Type safety of rewrite rules in dependent types

The expressiveness of dependent type theory can be extended by identifying types modulo some additional computation rules. But, for preserving the decidability of type-checking or the logical consistency of the system, one must make sure that those user-defined rewriting rules preserve typing. In this paper, we give a new method to check that property using Knuth-Bendix completion.


Introduction
The λΠ-calculus, or LF [12], is an extension of the simply-typed λ-calculus with dependent types, that is, types that can depend on values like, for instance, the type V n of vectors of dimension n.And two dependent types like V n and V p are identified as soon as n and p are two expressions having the same value (modulo the evaluation rule of λ-calculus, β-reduction).
In the λΠ-calculus modulo rewriting, function and type symbols can be defined not only by using β-reduction but also by using rewriting rules [19].Hence, types are identified modulo β-reduction and some user-defined rewriting rules.This calculus has been implemented in a tool called Dedukti [9].
Adding rewriting rules adds a lot of expressivity for encoding logical or type systems.For instance, although the λΠ-calculus has no native polymorphism, one can easily encode higher-order logic or the calculus of constructions by using just a few symbols and rules [8].As a consequence, various tools have been developed for translating actual terms and proofs from various systems (Coq, OpenTheory, Matita, Focalize, . . . ) to Dedukti, and back, opening the way to some interoperability between those systems [1].The Agda system recently started to experiment with rewriting too [7].
To preserve the decidability of type-checking and the logical consistency, it is however essential that the rules added by the user preserve typing, that is, if an expression e has some type T and a rewriting rule transforms e into a new expression e , then e should have type T too.This property is also very important in programming languages, to avoid some errors (a program declared to return a string should not return an integer).
When working in the simply-typed λ-calculus, it is not too difficult to ensure this property: it suffices to check that, for every rewriting rule l → r, the right-hand side (RHS) r has the same type as the left-hand side (LHS) l, which is decidable.
The situation is however much more complicated when working with dependent types modulo user-defined rewriting rules.As type-checking requires one to decide the equivalence Proving that the above rule preserves typing is not trivial as it is equivalent to proving that β-reduction has the subject-reduction property in the simply-typed λ-calculus.And, indeed, the previous version of Dedukti was unable to prove it.
The LHS is typable if f is of type τ (arr a b ), τ (arr a b ) τ (arr a b), and x is of type τ a.Then, in this case, the LHS is of type τ b.
Here, one could be tempted to replace a by a, and b by b, so that these conditions are satisfied but this would make the rewriting rule non left-linear and the proof of its confluence problematic [13].
Fortunately, this is not necessary.Indeed, we can prove that the RHS is typable and has the same type as the LHS by using the fact that τ (arr a b ) τ (arr a b) when the LHS is typable.Indeed, in this case, and thanks to the rule defining τ , f is of type τ a → τ b.Therefore, the RHS has type τ b as well.
In this paper, we present a new method for doing this kind of reasoning automatically.By using Knuth-Bendix completion [15,18], the equations holding when a LHS is typable are turned into a convergent (i.e.confluent and terminating) set of rewriting rules, so that the type-checking algorithm of Dedukti itself can be used to check the type of a RHS modulo these equations.
Outline.The paper is organized as follows.In Section 2, we recall the definition of the λΠ-calculus modulo rewriting.In Section 3, we recall what it means for a rewriting rule to F. Blanqui 11:3 preserve typing.In Section 4, we describe a new algorithm for checking that a rewriting rule preserves typing and provide general conditions for ensuring its termination.Finally, in Section 5, we compare this new approach with previous ones and conclude.

λΠ-calculus modulo rewriting
Following Barendregt's book on typed λ-calculus [4], the λΠ-calculus is a Pure Type System (PTS) on the set of sorts S = { , }:2 Definition 2 (λΠ-term algebra).A λΠ-term algebra is defined by: a set F of function symbols, an infinite set V of variables, such that V, F and S are pairwise disjoint.
The set T (F, V) of λΠ-terms is then inductively defined as follows: A substitution is a finite map from V to T (F, V).It is written as a finite set of pairs.For instance, {(x, a)} is the substitution mapping x to a.
Given a substitution σ and a term t, we denote by tσ the capture-avoiding replacement of every free occurrence of x in t by its image in σ.

Definition 3 (λΠ-calculus).
A λΠ-calculus on T (F, V) is given by: a function Θ : F → T (F, V) mapping every function symbol f to a term Θ f called its type (we will often write f : A instead of Θ f = A), a function Σ : F → S mapping every function symbol f to a sort Σ f , a set R of rewriting rules (l, r) ∈ T 2 , written l → r, such that FV(r) ⊆ FV(l).
We then denote by the smallest equivalence relation containing → = → R ∪ → β where → R is the smallest relation stable by context and substitution containing R, and → β is the usual β-reduction relation.

Example 4.
For representing natural numbers, we can use the function symbols N : of sort , and the function symbols 0 : N and s : N → N of sort .Addition can be represented by + : N → N → N of sort together with the following set of rules: Note that Dedukti allows overlapping LHS and matching on defined symbols like in this example.(It also allows higher-order pattern matching like in Combinatory Reduction Systems (CRS) [14] but we do not consider this feature in the current paper.)(fun) Throughout the paper, we assume a given λΠ-calculus Λ = (F, V, Θ, Σ, R).

Definition 5 (Well-typed terms).
A typing environment is a possibly empty ordered sequence of pairs (x 1 , A 1 ), . . ., (x n , A n ), written x 1 : A 1 , . . ., x n : A n , where the x i 's are distinct variables and the A i 's are terms.
A term t has type A in a typing environment Γ if the judgment Γ t : A is derivable from the rules of Figure 1.An environment Γ is valid if some term is typable in it.
A substitution σ is a well-typed substitution from an environment Γ to an environment Γ , written Γ σ : Γ, if, for all x : A ∈ Γ, we have Γ xσ : Aσ.
A type-checking algorithm for the λΠ-calculus modulo (user-defined) rewriting rules is implemented in the Dedukti tool [9].
We first recall a number of basic properties that hold whatever R is and can be easily proved by induction on [5]: Throughout the paper, we assume that, for all f , Θ f : Σ f .Indeed, if Θ f : Σ f does not hold, then no well-typed term can contain f .(This assumption is implicit in the presentations of LF using signatures [12].) More importantly, we will assume that → is confluent on the set T (F, V) of untyped terms, that is, for all terms t, u, v ∈ T (F, V), if t → * u and t → * v, then there exists a term w ∈ T (F, V) such that u → * w and v → * w, where → * is the reflexive and transitive closure of →.This condition is required for ensuring that conversion behaves well with respect to products (if Πx : A, B Πx : A , B then A A and B B ), which in particular implies subject-reduction for → β .
This last assumption may look strong, all the more so since confluence is undecidable.However this property is satisfied by many systems in practice.For instance, → is confluent if the left-hand sides of R are algebraic (Definition 8), linear and do not overlap with each other [21].This is in particular the case of the rewriting systems corresponding to the function definitions allowed in functional programming languages such as Haskell, Agda, OCaml or Coq.But confluence can be relaxed in some cases: when there are no type-level rewriting rules [3] or when the right-hand sides of type-level rewriting rules are not products [6].
When → is confluent, the typing relation satisfies additional properties.For instance, the set of typable terms can be divided into three disjoint classes: the terms of type , called kinds, of the form Πx 1 : A 1 , . . ., Πx n : A n , ; the terms whose type is a kind, called predicates; the terms whose type is a predicate, called objects.

Subject-reduction
A relation preserves typing (subject-reduction property) if, for all environments Γ and all terms t, u and A, if Γ t : A and t u, then Γ u : A.
One can easily check that → β preserves typing when → is confluent [5].Our aim is therefore to check that → R preserves typing too.To this end, it is enough to check that every rule l → r ∈ R preserves typing, that is, for all environments Γ, substitutions σ and terms A, if Γ lσ : A, then Γ rσ : A.
A first idea is to require that: The condition (*) is sufficient if the rule left-hand side is a non-variable simply-typed first-order term [3], a notion that we slightly generalize as follows:

Definition 8 (Pattern). We assume that the set of variables is split in two disjoint sets, the algebraic variables and the non-algebraic ones, and that there is an injection from algebraic variables to non-algebraic variables. A term is algebraic if it is an algebraic variable or of the form f t 1 . . . t n with each t i algebraic and f a function symbol whose type is of the form Πx
A term is an object-level algebraic term if it is algebraic and all its function symbols are of sort .
A pattern is an algebraic term of the form f t 1 . . .t n where each t i is an object-level algebraic term.
The distinction between algebraic and non-algebraic variables is purely technical: for generating equations (Definition 10), we need to associate a type x to every variable x, and we need those variables x to be distinct from one another and distinct from the variables F S C D 2 0 2 0 11:6 Type safety of rewrite rules in dependent types used in rules.To do so, we split the set of variables into two disjoint sets.The ones used in rules are called algebraic, and the others are called non-algebraic.Finally, we ask the function to be an injection from the set of algebraic variables to the set of non-algebraic variables.
In the rest of the paper, we also assume that rule left-hand sides are patterns.Hence, every rule is of the form f l 1 . . .l n → r, and we say that a symbol f ∈ F is defined if there is in R a rule of the form f l 1 . . .l n → r.
However, the condition (*) is not satisfactory in the context of dependent types.Indeed, when function symbols have dependent types, it often happens that a term is typable only if it is non-linear.And, with non-left-linear rewriting rules, → is generally not confluent on untyped terms [13], while there exist many confluence criteria for left-linear rewriting systems [21].
Throughout the paper, we will use the following simple but paradigmatic example to illustrate how our new algorithm works: Example 9. Consider the following rule to define the tail function on vectors: where tail : Πn : N, V (sn) → V n, V : N → , nil : V 0, cons : R → Πn : N, V n → V (sn) and R : .
For the left-hand side to be typable, we need to take p = n, because tail n expects an argument of type V (sn), but cons x p v is of type V (sp).
Yet, the rule with p = n preserves typing.Indeed, assume that there is an environment Γ, a substitution σ and a term A such that Γ tail nσ (cons xσ pσ vσ) : A. By inversion of typing rules, we get V (nσ) A, Γ A : s for some sort s, V (spσ) V (snσ) and Γ vσ : V pσ.Assume now that V and s are undefined, that is, there is no rule of R of the form V t → u or st → u.Then, by confluence, pσ nσ.Therefore, V pσ A and Γ vσ : A.
Hence, that a rewriting rule l → r preserves typing does not mean that its left-hand side l must be typable [6].Actually, if no instance of l is typable, then l → r trivially preserves typing (since it can never be applied)!The point is therefore to check that any typable instance of l → r preserves typing.

A new subject-reduction criterion
The new criterion that we propose for checking that l → r preserves typing proceeds in two steps.First, we generate conversion constraints that are satisfied by every typable instance of l (Figure 2).Then, we try to check that r has the same type as l in the type system where the conversion relation is extended with the equational theory generated by the conversion constraints inferred in the first step.For type-checking in this extended type theory to be decidable and implementable using Dedukti itself, we use Knuth-Bendix completion [15] to replace the set of conversion constraints by an equivalent but convergent (i.e.terminating and confluent) set of rewriting rules.

Inference of typability constraints
We first define an algorithm for inferring typability constraints and then prove its correctness and completeness.
Let ↑ be the partial function defined in Figure 2. It takes as input a term t and returns a pair (A, E), written A[E], where A is a term and E is a set of equations, an equation being a pair of terms (l, r) usually written l = r.
A substitution σ satisfies a set E of equations, written σ |= E, if for all equations a = b ∈ E, aσ bσ.
where σ = {(x 1 , t 1 ), . . ., (x n , t n )} Example 11.In our running example tail n (cons Proof.Since → is confluent and left-hand sides are patterns, s s iff s = s .The result follows then by inversion of typing rules and weakening.
Case n = 0.By equivalence of types.
Case n > 0. By inversion of typing rules and weakening, Γ, T n σ n−1 : .By confluence, T n σ n−1 A and U σ n−1 B. Therefore, by conversion, Γ x n σ : T n σ and Γ σ : ∆ n .Now, x n can always be chosen so that

Lemma 15.
(Correctness) For all algebraic terms t, terms T and sets of equations E, if t ↑ T [E] then, for all valid environments Γ, substitutions θ such that Γ θ : ∆ t and θ |= E, we have Γ t θ : T θ.
By induction hypothesis, for all i, we have Γ t i θ : A i θ and A i θ T i σ θ.We now prove that, for all i, Γ T i σ θ : and Γ x i σ θ : T i σ θ, hence that Γ σ : Γ i f , by induction on i.
Case t = y.We take T = y, E = ∅ and θ = θ ∪ {( y, A)}.We have t ↑ T [E], θ |= E and A T θ.Now, Γ y θ : y θ and Γ y θ : .Therefore, Γ θ : ∆ t .Case t = f t 1 . . .t n with f : Πx 1 : T 1 , . . ., x n : T n , U .By Lemma 12, for all i, we have Γ f x i : T i and Γ f T i : , where Γ f = x 1 : T 1 , . . ., x n : T n .By Lemma 14 because Θ f : Σ f for all f , we have A U σθ and Γ σθ : Γ f .Hence, by substitution, for all i, we have Γ t i θ : T i σθ and Γ T i σθ : .Therefore, by induction hypothesis, there are A i , E i and θ i extending θ such that , and y θ = y θ i where i is the smallest integer such that y ∈ FV(t i ).Then, we have t ↑ T [E] and A U σθ = T θ.If y ∈ FV(t i ) ∩ FV(t j ), then y θ i = yθ = y θ j since θ i and θ j are both extensions of θ.Now, if Γ y θ i : y θ i and Γ y θ j : y θ j then, by equivalence of types, y θ i y θ j .Therefore, θ |= E and Γ θ : ∆ t .Let now t be a pattern.By definition, t is of the form f t 1 . . .t n with f : Πx 1 : T 1 , . . ., x n : T n , U and each t i an object-level algebraic term.As we have seen above, for all i, we have Γ t i θ : T i σθ and Γ T i σθ : .Therefore, by completeness for object level algebraic terms, there are A i , E i and θ i extending θ such that We can now conclude like in the previous case.
Example 16.In our running example tail n (cons x p v) → v, we have seen that This means that, if σ is a substitution and (tail n (cons x p v))σ is typable, then σ |= E 2 .In particular, V (spσ) V (snσ).

Type-checking modulo typability constraints
For checking that the right-hand side of a rewriting rule l → r has the same type as the left-hand side modulo the typability constraints E of the left hand-side, we introduce a new We denote by l,E the conversion relation of Λ l,E , and by l,E its typing relation.
Λ l,E is similar to Λ except that the symbols of {x | x ∈ FV(l)} ∪ { x | x ∈ FV(l)} are not variables but function symbols, and that the set of rewriting rules is extended by E ∪ E −1 which, in Λ l,E , is a set of closed rewriting rules (rules and equations are synonyms: they both are pairs of terms).
Lemma 18.For all patterns l, sets of equations E and substitutions σ in Λ, and for all terms t, u in Λ l,E , if σ |= E and t l,E u, then tσ uσ. 4roof.Immediate as each application of an equation (a, b) ∈ E ∪ E −1 can be replaced by a conversion a b.

Theorem 19. For all patterns l, sets of equations E, and terms T, r in Λ, if l ↑ T [E] and
l,E r : T , then l → r preserves typing in Λ.
Proof.Let ∆ be an environment, σ be a substitution and A be a term of Λ such that ∆ lσ : A. By Lemma 15 (completeness), there are a term T , a set of equations E and a substitution σ extending σ such that t ↑ T [E ], σ |= E , ∆ σ : ∆ t and A T σ.Since ↑ is a function, we have T = T and E = E.
We now prove that, if Γ l,E t : T , then ∆, Γ σ t σ : T σ, by induction on l,E (note that σ replaces function symbols by terms).

Example 20. We have seen that cons
After the previous theorem, the rewriting rule defining tail preserves typing if we can prove that l,E2 v : V n where, in Λ l,E2 , v is a function symbol of type v and sort , and types are identified modulo and the equations of E 2 .But this is not possible since v : V p and V p l,E2 V n.Yet, if σ |= V (sp) = V (sn) and V and s are undefined then, by confluence, σ |= p = n and thus σ |= V p = V n.We therefore need to simplify the set of equations before type-checking the right-hand side.

Simplification of typability constraints
In this section, we show that Theorem 19 can be generalized by using any valid simplification relation, and give an example of such a relation.Theorem 19 can be easily generalized as follows:

Definition 21 (Valid simplification relation). A relation on sets of equations is valid if, for all sets of equations
Theorem 22 (Preservation of typing).For all patterns l, sets of equations D, E, and terms T, r in Λ, if l ↑ T [D], D * E and l,E r : T , then l → r preserves typing in Λ.
We have seen in the previous example that, thanks to confluence, σ |= p = n whenever σ |= sp = sn and s is undefined.But this last condition is a particular case of a more general property: Definition 23 (I-injectivity).Given f : Πx 1 : T 1 , . . ., Πx n : T n , U and a set I ⊆ {1, . . ., n}, we say that f is I-injective when, for all t 1 , u 1 , . . ., t n , u n , if f t 1 . . .t n f u 1 . . .u n and, for all i / ∈ I, t i u i , then, for all i ∈ I, t i u i .
For instance, f is {1, . . ., n}-injective if f is undefined.The new version of Dedukti allows users to declare if a function symbol is I-injective (like the function τ in Example 1), and a procedure for checking I-injectivity of function symbols defined by rewriting rules has been developed and implemented in Dedukti [22].For instance, the function symbol τ of Example 1, which is defined by the rule τ (arr x y) → τ x → τ y, can be proved to be {1}-injective.
Clearly, I-injectivity can be used to define a valid simplification relation.In fact, one can easily check that the following simplification rules are valid too: Lemma 24.The relation defined in Figure 3 is a valid simplification relation.
Proof.We only detail the first rule which says that, if some substitution σ validates some equation t = u, that is, if tσ uσ, then σ validates any equation t = u where t and u are reducts of t and u respectively.Indeed, since t is a reduct of t, t t.Similarly, u u.Therefore, by stability of conversion by substitution and transitivity, t σ u σ.
Example 25.We can now handle our running example.We have The above simplification relation works for the rewriting rule defining tail but may not be sufficient in more general situations: Example 26.Let D be the set of equations {f ct = ga, f cu = gb, a = b} and assume that f is {2}-injective.Then the equation t = u holds as well, but D cannot be simplified by the above rules because it contains no equation of the form f ct = f cu.
We leave for future work the development of more general simplification relations.

Decidability conditions
We now discuss the decidability of type-checking in Λ l,E and of the simplification relation based on injectivity, assuming that → β ∪ → R is terminating and confluent so that typechecking is decidable in Λ.In both cases, we have to decide l,E , the reflexive, symmetric and transitive closure of , where E is a set of closed equations.
As it is well known, an equational theory is decidable if there exists a convergent (i.e.terminating and confluent) rewriting system having the same equational theory: to decide whether two terms are equivalent, it suffices to check that their normal forms are identical.
In [15], Knuth and Bendix introduced a procedure to compute a convergent rewriting system included in some termination ordering, when equations are algebraic.Interestingly, this procedure always terminates when equations are closed, if one takes a termination ordering that is total on closed terms like the lexicographic path ordering > lpo wrt any total order > on function symbols (for more details, see for instance [2]).
For the sake of self-contentness, we recall in Figure 4 a rule-based definition of closed completion.These rules operate on a pair (E, D) made of a set of equations E and a set of rules D. Starting from (E, ∅), completion consists in applying these rules as long as possible.This process necessarily ends on (∅, D) where D is terminating (because D ⊆ > lpo ) and confluent (because it has no critical pairs).
We leave for future work the extension of this procedure to the case of non-algebraic, and possibly higher-order, equations.
If we apply this procedure to the set E of equations (assuming that they are algebraic), we get that l,E is the reflexive, symmetric and transitive closure of → β ∪ → R ∪ → D , where → β ∪ → R and → D are both terminating and confluent.However, termination is not modular in general, even when combining two systems having no symbols in common [20].
There exists many results on the modularity of confluence and termination of first-order rewriting systems when these systems have no symbols in common, or just undefined symbols F S C D 2 0 2 0 11:12 Type safety of rewrite rules in dependent types (see for instance [11] for some survey).But, here, we have higher-order rewriting rules that may share defined symbols.
So, instead, we may try to apply general modularity results on abstract relations [10].In particular, for all terminating relations P and Q, P ∪ Q terminates if P steps can be postponed, that is, if P Q ⊆ QP * .In our case, we may try to postpone the D steps: Lemma 27.For all sets of higher-order rewriting rules R and D, we have that Assume that t → D u at position p and u → βR v at position q.If p and q are disjoint, then these reductions can be trivially permuted: t → βR → D v. The case p ≤ q (p prefix of q) is not possible since D is closed (c) and no right-hand side of D is βR-reducible (d).So, we are left with the case q < p: Case u → β v.The case p = q1 is not possible since no right-hand side of D is headed by an abstraction (d).So, t| q is of the form (λx : A, b)a and the D step is in A, b or a.Therefore, t → β → * D v. Case u → R v, that is, when u| q = lσ where l is a left-hand side of a rule of R. The case p = qs where s is a non-variable position of l is not possible because no non-variable subterm of a left-hand side of R unifies with a right-hand side of D (e).Therefore, since l is left-linear (b), t| q is of the form lθ for some substitution θ, and the D step occurs in some xθ.Hence, t → R → * D v.
Example 28.As we have already seen, the typability conditions of l = tail n (cons x p v) is the set of equations as total order on function symbols, the Knuth-Bendix completion procedure yields with > lpo the rewriting system linear and V and s are undefined.This works as well if, instead of E, we use its simplification

F. Blanqui 11:13
Then, any total order on function symbols allows to prove preservation of typing.For instance, by taking f > → > a > a > b > b, we get the rewriting rules f → τ a → τ b, τ a → τ a, τ b → τ b and x → τ a, so that one can easily check that, modulo these rewriting rules, f x has type τ b.Therefore, app a b (lam a b f ) x → f x preserves typing.
Note that the result does not depend on the total order taken on function symbols.For instance, if one takes f > → > a > a > b > b (flipping the order of a and a ), we get the rewriting rules f → τ a → τ b, τ a → τ a , τ b → τ b and x → τ a .In this case, f x has type τ b as well.Flipping the order of b and b would work as well.

Related works and conclusion
The problem of type safety of rewriting rules in dependent type theory modulo rewriting has been first studied for simply-typed function symbols by Barbanera, Fernández and Geuvers in [3].In [6], the author extended these results to polymorphically and dependently typed function symbols, and showed that rule left-hand sides do not need to be typable for rewriting to preserve typing.This was later studied in more details and implemented in Dedukti by Saillard [17].In this approach, one first extracts a substitution ρ (called a pre-solution in Saillard's work) from the typability constraints of the left-hand side l and check that, if l is of type A, then the right-hand side r is of type Aρ (in the same system).For instance, from the simplified set of constraints E = { x = T , p = N , v = V p, n = N , p = n} of our running example, one can extract the substitution ρ = {(n, p)} and check that v has type (V n)ρ = V p.However, it is not said how to compute useful pre-solutions (note that we can always take the identity as pre-solution).In practice, the pre-solution is often given by the user thanks to annotations in rules.A similar mechanism called inaccessible or "dot" patterns exists in Agda too [16].
An inconvenience of this approach is that, in some cases, no useful pre-solution can be extracted.For instance, if, in the previous example, we take the original set of constraints E = { x = T , p = N , v = V p, n = N , V (sp) = V (sn)} instead of its simplified version E , then we cannot extract any useful pre-solution.
In this paper, we proposed a more general approach where we check that the right-hand side has the same type as the left-hand side modulo the equational theory generated by the typability constraints of the left-hand side seen as closed equations (Theorem 19).A prototype implementation is available on: https://github.com/wujuihsuan2016/lambdapi/tree/sr.
To ensure the decidability of type-checking in this extended system, we propose to replace these equations by an equivalent but convergent rewriting system using Knuth-Bendix completion [15] (which always terminates on closed equations), and provide conditions for preserving the termination and confluence of the system when adding these new rules (Lemma 27).This approach has also the advantage that Dedukti itself can be used to check the type safety of user-defined Dedukti rules.
We also showed that, for the algorithm to work, the typability constraints sometimes need to be simplified first, using the fact that some function symbols are injective (Theorem 22).It would be interesting to be able to detect or check injectivity automatically (see [22] for preliminary results on this topic), and also to find a simplification procedure more general than the one of Figure 3.

Figure 1
Figure 1 Typing rules of the λΠ-calculus modulo rewriting

(Example 7 .
*) there exist ∆ and B such that ∆ l : B and ∆ r : B. But this condition is not sufficient in general as shown by the following example: Consider the rule f (xy) → y with f : B → B. In the environment ∆ = x : B → B, y : B, we have ∆ l : B and ∆ r : B. However, in the environment Γ = x : A → B, y : A, we have Γ l : B and Γ r : A.

F
rewrite rules in dependent types (Completeness) For all environments Γ, patterns t, substitutions θ and terms A, if Γ tθ : A, then there are a term T , a set of equations E and a substitution θ extending θ such that t ↑ T [E], θ |= E, Γ θ : ∆ t and A T θ.

Definition 17 .
Given a pattern l and a set of equations D, D and substitutions σ, if σ |= D and D D , then σ |= D .

Figure 3
Figure 3 Some valid simplification rules on typability constraints

Figure 4
Figure 4 Rules for closed completion and → D terminate, (b) R is left-linear, (c) D is closed, (d) no right-hand side of D is βR-reducible or headed by an abstraction, (e) no right-hand side of D unifies with a non-variable subterm of a left-hand side of R. Proof.As usual, we define positions in a term as words on {1, 2}: Pos(s) = Pos(x) = Pos(f ) = {ε}, the empty word representing the root position, and Pos(tu) = Pos(λx : t

Example 29 .
Finally, let's come back to the rewriting rule app a b (lam a b f ) x → f x of Example 1 encoding the β-reduction of simply-type λ-calculus.As already mentioned, the previous version of Dedukti was unable to prove that this rule preserves typing.Thanks to our new algorithm, the new version of Dedukti 5 can now do it.The computability constraints of the LHS are f = τ a → τ b , τ a → τ b = τ (arr a b) and x = τ a. Preservation of typing cannot be proved without simplifying this set of equations to f = τ a → τ b , τ a = τ a, τ b = τ b and x = τ a.