An Interactive Proof of Termination for a Concurrent λ-calculus with References and Explicit Substitutions
aa r X i v : . [ c s . L O ] F e b To appear in EPTCS.
An Interactive Proof of Termination for a Concurrent λ -calculus with References and Explicit Substitutions Yann Hamdaoui
IRIF, Univ. Paris Diderot [email protected]
Benoˆıt Valiron
LRI – CentraleSupelec, Univ. Paris Saclay [email protected]
In this paper we introduce a typed, concurrent λ -calculus with references featuring explicit substitu-tions for variables and references. Alongside usual safety properties, we recover strong normaliza-tion. The proof is based on a reducibility technique and an original interactive property reminiscentof the Game Semantics approach. The λ -calculus is a versatile framework in the study and design of higher-order functional programminglanguages. One of the reasons of its widespread usage is the fact that it can easily be extended tomodel various computational side-effects. Another reason comes from its theoretical ground and the finegranularity it allows in the design of abstract machines to express various reduction strategies. Theseabstract-machines can then serve as foundation for the design of efficient interpreters and compilers.A specially useful tool in the design of such abstract machines is the notion of explicit substitution,a refinement over β -reduction. The β -reduction of the λ -calculus is a meta-rule where substitution isdefined inductively and performed all at once on the term. But its implementation is a whole differ-ent story: to avoid size explosion in presence of duplication, mechanisms such as sharing are usuallydeployed. Abstract machines implement various specific strategies that may either be representable inpure λ -calculus (call-by-value or call-by-name) or for which the syntax needs to be augmented withnew objects (e.g. call-by-need or linear head reduction). The mismatch between β -reduction and actualimplementations can make the proof of soundness for an evaluator or a compiler a highly nontrivial task.The heart of the theory of explicit substitutions, introduced in [1], is to give substitutions a first classstatus as objects of the syntax to better understand the dynamics and implementation of β -reduction. Itconsists in decomposing a substitution into explicit atomic steps. The main ingredient is to modify the β rule so that ( λ x . M ) N reduces to M [ N / x ] , where [ N / x ] is now part of the syntax. Additional reductionrules are then provided to propagate the substitution [ N / x ] to atoms.Studied for the last thirty years [1, 2, 3, ? , 4, 12, 13, 15, 22, 23], explicit substitution turns out to bea crucial device when transitioning from a formal higher-order calculus to a concrete implementation. Ithas been considered in the context of sharing of mutual recursive definitions [22], higher-order unifica-tion [15], algebraic data-types [12], efficient abstract machines [2, 23], cost-model analysis [ ? ], etc . Theuse of explicit substitutions however comes at a price [13]. Calculi with such a feature are sensitive to thedefinition of reduction rules. If one is too liberal in how substitutions can be composed then a stronglynormalizing λ -term may diverge in a calculus with explicit substitutions [19]. If one is too restrictive,confluence on metaterms is lost [7]. The challenge is to carefully design the language to implement de-sirable features without losing fundamental properties. Several solutions have been proposed to fix thesedefects [4, 13] for explicit substitutions of term variables. AnInteractive Proof of TerminationThis paper introduces an extension of explicit substitutions to a novel case: a lambda-calculus aug-mented with concurrency and references. Such a calculus forms a natural model for shared memory andmessage passing. We aim at proving that a translation of a shared memory model to a message passingone is sound. The long time goal of this work is to implement a memoryful language in a formalism(such that interaction nets/proof nets) that allows to easily distribute parts of a program to be executedon different nodes, and to parallelize independent parts of the program.The current paper concentrates on the problem of strong-normalization of such a language. A concurrent lambda-calculus with references – referred as λ C below – has been introduced by Amadioin [5]. It is a call-by-value λ -calculus extended with:• a notion of threads and an operator k for parallel composition of threads,• two terms set ( r , V ) and get ( r ) , to respectively assign a value to and read from a reference,• special threads r ⇐ V , called stores, accounting for assignments.When set ( r , V ) is reduced, it turns to the unit value ∗ and produces a store r ⇐ V making the valueavailable to all the other threads. A corresponding construct get ( r ) is reduced by choosing non de-terministically a value among all the available stores. For example, assuming some support for basicarithmetic consider the program ( λ x . x + ) get ( r ) k set ( r , ) k set ( r , ) . It consists of 3 threads: two con-current assignments set ( r , ) and set ( r , ) , and an application ( λ x . x + ) get ( r ) . This programs admitstwo normal forms depending on which assignment “wins”: the term 1 k ∗ k ∗ k r ⇐ k r ⇐ k ∗ k ∗ k r ⇐ k r ⇐
1. Despite the k operator being a static constructor, it can be embedded inabstractions and thus dynamically liberated or duplicated. For example, the term ( λ f . f ∗ k f ∗ ) act likea fork operation: if applied to M , it generates two copy of its argument in two parallel threads M ∗ k M ∗ .Coupled with the Landin’s fixpoint introduced below one can even write a fork bomb, that is a nonterminating term which spans an unbounded number of threads.In this language, the stores are global and cumulative: their scope is the whole program, and eachassignment adds a new binding that does not erase the previous one. Reading from a store is a nondeterministic process that chooses a value among the available ones. References are able to handlean unlimited number of values and are understood as a typed abstraction of possibly several concretememory cells. This feature allows λ C to simulate various other calculi with references such as variantswith dynamic references or communication [17].While a simple type system for usual λ -calculus ensures termination, the situation is quite differentin a language with higher-order references. The so called Landin’s trick [14] allows to encode a fixpointin the simply typed version of a calculus with references. The problem lies in the fact that one can store ina reference r values that can themselves read from the reference r , leading to a circularity. For example,the term get ( r ) ∗ k r ⇐ ( λ x . get ( r ) ∗ ) loops while involving only simple types Unit and Unit → Unit.In order to address this issue, type and effects systems have been introduced to track the potentialeffects produced by a term during its evaluation. Together with stratification on references [6], one canrecast termination in such an imperative context. Intuitively, stratification imposes an order between ref-erences: a reference can only store terms that access smaller ones, ruling out Landin’s fixpoint. Formally,this allows to apply the usual reducibility argument to a calculus with references: stratification ensuresthat the inductive definition of reducibility sets on types with effects is well-founded.While scheduling is explicitly handled through language constructs in [6], λ C ’s liberal reductionallows to chose a different thread to operate on at any time. This cause additional difficulty, as from a.Hamdaoui &B.Valiron 3single thread’s point of view, arbitrary new assignments may become available between two reductionsteps. For λ C , the proof of termination in [5] resorts to what amounts to infinite terms with the notion ofsaturated stores. The contributions of this paper are twofold.1. The definition of a system of explicit substitutions for a concurrent λ -calculus with references,both for variables and references.The problem we address is the bidirectional property of assignment of references within a term.An assignment for a term variable in a redex only diffuses inward: in ( λ x . M ) V , the assignment x V only concerns the subterm M . Instead, a reference assignment set ( r , V ) is potentially global :it concerns all the occurrences of the subterm get ( r ) .Our first contribution is to propose an explicit substitution mechanism to be able to express refer-ence assignment step-wise, as for term-variables.2. A proof of strong normalization for a typed fragment using a novel interactive property.Akin to [5], the language we propose is typed and the type-system is enforcing strong-normalization.In the proof of [5] the infinitary structure of terms is restricted to top-level stores. In our setting, thiswould require infinite explicit substitutions which are subject to duplication, erasure, composition,. . .Our proof only uses finite terms. It has a Game Semantics flavor which we find of interest onits own. Indeed, we use the idea of abstracting the context in which a subterm is executed as anopponent able to interact by sending and receiving explicit substitutions. Moreover, we believethat the finite, interactive technique we develop in this second contribution may be well-suited fordifferent settings such as proof nets or other concurrent calculi. Section 2 presents the calculus with explicit substitutions λ cES . Section 3 introduces the stratified typeand effect system. Section 4 focuses on the proof of strong normalization, while Section 5 discusses theconstruction. Section 6 concludes the paper. λ -calculus with Explicit Substitutions In standard presentations of the lambda-calculus and its extensions such as [5], substitutions are appliedglobally. This hides the implementation details of the procedure. Exposing such an implementation isone of the reasons for the introduction of explicit substitutions. In the literature, explicit substitutionshave only been used for term variables and not for references.In this section, we introduce the language λ cES , a call-by-value, concurrent λ -calculus with explicitsubstitutions for both term variables and references. AnInteractive Proof of Termination The language λ cES has two kinds of variables: term variables (simply named variables ) representedwith x , y , . . . , and references , represented with r , r ′ , . . . . Substitutions are represented by partial functionswith finite support. Variable substitutions, denoted with Greek letters σ , τ , . . . , map variables to values.Reference substitutions, denoted with calligraphic uppercase letters V , U , . . . , map references to finitemultisets of values. Multisets reflect the non-determinism, as multiple writes may have been performedon the same reference. They are represented with the symbol E . The language consists of values, termsand sums of terms, representing non-determinism.-values V :: = x | ∗ | λ x . M -terms M :: = V | M [ σ ] | ( M M )[ V ] λ | get ( r ) | M [ V ] ↓ | M [ V ] ↑ | M k M -sums M :: = | M | M + M The construct M [ σ ] stands for the explicit substitutions of variables in M under the substitution σ . Thereare three constructs for explicit substitutions for references: M [ V ] ↓ and M [ V ] ↑ are respectively thedownward and upward references substitutions, while ( M M )[ V ] λ is the λ -substitution. The reasonfor which the language needs three distinct notations is explained in the next section while presentingthe reduction rules. Finally, the role of the sum-terms M is to capture and keep all non-deterministicbehaviours.Terms are considered modulo an equivalence relation presented in Table 1. The sum is idempotent,associative and commutative, while the parallel composition is associative and commutative. Remark . The three constructs [ V ] ↓ , [ V ] ↑ and [ V ] λ encapsulate the assignments in terms and in storespresented in Section 1: there is no need anymore for set ( r , V ) and r ⇐ V . See Section 5 for a discussionof this aspect. Notation 2.
Reference substitutions will be sometimes written with the notation [ r ⇐ V ] to mean [ V ] with V : r [ V ] . Explicit variables substitutions are written M [ { x V , . . . , x n V n } ] . Finally, byabuse of notation we write ( M N ) for ( M N )[] . We adopt a weak call-by-value reduction where the reduction order of an application is not specified. Itis weak in the sense that no reduction occurs under abstractions.Although in a general setting non-determinism and call-by-value taken together may break conflu-ence even when collecting all possible outcomes [9], this phenomenon does not happen here. Indeed,we cannot reduce under abstractions, and the only non-deterministic construct get ( r ) must be reducedbefore being duplicated, avoiding problematic interactions between β -reduction and non-deterministicchoice.The language λ cES is equipped with the reduction defined in Table 3. The rules presented are closedunder the structural rules of Table 1. We assume the usual conventions on alpha-equivalence of term,and as customary substitutions are considered modulo this alpha-equivalence. They make use of severalnotations that we lay out below. Rules devoted to dispatching substitutions are referred as structuralrules . The variable (resp. downward , upward ) structural rules consist in ( subst ) (resp. ( subst-r ),( subst-r’ )) rules excluding ( subst var ) (resp. ( subst-r get ), ( subst-r ⊤ )). An in-depth discussionabout these rules follows. Notation 3. the contexts E , C and S are defined in Table 2. The context E stands for a usual call-by-valueapplicative context, C picks a thread, while S picks a term in a non-deterministic sum. Note how E doesnot enforce any reduction order on an application..Hamdaoui &B.Valiron 5 M k M ′ = M ′ k M ( M k M ′ ) k M ′′ = M k ( M ′ k M ′′ ) M + M ′ = M ′ + M ( M + M ′ ) + M ′′ = M + ( M ′ + M ′′ ) M + M = M + = M Table 1: Structural Rules E :: = [ . ] | ( E M )[ V ] λ | ( M E )[ V ] λ | E [ V ] ↓ | E [ V ] ↑ C :: = [ . ] | ( C k M ) | ( M k C ) S :: = [ . ] | S + M | M + S Table 2: Evaluation Contexts
Notation 4.
Given a variable substitution σ and a value V , we define the value V { σ } as follows: ( λ x . M ) { σ } = λ x . ( M [ σ ]) , ( x ) { σ } = σ ( x ) if σ is defined at x or ( x ) { σ } = x if not, and ( ∗ ) { σ } = ∗ . Notation 5.
We use the notation X = V , W for the juxtaposition of references substitutions. It isdefined by X ( r ) = V ( r ) + W ( r ) if both are defined and where + is the union of multisets, V ( r ) if only V is defined, and W ( r ) if only W is defined. We use the same notation for the composition of variablesubstitutions, defined by ( σ , τ )( x ) = σ ( x ) { τ } if both are defined, σ ( x ) if only σ is defined τ ( x ) if only τ is defined. Finally, we define V { σ } : r [ V i { σ } | V i ∈ V ( r )] .We now give some explanations on the rules of Table 3. (a) β -reduction If one forgets the λ -substitution explained below in Subsection (d), this set of rulesencapsulates the call-by-value behavior of the language: only values can be substituted in the body ofabstractions, and this happens within a thread in a call-by-value applicative context. (b) Variable Substitutions A variable substitution can be seen as a message emitted by a β -redex anddispatched through the term seen as a tree. The substitution flows from the redex downward the term-treeuntil it reaches the occurrence of a variable. The occurrence is then replaced, or not, depending on thevariable to be substituted. The rules in Table 3(a) are an operational formalization of this step-by-stepprocedure. Consider for example the reduction of the term ( λ x . x y z ) ( λ x . x ) . The redex triggers with ( β v ) the substitution of all occurrences of x in what was the body of the lambda-abstraction. The substitutiongoes down the corresponding sub-term and performs the substitution when it reaches an occurrence of x . ( λ x . x y z ) ( λ x . x ) λ x . x y z ... x ( λ x . x ) x y z [ x ( λ x . x )] ... x x y z ... [ x ( λ x . x )] x x y z ... x [ x ( λ x . x )] ( λ x . x ) y z ... λ x . x Remark . On rules ( subst subst-r ) and ( subst subst-r’ ). When composing or swapping substitutions,non-values may appear in unfortunate places: take for example ( ∗ [ V ] ↑ )[ σ ] , its reduction should be ( ∗ [ σ ])[ V ′ ] ↑ where V ′ ( r ) = [ V [ σ ] | V ∈ V ( r )] when V ( r ) is defined. But V [ σ ] are not necessarily valuesand should then be able to be reduced inside substitutions. However, note that that V [ σ ] always reducesin one step to the value V { σ } . To avoid additional complexity, we perform this reduction at the sametime, whence the use of V { σ } instead of V [ σ ] in the actual rules. (c) Downward Reference Substitutions An assignment can occur anywhere within a term and it mustbe able to reach a read located in an arbitrary position. In a language such as [5], as discussed inSection 1.1 the solution is to keep all assignments in a global store. When a read gets evaluated, the AnInteractive Proof of Termination (a) β -reduction ( β v ) (( λ x . M ) V )[ U ] λ → ( M [ { x V } ])[ U ] ↓ If M → M ′ with rule ( β v ) , then S [ C [ E [ M ]]] → S [ C [ E [ M ′ ]]] (b) Variable Substitutions( subst var ) x [ σ ] → σ ( x ) if defined, or x otherwise( subst unit ) ∗ [ σ ] → ∗ ( subst app ) ( M N )[ V ] λ [ σ ] → (( M [ σ ]) ( N [ σ ]))[ V [ σ ]] λ ( subst λ ) ( λ y . M )[ σ ] → λ y . ( M [ σ ]) ( subst get ) get ( r )[ σ ] → get ( r ) ( subst k ) ( M k M ′ )[ σ ] → ( M [ σ ]) k ( M ′ [ σ ]) ( subst subst-r ) ( M [ V ] ↓ )[ σ ] → M [ σ ][ V { σ } ] ↓ ( subst subst-r’ ) ( M [ V ] ↑ )[ σ ] → M [ σ ][ V { σ } ] ↑ ( subst merge ) M [ σ ][ τ ] → M [ σ , τ ] Congruence case:If M → M ′ by any of the previous rules, then S [ C [ E [ M ]] → S [ C [ E [ M ′ ]]] (c) Downward Reference Substitutions( subst-r val ) V [ V ] ↓ → V ( subst-r k ) ( M k M ′ )[ V ] ↓ → ( M [ V ] ↓ ) k ( M ′ [ V ] ↓ ) ( subst-r subst-r’ ) M [ U ] ↑ [ V ] ↓ → M [ V ] ↓ [ U ] ↑ ( subst-r merge ) M [ U ] ↓ [ V ] ↓ → M [ U , V ] ↓ ( subst-r app ) ( M N )[ U ] λ [ V ] ↓ → ( M [ V ] ↓ ) ( N [ V ] ↓ )[ U , V ] λ Congruence cases:If M → M ′ by any of the previous rules, then S [ C [ E [ M ]] → S [ C [ E [ M ′ ]]] Finally:( subst-r get ) S [ C [ E [ get ( r )[ V ] ↓ ]]] → S [ C [ E [ get ( r )]]] + ∑ V ∈ V ( r ) C [ E [ V ]] (d) Upward Reference Substitutions( subst-r’ k ) ( M [ V ] ↑ ) k N → ( M k ( N [ V ] ↓ ))[ V ] ↑ ( subst-r’ lapp ) (( M [ V ] ↑ ) N )[ U ] λ → ( M ( N [ V ] ↓ ))[ U , V ] λ [ V ] ↑ ( subst-r’ rapp ) ( M ( N [ V ] ↑ ))[ U ] λ → (( M [ V ] ↓ ) N )[ U , V ] λ [ V ] ↑ Congruence case:If M → M ′ by any of the previous rules, then S [ C [ E [ M ]] → S [ C [ E [ M ′ ]]] Finally:( subst-r’ ⊤ ) S [ M [ V ] ↑ ] → S [ M ] Table 3: Reduction Rules. These are closed under the structural rules of Table 1.Hamdaoui &B.Valiron 7value for the reference is taken from the store. This approach is very global in nature: the store is“visible” by every subterm.The language λ cES features a step-by-step decomposition of reference assignments akin to term vari-able substitutions: an assignment follows the branches of the term-tree, actively seeking a read. Wetherefore introduce two sorts of reference substitutions: one that goes downward (indicated by ↓ ), sim-ilar to variable substitutions, and one that goes upward (indicated by ↑ ). Starting from an assignment,the latter climbs up the tree up to the root. The rules in Table 3(c) describe the former while the rules inTable 3(d) describe the latter. Remark . In Table 3, the rule ( subst-r get ) is the central case of the reduction of reference substitutions.It says that whenever a downward substitution reaches a get ( r ) , then it generates a non deterministic sumof all the available values for the reference r (if V is undefined at r , then this sum is understood asa neutral element ) plus a term where the substitution was discarded but the get ( r ) is left unreduced.To see why this “remainder” is necessary, consider the term get ( r )[ r ⇐ V ] ↓ [ r ⇐ V ] ↓ . If we omit theremainder, the term could reduce to V [ r ⇐ V ] ↓ and finally to V . But another reduction is possible: onecan first reduce the term to get ( r )[ r ⇐ V , r ⇐ V ] ↓ and then to V + V . The get ( r ) must not be greedy:when it meets a substitution, it has to consider the possibility that other substitutions will be availablelater. This aspect will be crucial when considering the proof of strong normalization of the language inSection 4. (d) Upward Reference Substitutions Each time an upward reference substitution goes through amulti-ary constructor – as an application or a parallel composition – it propagates downward substi-tutions in all the children of the constructor except the one it comes from, while continuing its ascension.Eventually, all the leafs are reached by a corresponding downward substitution. To illustrate the idea,consider a term
M N where M contains a get ( r ) somewhere and N an assignment ∗ [ r ⇐ V ] ↑ . The reduc-tion of explicit substitutions would go as follows. M NM ... get ( r ) N ... ∗ [ r ⇐ V ] ↑ M NM ... get ( r ) N ... [ r ⇐ V ] ↑ ∗ M NM ... get ( r ) N [ r ⇐ V ] ↑ ... ∗ ( M N )[ r ⇐ V ] ↑ M [ r ⇐ V ] ↓ ... get ( r ) N ... ∗ ( M N )[ r ⇐ V ] ↑ M ... [ r ⇐ V ] ↓ get ( r ) N ... ∗ ( M N )[ r ⇐ V ] ↑ M ... get ( r )[ r ⇐ V ] ↓ N ... ∗ ( M N )[ r ⇐ V ] ↑ M ... V N ... ∗ One last subtlety in the movement of reference substitutions concerns λ -abstractions. As madeexplicit in Table 3(a), the language is call-by-value: reduction does not happen under λ -abstractions. Inparticular, a read within the body of a λ -abstraction should only be accessible by an assignment when the λ -abstraction is opened: we have a natural notion of pure and impure terms. Pure terms are terms thatwill not produce any effect when reduced, and in particular, all values are expected to be pure terms sincethey cannot reduce further. This is highlighted by rule ( subst-r val ): when encountering a pure term, areference substitution vanishes. But the case of abstraction is more subtle: computational effects frozenin its body are freed when the abstraction is applied. If one implements naively the reduction rules ofreference substitutions, then the following example does not behave as expected: (( λ x . get ( r )) ∗ )[ V ] ↓ → AnInteractive Proof of Termination (( λ x . get ( r ))[ V ] ↓ ) ( ∗ [ V ] ↓ ) → ( λ x . get ( r )) ∗ → get ( r ) . We end up with an orphan get ( r ) despite the factthat a substitution was available at the beginning. The problem is that the substitution diffuses throughthe application, then encounters two pure terms and vanishes.In an application, the left term eventually exposes the body of an abstraction, and this body should beable to use any substitution that was in its scope. The λ -substitution [ − ] λ is a special stationary referencesubstitution attached to an application. Its goal is precisely to record all the substitutions that went downthrough it with Rules ( subst-r’ lapp ) and ( subst-r’ rapp ). When the application is finally reduced witha β v -rule, this substitution will turn to a downward one and feed the get ( r ) ’s that were hidden in theabstraction’s body. Remark . An alternative approach to λ -substitution would be to make downward substitutions notvanish (i.e. getting rid of Rule ( subst-r val )). In this situation, values would be handled with theirwhole context of references assignment. Apart from the heavy syntactical cost of carrying around alot of similar and possibly useless substitutions, the idea that hidden effects are released at applicationappears more natural regarding type and effect systems, as the one we introduce in Section 3. Remark . Rule ( subst-r’ ⊤ ) acts as a garbage collection to eliminate top-level upward substitutions.While not necessary, this will greatly ease the statement and proof of lemmas and theorems (such asLemma 13). We present in this section a stratified type and effect system for λ cES inspired from [5, 17]. A type andeffect system aims at statically track the potential effects that a term can produce when reduced. Here,the considered effects are read from or write to references. λ cES Formally, the type and effect system is defined as follows.-effects e , e ′ ⊂ { r , r , . . . } -types α :: = B | A -value types A :: = Unit | A e → α | Ref r A The type
Unit is the type of ∗ . The function type A e → α is annotated with an effect e : the set ofreferences the function is allowed to use. Finally, the type Ref r A states that the reference r can only besubstituted with values of type A . Since thread cannot be fed as an argument to a function, the type of theparallel components of a program is irrelevant. They are given the opaque behavior type B . We separate α -types and A -types to ensure that B cannot be in the domain of a function.In the typing rules we use two distinct contexts: variable contexts Γ of the form x : A , . . . , x n : A n and reference contexts R of the form r : A , . . . , r n : A n . The latter indicates the type of the values that areference r appearing in M can hold. If the order of variables in Γ is irrelevant, the order of references in R is important.In order to ensure termination, the type and effect system is stratified: this stratification inducesan order forbidding circularity in reference assignments. It is presented as a set of rules to build thereference context and can be found in Figure 1. It states that when a new reference is added to thecontext, all references appearing in its type must already be in R . In Figure 1 the entailment symbol ( ⊢ ) is overloaded with several meanings:.Hamdaoui &B.Valiron 9/0 ⊢ R ⊢ A r / ∈ dom ( R ) R , r : A ⊢ R ⊢ R ⊢ Unit R ⊢ R ⊢ B R ⊢ A R ⊢ α e ⊆ dom ( R ) R ⊢ A e → α R ⊢ r : A ∈ RR ⊢ Ref r A Figure 1: Stratification of the type system ( REF ) R ⊢ α ≤ α ( ARROW ) R ⊢ A ′ ≤ A R ⊢ ( α , e ) ≤ ( α ′ , e ′ ) R ⊢ A e → α ≤ A ′ e ′ → α ′ ( CONT ) e ⊂ e ′ ⊂ dom ( R ) R ⊢ α ≤ α ′ R ⊢ ( α , e ) ≤ ( α ′ , e ′ ) Figure 2: Subtyping relation• R is well formed, written R ⊢ , means that the references appearing in R are stratified.• A type α is well formed under R , written R ⊢ ( α , e ) , means that all references appearing in e and α are in R .• A variable context Γ is well formed under R , written R ⊢ Γ , means that all the types appearing in Γ are well formed under R .The type and effect system features a subtyping relation whose definition rules are presented inFigure 2. It formalizes the idea that a function of type A { r } → α is not obliged to use the reference r .Typing judgments overload once more the symbol ( ⊢ ) and take the form R ; Γ ⊢ M : ( α , e ) where R is the reference context, Γ the variable context, α the type of M and e the references that M may affect.Using the stratification and the subtyping relation, the typing rules for the language λ cES are presented inFigure 3. For succinctness, the application rule has been factorized into two rules, (APP) and (SUBST)for ξ = λ . Thus (APP) is not a legitimate rule but an abuse of notation, and must be followed by anappropriate (SUBST) in any type derivation. Remark . In Rule (
LAM ), when abstracting over a variable in a term R ; Γ , x : A ⊢ M : ( α , e ) , the resultingvalue λ x . M is pure and hence its effects should be the empty set. However one must remember that thebody of this abstraction is potentially effectful: this is denoted by annotating the functional arrow “ → ”with a superscript indicating these effects. Also note that in general, the order of references in R iscapital: it is the order induced by stratification. λ cES The language λ cES satisfies the usual safety properties of a typed calculus. First, λ cES enjoys subjectreduction. Lemma 11 (Subject reduction) . Let R ; Γ ⊢ M : ( α , e ) be a typing judgment, and assume that M → M ′ .Then R ; Γ ⊢ M ′ : ( α , e ) .Remark . The fact that an effectful term may become pure after reduction is reflected by the subtypingrelation. For example, consider P = get ( r )[ V ] ↓ where R ⊢ P : ( A , { r } ) and P → ( V + . . . ) . Since V is a0 AnInteractive Proof of Termination ( VAR ) R ⊢ Γ , x : AR ; Γ , x : A ⊢ x : ( A , /0 ) ( UNIT ) R ⊢ Γ R ; Γ ⊢ ∗ : ( Unit , /0 ) ( REG ) R ⊢ Γ r : A ∈ RR ; Γ ⊢ r : Re f r A ( LAM ) R ; Γ , x : A ⊢ M : ( α , e ) R ; Γ ⊢ λ x . M : ( A e → α , /0 ) ( APP ) R ; Γ ⊢ M : ( A e → α , e ) R ; Γ ⊢ N : ( A , e ) R ; Γ ⊢ M N : ( α , e ∪ e ∪ e ) ( GET ) R ; Γ ⊢ Ref r AR ; Γ ⊢ get ( r ) : ( A , { r } ) ( SUB ) R ; Γ ⊢ M : ( α , e ) R ⊢ ( α , e ) ≤ ( α ′ , e ′ ) R ; Γ ⊢ M : ( α ′ , e ′ ) ( SUBST ) R ; Γ , x : A , . . . , x n : A n ⊢ M : ( α , e ) ∀ i : R ; Γ ⊢ V i : ( A i , /0 ) R ; Γ ⊢ M [ ∀ i : x i V i ] : ( α , e ) ( SUBST - R ) ∀ i : R ; Γ ⊢ r i : Ref r i A i R ; Γ ⊢ M : ( α , e ) ∀ i : r i ∈ e ∀ i : V ∈ E i = ⇒ R ; Γ ⊢ V : ( A i , /0 ) R ; Γ ⊢ M [ ∀ i : r i E i ] ξ : ( α , e ) for ξ ∈ {↑ , ↓ , λ } ( PAR ) i = , R ; Γ ⊢ M i : ( α i , e i ) R ; Γ ⊢ M k M : ( B , e ∪ e ) ( SUM ) i = , R ; Γ ⊢ M i : ( α , e ) R ; Γ ⊢ M + M : ( α , e ) Figure 3: Typing rules for λ cES value it can only be given the type R ⊢ V : ( A , /0 ) . Subject reduction would however require that V hasthe same type ( A , { r } ) as P . The subtyping relation corresponds to effect containment, meaning that theeffects appearing in types are an upper bound of the actual effects produced by a term, so that ( A , /0 ) is asubtype of ( A , { r } ) .Well-typed normal forms of λ cES may not be values. For example, the term get ( r ) is not a value. Theprogress theorem states that the only reason for which a term may get stuck is the presence of an orphanread with no corresponding assignment. Normal forms are thus either values, or some application ofvalues together with at least one such stuck read. Lemma 13 (Progress) . Let R ⊢ M : ( A , e ) be a typable program that does not reduce further. Then M is of the form ∑ ni = ( M i k . . . k M il i ) where the M ij are either values or terms of the grammar M norm :: = get ( r ) | ( M norm V )[ V ] λ | ( V M norm )[ V ] λ | ( M norm M norm )[ V ] λ . Our main result is a finitary, interactive proof of strong normalization for λ cES . This section is devoted tothe presentation of the problem in the context of references, the explanation of why the existing solutionsdo not apply to our setting and what we propose instead..Hamdaoui &B.Valiron 11 Introduced by Tait in 1967 [24], reducibility is a widely used, versatile technique for proving strongnormalization of lambda-calculi. The core of this technique is to define inductively on types τ a set SC ( τ ) of well typed terms, called strongly computable terms , satisfying a series of properties. Oneproves that terms in SC ( τ ) are strongly normalizing (Adequacy) and (the most difficult part) that all welltyped terms of a type τ are actually in SC ( τ ) .When adapting this technique to a type and effect system, the main difficulty is that the definition isnot obviously inductive anymore. To define SC ( A e → α ) , we need to have defined the types of referencesappearing in e . But e can itself contain a reference of type A e → α : in the Landin’s fixpoint exampleshown in Section 1, the looping term has the type Unit { r } → Unit while r has the same type. The role ofstratification is to induce a well-founded ordering on types so that the definition becomes consistent.The solution offered by stratification of the type system is however not enough for λ cES . In Boudol [6]where the technique is introduced, concurrency is explicitly controlled by threads themselves that areguaranteed to be the only process in execution during each slice of execution. In λ cES , reduction stepsare performed in arbitrary threads such that stores may be affected by others between two atomic stepsin a particular thread.To overcome this issue, for the language presented in Section 1.1, Amadio [5] strengthens the con-dition defining SC sets by asking that they also terminate under infinite stores of the form ( r ⇐ V k . . . k r ⇐ V n k . . . ) with ( V i ) an enumeration of all the elements of SC ( α ) . In this setting, infinite storesare static top-level constructions: once saturated, they are invariant by any new assignment. In a term ( M k M k S ) with S being such a store, any memory operation of M is completely invisible to M andone can prove separately the termination of each thread.However, this solution is not easily transposable to λ cES . First of all, the rule ( subst-r get ) producesall the possible values associated to a store. The corresponding get ( r )[ V ] ↓ would reduce to an infinitesum get ( r ) + ∑ i V i where, even if each summand terminates, there is also for any positive integer n asummand that takes at least n steps to reach normal form. The total sum is not terminating anymore.Secondly, unlike static top-level stores, reference substitutions are duplicated, erased and exchanged inan interactive way between threads. To prove strong normalization of λ cES , we change gears. With explicit substitutions, assignments andreads are a way of exchanging messages between threads or subterms. Apart from the termination ofeach term in isolation, the key property we need is that threads cannot exchange an infinite amount ofmessages.We formalize this condition by strengthening the definition of strongly computable terms. We forcethem to also be well-behaved . A well-behaved term must only emit a finite number of upward substitu-tions containing strongly computable terms when placed in a “fair” context. A fair context is a contextthat would only send strongly computable reference substitutions (albeit potentially infinitely many).These notions are defined in Section 4.3, while the strong normalization result is spelled out inSection 4.4.2 AnInteractive Proof of Termination Remark . In the following, we do not want to deal with the clumsiness of handling sums of termseverywhere. If a reduction sequence is seen as a tree, where branching points correspond to ( subst-r get )and the children to all the summands produced by this rule, then by K ¨onig’s lemma it is finite if and onlyif all its branches are finite. We will thus use an alternative non-deterministic reduction, denoted by → nd , such that a sequence of reductions → nd corresponds to a branch in the original reduction system.The termination of → nd is sufficient, thanks to the above remark. We define → nd by replacing the( subst-r get ) reduction by the following two rules:get ( r )[ V ] ↓ → nd V if V ∈ V ( r ) get ( r )[ V ] ↓ → nd get ( r ) In the rest of the paper, we only consider simple terms (non-sums) and the → nd reduction.The purpose of the following Definition 15 is to formalize the interaction of a subterm with its contextas a play against an opponent that can non-deterministically drop downward substitutions at the top levelor absorb upcoming substitutions. This is summarized in the condition ( WB ) of Definition 17. Definition 15 (Environment Reduction) . Let ⊢ M : ( α , e ) be a well typed term. Let ( V i ) be a sequence ofreference substitutions such that M [ V i ] ↓ is well typed: we denote it with ⊢ ( M , ( V i )) . We call a ( M , ( V i )) -reduction a finite or infinite reduction sequence starting from M where each step is either a → nd , or aninteraction with the environment defined by the additional rules M [ V ] ↑ → ↑ M and M → ↓ M [ V i ] ↓ .We define the notion of strongly computable terms discussed in Section 4.2 as follows. Notation 16.
By abuse of notation, in Definition 17 we shall omit the R or ( α , e ) when it is obvious fromthe context and just write M ∈ SC . Moreover, we abusively write V ⊆ SC to mean that for all r where V is defined we have V ( r ) ⊆ SC R ( R ( r ) , /0 ) . Definition 17 (Strongly Computable Terms) . The set SC R ( α , e ) of strongly computable terms of type ( α , e ) is defined by induction on the type α . Base case.
Assume that α = Unit | B and that R ⊢ M : ( α , e ) . Then M ∈ SC R ( α , e ) if it is (SN) Strongly normalizing under reference substitutions: For all V ⊆ SC R , the term M [ V ] ↓ is stronglynormalizing. (WB) Well Behaved: For any ( V i ) with ∀ i : V i ⊆ SC R and ⊢ ( M , ( V i )) , for any ( M , ( V i )) -reduction M = M → . . . → M n → . . . , there exists n ≥ k ≥ M k − is of the form N [ U ] ↑ with M k − → ↑ M k then U ⊆ SC ,2. If k ≥ n then M k − → M k is not a ( → ↑ ) step. Inductive case.
Assume that R ⊢ M : ( A e → α , e ) with e ⊆ e . Then M belongs to SC R ( A e → α , e ) providedthat for all N ∈ SC R ( A , e ) , we have M N ∈ SC R ( α , e ) . The requirement that e ⊆ e can always be assumedwithout loss of generality thanks to subtyping. Remark . The condition ( SN ) requires terms to be strongly normalizing when put under any finitereference substitution of strongly computable terms. The finiteness is sufficient, thanks to the presenceof condition ( WB ). This rather technical condition is the well-behaved requirement developed in Sec-tion 4.2: it says that there are at most n ( → ↑ ) steps.In the proof of termination we make use of a preorder ⊑ . The proposition M ⊑ N means that thetwo terms are essentially the same, but that N may have more available assignments, and possibly indifferent positions. This is typically the case if N is a reduct of M [ V ] ↓ using only downward structuralrules. We give the full definition and important properties in Appendix B. For the purpose of the proofof termination, its interesting property is the following one:.Hamdaoui &B.Valiron 13 Lemma 19 (Simulation Preorder) . Assume that M ⊑ N. If N is strongly normalizing then M is stronglynormalizing. λ cES We are now ready to state and sketch the proof of strong-normalization for λ cES . The easy part is theadequacy result, stated as follows. Lemma 20 (Adequacy) . If M ∈ SC ( α , e ) then M is strongly normalizable. The heart of our result is the opposite result, the soundness:
Lemma 21 (Soundness) . Suppose that R ; x : A , . . . , x n : A n ⊢ P : ( α , e ) , and that σ maps each x i to someV i ∈ SC ( A i ) . Then P [ σ ] ∈ SC ( α , e ) . Sketch of the proof of Lemma 21.
The proof is performed by induction on the structure of the term P . Toshow how the proof works, we focus on a representative case.Let us treat the case P = ( λ x . M )[ σ ] . We assume that M ∈ SC , and we want to show that P ∈ SC . Let α = A e → . . . e n − → A n e n → β be the expansion of the type of P , where β is either Unit or B . If we unfoldthe recursive definition of SC sets, proving that P ∈ SC ( α ) amounts to check that Λ ( P , U , ( N i )) : = P N . . . N n [ U ] ↓ satisfies ( SN ) and ( WB ) for all strongly computable N , . . . , N n and U with suitabletypes. By abuse of notation we omit some parameters of Λ ( P , U , ( N i )) and write Λ ( P ) when clear. If Λ ( P ) → ∗ P ′ N ′ . . . N ′ n (omitting some reference substitutions) where β V reductions occur only insidesubterms P , N , . . . , N n , we will liberally call N ′ i a reduct of N i . We focus on the strong normalization of Λ ( P ) , the well-behaved condition being proved in a similar manner. Consider a sequence S of reductionsof Λ ( P ) . The head term P has only one possible reduction, namely P ′ = λ x . ( M [ σ ]) , and must then takepart in a ( β v ) reduction with a reduct of N to reduce further. We consider the two cases: P is passive
If such a ( β v ) does not occur in the sequence S , all the reducts of Λ ( P ) have the form Λ ′ = Q N ′ . . . N ′ n where Q is either P or P ′ and where for all i , N ′ i is a reduct of N i . We omitted abunch of floating reference substitutions for the sake of readability. Q is inert and does not play anyrole in the termination: we can focus on showing that all the reducts of N i s cannot diverge. Whilethey do terminate in isolation as strongly computable terms, the possibility of an infinite exchangeof substitutions prevent us from using ( SN ) directly. This is the precise role of ( WB ): the reductionof each N i can be mapped to an environment reduction. We adopt the following strategy :1. Use ( WB ) to show that the exchange of substitutions must come to an end2. For each N ′ i , gather all the substitutions (a finite number according the previous step) it re-ceives during the reduction of Λ ( P ) and merge them into one X i
3. Show that we can bound each reduct N ′ i : N ′ i ⊑ N i [ X i ] ↓ Since the bounding terms are strongly normalizing by ( SN ), so are the N ′ i s by Lemma 29, and theconsidered reduction is finite. P is active
Now, assume that at some point the leftmost application
Q N ′ [ W ] λ is reduced to Q ′ = M [ σ ][ x N ′ ][ W ] ↓ in Λ ( P ) , such that Λ ′ = Q ′ N ′ . . . N ′ n . The crucial fact is that Q ′ is actuallystrongly computable. Step by step :1. By induction hypothesis, M [ σ ][ x N ′ ] is strongly computable.2. By a general lemma, M ∈ SC = ⇒ M [ V ] ↓ ∈ SC for suitable V . In particular, this means Q ′ ∈ SC .4 AnInteractive Proof of Termination3. Then, we can construct a substitution X , such that starting from Λ ( Q , X , ( N i )) = Q N . . . N n [ X ] ↓ we can mimic the reduction steps of Λ ( P ) and get a ∆ such that Λ ( Q ) → ∗ ∆ with Λ ′ ⊑ ∆ . Q being strongly computable, Λ ( Q , X , ( N i )) (hence ∆ ) is strongly normalizing, and we concludeonce again with Lemma 29.The reader may found other cases of the proof sketched in B.2. Finally, together with Lemma 21(with n =
0) and Lemma 20 one can prove strong-normalization for λ cES . Moreover, the reduction islocally confluent (see A): we deduce the confluence of the language. Theorem 22 (Termination) . All well-typed closed terms are strongly normalizing.
Corollary 23 (Confluence) . The reduction is confluent on typed terms.
One may wonder how λ cES compares to other concurrent calculi and especially the language λ C presentedin Section 1.1. In particular, λ cES is almost an explicit substitution version of λ C . Indeed, it turns outthat we can define a translation of λ C to λ cES . The weak reduction of λ cES prevents variable substitutionsfrom percolating under abstractions, and translated terms may evaluate to closures as λ x . ( M [ σ ]) insteadof the expected λ x . ( M { x / σ ( x ) , . . . , x n / σ ( x n ) } ) if dom ( σ ) = { x , . . . , x n } . Up to this difference (thatcan be properly formalized – see Appendix C) there is a simulation of λ C in λ cES .More generally, we followed the design choice of adopting cumulative stores, while many languagesin the literature and in practice follow an erase-on-write semantics. Remarkably, our choice makes theversion with explicit substitutions asynchronous, as various upward and downward substitutions may bereduced arbitrarily without the need of any scheduling. Another point that justifies its introduction isthat such calculi simulate a lot of other paradigms, such as erase-on-write or communication channelsfor example, as mentioned in [17]. This means that the termination of the cumulative store versionimplies the termination of the aforementioned variants. To illustrate our point, let us quickly sketchhow a calculus with explicit substitutions with an erase-on-write semantics could be devised. First,encode set ( r , V ) as (( λ x . ∗ [ r [ V ]] ↑ ) ∗ ) . Then, when an upward substitution becomes reducible, applyall possible downward and upward structural rules until it is not possible anymore. Finally, instead ofmerging reference substitutions, the upper one erases the lower one. Its termination follows immediatelyfrom the one of λ cES . Linear logic’s proof nets are graphical representations of proofs as graphs endowed with a local cut-elimination procedure. They are strongly connected to systems with explicit substitutions (see e.g. [2]).A lot of calculi have been encoded in proof nets or related systems: call-by-value and call-by-name λ -calculi [18], π -calculus with limited replication [10], λ -calculus with references [25], etc . Theserepresentations naturally lead to parallel implementations [16, 20, 21], extend to richer logics [11] andform the basis for concrete operational semantics in the form of token-based automata [8]. Our futuregoal is to push further this correspondence by modeling a language featuring concurrency, referencesand replication. The constructs of λ cES are inspired by the approach of [10] and [25]. λ cES can be seenas a calculus-side version of some kind of proof nets. The translation and simulation of λ C in λ cES couldbe described as a compilation from a global shared memory model to a local message passing one, in.Hamdaoui &B.Valiron 15line with proof nets’ philosophy. The correctness of this compilation requires that a well-typed stronglynormalizing term in the initial language is also strongly normalizing in the target language, and this iswhat this paper achieves. In this paper, we presented a lambda-calculus with concurrence and references, featuring explicit substi-tutions for both variables and references. We discussed the issues explicit substitutions raise with respectto termination and explained how standard techniques fail to address them.The main contribution of the paper is a solution to this problem. Reminiscent of Game Semantics,the proof technique we apply is interesting in its own right. Based on an interactive point of view, it isreasonable to expect that the general methodology we present can be extended to other settings, such asproof nets or concurrent calculi.Finally, with this work we open the way to an embedding of a calculus with references into differ-ential proof nets, which has been one of our leading motivation for this work with the hope that theseresults may be as fruitful as they have been in the study of lambda-calculus.
References [1] M. Abadi, L. Cardelli, P.-L. Curien & J.-J. Levy (1990):
Explicit Substitutions . In: Proceedingsof the17thACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’90, ACM, NewYork, NY, USA, pp. 31–46.[2] Beniamino Accattoli (2015):
Proof Nets and the Call-by-value λ -calculus . Theor.Comput.Sci. 606(C), pp.2–24.[3] Beniamino Accattoli, Eduardo Bonelli, Delia Kesner & Carlos Lombardi (2014): A Nonstandard Standard-ization Theorem . In: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Pro-grammingLanguages, POPL ’14, ACM, New York, NY, USA, pp. 659–670.[4] Beniamino Accattoli & Delia Kesner (2010):
The Structural λ -Calculus . In Anuj Dawar & Helmut Veith,editors: Computer Science Logic: 24th International Workshop, CSL 2010, 19th Annual Conference ofthe EACSL, Brno, Czech Republic, August 23-27, 2010. Proceedings, Springer Berlin Heidelberg, Berlin,Heidelberg, pp. 381–395.[5] Roberto M. Amadio (2009): On Stratified Regions . In Zhenjiang Hu, editor: ProgrammingLanguagesandSystems: 7thAsianSymposium,APLAS2009,Seoul,Korea,December14-16,2009.Proceedings, SpringerBerlin Heidelberg, Berlin, Heidelberg, pp. 210–225.[6] G´erard Boudol (2010):
Typing termination in a higher-order concurrent imperative language . InformationandComputation208(6), pp. 716 – 736. Special Issue: 18th International Conference on Concurrency Theory(CONCUR 2007).[7] Pierre-Louis Curien, Th´er`ese Hardin & Jean-Jacques L´evy (1996):
Confluence Properties of Weak and StrongCalculi of Explicit Substitutions . J.ACM 43(2), pp. 362–397.[8] Vincent Danos & Laurent Regnier (1996):
Reversible, Irreversible and Optimal λ -machines: Extended ab-stract . Electronic Notes in Theoretical Computer Science 3(Supplement C), pp. 40 – 60. Linear Logic 96Tokyo Meeting.[9] Ugo de’Liguoro & Adolfo Piperno (1995): Non Deterministic Extensions of Untyped Lambda-Calculus . Inf.Comput. 122(2), pp. 149–177. [10] Thomas Ehrhard & Olivier Laurent (2010):
Interpreting a finitary pi-calculus in differential interaction nets .Informationand Computation 208(6), pp. 606 – 633. Special Issue: 18th International Conference on Con-currency Theory (CONCUR 2007).[11] Thomas Ehrhard & Laurent Regnier (2006):
Differential interaction nets . Theoretical Computer Science364(2), pp. 166–195. Available at https://hal.archives-ouvertes.fr/hal-00150274 . 30 pages.[12] M. J. Gabbay & A. M. Pitts (1999):
A new approach to abstract syntax involving binders . In: Logic inComputerScience, IEEE Computer Society Press, pp. 214–224.[13] Delia Kesner (2009):
A Theory of Explicit Substitutions with Safe and Full Composition . Logical MethodsinComputerScience 5.[14] Peter J. Landin (1964):
The Mechanical Evaluation of Expressions . TheComputerJournal6(4), pp. 308–320.[15] Pierre Lescanne & Jocelyne Rouyer-degli (1995):
Explicit Substitutions with de Bruijn’s Levels . In: inRewriting Techniques and Applications, 6th International Conference, Lecture Notes in Computer Science914, Springer, pp. 294–308.[16] Ian Mackie (1994):
Applications of the Geometry of Interaction to language implementation . Ph.D. thesis,Univ. of London.[17] Antoine Madet (2012):
Complexit´e Implicite de Lambda-Calculs Concurrents . Theses, Universit´e Paris-Diderot - Paris VII. Available at https://tel.archives-ouvertes.fr/tel-00794977 .[18] John Maraist, Martin Odersky, David N. Turner & Philip Wadler (1995):
Call-by-name, Call-by-value, Call-by-need, and the Linear Lambda Calculus . ElectronicNotesinTheoreticalComputerScience1(SupplementC), pp. 370 – 392. MFPS XI, Mathematical Foundations of Programming Semantics, Eleventh AnnualConference.[19] Paul-Andr´e Mellies (1995):
Typed λ -calculi with explicit substitutions may not terminate . In MariangiolaDezani-Ciancaglini & Gordon Plotkin, editors: Typed Lambda Calculi and Applications: Second Interna-tional Conference on Typed Lambda Calculi and Applications, TLCA ’95 Edinburgh, United Kingdom,April10–12,1995Proceedings, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 328–334.[20] Marco Pedicini & Francesco Quaglia (2007): PELCR: Parallel Environment for Optimal Lambda-calculusReduction . ACMTrans.Comput.Logic8(3).[21] Jorge Sousa Pinto (2001):
Parallel Implementation Models for the lambda-calculus Using the Ge-ometry of Interaction . In: Proceedings of the 5th International Conference on Typed Lambda Cal-culi and Applications, TLCA’01, Springer-Verlag, Berlin, Heidelberg, pp. 385–399. Available at http://dl.acm.org/citation.cfm?id=1754621.1754653 .[22] Kristoffer Høgsbro Rose (1993):
Explicit cyclic substitutions . In Micha¨el Rusinowitch & Jean-Luc R´emy,editors: Conditional Term Rewriting Systems: Third International Workshop, CTRS-92 Point-`a-Mousson,France,July8–101992Proceedings, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 36–50.[23] Franc¸ois-R´egis Sinot, Maribel Fern´andez & Ian Mackie (2003):
Efficient Reductions with Director Strings .In Robert Nieuwenhuis, editor: RewritingTechniquesandApplications: 14thInternationalConference,RTA2003 Valencia, Spain, June 9–11, 2003 Proceedings, Springer Berlin Heidelberg, Berlin, Heidelberg, pp.46–60.[24] W. W. Tait (1967):
Intensional interpretations of functionals of finite type . JournalofSymbolicLogic32(2),pp. 198–212.[25] Paolo Tranquilli (2010):
Translating types and effects with state monads and linear logic . Available at https://hal.archives-ouvertes.fr/hal-00465793 . 14 pages. .Hamdaoui &B.Valiron 17
A Weak confluence
Lemma 24.
Critical pairsWe write E E for two contexts E , E if E = E , and each one is not a prefix of the other, ie ∀ E , E = E [ E ] and E = E [ E ] . In the following, we write the reduction rules as S [ N ] → S [ N ′ ] + M ′ , where M ′ isequals to unless when ( subst-r get ) occurs where it may have additionnal terms.If M → M and M → M with M = M , then one of the assertion holds :1. The two rules are of the form S i [ N i ] → S i [ N ′ i ] + M ′ i with S S , M = S i [ N i ] = ∑ i N i
2. The two rules are of the form S [ C i [ N i ]] → S i [ C i [ N ′ i ]] + M ′ i with C C , C i [ N i ] = k i N i
3. The two rules are of the form S [ C [ N ]] → S [ C [ N ′ ]] and S [ C [ C [ N ]]] → S [ C [ C [ N ′ ]]] + M ′ , the firstrule being ( subst-r’ k ).4. The two rules are of the form S [ C [ E [ E i [ N i ]]] → S i [ C [ E [ E i [ N ′ i ]]]] + M ′ i with E = E ′ [ . ] E ′ [ N ][ V ] λ and E = E ′ [ N ] E ′ [ . ][ V ] λ , N i → N ′ i
5. The two rules are of the form S [ C [ E [ N ]]] → S [ C [ E [ N ′ ]] and S [ C [ E [ E [ N ]]]] → S [ C [ E [ E [ N ′ ]]]] + M ′ , with one of the following :(a) N = M ′ [ V ] ↓ and the applied rule is ( subst-r app ), ( subst-r subst − r ′ ) or ( subst-r merge )(b) N = ( P [ U ] ↑ ) E ′ [ N ][ V ] λ or N = E ′ [ N ] ( P [ U ] ↑ )[ V ] λ (c) N = ( E ′ [ N ][ U ] ↑ ) P [ V ] λ or N = P ( E ′ [ N ][ U ] ↑ )[ V ] λ (d) C = E = [ . ] , N = E [ N ][ V ] ↑ and the first rule used is ( subst-r’ ⊤ )Proof. We can write M in a unique way (modulo structual rules) as a sum of parallel of simple terms : M = ∑ k M k , M k = k i M ik • The two reductions rules have a premise of the form S [ N i ] . Identifying the terms of both sums, wecan write S = [ . ] + ∑ k = k M k and S = [ . ] + ∑ k = k M k . If k = k we are in the case (1), or S = S .• If one of the rule used (let say the first one) is ( subst-r’ ⊤ ), then M k = M ′ k [ V ] ↑ . Since M = M ,the second rule can’t be the same and is of the form E [ T ] → E [ T ′ ] . This is the case (5d) of thelemma.• Otherwise, the premises of the two rules have the form S [ C [ E [ P ]]] → S [ C [ E [ P ′ ]]] + M ′ and S [ C [ E [ P ]]] → S [ C [ E [ P ′ ]]] + M ′ . If C C , we are in case (2). If not, then either C = C or C = C [ C ′ ] , C ′ = [ . ] but the only rule that matches a parallel is ( subst-r’ k ), and this is case (3).We assume from now on that C = C . We decompose E and E by their greatest common prefix,such that E = E [ E ′ ] and E = E [ E ′ ] with either E ′ = E ′ = [ . ] , or E ′ = [ . ] , E ′ = [ . ] , or E E . Theformer is excluded since the reducts N and N are assumed differents, and no rule have overlap-ping redex on base cases (when C and E are empty).• If E ′ E ′ , since E ′ [ P ] = E ′ [ P ] , then E must be of the form E ′′ R [ V ] λ , E = L E ′′ [ V ] λ with L = E ′′ [ P ] and R = E ′′ [ P ] . This is case (4).• Assume now that one of the two (let say E ′ ) is [ . ] . Then P and E ′ have a common prefix. If P is an application, it can’t be the premise of the ( β v ) rule with P = ( λ x . M ) V [ U ] λ , because then E ′ = E ′′ V [ U ] λ or E ′ = ( λ x . M ) E ′′ [ U ] λ but no non-empty context verifies E ′′ [ P ] = V for a value V . Thus it must be the premise of ( subst-r’ app ), and this corresponds to cases (5b) and (5c).8 AnInteractive Proof of Termination• If P is not an application, since it must be both the premise of a rule and prefix of the context E ′ , the only remaining possibility is P = e P [ V ] ↓ . Then e P can’t be a value y , ∗ , λ y . or get ( r ) , k , [ U ] ↑ , because these constructors can’t be in E ′ : we are in case (5a). Lemma 25.
Weak confluenceLet M be a term such that M → M and M → M . Then ∃ M ′ , M → ∗ M ′ and M → ∗ M ′ Proof.
We can write M , M and M in a unique way (modulo structual rules) as a sum of parallel ofsimple terms : M = ∑ k M k , M = ∑ k M k , M = ∑ k M k Let us process all the possible cases of 24, assuming that N = N :1. We have S S , by identifying each terms, ∃ k = k , S i = [ . ] + ∑ k = k i , and we have M = ∑ k = k M k + N ′ + M ′ → ∑ k = k , k M k + N ′ + N ′ + M ′ + M ′ as well as M .2. Let write C i [ N i ] = k l ∈ L P l . Then there exists L , L ⊆ L . Since C C , we have L = L and L L and L L , such that C i = [ . ] k ( k l ∈ L i P l ) and N i = k l / ∈ L i P l . The only rule that has aparallel of terms as premise is ( subst-r’ k ). Thus L i are either singletons (if the correspondingrule is not ( subst-r’ k )) or have size two. If they are disjoint, then L ⊆ L \ L and : M = S [ N ′ k ( k l / ∈ L P l )] + M ′ = S [ N ′ k N k ( k l / ∈ L ∪ L P l )] + M ′ → S [ N ′ k N ′ k ( k l / ∈ L ∪ L P l )] + M ′ + M ′ as do M .The only remaining case is if both rules are ( subst-r’ k ) and L ∩ L = { l } . We write L = { l , l } , L = { l , l } and L ∋ = L \ { l , l , l } . If P l = P ′ [ V ] ↑ is the ”active” upward substitutionin both reduction, we have C [ N ′ ] = ( P l [ V ] ↓ k P ′ )[ V ] ↑ k P l k ( k l = L P l ) → ( P l [ V ] ↓ k P ′ k P l [ V ] ↓ )[ V ] ↑ k ( k l = L P l ) If P l is the ”passive” term in both reductions, with P l = P ′ l [ V ] ↑ and P l = P ′ l [ U ] ↑ , then C [ N ′ ] = ( P ′ l k P l [ V ] ↓ )[ V ] ↑ k P ′ l [ U ] ↑ k ( k l = L P l ) → ∗ P l k ( P l [ V ] ↓ ) k ( P ′ l [ U ] ↑ [ V ] ↓ ) k ( k l = L P l [ V ] ↓ ) → P l k ( P l [ V ] ↓ ) k ( P ′ l [ V ] ↓ [ U ] ↑ ) k ( k l = L P l [ V ] ↓ ) → ∗ ( P l [ U ] ↓ ) k ( P l [ W ] ↓ ) k ( P ′ l [ V ] ↓ ) k ( k l = L P l [ W ] ↓ ) using repeated ( subst-r’ k ), ( subst-r’ ⊤ ), ( subst-r subst-r’ ) and ( subst-r merge ).Finally, if P l is active in of the two (let say the first) and passive in the other, meaning that P l = P ′ l [ V ] ↑ , P l = P ′ l [ U ] ↑ , then.Hamdaoui &B.Valiron 19 C [ N ′ ] = ( P l [ V ] ↓ k P ′ l )[ V ] ↑ k ( P l [ U ] ↑ ) k ( k l = L P l ) → ( P l [ V ] ↓ k P ′ k P l [ V ] ↓ )[ V ] ↑ k ( k l = L P l ) C [ N ′ ] = ( P l [ V ] ↓ k P ′ l )[ V ] ↑ k P ′ l [ U ] ↑ k ( k l = L P l ) → ∗ ( P l [ V ] ↓ ) k P ′ l k ( P ′ l [ U ] ↑ [ V ] ↓ ) k ( k l = L P l [ V ] ↓ ) → ( P l [ V ] ↓ ) k P ′ l k ( P l [ V ] ↓ [ U ] ↑ ) k ( k l = L P l [ V ] ↓ ) → ∗ ( P l [ W ] ↓ ) k ( P l [ U ] ↓ ) k ( P l [ V ] ↓ ) k ( k l = L P l [ W ] ↓ ) On the other side, C [ N ′ ] = P l k (( P ′ l [ V ] ↑ [ U ] ↓ ) k P ′ l )[ U ] ↑ k ( k l = L P l ) → ∗ ( P l [ U ] ↓ ) k ( P ′ l [ V ] ↑ [ U ] ↓ ) k P ′ l k ( k l = L P l [ U ] ↓ ) → ( P l [ U ] ↓ ) k ( P ′ l [ U ] ↓ [ V ] ↑ ) k P ′ l k ( k l = L P l [ U ] ↓ ) → ∗ ( P l [ W ] ↓ ) k ( P ′ l [ U ] ↓ ) k ( P ′ l [ V ] ↓ ) k ( k l = L P l [ W ] ↓ ) C = Q [ V ] ↑ k C ′ . Let write C = k l P l and C = [ . ] k P ′ . then C [ N ′ ] = ( Q k ( N k P ′ )[ V ] ↓ )[ V ] ↑ .• Either N = N ′ [ U ] ↑ k Q ′ and C [ N ′ ] → ∗ Q k (( N ′ [ U ] ↑ ) k Q ′ )[ V ] ↓ k ( k l P l [ V ] ↓ ) → ∗ Q k ( N ′ [ V ] ↓ [ U ] ↑ ) k ( Q ′ [ V ] ↓ ) k ( k l P l [ V ] ↓ ) → ∗ ( Q [ U ] ↓ ) k ( N ′ [ V ] ↓ ) k ( Q ′ [ W ] ↓ ) k ( k l P l [ W ] ↓ ) and C [ C [ N ′ ]] = ( Q [ V ] ↑ ) k ( N ′ k Q ′ [ U ] ↓ )[ U ] ↑ k ( k l P l ) → ∗ ( Q [ V ] ↑ [ U ] ↓ ) k N ′ k ( Q ′ [ U ] ↓ ) k ( k l P l [ U ] ↓ ) → ∗ ( Q [ U ] ↓ ) k ( N ′ [ V ] ↓ ) k ( Q ′ [ W ] ↓ ) k ( k l P l [ W ] ↓ ) • Otherwise, N is a premise of the form E [ Q ′ ] and S [ C [ C [ E [ Q ′ ]]] → S [ C [ C [ E [ Q ′′ ]]]] + M ′ .Then M → ∗ S [ Q k E [ Q ′ ][ V ] ↓ k ( k l P l [ V ] ↓ )] → S [ Q k E [ Q ′ ][ V ] ↓ k ( k l P l [ V ] ↓ )] + M ′ On the other side, M = S [( Q [ V ] ↑ ) k E [ Q ′′ ] k ( k l P l )] + M ′ → ∗ S [ Q k ( E [ Q ′′ ][ V ] ↓ ) k ( k l P l [ V ] ↓ )] + M ′ S [ C [ E [ E [ N ′ ]]]] + M ′ = S [ C [ E [ E ′ [ N ′ ] E ′ [ N ][ V ] λ ]]] + M ′ → S [ C [ E [ E ′ [ N ′ ] E ′ [ N ′ ][ V ] λ ]]] + M ′ + M ′
5. (a) The applied rule is either :• ( subst-r app ) and E = E ′ Q [ U ] λ or E = Q E ′ [ U ] λ • ( subst-r subst-r’ ) and E = E ′ [ U ] ↑ • ( subst-r merge ) and E = E ′ [ V ] ↓ In the three cases, it is clear that the reductions are independant : the first one can be per-formed in M and vice-versa to get a common reduct.0 AnInteractive Proof of Termination(b)(c)(d) . . . The same argument applies to the other four cases. B Termination
B.1 Preorder on terms
Definition 26 (Reachability and Associated Preorder) . Let M be a term, and N an occurrence of a subtermin M that is not under an abstraction. We define Reach ( N , M ) , a reference substitution, as the merge ofall substitutions that are in scope of this subterm in M , as follows. Recall Notation 4.• If M = N then Reach ( N , M ) is nowhere defined.• If M = M ′ [ U ] ↓ then Reach ( N , M ) = U , Reach ( N , M ′ ) , the juxtaposition of U and Reach ( N , M ′ ) .• If M = M ′ [ σ ] then Reach ( N , M ) = Reach ( N , M ′ ) { σ } .• If M = M ′ [ U ] ↑ then Reach ( N , M ) = Reach ( N , M ′ ) .• If M = M M [ U ] λ or M = M k M , let i be the index such that N occurs in M i , then Reach ( N , M ) = Reach ( N , M i ) .We define the skeleton of a term Sk ( M ) by removing all downward reference substitutions that are notunder an abstraction. Definition 27 (Preorder) . We say that M ⊑ N if:• Sk ( M ) = Sk ( N ) , and thus we can put in a one-to-one correspondence the occurrences of get ( r ) and ( M M )[ V ] λ subterms of M and N • For all such get ( r ) occurrences, Reach ( get ( r ) , M ) ⊆ Reach ( get ( r ) , N ) • For all such M ′ = ( M M )[ V ] λ corresponding to N ′ = ( N N )[ U ] λ , then Reach ( M ′ , M ) , V ⊆ Reach ( N ′ , N ) , U Similarly, we say that M ⊑ V N if the difference between reachability sets involved in the definition issomehow “bounded” by V :• Sk ( M ) = Sk ( N ) • For all such occurrences of get ( r ) , Reach ( get ( r ) , M ) ⊆ Reach ( get ( r ) , N ) ⊆ Reach ( get ( r ) , M ) , V • For all such M ′ = M M [ U ] λ corresponding to N ′ = N N [ W ] λ , then Reach ( M ′ , M ) , W ⊆ Reach ( N ′ , N ) , U ⊆ Reach ( M ′ , M ) , W , V The relations ⊑ and ⊑ V are partial preorders on terms. M ⊑ M ′ if M and M ′ have the same structure but the available substitutions in scope of each get ( r ) in M are contained in M ′ ones. Thus, M ′ can do at least everything M can do. The second preorder ⊑ V controls precisely what the difference between reachability sets can be. The following properties makethese intuitions formal: Lemma 28.
Invariance by ( subst-r ) reductionsLet M ⊑ N (resp. M ⊑ V N). .Hamdaoui &B.Valiron 21•
If M → M ′ by a ( subst-r ) rule except ( subst-r get ) then M ′ ⊑ N (resp. M ′ ⊑ V N) • If N → N ′ by a ( subst-r ) by a ( subst-r ) rule except ( subst-r get ) then M ⊑ N ′ (resp. M ⊑ V N ′ ).Proof. Clearly, a ( subst-r ) rule does not modify the skeleton, so Sk ( M ) = Sk ( M ′ ) = Sk ( N ) . It is alsoalmost immediate to see that rules that propagate reference substitutions or ( subst-r val ) that erases theones only in scope of a value do not modify Reach ( get ( r ) , M ) for an occurence get ( r ) in M , nor do theymodify Reach ( M ′ , M ) + V for M ′ = M M [ V ] λ . Lemma 29.
SimulationLet M ⊑ N (resp. M ⊑ V N).1. If M → M ′ then ∃ n ≥ , N → n N ′ such that M ′ ⊑ N ′ (resp. M ′ ⊑ V N ′ ). If the applied rule is not a( subst-r ) or is ( subst-r get ), then n > .2. Corollary. If M ⊑ N, then if N is strongly normalizing, so is M.3. Corollary. If M ⋍ N, then M is strongly normalizing iff N is.Proof.
We will first prove that if M = C [ E [ P ] , then N → ∗ C [ E ′ [ P ′ ]] . One may just have to apply therule ( subst-r k ) until it is not possible anymore to get N → C [ N ′ ] . Then, E [ P ] and N ′ having the sameskeleton, N ′ can be written as E ′ [ P ′ ] where E ′ is E with additionnal downward references substitutions,and P and P ′ have the same skeleton and the same head constructor (if P ′ have additionnal substitutionsin head position one can always include it in E ′ : we actually take the maximal E ′ that satisfies thedecomposition). The reachability sets of subterms in C (respectively E , E ′ ) only depends on C (resp. C , E and C , E ′ ). The reachability sets of subterms in P (resp. P ′ ) are unions of substitutions occuring in P , E (resp. P ′ , E ′ ) and C .• If the rule is one of the ( subst-r ) except ( subst-r get ), by 28, n = subst-r get ) : P = get ( r )[ V ] ↓ → V ∈ V ( r ) and P = get ( r )[ V ′ ] ↓ . V ( r ) is in Reach ( get ( r ) , N ) soby iterated application of ( subst-r ) rules except ( subst-r get ) and ( subst-r val ), we can push(without modifying the skeleton nor the reachability sets) the corresponding substitutions down toget ( r ) in P ′ and we can do the same reduction. All the other reachability sets of gets or applicationor left unmodified.• ( β v ) : P = ( λ x . Q ) V [ V ] λ → T = Q [ V / x ][ V ] ↓ . Up to ( subst-r val ) reductions, P ′ = ( λ x . Q ) V [ V ′ ] λ → T ′ = Q [ V / x ][ V ′ ] ↓ . The condition on reachabiliy sets for application in the defintion of ⊑ pre-cisely ensures that all the gets and applications in Q have the same reachability in C [ E [ T ]] and in C [ E ′ [ T ′ ]] .( subst ) rules• ( subst var ) : P = x [ σ ] → x or V ( x ) , and P ′ = x [ V ] ↓ [ σ ] → x [ σ ] → x or V ( x ) .• ( subst app ) : P = Q Q [ V ] λ [ σ ] → T = ( Q [ σ ]) ( Q [ σ ])[( V [ σ ])] λ . We have P ′ = ( Q ′ [ U ] λ ) ( Q ′ [ W ] λ )[ V ′ ] λ [ σ ] → ∗ ( Q [ σ ][ U [ σ ]] ↓ ) ( Q [ σ ][ V [ t ] W ] ↓ )[ V ′ [ σ ]] λ . By definition of reachability sets, they are invariant byall the rule applied.• We proceed the same way for other cases : the var substitution just go through the additionnalreferences substitutions, and by design, reachability sets are not modified.( subst-r’ ) rules• Upward substitutions commute with downward ones without interacting. On the other hand, theycan span new downward substitutions but in this case, they do it in the same way for both P and P ′ and thus do not modify the inclusion relation on reachability sets.2 AnInteractive Proof of Termination B.2 Soundness and Adequacy
Lemma 30.
CharacterizationLet • α = A e → . . . e n − → A n e n → β with β = Unit | B • ⊢ M : ( α , e ) • N i ∈ SC ( A i , e ′ i ) • U ⊆ SC with ( ∀ i : 1 ≤ i ≤ n ) , e ′ i ⊆ e i ⊆ e and dom ( U ) ⊆ e. We define Λ ( M , U , ( N i )) = M N . . . N n [ U ] ↓ Then M ∈ SC ( α , e ) if and only if Λ ( M , U , ( N i )) is ( SN ) and ( WB ) for all U , ( N i ) satisfying the aboveconditions. In the following, we may conveniently omit some of the parameters ( M , U , ( N i )) of Λ .Proof. By induction on types.
Lemma 31.
Auxiliary results for soundnessLet M , V ∈ SC , V ⊆ SC then1. For any infinite reduction of Λ ( N ) , N must be reduced at some point.2. If N [ σ ] → M then N [ σ ] ∈ SC
3. M [ V ] ↓ ∈ SC
4. M [ V ] ↑ ∈ SC
5. If M → M ′ , then M ′ ∈ SC V {−→ V / −→ x } ⊆ SC Proof.
1. If the subterm N is never reduced, the reducts of Λ ( N ) are of the form N N ′ . . . N ′ n (withsome additionnal reference substitutions not written for conciseness) where each N ′ i can be seenas the result of an ( N i , ( W i )) reduction for some ( W i ) corresponding to the upward substitutionsgenerated by the interaction with other subterms N , . . . , N n . All these subterms are ( WB ) andgenerate SC upward substitutions. N i being well behaved, there is a number of steps n i after wichthe reduct N ′ i doesn’t generate upward substitutions anymore. After n = ∨ n i steps (actually onemay have to take a bigger n for the substitutions have to dispatch, but there is such a n ), N i hasreduced to some P i and doesn’t receive any downard substitution. If we gather all the downwardsubstitutions delivered to N i (or, viewed as an ( N i , ( W i )) reduction, all the substitutions producedby → i rules) as X , then N i ⊑ U Q = N i [ U ] ↓ . Consider the first step of the ( N i , ( W i )) reduction N i → N ′ i , either this is a usual step and then by 29 Q → ∗ Q ′ with N ′ i ⊑ U Q ′ or this is a → j step and N ′ i = N i [ Z ] ↓ for some Z ⊆ U and N ′ i ⊑ U \ Z Q . By induction over the n firt steps, we get that Q → ∗ Q such that P i ⋍ Q . Since N i ∈ SC , Q and all its reducts are ( SN ), and so is P i thus thereduction of Λ ( N ) must be finite.2. Let M ′ = M [ σ ] , consider an infinite reduction of Λ ( M ′ ) . By the previous point, the subterm M ′ must be reduced, and M is the only possible reduct. But the reduct of Λ ( M ′ ) we get is reachablefrom Λ ( M ) which is ( SN ) thus the reduction must be finite and Λ ( M ′ ) is ( SN ).Similarly, consider (for suitable ( V i ) ) a ( M ′ , ( V i )) reduction. If M ′ is never reduced, then noupward substitution is ever produced. If M ′ is reduced at some point, then it is reduced to M andthus produces a finite amount of SC upward substitutions since M is ( WB ). Hence M ′ is ( WB )..Hamdaoui &B.Valiron 233. Consider Λ ( M [ V ] ↓ , U , ( N i )) . Then Λ ( M [ V ] ↓ , U , ( N i )) ⊑ Λ ( M , U + V , ( N i )) but the latter is( SN ), since M is SC . So is the former by 29. For ( WB ), we can easily map a ( M ′ , ( W ′ i )) re-duction to a ( M , ( W i )) by just appending V to ( W i ) and start with a → i reduction. Since M ∈ SC , M ′ is ( WB ).4. Let M ′ = M [ V ] ↑ . We proceed by induction on types. For base types, it is clear that M ′ is ( WB ) iff M is, and M ′ [ U ] ↓ has exactly the same reductions as M [ U ] ↓ except for commutation of upward anddownard substitutions, and a possible ( subst ⊤ ). Thus they are both ( SN ). Now, for α = A e → α ′ ,consider an infinite reduction of Λ ( M ′ , U , ( N i )) . If the upward substitution is never reduced, wecan map this to an infinite reduction of Λ ( M , U , ( N i )) for the same reasons as above, but thelatter is ( SN ). Hence at some point the upward substitution must move up, so that the head termbecomes M ′′ ( N ′ [ V ] ↓ [ W ] λ )[ V ] ↑ where M ′′ and N ′ are reducts descendant from respectively M and N . Using induction and points 5 and 3 of this lemma, P = M ′′ ( N ′ [ V ] ↓ [ W ] λ ) is SC . By induction,so is the new head redex, and the whole redex of Λ is reachable from Λ ( M N [ W ] λ , U , ( N i )) .5. This is straightforward from the definition of SC sets.6. Combining 2. and 4., using the fact that U {−→ V / −→ x } is the normal form of U [ σ ] using only ( subst )rules, we get the result by induction on the length of the reduction.We are now able to sketch the proof of soundness and adequacy: Proof.
21 We perform the proof by induction.• M = x : x [ σ ] reduces to σ ( x ) ∈ SC , and we apply 31• M = ∗ : ∗ [ σ ] → ∗ .• M = λ y . M ′ : M [ σ ] → λ x . ( M ′ [ σ ]) . Consider an infinite reduction Λ ( λ x . ( M ′ [ σ ])) . By 31 1), atsome point a ( β v ) must occur, replacing the head redex by P = M ′ [ σ ][ X / y ][ U ] ↓ which is SC byinduction 31 3). But this term can be reached from Λ ( P , U , N i + [ V ] ↓ ) (for some V that are SC ,the ones emitted by the reduction of N ) which is ( SN ). The same kind of argument show that Λ ( M , U , ( N i )) is ( WB ) : if the redex is not reduced, then all upgoing substitutions that come from N i must stop after a finite number of reductions and all contain SC terms, or the redex is reducedafter a finite number of steps and from this point the term is a reduct of a ( WB ) one thus must be( WB ) as well.• M = get ( r ) : get ( r )[ σ ] → get ( r ) . Let see that get ( r ) ∈ SC . Consider an infinite reduction of Λ ( get ( r )) . By 31 1), the get ( r ) must be reduced at some point and from this point it is eitherreplaced by a value from the substitution prefix, or by a value emitted by one of the N i , all of thesebeing SC .• M = M ′ [ τ ] , then M [ σ ] → M ′ [ µ ] . By 31, U {−→ V / −→ x } ∈ SC . M ′ has a typing judgement of the form x : A , . . . , x n : A n , y : B , . . . , y m : B m ⊢ M ′ : ( α , e ) . By induction, M ′ [ µ ] ∈ SC .• M = M ′ [ U ] ↓ : M [ σ ] → M ′ [ σ ][ U {−→ V / −→ x } ] ↓ . By induction, M ′ [ σ ] is SC and by 31 so is M .• M = M ′ [ V ] ↑ : induction + 31.• M = M M [( V i )] λ : M [ σ ] → M ′ = ( M [ σ ]) ( M [ σ ])[( V [ σ ])] λ . By induction and 31, M i [ σ ] ∈ SC and V [ x ] are in SC . Then by definition M ′ ∈ SC .4 AnInteractive Proof of Termination• M = M k M : M [ V / x ] → M ′ = M ′ k M ′ with M ′ i = M i [ V / x ] and according to 31 it is sufficient toprove M ′ ∈ SC . By induction, M ′ i ∈ SC . Let us take an ( M ′ , r , V ) reduction starting from M ′ . Itcan be associated to an ( M ′ i , r i , V i ) reduction from the point of view of M ′ i , where r i , V i are comingeither from ( r , V ) or from the upward substitution of M ′ − i , that are all in SC . Since the M i are( WB ), so is M ′ . Now, the proof is very similar to the first point of 31 : Take an M ′ reduction, since M ′ i are ( WB ), after a finite number of steps, no more substitutions are exchanged. We can thensmash all the substitutions received by M ′ i into a big one ( x , X ) and since M ′ i [ X ] ↓ is ( SN ), thenthe reduction must be finite. Proof.
20 We will prove additionnally by induction on types that SC ( α ) = /0 for any α .• For α = Unit | B it is immediate : ∗ ∈ SC ( Unit ) and ∗ k ∗ ∈ SC ( B ) . If M ∈ SC ( α ) had an infinitereduction, then so would M [ V ] ↓ • For α = A → α ′ , by induction there exists M α ′ ∈ SC ( α ′ ) , then λ x . M α ′ for x not free in M α ′ is in SC ( α ) . If M ∈ SC ( α ) did not terminate, so would M N for N ∈ SC ( A ) which exists since thelatter set is not empty. C Relation between λ cES and λ C In the following, λ C stands for the version of the concurrent λ -calculus described in the second chapterof [17]. Definition 32.
Translation of λ C in λ cES Let M be a term and S be a store of λ C . S can be written as S = r ⇐ V k . . . k r ⇐ V k k . . . k r n ⇐ V n k . . . k r n ⇐ V nk n Let V S : r i [ V i , . . . , V ik i ] . We define the translation of M under S by• If M = V or M = set ( s , V ) then M S = M • If M = N N ′ then M S = N S N ′ S [ V S ] λ • If M = get ( s ) then M S = get ( s )[ V S ] ↓ • If M = N k N ′ then M S = N S k N ′ S In fact, M S is the normal form reached from M [ V S ] ↓ using only downward structural rules. For anyprogram P = M k S , we define P = M S . If P = M then P = M = M .Our reduction have the drawback of not reducing under abstractions, such that some of the variablesubstitution propagation will be delayed until the corresponding lambda will be applied (or forever). Tocope with this subtlety, we introduce a relation on terms of λ cES that expresses that a term M is relatedto N if M is the same as N up to some pending substitutions hidden under lambdas, and such that if wecould reduce these substitutions freely M would actually reduce to N . Definition 33.
Substitution relationWe define s as :.Hamdaoui &B.Valiron 25• x s x , get ( r ) s get ( r ) , ∗ s ∗ • M k N s M ′ k N ′ iff M s M ′ and N s N ′ • λ x . M s λ x . M ′ if M = N [ σ n ][ . . . ][ σ ] such that N { σ , . . . , σ n } = M .• M [ V ] ↓ s M ′ [ V ′ ] ↓ or M [ V ] ↑ s M ′ [ V ′ ] ↑ iff M s M ′ and V s V ′ • M N [ V ] λ s M ′ N ′ [ V ′ ] λ iff M s M ′ , N s N ′ and V s V ′ • M [ σ ] s M ′ [ σ ′ ] iff M s M ′ and σ s σ ′ Where we extended point-wise the definition of s to functions and multisets. Theorem 34.
SimulationLet P , Q be λ C programs such that P → ∗ Q. ThenP → ∗ nd M ss