[IEEE 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007) - Wroclaw, Poland...

Strong Normalization as Safe Interaction

Colin RibaINPL & LORIA!, Nancy, France

E-mail: [email protected]

Abstract

When enriching the !-calculus with rewriting, uniontypes may be needed to type all strongly normalizing terms.However, with rewriting, the elimination rule (! E) of uniontypes may also allow to type non normalizing terms (inwhich case we say that (! E) is unsafe). This occurs inparticular with non-determinism, but also with some con-fluent systems. It appears that studying the safety of (! E)amounts to the characterization, in a term, of safe interac-tions between some of its subterms.

In this paper, we study the safety of (! E) for an exten-sion of the !-calculus with simple rewrite rules. We provethat the union and intersection type discipline without (! E)is complete w.r.t. strong normalization. This allows to showthat (! E) is safe if and only if an interpretation of typesbased on biorthogonals is sound for it. We also discuss twosufficient conditions for the safety of (! E), and study an al-ternative biorthogonality relation, based on the observationof the least reducibility candidate.

1. Introduction

Strong normalization is an important property of proofsystems such as natural deduction. Proofs of strong normal-ization based on realizability indicate that a crucial point isto understand how !-terms (i.e. proof-trees) can interactwith each other while preserving strong normalization.

From a different perspective, strong normalization is re-lated to must properties of full "-reduction, that hold for aterm when they hold for all of its reducts (see [8] for a dis-cussion and references on a notion of must convergence).Strong normalization is the minimal must property of full "-reduction in the sense that strongly normalizing terms sat-isfy all must properties of full "-reduction. This suggeststo study the interaction properties for strong normalizationof the !-calculus extended with simple but possibly non-

!UMR 7503 CNRS-INPL-INRIA-Nancy2-UHP, Campus Scientifique,BP 239, 54506 Vandoeuvre-les-Nancy Cedex, France

deterministic rewrite rules. A pathological case is the de-monic non-deterministic operator +, defined such that theterm t1 + t2 reduces either to t1 or to t2.

Our starting point is the following observation. Whenenriching the !-calculus with such rewrite rules, intersec-tion types are not always sufficient to characterize strongnormalization. Union types may be needed in order to typefunction symbols defined by rewrite rules having differ-ent interaction properties w.r.t. strong normalization. Butit is possible that the rule (! E) of elimination of unionallows to type non normalizing terms (in which case wesay that (! E) is unsafe). This happens with demonicnon-determinism, but also with some confluent systems,whereas (! E) is harmless with some non-confluent ones.

It has to be noted that (! E) breaks the subject reductionproperty, even for the pure !-calculus [2]. In our case, thetype system is essentially a syntactic approximation of in-teraction properties of terms. It is therefore desirable that itgives as much information as possible, even if the approx-imation is too rough to be preserved by reduction. Hence,it is interesting to understand what kind of properties aregiven by (! E), and what does its safety mean. A similarview is also taken in [4], where subject reduction fails be-cause of existential types.

The properties we are interested in can be character-ized by sets of terms satisfying some closure conditions[19, 18]. Biorthogonality can give interesting closure op-erators, where a closed set is described by a set of contextswith which all terms of the set interact safely [14, 6]. Thisgives very informative interpretations of (! E), as shownin [19, 18]. However, in these works, biorthogonals arebuilt on the observation of reduction without error, possi-bly involving infinite computations. Moreover, in its fullversion, (! E) behaves well with call-by-value evaluation[19], whereas must properties are more naturally manipu-lated via (weak) head reductions, that correspond to call-by-name evaluation. Regarding strong normalization, it wastherefore unclear how to handle the biorthogonal interpre-tation of the full rule (! E).

In this paper, we study a biorthogonal type interpretationwhich we show to be sound for (! E) if and only if (! E)

1

22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007)0-7695-2908-9/07 $25.00 © 2007

is safe, that is, if and only if it can be added to the typesystem while preserving strong normalization. This meansthat regarding strong normalization, biorthogonals providethe best possible interpretation of (! E). This also givesa computational interpretation to biorthogonality, that wereintroduced in realizability to deal with classical logic [14].

The key point is that the membership of a term to abiorthogonal can be tested by observing the strong normal-ization of this term plugged in suitable contexts. Since in-tersection and union types (without (! E)) are sound andcomplete w.r.t. strong normalization, we can extract all theinformation we need from the observation of strong normal-ization.

It appears that the safety of (! E) is equivalent to a safeinteraction principle wich says that if each one-step reductof an elimination term can be safely duplicated in a capture-avoiding context, then this term can be safely duplicated inthat context. Hence, its different reducts have to interactsafely with each other in that context. Intuitively, such sys-tems have a kind of uniform computational behavior.

Then we consider sufficient conditions for the safety of(! E). Besides Girard’s reducibility candidates (whose sta-bility by union is studied in [16]), we consider the interpre-tation of types arising as the closure by union of a biorthog-onality operator. In this case, types are interpreted by non-empty sets upward-closed w.r.t. the observational preorderissued from the orthogonality relation. We show that thesesets are reducibility candidates if and only if each elimi-nation term is greater w.r.t. that preorder than one of itsimmediate reducts.

A natural question is whether (! E) is safe with rewritesystems for which intersection types are sufficient for thecompleteness of type assignment w.r.t. strong normaliza-tion (i.e. when unions are not needed). We show that this isnot the case. However, it is interesting to note that when re-ducibility candidates are stable by union, intersection typesare sufficient to type strongly normalizing terms.

We conclude by a discussion on an alternative orthogo-nality relation built on the observation of the least reducibil-ity candidate. It amounts to observing strongly normaliz-ing reduction to an error term. This induces a biorthogonaltype interpretation having a better adequacy with the typesystem and would allow for a more natural subtyping rela-tion. However, for the soundness of (! E), it is not clearwhether these biorthogonals are equivalent to those issuedfrom strong normalization.

Related Work. Intersection and union types are exten-sively studied in [7, 8, 9] as the logical intermediate to buildfully abstract filter models of non-deterministic !-calculi.These works consider must normalization of (weak) headreduction. Here, must normalization of a reduction rela-tion means convergence of any reduction with this relation.

This makes sense in non-deterministic calculi even if theconsidered relation is not the full reduction. In [7, 8] it isremarked that (! E) makes the soundness of the type sys-tem to fail w.r.t. the considered property. Because they arein a must setting, we think that problems caused in theircases by (! E) are in essence similar to ours.

Recent applications of union types are the XML process-ing languages XDuce [12] and CDuce [10].

Concerning strong normalization, existential types areextensively used in the type system of [4]. These typesare interpreted using infinite unions, and this motivated ourstudy of stability by union of Girard’s candidates.

Our integration of rewriting with intersection types is in-spired from [5]. In comparison to this work, we use simplerrewrite rules and function symbols with a fixed arity. Thus,we get completeness of type assignement w.r.t. strong nor-malization.

Our presentation of biorthogonals is inspired from [6],see also [14, 19, 15]. For properties on !-calculus and(union and intersection) types, we refer to [13, 11, 3, 7, 2].

Outline. We present the calculus in Sec. 2, with a discus-sion on (! E) and examples of its unsafety. Section. 3 isdevoted to the soundness and completeness of the type sys-tems (without (! E)). Our main result on the biorthogonalinterpretation of (! E) is presented in Sec. 4. We discusssufficient conditions for safe interaction in Sec. 5. Finally,in Sec. 6, we briefly discuss the orthogonality relation builton the observation of the least reducibility candidate.

2. Preliminaries

2.1. Types and Terms

Let X be a countable set of variables. We write !(S) forthe set of !-terms with constants in a set S of symbols offixed arity:

t, u " !(S) ::= x " X | t u | !x.t | f(t1, . . . , tn)

where f " S is a symbol of arity n. We write ! for !(S)when S is clear from the context. As usual, terms are con-sidered modulo #-conversion. Let FV(t) be the set of vari-ables occurring free in t. By $t we mean a sequence of termsof length |$t|; we use the same notation for types, etc.

We write R for any set of rewrite rules of the form

f($x) #$ r

where f " S, $x is made of distinct variables, r " ! andFV(r) % $x. We write f($x) #$R r for f($x) #$ r " R.Let R(f) such that r " R(f) iff f($x) #$R r and S = F &C where f " C if R(f) = ' and f " F otherwise. Thecapture-avoiding substitution of u for x in t is denoted by


T ( T

U2 ( U1 T1 ( T2

U1 ) T1 ( U2 ) T2

T ( U U ( V

T ( V

(T ) U1) * (T ) U2) ( T ) (U1 * U2)

T1, T2 ( U

T1 ! T2 ( U T1, T2 ( T1 ! T2

T1 * T2 ( T1, T2

T ( U1, U2

T ( U1 * U2

t[u/x]. We generalize substitutions to functions % : X $ !with t% =def t[%(x)/x | x " dom(%)]. Define $ to bethe smallest relation on ! stable by context and substitutionwhich contains #$R and (!x.t)u #$β t[u/x].

We assume that $ is finitely branching, hence that R(f)is finite for each f " F . Define (t)! =def {u | t $ u} andlet $" be the reflexive transitive closure of $. We write(t1, . . . , tn) $ (t#1, . . . , t#n) iff there is i such that ti $ t#iand tj = t#j for all j += i. A term t is strongly normaliz-ing (t " SN ) iff every reduction sequence issued from t isfinite.

Types are the following, where o is the base type:

T,U " T ::= o | T ) U | T * U | T ! U .

Subtyping rules are in Fig. 1. They axiomatize the fact that(T ,(,*,!) is a preorder with all finite non-empty g.l.b.’sand l.u.b.’s. Note that contrary to [7, 8], (T ,(,*,!) is notdistributive.

Typing contexts are functions " : X $ T . We write(x : T ) " " when "(x) = T and x " " when x " dom(").Given "0 and "1, we let "0 * "1 be the context such that

"0 * "1(x) =def

!"0(x) * "1(x) if x " "0 , "1 ,"i(x) if x " "i \ "1$i .

Typing rules are given in Fig. 2. We write " -% t : Tfor typing judgments in the system without ! and T% for thecorresponding set of types. Note that for ty " {*,*!}, if" -ty t : T , then for all "# we have " * "# -ty t : T andmoreover " * "# -%& t : T ! T # for all T # " T .

The rule (FUN), which is not usual, is inspired from[5]. Let us explain it with an example. Consider a sym-bol f " S defined with rewrite rules f($xi) #$R ri for alli " {1, . . . , n} and some n . 0. Assume that " -%& $t : $Tand that for all i " {1, . . . , n}, there is a type Ui such that", $xi : $T -%& ri : Ui. Then, using (SUB) and (FUN) wecan conclude that " -%& f($t) :

"1'i'n Ui. Note that if

f " C, then for all type U we have " -%& f($t) : U .

2.2. The Elimination Rule of Union Types (! E)

In this section, we discuss the rule (! E). In the pro-cess, we may anticipate on some results presented later inthe paper. The elimination rule of union is the following:

(! E)

", x : T1 - c : C" - t : T1 ! T2 ", x : T2 - c : C

" - c[t/x] : C

We denote by -%! the type system -%& in which we addedthe rule (! E).

The rule can be read as follows: if t : T1 ! T2 and forall i " {1, 2} (v : Ti ) c[v/x] : C) then c[t/x] : C.Intuitively, this can be problematic if ! is not a union, i.e. ifthere is t such that t : T1 ! T2 but neither t : T1 nor t : T2.Such a situation can occur with non-determinism. Indeed,consider the rewrite system:

t1 + t2 #$R t1 t1 + t2 #$R t2 .

Assume that t =def t1 + t2, where t1 can be given the typeT1 but not T2, and vice-versa for t2. Then, t is not in theunion of T1 and T2, since it is neither in T1 nor in T2.

Example 2.1. We now give an example of unsoundnessof (! E). Let t1 =def !z.zy& and t2 =def !z.& where& =def !x.xx. It is clear that t1t1 and t2t2 are stronglynormalizing. However, t1t2 $" && /" SN 1.

By completeness of type assignment in -% (see [13, 11]),for i = 1, 2 there are Ti, Ui, Vi such that y : Vi -% ti : Ti

and y : Vi, x : Ti -% xx : Ui. Hence we have:

(! E)

y : V1 * V2 -%& t1 + t2 : T1 ! T2

y : V1 * V2, x : T1 -%& xx : U1 ! U2

y : V1 * V2, x : T2 -%& xx : U1 ! U2

y : V1 * V2 -%! (t1 + t2)(t1 + t2) : U1 ! U2

but (t1 + t2)(t1 + t2) $" t1t2 $" && /" SN .

Example 2.2. This can also occur with confluent systems,such as the following one:

f #$R !xy.g(xa&) f #$R !xy.g(yy) g(x) #$R a .

Let u1 =def !xy.g(xa&) and u2 =def !xy.g(yy). Sincewe have u1u1 " SN and u2u2 " SN , by Completeness(Thm. 3.11) and Interpolation (Prop. 3.8), there are T1, T2

and U such that:

(! E)

x : T1 -%& xx : U-%& f : T1 ! T2 x : T2 -%& xx : U

-%! ff : U

but ff $" u1u2 $" !y.g(g(&&)) /" SN .

The examples above suggest that (! E) asks for call-by-value evaluation. Intuitively, before performing the substi-tution c[t/x], one should normalize t in order to determineif it belongs to T1 or to T2.

1We thank Philippe de Groote for this example.


(AX)", x : T -%& x : T

(FUN)" -%& $t : $T /f($x) #$R r, ", $x : $T -%& r : U

" -%& f($t) : U

() I)", x : U -%& t : T

" -%& !x.t : U ) T() E)

" -%& t : U ) T " -%& u : U

" -%& tu : T

(* I)" -%& t : T1 " -%& t : T2

" -%& t : T1 * T2(SUB)

" -%& t : T T ( U

" -%& t : U

3. Soundness and Completeness

In this section, we prove soundness and completeness oftyping in -%& (i.e. without (! E)) w.r.t. strong normaliza-tion. This is the occasion to introduce basic notions on re-ducibility, that are used for biorthogonality-based reducibil-ity in Sec. 4.3. We also prove a few consequences of com-pleteness, which are important for our analysis of (! E).

3.1. Reducibility

We introduce well-known basic tools for reducibility.This presentation is consistent with [16], where more de-tails can be found.

As advocated in [19, 18], it is convenient to see type in-terpretations as closure operators. Recall that a closure op-erator on a partial order (D,() is a function · : D $ Dwhich is idempotent: x = x; extensive: x ( x; and mono-tone: x ( y ) x ( y. It is well-known that the greatestlower bound of a family of closed elements is closed.

Definition 3.1 (Neutral terms). A term t is neutral (t " N )iff it is not an abstraction and hereditary neutral (t " HN ),iff t " SN and t never reduces to an abstraction.

Definition 3.2 (Reducibility Candidates). The set CR of re-ducibility candidates is the set of all C % SN such that(CR0) if t " C and t $ u then u " C,(CR1) if t " N and /u(t $ u ) u " C) then t " C.

The property (CR1) is also called the neutral term prop-erty. It is easy to define a function · : P(SN ) $ P(SN )such that A is the smallest reducibility candidate containingA. This is a closure operator on (P(SN ),%).

Proposition 3.3 (Candidates Lattice). The partial order(CR,%) is a complete lattice with least element HN , great-est element SN and whose g.l.b.’s are given by

#.

We turn to the interpretation of arrow types.

Proposition 3.4 (Arrow Type Constructor). The arrow typeconstructor ): P(!)0 P(!) $ P(!), defined as

A ) B =def {t | /u(u " A ) tu " B)}

maps A,B " CR to a reducibility candidate.

We interpret T " T by !T " " CR as follows:

!o" =def SN!T ) U" =def !T " ) !U"!T * U" =def !T " , !U"!T ! U" =def !T " 1 !U" .

There are many choices possible for !o". In our case, an-other interesting one is !o" = HN (see Sec. 6 and Theo-rems 3.12 and 6.1).

3.2. Soundness

We show that " -%& t : T implies t " SN .

Proposition 3.5 (Soundness of Subtyping). If T ( U then!T " % !U".

Given a substitution % : X $ ! and a context ", wewrite % |=! · " " when %(x) " !T " for all (x : T ) " ".Recall that the rule (! E) is not present in -%&.

Theorem 3.6 (Soundness of Typing). If " -%& t : T and% |=! · " " then t% " !T ".

Proof. By induction on " -%& t : T , using Prop. 3.5 for(SUB). We detail the case of (FUN).

Let % |=! · " " and $t# =def $t%. By induction hypothesis,$t# " !$T ". We have to show that t# =def f($t#) " !T ". Sincethis term is neutral, it suffices to show that (t#)! % !T ".We reason by induction on $t# " SN . Let v " (t#)!. Ifv = f($u) with $t# $ $u, then by (CR0), $u " !$T " and weconclude by induction hypothesis on $u. Otherwise, there isa rule f($x) #$R r such that v = r[$t#/$x] and since $t# " !$T ",by induction hypothesis on ", $x : $T -%& r : T we haver[$t#/$x] " !T ".

Corollary 3.7. If " -%& t : T then t " SN .


3.3. Completeness

The main result of this section is the completeness of in-tersection and union types with respect to strong normal-ization: if t " SN , then there are " and T such that" -%& t : T . The result is proved in [13, 11] for the pure!-calculus with intersection types.

We begin by two important properties, that are charac-teristic of intersection types. They are the key properties forcompleteness.

Proposition 3.8 (Interpolation). If " -%& t[u/x] : T and" -%& u : U with x /" ", then there is a type V such that", x : V -%& t : T and " -%& u : V .

Proof. By induction on t.

Lemma 3.9 (Weak Head Expansion).

(i) Assume that " -%& u : U and " -%& t[u/x]$v : T .Then " -%& (!x.t)u$v : T .

(ii) For all f " F , if " -%& $t : $T and " -%& r[$t/$x]$v : Tfor all f($x) #$R r, then " -%& f($t)$v : T .

Proof. The two points are similar: the property is provedby induction on |$v|, and the base case is obtained usingProp. 3.8.

For the proof of completeness itself, we use an induc-tion on a preorder that combine reduction and subterm andwhich is well-founded on SN .

Definition 3.10. We let2 be the smallest preorder such thatt 2 u if either u $ t or t is a strict subterm of u.

Theorem 3.11 (Completeness). If t " SN , then there are" and T such that " -%& t : T .

Proof. The proof is by induction on 2 and uses Lem. 3.9.We only detail the case of t = f($t)$v with f " F .

First, note that $t 2 t. For all f($x) #$R r, we haver[$t/$x]$v 2 t and by induction hypothesis there are "r, $Tr

and Vr such that "r -%& $t : $Tr and "r -%& r[$t/$x]$v : Vr.Now, taking " =def

$r(R(f) "r, $T =def

$r(R(f)

$Tr and

V =def"

r(R(f) Vr, we have " -%& $t : $T and for all

f($x) #$R r, " -%& r[$t/$x]$v : V . We conclude that" -%& f($t)$v : V thanks to Lem. 3.9.(ii).

Note that without further assumptions on R, union typesare required for Thm. 3.11. The next result says that itwould have been complete to interpret o by HN , the leastelement of CR.

Theorem 3.12 (HN -Completeness). If t " HN then forall T " T there is " such that " -%& t : T .

Proof. Similar to Thm. 3.11. We reason by induction on 2,using Thm. 3.11 and Lem. 3.9.

3.4. Two Interesting Consequences

We now prove two consequences of soundness and com-pleteness of -%&. They play an important role in our anal-ysis of (! E). The first one says that "-reduction leads touniform computations.

Theorem 3.13. If (!x.t)u " SN and v[t[u/x]/y] " SNthen v[(!x.t)u/y] " SN .

Proof. Since (!x.t)u " SN , we have also u " SN andt[u/x] " SN . It follows from Thm. 3.11 that there are "#,T and U such that "# -%& u : U and "# -%& t[u/x] : T .

On the other hand, still thanks to Thm. 3.11, there are "##,V such that "## -%& v[t[u/x]/y] : V . Let " =def "# * "##.Since " -%& t[u/x] : T , we can use Lem. 3.9.(i) to obtain" -%& (!y.v)(t[u/x]) : V . It follows that there is T # suchthat " -%& !y.v : T # ) V and " -%& t[u/x] : T #.

Furthermore, since " -%& u : U , using Lem. 3.9.(i) wehave " -%& (!x.t)u : T #. Then, " -%& (!y.v)((!x.t)u) :V , and it follows that v[(!x.t)u/y] " SN by Cor. 3.7.

The analogous of this property for #$R will be shown tobe equivalent to the safety of (! E) in Sec. 4.

Note that the capture-avoiding substitution is essentialhere. Indeed, the property fails if we replace v by a contextC[ ] able to capture variables. For example (see [17]), withC[ ] =def (!y.[ ])&, and (!x.t)u =def (!x.z)(yy), we haveC[t[u/x]] = (!y.z)& which is in SN , but C[(!x.t)u] =(!y.(!x.z)(yy))& $ (!x.z)(&&) /" SN .

Now, we show that hereditary neutral terms are reallyneutral, in the sense that they can be safely substituted inany strongly normalizing term.

Theorem 3.14. If t " HN and v " SN then v[t/x] " SN .

Proof. First, assume that x /" FV(t). Since v " SN , byThm. 3.11, there are "##, T and V such that "##, x : T -%&v : V . Moreover, since t " HN , by Thm. 3.12, there is "#

such that "# -%& t : T . Hence, taking " =def "# * "## wehave ", x : T -%& v : V and " -%& t : T . It follows that" -%& (!x.v)t : V , hence v[t/x] " SN by Cor. 3.7.

Now, assume that x " FV(t). Let y /" FV(t, v) andt# =def t[y/x]. Then we have t# " HN hence v[t#/x] " SNand v[t/x] = (v[t#/x])[x/y] " SN .

4. Safe Interaction

We now address the problem of the safety of the elimi-nation rule of union:

(! E)

", x : T1 - c : C" - t : T1 ! T2 ", x : T2 - c : C

" - c[t/x] : C


Recall that -%! is the type system -%& in which we addedthe rule (! E). Since we have proved in Sec. 3.2 that ty-pability in -%& implies strong normalization, proving thesafety of (! E) reduces to proving strong normalization ofterms typable in -%!.

In this section, we use biorthogonality to define an inter-pretation # · $ : T $ CR such that the following points areequivalent (see Thm. 4.8):

(!E) is safe: If " -%! t : T then t " SN .

(IP) If f " F , f($t) " SN and v[r[$t/$x]/y] " SN for allf($x) #$R r, then v[f($t)/y] " SN .

# · $ is sound: If " -%! t : T and % |=# · $ " then t% " #T $.

This means that biorthogonality gives the best possibleinterpretation of (! E) w.r.t. strong normalization: if typa-bility in -%! implies strong normalization, then the inter-pretation # · $ is sound. This also gives a purely computa-tional interpretation of biorthogonality.

4.1. The Interaction Principle

The interaction principle (IP) says that if each one-step reduct of a neutral term can be safely duplicated in acapture-avoiding context, then this term can be safely du-plicated in that context. Hence, its different reducts have tointeract safely with each other in that context.

We now show that the safety of (! E) implies (IP).

Theorem 4.1. If (! E) is safe, then (IP) holds.

Proof. Similar to Thm. 3.13, using that for all n . 1, thefollowing rule is derivable in -%!:

" -%! t :$

1'i'n(Ui ) T )" -%! !x.tx : (

"1'i'n Ui) ) T

(x /" FV(t))

4.2. Orthogonality

We will show that the maximal method for the soundnessof (! E) is given by biorthogonals. We introduce the mainnotions below.

Given two sets A and #, and a relation 33 % A0#, let

/A % A, A)) =def {' " # | /a (a " A ) a33 ')} ;

/P % #, P)) =def {a " A | /' (' " P ) a33 ')} .

Let us discuss a few properties of ( · ))). First, it is easyto see that ( · ))) is anti-monotonic: X % Y implies Y )) %X)). It follows that X = X)))) iff there is Y such thatX = Y )). Moreover, ( · ))))) is a closure operator on P(A)(resp. P(#)).

For the interpretation of (! E), the important point is theDe Morgan laws:

X)) , Y )) = (X 1 Y ))) ,X)) 1 Y )) % (X , Y ))) .

Note that in general, (X , Y ))) +% X)) 1 Y )). Indeed,if x is orthogonal to every element of X , Y , then there isno reason for x to be orthogonal to every element of X 1Y .

4.3. Biorthogonal Reducibility

We now introduce a family of biorthogonals that arisesfrom the observation of SN , the top element of CR.

For the interpretation of (! E), we use extended evalua-tion contexts E[ ] " E that allow call-by-value evaluation[19]. It is useful to see them both as terms and contexts.Therefore, we let [ ] " X be a distinguished variable anddefine E as follows:

E[ ] " E ::= [ ] | E[ ] t | t E[ ] .

We let E[t] =def (E[ ])[t/[ ]].

Definition 4.2. Let t4 E[ ] iff E[t] " SN .

Note that since E +% SN , we have '** = '. It is easyto see that SN = {[ ]}*, hence SN** = SN . Therefore,by monotonicity of ( · )**, A % SN implies A** % SN .

Since we allow call-by-value in evaluation contexts, itneeds some work to prove that 4-biorthogonals are re-ducibility candidates. The main point is to prove the neutralterm property, for which we use completeness of type as-signment and the axiom (IP).

Proposition 4.3 (Neutral Term Property). Let E[ ] " SNand t " N . If (IP) holds and /u(t $ u ) E[u] " SN )then E[t] " SN .

Proof. Since E[ ] " SN , if t " HN then by Thm. 3.14 wehave E[t] " SN .

Otherwise, t reduces to an abstraction, and since it is aneutral term, it has an head redex. Then, t is either of theform (!x.t1)t2$v and we conclude by Thm. 3.13, or of theform f($t)$v with f " F and the result follows from (IP).

Then, we obtain that biorthogonals of non-empty subsetsof SN are reducibility candidates.

Lemma 4.4. If A % SN is not empty, then (IP) impliesA** " CR.

Proof. Since A % SN , we have A** % SN . Stability byreduction is trivial. Since A += ' we have A* % SN , hencethe neutral term property is insured by Prop. 4.3. appliedusing (IP).


Hence, the set {A** | ' += A % SN} is a subset of CR.Moreover, thanks to the idempotence of ( · )**, it is exactlythe set {A** | A " CR}. Therefore, we can consistentlydenote it by CR**.

On the other hand, it is interesting to note that the re-ducibility candidates involved in the interpretation of T "T% are biorthogonals. This observation seems to originatefrom [14], and to be the starting point of the utilization ofbiorthogonals in reducibility. If A % ! and B % E letA · B =def {E[[ ]a] | a " A & E[ ] " B}.

Proposition 4.5 (Types as Biorthogonals). For all T " T%,!T " = !T "**.

Proof. Indeed, we have

!o" = SN = {[ ]}*!U ) V " = (!U" · !V "*)*!U * V " = (!U"* 1 !V "*)* .

4.4. Completeness of Biorthogonals

Biorthogonals are not stable by union because the DeMorgan law A)) 1 B)) = (A , B))) is in general not sat-isfied. However, since A)) ,B)) = (A 1B))) we have

(A 1B))))) = (A)) ,B))))) .

Therefore, the closure of union is quite informative: if abelongs to (A 1B))))) then a33 ' for all ' " A)) ,B)).

We take advantage of this fact for the interpretation of(! E), and from now on, the interpretation of types withbiorthogonals will differ from that of Sec. 3.1.

Given T " T , we define #T $ as follows:

#o$ =def {[ ]}* (= SN )#U ) V $ =def (#U$ · #V $*)*#U * V $ =def (#U$* 1 #V $*)*#U ! V $ =def (#U$* , #V $*)* .

Lemma 4.6. If (IP) then for all T " T , #T $ " CR.

Proof. By induction on T , using Lem. 4.4 for T = T1!T2.Note that we cannot avoid the induction on T and di-

rectly use Lem. 4.4, since it requires ' += #T $ % SN .

It is directly in the soundness proof that we use the pos-sibility of call-by-value evaluation with E .

Theorem 4.7. Let " -%! t : T . If (IP) and % |=# · $ " thent% " #T $.

Proof. By induction on " -%! t : T . Thanks to Lem. 4.6,using (IP), we have #U$ " CR for all U " T . Then, the

proof is identical to that of Thm. 3.6, except for the case ofthe rule (! E). We only detail this case:

(! E)

", x : T1 -%! c : C" -%! t : T1 ! T2 ", x : T2 -%! c : C

" -%! c[t/x] : C

Let % |=# · $ ", t# =def t% and c# =def c%. Recall that we canassume x /" FV(%). Hence, we show that c#[t#/x] " #C$.

Let E[ ] " #C$*. By induction hypothesis, for all v "#T1$ 1 #T2$ we have c#[v/x] 4 E[ ]. Moreover, since v "SN , we have (!x.c#)v4E[ ] by Thm. 3.13. It follows thatE[(!x.c#)[ ]] " #T1$* , #T2$*.

On the other hand, by induction hypothesis we havet# " (#T1$* , #T2$*)*. Therefore t#4E[(!x.c#)[ ]], hence(!x.c#)t# 4 E[ ]. We deduce that c#[t#/x]4 E[ ].

Theorem 4.8 (Main Theorem). The following are equiva-lent:

(i) If " -%! t : T then t " SN .

(ii) If f " F , f($t) " SN and v[r[$t/$x]/y] " SN for allf($x) #$R r, then v[f($t)/y] " SN .

(iii) The interpretation # · $ is sound for (! E).

Proof. The implication (i) ) (ii) is proved in Thm. 4.1and it follows from Thm. 4.7 that (ii) ) (iii). We have(iii) ) (i) since X % HN % #T $ % SN for all T .

4.5. Comparison with Reducibility Candidates

We have shown that the biorthogonal interpretation issound and complete w.r.t. the safety of (! E). We now com-pare it to the impredicative interpretation of (! E) definedin CR. Given A,B " CR, let A !B be

{t | /C " CR, /c " (A ) C) , (B ) C), ct " C} .

In general, it is unclear whether A,B " CR implies A!B "CR. Indeed, given t " N , C " CR and knowing that for allu " (t)!, cu " C, it is not clear why ct " C. On the otherhand, a subtle modification to A ! B makes it much easierto handle: let A !* B be

{t | /C " CR**, /c " (A ) C) , (B ) C), ct " C} .

The point is that in observing ct " C with C " CR**, infact we observe SN since ct " C holds iff for all E[ ] "C*, E[ct] " SN . Thanks to soundness of completeness of-%&, we are able to extract the information we need fromthe observation of SN .

Lemma 4.9. For all A,B % SN ,

(A* ,B*)* = A !* B .


Proof. If c " (A ) C) , (B ) C) and E[ ] " C*, thenE[c[ ]] " A* ,B*. This implies (A* ,B*)* % A!* B.

Conversely, if E[ ] " A* , B* then !x.E[x] " (A )SN ) , (B ) SN ).

In conclusion, the interest and strength of biorthogonalsis that they bring observation at an arbitrary C " CR**

back to the observation of SN , that we can manage thanksto the completeness of type assignment.

5. Sufficient Conditions for Safe Interaction

In this section, we address the question of finding suffi-cient conditions for the safety of (! E).

We begin by studying two conditions, arising whenclosing by union respectively reducibility candidates andbiorthogonals (involving applicative contexts only). Theseconditions follow a common scheme that we present first.

Then, in Sect. 5.4, we show that (! E) needs not to besafe with rewrite systems for which intersection types aresufficient for the completeness of typing w.r.t. strong nor-malization. However, stability by union of reducibility can-didates implies completeness of -% w.r.t. strong normaliza-tion.

5.1. Stability by Union

One possibility is to use a family of reducibility candi-dates that is stable by union. We address this question ingeneral terms.

Theorem 5.1. Let U % CR be a collection of sets such thatSN " U and A,B " U implies A ) B,A,B,A1B " U .Given T " T , define !T "U " U in the obvious way. If" -%! t : T and % |=! · "U " then t% " !T "U .

The next point is to build such a U % CR. We can gainsome insight by looking at collections of sets arising as theclosure by union of some closure operator. This motivatesthe following proposition, whose proof is not difficult andcan be found in [16]. If · : P(D) $ P(D) is a closureoperator, write x for {x} and P"(D) for {X | ' += X % D}.

Proposition 5.2. Given a closure operator · : P(D) $P(D), let $ be the set of non-empty X % D such thatX =

%{x | x " X}. Then $ is the smallest set such that

P"(D) % $ and ' += C % $ implies%C,

#C " $.

5.2. The Principal Reduct Property

We now study the closure by union of CR (see [16]).

Definition 5.3. Let t 5SN u iff t, u " SN and for allv /" N , if t $" v then u $" v.

Note that if t 5SN u and t$t, u$t " SN , then t$t 5SN u$t.In [16], it is shown that t = {u | u 5SN t} for all t " SN(where · is the closure operator of CR defined in Sec. 3.1).Then, it follows from Prop. 5.2, that the closure by unionof CR, denoted by CR, is the set of non-empty C % SNwhich are downward closed w.r.t. 5SN . We now discuss acondition for CR = CR.

Definition 5.4 (Principal Reduct Property). We say that t "N , SN has the principal reduct property (p.r.p.) whenthere is u " (t)! such that u = sup+SN (t)! (modulo theequivalence induced by 5SN ).

We say that R has the principal reduct property whenevery f($t) " SN with f " F has the p.r.p.

Note that R has the p.r.p. iff for every f($t) " SNwith f " F , there is f($x) #$R d such that d[$t/$x] =sup+SN {r[$t/$x] | f($x) #$R r}. We have shown in [16] thatCR = CR (i.e. CR is stable by union) if and only if everynon-normal t " N , SN has the p.r.p. This property issatisfyed for terms with head "-redexes [16].

Proposition 5.5. Every non-normal t " N , SN has thep.r.p. if and only if R has the p.r.p.

Proof. Easy, using Weak Standardization (see [1, 16]):If t #$β u and t$t $ v with v += u$t, then v = t#$t#

with (t,$t) $ (t#,$t#) and there is u# such that t# #$β u# andu$t $" u#$t#.

To summarize, we obtain that the p.r.p. of R implies thatfor all T,U " T we have !T " 1 !U" = !T " 1 !U". Then,the safety of (! E) follows from Thm. 5.1.

Theorem 5.6. Assume that R has the principal reductproperty. If " -%! t : T and % |=! · " " then t% " !T ".

Example 5.7. Consider the non-confluent system

f(x) #$R x f(x) #$R a f(x) #$R b .

Since the terms a and b are neutral and in normal from,every non-neutral reduct of f(t) is a reduct of t. Therefore,t = sup+SN {r[t/x] | f($t) #$R r} and the system has thep.r.p.

5.3. Closure by Union of Biorthogonals

We now turn to the closure by union of a family ofbiorthogonals. Let 33 % A 0 # and a ( b iff a)) % b)).For all a " A, we have a)))) = {b | a ( b}. Hence, byProp. 5.2, the closure by union of 33-biorthogonals is thecollection of non-empty subsets of A (resp. #) that are up-ward closed w.r.t. (.

Definition 5.8. Let t36$t iff t$t " SN and t ! u iff t), % u),.Let O be the set of all non-empty C % SN such that if

t " C and t ! u, then u " C.


Hence, O is the closure by union of CR),),. Note thatt 5SN u implies u ! t. Moreover, t ! u implies t$t ! u$tfor all $t, and the next proposition easily follows.

Proposition 5.9 (Type Constructions in O). Let A,B % O.Then, A ) B,A ,B,A 1B " O.

Definition 5.10 (Weak Principal Reduct Property). We saythat R has the weak principal reduct property (w.p.r.p.)when for every f($t) " SN with f " F there is f($x) #$R dsuch that d[$t/$x] = inf"{r[$t/$x] | f($t) #$R r} (modulo theequivalence induced by !).

Note that if R has the p.r.p. then it has the w.p.r.p. Thew.p.r.p. is a necessary and sufficient condition for O % CR.

Lemma 5.11. O % CR if and only if R has the w.p.r.p.

Proof. Using Weak Standardization (see Prop. 5.5).

Theorem 5.12. Assume that R has the weak principalreduct property. If " -%! t : T and % |=! · "O ", thent% " !T "O.

Example 5.13. The confluent system

p #$R !x.c1 p #$R !x.c2 ci #$R d

does not have the p.r.p. since !x.c1 and !x.c2 are two dif-ferent non-neutral terms. But it has the w.p.r.p. since for all$t we have (!x.c1)$t " SN iff (!x.c2)$t " SN .

5.4. Typability in -%

A natural question is whether (! E) is safe with rewritesystems for which intersection types are sufficient for thecompleteness of typing w.r.t. strong normalization.

Indeed, one could expect to have that if for all t " SNthere are ", T such that " -% t : T , then (! E) is safe. Thisis not the case, as shown by the following example.

Example 5.14. Consider the system of Ex. 2.2. Let TS =def

o * (o ) o), hence " -% t : TS implies " -% tt : o. Then,using (FUN) we can derive:

-% !xy.g(xa&): (o ) (TS ) o) ) o) ) TS ) o-% !xy.g(yy) : (o ) (TS ) o) ) o) ) TS ) o

-% f : (o ) (TS ) o) ) o) ) TS ) o

Moreover, it is easy to see that with this system, if t " SNthen there are " and T such that " -% t : T . Since byEx. 2.2 this system breaks the safety of (! E), it followsthat completeness of typability in -% does not imply safeinteraction.

However, it is interesting to note that the p.r.p. impliescompleteness of -%. That is, if R has the p.r.p. and t " SNthen there are " and T such that " -% t : T .

Theorem 5.15 (Completeness). Assume that R has thep.r.p. If t " SN , then there are " and T such that" -% t : T .

6. HN -Biorthogonality

In this section, we briefly discuss an orthogonality rela-tion based on the observation of HN (the bottom elementof CR) rather than SN (its top element). This semantics in-duces a better adequacy with the type system. However, itis not clear whether it is complete w.r.t. the safety of (! E).

We interpret T " T by !T "HN " CR as in Sec. 3.1,except that !o"HN =def HN . The properties of Sec. 3.2holds also for !T "HN . This way we get the soundness ofo-typability w.r.t. HN .

Theorem 6.1. If " -%& t : o then t " HN .

Since Thm. 3.12 says that any hereditary neutral termis typable by any T " T , it follows that a term is typableby o if and only if it can be given any type (in differentcontexts), suggesting that o may be the least element of T .This agrees with ! · "HN , since !o"HN % !T "HN for allT " T , but contradicts !o" = SN . It is moreover not clearwhether the least 4-biorthogonal is HN (note that the least36-biorthogonal is not HN ).

A development similar to that of Sec. 4 goes throughwith ! · "HN . First, we obtain the analogous of Thm. 3.13and Thm. 3.14 for HN .

Theorem 6.2. If (!x.t)u " SN and v[t[u/x]/y] " HNthen v[(!x.t)u/y] " HN .

Proof. As in Thm. 3.13, using Thm. 6.1 instead of Cor. 3.7.

Theorem 6.3. If t " HN and v " HN then v[t/x] " HN .

Proof. As for Thm. 3.14, using Thm. 3.12 instead ofThm. 3.11 and Thm. 6.1 instead of Cor. 3.7.

In the same way that 4-biorthogonals were defined incorrespondence with ! · ", we can define3-biorthogonals incorrespondence with ! · "HN .

Definition 6.4. Let t 3 E[ ] iff E[t] " HN .

Note that t) % u) implies t* % u*, but the converseis false: !x.x* % !yx.yx*, but (!x.x)z " HN while(!yx.yx)z /" HN . As in Prop. 4.5, if U, V " T% we have

!o"HN = HN = {[ ]})!U ) V "HN = (!U"HN · !V ")HN ))!U * V "HN = (!U")HN 1 !V ")HN )) .

In order to get an interesting interpretation of (! E),we define # · $HN analogously as # · $. Note that the onlychange in the definition is the orthogonality relation: wededuce #o$HN = HN from #o$HN =def {[ ]}). Again, theimportant case is that of (! E):

#T1 ! T2$HN =def (#T1$)HN , #T2$)HN )) .


With the same method as in Sec. 4.4, we obtain the dualof Thm. 4.8:

Theorem 6.5. The following are equivalent:

(i) If " -%! t : o then t " HN .

(ii) (IPHN ): If f " F , f($t) " SN and v[r[$t/$x]/y] " HNfor all f($x) #$R r, then v[f($t)/y] " HN .

(iii) # · $HN is sound for (! E).

We conclude by showing that we indeed obtained a suf-ficient condition for the safety of (! E).

Lemma 6.6. (IPHN ) ) (IP).

Proof. Let f($t) " SN , such that v[r[$t/$x]/y] " SN foreach f($x) #$R r. Since R(f) is finite, there is $u such thatfor all f($x) #$R r, v[r[$t/$x]/y]$u " HN . By (IPHN ) weobtain that v[f($t)/y]$u " HN hence v[f($t)/y] " SN .

The converse is unclear because we do not have subjectreduction in -%!. It would require, at least, to add the sub-typing rule U ) (T1 ! T2) ( (U ) T1) ! (U ) T2),which may be unsound in our setting. Subject reduction inpresence of (! E) is extensively studied in [2].

7. Conclusion

We have shown that the rule (! E) can break strong nor-malization, even in the presence of confluent rewriting, andhave given sufficient conditions for its safety.

Our main result is that for strong normalization, the bestpossible interpretation of union types is given by biorthogo-nals. This gives a computational interpretation of biorthog-onality. We conjecture that the result depends on the mustnature of strong normalization, and that it extends to must(weak) head reductions.

We considered a very simple form of rewriting, with theobjective of concentrating ourselves on the very problem of(! E). As future work, it is important to study the case ofrewrite rules with pattern matching.

Our results can be summarized in the following diagram:

(! E) is safe !! (Sec. 4) "" (IP) w.p.r.p. (Sec. 5.3)!!

(IPHN ) (Sec. 6)

##

p.r.p. (Sec. 5.2)

##

Acknowledgments. The author thanks Frederic Blanquiand Claude Kirchner for advices, support and comments.Thanks also to Philippe de Groote for his example (seeEx. 2.1) and to Arnaud Spiwack and Dan Dougherty forsome interesting discussions. Anonymous referees gave in-teresting comments on the presentation of the paper.

References

[1] T. Altenkirch. Constructions, Inductive Types and StrongNormalization. PhD thesis, University of Edinburgh, 1993.

[2] F. Barbanera, M. Dezani-Ciancaglini, and U. de’Liguoro.Intersection and Union Types: Syntax and Semantics. In-formation and Computation, 119:202–230, 1995.

[3] H. Barendregt, M. Coppo, and M. Dezani-Ciancaglini. AFilter Lambda Model and the Completeness of Type Assign-ment. Journal of Symbolic Logic, 48(4):931–940, 1983.

[4] F. Blanqui and C. Riba. Combining Typing and Size Con-straints for Checking the Termination of Higher-Order Con-ditional Rewrite Systems. In LPAR’06, volume 4246 ofLNAI, 2006.

[5] T. Coquand and A. Spiwack. A Proof of Strong Normali-sation using Domain Theory. In LiCS’06, pages 307–316,2006.

[6] V. Danos and J.-L. Krivine. Disjunctive Tautologies as Syn-chronisation Schemes. In CSL’00, volume 1862 of LNCS,pages 292–301, 2000.

[7] M. Dezani-Ciancaglini, U. de’ Liguoro, and P. Piperno.Filter Models for Conjunctive-Disjunctive Lambda-Calculi.Theoretical Computer Science, 170(1-2):83–128, 1996.

[8] M. Dezani-Ciancaglini, U. de’ Liguoro, and P. Piperno. AFilter Model for Concurrent Lambda-Calculus. Siam Jour-nal on Computing, 27(5):1376–1419, 1998.

[9] M. Dezani-Ciancaglini, J. Tiuryn, and P. Urzyczyn. Dis-crimination by Parallel Observers. In LICS’97, 1997.

[10] A. Frisch, G. Castagna, and V. Benzaken. Semantic Subtyp-ing. In LICS’02, 2002.

[11] J. Gallier. Typing Untyped Lambda-Terms, or ReducibilityStrikes Again! Annals of Pure and Applied Logic, 91:231–270, 1998.

[12] H. Hosoya, J. Vouillon, and B. Pierce. Regular ExpressionTypes for XML. In ICFP’00, 2000.

[13] J.-L. Krivine. Lambda-Calcul, Types et Modeles. Masson,1990.

[14] M. Parigot. Proofs of Strong Normalization for Second Or-der Classical Natural Deduction. Journal of Symbolic Logic,62(4):1461–1479, 1997.

[15] A. M. Pitts. Parametric Polymorphism and OperationalEquivalence. Mathematical Structures in Computer Science,10:321–359, 2000.

[16] C. Riba. On the Stability by Union of Reducibility Candi-dates. In FoSSaCS’07, volume 4423 of LNCS, 2007.

[17] F. von Raamsdonk and P. Severi. On Normalisation. Tech-nical Report CS-R9545, CWI, 1995.

[18] J. Vouillon. Subtyping Union Types. In CSL’04, volume3210 of LNCS, pages 415–429. Springer Verlag, 2004.

[19] J. Vouillon and P.-A. Mellies. Semantic Types: A FreshLook at the Ideal Model for Types. In POPL’04. ACM,2004.


[IEEE 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007) - Wroclaw, Poland...

Documents

Transcript of [IEEE 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007) - Wroclaw, Poland...