Comprehensive Parametric Polymorphism: Categorical Models and Type Theory
 3 Citations
 1 Mentions
 883 Downloads
Abstract
This paper combines reflexivegraphcategory structure for relational parametricity with fibrational models of impredicative polymorphism. To achieve this, we modify the definition of fibrational model of impredicative polymorphism by adding one further ingredient to the structure: comprehension in the sense of Lawvere. Our main result is that such comprehensive models, once further endowed with reflexivegraphcategory structure, enjoy the expected consequences of parametricity. This is proved using a typetheoretic presentation of the categorytheoretic structure, within which the desired consequences of parametricity are derived. The formalisation requires new techniques because equality relations are not available, and standard arguments that exploit equality need to be reworked.
Keywords
Relational Parametricity Type Theory Term Variable Identity Relation Relational Context1 Introduction
According to Strachey [26], a polymorphic program is parametric if it applies the same uniform algorithm at all instantiations of its type parameters. Reynolds [23] proposed relational parametricity as a mathematical model of parametric polymorphism. Relational parametricity is a powerful mathematical tool with many useful consequences; see [13, 21, 27] for numerous examples.
The polymorphic lambdacalculus, \(\lambda \mathbf {2}\), (a.k.a. System F) was introduced independently by Girard [11] and Reynolds [22]. It serves as a model type theory for (impredicative) polymorphism, and thus provides a significant testing ground for ideas on relational parametricity. In this paper we address the question:
What is the fundamental categorytheoretic structure needed to model relational parametricity for \(\lambda \mathbf {2}\) , which is both (i) minimal, in assuming as little structure as possible; but (ii) strong enough to ensure the expected consequences of parametricity hold?
It is perhaps surprising that this question does not yet have an established answer. On the one hand, categorytheoretic models for \(\lambda \mathbf {2}\) were developed many years ago by Seely [25]. They are studied systematically as \(\lambda \mathbf {2}\) fibrations in Jacobs [15]. On the other, the fundamental categorytheoretic structure needed to model relational parametricity is also known. The crucial ingredient is the notion of reflexive graph category which appeared implicitly in Ma and Reynolds [19], was used explicitly by O’Hearn and Tennent [20], and Robinson and Rosolini [24], and reached maturity in the parametricity graphs of Dunphy and Reddy [7, 8].
To obtain minimal structure for relational parametricity for \(\lambda \mathbf {2}\), it is natural to combine the structure of \(\lambda \mathbf {2}\) fibrations with that of parametricity graphs. This results in the notion of \(\lambda \mathbf {2}\) parametricity graph, which we define in Sect. 3. Sadly, \(\lambda \mathbf {2}\) parametricity graphs enjoy the expected properties of parametricity only in the special case that the underlying category is wellpointed. (Similar observations, for different but related notions of model, are made in [6, 7, 8].) Since wellpointedness rules out many categories of interest in semantics (e.g., functor categories) this limits the generality of the theory.
One way of circumventing the restriction to wellpointed categories was proposed by Birkedal and Møgelberg [6], who developed a more elaborate categorytheoretic structure, which overcomes the limitation by modelling Plotkin and Abadi’s logic for parametricity [21]. This method of modelling the combination of \(\lambda \mathbf {2}\) with an extraneous logic has been refined and simplified by Hermida [12]. Nonetheless, it does not enjoy the simplicity in conception of combining the structure of categorytheoretic models of \(\lambda \mathbf {2}\) with that of parametricity graphs.
To obtain our minimal structure, we retain the original idea of combining parametricity graphs with categorytheoretic models of \(\lambda \mathbf {2}\). However, we implement this in a perhaps unexpected way. We modify the notion of \(\lambda \mathbf {2}\)model. We ask for \(\lambda \mathbf {2}\) fibrations to additionally satisfy Lawvere’s comprehension property. Not only are the resulting comprehensive \(\lambda \mathbf {2}\)fibrations natural in their own right as models of \(\lambda \mathbf {2}\), but, when combined with parametricitygraph structure to form comprehensive \(\lambda \mathbf {2}\)parametricity graphs, they do indeed enjoy all expected consequences of parametricity.
Sections 2 and 3 define comprehensive \(\lambda \mathbf {2}\) fibrations and comprehensive \(\lambda \mathbf {2}\) parametricity graphs respectively. In Sect. 4, we present a type theory \(\lambda \mathbf {2 R}\), corresponding to our categorytheoretic structure, which provides a simple system for reasoning about parametricity. The type theory \(\lambda \mathbf {2 R}\) is similar to Dunphy’s System P [7], and Abadi, Cardelli and Curien’s System R [1], to which it is compared in Sect. 7.
In Sect. 5, we develop the technical machinery needed to reason in \(\lambda \mathbf {2 R}\). A key obstacle is that the system does not include equality relations. This means that graph relations, which are a crucial ingredient in standard arguments involving relational parametricity, are not in general definable. In Sect. 5, we instead identify two forms of pseudograph relations, whose subtle interrelationship allows us to establish the consequences we need. One kind of pseudograph relation is immediately definable using the fibrational structure built into the notion of parametricity graph. The other type of pseudograph requires opfibrational structure. We use an impredicative encoding to show that opfibrational structure is definable in \(\lambda \mathbf {2 R}\), and hence always present in comprehensive \(\lambda \mathbf {2}\) parametricity graphs. In Sect. 6, we finally apply the technical machinery and establish that the expected consequences of relational parametricity are indeed derivable in \(\lambda \mathbf {2 R}\), and hence hold in comprehensive \(\lambda \mathbf {2}\) parametricity graphs.
 (i)
The definition of comprehensive \(\lambda \mathbf {2}\)fibrations as models of \(\lambda \mathbf {2}\).
 (ii)
The definition of a new categorytheoretic notion of model of relational parametricity, obtained by combining parametricity graphs and comprehensive \(\lambda \mathbf {2}\) fibrations into comprehensive\(\lambda \mathbf {2}\)parametricity graphs.
 (iii)
The extraction of \(\lambda \mathbf {2 R}\) as the type theory intrinsic to comprehensive \(\lambda \mathbf {2}\) parametricity graphs.
 (iv)
The derivation of the expected consequences of parametricity in \(\lambda \mathbf {2 R}\), and hence in comprehensive \(\lambda \mathbf {2}\) parametricity graphs. This requires novel techniques: establishing the opfibration property of comprehensive \(\lambda \mathbf {2}\) parametricity graphs, and the use of pseudograph relations.
In the categorytheoretic parts of the paper, we assume familiarity with fibred category theory, for which Jacobs [15] is our main reference. Nevertheless, a substantial portion of the paper is presented in purely typetheoretic terms, and may be read without reference to the accompanying categorytheoretic material.
2 Comprehensive \(\lambda \mathbf {2}\) Fibrations
A minor departure from many presentations of \(\lambda \mathbf {2}\) is that we interleave type variables and term variables in a single context. This approach is not only natural, but indeed standard when \(\lambda \mathbf {2}\) is considered in the context of dependent type theory; for example, when derived as an instance of a pure type system [3]. Since there is no dependency of \(\lambda \mathbf {2}\) types on term variables, such interleaving is syntactically vacuous. Nevertheless, we shall see below that its presence does have semantic implications.
We next recall the standard categorytheoretic notion of \(\lambda \mathbf {2}\) fibration, which models \(\lambda \mathbf {2}\). We directly restrict the definition to the split case to circumvent coherence issues that would otherwise arise, cf. [15].
Definition 1
 (i)
is fibred cartesian closed;
 (ii)
has a split generic object U [15, Definition 5.2.1] — we write \(\varOmega \) for \(p\, U\);
 (iii)
and has fibredproducts along projections Open image in new window in \(\mathbb {C}\).
Moreover, the reindexing functors given by the splitting are required to preserve the abovespecified structure in fibres on the nose.
The above definition differs slightly from [15, Definition 8.4.3(b)] in that we do not include fibred coproducts in condition (iii). These are not needed to model \(\lambda \mathbf {2}\), and their existence is anyway derivable in parametric models.
In a \(\lambda \mathbf {2}\) fibration, we write \(\mathbb {T}_X\) for the fibre category over X. We also use X as a subscript when referring to structure in \(\mathbb {T}_X\); e.g., \(\mathbf {1}_X\) is the specified terminal object in \(\mathbb {T}_X\), and \(\Rightarrow _X\) is the exponential structure in \(\mathbb {T}_X\). Given Open image in new window in \(\mathbb {C}\), we write \(f^*\) for the reindexing functor \(\mathbb {T}_Y \rightarrow \mathbb {T}_X\), and Open image in new window for the specified cartesian lifting of f relative to A. We also write \(\prod _\varOmega \) for the specified right adjoint, given by (iii), to reindexing functors \(\pi _1^* : \mathbb {T}_X \rightarrow \mathbb {T}_{X \times \varOmega }\).
We recall in outline the semantic interpretation of \(\lambda \mathbf {2}\) in a \(\lambda \mathbf {2}\) fibration \(\mathbb {T }\rightarrow \mathbb {C}\). A context \(\varTheta = \alpha _1, \dots , \alpha _n\) of type variables is interpreted as the nfold product \(\llbracket \varTheta \rrbracket = \varOmega ^n\) in \(\mathbb {C}\). A type A in typevariable context \(\varTheta \) is then interpreted as an object \(\llbracket A \rrbracket _\varTheta \) of \(\mathbb {T}\) over \(\llbracket \varTheta \rrbracket \), defined by induction on the structure of A, using cartesian closure for function types, fibred products for universal types, and the reindexing \((\pi _i)^* \, U\) of the generic object along the projection Open image in new window to interpret \(\alpha _i\) over \(\llbracket \varTheta \rrbracket \). Finally, the interpretation of a term \(\varGamma \vdash t : A\) is obtained by splitting \(\varGamma \) into its component contexts: \(\varTheta \) of type variables, and \(\varDelta \) of term variables. Then \(\varDelta = x_1\!:\!A_1, \dots , x_m\! : \! A_m\) is interpreted as the product \(\llbracket \varDelta \rrbracket _\varTheta = \llbracket A_1 \rrbracket _\varTheta \times \dots \times \llbracket A_m \rrbracket _\varTheta \) in the fibre over \(\llbracket \varTheta \rrbracket \), and t is interpreted as a morphism Open image in new window .
In the above outline, one sees that the structure of a \(\lambda \mathbf {2}\) fibration fits uneasily alongside our mixed contexts of interleaved type and term variables, since these have to be separated to define the semantic interpretation. In dependent type theory, where no such separation is possible, a more direct semantic interpretation is achieved using Lawvere’s comprehension property [18] to model the process of context extension [14]. It is natural to apply the same idea to \(\lambda \mathbf {2}\).
Definition 2
(Comprehensive \(\lambda \mathbf {2}\)fibration). A \(\lambda \mathbf {2}\) fibration \(p: \mathbb {T }\rightarrow \mathbb {C}\) is comprehensive if it enjoys the comprehension property [15, Definition 10.4.7]: the terminalobject functor \(X \mapsto \mathbf {1}_X : \mathbb {C} \rightarrow \mathbb {T}\) has a specified right adjoint \(K : \mathbb {T} \rightarrow ~\mathbb {C}\).
Requiring a specified right adjoint maintains consistency with our policy of working with split fibrational structure. Given A in \(\mathbb {T}_X\), we write Open image in new window for the ‘projection’ map obtained by applying p to the counit Open image in new window in \(\mathbb {T}\).
The appropriateness of comprehensive \(\lambda \mathbf {2}\) fibrations as a notion of model for \(\lambda \mathbf {2}\) is supported by soundness and completeness results.
Theorem 3
(Soundness for \(\lambda \mathbf {2}\)). If \(\varGamma \vdash t_1 = t_2 : A\) then, in every comprehensive \(\lambda \mathbf {2}\) fibration, we have \(\llbracket t_1 \rrbracket _\varGamma = \llbracket t_2 \rrbracket _\varGamma \).
Theorem 4
 (i)
for every type \(\varGamma \vdash {A}\,\,\mathsf {type}\), every global point Open image in new window is the denotation \(\llbracket t \rrbracket _\varGamma \) of some term \(\varGamma \vdash t : A\); and
 (ii)
for all terms \(\varGamma \vdash t_1,t_2 : A\) satisfying \(\llbracket t_1 \rrbracket _\varGamma = \llbracket t_2 \rrbracket _\varGamma \), we have \(\varGamma \vdash t_1 = t_2 : A\).
Theorem 3 is proved by a routine induction on equality derivations, and Theorem 4 by construction of a syntactic model, which has the requisite properties.
3 Comprehensive \(\lambda \mathbf {2}\) Parametricity Graphs
Reflexive graph categories are studied in [7, 8, 16, 19, 24] as a simple categorytheoretic structure for modelling relational parametricity. A reflexive graph category consists of a pair of categories, \(\mathbb {V}\), the vertex category, and \(\mathbb {E}\), the edge category, together with functors \(\nabla _1, \nabla _2 \,{:}\,\mathbb {E} \rightarrow \mathbb {V}\) and \(\varDelta \,{:}\,\mathbb {V} \rightarrow \mathbb {E}\) satisfying \(\nabla _1 \varDelta = \mathrm {id}_{\mathbb {V}} = \nabla _2 \varDelta \). Informally, one thinks of \(\mathbb {E}\) as a category whose objects are binary ‘relations’ between objects of \(\mathbb {V}\). Then \(\nabla _1,\nabla _2\) are ‘projection’ functors, and \(\varDelta \) maps an object to its ‘identity relation’.
We shall be guided by the following general thesis. A model of relational parametricity, irrespective of the type theory for which it is considered, should form a reflexive graph category, in the (2)category of structurepreserving functors between models of the type theory in question. This thesis is supported by the following considerations. Endowing the edge category \(\mathbb {E}\) with the categorical structure needed to interpret types corresponds to giving types a relational interpretation. The preservation of this structure by the projection functors \(\nabla _1, \nabla _2\) means that the relational interpretation commutes with the usual nonrelational interpretation of types. The preservation of structure by \(\varDelta \), in combination with the identity property discussed later, corresponds to Reynolds’ identity extension property [23].
One needs to add further conditions to the above structure to ensure that the objects of \(\mathcal {R}({\mathbb {T}})\) behave sufficiently like relations. In [19], this was addressed by requiring the fibre category \(\mathcal {R}({\mathbb {T}})_{\mathbf {1}_{\mathcal {R}({\mathbb {C}})}}\), over the terminal object, to coincide with a particular category of logical relations over \({\mathbb {T}}_{\mathbf {1}_{{\mathbb {C}}}}\). As well as only being applicable if \({\mathbb {T}}_{\mathbf {1}_{{\mathbb {C}}}}\) has (sufficient) finite limits, this requirement also has the weakness that it says nothing about other fibres of \({p}^{\mathcal {R}}\). As a result, the structure is too weak to imply consequences of parametricity in general, see [6, 24] for discussion. To remedy this, we instead need axiomatic structure for a category of relations, in a form that is suitable for being imposed fibrewise on \({p}^{\mathcal {R}}\). This is provided by Dunphy and Reddy’s notion of parametricity graph [7, 8], which we now recall.
A reflexive graph category \(\nabla _1, \nabla _2 \,{:}\,\mathbb {E} \rightarrow \mathbb {V}, ~ \varDelta \,{:}\,\mathbb {V} \rightarrow \mathbb {E}\) is said to be relational if the functor \(\langle \nabla _1, \nabla _2 \rangle \,{:}\,\mathbb {E} \rightarrow \mathbb {V} \times \mathbb {V}\) is faithful. This property allows one to think of morphisms in \(\mathbb {E}\) as pairs of relationpreserving maps from \(\mathbb {V}\). Accordingly, we call objects of \(\mathbb {E}\)relations, we write \(R \,{:}\,A \leftrightarrow B\) to mean an object R of \(\mathbb {E}\) with \(\nabla _1 R = A\) and \(\nabla _2 R = B\), and we write Open image in new window to mean that there is a (necessarily unique) map Open image in new window in \(\mathbb {E}\) with \(\nabla _1 h = f \) and \(\nabla _2 h = g\). A reflexive graph category satisfies the identity property if, for every Open image in new window in \(\mathbb {E}\), it holds that \(\nabla _1 h = \nabla _2 h\). This allows one to think of \(\varDelta A\) as an identity relation on A (although, cf. Sect. 5 for caveats). In a relational reflexive graph category, the identity property is equivalent to the fullness of the functor \(\varDelta \). A parametricity graph is a relational reflexive graph category with the identity property, for which the functor \(\langle \nabla _1, \nabla _2 \rangle \,{:}\,\mathbb {E} \rightarrow \mathbb {V} \times \mathbb {V}\) is a fibration. The fibration property supports the following definition mechanism. Let \(R : A \leftrightarrow B\) be a relation in \(\mathbb {E}\). Then, given morphisms Open image in new window and Open image in new window in \(\mathbb {V}\), reindexing produces an inverse image relation \([f \!\times \! g]^{1} R \,{:}\,A' \leftrightarrow B'\).^{1}
The main categorytheoretic definition of this paper is a fibrewise adaptation of parametricity graph to the context of comprehensive \(\lambda \mathbf {2}\) fibrations.
Definition 5

(Relational) The functor Open image in new window is faithful.

(Identity property) The functor Open image in new window is full.

(Fibration) Open image in new window is a cloven fibration.
This definition could by strengthened by asking for the parametricitygraph fibrations to be split instead of merely cloven. Such a strengthening does not affect any of the results in the sequel, and may seem natural given our use of split fibrations in all previous definitions. Nevertheless, our choice of definition reflects the fact that the weaker cloven assumption is all that is needed to avoid coherence issues arising in the semantic interpretation of the type theory \(\lambda \mathbf {2 R}\) introduced in Sect. 4 below.
4 A Type System for Relational Reasoning
We define a type system \(\lambda \mathbf {2 R}\), suggested by the structure of comprehensive \(\lambda \mathbf {2}\) parametricity graphs. This system is similar, in many respects, to System R of Abadi, Cardelli and Curien [1] and System P of Dunphy [7], to which we shall compare it in Sect. 7.
The rules for \(\lambda \mathbf {2 R}\) are given by Fig. 1 (it extends \(\lambda \mathbf {2}\)) in combination with Fig. 2. The latter adds three new judgements: Open image in new window says that \(\varTheta \) is a welldefined relational context; Open image in new window says that R is a relation between types \(A_1\) and \(A_2\), in relational context \(\varTheta \); and Open image in new window is a relatedness judgement, asserting that \(t_1 \! : \! A_1\) is related to \(t_2 \! : \!A_2\) by the relation R.
Relations, in Fig. 2, are built up from a collection of relation variables \(\rho , \dots \), which, for clarity, we choose to keep disjoint from type and term variables. In the rules, we make use of three operations \((\cdot )_1\), \((\cdot )_2\) and \(\langle \cdot \rangle \), defined in Fig. 3, which implement reflexive graph structure on syntax. The \((\cdot )_i\) operations project a relational context to a typing context, whereas the \(\langle \cdot \rangle \) operation acts in the other direction. In the definition of the latter, we associate a distinct relation variable \(\rho ^\alpha \) to every type variable \(\alpha \). Lemma 7 below states how these operations relate typing and relational judgements.
The rules for building relational contexts and relations, in Fig. 2, require some explanation. In adding an assertion \(\alpha \rho \beta \) to a relational context \(\varTheta \), all variables \(\alpha , \beta , \rho \) need to be sufficiently fresh. However, the formulation of \(\lambda \mathbf {2 R}\) is such that variables on the lefthand side of relations are always manipulated separately from variables on the right. Thus, for example, \(\alpha \) is sufficiently fresh in \(\alpha \rho \beta \), as long as \(\alpha \) does not already occur on the left side \((\varTheta )_1\) of \(\varTheta \). A similar separation principle applies also with respect to the term variables \(x_1,x_2\) in assertions \((x_1\!:\!A_1)R(x_2\!:\!A_2)\). The separation principle means that one needs to be cautious in interpreting assertions of the form \(\alpha \rho \alpha \) and \((x\!:\!A)R(x\!:\!A)\). In such assertions, even though the same variable appears on the left and right, the correct intuition is that these are really two distinct variables. We have chosen not to underline this distinction by requiring the variables to be syntactically different, since doing so would add unnecessary syntactic clutter to the system; for example, it would complicate the definition of the \(\langle \cdot \rangle \) operation. Instead, we rely on left and right positioning to make the necessary distinctions. This is crucial in the definition of the substitution operations on relations. There are two such operations: \(R[\alpha \rho \beta \mapsto ASB]\) substitutes, in the relation R, the type A for all left occurrences of \(\alpha \), the type B for all right occurrences of \(\beta \) (which may itself be \(\alpha \)), and the relation S for all occurrences of \(\rho \); similarly, \(S[x \mapsto s, y \mapsto t]\) substitutes, in the relation S, the term s for all left occurrences of x, and the term t for all right occurrences of y (which may itself be x). Note that relations can indeed contain terms and (hence) type variables, due to the \([t_1\times t_2]^{1}R\) construction, where we consider \(t_1\) as occurring on the left, and \(t_2\) on the right.
Lemma 6
 (i)
If \(\varTheta \vdash {A_1RA_2}\,\,\mathsf {rel}\) and \({\varTheta },\,{\alpha _1\rho \, \alpha _2} \vdash (t_1: B_1)S(t_2: B_2)\) then \(\varTheta \! \vdash \!(t_1 [\alpha _1\! \mapsto \!A_1]\,{:}\,B_1[\alpha _1\! \mapsto \!A_1])S[\alpha _1\rho \alpha _2 \! \mapsto \! A_1RA_2] (t_2[\alpha _2\! \mapsto \!A_2] \,{:}\,B_2[\alpha _2\! \mapsto \! A_2])\).
 (ii)
If \(\varTheta \vdash (t_1: A_1)R(t_2 : A_2)\) and \({\varTheta },\,{(x_1 : A_1)R(x_2 : A_2)} \vdash (s _1: B_1)S(s_2 : B_2)\) then \(\varTheta \vdash (s_1[x_1 \mapsto t] : B_1)S[x_1 \mapsto t_1, x_2 \mapsto t_2](s_2[x_2 \mapsto t_2] : B_2)\).
The relatedness rules of Fig. 2 include the expected rules for relations \(R \rightarrow S\) and \(\forall {\alpha \rho \beta }.\, R\), which mimic the analogous type constructions in \(\lambda \mathbf {2}\). The rules for \([t_1\times t_2]^{1}R\) implement its intended interpretation as an inverse image construction. In addition, a further rule expresses an extensionality principle for relations with respect to judgemental equality. Such an intermixing of relatedness judgements with equality judgements is legitimised by statement (i) of the lemma below.
Lemma 7
 (i)
If \(\varTheta \vdash (t_1 : A_1)R(t_2 : A_2)\) then \((\varTheta )_i \vdash t_i : A_i\).
 (ii)
If \(\varGamma \vdash t : A\) then \(\langle \varGamma \rangle \,\vdash (t : A)\langle A \rangle (t : A)\).
Statement (ii) of the lemma asserts that all terms enjoy the characteristic relationpreservation property of relational parametricity. By the extensionality rule, it follows that \(\varGamma \vdash s = t : A\) implies \(\langle \varGamma \rangle \,\vdash (s : A)\langle A \rangle (t : A)\). That is, equal terms are parametrically related. Since parametric relatedness captures a form of behavioural equivalence, we can ask also for the converse implication to hold. This is implemented by the parametricity rule in Fig. 2. This rule, in the general form given, is derivable from its emptycontext version: \(\vdash (s : A)\langle A \rangle (t : A)\) implies \(\vdash s = t : A\). Thus the parametricity rule is equivalent to asking for the relational interpretation of a closed type to act as an identity relation between closed terms—a weak version of Reynold’s identity extension property [23]. We discuss the relational interpretation of open types in Sect. 5.
We outline the semantic interpretation of \(\lambda \mathbf {2 R}\). Given a comprehensive \(\lambda \mathbf {2}\) parametricity graph, the contexts, types and terms of \(\lambda \mathbf {2}\) are interpreted in the comprehensive \(\lambda \mathbf {2}\) fibration \(p: \mathbb {T} \rightarrow \mathbb {C}\), as in Sect. 2. In addition, we interpret a relational context \(\varTheta \) as an object \(\llbracket \varTheta \rrbracket \) of \(\mathcal {R}({\mathbb {C}})\), and a syntactic relation \(\varTheta \vdash {ARB}\,\,\mathsf {rel}\) as a semantic relation \(\llbracket R \rrbracket _\varTheta \,{:}\,\llbracket A \rrbracket _{(\varTheta )_1} \leftrightarrow \llbracket B \rrbracket _{(\varTheta )_2}\) in \(\mathcal {R}({\mathbb {T}})_{\llbracket \varTheta \rrbracket }\). The definitions of \(\llbracket \varTheta \rrbracket \) and \(\llbracket R \rrbracket _\varTheta \) interpret context extension, function space and universal quantification using the structure of the comprehensive \(\lambda \mathbf {2}\) fibration \({p}^{\mathcal {R}} : \mathcal {R}({\mathbb {T}}) \rightarrow \mathcal {R}({\mathbb {C}})\), where relation variables \(\alpha \rho \beta \) are interpreted using the generic object of \({p}^{\mathcal {R}}\). For the inverseimage relation \(\varTheta \vdash {A_1([t_1\times t_2]^{1}R)A_2}\,\,\mathsf {rel}\), we have that \(\llbracket t_1 \rrbracket _{(\varTheta )_1}\) and \(\llbracket t_2 \rrbracket _{(\varTheta )_2}\) determine maps Open image in new window and Open image in new window in \(\mathbb {T}_{\llbracket (\varTheta )_1 \rrbracket }\) and \(\mathbb {T}_{\llbracket (\varTheta )_2 \rrbracket }\) respectively. The fibration property of \(\langle \nabla _1^{\mathbb {T}}, \nabla _2^{\mathbb {T}} \rangle \! \upharpoonright _{\mathcal {R}({\mathbb {T}})_{\llbracket \varTheta \rrbracket }}\) then gives \(\llbracket [t_1\times t_2]^{1}R \rrbracket : \llbracket A_1 \rrbracket _{(\varTheta )_1} \leftrightarrow \llbracket A_2 \rrbracket _{(\varTheta )_2}\) as the inverse image of \(\llbracket {R} \rrbracket : \llbracket B_1 \rrbracket _{(\varTheta )_1} \leftrightarrow \llbracket B_2 \rrbracket _{(\varTheta )_2}\) along these maps.
In the above semantic interpretation, the comprehension property is needed in order to interpret a relational context \(\varTheta \) as an object \(\llbracket \varTheta \rrbracket \) of \(\mathbb {\mathcal {R}({C})}\), and essential use is made of this in the definition of \(\llbracket [t_1\times t_2]^{1}R \rrbracket \). Were the comprehension property of models dropped, it would be possible to rejig the semantics to interpret a restricted calculus with inverseimage relations definable only in relational contexts containing no term variables, but not full \(\lambda \mathbf {2 R}\).
The semantics is supported by soundness and completeness theorems.
Theorem 8
 (i)
if \(\varGamma \vdash t_1 = t_2 : A\) then \(\llbracket t_1 \rrbracket _\varGamma = \llbracket t_2 \rrbracket _\varGamma \); and
 (ii)
if \(\varTheta \vdash (t_1\! :\! A_1)R(t_2\! : \! A_2)\) then Open image in new window .
Theorem 9
(Full completeness for \(\lambda \mathbf {2 R}\)). There exists a comprehensive \(\lambda \mathbf {2}\) parametricity graph satisfying the following.
 (i)
For every type \(\varGamma \vdash {A}\,\,\mathsf {type}\), every global point Open image in new window is the denotation \(\llbracket t \rrbracket _\varGamma \) of some term \(\varGamma \vdash t : A\).
 (ii)
For all terms \(\varGamma \vdash t_1,t_2 : A\) satisfying \(\llbracket t_1 \rrbracket _\varGamma = \llbracket t_2 \rrbracket _\varGamma \), we have \(\varGamma \vdash t_1 = t_2 :~A\).
 (iii)
For every relation \(\varTheta \vdash {A_1RA_2}\,\,\mathsf {type}\), every global point Open image in new window arises as \(\llbracket t_1 \rrbracket _{({\varTheta })_1} \times \llbracket t_2 \rrbracket _{(\varTheta )_2}\) for terms \(t_1,t_2\) such that \(\varTheta \vdash (t_1\! :\! A_1)R(t_2\! : \! A_2)\).
Theorem 8 is proved by induction on derivations. We highlight that the soundness of the parametricity rule follows from the identity property of comprehensive \(\lambda \mathbf {2}\) parametricity graphs. Theorem 9 is proved by a term model construction.
5 DirectImage and Pseudograph Relations
As already discussed, the parametricity rule of Fig. 2 interprets the relation \(\langle A \rangle \) as an identity relation when A is a closed type. When A contains type variables, however, this interpretation is not available. Consider an open type \(\alpha \vdash {A(\alpha )}\,\,\mathsf {type}\) (where we write \(A(\alpha )\) to highlight the occurrences of \(\alpha \) in A). Then we have \(\alpha \rho \alpha \vdash {A(\alpha ) \big (\langle A \rangle (\rho )\big ) A(\alpha )}\,\,\mathsf {rel}\). However, the independent handling of left and right variables in \(\lambda \mathbf {2 R}\) (forced by the semantic correspondence with comprehensive \(\lambda \mathbf {2}\) parametricity graphs), means that the latter relation is equivalent to \(\alpha \rho \beta \vdash {A(\alpha ) \big (\langle A \rangle (\rho )\big ) A(\beta )}\,\,\mathsf {rel}\); i.e., it is a family (indexed by relations \(\rho \)) of relations between different types. Indeed, the distinctness of left and right type variables means \(\lambda \mathbf {2 R}\) has no facility for formulating relations between open types and themselves. In particular, \(\lambda \mathbf {2 R}\) contains no mechanism for defining identity relations on open types. Nonetheless, the relation \(\langle A \rangle \) can act as a kind of pseudoidentity relation for type A where the parametricity rule can establish equalities from \(\langle A \rangle \)relatedness in relational contexts of the form \(\langle \varGamma \rangle \).
The main construction we need is that of directimage relations\([t_1\times t_2]_{!}R\), dual to inverseimage relations. This is achieved using an impredicative encoding.
Theorem 10
Lemma 11
 (i)
\({\langle \varGamma \rangle } \vdash gr_{!}(f) \subseteq gr_{*}(f)\); and
 (ii)
\({\langle \varGamma \rangle } \vdash (s\!:\!A)\, gr_{*}(f) \,(t\!:\!B)\) iff \(\varGamma \vdash f\,s \, = \, t \,{:}\,B\) iff \({\langle \varGamma \rangle } \vdash (s\!:\!A) \, gr_{!}(f) \, (t\!:\!B)\).
We comment that, in spite of item (ii), the converse inclusion to (i) does not hold in general. Property (ii) applies only in context \({\langle \varGamma \rangle }\), and thus implies nothing about what happens if further relational assumptions are added.
Theorem 10 has a semantic analogue: direct image relations correspond to opfibrational structure on comprehensive \(\lambda \mathbf {2}\) parametricity graphs.
Theorem 12
In any comprehensive \(\lambda \mathbf {2}\) parametricity graph, for every object W of \(\mathcal {R}({\mathbb {C}})\), the functor \(\langle \nabla ^{\mathbb {T}}_1, \nabla ^{\mathbb {T}}_2 \rangle \! \upharpoonright _{\mathcal {R}({\mathbb {T}})_W}\,{:}\,\mathcal {R}({\mathbb {T}})_W \rightarrow \mathbb {T}_{\nabla ^{\mathbb {C}}_1 W}\! \times \! \mathbb {T}_{\nabla ^{\mathbb {C}}_2 W}\) is an opfibration.
6 Consequences of Parametricity
System \(\lambda \mathbf {2 R}\) is strong enough to prove the familiar consequences of parametricity.
Theorem 13
 (i)
The unit (terminal) type can be encoded as \(\mathbf {1}= \forall {\alpha }.\, \alpha \rightarrow \alpha \).
 (ii)
The product of A and B can be encoded as \(A \times B = \forall {\alpha }.\,(A \rightarrow B \rightarrow \alpha ) \rightarrow \alpha \).
 (iii)
The empty (initial) type can be encoded as \(\mathbf {0}= \forall {\alpha }.\, \alpha \).
 (iv)
The sum of A and B can be encoded as \(A\! + \!B = \forall {\alpha }.\,(A\! \rightarrow \! \alpha ) \! \rightarrow \! (B\! \rightarrow \! \alpha )\! \rightarrow \!\alpha \).
 (v)
Existential types can be encoded as \(\exists {\alpha }.\,T(\alpha ) = \forall {\alpha }.\, (\forall {\beta }.\, (T(\beta ) \rightarrow \alpha )) \rightarrow \alpha \).
 (vi)
The type \(\forall {\alpha }.\,(T(\alpha ) \rightarrow \alpha ) \rightarrow \alpha \) is the carrier of the initial Talgebra for all functorial type expressions \(T(\alpha )\).
 (vii)
The type \(\exists {\alpha }.\,(\alpha \rightarrow T(\alpha )) \times \alpha \) is the carrier of the final Tcoalgebra for all functorial type expressions \(T(\alpha )\).
This result for \(\lambda \mathbf {2 R}\) implies that analogous categorytheoretic properties (which we do not state for lack of space) hold for comprehensive \(\lambda \mathbf {2}\) parametricity graphs.
The proofs of (i)–(vii) follow the usual ones, see, e.g., [21], but with graph relations replaced by pseudographs. Pseudograph relations of the form \(gr_{*}(f)\) suffice in all proofs with the exception of the verification of final coalgebras, where \(gr_{!}(f)\) is used. In this section, we explain how this difference in the treatment of initial algebras and final coalgebras arises. For lack of space, we focus on the use of pseudograph relations only, and omit the (standard) supporting arguments.
Lemma 14
Suppose \(\alpha \) occurs positively in \({\varGamma },\,{\alpha } \vdash {T}\,\,\mathsf {type}\) and \(\varGamma ' \vdash f \,{:}\,A \rightarrow B\), where \(\varGamma '\) extends \(\varGamma \).
 (i)
\({\langle \varGamma ' \rangle } \vdash {\langle T \rangle (gr_{*}(f)) \subseteq gr_{*}(T(f))}\,\).
 (ii)
\({\langle \varGamma ' \rangle } \vdash {gr_{!}(T(f))} \subseteq {\langle T \rangle (gr_{!}(f))}\,\).
Our proof of this lemma closely mirrors the proof of the Graph Lemma in [9], which exploits the fact that graph relations can be defined either using inverse image, analogously to \(gr_{*}(f)\), or using direct image, analogously to \(gr_{!}(f)\).
7 Related and Further Work
System R of [1] and System P of [7] share with \(\lambda \mathbf {2 R}\) the property of having a syntax in which function space and universal quantification are basic constructions on relations. Indeed \(\lambda \mathbf {2 R}\) is especially similar to System P, which also has the inverseimagerelation constructor \([t_1\times t_2]^{1}R\). The most significant difference is that, in System P, the formation rule for this construction is restricted: the terms \(t_1, t_2\) are not allowed to contain free term variables. However, they are permitted to contain socalled indeterminates, which, in the semantics of System P, range over global elements in models. This device allows System P to be used to establish consequences of parametricity in wellpointed models [7]. In \(\lambda \mathbf {2 R}\), our general arguments for consequences of parametricity make essential use of the possibility for \(t_1\) and \(t_2\) to contain free term variables. As already observed in Sect. 4, the comprehension property of our models is crucial to the semantic interpretation of inverseimage relations in such cases.
System R of [1] departs from \(\lambda \mathbf {2 R}\) (and System P) in two main ways. The first is that, in System R, every type A has an associated identity relation\(A^*\).^{2} A key rule of System R (written in our notation) is that \(\varTheta \vdash x \,A^*\, x\), whenever x : A appears anywhere in relational context \(\varTheta \). This rule breaks the independence between left and right variables in the relational judgements of \(\lambda \mathbf {2 R}\). (For example, property (i) of Lemma 7 fails.) The second difference is that System R has an explicit syntax for defining graph relations, rather than the inverseimage construct of \(\lambda \mathbf {2 R}\) (and System P), which would be more general in that context. Due to the presence of both identity and graph relations, the arguments, in System R, for consequences of parametricity proceed along standard lines [1]. However, System R currently lacks a corresponding semantic story of the kind we have used in this paper in justification of \(\lambda \mathbf {2 R}\).
In fact, the interplay between models and syntax could be pushed much further than in the present paper. By adding primitive product types to \(\lambda \mathbf {2}\) and \(\lambda \mathbf {2 R}\), one can strengthen our full completeness results by obtaining syntactic categories that are initial in an appropriate 2category of strict structurepreserving morphisms of models. It would be more natural, however, to broaden both the notion of model, by replacing splittings of fibrations with cleavages, and the notion of morphism, by permitting nonstrict structure preservation. With such a relaxation, coherence issues arise, but one would expect to obtain (pseudo) initiality of the syntactic model of \(\lambda \mathbf {2 R}\) (without any need to extend the syntax with products).
For lack of space we have not presented any concrete models in this paper. In fact, any instance of the more elaborate axiomatic structure from [6] can be reconstrued (albeit in a nontrivial way) as a comprehensive \(\lambda \mathbf {2}\) parametricity graph. So our minimal structure at least generalises the known models of parametricity. However, we do not know whether our structure encompasses any genuinely new models of relational parametricity that truly exploit the (potential) added generality of our approach.
The results of the present paper should be contrasted with those of other recent work by first two authors and colleagues [9, 10]. In this paper, we have axiomatised categorytheoretic structure modelling relational parametricity for the specific type theory \(\lambda \mathbf {2}\), where the resulting structure encompasses both ‘syntactic’ and ‘semantic’ models. In contrast, [9, 10] axiomatise the categorytheoretic structure required on a ‘semantic’ model for Reynolds’ original settheoretic definition of relational parametricity [23] to generalise to the model. Interestingly, the categorytheoretic notion of bifibration occurs both as a central ingredient in the axiomatisation of [9, 10], and, in the guise of directimage relations, as a vital tool in the present paper. A novelty in the present paper is that the bifibrational structure is derived rather than assumed.
From a typetheoretic perspective, one advantage of the approach followed in this paper is that the passage from the original type theory (\(\lambda \mathbf {2}\)) to the relational version (\(\lambda \mathbf {2 R}\)) appears not to depend on specific properties of the former, other than that essential use is made of judgemental equality in the formulation of the parametricity rule. We believe that this potential flexibility may be useful for transferring our methods to dependent type theories, where parametricity is an active area of study [2, 4, 5, 17].
The proofrelevant setting of dependent type theory, however, requires modifications to our semantic framework. In particular the relational property of parametricity graphs must be relaxed. Ongoing work on a higherdimensional, proofrelevant form of parametricity may show how to remove this requirement.
Footnotes
 1.
We use \((\cdot )^{1}\) rather than \((\cdot )^{*}\) for reindexing to emphasise that we are in a relational setting: \(\langle \nabla _1, \nabla _2 \rangle \) is a preorder fibration since it is faithful.
 2.
In System P, every type A is itself a relation, which, although called an “identity relation” in [7], has the properties of the relation \(\langle A \rangle \) in the present paper.
Notes
Acknowledgements
We thank Bob Atkey, Claudio Hermida, Rasmus Møgelberg and the anonymous reviewers for helpful discussions and comments. This research was supported by EPSRC grants GR/A11731/01, EP/E016146/1, EP/K023837/1 and EP/M016951/1.
References
 1.Abadi, M., Cardelli, L., Curien, P.L.: Formal parametric polymorphism. Theor. Comput. Sci. 121(1&2), 9–58 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
 2.Atkey, R., Ghani, N., Johann, P.: A relationally parametric model of dependent type theory. In: Jagannathan, S., Sewell, P. (eds.), POPL, pp. 503–515. ACM (2014)Google Scholar
 3.Barendregt, H.: Introduction to generalized type systems. J. Funct. Program. 1(2), 125–154 (1991)MathSciNetzbMATHGoogle Scholar
 4.Bernardy, J.P., Coquand, T., Moulin, G.: A presheaf model of parametric type theory. In: Ghica, D.R. (ed.), MFPS, ENTCS, pp. 17–33. Elsevier (2015)Google Scholar
 5.Bernardy, J.P., Jansson, P., Paterson, R.: Proofs for free. J. Funct. Program. 22, 107–152 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
 6.Møgelberg, E.: Categorical models for Abadi and Plotkin’s logic for parametricity. Math. Struct. Comput. Sci. 15, 709–772 (2005)CrossRefzbMATHGoogle Scholar
 7.Dunphy, B.: Parametricity as a notion of uniformity in reflexive graphs. Ph.D. thesis, University of Illinois (2002)Google Scholar
 8.Dunphy, B., Reddy, U.: Parametric limits. In: LICS, pp. 242–251 (2004)Google Scholar
 9.Ghani, N., Johann, P., Nordvall Forsberg, F., Orsanigo, F., Revell, T.: Bifibrational functorial semantics of parametric polymorphism. In: Ghica, D.R. (ed.) MFPS, ENTCS, pp. 67–83. Elsevier (2015)Google Scholar
 10.Ghani, N., Nordvall Forsberg, F., Orsanigo, F.: Parametric polymorphism — universally. In: de Paiva, V., de Queiroz, R., Moss, L.S., Leivant, D., de Oliveira, A. (eds.) WoLLIC 2015. LNCS, vol. 9160, pp. 81–92. Springer, Heidelberg (2015)Google Scholar
 11.Girard, J.Y.: Interprétation fonctionelle et élimination des coupures dans l’arithmétique d’ordre supérieur. Ph.D. thesis, University of Paris VII (1972)Google Scholar
 12.Hermida, C.: Fibrational relational polymorphism (2006). http://maggie.cs.queensu.ca/chermida/papers/FibRelPoly.pdf
 13.Hermida, C., Reddy, U., Robinson, E.: Logical relations and parametricity – a Reynolds programme for category theory and programming languages. ENTCS 303, 149–180 (2014)MathSciNetzbMATHGoogle Scholar
 14.Jacobs, B.: Comprehension categories and the semantics of type dependency. Theor. Comput. Sci. 107(2), 169–207 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
 15.Jacobs, B.: Categorical Logic and Type Theory. Elsevier, Amsterdam (1999)zbMATHGoogle Scholar
 16.Kinoshita, Y., O’Hearn, P.W., Power, J., Takeyama, M., Tennent, R.D.: An axiomatic approach to binary logical relations with applications to data refinement. In: Abadi, M., Ito, T. (eds.) Theoretical Aspects of Computer Software. LNCS, vol. 1281, pp. 191–212. Springer, Heidelberg (1997)CrossRefGoogle Scholar
 17.Krishnaswami, N.R., Dreyer, D.: Internalizing relational parametricity in the extensional calculus of constructions. In: Ronchi, S., Rocca, D. (eds.) CSL, pp. 432–451 (2013)Google Scholar
 18.Lawvere, F.W.: Equality in hyperdoctrines and comprehension schema as an adjoint functor. Appl. Categorical Algebra 17, 1–14 (1970)MathSciNetCrossRefzbMATHGoogle Scholar
 19.Ma, Q., Reynolds, J.C.: Types, abstraction, and parametric polymorphism, part 2. In: Brookes, S., Main, M., Melton, A., Mislove, M., Schmidt, D. (eds.) Mathematical Foundations of Programming Semantics. LNCS, vol. 598, pp. 1–40. Springer, Heidelberg (1991)CrossRefGoogle Scholar
 20.O’Hearn, P.W., Tennent, R.D.: Parametricity and local variables. J. ACM 42(3), 658–709 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
 21.Plotkin, G., Abadi, M.: A logic for parametric polymorphism. In: Bezem, M., Groote, J.F. (eds.) Typed Lambda Calculi and Applications. LNCS, vol. 664, pp. 361–375. Springer, Heidelberg (1993)CrossRefGoogle Scholar
 22.Reynolds, J.: Towards a theory of type structure. In: Robinet, B. (ed.) Programming Symposium. LNCS, vol. 19, pp. 408–425. Springer, Heidelberg (1974)CrossRefGoogle Scholar
 23.Reynolds, J.: Types, abstraction and parametric polymorphism. In: Mason, R.E.A. (ed.), Information Processing, pp. 513–523 (1983)Google Scholar
 24.Robinson, E.P., Rosolini, G.: Reflexive graphs and parametric polymorphism. In: LICS, pp. 364–371. IEEE Computer Society (1994)Google Scholar
 25.Seely, R.A.G.: Categorical semantics for higher order polymorphic lambda calculus. J. Symbolic Logic 52, 969–989 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
 26.Strachey, C.: Fundamental concepts in programming languages. High. Order Symbolic Comput. 13(1–2), 11–49 (2000)CrossRefzbMATHGoogle Scholar
 27.Wadler, P.: Theorems for free! In: Stoy, J.E. (ed.) FPCA, pp. 347–359. ACM (1989)Google Scholar