Linear Dependent Types and Relative Completeness
LINEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS ˚ UGO DAL LAGO a AND MARCO GABOARDI ba Dipartimento di Scienze dell’Informazione – Universit`a di Bologna, EPI FOCUS – INRIA SophiaAntipolis e-mail address : [email protected] b Dipartimento di Scienze dell’Informazione – Universit`a di Bologna, Computer and InformationScience Department – University of Pennsylvania, EPI FOCUS – INRIA Sophia Antipolis e-mail address : [email protected]
Abstract.
A system of linear dependent types for the λ -calculus with full higher-orderrecursion, called d ℓ PCF , is introduced and proved sound and relatively complete. Com-pleteness holds in a strong sense: d ℓ PCF is not only able to precisely capture the functionalbehavior of
PCF programs (i.e. how the output relates to the input) but also some of theirintensional properties, namely the complexity of evaluating them with Krivine’s Machine. d ℓ PCF is designed around dependent types and linear logic and is parametrized on theunderlying language of index terms, which can be tuned so as to sacrifice completeness fortractability. Introduction
Type systems are powerful tools in the design of programming languages. While they havebeen employed traditionally to guarantee weak properties of programs (e.g. “well-typedprograms cannot go wrong”), it is becoming more and more evident that they can be usefulwhen stronger properties are needed, such as security [33, 32], termination [6], monadictemporal properties [26] or resource bounds [25, 11].One key advantage of type systems seen as formal methods is their simplicity andtheir close relationship with programs — checking whether a program has a type or eveninferring the (most general) type of a program is often decidable. The price to pay is theincompleteness of most type systems: there are programs satisfying the property at handwhich cannot be given a type. This is in contrast with other formal methods, like programlogics [2] where completeness is always a desirable feature, although it only holds relatively
F.3.2, F.3.1.
Key words and phrases:
Resource Consumption, Linear Logic, Dependent Types, Implicit ComputationalComplexity, Relative Completeness. ˚ This work is partially supported by the INRIA ARC project “ETERNAL”. This is a revised and extendedversion of a paper with the same title which has appeared in the proceedings of LICS 2011. b Marco Gaboardi was supported by the European Community’s Seventh Framework Programme(FP7/2007-2013) under grant agreement n ˝ LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.2168/LMCS-8(4:11)2012 c (cid:13)
U. Dal Lago and M. Gaboardi CC (cid:13) Creative Commons
U. DAL LAGO AND M. GABOARDI
Degree of Completeness P r o p e r t y C o m p l e x i t y Type Systems Program Logics
Figure 1: Type Systems and Program Logicsto an oracle. Graphically, the situation is similar to the one in Figure 1: type systems arebound to be in the lower left corner of the diagram, where both the degree of completenessand the complexity of the property under consideration is low; program logics, on the otherhand, are confined to the upper-right corner, where checking for derivability is almost alwaysundecidable.One specific research field in which the just-described scenario manifests itself is implicitcomputational complexity, in which one aims at defining characterizations of complexityclasses by programming languages and logical systems. Many type systems have been in-troduced capturing, for instance, the polynomial time computable functions [23, 5, 4]. Allof them, under mild assumptions, can be employed as tools to certify programs as asymp-totically time efficient. However, a tiny slice of the polytime programs are generally typable,since the underlying complexity class FP is only characterized in a purely extensional sense— for every function in FP there is at least one typable program computing it.The main contribution of this paper is a type system for the λ -calculus with full recur-sion, called d ℓ PCF , which is sound and complete . Types of d ℓ PCF are obtained, in the spiritof
DML [36, 35], by decorating types of ordinary
PCF [31, 21] with index terms . These arefirst-order terms freely generated from variables, function symbols and a few more termconstructs. They are indicated with metavariables like I , J , K. Type decoration reflects thestandard decomposition of types into linear types (as suggested by linear logic [18]), and isinspired by recent works on the expressivity of bounded logics [13].Index terms and linear types permit to describe program properties with a fine granu-larity. More precisely, d ℓ PCF enjoys the following two properties: ‚ Soundness : if t is a program and $ K t : Nat r I , J s , then t evaluates to a natural numberwhich lies between I and J and this evaluation takes at most p K ` q ¨ | t | steps; ‚ Completeness : if t is typable in PCF and evaluates to a natural number n in m steps,then $ I t : Nat r n , n s , where I ď m .Completeness of d ℓ PCF holds not only for programs (i.e. terms of ground types) but alsofor functions on the natural numbers (see Section 5.3 for further details). Moreover, typingjudgments tell us something about the functional behavior of programs but also about theirnon-functional one, namely the number of steps needed to evaluate the term in Krivine’sAbstract Machine.As the title of this paper suggests, completeness of d ℓ PCF holds in a relative sense.Indeed, the behavior of programs can be precisely captured only in presence of a complete
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 3 oracle for the truth of certain assumptions in typing rules. This is exactly what happens inprogram logics such as Floyd-Hoare’s logic, where all true partial correctness assertions canbe derived provided one is allowed to use all true sentences of first order arithmetic as axioms[10]. In d ℓ PCF , those assumptions take the form of (in)equalities between index terms, tobe verified when function symbols are interpreted as partial functions on natural numbersaccording to an equational program E . Actually, the whole of d ℓ PCF is parametrized onsuch an E , but while soundness holds independently of the specific E , completeness, as is tobe expected, holds only if E is sufficiently powerful to encode all total computable functions(i.e. if E is universal). In other words, d ℓ PCF can be claimed to be not a type system, but a family of type systems obtained by taking a specific E as the underlying “logic” of indexterms. The simpler E , the easier type checking and type inference are; the more complex E , the larger the class of captured programs.The design of d ℓ PCF has been very much influenced by linear logic [18], and in particularby systems of indexed and bounded linear logic [19, 13], which have been recently shownto subsume other ICC systems as for the class of programs they capture [13]. One ofthe many ways to “read” d ℓ PCF is as a variation on the theme of
BLL [19] obtained bygeneralizing polynomials to arbitrary functions. The idea of going beyond a restricted,fixed class of bounds comes from Xi’s work on
DML [36, 35]. Cost recurrences for first order
DML programs have been studied [20]. No similar completeness results for dependent typesare known, however.2.
Types and Program Properties: An Informal Account
Consider the following program: dbl “ fix f.λx. ifz x then 0 else s p s p f p p p x qqqq . In a monomorphic, traditionally designed type system like
PCF [31, 21], the term dbl receives type
Nat Ñ Nat . As a consequence, dbl computes a function on natural numberswithout “going wrong”: it takes in input a natural number, and produces in output anothernatural number (if any). The type
Nat Ñ Nat , however, does not give any information about which specific function on the natural numbers dbl computes. Indeed, in
PCF (and in mostreal-world programming languages) any program computing a function on natural numbers,being it for instance the identity function or (a unary version of) the Ackermann function,can be typed by
Nat Ñ Nat .Some modern type systems allow one to construct and use types like τ “ Nat r a s Ñ Nat r ˆ a s , which tell not only what set or domain (the interpretation of) the term belongsto, but also which specific element of the domain the term actually denotes. The type τ ,for example, could be attributed only to those programs computing the function n ÞÑ ˆ n ,including dbl . Types of this form can be constructed in dependent and sized type theories[36, 6]. The type system d ℓ PCF introduced in this paper offers this possibility, too. But, asa first contribution, it further allows to specify imprecise types, like
Nat r , s , which standsfor the type of those natural numbers between 5 and 8 (included).A property of programs which is completely ignored by ordinary type systems is ter-mination, at least if full recursion is in the underlying language. Typing a term t with Nat Ñ Nat does not guarantee that t , when applied to a natural number, terminates. In PCF this is even worse: t could possibly diverge itself ! Consider, as another example, a U. DAL LAGO AND M. GABOARDI slight modification of dbl , namely omega “ fix f.λx. ifz x then 0 else s p s p f p x qqq . It behaves as dbl when fed with 0, but it diverges when it receives a positive natural numberas an argument. But look: omega is not so different from dbl . Indeed, the second can beobtained from the first by feeding not x but p p x q to f . And any type systems in which dbl and omega are somehow recognized as being fundamentally different must be able todetect the presence of p in dbl and deduct termination from it. Indeed, sized types [6] anddependent types [34] are able to do so.Going further, we could ask the type system to be able not only to guarantee termi-nation, but also to somehow evaluate the time or space consumption of programs. Forexample, we could be interested in knowing that dbl takes a polynomial number of steps tobe evaluated on any natural number. This cannot be achieved neither using classical typesystems nor using systems of sized types, at least when traditionally formulated. However,some type systems able to control the complexity of programs exist. Good examples aretype systems for amortized analysis [25, 22] or those using ideas from linear logic [5, 4].In those type systems, typing judgements carry, besides the usual type information, someadditional information about the resource consumption of the underlying program. As anexample, dbl could be given a type as follows $ I dbl : Nat Ñ Nat where I is some cost information for dbl . This way, building a type derivation and inferringresource consumption can be done at the same time.The type system d ℓ PCF we propose in this paper makes some further steps in thisdirection. First of all, it combines some of the ideas presented above with the ones ofbounded linear logic.
BLL allows one to explicitly count the number of times functions usetheir arguments (in rough notation, ! m σ ⊸ τ says that the argument of type σ is used m times). This permits to extract natural cost functions from type derivations. The cost ofevaluating a term will be measured by counting how many times function arguments need tobe copied during evaluation. Making this information explicit in types permits to computethe cost step by step during the type derivation process. By the way, previous works bythe first author [12] show that this way of attributing a cost to (proofs seen as) programs issound and precise as a way to measure their time complexity. Intuitively, typing judgementsin d ℓ PCF can be thought as: $ J t : ! m Nat r a s ⊸ Nat r I s . where I and J can be derived while building a type derivation, exploiting the informationcarried by the modalities. In fact, the quantitative information in ! m allows to staticallydetermine the number of times any subterm will be copied during evaluation. But this isnot sufficient: analogously to what happens in BLL , d ℓ PCF makes types more parametric. Arough type as ! n σ ⊸ τ is replaced by the more parametric type r a ă n s ¨ σ ⊸ τ , which tellsus that the argument will be used n times, and each instance has type σ where, however the variable a is instantiated with a value less than n . This allows to type each copy of theargument differently but uniformly, since all instances of σ have the same PCF skeleton.This form of uniform linear dependence is actually crucial in obtaining the result whichmakes d ℓ PCF different from similar type systems, namely completeness.
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 5
Finally, as already stressed in the Introduction, d ℓ PCF is also parametric in the class offunctions (in the form of an equational program E ) that can be used to reason about typesand costs. This permits to tune the type system, as described in Section 6 below.Anticipating on the next section, we can say that dbl can be typed as follows in d ℓ PCF : $ E a dbl : r b ă a ` s ¨ Nat r a s ⊸ Nat r ˆ a s . This tells us that the argument will be used a ` dbl , and that the cost ofevaluation will be itself proportional to a .3. d ℓ PCF
In this section, the language of programs and the type system d ℓ PCF for it will be introducedformally. Some of their basic properties will be described. The type system d ℓ PCF is basedon the notion of an index term whose semantics, in turn, is defined by an equationalprogram. As a consequence, all these notions must be properly introduced and are thesubject of Section 3.1 below.3.1.
Index Terms and Equational Programs.
Syntactically, index terms are built ei-ther from function symbols from a given signature or by applying any of two special termconstructs.Formally, a signature
Σ is a pair p S , α q where S is a finite set of function symbols and α : S Ñ N assigns an arity to every function symbol. Index terms on a given signatureΣ “ p S , α q are generated by the following grammar:I , J , K :: “ a | f p I , . . . , I α p f q q | ÿ a ă I J | I , J ï a K , where f P S and a is a variable drawn from a set V of index variables . We assume thesymbols , (with arity 0) and ` , ´ (with arity 2) are always part of Σ. An index term inthe form ř a ă I J is a bounded sum , while one in the form Ï I , J a K is a forest cardinality . Forevery natural number n , the index term n is just ` ` . . . ` loooooooomoooooooon n times . Index terms are meant to denote natural numbers, possibly depending on the (unknown)values of variables. Variables can be instantiated with other index terms, e.g. I t J { a u .So, index terms can also act as first order functions. What is the meaning of the functionsymbols from Σ? It is the one induced by an equational program E . Formally, an equationalprogram E over a signature Σ and a set of variables V is a set of equations in the form t “ s where both t and s are terms in the free algebra O p Σ , V q over Σ and V . We are interestedin equational programs guaranteeing that, whenever symbols in Σ are interpreted as partialfunctions over N and , , ` and ´ are interpreted in the usual way, the semantics ofany function symbol f can be uniquely determined from E . This can be guaranteed by,for example, taking E as an Herbrand-G¨odel scheme [30] or as an orthogonal constructorterm rewriting system [3]. One may wonder why the definition of index terms is parametricon Σ and E . As we will see in Section 6, being parametric this way allows us to tune ourconcrete type system from a highly undecidable but truly powerful machinery down to atractable but less expressive formal system. An example of an equational program over U. DAL LAGO AND M. GABOARDI the signature Σ consisting of three function symbols gt , add and mult of arity two is thefollowing sequence of equations: gt p , b q “ ; gt p a ` , q “ ; gt p a ` , b ` q “ gt p a, b q ; add p , b q “ b ; add p a ` , b q “ add p a, b q ` ; mult p , b q “ ; mult p a ` , b q “ add p b, mult p a, b qq . What about the meaning of bounded sums and forest cardinalities? The first is veryintuitive: the value of ř a ă I J is simply the sum of all possible values of J with a taking thevalues from 0 up to I, excluded. Forest cardinalities, on the other hand, require some moreeffort to be described. Informally, Ï I , J a K is an index term denoting the number of nodes ina forest composed of J trees described using K. All the nodes in the forest are (uniquely)identified by natural numbers. These are obtained by consecutively visiting each tree inpre-order, starting from I. The term K has the role of describing the number of childrenof each forest node n by properly instantiating the variable a , e.g the number of childrenof the root (of the leftmost tree in the forest) is K t { a u . More formally, the meaning of aforest cardinality is defined by the following two equations: I , ï a K “ ; (3.1) I , J ` ï a K “ ˜ I , J ï a K ¸ ` ` ¨˝ I ` ` Ï I , J a K , K t I ` Ï I , J a K { a u ï a K ˛‚ . (3.2)Equation (3.1) says that a forest of 0 trees contains no nodes. Equation (3.2) tells us thata forest of J ` ‚ the nodes in the first J trees; ‚ and the nodes in the last tree, which are just one plus the nodes in the immediatesubtrees of the root, considered themselves as a forest.To better understand forest cardinalities, consider the following forest comprising two trees: (cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) ❃❃❃❃❃❃❃❃ (cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) ❃❃❃❃❃❃❃❃ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴✤✤✤✤✤ ✤✤✤✤✤❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ❴ ⑦⑦⑦⑦⑦⑦⑦⑦ ❅❅❅❅❅❅❅
10 12 and consider an index term K with a free index variable a such that K t n { a u “ n “ t n { a u “ n P t , u ; K t n { a u “ n P t , , , u ; and K t n { a u “ n P t , , , , u . That is, K describes the number of children of each node in the forest.Then Ï , a K “ since it takes into account the entire forest; Ï , a K “ since it takes INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 7 into account only the leftmost tree; Ï , a K “ since it takes into account only the secondtree of the forest; finally, Ï , a K “ since it takes into account only the three trees (as aforest) in the dashed rectangle.One may wonder what is the role of forest cardinalities in the type system. Actually,they play a crucial role in the treatment of recursive calls, where the unfolding of recursionproduces a tree-like structure whose size is just the number of times the (recursively de-fined) function will be used globally . Note that the value of a forest cardinality could alsobe undefined. For instance, this happens when infinite trees, corresponding to divergingrecursive computations, are considered.The expression J I K E ρ denotes the meaning of I, defined by induction along the lines ofthe previous discussion, where ρ : V Ñ N is an assignment and E is an equational programgiving meaning to the function symbols in I. Since E does not necessarily interpret suchsymbols as total functions, and moreover, the value of a forest cardinality can be undefined, J I K E ρ can be undefined itself. A constraint is an inequality in the form I ď J. A constraintis true in an assignment ρ if J I K E ρ and J J K E ρ are both defined and the first is smaller or equalto the latter. Now, for a subset φ of V , and for a set Φ of constraints involving variables in φ , the expression φ ; Φ |ù E I ď J (3.3)denotes the fact that the truth of I ď J semantically follows from the truth of the constraintsin Φ. The expression φ ; Φ |ù E I ě indicates that (the semantics of) I is defined for therelevant values of the variables in φ ; this is usually written as φ ; Φ |ù E I ó .Similarly, one can define the meaning of expressions like φ ; Φ |ù E I “ J or φ ; Φ |ù E I » J,the latter standing for the equality of I and J in the sense of Kleene, i.e. φ ; Φ |ù E I ó ifand only if φ ; Φ |ù E J ó , and if φ ; Φ |ù E I ó then φ ; Φ |ù E I “ J. When both φ and Φ areempty, such expressions can be written in a much more concise form, e.g. I » J stands for H ; H |ù E I » J.The following two lemmas about forest cardinalities are useful, and will be crucial whenproving the Substitution Lemma.
Lemma 3.1.
For every index terms I , J , K , H , we have: I ` J , K ï a H » J , K ï a H t a ` I { a u . Proof.
The proof is by coinduction on the definition of Ï I ` J , K a H by distinguishing the casesfor the different values of K. For K » we have both: I ` J , ï a H » ; J , ï a H t a ` I { a u » . For K » L ` we have: I ` J , L ` ï a H » I ` J , L ï a H ` ` I ` J ` ` Ï I ` J , L a H , H t I ` J ` Ï I ` J , L a H { a u ï a H , and analogously J , L ` ï a H t a ` I { a u » J , L ï a H t a ` I { a u ` ` J ` ` Ï J , L a H t a ` I { a u , H t I ` J ` Ï J , L a H t a ` I { a u{ a u ï a H t a ` I { a u . This concludes the proof.
U. DAL LAGO AND M. GABOARDI
Lemma 3.2.
For every index term of the shape Ï , J a I we have: , J ï a I » ÿ b ă J , ï a I t a ` ` ,b ï a I { a u . Proof.
The proof is by coinduction on the definition of Ï , J a I by distinguishing the casesfor the different values of J. For J » , we have both: , ï a I » ; ÿ b ă , ï a I t a ` ` ,b ï a I { a u » . For J » L ` we have , L ` ï a I » K ` ` K ` , I t K ` { a u ï a Iand ÿ b ă L ` , ï a I t a ` ` ,b ï a I { a u » H ` , ï a I t a ` ` , L ï a I { a u , where K is Ï , L a I and H is ř b ă L Ï , a I t a ` ` Ï ,ba I { a u . Now, by definition and byLemma 3.1, we have , ï a I t a ` ` , L ï a I { a u » ` , I t K ` { a u ï a I t a ` ` K { a u » ` K ` , I t K ` { a u ï a I . This concludes the proof.Before embarking in the description of the type system, a further remark on the roleof index terms could be useful. Index terms are not meant to be part of programs but of types . As a consequence, computation will not be carried out on index terms but on properterms, which are the subject of Section 3.2 below.3.2.
The Type System.
Terms are generated by the following grammar: t :: “ x | n | s p t q | p p t q | λx.t | tu | ifz t then u else v | fix x.t where n ranges over natural numbers and x ranges over a set of variables . As usual, termswhich are equal modulo α -conversion are considered equal. This, in turn, allows to definethe notion of substitution in the standard way. The set of head subterms of any term t canbe defined easily by induction on the structure of t , e.g. the head subterms of t “ uv are t itself and the head subterms of u (but not those of v ).A notion of size | t | for a term t will be useful in the sequel. This can be defined asfollows: | x | “ | λx.t | “ | t | ` | n | “ | tu | “ | t | ` | u | ` | s p t q| “ | t | ` | ifz t then u else v | “ | t | ` | u | ` | v | ` | p p t q| “ | t | ` | fix x.t | “ | t | ` . INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 9 Γ , x : σ $ x : σ Γ , x : σ $ t : τ Γ $ λx.t : σ Ñ τ Γ $ t : σ Ñ τ Γ $ u : σ Γ $ tu : τ Γ $ n : Nat Γ $ t : Nat Γ $ s p t q : Nat Γ $ t : Nat Γ $ p p t q : Nat Γ $ t : Nat Γ $ u : σ Γ $ v : σ Γ $ ifz t then u else v : σ Γ , x : σ $ t : σ Γ $ fix x.t : σ Figure 2: The
PCF
Type System. p λx.t q u Ñ t t u { x u s p n q Ñ n ` p n ` q Ñ n p p q Ñ u else v Ñ u ifz n ` u else v Ñ v fix x.t Ñ t t fix x.t { x u t Ñ u s p t q Ñ s p u q t Ñ u p p t q Ñ p p u q t Ñ vtu Ñ vut Ñ w ifz t then u else v Ñ ifz w then u else v Figure 3: Weak-head ReductionNotice that for technical reasons size is defined in a slightly nonstandard way: every integerconstant has size 1.
Lemma 3.3. If t is a term and u is a subterm of t , then | u | ď | t | . Terms can be typed by a well-known type system called
PCF . Types are those generatedby the basic type
Nat and the binary type constructor Ñ . Typing rules are in Figure 2. Anotion of weak-head reduction Ñ can be easily defined: see Figure 3. A term t is said tobe a program if it can be given the PCF type
Nat in the empty context.Almost all the definitions about d ℓ PCF in this and the next sections should be un-derstood as parametric on an equational program E over a signature Σ. For the sake ofsimplicity, however, we will often avoid to explicitly mention E and leave it implicit. d ℓ PCF can be seen as a refinement of
PCF obtained by a linear decoration of its typederivations. Basic and modal types are defined as follows: σ, τ :: “ Nat r I , J s | A ⊸ σ ; basic types A, B :: “ r a ă I s ¨ σ ; modal typeswhere I , J range over index terms and a ranges over index variables. Nat r I s is syntacticsugar for Nat r I , I s . Modal types need some comments. As a first approximation, they canbe thought of as quantifiers over type variables. So, a type like A “ r a ă I s ¨ σ acts as abinder for the index variable a in the basic type σ . Moreover, the condition a ă I saysthat A consists of all the instances of the basic type σ where the variable a is successivelyinstantiated with the values from to (the value of) I ´ , i.e. σ t { a u , . . . , σ t I ´ { a u .For those readers who are familiar with linear logic, and in particular with BLL , the modaltype r a ă I s ¨ σ is a generalization of the BLL formula ! a ă p σ to arbitrary index terms. Assuch it can be thought of as representing the type σ t { a u b ¨ ¨ ¨ b σ t I ´ { a u . In analogyto what happens in the standard linear logic decomposition of the intuitionistic arrow, φ ; Φ |ù E I ó φ ; Φ |ù E J ó φ ; Φ $ E Nat r I , J s ó p Nat . t q φ ; Φ $ E A ó φ ; Φ $ E σ ó φ ; Φ $ E A ⊸ σ ó p ⊸ . t q φ, a ; Φ , a ă I $ E σ ó φ ; Φ |ù E I ó φ ; Φ $ E r a ă I s ¨ σ ó pr´s ¨ . t q Figure 4: Well-defined Types φ ; Φ |ù E K ď I φ ; Φ |ù E J ď H φ ; Φ $ E Nat r I , J s Ď Nat r K , H s p Nat . l q φ ; Φ $ E B Ď Aφ ; Φ $ E σ Ď τφ ; Φ $ E A ⊸ σ Ď B ⊸ τ p ⊸ . l q φ, a ; Φ , a ă I $ E σ Ď τφ ; Φ |ù E J ď I φ ; Φ $ E r a ă I s ¨ σ Ď r a ă J s ¨ τ pr´s ¨ . l q Figure 5: The Subtyping Relationi.e. ! A ⊸ B “ A ñ B , it is sufficient to restrict to modal types appearing in negativeposition.Finally, for those readers with some knowledge of DML , modal types are in a waysimilar to
DML ’s subset sort constructions [35].We always assume that index terms appearing inside types are defined for all the rel-evant values of the variables in φ . This is captured by the judgement φ ; Φ $ E σ ó , whoserules are in Figure 4.In the typing rules, modal types need to be manipulated in an algebraic way. For thisreason, two operations on modal types need to be introduced. The first one is a binaryoperation Z on modal types. Suppose that A “ r a ă I s ¨ µ t a { c u and that B “ r b ă J s ¨ µ t I ` b { c u . In other words, A consists of the first I instances of µ , i.e. µ t { c u , . . . , µ t I ´ { c u while B consists of the next J instances of µ , i.e. µ t I ` { c u , . . . , µ t I ` J ´ { c u . Their sum A Z B is naturally defined as a modal type consisting of the first I ` J instances of µ , i.e. r c ă I ` J s ¨ µ . An operation of bounded sum on modal types can be defined by generalizingthe idea above. Suppose that A “ r b ă J s ¨ σ t ř d ă a J t d { a u ` b { c u . Then its bounded sum ř a ă I A is r c ă ř a ă I J s ¨ σ .To every type σ corresponds a type p| σ |q of ordinary PCF , namely a type built from thebasic type
Nat and the arrow operator Ñ : p| Nat r I , J s|q “ Nat ; p|r a ă I s ¨ σ ⊸ τ |q “ p| σ |q Ñ p| τ |q . Central to d ℓ PCF is the notion of subtyping. An inequality relation Ď between (basicand modal) types can be defined by way of the formal system in Figure 5. This relationcorresponds to lifting index inequalities at the type level. The equivalence φ ; Φ $ σ – τ INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 11 holds when both φ ; Φ $ σ Ď τ and φ ; Φ $ τ Ď σ can be derived from the rules in Figure 5. φ ; Φ $ σ ó is syntactic sugar for φ ; Φ $ σ Ď σ .It is now time to introduce the main object of this paper, namely the type system d ℓ PCF . Typing judgements of d ℓ PCF are expressions in the form φ ; Φ; Γ $ E I t : σ, (3.4)where Γ is a typing context , that is, a set of term variable assignments of the shape x : A where each variable x occurs at most once. The expression (3.4) can be informally read asfollows: for every values of the index variables in φ satisfying Φ, t can be given type σ and cost I once its free term variables have types as in Γ. In proving this, equations from E canplay a role.Typing rules are in Figure 6, where binary and bounded sums are used in their naturalgeneralization to contexts. A type derivation is nothing more than a tree built according totyping rules. A precise type derivation is a type derivation such that all premises in the form σ Ď τ (respectively, in the form I ď J) are required to be in the form σ – τ (respectively,I “ J).First of all, observe that the typing rules are syntax-directed: given a term t , all typederivations for t end with the same typing rule, namely the one corresponding to the lastsyntax rule used in building t . In particular, no explicit subtyping rule exists, but subtypingis applied to the context in every rule. A syntax-directed type system offers a key advantage:it allows one to prove the statements about type derivations by induction on the structureof terms. This greatly simplifies the proof of crucial properties like subject reduction.Typing rules have premises of three different kinds: ‚ Of course, typing a term requires typing its immediate subterms, so typing judgementscan be rule premises. ‚ As just mentioned, typing rules allow to subtype the context Γ, so subtyping judgementscan be themselves rule premises. ‚ The application of typing rules (and also of subtyping rules, see Figure 5) sometimesdepends on the truth of some inequalities between index terms in the model induced by E .As a consequence, typing rules can only be applied if some relations between index termsare consequences of the constraints in Φ. These assumptions have a semantic nature, butcould of course be verified by any sound formal system. Completeness (see Section 5),however, only holds if all true inequalities can be used as assumptions. As a consequence,type inference but also type (derivation) checking are bound to be problematic from acomputational point of view. See Section 6 for a more thorough discussion on this issue.As a last remark, note that each rule can be seen as a decoration of a rule of ordinary PCF . More: for every d ℓ PCF type derivation π of φ ; Φ; Γ $ E I t : σ there is a structurallyidentical derivation in PCF for the same term, i.e. a derivation p| π |q ⊲ p| Γ |q $ t : p| σ |q .3.3. An Example.
In this section, we will show how d ℓ PCF can give a sensible type to theexample we talked about in the Introduction, namely dbl “ fix f.λx. ifz x then 0 else s p s p f p p p x qqqq . First, let us take a look at a subterm of dbl , namely t “ ifz x then 0 else s p s p f p p p x qqqq .In plain PCF , t receives the type Nat in an environment where x has type Nat and f hastype Nat Ñ Nat . Presumably, a d ℓ PCF type for t can be obtained by decorating in an φ ; Φ |ù E ď J φ ; Φ |ù E ď I φ ; Φ $ E σ t { a u Ď τφ ; Φ $ E pr a ă I s ¨ σ q ó φ ; Φ $ E Γ ó φ ; Φ; Γ , x : r a ă I s ¨ σ $ E J x : τ V φ ; Φ; Γ , x : r a ă I s ¨ σ $ E J t : τφ ; Φ; Γ $ E J λx.t : r a ă I s ¨ σ ⊸ τ Lφ ; Φ; Γ $ E J t : r a ă I s ¨ σ ⊸ τφ, a ; Φ , a ă I; ∆ $ E K u : σφ ; Φ $ E Σ Ď Γ Z ř a ă I ∆ φ ; Φ |ù E H ě J ` I ` ř a ă I K φ ; Φ; Σ $ E H tu : τ A φ ; Φ $ E Nat r I ` , J ` s Ď Nat r K , H s φ ; Φ; Γ $ E L t : Nat r I , J s φ ; Φ; Γ $ E L s p t q : Nat r K , H s Sφ ; Φ |ù E K ě φ ; Φ |ù E I ď n φ ; Φ |ù E n ď J φ ; Φ $ E Γ ó φ ; Φ; Γ $ E K n : Nat r I , J s N φ ; Φ $ E Nat r I ´ , J ´ s Ď Nat r K , H s φ ; Φ; Γ $ E L t : Nat r I , J s φ ; Φ; Γ $ E L p p t q : Nat r K , H s Pφ ; Φ; Γ $ E K t : Nat r I , J s φ ; Φ , I ď ; ∆ $ E H u : σφ ; Φ , J ě ; ∆ $ E H v : σφ ; Φ $ E Σ Ď Γ Z ∆ φ ; Φ |ù E L ě K ` H φ ; Φ; Σ $ E L ifz t then u else v : σ Fφ, b ; Φ , b ă L; Γ , x : r a ă I s ¨ σ $ E K t : τφ ; Φ $ E τ t { b u Ď µφ, a, b ; Φ , a ă I , b ă L $ E τ t Ï b ` ,ab I ` b ` { b u Ď σφ ; Φ $ E Σ Ď ř b ă L Γ φ ; Φ |ù E Ï , b I ď L , M φ ; Φ |ù E N ě M ´ ` ř b ă L K φ ; Φ; Σ $ E N fix x.t : µ R Figure 6: Typing Rulesappropriate way the type above. In other words, we are looking for a type derivation withconclusion: φ ; Φ; x : r a ă I s ¨ Nat r J s , f : r b ă K s ¨ pr c ă H s ¨ Nat r L s ⊸ Nat r M sq $ E N t : Nat r P s . But how should we proceed? What we would like, at the end of the day, is being able todescribe how the value of t depends on the value of x , so we could look for a type derivationin this form: d ; H ; x : r I s ¨ Nat r d s , f : r b ă K s ¨ pr H s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E N t : Nat r d s , INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 13 where r a ă I s (respectively, r c ă H s ) has been abbreviated into r I s (respectively, r H s ) becausethe bound variable a (respectively, c ) does not appear free in the underlying type. But howto give values to I, K, and H? One could be tempted to define I simply as , since thereare two occurrences of x in t . However, in view of the role played by x and f in dbl , Ishould be rather defined taking into account the number of times x will be copied along thecomputation of dbl on any input. A good guess could be, for example, d ` . Similarly, Hcould be d . But how about K? How many times f is used? If d “
0, then f is not called,while if d ą , the function is called once. In other words, a guess for H could be gt p d, q .Here we use the infix notation ą for the operator gt just to improve readability. Let usnow try to build a derivation for d ; H ; x : r d ` s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E t : Nat r d s . Actually, it has the following shape: π ⊲ d ; H ; x : r s ¨ Nat r d s $ E x : Nat r d s ρ ⊲ d ; d ď ; x : r d s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E : Nat r d s ν ⊲ d ; d ą ; x : r d s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E s p s p f p p p x qqqq : Nat r d s d ; H ; x : r d ` s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E t : Nat r d s where assignments to types in the form r s ¨ σ have been omitted from contexts. Now, π and ρ can be easily built, while ν requires a little effort: it is the type derivation µ ⊲ d ; d ą ; f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E f : r d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qs ξ ⊲ d ; d ą ; x : r s ¨ Nat r d s $ E p p x q : Nat r d ´ s d ; d ą ; x : r d s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E f p p p x qq : Nat r p d ´ qs d ; d ą ; x : r d s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E s p f p p p x qqq : Nat r d ´ s d ; d ą ; x : r d s ¨ Nat r d s , f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E s p s p f p p p x qqqq : Nat r d s where µ and ξ are themselves easily definable. Summing up, t can indeed be given the typewe wanted it to have. As a consequence, we can say that d ; H ; f : r d ą s ¨ pr d s ¨ Nat r d ´ s ⊸ Nat r p d ´ qsq $ E λx.t : r d ` s ¨ Nat r d s ⊸ Nat r d s . However, we have only solved half of the problem, since the last step (namely typing thefixpoint) is definitely the most complicated. In particular, the rule R requires an indexvariable b which somehow ranges over all recursive calls. A different but related type canbe given to λx.t , namely a, b ; b ă a ` ; f : r a ą b s ¨ pr a ´ b s ¨ Nat r a ´ b ´ s ⊸ Nat r p a ´ b ´ qsq$ E λx.t : r a ´ b ` s ¨ Nat r a ´ b s ⊸ Nat r p a ´ b qs . By the way, this does not require rebuilding the entire type derivation (see the propertiesin the forthcoming Section 3.4). Let us now check whether the judgement above can be thepremise of the rule R . Following the notation in the typing rule R we can stipulate that:I ” a ą b ;J ” a ;K ” ;L ” a ` ; and σ ” r a ´ b s ¨ Nat r a ´ b ´ s ⊸ Nat r p a ´ b ´ qs ; τ ” r a ´ b ` s ¨ Nat r a ´ b s ⊸ Nat r p a ´ b qs ; µ ” τ t { b u ” r a ` s ¨ Nat r a s ⊸ Nat r a s ;Γ ” Σ ” H . We can then conclude that, since a ă p a ą b q implies a “ : a ; H |ù , ï b I “ a ` “ J; a, b ; a ă p a ą b q |ù b ` ,a ï b I “ ; a ; H |ù τ t b ` ,a ï b I ` b ` { b u “ τ t b ` { b u “ σ ;and, ultimately, that a ; H ; H $ E a dbl : µ .3.4. Properties.
This section is mainly concerned with Subject Reduction. Subject Re-duction will only be proved for closed terms, since the language is endowed with a weaknotion of reduction and, as a consequence, reduction cannot happen in the scope of lambdaabstractions. The system d ℓ PCF enjoys some nice properties that are both necessary in-termediate steps towards proving subject reduction and essential ingredients for provingsoundness and relative completeness. These properties permit to manipulate judgementsbeing sure that derivability is preserved.First of all, the constraints Φ in a typing judgement can be made stronger withoutaltering the rest:
Lemma 3.4 (Constraint Strenghtening) . Let φ ; Φ; Γ $ I t : σ and φ ; Ψ |ù E Φ . Then, φ ; Ψ; Γ $ I t : σ .Proof. It follows easily by definition of φ ; Ψ |ù E Φ.Note that a sort of strengthening also holds for weights.
Lemma 3.5 (Weight Monotonicity) . Let φ ; Φ; Γ $ I t : σ and φ ; Φ |ù E I ď J . Then, φ ; Φ; Γ $ J t : σ .Proof. It follows easily by induction on the derivation proving φ ; Φ; Γ $ I t : σ . In particular,observe that all rules altering the weight are designed in such a way as to allow the latterto be lifted up.Whenever a parameter in a subtyping judgment needs to be specialized, we can simplysubstitute it with an index term. Lemma 3.6 (Index Term Substitution Respects Subtyping) . Let φ, a ; Φ $ θ Ď γ and I bean index term. Then, φ ; Φ t I { a u , Ψ $ θ t I { a u Ď γ t I { a u whenever φ ; Ψ |ù I ó .Proof. Easy.
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 15
Subtyping can be freely applied both to the context Γ (contravariantly) and to the type σ (covariantly), leaving the rest of the judgement unchanged: Lemma 3.7 (Subtyping) . Suppose φ ; Φ; x : A , . . . , x n : A n $ I t : σ and φ ; Φ $ B i Ď A i for ď i ď n and φ ; Φ $ σ Ď τ . Then, φ ; Φ; x : B , . . . , x n : B n $ I t : τ .Proof. By induction on the structure of a derivation π for φ ; Φ; x : A , . . . , x n : A n $ I t : σ. Let us examine some interesting cases: ‚ If π is just φ ; Φ |ù E ď J φ ; Φ |ù E ď I φ ; Φ $ E µ t { a u Ď σφ ; Φ $ E pr a ă I s ¨ µ q ó φ ; Φ $ E Γ ó φ ; Φ; Γ , x : r a ă I s ¨ µ $ E J x : σ V then, by assumption we have that B ” r a ă K s ¨ γ and φ ; Φ $ r a ă K s ¨ γ Ď r a ă I s ¨ µ .Moreover, by assumption we have φ ; Φ $ σ Ď τ . From φ ; Φ $ r a ă K s ¨ γ Ď r a ă I s ¨ µ ,it follows that φ ; Φ , a ă K $ γ Ď µ and that φ ; Φ |ù I ď K. By Lemma 3.6, φ ; Φ $ γ t { a u Ď µ t { a u , which by transitivity of Ď implies φ ; Φ $ E γ t { a u Ď τ . Now, if ∆ isa context such that (with a slight abuse of notation) φ ; Φ $ E ∆ Ď Γ, then φ ; Φ $ E ∆ ó .Summing up, φ ; Φ |ù E ď J φ ; Φ |ù E ď K φ ; Φ $ E γ t { a u Ď τφ ; Φ $ E pr a ă K s ¨ γ q ó φ ; Φ $ E ∆ ó φ ; Φ; ∆ , x : r a ă K s ¨ γ $ E J x : τ V ‚ If π is φ ; Φ; Γ $ E J t : r a ă I s ¨ µ ⊸ σφ, a ; Φ , a ă I; ∆ $ E K u : µφ ; Φ $ E Σ Ď Γ Z ř a ă I ∆ φ ; Φ |ù E H ě J ` I ` ř a ă I K φ ; Φ; Σ $ E H tu : σ A but we have φ ; Φ $ E σ Ď τ and φ ; Φ $ E Θ Ď Σ, then by induction hypothesis wecan easily conclude that φ ; Φ; Γ $ E J t : r a ă I s ¨ µ ⊸ τ and, by transitivity of Ď , that φ ; Φ $ E Θ Ď Γ Z ř a ă I ∆. As a consequence: φ ; Φ; Γ $ E J t : r a ă I s ¨ µ ⊸ τφ, a ; Φ , a ă I; ∆ $ E K u : µφ ; Φ $ E Θ Ď Γ Z ř a ă I ∆ φ ; Φ |ù E H ě J ` I ` ř a ă I K φ ; Φ; Θ $ E H tu : τ A The other cases are similar.Weakening holds for term contexts:
Lemma 3.8 (Context Weakening) . Let φ ; Φ; Γ $ I t : σ . Then, φ ; Φ; Γ , ∆ $ I t : σ whenever φ ; Φ $ ∆ ó .Proof. Easy, by induction on the derivation proving φ ; Φ; Γ $ I t : σ . Another useful transformation on type derivations is substitution of an index variablefor an index term:
Lemma 3.9 (Index Term Substitution) . Let φ, a ; Φ; Γ $ I t : σ . Then we have φ ; Φ t J { a u , Ψ; Γ t J { a u $ I t J { a u t : σ t J { a u for every J such that φ, Ψ |ù E J ó .Proof. By induction on the structure of a derivation π for φ, a ; Φ; Γ $ I t : σ. Let us examine some cases: ‚ If π is just φ, a ; Φ |ù E ď I φ, a ; Φ |ù E ď K φ, a ; Φ $ E µ t { b u Ď σφ, a ; Φ $ E pr b ă K s ¨ µ q ó φ, a ; Φ $ E Γ ó φ, a ; Φ; Γ , x : r b ă K s ¨ µ $ E I x : σ V then of course we have that φ ; Φ t J { a u , Ψ |ù E ď I t J { a u and that φ ; Φ t J { a u , Ψ |ù E ď K t J { a u . By Lemma 3.6, one obtains φ ; Φ t J { a u , Ψ $ E p µ t { b uqt J { a u Ď σ t J { a u .Please observe that b can be assumed not to occur free in J, and as a consequence p µ t { b uqt J { a u ” p µ t J { a uqt { b u . Similarly, φ ; Φ t J { a u , Ψ $ E ppr b ă K s ¨ µ qt J { a uq ó and φ ; Φ t J { a u , Ψ $ E Γ t J { a u ó . Again, pr b ă K s¨ µ qt J { a u is syntactically identical to r b ă K t J { a us¨ µ t J { a u . As a consequence: φ ; Φ t J { a u , Ψ |ù E ď I t J { a u φ ; Φ t J { a u , Ψ |ù E ď K t J { a u φ ; Φ t J { a u , Ψ $ E p µ t J { a uqt { b u Ď σ t J { a u φ ; Φ t J { a u , Ψ $ E pr b ă K t J { a us ¨ µ t J { a uq ó φ ; Φ t J { a u , Ψ $ E p Γ t J { a uq ó φ ; Φ t J { a u , Ψ; Γ t J { a u , x : r b ă K t J { a us ¨ µ t J { a u $ E I t J { a u x : σ t J { a u V ‚ If π is φ, a ; Φ; Γ , x : r b ă K s ¨ µ $ I t : τφ, a ; Φ; Γ $ I λx.t : r b ă K s ¨ µ ⊸ τ L then, by the induction hypothesis we get φ ; Φ t J { a u , Ψ; Γ t J { a u , x : r b ă K t J { a us ¨ µ t J { a u $ I t J { a u t : τ t J { a u . As a consequence, we can conclude by φ ; Φ t J { a u , Ψ; Γ t J { a u , x : r b ă K t J { a us ¨ µ t J { a u $ I t J { a u t : τ t J { a u φ ; Φ t J { a u , Ψ; Γ t J { a u $ I t J { a u λx.t : pr b ă K s ¨ µ ⊸ τ qt J { a u L since r b ă K t J { a us ¨ µ t J { a u ⊸ τ t J { a u ” pr b ă K s ¨ µ ⊸ τ qt J { a u .The other cases are similar.A particularly useful instance of Lemma 3.9 is the following: Lemma 3.10 (Instantiation) . Let φ, a ; Φ , a ă I $ K t : σ . If φ ; Ψ |ù E J ă I , then, φ ; Φ t J { a u , Ψ $ K t J { a u t : σ t J { a u .Proof. By Lemma 3.9 and Lemma 3.7.
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 17
Moreover a Generation Lemma will be useful.
Lemma 3.11 (Generation) .
1. Let φ ; Φ; Γ $ K λx.t : σ , then σ “ r a ă I s ¨ τ ⊸ µ and φ ; Φ; Γ , x : r a ă I s ¨ τ $ K t : µ ;2. Let φ ; Φ; Γ $ K : Nat r I , J s , then φ ; Φ |ù E I “ ;3. Let φ ; Φ; Γ $ K n ` : Nat r I , J s , then φ ; Φ |ù E J ě .Proof. All the points are immediate by an inspection of the rules.We are now ready to embark on a proof of Subject Reduction. As usual, the first stepis a Substitution Lemma:
Lemma 3.12 (Term Substitution) . Let φ, a ; Φ , a ă I; H $ J t : σ and φ ; Φ; x : r a ă I s ¨ σ, ∆ $ K u : τ . Then we have φ ; Φ; ∆ $ H u t t { x u : τ for some H such that φ ; Φ |ù E H ď K ` I ` ř a ă I J .Proof. As usual, this is an induction on the structure of a type derivation for u . All relevantinductive cases require some manipulation of the type derivation for t . The previous lemmasgive exactly the right degree of “malleability”. Let π be a derivation for φ ; Φ; x : r a ă I s ¨ σ, ∆ $ K u : τ. Let us examine some interesting cases, dependently on the shape of π : ‚ Consider π to be just φ ; Φ |ù E ď K φ ; Φ |ù E ď I φ ; Φ $ E σ t { a u Ď τφ ; Φ $ E pr a ă I s ¨ σ q ó φ ; Φ $ E ∆ ó φ ; Φ; ∆ , x : r a ă I s ¨ σ $ K x : τ V Since φ ; H |ù ó , applying Lemma 3.10 we have φ ; Φ t { a u ; H $ J t { a u t : σ t { a u and since Φ does not contain free occurrences of a we obtain: φ ; Φ; H $ J t { a u t : σ t { a u . Now, by applying Lemma 3.8, Lemma 3.5 and Lemma 3.7 we can conclude φ ; Φ; ∆ $ K ` I ` ř a ă I J t : τ since clearly φ ; Φ |ù J t { a u ď K ` I ` ÿ a ă I J . ‚ Let us consider the case π ends by an instance of the A rule. In particular, without lossof generality we can consider a situation as the following: φ ; Φ; x : r a ă K s ¨ γ $ L v : r b ă N s ¨ µ ⊸ τφ, b ; Φ , b ă N; x : r a ă H s ¨ p γ t K ` a ` ř d ă b H t d { b u{ a uq $ M u : µφ ; Φ $ r a ă I s ¨ σ Ď r a ă K ` ř b ă N H s ¨ γφ ; Φ |ù Q ě L ` N ` ř b ă N M φ ; Φ; x : r a ă I s ¨ σ $ Q vu : τ A By definition of subtyping, φ ; Φ , a ă I $ σ Ď γ , and φ ; Φ |ù E K ` P ď I, whereP ” ř b ă N H. So, by Lemma 3.4, we have φ ; Φ , a ă K ` P; H $ J t : σ and by Lemma 3.7 we have φ ; Φ , a ă K ` P; H $ J t : γ (since φ ; Φ , a ă K ` P $ σ Ď γ ). Applying again Lemma 3.4 we obtain φ ; Φ , a ă K; H $ J t : γ and by induction hypothesis we get φ ; Φ; H $ T v t t { x u : r b ă N s ¨ µ ⊸ τ with φ ; Φ |ù E T ď L ` K ` ř a ă K J. We observe that φ, b, c ; Φ , a ď K ` c ` ÿ d ă b H t d { b u , b ă N , c ă H |ù E a ă K ` P . By Lemma 3.4 we get φ, b, c ; Φ , a ď K ` c ` ÿ d ă b H t d { b u , b ă N , c ă H; H $ J t : γ and by Lemma 3.9 and Lemma 3.7 we obtain φ ; Φ , a ă H , b ă N; H $ R t : γ t K ` a ` ÿ d ă b H t d { b u{ a u , where R ” J t K ` a ` ř d ă b H t d { b u{ a u . By induction hypothesis, we get φ ; Φ , b ă N; H $ S u t t { x u : µ with φ ; Φ |ù E S ď M ` H ` ř a ă H R. And we can conclude as follows: φ ; Φ; H $ T v t t { x u : r b ă N s ¨ µ ⊸ τφ ; Φ; H $ S u t t { x u : µφ ; Φ; H $ T ` N ` ř b ă J S v t t { x u u t t { x u : τ A Please observe that: φ ; Φ |ù E T ` N ` ÿ b ă J S ď p L ` K ` ÿ a ă K J q ` N ` ÿ b ă N p M ` H ` ÿ a ă H R qď p L ` N ` ÿ b ă N M q ` p K ` ÿ b ă N H q ` p ÿ a ă K J ` ÿ b ă N ÿ a ă H R qď p L ` N ` ÿ b ă N M q ` p K ` ÿ b ă N H q ` ÿ a ă K ` ř b ă N H J ď Q ` I ` ÿ a ă I J . The other cases are similar.
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 19
Theorem 3.13 (Subject Reduction) . Let φ ; Φ; H $ I t : σ and t Ñ u . Then, φ ; Φ; H $ J u : σ , where φ ; Φ |ù J ď I .Proof. By induction on the structure of a derivation π for φ ; Φ; H $ I t : σ Let us examinethe distinct cases: ‚ Suppose π is φ ; Φ; H $ K λx.t : r a ă H s ¨ τ ⊸ σφ ; Φ , a ă H; H $ L u : τφ ; Φ |ù K ` H ` ř a ă H L ď I φ ; Φ; H $ I p λx.t q u : σ A By Lemma 3.11, Point 1, we have φ ; Φ; x : r a ă H s ¨ τ $ K t : σ . Then by Lemma 3.12 wecan conclude: φ ; Φ; H $ J t t u { x u : σ for φ ; Φ |ù E J ď K ` H ` ř a ă H L ď I. ‚ Suppose π is φ ; Φ; H $ K : Nat r K , H s φ ; Φ , H ď ; H $ L v : σφ ; Φ , K ě H $ L w : σφ ; Φ |ù K ` L ď I φ ; Φ; H $ I ifz 0 then v else w : σ F By Lemma 3.11, Point 2, we have φ ; Φ |ù E H ď . So, by Lemma 3.4 we can conclude φ ; Φ; H $ L v : σ . ‚ Suppose π is φ ; Φ; H $ K n ` : Nat r K , H s φ ; Φ , H ď ; H $ L v : σφ ; Φ , K ě H $ L w : σφ ; Φ |ù K ` L ď I φ ; Φ; H $ I ifz n ` v else w : σ F By Lemma 3.11, Point 3, we have φ ; Φ |ù E K ě
1. So, by Lemma 3.4 we have φ ; Φ; H $ L w : σ . ‚ Suppose π is φ ; Φ $ Ï , b J ď L , P φ, b ; Φ , b ă L; x : r a ă J s ¨ µ $ K t : τφ ; Φ $ τ t { b u Ď σφ, a, b ; Φ , a ă J , b ă L $ τ t Ï b ` ,ab J ` b ` { b u Ď µφ, Φ |ù P ´ ` ř b ă L K ď I φ ; Φ; H $ I fix x.t : σ R The index term J describes a tree T J (in the sense of forest cardinalities, see Section 3.1)which in turn represents the tree of recursive calls. T J looks as follows: ¨ ♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥⑥⑥⑥⑥⑥⑥⑥⑥ ❋❋❋❋❋❋❋❋❋ T T . . . T J t { b u J0 U. DAL LAGO AND M. GABOARDI where T i J represents the tree of recursive calls triggered by the i -th call to x in t . Wefirst proceed by giving a type to t which somehow corresponds to the root of T J . Thiswill be done by substituting b for in the derivation we get as an hypothesis of π . Since φ ; Φ |ù E ă L, by Lemma 3.10 we have φ ; Φ; x : r a ă J t { b us ¨ σ t { b u $ K t { b u t : τ t { b u . From the hypothesis φ ; Φ $ τ t { b u Ď σ and by the Subtyping Lemma, we obtain φ ; Φ; x : r a ă J t { b us ¨ σ t { b u $ K t { b u t : σ. Our objective now is building one type derivation for fix x.t that somehow reflect theJ t { b u subtrees T , . . . , T J t { b u J . Speaking more formally, we want to prove that: φ ; Φ , a ă J t { b u $ R fix x.t : σ t { b u (3.5)where φ ; Φ |ù K t { b u ` J t { b u ` ÿ a ă J t { b u R ď I . That would immediately lead to the thesis. To reach (3.5), we proceed by first definingtwo index terms with a quite intuitive informal semantics: ‚ First of all, we define M to be Ï , b J t b ` ` Ï ,cb J { b u . Observe that c occurs freein M; indeed, M counts the number of nodes in the tree T c J . ‚ Another useful index term is N, which is defined to be ` b ` ř c ă a M. N is designedas to return the label of a node in T a J given a and the offset b . In other words, T J t N { b u is a recursion tree isomorphic to T a J .Now, if we substitute b for N in one of the premises of π , we get φ, a, b ; Φ , a ă J t { b u , b ă M t a { c u ; x : r d ă J t N { b us ¨ µ t d { a ut N { b u$ K t N { b u t : τ t N { b u . (3.6)Since by Lemma 3.2 we have ř c ă e M » Ï ,eb J we know that , ï b J t N { b u » , ï b J t ` b ` ÿ c ă a M { b u » , ï b J t ` b ` ,a ï b J { b u » M t a { c u . (3.7)Now, consider the problem of determining the index (in T J ) of the p d ` q -th children ofa node of index b inside T a J . There are two equivalent ways to compute it: ‚ either you start from N, but then you substitute b by b ` ` Ï b ` ,db J t N { b u ; ‚ or you simply consider N ` ` Ï N ` ,db J.In the first case, you compute the desired index by merely instantiating N appropriately,while in the second case you use N without altering it. The observation above can beformalized as follows: φ, a, b, d ; Φ , a ă J t { b u , b ă M t a { c u , d ă J t N { b u $ τ t N { b ut b ` ` b ` ,d ï b J t N { b u{ b u » τ t N ` ` N ` ,d ï b J { b u . INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 21
By Lemma 3.10, we also obtain: φ, a, b, d ; Φ , a ă J t { b u , b ă M t a { c u , d ă J t N { b u $ τ t N { b ut b ` ` b ` ,d ï b J t N { b u{ b u Ď σ t d { a ut N { b u . (3.8)Now, (3.6), (3.7) and (3.8) can be put together by way of rule R , and one then concludethat φ ; Φ , a ă J t { b u ; H $ M t a { c u ´ ` ř b ă M t a { c u K t N { b u fix x.t : τ t N t { b u{ b u . But instantiating one of the hypothesis’ of π , we obtain φ, a ; Φ , a ă J t { b u $ τ t ,a ï b J ` { b u Ď µ t { b u . By Lemma 3.2, we can prove that Ï ,ab J ` “ N t { b u . Indeed, this is quite intuitive:the index of the root of T a J can be computed in two equivalent ways through J or throughN. As a consequence, φ ; Φ , a ă J t { b u ; H $ R fix x.t : σ t { b u , where R ” M t a { c u ´ ` ř b ă M t a { c u K t N { b u . But we are done, since φ ; Φ |ù K t { b u ` J t { b u ` ÿ a ă J t { b u R ” K t { b u ` J t { b u ` ÿ a ă J t { b u p M t a { c u ´ ` ÿ b ă M t a { c u K t N { b uq“ p J t { b u ` ÿ a ă J t { b u p M t a { c u ´ qq ` K t { b u ` ÿ a ă J t { b u ÿ b ă M t a { c u K t N { b uď , J t { b u ï b J ` K t { b u ` ÿ a ă J t { b u ÿ b ă M t a { c u K t N { b uď P ´ ` ÿ b ă L K ď I . This concludes the proof. 4.
Intensional Soundness
Subject Reduction already implies an extensional notion of soundness for programs: if aterm t can be typed with $ K t : Nat r I , J s , then its normal form (if any) is a natural numberbetween J I K and J J K . However, Subject Reduction does not tell us whether the evaluation of t terminates, and in how much time. Has K anything to do with the complexity of evaluating t ? The only information that can be extracted from the Subject Reduction Theorem is thatK does not increase along reduction.In this section, Intensional Soundness (Theorem 4.6 below) for the type system d ℓ PCF will be proved. A Krivine’s Machine K PCF for
PCF programs will be first defined in Section4.1. Given a program (i.e. a closed term of base type), the machine K PCF either evaluates itto normal form or diverges. A formal connection between the machine K PCF and the type
Term Environment Stack Term Environment Stack tu ρ ξ Ñ t ρ p u, ρ q ¨ ξλx.t ρ c ¨ ξ Ñ t c ¨ ρ ξx p t , ρ q ¨ ¨ ¨ p t n , ρ n q ξ Ñ t x ρ x ξ ifz t then u else v ρ ξ Ñ t ρ p u, v, ρ q ¨ ξ fix x.t ρ ξ Ñ t p fix x.t, ρ q ¨ ρ ξ n ρ s ¨ ξ Ñ n ` ρ ξ n ρ p ¨ ξ Ñ n ´ ρ ξ ρ p t, u, µ q ¨ ξ Ñ t µ ξ n ` ρ p t, u, µ q ¨ ξ Ñ u µ ξ s p t q ρ ξ Ñ t ρ s ¨ ξ p p t q ρ ξ Ñ t ρ p ¨ ξ Figure 7: The K PCF
Transition Steps.system d ℓ PCF will be established by means of a weighted typability notion for machineconfigurations, introduced in Section 4.2. This notion is the fundamental ingredient to keeptrack of the number of machine steps.4.1.
The K PCF
Machine.
The Krivine’s Machine has been introduced as a natural deviceto evaluate pure lambda-terms under a weak-head notion of reduction [27]. Here, the stan-dard Krivine’s Machine is extended to a machine K PCF which handles not only abstractionsand applications, but also constants, conditionals and fixpoints.The configurations of the machine K PCF , ranged over by
C, D, . . . , are triples C “ p t, ρ, ξ q where ρ and ξ are two additional constructions: ρ is an environment , that is a (possiblyempty) finite sequence of closures ; while ξ is a (possibly empty) stack of contexts . Stacksare ranged over by ξ, θ, . . . . A closure , as usual, is a pair c “ p t, ρ q where t is a term and ρ is an environment. A context is either a closure, a term s , a term p , or a triple p u, v, ρ q where u, v are terms and ρ is an environment.The transition steps between configurations of the K PCF machine are given in Figure7. The transition rules require some comments. First of all, a na¨ıve management of namevariables is used. A more effective description however, could be given by using standardde Bruijn indexes. Note that the triple p u, v, ρ q is used as a context for the conditionalconstruction; moreover, in a recursion step, a copy of the recursive term is put in a closureon the top of the current environment. As usual, the symbol Ñ ˚ denotes the reflexive andtransitive closure of the transition relation Ñ . The relation Ñ ˚ implements weak-headreduction. Weak-head normal form and the normal form coincide for programs. So themachine K PCF is a correct device to evaluate programs. For this reason, the notation t ó n can be used as a shorthand for p t, ε, ε q Ñ ˚ p n , ρ, ε q . Moreover, notations like C ó n couldalso be used to stress that C reduces to an irreducible configuration in exactly n steps. Theproof of the formal correctness of the abstract machine is outside the scope of this paper,however it should be clear that it could be obtained as a simple extension of the originalone [27].Intensional Soundness will be proved by studying how the weight I of any program t evolves during the evaluation of t by K PCF . This is possible because every reduction stepin t is decomposed into a number of transitions in K PCF , and this decomposition highlights when , precisely, the weight changes. The same would be more difficult when performingplain reduction on terms. Proving Intensional Soundness this way requires, however, to keep
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 23
Closures φ ; Φ; x : r a ă I s ¨ τ , . . . , x n : r a ă I n s ¨ τ n $ K t : σφ, a ; Φ , a ă I i $ E H i c i : τ i φ ; Φ |ù J ě K ` I ` . . . ` I n ` ř a ă I H ` . . . ` ř a ă I n H n .φ ; Φ $ E J p t, c ¨ ¨ ¨ c n q : σ Stacks φ ; Φ |ù E J ě φ ; Φ $ E σ Ď τφ ; Φ $ E J ε : p σ, τ q φ ; Φ , a ă I $ E K c : γφ ; Φ $ E H θ : p µ, τ q φ ; Φ |ù E J ě H ` ř a ă I K ` I φ ; Φ $ E J c ¨ θ : pr a ă I s ¨ γ ⊸ µ, τ q φ ; Φ $ E J θ : p Nat r K , H s , τ q φ ; Φ $ E Nat r I ` , L ` s Ď Nat r K , H s φ ; Φ $ E J s ¨ θ : p Nat r I , L s , τ q φ ; Φ $ E J θ : p Nat r K , H s , τ q φ ; Φ $ E Nat r I ´ , L ´ s Ď Nat r K , H s φ ; Φ $ E J p ¨ θ : p Nat r I , L s , τ q φ ; Φ , I ď $ E K p t, ρ q : µφ ; Φ , L ě $ E K p u, ρ q : µ φ ; Φ $ E H θ : p µ, τ q φ ; Φ |ù E J ě K ` H φ ; Φ $ E J p t, u, ρ q ¨ θ : p Nat r I , L s , τ q Configurations φ ; Φ $ E K p t, ρ q : σ φ ; Φ $ E J ξ : p σ, τ q φ ; Φ |ù E I ě K ` J φ ; Φ $ E I p t, ρ, ξ q : τ Figure 8: Lifting d ℓ PCF
Typing to Closures, Stacks and Configurations.track of the types and weights of all objects in a machine configuration. In other words, thetype system should be somehow generalized to an assignment system on configurations .4.2.
Types and Weights for Configurations.
Assigning types and weights to configura-tions amounts to somehow keeping track of the nature of all terms appearing in environmentsand stacks. This is captured by the rules in Figure 8. A formal connection between typedterms and typed configurations could be established as expected, and such connection couldbe shown to be preserved by reduction. However, the following lemma is everything we needin the sequel:
Lemma 4.1.
Let t P P . Then, φ ; Φ; H $ E I t : σ if and only if φ ; Φ $ E I p t, ε, ε q : σ . Analogous notions of typability for closures, stacks and configurations can be givenfollowing the simpler type discipline of
PCF proper. They can be obtained by simplifyingthose for d ℓ PCF , see Figure 9. If C Ñ D and π is a derivation of $ C : σ , then a derivation ρ of $ D : σ can be easily obtained by manipulating π , and we write π Ñ ρ . Closures x : τ , . . . , x n : τ n $ t : σ $ c i : τ i $ p t, c ¨ ¨ ¨ c n q : σ Stacks ε : p σ, σ q $ c : γ $ θ : p µ, τ q$ c ¨ θ : p γ Ñ µ, τ q$ θ : p Nat , τ q$ s ¨ θ : p Nat , τ q $ θ : p Nat , τ q$ p ¨ θ : p Nat , τ q $ p t, ρ q : µ $ p u, ρ q : µ $ θ : p µ, τ q$ p t, u, ρ q ¨ θ : p Nat , τ q Configurations $ p t, ρ q : σ $ ξ : p σ, τ q$ p t, ρ, ξ q : τ Figure 9: Extending
PCF
Typing to Closures, Stacks and Configurations.4.3.
Measure Decreasing and Intensional Soundness.
An important property of Kriv-ine’s Machine says that during the evaluation of programs only subterms of the initialprogram are recorded in the environment. This justifies the notion of size for configura-tions, denoted | C | , that will be used in the sequel. This is defined as |p t, ρ, ξ q| “ | t | ` | ξ | .The size | ξ | of a stack ξ is defined as the sum of sizes of its elements, where |p t, ρ q| “ | t | , | s | “ | p | “
1, and |p t, u, ρ q| “ | t | ` | u | . Moreover, another consequence of the same propertyis the following lemma. Lemma 4.2.
Let t P P and let C “ p t, ε, ε q . Then, for each D “ p u, ρ, ξ q such that C Ñ ˚ D and for each v occurring in ρ or ξ , | v | ď | t | .Proof. Easy, by induction on the length of the reduction C Ñ ˚ D . In fact, a strengtheningof the statement is needed for induction to work. In particular, not only | v | ď | t | for every v in ρ and ξ , but also for the non-head subterms of u .Intensional Soundness (Theorem 4.6) expresses the fact that for a program t P P suchthat H ; H ; H $ E I t : Nat r J , K s , the number J I K E ρ is a good estimate of the number of stepsneeded to evaluate t . Moreover, thanks to Subject Reduction, the numbers J J K E ρ and J K K E ρ give an upper and a lower bound, respectively, to the result of such an evaluation. This isproved by showing that during reduction a measure, expressed as the combination of theweight and the size of a configuration, decreases. In turn, this requires extending some ofthe properties in Section 3.4 from terms to configurations. As an example, substitutionholds on configurations, too: Lemma 4.3. If φ, a ; Φ $ E H p t, ρ q : σ , then φ ; Φ t J { a u , Ψ $ E H t J { a u p t, ρ q : σ t J { a u for every J such that φ, Ψ |ù E J ó .Proof. By induction on the proof of φ, a ; Φ $ E H p t, ρ q : σ , using Lemma 3.9. INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 25
Moreover, type derivations for closures can be “split”, exactly as terms:
Lemma 4.4.
Let φ ; Φ $ E r a ă I s ¨ σ Ď r a ă J ` K s ¨ τ and let φ, a ; Φ , a ă I $ E H p t, ρ q : σ Then, both p φ, a ; Φ , a ă J q $ E H p t, ρ q : τ and φ, a ; Φ , a ă K $ E H t J ` a { a u p t, ρ q : τ t J ` a { a u . The key step towards Intensional Soundness is the following:
Lemma 4.5 (Weighted Subject Reduction) . Suppose that p t, ε, ε q Ñ ˚ D Ñ E and let D besuch that φ ; Φ $ E I D : σ . Then φ ; Φ $ E J E : σ , and one of the following holds:1. φ ; Φ |ù I “ J but | D | ą | E | ;2. φ ; Φ |ù I ą J and | E | ă | D | ` | t | .Proof. The proof is by cases on the reduction D Ñ E . Condition 1 can be shown toapply to all the cases but the one in which D “ p x, ρ, ξ q . In that one, weight decreasingrelies on the side condition in the typing rule for variables, while the bound on the sizeincreasing comes from Lemma 4.2. We just present some cases, the others can be obtainedanalogously: ‚ Consider the case D ” p ifz w then u else v, ρ, ξ q . We want to prove Point 1, namelythat E ” p t, ρ, p u, v, ρ q ¨ ξ q is such that φ ; Φ $ J E : σ where φ ; Φ |ù I “ J and | D | ą | E | .The latter is immediate: | D | “ ` | w | ` | u | ` | v | ` | ξ | ą | w | ` p| u | ` | v |q ` | ξ |“ | w | ` |p u, v, ρ q ¨ ξ | “ | E | . Let us consider the former. By inspecting a proof of φ ; Φ $ E I D : σ , we can easily derivethe following judgments (where ρ ” c , . . . , c n ): φ ; Φ; x : r a ă K w s ¨ µ , . . . , x n : r a ă K wn s ¨ µ n $ I w w : Nat r H , L s ; (4.1) φ ; Φ , L ď ; x : r a ă K uv s ¨ µ t K w ` a { a u , . . . , x n : r a ă K uvn s ¨ µ n t K wn ` a { a u $ I uv u : τ ; (4.2) φ ; Φ , H ě ; x : r a ă K uv s ¨ µ t K w ` a { a u , . . . , x n : r a ă K uvn s ¨ µ n t K wn ` a { a u $ I uv v : τ ; (4.3) φ, a ; Φ , a ă K i $ I ci c i : µ i ; (4.4) φ ; Φ $ I ξ ξ : p τ, σ q . (4.5) where φ ; Φ $ r a ă K i s ¨ τ i Ď r a ă K wi s ¨ µ i Z r a ă K uvi s ¨ µ i t K wi ` a { a u ; (4.6) φ ; Φ |ù I ě I w ` I uv ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I ξ . (4.7)By Lemma 4.4 applied to (4.4) and exploiting (4.6), we obtain that φ, a ; Φ , a ă K wi $ I ci c i : µ i ; φ, a ; Φ , a ă K uvi $ I ci t K w ` a { a u c i : µ i t K w ` a { a u . By way of (4.1), (4.2) and (4.3), we obtain φ ; Φ , L ď $ I p w,ρ q p w, ρ q : Nat r H , L s ; φ ; Φ , H ě $ I p uv,ρ q p u, ρ q : τ ; φ ; Φ $ I p uv,ρ q p v, ρ q : τ ; whereI p w,ρ q ” I w ` K w ` . . . ` K wn ` ÿ a ă K w I c ` . . . ` ÿ a ă K wn I c n ;I p uv,ρ q ” I uv ` K uv ` . . . ` K uvn ` ÿ a ă K uv I c t K w ` a { a u ÿ a ă K uvn I c n t K wn ` a { a u . So, by definition and by (4.5) we have that φ ; Φ $ I uv ` I ξ p u, v, ρ q ¨ ξ : p Nat r H , L s , t q .Thus, we can conclude that φ ; Φ $ I E : σ (since from (4.7), it easily follows that φ ; Φ |ù I ě I p w,ρ q ` I p uv,ρ q ` I ξ ). ‚ Consider the case D ” p λx.u, ρ, c ¨ ξ q . We want to prove Point 1, namely that E “p u, c ¨ ρ, ξ q is such that φ ; Φ $ J E : σ where φ ; Φ |ù I “ J and | D | ą | E | . The latter isimmediate, so let us consider the former. By inspecting a proof of φ ; Φ $ E I D : σ , wecan easily derive the following judgments (where ρ ” c , . . . , c n ), in particular using theGeneration Lemma: φ ; Φ; x : r a ă K s ¨ µ , . . . , x n : r a ă K n s ¨ µ n , x : r a ă H s ¨ γ $ I u u : τ ; (4.8) φ, a ; Φ , a ă K i $ I ci c i : µ i ; (4.9) φ, a ; Φ , a ă H $ I c c : γ ; (4.10) φ ; Φ $ I ξ ξ : p τ, σ q . (4.11)Moreover: φ ; Φ $ I ě I u ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` H ` ÿ a ă H I c ` I ξ . From (4.8), (4.9) and (4.10), we obtain φ ; Φ; H $ I c ¨ ρ p u, c ¨ ρ q : τ , whereI c ¨ ρ ” I u ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` H ` ÿ a ă H I c . This, together with (4.11) easily yields the thesis. ‚ Consider the case D ” p n , ρ, s ¨ ξ q . Again, we want to prove Point 1, that is E “p n ` , ρ, ξ q is such that φ ; Φ $ J E : σ , where φ ; Φ |ù I “ J and | D | ą | E | . The latter iseasy: | D | “ | n | ` | s ¨ ξ | “ ` | ξ | ` ą ` | ξ | “ | n ` | ` | ξ | “ | E | , so we consider the former. By inspecting a proof of φ ; Φ $ E I D : σ , we can easilyderive the following judgments (where ρ ” c , . . . , c n ) in particular using the GenerationLemma: φ ; Φ; x : r a ă K s ¨ µ , . . . , x n : r a ă K n s ¨ µ n $ I n n : Nat r H , L s ; (4.12) φ, a ; Φ , a ă K i $ I ci c i : µ i ; (4.13) φ ; Φ $ I ξ ξ : p Nat r M , N s , σ q . (4.14)Moreover: φ ; Φ |ù I ě I n ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I ξ ; (4.15) φ ; Φ $ Nat r H ` , L ` s Ď Nat r M , N s . (4.16)From (4.12) and (4.16), we get φ ; Φ; x : r a ă K s ¨ µ , . . . , x n : r a ă K n s ¨ µ n $ I n n ` : Nat r M , N s . INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 27
This, together with (4.13), allows us to reach φ ; Φ $ I p n ` ,ρ q p n ` , ρ q : Nat r M , N s , whereI p n ` ,ρ q ” I n ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n . By (4.14), the thesis can be easily reached. ‚ Consider the case D “ p fix x.u, ρ, ξ q . Yet another time, we want to prove Point 1,that is E “ p u, p fix x.u, ρ q ¨ ρ, ξ q is such that φ ; Φ $ J E : σ , where φ ; Φ |ù I “ J and | D | ą | E | . The latter is easy, as usual: | D | “ | fix x.u | ` | ξ | ą | u | ` | ξ | “ | E | , so we consider the former. By inspecting a proof of φ ; Φ $ E I D : σ , we can easily derivethe following judgments (where ρ ” c , . . . , c n ): φ, b ; Φ , b ă H; x : r a ă K s ¨ µ , . . . , x n : r a ă K n s ¨ µ n , x : r a ă L s ¨ γ $ I u u : τ ; (4.17) φ, a ; Φ , a ă M i $ I ci c i : η i ; (4.18) φ ; Φ $ I ξ ξ : p δ, σ q . (4.19)Moreover: φ ; Φ $ τ t { b u Ď δ ; φ, a, b ; Φ , a ă L , b ă H $ τ t b ` ,a ï b L ` b ` { b u Ď γ ; φ ; Φ $ r a ă M i s ¨ η i Ď ÿ b ă H r a ă K i s ¨ µ i ; φ ; Φ |ù , ï b L ď H , N; φ ; Φ |ù I ě N ´ ` ÿ b ă H I u ` M ` . . . ` M n ` ÿ a ă M I c ` . . . ` ÿ a ă M n I c n ` I ξ . By manipulations of the indices similar to the one used in the proof of Subject Reduction,we can derive the following from (4.17), given the judgments above: φ ; Φ; Γ , x : r a ă L t { b us ¨ γ t { b u $ I u t { b u u : δ ; φ ; Φ , a ă L t { b u ; ∆ $ P t a { c u ´ ` ř b ă P t a { c u I u t R { b u fix x.u : γ t { b u . In the equations above, P ” , ï b L t b ` ` ,c ï b L { b u ;R ” ` b ` ÿ c ă a P;and Γ , ∆ can be chosen in such a way as to guarantee: φ ; Φ $ x : r a ă M s ¨ η , . . . , x n : r a ă M n s ¨ η n – ÿ a ă L t { b u ∆ Z Γ Ď x : ÿ b ă H r a ă K s ¨ µ , . . . , x n : ÿ b ă H r a ă K n s ¨ µ n . So we have that φ ; Φ $ I p u, p fix x.u,ρ q¨ ρ q p u, p fix x.u, ρ q ¨ ρ q : δ, whereI p u, p fix x.u,ρ q¨ ρ q ” I u t { b u ` L t { b u ` ÿ a ă L t { b u p P t a { c u ´ ` ÿ b ă P t a { c u I u t N { b uq` M ` . . . ` M n ` ÿ a ă M I c ` . . . ` ÿ a ă M n I c n . The value of I p u, p fix x.u,ρ q¨ ρ q can then be proved to be equal or smaller thanN ´ ` ÿ b ă H I u ` M ` . . . ` M n ` ÿ a ă M I c ` . . . ` ÿ a ă M n I c n , under the hypotheses in φ . This immediately yields the thesis, given (4.19). ‚ Consider the case D “ p x m , pp t , ρ q , . . . , p t n , ρ n qq , ξ q . We want to prove Point 2, that is E “ p t m , ρ m , ξ q is such that φ ; Φ $ J E : σ , where φ ; Φ |ù I ą J and | E | ă | D | ` | t | . Thelatter is immediate by Lemma 4.2, so we consider the former. By inspecting a proof of φ ; Φ $ E I D : σ , we can easily derive the following judgments φ ; Φ; x : r a ă K s ¨ µ , . . . , x n : r a ă K n s ¨ µ n $ I xm x m : τ ; (4.20) φ, a ; Φ , a ă K i $ I p ti,ρi q p t i , ρ i q : µ i ; (4.21) φ ; Φ $ I ξ ξ : p τ, σ q . (4.22)Moreover: φ ; Φ |ù K m ě ; (4.23) φ ; Φ $ µ m t { a u Ď τ ; (4.24) φ ; Φ $ I ě I x m ` K ` . . . ` K n ` ÿ a ă K I p t ,ρ q ` . . . ` ÿ a ă K n I p t n ,ρ n q ` I ξ . (4.25)From (4.21) where i “ m , (4.23), and (4.24), one obtains that φ ; Φ $ I p tm,ρm q t { a u p t m , ρ m q : τ and, by (4.22), that φ ; Φ $ I p tm,ρm q t { a u` I ξ E : σ. But from (4.25) and (4.23) one easily infer that φ ; Φ |ù I ą I p t m ,ρ m q t { a u ` I ξ , that is the thesis.This concludes the proof.It is worth noticing that if Φ is inconsistent, the inequality φ ; Φ |ù I ą J in Lemma 4.5,Point 2, does not necessary imply that weight strictly decreases. Indeed, Intensional Sound-ness only holds in presence of a consistent set of constraints:
Theorem 4.6 (Intensional Soundness) . Let $ I t : Nat r J , K s and t ó n m . Then, n ď| t | ¨ p J I K ` q .Proof. By induction on n , making essential use of Lemma 4.5 and Lemma 4.2. INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 29
Please observe that an easy consequence of Theorem 4.6 is intensional soundness forfunctions . As an example, if a ; H ; H $ I t : r b ă J s¨ Nat r a s ⊸ Nat r K , H s , then the complexityof evaluating t n is at most p| t n |q ¨ p J I t n { a u K ` q . Observe, however, that | t n | does notdepend on n , since | n | “
1. 5.
Relative Completeness
This section is devoted to proving relative completeness for the type system d ℓ PCF . In fact, two relative completeness theorems will be presented. The first one (Theorem 5.6) statesrelative completeness for programs : for each
PCF program t that evaluates to a numeral n there is a type derivation in d ℓ PCF whose index terms capture both the number of reductionsteps and the value of n . The second one (Theorem 5.12) states relative completeness forfunctions : for each PCF term t : Nat Ñ Nat computing a total function f in time expressedby a function g there exists a type derivation in d ℓ PCF whose index terms capture both theextensional behavior f and the intensional property embedded into g .Relative completeness does not hold in general. Indeed, it holds only when the underly-ing equational program E is universal , i.e. when it is sufficiently expressive as to encode alltotal computable functions. A universal equational program is introduced in Section 5.1.Relative completeness for programs will be proved using a weighted form of SubjectExpansion (Theorem 5.5) similar to the one holding in intersection type theories. This willbe proved in Section 5.2. The proof of relative completeness for functions needs a furtherstep: a uniformization result (Lemma 5.11) relying on the properties of the universal model.This is the subject of Section 5.3.5.1.
Universal Equational Program.
Since the class of equational programs is clearlyrecursively enumerable, it can be put in one-to-one correspondence with natural numbers,using a coding scheme x ¨ y `a la G¨odel . Such a coding, as usual, can be used to define a universal equational program U that is able to simulate all equational programs (includingitself).Let x E , f y be the natural number coding an equational program E and a function symbol f among the ones defined in it. This can be easily computed from (a description of) E and f . A signature Σ U containing just the symbol empty of arity 0 and the symbols pair and eval of arity 2 (plus some auxiliary symbols) is sufficient to define the universal program U . For each f of arity n , the equational program U satisfies J eval p x E , f y , pairing n p x , . . . , x n qq K U ρ “ J f p x , . . . , x n q K E ρ , where pairing n p t , . . . , t n q is defined by induction on n : pairing ” empty ; pairing n ` p t , . . . , t n ` q ” pair p pairing n p t , . . . , t n q , t n ` q . This way, U acts as an interpreter for any equational program. Such a universal program U can be defined as a finite sequence of equations, similarly to what happens in the con-struction of, e.g., universal Turing machines.The universal equational program U enjoys some nice properties which are crucial whenproving Subject Expansion. The following lemma says, for example, that sums and boundedsums can always be formed (modulo – ) whenever index terms are built and reasoned aboutusing the universal program: Lemma 5.1.
1. For every A and B such that φ ; Φ $ U A ó , φ ; Φ $ U B ó , and p| A |q “ p| B |q ,there are C and D such that φ ; Φ $ U C – A , φ ; Φ $ U D – B and C Z D is defined.2. For every A and I such that φ, a ; Φ , a ă I $ U A ó and φ ; Φ $ U I ó , there is B such that φ, a ; Φ , a ă I $ U B – A and ř a ă I B is defined.Proof. These are inductions on the structure of the involved formulas. Actually, it is con-venient to enrich the statements above (which only deals with modal types) with similarstatements involving basic types, this way facilitating the inductive argument.5.2.
Subject Expansion and Relative Completeness for Programs.
Weighted Sub-ject Expansion (Theorem 5.5 below) says that typing is preserved while weights increaseby at most one along any K PCF expansion step. This is somehow the converse of WeightedSubject Reduction. Weighted Subject Expansion, however, does not hold in general butonly when the underlying equational program is universal.In order to prove Weighted Subject Expansion, only typing that carry precise infor-mation should be considered. As an example, we write φ ; Φ , I C : σ if we can derive φ ; Φ $ I C : σ by precise type derivations. The type of a precisely-typable configuration,in other words, carries exact information about the value of the objects at hand. One caneasily extend the above notation to type derivations for closures and stacks. Recall thata precise type derivation is a type derivation such that all premises in the form σ Ď τ (respectively, in the form I ď J) are actually required to be in the form σ – τ (respectively,I “ J).Furthermore, only specific typing transformations should be considered, namely thosethat leave the weight information unaltered. In order to achieve this, some properties ofprecise typability for the K PCF machine should be exploited. As an example, if a closure φ ; Φ , I p t, ρ q : σ , then φ ; Φ , J p t, ρ q : τ whenever τ and J such that φ ; Φ $ σ – τ and φ ; Φ |ù I “ J. This is a natural variation on the Subtyping Lemma for terms (Lemma 3.7).Finally, it is worth noticing that by considering an inconsistent set of constraints Φ, itis possible to make any closure p t, ρ q typable with type σ (in the sense of PCF ) to be alsotypable in the sense of d ℓ PCF : φ ; Φ , I p t, ρ q : τ whenever p| τ |q “ σ and for every index termI. This says that inconsistent sets cover a role similar to the ω -rule in intersection typesystems.The following two lemmas will be useful in the sequel, and allow to “join” apparentlyuncorrelated typing judgements into one: Lemma 5.2.
Let θ be the substitution t a ` I { a u . Suppose that π ⊲ φ, a ; Φ , a ă I , H c : σ ,that ρ ⊲ φ, a ; Φ θ, a ă J , H θ c : σθ , and that p| π |q “ p| ρ |q . Then, φ, a ; Φ , a ă I ` J , H c : σ .Proof. By simultaneous induction on π and ρ . We make essential use of the implicit as-sumption about the universality of the underlying equational program. Lemma 5.3.
Let θ be the substitution t ř c ă a J t c { a u` b { c u . Suppose that π ⊲ φ, a, b ; Φ θ, a ă I , b ă J , H θ c : σθ . Then, φ, a ; Φ , c ă ř a ă I J , H c : σ .Proof. By induction on the derivation π , again using the properties of a universal equationalprogram. INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 31
But there are even other ways to turn two typing derivations into a more general one,again relying on the semantic nature of d ℓ PCF : Lemma 5.4.
Suppose that π ⊲ φ ; Φ , I ď J , K c : σ , that ρ ⊲ φ ; Φ , I ą J , K c : σ , and that p| π |q “ p| ρ |q . Then, φ ; Φ , K c : σ . It is now time to state Weighted Subject Expansion, since all the necessary ingredientshave been introduced:
Theorem 5.5 (Weighted Subject Expansion) . Suppose that π ⊲ φ ; Φ , I D : σ and that ρ Ñ p| π |q , where ρ ⊲ $ C : p| σ |q . Then ν ⊲ φ ; Φ , J C : σ , where φ ; Φ |ù J ď I ` and p| ν |q “ ρ . Moreover, ν can be effectively computed from π and ρ .Proof. The proof is by cases on the shape of the reduction C Ñ D . We just present somecases, the others can be obtained analogously. ‚ Consider the case C ” p , ρ, p t, u, µ q ¨ ξ q Ñ p t, µ, ξ q ” D. By assumption we have that C is typable in PCF and that φ ; Φ , I D : σ . So, we havethat φ ; Φ , I p t,µ q p t, µ q : τ ; φ ; Φ , I ξ ξ : p τ, σ q ; φ ; Φ |ù I “ I p t,µ q ` I ξ ;for some I p t,µ q and I ξ . We clearly also have that φ ; Φ , ď , I p t,µ q p t, µ q : τ . Φ , ď isan inconsistent set of constraints, and since C is typable in PCF (as remarked above),we also have that φ ; Φ , ď , I p t,µ q p u, µ q : τ . This implies, in particular, that φ, Φ , I p t, u, µ q ¨ ξ : p Nat r s , σ q . Now, assume that ρ “ p t , ρ q ¨ . . . ¨ p t n , ρ n q where for every1 ď i ď n , p t i , ρ i q is typable in PCF . Since Φ , a ă is inconsistent, we have that φ, a ; Φ , a ă , p t i , ρ i q : µ i for some µ i . By Lemma 3.8 we can build a derivation for φ ; Φ; x : r a ă s ¨ µ , . . . , x n : r a ă s ¨ µ n , : Nat r s . So, we have that φ ; Φ , p , ρ q : Nat r s . Summing up, we obtain that φ ; Φ , I C : σ, from which the thesis easily follows, since φ ; Φ |ù I ď I ` . ‚ Consider the case C ” p λx.t, ρ, c ¨ ξ q Ñ p t, c ¨ ρ, ξ q ” D. By assumption we have that C is typable in PCF and that φ ; Φ , I D : σ . So, we havethat φ ; Φ; x : r a ă K s ¨ τ , . . . , x n : r a ă K n s ¨ τ n , I t t : µ ; φ, a ; Φ , a ă K i , I ci c i : τ i ; φ ; Φ , I ξ ξ : p µ, σ q ; where: φ ; Φ |ù I “ I t ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I ξ . For simplicity and without loosing any generality, we can consider the case where c ¨ ρ ” c . . . c n with x ” x and c ” c . So, in particular we can build a derivation ending asfollows: φ ; Φ; x : r a ă K s ¨ τ , . . . , x n : r a ă K n s ¨ τ n , I t t : µφ ; Φ; x : r a ă K s ¨ τ , . . . , x n : r a ă K n s ¨ τ n , I t λx .t : r a ă K s ¨ τ ⊸ µ and thus we have that φ ; Φ , I p λx.t,ρ q p λx.t, ρ q : r a ă K s ¨ τ ⊸ µ , whereI p λx.t,ρ q ” I t ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n . Further, we have that φ ; Φ , I ξ ` K ` ř a ă K1 I c c ¨ ξ : pr a ă K s ¨ τ ⊸ µ, σ q and, as an easy consequence, that φ ; Φ , I p λx.t,ρ q ` I ξ ` K ` ř a ă K1 I c C : σ. This easily leads to the conclusion, since φ ; Φ |ù I “ I t ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I ξ “ I p λx.t,ρ q ` I ξ ` K ` ÿ a ă K I c . ‚ Consider the case C ” p fix x.t, ρ, ξ q Ñ p t, p fix x.t, ρ q ¨ ρ, ξ q ” D. By assumption we have that C is typable in PCF and that φ ; Φ , I D : σ . So, we havethat φ ; Φ; x : r a ă K s ¨ τ , . . . , x n : r a ă K n s ¨ τ n , I t t : µ ; (5.1) φ, a ; Φ , a ă K i , I ci c i : τ i ; (5.2) φ ; Φ , I ξ ξ : p µ, σ q ; (5.3)where: φ ; Φ |ù I “ I t ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I ξ . (5.4)For simplicity and without losing any generality, we can consider the case where p fix x.t, ρ q¨ ρ ” c . . . c n with x ” x and p fix x.t, ρ q ” c . As a consequence, we can conclude that: φ, a ; Φ , a ă K ; Γ , I fix x.t fix x.t : τ ; (5.5) φ, a, b ; Φ , a ă K , b ă H i , J ci c i : µ i ; (5.6)where Γ ” x : r b ă H s ¨ µ , . . . , x n : r b ă H n s ¨ µ n , and φ, a ; Φ , a ă K |ù I c “ I fix x.t ` H ` . . . ` H n ` ÿ b ă H J c ` . . . ` ÿ b ă H n J c n . (5.7)Our objective now is to prove that φ, Φ , I p fix x.t,ρ q p fix x.t, ρ q : µ, (5.8) INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 33 where φ, Φ |ù I p fix x.t,ρ q “ I ´ I ξ . The thesis easily follows from (5.8). To do that, weproceed by spelling out what the premises of (5.5) are. They are: φ, a, b ; Φ , a ă K , b ă , ï b P; x : r c ă P s ¨ γ t b ` ,c ï b P ` b ` { b u , ∆ , J t t : γ, (5.9)and the following two: φ, a ; Φ , a ă K , τ – γ t { b u ; φ, a ; Φ , a ă K , Γ – ÿ b ă Ï , b P ∆;where P and J t are index terms such that φ, a ; Φ , a ă K |ù I fix x.t “ , ï b P ´ ` ÿ b ă Ï , b P J t . (5.10)Now, consider an index term N such that φ ; Φ |ù , ï b N “ ` ÿ a ă K , ï b PSuch an index term can be easily defined from P and K , given that the underlyingequational program is assumed to be universal. For the same reasons, one can definetypes δ and η , a type context Σ and an index term R such that the following holds(where θ is t ` ř a ă a Ï , b P ` b { b u ): φ ; Φ , η t { b u “ µ ; φ, a, b ; Φ , a ă K , b ă , ï b P , ηθ “ γ ; φ ; Φ , δ t { b u “ τ ; φ, a, b, c ; Φ , a ă K , b ă , ï b P , c ă P , , δθ “ γ t b ` ,c ï b P ` b ` { b u ; φ ; Φ , R t { b u “ I t ; φ, a, b ; Φ , a ă K , b ă , ï b P |ù R θ “ J t ; φ ; Φ , Σ t { b u – Γ; φ, a, b ; Φ , a ă K , b ă , ï b P , Σ θ – ∆ . This is possible since the type derivations for (5.1) and (5.9) have exactly the same
PCF skeleton. By transforming them according to the equations above, one can merge theminto one with conclusion: φ, b ; Φ , b ă , ï b N; x : r a ă N s ¨ δ, Σ , R t : η. So, by using again the R rule we obtain: φ ; Φ; ÿ b ă Ï , b N Σ , Ï , b N ´ ` ř b ă Ï , b N R fix x.t : µ. We are not at (5.8), however: it is still necessary to type ρ appropriately. But note thatwe have: φ, Φ , ÿ b ă Ï , b N Σ “ Γ Z ÿ b ă Ï , b N ´ ∆ “ Γ Z ÿ a ă K ÿ b ă Ï , b P ∆ “ Γ Z ÿ a ă K Γ . So we can find types β , . . . , β n such that ÿ b ă Ï , b N Σ “ x : r a ă K ` ÿ a ă K H s ¨ β , . . . , x n : r a ă K n ` ÿ a ă K H n s ¨ β n , where for every 2 ď i ď n , φ, a ; Φ , a ă K i , β i – τ i ; φ, a ; Φ , a ă K , b ă H i , β i t K i ` b ` ÿ a ă a H i { a u – µ i . Similarly, one can define index terms Q , . . . , Q n such that φ, a ; Φ , a ă K i |ù Q i “ I c i ; φ, a ; Φ , a ă K , b ă H i |ù Q i t K i ` b ` ÿ a ă a H i { a u “ J c i . By relabelling the type derivations of (5.2) and (5.6) (which are structurally equal)according to the types and index terms introduced above, one obtains: φ, a ; Φ , a ă K ` ÿ a ă K H i , Q i c i : β i ;From this it follows that φ ; Φ , I p fix x.t,ρ q p fix x.t, ρ q : µ , whereI p fix x.t,ρ q ” ´ , ï b N ´ ` ÿ b ă Ï , b N R ¯ ` ´ K ` ÿ a ă K H ` ¨ ¨ ¨ ` K n ` ÿ a ă K H n ` ÿ a ăp K ` ř a ă K1 H q Q ` ¨ ¨ ¨ ` ÿ a ăp K n ` ř a ă K1 H n q Q n ¯ . Let us separately analyze the two thunks in which the expression above can be decom-posed. On the one hand we have that: φ ; Φ |ù , ï b N ´ ` ÿ b ă Ï , b N R “ ÿ a ă K , ï b P ` I t ` ÿ a ă K ÿ b ă Ï , b P J t “ ÿ a ă K I fix x.t ` K ` I t . On the other hand, let us observe that φ ; Φ |ù ÿ a ăp K ` ř a ă K1 H q Q ` ¨ ¨ ¨ ` ÿ a ăp K n ` ř a ă K1 H n q Q n “ ÿ a ă K I c ` ÿ a ă K ÿ b ă H J c ` . . . ` ÿ a ă K n I c n ` ÿ a ă K n ÿ b ă H n J c n . Combining the equations above with (5.4), (5.7) and (5.10), one easily reaches φ ; Φ |ù I p fix x.t,ρ q “ I ´ I ξ , which is the thesis. INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 35 ‚ Consider the case C ” p ifz w then u else v, ρ, ξ q Ñ p w, ρ, p u, v, ρ q ¨ ξ q ” D. By assumption we have that C is typable in PCF and that φ ; Φ , I D : σ . So, we havethat φ ; Φ; x : r a ă K s ¨ τ , . . . , x n : r a ă K n s ¨ τ n , I w w : Nat r H s ; (5.11) φ, a ; Φ , a ă K i , I ci c i : τ i ; (5.12) φ ; Φ , H ď , I p u,v,ρ q p u, ρ q : µ ; (5.13) φ ; Φ , ď H , I p u,v,ρ q p v, ρ q : µ ; (5.14) φ ; Φ , I ξ ξ : p µ, σ q ; (5.15)where ρ ” c . . . c n . Moreover: φ ; Φ |ù I “ I w ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I p u,v,ρ q ` I ξ . (5.16)By further spelling out (5.13) and (5.14), we obtain the following: φ ; Φ , H ď ; x : r a ă H s ¨ γ , . . . , x n : r a ă H n s ¨ γ n , I u u : µ ; (5.17) φ, a ; Φ , H ď , a ă H i , J ci c i : γ i ; (5.18) φ ; Φ , ď H; x : r a ă L s ¨ δ , . . . , x n : r a ă L n s ¨ δ n , I v v : µ ; (5.19) φ, a ; Φ , ď H , a ă L i , M ci c i : δ i ; (5.20)where φ ; Φ , H ď |ù I p u,v,ρ q “ I u ` H ` . . . ` H n ` ÿ a ă H J c ` . . . ` ÿ a ă H n J c n ; φ ; Φ , ď H |ù I p u,v,ρ q “ I v ` L ` . . . ` L n ` ÿ a ă L M c ` . . . ` ÿ a ă L n M c n . Please notice how the type derivations for (5.12), (5.18) and (5.20) are structurallyidentical, i.e., their
PCF counterparts are the same. Now, let us build index termsN , . . . , N n , P c , . . . , P c n , I uv and types η , . . . , η n such that: φ ; Φ , H ď |ù N i “ H i ; φ ; Φ , ď H |ù N i “ L i ; φ ; Φ , H ď |ù I uv “ I u ; φ ; Φ , ď H |ù I uv “ I v ; φ ; Φ , a ă K i |ù P c i “ I c i ; φ ; Φ , H ď , a ă H i |ù P c i t a ` K i { a u “ J c i ; φ ; Φ , ď H , a ă L i |ù P c i t a ` K i { a u “ M c i ; φ ; Φ , a ă K i , η i – τ i ; φ ; Φ , H ď , a ă H i , η i t a ` K i { a u – γ i ; φ ; Φ , ď H , a ă L i , η i t a ` K i { a u – δ i . As a consequence, one can rewrite (5.11), (5.17) and (5.19) as follows: φ ; Φ; x : r a ă K s ¨ η , . . . , x n : r a ă K n s ¨ η n , I w w : Nat r H s ; φ ; Φ , H ď ; x : r a ă N s ¨ η t a ` K { a u , . . . , x n : r a ă N n s ¨ η n t a ` K n { a u , I uv u : µ ; φ ; Φ , ď H; x : r a ă N s ¨ η t a ` K { a u , . . . , x n : r a ă N n s ¨ η n t a ` K n { a u , I uv v : µ ; from which one obtains φ ; Φ; x : r a ă K ` N s ¨ η , . . . , x n : r a ă K n ` N n s ¨ η n , I w ` I uv ifz w then u else v : µ. Similarly, one obtains that φ, a ; Φ , a ă K i ` N i , P ci c i : η i ;and, as a consequence, that φ ; Φ , I C C : σ , whereI C ” I w ` I uv ` K ` N ` . . . ` K n ` N n ` ÿ a ă K ` N P c ` . . . ` ÿ a ă K n ` N n P c n . But observe that φ ; Φ , H ď |ù I C “ I w ` I u ` K ` . . . ` K n ` ÿ a ă K P c ` . . . ` ÿ a ă K n P c n ` N ` . . . ` N n ` ÿ a ă N P t a ` K { a u ` ¨ ¨ ¨ ` ÿ a ă N n P t a ` K n { a u“ I w ` I u ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` H ` . . . ` H n ` ÿ a ă H J c ` ¨ ¨ ¨ ` ÿ a ă H n J c n “ I w ` K ` . . . ` K n ` ÿ a ă K I c ` . . . ` ÿ a ă K n I c n ` I p u,v,ρ q “ I . Similarly, one can prove that φ ; Φ , ď H |ù I C “ I. Summing up, we get φ ; Φ |ù I C “ I,which is the thesis. ‚ Consider the case C ” p x m , pp t , ρ q , . . . , p t n , ρ n qq , ξ q Ñ p t m , ρ m , ξ q ” D. By assumption we have that C is typable in PCF and that φ ; Φ , I D : σ . So, we havethat φ ; Φ , I p tm,ρm q p t m , ρ m q : τ ; (5.21) φ ; Φ , I ξ ξ : p τ, σ q ; (5.22)where φ ; Φ |ù I “ I p t m ,ρ m q ` I ξ . Any closure p t i , ρ i q (where 1 ď i ď n but i ‰ m ) can betyped as follows: φ ; Φ , a ă , p t i , ρ i q : µ i for some type µ i . This is because all these closures are by hypothesis typable in PCF and, moreover, Φ , a ă is inconsistent. For obvious reasons, φ ; Φ , a ă , I p tm,ρm q p t m , ρ m q : τ. INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 37
Finally, we can build the following type derivation φ ; Φ , τ t { b u Ď τφ ; Φ; x : r a ă s ¨ µ , . . . , x m : r a ă s ¨ τ, . . . , x n : r a n ă s ¨ µ n , x m : τ But all this implies that φ ; Φ , I C C : σ where φ ; Φ |ù I C “ I ` , which implies thethesis.This concludes the proof.Relative completeness for programs is a direct consequence of Weighted Subject Ex-pansion: Theorem 5.6 (Relative Completeness for Programs) . Let t be a PCF program such that t ó n m . Then, there exist two index terms I and J such that J I K U ď n and J J K U “ m andsuch that the term t is typable in d ℓ PCF as $ U I t : Nat r J s .Proof. By induction on n using Weighted Subject Expansion and Lemma 4.1.5.3. Uniformization and Relative Completeness for Functions.
It is useful to recallthat by relative completeness for functions we mean the following: for each
PCF term t computing a total function f in time expressed by a function g there exists a type derivationin d ℓ PCF whose index terms capture both the extensional functional behavior f and theintensional property g . Anticipating on what follows, and using an intuitive notation, thiscan be expressed by a typing judgement like a ; H ; x : Nat r a s $ g p a q t : Nat r f p a qs . In order to show this form of relative completeness, a uniformization result for type deriva-tions needs to be proved.Suppose that t π u n P N is a sufficiently “regular” (i.e. recursively enumerable) family oftype derivations such that any π n is mapped by p| ¨ |q to the same PCF type derivation.Uniformization tells us that with the hypothesis above, there is a single type derivation π which captures the whole family t π n u n P N . In other words, uniformization is an extremeform of polymorphism. Note that, for instance, uniformization does not hold in intersectiontypes, where uniform typing permits only to define small classes of functions [28, 8, 9].More formally, a family t π n u n P N of type derivations is said to be recursively enumerable if there is a computable function f which, on input n , returns (an encoding of) π n . Similarly,recursively enumerable families of index terms, types and modal types can be defined.It is easy to turn “uniform families” of semantic entailments into one compact form: Lemma 5.7.
1. If for every n P N it holds that φ ; Φ t n { a u |ù E I t n { a u » J t n { a u , then φ, a ; Φ |ù E I » J .2. If for every n P N it holds that φ ; Φ t n { a u |ù E I t n { a u ď J t n { a u , then φ, a ; Φ |ù E I ď J .Proof. This is just an trivial consequence of the way semantic entailment is defined. Sup-pose, for example, that for every n P N the following holds φ ; Φ t n { a u |ù E I t n { a u » J t n { a u .Now, what should we do to prove φ, a ; Φ |ù E I » J? We should prove that for every valueof the variables in φ, a satisfying Φ, I and J are equal in the sense of Kleene. But this isjust what the hypothesis ensures.
Before embarking on the proof of uniformization for type derivations, it makes sense toprove the same result for index terms and types, respectively.
Lemma 5.8 (Uniformizing Index Terms) . Suppose that:1. t I n u n P N is recursively enumerable, where for every n P N , I n is an index term on asignature Σ U ;2. There is a finite set of variables φ “ a , . . . , a m such that any variables appearing in any I n is in φ Then there is a term I on the signature Σ U such that φ ; H $ U I t n { a u » I n for every n .Proof. Consider the function f : N m ` Ñ N defined as follows: p x , x , . . . , x m q ÞÑ J I x K U r a Ð x ,...,a n Ð x m s . An algorithm computing f can be defined as follows: ‚ From x , compute I x . Again, this can be done effectively. ‚ Evaluate I x where the variables a , . . . , a n takes values x , . . . , x n , respectively.In other words, f is computable. Thus, the existence of a term I like the one required is aconsequence of the universality of the equational program U .Observe how the index terms in t I n u n P N need not be defined for all values of the variablesoccurring in them. More: their domains of definition can all be different. The way I isdefined, however, ensures that J I t n { a u K is defined iff J I n K is defined. Uniformizing typesrequires a little more care: Lemma 5.9 (Uniformizing Types and Modal Types) . Suppose that t π n u n P N is recursivelyenumerable and that:1. for every n P N , π n ⊲ φ ; Φ n $ U σ n ó ;2. for every n, m P N , p| σ n |q “ p| σ m |q ;3. every Φ n have the form I n ď J n , . . . , I nm ď J nm , where m does not depend on n .Then there is one type σ such that:1. φ, a ; Φ $ U σ ó ;2. Φ “ I ď J , . . . , I m ď J m ;3. for every ď p ď m , both φ ; H $ U I p t n { a u » I np and φ ; H $ U J p t n { a u » J np ;4. for every n P N , it holds that φ ; Φ t n { a u $ U σ t n { a u – σ n .Moreover, the same statement holds for modal types.Proof. The proof goes by induction on the structure of the type p| σ |q and of the modaltype p| A |q . An essential ingredient in the proof is, of course, Lemma 5.8. Suppose, as anexample, that p| σ |q ” Nat . This implies that there are index terms K n , H n such that, forevery n P N , σ n ” Nat r K n , H n s . Now, let I , J , . . . , I m , J m , K , H be the index terms obtained from the families t I n u n P N , t J n u n P N , . . . , t I nm u n P N , t J nm u n P N , t K n u n P N , t H n u n P N through Lemma 5.8. Let Φ be just I ď J , . . . , I m ď J m and let σ be Nat r K , H s . From π n ⊲ φ ; Φ n $ U σ n ó , it follows that φ ; Φ t n { a u |ù U K t n { a u ó ; (5.23) φ ; Φ t n { a u |ù U H t n { a u ó . (5.24) INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 39
By Lemma 5.7, it follows that φ, a ; Φ |ù U K ó ; φ, a ; Φ |ù U H ó ;which implies φ, a ; Φ $ U σ ó . From (5.23) and φ ; H $ U K t n { a u » K n , it follows that φ ; Φ t n { a u |ù U K t n { a u “ K n . Similarly, from 5.24 one obtains φ ; Φ t n { a u |ù U H t n { a u “ H n . As a consequence, φ ; Φ t n { a u $ U σ t n { a u – σ n .Now that we are able to unify a denumerable family of types into one, we have all thenecessary tools to turn a family of judgements into one. For subtyping judgments, the task isrelatively simple, because types and index terms occurring inside any subtyping derivationalso occur in its conclusion: Lemma 5.10 (Uniformizing Subtyping Judgments) . If for every n P N it holds that φ ; Φ t n { a u $ E σ t n { a u Ď τ t n { a u , then φ, a ; Φ $ E σ Ď τ .Proof. This is an induction on the structure of a proof of σ . If, as an example, σ ” Nat r I , J s ,then τ ” Nat r K , H s . From the hypothesis, we know that φ ; Φ t n { a u $ E K t n { a u ď I t n { a u ; φ ; Φ t n { a u $ E J t n { a u ď H t n { a u . By Lemma 5.7, we can conclude that φ ; Φ $ E K ď I; φ ; Φ $ E J ď H;which immediately yields the thesis.In typing judgments, on the other hand, there can be types and index terms which occurin the derivation, but not in its conclusion — think about how applications are typed. Wethen need to impose some further constraints on the kind of (type derivation) families whichwe can unify:
Lemma 5.11 (Uniformizing Typing Judgments) . If for every n P N it holds that π n ⊲ φ ; Φ t n { a u ; Γ t n { a u $ U I t n { a u t : σ t n { a u , where t π n u n P N is recursively enumerable and suchthat p| π n |q “ p| π m |q for every n, m P N , then φ, a ; Φ; Γ $ U I t : σ .Proof. The proof goes by induction on the structure of t . Some interesting cases: ‚ Suppose that t is a variable x . Then π n has the following shape: φ ; Φ t n { a u |ù U ď J t n { a u φ ; Φ t n { a u |ù U ď I t n { a u φ ; Φ t n { a u $ U σ t n { a ut { b u Ď τ t n { a u φ ; Φ t n { a u $ U pr a ă I t n { a us ¨ σ q ó φ ; Φ t n { a u $ U ∆ t n { a u ó φ ; Φ t n { a u ; ∆ t n { a u , x : r b ă I t n { a us ¨ σ t n { a u $ U J t n { a u x : τ t n { a u V Notice that σ t n { a ut { b u is literally the same as σ t { b ut n { a u . Lemma 5.7 and Lemma 5.11allow us to derive the following φ, a ; Φ |ù U ď J; φ, a ; Φ |ù U ď I; φ, a ; Φ $ U σ t { b u Ď τ ; φ, a ; Φ $ U pr a ă I s ¨ σ q ó ; φ, a ; Φ $ U ∆ ó ;from which the thesis easily follows. ‚ Suppose that t is uv . Then the derivations in t π n u n P N have the following shape: φ ; Φ t n { a u ; Γ n $ U J n t : r b ă I n s ¨ σ n ⊸ τ t n { a u φ, b ; Φ t n { a u , b ă I n ; ∆ n $ U K n u : σ n φ ; Φ t n { a u $ U Σ t n { a u Ď Γ n Z ř b ă I n ∆ n φ ; Φ t n { a u |ù U H t n { a u ě J n ` I n ` ř b ă I n K n φ ; Φ t n { a u ; Σ t n { a u $ U H t n { a u tu : τ t n { a u A By Lemma 5.8 and Lemma 5.9, there are index terms I , J , K and a type σ , and typingcontexts Γ and ∆ such that the following holds: φ ; H |ù U I t n { a u » I n ; φ ; H |ù U J t n { a u » J n ; φ, b ; b ă I t n { a u |ù U K t n { a u » K n ; φ, b ; Φ , b ă I $ U σ ó ; φ, b ; Φ t n { a u , b ă I t n { a u $ U σ t n { a u – σ n ; φ, b ; Φ , b ă I $ U Γ ó ; φ, b ; Φ t n { a u , b ă I t n { a u $ U Γ t n { a u – Γ n ; φ, b ; Φ , b ă I $ U ∆ ó ; φ, b ; Φ t n { a u , b ă I t n { a u $ U ∆ t n { a u – ∆ n . From the above, we first of all obtain φ ; Φ t n { a u |ù U H t n { a u ě J t n { a u ` I t n { a u ` ÿ b ă I t n { a u K t n { a u , that by Lemma 5.7 becomes φ, a ; Φ |ù U H ě J ` I ` ÿ b ă I K . Analogously, this time through Lemma 5.10, one easily reach φ, a ; Φ $ U Σ Ď Γ Z ÿ b ă I ∆ . INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 41
Again, one can reach φ ; Φ t n { a u ; Γ t n { a u $ U J t n { a u t : r b ă I t n { a us ¨ σ t n { a u ⊸ τ t n { a u ; φ, b ; Φ t n { a u , b ă I t n { a u ; ∆ t n { a u $ U K t n { a u u : σ t n { a u ;to which one can apply the induction hypothesis. The thesis easily follows.This concludes the proof.Uniformization is the key to prove relative completeness for functions from relativecompleteness for programs: Theorem 5.12 (Relative Completeness for Functions) . Suppose that t is a PCF term suchthat $ t : Nat Ñ Nat . Moreover, suppose that there are two (total and computable) functions f, g : N Ñ N such that t n ó g p n q f p n q . Then there are terms I , J , K with J I ` J K ď g and J K K “ f , such that a ; H ; H $ U I t : r b ă J s ¨ Nat r a s ⊸ Nat r K s . Proof.
A consequence of relative completeness for programs (Theorem 5.6) and Lemma5.11. Indeed, a type derivation for a ; H ; H $ I t : r b ă J s ¨ Nat r a s ⊸ Nat r K s can be obtainedsimply by uniformizing all type derivations π n for programs in the form t n . In turn, thosetype derivations can be built effectively by way of Subject Expansion.6. On the Undecidability of Type Checking
As we have seen in the last two sections, d ℓ PCF is not only sound, but complete: all truetyping judgements involving programs can be derived, and this can be indeed lifted tofirst-order functions, as explained in Section 5.3.There is a price to pay, however. Checking a type derivation for correctness is un-decidable in general, simply because it can rely on semantic assumptions in the form ofinequalities between index terms, or on subtyping judgements, which themselves rely onthe properties of the underlying equational program E . If E is sufficiently involved, e.g. ifwe work with U , there is no hope to find a decidable complete type checking procedure. Inthis sense, d ℓ PCF is a non-standard type system.Indeed, d ℓ PCF is not actually a type system, but rather a framework in which variousdistinct type systems can be defined. Concrete type systems can be developed along twoaxes: on the one hand by concretely instantiating E , on the other by choosing specificand sound formal systems for the verification of semantic assumptions. This way soundand possibly decidable type systems can be derived. Even if completeness can only beachieved if E is universal, soundness holds for every equational program E . Choosing asimple equational program E results in a (incomplete) type system for which the problemof checking the inequalities can be much easier, if not decidable. And even if E remainsuniversal, assumptions could be checked using techniques such as abstract interpretation ortheorem proving.By the way, the just described phenomenon is not peculiar to d ℓ PCF . Unsurprisingly,program logics have similar properties, since the rule p ñ r t r u P t s u s ñ q t p u P t q u is part of most relatively complete Hoare-Floyd logics and, of course, the premises p ñ r and s ñ q have to be taken semantically for completeness to hold.7. d ℓ PCF and Implicit Computational Complexity
One of the original motivations for the studies which lead to the definition of d ℓ PCF camefrom Implicit Computational Complexity. There, one aims at giving characterizations ofcomplexity classes which can often be turned into type systems or static analysis methodolo-gies for the verification of resource usage of programs. Historically [24, 29], what preventedmost ICC techniques to find concrete applications along this line was their poor expressivepower: the class of programs which can be recognized as being efficient by (tools derivedfrom) ICC systems is often very small and does not include programs corresponding tonatural, well-known algorithms. This is true despite the fact that ICC systems are exten-sionally complete — they capture complexity classes seen as classes of functions . The kindof Intensional Completeness enjoyed by d ℓ PCF is much stronger: all
PCF programs with acertain complexity can be proved to be so by deriving a typing judgement for them.Of course, d ℓ PCF is not at all an implicit system: bounds appear everywhere! Onthe other hand, d ℓ PCF allows to analyze the time complexity of higher-order functionalprograms directly, without translating them into low level programs. In other words, d ℓ PCF can be viewed as an abstract framework where to experiment new implicit computationalcomplexity techniques. 8.
Related Work
Other type systems can be proved to satisfy completeness properties similar to the onesenjoyed by d ℓ PCF .The first example that comes to mind is the one of intersection types. In intersec-tion type disciplines, the class of strongly and weakly normalizable lambda terms can becaptured [16]. Recently, these results have been refined in such a way that the actual com-plexity of reduction of the underlying term can be read from its type derivation [14, 7].What intersection types lack is the possibility to analyze the behavior of a functional termin one single type derivation — all function calls must be typed separately [28, 8, 9]. This isin contrast with Theorem 5.12 which gives a unique type derivation for every
PCF programcomputing a total function on the natural numbers.Another example of type theories which enjoy completeness properties are refinementtype theories [17], as shown in [15]. Completeness, however, only holds in a logical sense:any property which is true in all Henkin models can be captured by refinement types. Thekind of completeness we obtain here is clearly more operational: the result of evaluating aprogram and the time complexity of the process can both be read off from its type.As already mentioned in the Introduction, linear logic has been a great source of inspi-ration for the authors. Actually, it is not a coincidence that linear logic was a key ingredientin the development of one of the earliest fully-abstract game models for
PCF . Indeed, d ℓ PCF can be seen as a way to internalize history-free game semantics [1] into a type system. Andalready
BLL and
QBAL , both precursors of d ℓ PCF , have been designed being greatly in-spired by the geometry of interaction. d ℓ PCF is a way to study the extreme consequencesof this idea, when bounds are not only polynomials but arbitrary first-order total functionson natural numbers.
INEAR DEPENDENT TYPES AND RELATIVE COMPLETENESS 43
References [1] S. Abramsky, R. Jagadeesan, and P. Malacaria. Full abstraction for PCF.
I & C , 163(2):409–470, 2000.[2] K. R. Apt, F. S. de Boer, and E.-R. Olderog.
Verification of Sequential and Concurrent Programs . T.in Comp. Sci. Springer-Verlag, 2009.[3] F. Baader and T. Nipkow.
Term Rewriting and All That . Cambridge University Press, 1998.[4] P. Baillot, M. Gaboardi, and V. Mogbil. A polytime functional language from light linear logic. In
ESOP , volume 6012 of
LNCS , pages 104–124. Springer, 2010.[5] P. Baillot and K. Terui. Light types for polynomial time computation in lambda calculus.
I & C ,207(1):41–62, 2009.[6] G. Barthe, B. Gr´egoire, and C. Riba. Type-based termination with sized products. In
CSL , volume5213 of
LNCS , pages 493–507. Springer, 2008.[7] A. Bernadet and S. Lengrand. Complexity of strongly normalising λ -terms via non-idempotent inter-section types. In FOSSACS , volume 6604 of
LNCS , pages 88–107. Springer, 2011.[8] A. Bucciarelli, S. D. Lorenzis, A. Piperno, and I. Salvo. Some computational properties of intersectiontypes. In
LICS , pages 109–118. IEEE Comp. Soc., 1999.[9] A. Bucciarelli, A. Piperno, and I. Salvo. Intersection types and lambda-definability.
MSCS , 13(1):15–53,2003.[10] S. A. Cook. Soundness and completeness of an axiom system for program verification.
SIAM J. onComputing , 7:70–90, 1978.[11] K. Crary and S. Weirich. Resource bound certification. In
ACM POPL , pages 184–198, 2000.[12] U. Dal Lago. Context semantics, linear logic and computational complexity.
ACM TOCL , 10(4), 2009.[13] U. Dal Lago and M. Hofmann. Bounded linear logic, revisited.
LMCS , 6(4), 2010.[14] D. de Carvalho. Execution time of lambda-terms via denotational semantics and intersection types.
CoRR , abs/0905.4251, 2009.[15] E. Denney. Refinement types for specification. In
IFIP-PROCOMET , pages 148–166, 1998.[16] M. Dezani-Ciancaglini, E. Giovannetti, and U. de’ Liguoro. Intersection Types, Lambda-models andB¨ohm Trees. In “Theories of Types and Proofs” , volume 2, pages 45–97. Math. Soc. of Japan, 1998.[17] T. Freeman and F. Pfenning. Refinement types for ML. In
PLDI , pages 268–277, 1991.[18] J.-Y. Girard. Linear logic.
Theor. Comp. Sci. , 50:1–102, 1987.[19] J.-Y. Girard, A. Scedrov, and P. Scott. Bounded linear logic.
Theor. Comp. Sci. , 97(1):1–66, 1992.[20] B. Grobauer. Cost recurrences for DML programs. In
ICFP , pages 253–264, 2001.[21] C. A. Gunter.
Semantics of Programming Languages: Structures and Techniques . Found. of Comp.Series. MIT Press, 1992.[22] J. Hoffmann, K. Aehlig, and M. Hofmann. Multivariate Amortized Resource Analysis. In
ACM POPL ,pages 357–370, 2011.[23] M. Hofmann. Linear types and non-size-increasing polynomial time computation. In
LICS , pages 464–473. IEEE Comp. Soc., 1999.[24] M. Hofmann. Programming languages capturing complexity classes.
ACM SIGACT News , 31:31–42,2000.[25] S. Jost, K. Hammond, H.-W. Loid, and M. Hofmann. Static Determination of Quantitative ResourceUsage for Higher-Order Programs. In
ACM POPL , Madrid, Spain, 2010.[26] N. Kobayashi and C.-H. L. Ong. A type system equivalent to the modal mu-calculus model checking ofhigher-order recursion schemes. In
LICS , pages 179–188. IEEE Comp. Soc., 2009.[27] J.-L. Krivine. A call-by-name lambda-calculus machine.
Higher-Order and Symbolic Computation ,20(3):199–207, 2007.[28] D. Leivant. Discrete polymorphism. In
ACM LFP , pages 288–297. ACM Press, 1990.[29] J.-Y. Marion.
Complexit´e implicite des calculs, de la th´eorie `a la pratique . Habilitation thesis, Universit´eNancy 2, 2000.[30] P. Odifreddi.
Classical Recursion Theory: the Theory of Functions and Sets of Natural Numbers . Number125 in Studies in Logic and the Foundations of Mathematics. North-Holland, 1989.[31] G. D. Plotkin. LCF considerd as a programming language.
Theor. Comp. Sci. , 5:225–255, 1977.[32] A. Sabelfeld and A. C. Myers. Language-based information-flow security.
IEEE JSAC , 21(1):5–19, 2003.[33] D. M. Volpano, C. E. Irvine, and G. Smith. A sound type system for secure flow analysis.
JCS ,4(2/3):167–188, 1996. [34] H. Xi. Dependent types for program termination verification. In
LICS , pages 231–246. IEEE Comp.Soc., 2001.[35] H. Xi. Dependent ml an approach to practical programming with dependent types.
J. of Funct. Progr. ,17(2):215–286, 2007.[36] H. Xi and F. Pfenning. Dependent types in practical programming. In
ACM POPL , pages 214–227,1999.
This work is licensed under the Creative Commons Attribution-NoDerivs License. To viewa copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/http://creativecommons.org/licenses/by-nd/2.0/