Justifying Algorithms for βη-Conversion

Healfdene Goguen

AT&T Labs, 180 Park Ave., Florham Park NJ 07932 USA. hhg@att.com.

Abstract. Deciding the typing judgement of type theories with depen-

dent types such as the Logical Framework relies on deciding the equality
judgement for the same theory. Implementing the conversion algorithm
for βη-equality and justifying this algorithm is therefore an important
problem for applications such as proof assistants and modules systems.
This article gives a proof of decidability, correctness and completeness
of the conversion algorithms for βη-equality defined by Coquand [3] and
Harper and Pfenning [8] for the Logical Framework, relying on estab-
lished metatheoretic results for the type theory. Proofs are also given of
the same properties for a typed algorithm for conversion for System F,
a new result.

1 Introduction

In this article we study the decidability of algorithms for βη-conversion for type
theories. We consider two algorithms for the Logical Framework not immediately
modeled by reduction to a common βη-normal form: Coquand’s untyped algo-
rithm relating syntactically distinct β-weak-head normal forms [3], and Harper
and Pfenning’s type-based algorithm [8]. We demonstrate that these algorithms
can be shown correct, complete and decidable based on standard metatheoretic
properties of type theory, such as strong normalization of βη-reduction, subject
reduction, injectivity of the type constructor Π, and so on. We then apply the
same technique to the polymorphic λ-calculus System F.
The focus of many existing developments of the metatheory of type theories
with βη-equality has been on decidability of typechecking, without concern for
algorithms for conversion. The fact that the standard metatheory is sufficient
to justify the decidability of algorithms has never been demonstrated as far
as we are aware, even for Coquand’s simple syntactic algorithm. With Harper
and Pfenning’s definition of a more complex algorithm for equality based on type
information, it has become more important to show that the traditional approach
to the metatheory of type theories, justifying termination and Church–Rosser
for the reduction relation, can be used to show decidability for algorithms that
are more complex than the simple comparison of normal forms.
We believe that it may be more efficient and uniform to justify algorithms for
βη-conversion through the traditional approach to metatheory than by study-
ing the algorithm directly. As an example, our proof of the termination of the
algorithm for the Logical Framework only requires a single logical relation, as
opposed to the two logical relations used in [11]. Similarly, Harper and Pfen-
ning’s approach has not been extended to systems with polymorphism, whereas
we are able to adapt our proof straightforwardly to System F. Any approach to
the metatheory of type theory with βη-equality is sufficient, and several meth-
ods already exist. Geuvers [4], Goguen [6, 7] and Salvesen [9] all have different
approaches to the difficulties presented by η.
The key to all three proofs of decidability is a simple length measure |−|
on normal forms of terms, where the value of the measure for an abstraction
in normal form, |λx:A.M |, is greater than the value of the measure for an ap-
plication to a variable in normal form, |M (x)|. In Coquand’s algorithm, an ab-
straction λx:A.M and a weak-head normal term y(N1 . . . Nn ) are related if M
and y(N1 . . . Nn , x) are related; by our measure, the combined length of the con-
clusion, |λx:A.M | + |y(N1 . . . Nn )|, is greater than the combined length of the
premisses, |M | + |y(N1 . . . Nn , x)|. This same idea can be translated to Harper
and Pfenning’s type-directed algorithm for conversion.
The remainder of this paper is structured as follows. Section 2 introduces the
syntax and standard metatheory for the Logical Framework. Section 3 justifies
Coquand’s algorithm using the standard metatheory. Section 4 justifies Harper
and Pfenning’s algorithm using a similar approach. Section 5 presents a type-
directed algorithm for conversion for System F and justifies this algorithm. We
draw conclusions and discuss future work in Section 6.

2 The Logical Framework

In this section we give our presentation of the Logical Framework. Although
our system includes dependent types, we do not refer to this as the Edinburgh
Logical Framework or the Martin-Löf Logical Framework, because for simplicity
our presentation does not include higher-order kinds and hence does not formally
correspond to either system. Otherwise, our system is largely similar to Harper
and Pfenning’s, but we use a term structure inspired by PTS-style presentations
of type theories [2] to take advantage of the similarity of rules in the algorithm.

2.1 Syntax
We assume an infinite collection of variables x, y, z ∈ V . The language of terms
and contexts is defined by the following grammar.
Γ ∈ C ::= () | Γ, x:A
s ∈ S ::= type | kind
M, N, P, A, B ∈ T ::= s | x | λx:A.M | M (N ) | Πx:A.B
We say a term is basic if it is a variable x or a sort s, and a term is canonical
if it is of the form λx:A.M or Πx:A1 .A2 . Substitution, [N/x]M , is defined as
usual for terms, with the obvious extension to contexts. We identify terms and
contexts up to α-equivalence, and write FV(M ) for the free variables in M . Let
Γ = x1 :A1 , . . . , xn :An ; then dom(Γ ) ≡ {x1 , . . . , xn }, and Γ (x) is the partial
function that returns Ai if x = xi for some 1 ≤ i ≤ n.
2.2 Judgements and Derivations

Our presentation of the Logical Framework has judgements Γ ` M : A and

Γ ` M = N : A. We write Γ ` M, N : A for Γ ` M : A and Γ ` N : A,
and Γ ` J to denote either judgement. The rules of inference for typing are
given in Figure 1; the rules of inference for the equality judgement are the evi-
dent typed compatible closure and least equivalence relation containing the rules
β and Ext.

Γ ` A : type
(type) () ` type : kind (Weak) (x:A 6∈ Γ )
Γ, x:A ` type : kind
Γ ` type : kind
(Var) (x:A ∈ Γ )
Γ `x:A
Γ ` A1 : type Γ, x:A1 ` A2 : s
(Π) (s ∈ {type, kind})
Γ ` Πx:A1 .A2 : s
Γ, x:A1 ` M : A2 Γ ` M1 : Πx:A1 .A2 Γ ` M2 : A1
(λ) (App)
Γ ` λx:A1 .M : Πx:A1 .A2 Γ ` M1 (M2 ) : [M2 /x]A2
Γ `M :A Γ `A=B:s
(Eq)
Γ `M :B

Fig. 1. Typing for the Logical Framework

Γ ` λx:A1 .M : Πx:A1 .A2 Γ ` M2 : A1

(β)
Γ ` (λx:A1 .M )(M2 ) = [M2 /x]M : [M2 /x]A2
Γ, x:A1 ` M (x) = N (x) : A2 Γ ` M, N : Πx:A1 .A2
(Ext)
Γ ` M = N : Πx:A1 .A2

2.3 Untyped Reduction

We define reduction M →βη N as the compatible closure of rules β and η:

(λx:A.M )(N ) β [N/x]M

λx:A.(M (x)) η M (x 6∈ FV(M ))

Weak-head reduction →w is defined by the following rules:

M →w P
(β) (λx:A.M )(N ) →w [N/x]M (App)
M (N ) →w P (N )

Definition 1 (Normal Forms and Weak-Head Normal Forms). The β-

normal forms are defined inductively as follows: basic terms s and x are normal;
abstractions λx:A.M are normal if A and M are normal; products Πx:A1 .A2
are normal if A1 and A2 are normal; and applications M1 (M2 ) are normal if
M1 and M2 are normal and M1 is not an abstraction.
 The weak-head normal forms are presented inductively as follows: basic terms
s and x are weak-head normal; canonical terms λx:A.M and Πx:A1 .A2 are weak-
head normal; and applications M1 (M2 ) are weak-head normal if M1 is weak-head
normal and not an abstraction.
We write M nf for the β-normal form of M and M wnf for the weak-head
normal form of M .

The following definitions apply to reduction relations →β , →βη and →w : we

write  for the reflexive, transitive closure of →, M pN if M  N and N is
normal, and M ↓ N if there is a P such that M  P and N  P .

Lemma 1.
– If M is normal then there is no N such that M →β N .
– If M is weak-head normal then there is no N such that M →w N .
– Any term M is either weak-head normal or there is an N such that M →w N .

2.4 Properties of the Logical Framework

We assume all of the standard properties of the Logical Framework: as we men-
tioned in the introduction, any approach to proving them is acceptable for the
purposes of this article. We state the properties needed here for reference.

Proposition 1 (Generation). Every derivation of a term is an application of

the unique rule of inference for that term followed by a sequence of uses of Eq.

For example, suppose Γ ` λx:A1 .M0 : A; then Γ, x:A1 ` M0 : A2 and

Γ ` Πx:A1 .A2 = A : s for some A2 and s.

Proposition 2.
1. Free Variables. If Γ ` M : A then FV(M ) ∪ FV(A) ⊆ dom(Γ ).
2. Context Validity. If Γ ` J then Γ ` type : kind.
3. Thinning. If Γ, Γ 0 ` J, x 6∈ dom(Γ, Γ 0 ) and Γ ` A : type then Γ, x:A, Γ 0 ` J.
4. Substitution. If Γ, x:A, Γ 0 ` J and Γ ` N : A then Γ, [N/x]Γ 0 ` [N/x]J.
5. Type Correctness. If Γ ` M : A then Γ ` A : s for some s.
6. Splitting. If Γ ` M = N : A then Γ ` M, N : A.
7. Uniqueness of Types. If Γ ` M : A and Γ ` M : B then Γ ` A = B : s or
A = s and B = s for some s.
8. Context Replacement. Γ, x:A, Γ 0 ` J and Γ ` A = B : s imply Γ, x:B, Γ 0 ` J.
9. Church–Rosser. If Γ ` M = N : A then M ↓βη N .
10. Injectivity of Π. If Γ ` Πx:A.B = Πx:C.D : s then Γ ` A = C : type and
Γ, x:A ` B = D : s.
11. Subject Reduction. If Γ ` M : A and M →βη N then Γ ` M = N : A.
12. Strong Normalization. Γ ` M : A implies M is strongly normalizing under
→βη .
13. Strengthening. If Γ, x:A, Γ 0 ` J and x 6∈ FV(Γ 0 ) ∪ FV(J) then Γ, Γ 0 ` J.
Lemma 2. If Γ ` M : A, Γ ` N : B and M ↓βη N then there is an s such that
Γ ` M = N : A and Γ ` A = B : s.

Proof. By Subject Reduction, Splitting, Uniqueness of Types and equational

reasoning.

We also observe without proof that Ext is equivalent to the following rule:
Γ ` M : Πx:A1 .A2
(η)
Γ ` λx:A1 .M (x) = M : Πx:A1 .A2

3 Termination of Coquand’s Algorithm

In this section we study properties of Coquand’s algorithm, adapted to our
presentation of the Logical Framework. This algorithm is based only on the
syntax of the terms being compared, and contains no type information.

3.1 Definition
Coquand’s algorithm is defined inductively by the inference rules in Figure 2.
The algorithm M ⇐⇒ N simply reduces its arguments M and N to weak-head
normal form. The algorithm M ←→ N compares terms in weak-head normal
form: the interesting cases are the non-structural rules λ-Left and λ-Right, where
the left- or right-hand side is an abstraction and two terms are equivalent after
an application of Ext.

P ←→ Q
(WHRed) (M pw P and N pw Q)
M ⇐⇒ N
(Var) x ←→ x (type) type ←→ type
A1 ⇐⇒ B1 A2 ⇐⇒ B2
(Π)
Πx:A1 .A2 ←→ Πx:B1 .B2
M1 ←→ N1 M2 ⇐⇒ N2
(App) (M1 and N1 weak-head normal and not canonical)
M1 (M2 ) ←→ N1 (N2 )
M ⇐⇒ N
(λ)
λx:A.M ←→ λx:B.N
M ⇐⇒ N (x)
(λ-Left) (N weak-head normal and not canonical)
λx:A.M ←→ N
M (x) ⇐⇒ N
(λ-Right) (M weak-head normal and not canonical)
M ←→ λx:B.N

Fig. 2. Untyped Algorithm for Conversion for the Logical Framework

We assume implicitly that an implementation of the algorithm will examine

combinations of terms and evaluate the premisses given by the inference rules
recursively. Axioms in the inference rules will return true, while combinations
that do not appear in the inference rules will return false. Hence, the inference
rules of the algorithm give us both an inductively defined relation and an algo-
rithm yielding either true or false; clearly, the algorithm yields true iff there is a
derivation using the inference rules.
Furthermore, observe that the inference rules are syntax-directed, meaning
that at most one rule will apply for any pair of terms. This fact is used implicitly
in the proofs below.

3.2 Termination and Completeness of Coquand’s Algorithm

We now show that Coquand’s algorithm terminates.
We begin by defining a measure where λ-abstractions λx:A.M are larger than
applications to a variable M (x). We use this measure as the base of the induction
to show termination of the algorithm.

Definition 2. Define the length of a normal term M recursively on its structure:

|s| ≡ 1 |Πx:A1 .A2 | ≡ |A1 | + |A2 | + 1 |M (N )| ≡ |M | + |N | + 1

|x| ≡ 1 |λx:A.M | ≡ |M | + 3

Lemma 3 (Termination). If M and N are β-normalizing then M ⇐⇒ N

terminates.

Proof. By nested induction on the sum of |M nf | and |N nf | and the sum of the
lengths of the β-reduction sequences for M and N .
By Lemma 1 Case 1 M and N are weak-head normal or have weak-head
reducts. If M or N has a weak-head reduct, then by WHRed M ⇐⇒ N ter-
minates if M wnf ←→ N wnf terminates, where the latter follows by the induc-
tion hypothesis for reduction; M ⇐⇒ N terminates with the same result as
M wnf ←→ N wnf . Otherwise, M and N are in weak-head normal form. We
perform case analysis on M and N to show that M ←→ N terminates; then
M ⇐⇒ N terminates with the same result. We consider several cases:
– M is basic and N is an application. Then M ←→ N terminates in failure.
– M ≡ M1 (M2 ) and N ≡ N1 (N2 ). If M and N are weak-head normal then
M1 and N1 must be weak-head normal and not abstractions. If M1 or N1
is a product then it is canonical, so M1 (M2 ) ←→ N1 (N2 ) fails immedi-
ately. Otherwise, M nf ≡ M1nf (M2nf ) and N nf ≡ N1nf (N2nf ), so by induction
hypothesis M1 ←→ N1 and M2 ⇐⇒ N2 terminate. If both succeed then
M ←→ N succeeds, and otherwise it fails.
– M ≡ λx:A1 .M0 and N is not canonical. Only rule λ-Left applies, and so
λx:A1 .M0 ←→ N terminates if M0 ⇐⇒ N (x) terminates. Clearly M nf ≡
λx:Anf nf
1 .M0 and (N (x))
nf
≡ N nf (x), and |λx:Anf nf nf nf
1 .M0 | + |N | = |M0 | +
3+|N nf | > |M0nf |+|N nf |+2 = |M0nf |+|N nf (x)|, so M0 ⇐⇒ N (x) terminates
by induction hypothesis; if this succeeds then λx:A1 .M0 ←→ N succeeds,
and otherwise it fails.
– M ≡ λx:A1 .M0 and N ≡ Πy:B1 .B2 . Then M ←→ N fails immediately.
Lemma 4 (Completeness). If Γ ` M = N : A then M ⇐⇒ N .
Proof. By Church–Rosser and Splitting it suffices to show that if M ↓βη N and
Γ ` M : A and Γ ` N : B then M ⇐⇒ N , which we show using the same
induction principle as for Lemma 3. As in that lemma, we can distinguish two
cases, depending on whether M and N are both weak-head normal. If either is
not, then by Church–Rosser if M ↓βη N then M wnf ↓βη N wnf , since M and N
are well-typed, and by Subject Reduction Γ ` M wnf : A and Γ ` N wnf : B.
Therefore M wnf ⇐⇒ N wnf follows by the induction hypothesis on reduction
sequences, so M wnf ←→ N wnf by inversion, and so M ⇐⇒ N by WHRed. We
now consider the cases where M and N are in weak-head normal form: we show
that if M ↓βη N then M ←→ N , from which M ⇐⇒ N . We consider several
cases where M and N are in weak-head normal form.
– M and N are basic. If x ↓βη y then x = y, so x ←→ y. type ←→ type.
– M is basic and N is an application. x ↓βη N1 (N2 ) and type ↓βη N1 (N2 ) are
impossible.
– M ≡ λx:A1 .M0 and N not canonical. Let λx:A1 .M0 ↓βη N , Γ ` λx:A1 .M0 :
A and Γ ` N : B. Then M0 pM00 (x) with x 6∈ FV(M00 ), and N pM00 ;
hence M0 ↓βη N (x), since N is weak-head normal and not canonical. By
Generation Γ, x:A1 ` M0 : A2 and Γ ` Πx:A1 .A2 = A : s; by Splitting
Γ ` Πx:A1 .A2 : s, and by Generation Γ ` A1 : type. Then by Lemma 2
Γ ` A = B : s, so Γ ` N : Πx:A1 .A2 ; by Thinning Γ, x:A1 ` N : Πx :
A1 .A2 and by App Γ, x:A1 ` N (x) : A2 . Therefore, by induction hypothesis
M0 ⇐⇒ N (x) implies λx:A1 .M0 ←→ N .
– M ≡ λx:A1 .M0 and N ≡ Πy:B1 .B2 . Suppose λx:A1 .M0 ↓βη Πy:B1 .B2 ,
Γ ` λx:A1 .M0 : A and Γ ` Πy:B1 .B2 : B. Then Γ ` λx:A1 .M0 : Πx:A1 .A2
and Γ ` Πy:B1 .B2 : s by Generation. By Lemma 2 Γ ` Πx:A1 .A2 = s : s0 ,
and by Church–Rosser Πx:A1 .A2 ↓βη s, which is impossible.

3.3 Correctness of the Algorithm

Our proof of correctness of Coquand’s algorithm is similar to his original proof,
but we restate the proof because we rely on the metatheory of βη-reduction
rather than his logical relation over the algorithm.
Lemma 5 (Correctness).
– If Γ ` M, N : A and M ⇐⇒ N then Γ ` M = N : A.
– If M ←→ N , Γ ` M : A, Γ ` N : B and M and N are not canonical then
Γ ` M = N : A and Γ ` A = B : s. If M ←→ N and Γ ` M, N : A then
Γ ` M = N : A.
Proof. By induction on the derivations of M ⇐⇒ N and M ←→ N . We consider
several cases:
– WHRed. By Subject Reduction Γ ` M = P : A and Γ ` N = Q : A, by
Splitting Γ ` P, Q : A, and by induction hypothesis Γ ` P = Q : A, so
Γ ` M = N : A by Symmetry and Transitivity.
 – Π. By Generation Γ ` A1 , B1 : type, Γ, x:A1 ` A2 : s and Γ, x:B1 ` B2 : s;
by induction hypothesis Γ ` A1 = B1 : type, so by Context Replacement
Γ, x:A1 ` B2 : s. By induction hypothesis again Γ, x:A1 ` A2 = B2 : s.
– λ-Left. By assumption Γ ` λx:A1 .M0 : C, Γ ` N : C and M0 ←→ N (x).
By Generation Γ, x:A1 ` M0 : A2 and Γ ` Πx:A1 .A2 = C : s. Therefore
Γ ` N : Πx:A1 .A2 by Sym and Eq and Γ, x:A1 ` N (x) : A2 by Weakening
and App, and so by induction hypothesis Γ, x:A1 ` M0 = N (x) : A2 . Hence
Γ ` λx:A1 .M0 = N : Πx:A1 .A2 = C by Ext.

4 Termination of Harper and Pfenning’s Algorithm

Since it relies purely on the structure of terms, Coquand’s algorithm cannot be
used for type theories where equality may identify terms with different head
variables, such as the extensional equalities on the unit type or singleton types.
Such types can be important in applications, such as modules systems [1, 10],
and Harper and Pfenning introduce type information into their algorithm in
order to capture these types.
In this section we establish the decidability, completeness and correctness of
Harper and Pfenning’s algorithm for the Logical Framework.

4.1 Definition
We begin by defining a slight variant of Harper and Pfenning’s algorithm.
The algorithm relies on an erasure function from the dependent types and
kinds of the Logical Framework into simple types. We define our erasure into
simple types formed only with constructors o and τ1 → τ2 , where Harper and
Pfenning distinguish between sorts and constants in the Logical Framework; our
approach should allow different judgements to be handled uniformly as in PTS.
We use a single base type because we have used the same syntactic category for
types and kinds, and it is more uniform not to distinguish between the two in
the algorithm.
Formally, we define the simple types and contexts with the following BNF
grammar:
σ, τ ∈ S ::= o | σ → τ
∆ ∈ X ::= () | ∆, x:σ
The erasure is defined inductively on the structure of types and kinds in
weak-head normal form as follows:
type− ≡ o x− ≡ o (A(M ))− ≡ o
kind− ≡ o (λx:A.M )− ≡ o (Πx:A1 .A2 )− ≡ A− −
1 → A2

The definition extends in the obvious way to contexts. Erasure has the following
simple properties, shown by induction on derivations.

Lemma 6. If Γ ` A : s then ([N/x]A)− = A− . If Γ ` A = B : s then

A− = B − .
 The algorithm is defined inductively by the inference rules in Figure 3. Like
Coquand’s algorithm, this algorithm has a judgement ∆ ` M ⇐⇒ N : τ com-
paring arbitrary terms and a judgement ∆ ` M ←→ N : τ comparing weak-head
normal forms, but unlike Coquand’s algorithm weak-head normalization in ⇐⇒
is only performed at the base type, and terms at higher type are applied to
variables and compared in the result type.

∆ ` P ←→ Q : o
(Base) (M pw P and N pw Q)
∆ ` M ⇐⇒ N : o
∆, x:τ1 ` M (x) ⇐⇒ N (x) : τ2
(→) (x 6∈ dom(∆))
∆ ` M ⇐⇒ N : τ1 → τ2
(Var) ∆ ` x ←→ x : ∆(x) (type) ∆ ` type ←→ type : o
∆ ` A1 ⇐⇒ B1 : o ∆, x:A−
1 ` A2 ⇐⇒ B2 : o
(Π)
∆ ` Πx:A1 .A2 ←→ Πx:B1 .B2 : o
∆ ` M1 ←→ N1 : τ1 → τ2 ∆ ` M2 ⇐⇒ N2 : τ1
(App)
∆ ` M1 (M2 ) ←→ N1 (N2 ) : τ2

Fig. 3. Typed Algorithm for Conversion for the Logical Framework

We observe that, like Coquand’s algorithm, this algorithm is syntax-directed:

for ⇐⇒ the context and type are part of the input and the algorithm returns
true or false, and for ←→ the context is an input and the type is an output.

4.2 Termination and Completeness of the Algorithm

In this section we show the termination and completeness of Harper and Pfen-
ning’s type-directed algorithm for the Logical Framework.
For the following lemma, it is convenient to reason over traces of the algorithm
itself, rather than the inference rules of those terms successfully related by the
algorithm: we capture both success and failure of the implementation of the
algorithm simultaneously. To this end, we shall write ∆; M ; N ; τ ⇒ b, for b ∈
{tt, ff}, to denote a trace of the algorithm for ∆ ` M ⇐⇒ N : τ yielding b
as its result. Similarly, we shall write ∆; M ; N → v, with v ∈ S ∪ {⊥}, where
∆; M ; N → τ if ∆ ` M ←→ N : τ and ∆; M ; N → ⊥ if ∆ ` M ←→ N : τ fails.

Lemma 7.
– If ∆, ∆0 ; M ; N ; τ ⇒ b and x 6∈ dom(∆, ∆0 ) then ∆, x:σ, ∆0 ; M ; N ; τ ⇒ b.
– If ∆, ∆0 ; M ; N → v and x 6∈ dom(∆, ∆0 ) then ∆, x:σ, ∆0 ; M ; N → v.

The following lemmas are by induction on types.

Lemma 8. Let M and N be weak-head normal and not canonical. Then if

∆; M ; N → τ then ∆; M ; N ; τ ⇒ tt; if ∆; M ; N → ⊥ then ∆; M ; N ; τ ⇒ ff
for any τ , and if ∆; M ; N → τ then ∆; M ; N ; τ 0 ⇒ b for any τ 0 .
Lemma 9. If M →w P then ∆ ` M ⇐⇒ N : τ terminates iff ∆ ` P ⇐⇒ N : τ
terminates, and with the same result, and symmetrically.

We now prove the main results of this section.

Lemma 10 (Termination). Suppose that M and N are β-normalizing. Then

∆ ` M ⇐⇒ N : τ is terminating for any ∆ and τ , and if M and N are weak-
head normal and not canonical then ∆ ` M ←→ N : τ is terminating for any
∆.

Proof. We prove this by nested induction on the sum of |M nf | and |N nf | and the
sum of the lengths of the β-reduction sequences of M and N . As for Coquand’s
algorithm, we use Lemma 1 Case 1 to perform case analysis on whether M and
N are weak-head normal or not.
We consider several cases where M and N are weak-head normal.
– M and N basic. If M = N = x and x:τ ∈ ∆ then ∆ ` x ←→ x : τ
succeeds. If M = N = type then ∆ ` type ←→ type : o succeeds, and
∆ ` type ←→ type : τ1 → τ2 fails. Similarly, if M 6= N or M ≡ x 6∈ dom(∆)
then ∆ ` M ←→ N : τ fails. Each result lifts to ⇐⇒ by Lemma 8.
– M ≡ λx:A1 .M0 and N is not canonical. ∆ ` M ⇐⇒ N : o fails because no
rules match ∆ ` λx:A1 .M0 ←→ N : o. ∆ ` λx:A1 .M0 ⇐⇒ N : τ1 → τ2
terminates by definition iff ∆, x:τ1 ` (λx:A1 .M0 )(x) ⇐⇒ N (x) : τ2 , which
by Lemma 9 terminates iff ∆, x:τ1 ` M0 ⇐⇒ N (x) : τ2 terminates. But
∆, x:τ1 ` M0 ⇐⇒ N (x) : τ2 terminates by induction hypothesis, since
|λx:Anf nf nf nf nf nf nf
1 .M0 | + |N | = |M0 | + 3 + |N | > |M0 | + |N | + 2 = |M0 | +
nf
nf
|N (x)|.

Lemma 11 (Completeness). If Γ ` M = N : A then Γ − ` M ⇐⇒ N : A− .

Proof. By Church–Rosser and Splitting it suffices to show that if M ↓βη N and

Γ ` M : A, Γ 0 ` N : B, A− = B − and Γ − = Γ 0− then Γ − ` M ⇐⇒ N : A− ;
and if M ↓βη N with M and N weak-head normal and not canonical, and Γ `
M : A, Γ 0 ` N : B and Γ − = Γ 0− , then A− = B − and Γ − ` M ←→ N : A− .
We use the same induction principle as in Lemma 10; we consider several cases
where M and N are weak-head normal.
– M and N basic. Clearly if M ↓βη N then M = N = x or M = N = type.
If M = x then Γ ` x : A and Γ 0 ` x : B imply Γ ` Γ (x) = A : type,
Γ 0 ` Γ 0 (x) = B : type, and Γ − (x) ∈ Γ − , so Γ − ` x ←→ x : Γ (x) and
Γ − ` x ⇐⇒ x : Γ (x) as above. Also, Γ − = Γ 0− implies Γ (x)− = Γ 0 (x)
implies A− = B − by Lemma 6. If M = type then Γ ` type : A and
Γ 0 ` type : B imply A = B = kind, and Γ − ` type ←→ type : o and
Γ − ` type ⇐⇒ type : o.
– M ≡ λx:A1 .M0 and N not canonical. Let λx:A1 .M0 ↓βη N , Γ ` λx:A1 .M0 :
A, Γ ` N : B, and A− = B − . Then M0 pM00 (x) with x 6∈ FV(M00 ), and
N pM00 , and by Generation Γ, x:A1 ` M0 : A2 , Γ ` Πx:A1 .A2 = A and
so B ≡ Πx:B1 .B2 since (Πx:A1 .A2 )− = B − . Hence M0 ↓βη N (x), since
 N is weak-head normal and not canonical, and Γ, x:B1 ` N (x) : B2 by
Weakening and App, and A− − − − 0−
1 = B1 implies Γ , x:A1 = Γ , x:B1 , so
−
− − − − −
Γ , x:A1 ` M0 ⇐⇒ N (x) : A2 implies Γ , x:A1 ` (λx:A1 .M0 )(x) ⇐⇒
N (x) : A−
2 by induction hypothesis implies Γ
−
` λx:A1 .M0 ⇐⇒ N : A−1 →
− −
A2 = (Πx:A1 .A2 ) .

4.3 Correctness of the Algorithm

The outline of our proof of the correctness of the algorithm follows Harper and
Pfenning’s proof. The primary difference is that because we rely on established
metatheoretic results, Subject Reduction also applies to β-reducts at the level
of types by assumption.

Lemma 12 (Correctness).

– If Γ − ` M ⇐⇒ N : A− and Γ ` M, N : A then Γ ` M = N : A.
– If Γ − ` M ←→ N : τ , Γ ` M : A, Γ ` N : B and M and N not canonical
then Γ ` M = N : A and either Γ ` A = B : s with A− = B − = τ
or A = B = kind. If Γ − ` M ←→ N : A− and Γ ` M, N : A then
Γ ` M = N : A.

Proof. By induction on derivations. We consider several cases:

– Base. By Subject Reduction Γ ` M = P : A and Γ ` N = Q : A, and by

Splitting Γ ` P, Q : A, so by induction hypothesis Γ ` P = Q : A. Hence
Γ ` M = N : A.
– Π. By assumption Γ ` Πx:A1 .A2 , Πx:B1 .B2 : C, so Γ ` A1 , B1 : type by
Generation, Γ, x:A1 ` A2 : s and Γ, x:B1 ` B2 : s0 , with derivations of
Γ ` C = type : kind or C = kind from each derivation. Therefore s = s0 , and
so by induction hypothesis Γ ` A1 = B1 : type and Γ, x:A1 ` A2 = B2 : s,
so Γ ` Πx:A1 .A2 = Πx:B1 .B2 : s.

5 System F

In this final technical section we show that our technique also works for a typed
conversion algorithm for System F, hence extending our results beyond that of
Harper and Pfenning.

5.1 Syntax

We begin by introducing the term syntax and inference rules for System F.
The following grammar presents the contexts, types, and terms of System F:

Γ ∈ C ::= () | Γ, x:A
A, B, C ∈ Y ::= X | A → B | ∀X.A
M, N, P, Q ∈ T ::= x | λx:A.M | M (N ) | ΛX.M | M (A)
Similar to the Logical Framework, we say that a term is canonical if it is of the
form λx:A.M or ΛX.M .
We use the same notations for reduction, substitution and so on as for the
Logical Framework. We say that a context Γ is valid if each x ∈ dom(Γ ) occurs
exactly once in Γ . We write FTV(A) for the free type variables occurring in A,
and similarly for contexts.
Reduction is extended with β and η reductions for the type-level constructors:

(ΛX.M )(A) β [A/X]M

ΛX.(M (X)) η M (X 6∈ FTV(M ))

Weak-head reduction is similarly extended. The definitions of normal and weak-

head normal are also extended in the natural way; observe that (ΛX.M )(N ) and
(λx:A.M )(B) are normal and weak-head normal. Finally, the results of Lemma 1
exetnd to System F.
Our presentation of System F has only two judgements, Γ ` M : A and
Γ ` M = N : A; the inference rules for Γ ` M : A are as follows:
Γ valid
(Var) (x:A ∈ Γ )
Γ `x:A
Γ, x:A ` M : B Γ `M :A→B Γ `N :A
(λ) (App)
Γ ` λx:A.M : A → B Γ ` M (N ) : B
Γ `M :A Γ ` M : ∀X.A
(Λ) (X 6∈ FTV(Γ )) (TyApp)
Γ ` ΛX.M : ∀X.A Γ ` M (B) : [B/X]A
The equality judgement is the evident typed extension of rules β and Ext for
terms and types, as in Section 2.2.
System F enjoys a list of properties similar to those of Section 2.4, including
Subject Reduction, Church–Rosser, Splitting, Uniqueness of Types, and so on.
Due to a lack of space, we omit the full statement of these properties.

5.2 The Algorithm

The algorithm is defined by the inference rules in Figure 4.

5.3 Termination and Completeness of the Algorithm

The arguments for termination and completeness of the algorithm are very sim-
ilar to the arguments for the Logical Framework, although they are simpler due
to the lack of dependent types. We briefly outline the proofs here.
We define the length function |M | in the obvious way for System F, and
Γ ; M ; N ; A ⇒ b and Γ ; M ; N → v are also extended.

Lemma 13. Let M and N be weak-head normal and not canonical. Then if
Γ ; M ; N → A then Γ ; M ; N ; A ⇒ tt; if Γ ; M ; N → ⊥ then Γ ; M ; N ; A ⇒ ff for
any A, and if Γ ; M ; N → A then Γ ; M ; N ; B ⇒ b for any B.
 Γ ` P ←→ Q : X
(TyVar) (M pw P and N pw Q)
Γ ` M ⇐⇒ N : X
Γ, x:A ` M (x) ⇐⇒ N (x) : B
(→) (x 6∈ dom(Γ ))
Γ ` M ⇐⇒ N : A → B
Γ ` M (X) ⇐⇒ N (X) : A
(∀) (X 6∈ FTV(Γ ) ∪ FTV(M ) ∪ FTV(N ))
Γ ` M ⇐⇒ N : ∀X.A
(Var) Γ ` x ←→ x : Γ (x)
Γ ` M1 ←→ N1 : A → B Γ ` M2 ⇐⇒ N2 : A
(App)
Γ ` M1 (M2 ) ←→ N1 (N2 ) : B
Γ ` M ←→ N : ∀X.A
(TyApp)
Γ ` M (B) ←→ N (B) : [B/X]A

Fig. 4. Algorithm for Conversion for System F

Lemma 14. If M →w P then Γ ` M ⇐⇒ N : A terminates iff Γ ` P ⇐⇒ N :

A terminates, and with the same result, and symmetrically.

Lemma 15 (Termination). If M and N are β-normalizing then Γ ` M ⇐⇒

N : A is terminating for any Γ and A; if M and N are weak-head normal and
not canonical then Γ ` M ←→ N : A is terminating for any Γ .

Proof. By nested induction on the sum of |M nf | and |N nf | and the sum of the
lengths of β-reduction sequences for M and N . As in the previous sections, if M
and N are not weak-head normal then the result follows by the nested induction
hypothesis.
We consider several cases where M and N are weak-head normal.
– M ≡ ΛX.M0 and N not canonical. Γ ` ΛX.M0 ⇐⇒ N : X fails immedi-
ately, and Γ ` ΛX.M0 ⇐⇒ N : A → B fails since Γ, x:A ` (ΛX.M0 )(x) ⇐⇒
N (x) : B fails by Lemma 13, since Γ, x:A ` (ΛX.M0 )(x) ←→ N (x) : B
fails. Suppose A ≡ ∀X.B; then Γ ` M0 ⇐⇒ N (X) : B terminates by in-
duction hypothesis on the combined length of the normal forms of ΛX.M0
and N , Γ ` (ΛX.M0 )(X) ⇐⇒ N (X) : B terminates by Lemma 14, and so
Γ ` ΛX.M0 ⇐⇒ N : ∀X.B terminates.
– M ≡ M1 (C) with M1 weak-head normal and not canonical, and N ≡ N1 (D)
with N1 weak-head normal and not canonical. If C 6= D then the algo-
rithm fails. Otherwise, Γ ` M1 ←→ N1 : A terminates: if it fails or if
A 6≡ ∀X.B then Γ ` M1 (C) ←→ N1 (C) fails, and otherwise Γ ` M1 (C) ←→
N1 (C) : [C/X]B succeeds. The results lift to Γ ` M1 (C) ⇐⇒ N1 (C) : D by
Lemma 13.
Lemma 16 (Completeness). If Γ ` M = N : A then Γ ` M ⇐⇒ N : A.

Proof. By Church–Rosser and Splitting it suffices to show that if M ↓βη N and

Γ ` M, N : A then Γ ` M ⇐⇒ N : A, and if M and N are weak-head normal
and not canonical then Γ ` M ←→ N : A. We show this by the same induction
used in Lemma 15; we consider several cases here.

– M ≡ ΛX.M0 and N not canonical. Suppose ΛX.M0 ↓βη N and Γ `

ΛX.M0 , N : A. By inversion Γ ` M0 : B and A ≡ ∀X.B, and so Γ `
(ΛX.M0 )(X), N (X) : B by TyApp. Hence by induction hypothesis Γ `
M0 ⇐⇒ N (X) : B, so Γ ` ΛX.M0 ⇐⇒ N : ∀X.B.
– M ≡ M1 (C) with M1 weak-head normal and not canonical, and N ≡ N1 (D)
with N1 weak-head normal and not canonical. Suppose Γ ` M1 (C), N1 (D) :
A. By inversion Γ ` M1 : ∀X.E, [C/X]E = A, Γ ` N1 : ∀X.F , and
[D/X]F = A. Furthermore, M1 pw P1 and N1 pw P1 and C = D, so by
Subject Reduction Γ ` M1 = P1 : ∀X.E and Γ ` N1 = P1 : ∀X.F , so
by Uniqueness of Types ∀X.E = ∀X.F . Therefore by induction hypothesis
Γ ` M1 ←→ N1 : ∀X.E, so Γ ` M1 (C) ←→ N1 (C) : [C/X]E.

5.4 Correctness of the Algorithm

We now show that the algorithm is correct for System F.

Lemma 17 (Correctness).

– If Γ ` M ⇐⇒ N : A and Γ ` M, N : A then Γ ` M = N : A.
– If Γ ` M ←→ N : A, Γ ` M : B and Γ ` N : C then Γ ` M = N : A and
A = B = C.

Proof. By induction on derivations. We consider several cases:

– →. We have Γ ` M, N : A → B. By Weakening Γ, x:A ` M, N : A → B, and

so by Var and App Γ, x:A ` M (x), N (x) : B, and by induction hypothesis
Γ, x:A ` M (x) = N (x) : B. By λ and Ext Γ ` M = N : A → B.
– Var. By inversion Γ ` x : B implies B = Γ (x), and Γ ` x = x : Γ (x).
– TyApp. We have Γ ` M (B) : C, Γ ` N (B) : D, and Γ ` M (B) ←→ N (B) :
[B/X]A. By inversion Γ ` M : ∀X.E and Γ ` N : ∀X.F . By induction
hypothesis Γ ` M = N : ∀X.A with ∀X.A = ∀X.E = ∀X.F , so A = E = F
and [B/X]A = [B/X]E = [B/X]F . Hence Γ ` M (B) = N (B) : [B/X]A.

6 Conclusions and Future Work

We have demonstrated that the standard metatheory for the Logical Framework
and System F for βη-equality is sufficient to justify algorithms for conversion
not immediately modeled by reduction. We used a simple inductive measure to
show the completeness and decidability of the algorithms.
 A natural extension of this work would be to study the algorithm for conver-
sion for the Calculus of Constructions with βη-equality. We have made substan-
tial progress towards this goal by showing how type dependency can be erased
and reconstructed for the Logical Framework, and how polymorphism can be jus-
tified. Existing developments using erasure to study metatheory of dependent
type theories [5] suggest that the type-directed algorithm for the non-dependent
version of a calculus could be used to typecheck the dependently typed version.
One of the primary motivations for Harper and Pfenning’s algorithm was
singleton types, where Coquand’s untyped algorithm may fail to identify equal
terms. It seems that it should be possible to extend our technique given the
metatheory for βη-equality, but one of the benefits of giving an algorithm di-
rectly is that it addresses problems with the reduction relation, such as failure
of confluence. This is an interesting area for further research.

Acknowledgments
I would like to thank Bob Harper for stimulating my renewed interest in this
topic, and the anonymous referees and Andreas Abel for helpful corrections and
comments. I would also like to thank my wife Adriana Compagnoni for her
encouragement and support as I was writing this article.

References
1. D. Aspinall. Subtyping with singleton types. In L. Pacholski and J. Tiuryn, editors,
Computer Science Logic, pages 1–15. Springer, Berlin, 1994.
2. H. Barendregt. Lambda calculi with types. In S. Abramsky, D. M. Gabbai, and
T. S. E. Maibaum, editors, Handbook of Logic in Computer Science, volume 2.
Oxford University Press, 1991.
3. T. Coquand. An algorithm for testing conversion in type theory. In G. Huet and
G. Plotkin, editors, Logical Frameworks. Cambridge University Press, 1991.
4. H. Geuvers. Logics and Type Systems. PhD thesis, Katholieke Universiteit Nij-
megen, Sept. 1993.
5. H. Geuvers and M.-J. Nederhof. A modular proof of strong normalization for the
calculus of constructions. Journal of Functional Programming, 1(2):155–189, Apr.
1991.
6. H. Goguen. A Typed Operational Semantics for Type Theory. PhD thesis, Univer-
sity of Edinburgh, Aug. 1994.
7. H. Goguen. A syntactic approach to eta equality in type theory. In Symposium on
Principles of Programming Languages, Jan. 2005.
8. R. Harper and F. Pfenning. On equivalence and canonical forms in the LF type
theory. ACM Trans. on Computational Logic, 2004. To appear.
9. A. Salvesen. The Church-Rosser property for pure type systems with βη-reduction,
Nov. 1991. Unpublished manuscript.
10. C. A. Stone and R. Harper. Equivalence and singletons. ACM Transactions on
Programming Languages and Systems, 2004. Submitted.
11. J. Vanderwaart and K. Crary. A simplified account of the metatheory of linear LF.
Electronic Notes in Theoretical Computer Science, 70(2), 2002. Extended version
available as Technical Report CMU-CS-01-154.