%%% This is the scribe notes template for CS611
%%% There are several comments preceded by CS611: and boxed in %%%%'s
%%% which indicate where macros should be altered to set up the header
%%% for the paper.  Your Notes should go at the comment SCRIBE NOTES GO HERE!.

%%% In the various .sty files that accompany this .tex file you will
%%% find LaTeX macros that make it easier to typeset inference rules
%%% and programming language constructs.  You must make sure that the
%%% file proof.sty is in a path searched by LaTeX when you try to
%%% use this file.  Take a look to see what macros are available--it
%%% will save you time and make the notes look better.  Feel free to
%%% extend the set of macros--post them to the newsgroup and contact
%%% the course staff if you come up with some good ones so they can be
%%% added to the template.

%%% This template includes examples of how to use some of the macros
%%% to give you an idea of how they work.  (Delete the examples when
%%% you do your scribing.)

\documentclass{article}
\usepackage{611-lecture}
\usepackage{amsmath,amssymb,amsthm,amsfonts,latexsym}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% CS611: Please fill in these macros as appropriate:
\lecture{33} %% Lecture number
\title{Testing Equality and Subtyping of Recursive Types}   %% Title of lecture
%\author{Asif-ul Haque, Xin Zheng}  %% name of scribe
\date{27 November 2006}    %% Date of lecture
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

% See 611.sty for a variety of macros that will be helpful in
% typesetting the lecture
%
% quotes can be used for typewriter font
% <> can be used for angle brackets

\renewcommand\emptyset\varnothing
\newcommand{\inL}{\ensuremath{\mathsf{inL}}}
\newcommand{\inR}{\ensuremath{\mathsf{inR}}}
\newcommand\caseof[3]{\mathsf{case}~{#1}~\mathsf{of}~{#2}~|~{#3}}

\newtheorem{theorem}{Theorem}
\newtheorem{lemma}[theorem]{Lemma}
\newtheorem{proposition}[theorem]{Proposition}
\newtheorem{corollary}[theorem]{Corollary}
\newtheorem{definition}[theorem]{Definition}

\newcommand{\Z}{\mathbb{Z}}
\newcommand{\group}[1]{\left\langle{#1}\right\rangle}

%\theoremstyle{definition}
%\newtheorem*{defn}{Definition}
\newcommand{\nondet}{\left[\!\kern1pt\right]}
\renewcommand\phi\varphi
\renewcommand\wp[2]{\mathsf{wp}~{#1}~{#2}}
\newcommand\wlp[2]{\mathsf{wlp}~{#1}~{#2}}
\renewcommand\({\begin{eqnarray*}}
\renewcommand\){\end{eqnarray*}}

\newcommand\LOOKUP[2]{\mathrm{LOOKUP}~{#1}~{#2}}
\newcommand\UPDATE[3]{\mathrm{UPDATE}~{#1}~{#2}~{#3}}
\newcommand\MALLOC[2]{\mathrm{MALLOC}~{#1}~{#2}}
\newcommand\EMPTY{\mathrm{EMPTY\mbox{-}STORE}}
\renewcommand\dom[1]{\mathrm{dom}\,{#1}}
\newcommand\p[2]{\langle{#1},\,{#2}\rangle}
\newcommand\bigcdot{\mathrel{\raisebox{1pt}{$\scriptscriptstyle\bullet$}}}
\newcommand\holed[1]{[\,#1\,]}
\newcommand\hole{\holed\bigcdot}
\newcommand\context[1]{E\kern1pt\holed{#1}}
\newcommand\contextHole{\context\bigcdot}
\newcommand\goesto[2]{\underset{#2}{\overset{#1}\to}}
\newcommand\ifthenelse[3]{\mathsf{if\ }#1\mathsf{\ then\ }#2\mathsf{\ else\ }#3}
\newcommand\ifpthenelse[3]{\mathsf{ifp\ }#1\mathsf{\ then\ }#2\mathsf{\ else\ }#3}
\newcommand\whiledo[2]{\mathsf{while\ }#1\mathsf{\ do\ }#2}
\newcommand\letin[3]{\mathsf{let\ }#1 = #2\mathsf{\ in\ }#3}
\newcommand\letrec[5]{\mathsf{letrec\ }#1 = #2\mathsf{\ and\ \ldots\ and\ }#3 = #4\mathsf{\ in\ }#5}
\newcommand\letrecone[3]{\mathsf{letrec\ }#1 = #2\mathsf{\ in\ }#3}
\newcommand\true{\ensuremath{\mathsf{true}}}
\newcommand\false{\ensuremath{\mathsf{false}}}
\newcommand\error{\ensuremath{\mathsf{error}}}
\newcommand\pca[3]{\{#1\}\kern1pt{#2}\kern1pt\{#3\}}
\newcommand\states{\Set{St}}
\newcommand\rtc{^{\textstyle *}}
\newcommand\sat\vDash
\newcommand\force\vdash

\newcommand\hyphen{\mbox{-}}
\newcommand\lookup[2]{\nm{LOOKUP}~#1~\mquote{#2}}
\newcommand\update[3]{\nm{UPDATE}~#1~\mquote{#2}~#3}
\newcommand\SBk[1]{\SB{#1}k}
\newcommand\fix[1]{\mathsf{fix}\,{#1}}

\newlength\reasonwidth
\setlength\reasonwidth{3cm}
\newcommand\reasoning[1]{\def\longest{#1}\settowidth{\reasonwidth}{$\displaystyle\longest$}\addtolength{\reasonwidth}{5mm}}
\newcommand\reason[2]{\makebox[\reasonwidth][l]{$\displaystyle{#1}$}\mbox{#2}}

\renewcommand\inj[1]{\mathsf{in}_{#1}}
\newcommand\proj[1]{\pi_{#1}}
\newcommand{\dlt}{\sqsubseteq}
\newcommand\floor[1]{\lfloor{#1}\rfloor}
\newcommand\cf[1]{[\kern1pt{#1}\kern1pt]}
\newcommand\SBpr[1]{\SB{#1}\,\phi\,\rho}
\renewcommand\C[3]{\Tr C{#1}\kern1pt{#2}\kern1pt{#3}}
\renewcommand\Cr[1]{\C{#1}\Gamma\rho}

\newcommand\judge[3]{{#1}\force{#2}:{#3}}
\newcommand\Gjudge[2]{\judge\Gamma{#1}{#2}}%
\newcommand\forceUSN{\mathrel{\makebox[2pt][l]{$\force$}\raisebox{-3pt}[0pt][0pt]{\tiny{\textit{USN}}}}}
\newcommand\judgeUSN[3]{{#1}\forceUSN{#2}:{#3}}
\renewcommand\C[3]{\Tr C{#1}\kern1pt{#2}\kern1pt{#3}}
\renewcommand\Cr[1]{\C{#1}\Gamma\rho}
\newcommand\Irred[1]{\ensuremath{\mathrm{Irred}(#1)}}

\newcommand\seq[3]{#1_{#2},\ldots,#1_{#3}}
\newcommand\substtwo[5]{\subst{#1}{#2}{#3,\,#4/#5}}
\newcommand\substlist[5]{\subst{#1}{#2}{#3,\ldots,#4/#5}}
\newcommand\Unify[1]{\mathrm{Unify}(#1)}
\newcommand\fa[2]{\forall{#1}\kern1pt.\kern1pt{#2}}%
\newcommand\Judge[4]{\judge{#1;\,#2}{#3}{#4}}
%\renewcommand\infer[2]{\ensuremath{\dfrac{#2}{#1}}}%
\renewcommand\hat\widehat

\newenvironment{proofof}[1]{\addtolength{\topsep}{1mm}\begin{trivlist}\item[]\hspace{\parindent}{\em Proof of #1.}}{\qed\end{trivlist}}

\newcommand\lamcal{$\lambda$-calculus}
\newcommand\mut[2]{\mu#1.\,#2}
\renewcommand\star{^{\textstyle *}}

\newsavebox{\fterm}
\newsavebox{\gterm}
\savebox{\fterm}(40,20){
\begin{picture}(40,20)(-20,-20)
\put(0,0){\makebox(0,0){$f$}}
\put(-5,-5){\line(-1,-1){10}}
\put(5,-5){\line(1,-1){10}}
\end{picture}
}

\savebox{\gterm}(0,20){
\begin{picture}(0,20)(0,-20)
\thicklines
\put(0,0){\makebox(0,0){$g$}}
\put(0,-5){\line(0,-1){10}}
\end{picture}
}

\def\eps{\epsilon}
\def\edge#1#2#3{#1\stackrel{#2}{\imp}#3}
\def\trans#1{\stackrel{#1}{\imp}}
\def\sem#1{\mbox{$[\hspace{-0.15em}[$}#1\mbox{$]\hspace{-0.15em}]$}}
%\def\TS{{\mathcal{T}}}
%\def\FS{{\mathcal{F}}}
%\def\RS{{\mathcal{R}}}
\newcommand\DA[1]{_{#1}}
\def\lAC{\leq_{\rm AC}}
\def\lFIN{\leq_{\rm FIN}}

\begin{document}
\maketitle

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% CS611: SCRIBE NOTES GO HERE!
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\parindent=0pt%
\parskip=1em%

\newcommand\MM{M}

\section{Equirecursive Equality}

In the equirecursive view of recursive types, types are regular labeled trees, possibly infinite.  However, we still represent them by finite type expressions involving the fixpoint operator $\mu$.  There can be many type expressions representing the same type; for example, $\mut\alpha{1\to\alpha}$ and $\mut\alpha{1\to 1\to\alpha}$.  This raises the question: given two finite type expressions $\sigma$ and $\tau$, how do we tell whether they represent the same type?

In the isorecursive view, the finite type expressions $\sigma$ and $\tau$ themselves are the types, and there are no infinite types.  In this case, the question does not arise.

One might conjecture that two type expressions are equivalent (that is, represent the same type) iff they are provably so using ordinary equational logic with the unfolding rule $\mut\alpha\tau = \subst\tau{\mut\alpha\tau}\alpha$ and the usual laws of equality (reflexivity, symmetry, transitivity, congruence).  But this would not be correct.  To see why, let us formulate the problem more carefully.  

Suppose we have type expressions $\sigma,\tau,\ldots$ over variables $\alpha,\beta,\ldots$ defined by the grammar
\begin{align*}
\tau &::= 1 \bnf \sigma\to\tau \bnf \alpha \bnf \mut\alpha\tau,
\end{align*}
where $\tau$ is not a variable in $\mut\alpha\tau$.  Let $\SB\sigma$ be the type denoted by $\sigma$.  This is a possibly infinite regular labeled tree obtained from $\sigma$ by ``unfolding'' all $\mu$-subexpressions.

Write $\force\sigma=\tau$ if the equality of $\sigma$ and $\tau$ can be proved from the following axioms and rules:
\begin{gather*}
\force\mut\alpha\tau = \subst\tau{\mut\alpha\tau}\alpha
\qquad\qquad
\force\tau=\tau\\[1em]
\dfrac{\force\sigma=\tau}{\force\tau=\sigma}
\qquad
\dfrac{\force\sigma=\tau \quad \force\tau=\rho}{\force\sigma=\rho}
\qquad
\dfrac{\force\sigma_1=\sigma_2 \quad \force\tau_1=\tau_2}{\force\sigma_1\to\tau_1=\sigma_2\to\tau_2}
\end{gather*}
These rules generate the smallest congruence relation on type expressions satisfying the unfolding rule $\mut\alpha\tau = \subst\tau{\mut\alpha\tau}\alpha$.
One can show inductively that if $\force\sigma=\tau$, then $\SB\sigma=\SB\tau$, so the rules are sound.  However, they are not complete.  If we define
\begin{align}
\tau_0 &\definedas \mut\alpha{1\to 1\to\alpha} & \tau_{n+1} &\definedas 1\to\tau_n,\quad n\geq 0,\label{eq:taus}
\end{align}
then $\force\tau_{2m}=\tau_{2n}$ and $\force\tau_{2m+1}=\tau_{2n+1}$ for any $m$ and $n$, but not $\force\tau_n=\tau_{n+1}$.

\section{A Dangerous Proof System}
\label{sec:proofsystem}

\newcommand\judgeeq[3]{#1\force #2=#3}%
The following proof system is sound and complete for type equivalence, but great care must be taken, because the system is fragile in a sense to be explained.  Judgements are sequents of the form $\judgeeq E\sigma\tau$, where $E$ is a set of type equations.
\begin{gather*}
\judgeeq{E,\,\sigma=\tau}\sigma\tau \qquad\qquad \judgeeq E11\\[1em]
\dfrac{\judgeeq{E,\,\mut\alpha\sigma=\tau}{\subst\sigma{\mut\alpha\sigma}\alpha}\tau}
       {\judgeeq E{\mut\alpha\sigma}\tau}
\qquad
\dfrac{\judgeeq E\sigma\tau}{\judgeeq E\tau\sigma}
\qquad
\dfrac{\judgeeq E{\sigma_1}{\sigma_2}\quad\judgeeq E{\tau_1}{\tau_2}}{\judgeeq E{\sigma_1\to\tau_1}{\sigma_2\to\tau_2}}
\end{gather*}

For example, here is a proof in this system of $\judgeeq{}{\tau_0}{\tau_1}$ as defined in \eqref{eq:taus}:
\begin{center}
\mbox{\ }
\infer{\judgeeq{}{\tau_0}{1\to\tau_0}}
{\infer{\judgeeq{\tau_0=1\to\tau_0}{1\to 1\to\tau_0}{1\to\tau_0}}
{\infer{\judgeeq{\tau_0=1\to\tau_0}{1\to\tau_0}{1\to 1\to\tau_0}}
{{\judgeeq{\tau_0=1\to\tau_0}11}
&
{\judgeeq{\tau_0=1\to\tau_0}{\tau_0}{1\to\tau_0}}}}}
\end{center}

The rule for unfolding is quite unusual.  Note that the very equation we are trying to prove in the conclusion appears as an assumption in the premise!
This makes the system fragile.  In fact, it breaks if we add a transitivity rule
\[
\dfrac{\judgeeq E\sigma\tau\quad\judgeeq E\tau\rho}{\judgeeq E\sigma\rho}.
\]
On the surface, the transitivity rule seems quite harmless, and it seems like couldn't hurt to add it to our system.  However, with the addition of this rule, the system becomes unsound.  Here is a proof of the false statement $\judgeeq{}1{1\to 1}$:
\begin{center}
\mbox{\ }
\infer{\judgeeq{}1{1\to 1}}
{\infer{\judgeeq{}1{\mut\alpha 1}}
{\infer{\judgeeq{}{\mut\alpha 1}1}
{\judgeeq{\mut\alpha 1=1}11}}
&
\infer{\judgeeq{}{\mut\alpha 1}{1\to 1}}
{\infer{\judgeeq{\mut\alpha 1=1\to 1}1{1\to 1}}
{\infer{\judgeeq{\mut\alpha 1=1\to 1}1{\mut\alpha 1}}
{\infer{\judgeeq{\mut\alpha 1=1\to 1}{\mut\alpha 1}1}
{\judgeeq{\mut\alpha 1=1\to 1,\,\mut\alpha 1=1}11}}
&
{\judgeeq{\mut\alpha 1=1\to 1}{\mut\alpha 1}{1\to 1}}}}}
\end{center}

It is also essential that we explicitly rule out $\mut\alpha\alpha$; otherwise we would have
\[
\dfrac{\judgeeq{\mut\alpha\alpha=\tau}{\mut\alpha\alpha}\tau}
{\judgeeq{}{\mut\alpha\alpha}\tau}
\]
for any $\tau$.

\section{Types as Labeled Trees}

A more revealing view of the proof system given above is the _coinductive_ view, in which we try to find witnesses to the _inequivalence_ of two types.  The idea is that if $\SB\sigma\neq\SB\tau$, then there is a witness to that fact in the form of a common finite path from the roots of $\SB\sigma$ and $\SB\tau$ down to some point where the labels differ.  Moreover, one can calculate a bound $b$ on the length of such a witness if it exists.  The bound is quadratic in the sizes of $\sigma$ and $\tau$.  This gives an algorithm for checking equivalence: unfold the trees down to depth $b$, and search for a witness; if none is found, then none exists.

\newcommand\len[1]{|\kern1pt#1\kern1pt|}
This algorithm is still exponential in the worst case.  One can do better using an automata-theoretic approach.  We build deterministic automata out of $\sigma$ and $\tau$ and look for an input string on which they differ.  This will give an algorithm whose worst-case running time is proportional to $\len\sigma\cdot\len\tau$.

Let $\{L,R\}\star$ be the set of finite-length strings over $\{L,R\}$ ($L$=``left'', $R$=``right'').  We model (possibly infinite) types as partial functions $T:\{L,R\}\star\rightharpoonup\{1,\to\}$ such that
\begin{itemize}
\item
the domain of $T$ is nonempty and prefix closed (thus the empty string $\eps$ is always in the domain of $T$; this is called the _root_);
\item
if $T(x)=\,\to$, then both $xL$ and $xR$ are in $\dom T$;
\item
if $T(x)=1$, then neither $xL$ nor $xR$ is in $\dom T$; thus $x$ is a _leaf_.
\end{itemize}
We restrict our attention to the constructors $\to, 1$; we could add more if we wanted to, but these suffice for the purpose of illustration.

A _path_ in $T$ is a maximal subset of $\dom T$ linearly ordered by the prefix relation.  Paths can be finite or infinite.  A finite path ends in a leaf $x$, thus $T(x)=1$ and $T(y)=\,\to$ for all proper prefixes $y$ of $x$.  An infinite path has $T(x)=\,\to$ for all elements $x$ along the path.

Let $T$ be a type and $x\in\{L,R\}\star$.  Define the partial
function $T\DA x:\{L,R\}\star\rightharpoonup\{1,\to\}$ by
\begin{align*}
T\DA x(y) &\definedas T(xy).
\end{align*}
If $T\DA x$ has nonempty domain, then it is a type.  Intuitively, it
is the subexpression of $T$ at position $x$.

A type $T$ is _finite_ if its domain $\dom T$ is a finite set.
By K\"onig's Lemma, a type is finite iff it has no infinite paths.
A type $T$ is _regular_ if $\{T\DA x \mid x\in\{L,R\}\star\}$ is a finite set.

\section{Term Automata}
\label{sec:automata}

Types can be represented by a special class of automata called _term automata_.  These can be
defined over any signature, but for our application, we consider only term automata over $\{\to,1\}$.  A term automaton over this signature consists of
\begin{itemize}
\item
a set of _states_ $Q$;
\item
a _start state_ $s\in Q$;
\item
a partial function $\delta: Q\times\{L,R\}\rightharpoonup Q$ called the _transition function_; and
\item
a (total) _labeling function_ $\ell:Q\to\{\to, 1\}$,
\end{itemize}
such that for any state $q\in Q$,
\begin{itemize}
\item
if $\ell(q)=\,\to$, then both $\delta(q,L)$ and $\delta(q,R)$ are defined; and
\item
if $\ell(q)=1$, then both $\delta(q,L)$ and $\delta(q,R)$ are undefined.
\end{itemize}

The partial function $\delta$ extends naturally to a partial function
$\hat\delta : Q\times\{L,R\}\star\to Q$ inductively as follows:
\begin{align*}
\hat\delta(q,\eps) &\definedas q &
\hat\delta(q,xa) &\definedas \delta(\hat\delta(q,x),a).
\end{align*}
For any $q\in Q$, the domain of the partial function
$\lam x{\hat\delta(q,x)}$ is nonempty (it always contains
$\eps$) and prefix-closed.  Moreover, the partial function
$\lam x{\ell(\hat\delta(q,x))}$ is a type.  The
type _represented by $\MM$_
is the type
\begin{align*}
\SB\MM &\definedas \lam x{\ell(\hat\delta(s,x))},
\end{align*}
where $s$ is the start state.

Intuitively, $\SB\MM(x)$ is determined by starting in the start
state $s$ and scanning the input $x$, following transitions of
$\MM$ as far as possible.  If it is not possible to scan all of
$x$ because some transition along the way does not exist,
then $\SB\MM(x)$ is undefined.  If on the other hand $\MM$ scans
the entire input $x$ and ends up in state $q$, then $\SB\MM(x)=\ell(q)$.

One can show that a type $T$ is regular iff $T=\SB\MM$
for some term automaton $\MM$ with finitely many states.
This is also equivalent to being $\SB\tau$ for some finite type
expression $\tau$.
To construct a term automaton $\MM_\tau$ from a closed finite type expression $\tau$, take
the set of states of $\MM_\tau$ to be the smallest set $Q$ such that
\begin{itemize}
\item
$\tau\in Q$;
\item
if $\sigma\to\rho\in Q$, then $\sigma\in Q$ and $\rho\in Q$; and
\item
if $\mut\alpha\sigma\in Q$, then $\subst\sigma{\mut\alpha\sigma}\alpha\in Q$.
\end{itemize}
The set $Q$ so defined is finite.
The start state is $\tau$.  The transition function is given by the following rules:
\begin{itemize}
\item
$\delta(\sigma\to\rho,L) \definedas \sigma$;
\item
$\delta(\sigma\to\rho,R) \definedas \rho$;
\item
$\delta(1,D)$ is undefined, $D\in\{L,R\}$;
\item
$\delta(\mut\alpha\sigma,D) \definedas \delta(\subst\sigma{\mut\alpha\sigma}\alpha,D)$, $D\in\{L,R\}$.
\end{itemize}
(The restriction that $\mut\alpha\sigma$ is not a variable is crucial here.)
The labeling function is given by:
\begin{itemize}
\item
$\ell(\sigma\to\rho) \definedas\, \to$
\item
$\ell(1) \definedas 1$
\item
$\ell(\mut\alpha\sigma) \definedas \ell(\subst\sigma{\mut\alpha\sigma}\alpha)$.
\end{itemize}
Then $\SB\tau=\SB{\MM_\tau}$.

For those with an interest in such things, term automata are exactly the coalgebras of signature $\{\to,1\}$ over the category of sets.  The map $\MM\mapsto\SB\MM$ is the unique morphism from the coalgebra $\MM$ to the final coalgebra, which consists of the finite and infinite types.

\section{A Coinductive Algorithm for Type Equivalence}

Now given pair $\sigma,\tau$ of finite type expressions, $\SB\sigma=\SB\tau$ iff for all $x\in\{L,R\}\star$, $\SB\sigma(x)=\SB\tau(x)$; equivalently, $\SB\sigma\neq\SB\tau$ iff there exists $x\in\dom{\SB\sigma}\cap\dom{\SB\tau}$ such that $\SB\sigma(x)\neq\SB\tau(x)$.  Form the two term automata $\MM_\sigma=(Q_\sigma,\,\delta_\sigma,\,\ell_\sigma,\,s_\sigma)$ and $\MM_\tau=(Q_\tau,\,\delta_\tau,\,\ell_\tau,\,s_\tau)$.  Then form the product automaton $\MM_\sigma\times\MM_\tau$ with states $Q_\sigma\times Q_\tau$, transition function $\lam{((p,q),D)}{(\delta_\sigma(p,D),\delta_\tau(q,D))}$, start state $(s_\sigma,s_\tau)$, and labeling function $\lam{(p,q)}{(\ell_\sigma(p),\ell_\tau(q))}$. The product automaton runs the two automata $\MM_\sigma$ and $\MM_\tau$ in parallel on the same input data.  Then $\SB{\MM_\sigma}\neq\SB{\MM_\tau}$ iff there exists an input string $x\in\{L,R\}$ that causes the product automaton to move from its start state to a state $(p,q)$ such that $\ell_\sigma(p)\neq\ell_\tau(q)$.  This can be determined by depth-first search in time linear in $\len{\MM_\sigma\times\MM_\tau}$, which is roughly $\len{\MM_\sigma}\cdot\len{\MM_\tau}$.  This give a quadratic algorithm for testing type equivalence.

\section{Subtyping}

In this section we indicate how to extend the algorithm to handle equirecursive subtyping.  Here we take types to be finite and infinite terms over the ranked alphabet $\Sigma =
\{\bot,\to,\top,1\}$, where $\to$ is binary and $\bot$, $\top$, $1$ are constants.  The type $\bot$ is supposed to be a subtype of all types and the type $\top$ is supposed to be a supertype of all types.

The finite types are ordered naturally by the binary relation $\lFIN$ defined inductively by
\begin{enumerate}
\renewcommand\labelenumi{(\roman{enumi})}
\item $\bot \lFIN \tau \lFIN \top$ for all finite $\tau$;
\item if $\sigma'\lFIN\sigma$ and $\tau\lFIN\tau'$ then $\sigma\to\tau\lFIN\sigma'\to\tau'$.
\end{enumerate}
Note that the converse of (ii) holds as well. This relation captures
the natural type inclusion order in that it is covariant
in the range and contravariant in the domain of a function type.

In order to handle recursive types, we need to extend the ordering
$\lFIN$ to infinite types in a natural way.  One natural definition
involves infinite sequences of finite approximations.  Here we use
an equivalent and simpler definition that does not involve approximations.

The _parity_ of a string $x\in\{L,R\}\star$, denoted $\pi x$, is the number mod 2 of
$L$'s in $x$. A string $x$ is said to be _even_ if $\pi x = 0$ and _odd_ if $\pi x = 1$.

Let $\leq_0$ and $\leq_1$ be the following two partial orders on $\Sigma$:
\[
\begin{array}{rcccl@{\qquad\qquad}rcccl}
\bot &\leq_0& \to &\leq_0& \top & \top &\leq_1& \to &\leq_1& \bot\\
\bot &\leq_0& 1 &\leq_0& \top & \top &\leq_1& 1 &\leq_1& \bot.
\end{array}
\]
Note that $\leq_0$ and $\leq_1$ are reverses of each other.
For types $\sigma,\tau$, define $\sigma\leq\tau$ if $\sigma(x) \leq_{\pi x}
\tau(x)$ for all $x\in\dom\sigma\cap\dom\tau$.

One can show without much difficulty that 
the relation $\leq$ is a partial order on types and agrees with
$\lFIN$ on the finite types.  In particular, for any $\sigma$, $\tau$, $\sigma'$, $\tau'$,
\begin{enumerate}
\renewcommand\labelenumi{(\roman{enumi})}
\item $\bot\leq\tau\leq\top$
\item $\tau\leq\bot$ if and only if $\tau = \bot$
\item $\top\leq\tau$ if and only if $\tau = \top$
\item $\sigma\to\tau\leq \sigma'\to\tau'$ if and only if $\sigma'\leq\sigma$ and $\tau\leq\tau'$.
\end{enumerate}

\section{An Algorithm}

To decide whether $\SB\sigma\leq\SB\tau$ for
two given type expressions $\sigma$ and $\tau$, we proceed as in Section \ref{sec:automata}.
We first construct the term automata $\MM_\sigma$ and $\MM_\tau$, then
form their product; however, we also include one extra bit of information
in the state to record the parity of the path scanned so far.  This is to account for
contravariance of function types in their domain.

Recall that $\SB\sigma\leq\SB\tau$ iff $\SB\sigma(x)\leq_{\pi x}\SB\tau(x)$ for all $x\in\dom{\SB\sigma}\cap\dom{\SB\tau}$.  Equivalently, $\SB\sigma\not\leq\SB\tau$ iff the set
\[
\{x\in\dom{\SB\sigma}\cap\dom{\SB\tau} \mid \SB\sigma(x)\not\leq_{\pi x}\SB\tau(x)\}
\]
is nonempty.  This is a regular subset of $\{L,R\}\star$, as it is the set accepted by the finite-state automaton
\(
(Q,\,\{L,R\},\,s,\,\delta,\,F)
\)
where
\begin{itemize}
\item
$Q \definedas Q_\sigma\times Q_\tau\times\{0,1\}$ are the states;
\item
$s \definedas (s_\sigma,s_\tau,0)$ is the start state;
\item
$\delta:Q\times\{L,R\}\to Q$ is the partial function which
for $b\in\{0,1\}$, $D\in\{L,R\}$, $p\in Q_\sigma$, and $q\in Q_\tau$ gives
\(
\delta((p,q,b),D) &\definedas& (\delta_\sigma(p,D),\delta_\tau(q,D),b\oplus\pi D)
\)
where $\oplus$ denotes mod 2 sum;
\item
$F \definedas \{(p,q,b) \mid \ell_\sigma(p)\not\leq_b\ell_\tau(q)\}$ is the set of accept states.
\end{itemize}
Then $\delta((p,q,b),D)$ is defined if
and only if $\ell_\sigma(p)=\ell_\tau(q)=\ \to$.  The automaton is
nondeterministic only in that the state $(p,q,b)$ has no
$D$-successors if either $\ell_\sigma(p)$ or
$\ell_\tau(q)\in\{\bot,\top,1\}$.  If $\ell_\sigma(p)=\ell_\tau(q)=\ \to$,
then the $D$-successor of $(p,q,b)$ is defined and is unique.

Now to decide whether $\SB\sigma\leq\SB\tau$, we construct the automaton and ask
whether it accepts a nonempty set, that is, whether there exists a path
from the start state to some final state.  This can be determined in
linear time in the size of the automaton using depth first search.

The automaton has $2\cdot\len{Q_\sigma}\cdot\len{Q_\tau}$ states and at most
two transition edges from each state.  Thus the entire algorithm takes
no more than $O(\len\sigma\cdot\len\tau)$ time, where $\len\sigma$ and $\len\tau$ are the
sizes of the original type expressions representing the regular terms $\SB\sigma$ and $\SB\tau$.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\end{document}