Dependently-Typed Programming with Scott Encoding

Dependently-Typed Programming with Scott Encoding
Peng Fu, Aaron Stump
Computer Science, The University of Iowa
Abstract
We introduce Selfstar, a Curry-style dependent type system featuring
self type ιx.t, together with mutually recursive definitions
and ∗ : ∗. We show how to obtain Scott-encoded datatypes and the
corresponding elimination schemes with Selfstar. Examples such
as numerals, vector are given to demonstrate the power of Selfstar
as a dependently-typed programming language. Standard metatheorems
such as type preservation are proved.
1. Introduction
Self type is originated from our previous work on S [5], since then
self type has been studied in combination with different typing principles.
In this paper, we study a system called Selfstar, which combines
self type together with ∗ : ∗ and mutually recursive definitions.
In Selfstar, every type is inhabited, so Selfstar is inconsistent
as a logic. The only logical feature in Selfstar is the Leibniz
convertability, i.e. we define t 1 = A t 2 to be ΠC : A → ∗.Ct 1 →
Ct 2. Note that we use “convertability” instead of “equality” to indicate
one can not interpret t 1 = A t 2 as a formula. If we know
the inhabitant of t 1 = A t 2 is normalized at the term λC.λx.x,
then we can use t 1 = A t 2 to cast the type P t 1 to P t 2 by applying
the term (λC.λx.x)P to the inhabitant of P t 1. Note that
(λC.λx.x)P → β λx.x, so the casting will not affect the inhabitant
of P t 1.
Scott encoding (reported in [4]) does not suffer from the ineffeciency
problem arised in Church encoding. For functional programming
langauge, Scott encoding seems to be a better fit than
Church encoding [9]. From the typing perspective, each Scottencoded
data contains its subdata, one would need recursive definition
in order to define a type for Scott encoded data. Elimination
schemes for the Scott-encoded data are derivable in Selfstar, this
means programmer can write down programs that have types like
Πx : Nat.add x 0 = Nat x, which increases the flexibility of typelevel
casting.
The main contributions of this paper are:
• We present Selfstar, which allows us to type Scott-encoded data
and derive elimination schemes for Scott-encoded data. Selfstar
simplifies the design of the functional programming language,
since the primitive notion of inductive data and pattern matching
is not needed in Selfstar.
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full citation
on the first page. Copyrights for components of this work owned by others than ACM
must be honored. Abstracting with credit is permitted. To copy otherwise, or republish,
to post on servers or to redistribute to lists, requires prior specific permission and/or a
fee. Request permissions from Permissions@acm.org.
Copyright c○ ACM [to be supplied]. . . $15.00
• We prove type preservation and progress for Selfstar by applying
the method we developed in the study of System S.
1.1 Motivation
In Curry style system T [6] equipped with polymorphic and dependent
type, one has a primitive notion of recursor, namely, rec :
Πx : Nat.∀U.(Nat → U → U) → U → U and two reductions
rules: rec 0 f v → v and rec (Sn) f v → f n (rec n f v).
The recursor can be emulated with lambda terms. For example,
rec := λn.λf.λv.n f v, with the notion of numeral ¯0 := λs.λz.z
and ¯n := λs.λz.s n − 1 (n − 1 s z). One can verify that the
definition of rec in lambda calculus behaves the same as the one
in system T. With recursive definition, we can define Nat :=
∀U.(Nat → U → U) → U → U. Note that the type of ¯n is
the same as the type of rec ¯n.
So far the type of the recursor is elementary, i.e., not involving
dependency. To make real use of dependent type, we ask if
it is possible to obtain a type likes Πx : Nat.∀U : Nat →
∗.(Πy : Nat.U y → U (Sy)) → U ¯0 → U x. Note that
S := λn.λs.λz.s n (n s z). We want to emphasis the underlying
computational behavior of this type should be the same as rec, thus
we want a typing relation rec : ∀U : Nat → ∗.Πx : Nat.(Πy :
Nat.U y → U (Sy)) → U ¯0 → U x. We also want the type of
rec ¯n, namely (Πy : Nat.U y → U (Sy)) → U ¯0 → U ¯n to be
the same as the type of ¯n. So we want the following typing relation:
¯n : (Πy : Nat.U y → U (Sy)) → U ¯0 → U ¯n for any ¯n. We
know the following self type mechanism:
Γ ⊢ t : [t/x]T
Γ ⊢ t : ιx.T selfGen Γ ⊢ t : ιx.T
Γ ⊢ t : [t/x]T selfInst
So it is not surprising we define Nat := ιx.(Πy : Nat.U y →
U (Sy)) → U ¯0 → U x. With selfGen, selfInst and mutually
recursive definition, one can verify that indeed, the type of ¯n is the
same as the type of rec ¯n and the type of rec is indeed ∀U : Nat →
∗.Πx : Nat.(Πy : Nat.U y → U (Sy)) → U ¯0 → U x. It is
tempted to claim that rec represents the induction principle, but it
is not for the following two reasons: 1. With mutually recursive
definitions, the types can not be interpreted as formulas. 2. The
dependent product Π is not exactly the first order quantifier ∀.
System T is closed to the functional programming language, but
still a little far from a functional programmer’s usual experience.
In mordern functional programming language, one would want to
write a plus 2 function in the following style:
data Nat = Zero
| Succ Nat
plusTwo :: Nat -> Nat
plusTwo n = case n of
Succ p -> Succ ( plusTwo p)
| Zero -> Succ ( Succ Zero )

With Scott numerals, we can achieve the effects above. Assume
Scott numerals and mutually recursive definition. We define:
Zero = lam s . lam z . z
Succ n = lam s . lam z . s n
plusTwo n = case n
lam p. Succ ( plusTwo p)
Succ ( Succ Zero )
Of course, case := λn.λf.λa.n f a and lam denotes the usual
λ. One can see the differences between the two programs above
are mostly superficial. Now let us first give a elementary version of
type for case, which is (Nat → U) → U → U. The dependency
version is Πx : Nat.(Πy : Nat.U (Sy)) → U ¯0 → U x. And we
define Nat := ιx.(Πy : Nat.U (Sy)) → U ¯0 → U x, so one can
again check that case ¯n and ¯n have the same type for Scott numeral
¯n using the selfInst rule.
Observe that the term for rec and case (even the iterator in
system F) is the term λn.λf.λa.n f a. We call the type of this
term elimination scheme. By elemination scheme is derivable in
Selfstar, we mean the elimination scheme is inhabited by the term
λn.λf.λa.n f a in Selfstar (modulo type annotations).
1.2 Overview
In section 2, we present Selfstar. We show how to type Scottencoded
data and its derivative. The corresponding elimination
schemes for Scott-encoded data are derived. We also provide several
examples (numerals and vectors) to demonstrate the power of
Selfstar. In section 3, metatheorems such as type preservation are
proved for Selfstar by applying the method we develped in S [5].
2. Dependently-typed programming with Selfstar
Selfstar use the self type mechanism to obtain inductive data, resulting
a design that is simpler than most dependently-typed core
languages. Intuitively, it is hard imagine how to emulate inductive
datatype and pattern matching without any build-in mechanisms.
But as we observe in section 1.1, Scott encoding together with mutually
recursive definitions are enough to perform pattern matching
on inductive data. The real difficulty lies in the typing. We want
to make sure that both Scott-encoded data and definable operations
on these data are typable in Selfstar. The self type allows
us to type Scott data and to derive the corresponding elimination
schemes. Thus operations on Scott data is typable using the elimination
scheme.
2.1 System Selfstar
We give the full specification of Selfstar in this section. We use
gray boxes to hightlight certain important terms and rules.
Definition 1 (Syntax).
Terms t ::= ∗ | x | λx.t | tt ′ | µt | Πx : t 1.t 2 | ιx.t
Closure µ ::= {x i ↦→ t i} i∈N
Value v ::= ∗ | λx.t | Πx : t 1.t 2 | ιx.t | ⃗µ(Πx : t 1.t 2) | ⃗µ(ιx.t)
Context Γ ::= · | Γ, x : t | Γ, ˜µ
Remarks :
• If µ is {x i ↦→ t i} i∈N , then ˜µ is {(x i : a i) ↦→ t i} i∈N for some
term a i.
• For {x i ↦→ t i} i∈N , we require for any 1 ≤ i ≤ n, the free
variable set FV(t i) ⊆ dom(µ) = {x 1, ..., x n}. We also do not
allow any reductions and substitutions inside the closure. We
call this the locality restriction. Without locality requirement, it
is hard to establish confluence for reductions(see [1]).
• FV(µt) = FV(t) − dom(µ).
· ⊢ wf
Γ ⊢ wf Γ ⊢ t : ∗
Γ, x : t ⊢ wf
Γ ⊢ wf
{Γ, ˜µ ⊢ t j : a j} (tj :a j )∈˜µ
Γ, ˜µ ⊢ wf
Figure 1. Well-formed Context Γ ⊢ wf
Γ ⊢ ∗ : ∗ Star
Γ, x : ιx.t ⊢ t : ∗
Γ ⊢ ιx.t : ∗
Self
(x : t) ∈ Γ
Γ ⊢ x : t
Var
Γ ⊢ t : ιx.t ′
Γ ⊢ t : [t/x]t ′
Γ, x : t 1 ⊢ t 2 : ∗ Γ ⊢ t 1 : ∗
Γ ⊢ Πx : t 1.t 2 : ∗
Γ ⊢ t : [t/x]t ′
Γ ⊢ t : ιx.t ′
Γ ⊢ ιx.t ′ : ∗
Γ ⊢ t : t 1 Γ ⊢ t 1
∼ = t2 Γ ⊢ t 2 : ∗
Γ ⊢ t : t 2
Γ, x : t 1 ⊢ t : t 2 Γ ⊢ t 1 : ∗
Γ ⊢ λx.t : Πx : t 1.t 2
Γ ⊢ t : Πx : t 1.t 2 Γ ⊢ t ′ : t 1
Γ ⊢ tt ′ : [t ′ /x]t 2
Pi
SelfGen
Lam
App
Γ, ˜µ ⊢ t : t ′ {Γ, ˜µ ⊢ t j : a j} (tj :a j )∈˜µ
Γ ⊢ ⃗µ∗ ∗
(x i ↦→ t i) ∈ µ ∈ ⃗µ
Γ ⊢ ⃗µx i ⃗µt i
Γ ⊢ µt : µt ′
Figure 2. Typing Γ ⊢ t : t ′
Γ ⊢ ⃗µ(tt ′ ) (⃗µt)(⃗µt ′ )
Γ ⊢ (λx.t)v [v/x]t
Γ ⊢ t ′ t ′′
Γ ⊢ (λx.t)t ′ (λx.t)t ′′
(x i ↦→ t i) ∈ Γ
Γ ⊢ x i t i
x /∈ dom(⃗µ)
Γ ⊢ ⃗µx x
SelfInst
Conv
Mu
Γ ⊢ ⃗µ(λx.t) λx.(⃗µt)
Γ ⊢ t t ′′
Γ ⊢ tt ′ t ′′ t ′
Figure 3. Executions

Γ ⊢ t 1 ∗ t 2
Γ ⊢ t 1 = t 2
Γ ⊢ (λx.t)t ′ = [t ′ /x]t
FV(t)#dom(µ)
Γ ⊢ µt = t Γ ⊢ µ(ιx.t) = ιx.(µt ′ )
Γ ⊢ µ(Πx : t 1.t 2) = Πx : µt 1.µt 2
FV(t)#dom(µ)
Γ ⊢ µt = t
Γ ⊢ t = t ′′ Γ ⊢ t ′ = t ′′′
Γ ⊢ tt ′ = t ′′ t ′′′ Γ, ˜µ ⊢ t = t ′
Γ ⊢ µt = µt ′
Γ ⊢ t = t ′
Γ ⊢ t = t ′
Γ ⊢ ιx.t = ιx.t ′ Γ ⊢ λx.t = λx.t ′
Γ ⊢ t 2 = t 3 Γ ⊢ t 1 = t 2
Γ ⊢ t 1 = t 3
Γ ⊢ t 2 = t 1
Γ ⊢ t 1 = t 2
Remarks:
µ ∈ Γ
Γ ⊢ µt → o t
Figure 4. Equality
Γ ⊢ t → o t ′
Γ ⊢ λx.t → o λx.t ′
Γ ⊢ t → o t ′′
Γ ⊢ t ′ → o t ′′
Γ ⊢ tt ′ → o t ′′ t ′ Γ ⊢ tt ′ → o tt ′′
Γ ⊢ t 1 → o t ′ 1
Γ ⊢ Πx : t 1.t 2 → o Πx : t ′ 1.t ′ 2
Γ ⊢ t 2 → o t ′ 2
Γ ⊢ Πx : t 1.t 2 → o Πx : t ′ 1.t ′ 2
Γ, ˜µ ⊢ t → o t ′
Γ ⊢ µt → o µt ′
Figure 5. Closure Reductions
Γ ⊢ t → o t ′
Γ ⊢ ιx.t → o ιx.t ′
• (t i : a i) ∈ ˜µ means (x i : a i) ↦→ t i ∈ ˜µ. ⃗µt denotes µ 1...µ nt.
• Typing does not depend on well-formness of the context, so the
self type formation rule self is not circular in this sense. We will
show: if Γ ⊢ wf and Γ ⊢ t : t ′ , then Γ ⊢ t ′ : ∗ (Appendix A).
• We use call-by-value strategy for the execution.
• ∼ = denotes =o ∪ =, where = o denotes the reflexive transitive
and symmetry closure of → o.
• The equality rules incorpates executions to automatize a portion
of equality reasoning.
• At type level, we want to have the ability to open the closure
when it appear in the context. closure reduction allow us to do
this, without this type level reduction, we can not prove type
preservation.
2.2 Scott Encodings in Selfstar
Now let us see some concrete examples of Scott encodings in
Selfstar. For convenient, we write a → b for Πx : a.b with
x /∈ FV(b).
Definition 2 (Scott’s Derivative). Let ˜µ d be the following recursive
defintions:
(Nat : ∗) ↦→
ιx .ΠC : Nat → ∗.(Πn : Nat.(C n) → (C (S n))) → (C 0) → C x
(S : Nat → Nat) ↦→ λn.λC.λs.λz.s n (n C s z)
(0 : Nat) ↦→ λC.λs.λz.z
with s : Πn : Nat.(C n) → (C (S n)), z : C0, n : Nat, we have
˜µ d ⊢ wf (using selfGen and selfInst rules).
Definition 3 (Elimination Scheme for Scott’s Derivative).
˜µ d ⊢ Rec : ΠC : Nat → ∗.Πn : Nat.((C n) → C (S n)) →
C 0 → Πn : Nat.C n
Rec := λC.λs.λz.λn.n C s z
with s : Πn : Nat.(C n) → (C (S n)), z : C0, n : Nat.
Typing: Let Γ = ˜µ d , C : Nat → ∗, s : Πn : Nat.(C n) →
(C (S n)), z : C0, n : Nat. Since n : Nat, by selfInst, n : ΠC :
(Nat → ∗).(Πy : Nat.(C y) → (C (S y))) → (C 0) → (C n).
Thus n C s z : C n.
Definition 4 (Scott Numerals). Let ˜µ s be the following recursive
defintions:
(Nat : ∗) ↦→
ιx .ΠC : Nat → ∗. (Πn : Nat.C (S n)) → (C 0) → (C x)
(S : Nat → Nat) ↦→ λn.λC.λs.λz.s n
(0 : Nat) ↦→ λC.λs.λz.z
with s : Πn : Nat.C (S n), z : C0, n : Nat, we have ˜µ s ⊢
wf(using SelfGen and SelfInst rules).
Definition 5 (Elimination Scheme for Scott Numerals).
˜µ s ⊢ Case : ΠC : Nat → ∗.Πn : Nat.(C (S n)) → C 0 → Πn :
Nat.C n
Case := λC.λs.λz.λn.n C s z
with s : Πn : Nat.(C (S n)), z : C0, n : Nat(using SelfInst rule).
Typing: Let Γ = ˜µ s, C : Nat → ∗, s : Πn : Nat.C (S n), z :
C0, n : Nat. Since n : Nat, by selfInst, n : ΠC : (Nat →
∗).(Πy : Nat.(C (S y)) → (C 0) → (C n). Thus n C s z : C n.
Definition 6 (Addition). We define µ +:
(add : Nat → Nat → Nat) ↦→
λn.λm.Case (λn.Nat) (λp.(S (add p m))) m n
One can check that ˜µ s, µ + ⊢ wf.
Definition 7 (Leibniz Convertability).
Eq := λA.λx.λy.ΠC : A → ∗.C x → C y.
Definition 8. ˜µ s ⊢ addZ : Πx : Nat.Eq Nat (add x 0) x.
Typing: We are trying to show
Πx : Nat.ΠC : Nat → ∗.C (add x 0) → C x
is inhabited. We know that the type of case (λz.(Eq Nat (add z 0) z))
is Πn : Nat.(Eq Nat (add (Sn) 0) Sn) → (Eq Nat (add 0 0) 0) →
Πn : Nat.Eq Nat (add n 0) n.
So case (λz.(Eq Nat (add z 0) z)) p 1 p 2 : Πn : Nat.Eq Nat (add n 0) n,
with p 1 : Πn : Nat.(Eq Nat (add (Sn) 0) Sn) and p 2 :
Eq Nat (add 0 0) 0.
It is easy to see that p 2 := λC[: Nat → ∗].λx[: C(add 0 0)].x.
We know addZ n (λq[: Nat].C(Sq)) : C(S(add n 0)) → C(Sn).
Thus p 1 :=
λn[: Nat].λC[: Nat → ∗].λz[: C(add (Sn) 0)].
(addZ n (λq[: Nat].C(Sq))) z.
So we arive at the following definition:
addZ := case (λz.(Eq Nat (add z 0) z))
(λn.λC.λz.(addZ n (λq.C(Sq))) z)
(λC.λx.x) = β
λy.y (λz.(Eq Nat (add z 0) z))
(λn.λC.λz.(addZ n (λq.C(Sq))) z) (λC.λx.x)
Observe that addZ is a recursive function that is equivalent to
λC.λz.z for all input of Scott numerals. So it is safe to use addZ ¯n
to convert add ¯n 0 to ¯n.
Definition 9 (Vector).
Let ˜µ v be the following recursive defintions:

(vec(U, n) : ∗) ↦→
ιx .ΠC : Πp : Nat.vec(U, p) → ∗.
(Πm : Nat.Πu : U.Πy : vec(U, m).C (S m) (cons m u y)) →
(C 0 nil) → (C n x)
(cons : Πn : Nat.U → vec(U, n) → vec(U, Sn)) ↦→
λn.λv.λl.λC.λy.λx.y n v l
(nil : vec(U, 0)) ↦→ λC.λy.λx.x
where n : Nat, v : U, l : vec(U, n), C : Πp : Nat.vec(U, p) →
∗, y : Πm : Nat.Πu : U.Πy : vec(U, m).(C (Sm) (cons m u y)), x :
C 0 nil.
Typing: It is easy to see that nil is typable to vec(U, 0). Now
we show how cons is typable to Πn : Nat.U → vec(U, n) →
vec(U, Sn). The type of y n v l is C (Sn) (cons n v l).
So λC.λy.λx.y n v l :
ΠC : (Πp : Nat.vec(U, p) → ∗).
(Πm : Nat.Πu : U.Πy : vec(U, m).(C (Sm) (cons m u y))) →
C 0 nil → C (Sn) (λC.λy.λx.y n v l) .
So by selfGen, we have λC.λy.λx.y n v l : vec(U, Sn). Thus
cons : Πn : Nat.U → vec(U, n) → vec(U, Sn).
Definition 10 (Elimination Scheme for Vector).
˜µ v ⊢ Case(U, n) :
ΠC : (Πp : Nat.vec(U, p) → ∗).
(Πm : Nat.Πu : U.Πy : vec(U, m).(C (Sm) (cons m u y)))
→ C 0 nil → Πx : vec(U, n).(C n x)
where Case(U, n) := λC.λs.λz.λx.x C s z
C : (Πp : Nat.vec(U, p) → ∗), s : Πm : Nat.Πu : U.Πy :
vec(U, m).(C (Sm) (cons m u y)), z : C 0 nil, x : vec(U, n).
Definition 11 (Append).
˜µ v ⊢ app :
Πn 1 : Nat.Πn 2 : Nat.vec(U, n 1) → vec(U, n 2) → vec(U, n 1 +
n 2)
where app := λn 1.λn 2.λl 1.λl 2.
Case(U, n 1)(λz.λq.vec(U, z + n 2))
(λm.λh.λt.cons (m + n 2) h (app m n 2 t l 2))
l 2 l 1
(x ↦→ t) ∈ Γ
Γ ⊢ x → β t
Γ ⊢ (λx.t)t ′ → β [t ′ /x]t
(x i ↦→ t i) ∈ µ
Γ ⊢ t → β t ′
Γ ⊢ µx i → β µt i Γ ⊢ λx.t → β λx.t ′
Γ ⊢ t → β t ′′
Γ ⊢ t ′ → β t ′′
Γ ⊢ tt ′ → β t ′′ t ′ Γ ⊢ tt ′ → β tt ′′
Γ, ˜µ ⊢ t → β t ′
Γ ⊢ µt → β µt ′ Γ ⊢ t → β t ′
Γ ⊢ ιx.t → β ιx.t ′
Γ ⊢ t 2 → β t ′ 2
Γ ⊢ Πx : t 1.t 2 → β Πx : t ′ 1.t ′ 2
dom(µ)#FV(t)
Γ ⊢ µt → µ t
Γ ⊢ µ(t 1t 2) → µ (µt 1)(µt 2)
Figure 6. Beta Reductions
Γ ⊢ t 1 → β t ′ 1
Γ ⊢ Πx : t 1.t 2 → β Πx : t ′ 1.t ′ 2
Γ ⊢ µ(λx.t) → µ λx.µt
Γ ⊢ µ(ιx.t) → µ ιx.µt
Γ ⊢ µ(Πx : t 1.t 2) → µ Πx : µt 1.µt 2
Γ ⊢ t → µ t ′
Γ ⊢ λx.t → µ λx.t ′
Γ ⊢ t ′ → µ t ′′
Γ ⊢ t → µ t ′′
Γ ⊢ tt ′ → µ tt ′′ Γ ⊢ tt ′ → µ t ′′ t ′
Γ ⊢ t 1 → µ t ′ 1
Γ ⊢ Πx : t 1t 2 → µ Πx : t 1.t ′ 2
Γ ⊢ t 2 → µ t ′ 2
Γ ⊢ Πx : t 1t 2 → µ Πx : t 1.t ′ 2
Γ ⊢ t → µ t ′
Γ ⊢ ιx.t → µ ιx.t ′
Γ, ˜µ ⊢ t → µ t ′
Γ ⊢ µt → µ µt ′
Typing: We want to show app : Πn 1 : Nat.Πn 2 : Nat.vec(U, n 1) →
vec(U, n 2) → vec(U, n 1+n 2). We instantiate C := λz.(λq.vec(U, z+
n 2)) , where q free over vec(U, y + n 2), in Case(U, n 1). By
beta reductions, we get Case(U, n 1) (λz.λq.vec(U, z + n 2)) :
Πm : Nat.Πu : U.Πy : vec(U, m).(vec(U, (Sm) + n 2)) →
vec(U, 0 + n 2) → Πx : vec(U, n 1).vec(U, n 1 + n 2).
Also, λm.λh.λt.cons (m + n 2) h (app m n 2 t l 2) : Πm :
Nat.Πh : U.Πt : vec(U, m).(vec(U, (S (m + n 2)))
With l 1 : vec(U, n 1), l 2 : vec(U, n 2), we can see that it is the case.
Definition 12 (Associativity).
˜µ v ⊢ assoc : Π(n 1.n 2.n 3 : Nat).
Π(v 1 : vec(U, n 1).v 2 : vec(U, n 2).v 3 : vec(U, n 3)).
Eq vec(U, n 1+n 2+n 3) (app n 1 (n 2+n 3) v 1 (app n 2 n 3 v 2 v 3))
(app (n 1 + n 2) n 3 (app n 1 n 2 v 1 v 2) v 3)
3. Metatheory
The proof of type preservation for Selfstar follows the same
method for proving type preservation of S. Selfstar is a simpler
system compare to S in the following senses: 1. With ∗ : ∗, we
no longer have separate syntactic categories for types and kinds.
2. Polymorphism is anotated in Selfstar, which leads to an easier
proof of type preservation, namely, we do not need morph analysis
[5] for Selfstar. These simplifications lead to a simpler proof of
type preservation.
In order to prove type preservation for Selfstar, we need confluence
analysis for the type level transformation. We need to show
Figure 7. Mu Reductions
type level transformation is confluent. Thus the transformation
from Πx : t 1.t 2 to Πx : t ′ 1.t ′ 2 implies t 1 can be transformed to t ′ 1
and t 2 can be transformed to t ′ 2. Thus we establish the compatibility
property for Selfstar, which is the major result in order to prove
type preservation. The proofs for this section are in Appendix C, D
and E. Once we prove type preservation, progress theorem is easy
to prove, see Appendix B.
3.1 The Analytical System
It is combersome to directly prove the equality in Selfstar is
Church-Rosser. We develop an analytical system and we prove that
the analytical system is equivalent (theorem 16) to the equality system
in Selfstar. Then we prove the analytical system is confluent,
which implies the Church-Rosser of the equality in Selfstar.
The beta-reductions (figure 6) include definition substitutions
and the ordinary beta-reduction in lambda calculus. The mureductions
(figure 7) are for moving the closure inside the term
structure.
Let → denote → β ∪ → µ. Let ↔ ∗ denote (→ ∪ → −1 ) ∗ . The
following lemmas show the relation between → and =.
Lemma 13. If Γ ⊢ t 1 t 2, then Γ ⊢ t 1 → t 2.
Proof. By induction on derivation of Γ ⊢ t 1 t 2.

Lemma 14. If Γ ⊢ t 1 = t 2, then Γ ⊢ t 1 ↔ ∗ t 2.
Proof. By induction on the derivation of Γ ⊢ t 1 = t 2.
Lemma 15. If Γ ⊢ t 1 → t 2, then Γ ⊢ t 1 = t 2.
Proof. By induction on the derivation of Γ ⊢ t 1 → t 2.
The following theorem shows that the analytic system is equivalent
to the equality system.
Theorem 16. Γ ⊢ t 1 = t 2 iff Γ ⊢ t 1 ↔ ∗ t 2.
Proof. By lemma 14, lemma 15.
Suppose → is confluent. By theorem 16, we know that Γ ⊢
Πx : t 1.t 2 = Πx : t ′ 1.t ′ 2 implies Γ ⊢ Πx : t 1.t 2 ↔ ∗ Πx : t ′ 1.t ′ 2.
The confluence of → implies Church-Rosser of ↔ ∗ , namely, there
exists a t such that Γ ⊢ Πx : t 1.t 2 → ∗ t and Γ ⊢ Πx : t ′ 1.t ′ 2 → ∗ t.
By definition of →, we know t must be of the form Πx : t 3.t 4,
with Γ ⊢ t 1 → t 3, Γ ⊢ t ′ 1 → t 3, Γ ⊢ t 2 → t 4 and Γ ⊢ t ′ 2 → t 4.
So by lemma 15, we have Γ ⊢ t 1 = t ′ 1 and Γ ⊢ t 2 = t ′ 2.
Now let us focus on the proof of the confluence of →. The
confluence argument is similar to the one described in [3]. We are
going to use the following lemma to conclude the confluence of
→ β ∪ → µ.
Lemma 17 (Hardin’s interpretation lemma[7]). Let → be → 1
∪ → 2, → 1 being confluent and strongly normalizing. We denote by
ν(a) the → 1-normal form of a. Suppose that there is some relation
→ i on the → 1-normal forms satisfying:
→ i⊆↠, 1 and a → 2 b implies ν(a)↠ iν(b) (†)
Then the confluence of → i implies the confluence of →.
Proof. Suppose → i is confluent. Assume a↠a ′ and a↠a ′′ . So
by (†), ν(a)↠ iν(a ′ ) and ν(a)↠ iν(a ′′ ). Note that t→ ∗ 1t ′ implies
ν(t) = ν(t ′ )(By the confluence and strong normalization of → 1).
By the confluence of → i, there exists a b such that ν(a ′ )↠ ib
and ν(a ′′ )↠ ib. Since → i, → 1⊆↠, we get a ′ ↠ν(a ′ )↠b and
a ′′ ↠ν(a ′′ )↠b. Hence → is confluent.
The idea behinds interpretation method is that it allows us to
modulo the → 1-reduction, we only need to focus on proving the
confluence of → i. This is essential since in our case, → β,µ can
not be directly parallelized, namely, one can not use Tait-Martin
Löf’s method (reported in [2]) directly to prove the confluence
of → β,µ , the paralleled version does not enjoy diamond property.
With the interpretation method, after modulo the → µ-reduction, we
introduce a new reduction → βµ (corresponds to → i), we can then
use the parallel reduction method to prove confluence of → βµ .
Lemma 18. → µ is confluent and terminating.
So → µ correspond to → 1 in the interpretation lemma. Since
→ µ is strongly normalizing and confluent, we can define a normalization
function which effectively computes the mu-normal form.
Definition 19 (µ-Normal Forms).
n ::= ∗ | x | µx i | λx.n | nn ′ | Πx : n.n ′ | ιx.n
Note: for the µx i in definition 19, we assume x i ∈ dom(µ).
1 ↠ is the reflexive symmetric transitive closure of →.
Definition 20 (µ normalization function).
m(∗) := ∗
m(x) := x
m(λy.t) := λy.m(t)
m(t 1t 2) := m(t 1)m(t 2)
m(ιx.t) := ιx.m(t)
m(Πx : t.t ′ ) := Πx : m(t).m(t ′ ).
m(⃗µy) := y if y /∈ dom(⃗µ).
m(⃗µy) := µ iy if y ∈ dom(µ i).
m(⃗µ(tt ′ )) := m(⃗µt)m(⃗µt ′ )
m(⃗µ(λx.t)) := λx.m(⃗µt).
m(⃗µ(ιx.t)) := ιx.m(⃗µt).
m(⃗µ(Πx : t.t ′ )) := Πx : m(⃗µt).m(⃗µt ′ ).
We shall devise a new notion of reduction on mu-normal form,
then show that this reduction is confluent (corresponds to → i in
the interpretation lemma and satisfying the † property), thus by the
interpretation lemma, we can show → β,µ is confluent 2 . A natural
way to define reduction on mu-normal form is that right after a betareduction,
one immediately mu-normalizes the contractum, which
can form a notion of reduction on mu-normal form.
Definition 21 (β Reduction on µ-normal Forms).
Γ ⊢ n → β t
Γ ⊢ n → βµ m(t)
The following lemma shows that → βµ corresponds to the → i
in the interpretation lemma.
Lemma 22. If Γ ⊢ t → β t ′ , then Γ ⊢ m(t) → βµ m(t ′ ).
Lemma 23. → βµ is confluent.
Theorem 24. → β,µ is confluent.
Proof. We know → βµ is confluent. Since → µ is strongly normalizing
and confluent, and by lemma 22 and Hardin’s interpretation
lemma(lemma 17), we conclude → β,µ is confluent.
3.2 Confluence Analysis
Definition 25.
Γ ⊢ t 1 → ι t 2 if t 1 ≡ ιx.t ′ and t 2 ≡ [t/x]t ′ for some fix term t.
Note that → ι models the selfInst rule, → −1
ι models the selfGen
rule. The notion of ι-reduction does not build in structure congruence,
namely, we do not allow reduction rules like: if T → ι T ′ ,
then λx.T → ι λx.T ′ . The purpose of ι-reduction is to emulate the
typing rule selfInst and selfGen. This rewriting point of view on
typing is inspired by Kuan et.al. [10] and Stump et.al. [12].
Lemma 26 (Confluence). → ι is confluent.
Proof. This is obvious since → ι is deterministic.
The goal of this section is to show → o,ι,β,µ is confluent. We
make extensive use of the notion of commutativity, which provides
a simple way to prove the confluence of a reduction system that has
several confluent subreductions.
Definition 27 (Commutativity). Let → 1, → 2 be two notions of
reduction. → 1 (strongly) commute with → 2 if a → 1 b 1 and a → 2
b 2, then there exists a c such that b 1 → 2 c and b 2 → 1 c.
Proposition 28 (Hindley-Rosen [8] [11]). Let → 1, → 2 be two
notions of reduction. Suppose both → 1 and → 2 are confluent, and
→ ∗ 1 commutes with → ∗ 2. Then → 1 ∪ → 2 is confluent.
2 → β,µ denotes → β ∪ → µ, we will use this convention throughout the
paper.

Proposition 29 (Weak Commutativity [2]). Let ↩→ denote the
reflexive closure of →. Let → 1, → 2 be two notions of reduction.
→ 1 weak commutes with → 2 if a → 1 b 1 and a → 2 b 2, then there
exists a c such that b 1 ↩→ 2 c and b 2 ↠ 1 c.
If → 1 weak commutes with → 2, then → ∗ 1 and → ∗ 2 commute.
Lemma 30. → β,µ commutes with → ι. Thus → β,µ,ι is confluent.
Lemma 31. → o has diamond property, thus is confluent.
Lemma 32. → o commutes with → ι, weak commutes with → β ,
→ µ.
Theorem 33. → o,ι,β,µ is confluent.
Let = β,µ,ι,o denotes the reflexive transitive symmetry closure of
→ o ∪ → ι ∪ → β ∪ → µ. The goal of confluence analysis is to
establish the following theorem.
Theorem 34 (ι-elimination, Compatibility).
If Γ ⊢ Πx : t 1.t 2 = β,µ,ι,o Πx : t ′ 1.t ′ 2, then Γ ⊢ t 1 = β,µ,o t ′ 1
and Γ ⊢ t 2 = β,µ,o t ′ 2.
Proof. If Γ ⊢ Πx : t 1.t 2 = β,µ,ι,o Πx : t ′ 1.t ′ 2, then by the
confluence of → β,µ,ι,o , there exists a t such that Γ ⊢ Πx :
t 1.t 2(→ o,ι,β,µ ) ∗ t and Γ ⊢ Πx : t ′ 1.t ′ 2(→ o,ι,β,µ ) ∗ t. Since all the
reductions on Πx : t 1.t 2 preserve the structure of the dependent
type, one will never have a chance to use → ι-reduction, thus Γ ⊢
Πx : t 1.t 2(→ o,β,µ ) ∗ t and Γ ⊢ Πx : t ′ 1.t ′ 2(→ o,β,µ ) ∗ t. So t must
be of the form Πx : t 3.t 4. And Γ ⊢ t 1(→ o,β,µ ) ∗ t 3, Γ ⊢ t ′ 1(→ o,β,µ
) ∗ t 3, Γ ⊢ t 2(→ o,β,µ ) ∗ t 4 and Γ ⊢ t ′ 2(→ o,β,µ ) ∗ t 4. Finally, we have
Γ ⊢ t 1 = β,µ,o t ′ 1 and Γ ⊢ t 2 = β,µ,o t ′ 2.
3.3 Type Preservation
The proof of type preservation proceeds as usual. The inversion
lemma and substitution lemma are standard. Note that in the final
preservation proof, we use the compatibility theorem.
Lemma 35 (Inversion).
• If Γ ⊢ λx.t : t ′ , then Γ, x : t 1 ⊢ t : t 2 and Γ ⊢ Πx :
t 1.t 2= β,µ,ι,o t ′ for some t 1, t 2.
• If Γ ⊢ t 1t 2 : t ′ , then Γ ⊢ t 1 : Πx : t ′ 1.t ′ 2 and Γ ⊢ t 2 : t ′ 1,
Γ ⊢ [t 2/x]t ′ 2= β,µ,ι,o t ′ for some t ′ 1, t ′ 2.
• If Γ ⊢ x : t ′ , then x : t ∈ Γ and Γ ⊢ t= β,µ,ι,o t ′ for some t.
Lemma 36 (Substitution). If Γ 1, x : t 1, Γ 2 ⊢ t : t 2 and Γ ⊢ t ′ : t 1,
then Γ 1, [t ′ /x]Γ 2 ⊢ [t ′ /x]t : [t ′ /x]t 2.
Theorem 37 (Type Preservation). If Γ ⊢ wf and Γ ⊢ t t ′ and
Γ ⊢ t : t ′′ , then Γ ⊢ t ′ : t ′′ .
Proof. We list one interesting case here.
Γ ⊢ t ′ 1 : Πx : t ′′
1 .t ′′
2 Γ ⊢ t ′ 2 : t ′′
1
Γ ⊢ t ′ 1t ′ 2 : [t ′ 2/x]t ′′
2
Suppose Γ ⊢ (λx.t 1)v [v/x]t 1. Then we know Γ ⊢ (λx.t 1)v :
[t/x]t ′′
2 and Γ ⊢ λx.t 1 : Πx : t ′′
1 .t ′′
2 and Γ ⊢ v : t ′′
1 . By inversion
on Γ ⊢ λx.t 1 : Πx : t ′′
1 .t ′′
2 , we have Γ, x : a ⊢ t 1 : b and Γ ⊢ Πx :
a.b= β,µ,ι,o Πx : t ′′
1 .t ′′
2 . By theorem 34, we have Γ ⊢ a = β,µ,o t ′′
1
and Γ ⊢ b = β,µ,o t ′′
2 . So we have Γ, x : a ⊢ t 1 : t ′′
2 and Γ ⊢ v : a.
So by lemma 79, we have Γ ⊢ [v/x]t 1 : [v/x]t ′′
2 , as required.
4. Conclusion
We introduce Selfstar, which incorporates the self type construct
together with ∗ : ∗ and mutually recursion. Scott-encoded
datatypes and the corresponding elimination schemes are derivable
within Selfstar. We also demonstrate the process of proving the
type preservation theorem.
References
[1] Zena M. Ariola and Jan Willem Klop. Lambda calculus with explicit
recursion. Information and Computation, 139(2):154 – 233, 1997.
[2] H. P. Barendregt. The Lambda Calculus, Its Syntax and Semantics
(Studies in Logic and the Foundations of Mathematics, Volume 103).
Revised Edition. North Holland, revised edition, November 1985.
[3] Pierre-Louis Curien, Thérèse Hardin, and Jean-Jacques Lévy. Confluence
properties of weak and strong calculi of explicit substitutions. J.
ACM, 43(2):362–397, 1996.
[4] H. B. Curry, J. R. Hindley, and J. P. Seldin. Combinatory Logic,
Volume II. North-Holland, 1972.
[5] Peng Fu and Aaron Stump. Church encoding with dependent types.
2013. submitted, available from first Author’s web page.
[6] Jean-Yves Girard, Paul Taylor, and Yves Lafont. Proofs and types.
Cambridge University Press, New York, NY, USA, 1989.
[7] Thérèse Hardin. Confluence results for the pure strong categorical
logic ccl. λ-calculi as subsystems of ccl. Theor. Comput. Sci.,
65(3):291–342, July 1989.
[8] James Roger Hindley. The Church-Rosser property and a result in
combinatory logic. PhD thesis, University of Newcastle upon Tyne,
1964.
[9] J.M. Jansen, R. Plasmeijer, and P. Koopman. Functional pearl: Comprehensive
encoding of data types and algorithms in the lambdacalculus.
Internal report, NLDA, 2011.
[10] George Kuan, David MacQueen, and Robert Bruce Findler. A rewriting
semantics for type inference. In Proceedings of the 16th European
conference on Programming, pages 426–440. Springer-Verlag, 2007.
[11] Barry K. Rosen. Tree-manipulating systems and church-rosser theorems.
J. ACM, 20(1):160–187, January 1973.
[12] Aaron Stump, Garrin Kimmell, and Roba El Haj Omar. Type preservation
as a confluence problem. In RTA, pages 345–360, 2011.
A. Well-Form Type
Lemma 38. If Γ ⊢ wf and Γ ⊢ t : t ′ , then Γ ⊢ t ′ : ∗.
Proof. By induction on derivation of Γ ⊢ t : t ′ . We list a few
nontrivial cases.
Case:
Γ ⊢ t : ιx.t ′
Γ ⊢ t : [t/x]t ′
SelfInst
By IH, we have Γ ⊢ ιx.t ′ : ∗. So by inversion, we have Γ, x :
ιx.t ′ ⊢ t ′ : ∗. So by lemma 79, we know Γ ⊢ [t/x]t ′ : ∗.
Case:
Γ, x : t 1 ⊢ t : t 2 Γ ⊢ t 1 : ∗
Γ ⊢ λx.t : Πx : t 1.t 2
Lam
By IH, we know Γ, x : t 1 ⊢ t 2 : ∗. Since Γ ⊢ t 1 : ∗, by Pi rule, we
have Γ ⊢ Πx : t 1.t 2 : ∗.
Case:

Γ ⊢ t : Πx : t 1.t 2 Γ ⊢ t ′ : t 1
Γ ⊢ tt ′ : [t ′ /x]t 2
App
By IH, we have Γ ⊢ Πx : t 1.t 2 : ∗. By inversion on Γ ⊢ Πx :
t 1.t 2 : ∗, we have Γ, x : t 1 ⊢ t 2 : ∗. So by lemma 79, we have
Γ ⊢ [t ′ /x]t 2 : ∗.
Case:
Γ, ˜µ ⊢ t : t ′ {Γ, ˜µ ⊢ t j : a j} (tj :a j )∈˜µ
Γ ⊢ µt : µt ′
Mu
By IH, we have Γ, ˜µ ⊢ t ′ : ∗. So Γ ⊢ µt ′ : µ∗, thus Γ ⊢ µt ′ : ∗.
B. Progress
Lemma 39. If · ⊢ v : Πx : t 1.t 2, then v ≡ λx.t.
Proof. Case analysis on v. Suppose v ≡ ∗. By inversion, · ⊢ ∗ : ∗
and · ⊢ ∗ = β,µ,ι,o Πx : t 1.t 2, which contradicts Church-Rosser
of = β,µ,ι,o . Suppose v ≡ ⃗µ(Πx : t 3.t 4). By inversion, we have
˜⃗µ ⊢ Πx : t 3.t 4 : t a and · ⊢ ⃗µt a
⃗µ(Πx:t 3 .t 4 )
= β,µ,ι,o Πx : t 1.t 2. By
inversion on ˜⃗µ ⊢ Πx : t 3.t 4 : t a, we have ˜⃗µ ⊢ ∗ Πx:t =
3.t 4
β,µ,ι,o t a.
So we have · ⊢ ⃗µ∗ ⃗µ(Πx:t 3.t 4 )
⃗µ(Πx:t 3 .t 4 )
= β,µ,ι,o ⃗µt a = β,µ,ι,o Πx :
t 1.t 2. Again, this contradicts Church-Rosser of = β,µ,ι,o . For other
cases like: v ≡ Πx : t.t ′ , ιx.t, ⃗µ(ιx.t), we argue similarly.
Theorem 40 (Progress). If · ⊢ t : t ′′ , then either · ⊢ t t ′ or t is
a value.
Proof. By induction on the derivation of · ⊢ t : t ′′ , we list a few
cases.
Case:
˜µ ⊢ t : t ′ {˜µ ⊢ t j : a j} (tj :a j )∈˜µ
· ⊢ µt : µt ′ Mu
Identify t as ˙⃗µt ′′ , where t ′′ does not contains any closure at head
position. Case analysis on t ′′ , if it is ∗, x, λx.t a, t at b , then there
exist a t ′ such that · ⊢ t t ′ . If t ′′ ≡ Πx : t a.t b , ιx.t a, then it is
already a value.
Case:
· ⊢ t : Πx : t 1.t 2 · ⊢ t ′ : t 1
· ⊢ tt ′ : [t ′ /x]t 2
App
Since · ⊢ t : Πx : t 1.t 2 and · ⊢ t ′ : t 1, by IH, t either steps or is
a value, likewise for t ′ . If t can take a step, then tt ′ can also take a
step. If t is a value, by lemma 39, t must be of the form λx.t a. So if
t ′ can take a step, then tt ′ can also take a step. If both t ′ is a value,
then tt ′ can take a step.
C. Proofs of Section 3.1
Let ˙⃗µ denote 0 or more closures.
Lemma 41. Let Φ denote the set of µ normal form. For any term
t, m(t) ∈ Φ.
Proof. One way to prove this is first identify t as ˙−→ µ1t ′ , here ˙−→ µ 1
means there are zero or more closures and t ′ does not contains any
closure at head position. Then we can proceed by induction on the
structure of t ′ :
Base Cases: t ′ = x, t ′ = ∗, obvious.
Step Cases: If t ′ = λx.t ′′ , then m( µ ˙−→ 1(λx.t ′′ )) ≡ λx.m( µ ˙−→ 1t ′′ ).
Now we can again identify t ′′ as µ ˙−→ 2t ′′′ , where t ′′′ does not have
any closure at head position. Since t ′′′ is structurally smaller
than λx.t ′′ , by IH, m( µ ˙−→ 1µ2t ˙−→ ′′′ ) ∈ Φ, thus m( µ ˙−→ 1(λx.t ′′ )) ≡
λx.m( µ ˙−→ 1t ′′ ) ∈ Φ.
For t ′ = t at b , t ′ = ιx.t ′′ , t ′ = Πx : t a.t b , we can argue
similarly as above.
In order to prove lemma 22, we prove the following more
general lemma instead.
Lemma 42. If Γ, ˙⃗µ ⊢ a → β b, then Γ ⊢ m( ˙⃗µa) → βµ m( ˙⃗µb).
Proof. By induction on derivation of Γ, ˙⃗µ ⊢ a → β b.
Base Case:
(x ↦→ t) ∈ Γ, ˙⃗µ
Γ, ˙⃗µ ⊢ x → β t
If x ↦→ t ∈ ˙⃗µ, then Γ ⊢ m( ˙⃗µx) ≡ µx → βµ m(µt) ≡ m( ˙⃗µt).
Techincally, the last equality need to be justified, informally we
can justify that by locality of µ. If x ↦→ t ∈ Γ, then Γ ⊢ m( ˙⃗µx) ≡
x → βµ m(t) ≡ m( ˙⃗µt).
Base Case:
(x i ↦→ t i) ∈ µ
Γ, ˙⃗µ ⊢ µx i → β µt i
We have Γ ⊢ m( ˙⃗µµx i) ≡ µx i → βµ m(µt i) ≡ m( ˙⃗µµt i).
Base Case:
Γ, ˙⃗µ ⊢ (λx.t)t ′ → β [t ′ /x]t
We have Γ ⊢ m( ˙⃗µ((λx.t)t ′ )) ≡ (λx.m( ˙⃗µt))m( ˙⃗µt ′ ) → βµ
m([m( ˙⃗µt)/x]m( ˙⃗µt ′ )) ≡ m([ ˙⃗µt/x] ˙⃗µt ′ ) ≡ m( ˙⃗µ([t ′ /x]t)). The
last two equalities are by lemma 44, lemma 43.
Step Case:
Γ, ˙⃗µ ⊢ t → β t ′
Γ, ˙⃗µ ⊢ λx.t → β λx.t ′
Γ ⊢ m( ˙⃗µ(λx.t)) ≡ λx.m( ˙⃗µt)
Step Case:
Γ, ˙⃗µ, ˜µ ⊢ t → β t ′
Γ, ˙⃗µ ⊢ µt → β µt ′
IH
→ βµ λx.m( ˙⃗µt ′ ) ≡ m( ˙⃗µ(λx.t ′ )).
We want to show Γ ⊢ m( ˙⃗µµt) → βµ m( ˙⃗µµt ′ ). This is directly by
IH.
All the other cases are similar.
Lemma 43.
m(⃗µ⃗µt) ≡ m(⃗µt) and m(⃗µ([t 2/x]t 1)) ≡ m([⃗µt 2/x]⃗µt 1)

Proof. We can prove this using the same method as lemma 41,
namely, identify t and then proceed by inducton.
Lemma 44. m(m(t)) ≡ m(t) and m([m(t 1)/y]m(t 2)) ≡
m([t 1/y]t 2).
Proof. The first equality is by lemma 45 and lemma 41. For the
second equality, we prove it using similar method as lemma 41: We
identify t 2 as ˙−→ µ 1t ′ 2, where t ′ 2 does not contains any closure at head
position. We proceed by induction on the structure of t ′ 2:
Base Cases: t ′ 2 = ∗, obvious. For t ′ 2 = x, we use m(m(t)) ≡
m(t).
Step Cases: If t ′ 2 = λx.t ′′
2 , then m( µ ˙−→ 1(λx.[t 1/y]t ′′
2 )) ≡
λx.m( µ ˙−→ 1([t 1/y]t ′′
2 )) ≡ λx.m( µ ˙−→ 1µ2([t ˙−→ 1/y]t ′′′
2 )), where t ′′
2 is identified
as µ ˙−→ 2t ′′′
2 , and t ′′′
2 does not have any closure at head position.
Since t ′′′
2 is structurally smaller than λx.t ′′
2 , by IH,
m( µ ˙−→ 1µ2([t ˙−→ 1/y]t ′′′
2 )) ≡ m([t 1/y]( µ ˙−→ 1µ2t ˙−→ ′′′
2 )) ≡
m([m(t 1)/y]m( µ ˙−→ 1µ2t ˙−→ ′′′
2 )).
Thus λx.m( µ ˙−→ 1µ2([t ˙−→ 1/y]t ′′′
2 )) ≡ λx.m([m(t 1)/y]m( µ ˙−→ 1µ2t ˙−→ ′′′
2 )),
implying m([t 1/y] µ ˙−→ 1(λx.t ′′
2 )) ≡ m([m(t 1)/y]m(λx. µ ˙−→ 1t ′′
2 )).
Since m([m(t 1)/y]m(λx. µ ˙−→ 1t ′′
2 )) ≡ m([m(t 1)/y]m( µ ˙−→ 1(λx.t ′′
2 ))),
we conclude m([m(t 1)/y]m( µ ˙−→ 1(λx.t ′′
2 ))) ≡ m([t 1/y] µ ˙−→ 1(λx.t ′′
2 )).
For t ′ 2 = t at b , t ′ 2 = ιx.t ′′
2 , t ′ 2 = Πx : t a.t b , we can argue
similarly as above.
Lemma 45. If n ∈ Φ, then m(n) ≡ n.
Proof. By induction on the structure of n.
Definition 46 (β Reduction on µ-normal Forms).
Γ ⊢ n → β t
Γ ⊢ n → βµ m(t)
Note: From this definition we can conclude:
Γ ⊢ n → βµ n ′
Γ ⊢ λx.n → βµ λx.n ′ Γ ⊢ n ′ → βµ n ′′
Γ ⊢ nn ′ → βµ nn ′′
Γ ⊢ n ′ → βµ n ′′
Γ ⊢ n → βµ n ′′
Γ ⊢ Πx : n.n ′ → βµ Πx : n.n ′′ Γ ⊢ nn ′ → βµ n ′′ n ′
Γ ⊢ n → βµ n ′′
Γ ⊢ n → βµ n ′
Γ ⊢ Πx : n.n ′ → βµ Πx : n ′′ .n ′ Γ ⊢ ιx.n → βµ ιx.n ′
The first rule follows because: Assume Γ ⊢ n → βµ n ′ , say
m(t) ≡ n ′ and Γ ⊢ n → β t. Then Γ ⊢ λx.n → β λx.t and
m(λx.t) ≡ λx.m(t) ≡ λx.n ′ . The others follow similarly.
Lemma 47. If Γ ⊢ n 1 → βµ n ′ 1, then Γ ⊢ m([n 2/x]n 1) → βµ
m([n 2/x]n ′ 1).
Proof. By induction on derivation of Γ ⊢ n 1 → β t 1, where
m(t 1) ≡ n ′ 1. We will list a few nontrivial cases. Note that the we
use lemma 44 implicitly.
Base Case:
(y ↦→ t 1) ∈ Γ
Γ ⊢ y → β t 1
In this case n 1 = y. By locality, we have Γ ⊢ m([n 2/x]y) ≡
y → βµ m(t 1) ≡ m([n 2/x]t 1).
Base Case:
Γ ⊢ (λy.n)n ′ → β [n ′ /y]n
n 1 = (λy.n)n ′ . So Γ ⊢ m([n 2/x]((λy.n)n ′ ))
≡ m((λy.[n 2/x]n)[n 2/x]n ′ ) ≡ (λy.m([n 2/x]n))m([n 2/x]n ′ ) → βµ
m([m([n 2/x]n ′ )/y]m([n 2/x]n)) ≡ m([[n 2/x]n ′ /y]([n 2/x]n)) ≡
m([n 2/x]([n ′ /y]n)).
Base Case:
(x i ↦→ t i) ∈ µ
Γ ⊢ µx i → β µt i
n 1 = µx i. By locality, Γ ⊢ m([n 2/x]µx i) ≡ µx i → βµ
m(µt i) ≡ m([n 2/x](µt i)).
Step Case:
Γ ⊢ n → β t ′
Γ ⊢ λy.n → β λy.t ′
n 1 = λy.n. By IH, we have Γ ⊢ m([n 2/x]n) → βµ m([n 2/x]t ′ ).
So Γ ⊢ m(λy.[n 2/x]n) → βµ m(λy.[n 2/x]t ′ ).
Step Case:
Γ, ˜µ ⊢ t → β t ′
Γ ⊢ µt → β µt ′
This case will not arise since n 1 is already in µ normal form.
The other cases are similar.
Lemma 48. If Γ ⊢ n 2 → βµ n ′ 2, then Γ ⊢ m([n 2/x]n 1)
m([n ′ 2/x]n 1).
Proof. By induction on n 1.
Definition 49 (Parallel Reductions).
(x ↦→ t) ∈ Γ
Γ ⊢ n ⇒ βµ n
(x i ↦→ t i ) ∈ µ
Γ ⊢ µx i ⇒ βµ m(µt i )
Γ ⊢ x ⇒ βµ m(t)
Γ ⊢ n 1 ⇒ βµ n ′ 1 Γ ⊢ n 2 ⇒ βµ n ′ 2
Γ ⊢ (λx.n 1 )n 2 ⇒ βµ m([n ′ 2 /x]n′ 1 )
Γ ⊢ n ⇒ βµ n ′ Γ ⊢ n ⇒ βµ n ′′ Γ ⊢ n ′ ⇒ βµ n ′′′
Γ ⊢ λx.n ⇒ βµ λx.n ′ Γ ⊢ nn ′ ⇒ βµ n ′′ n ′′′
Γ ⊢ n ⇒ βµ n ′ Γ ⊢ n ′ ⇒ βµ n ′′′ Γ ⊢ n ⇒ βµ n ′′
Γ ⊢ ιx.n ⇒ βµ ιx.n ′ Γ ⊢ Πx : n.n ′ ⇒ βµ Πx : n ′′ .n ′′′
Lemma 50. → βµ ⊆⇒ βµ ⊆→ ∗ βµ.
∗
→ βµ
Proof. For → βµ ⊆⇒ βµ , by induction on the derivation of Γ ⊢
n → β t, where Γ ⊢ n → βµ m(t).
For ⇒ βµ ⊆→ ∗ βµ, by induction on the derivation of Γ ⊢ n ⇒ βµ
n ′ . We show the case where(the other cases are obvious):
Γ ⊢ n 1 ⇒ βµ n ′ 1 Γ ⊢ n 2 ⇒ βµ n ′ 2
Γ ⊢ (λx.n 1)n 2 ⇒ βµ m([n ′ 2/x]n ′ 1)
By lemma 52, we know that Γ ⊢ m([n 2/x]n 1) ⇒ βµ m([n 2/x]n 1),
given Γ ⊢ n 1 ⇒ βµ n ′ 1, Γ ⊢ n 2 ⇒ βµ n ′ 2. Since → βµ ⊆⇒ βµ ,

we have: if Γ ⊢ n 1 → βµ n ′ 1, Γ ⊢ n 2 → βµ n ′ 2 , then Γ ⊢
m([n 2/x]n 1) → βµ m([n ′ 2/x]n ′ 1)(†). By IH, we have Γ ⊢
∗
n 1 → βµ n ′ ∗
1, Γ ⊢ n 2 → βµ n ′ 2. By lemma 47, lemma 48 and (†),
∗
we have Γ ⊢ (λx.n 1)n 2 → βµ m([n 2/x]n 1) → βµ m([n ′ 2/x]n ′ 1).
Lemma 51. If Γ ⊢ n 2 ⇒ βµ n ′ 2, then Γ ⊢ m([n 2/x]n 1) ⇒ βµ
m([n ′ 2/x]n 1).
Proof. By induction on the structure of n 1.
Base Cases: n 1 = x, n 1 = µx i, n 1 = ∗. Obvious.
Step Case: n 1 = λy.n. We have Γ ⊢ m(λy.[n 2/x]n) ≡
λy.m([n 2/x]n) ⇒ IH
βµ λy.m([n ′ 2/x]n) ≡ m(λy.[n ′ 2/x]n).
Step Case: n 1 = nn ′ . We have Γ ⊢ m([n 2/x]n[n 2/x]n ′ ) ≡
m([n 2/x]n)m([n 2/x]n ′ IH
) ⇒ βµ m([n ′ 2/x]n)m([n ′ 2/x]n ′ ) ≡
m([n ′ 2/x]n[n ′ 2/x]n).
Step Case: n 1 = ιx.n, Πx : n.n ′ . Similar as above.
Lemma 52. If Γ ⊢ n 1 ⇒ βµ n ′ 1 and Γ ⊢ n 2 ⇒ βµ n ′ 2, then
Γ ⊢ m([n 2/y]n 1) ⇒ βµ m([n ′ 2/y]n ′ 1).
Proof. We prove this by induction on the derivation of Γ
n 1 ⇒ βµ n ′ 1.
Base Case:
Γ ⊢ n ⇒ βµ n
By lemma 51.
Base Case:
x i ↦→ t i ∈ µ
Γ ⊢ µx i ⇒ βµ m(µt i)
Since y /∈ FV(µx i) and µ is local, m([n 2/y]µx i) ≡ m(µx i),
then m(µx 1) ≡ µx i ⇒ βµ m(µt i) ≡ m(m(µt i))(lemma 44).
Base Case:
(x ↦→ t) ∈ Γ
Γ ⊢ x ⇒ βµ m(t)
In this case, we assume x ≢ y, then we have m([n 2/y]x) ≡
m(x) ≡ x ⇒ βµ m(t) ≡ m(m(t)) ≡ m([n 2/y]m(t)).
Step Case:
Γ ⊢ n a ⇒ βµ n ′ a Γ ⊢ n b ⇒ βµ n ′ b
Γ ⊢ (λx.n a)n b ⇒ βµ m([n ′ a/x]n ′ b)
We have Γ ⊢ m((λx.[n 2/y]n a)[n 2/y]n b ) ≡
(λx.m([n 2/y]n a))m([n 2/y]n b ) ⇒ IH
βµ
m([m([n ′ 2/y]n ′ b)/x]m([n ′ 2/y]n ′ a)) ≡ m([n ′ 2/y]([n ′ b/x]n ′ a)).
The last equality is by lemma 44. Here we first apply induction
hypothesis to reduce, then apply ⇒ βµ .
Step Case:
⊢
Γ ⊢ n ⇒ βµ n ′
Γ ⊢ λx.n ⇒ βµ λx.n ′
We have Γ ⊢ m(λx.[n 2/y]n) ≡ λx.m([n 2/y]n)
λx.m([n ′ 2/y]n ′ ) ≡ m(λx.[n ′ 2/y]n ′ )
Step Case:
Γ ⊢ n a ⇒ βµ n ′ a
Γ ⊢ n b ⇒ βµ n ′ b
Γ ⊢ n an b ⇒ βµ n ′ an ′ b
IH
⇒ βµ
We have Γ ⊢ m([n 2/y]n a[n 2/y]n b ) ≡ m([n 2/y]n a)m([n 2/y]n b )
IH
⇒ βµ m([n ′ 2/y]n ′ a)m([n ′ 2/y]n ′ b) ≡ m([n ′ 2/y](n ′ an ′ b)).
The other cases are similar as above.
Lemma 53 (Diamond Property). If Γ ⊢ n ⇒ βµ n ′ and Γ ⊢
n ⇒ βµ n ′′ , then there exist n ′′′ such that Γ ⊢ n ′′ ⇒ βµ n ′′′ and
Γ ⊢ n ′ ⇒ βµ n ′′′ .
Proof. By induction on the derivation of Γ ⊢ n ⇒ βµ n ′ .
Base Case:
Γ ⊢ n ⇒ βµ n
Obvious.
Base Case:
(x ↦→ t) ∈ Γ
Γ ⊢ x ⇒ βµ m(t)
Obvious.
Base Case:
Γ ⊢ µx i ⇒ βµ m(µt i)
Obvious.
Step Case:
Γ ⊢ n 1 ⇒ βµ n ′ 1 Γ ⊢ n 2 ⇒ βµ n ′ 2
Γ ⊢ (λx.n 1)n 2 ⇒ βµ m([n ′ 2/x]n ′ 1)
Suppose Γ ⊢ (λx.n 1)n 2 ⇒ βµ (λx.n ′′
1 )n ′′
2 , where Γ ⊢ n 1 ⇒ βµ
n ′′
1 and Γ ⊢ n 2 ⇒ βµ n ′′
2 . By IH, there exist n ′′′
1 , n ′′′
2 such that
Γ ⊢ n ′′
1 ⇒ βµ n ′′′
1 and Γ ⊢ n ′ 1 ⇒ βµ n ′′′
1 and Γ ⊢ n ′ 2 ⇒ βµ n ′′′
2
and Γ ⊢ n ′ 2 ⇒ βµ n ′′′
2 . By lemma 52, Γ ⊢ m([n ′ 1/x]n ′ 2) ⇒ βµ
m([n ′′′
1 /x]n ′′′
2 ), also Γ ⊢ (λx.n ′′
1 )n ′′
2 ⇒ βµ m([n ′′′
1 /x]n ′′′
2 ).
Suppose Γ ⊢ (λx.n 1)n 2 ⇒ βµ m([n ′′
2 /x]n ′′
1 ), where Γ ⊢ n 1 ⇒ βµ
n ′′
1 and Γ ⊢ n 2 ⇒ βµ n ′′
2 . By IH, there exist n ′′′
1 , n ′′′
2 such that
Γ ⊢ n ′′
1 ⇒ βµ n ′′′
1 and Γ ⊢ n ′ 1 ⇒ βµ n ′′′
1 and Γ ⊢ n ′ 2 ⇒ βµ n ′′′
2
and Γ ⊢ n ′ 2 ⇒ βµ n ′′′
2 . By lemma 52, Γ ⊢ m([n ′ 1/x]n ′ 2) ⇒ βµ
m([n ′′′
1 /x]n ′′′
2 ) and Γ ⊢ m([n ′′
1 /x]n ′′
2 ) ⇒ βµ m([n ′′′
1 /x]n ′′′
2 ).
The other cases are either similar to the one above or easy.
Theorem 54. → β ∪ → µ is confluent.
Proof. We know by diamond property of ⇒ βµ , → βµ is confluent.
Since → µ is strongly normalizing and confluent, and by lemma

22 and Hardin’s interpretation lemma(lemma 17), we conclude
→ β ∪ → µ is confluent.
D. Proofs of Section 3.2
Lemma 55. Let → denote → β ∪ → µ, if Γ ⊢ t → t ′ , then
Γ ⊢ [t 1/x]t → [t 1/x]t ′ for any t 1.
Proof. Obvious.
Lemma 56. Let → denote → β ∪ → µ, then → commutes with → ι.
i.e. if Γ ⊢ t 1 → t 2 and Γ ⊢ t 1 → ι t 3, then there exist t 4 such that
Γ ⊢ t 2 → ι t 4 and Γ ⊢ t 3 → t 4.
Proof. Since Γ ⊢ t 1 → ι t 3, we know that t 1 ≡ ιx.t ′ and
t 3 ≡ [t/x]t ′ . We also have Γ ⊢ t 1 ≡ ιx.t ′ → t 2. By inversion,
we know that t 2 ≡ ιx.t ′′ with Γ ⊢ t ′ → t ′′ . By lemma 55,
we know that Γ ⊢ [t/x]t ′ → [t/x]t ′′ . Thus t 4 ≡ [t/x]t ′′ and
Γ ⊢ ιx.t ′′ → ι [t/x]t ′′ .
Theorem 57. → ∪ → ι is confluent.
Lemma 58. If Γ ⊢ t 1 → o t 2, then Γ ⊢ [t/x]t 1 → o [t/x]t 2.
Proof. By induction on derivaton.
Lemma 59. If Γ ⊢ t 1 → o t 2, then Γ ⊢ [t 1/x]t ↩→ o [t 2/x]t.
Proof. By induction on the structure of t.
Lemma 60. → o has diamond property, thus is confluent.
Proof. Straightforward induction.
Lemma 61. → o commutes with → ι.
Proof. Suppose Γ ⊢ ιx.t ′ → ι [t/x]t ′ and Γ ⊢ ιx.t ′ → o ιx.t ′′
with Γ ⊢ t ′ → o t ′′ . Then by lemma 58, we have Γ ⊢ [t/x]t ′ → o
[t/x]t ′′ . We also have Γ ⊢ ιx.t ′′ → ι [t/x]t ′′ .
Lemma 62. → o weak commutes with → β .
Proof. By induction on → o.
Case: Γ ⊢ µt → o t, where µ ∈ Γ.
If Γ ⊢ µx i → β µt i, where x i ↦→ t i ∈ µ, then Γ ⊢ µx i → o x i. So
we have Γ ⊢ µt i → o t i and Γ ⊢ x i → β t i since µ ∈ Γ.
If Γ ⊢ µt → β µt ′ , with Γ ⊢ t → β t ′ . So we have Γ ⊢ t → β t ′ and
Γ ⊢ µt ′ → o t ′ .
Case: Γ ⊢ (λx.t 1)t 2 → o (λx.t ′ 1)t 2, where Γ ⊢ t 1 → o t ′ 1.
Suppose Γ ⊢ (λx.t 1)t 2 → β [t 2/x]t 1. By lemma 58, we know that
Γ ⊢ [t 2/x]t 1 → o [t 2/x]t ′ 1. And we also have Γ ⊢ (λx.t ′ 1)t 2 → β
[t 2/x]t ′ 1.
Case: Γ ⊢ (λx.t 1)t 2 → o (λx.t 1)t ′ 2, where Γ ⊢ t 2 → o t ′ 2.
Suppose Γ ⊢ (λx.t 1)t 2 → β [t 2/x]t 1. By lemma 59, we know that
Γ ⊢ [t 2/x]t 1 ↩→ o [t ′ 2/x]t 1. And we also have Γ ⊢ (λx.t 1)t ′ 2 → β
[t ′ 2/x]t 1.
The other cases are by induction.
Lemma 63. → o weak commutes with → µ. i.e. if Γ ⊢ t → o t ′ and
Γ ⊢ t → µ t ′′ , then there exist a t 1 such that Γ ⊢ t ′′ → ∗ o t 1 and
Γ ⊢ t ′ ↩→ µ t 1.
Proof. By induction on Γ ⊢ t → o t ′ .
Case: Γ ⊢ µt → o t, where µ ∈ Γ.
Suppose Γ ⊢ µt → µ t with dom(µ)#FV(t). This case is obvious.
Suppose t ≡ λx.t 2 and Γ ⊢ µ(λx.t 2) → µ λx.µt 2. Then Γ ⊢
λx.t 2 ↩→ µ λx.t 2 and Γ ⊢ λx.µt 2 → o λx.t 2.
Suppose t ≡ t 2t 3 and Γ ⊢ µ(t 2t 3) → µ (µt 2)(µt 3). Then
Γ ⊢ t 2t 3 ↩→ µ t 2t 3 and Γ ⊢ (µt 2)(µt 3) → ∗ o t 2t 3.
For t ≡ ιx.t 2, Πx : t 2.t 3, we can argue similarly.
The other cases are by induction.
Theorem 64. → o ∪ → ι ∪ → β ∪ → µ is confluent.
E. Proofs of Section 3.3
Note: In this section we use t = β,µ,ι,o to mean the same thing as
= β,µ,ι,o , but with an emphasis on the subject t.
Lemma 65. If Γ ⊢ t 1 t = β,µ,ι,o t 2 and Γ ⊢ t : t 1 and Γ ⊢ t 2 : ∗,
then Γ ⊢ t : t 2.
Proof. By induction on length of Γ ⊢ t 1 t = β,µ,ι,o t 2.
Lemma 66. If Γ ⊢ t 1 = t β,µ,ι,o t 2 and Γ ⊢ t = t ′ , then
t
Γ ⊢ t ′
1 = β,µ,ι,o t 2.
Proof. By induction on length of Γ ⊢ t 1 t = β,µ,ι,o t 2.
Lemma 67. m(µ 1µ 2t) ≡ m(µ 2µ 1t), thus Γ ⊢ µ 1µ 2t = µ 2µ 1t.
Proof. Identify t as ˙⃗µt ′ , where t ′ does not have any closure at
head position. By induction on the structure of such t ′ . Also Γ ⊢
µ 1µ 2t = m(µ 1µ 2t) = m(µ 2µ 1t) = µ 2µ 1t.
Lemma 68. Γ ⊢ µ([t/x]t ′ ) = [µt/x]µt ′
Proof. Γ ⊢ µ([t/x]t ′ ) = m(µ([t/x]t ′ )) = m([µt/x]µt ′ ) =
[µt/x]µt ′ .
Lemma 69. If Γ, ˜µ ⊢ t ′ t = β,µ,ι,o t ′′ , then Γ ⊢ µt ′ µt
= β,µ,ι,o µt ′′
Proof. By induction on length of Γ, ˜µ ⊢ t ′ = t β,µ,ι,o t ′′ . We list a
few cases.
Case: Γ, ˜µ ⊢ t ′ =t ′′ .
We have Γ ⊢ µt ′ = µt ′′ .
Case: Γ, ˜µ ⊢ ιx.t ′ → ι[t/x]t ′ .
We know Γ ⊢ µιx.t ′ =ιx.µt ′ → ι[µt/x]µt ′ =µ[t/x]t ′ (the last
equality is by lemma 68).
Lemma 70 (Inversion I). If Γ ⊢ λx.t : t ′ , then Γ, x : t 1 ⊢ t : t 2
λx.t
and Γ ⊢ Πx : t 1.t 2 = β,µ,ι,o t ′ .
Proof. By induction on the derivation of Γ ⊢ λx.t : t ′ .
Lemma 71 (Inversion II). If Γ ⊢ t 1t 2 : t ′ , then Γ ⊢ t 1 : Πx : t ′ 1.t ′ 2
and Γ ⊢ t 2 : t ′ 1, Γ ⊢ [t 2/x]t ′ t 1 t 2
2 = β,µ,ι,o t ′ .

Lemma 72 (Inversion III). If Γ ⊢ ∗ : t, then Γ ⊢ ∗ ∗ = β,µ,ι,o t.
Lemma 73 (Inversion IV). If Γ ⊢ x : t ′ , then x : t ∈ Γ and
Γ ⊢ t x = β,µ,ι,o t ′ .
Lemma 74 (Inversion V). If Γ, ˜µ ⊢ x j : t ′ and x j ∈ dom(µ),
x j
then x j : a j ∈ µ and Γ, ˜µ ⊢ a j = β,µ,ι,o t ′ .
Lemma 75 (Inversion VI). If Γ ⊢ ⃗µt : t ′ and t does not have a
closure at head position, then Γ, ˜⃗µ ⊢ t : t ′′ ′′ ⃗µt
and Γ ⊢ ⃗µt = β,µ,ι,o
t ′ .
Lemma 76 (Inversion VII). If Γ ⊢ ιx.t : t ′ , then Γ, x : ιx.t ⊢ t : ∗
and Γ ⊢ ∗ ιx.t
= β,µ,ι,o t ′ .
Lemma 77 (Inversion VIII). If Γ ⊢ Πx : t 1.t 2 : t ′ , then Γ, x :
t 1 ⊢ t 2 : ∗ and Γ ⊢ t 1 : ∗ and Γ ⊢ ∗ Πx:t =
1.t 2
β,µ,ι,o t ′ .
Lemma 78. If Γ, ˜µ, y : b ⊢ t : a , then Γ, y : µb, ˜µ ⊢ t : a.
Proof. By induction on the derivation of Γ, ˜µ, y : µb ⊢ t : t ′′ .
Lemma 79 (Substitution). If Γ 1, x : t 1, Γ 2 ⊢ t : t 2 and Γ ⊢ t ′ : t 1,
then Γ 1, [t ′ /x]Γ 2 ⊢ [t ′ /x]t : [t ′ /x]t 2.
Proof. By induction on the derivation of Γ 1, x : t 1, Γ 2 ⊢ t : t 2 .
We will show a few nontrivial cases.
Case:
Γ, y : ιy.t ⊢ t : ∗
Γ ⊢ ιy.t : ∗
Let Γ = Γ 1, x : t 1, Γ 2. We want to show Γ 1, [t ′ /x]Γ 2 ⊢
ιy.[t ′ /x]t : ∗. By IH, we have Γ 1, [t ′ /x]Γ 2, y : ιy.[t ′ /x]t ⊢
[t ′ /x]t : ∗. So it is the case.
Case:
Γ ⊢ t : [t/y]t ′′
Γ ⊢ t : ιy.t ′′
Γ ⊢ ιy.t ′′ : ∗
Let Γ = Γ 1, x : t 1, Γ 2. We want to show Γ 1, [t ′ /x]Γ 2 ⊢
[t ′ /x]t : ιy.[t ′ /x]t ′′ . By IH, we have Γ 1, [t ′ /x]Γ 2 ⊢ [t ′ /x]t :
[[t ′ /x]t/y]([t ′ /x]t ′′ ). So it is the case.
Case:
Γ ⊢ t : ιy.t ′′
Γ ⊢ t : [t/y]t ′′
Let Γ = Γ 1, x : t 1, Γ 2. We want to show Γ 1, [t ′ /x]Γ 2 ⊢ [t ′ /x]t :
[[t ′ /x]t/y]([t ′ /x]t ′′ ). By IH, we have Γ 1, [t ′ /x]Γ 2 ⊢ [t ′ /x]t :
ιy.[t ′ /x]t ′′ . So it is the case.
Case:
Γ, ˜µ ⊢ t : t ′′ {Γ, ˜µ ⊢ t j : a j} (tj :a j )∈˜µ
Γ ⊢ µt : µt ′′
Let Γ = Γ 1, x : t 1, Γ 2. We want to show Γ 1, [t ′ /x]Γ 2 ⊢ µ[t ′ /x]t :
µ[t ′ /x]t ′′ . By IH, we have Γ 1, [t ′ /x]Γ 2, [t ′ /x]˜µ ⊢ [t ′ /x]t :
[t ′ /x]t ′′ and {Γ 1, [t ′ /x]Γ 2, [t ′ /x]˜µ ⊢ t j : [t ′ /x]a j} (tj :[t ′ /x]a j )∈[t ′ /x]˜µ.
Theorem 80 (Type Preservation). If Γ ⊢ wf and Γ ⊢ t t ′ and
Γ ⊢ t : a, then Γ ⊢ t ′ : a.
Mu
Proof. By induction on the derivation of Γ ⊢ t : a, We list a few
nontrivial cases.
Case:
Γ ⊢ ∗ : ∗
This case will not arise.
Case:
x : a ∈ Γ
Γ ⊢ x : a
If Γ ⊢ x t ′ , this means (x : a) ↦→ t ′ ∈ Γ and Γ ⊢ t ′ : a since
Γ ⊢ wf.
Case:
Γ ⊢ t : t 1 Γ ⊢ t 1
∼ = t2 Γ ⊢ t 2 : ∗
Γ ⊢ t : t 2
In this case Γ ⊢ t t ′ . By IH, Γ ⊢ t ′ : t 1. Since Γ ⊢ t 1
∼ = t2, we
have Γ ⊢ t ′ : t 2.
Case:
Γ ⊢ t : ιx.t ′′
Γ ⊢ t : [t/x]t ′′
In this case Γ ⊢ t t ′ . By IH, Γ ⊢ t ′ : ιx.t ′′ . Thus we have
Γ ⊢ t ′ : [t ′ /x]t ′′ . Since Γ ⊢ t ′ = t, we have Γ ⊢ t ′ : [t/x]t ′′ by
Conv rule.
Case:
Γ ⊢ t : [t/x]t ′′
Γ ⊢ t : ιx.t ′′
Γ ⊢ ιx.t ′′ : ∗
In this case Γ ⊢ t t ′ . By IH, Γ ⊢ t ′ : [t/x]t ′′ . Since
Γ ⊢ [t/x]t ′′ = [t ′ /x]t ′′ , we have Γ ⊢ t ′ : [t ′ /x]t ′′ .Thus we have
Γ ⊢ t ′ : ιx.t ′′ .
Case:
Γ ⊢ t ′ 1 : Πx : t ′′
1 .t ′′
2 Γ ⊢ t ′ 2 : t ′′
1
Γ ⊢ t ′ 1t ′ 2 : [t ′ 2/x]t ′′
2
Suppose Γ ⊢ (λx.t 1)v [v/x]t 1. Then we know Γ ⊢ (λx.t 1)v :
[v/x]t ′′
2 and Γ ⊢ λx.t 1 : Πx : t ′′
1 .t ′′
2 and Γ ⊢ v : t ′′
1 . By
inversion on Γ ⊢ λx.t 1 : Πx : t ′′
1 .t ′′
2 , we have Γ, x : a ⊢ t 1 : b
and Γ ⊢ Πx : a.b λx.t 1
= β,µ,ι,o Πx : t ′′
1 .t ′′
2 . By theorem 34,
we have Γ ⊢ a = β,µ,o t ′′
1 and Γ ⊢ b = β,µ,o t ′′
2 . So we have
Γ, x : a ⊢ t 1 : t ′′
2 and Γ ⊢ v : a. So by lemma 79, we have
Γ ⊢ [v/x]t 1 : [v/x]t ′′
2 , as required.
Suppose Γ ⊢ t 1t 2 t ′ 1t 2, where Γ ⊢ t 1 t ′ 1. We know
Γ ⊢ t 1t 2 : [t 2/x]t ′′
2 and Γ ⊢ t 1 : Πx : t ′′
1 .t ′′
2 and Γ ⊢ t 2 : t ′′
1 .
By IH, we know Γ ⊢ t ′ 1 : Πx : t ′′
1 .t ′′
2 . So Γ ⊢ t ′ 1t 2 : [t 2/x]t ′′
2 .
Suppose Γ ⊢ (λx.t 1)t 2 (λx.t 1)t ′ 2, where Γ ⊢ t 2 t ′ 2. We
know Γ ⊢ (λx.t 1)t 2 : [t 2/x]t ′′
2 and Γ ⊢ λx.t 1 : Πx : t ′′
1 .t ′′
2 and
Γ ⊢ t 2 : t ′′
1 . By IH, we know Γ ⊢ t ′ 2 : t ′′
1 . So Γ ⊢ (λx.t 1)t ′ 2 :
[t ′ 2/x]t ′′
2 . And we know Γ ⊢ [t 2/x]t ′′
2 = [t ′ 2/x]t ′′
2 .

Case:
Γ, ˜µ ⊢ t : t ′ {Γ, ˜µ ⊢ t j : a j} (tj :a j )∈˜µ
Γ ⊢ µt : µt ′
Suppose Γ ⊢ µx j µt j, where x j ↦→ t j ∈ µ. We have
Γ, ˜µ ⊢ x j : t ′ . By inversion, Γ, ˜µ ⊢ x j : a j and Γ, ˜µ ⊢
x j
= β,µ,ι,o t ′ . Since Γ, ˜µ ⊢ x j = t j and by lemma 66, we
a j
get Γ, ˜µ ⊢ a j
t j
= β,µ,ι,o t ′ . Since Γ, ˜µ ⊢ t j : a j, by lemma 65,
Γ, ˜µ ⊢ t j : t ′ . Thus we have Γ ⊢ µt j : µt ′ .
µ([t ′ 2/x]t ′′
2 ) µ(t′ 1 t′ 2
= )
β,µ,ι,o µt ′′ (lemma 69). By lemma 66, we have
(µt ′ 1 )(µt′ 2 )
Γ ⊢ [µt ′ 2/x]µt ′′
2 = β,µ,ι,o µt ′′ . So Γ ⊢ (µt ′ 1)(µt ′ 2) :
[µt ′ 2/x]µt ′′
2 and then Γ ⊢ (µt ′ 1)(µt ′ 2) : µt ′′ (lemma 65).
Suppose Γ ⊢ µ⃗µ(t ′ 1t ′ 2) (µ⃗µt ′ 1)(µ⃗µt ′ 2), we argue similar as the
case for Γ ⊢ µ⃗µλx.t λx.µ⃗µt.
Suppose Γ ⊢ µ⃗µx j µ⃗µt j, where x j ↦→ t j ∈ µ j. By inversion
on Γ, ˜µ ⊢ ⃗µx j : t ′ , we have Γ, ˜µ, ˜⃗µ ⊢ x j : t a and Γ, ˜µ ⊢
⃗µx j
⃗µt a = β,µ,ι,o t ′ . By inversion on Γ, ˜µ, ˜⃗µ ⊢ x j : t a, we have
Γ, ˜µ, ˜⃗µ ⊢ x j : b, where (x j : b) ∈ ˜µ ∪ ˜⃗µ and Γ, ˜µ, ˜⃗µ ⊢
b x j
= β,µ,ι,o t a. So Γ ⊢ µ⃗µb µ⃗µx j
µ⃗µx j
= β,µ,ι,o µ⃗µt a = β,µ,ι,o µt ′ .
Since Γ ⊢ µ⃗µt j : µ⃗µb and Γ ⊢ µ⃗µx j = µ⃗µt j, so Γ ⊢ µ⃗µt j : µt ′ .
Suppose Γ ⊢ µ∗ ∗. We have Γ, ˜µ ⊢ ∗ : t ′′ . We have
Γ, ˜µ ⊢ ∗ = ∗ β,µ,ι,o t ′′ (by inversion). Thus we have Γ ⊢ µ∗ µ∗
= β,µ,ι,o
µt ′′ (lemma 69). We also know that Γ ⊢ ∗ : ∗ and Γ ⊢ µ∗ = ∗.
So we have Γ ⊢ ∗ µ∗
= β,µ,ι,o µt ′′ . Thus Γ ⊢ ∗ = ∗ β,µ,ι,o µt ′′ . So
Γ ⊢ ∗ : µt ′′ (lemma 65).
Suppose Γ ⊢ µ⃗µ∗ ∗. We argue similarly.
Suppose Γ ⊢ µx x, where x /∈ dom(µ). We have Γ, ˜µ ⊢ x : t ′′ .
We have Γ, ˜µ ⊢ a = x β,µ,ι,o t ′′ , where x : a ∈ Γ(by inversion).
Thus we have Γ ⊢ µa µx
= β,µ,ι,o µt ′′ (lemma 69). We also know
that Γ ⊢ x : a and Γ ⊢ µx = x and Γ ⊢ µa = a. Thus
Γ ⊢ a = x β,µ,ι,o µt ′′ . So Γ ⊢ x : µt ′′ (lemma 65).
Suppose Γ ⊢ µ⃗µx x, where x /∈ dom(µ) ∪ dom(⃗µ). By
inversion on Γ, ˜µ ⊢ ⃗µx : t ′ , we have Γ, ˜µ, ˜⃗µ ⊢ x : t a, where
⃗µx
Γ, ˜µ ⊢ ⃗µt a =β,µ,ι,o t ′ . By inversion on Γ, ˜µ, ˜⃗µ ⊢ x : t a, we have
x : b ∈ Γ and Γ, ˜µ, ˜⃗µ ⊢ b = x β,µ,ι,o t a. So Γ, µ ⊢ ⃗µb ⃗µx
= β,µ,ι,o
⃗µx
⃗µt a =β,µ,ι,o t ′ . So Γ ⊢ b = x β,µ,ι,o µt ′ . Thus Γ ⊢ x : µt ′ .
Suppose Γ ⊢ µλx.t λx.µt. We have Γ, ˜µ ⊢ λx.t : t ′′ and
Γ, ˜µ, x : t ′′
1 ⊢ t : t ′′
2 and Γ, ˜µ ⊢ Πx : t ′′
1 .t ′′ λx.t
2 = β,µ,ι,o t ′′ (by
inversion). Thus we have Γ, x : µt ′′
1 ⊢ µt : µt ′′
2 (lemma 78) and
Γ ⊢ µ(Πx : t ′′
1 .t ′′
2 ) µλx.t
= β,µ,ι,o µt ′′ (lemma 69). By lemma 66,
Γ ⊢ (Πx : µt ′′
1 .µt ′′
2 ) λx.µt
= β,µ,ι,o µt ′′ . Also, Γ ⊢ λx.µt : Πx :
(µt ′′
1 ).(µt ′′
2 ). So by lemma 65, Γ ⊢ λx.µt : µt ′′ .
Suppose Γ ⊢ µ⃗µλx.t λx.µ⃗µt. By inversion on Γ, ˜µ ⊢
⃗µ(λx.t) : t ′ , we have Γ, ˜µ, ˜⃗µ ⊢ λx.t : t a, where Γ, ˜µ ⊢
⃗µ(λx.t)
⃗µt a = β,µ,ι,o t ′ . By inversion on Γ, ˜µ, ˜⃗µ ⊢ λx.t : t a, then we
have Γ, ˜µ, ˜⃗µ, x : t ′′
1 ⊢ t : t ′′
2 and Γ, ˜µ, ˜⃗µ ⊢ Πx : t ′′
1 .t ′′
2
t a. So Γ, ˜µ ⊢ Πx : ⃗µt ′′
1 .⃗µt ′′ ⃗µ(λx.t)
⃗µ(λx.t)
2 = β,µ,ι,o ⃗µt a
µ⃗µ(λx.t)
λx.t
= β,µ,ι,o
= β,µ,ι,o t ′ .
Thus Γ ⊢ Πx : µ⃗µt ′′
1 .µ⃗µt ′′
2 = β,µ,ι,o µt ′ . Since Γ ⊢
λx.µ⃗µt : Πx : µ⃗µt ′′
1 .µ⃗µt ′′
2 , we have Γ ⊢ λx.µ⃗µt : µt ′ .
Suppose Γ ⊢ µ(t ′ 1t ′ 2) (µt ′ 1)(µt ′ 2). We have Γ, ˜µ ⊢ t ′ 1t ′ 2 :
t ′′ . We have Γ, ˜µ ⊢ t ′ 1 : Πx : t ′′
1 .t ′′
2 and Γ, ˜µ ⊢ t ′ 2 : t ′′
1
t ′ 1 t′ 2
and Γ, ˜µ ⊢ [t ′ 2/x]t ′′
2 = β,µ,ι,o t ′′ (by inversion). Thus we have
Γ ⊢ µt ′ 1 : µ(Πx : t ′′
1 .t ′′
2 ) and Γ ⊢ µt ′ 2 : µt ′′
1 and Γ ⊢