Distributive Disjoint Polymorphism for Compositional Programming
Abstract
Popular programming techniques such as shallow embeddings of Domain Specific Languages (DSLs), finally tagless or object algebras are built on the principle of compositionality. However, existing programming languages only support simple compositional designs well, and have limited support for more sophisticated ones.
This paper presents the \(\mathsf {F}_{i}^{+}\) calculus, which supports highly modular and compositional designs that improve on existing techniques. These improvements are due to the combination of three features: disjoint intersection types with a merge operator; parametric (disjoint) polymorphism; and BCDstyle distributive subtyping. The main technical challenge is \(\mathsf {F}_{i}^{+}\)’s proof of coherence. A naive adaptation of ideas used in System F’s parametricity to canonicity (the logical relation used by \(\mathsf {F}_{i}^{+}\) to prove coherence) results in an illfounded logical relation. To solve the problem our canonicity relation employs a different technique based on immediate substitutions and a restriction to predicative instantiations. Besides coherence, we show several other important metatheoretical results, such as typesafety, sound and complete algorithmic subtyping, and decidability of the type system. Remarkably, unlike \(\mathsf {F}_{<:}\)’s bounded polymorphism, disjoint polymorphism in \(\mathsf {F}_{i}^{+}\) supports decidable typechecking.
1 Introduction
Compositionality is a desirable property in programming designs. Broadly defined, it is the principle that a system should be built by composing smaller subsystems. For instance, in the area of programming languages, compositionality is a key aspect of denotational semantics [48, 49], where the denotation of a program is constructed from the denotations of its parts. Compositional definitions have many benefits. One is ease of reasoning: since compositional definitions are recursively defined over smaller elements they can typically be reasoned about using induction. Another benefit is that compositional definitions are easy to extend, without modifying previous definitions.
Programming techniques that support compositional definitions include: shallow embeddings of Domain Specific Languages (DSLs) [20], finally tagless [11], polymorphic embeddings [26] or object algebras [35]. These techniques allow us to create compositional definitions, which are easy to extend without modifications. Moreover, when modeling semantics, both finally tagless and object algebras support multiple interpretations (or denotations) of syntax, thus offering a solution to the wellknown Expression Problem [53]. Because of these benefits these techniques have become popular both in the functional and objectoriented programming communities.
However, programming languages often only support simple compositional designs well, while support for more sophisticated compositional designs is lacking. For instance, once we have multiple interpretations of syntax, we may wish to compose them. Particularly useful is a merge combinator, which composes two interpretations [35, 37, 42] to form a new interpretation that, when executed, returns the results of both interpretations.
The merge combinator can be manually defined in existing programming languages, and be used in combination with techniques such as finally tagless or object algebras. Moreover variants of the merge combinator are useful to model more complex combinations of interpretations. A good example are socalled dependent interpretations, where an interpretation does not depend only on itself, but also on a different interpretation. These definitions with dependencies are quite common in practice, and, although they are not orthogonal to the interpretation they depend on, we would like to model them (and also mutually dependent interpretations) in a modular and compositional style.
Defining the merge combinator in existing programming languages is verbose and cumbersome, requiring code for every new kind of syntax. Yet, that code is essentially mechanical and ought to be automated. While using advanced metaprogramming techniques enables automating the merge combinator to a large extent in existing programming languages [37, 42], those techniques have several problems: error messages can be problematic, typeunsafe reflection is needed in some approaches [37] and advanced typelevel features are required in others [42]. An alternative to the merge combinator that supports modular multiple interpretations and works in OO languages with support for some form of multiple inheritance and covariant typerefinement of fields has also been recently proposed [55]. While this approach is relatively simple, it still requires a lot of manual boilerplate code for composition of interpretations.
This paper presents a calculus and polymorphic type system with (disjoint) intersection types [36], called \(\mathsf {F}_{i}^{+}\). \(\mathsf {F}_{i}^{+}\) supports our broader notion of compositional designs, and enables the development of highly modular and reusable programs. \(\mathsf {F}_{i}^{+}\) has a builtin merge operator and a powerful subtyping relation that are used to automate the composition of multiple (possibly dependent) interpretations. In \(\mathsf {F}_{i}^{+}\) subtyping is coercive and enables the automatic generation of coercions in a typedirected fashion. This process is similar to that of other typedirected code generation mechanisms such as type classes [52], which eliminate boilerplate code associated to the dictionary translation [52].
\(\mathsf {F}_{i}^{+}\) continues a line of research on disjoint intersection types. Previous work on disjoint polymorphism (the \(\mathsf {F}_{i}\) calculus) [2] studied the combination of parametric polymorphism and disjoint intersection types, but its subtyping relation does not support BCDstyle distributivity rules [3] and the type system also prevents unrestricted intersections [16]. More recently the \(\mathsf {NeColus}\) calculus (or \(\lambda _{i}^{+}\)) [5] introduced a system with disjoint intersection types and BCDstyle distributivity rules, but did not account for parametric polymorphism. \(\mathsf {F}_{i}^{+}\) is unique in that it combines all three features in a single calculus: disjoint intersection types and a merge operator; parametric (disjoint) polymorphism; and a BCDstyle subtyping relation with distributivity rules. The three features together allow us to improve upon the finally tagless and object algebra approaches and support advanced compositional designs. Moreover previous work on disjoint intersection types has shown various other applications that are also possible in \(\mathsf {F}_{i}^{+}\), including: firstclass traits and dynamic inheritance [4], extensible records and dynamic mixins [2], and nested composition and family polymorphism [5].
Unfortunately the combination of the three features has nontrivial complications. The main technical challenge (like for most other calculi with disjoint intersection types) is the proof of coherence for \(\mathsf {F}_{i}^{+}\). Because of the presence of BCDstyle distributivity rules, our coherence proof is based on the recent approach employed in \(\lambda _{i}^{+}\) [5], which uses a heterogeneous logical relation called canonicity. To account for polymorphism, which \(\lambda _{i}^{+}\)’s canonicity does not support, we originally wanted to incorporate the relevant parts of System F’s logical relation [43]. However, due to a mismatch between the two relations, this did not work. The parametricity relation has been carefully set up with a delayed type substitution to avoid illfoundedness due to its impredicative polymorphism. Unfortunately, canonicity is a heterogeneous relation and needs to account for cases that cannot be expressed with the delayed substitution setup of the homogeneous parametricity relation. Therefore, to handle those heterogeneous cases, we resorted to immediate substitutions and predicative instantiations. We do not believe that predicativity is a severe restriction in practice, since many source languages (e.g., those based on the HindleyMilner type system like Haskell and OCaml) are themselves predicative and do not require the full generality of an impredicative core language. Should impredicative instantiation be required, we expect that stepindexing [1] can be used to recover wellfoundedness, though at the cost of a much more complicated coherence proof.
The formalization and metatheory of \(\mathsf {F}_{i}^{+}\) are a significant advance over that of \(\mathsf {F}_{i}\). Besides the support for distributive subtyping, \(\mathsf {F}_{i}^{+}\) removes several restrictions imposed by the syntactic coherence proof in \(\mathsf {F}_{i}\). In particular \(\mathsf {F}_{i}^{+}\) supports unrestricted intersections, which are forbidden in \(\mathsf {F}_{i}\). Unrestricted intersections enable, for example, encoding certain forms of bounded quantification [39]. Moreover the new proof method is more robust with respect to language extensions. For instance, \(\mathsf {F}_{i}^{+}\) supports the bottom type without significant complications in the proofs, while it was a challenging open problem in \(\mathsf {F}_{i}\). A final interesting aspect is that \(\mathsf {F}_{i}^{+}\)’s typechecking is decidable. In the design space of languages with polymorphism and subtyping, similar mechanisms have been known to lead to undecidability. Pierce’s seminal paper “Bounded quantification is undecidable” [40] shows that the contravariant subtyping rule for bounded quantification in \(\mathsf {F}_{<:}\) leads to undecidability of subtyping. In \(\mathsf {F}_{i}^{+}\) the contravariant rule for disjoint quantification retains decidability. Since with unrestricted intersections \(\mathsf {F}_{i}^{+}\) can express several use cases of bounded quantification, \(\mathsf {F}_{i}^{+}\) could be an interesting and decidable alternative to \(\mathsf {F}_{<:}\).

The \(\mathsf {F}_{i}^{+}\) calculus, which is the first calculus to combine disjoint intersection types, BCDstyle distributive subtyping and disjoint polymorphism. We show several metatheoretical results, such as typesafety, sound and complete algorithmic subtyping, coherence and decidability of the type system. \(\mathsf {F}_{i}^{+}\) includes the bottom type, which was considered to be a significant challenge in previous work on disjoint polymorphism [2].

An extension of the canonicity relation with polymorphism, which enables the proof of coherence of \(\mathsf {F}_{i}^{+}\). We show that the ideas of System F’s parametricity cannot be ported to \(\mathsf {F}_{i}^{+}\). To overcome the problem we use a technique based on immediate substitutions and a predicativity restriction.

Improved compositional designs: We show that \(\mathsf {F}_{i}^{+}\)’s combination of features enables improved compositional programming designs and supports automated composition of interpretations in programming techniques like object algebras and finally tagless.

Implementation and proofs: All of the metatheory of this paper, except some manual proofs of decidability, has been mechanically formalized in Coq. Furthermore, \(\mathsf {F}_{i}^{+}\) is implemented and all code presented in the paper is available. The implementation, Coq proofs and extended version with appendices can be found in https://github.com/bixuanzju/ESOP2019artifact.
2 Compositional Programming
To demonstrate the compositional properties of \(\mathsf {F}_{i}^{+}\) we use Gibbons and Wu’s shallow embeddings of parallel prefix circuits [20]. By means of several different shallow embeddings, we first illustrate the shortcomings of a stateoftheart compositional approach, popularly known as a finally tagless encoding [11], in Haskell. Next we show how parametric polymorphism and distributive intersection types provide a more elegant and compact solution in \(\mathsf {SEDEL}\) [4], a source language built on top of our \(\mathsf {F}_{i}^{+}\) calculus.
2.1 A Finally Tagless Encoding in Haskell
The circuit DSL represents networks that map a number of inputs (known as the width) of some type A onto the same number of outputs of the same type. The outputs combine (with repetitions) one or more inputs using a binary associative operator \(\oplus : A \times A \rightarrow A\). A particularly interesting class of circuits that can be expressed in the DSL are parallel prefix circuits. These represent computations that take \(n > 0\) inputs \(x_1, \ldots , x_n\) and produce n outputs \(y_1, \ldots , y_n\), where \(y_i = x_1 \oplus x_2 \oplus \ldots \oplus x_i\).
With the help of a substantially more complicated setup that features a dozen Haskell language extensions, and advanced programming techniques, we can make the explicit delegation implicit (see the appendix). Nevertheless, that approach still requires a lot of boilerplate that needs to be repeated for each DSL, as well as explicit projections that need to be written in each interpretation. Another alternative Haskell encoding that also enables multiple dependent interpretations is proposed by Zhang and Oliveira [55], but it does not eliminate the explicit delegation and still requires substantial amounts of boilerplate. A final remark is that adding new primitives (e.g., a “right stretch” Open image in new window combinator [25]) can also be easily achieved [46].
2.2 The \(\mathsf {SEDEL}\) Encoding
Figure 2 shows the two basic shallow embeddings for width and depth. In both cases, a named \(\mathsf {SEDEL}\) definition replaces the corresponding unnamed Haskell type class instance in providing the implementations of the 5 language primitives for a particular interpretation.
3 Semantics of the \(\mathsf {F}_{i}^{+}\) Calculus
3.1 Syntax and Semantics
Figure 3 shows the syntax of \(\mathsf {F}_{i}^{+}\). Metavariables \( A , B , C \) range over types. Types include standard constructs from prior work [2, 36]: integers \( \mathsf {Int} \), the top type \( \top \), arrows \( A \rightarrow B \), intersections \( A \, \& \, B \), singlefield record types \(\{ l : A \}\) and disjoint quantification \( \forall ( \alpha * A ) .\, B \). One novelty in \(\mathsf {F}_{i}^{+}\) is the addition of the uninhabited bottom type \( \bot \). Metavariable \( E \) ranges over expressions. Expressions are integer literals i, the top value \( \top \), lambda abstractions \( \lambda x .\, E \), applications \( E _{{\mathrm {1}}} \, E _{{\mathrm {2}}}\), merges \( E _{{\mathrm {1}}} \, ,, \, E _{{\mathrm {2}}} \), annotated terms \( E : A \), singlefield records \(\{ l = E \}\), record projections \( E . l \), type abstractions \( \varLambda ( \alpha * A ) .\, E \) and type applications \( E \, A \).
Notice that \(\mathsf {F}_{i}\) has an extra disjointness condition \(\varDelta \vdash A * B \) in the premise. This is crucial for \(\mathsf {F}_{i}\) ’s syntactic method for proving coherence, but also burdens the calculus with various syntactic restrictions and complicates its metatheory. For example, it requires extra effort to show that \(\mathsf {F}_{i}\) only produces disjoint intersection types. As a consequence, \(\mathsf {F}_{i}\) features a weaker substitution lemma (note the gray part in Proposition 1) than \(\mathsf {F}_{i}^{+}\) (Lemma 1).
Proposition 1
(Type substitution in \(\mathsf {F}_{i}\)). If \(\varDelta \vdash A \), \(\varDelta \vdash B \), \( ( \alpha * C ) \in \varDelta \), Open image in new window and wellformed context \( [ B / \alpha ] \varDelta \), then \( [ B / \alpha ] \varDelta \vdash [ B / \alpha ] A \).
Lemma 1
(Type substitution in \(\mathsf {F}_{i}^{+}\)). If \(\varDelta \vdash A \), \(\varDelta \vdash B \), \( ( \alpha * C ) \in \varDelta \) and wellformed context \( [ B / \alpha ] \varDelta \), then \( [ B / \alpha ] \varDelta \vdash [ B / \alpha ] A \).
3.2 Disjointness
We now turn to another core judgment of \(\mathsf {F}_{i}^{+}\)—the disjointness relation, shown in Fig. 6. The disjointness rules are mostly inherited from \(\mathsf {F}_{i}\) [2], but the new bottom type requires a notable change regarding disjointness with toplike types.
Toplike types. Toplike types are all types that are isomorphic to \( \top \) (i.e., simultaneously sub and supertypes of \( \top \)). Hence, they are inhabited by a single value, isomorphic to the \( \top \) value. Figure 6 captures this notion in a syntaxdirected fashion in the \( \rceil A \lceil \) predicate. As a historical note, the concept of toplike types was already known by Barendregt et al. [3]. The \(\lambda _{i}\) calculus [36] rediscovered it and coined the term “toplike types”; the \(\mathsf {F}_{i}\) calculus [2] extended it with universal quantifiers. Note that in both calculi, toplike types are solely employed for enabling a syntactic method of proving coherence, and due to the lack of BCD subtyping, they do not have a typetheoretic interpretation of toplike types.
Disjointness rules. The disjointness judgment \(\varDelta \vdash A * B \) is helpful to check whether the merge of two expressions of type \( A \) and \( B \) preserves coherence. Incoherence arises when both expressions produce distinct values for the same type, either directly when they are both of that same type, or through implicit upcasting to a common supertype. Of course we can safely disregard toplike types in this matter because they do not have two distinct values. In short, it suffices to check that the two types have only toplike supertypes in common.
Because \( \bot \) and any another type \( A \) always have \( A \) as a common supertype, it follows that \( \bot \) is only disjoint to \( A \) when \( A \) is toplike. More generally, if \( A \) is a toplike type, then \( A \) is disjoint to any type. This is the rationale behind the two rules DtopL and DtopR , which generalize and subsume \(\varDelta \vdash \top * A \) and \(\varDelta \vdash A * \top \) from \(\mathsf {F}_{i}\), and also cater to the bottom type. Two other interesting rules are DtvarL and DtvarR , which dictate that a type variable \(\alpha \) is disjoint with some type \( B \) if its disjointness constraints \( A \) is a subtype of \( B \). Disjointness axioms \( A *_{ax} B \) (appearing in rule Dax ) take care of two types with different type constructors (e.g., \( \mathsf {Int} \) and records). Axiom rules can be found in the appendix. Finally we note that the disjointness relation is symmetric.
3.3 Elaboration and Type Safety
Type translation. Definition 1 defines the type translation function \( \cdot \) from \(\mathsf {F}_{i}^{+}\) types \( A \) to \(\mathsf {F}_{co}\) types \(\tau \). Most cases are straightforward. For example, \( \bot \) is mapped to an uninhabited type \( \forall \alpha .\, \alpha \); disjoint quantification is mapped to universal quantification, dropping the disjointness constraints. \( \cdot \) is naturally extended to work on contexts as well.
Definition 1
Coercions and coercive subtyping. We follow prior work [5, 6] by having a syntactic category for coercions [22]. In Fig. 7, we have several new coercions: \( \mathsf {bot} \), \( co _{\forall } \), \( \mathsf {dist}_{\forall } \) and \( \mathsf {top}_{\forall } \) due to the addition of polymorphism and bottom type. As seen in Fig. 4 the coercive subtyping judgment has the form Open image in new window , which says that the subtyping derivation for \( A <: B \) produces a coercion co that converts terms of type Open image in new window to Open image in new window .
\(\mathsf {F}_{co }\) static semantics. The typing rules of \(\mathsf {F}_{co}\) are quite standard. We have one rule Open image in new window regarding coercion application, which uses the judgment \( co {:}{:} \tau \triangleright \tau ' \) to type coercions. We show two representative rules Open image in new window and Open image in new window .
\(\mathsf {F}_{co}\) dynamic semantics. The dynamic semantics of \(\mathsf {F}_{co}\) is mostly unremarkable. We write \( e \longrightarrow e' \) to mean onestep reduction. Figure 8 shows selected reduction rules. The first line shows three representative rules regarding coercion reductions. They do not contribute to computation but merely rearrange coercions. Our coercion reduction rules are quite standard but not efficient in terms of space. Nevertheless, there is existing work on spaceefficient coercions [23, 50], which should be applicable to our work as well. Rule rapp is the usual \(\beta \)rule that performs actual computation, and rule rctxt handles reduction under an evaluation context. As usual, \( \longrightarrow ^{*} \) is the reflexive, transitive closure of \( \longrightarrow \). Now we can show that \(\mathsf {F}_{co}\) is type safe:
Theorem 1
(Preservation). If \(\bullet ; \bullet \vdash e : \tau \) and \( e \longrightarrow e' \), then \(\bullet ; \bullet \vdash e' : \tau \).
Theorem 2
(Progress). If \(\bullet ; \bullet \vdash e : \tau \), either \( e \) is a value, or \(\exists e' .\ e \longrightarrow e' \).
Elaboration. Now consider the translation parts in Fig. 5. The key idea of the translation follows the prior work [2, 5, 16, 36]: merges are elaborated to pairs (rule Tmerge ); disjoint quantification and disjoint type applications (rules Ttabs and Ttapp )) are elaborated to regular universal quantification and type applications, respectively. Finally, the following lemma connects \(\mathsf {F}_{i}^{+}\) to \(\mathsf {F}_{co}\):
Lemma 2

If Open image in new window , then Open image in new window .

If Open image in new window , then Open image in new window .

If Open image in new window , then Open image in new window .
4 Algorithmic System and Decidability
The subtyping relation in Fig. 4 is highly nonalgorithmic due to the presence of a transitivity rule. This section presents an alternative algorithmic formulation. Our algorithm extends that of \(\lambda _{i}^{+}\), which itself was inspired by Pierce’s decision procedure [38], to handle disjoint quantifiers and the bottom type. We then prove that the algorithm is sound and complete with respect to declarative subtyping.
Additionally we prove that the subtyping and disjointness relations are decidable. Although the proofs of this fact are fairly straightforward, it is nonetheless remarkable since it contrasts with the subtyping relation for (full) \(\mathsf {F}_{<:}\) [10], which is undecidable [40]. Thus while bounded quantification is infamous for its undecidability, disjoint quantification has the nicer property of being decidable.
4.1 Algorithmic Subtyping Rules
While Fig. 4 is a fine specification of how subtyping should behave, it cannot be read directly as a subtyping algorithm for two reasons: (1) the conclusions of rules Srefl and Strans overlap with the other rules, and (2) the premises of rule Strans mention a type that does not appear in the conclusion. Simply dropping the two offending rules from the system is not possible without losing expressivity [29]. Thus we need a different approach. Following \(\lambda _{i}^{+}\), we intend the algorithmic judgment \(\mathcal {Q} \vdash A <: B \) to be equivalent to \( A <: \mathcal {Q} \Rightarrow B \), where \(\mathcal {Q}\) is a queue used to track record labels, domain types and disjointness constraints. The full rules of the algorithmic subtyping of \(\mathsf {F}_{i}^{+}\) are shown Fig. 9.
Definition 2
Correctness of the algorithm. We prove that the algorithm is sound and complete with respect to the specification. We refer the reader to our Coq formalization for more details. We only show the two major theorems:
Theorem 3
(Soundness). If Open image in new window then Open image in new window .
Theorem 4
(Completeness). If Open image in new window , then Open image in new window .
4.2 Decidability
Moreover, we prove that our algorithmic type system is decidable. To see this, first notice that the bidirectional type system is syntaxdirected, so we only need to show decidability of algorithmic subtyping and disjointness. The full (manual) proofs for decidability can be found in the appendix.
Lemma 3
(Decidability of algorithmic subtyping). Given \(\mathcal {Q}\), \( A \) and \( B \), it is decidable whether there exists co, such that Open image in new window .
Lemma 4
(Decidability of disjointness checking). Given \(\varDelta \), \( A \) and \( B \), it is decidable whether \(\varDelta \vdash A * B \).
One interesting observation here is that although our disjointness quantification has a similar shape to bounded quantification \( \forall ( \alpha <: A ) .\, B \) in \(\mathsf {F}_{<:}\) [10], subtyping for \(\mathsf {F}_{<:}\) is undecidable [40]. In \(\mathsf {F}_{<:}\), the subtyping relation between bounded quantification is:
Compared with rule Sforall , both rules are contravariant on bounded/disjoint types, and covariant on the body. However, with bounded quantification it is fundamental to track the bounds in the environment, which complicates the design of the rules and makes subtyping undecidable with rule Open image in new window . Decidability can be recovered by employing an invariant rule for bounded quantification (that is by forcing \( A_{{\mathrm {1}}} \) and \( A_{{\mathrm {2}}} \) to be identical). Disjoint quantification does not require such invariant rule for decidability.
5 Establishing Coherence for \(\mathsf {F}_{i}^{+}\)
In this section, we establish the coherence property for \(\mathsf {F}_{i}^{+}\). The proof strategy mostly follows that of \(\lambda _{i}^{+}\), but the construction of the heterogeneous logical relation is significantly more complicated. Firstly in Sect. 5.1 we discuss why adding BCD subtyping to disjoint polymorphism introduces significant complications. In Sect. 5.2, we discuss why a natural extension of System F’s logical relation to deal with disjoint polymorphism fails. The technical difficulty is wellfoundedness, stemming from the interaction between impredicativity and disjointness. Finally in Sect. 5.3, we present our (predicative) logical relation that is specially crafted to prove coherence for \(\mathsf {F}_{i}^{+}\).
5.1 The Challenge
5.2 Impredicativity and Disjointness at Odds
Figure 10 shows selected cases of canonicity, which is \(\lambda _{i}^{+}\)’s (heterogeneous) logical relation used in the coherence proof. The definition captures that two values \( v_{{\mathrm {1}}} \) and \( v_{{\mathrm {2}}} \) of types \(\tau _{{\mathrm {1}}}\) and \(\tau _{{\mathrm {2}}}\) are in \(\mathcal {V}\llbracket \tau _{{\mathrm {1}}} ; \tau _{{\mathrm {2}}} \rrbracket \) iff either the types are disjoint or the types are equal and the values are semantically equivalent. Because both alternatives entail coherence, canonicity is key to \(\lambda _{i}^{+}\)’s coherence proof.
This case is problematic because it destroys the wellfoundedness of \(\lambda _{i}^{+}\)’s logical relation, which is based on structural induction on the type indices. Indeed, the type \( [ C_{{\mathrm {1}}} / \alpha ] B_{{\mathrm {1}}} \) may well be larger than \( \forall ( \alpha * A_{{\mathrm {1}}} ) .\, B_{{\mathrm {1}}} \).
Now we have finally recovered the wellfoundedness of the relation. It is again structurally inductive on the size of the type indexes.
5.3 The Canonicity Relation for \(\mathsf {F}_{i}^{+}\)
In light of the fact that substitution in the logical relation seems unavoidable in our setting, and that impredicativity is at odds with substitution, we turn to predicativity: we change rule Ttapp to its predicative version:
Luckily, substitution with monotypes does not prevent wellfoundedness. Figure 11 defines the canonicity relation for \(\mathsf {F}_{i}^{+}\). The canonicity relation is a family of binary relations over \(\mathsf {F}_{co}\) values that are heterogeneous, i.e., indexed by two \(\mathsf {F}_{i}^{+}\) types. Two points are worth mentioning. (1) An apparent difference from \(\lambda _{i}^{+}\)’s logical relation is that our relation is now indexed by source types. The reason is that the type translation function (Definition 1) discards disjointness constraints, which are crucial in our setting, whereas \(\lambda _{i}^{+}\)’s type translation does not have information loss. (2) Heterogeneity allows relating values of different types, and in particular values whose types are disjoint. The rationale behind the canonicity relation is to combine equality checking from traditional (homogeneous) logical relations with disjointness checking. It consists of two relations: the value relation \(\mathcal {V}\llbracket A ; B \rrbracket \) relates closed values; and the expression relation \(\mathcal {E}\llbracket A ; B \rrbracket \)—defined in terms of the value relation—relates closed expressions.
The relation \(\mathcal {V}\llbracket A ; B \rrbracket \) is defined by induction on the structures of \( A \) and \( B \). For integers, it requires the two values to be literally the same. For two records to behave the same, their fields must behave the same. For two functions to behave the same, they are required to produce outputs related at \( B_{{\mathrm {1}}} \) and \( B_{{\mathrm {2}}} \) when given related inputs at \( A_{{\mathrm {1}}} \) and \( A_{{\mathrm {2}}} \). For the next two cases regarding intersection types, the relation distributes over intersection constructor \( \, \& \, \). Of particular interest is the case for disjoint quantification. Notice that it does not quantify over arbitrary relations, but directly substitutes \(\alpha \) with monotype \( t \) in \( B_{{\mathrm {1}}} \) and \( B_{{\mathrm {2}}} \). This means that our canonicity relation does not entail parametricity. However, it suffices for our purposes to prove coherence. Another noticeable thing is that we keep the invariant that \( A \) and \( B \) are closed types throughout the relation, so we no longer need to consider type variables. This simplifies things a lot. Note that when one type is \( \bot \), two values are vacuously related because there simply are no values of type \( \bot \). We need to show that the relation is indeed wellfounded:
Lemma 5
(Wellfoundedness). The canonicity relation of \(\mathsf {F}_{i}^{+}\) is wellfounded.
Proof
Let \( \cdot _{\forall }\) and \( \cdot _s\) be the number of \(\forall \)quantifies and the size of types, respectively. Consider the measure \(\langle  \cdot _{\forall } ,  \cdot _s \rangle \), where \(\langle \dots \rangle \) denotes lexicographic order. For the case of disjoint quantification, the number of \(\forall \)quantifiers decreases. For the other cases, the measure of \( \cdot _{\forall }\) does not increase, and the measure of \( \cdot _s\) strictly decreases. \(\square \)
5.4 Establishing Coherence
Logical equivalence. The canonicity relation can be lifted to open expressions in the standard way, i.e., by considering all possible interpretations of free type and term variables. The logical interpretations of type and term contexts are found in the bottom half of Fig. 11.
Definition 3
For conciseness, we write \( \varDelta ; \varGamma \vdash e_{{\mathrm {1}}} \backsimeq _{log} e_{{\mathrm {2}}} : A \) to mean \( \varDelta ; \varGamma \vdash e_{{\mathrm {1}}} \backsimeq _{log} e_{{\mathrm {2}}} : A ; A \).
Contextual equivalence. Following \(\lambda _{i}^{+}\), the notion of coherence is based on contextual equivalence. The intuition is that two programs are equivalent if we cannot tell them apart in any context. As usual, contextual equivalence is expressed using expression contexts (\(\mathcal {C}\) and \(\mathcal {D}\) denote \(\mathsf {F}_{i}^{+}\) and \(\mathsf {F}_{co}\) expression contexts, respectively), Due to the bidirectional nature of the type system, the typing judgment of \(\mathcal {C}\) features 4 different forms (full rules are in the appendix), e.g., Open image in new window reads if \(\varDelta ; \varGamma \vdash E \, \Rightarrow \, A \) then \(\varDelta ' ; \varGamma ' \vdash \mathcal {C} \{ E \} \, \Rightarrow \, A' \). The judgment also generates a welltyped \(\mathsf {F}_{co}\) context \(\mathcal {D}\). The following two definitions capture the notion of contextual equivalence:
Definition 4
(Kleene Equality \(\backsimeq \)). Two complete programs (i.e., closed terms of type \( \mathsf {Int} \)), \( e \) and \( e' \), are Kleene equal, written \( e \backsimeq e' \), iff there exists an integer i such that \( e \longrightarrow ^{*} i\) and \( e' \longrightarrow ^{*} i\).
Definition 5
Coherence. For space reasons, we directly show the coherence statement of \(\mathsf {F}_{i}^{+}\). We need several technical lemmas such as compatibility lemmas, fundamental property, etc. The interested reader can refer to our Coq formalization.
Theorem 5

If \(\varDelta ; \varGamma \vdash E \, \Rightarrow \, A \) then \( \varDelta ; \varGamma \vdash E \backsimeq _{ctx} E : A \).

If \(\varDelta ; \varGamma \vdash E \, \Leftarrow \, A \) then \( \varDelta ; \varGamma \vdash E \backsimeq _{ctx} E : A \).
That is, coherence is a special case of Definition 5 where \( E _{{\mathrm {1}}}\) and \( E _{{\mathrm {2}}}\) are the same. At first glance, this appears underwhelming: of course \( E \) behaves the same as itself! The tricky part is that, if we expand it according to Definition 5, it is not \( E \) itself but all its translations \( e_{{\mathrm {1}}} \) and \( e_{{\mathrm {2}}} \) that behave the same!
6 Related Work
Coherence. In calculi featuring coercive subtyping, a semantics that interprets the subtyping judgment by introducing explicit coercions is typically defined on typing derivations rather than on typing judgments. A natural question that arises for such systems is whether the semantics is coherent, i.e., distinct typing derivations of the same typing judgment possess the same meaning. Since Reynolds [45] proved the coherence of a calculus with intersection types, many researchers have studied the problem of coherence in a variety of typed calculi. Two approaches are commonly found in the literature. The first approach is to find a normal form for a representation of the derivation and show that normal forms are unique for a given typing judgment [8, 15, 47]. However, this approach cannot be directly applied to Currystyle calculi (where the lambda abstractions are not type annotated). Biernacki and Polesiuk [6] considered the coherence problem of coercion semantics. Their criterion for coherence of the translation is contextual equivalence in the target calculus. Inspired by this approach, Bi et al. [5] proposed the canonicity relation to prove coherence for a calculus with disjoint intersection types and BCD subtyping. As we have shown in Sect. 5, constructing a suitable logical relation for \(\mathsf {F}_{i}^{+}\) is challenging. On the one hand, the original approach by Alpuim et al. [2] in \(\mathsf {F}_{i}\) does not work any more due to the addition of BCD subtyping. On the other hand, simply combining System F’s logical relation with \(\lambda _{i}^{+}\)’s canonicity relation does not work as expected, due to the issue of wellfoundedness. To solve the problem, we employ immediate substitutions and a restriction to predicative instantiations.
BCD subtyping and decidability. The BCD type system was first introduced by Barendregt et al. [3] to characterize exactly the strongly normalizing terms. The BCD type system features a powerful subtyping relation, which serves as a base for our subtyping relation. The decidability of BCD subtyping has been shown in several works [27, 38, 41, 51]. Laurent [28] formalized the relation in Coq in order to eliminate transitivity cuts from it, but his formalization does not deliver an algorithm. Only recently, Laurent [30] presented a general way of defining a BCDlike subtyping relation extended with generic contravariant/covariant type constructors that enjoys the “subformula property”. Our Coq formalization extends the approach used in \(\lambda _{i}^{+}\), which follows a different idea based on Pierce’s decision procedure [38], with parametric (disjoint) polymorphism and corresponding distributivity rules. More recently, Muehlboeck and Tate [34] presented a decidable algorithmic system (proved in Coq) with union and intersection types. Similar to \(\mathsf {F}_{i}^{+}\), their system also has distributive subtyping rules. They also discussed the addition of polymorphism, but left a Coq formalization for future work. In their work they regard intersections of disjoint types (e.g., \( \mathsf {String} \, \& \, \mathsf {Int}\)) as uninhabitable, which is different from our interpretation. As a consequence, coherence is a nonissue for them.
There are also several other calculi with intersections and polymorphism. Pierce proposed \(\mathsf {F}_{\wedge }\) [39], a calculus combining intersection types and bounded quantification. Pierce translates \(\mathsf {F}_{\wedge }\) to System F extended with products, but he left coherence as a conjecture. More recently, Castagna et al. [14] proposed a polymorphic calculus with settheoretic type connectives (intersections, unions, negations). But their calculus does not include a merge operator. Castagna and Lanvin also proposed a gradual type system [13] with intersection and union types, but also without a merge operator.
Row polymorphism and bounded polymorphism. Row polymorphism was originally proposed by Wand [54] as a mechanism to enable type inference for a simple objectoriented language based on recursive records. These ideas were later adopted into type systems for extensible records [19, 21, 31]. Our merge operator can be seen as a generalization of record extension/concatenation, and selection is also builtin. In contrast to most record calculi, restriction is not a primitive operation in \(\mathsf {F}_{i}^{+}\), but can be simulated via subtyping. Disjoint quantification can simulate the lacks predicate often present in systems with row polymorphism. Recently Morris and McKinna presented a typed language [33], generalizing and abstracting existing systems of row types and row polymorphism. Alpuim et al. [2] informally studied the relationship between row polymorphism and disjoint polymorphism, but it would be interesting to study such relationship more formally. The work of Morris and McKinna may be interesting for such study in that it gives a general framework for row type systems.
7 Conclusion and Future Work
We have proposed \(\mathsf {F}_{i}^{+}\), a typesafe and coherent calculus with disjoint intersection types, BCD subtyping and parametric polymorphism. \(\mathsf {F}_{i}^{+}\) improves the stateofart of compositional designs, and enables the development of highly modular and reusable programs. One interesting and useful further extension would be implicit polymorphism. For that we want to combine Dunfield and Krishnaswami’s approach [17] with our bidirectional type system. We would also like to study the parametricity of \(\mathsf {F}_{i}^{+}\). As we have seen in Sect. 5.2, it is not at all obvious how to extend the standard logical relation of System F to account for disjointness, and avoid potential circularity due to impredicativity. A promising solution is to use stepindexed logical relations [1].
Footnotes
 1.
Dependent recursion schemes are also known as zygomorphism [18] after the ancient Greek word Open image in new window for yoke. We have labeled the Open image in new window field with Open image in new window because it is pulling the yoke.
Notes
Acknowledgments
We thank the anonymous reviewers and Yaoda Zhou for their helpful comments. This work has been sponsored by the Hong Kong Research Grant Council projects number 17210617 and 17258816, and by the Research Foundation  Flanders.
References
 1.Ahmed, A.: Stepindexed syntactic logical relations for recursive and quantified types. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 69–83. Springer, Heidelberg (2006). https://doi.org/10.1007/11693024_6CrossRefGoogle Scholar
 2.Alpuim, J., Oliveira, B.C.d.S., Shi, Z.: Disjoint polymorphism. In: Yang, H. (ed.) ESOP 2017. LNCS, vol. 10201, pp. 1–28. Springer, Heidelberg (2017). https://doi.org/10.1007/9783662544341_1
 3.Barendregt, H., Coppo, M., DezaniCiancaglini, M.: A filter lambda model and the completeness of type assignment. J. Symb. Logic 48(04), 931–940 (1983)MathSciNetCrossRefGoogle Scholar
 4.Bi, X., Oliveira, B.C.d.S.: Typed firstclass traits. In: European Conference on ObjectOriented Programming (ECOOP) (2018)Google Scholar
 5.Bi, X., Oliveira, B.C.d.S., Schrijvers, T.: The essence of nested composition. In: European Conference on ObjectOriented Programming (ECOOP) (2018)Google Scholar
 6.Biernacki, D., Polesiuk, P.: Logical relations for coherence of effect subtyping. In: International Conference on Typed Lambda Calculi and Applications (TLCA) (2015)Google Scholar
 7.Blaauwbroek, L.: On the interaction between unrestricted union and intersection types and computational effects. Master’s thesis, Technical University Eindhoven (2017)Google Scholar
 8.BreazuTannen, V., Coquand, T., Gunter, C.A., Scedrov, A.: Inheritance as implicit coercion. Inf. Comput. 93(1), 172–221 (1991)MathSciNetCrossRefGoogle Scholar
 9.Brent, R.P., Kung, H.T.: The chip complexity of binary arithmetic. In: Proceedings of the Twelfth Annual ACM Symposium on Theory of Computing, pp. 190–200 (1980)Google Scholar
 10.Cardelli, L., Wegner, P.: On understanding types, data abstraction, and polymorphism. ACM Comput. Surv. 17(4), 471–523 (1985)CrossRefGoogle Scholar
 11.Carette, J., Kiselyov, O., Shan, C.C.: Finally tagless, partially evaluated: tagless staged interpreters for simpler typed languages. J. Funct. Program. 19(05), 509 (2009)MathSciNetCrossRefGoogle Scholar
 12.Castagna, G., Ghelli, G., Longo, G.: A calculus for overloaded functions with subtyping. In: Conference on LISP and Functional Programming (1992)Google Scholar
 13.Castagna, G., Lanvin, V.: Gradual typing with union and intersection types. In: Proceedings of the ACM on Programming Languages, vol. 1, no. (ICFP), pp. 1–28 (2017)Google Scholar
 14.Castagna, G., Nguyen, K., Xu, Z., Im, H., Lenglet, S., Padovani, L.: Polymorphic functions with settheoretic types: part 1: syntax, semantics, and evaluation. In: Principles of Programming Languages (POPL) (2014)Google Scholar
 15.Curien, P.L., Ghelli, G.: Coherence of subsumption, minimum typing and typechecking in f\(_\le \). Math. Struct. Comput. Sci. (MSCS) 2(01), 55 (1992)MathSciNetCrossRefGoogle Scholar
 16.Dunfield, J.: Elaborating intersection and union types. J. Funct. Program. (JFP) 24(2–3), 133–165 (2014)MathSciNetCrossRefGoogle Scholar
 17.Dunfield, J., Krishnaswami, N.R.: Complete and easy bidirectional typechecking for higherrank polymorphism. In: International Conference on Functional Programming (ICFP) (2013)Google Scholar
 18.Fokkinga, M.M.: Tupling and mutumorphisms. Squiggolist 1(4) (1989)Google Scholar
 19.Gaster, B.R., Jones, M.P.: A polymorphic type system for extensible records and variants. Technical report, University of Nottingham (1996)Google Scholar
 20.Gibbons, J., Wu, N.: Folding domainspecific languages: deep and shallow embeddings (functional pearl). In: ICFP, pp. 339–347. ACM (2014)Google Scholar
 21.Harper, R., Pierce, B.: A record calculus based on symmetric concatenation. In: Principles of Programming Languages (POPL) (1991)Google Scholar
 22.Henglein, F.: Dynamic typing: syntax and proof theory. Sci. Comput. Program. 22(3), 197–230 (1994)MathSciNetCrossRefGoogle Scholar
 23.Herman, D., Tomb, A., Flanagan, C.: Spaceefficient gradual typing. High.Order Symb. Comput. 23(2), 167 (2010)MathSciNetCrossRefGoogle Scholar
 24.Hindley, R.: The principal typescheme of an object in combinatory logic. Trans. Am. Math. Soc. 146, 29–60 (1969)MathSciNetzbMATHGoogle Scholar
 25.Hinze, R.: An algebra of scans. In: Kozen, D. (ed.) MPC 2004. LNCS, vol. 3125, pp. 186–210. Springer, Heidelberg (2004). https://doi.org/10.1007/9783540277644_11CrossRefzbMATHGoogle Scholar
 26.Hofer, C., Ostermann, K., Rendel, T., Moors, A.: Polymorphic embedding of DSLs. In: International Conference on Generative Programming and Component Engineering (GPCE) (2008)Google Scholar
 27.Kurata, T., Takahashi, M.: Decidable properties of intersection type systems. In: DezaniCiancaglini, M., Plotkin, G. (eds.) TLCA 1995. LNCS, vol. 902, pp. 297–311. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0014060CrossRefGoogle Scholar
 28.Laurent, O.: Intersection types with subtyping by means of cut elimination. Fundam. Inf. 121(1–4), 203–226 (2012)MathSciNetzbMATHGoogle Scholar
 29.Laurent, O.: A syntactic introduction to intersection types (2012, unpublished note)Google Scholar
 30.Laurent, O.: Intersection subtyping with constructors. In: Proceedings of the Ninth Workshop on Intersection Types and Related Systems (2018)Google Scholar
 31.Leijen, D.: Extensible records with scoped labels. Trends Funct. Program. 5, 297–312 (2005)Google Scholar
 32.Milner, R.: A theory of type polymorphism in programming. J. Comput. Syst. Sci. 17(3), 348–375 (1978)MathSciNetCrossRefGoogle Scholar
 33.Morris, J.G., McKinna, J.: Abstracting extensible data types. In: Principles of Programming Languages (POPL) (2019)Google Scholar
 34.Muehlboeck, F., Tate, R.: Empowering union and intersection types with integrated subtyping. In: OOPSLA (2018)Google Scholar
 35.Oliveira, B.C.d.S., Cook, W.R.: Extensibility for the masses. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 2–27. Springer, Heidelberg (2012). https://doi.org/10.1007/9783642310577_2
 36.Oliveira, B.C.d.S., Shi, Z., Alpuim, J.: Disjoint intersection types. In: International Conference on Functional Programming (ICFP) (2016)Google Scholar
 37.Oliveira, B.C.d.S., van der Storm, T., Loh, A., Cook, W.R.: Featureoriented programming with object algebras. In: Castagna, G. (ed.) ECOOP 2013. LNCS, vol. 7920, pp. 27–51. Springer, Heidelberg (2013). https://doi.org/10.1007/9783642390388_2
 38.Pierce, B.C.: A decision procedure for the subtype relation on intersection types with bounded variables. Technical report, Carnegie Mellon University (1989)Google Scholar
 39.Pierce, B.C.: Programming with intersection types and bounded polymorphism. Ph.D. thesis, University of Pennsylvania (1991)Google Scholar
 40.Pierce, B.C.: Bounded quantification is undecidable. Inf. Comput. 112(1), 131–165 (1994)MathSciNetCrossRefGoogle Scholar
 41.Rehof, J., Urzyczyn, P.: Finite combinatory logic with intersection types. In: Ong, L. (ed.) TLCA 2011. LNCS, vol. 6690, pp. 169–183. Springer, Heidelberg (2011). https://doi.org/10.1007/9783642216916_15CrossRefGoogle Scholar
 42.Rendel, T., Brachthäuser, J.I., Ostermann, K.: From object algebras to attribute grammars. In: ObjectOriented Programming, Systems Languages and Applications (OOPSLA) (2014)Google Scholar
 43.Reynolds, J.C.: Types, abstraction and parametric polymorphism. In: Proceedings of the IFIP 9th World Computer Congress (1983)Google Scholar
 44.Reynolds, J.C.: Preliminary design of the programming language Forsythe. Technical report, Carnegie Mellon University (1988)Google Scholar
 45.Reynolds, J.C.: The coherence of languages with intersection types. In: Ito, T., Meyer, A.R. (eds.) TACS 1991. LNCS, vol. 526, pp. 675–700. Springer, Heidelberg (1991). https://doi.org/10.1007/3540544151_70CrossRefGoogle Scholar
 46.Oliveira, B.C.d.S., Hinze, R., Löh, A.: Extensible and modular generics for the masses. In: Revised Selected Papers from the Seventh Symposium on Trends in Functional Programming, TFP 2006, Nottingham, United Kingdom, 19–21 April 2006, pp. 199–216 (2006)Google Scholar
 47.Schwinghammer, J.: Coherence of subsumption for monadic types. J. Funct. Program. (JFP) 19(02), 157 (2008)CrossRefGoogle Scholar
 48.Scott, D.: Outline of a mathematical theory of computation. Oxford University Computing Laboratory, Programming Research Group (1970)Google Scholar
 49.Scott, D.S., Strachey, C.: Toward a Mathematical Semantics for Computer Languages, vol. 1. Oxford University Computing Laboratory, Programming Research Group (1971)Google Scholar
 50.Siek, J., Thiemann, P., Wadler, P.: Blame and coercion: together again for the first time. In: Conference on Programming Language Design and Implementation (PLDI) (2015)Google Scholar
 51.Statman, R.: A finite model property for intersection types. Electron. Proc. Theor. Comput. Sci. 177, 1–9 (2015)MathSciNetCrossRefGoogle Scholar
 52.Wadler, P., Blott, S.: How to make adhoc polymorphism less ad hoc. In: Proceedings of the 16th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL 1989 (1989)Google Scholar
 53.Wadler, P.: The expression problem. JavaGenericity Mailing List (1998)Google Scholar
 54.Wand, M.: Complete type inference for simple objects. In: Symposium on Logic in Computer Science (LICS) (1987)Google Scholar
 55.Zhang, W., Oliveira, B.C.d.S: Shallow EDLs and objectoriented programming. Program. J. (2019, to appear)Google Scholar
Copyright information
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.