem 2.5 (Subject Reduction – Terms)

Theorem 2.6 (Subject Reduction – Processes)

Theorem 2.7 (Progress – Terms)

Theorem 2.8 (Progress – Processes)

3 Embedding the Functional Layer in the Process Layer

3.1 The Embedding

A first attempt.

A faithful embedding.

3.2 Properties of the Embedding

Lemma 3.1 (Compositionality)

Theorem 3.2 (Preservation of Equality)

Theorem 3.3 (Preservation of Typing)

Theorem 3.4 (Operational Correspondence)

4 Related and Future Work

Enriching Session Types via Type Structure.

Combining Linear and Dependent Types.

Dependent Types and Higher-Order π\pi-calculus.

References

Appendix 0.A Appendix – Dependently-typed Calculus

0.A.1 Complete Rules for Dependently-Typed System

0.A.1.1 Well-formed Contexts

0.A.1.2 Well-formed Kinds

0.A.2 Well-formed (Functional) Types

0.A.3 Well-formed Session Types

0.A.4 Typing for λ\lambda-Terms

0.A.5 Typing for Processes

0.A.6 Definitional Equality for Kinds

0.A.7 Definitional Equality for (Functional) Types

0.A.8 Definitional Equality for Session Types

0.A.9 Definitional Equality for λ\lambda-Terms

0.A.10 Definitional Equality for Processes

Appendix 0.B Type Soundness

Lemma 0.B.1 (Subderivation Properties)

Proof

Lemma 0.B.2 (Weakening)

Proof

Proof

Lemma 0.B.3 (Type Substitution)

Lemma 0.B.4 (Context Conversion)

Proof

Lemma 0.B.5 (Context Conversion – Processes)

Proof

Lemma 0.B.6 (Context Conversion – Types)

Proof

Lemma 0.B.7 (Functionality of Typing)

Proof

Lemma 0.B.8 (Inversion for Products)

Proof

Lemma 0.B.9 (Inversion for ∀∃\forall\exists)

Proof

Proof

Theorem 0.B.10 (Functionality for Equality)

Proof

Lemma 0.B.11 (Inversion)

Proof

Theorem 0.B.12 (Equality Inversion)

Proof

Lemma 0.B.13 (Injectivity of Products)

Proof

Proof

Theorem 0.B.14

Proof

Dependent Types and Higher-Order $\pi$ -calculus.

0.A.4 Typing for $\lambda$ -Terms

0.A.9 Definitional Equality for $\lambda$ -Terms

Lemma 0.B.9 (Inversion for $\forall\exists$ )