Partiality, State and Dependent Types Kasper Svendsen 1 , Lars Birkedal 1 , and Aleksandar Nanevski 2 1 IT University of Copenhagen {kasv,birkedal}@itu.dk 2 IMDEA Software aleks.nanevski@imdea.org Abstract. Partial type theories allow reasoning about recursively-deﬁned computations using ﬁxed- point induction. However, ﬁxed-point induction is only sound for admissible types and not all types are admissible in suﬃciently expressive dependent type theories. Previous solutions have either introduced explicit admissibility conditions on the use of ﬁxed points, or limited the underlying type theory. In this paper we propose a third approach, which supports Hoare- style partial correctness reasoning, without admissibility conditions, but at a tradeoﬀ that one cannot reason equationally about eﬀectful computations. The resulting system is still quite expressive and useful in practice, which we conﬁrm by an implementation as an extension of Coq. 1 Introduction Dependent type theories such as the Calculus of Inductive Constructions [2] provide powerful languages for integrated programming, speciﬁcation, and veriﬁcation. However, to maintain soundness, they typically require all computations to be pure and terminating, severely limiting their use as general purpose program- ming languages. Constable and Smith [9] proposed adding partiality by introducing a type τ of potentially non- terminating computations of type τ , along with the following ﬁxed point principle for typing recursively deﬁned computations: if M : τ →τ then ﬁx(M ): τ Unfortunately, in suﬃciently expressive dependent type theories, there exists types τ for which the above ﬁxed point principle is unsound [10]. For instance, in type theories with subset-types, the ﬁxed point principle allows reasoning by a form of ﬁxed point induction, which is only sound for admissible predicates (a predicate is admissible if it holds for the limit whenever it holds for all ﬁnite approximations). Previous type theories based on the idea of partial types which admit ﬁxed points have approached the admissibility issue in roughly two diﬀerent ways: 1. The notion of admissibility is axiomatized in the type theory and explicit admissibility conditions are required in order to use ﬁx. This approach has, e.g., been investigated by Crary in the context of Nuprl [10]. The resulting type theory is expressive, but admissibility conditions lead to signiﬁcant proof obligations, in particular, when using Σ types. 2. The underlying dependent type theory is restricted in such a way that one can only form types that are trivially admissible. This approach has, e.g., been explored in recent work on Hoare Type Theory (HTT) [21]. The restrictions exclude usage of subset types and Σ types, which are often used for expressing properties of computations and for modularity. Another problem with this approach is that since it limits the underlying dependent type theory one cannot easily implement it as a simple extension of existing implementations. In this paper we explore a third approach, which ensures that all types are admissible, not by limiting the underlying standard dependent type theory, but by limiting only the partial types. The limitation on partial types consists of equating all eﬀectful computations at a given type: if M and N are both of type τ , then they are propositionally equal. Thus, with this approach, the only way to reason about eﬀectful computations is through their type, rather than via equality or predicates. With suﬃciently expressive types, the type of an eﬀectful computation can serve as a partial correctness speciﬁcation of the computation. Our hypothesis is that this approach allows us to restrict attention to a subset of admissible types, which is closed under the standard dependent type formers and which suﬃces for reasoning about partial correctness.