Parametricity for Primitive Nested Types

This paper considers parametricity and its resulting free theorems for nested data types. Rather than representing nested types via their Church encodings in a higher-kinded or dependently typed extension of System F, we adopt a functional programming perspective and design a Hindley-Milner-style calculus with primitives for constructing nested types directly as fixpoints. Our calculus can express all nested types appearing in the literature, including truly nested types. At the term level, it supports primitive pattern matching, map functions, and fold combinators for nested types. Our main contribution is the construction of a parametric model for our calculus. This is both delicate and challenging: to ensure the existence of semantic fixpoints interpreting nested types, and thus to establish a suitable Identity Extension Lemma for our calculus, our type system must explicitly track functoriality of types, and cocontinuity conditions on the functors interpreting them must be appropriately threaded throughout the model construction. We prove that our model satisfies an appropriate Abstraction Theorem and verifies all standard consequences of parametricity for primitive nested types.


Introduction
Algebraic data types (ADTs), both built-in and user-defined, have long been at the core of functional languages such as Haskell, ML, Agda, Epigram, and Idris.ADTs, such as that of natural numbers, can be unindexed.But they can also be indexed over other types.For example, the ADT of lists (here coded in Agda) data List (A : Set) : Set where nil : List A cons : A → List A → List A is indexed over its element type A. The instance of List at index A depends only on itself, and so is independent of List B for any other index B.That is, List, like all other ADTs, defines a family of inductive types, one for each index type.Over time, there has been a notable trend toward data types whose non-regular indexing can capture invariants and other sophisticated properties that can be used for program verification and other applications.A simple example of such a type is given by the type data PTree (A : Set) : Set where pleaf : A → PTree A pnode : PTree (A × A) → PTree A of perfect trees, which can be thought of as constraining lists to have lengths that are powers of 2. A similar data type Nest is given in the canonical paper [BM98] on nested types.The above code makes clear that perfect trees at index type A are defined in terms of perfect trees at index type A × A. This is typical of nested types, one type instance of which can depend on others, so that the entire family of types must actually be defined at once.A nested type thus defines not a family of inductive types, but rather an inductive family of types.Nested types include simple nested types, like perfect trees, none of whose recursive occurrences occur below another type constructor; "deep" nested types [JP20], such as the nested type data PForest (A : Set) : Set where fempty : PForest A fnode : A → PTree (PForest A) → PForest A of perfect forests, whose recursive occurrences appear below type constructors for other nested types; and truly nested types, such as the nested type data Bush (A : Set) : Set where bnil : Bush A bcons : A → Bush (Bush A) → Bush A of bushes, whose recursive occurrences appear below their own type constructors.
Relational parametricity encodes a powerful notion of type-uniformity, or representation independence, for data types in polymorphic languages.It formalizes the intuition that a polymorphic program must act uniformly on all of its possible type instantiations by requiring that every such program preserves all relations between pairs of types at which it is instantiated.Parametricity was originally put forth by Reynolds [Rey83] for System F [Gir72], the calculus at the core of all polymorphic functional languages.It was later popularized as Wadler's "theorems for free" [Wad89], so called because it can deduce properties of programs in such languages solely from their types, i.e., with no knowledge whatsoever of the text of the programs involved.Most of Wadler's free theorems are consequences of naturality for polymorphic list-processing functions.However, parametricity can also derive results that go beyond just naturality, such as correctness for ADTs of the program optimization known as short cut fusion [GLP93,Joh02].
But what about nested types?Does parametricity still hold if such types are added to polymorphic calculi?More practically, can we justifiably reason type-independently about (functions over) nested types in functional languages?
Type-independent reasoning about ADTs in functional languages is usually justified by first representing ADTs by their Church encodings, and then reasoning type-independently about these encodings.This is typically justified by constructing a parametric model -i.e, a model in which polymorphic functions preserve relations á la Reynolds -for a suitable fragment of System F, demonstrating that an initial algebra exists for the positive type constructor corresponding to the functor underlying an ADT of interest, and showing that each such initial algebra is suitably isomorphic to its corresponding Church encoding.In fact, this isomorphism of initial algebras and their Church encodings is one of the "litmus tests" for the goodness of a parametric model.This approach works well for ADTs, which are always fixpoints of first-order functors, and whose Church encodings, which involve quantification over only type variables, are always expressible in System F. For example, List A is the fixpoint of the first-order functor F X = 1+A×X and has Church encoding ∀α.α → (A → α → α) → α.But despite Cardelli's [Car84] claim that "virtually any basic type of interest can be encoded within F 2 " -i.e., within System F -non-ADT nested types cannot.Not even our prototypical nested type of perfect trees has a Church encoding expressible in System F! Indeed, PTree A cannot be represented as the fixpoint of any first-order functor.However, it can be seen as the instance at index A of the fixpoint of the higher-order functor H F A = (A → F A) → (F (A × A) → F A) → F A. It thus has Church encoding ∀f.(∀α.α → f α) → (∀α.f (α × α) → f α) → ∀α.f α, which requires quantification at the higher kind * → * for f .A similar situation obtains for any (non-ADT) nested type.Unfortunately, higher-kinded quantification is not available in System F, so if we want to reason type-independently about nested types in a language based on it we have only two options: (i ) move to an extension of System F, such as the higher-kinded calculus F ω or a dependent type theory, and reason via their Church encodings in a known parametric model for that extension, or (ii ) add nested types to System F as primitives -i.e., as primitive type-level fixpoints -and construct a parametric model for the result.
Since the type systems of F ω and dependent type theories are designed to extend System F with far more than non-ADT data types, it seems like serious overkill to pass to their parametric models to reason about nested types in System F. Indeed, such calculi support fundamentally new features -e.g., the full hierarchy of higher-kinds or term-indexed types -adding complexity to their models that is entirely unnecessary for reasoning about nested types.In addition, to our knowledge no such models represent data types as primitive fixpoints, so they cannot be used to obtain the results of this paper.(See the last paragraph of this section for a more detailed discussion in the case of F ω .)Whether or not these results even hold for such calculi is an open question.
This paper therefore pursues the second option above.We first design a Hindley-Milnerstyle calculus supporting primitive nested types, together with primitive types of natural transformations representing morphisms between them.Our calculus can express all nested types appearing in the literature, including truly nested types.At the term-level, it supports primitive pattern matching, map functions, and fold combinators for nested types.1 Our main contribution is the construction of a parametric model for our calculus.This is both delicate and challenging.To ensure the existence of semantic fixpoints interpreting nested types, and thus to establish a suitable Identity Extension Lemma, our type system must explicitly track functoriality of types, and cocontinuity conditions on the functors interpreting them "it is hard to construct models of both impredicative polymorphism and fixpoint recursion".In fact, as the development in this paper shows, constructing a parametric model even for our predicative calculus with primitive nested types -and even without term-level fixpoints -is already rather involved.On the other hand, our calculus is strongly normalizing, so it perhaps edges us toward the kind of provably total practical programming language proposed in [Wad89].
equation associated with its corresponding data type.The present paper draws on this rich tradition of categorical models of parametricity for System F, but modifies them to treat nested types (and therefore ADTs) as primitive data types.
The only other extensions we know of System F with primitive data types are those in [Mat11,MG01,Pit98,Pit00,Wad89].Wadler [Wad89] treats full System F, and sketches parametricity for its extension with lists.Martin and Gibbons [MG01] outline a semantics for a grammar of primitive nested types similar to that in [JP19], but treat only polynomial nested types, i.e., nested types that are fixpoints of polynomial higher-order functors.Unfortunately, the model suggested in [MG01] is not entirely correct (see [JP19]), and parametricity is nowhere mentioned.Matthes [Mat11] treats System F with non-polynomial ADTs and nested types, but his focus is on expressivity of generalized Mendler iteration for them.He gives no semantics whatsoever.
In [Pit00], Pitts adds list ADTs to full System F with a term-level fixpoint primitive.Other ADTs are included in [Pit98], but nested types are not expressible in either syntax.Pitts constructs parametric models for his calculi based on operational, rather than categorical, semantics.A benefit of using operational semantics to build parametric models is that it avoids needing to work in a suitable metatheory to accommodate System F's impredicativity.It is well-known that there are no set-based parametric models of System F [Rey84], so parametric models for it and its extensions are often constructed in a syntactic metatheory such as the impredicative Calculus of Inductive Constructions (iCIC).By adding primitive nested types to a Hindley-Milner-style calculus and working in a categorical setting we side-step such metatheoretic distractions.
Atkey [Atk12] treats parametricity for arbitrary higher kinds, constructing a parametric model for System F ω within iCIC, rather than in a semantic category.His construction is in some ways similar to ours, but he represents (now higher-kinded) data types using Church encodings rather than as primitives.Moreover, the fmap functions associated to Atkey's functors must be given, presumably by the programmer, together with their underlying type constructors.This absolves him of imposing cocontinuity conditions on his model to ensure that fixpoints of his functors exist, but, unfortunately, he does not indicate which type constructors support fmap functions.We suspect explicitly spelling out which types can be interpreted as strictly positive functors would result in a full higher-kinded extension of a calculus akin to that presented here.

The Calculus
2.1.Types.For each k ≥ 0, we assume countable sets T k of type constructor variables of arity k and F k of functorial variables of arity k, all mutually disjoint.The sets of all type constructor variables and functorial variables are T = k≥0 T k and F = k≥0 F k , respectively, and a type variable is any element of T ∪ F. We use lower case Greek letters for type variables, writing φ k to indicate that φ ∈ T k ∪ F k , and omitting the arity indicator k when convenient, unimportant, or clear from context.Letters from the beginning of the alphabet denote type variables of arity 0, i.e., elements of T 0 ∪ F 0 .We write φ for either a set {φ 1 , . . ., φ n } of type constructor variables or a set of functorial variables when the cardinality n of the set is unimportant or clear from context.If V is a set of type variables we write V, φ for V ∪ φ when V ∩ φ = ∅.We omit the vector notation for a singleton set, thus writing φ, instead of φ, for {φ}.
If Γ is a finite subset of T, Φ is a finite subset of F, α is a finite subset of F 0 disjoint from Φ, and φ k ∈ F k \ Φ, then the set F of well-formed types is given in Definition 2.1.The notation there entails that an application F F 1 . . .F k is allowed only when F is a type variable of arity k, or F is a subexpression of the form µφ k .λα 1 . . .α k .F .Accordingly, an overbar indicates a sequence of types whose length matches the arity of the type applied to it.Requiring that types are always in such η-long normal form avoids having to consider β-conversion at the level of types.In a type Nat α F G, the Nat operator binds all occurrences of the variables in α in F and G; intuitively, Nat α F G represents the type of a natural transformation in α from the functor F to the functor G.In a subexpression µφ k .λα.F , the µ operator binds all occurrences of the variable φ, and the λ operator binds all occurrences of the variables in α, in the body F .
A type constructor context, or non-functorial context, is a finite set Γ of type constructor variables, and a functorial context is a finite set Φ of functorial variables.In Definition 2.1, a judgment of the form Γ; Φ F indicates that the type F is intended to be functorial in the variables in Φ but not necessarily in those in Γ.
Definition 2.1.The formation rules for the set F of (well-formed) types are We write F for ∅; ∅ F .Definition 2.1 ensures that the expected weakening rules for well-formed types hold, i.e., if Γ; Φ F is well-formed, then both Γ, ψ; Φ F and Γ; Φ, φ F are also well-formed.Note that weakening does not change the contexts in which types can be formed.For example, a Nat-type -i.e., a type of the form Nat α F G -can be formed in any functorial context.But since Nat-types contain no functorial variables, we will form them in empty functorial contexts below whenever convenient.Of course, we cannot first weaken the functorial contexts of F and G to Γ; α, β F and Γ; α, β G, and then form Nat α F G in the weakened context Γ; β.If Γ; ∅ F and Γ; ∅ G, then our rules allow formation of the type Γ; ∅ Nat ∅ F G, which represents the System F type Γ F → G. Similarly, if Γ; α F , then our rules allow formation of the type Γ; ∅ Nat α 1 F , which represents the System F type Γ; ∅ ∀α.F .However, some System F types, such as ∀α.(α → α) → α, are not representable in our calculus.Note that, in the rule for µ-types, no variables in Φ appear in the body F of µφ.λα.F .This will be critical to proving the Identity Extension Lemma for our calculus.
Definition 2.1 allows the formation of all of the types from Section 1: Note that since the body F of a type (µφ.λα.F )G can only be functorial in φ and the variables in α, the representation of List α as the ADT µβ. 1 + α × β cannot be functorial in α.By contrast, if List α is represented as the nested type (µφ.λβ. 1 + β × φβ) α then we can choose α to be a functorial variable or not when forming the type.This observation holds for other ADTs as well; for example, if Tree α γ = µβ.α+ β × γ × β, then α, γ; ∅ Tree α γ is well-formed, but ∅; α, γ Tree α γ is not.And it also applies to some non-ADT types, such as GRose φ α = µβ.1 + α × φβ, in which φ and α must both be non-functorial variables.It is in fact possible to allow "extra" 0-ary functorial variables in the body of µ-types (functorial variables of higher arity are the real problem), which would allow the first-order representations of ADTs to be functorial.However, since doing this requires some changes to the formation rule for µ-types, as well as the delicate threading of some additional conditions throughout our model construction, we do not pursue this line of investigation here.
Definition 2.1 allows well-formed types to be functorial in no variables.Functorial variables can also be demoted to non-functorial status: if F [φ :== ψ] is the textual replacement of φ in F , then Γ, ψ k ; Φ F [φ k :== ψ k ] is derivable whenever Γ; Φ, φ k F is.The proof is by induction on the structure of F .In addition to textual replacement, we also have a substitution operation on types.
If Γ; Φ F is a type, if Γ and Φ contain only type variables of arity 0, and if k = 0 for every occurrence of φ k bound by µ in F , then we say that F is first-order ; otherwise we say that F is second-order.Substitution for first-order types is the usual capture-avoiding textual substitution.We write H[α := F ] for the result of substituting F for α in H, and The operation of second-order type substitution along α is given in Definition 2.2, where we adopt a similar notational convention for vectors of types.Of course, (•)[φ 0 := ∅ F ] coincides with first-order substitution.We omit α when convenient, but note that it is not correct to substitute along non-functorial variables.
Definition 2.2.If Γ; Φ, φ k H and Γ; Φ, α F with |α| = k, then the operation H[φ := α F ] of second-order type substitution along α is defined by induction on H as follows: The idea is that the arguments to φ get substituted for the variables in α in each F replacing an occurrence of φ.It is not hard to see that Γ; Φ H[φ := α F ].
2.2.Terms.To define our term calculus we assume an infinite set V of term variables disjoint from T and F. If Γ is a type constructor context and Φ is a functorial context, then a term context for Γ and Φ is a finite set of bindings of the form x : F , where x ∈ V and Γ; Φ F .We adopt the above conventions for denoting disjoint unions and vectors in term contexts.If ∆ is a term context for Γ and Φ, then the formation rules for the set of well-formed terms over ∆ are as in Figure 1.In the rule there for L α x.t, the L operator binds all occurrences of the type variables in α in the types of x and t, as well as all occurrences of x in t.In the rule for t K s there is one type in K for every functorial variable in α.In the rule for map F ,G H there is one type F and one type G for each functorial variable in φ.Moreover, for each φ k in φ the number of functorial variables in β in the judgments for its corresponding type F and G is k.In the rules for in H and fold F H , the functorial variables in β are fresh with respect to H, and there is one β for every α.Substitution for terms is the obvious extension of the usual capture-avoiding textual substitution, and the rules of Figure 1 ensure that weakening is respected.Below we form L-terms, which contain no free functorial variables, in empty functorial contexts whenever convenient.We similarly form map-, in-, and fold-terms, which contain no free functorial variables or free term variables, in empty functorial contexts and empty term contexts whenever convenient.
The "extra" functorial variables γ in the rules for map F ,G H (i.e., those variables not affected by the substitution of φ) deserve comment.They allow us to map polymorphic functions over nested types.Suppose, for example, we want to map the polymorphic function flatten : Nat β (PTree β) (List β) over a list.Even in the absence of extra variables the instance of map required to map each non-functorial monomorphic instantiation of flatten over a list of perfect trees is well-formed: But in the absence of γ, the instance required to map the polymorphic flatten function over a list of perfect trees is not: indeed, the functorial contexts for F and G in the rule for map F,G H would have to be empty, but because the polymorphic flatten function is natural in β it cannot possibly have a type of the form Nat ∅ F G as would be required for it to be the function input to map.Untypeability of this instance of map is unsatisfactory in a polymorphic calculus, where we naturally expect to be able to manipulate entire polymorphic functions rather than just their monomorphic instances, but the "extra" variables γ remedy the situation, ensuring that the instance of map needed to map the polymorphic flatten function is typeable as follows: Our calculus is expressive enough to define a function reversePTree : Nat α (PTree α) (PTree α) that reverses the order of the leaves in a perfect tree.This function maps, e.g., the perfect tree pnode (pnode (pleaf ((1, 2), (3, 4)))) to the perfect tree pnode (pnode (pleaf ((4, 3), (2, 1)))) i.e., maps ((1, 2), (3, 4)) to ((4, 3), (2, 1)).It can be defined as and pleaf , pnode, swap, and s are the terms Our calculus can similarly define a rustle function that changes the placement of the data in a bush.This function maps, e.g., the bush bcons 0 (bcons (bcons 1 (bcons (bcons 2 bnil ) bnil )) (bcons (bcons (bcons 3 (bcons (bcons 4 bnil ) bnil )) bnil ) bnil )) to the bush bcons 4 (bcons (bcons 0 (bcons (bcons 3 bnil ) bnil )) (bcons (bcons (bcons 2 (bcons (bcons 1 bnil It can be defined as , balg, and consalg are the terms Unfortunately, our calculus cannot express types of recursive functions -such as a concatenation function for perfect trees or a zip function for bushes -that take as inputs a nested type and an argument of another type, both of which are parameterized over the same variable.The fundamental issue is that recursion is expressible only via fold, which produces natural transformations in some variables α from µ-types to other functors F .The restrictions on Nat-types entail that F cannot itself be a Nat-type containing α, so, e.g., Nat α (PTree α) (Nat ∅ (PTree α) (PTree (α × α))) is not well-formed.Uncurrying gives Nat α (PTree α × PTree α) (PTree (α × α)), which is well-formed, but fold cannot produce a term of this type because PTree α × PTree α is not a µ-type.Our calculus can, however, express types of recursive functions that take multiple nested types as arguments, provided they are parameterized over disjoint sets of type variables and the return type of the function is parameterized over only the variables occurring in the type of its final argument.Even for ADTs there is a difference between which folds over them we can type when they are viewed as ADTs (i.e., as fixpoints of first-order functors) versus as proper nested types (i.e., as fixpoints of higher-order functors).This is because, in the return type of fold, the arguments of the µ-type must be variables bound by Nat.For ADTs, the µ-type takes no arguments, making it possible to write recursive functions, such as a concatenation function for lists of type α; . This is not possible for nested types -even when they are semantically equivalent to ADTs.
Interestingly, even some recursive functions of a single proper nested type -e.g., a reverse function for bushes that is a true involution -cannot be expressed as folds because the algebra arguments needed to define them are again recursive functions with types of the same problematic form as the type of, e.g., a zip function for perfect trees.Expressivity of folds for nested types has long been a vexing issue, and this is naturally inherited by our calculus.Adding more expressive recursion combinators could help, but since this is orthogonal to the issue of parametricity in the presence of primitive nested types we do not consider it further here.

Interpreting Types
We denote the category of sets and functions by Set.The category Rel has as its objects triples (A, B, R) where R is a relation between the objects A and B in Set, i.e., a subset of A × B, and has as its morphisms from (A, B, R) to (A , B , R ) pairs (f : for the domain A of R and the codomain B of R, respectively.If A : Set, then we write Eq A = (A, A, {(x, x) | x ∈ A}) for the equality relation on A.
The key idea underlying Reynolds' parametricity is to give each type F (α) with one free variable α both an object interpretation F 0 taking sets to sets and a relational interpretation F 1 taking relations R : Rel(A, B) to relations F 1 (R) : Rel(F 0 (A), F 0 (B)), and to interpret each term t(α, x) : F (α) with one free term variable x : G(α) as a map t 0 associating to each set A a function t 0 (A) : G 0 (A) → F 0 (A).These interpretations are to be given inductively on the structures of F and t in such a way that they imply two fundamental theorems.The first is an Identity Extension Lemma, which states that F 1 (Eq A ) = Eq F 0 (A) , and is the essential property that makes a model relationally parametric rather than just induced by a logical relation.The second is an Abstraction Theorem, which states that, for any R : Rel(A, B), The Identity Extension Lemma is similar to the Abstraction Theorem except that it holds for all elements of a type's interpretation, not just those that are interpretations of terms.Similar theorems are expected to hold for types and terms with any number of free variables.
The key to proving the Identity Extension Lemma in our setting (Theorem 4.4) is a familiar "cutting down" of the interpretations of universally quantified types to include only the "parametric" elements; the relevant types in our calculus are the Nat-types.This cutting down requires, as usual, that the set interpretations of types (Section 3.1) are defined simultaneously with their relational interpretations (Section 3.2).While the set interpretations are relatively straightforward, their relation interpretations are less so, mainly because of the cocontinuity conditions required to ensure that they are well-defined.We develop these conditions in Sections 3.1 and 3.2.This separates our set and relational interpretations in space, but otherwise has no impact on the fact that they are given by mutual induction.
3.1.Interpreting Types as Sets.We interpret types in our calculus as ω-cocontinuous functors on locally finitely presentable categories [AR94].Both Set and Rel are locally finitely presentable categories.Since functor categories of locally finitely presentable categories are again locally finitely presentable, the fixpoints interpreting µ-types in Set and Rel must all exist, and thus the set and relational interpretations of all of the types in Definition 2.1, are well-defined [JP19].To bootstrap this process, we interpret type variables as ω-cocontinuous functors in Definitions 3.1 and 3.9.If C and D are locally finitely presentable categories, we write [C, D] for the category of ω-cocontinuous functors from C to D.
A morphism f : ρ → ρ for set environments ρ and ρ with ρ| T = ρ | T maps each type constructor variable ψ k ∈ T to the identity natural transformation on ρψ k = ρ ψ k and each functorial variable φ k ∈ F to a natural transformation from the k-ary functor ρφ k on Set to the k-ary functor ρ φ k on Set.Composition of morphisms on set environments is given componentwise, with the identity morphism mapping each set environment to itself.This gives a category of set environments and morphisms between them, denoted SetEnv.
When convenient we identify a functor in [Set 0 , Set] with its value on * and consider a set environment to map a type variable of arity 0 to a set.If α = {α 1 , . . ., α k } and We can now define our set interpretation.Its action on objects of SetEnv is given in Definition 3.2, and its action on morphisms of SetEnv is given in Definition 3.3.If ρ is a set environment we write Eq ρ for the equality relation environment such that Eq ρ φ = Eq ρφ for every type variable φ; see Definitions 3.4 and 3.9 for the definitions of a relation transformer and a relation environment, and Equation 4.1 for the definition of the relation transformer Eq F on a functor F .Equality relation environments appear in the third clause of Definition 3.2.The relational interpretation also appearing in the third clause of Definition 3.2 is given in Definition 3.11.Definition 3.2.The set interpretation If ρ ∈ SetEnv and F then we write F Set instead of F Set ρ since the environment is immaterial.The third clause of Definition 3.2 does indeed define a set: local finite presentability of Set and ω-cocontinuity of Γ; α F Set ensure that {η : λA.
Also, Γ; ∅ Nat α F G Set is ω-cocontinuous since it is constant (in particular, on ω-directed sets).This is because Definition 3.1 ensures that restrictions to T k of morphisms between set environments are identities.Interpretations of Nat-types ensure that the interpretations Γ F → G Set and Γ ∀α.F Set of the System F arrow types and ∀-types representable in our calculus are as expected in any parametric model.
To make sense of the last clause in Definition 3.2, we need to know that, for each ρ ∈ SetEnv, T Set H,ρ is an ω-cocontinuous endofunctor on [Set k , Set], and thus admits a fixpoint.Since T Set H,ρ is defined in terms of Γ; φ, α H Set , this means that interpretations of types must be such functors, which in turn means that the actions of set interpretations of types on objects and on morphisms in SetEnv are intertwined.Fortunately, we know from [JP19] that, for every Γ; α G, Γ; α G Set is actually in [Set k , Set] where k = |α|.This means that for each Γ; φ k , α H Set , the corresponding operator T Set H can be extended to a functor from H on an object ρ ∈ SetEnv is given by the higher-order functor T Set H,ρ , whose actions on objects (functors in [Set k , Set]) and morphisms (natural transformations) between them are given in Definition 3.2.Its action on a morphism f : ρ → ρ is the higher-order natural transformation T Set H,f : Note that this action of T Set H,ρ on morphisms appears in the final clause of Definition 3.3 below.It will indeed be well-defined there because the functorial action of Γ; φ, α H Set will already be available from the induction hypothesis on H.
Using T Set H , we can define the functorial action of set interpretation.
Definition 3.3.Let f : ρ → ρ be a morphism between set environments ρ and ρ (so that ρ| T = ρ | T ).The action Γ; Φ F Set f of Γ; Φ F Set on f is given by: The latter equality holds because ρφ and ρ φ are functors and f φ : ρφ → ρ φ is a natural transformation, so the following naturality square commutes: The latter equality holds because µT Set H,ρ and µT Set H,ρ are functors and µT Set H,f : µT Set H,ρ → µT Set H,ρ is a natural transformation, so the following naturality square commutes: Definitions 3.2 and 3.3 respect weakening, i.e., ensure that a type and its weakenings have the same set interpretations.
We define F R to be F * R and F (α, β) to be F * (α, β).
The last clause of Definition 3.4 expands to: When convenient we identify a 0-ary relation transformer (A, B, R) with R : Rel(A, B), and write π 1 F for F 1 and π 2 F for F 2 .Below we extend these conventions to relation environments in the obvious ways.
Definition 3.5.The category RT k of k-ary relation transformers is given by the following data: • An object of RT k is a relation transformer • Identity morphisms and composition are inherited from the category of functors on Set Definition 3.6.A higher-order relation transformer Definition 3.6 entails that every higher-order relation transformer H is an endofunctor on RT k , where • The action of H on objects is given by Definition 3.7.A morphism σ : H → K between higher-order relation transformers H and K on RT k is a pair σ = (σ 1 , σ 2 ), where σ 1 : H 1 → K 1 and σ 2 : H 2 → K 2 are natural transformations between endofunctors on [Set k , Set] such that ((σ 1 F 1 ) A , (σ 2 F 2 ) B ) is a morphism from H * F R to K * F R in Rel for any F ∈ RT k and any k-tuple of relations R : Rel(A, B).Definition 3.7 entails that a morphism σ between higher-order relation transformers is a natural transformation between endofunctors on RT k whose component at and, for every We define a higher-order relation transformer T = (T 1 , T 2 , T * ) on RT k to be ω-cocontinuous if T 1 and T 2 are ωcocontinuous endofunctors on [Set k , Set] and T * is an ω-cocontinuous functor from RT k to [Rel k , Rel], i.e., is in [RT k , [Rel k , Rel]].Now, for any k, any A : Set, and any R : Rel(A, B), let K Set A be the constantly A-valued functor from Set k to Set and K Rel R be the constantly R-valued functor from Rel k to Rel.Also let 0 denote either the initial object of either Set or Rel, as appropriate.Observing that, for every k, K Set 0 is initial in [Set k , Set], and is a higher-order relation transformer on RT k then we can define the relation transformer µT to be lim − →n∈N T n K 0 .It is not hard to see that µT is given explicitly as Moreover, µT really is a fixpoint for T if T is ω-cocontinuous: The isomorphism is given by the morphisms (in 1 , in 2 ) : T (µT ) → µT and (in −1 1 , in −1 2 ) : µT → T (µT ) in RT k .The latter is always a morphism in RT k , but the former need not be if T is not ω-cocontinuous.
It is worth noting that the third component in Equation We identify a 0-ary relation transformer with the relation (transformer) that is its codomain and consider a relation environment to map a type variable of arity 0 to a relation.We write ρ[α := R] for the relation environment ρ such that ρ α i = R i for i = 1, . . ., k and ρ α = ρα if α ∈ {α 1 , . . ., α k }.If ρ is a relation environment, we write π 1 ρ and π 2 ρ for the set environments mapping each type variable φ to the functors (ρφ) 1 and (ρφ) 2 , respectively.Definition 3.10.For each k, an ω-cocontinuous environment transformer H is a triple Definition 3.10 entails that every ω-cocontinuous environment transformer H is a ωcocontinuous functor from RelEnv to RT k , where • The action of H on ρ in RelEnv is given by Hρ Considering RelEnv as a subcategory of the product Π φ k ∈T∪F RT k , computation of ωdirected colimits in RT k extends componentwise to RelEnv.Recalling from the start of this subsection that Definition 3.11 is given mutually inductively with Definition 3.2 we can now define our relational interpretation.As with the set interpretation, the relational interpretation is given in two parts, in Definitions 3.11 and 3.13.Definition 3.11.The relational interpretation The interpretations in Definitions 3.11 and 3.13 below respect weakening, and also ensure that the interpretations Γ F → G Rel and Γ ∀α.F Rel of the System F arrow types and ∀-types representable in our calculus are as expected in any parametric model.As for set interpretations, Γ; ∅ Nat α F G Rel is ω-cocontinuous; indeed, it is constant (on ω-directed sets) because Definition 3.9 ensures that restrictions to T k of morphisms between relational environments are identities.If ρ ∈ RelEnv and F , then we write F Rel instead of F Rel ρ.For the last clause in Definition 3.11 to be well-defined we need T H,ρ to be an ω-cocontinuous higher-order relation transformer on RT k , where k is the arity of φ, so that, by Lemma 3.8, it admits a fixpoint.Since T H,ρ is defined in terms of Γ; φ, α H Rel , this means that relational interpretations of types must be ω-cocontinuous environment transformer from RelEnv to RT 0 , which in turn entails that the actions of relational interpretations of types on objects and on morphisms in RelEnv are intertwined.As for set interpretations, we know from [JP19] that, for every Γ; α F , Γ; α F Rel is actually in [Rel k , Rel] where k = |α|.We first define the actions of each of these functors on morphisms between environments, and then argue that they are well-defined and have the required properties.To do this, we show that T H = (T Set H , T Set H , T Rel H ) is a higher-order ω-cocontinuous environment transformer, as defined by Definition 3.12.A higher-order ω-cocontinuous environment transformer is a triple H = (H 1 , H 2 , H * ), where Definition 3.12 entails that every higher-order ω-cocontinuous environment transformer H is a ω-cocontinuous functor from RelEnv to the category of ω-cocontinuous higher-order relation transformers on RT k , where • The action of H on ρ in RelEnv is given by Hρ Note that the last condition of Definition 3.12 entails that if ) is a higher-order ω-cocontinuous environment transformer follows from the analogue for relations of the argument immediately preceding Definition 3.3, together with the observations that the action of T Rel H,ρ on morphisms will be well-defined by Definition 3.13, and the functorial action of Γ; φ, α H Rel will already be available in the final clause of Definition 3.12 from the induction hypothesis on H and Lemma 3.14 below.The action of T H on an object ρ ∈ RelEnv is given by the ωcocontinuous higher-order relation transformer T H,ρ whose actions on objects and morphisms are given in Definition 3.12.The action of T H on a morphism f : ρ → ρ is the morphism T H,f : T H,ρ → T H,ρ between higher-order relation transformers whose action on any F ∈ RT k is the morphism of relation transfomers Using T H , we can define the functorial action of relational interpretation.Definition 3.13.Let f : ρ → ρ for relation environments ρ and ρ (so that ρ| T = ρ | T ).The action Γ; Φ F Rel f of Γ; Φ F Rel on the morphism f is given exactly as in Definition 3.3, except that all interpretations are relational interpretations and all occurrences of T Set H,f are replaced by T H,f .If we define Γ; Φ F to be ( Γ; Φ F Set , Γ; Φ F Set , Γ; Φ F Rel ), then this is an immediate consequence of Lemma 3.14.For every Γ; Φ F , Γ; Φ F is an ω-cocontinuous environment transformer.
The proof is a straightforward induction on the structure of F , using an appropriate result from [JP19] to deduce ω-cocontinuity of Γ; Φ F in each case, together with Lemma 3.8 and Equation 3.3 for µ-types.We note that, for any relation environment ρ, Γ; Φ F ρ ∈ RT 0 .
We can prove by simultaneous induction that our interpretations of types interact well with demotion of functorial variables to non-functorial ones, along with other useful identities.Indeed, if ρ, ρ : Identities analogous to (3.4) through (3.9) hold for relational interpretations as well.

The Identity Extension Lemma
In most treatments of parametricity, equality relations on sets are taken as given -either directly as diagonal relations, or perhaps via reflexive graphs if kinds are also being tracked -and the graph relations used to validate existence of initial algebras are defined in terms of them.We take a different approach here, giving a categorical definition of graph relations for morphisms (i.e., natural transformations) between functors and constructing equality relations as particular graph relations.Our definitions specialize to the usual ones for the graph relation for morphisms between sets and equality relations on sets.In light of its novelty, we spell out our construction in detail.
The standard definition of the graph for a morphism f : A → B in Set is the relation f : Rel(A, B) defined by (x, y) ∈ f iff f x = y.This definition naturally generalizes to associate to each natural transformation between k-ary functors on Set a k-ary relation transformer as follows: Further, let α ∧ R be the subobject through which h R is factorized by the mono-epi factorization system in Set, as shown in the following diagram: Then α ∧ R : Rel(F A, GB) by construction, so the action of α * on objects can be given by α Its action on morphisms is given by α The data in Definition 4.1 yield the graph relation transformer for α, denoted α = (F, G, α * ). and (β, β ) : R → S. We want to show that there exists a morphism : α ∧ R → α ∧ S such that the diagram on the left below commutes.Since (β, β ) : R → S, there exist γ : R → S such that each diagram in the middle commutes.Moreover, since both h C×D • F (β × β ) and (F β × Gβ ) • h A×B make the diagram on the right commute, they must be equal.
We therefore get that the right-hand square in the diagram on the left below commutes, and thus that the entire diagram does as well.Finally, by the left-lifting property of q F ∧ R with respect to ι F ∧ S given by the mono-epi factorization system, there exists an such that the diagram on the right below commutes as desired.
If f : A → B is a morphism in Set then the definition of the graph relation transformer f for f as a natural transformation between 0-ary functors A and B coincides with its standard definition.Graph relation transformers are thus a reasonable extension of graph relations to functors.
The action of a graph relation transformer on a graph relation can be computed explicitly: Proof.Since h A×B is the unique morphism making the bottom triangle of the diagram on the left below commute, and since , the universal property of the product depicted in the diagram on the right gives To prove the IEL, we also need to know that the equality relation transformer preserves equality relations.The equality relation transformer on F : [Set k , Set] is defined to be Lemma 4.3 then gives that, for all A : Set, Graph relation transformers in general, and equality relation transformers in particular, naturally extend to relation environments.Indeed, if ρ, ρ : SetEnv and f : ρ → ρ , then the graph relation environment f is defined pointwise by f φ = f φ for every φ, which entails that π 1 f = ρ and π 2 f = ρ .In particular, the equality relation environment Eq ρ is defined to be id ρ , which entails that Eq ρ φ = Eq ρφ for every φ.
With these definitions in hand, we can state and prove both an Identity Extension Lemma and a Graph Lemma for our calculus.
Proof.The proof is by induction on the structure of F .Only the Nat, application, and fixpoint cases are non-routine.
• Γ; Φ 0 Rel Eq ρ = 0 Rel = Eq 0 Set = Eq Γ;Φ 0 Set ρ • Γ; Φ 1 Rel Eq ρ = 1 Rel = Eq 1 Set = Eq Γ;Φ 1 Set ρ • By definition, Γ; ∅ Nat α F G Rel Eq ρ is the relation on Γ; ∅ Nat α F G Set ρ relating t and t if, for all R 1 : Rel(A 1 , B 1 ), . . ., R k : To prove that this relation is Here, the third equality is by induction hypothesis, the fifth is by Equation 4.2, and the fourth equality is because, for every n ∈ N, the following two statements can be proved by simultaneous induction: for any H, ρ, and A, T n H,Eq ρ K 0 Eq A = (Eq (T Set H,ρ ) n K 0 ) * Eq A (4.3) and for any subformula J of H, The case n = 0 is trivial: Equation 4.3 and Equation 4.4 both hold because T 0 H,Eq ρ K 0 = K 0 , (T Set H,ρ ) 0 K 0 = K 0 , and Equation 4.2 holds.The inductive case is proved as follows.We prove Equation 4.3 by the following sequence of equalities: , where !
where X is Set when (µφ.λα.H)β D ρ D = Set and not present when where X is as above 6. Naturality and the Abstraction Theorem 6.1.Naturality and Its Consequences.We first show that terms of Nat-type behave as natural transformations with respect to their source and target functorial types, and derive some conseqences of this observation.If Γ; α F then define the identity id F on F by id F = Γ; ∅ | ∅ L α x.x : Nat α F F .Also, recall from Section 2.2 that if Γ; ∅ | ∆ t : Nat α F G and Γ; ∅ | ∆ s : Nat α G H are terms then the composition s • t of t and s is defined by s for any set environment ρ, and Naturality of term interpretations is then easily verified: This is not surprising since rose trees are essentially ADT-like.However, as noted in Section 2.2, our calculus cannot express the type of a polymorphic filter function for a proper nested type.
7.4.Short Cut Fusion for Lists.We can recover standard short cut fusion for lists [GLP93] in our calculus: Proof.Theorem 6.4 gives that, for any ρ ∈ RelEnv, We can extend short cut fusion results to arbitrary ADTs, as in [Joh02,Pit98].
7.5.Short Cut Fusion for Arbitrary Nested Types.We can extend short cut fusion for lists [GLP93] to nested types, thereby formally prove correctness of the categorically inspired theorem from [JG10].We have: Vol. 17:4 PARAMETRICITY FOR PRIMITIVE NESTED TYPES AND GADTS 23:37 the above restriction to allow the return types of data constructors to be different instances of the data type than the one being defined.For example, the GADT data Seq (A : Set) : Set where sconst : A → Seq A spair : has data constructors spair and sseq with return types Seq (A × B) and Seq (Nat → A).These types are not only at different instances of Seq from the instance Seq A being defined, but also at different instances from one another.The resulting interdependence of different instances of GADTs means that they can express more constraints than ADTs and nested types.For example, the ADT List expresses the invariant that all of the data in the lists it defines is of the same type, while the nested type PTree expresses this invariant as well as the invariant that all of the lists it defines have lengths that are powers of 2. The GADT Seq enforces even more general well-formedness conditions for sequences of values that simply cannot be expressed with ADTs and nested types alone.GADTs are widely used in modern functional languages, such as Haskell, as well as in proof assistants, such as Agda, that are based on dependent type theories.A natural next step in the line of work reported in this paper is therefore to extend our parametricity results to GADTs.A promising starting point for this endeavor is the observation from [JG08] that the data objects of GADTs can be represented using object-level left Kan extensions over discrete categories.The more recent results of [JP19] further show that adding a carefully designed object-level left Kan extension construct to a calculus supporting primitive nested types preserves the cocontinuity needed for primitive GADTs to have well-defined, properly functorial interpretations.Together this suggests extending the type system in Definition 2.1 with such a left Kan extension construct, and extending the calculus in Figure 1 with corresponding categorically inspired constructs to introduce and eliminate terms of these richer types.This approach exactly mirrors the (entirely standard) approach taken above for product, coproduct, and fixpoint types.In this section we outline the obvious approach to extending our model from Section 5 to a parametric model when some classes of primitive GADTs are incorporated in this manner.However, as we argue at the end of this section, this naive approach fails because the IEL does not hold.Unfortunately, the IEL not holding derails more than just parametricity: it also affects the well-definedness of the term semantics (in particular, the semantics of L-terms).A third representation of left Kan extensions in locally presentable categories is given in terms of colimits.Writing C 0 for the full subcategory of finitely presentable objects in the locally presentable category C, the left Kan extension can be expressed as (Lan K F )A = lim − →X: C 0 , f :KX→A F X Thus, if F : Set k → Set, K : Set k → Set h , A : Set h , and Set 0 is the full subcategory of finitely presentable objects in Set, -i.e., is the category of finite sets -we have that (Lan K F )A = lim − →S:Set k 0 , f :KS→A F S (8.1) If S : Set k 0 and f : KS → A, let j S,f : F S → (Lan K F )A be the morphism indexed by S and f mapping the cocone into the colimit in Equation 8.1.For any h-tuple of functions g : A → B, the functorial action (Lan K F )g is the unique function from (Lan K F )A to (Lan K F )B such that, for all S : Set k 0 and f : KS → A, (Lan K F )g • j S, f = j S, g •f : F S → (Lan K F )B (8.2) holds, where j is the morphism mapping the cocone into (Lan K F )A = lim − →S:Set k 0 , f :KS→A F S and j is the morphism mapping the cocone into (Lan K F )B = lim − →S:Set k 0 , f :KS→B F S. Moreover, if α : F → F is a natural transformation, then Lan K α : (Lan K F ) → (Lan K F ) is defined to be the induced natural transformation whose component (Lan K α)A : (Lan K F )A → (Lan K F )A is the unique function such that (Lan K α)A • j S,f = j S,f • α S , where j is the cocone into (Lan K F )A and j is the cocone into (Lan K F )A.We can similarly represent left Kan extensions of functors over Rel in terms of colimits.In that setting we will denote the morphism mapping the cocone into the colimit ι.We will make good use of both of these representations in Section 8.4 below.
We have been able neither to prove nor disprove the IEL thus far, but our substantial and lengthy investigations into the issue lead us to suspect that it may not actually be possible to define a functorial semantics for Lan-types that gives rise to parametric models for languages supporting even constant-free polynomial primitive GADTs.

Conclusion and Directions for Future Work
We have constructed a parametric model for a calculus providing primitives for constructing nested types directly as fixpoints, rather than representing them via their Church encodings.
We have also used the Abstraction Theorem for this model to derive free theorems for nested types.This was not possible before [JP19] because such types were not previously known to have well-defined interpretations in locally finitely presentable categories (here, Set and Rel), and, to our knowledge, no term calculus for them existed either.The key to obtaining our parametric model is the delicate threading of functoriality and its accompanying naturality conditions throughout our model construction.
We were surprised to find that, although GADTs were shown in [JP19] to have appropriately cocontinuous functorial semantics in terms of left Kan extensions, our model construction does not extend to give a parametric model for them.It may be possible to modify the categories of relations and relation transformers so that if (A, B, R) is a relation then π 1 : R → A and π 2 : R → B are always surjective; this would prohibit situations like that in Example 8.3, and might therefore allow us to recover our IEL and, ultimately, an Abstraction Theorem appropriate to GADTs.If this turns out to be possible, then generalizing the resulting model construction to locally λ-presentable categories for λ > ω would make it possible to handle broader classes of GADTs.(As shown in [JP19], λ > ω 1 is required to interpret even common GADTs.)We could even attempt to carry out our construction in locally λ-presentable cartesian closed categories (lpcccs) C whose categories of (abstract) relations, obtained by pullback as in [Jac99], are also lpcccs and are appropriately fibred over C.This would give a framework for constructing parametric models for calculi with primitive GADTs that is based on locally λ-presentable fibrations, for some appropriate definition thereof.
The expressivity of folds for nested types has long been a vexing issue (see, e.g., [BM98]), and this is naturally inherited by the calculus presented here.Since it codes all recursion using standard folds, and since folds for nested types must return natural transformations, many standard functions over nested types cannot be represented in this calculus.Another important direction for future work is therefore to improve the expressivity of our calculus by adding, say, generalized folds [BP99], or Mendler iterators [AMU05], or otherwise extending standard folds to express computations whose results are not natural transformations.In particular, we may wish to add term-level fixpoints as, e.g., in [Pit00].This would require the categories interpreting types to be not just locally λ-presentable, but also to support some kind of domain structure.At the moment it seems that such an endeavor will have to wait for a generalization of the results presented here to at least locally ω 1 -presentable categories, however: ω-CPO, the most natural category of domains to replace Set, is not locally finitely presentable.
(3.3) is the colimit in [Rel k , Rel] of third components of relation transformers, rather than a fixpoint of an endofunctor on [Rel k , Rel].There is thus an asymmetry between the first two components of µT and its third component, which reflects the important conceptual observation that the third component of a higher-order relation transformer on RT k need not be a functor on all of [Rel k , Rel].In particular, although we can define T H,ρ F for a relation transformer F in Definition 3.11 below, it is not clear how we could define it for an arbitrary F : [Rel k , Rel].Definition 3.9.A relation environment maps each type variable in T k ∪ F k to a k-ary relation transformer.A morphism f : ρ → ρ between relation environments ρ and ρ with ρ| T = ρ | T maps each type constructor variable ψ k ∈ T to the identity morphism on ρψ k = ρ ψ k and each functorial variable φ k ∈ F to a morphism from the k-ary relation transformer ρφ to the k-ary relation transformer ρ φ.Composition of morphisms on relation environments is given componentwise, with the identity morphism mapping each relation environment to itself.This gives a category of relation environments and morphisms between them, denoted RelEnv.

8. 1 .Replacing
Left Kan Extensions.We begin by recalling the definition of a left Kan extension and establishing some useful notation and results for them.Definition 8.1.If F : Set k → Set and K : Set k → Set h are functors over Set, then the left Kan extension of F along K is a functor Lan K F : Set h → Set together with a natural transformation η : F → (Lan K F )•K such that, for every functor G : Set h → Set and natural transformation γ : F → G • K, there exists a unique natural transformation µ : Lan K F → G such that (µK) • η = γ.This is depicted in the following diagram: Set by Rel everywhere in Definition 8.1 we can similarly define the left Kan extension of F along K for functors F and K over Rel.An alternative presentation characterizes the left Kan extension (Lan K F, η) in terms of the bijection between natural transformations from F to G • K and natural transformations from Lan K F to G, for which η is the unit.If Agda were to support a primitive Lan for left Kan extensions, we could use this bijection to rewrite the type of each data constructor for the GADT Seq to arrive at the following equivalent representation: data Seq (A : Set) : Set where sconst : A → Seq A spair : (Lan λC D. C×D (λC D. Seq C × Seq D)) A → Seq A sseq : (Lan λC.Nat→C (λC.Nat → Seq C)) A → Seq A Our calculus will represent Seq and other GADTs in precisely this way.
and only if t = t .We first show that if (t A , t B ) is a morphism from Γ; α F Rel Eq ρ [α := R] to Γ; α G Rel Eq ρ [α := R] for all R 1 : Rel(A 1 , B 1 ), ..., R k : Rel(A k , B k ) then t = t .By hypothesis, for all A 1 ...A k : Set, (t A , t A ) is a morphism from Γ; α F Rel Eq ρ [α := Eq A ] to Γ; α G Rel Eq ρ [α := Eq A ].By the induction hypothesis, it is therefore a morphism from Eq Γ;α F Set ρ[α:=A] to Eq Γ;α G Set ρ[α:=A] in Rel.This means that, for all x : Eq Γ;α F Set ρ[α:=A] , t A x = t A x, so t = t by extensionality.For the converse, we observe that if t = t then the desired conclusion is simply the extra condition in the definition of Γ; ∅ Nat α F G Set ρ.•The application case is proved by the following sequence of equalities, where the second equality is by the induction hypothesis and the definition of the relation environment Eq ρ , the third is by the definition of application of relation transformers from Definition 3.4, and the fourth is by Equation 4.2:Γ; Φ φF Rel Eq ρ = (Eq ρ φ) Γ; Φ F Rel Eq ρ = Eq ρφ Eq Γ;Φ F Set ρ = (Eq ρφ ) * Eq Γ;Φ F Set ρ = Eq (ρφ) Γ;Φ F Set ρ = Eq Γ;Φ φF Set ρ• The fixpoint case is proven by the sequence of equalities Γ; Φ (µφ.λα.H)F Rel Eq ρ = (µT H,Eq ρ ) Γ; Φ F Rel Eq ρ