Mathematical Structures in Computer
Science
http://journals.cambridge.org/MSC
Additional services for Mathematical
Structures in
Computer Science:
Email alerts: Click here
Subscriptions: Click here
Commercial reprints: Click here
Terms of use : Click here
Simulating expansions without expansions
Roberto Di Cosmo and Delia Kesner
Mathematical Structures in Computer Science / Volume 4 / Issue 03 / September 1994, pp 315 - 362
DOI: 10.1017/S0960129500000505, Published online: 04 March 2009
Link to this article: http://journals.cambridge.org/abstract_S0960129500000505
How to cite this article:
Roberto Di Cosmo and Delia Kesner (1994). Simulating expansions without expansions.
Mathematical Structures in Computer Science, 4, pp 315-362 doi:10.1017/
S0960129500000505
Request Permissions : Click here
Downloaded from http://journals.cambridge.org/MSC, IP address: 138.251.14.35 on 02 Apr 2015
Math. Struct, in Comp. Science (1994), vol. 4, pp. 315-362 Copyright © 1994 Cambridge University Press
Simulating expansions without expansions
ROBERTO DI COSMO* and DELIA KESNER*
f
DMI-LIENS (CNRS URA 1347) Ecole Normale Superieure - 45, Rue dVlm 75230 Paris France
email: dicosmoSdmi.ens.fr
*INRIA Rocquencourt - Domaine de Voluceau, BP 105 - 78153 Le Chesnay Cedex, France
and CNRS and LRI - Bat 490, Universite de Paris-Sud - 91405 Orsay Cedex, France
email: kesnerQlri.lri.fr
Received 2 May 1993; revised 18 December 1993
We add extensional equalities for the functional and product types to the typed A-calculus
with, in addition to products and terminal object, sums and bounded recursion (a version of
recursion that does not allow recursive calls of infinite length). We provide a confluent and
strongly normalizing (thus decidable) rewriting system for the calculus that stays confluent
when allowing unbounded recursion. To do this, we turn the extensional equalities into
expansion rules, and not into contractions as is done traditionally. We first prove the calculus
to be weakly confluent, which is a more complex and interesting task than for the usual
1-calculus. Then we provide an effective mechanism to simulate expansions without
expansion rules, so that the strong normalization of the calculus can be derived from that of
the underlying, traditional, non-extensional system. These results give us the confluence of
the full calculus, but we also show how to deduce confluence directly form our simulation
technique without using the weak confluence property.
1. Introduction
Over recent years there has been a growing interest in the properties of A-calculus
extended with various different type constructors (in particular pairs and sums) used to
represent common data types. For these type constructors it is customary to provide a
set of equalities that are then turned into computation rules. An example of these are the
elimination rules for pairs:
fa)
7ii((M,JV»
=
M
(n2) n2((M,N))
=
N,
which tell us how to operationally compute with objects of these types: if we have a pair
{M,N), we can decompose it to access its first or second component.
There is, however, something else that one likes to do with 1-calculus besides using
A-terms as programs to be computed: one would like to reason about programs to prove
that they enjoy certain properties. It is here that extensional equalities come into play.
In the case of functions, for example, as the only operational way to use a function is
to apply it to an argument, we do not really want to consider a term M of function
type different from the term Xx.Mx, where x does not occur free in M - both terms,
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
316
when applied to an argument N, give the same result MN. Similarly, for pairs, the only
operational way to use a pair is by projecting out the first or the second component, so we
do not want to consider a term M of product type different from the term (ni(M),U2(M))
— the result of accessing either of these two terms via a first or second projection is the
same term n\(M) or ^ ( M ) .
These facts can be incorporated in the calculus in the form of equalities, which one can
read in at least two different ways:
— an operational way: these equalities just state possible optimizations of a program.
Since a term (ni(M),^(M))
is more complex then M, but behaves in the same way,
it is convenient to replace all its occurrences by M, as this transformation will yield
an equivalent, but more efficient and smaller program. Similarly, we will replace every
occurrence of kx.Mx by M.
— a theoretical way: these equalities state a relation between a program and its type.
They just tell us that whenever a term M has a functional type, it must really be a
function built by 1-abstraction, so we ought to replace it by kx.Mx if it is not already
a function. Similarly, a term M of product type really has to be a pair, built via the
pair constructor, or it must be replaced by (ni(M),U2(M)).
As we will briefly see in the Survey, a lot of research activity has focused on the
operational reading of these equalities in the tradition of 1-calculus, while only a little
on the theoretical reading. In this paper we will show how this latter reading of the
equalities provides a confluent and strongly normalizing reduction system for the simply
typed A-calculus with pairs, sums, unit type (or terminal object) and a bounded recursion
operator. We also show that the same reduction system stays confluent when allowing
unbounded recursion, while of course losing the strong normalization property.
1.1. Survey
Because of the deep connections between /l-calculus, proof theory and category theory,
work on extensional equalities has appeared with different motivations in all these fields.
By far, the best-known extensional equality is the r\ axiom that we informally introduced
above, written in the A-calculus formalism as
(n)
Xx.Mx = M
provided x is not free in M
This axiom, also known as extensionality, has traditionally been turned into a reduction
(carrying the same name), by orienting the equality from left to right and operationally
interpreting equality as a contraction. Such an interpretation is well behaved, as it preserves
confluence (Curry and Feys 1958).
In the early 70's, attention was focused on products and the extensional rule for pairs,
called surjective pairing, which is the analog for product types of the usual rj extensional
rule:
(SP)
(m(M),n2(M)) = M
With the previous experience of the n rule, it is easy to understand how, at that time,
most people thought that the right way to turn such an equality into a rewrite rule was
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
317
also from left to right, as a contraction. But in 1980, J. W. Klop discovered (Klop 1980)
that, if added to the usual confluent rewrite rules for pure 1-calculus, this interpretation
of SP breaks confluence'.
However, this first negative result was soon mitigated in Pottinger (1981), for the simply
typed A-calculus with n and SP contractions by providing a first proof of confluence and
strong normalization, which was later simplified in different ways (see Troelstra (1985) or
Girard, Lafont, and Taylor (1990), for example). From then on, the contraction rule for
SP was not considered harmful in a typed framework until the seminal work by Lambek
and Scott (Lamb and Scott 1986). There, the decision problem of the equational theory of
Cartesian Closed Categories (ccc's) is solved using a particular typed A-calculus equipped
not only with n and SP equalities, but also with a special type T representing the terminal
object of the ccc's*. This distinguished atomic type comes with a further extensional axiom
asserting that there is exactly one term * of type T:
(Top)
M :T= •
Now, the type T has the bad property of destroying confluence, if the extensional equalities
r\ and SP are turned into contraction rules: the following are the critical pairs that arise
immediately, as first pointed out by Obtulowicz, (see Lambek and Scott (1986)):
(7n(x),n2(x)) =>SP x
(nl(x),n2(x))
(*,n2(x))
(ni(x),*)
=>Sp x
(Xx : T.Mx) : T - • 4 =>,, M
(Xx : A.Mx) : A -> T =>„ M
(Ax : T.M-) : T - • ^
(Ax : /I.*) : A - • T
It is indeed possible, but not easy, to extend the contractive reduction system in order
to recover confluence. A first step towards such a confluent system was taken by Poigne
and Voss (Poigne and Voss 1987), who were not inspired by category theory, but by
the implementation of algebraic data types. Their paper studies a calculus that includes
X^/lnn*, and they observe that to solve the previous critical pairs one needs to add
an infinite number of reduction rules (that can, however, be finitely described). Then
confluence of such an extended system can be proved by showing weak confluence and
strong normalization. Unfortunately, the critical pair for (Ax : A.Mx) : T —• A is missing
there, and the strong normalization proof is incomplete.
More recently, Curien and the first author became interested in a polymorphic extension
of XlPnn*, which arose in the study of the theory of object oriented programming and of
isomorphisms of types (Curien and Di Cosmo 1991). They give a complete (infinite) set
of reduction rules for the calculus, which is proved confluent using just weak confluence,
weak normalization and some additional properties.
' See Barendregt (1984), pp. 403-409 for a short history and references,
•f This is the Unit type in languages like ML.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
318
Meanwhile, in the field of proof theory, Prawitz was suggesting (Prawitz 1971) that these
extensional equalities be turned into expansion rules rather than contractions. Building on
such ideas, but motivated by the study of coherence problems in category theory, Mints
gives a first, faulty, proof that in the typed framework expansion rules, if handled with
care, are weakly normalizing and preserve confluence of the typed calculus (Mints 1979)'.
This idea of using expansion rules seems to have passed unnoticed for a long time,
even though the so-called fj-long normal forms were well known and used in the study
of higher order unification problems (Huet 1976): only in recent years has there been
a renewed interest in expansion rules. Jay in recent work (Jay 1992), still motivated by
category theoretic investigation, explores a simply typed A-calculus that has only T and
a natural number type N as base types, and is equipped with an induction combinator
for terms of type N. He introduced expansion rules for n and SP that are exactly the
same as the ones originally used by Mints, and in Jay and Ghani (1992) this calculus
is proved confluent and strongly normalizing. Category theory is also the motivation of
Cubric (Cubric 1992), who repaired the error in the original proof by Mints, showing
confluence (by means of a careful study of residuals) as well as weak normalization
(but not strong normalization). An interesting divide-and-conquer approach is proposed
in Akama (1993), where confluence and strong normalization are shown in a modular
way. Finally, in Dougherty (1993), confluence is shown via the usual Newman's Lemma,
and strong normalization by means of a variation of the reducibility proof based on
introduction rather than elimination terms.
1.2. Our work
The present paper is inspired especially by Jay (1992) and Poigne and Voss (1987). We
use expansion rules to provide a confluent rewriting system for the typed /l-calculus with
sums and recursion in addition to products and terminal object. This result is derived
from the confluence of a restricted system in which recursion is bounded (recursive calls
of infinite length are not allowed), which is proved to be weakly confluent and strongly
normalizing.
We show that strong normalization of the full system can be reduced to that of the
system without expansion rules, for which the traditional techniques can be used. For this
purpose, we show that any one step reduction in the calculus with expansions can be
simulated by a non-empty reduction sequence in the calculus without expansions. It turns
out that this result is powerful enough to prove the confluence property directly as well,
as shown in Section 7.
Since the reduction with expansion rules is not a congruence, several fundamental
properties that hold for the well-known typed A-calculi have to be reformulated in the
expansionary framework in a different way, as we will see in Section 4. For this reason we
believe that the system with expansion rules deserves to be studied much more carefully,
so we will undertake the task of proving weak confluence directly, which will lead us to
uncover many of the essential features of this reduction.
I The same idea is present in (Mints 1977).
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
319
We introduce the calculus and its reduction system in Section 2, then we investigate the
key properties of the new reduction system: weak confluence (Section 4) and strong normalization (Section 5). In Section 7 we derive the confluence property in two different ways,
and, finally, we discuss some further applications of our proof techniques in the conclusion.
An extended abstract of this work can be found in Di Cosmo and D. Kesner (1993a).
2. The calculus
It is now time to introduce the calculus we will deal with in this paper. There are two
versions, one with bounded recursion, and the other with unbounded recursion, that differ
only in the term formation rule and in the equality rule for recursive terms. We will now
introduce the calculus with bounded recursion and then describe how the unbounded
version can be obtained from it.
2.1. Types and terms
The set of types of our calculus contains a distinguished type constant T ' , a denumerable
set of atomic or base types, and is closed with respect to formation of function, product
and sum, i.e. if A and B are types, A —• B, A x B and A + B are types also.
For each type A, we fix a denumerable set of variables of that type. We will use
x,y,z,... to range over variables, and for a term M we write M : A to mean that M is a
term of type A.
The term formation rules of the calculus can then be presented as follows:
rh* :T
1 <i
X\ . A.\y . . . , Xn . An
<n
r i - M : A->B
T,x :A\- M : B
r\-kx:
r\-M
and the x,'s are pairwise distinct
h X,- . Aj
A.M r : ^ 1 - > B
:A
r h (MJV) :B
n-M:B, x B2
rhiV :B
r\- {M,N) : X x B
r\-M
T,x : / l l -
r h 7c,(M) :Bt
•Bi
FhP:
T h ini 1+ft (Af ) : B i + B 2
r h i V :A
^ 1+ ^ 2
r ^Mr.Ai^D
r \-Case{P,Mi ,M2):D
M :^
T h (rec x : AM)1 : A
' This stands for the terminal object in ccc's or for the Unit type in languages like ML.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
320
We may omit types of variables in 1-abstractions when they are clear from the context,
writing Xy.M instead of Xy : CM.
Notation 2.1. (Free variables, substitutions)
The set of free variables of a term M will be noted FV(M). It can be defined inductively
as follows:
FV(*)
=0
FV(x)
={x}
=FV(M)
FV(OA)
FV(MN)
=FV(M) + FV(N)
FV((M,N))
=F V(M) + F V(N)
=FV(M) - {x}
FV(Xx : AM)
FV((rec x : AM)1) =FV(M) - {x}
FV(in\.(M))
=FV(M)
2
=FV(M)
FV(in c(M))
FV(ni(M))
=FV(M)
=FV(M)
FV(n2(M))
FV(Case(P, M, N))=FV(P) + FV(M) + FV(N)
(often abbreviated [N/x]) for the typed substitution
We write [Ni,...,Nn/xi,...,xn]
mapping each variable x, : At to a term Nt : At. We write M[iV/x] for the term M where
each variable x, free in M is replaced by Nt.
2.2. Equality
As well as the usual identification of terms up to a conversion (i.e. renaming of bound
variables), our calculus is equipped with the equality E on terms generated from the
following axioms.
(rec)
(Xx : AM)N
n\((M\,M2))
n2((MuM2))
Case(inlc(R),MuM2)
Case(in2c(R),MuM2)
(rec y : CM)i+l
= M[N/x]
= Mi
= M2
= M{R
= M2R
= M[(rec y : C.M)'/y]
(n)
Xx : A.Mx
= M i:
(P)
(n\)
(n2)
(p)
(S)
{nx(M),n2(M))
(Top) M
= M if M : A x B
= * if M :T
The index i that is attached to each rec term is a bound on the depth of the recursive
calls that can originate from it. With such a bound, it is possible to insure the strong
normalization of the associated reduction system.
The unbounded system is obtained from the bounded one by simply erasing all the
bound indexes from the formation and equality rules (and the associated reduction rules).
As we will show later, the bounded system can simulate any finite reduction of the
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
321
unbounded system, and this fact will make it easy to extend the confluence result for the
bounded system to the unbounded one. For simplicity, we will explicitly note the bound
index only when necessary, dropping it whenever the properties we discuss hold in both
systems.
3. The confluent rewriting system
The non-extensional equality rules and the rule for T can be turned into a confluent
rewriting system by orienting them from left to right, as follows
(P)
(m)
(p)
(rec)
(Top)
(Xx : AM)N
7r,((M1,M2))
Case(iric(R),MuM2)
(rec y : CM)i+l
M
—>
—>
—>
—>
—>
M[N/x]
Mi, for i= 1,2
MtR, for i = 1,2
M[(rec y : CMf/y],
for i > 0
* if M : T and M ^ *
But when we want to turn the extensional equalities for functions and pairs into
expansions, as explained very clearly by Jay (Jay 1992), we must be careful to avoid the
following reduction loops:
XxM
(M,N)
MN
m(P)
^
Xy.(XxM)y
-> (7r,«M,N)),7r2«M,JV)))
-N*
(XxMx)N
->
Kidnap),n2(P)))
~> XyM[y/x]
-> (M,N)
~> MN
^
m(P)
=a XxM
To break the first two loops we must disallow expansions of terms that are already
A-abstractions or pairs:
x <$. FV(M)
M —> Xx : A.Mx if > , ,
„
, „ .
, ,
[ M : A -* B and M is not a A-abstraction
(8) M —> (nl(M),n2(M)) if { M : A x B and M is not a pair
But this is not enough: to break the last two loops, we must also forbid the r\ expansion
of a term in a context where this term is applied to an argument, and d expansion of
a term when such a term is the argument of a projection. This means that we cannot
define the one-step reduction relation =s> on terms as the least congruence on terms
containing the above reductions —> , as is usually done. Instead, we formally define
M => M' starting from —> by induction on the structure of the term. The definition is
the same as a congruence closure except for the last two cases.
We will write M —+ M' if M —'-+ M', for some i and —^> stands for a —> step that
is not a y step. The one-step reduction relation between terms, denoted = > , is defined
as follows:
Definition 3.1. (One-step reduction)
(n)
— If M —> M', then M => M'
— if M = > M', then (rec x : AM)1 => (rec x : AM')1
Case(M, N, 0) = > Case(M', N, 0) inlc(M) = > inlc(M')
Case(N, M, 0) = > Case(N, M,' 0) in2c(M) = > in2c(M')
Case(N, 0, M) = > Case(N, 0, M') Xx: AM = > X x : AM'
http://journals.cambridge.org
Downloaded: 02 Apr 2015
(M, N) = > (M', N)
(N, M) = > (JV, M')
NM = > NM'
IP address: 138.251.14.35
JR. Di Cosmo and D. Kesner
322
— If M = > M' but M - ^ M', then MAT = > M'N
— If M = > M' but M -^-> M', then m(M) = > 7i,(M') for i = 1,2
Notation 3.2. The transitive and the reflexive transitive closures of = > are written ==>+
and = > * , respectively. Similarly, we define =^=>, =^=>+ and =^>* for the unbounded
system.
We will use some standard notions from the theory of rewriting system, such as redex,
normal form, confluence, weak confluence, strong normalization, etc., without explicitly
redefining them here.
It is also useful to define a notion of influential positions of a term: informally, a position
in a term is influential if the subterm occurring at that position cannot be expanded at the
root. For example, M occurs at an influential position in the term MN, as r\ expansion is
forbidden on M, whether it is a /^-abstraction or not. Obviously, a position in a term can
be influential for n or for 5, but not for both. This notion can be properly formalized by
induction on the structure of the terms (see Di Cosmo and Kesner (1993b)).
3.1. Adequacy of expansions for extensional equalities
First, it is necessary to show that the limitations imposed on the reduction system do not
make us lose any valid equality. We will show that the reduction system just introduced
really generates the equalities we defined for the calculus. This comes from the fact that
the limitations imposed on the reductions are introduced exactly to avoid reduction loops.
Theorem 3.3. ( ==> generates E) The equality E and the reflexive, symmetric and transitive
closure R of ==> are the same relation.
Proof. The fact that R is included in E is evident, as all the reductions rules are derived
from the equality axioms by orienting and restricting them.
What we are left to show is E £ R. It is enough to show that whenever M = N comes
from a single equality axiom, we can either rewrite M to JV or N to M (since R is reflexive,
symmetric and transitive, the other cases will follow trivially).
The basic idea of the proof is to associate to each of these equality steps a reduction
step in R. This is done in the obvious way, except in the cases that would violate one
of the restrictions imposed on the expansion rules, which we will solve using exactly the
reduction loop that this restriction is supposed to prevent.
Here are the problematic cases and how to deal with them. We use the usual context
notation C [M] to indicate a particular occurrence of a subterm M of interest in the term
C[M].
— C[Xx.M] = , C[Xy.(Xx.M)y]. We cannot associate an tj reduction to this equality, as we
cannot expand something that is already an abstraction. But we can associate to it a
P reduction from C[Xy.(Xx.M)y] to C[Xy.M[y/x\] = C[Xx.M].
— C[{M,N}] =s {ni{(M,N)),n2({M,N)))].
We cannot expand something that is already
a pair, but we can use the 7t,'s reduction from (ni((M,N)),Tt2{(M,N)))] to C[(M,N)].
— C[MN] =n C[{Xx.Mx)N]. Here we cannot expand M, which is in an influential
position, but again we can use ft to go from C[(Xx.Mx)N] to C[MN] (recall that
x (£ FV(M)).
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
323
— C[nt(P)] =$ C[ni((ni(P),n2{P)))]. We cannot expand P, but we can use the 7r,'s to go
to C[K,{P)] from C W ( n ( P ) ! ) t 2 ( P ) ) ) ] .
•
3.2. Basic properties of the calculus
Our calculus enjoys the Subject Reduction property, which guarantees that reduction
preserves types.
Proposition 3.4. (Subject Reduction) If T I- R : C and R = > R', then F h R' : C.
Proof. By cases, using the following two lemmas
Lemma 3.5. If T,x : A h M : C and x £ FK(M), then T h M : C.
Lemma 3.6. If F,x : A h M : C and T h iV : A, then T I- M[iV/x] : C.
Another remarkable property of this calculus can be stated as follows:
Lemma 3.7. If M is in normal form with respect to the system without the tj, 8 and Top
rules and M"^> R, then R is in normal form with respect to the system without n, 8 and
Top.
Proof. Suppose M has no /?, nt, p or rec redexes. Notice first that a p redex cannot
be created in R as there is no way to introduce an in' expression using the n, 8 and Top
rules. The same for rec. We are left with the following two cases:
— Suppose R has a /? redex. Then R = C[(Xx.P)N] and since M contains no /J redexes,
we have, necessarily, M = C[SiV], P = Sx and S -?-* Ax.Sx. But this is not possible,
because r\ expansions are not allowed on terms appearing in influential positions for
n— Suppose R has a rc, redex. Then R = C[7c,((M, N))], and since M contains no
7i,'s redexes, we have, necessarily, M = C[7t,(T)], M = n\{T), N = U2{T) and
T —> (7ti(T),7t2(T)). But this is not possible, because 8 expansions are not allowed
Q
on terms appearing in influential positions for 8.
Corollary 3.8. If M is in normal form with respect to the system without the n, 8 and
Top rules, then the {t],8, Top)-normal form of M is in normal form.
4. Weak confluence
In this section we set out to prove that the reduction system proposed above is actually
weakly confluent, i.e. that whenever M' < = M = > M" we can find a term M'" such
that M' = > * M'" *<= M". The proof is rather more complex here than in the case of
A-calculus, where extensional equalities are interpreted as contractions. This is because
the reduction relation = > introduced above is not a congruence on terms.
4.1. Some difficulties
In particular, in the simply typed A-calculus, whenever M =>* M', then nt(M) = > * TT,(M'),
and if N =>* N' also, MN =>* M'N', but this is no longer true now: we have x :
A -> B => Xz : A.xz, but xN cannot reduce to (Az : A.xz)N.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
324
These properties still hold for those reduction sequences M = > * M' that do not involve
expansions at the root:
Remark 4.1.
— Let M = Mo = > Mi = > ... = > Mn_i = > Mn = M' be a reduction sequence and let
N ==>* N', where in the first reduction sequence there are no expansions applied at
the root positions of the M,'s. Then, MN = > * M'N'.
— Let M = M o ==> Mi => ... => Mn_i = > Mn = M' be a reduction sequence where
none of the M[s is expanded at the root. Then TT;(M) = > * 7t,(M'), for i = 1,2.
4.2. Solving critical pairs
In this calculus it is no longer true that reduction is stable by substitution, as in the
traditional 1-calculus:
Remark 4.2. If P = > P', and N = > AT, then P[N/x] = > * P'[N/x] and P[N/x] = > *
P [N'/x] are not necessarily true.
Indeed, x : ^4 —> B ^=> Az : ^4.xz, but x[/ly : Aw/x] = Xy : A.w cannot reduce in our
system to kz : A.(ky : A.w)z = kz : A.xz[ky : A.w/x], and (yMJEx/y] = xM cannot reduce
to (kz : A.xz)M = (yM)[kz : A.xz/y].
We can prove some weaker properties: if P => P', then P[N/x] and P'[N/x] have
a common reduct (Lemma 4.5), and similarly P[N/x] and P[N'/x] when N => N'
(Lemma 4.6). This suffices for our purpose of proving weak confluence of the reduction
system.
First of all it is useful to recall a basic property of substitutions that do hold in our
calculus:
Lemma 4.3. If x ^ y and x ^ FV(L), then
M[N/x][L/y] = M[L/y][N[L/y]/x].
Lemma 4.4. If P " ^ T P', then P[N/x] ==>* P'[N/x] or P'[N/x] = > * P[iV/x]. Moreover,
if the expansion does not take place at the root of P, there are no expansions at root
positions in the sequences P[N/x] = > * P'[N/x] and P'[N/x] ==>* P[N/x].
Proof.
— P -?-> kz.Pz. Then P is not a A-abstraction, P'[N/x] = kz.P[N/x]z
two possible cases:
and there are
-
If P[N/x] is not a k—abstraction, P[N/x] -^-» Az.P[AT/x]z, since P is of type -»,
so P[N/x] is also of type —» by Lemma 3.6.
-
If P[AT/x] is a A-abstraction, P = x, N = ky.N' and:
(kz.xz)[ky.N'/x] = kz.(ky.N')z - ^ kz.(N'[z/y]) = , ly.N' = x ^ . N ' / x ] .
— P - U (7ti(P),7t2(P)>. Then P is not a pair, P'[N/x] = (n1(P[N/x]),n2(P[N/x]))
there are two possible cases:
-
and
If P[N/x] is not a pair, P[N/x] - ^ (jri(P[Af/x]),7t2(P[N/x])), since P is of type
x, so P[N/x] is also of type x by Lemma 3.6.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
-
325
If P[N/x] is a pair, then P = x and N = (NUN2) and:
x[(N1,iV2)/x]
— P ^ > *. Then P[N/x] - ^ * * = *[N/x], since P is of type T, so F[iV/x] is also of
type T by Lemma 3.6.
D
Using the previous lemma, we can precisely describe the interaction between reductions
and substitutions.
Lemma 4.5. (Substitution Lemma (i))
If p = > p\ then P[N/x] = > * P'[N/x] or P'[N/x] =>* P[N/x]. Moreover, if no expansion takes place at the root position of P, there are no expansions at root positions in the
reduction sequences P[N/x] =>* P'[N/x] and P'[N/x] = > * P[N/x].
Proof. The property is shown by induction on the structure of P. We only show the
argument of the proof for Case as an illustration.
P = Case(Q, M\, M2). If P "—'•+ P', the property holds by Lemma 4.4. If not, there are five
possibilities:
— Q = w'B.+ftM
and
Case(iriBi+B2(R),MuM2) =^>* MtR. Since
Case(inBl+B2(R), MuM2)[N/x]
= Case(inBl+B2(R[N/x]), M, [N/x], M2[N/x\)
and this last term reduces by a p-rule to M,[N/x]R[N/x] = (MiR)[N/x], the property
holds.
— P' = Case{Q',MuM2), where Q = > Q'.
By the induction hypothesis, Q[N/x] =>* Q'[N/x] or Q'[N/x] = > * Q[N/x].
In the first case,
Case(Q, Mu M2)[N/x]
Case(Q[N/x],MdN/x],M2[N/x])
Case(Q', Mu M2)[N/x]
=**
Case{Q[N/xlM^N/x],M2[N/x]).
In the second case, Case(Q',MuM2)[N/x] = > * Case{Q,MuM2)[N/x].
— P' = Case{Q,Mx,M2), where M\ => M\. By the induction hypothesis, we have the
reduction sequences Mx[N/x] = > * M[[N/x] or M[ [N/X] = > * Mi [N/x].
In the first case,
Case(Q, Mu M2)[N/x]
Case(Q[N/x], Mx [N/x], M2[N/x]) = > *
Case(Q, Mv M2)[N/x]
Case{Q[N/x], M[ [N/X],
M2[N/X]).
In the second case, Case(Q,MvM2)[N/x] =>* Case(Q,MuM2)[N/x].
— P' = Case(Q,Mi,M'2), where M2 => M'2. By the induction hypothesis, we have the
reduction sequences M2[N/x] = > * M'2[N/x] or M2[N/x] = > * M 2 [N/x].
In the first case,
Case(Q, MuM2)[N/x]
Case(Q[N /xlMAN
http://journals.cambridge.org
/x],M2[N /x]) = * *
Downloaded: 02 Apr 2015
Case(Q, Mu M2)[N/x]
Case(Q[N/x],Mi[N/x],M2[N/X]).
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
326
In the second case, Case{Q, MuM'2)[N/x] = > * Case(Q,Ml,M2)[N/x].
rj
Lemma 4.6. (Substitution Lemma (ii))
If N =^> JV', then M[N/x] = > * M" *<= M[N'/x] for some term M". These reduction
sequences contain expansions at the root only if M = x and i? is an expansion applied at
the root of JV.
Proof. We will show that M[N/x] =>* M" *<= M[N'/x] for some term M" and that
these reduction sequences contain expansions at the root only if M = x and R is an
expansion applied at the root of JV.
This is a very common lemma in the theory of A-calculus, where the term M" is always
M[N'/x], and the proof is straightforward context closure of the reduction R. Here the
conditions imposed on the expansion rules make it necessary to state the lemma this
way. Effectively, the only interesting cases of the proof are the ones for application and
projections, where we cannot always apply context closure for the reduction R, and have
to make some steps backwards from M[N'/x] to M[N/x].
Notice that whenever the required reductions are built by context closure, there is no rule
applied at the root, and we state this fact here once for all. We proceed by induction on
M:
— M =x
M[N/x] = JV =^> JV' = M[N'/x] (in this case our M" is JV').
— M~y^x
or M = * :T
Then M[N/x] = M = M[N'/x] (in this case our M" is M).
— M ~ (MlM2)
We find, by the induction hypothesis, terms M" and M'{ such that
Mt[N/x] =>* M'l *<= Afi[JV'/x], and M2[N/x] = > * M'± *<= M2[N'/x\.
Here Mi is in an influential position for »;, so we have to be careful about the reductions
occurring in M\[N/x] =>* M" *<== Mi[N'/x]. We have the following cases:
-
If Mi ^ x, or R is not an expansion at the root of JV, we know by the induction
hypothesis that the reductions Mi [N/x] =>* M" *<= Mi [N'/x] do not contain
any expansions, and in particular no n rule, at the root position, so we can apply
context closure for application and get
(MiM2)[JV/x]
(MiM2)[JV'/x]
(Mi[JV/x]M2[7V/x]) =>* (Mi'M2') * ^ = (Mi[JV7x]M2[JV'/x]).
-
If Mi = x, and the expansion rule R is n at the root of JV, then JV' = Xz.Nz, and
we can close our diagram as follows:
(x[JV/x]M2[JV/x])
(x[/lz.JVz/x]M2[/lz.JVz/x])
{NM2\N/x])
((Xz.Nz)M2[Xz.Nz/x\)
I
{NM'2') <
http://journals.cambridge.org
Downloaded: 02 Apr 2015
II
(h.Nz)M'2'.
IP address: 138.251.14.35
Simulating expansions without expansions
327
Here, the vertical reductions are built by context closure, while the horizontal one is
a /?, so no expansion rule is applied at the root in the overall reduction sequence.
— M == Xz : A.Mi
If x + z, the result follows from {Xz : A.Mi)[N/x] = Xz : A.Mt = {Xz : A.Mi)[N'/x].
Otherwise, there is a term M'{ such that Mt[N/x] = > * M'{ *<= Mi[JV'/x], by the
induction hypothesis, so we can apply the context closure rule for abstraction and get
that
{Xz : A.Mi)[N/x]
{Xz.Mi)[N'/x]
{Xz : A.Mi[N/x]) =>* Xz : AM" *<= {Xz : A.Mi[N'/x]).
— M = nt(Mi)
We find, by the induction hypothesis, a term M" such that
Mi[N/x] = > * M" *<=
MilN'/x].
Here M\ is in an influential position for d, so we have to be careful about the reductions
occurring in Mi[N/x] =>* M" *<= Mi[N'/x]. We have the following cases:
-
If Mi ^ x or R is not an expansion at the root of N, we know by the induction
hypothesis that the reductions Mi [N/x] =>* M" *<== M\ [N'/x] do not contain
any expansions, and in particular no S rule, at the root position, so we can apply
context closure for projections and get
MMiW/x]
-
= * * 7r,(Mj') * ^ =
n,(Mi)[N'/x\.
If Mi = x, and the expansion rule R is 5 at the root of N, then N' = (7ii(JV), n2(N)),
and we can close our diagram as follows:
ni(x[N/X])
n,(N)
7Ci(x[(7T1i
^=
n,{niN,n2N).
Here, the vertical reductions are built by context closure, while the horizontal one
is a 7i, so no expansion rule is applied at the root in the overall reduction sequence.
M = (Mi,M2)
By the induction hypothesis, we have Mi [N/x] =>* M" *<= Mi [N'/x] and
M2[N/x] =>* M'[ *<=M2[N'/x], for some terms M'{ and M'{, so, we can apply
the context closure rule for application and get that
(MI [N/x], M2[N/x])
•II
(Mi [N'/x], M2[N'/x])
II*
By the induction hypothesis, Mi [N/x] = > * M'{ *<= M\ [N'/x], for some term M", so
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
328
we can apply the context closure rule for in1 and get that
m'c(M,)[iV/x]
M =
Case(P,MuM2)
By the induction hypothesis, P[N/x] = > * P" * < = P[N'/x] for some P", and these
are
terms
M'{{
and
M'{ such
that
Mi [N/x] ==>* MJ' * < = Mj [N'/x]
and M2[N/x] = > * M'{'{ *<= M2 [N'/x], so, we can apply the context closure rule
for Case and get that
Case(P,Mi,M2)[N/x]
Case(P M1M1WI x]
(Mj)[JV/x],(M2)[N/x])
Case(P[N' /xUMW
*ll
/xUM2)[N' /x])
II*
Case(P",M'{,M'2')
=
Case(P",M'/,M£).
M = (rec z : AM{f
We assume z ^ x (otherwise the result holds trivially). We find, by the induction
hypothesis, a term M'{ such that Mi [N/x] =>* M" * < = M\ [N'/x], so we can apply
the context closure rule for rec and get that
{rec z : AMi)'[N/x]
(rec z : A.MdN/x])'
(rec z :
= > * (rec z : A.M")1 * < = (rec z :
A.M^N'/x])'.
D
Example 4.7. Take M = (xy,x), iV = w and N' = Az : A.wz. Then
M[JV/x] = (wy,w) = > (wy,Az : yl.wz) <=((Xz : yl.wz)y,Az : Awz) = Af [N'/x].
Looking carefully through the proof of Lemma 4.6, one can see that the only cases
where the application of a reverse reduction is required are those corresponding to an
expansion rule applied at the root of N and where there are in M some free occurrences
of x in influential positions. So, we can also state the following corollary.
Corollary 4.8. (Reverse reductions) Let N ==> N'. If R is not an expansion rule applied at
the root of N (an external expansion rule) or x does not occur at an influential position
in M, then M[N/x] = > * M[N'/x]
Lemmas 4.5 and 4.6 suffice to prove that all critical pairs arising from a term M by a
/^-reduction and another reduction rule can be solved. The other critical pairs are treated
in full details in (Di Cosmo and Kesner 1993b). We can then state the following:
Proposition 4.9. (Critical pairs are solvable)
If M -> W and M = > M", then 3K such that M' = > * R and M" = > * R.
Proof. We need to consider all cases of reduction from M to M'. Here we will only
show some interesting cases, since confluence for the other cases is shown in many of the
cited references, and full details are given in Di Cosmo and Kesner (1993b).
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
1 M-^M'.
329
Thus M = (Xx.P)N.
(a) If M ==> M" is internal, there are two cases:
— p =>p'
(;bc.P)JV = > (/lx.P'
4
4
P'[JV/x].
By Lemma 4.5 we have P[N/x] =>* P'[N/x] or P'[N/x] =>* P[N/x].
(Xx.P)N = > (Xx.P)N'
4
4
P[N/x]
PfiV'/x].
By Lemma 4.6 there is a term R such that P [N/x] =>* J? and
(b) If M = > M" is external, the interesting cases involve r\ and 8 :
i
M = (Xx.P)N - U /l>-.((/lx.P)Ar)y = M"
— If P [iV/x] is not a 1-abstraction
4
j
P[N/x] -^-> Xy.P[N/x]y.
If P [N/x] is a A-abstraction, we have two cases:
- If P is a ^-abstraction,
{Xx.(Xz.P'))N -^> ly.({Xx.(h.P'))N)y
p
Xy.{{Xz.P')[N/x])y
(Az.P')[N/x]
Xz.(P'[N/x])
http://journals.cambridge.org
Downloaded: 02 Apr 2015
Xy.{lz.{P'[N/x])y)
=
Xy.P'[N/x][y/z].
IP address: 138.251.14.35
330
R. Di Cosmo and D. Kesner
- If P = x and N is a A-abstraction Xz.N',
{kx.x)lz.Nr
—;
Xy.{lz.N')y
Xz.N'
=
Xy.N'ly/z].
ii M = (Xx.P)N -U (m((Xx.P)N),n2{{Xx.P)N))
= M"
— If P [N/x] is not a pair, we have
{Xx.P)N - ^ >
(m((Xx.P)N),n2((Xx.P)N))
<7t1(P[JV/x]),7r2((Ax.P)N))
P\\
P[N/x]
-^>
(ni(P[N/x]),
— If P [N/x] is a pair, we have two more cases:
- P is also a pair (Pi,P2):
(Xx.(PuP2))N
5
(7r1((P1,P2)[N/x]),7r2((P1,P2)[iV/x]))
"ill
n2
<Pi[iV/x],7t2((Pi,P2>[Ar/x])>.
- P = x and N is a pair (JVi, N2):
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
(Xx.x)(NuN2) —>
331
{nl((lx.x)(NuN2)),n2((lx.x)(NuN2)))
"I
P
'1
n2
(a) If M = > M" is internal, the same reduction can be performed on Xz.Mz, and the
outermost term constructor of M and M" does not change, so an expansion is still
possible on M", and we can generally close the diagram as follows:
M"
M
(b) If M => M" is external, the interesting cases are:
i M -^-> M". Then M = 7t,-((Mi,M2)) and there are two cases:
— If Mi is not a 1-abstraction, the diagram looks like
JI,((MI,M2))
1'
lz.iti((Mi,M2))z
— If Mj is a A-abstraction ky.M\, the diagram looks like
Xz.m((M3,M2))z
Xz.(Mi[z/y])
ii M
M". Then M = (rec y.Mi)' and there are two possible cases:
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
332
— If Mi is not a A-abstraction,
rec
.,
(rec y.M\)'
4
4
rec
lz.(rec y.M{fz = > Xz.(M\ [(rec y.
— If Mi =kw.M\,
(rec ^(Aw.Mj))' -
rec
4
Xz.(rec y.Xw.M^'z
rec II
y-l/y])z
/ll
; [(rec >;.(lw.Mi
(a) If M = > M" is internal, the same reduction can be performed on {n\(M),%2(M)),
and the outermost term constructor of M and M" does not change, so an expansion
is still possible on M", and we can generally close the diagram as follows:
M
;• M
4
(7Ti(M),7t2(M)) =
(b) If M ==> M" is external, the interesting cases are:
i
M^UM". Then M = ni((Mi, M2)).
— If Mi is not a pair,
7t,-«Mi,M2» ^ > <JCI(
V
M,
(7ri(M,),7r 2 (M,)).
-If M, is a pair (Pi,P 2 ),
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
333
Simulating expansions without expansions
ni((MuM2))
- ^ > (7ii(7ti((Mi,M2»),7E2(jt,«Mi,Af2»)>
(n1((PuP2)U2(nl((M1,M2))))
<Pi,P 2 ) •:
n2
ii M s (rec y : C.P)1 -+P[{rec y : C.Py^/y]
= M" where P is a pair (Pi,P 2 ).
M = (rec y : C.(Pi,P 2 ))'
:• <Pi,P2>[M/j;]
4
(n1((Pl,P2)[M/y]),n2(M))
\\rec
<»t1«P1>P2)[M/y]),7t2«P1,P2>[M/y])>
Iki
I!
•
4.3. From solved critical pairs to full weak confluence
It is to be noted that the solvability of critical pairs that we just proved as Proposition 4.9
does not allow us to deduce the weak confluence of the calculus via the famous KnuthBendix Critical Pairs Lemma. That lemma only deals with algebraic rewrite systems, and
cannot be used for our calculus, which has the higher order rewrite rule /?. We need to
prove local confluence explicitly, and to do this the following remark is useful.
Remark 4.10. (Expansion rules) If the two reductions M' <— M => M" do not involve r\
(respectively S) rules applied at the root positions of M, it is possible to close the diagram
without using n (respectively 8) rules at the root, except in the three cases shown below:
external 7i,'s and internal n, external /? and internal 5. Notice that M is not a A-abstraction
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
334
in the first diagram, N is not a ^-abstraction in the second and M[N/x] is not a pair in
the third.
n
n
7ti((M,JV)) ==> ni((kx.Mx,N))
n\
n2((M,N)) = >
n
M
n2((M,Xx.Nx))
n
:• Ax.Mx
\\n
AT
:• Ax.iVx
5
(Ax :A.M)N = >
4
(Ax : A ( 7 I I ( M ) , T T 2 ( M ) » N
5
M[N/x] — >
V
(7r1(M[N/x]),7r2(M[iV/x])).
With this additional knowledge, we can prove that = > is actually weakly confluent.
Theorem 4.11. (Weak confluence) If M' < = M = > M", there exists a term M'" such that
M' = > * M'" *<== M" (i.e. the reduction relation = > is weakly confluent). Furthermore,
if the reductions in M' <=M ==> M" do not contain rj (respectively 5) rules applied at
the root of M, we can also close the diagram without applying r\ (respectively d) rules at
the root, except in the cases shown in Remark 4.10.
Proof. We will prove, by induction on the derivation of M ==> M', that there exists
a term M'" such that M' = > * W" *<= M". First, we remark that if one of the two
one-step reductions M = > M' and M => M" is actually an external reduction M —-•
M
"
and M —> , the result comes directly from Proposition 4.9. So we will only need to
consider in the following the cases where both reductions are internal reductions.
We proceed now by cases on the last rule used to derive M = > M'.
— M = (MiM2) = > (MjM2) = M' comes from Mi = > M[. In this case, the r\ rule
cannot be applied at the root position of Mi because Mi is evaluated. Then we have
two cases:
-
The reduction M = (MiM2) = > (M'/M2) = M" comes from Mi = > M". Now we
have to consider two cases:
•
M[ <=Mi ^=> M" is not one of the exceptional cases for t\ mentioned in
Remark 4.10: then we know that there are no n at the root position in
M[ =>* Mj" *<= M'{. By the induction hypothesis, we get a term MJ" that
can be used to close the diagram M[ <=MX = > M" via MJ = > * M'" *<= M'{,
and we can close our original diagram with
M' = (M[M2) = > * {M'{'M2) *^= (M'{M2) = M".
•
M[ <=Mi = > MJ' is one of the exceptional cases for r\, hence Mi is ni((P, Q))
for some terms P and Q. We can still close the original diagram as follows:
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
335
e»)M 2 ==> (m{{ix.Px,Q)))M2
II IT
|| 7t
(/bc.Px)M2
n
II0
PM2
=
(7r2((p,e)))M2=L (n2((P,hc.Qx)))M2
|| n
n
(/lx.2x)M2
11^
QM2
6M 2
The reduction M = (MiM 2 ) ==^ (MiM2') == M" comes from M 2
close the diagram using the same original reductions,
M'{. We can
M' = (MjM 2 ) = > (MjM2') <=(MlM'2') = M",
because we know that n is not applied to Mi to get to MJ.
M = (MiM 2 ) = > (MiM'2) = M' comes from M 2
2.
Then we have two cases:
The reduction M = (MiM 2 ) ==> (MiM 2 ) = M" comes from M 2 ==> M2'.
By the induction hypothesis, we get a term M'2" that can be used to close
M2=>M'M'
M'2
M'2 = > * M2" * < = M'{. Now, the following diagram:
2' 2' via M
M' = (MiM 2 ) = > * (MiM2") = (MiM 2 ) = M" can be used to close our original
diagram.
-
M'{. In this
The reduction M = (MyM2) => (MJ'M2) = M" comes from Mi
case we know that n cannot be applied at the top to Mi to get to M" because Mi
is evaluated. So, we can close the diagram using the same original reductions as
follows:
M' = (MiM 2 ) = > (M"M2)
(M'{M2) = M".
(miM'D) = M"
M = (7r,(Mi)) ==> (7TJ(MJ)) = M' comes from Mx
M[ and M
comes from Mi = > MJ'. Then neither Mi = > MJ nor Mi
M" can use S rules at
the root of M, because it is projected.
Now we have two cases:
-
Mi = > MJ and Mi = > M" are not the exceptional cases for d mentioned in
Remark 4.10. By the induction hypothesis, MJ = > * M'" *
M'l for some term
MJ" without 5 rules at the root, and we can close our diagram by
7r,(Mj) = > * 7r,(Mj") *
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
-
336
Mi = > MJ and Mi = > MJ' is an exceptional case for <5, so Mi = (Xx.P)Q for
some terms P and Q. We can still close our original diagram as follows:
m((lx.(ni(P),n2(P)))Q)
\\P
nt((ni(P[Q/x]),n2(P[Q/x])))
— M = Ax.Mi => /bc.Mj = M' comes from Mx = > MJ and M = Xx.Mx = > /bc.Mj' =
M" comes from Mi = > MJ'. By the induction hypothesis, there is an MJ" such that
MJ = > * M'{' * < = M'{, and thus Xx.M[ = > * kx.M'{' * < = Ax.Mj' closes our diagram.
— M s (Mi,M2) => (M[,M2) = M' comes from Mi = > M[. Now we have to consider
two cases:
-
The reduction M = (Mi,M 2 ) = > (Mi,M'{) = M" comes from a reduction
M2 => M'{. By the induction hypothesis, there is a term M"' such that we can
close the diagram M[ <=Mi = > M" via MJ ^ * M'" *<= M", and we can close
our original diagram with
M' = {M[,M2) =>* (M'(',M2) * * = (M'(,M2) = M".
-
The reduction M = (Mj,M2) = > (Mi,M2'} = M" comes from a reduction
M2 = > M'{. We can close the diagram using the same original reductions,
M' = (Mi,'M 2 ) =*> (M[,M'2') <=(Mi,M 2 ') s M".
— M = i 4 ( M i ) = > i n j : ( M j ) = M' comes from Mi = > M[ and M = > irtc{M'{) =
M" comes from Mi = > MJ'. By the induction hypothesis, there is an M'" such
that M[ = > * M'l' * < = M'l and thus iric(M[) = > * m^Mj") * < = inj;(Mi') closes our
diagram.
— M = rec x : ^4.Mi ^=> rec x : y4.Mj = M' comes from Mi => M[ and M = rec x :
zl.Mi = > rec x : A M " = M" comes from Mi ==> MJ'. Then we can find by the
induction hypothesis an MJ" such that MJ = > * MJ" * < = MJ', and we can close our
diagram by rec x : A.M[ =>* rec x : AM'" *<= rec x : AM".
— We are left to consider the case of M = Case(P,Mi,M2).
-
To avoid a mechanical repetition of similar proofs, notice that if the internal
reduction to M' and M" are performed on different subterms, we can close the
diagram by commuting the two reductions. We show just one case:
Case(P,Mi,M2)
R1
==>
Case(P,M[,M2)
*
R2
*
Case(P',MuM2) =^> Case{P',M[,M2).
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
-
337
If the internal reduction to M' and M" are performed on the same subterm Q, say
for example Q' <== Q ==> Q", then there is a Q'", by the induction hypothesis,
such that Q' =>* Q"' * < = Q", and we can close the diagram by extending these
last reductions to the Case expression. Again, we detail just one case:
Case(P,MuM2) =>
Kill
Case(P",MuM2)
II
Case(P',Mi,M2) = > Case(P"',M[,M2).
n
5. Strong normalization
We provide in this section the proof of strong normalization for our calculus. The key idea
is to reduce strong normalization of the system with expansion rules to that of the system
without expansion rules, and for this, we show how the calculus without expansions can
be used to simulate the calculus with expansions. We will use a fundamental property
relating strong normalization of two systems:
Proposition 5.1. Let M\ and 0l2 be two reduction systems and 9~ a translation from terms
in 3t\ to terms in 0l2. If for every reduction Mi ==> M2 there is a non empty reduction
sequence P\=^>JrP2 such that ^"(M,) = Pt, for i = 1,2, then the strong normalization of
3&2 implies that of M\.
Proof. Suppose 0l2 is strongly normalizing and 3t\ is not. Then there is an infinite
reduction sequence Mi =U- M2 =^=> ..., and from this reduction we can construct an
infinite reduction sequence ^"(Mi)=^=>+,^~(M2)==>~K.., which leads to a contradiction. •
The goal is now to find a translation of terms mapping our calculus into itself, such
that for every possible reduction in the original system from a term M to another term
N, there is a reduction sequence from the translation of M to the translation of N that
is non empty and does not contain any expansion. Then the previous proposition allows
us to derive the strong normalization property for the full system from that of the system
without expansion rules, which can be proved using standard techniques.
5.1. Simulating expansions without expansions
The first naive idea that comes to mind is to choose a translation such that expansion rules
are completely impossible on a translated term. This essentially amounts to associating to
a term M its n-d normal form, so that translating a term then corresponds to executing
all the possible expansions.
Unfortunately, this simple solution is not a good one: if M reduces to N via an
expansion, the translations of M and JV are the same term, so to such a reduction step
in the full system, there corresponds an empty reduction sequence in the translation, and
this does not allow us to apply Proposition 5.1.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
338
This leads us to consider a more sophisticated translation, which maps a term M to
a term M°, where expansions are not fully executed as above, but just marked in such a
way that they can be executed during the simulation process, if necessary, by a rule that
is not an expansion.
Let us see how to do this on a simple example: take a variable z of type A\ x / l 2 ,
where the Afs are atomic types different from T. By performing a 5 expansion we obtain
its normal form with respect to expansion rules: {n\(z),n2{z)). Instead of executing this
reduction, we just mark it in the translation by applying to z an appropriate expansor
term Xx : A\ x A2.(ni(x),n2(x)). As for (ni(z),it2(z)), it is in normal form with respect to
expansions, so the translation does not modify it in any way. Now, we have the reduction
sequence
z° = {Xx : Ai x A2.(n1(x),n2(x)))z
- ^ (7ri(z),7r2(z)) = (7ti(z),7t2(z)>°,
where the translation of z reduces to the translation of (7ii(z), 7r2(z)), and the 8 expansion
from z to (jti(z),n2(z)) is simulated in the translation by a /?-rule. Clearly, in a generic
term M there are many positions where an expansion can be performed, so the translation
will have to take into account the structure of M and insert the appropriate expansors at
all these positions'.
However, expansors must be defined carefully to represent correctly, not only the
expansion step arising from a redex already present in M, but also all the expansion
sequences that such a step can create: if in the previous example the type A\ is taken to be
an arrow type and the type A2 a product type, the term TTI(Z) can be further ^/-expanded
and the term 712(2) can be expanded by a (5-rule, and the expansor Xx : A\ Y.A2.{TI\{X), n2{x))
cannot simulate these further possible reductions. This can only be done by storing in the
expansor terms all the information on possible future expansions that is fully contained
in the type of the term we are marking.
Definition 5.2. (Translation) To every type C we associate a term, called the expansor of
type C and denoted A c , defined by induction as follows:
AA->B
AAxB
AA
=
=
Xx:A^> B.Xz : AAB(x(AAz))
Xx:Ax B.(AA(m(x)), AB(n2(x)))
is empty, in any other case
We then define a translation M° for a term M : A as follows:
M° =
M°°
AAM°°
for any k > 0
if M is a A-abstraction or a pair
otherwise,
' Notice that we cannot insert expansors in influential positions: if a term M is expanded, say to (7ti(M), 7i2(M)>,
its root becomes an influential position, and we cannot insure that the translation of M reduces to a translation
of (ni(M),7t2(M)): expansors get used, and after some reduction steps we end up with a naked pair not
preceded by an expansor.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
339
where AkAM denotes the term (A^... (A^ M)...) and M°° is defined by induction as
k
times
= x
(Xx : B.M)°°
(rec y : A.Mf°
Case{R,M,N)°°
= (M°,N°)
= Xx : B.M°
= (rec y : A.M°y
=
Case(R°,M°,N°)
This corresponds exactly to the marking procedure described before, but for a little detail:
in the translation we allow any number of markers to be used (the integer k can be any
positive number), and not just one as seemed to suffice for the examples above.
The need for this additional twist in the definition is best understood with an example.
Consider two atomic types A and B and the term {Xx : A x B.x)z: if k is fixed to be
one (i.e. we allow only one expansor as marker), then its translation ((Xx : A x B.x)z)° is
A^XB^AX : A x BAAXBX)&AXBZ)NOW (XX : A x B.x)z —> z, so we have to verify that
((Xx : A x B.x)z)° reduces to z° in at least one step. We have
&AXB((XX
: A x B.AAxBx)AAxBz)
=>
AAXB^AXB^AXBZ
However, even if both A\xBz and AAxBz reduce to the same term (ni(z), ^(z)), it is not
true that A^ xB z = > * A,4xBz. However, if we admit A^,xBz as a possible translation of
z, we will have the desired property relating reductions and translations. Hence, to be
precise, our method associates to each term, not just one translation, but a whole family of
possible translations, all with the same structure, but with different numbers of expansors
used as markers.
What is important for our proof is that given a reduction Mi = > M 2 . . . = > Mn in the
full calculus, no matter which possible translation MJ" we choose for Mj, the reductions
used in the simulation process all go through possible translations M° of the M,.
Translations preserve types and leave unchanged terms where expansions are not
possible.
Lemma 5.3. If Y h M : A, then T h (AAM) : A.
Proof. By induction on the structure of A.
— If A is neither a functional nor a product type, A^ is empty and the property holds
trivially.
— A = B —• C. Since F, x : B —> C, z : B h z : B, we have by the induction hypothesis
T,x :B-+C,z
:B\-(ABz)
:B
T,x:B^C,z:B\-x:B^C
r,x :B^>C,z
T,x : B -» C,z : B h (ABz) : B
:Bh(x(ABz))
:C
Again, by the induction hypothesis T,x : B —> C,z : B \- Ac(x(ABz))
http://journals.cambridge.org
Downloaded: 02 Apr 2015
: C, and thus:
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
340
F,x : B -» C,z : B h A c (x(A B z)) : C
r , x : B - • C h Az : B.Ac(x(ABz))
: B -* C
FhM:B
h Ax : B - • C.Az : B.Ac(x(ABz)) : (B - • C) - • (B -> C)
T h (A B ^cM) : B -+ C
— A = B xC. Since r , x : B x C h x : B x C, we have T,x : B x C I- 7ii(x) : B and
F,x : B x C h n2(x) : C. By the induction hypothesis T,x : B x C h AB7ti(x) : B and
T,x : B x C h AC7ri(x) : C.
T,x : B x C h AB7Ci(x) : B
T,x : B x C h AC7t2W : C
T,x : B x C I- (AB7ri(x), Ac7i2W) : B x C
T h Ix : B x C.{ABni(x),Acn2(x))
FhM:BxC
: (B x C) - • (B x C)
T I- A B x C M : B x C
D
Corollary 5.4. \fT\-M
:A, then F h A^,M : ^ , for any k > 0.
Lemma 5.5. (Type Preservation) If T I- M : A, then F h M° : ^ and T h M°° : A.
Proo/ By induction on the structure of M, using Corollary 5.4.
•
A term M is in quasi-normal form if only expansion rules at the root position are
applicable to it and M is in normal form if no rule is applicable to it. So, every normal
form is in quasi-normal form, while the converse does not necessarily hold.
Lemma 5.6.
1
If M is in normal form, M° = M
2
If M is in quasi-normal form, M°° = M
Proof. By induction on the structure of M.
— M = *.
1
2
The property holds vacuously because * is a normal form.
— M = x.
1
Since x is in normal form, it has neither a functional, nor a product, nor the T
type, so A^ is empty, where A is the type of x. Thus x° = x.
2
x°° = x by definition.
— M = Xx : A.P.
1
Since M is in normal form, P is also in normal form and by the induction
hypothesis P° = P. We have (Ax : A.P)° = Ax : A.P° = Ax : A.P.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
341
2 If Ax : A.P is in quasi-normal form, it is also in normal form because we cannot
apply an expansion rule to a lambda-term. By the previous paragraph (Xx :
A.P)°° = Xx : A.P.
-M=(P,Q).
1 Since M is in normal form, P and Q are also in normal form and by the induction
hypothesis P° = P and Q° = Q. We have (P,Q)° = (P°,Q°) = (P,Q).
2 If (P,Q) is in quasi-normal form, it is also in normal form, because we cannot
apply an expansion rule to a pair. By the previous paragraph (P,Q)°° = (P,Q)— M = (recy :A.PJ.
-
If i = 0,
1
Since M is in normal form, P is also in normal form and by the induction
hypothesis P° = P. On the other hand, M has neither a functional, nor a
product, nor the T type, so A^ is empty, where A is the type of M. We have
((rec y : A.Pff = AkA(rec y : A.P°f = (rec y : A.P)0.
2 Since M is in quasi normal form, P is in normal form and by the induction
hypothesis P° = P. Thus ((rec y : A.Pff = (rec y : A.P°)° = (rec y : A.P)0.
-
If i > 0,
1 The property holds vacuously, because (rec y : A.P)' is not in normal form.
2 The property holds vacuously, because (rec y : A.P)1 is not in quasi-normal
form.
-M
= (PQ).
1 Suppose A is the type of M. Since M is in normal form, A is neither a functional,
nor a product, nor the T type, so AA is empty. On the other hand, P is in quasinormal form and Q is in normal form, so by the induction hypothesis P°° = P
and Q° = Q. We have (PQ)° = AkA(P°°Q°) = (PQ).
2 Since M is in quasi-normal form, P is in quasi-normal form and Q is in normal
form, and, by the induction hypothesis, P°° = P and Q° = Q. We have (PQ)°° =
(P°°Q°) = (PQ).
— M = Case(P,R,N).
1 Suppose A is the type of M. Since M is in normal form, A is neither a functional,
nor a product, nor the T type, so A^ is empty. On the other hand P, R and N are
in normal form and by the induction hypothesis P° = P and R° = R and N° = R.
We have Case(P,R,N)° = A^ Case(P°,R°,N°) = Case(P,R,N).
2 Since M is in quasi-normal form, P,R and N are in normal form, and, by the
induction hypothesis, P° = P and R° = R and N° = R. We have Case(P,R,N)°° =
Case(P°, R°, N°) = Case(P, R, N).
— M = nt(P), for ( = 1,2.
1
Suppose A is the type of M. Since M is in normal form, A is neither a functional,
nor a product, nor the T type, so A^ is empty. On the other hand, P is in
quasi-normal form and, by the induction hypothesis, P°° = P. We have 7i((P)° =
AkA ni(P°°) = Ui(P).
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
2
342
Since M is in quasi-normal form, P is also in quasi-normal form and by the
induction hypothesis P°° = P. We have 7r,(P)°° = ni(P°°) = jr,-(P).
— M = iric(P), for i = 1,2.
1
Since M is in normal form, P is also in normal form and, by the induction
hypothesis, P° = P. We have in^P)0 = in[-(Po) = in^P).
2
in'c(P) in quasi-normal form implies in'c(P) in normal form, and the property holds
by the previous paragraph.
•
The next step is to prove that we can apply Proposition 5.1 to our system, i.e, for
every one step reduction from M to N in the full system, there is a non empty reduction
sequence in the system without expansions from any translation of M to a translation of
N.
This lemma characterizes the reductions from a term AA_BM or AkAxBM and is quite
essential in all the properties shown in this section.
Lemma 5.7. For any k > 0
A ^ B M = > + Xw : A.AkB(M(AkAw))
and
A^xBM=
and the reduction sequences contain no expansion steps.
Proof. By induction on k.
(XX:A-^
AAxBM
= (Xx:Ax
Blw
: A.AB(x(AAw)))M
B.(AAnl(x),ABn2(x)))M
-U
-U
Xw : A.AB(M(AAw))
(AAm(M),
ABn2(M)).
Only the /?-rule is used in this reduction.
If Jt > 1,
AkA^BXw : A.AB(M{AAw))
\i+ by the induction hypothesis (and without expansions steps)
AW :A.AkB(kw : A.AB(M(AAw))(AkAw))
Xw : A.AkB(AB(M(AAAkAw))) = Xw : A.AkB+i(M(AkA+1w))
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
Ak+xlBM =
343
AkAxB(AAxBM)
AAxB{AAnx{M),ABn2{M))
|) + by the induction hypothesis (and without expansion steps)
vni,»t2
D
We use N® to denote either N° or N°°. In particular, N® will stand for a sequence of
mixed N°'s and N°°'s.
Lemma 5.8. If T h M : ^4, then for any substitution [z®/x] we have
1 3k > 0, Moo£®/3c] = > * A^(M[z/x])°°
2 Vfc > 0, A^M°[z®/x] = > * (M[z/x])°
and no expansions are performed in these reduction sequences.
Proof. We show the two properties by induction on the structure of M. More precisely,
for the first statement we analyze each case, while for the second it is enough to analyze
those expressions M such that M° = M°°. Indeed, once we have shown the first statement,
the second can be easily shown in the following way for the expressions M such that
M° = AhAM°° ( f o r / i > 0 ) :
^^
>* (by the first statement)
AA+hA"lM[z/x}°o = (as h > 0)
M[z/x]°.
Every reduction built in the following proof contains no expansion steps, as it is constructed from one-step reductions that are not expansions or from reductions obtained
by the induction hypothesis (and thus without expansions) or from reductions obtained
by Lemma 5.7 (again without expansions). This remark will allow us to conclude that the
reductions in the statements of the lemma contain no expansions.
Now, let us analyze the first statement and the interesting cases of the second.
— M = *. Since * is of type T, Ay is empty. We have
* oo [z^/x] = *[z«yx] = * = *°° = AT*°° = A T (*[z/x])°°.
— M = Xj G x. There are two cases to consider: either z® = z° or z® = z°°.
-
X; [Z^/XJ — XJIZ^/XJ — Z,- — l\AZi
http://journals.cambridge.org
— A^XilZ/XJj
Downloaded: 02 Apr 2015
.
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
-
344
x°°[^/x] = x,[*/x\ = z°° = (x,[z/x])°o =
— M = y <£ x. We have y°°\z®/x\ = y\z®/x\ =y = A>°°.
— M = (PQ). We have (PQ)oo[z®/x] = (P oo g°)[z®/x] = P°°\z®/x]Q°\z®/x\.
By the induction hypothesis, P oo [z®/x] = > * A ^ ^ P t z / x ] 0 0 .
-
If /J = 0,
P oo [z®/x]g o [z®/x]
||. by the induction hypothesis
P[z/x] oo Q°[z®/x]
||. by the induction hypothesis
= (P[z/x]6[z/x]) o ° = ((PQ)\z/x\r
P[z/x]°°Q[z/x]°
-
= A«(PC[z/x])°
If h > 0,
V+ by Lemma 5.7
(Aw : B.A^(P[z/x] o
I}, by the induction hypothesis
M = Xy : B.P.
1
for the first statement,
(ky : B.P)°°\^/x\ = (Ay : B.P°)[z^/x]
Xy :B.P°[z®/x]
\). by the induction hypothesis
Xy : B.P[z/x]° = (Xy : BJ>\z/x\)°° = AUc((Xy
http://journals.cambridge.org
Downloaded: 02 Apr 2015
: B.P)\z/x\)°
IP address: 138.251.14.35
Simulating expansions without expansions
345
2 for the second statement,
k
: B.Pf^/x]
= AkB^c(Xy :
B.P°)[&/x\
^+ by Lemma 5.7
Xw :B.AkB((Xy : B.P°[z®/x])(Acw))
h
kw
:B.AkBPo£z®/x][w°/y]
|}. by the induction hypothesis
Xw:B.(P[z/x][w/y])°
(Aw : B.P[z/x][w/y]f
=a (Xy : BJ>\z/x\)° = ((Xy : B.P)[z/x])°
— M = m(P), for i = l,2.
by the induction hypothesis
*AlxM(P
[z/x]D
by Lemma 5.7
Z/X]D, A*27C2((P [Z
M = in^P), for i = 1,2, so Ac is empty.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
346
||. by the induction hypothesis
1
for the first statement,
||. by the induction hypothesis
(P[z/x\°,Q[z/x}°)
{P\z/x\,Q\z/x\)°°
= A0AxB(P[z/x],Q[z/x])°o
= A°AxB({P,Q)[z/x])°
2 for the second statement,
-
If Jfe = 0,
||. by the induction hypothesis
-
Ifk>0,
by Lemma 5.7
nun2
||. by the induction hypothesis
(P[z/x]°,Q[z/x]°) =
http://journals.cambridge.org
(P\z/x\,Q\z/x\)°
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
— Ms
347
{recy :A.P)1.
{(recy : APy) oo [z®/x]
(recy : A.P°f[z®/x]
|}. by the induction hypothesis
(rec y : A ( P [ z / x ] ) 7 = A°A((rec y : ^.P[z/x])')°° = AA{{rec y : APy[z/x])°°.
— M = Case{P,Q,R).
Case(P,Q,R)°°k®/x]
= Case{P°,Q°,R°)&®/x]
Case{P° [z®/x], 6° [z®/x], K° [z®/x])
|}. by the induction hypothesis
Case(P [z/x]°, Q[z/x]°, R[z/x]°)
Case(P[z/x],Q[z/x],R[z/x)y°
=
{Case{P,Q,R)[z/x])°°
A°A(Case(P,Q,R)[z/x]r°.
D
Corollary 5.9. If T h M : A, then Vfc > 0, AkAM° =>* M° and no expansions are
performed in the reduction sequences.
The following property is essential to show that every time we perform a /^-reduction
on a term M in the original system, any translation of M reduces to a translation
of the term we have obtained via —*p from M. Take for example the reduction (Xx :
A.M)N ->•/? M[N/x]. We know that {{Xx : A.M)N)° = AkA{{Xx : A.M°)N°) and we
want to show that there is a non-empty reduction sequence leading to M[N/x]°. Since
A\{{Xx : A.M°)N°) ->/; AkAM°[N°/x], we now have to check that the term {M[N/x])° can
be reached. We state the property as follows:
Lemma 5.10. If T h M : A, then
1 3/c > 0, M oo [iV®/x] = >
2 Vfc > 0, A\M°\N®/x\ = > * {M[N/x])°
and no expansions are performed in the reduction sequences.
Proof. We show the two properties by induction on the structure of M. More precisely,
for the first statement we analyze each case, while for the second it is enough to analyze
those expressions M such that M° = M°°. Indeed, once we have shown the first statement,
the second can be easily shown in the following way for the expressions M such that
M° = A\M°° (forfc>0):
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
348
[ / ] _
AkAAhAM°°\N®/x] = > * (by the first statement)
AA+hA^M[N/x]°o = > * (either by definition of M[N/x]° or by Corollary 5.9)
M\N/x]°.
Now, the analysis of all the cases involved proceeds exactly as in Lemma 5.8, except for
the case M = xit where to prove the second statement we need to proceed as follows:
AkAx°[N*/x] = A*(A3x,)[lv5/x] = AkA+mN?.
Now, if AT® is N°, by Corollary 5.9, AkA+mN° = > * N° = (x,[N/x])°, as required.
If, instead, N® is N°°, we have two cases:
— N? = N°°, then by Corollary 5.9 A^+mAT,° = > * N° = (x,[N/x])°.
— otherwise, A^+mN°° = N? = (XJ[N/X\)°.
Notice that there are no expansions in these reduction sequences, because of Corollary 5.9.
•
Lemma 5.11. If M*^Z N, then
Proof.
— If M is of type 4 x B a n d M - U
(m{M),n2(M))
We know that 3/c> 0 such that M° = A^ xB M°°. By Corollary 5.7
AkAxBM°°=>+
(A* TTKM 00 ), A*7r2(M00)),
and the sequence has no expansion rules.
The last term is equal to (7ti(M)°, 7r2(M)0) = (ni(M),n2(M)}°, so the property holds.
— If M is of type A —• B and M -^-> Xy : A.My
We know that 3k > 0 such that M° = A^_ B M°°. By Corollary 5.7, A ^ B M O O = > + Xy :
A.AkB(Moo(AAy)) and the the sequence has no expansion rules.
The last term is equal to Xy : A.AkB(M°°y°) = Xy : A.(My)° = (Xy : A.Myf, so the
property holds.
— If M : T and M —U *.
By Lemma 5.5 M° : T and thus M° ^ * = *°.
•
Using 5.10 we can now show:
Theorem 5.12. (Simulation) If T I- M : A and M => N, then
1
2
3/c > 0 such that M ° ° = > + A ^ o ° if not M - ^ N
M°=>+iV o ,
and there are no expansions in these reduction sequences.
Proof. We show the property by induction on the structure of M. More precisely, for
the first statement we analyze each case, while for the second there are two cases:
— if M -^—> N, apply Lemma 5.11
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
349
— if not M -?—* N, it is enough to analyze only the cases such that M° = M°°, because
when M° = AhAM°° (for h > 0) we have easily:
M° = A^M OO =>+ (by the first statement) AhAAAN°° = AhA+kN°°.
Then N is neither a pair nor a A-abstraction, which gives A^+/£JV°° = JV°, because
h > 0, otherwise A^AT 00 = AhA+kN° = > * JV°, by Lemma 5.9.
In order to conclude that the reductions in the statements of the lemma contain no
expansions, it suffices to notice that every reduction built in the following proof contains no
expansion steps: indeed it is constructed from one-step reductions that are not expansions
or from reductions obtained by the induction hypothesis (and thus without expansions)
or from reductions obtained by Lemma 5.11 or Lemma 5.7, (again without expansions).
Now, we can analyze the cases involved in the proof of the first and second statements.
— M = *. It is in normal form.
— M = x. The only possible case is x - ^ *, where x : T. Then, x°° = x -^> * = A^,*00.
: T and (PiQ\) ^ > *, then (PiQi) 00 : T by Lemma 5.5, so
((Ax : C.R)Qir = ((Ax : CR)°°Q?) = ((Ax : CR°)Gi) =^>
Ro[QTi/x] =>* (by Lemma 5.10) R[Qi/x]° = A*R[<2i/x]00.
If (P1Q1) ==> (P2Q1), where Pi = > P 2 .
Since it is not the case that Pi -^-> P2, because (Pi 61) = > (P281), we have by the
induction hypothesis a reduction sequence P 1 °°=>+ A£_XP2°° without expansions.
Then
(PiQi)°° = Pi°°Gi=* + (by ind. hyp.) ( A ^ P 2 o o ) G i
If h > 0, then
V+ by Lemma 5.7
(Xw : B.A* (P^(ABw)))Q1
IP
by Corollary 5.9
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
-
350
If (PtQi) => [PiQtU where Qt => Q2,
(PiQi)°° = P?Q\=>+
(by ind. hyp.) P^Q\ = (P&2)00.
M=(PuQi)
-
If (Pi, Qi> = > (P2, Qi>, where P, = > P 2 .
1 (Pi,Qi>00 = ( P f , e i > = > + (by ind. hyp.) <P2°,e,} = (P2,Qi)°° = A»(P2,e1>00.
2 Since (P,e)°° = (P,e)°, we have (F 1 ,g 1 )°=>+(P 2 ,Q 1 )° by the previous statement.
-
If (Pi.Si) = * <Pi,e2), where Qy = > Q2.
1 (P ls 61)°° = (P,°, GJ>=>+ (by ind. hyp.) (Pf,Q5> = (P,,62)°° = A» (A,fc) 0 0 .
2 Since (P, g) o ° = <P, 6)°, we have (Pu Q 1 >°=*+(P I , Q2)° by the previous statement.
M = Xx : A.Pi
Then Ax : /l.Pi = > Xx : X.P2, where Pi = > P 2 .
1
(Ax : A.P1)00 = AJC : A.P?=>+ (by ind. hyp.) Ax : ^.P2° = A^_B(Ax : AP2)°°.
2
Since (Ax : A.Pif = (Ax : A.Pi)°°, we have (Ax : A.P1)°=>+(Ax : A.P2)° by the
previous statement.
M = Jn^(Pi), for 1 = 1,2 where Pi => P 2 .
Then m'c(Pi) = > in^(P2)
in^Pi) 0 0 = i«j : (P 1 o )=>+ (by ind. hyp.) iit^P;?) = A^cin^Pj) 0 0 .
M = 7i,(Pi), for i = 1,2.
-
If 7r,(Pi) : T and ^(Pi) - ^ *, then 7r,(Pi)o° : T by Lemma 5.5 and 7r,(Pi)°° ^ > * =
-
If 7i,(P!) = > 7t,(P2), where Pi = > P 2 .
Since it is not the case that Pi —* P 2 , because 7t,-(Pi) ==> Jr,-(P2), we have by the
induction hypothesis a reduction sequence P 1 °°=>+ ABX/1P2° without expansions.
Then
jt,-(Pi)00 = nt(Pn^+
(by ind. hyp.) Ki{AhAlxAlP?)
If ft = 0, then 71,^2°) =
If ft > 0, then
by Lemma 5.7
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
351
If Case(PuR\,Ni) : T and Case(PuRi,Ni) - ^ *, then
: T by
Lemma 5.5 and 7t,(Pi)o° - ^ * = A^op*°°.
Caseiin^iSlRuRJ - ^ /?,S
Case(i^ 1+C2 (S),/? 1 ,i? 2 ) oo =
{A^ARl°)S°=>+
h
(by Lemma 5.7)
h
(Aw': Q.A A(R?(A Ciw)))S° -U
A\{RX'{Ahc.So)) = > * by Corollary 5.9
A\(R\°S°) =
-
Case(PuRi,Ni) = > Case(P2,RuNi), where
P2.
Case(P^,RauNol)=^+ (by ind. hyp.)
-
Case(Pi,Ru
Case(Pi,R2,Ni), where Rx
(by ind. hyp.)
-
Case(Pi, i?i, Ni) = > Case(Pi, Ri, N2), where
N2
Case(P;,Rl,Nl)=>+ (by ind. hyp.)
Case(P?,R°1,N2>) =
— M = {recy : B.Pif
If (rec y : I.Pxf : T and (rec y : T.Pi)1'
•, then ((rec y : T.P1)1')00 : T by
Lemma 5.5 and ({rec y : T.Pi)0 00 -^» • = A
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
-
352
(rec y : A.PX f - ^ Pi [(rec y : AJ>i J'"1 /y]
((rec y: A.PiY)°° =
(rec y : A.P?Y - ^
P;[(recy:A.Pfl-1/y]
=
P?[(rec y : Aftf-^/y]
= > * (by Lemma 5.8)
t l
(Pd(recy:A.P1) - /y])°
=
AhA(Pl[(recy:A.Ply-1/y]r°.
-
(rec y : A.Pif ==> (rec y : A.P2)\
((recy :APi)') o o =
(rec y : ^.P 1 °) i =>+ (by ind. hyp.)
(rec y : A.Ptf =
A°A((recy:A.P2yr.
Q
5.2. Strong Normalization of the Full Calculus
Having shown that our translation satisfies the hypothesis of Proposition 5.1, all we are
now left to prove is that the bounded reduction system without expansion rules is strongly
normalizing. This can be established by one of the standard techniques of reducibility, and
does not present essential difficulties once the right definitions of stability or reducibility
are given.
In Section 6 we provide a full proof, adapting Girard's proof from Girard, Lafont, and
Taylor (1990), but one can also adapt the proof in Poigne and Voss (1987), for which
we just provide the basic definitions in Section 6.4. It is then finally possible to state the
following theorem.
Theorem 5.13. (Strong normalization)
The reduction = > for the bounded system with expansions is strongly normalizing.
Proof. By Proposition 5.1, Theorem 5.12 and Corollary 6.7.
•
6. Strong normalization without expansion rules
In this section we will prove the strong normalization property for our calculus An.^ff, with
labeled recursion, but no expansions, using the reducibility method as in (Girard, Lafont,
and Taylor 1990), with an additional astute twist to take care of the sum type and labeled
recursion.
6.1. Reducibility
We define the set REDA of reducible terms of type A by induction on the type A as
follows:
— For M of atomic type A, M e REDA iff M is strongly normalizable
— For M of product type, M e REDAlxAl iff nt(M) e REDAl
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
353
— For M of a sum type, M € REDAi+Al iff, for fresh variables w, : Ah we have
Case(M,Xx : Ai.{x,w2),Xy : A2.(v>\,y)) G REDAiXAl (in the case At is T, we take *
instead of w,-)
— For M of a functional type, M € REDAl^A2 iff for all N G R£r> Xl , (MN) e R£A4 2
Some comments on the sum type are needed here: first of all notice that the notion of
reducibility is well defined: reducibility for a sum type is given in terms of reducibility
for a product type, which has been defined before. Secondly, notice that for all other
types, reducibility is either given directly, as in the case of the base types, or given in
terms of reducibility for types that are strictly smaller. This is not possible for the sum
type, because we have no destructor associated with it, but only a case expression, so
reducibility for A + B really depends on reducibility of A and B together, and we express
this fact by reducing it to reducibility of the product A x B.
6.2. Properties of reducibility
Following Girard, Lafont and Taylor (1990), we define a notion of neutrality: a term is
neutral if does not interact with the surrounding context giving rise to redexes. In our
case, the neutral terms are:
* x Ui(M) Case(P,M,N)
(MN)
(rec y.Mf.
We will prove that REDA enjoys the following properties for all types A:
(CR1) If M G REDA, then M is strongly normalizable.
(CR2) If M e REDA, and M reduces to M', then M' G REDA.
(CR3) If M is neutral and whenever we perform on it one step of reduction we obtain a
term M' G REDA, then M G REDA.
As a special case of the last clause:
(CR4) If M is neutral and no reduction is applicable to it, M e REDA.
In particular, * and the variables are reducible (also the variables of type T, as they can
only reduce to *, which is reducible).
Proposition 6.1. (Properties of reducibility) For every type A, the set REDA satisfies (CR1),
(CR2) and (CR3).
Proof. We will proceed by induction on the type A.
6.2.1. Atomic types
(CR1) A reducible term of atomic type is strongly normalizable by definition
(CR2) If M is strongly normalizable, so is every reduct of M (as reduction preserves the
type)
(CR3) Suppose all one-step reducts of M are reducible, i.e. strongly normalizable. Any
reduction path leaving M must pass through one of its one-step reducts, of which
there are a finite number, so that the longest reduction sequence starting from M has
length the maximum among the 1 + v(M') as M' varies over the (one-step) reducts of
M. Since these lengths are all finite, M is strongly normalizing.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
354
6.2.2. Product types
Then, by definition, we know that 7t,-(M) are reducible,
(CR1) Suppose M G REDAIXA2and thus strongly normalizing, by the induction hypothesis. This implies that M is
strongly normalizing also, because any reduction sequence starting from M can be
turned into a reduction sequence starting from 7r,(M).
(CR2) We know that Jtj(M) G REDAi, by definition. Now consider the possible one-step
reducts of M:
— M reduces to M'. Then also 7r,(M) reduces to
M' is then reducible by definition.
TT,(M')
via the same reduction, and
(CR3) Now let M be neutral (not necessarily reducible) such that all its one-step reducts
are reducible. We must show that nt(M) is reducible of type At. Since M cannot be
a pair (as it is neutral), any one-step reduction of Jij(M) must be to a term TT,(M'),
with M' one step from M. By (CR2), M' is reducible, and then by definition 7r,(M') is
reducible also. Now, 7i;(M) is neutral and all its one-step reducts are reducible, hence
by the induction hypothesis (CR3) for At, 7r,(M) is reducible, hence M is, by definition.
6.2.3. Arrow types
(CR1) Suppose M € REDAl^Al. Then by definition we know that MN is reducible for all
reducible N. In particular, Mx is reducible for a fresh variable x, which is reducible
by the induction hypothesis (CR3) for A\, hence Mx is strongly normalizable. This
implies that M is strongly normalizing also, as all reduction sequences starting from
M can also be performed on Mx.
(CR2) Let M G REDAl^Al reduce to M. For all N e REDAl we have (M'N) G REDAl,
since it is a reduct of (MN), which is reducible, because M and N are. Hence M' is
reducible by definition.
(CR3) Now let M be neutral (not necessarily reducible) such that all one-step reductions
lead to reducible terms. We show that MN is reducible for all reducible N by induction
on v(N), using (CR3) for Ai. Consider a one-step reduction of MN: since M is neutral,
this reduction must be either inside M or inside N and leads to:
— M'N, with M' one step from M, so M' is reducible and hence M'N is.
— MN', with N' one step from N; N' is reducible by (CR2) for Ax, and v(AT) < v(JV),
so by the induction hypothesis MN' is reducible.
Hence all reductions leaving MN lead to a reducible term and hence MN is reducible
for all reducible N, so that M is reducible by definition.
6.2.4. Sum types
(CR1) Suppose M G REDAl+Al. Then by definition Case(M,kx.{x,W2),Xy.(w\,y))
e
REDAlXAl is reducible, hence strongly normalizable, and hence M is strongly normalizable too.
(CR2) Suppose M G REDAi+Al reduces to M'. Then Case(M,lx.{x,w2),Xy.(w\,y))
G
so that, by (CR2) for A x B,
REDA{XAl reduces to Case(M',Xx.(x,w2),ky.(wi,y)),
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
355
which has been proved before, Case(M,Xx.(x,W2),Xy.(wi,y)) S REDAlxAl. Hence M'
is reducible too.
(CR3) Now let M be neutral, and suppose all its one-step reducts are reducible. We will
show that Case(M,Xx.{x,W2),Xy.{w\,y)) (which is neutral) is reducible using (CR3) for
A\ XA2, which has already been proved to hold. Consider the possible one-step reducts:
— Case(M',Xx.(x,W2),Xy.(wi,y)) with M' one step from M: then M' is reducible,
hence by definition Case(M',Xx.(x,W2),Xy.(wi,y)) is reducible
— there is no other one-step reduct, as M is neutral and the terms Xx.(x, w2) and
Xy.(w\,y) are normal.
•
6.3. Reducibility theorem
We are left to show a few more lemmas:
Lemma 6.2. (Pairing) Let M\ : A\, M 2 : A2 be reducible terms. Then (Mi,M 2 ) e
Proof. We need to show that 7t,-((Mi,M2)) G REDAr
Since 7i,-((Mi,Af2)) is neutral, we prove the statement using (CR3): we will show that all
one-step reductions are reducible. We proceed by induction on the sum v(Mi) + v(M2)
of the maximum reduction lengths for M\ and M 2 , (which are finite, as these terms are
strongly normalizable by (CR1)).
The possible reducts are:
— Mi, which is reducible by hypothesis.
— 7r,((M;,M2)): now, M[ is one step from Mu so that v{M[) + v(M2) < v(Mi) + v(M2),
and M[ is reducible by (CR2), so ni((M[,M2)) is reducible by the induction hypothesis.
— Tti((Mi,M'2)): this is shown reducible as the term in the previous case.
•
Lemma 6.3. (Abstraction) Let M : A2 be a term where the variable x : A\ may occur free.
If for every N e REDAl we have M[N/x] G REDAl, then Xx : A\.M G «££>,!, ^ } 2 .
Proo/ We want to show that (Xx.M)P is reducible for all reducible P. Since this term is
neutral, we can prove our lemma using (CR3). We are then left to show that all one-step
reducts of {Xx.M)P are reducible if for all N G REDAl we have M[N/x] G REDAi.
Since M = M[x/x] is reducible by hypothesis (as any variable is reducible), it is strongly
normalizable by (CR1), and we can proceed to prove this last statement by induction on
v(M) + v(P). The term (Xx.M)P converts to:
— M[P/x], which is reducible by hypothesis.
— (Xx.M')P with M' a reduct of M; now, by (CR2), M' is still reducible and, furthermore,
v(M') + v(P) < v(M) + v(P) and M[P/x] reduces to M'[P/x], and this last term is
also reducible, because it is a multi-step reduct of M[P/x] by Lemma 4.5. So the
induction hypothesis tells us that (Xx.M')P is reducible.
— (Xx.M)P' with P' a reduct of P ; now, by (CR2), P' is still reducible and, furthermore,
v(M) + v(P') < v(M) + v ( P ) and M[P/x] reduce to M[P'/x], by Corollary 4.8, so this
last term is also reducible. The induction hypothesis tells us that (Xx.M)P' is reducible.
•
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
356
Lemma 6.4. (Injections) For all terms, M e REDAl iff inlAi+Ai(M) e
REDAl+Al.
Proof. (=>)
We must show that Case{iriAl+Al(M),kx.{x,W2),ky.{v>\,y)) is reducible of type 4 i xA2, i.e.
that nj(Case(in'Ai+A2(M),lx.{x,W2),ky.(wi,y}))
€ REDAl. We will proceed using (CR3), by
induction on v(M), because ni(Case(in'Ai+Ai(M),Xx.(x, W2),/ty.(wi,y))) is neutral.
Consider then all its one-step reducts:
— ((Xx.{x,W2))M), which is reducible because M is reducible and Xx.(x,w2) is reducible
(by Lemma 6.2 applied to the variables x and v/2 we know that (x, W2) is reducible,
and we get reducibility of Xx.(x, W2) by Lemma 6.3; similarly if we have * instead of
w2)
— ni{Case(in'Ai+A2(M'),A.x.(x,W2),A.y.(wi,y})) with M' one step from M, hence reducible
and v(M') < v(M), so that it is reducible by the induction hypothesis
Suppose now, in'Ai+Ai(M) e REDAl+Al.
types,
This means, by definition of reducibility over sum
Case(inAi+A2(M),kx.{x,w2),ky-(wuy))
G
REDAlxAl,
which implies, by definition of reducibility over product types,
m(Case(iriil+A2(M),Xx.(x,W2),Xy.{w1,y)))
€ REDAl
This term reduces to ni((Xx.(x,W2)M)), which in turn reduces to ni((M,w)) and then to
M, which is then reducible by repeated use of (CR2).
•
Lemma 6.5. (Sum) Let P : A + B, M : A - • C and N : B -> C be reducible terms. Then
Case(P,M,N)€REDc.
Proof. We will work by cases on C.
C is an atomic type:
We can use (CR3) for C, as Case(P, M, N) is neutral. We will show by induction on
v(P) + v(M) + v{N) that all one-step reducts of Case(P, M, N) are reducible. Consider
the possible one-step reducts:
— Case(P',M,N), or Case(P,M',N), or Case(P,M,N'): these are reducible by the
induction hypothesis, as all primed terms are reducible by (CR2) on A + B, A —> C,
B —> C, and the measure decreases strictly.
— (RM) if P = in'Aj+A2(R): then R is also reducible by Lemma 6.4, and this term is
reducible as M is.
C = Ci x C2 :
We must show ni(Case(P,M,N)) e REDQ. Since ni(Case(P,M,N)) is neutral, we can
use (CR3) for Q. Since P, M, N, are all reducible, they are all strongly normalizable
and we can proceed by induction on the measure v(P) + v(M) + v(JV). Consider the
possible one-step reducts:
— ni(Case(P',M,N)) or ni(Case{P,M',N)) or ni(Case(P,M,N')): they are reducible
by the induction hypothesis, as all primed terms are reducible by (CR2) on A + B,
A —> C, B —> C, and the measure decreases strictly.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
357
— ni((MR)) if P = iriAi+Ai(R): then R is also reducible by Lemma 6.4, so MR is
reducible and 7t,((MR)) also.
C = d -» C2 :
We must show Case(P,M,N)Q e i?£Z)C2 for all g e K£D Cl - Since Case(P,M,N)Q
is neutral, we can use (CR3) for C2. Since P , M, N, (? are all reducible, they
are all strongly normalizable, and we can proceed by induction on the measure
v(P) + v(M) + v(N) + v(Q). Consider the possible one-step reducts:
— Case(P',M,N)Q, or Case(P,M',N)Q, or Case(P,M,N')Q, or Case(P,M,N)Q':
they are reducible by the induction hypothesis, as all primed terms are reducible
by (CR2) on A + B, A —> C, B —> C and C\, and the measure decreases strictly.
— (RM)Q if P = in'Ai+A2(R): then R is also reducible by Lemma 6.4, and this term is
reducible, as M and Q are.
C = Ci + C2 :
We must show Case(Case(P,M,N),Xx.{x,w2),ly.{w\,y))
e REDclXc2- We can use
(CR3) for C\ x C2, because Case(Case(P,M,N),Ax.(x,W2),A.y.{w\,y))
is neutral. Since
P, M, N, are all reducible, they are all strongly normalizable, and we can proceed by
induction on the measure v(P)+v(M)+v(N).
Let W\ = ky.(wi,y) and W2 = /bc.(x, W2)
and consider the possible one-step reduct:
— Case(Case(P', M, N), W2, WY) or Case(Case(P, M', N), W2, W{) or Case(Case(P,
M, N'), W2, W\): they are reducible by the induction hypothesis as all primed
terms are reducible by (CR2) on A + B, A —* C, B —> C, and the measure decreases
strictly.
— Case((RM), W2, W\) if P = inAi+A2(R): then R is also reducible by Lemma 6.4, and
this term is reducible by definition as M, hence (RM) is also.
•
We will now prove that every reducible instance of a (not necessarily reducible) term
M is reducible. As a consequence, all terms will be reducible.
Theorem 6.6. (Reducibility) Let M be any term (not assumed to be reducible), and suppose
all the free variables of M are among xi,... xn of types A\,... An. If JVi, ...Nn are reducible
terms of types Ai,... An, then M[N/x] is reducible.
1
2
3
4
5
6
Proof. By induction on the structure of M.
M is *. It is neutral and normal, so it is reducible.
M is Xi for some i, then M [N/x] = iV, is reducible
M = ni(M'). By the induction hypothesis, M'[N/x] is reducible, hence, by definition,
Hi(M'[N/x]) = ni(M')[N/x] is reducible.
M = (M\,M2). By the induction hypothesis, the terms Mi[N/x] are reducible, so we
conclude that the term {Ml(N/x],M2[N/x])
= (Mi,M2)\N/x\
is reducible.
M = inAl+Al(M'). By the induction hypothesis, M'[N/x] is reducible, hence by
Lemma 6.4, we have that inAi+Ai{M'[N/x]) = iriAi+Ai(M')[N/x] is reducible.
M = Case(M\, M2, M3). By the induction hypothesis, the terms M,[N/x] are reducible,
hence we have that Case(Mi[~N/x],M2[~N/x],M3[N/x\)
= Case(MuM2,M3)[TJ/x]
is
reducible.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
358
7
M = (M1M2). By the induction hypothesis, the terms Mt[N/x] are reducible, so we
conclude that the term (Mi[N /x]M2[N~ /x]) = (MiM2)[N/x] is reducible.
8 M = iy.M'. Then by the induction hypothesis M'[N/x][N'/y] is reducible for all
reducible terms N'. By Lemma 6.3, Ay.M'[N/x] = (ly.M')[~N/x] is reducible.
9 M = (recy.M'y. By the induction hypothesis, M'[N/x] is reducible. We will show
reducibility for {recy.M'y[N/x] by induction on i + v(M'). Since (recy.M)'[N/x] is
neutral, we will use (CR3) for the type A of (recy.M)'. Consider the one-step reducts
of (recy.Mf [N/x]:
— (recy.M'y [N/x] with M" one step from M'. Then M"[N/x] is reducible for all
reducible JV*, because it is a multi-step reduct of the reducible term M'[N/x]
(Lemma 4.5). Furthermore,/ + v(M") < i + v(M'), so by the induction hypothesis
(recy.M"[N/x])1 = (recy.M"y[N/x] is reducible.
— M'[N/x][(recy.M'[N/x]y~l/y].
Then (recy.M'y-1 [N/x] = (recy.M'[N/x])1-1 is reducible by the induction hypothesis, telling us that [N /x][(recy.M'[N /x])'-1 / y] is
a substitution of reducible terms for a set of variables containing the free variables
of M', which gives us reducibility of the term M'[N/x] [(recy.M' [N/x])''1 / y].
^
Corollary 6.7. (Strong Normalization) All terms are reducible, hence strongly normalizable.
6.4. Another method
It is also possible to adapt a proof based on the notion of stability, such as the one
provided by Poinge and Voss (1987). We just give here the basic definition, and refer the
interested reader to Di Cosmo and Kesner (1993b) for full details.
6.5. Stability
We define a set of stable terms of type A by induction on the type A as follows:
— For M of atomic type A, M is stable if and only if it is strongly normalizing.
— For M of type A\ x A2, M is stable if and only if it is strongly normalizing and
whenever M reduces to {M\,Mi), then Mi and Mi are stable terms of type A\ and
Ai, respectively.
— For M of type A\ + Ai, M is stable if and only if it is strongly normalizing and
whenever M reduces to iriAl+Al(M') then M' is stable of type At.
— For M of type Ai —• A2, M is stable if and only if for every stable term N of type A\,
MN is a stable term of type Ai.
1. Confluence of the full calculus
In this section we deduce the confluence property for the calculus with bounded recursion
as well as for the version with unbounded recursion.
We can immediately deduce the confluence property for the bounded system from the
weak confluence and strong normalization properties using Newman's Lemma. However,
we can also provide an extremely simple and neat proof that does not need the weak
confluence property for the expansionary system.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
359
Theorem 7.1. (Confluence) The relation = > is Church-Rosser.
Proof. Since = > is weakly confluent by Theorem 4.11 and strongly normalizing by
Theorem 5.13 we can conclude that it is Church-Rosser by the well-known Newman's
lemma.
The other proof of confluence proceeds as follows.
Let M be a term such that Pi * < = M = > * Pi- Since = > is strongly normalizing, we
can reduce the terms P; to their normal forms P,. Then we have Pi * < = M ==>* P2, and
by Theorem 5.12 P7° +<=M°=*-+P2° without expansions in the reduction sequences. As
the system without expansions is confluent (we showed that it is strongly normalizing, and
weak confluence without expansions can be shown as easily as for the simply typed lambda
calculus), we can close the internal diagram with P7° =>* R *<= PV. Now, ?7° =iemma 5.6
Pit so we can complete the proof using the reductions Pi =>* Pi = > * R *<= P2 * < = Pi
(notice that Pi = R = P2). The following figure shows the reduction diagram:
M
R
D
In order to show confluence of the full calculus we relate, in the first place, the bounded
reduction = > and the unbounded one =^=> , and then we use the confluence of ==> to
show the confluence of =^=> . This very same technique, that originates from early work
of Levy (Levy 1976), was used in Poigne and Voss (1987). The connection between the
reductions = > and ==> comes from the following:
Remark 7.2. If M =>* N, then \M\ ===> \N\, where \M\ is obtained from M by removing
all the indices from the rec terms.
Lemma 7.3. For any reduction sequence Mo ==> Mi =^> ... =^> Mn, there exists an
indexed computation No => N\ = > ... = > JVn such that |N;| = Mt, for i = 0 . . . n.
Proof. Index all the rec constructors in Mo by a number n + k, with k > 0.
•
Confluence of the full calculus now results from the confluence of the bounded calculus.
Theorem 7.4. =^> is Church-Rosser.
Proof. Let M = P o =^> Pi =^> ... ^ > Pn and M = Qo ^ > Qx ^ > ... =^> Qm. By
Lemma 7.3, PQ => P[ => ... => Pn and Qo = * Qj => ... => Qm are indexed computations, where \P'( \ = P,, for i = 0 . . . n and |Q)| = Qt, for i = 0 . . . m.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
360
We can assume that PQ = Go by indexing P° and Q° with n + m. As = > is ChurchRosser by Theorem 7.1, there exists a term R such that Pn =>* R and g m ==>* K. By 7.2
D
Pn = \K\ ^=>* \R\ and Qm = \Q>m\ ^ * \R\.
8. Adding weak extensionality for the sum type
In this section we show how to apply our techniques to accommodate in our system the
weak extensionality for the sum type, which is described by the following equality, which
tells us that any term P of sum type Ai + A2 is definitely an injection from one of the
two types Af.
Case{P,Xx.inl(x),ly.in2(y))
=P
(1)
This is the usual equality found in proof theory, associated to the logical connective for
disjunction (see for example Girard, Lafont, and Taylor (1990) or Girard (1972)). We call
this rule 'weak' because in category theory there is another stronger kind of extensional
equality associated to the sum, which is used to axiomatize the uniqueness of the sum of
two arrows in the diagram for the coproduct, namely
Case{P, M o Xx.in\x), M o Xy.in2(y)) = MP,
(2)
where M o Af is the usual abbreviation for the composition Xx.(M(Nx)).
One can easily see that this strong rule really breaks down into two simpler rules: the
weak rule 1 we just introduced and the following commutation rule:
Case{P, MoNuMo
N2) = MCase{P, NUN2)
(3)
If one really wants the equality in (2), it seems to be a difficult task to provide a
confluent system for the extensional theory with arrow, product and coproduct types, as
discussed in Dougherty (1990), and to the author's best knowledge, there are no positive
results in that direction.
Notice also that equation (1) can be easily added to a reduction system with no T
type, where all the extensional equalities are turned into contractions, as done for example
in Gallier (1993). In the presence of the T type, the use of contraction rules forces us to
proceed along the lines of Curien and Di Cosmo (1991), and to generate an infinite set of
reduction rules.
It is not obvious how to add weak extensionality for the sum to our system, as the
nai've idea of adding the equality in (1) as a contraction rule breaks confluence, as the
following example shows:
Case(w,Xx : A -> B.in\A^B)+c{x),Xy
Case(w,Xx : A -> B.in\A^B)+c{Xz
:
C.infA_B)+c(y))
: A.xz),Xy : C.in\A
This problem comes from the fact that the term Ax : A —> B.in^_ B ) + c (x) is not in
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
Simulating expansions without expansions
361
normal form with respect to the rules n, 5 and Top. This also suggests the solution:
it suffices to completely expand the terms IN1 = Xx.inl{x) and IN2 = Xy.in2(y) with
respect to the rules n, 6 and Top (which we now know are strongly normalizing) before
performing the contraction for the weak sum extensional equality.
So we are led to consider the contraction rule:
) - ^ P,
where ||M|| denotes the normal form of M with respect to r\, b and Top expansions.
It is now straightforward to check that the weak confluence property still holds, and
one is left to check that the simulation theorem stays valid.
For that, we have to verify that Case(P, \\INl ||, ||/AT2 ||)°=s>+P° without using expansion
rules in the reduction sequence, and this is obtained by:
Case(P,\\IN1\\,\\IN2\\r
=
AkA+BCase(P°,\\INl\\°,\\IN2\\°) =
AkA+BCase(Po,\\IN1\\,\\IN2\\)=2=>
Notice that the rules n, d and Top do not create new redexes, as shown in Lemma 3.7,
so, in particular, \\IN'\\ is still in normal form, and the equality ||/N'||° = ||/JV'|| can be
obtained from Lemma 5.6.
9. Conclusions
We have provided a confluent rewriting system for an extensional typed 1-calculus with
product, sum, terminal object and recursion, which is also strongly normalizing when the
recursion operator is bounded. There are two main relevant technical contributions in
this paper: the weak confluence proof and the simulation theorem.
On the one hand, let us remark once again that the weak confluence property for a
context-sensitive reduction system is not as straightforward as for reduction systems that
are congruencies. The proof is no longer just a matter of a boring but trivial case analysis,
so we have had to explore and analyze here the fine structure of the reduction system,
showing clearly how substitution and reduction interact in the presence of context-sensitive
rules.
The simulation theorem, on the other hand, turns out to be the real key tool for this
expansionary system: it allows us to reduce both confluence and strong normalization
properties to those for the underlying calculus without expansions, which can be proved
using the standard techniques. In a sense, this is all that you really need to prove.
References
Akama, Y. (1993) On Mints' reductions for ccc-calculus. In: Bezem, M. and Groote, J. (eds.) Typed
Lambda Calculus and Applications. Springer-Verlag Lecture Notes in Computer Science 664 1-12.
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35
R. Di Cosmo and D. Kesner
362
Barendregt, H. (1984) The Lambda Calculus; Its syntax and Semantics (revised edition). NorthHolland.
Curien, P.-L. and Di Cosmo, R. (1991) A confluent reduction system for the ^.-calculus with
surjective pairing and terminal object. In: Leach, Monien, and Artalejo (eds.) Intern. Conf. on
Automata, Languages and Programming (ICALP). Springer-Verlag Lecture Notes in Computer
Science 510 291-302.
Curry, H. and Feys, R. (1958) Combinatory Logic, volume 1. North-Holland.
Cubric, D. (1992) On free ccc. Distributed on the types mailing list.
Di Cosmo, R. and Kesner, D. (1993a) A confluent reduction for the extensional typed A-calculus
with pairs, sums, recursion and terminal object. In: Lingas, A. (ed.) Intern. Conf. on Automata,
Languages and Programming (ICALP). Springer-Verlag Lecture Notes in Computer Science.
Di Cosmo, R. and Kesner, D. (1993b) Simulating expansions without expansions. Technical Report
LIENS-93-ll/INRIA 1911, LIENS-DMI and INRIA.
Dougherty, D. J. (1990) Some reduction properties of a lambda calculus with coproducts and recursive
types. Technical report, Wesleyan University, E-mail: ddoughertyQeagle.wesleyan.edu.
Dougherty, D. J. (1993) Some lambda calculi with categorical sums and products. In: Proc. of the
Fifth International Conference on Rewriting Techniques and Applications (RTA).
Gallier, J. (1993) On the correspondence between proofs and X-terms. (Available by anonymous ftp
from ftp.cis.upenn.edu.)
Girard, J.-Y. (1972) Interpretation fonctionelle et elimination des coupures dans I'arithmetique d'ordre
superieure, These de doctorat d'etat, Universite de Paris VII.
Girard, J.-Y., Lafont, Y. and Taylor, P. (1990) Proofs and Types, Cambridge University Press.
Huet, G. (1976) Resolution
d'equations
dans les langages d'ordre 1,2,...,to, These d'Etat, Universite
Paris VII.
Jay, C. B. (1992) Long fin normal forms and confluence (and its revised version). Technical Report
ECS-LFCS-91-183, LFCS, University of Edimburgh.
Jay, C. B. and Ghani, N. (1992) The virtues of eta-expansion. Technical Report ECS-LFCS-92-243,
LFCS, University of Edimburgh.
Klop, J. W. (1980) Combinatory reduction systems. Mathematical Center Tracts 27.
Levy, J.-J. (1976) An algebraic interpretation of the /l/?K-calculus and a labelled 1-calculus. Theoretical Computer Science 2 97-114.
Lambek, J. and Scott, P. J. (1986) An introduction to higher order categorical logic, Cambridge
University Press.
Mints, G. (1977) Closed categories and the theory of proofs. Zapiski Nauchnykh Seminarov
Leningradskogo Otdeleniya Matematicheskogo Instituta im. V.A. Steklova AN SSSR 68 83-114.
Mints, G. (1979) Teorija categorii i teoria dokazatelstv. I. Aktualnye problemy logiki i metodologii
nauky 252-278.
Pottinger, G. (1981) The Church Rosser Theorem for the Typed lambda-calculus with Surjective
Pairing. Notre Dame Journal of Formal Logic 22 (3) 264-268.
Prawitz, D. (1971) Ideas and results in proof theory. Proceedings of the 2nd Scandinavian Logic
Symposium 235-307.
Poigne, A. and Voss, J. (1987) On the implementation of abstract data types by programming
language constructs. Journal of Computer and System Science 34 (2-3) 340-376.
Troelstra, A. S. (1986) Strong normalization for typed terms with surjective pairing. Notre Dame
Journal of Formal Logic 27 (4).
http://journals.cambridge.org
Downloaded: 02 Apr 2015
IP address: 138.251.14.35