Semantics of a Relational λ-Calculus (Extended Version)
aa r X i v : . [ c s . P L ] S e p Semantics of a Relational λ -Calculus ⋆ (Extended Version) Pablo Barenbaum , Federico Lochbaum , and Mariana Milicich Universidad de Buenos Aires and Universidad Nacional de Quilmes, Argentina [email protected] Universidad Nacional de Quilmes, Argentina [email protected] Universidad de Buenos Aires, Argentina [email protected]
Abstract.
We extend the λ -calculus with constructs suitable for rela-tional and functional–logic programming: non-deterministic choice, freshvariable introduction, and unification of expressions. In order to be ableto unify λ -expressions and still obtain a confluent theory, we depart fromrelated approaches, such as λ Prolog, in that we do not attempt to solvehigher-order unification. Instead, abstractions are decorated with a loca-tion , which intuitively may be understood as its memory address, and weimpose a simple coherence invariant: abstractions in the same locationmust be equal. This allows us to formulate a confluent small-step oper-ational semantics which only performs first-order unification and doesnot require strong evaluation (below lambdas). We study a simply typedversion of the system. Moreover, a denotational semantics for the calcu-lus is proposed and reduction is shown to be sound with respect to thedenotational semantics.
Keywords:
Lambda Calculus · Semantics · Relational Programming · Functional Programming · Logic Programming · Confluence
Declarative programming is defined by the ideal that programs should resembleabstract specifications rather than concrete implementations. One of the mostsignificant declarative paradigms is functional programming , represented by lan-guages such as Haskell. Some of its salient features are the presence of first-classfunctions and inductive datatypes manipulated through pattern matching. Thefact that the underlying model of computation—the λ -calculus—is confluent allows one to reason equationally about the behavior of functional programs.Another declarative paradigm is logic programming , represented by languagessuch as Prolog. Some of its salient features are the ability to define relations ⋆ Work partially supported by project grants ECOS Sud A17C01, PUNQ 1346/17,and UBACyT 20020170100086BA. P. Barenbaum, F. Lochbaum, M. Milicich rather than functions, and the presence of existentially quantified symbolic vari-ables that become instantiated upon querying. This sometimes allows to use n -ary relations with various patterns of instantiation, e.g. add(3, 2, X) com-putes X := 3 + 2 whereas add(X, 2, 5) computes
X := 5 - 2 . The under-lying model of computation is based on unification and refutation search with backtracking .The idea to marry functional and logic programming has been around for along time, and there have been many attempts to combine their features grace-fully. For example, λ Prolog (Miller and Nadathur [24,22]) takes Prolog as astarting point, generalizing first-order terms to λ -terms and the mechanism offirst-order unification to that of higher-order unification . Another example isCurry (Hanus et al. [13,12]) in which programs are defined by equations, quitelike in functional languages, but evaluation is non-deterministic and evaluationis based on narrowing , i.e. variables become instantiated in such a way as tofulfill the constraints imposed by equations.One of the interests of combining functional and logic programming is thefact that the increased expressivity aids declarative programming. For instance,if one writes a parser as a function parser : String −→ AST , it should bepossible, under the right conditions, to invert this function to obtain a pretty-printer pprint : AST −→ String : pprint ast = ν source . ((ast • = parse source) ; source) In this hypothetical functional–logic language, intuitively speaking, the expres-sion ( νx. t ) creates a fresh symbolic variable x and proceeds to evaluate t ; theexpression ( t • = s ) unifies t with s ; and the expression ( t ; s ) returns the result ofevaluating s whenever the evaluation of t succeeds.Given that unification is a generalization of pattern matching, a functionallanguage with explicit unification should in some sense generalize λ -calculi withpatterns , such as the Pure Pattern Calculus [16]. For example, by relying on uni-fication one may build dynamic or functional patterns , i.e. patterns that includeoperations other than constructors. A typical instance is the following function last : [a] −→ a , which returns the last element of a non-empty cons-list: last (xs ++ [x]) = x Note that ++ is not a constructor. This definition may be desugared similarly asfor the pprint example above: last lst = ν xs . ν x. (lst • = (xs ++ [x])); x Still another interest comes from the point of view of the proposition-as-typescorrespondence . Terms of a λ -calculus with types can be understood as encodingproofs, so for instance the identity function ( λx : A. x ) may be understood asa proof of the implication A → A . From this point of view, a functional–logicprogram may be understood as a tactic , as can be found in proof assistants suchas Isabelle or Coq (see e.g. [31]). A term of type A should then be understood as a emantics of a Relational λ -Calculus (Extended Version) 3 non-deterministic procedure which attempts to find a proof of A and it may leaveholes in the proof or even fail. For instance if P is a property on natural numbers, p is a proof of P (0) and q is a proof of P (1), then λn. (( n • = 0); p ) ⊞ (( n • = 1); q )is a tactic that given a natural number n produces a proof of P ( n ) whenever n ∈ { , } , and otherwise it fails. Here ( t ⊞ s ) denotes the non-deterministicalternative between t and s .The goal of this paper is to provide a foundation for functional–logicprogramming by extending the λ -calculus with relational constructs .Recall that the syntactic elements of the λ -calculus are λ -terms ( t, s, . . . ), whichinductively may be variables ( x, y, . . . ), abstractions ( λx. t ), and applications ( t s ).Relational programming may be understood as the purest form of logic pro-gramming, chiefly represented by the family of miniKanren languages (Byrd etal. [10,7]). The core syntactic elements of miniKanren, following for instanceRozplokhas et al. [27] are goals ( G, G ′ , . . . ) which are inductively given by: rela-tion symbol invocations , of the form R ( T , . . . , T n ), where R is a relation symboland T , . . . , T n are terms of a first-order language, unification of first-order terms( T • = T ), conjunction of goals ( G ; G ′ ), disjunction of goals ( G ⊞ G ′ ), and freshvariable introduction ( νx. G ).Our starting point is a “chimeric creature”—a functional–logic language re-sulting from cross breeding the λ -calculus and miniKanren, given by the followingabstract syntax: t, s ::= x variable | c constructor | λx. t abstraction | t s application | νx. t fresh variable introduction | t ⊞ s non-deterministic choice | t ; s guarded expression | t • = s unificationIts informal semantics has been described above. Variables ( x, y, . . . ) may be in-stantiated by unification, while constructors ( c , d , . . . ) are constants. For exam-ple, if coin def = ( true ⊞ false ) is a non-deterministic boolean with two possiblevalues and not def = λx. (( x • = true ); false ) ⊞ (( x • = false ); true ) is the usualboolean negation, the following non-deterministic computation:( λx. λy. ( x • = not y ); pair x y ) coin coin should have two results, namely pair true false and pair false true . Structure of this paper.
In Section 2, we discuss some technical difficul-ties that arise as one intends to provide a formal operational semantics for theinformal functional–logic calculus sketched above. In Section 3, we refine thisrough proposal into a calculus we call the λ U -calculus , with a formal small-stepoperational semantics (Def. 3.1). To do so, we distinguish terms , which representa single choice, from programs , which represent a non-deterministic alternativebetween zero or more terms. Moreover, we adapt the standard first-order unifica-tion algorithm to our setting by imposing a coherence invariant on programs. InSection 4, we study the operational properties of the λ U -calculus: we provide aninductive characterization of the set of normal forms (Prop. 4.1), and we prove P. Barenbaum, F. Lochbaum, M. Milicich that it is confluent (Thm. 4.4) (up to a notion of structural equivalence). In Sec-tion 5, we propose a straightforward system of simple types and we show thatit enjoys subject reduction (Prop. 5.2). In Section 6, we define a (naive) denota-tional semantics, and we show that the operational semantics is sound (althoughit is not complete) with respect to this denotational semantics (Thm. 6.2). InSection 7, we conclude and we lay out avenues of further research.
Note.
Most proofs have been left out from the body of the paper. Detailedproofs that can be found in the technical appendix have been marked with ♣ . This section is devoted to discussing technical stumbling blocks that we encoun-tered as we attempted to define an operational semantics for the functional–logiccalculus incorporating all the constructs mentioned in the introduction. Thesetechnical issues motivate the design decisions behind the actual λ U -calculus de-fined in Sec. 3. The discussion in this section is thus informal . Examples arecarried out with their hypothetical or intended semantics. Locality of symbolic variables.
The following program introduces a freshvariable x and then there are two alternatives: either x unifies with c and theresult is x , or x unifies with d and the result is x . The expected reduction se-mantics is the following. The constant ok is the result obtained after a successfulunification: νx. (cid:16) (( x • = c ); x ) ⊞ (( x • = d ); x ) (cid:17) → (( x • = c ); x ) ⊞ (( x • = d ); x ) with x fresh → ( ok ; c ) ⊞ (( x • = d ); x ) ( ⋆ ) → ( ok ; c ) ⊞ ( ok ; d ) ։ c ⊞ d Note that in the step marked with ( ⋆ ), the variable x becomes instantiated to c , but only to the left of the choice operator ( ⊞ ). This suggests that programsshould consist of different threads fenced by choice operators. Symbolic variablesshould be local to each thread. Need of commutative conversions.
Redexes may be blocked by the choiceoperator—for example in the application (( t ⊞ λx. s ) u ), there is a potential β -redex (( λx. s ) u ) which is blocked. This suggests that commutative conversions that distribute the choice operator should be incorporated, allowing for instancea reduction step ( t ⊞ λx. s ) u → t u ⊞ ( λx. s ) u . In our proposal, we force in thesyntax that a program is always written, canonically, in the form t ⊞ . . . ⊞ t n ,where each t i is a deterministic program ( i.e. choice operators may only appearinside lambdas). This avoids the need to introduce commutative rules. emantics of a Relational λ -Calculus (Extended Version) 5 Confluence only holds up to associativity and commutativity.
There aretwo ways to distribute the choice operators in the following example: t ( s ⊞ s ) ⊞ t ( s ⊞ s ) (cid:15) (cid:15) ( t ⊞ t ) ( s ⊞ s ) o o / / ( t ⊞ t ) s ⊞ ( t ⊞ t ) s (cid:15) (cid:15) ( t s ⊞ t s ) ⊞ ( t s ⊞ t s ) ≡ ( t s ⊞ t s ) ⊞ ( t s ⊞ t s ) The resulting programs cannot be equated unless one works up to an equivalencerelation that takes into account the associativity and commutativity of the choiceoperator. As we mentioned, the λ U -calculus works with programs in canonicalform t ⊞ . . . ⊞ t n , so there is no need to work modulo associativity. However, wedo need commutativity. As a matter of fact, we shall define a notion of structuralequivalence ( ≡ ) between programs, allowing the arbitrary reordering of threads.This relation will be shown to be well-behaved, namely, a strong bisimulation with respect to the reduction relation, cf. Lem. 3.3.
Non-deterministic choice is an effect.
Consider the program ( λx. x x )( c ⊞ d ),which chooses between c and d and then it produces two copies of the chosenvalue. Its expected reduction semantics is:( λx. x x )( c ⊞ d ) → ( λx. x x ) c ⊞ ( λx. x x ) d ։ c c ⊞ d d This means that the first step in the following reduction, which produces twocopies of ( c ⊞ d ) cannot be allowed, as it would break confluence:( λx. x x )( c ⊞ d ) ( c ⊞ d ) ( c ⊞ d ) ։ c c ⊞ c d ⊞ d c ⊞ d d The deeper reason is that non-deterministic choice is a side-effect rather than avalue. Our design decision, consistent with this remark, is to follow a call-by-value discipline. Another consequence of this remark is that the choice operatorshould not commute with abstraction, given that λx. ( t ⊞ s ) and ( λx. t ) ⊞ ( λx. s )are not observationally equivalent. In particular, λx. ( t ⊞ s ) is a value, whichmay be copied , while ( λx. t ) ⊞ ( λx. s ) is not a value. On the other hand, if W is any weak context, i.e. a term with a hole which does not lie below a binder,and we write W h t i for the result of plugging a term t into the hole of W , then W h t ⊞ s i = W h t i ⊞ W h s i should hold. Evaluation should be weak.
Consider the term F def = λy. (( y • = x ); x ). In-tuitively, it unifies its argument with a (global) symbolic variable x and thenreturns x . This poses two problems. First, when x becomes instantiated to y ,it may be outside the scope of the abstraction binding y , for instance, the step F x = ( λy. (( y • = x ); x )) x → ( λy. ( ok ; y )) y produces a meaningless free occur-rence of y . Second, consider the following example in which two copies of F areused with different arguments. If we do not allow evaluation under lambdas,this example fails due to a unification clash, i.e. it produces no outputs:( λf. ( f c ) ( f d )) F → ( F c ) ( F d ) → (( c • = x ); x ) (( d • = x ); x ) → ( ok ; c ) (( d • = c ); c ) ( ⋆ ) → fail P. Barenbaum, F. Lochbaum, M. Milicich
Note that in the step marked with ( ⋆ ), the symbolic variable x has becomeinstantiated to c , leaving us with the unification goal d • = c which fails. On theother hand, if we were to allow reduction under lambdas, given that there are noother occurrences of x anywhere in the term, in one step F becomes λy. ( ok ; y ),which then behaves as the identity:( λf. ( f c ) ( f d )) F ( λf. ( f c ) ( f d )) ( λy. ok ; y ) → (( λy. ok ; y ) c ) (( λy. ok ; y ) d ) ։ c d Thus allowing reduction below abstractions in this example would break conflu-ence. This suggests that evaluation should be weak , i.e. it should not proceedbelow binders. Avoiding higher-order unification.
The calculus proposed in this paper restson the design choice to avoid attempting to solve higher-order unification prob-lems. Higher-order unification problems can be expressed in the syntax: for ex-ample in ( f c • = c ) the variable f represents an unknown value which shouldfulfill the given constraint. From our point of view, however, this program isstuck and its evaluation cannot proceed—it is a normal form. However, notethat we do want to allow pattern matching against functions; for example thefollowing should succeed, instantiating f to the identity:( c f • = c ( λx. x )); ( f • = f ) → ( λx. x ) • = ( λx. x ) → ok The decision to sidestep higher-order unification is a debatable one, as it severelyrestricts the expressivity of the language. But there are various reasons to explorealternatives. First, higher-order unification is undecidable [14], and even secondorder unification is known to be undecidable [18]. Huet’s semi-decision proce-dure [15] does find a solution should it exist, but even then higher-order unifica-tion problems do not necessarily possess most general unifiers [11], which turnsconfluence hopeless . Second, there are decidable restrictions of higher-order uni-fication which do have most general unifiers, such as higher-order pattern unifi-cation [21] used in λ Prolog, and nominal unification [32] used in α Prolog. Butthese mechanisms require strong evaluation, i.e. evaluation below abstractions,departing from the traditional execution model of eager applicative languagessuch as in the Lisp and ML families, in which closures are opaque values whosebodies cannot be examined. Moreover, they are formulated in a necessarily typedsetting.The calculus studied in this paper relies on a standard first-order unificationalgorithm, with the only exception that abstractions are deemed to be equalif and only if they have the same “identity”. Intuitively speaking, this meansthat they are stored in the same memory location, i.e. they are represented bythe same pointer. This is compatible with the usual implementation techniques Key in our proof of confluence is the fact that if σ and σ ′ are most general unifiers forunification problems G and G ′ respectively, then the most general unifier for ( G ∪ G ′ )is an instance of both σ and σ ′ . See Ex. 4.5.emantics of a Relational λ -Calculus (Extended Version) 7 of eager applicative languages, so it should allow to use standard compilationtechniques for λ -abstractions. Also note that the operational semantics does notrequire to work with typed terms—in fact the system presented in Sec. 3 isuntyped, even though we study a typed system in Sec. 5. λ U -Calculus — Operational Semantics In this section we describe the operational semantics of our proposed calculus,including its syntax, reduction rules (Def. 3.1), an invariant ( coherence ) which ispreserved by reduction (Lem. 3.2), and a notion of structural equivalence whichis a strong bisimulation with respect to reduction (Lem. 3.3).
Syntax of terms and programs.
Suppose given denumerably infinite setsof variables
Var = { x, y, z, . . . } , constructors Con = { c , d , e , . . . } , and locations Loc = { ℓ, ℓ ′ , ℓ ′′ , . . . } . We assume that there is a distinguished constructor ok .The sets of terms t, s, . . . and programs P, Q, . . . are defined mutually inductivelyas follows: t ::= x variable | c constructor | λx. P abstraction | λ ℓ x. P allocated abstraction | t t application | νx. t fresh variable introduction | t ; t guarded expression | t • = t unification P ::= fail empty program | t ⊕ P non-deterministic choiceThe set of values Val = { v , w , . . . } is a subset of the set of terms, given by thegrammar v ::= x | λ ℓ x. P | c v . . . v n . Values of the form c v . . . v n are called structures .Intuitively, an (unallocated) abstraction λx. P represents the static code tocreate a closure, while λ ℓ x. P represents the closure created in runtime, storedin the memory cell ℓ . When the abstraction is evaluated, it becomes decoratedwith a location ( allocated ). We will have a rewriting rule like λx. P → λ ℓ x. P where ℓ is fresh. Notational conventions.
We write C , C ′ , . . . for arbitrary contexts , i.e. terms with a single free occurrence of a hole (cid:3) . We write W , W ′ , . . . for weakcontexts , which do not enter below abstractions nor fresh variable declarations, i.e. W ::= (cid:3) | W t | t W | W ; t | t ; W | W • = t | t • = W . We write ⊕ ni =1 t i or also t ⊕ t . . . ⊕ t n to stand for the program t ⊕ ( t ⊕ . . . ( t n ⊕ fail )). In particular, if t is a term, sometimes we write t for the singleton program t ⊕ fail . The set offree variables fv ( t ) (resp. fv ( P )) of a term (resp. program) is defined as expected,noting that fresh variable declarations νx. t and both kinds of abstractions λx. P and λ ℓ x. P bind the free occurrences of x in the body. Expressions are consid-ered up to α -equivalence, i.e. renaming of all bound variables. Given a contextor weak context C and a term t , we write C h t i for the (capturing) substitution of (cid:3) by t in C . The set of locations locs ( t ) (resp. fv ( P )) of a term (resp. program) P. Barenbaum, F. Lochbaum, M. Milicich is defined as the set of all locations ℓ decorating any abstraction on t . We write t { ℓ := ℓ ′ } for the term that results from replacing all occurrences of the location ℓ in t by ℓ ′ . The program being evaluated is called the toplevel program . Thetoplevel program is always of the form t ⊕ t . . . ⊕ t n , and each of the t i is calleda thread . Operations with programs.
We define the operations P ⊕ Q and W h P i byinduction on the structure of P as follows; note that the notation “ ⊕ ” is over-loaded both for consing a term onto a program and for concatenating programs: fail ⊕ Q def = Q ( t ⊕ P ) ⊕ Q def = t ⊕ ( P ⊕ Q ) W h fail i def = fail W h t ⊕ P i def = W h t i ⊕ W h P i Substitutions. A substitution is a function σ : Var → Val with finite support , i.e. such that the set supp( σ ) def = { x | σ ( x ) = x } is finite. We write { x v , . . . , x n v n } for the substitution σ such that supp( σ ) = { x , . . . , x n } and σ ( x i ) = v i for all i ∈ ..n . A renaming is a substitution mapping each variableto a variable, i.e. a substitution of the form { x y , . . . , x n y n } .If σ : Var → Val is a substitution and t is a term, t σ denotes the capture-avoiding substitution of each occurrence of a free variable x in t by σ ( x ). Capture-avoiding substitution of a single variable x by a value v in a term t is written t { x := v } and defined by t { x v } . Subsitutions ρ, σ may be composed as follows:( ρ · σ )( x ) def = ρ ( x ) σ . Substitutions can also be applied to weak contexts, taking (cid:3) σ def = (cid:3) . A substitution σ is idempotent if σ · σ = σ . A substitution σ is moregeneral than a substitution ρ , written σ . ρ if there is a substitution τ such that ρ = σ · τ . Unification.
We describe how to adapt the standard first-order unificationalgorithm to our setting, in order to deal with unification of λ -abstractions. Asmentioned before, our aim is to solve only first-order unification problems. Thismeans that the unification algorithm should only deal with equations involv-ing terms which are already values . Note that unallocated abstractions ( λx. P )are not considered values; abstractions are only values when they are allocated( λ ℓ x. P ). Allocated abstractions are to be considered equal if and only if theyare decorated with the same location. Note that terms of the form x t . . . t n are not considered values if n >
0, as this would pose a higher-order unificationproblem, possibly requiring to instantiate x as a function of its arguments.We expand briefly on why a naive approach to first-order unification wouldnot work. Suppose that we did not have locations and we declared that twoabstractions λx. P and λy. Q are equal whenever their bodies are equal, up to α -renaming ( i.e. P { x := y } = Q ). The problem is that this notion of equalityis not preserved by substitution, for example, the unification problem given bythe equation λx. y • = λx. z would fail , as y = z . However, the variable y maybecome instantiated into z , and the equation would become λx. z • = λx. z , whichsucceeds. This corresponds to the following critical pair in the calculus, whichcannot be closed: fail ← ( λx. y • = λx. z ); ( y • = z ) → ( λx. z • = λx. z ); ok → ok ; ok emantics of a Relational λ -Calculus (Extended Version) 9 This is where the notion of allocated abstraction plays an important role. Wewill work with the invariant that if λ ℓ x. P and λ ℓ ′ y. Q are two allocated ab-stractions in the same location ( ℓ = ℓ ′ ) then their bodies will be equal, up to α -renaming. This ensures that different allocated abstractions are still differentafter substitution, as they must be decorated with different locations. Unification goals and unifiers. A goal is a term of the form v • = w . A unification problem is a finite set of goals G = { v • = w , . . . , v n • = w n } . If σ is a substitution we write G σ for { v σ • = w σ , . . . , v nσ • = w nσ } . A unifier for G = { v • = w , . . . , v n • = w n } is a substitution σ such that v iσ = w iσ for all1 ≤ i ≤ n . A unifier σ for G is most general if for any other unifier ρ one has σ . ρ . Coherence invariant.
As mentioned before, we impose an invariant onprograms forcing that allocated abstractions decorated with the same locationmust be syntactically equal. Moreover, we require that allocated abstractionsdo not refer to variables bound outside of their scope, i.e. that they are in factclosures. Note that the source program trivially satisfies this invariant, as it isexpected that allocated abstractions are not written by the user but generatedat runtime.More precisely, a set X of terms is coherent if the two following conditionshold. (1) Consider any allocated abstraction under a context C , i.e. let t ∈ X such that t = C h λ ℓ x. P i . Then the context C does not bind any of the freevariables of λ ℓ x. P . (2) Consider any two allocated abstractions in t and s withthe same location, i.e. let t, s ∈ X be such that t = C h λ ℓ x. P i and s = C ′ h λ ℓ y. Q i ,Then P { x := y } = Q .We extend the notion of coherence to other syntactic categories as follows.A term t is coherent if { t } is coherent. A program P = t ⊕ . . . ⊕ t n is coherent if each thread t i is coherent. A unification problem G is coherent if it is coherentseen as a set. Note that a program may be coherent even if different abstractionsin different threads have the same location. For example, ( λ ℓ x. x x • = λ ℓ y. c ) ⊕ ( λ ℓ ′ y. y ) is not coherent, whereas ( λ ℓ x. x x • = λ ℓ y. y y ) ⊕ ( λ ℓ y. c ) is coherent. Unification algorithm.
The standard Martelli–Montanari [19] unificationalgorithm can be adapted to our setting. In particular, there is a computablefunction mgu ( − ) such that if G is a coherent unification problem then either mgu ( G ) = σ , i.e. mgu ( G ) returns a substitution σ which is an idempotent mostgeneral unifier for G , or mgu ( G ) = ⊥ , i.e. mgu ( G ) fails and G has no unifier.Moreover, it can be shown that if the algorithm succeeds, the set G σ ∪{ σ ( x ) | x ∈ Var } is coherent. The algorithm, formal statement and proofs are detailed in theappendix ♣ Sec. A.1.
Operational semantics.
The λ U -calculus is the rewriting system whoseobjects are programs, and whose reduction relation is given by the union of thefollowing six rules: Definition 3.1 (Reduction rules). P ⊕ W h λx. P i ⊕ P alloc −−−→ P ⊕ W h λ ℓ x. P i ⊕ P if ℓ locs ( W h λx. P i ) P ⊕ W h ( λ ℓ x. P ) v i ⊕ P beta −−→ P ⊕ W h P { x := v }i ⊕ P P ⊕ W h v ; t i ⊕ P guard −−−→ P ⊕ W h t i ⊕ P P ⊕ W h νx. t i ⊕ P fresh −−−→ P ⊕ W h t { x := y }i ⊕ P if y fv ( W ) P ⊕ W h v • = w i ⊕ P unif −−→ P ⊕ W h ok i σ ⊕ P if mgu ( { v • = w } ) = σP ⊕ W h v • = w i ⊕ P fail −−→ P ⊕ P if mgu ( { v • = w } ) fails Note that all rules operate on a single thread and they are not closed under anykind of evaluation contexts. The alloc rule allocates a closure, i.e. whenever a λ -abstraction is found below an evaluation context, it may be assigned a freshlocation ℓ . The beta rule applies a function to a value. The guard rule proceedswith the evaluation of the right part of a guarded expression when the left partis already a value. The fresh rule introduces a fresh symbolic variable. The unif and fail rules solve a unification problem, corresponding to the successand failure cases respectively. If there is a unifier, the substitution is applied tothe affected thread. For example: ( λx. x ⊕ ( νy. (( x • = c y ); y ))) ( c d ) alloc −−−→ ( λ ℓ x. x ⊕ ( νy. (( x • = c y ); y ))) ( c d ) beta −−→ c d ⊕ νy. (( c d • = c y ); y ) fresh −−−→ c d ⊕ (( c d • = c z ); z ) unif −−→ c d ⊕ ( ok ; d ) guard −−−→ c d ⊕ d Structural equivalence.
As already remarked in Sec. 2, we will not beable to prove that confluence holds strictly speaking, but only up to reorderingof threads in the toplevel program. Moreover the alloc and fresh rules introducefresh names, and, as usual the most general unifier is unique only up to renaming .These conditions are expressed formally by means of the following relation ofstructural equivalence.Formally, structural equivalence between programs is written P ≡ Q anddefined as the reflexive, symmetric, and transitive closure of the three followingaxioms:1. ≡ -swap : P ⊕ t ⊕ s ⊕ Q ≡ P ⊕ s ⊕ t ⊕ Q .2. ≡ -var : If y fv ( t ) then P ⊕ t ⊕ Q ≡ P ⊕ t { x := y } ⊕ Q .3. ≡ -loc : If ℓ ′ locs ( t ), then P ⊕ t ⊕ Q ≡ P ⊕ t { ℓ := ℓ ′ } ⊕ Q .In short, ≡ -swap means that threads may be reordered arbitrarily, ≡ -var meansthat symbolic variables are local to each thread, and ≡ -loc means that locationsare local to each thread.The following lemma establishes that the coherence invariant is closed byreduction and structural equivalence, which means that the λ U -calculus is well-defined if restricted to coherent programs. In the rest of this paper, we alwaysassume that all programs enjoy the coherence invariant . emantics of a Relational λ -Calculus (Extended Version) 11 Lemma 3.2.
Let P be a coherent program. If P ≡ Q or P → Q , then Q is alsocoherent. ♣ Sec. A.3
The following lemma establishes that reduction is well-defined modulo struc-tural equivalence ( i.e. it lifts to ≡ -equivalence classes): Lemma 3.3.
Structural equivalence is a strong bisimulation with respect to → .Precisely, let P ≡ P ′ x −→ Q with x ∈ { alloc , beta , guard , fresh , unif , fail } .Then there exists a program Q ′ such that P x −→ Q ′ ≡ Q . ♣ Sec. A.4Example 3.4 (Type inference algorithm).
As an illustrative example, the follow-ing translation W [ − ] converts an untyped λ -term t into a λ U -term that calculatesthe principal type of t according to the usual Hindley–Milner [23] type inferencealgorithm, or fails if it has no type. Note that an arrow type ( A → B ) is encodedas ( f A B ): W [ x ] def = a x W [ λx. t ] def = νa x . f a x W [ t ] W [ t s ] def = νa. (( W [ t ] • = f W [ s ] a ); a ) For instance, W [ λx. λy. y x ] = νa. f a ( νb. f b ( νc. ( b • = f a c ); c )) ։ f a ( f ( f a c ) c ). In this section we study some properties of the operational semantics. First, wecharacterize the set of normal forms of the λ U -calculus syntactically, by meansof an inductive definition (Prop. 4.1). Then we turn to the main result of thissection, proving that it enjoys confluence up to structural equivalence (Thm. 4.4). Characterization of normal forms.
The set of normal terms t ⋆ , s ⋆ , . . . and stuck terms S, S ′ , . . . are defined mutually inductively as follows. A normalterm is either a value or a stuck term, i.e. t ⋆ ::= v | S . A term is stuck if thejudgment t ▽ is derivable with the following rules: n > stuck-var x t ⋆ . . . t ⋆n ▽ t ⋆i ▽ for some i ∈ { , , . . . , n } stuck-cons c t ⋆ . . . t ⋆n ▽ t ⋆ ▽ n ≥ stuck-guard ( t ⋆ ; t ⋆ ) s ⋆ . . . s ⋆n ▽ t ⋆i ▽ for some i ∈ { , } n ≥ stuck-unif ( t ⋆ • = t ⋆ ) s ⋆ . . . s ⋆n ▽ t ⋆ ▽ n ≥ stuck-lam ( λ ℓ x. P ) t ⋆ s ⋆ . . . s ⋆n ▽ The set of normal programs P ⋆ , Q ⋆ , . . . is given by the following grammar: P ⋆ ::= fail | t ⋆ ⊕ P ⋆ . For example, the program ( λ ℓ x. x • = x ) ⊕ (( y c • = d ); e ) ⊕ z ( z c ) is normal, being the non-deterministic alternative of a value and two stuckterms. Normal programs capture the notion of normal form: Proposition 4.1.
The set of normal programs is exactly the set of → -normalforms. ♣ Sec. A.5
Confluence.
In order to prove that the λ U -calculus has the Church–Rosserproperty, we adapt the method due to Tait and Martin-L¨of [5, Sec. 3.2] bydefining a simultaneous reduction relation ⇒ , and showing that it verifies thediamond property ( i.e. ⇐⇒ ⊆ ⇒⇐ ) and the inclusions → ⊆ ⇒ ⊆ ։ , where ։ denotes the reflexive–transitive closure of → . Actually, these properties onlyhold up to structural equivalence, so our confluence result, rather than the usualinclusion և։ ⊆ ։և , expresses the weakened inclusion և։ ⊆ ։ ≡ և .To define the relation of simultaneous reduction, we use the following nota-tion, to lift the binary operations of unification ( t • = s ), guarded expression ( t ; s ),and application ( t s ) from the sort of terms to the sort of programs. Let ⋆ denotea binary term constructor ( e.g. unification, guarded expression, or application).Then we write ( L ni =1 t i ) ⋆ ( L mj =1 s j ) def = L ni =1 L mj =1 ( t i ⋆ s j ).First, we define a judgment t G = ⇒ P of simultaneous reduction, relating aterm and a program, parameterized by a set G of unification goals representingpending constraints: Var x ∅ = ⇒ x Cons c ∅ = ⇒ c Fresh νx. t ∅ = ⇒ νx. t t G = ⇒ P x fresh
Fresh νx. t G = ⇒ P Abs C λx. P ∅ = ⇒ λx. P ℓ fresh Abs C λx. P ∅ = ⇒ λ ℓ x. P Abs A λ ℓ x. P ∅ = ⇒ λ ℓ x. Pt G = ⇒ P s H = ⇒ Q App t s G ∪ H == ⇒ P Q
App ( λ ℓ x. P ) v ∅ = ⇒ P { x := v } t G = ⇒ P s H = ⇒ Q Guard t ; s G ∪ H == ⇒ P ; Qt G = ⇒ P Guard v ; t G = ⇒ P t G = ⇒ P s H = ⇒ Q Unif t • = s G ∪ H == ⇒ P • = Q Unif v • = w { v • = w } ==== ⇒ ok As usual, most term constructors have two rules, the rule decorated with “1” isa congruence rule which chooses not to perform any evaluation on the root ofthe term, while the rule decorated with “2” requires that there is a redex at theroot of the term, and contracts it. Note that rule
Unif does not perform theunification of v and w immediately; it merely has the effect of propagating theunification constraint.Using the relation defined above, we are now able to define the relation of simultaneous reduction between programs: Fail fail ⇒ fail t G = ⇒ P Q ⇒ Q ′ P ′ = ( P σ if σ = mgu ( G ) fail if mgu ( G ) fails Alt t ⊕ Q ⇒ P ′ ⊕ Q ′ The following lemma summarizes some of the key properties of simultaneousreduction. Most are straightforward proofs by induction, except for item 3.:
Lemma 4.2 (Properties of simultaneous reduction). Reflexivity. t ∅ = ⇒ t and P ⇒ P . emantics of a Relational λ -Calculus (Extended Version) 13 Context closure. If t G = ⇒ P then W h t i G = ⇒ W h P i .3. Strong bisimulation.
Structural equivalence is a strong bisimulation withrespect to ⇒ , i.e. if P ≡ P ′ ⇒ Q then there is a program Q ′ such that P ⇒ Q ′ ≡ Q . ♣ Sec. A.64.
Substitution. If t G = ⇒ P then t σ G σ == ⇒ P σ . The core argument is the following adaptation of Tait–Martin-L¨of’s tech-nique, from which confluence comes out as an easy corollary. See ♣ Sec. A.7 inthe appendix for details.
Proposition 4.3 (Tait–Martin-L¨of ’s technique, up to ≡ ). → ⊆ ⇒≡ ⇒ ⊆ ։ ≡ ⇒ has the diamond property, up to ≡ , that is:If P ⇒ P and P ⇒ P then P ⇒≡ P and P ⇒≡ P for some P . Theorem 4.4 (Confluence).
The reduction relation → is confluent, up to ≡ .More precisely, if P ։ P and P ։ P then there is a program P such that P ։ ≡ P and P ։ ≡ P .Example 4.5. Suppose that σ = mgu ( v • = v ) and τ = mgu ( w • = w ). Consider:( v τ • = v τ ) ok t τ ← ( v • = v ) ( w • = w ) t → ok ( w σ • = w σ ) t σ Then both σ ′ = mgu ( v τ • = v τ ) and τ ′ = mgu ( w σ • = w σ ) must exist, and thepeak may be closed as follows:( v τ • = v τ ) ok t τ → ok ok ( t τ ) σ ′ ≡ ok ok ( t σ ) τ ′ ← ok ( w σ • = w σ ) t σ the equivalence relies on the fact that τ ′ ◦ σ and σ ′ ◦ τ are both most generalunifiers of { v • = v , w • = w } , hence ( t τ ) σ ′ ≡ ( t σ ) τ ′ , up to renaming. λ U In this section we discuss a simply typed system for the λ U -calculus. The systemdoes not present any essential difficulty, but it is a necessary prerequisite tobe able to define the denotational semantics of Sec. 6. The main result in thissection is subject reduction (Prop. 5.2).Note that, unlike in the simply typed λ -calculus, reduction may create freevariables, due to fresh variable introduction. For instance, in the reduction step c ( νx. x ) → c x , a new variable x appears free on the right-hand side. Thereforethe subject reduction lemma has to extend the typing context in order to ac-count for freshly created variables. This may be understood only as a matter ofnotation, e.g. in a different presentation of the λ U -calculus the step above couldbe written as c ( νx. x ) → νx. ( c x ), using a scope extrusion rule reminiscent ofthe rule to create new channels in process calculi ( e.g. π -calculus), avoiding thecreation of free variables. Types and typing contexts.
Suppose given a denumerable set of base types α, β, γ, . . . . The sets of types
Type = { A, B, . . . } and typing contexts Γ, ∆, . . . aregiven by:
A, B, . . . ::= α | A → B Γ ::= ∅ | Γ, x : A we assume that no variable occurs twice in a typing context. Typing contextsare to be regarded as finite sets of assumptions of the form ( x : A ), i.e. we workimplicitly modulo contraction and exchange. We assume that each constructor c has an associated type T c . Typing rules.
Judgments are of the form. “ Γ ⊢ X : A ” where X may be aterm or a program, meaning that X has type A under Γ . The typing rules arethe following:( x : A ) ∈ Γ t-var Γ ⊢ x : A t-cons Γ ⊢ c : T c Γ, x : A ⊢ P : B t-lam(l) Γ ⊢ λ ( ℓ ) x. P : A → BΓ ⊢ t : A Γ ⊢ s : A t-unif Γ ⊢ t • = s : T ok Γ ⊢ t : T ok Γ ⊢ s : A t-guard Γ ⊢ t ; s : AΓ, x : A ⊢ t : B t-fresh Γ ⊢ νx. t : B t-fail Γ ⊢ fail : A Γ ⊢ t : A Γ ⊢ P : A t-alt Γ ⊢ t ⊕ P : A Note that all abstractions are typed in the same way, regardless of whetherthey are allocated or not. A unification has the same type as the constructor ok , as does t in the guarded expression ( t ; s ). A freshly introduced variable oftype A represents, from the logical point of view, an unjustified assumption of A . The empty program fail can also be given any type. All the threads in aprogram must have the same type. The following properties of the type systemare routine: Lemma 5.1.
Let X stand for either a term or a program. Then:1. Weakening. If Γ ⊢ X : A then Γ, x : B ⊢ X : A .2. Strengthening. If Γ, x : A ⊢ X : B and x fv ( X ) , then Γ ⊢ X : B .3. Substitution. If Γ, x : A ⊢ X : B and Γ ⊢ s : A then Γ ⊢ X { x := s } : B .4. Contextual substitution. Γ ⊢ W h t i : A holds if and only if there is a type B such that Γ, (cid:3) : B ⊢ W : A and Γ ⊢ t : B hold.5. Program composition/decomposition. Γ ⊢ P ⊕ Q : A holds if and onlyif Γ ⊢ P : A and Γ ⊢ Q : A hold. Proposition 5.2 (Subject reduction).
Let Γ ⊢ P : A and P → Q . Then Γ ′ ⊢ Q : A , where Γ ′ = Γ if the step is derived using any reduction rule otherthan fresh , and Γ ′ = ( Γ, x : B ) if the step introduces a fresh variable ( x : B ) .Proof. By case analysis on the transition P → Q , using Lem. 5.1. The interestingcase is the unif case, which requires proving that the substitution σ returnedby mgu ( G ) preserves the types of the instantiated variables. ♣ Sec. A.8 emantics of a Relational λ -Calculus (Extended Version) 15 In this section we propose a naive denotational semantics for the λ U -calculus. Thesemantics is naive in at least three senses: first, types are interpreted merely assets, rather than as richer structures ( e.g. complete partial orders) or in a moreabstract ( e.g. categorical) framework. Second, since types are interpreted assets, the multiplicities of results are not taken into account, so for example[[ x ⊕ x ]] = [[ x ]] ∪ [[ x ]] = [[ x ]]. Third, and most importantly, the denotation ofabstractions ( λx. P ) is conflated with the denotation of allocated abstractions( λ ℓ x. P ). This means that the operational semantics cannot be complete withrespect to the denotational one, given that for example λ ℓ x. x and λ ℓ ′ x. x havethe same denotation but they are not observationally equivalent . Nevertheless,studying this simple denotational semantics already presents some technical chal-lenges, and we regard it as a first necessary step towards formulating a betterbehaved semantics .Roughly speaking, the idea is that a type A shall be interpreted as a set[[ A ]], while a program P of type A shall be interpreted as a subset [[ P ]] ⊆ [[ A ]].For example, if [[ Nat ]] = N , then given constructors : Nat , : Nat with theirobvious interpretations, and if add : Nat → Nat → Nat denotes addition, weexpect that:[[( λf : Nat → Nat . νy. (( y • = ); add y ( f y )))( λx. x ⊕ )]] = { , } = { , } The soundness result that we shall prove states that if P ։ Q then [[ P ]] ⊇ [[ Q ]].Intuitively, the possible behaviors of Q are among the possible behaviors of P .To formulate the denotational semantics, for ease of notation, we work withan `a la Church variant of the type system . That is, we suppose that the set ofvariables is partitioned in such a way that each variable has an intrinsic type.More precisely, for each type A there is a denumerably infinite set of variables x A , y A , z A , . . . of that type. We also decorate each occurrence of fail with itstype, i.e. we write fail A for the empty program of type A . Sometimes we omitthe type decoration if it is clear from the context. Under this assumption, it iseasy to show that the system enjoys a strong form of unique typing , i.e. that if X is a typable term or program then there is a unique derivation Γ ⊢ X : A , upto weakening of Γ with variables not in fv ( X ). This justifies that we may write ⊢ X : A omitting the context. Domain of interpretation.
We suppose given a non-empty set S α foreach base type α . The interpretation of a type A is a set written [[ A ]] and defined E.g. λ ℓ x. x • = λ ℓ x. x succeeds but λ ℓ x. x • = λ ℓ ′ x. x fails. We expect that a less naive semantics should be stateful, involving a memory , insuch a way that abstractions ( λx. P ) allocate a memory cell and store a closure,whereas allocated abstractions ( λ ℓ x. P ) denote a memory location in which a closureis already stored. Transitioning between Church vs. Curry style variants of this system is a straight-forward exercise, following for instance [6, Prop. 1.2.19].6 P. Barenbaum, F. Lochbaum, M. Milicich recursively as follows, where P ( X ) is the usual set-theoretic power set, and Y X is the set of functions with domain X and codomain Y :[[ α ]] def = S α [[ A → B ]] def = P ([[ B ]]) [[ A ]] Note that, for every type A , the set [[ A ]] is non-empty, given that we requirethat S α be non-empty. This decision is not arbitrary; rather it is necessary forsoundness to hold. For instance, operationally we have that x A ; y B guard −−−→ y B , sodenotationally we would expect [[ x A ; y B ]] ⊇ [[ y B ]]. This would not hold if [[ A ]] = ∅ and [[ B ]] = ∅ , as then [[ x A ; y B ]] = ∅ whereas [[ y B ]] would be a non-empty set.Another technical constraint that we must impose is that the interpretationof a value should always be a singleton . For example, operationally we havethat ( λx : Nat . x + x ) v ։ v + v , so denotationally, by soundness, we wouldexpect that [[( λx : Nat . x + x ) v ]] ⊇ [[ v + v ]]. If we had that [[ v ]] = { , } is nota singleton, then we would have that [[( λx. x + x ) v ]] = { , } whereas[[ v + v ]] = { , , , } .Following this principle, given that terms of the form c v . . . v n are values,their denotation [[ c v . . . v n ]] must always be a singleton. This means that con-structors must be interpreted as singletons, and constructors of function typeshould always return singletons (which in turn should return singletons if theyare functions, and so on, recursively). Formally, any element a ∈ [[ α ]] is declaredto be α -unitary , and a function f ∈ [[ A → B ]] is ( A → B ) -unitary if for each a ∈ [[ A ]] the set f ( a ) = { b } ⊆ [[ B ]] is a singleton and b is B -unitary. Sometimeswe say that an element a is unitary if the type is clear from the context. If f is( A → B )-unitary, and a ∈ [[ A ]] sometimes, by abuse of notation, we may write f ( a ) for the unique element b ∈ f ( a ). Interpretation of terms.
For each constructor c , we suppose given a T c -unitary element c ∈ [[ T c ]]. Moreover, we suppose that the interpretation of con-structors is injective , i.e. that c ( a ) . . . ( a n ) = c ( b ) . . . ( b n ) implies a i = b i forall i = 1 ..n .An environment is a function ρ : Var → S A ∈ Type [[ A ]] such that ρ ( x A ) ∈ [[ A ]]for each variable x A of each type A . If ρ is an environment and a ∈ [[ A ]], we write ρ [ x A a ] for the environment that maps x A to a and agrees with ρ on everyother variable. We write Env for the set of all environments.Let ⊢ t : A (resp. ⊢ P : A ) be a typable term (resp. program) and let ρ be anenvironment. If ⊢ X : A is a typable term or program, we define its denotation emantics of a Relational λ -Calculus (Extended Version) 17 under the environment ρ , written [[ X ]] ρ as a subset of [[ A ]] as follows: [[ x A ]] ρ def = { ρ ( x A ) } [[ c ]] ρ def = { c } [[ λx A . P ]] ρ def = { f } where f : [[ A ]] → P ([[ B ]]) is given by f ( a ) = [[ P ]] ρ [ x A a ] [[ λ ℓ x A . P ]] ρ def = { f } where f : [[ A ]] → P ([[ B ]]) is given by f ( a ) = [[ P ]] ρ [ x A a ] [[ t s ]] ρ def = { b | ∃ f ∈ [[ t ]] ρ , ∃ a ∈ [[ s ]] ρ , b ∈ f ( a ) } [[ t • = s ]] ρ def = { ok | ∃ a ∈ [[ t ]] ρ , ∃ b ∈ [[ s ]] ρ , a = b } [[ t ; s ]] ρ def = { a | ∃ b ∈ [[ t ]] ρ , a ∈ [[ s ]] ρ } [[ νx A . t ]] ρ def = { b | ∃ a ∈ [[ A ]] , b ∈ [[ t ]] ρ [ x A a ] } [[ fail A ]] ρ def = ∅ [[ t ⊕ P ]] ρ def = [[ t ]] ρ ∪ [[ P ]] ρ The denotation of a toplevel program is written [[ P ]] and defined as the union ofits denotations under all possible environments, i.e. [[ P ]] def = S ρ ∈ Env [[ P ]] ρ . Proposition 6.1 (Properties of the denotational semantics). Irrelevance. If ρ and ρ ′ agree on fv ( X ) , then [[ X ]] ρ = [[ X ]] ρ ′ . Here X standsfor either a program or a term. ♣ Lem. A.12.
Compositionality. ♣ Lem. A.22.1 [[ P ⊕ Q ]] ρ = [[ P ]] ρ ∪ [[ Q ]] ρ .2.2 If W is a context whose hole is of type A , then [[ W h t i ]] ρ = { b | a ∈ [[ t ]] ρ , b ∈ [[ W ]] ρ [ (cid:3) A a ] } .3. Interpretation of values. If v is a value then [[ v ]] ρ is a singleton. ♣ Lem. A.44.
Interpretation of substitution. ♣ Lem. A.5Let σ = { x A v , . . . , x A n n v n } be a substitution such that x i / ∈ fv ( v j ) forall i, j . Let [[ v i ]] ρ = { a i } for each i = 1 ..n (noting that values are singletons,by the previous item of this lemma). Then for any program or term X wehave that [[ X σ ]] ρ = [[ X ]] ρ [ x a ] ... [ x n a n ] . To conclude this section, the following theorem shows that the operationalsemantics is sound with respect to the denotational semantics.
Theorem 6.2 (Soundness).
Let Γ ⊢ P : A and P → Q . Then [[ P ]] ⊇ [[ Q ]] .The inclusion is an equality for all reduction rules other than the fail rule.Proof. The proof ( ♣ Thm. A.10.3) is technical by exhaustive case analysis ofall possible reduction steps, using Prop. 6.1 throughout. The unif rule is non-trivial, as it requires to formulate an invariant for the unification algorithm. Thecore of the argument is an auxiliary lemma essentially stating that if G H is astep of the unification algorithm that does not fail, then the set of environmentsthat fulfill the equality constraints imposed by G are the same environments thatfulfill the equality constraints imposed by H . Example 6.3.
Consider the reduction νx. (cid:16) ( λz. νy. (( z • = t 1 y ); ( t y x ))) ( t x ) (cid:17) ։ t 2 1 . If [[ Tuple ]] = [[
Nat ]] × [[ Nat ]] = N × N , the constructors : Nat , : Nat aregiven their obvious interpretations and t : Nat → Nat → Tuple is the pairingfunction , then for any environment ρ , if we abbreviate ρ ′ := ρ [ x n ][ z p ][ y m ], we have: [[ νx. (cid:16) ( λz. νy. (( z • = t 1 y ); ( t y x ))) ( t x ) (cid:17) ]] ρ = { [[( λz. νy. (( z • = t 1 y ); ( t y x ))) ( t x )]] ρ [ x n ] | n ∈ N } = { r | n ∈ N , f ∈ [[ λz. νy. (( z • = t 1 y ); ( t y x ))]] ρ [ x n ] , p ∈ [[ t x ]] ρ [ x n ] , r ∈ f ( p ) } = { r | n, m ∈ N , p ∈ [[ t x ]] ρ [ x n ] , r ∈ [[( z • = t 1 y ); ( t y x )]] ρ ′ } = { r | n, m ∈ N , p ∈ { ( n, } , r ∈ [[( z • = t 1 y ); ( t y x )]] ρ ′ } = { r | n, m ∈ N , p ∈ { ( n, } , b ∈ [[ z • = t 1 y ]] ρ ′ , r ∈ [[ t y x ]] ρ ′ } = { r | n, m ∈ N , p ∈ { ( n, } , p = (1 , m ) , r ∈ [[ t y x ]] ρ ′ } = { r | n ∈ { } , m ∈ { } , p ∈ { (1 , } , r ∈ [[ t y x ]] ρ ′ } = { (2 , } = [[ t 2 1 ]] ρ An example in which the inclusion is proper is the reduction step λ ℓ x. x • = λ ℓ ′ x. x fail −−−→ fail . Note that [[ λ ℓ x. x • = λ ℓ ′ x. x ]] = { ok } ) ∅ = [[ fail ]],given that our naive semantics equates the denotations of the abstractions, i.e. [[ λ ℓ x. x ]] = [[ λ ℓ ′ x. x ]], in spite of the fact that their locations differ. In this work, we have proposed the λ U -calculus (Def. 3.1) an extension of the λ -calculus with relational features, including non-deterministic choice and first-order unification. We have studied some of its operational properties, providingan inductive characterization of normal forms (Prop. 4.1), and provingthat it is confluent (Thm. 4.4) up to structural equivalence, by adapting thetechnique by Tait and Martin-L¨of. We have proposed a system of simple typesenjoying subject reduction (Prop. 5.2). We have also proposed a naive de-notational semantics, in which a program of type A is interpreted as a set ofelements of a set [[ A ]], for which we have proven soundness (Thm. 6.2). Thedenotational semantics is not complete.As of the writing of this paper, we are attempting to formulate a refined deno-tational semantics involving a notion of memory , following the ideas mentionedin footnote 6. One difficulty is that in a term like (( x • = λz. z ); y )(( y • = λz. z ); x ),there seems to be a cyclic dependency between the denotation of the subtermon the left and denotation of the subterm on the right, so it is not clear how toformulate the semantics compositionally.We have attempted to prove normalization results for the simply typed sys-tem, until now unsuccessfully. Given a constructor c : ( A → A ) → A , a self-looping term ω ( c ω ) with ω def = λx A . νy A → A . (( c y • = x ); y x ) can be built, so Precisely, t ( n ) = { f n } with f n ( m ) = { ( n, m ) } .emantics of a Relational λ -Calculus (Extended Version) 19 some form of positivity condition should be imposed. Other possible lines forfuture work include studying the relationship between calculi with patterns and λ U by means of translations, and formulating richer type systems. For instance,one would like to be able to express instantiation restrictions , in such a way thata fresh variable representing a natural number is of type Nat − while a term oftype Nat + represents a fully instantiated natural number. Related Work. On functional–logic programming, we have mentioned λ Prolog [24,22] and Curry [13,12]. Other languages combining functional andlogic features are Mercury [30] and Mozart/Oz [33]. There is a vast amountof literature on functional–logic programming. We mention a few works whichmost resemble our own. Miller [20] proposes a language with lambda-abstractionand a decidable extension of first-order unification which admits most generalunifiers. Chakravarty et al. [8] and Smolka [29] propose languages in which thefunctional–logic paradigm is modeled as a concurrent process with communica-tion. Albert et al. [1] formulate a big-step semantics for a functional–logic calcu-lus with narrowing. On pure relational programming (without λ -abstractions),recently Rozhplokas et al. [27] have studied the operational and denotational se-mantics of miniKanren. On λ -calculi with patterns (without full unification),there have been many different approaches to their formulation [16,2,17,25,3].On λ -calculi with non-deterministic choice (without unification), we shouldmention works on the λ -calculus extended with erratic [28] as well as with prob-abilistic choice [26,9]. Acknowledgements.
To Alejandro Daz-Caro for supporting our interactions.To Eduardo Bonelli, Delia Kesner, and the anonymous reviewers for their feed-back and suggestions.
A Technical Appendix
The following lemma summarizes some expected properties of substitution thatwe use throughout the appendix. We omit the proofs, which are routine:
Lemma A.1 (Properties of substitution).
Let σ be an arbitrary substitu-tion. Then:1. W h t i σ = W σ h t σ i . Note that there cannot be capture, given that W is a weakcontext, and it does not bind variables.2. ( t σ ) ρ = t σ · ρ t { x := v } σ = t σ { x := v σ } as long as there is no capture, i.e. x supp σ andfor all y ∈ fv ( t ) we have that x fv ( σ ( y )) .4. If v is a value then v σ is a value.5. The relation . is a preorder, i.e. reflexive and transitive. A.1 Unification Algorithm
We define the free variables ( fv ( G )), locations ( locs ( G )), and capture-avoidingsubstitution ( G { x := t } ) for goals as follows: fv ( { v • = w , . . . , v n • = w n } ) def = fv ( v • = w ) ∪ . . . ∪ fv ( v n • = w n ) locs ( { v • = w , . . . , v n • = w n } ) def = locs ( v • = w ) ∪ . . . ∪ locs ( v n • = w n ) { v • = w , . . . , v n • = w n }{ x := t } def = { ( v • = w ) { x := t } , . . . , ( v n • = w n ) { x := t }} Definition A.1 (Unification algorithm).
The following is a variant of Martelli–Montanari’s unification algorithm. We say that two values v , w clash if any ofthe following conditions holds:1. Constructor clash: v = c v . . . v n and w = d w . . . w m with c = d .2. Arity clash: v = c v . . . v n and w = c w . . . w m with n = m .3. Type clash: v = c v . . . v n and w = λ ℓ x. P or vice-versa.4. Location clash: v = λ ℓ x. P and w = λ ℓ ′ y. Q with ℓ = ℓ ′ .We define a rewriting system whose objects are unification problems G , and thesymbol ⊥ . The binary rewriting relation is given by the union of the followingrules. Note that “ ⊎ ” stands for the disjoint union of sets: { x • = x } ⊎ G u-delete G { v • = x } ⊎ G u-orient { x • = v } ⊎ G if v / ∈ Var { λ ℓ x. P • = λ ℓ x. P } ⊎ G u-match-lam G { c v . . . v n • = c w . . . w n } ⊎ G u-match-cons { v • = w , . . . , v n • = w n } ⊎ G { v • = w } ⊎ G u-clash ⊥ if v and w clash { x • = v } ⊎ G u-eliminate { x • = v } ⊎ G { x := v } if x ∈ fv ( G ) \ fv ( v ) { x • = v } ⊎ G u-occurs-check ⊥ if x = v and x ∈ fv ( v ) Lemma A.2 (Coherence is invariant by unification). If G is a coherentunification problem and G H then H is coherent. emantics of a Relational λ -Calculus (Extended Version) 21 Proof.
By inspection of the unification rules. The only interesting case is the u-eliminate rule: { x • = v } ∪ G u-eliminate { x • = v } ∪ G { x := v } Consider two abstractions λ ℓ y. t and λ ℓ ′ z. s in G such that, after performing thesubstitution ( λ ℓ y. t ) { x := v } = ( λ ℓ ′ z. s ) { x := v } they have the same location, i.e. ℓ = ℓ ′ . Then since G is coherent we have that λ ℓ y. t = λ ℓ ′ z. s , and this meansthat ( λ ℓ y. t ) { x := v } = ( λ ℓ ′ z. s ) { x := v } , as required. Theorem A.1.3.
Consider the relation restricted to coherent unificationproblems (Lem. A.2). Then:1. The relation is strongly normalizing.2. The normal forms of are ⊥ and sets of goals of the form { x • = v , . . . , x n • = v n } where x i = x j and x i / ∈ fv ( v j ) for every i, j ∈ ..n .If the normal form of G is { x • = v , . . . , x n • = v n } , we say that mgu ( G ) exists, and mgu ( G ) = { x v , . . . , x n v n } . If the normal form is ⊥ , wesay that mgu ( G ) fails.3. The substitution σ = mgu ( G ) exists if and only if there exists a unifier for G . When it exists, mgu ( G ) is an idempotent most general unifier . Moreover:3.1 The set G σ ∪ { σ ( x ) | x ∈ Var } is coherent.3.2 For any x ∈ Var and any allocated abstraction λ ℓ y. P in σ ( x ) , the location ℓ decorates an allocated abstraction in G .Proof. A straightforward adaptation of standard results, see for example [4, Sec-tion 4.6]. We only focus in the interesting differences, namely the two subitemsof item 3.:1. Let us write G ∗ ρ G ′ if there is a sequence of unification steps from G to G ′ such that ρ is the composition of all the substitutions performed in the u-eliminate steps.We claim that if G ∗ ρ G ′ then G ρ ∪ G ′ is coherent. By induction on thelength of the sequence. The empty case is immediate, so let us suppose that G ∗ τ G ′′ G ′ . By i.h. , G τ ∪ G ′′ is coherent. Consider two cases, dependingon whether the step G ′′ G ′ is an u-eliminate step or not.1.1 If it is an u-eliminate step, substituting a variable x for a value v , thenwe also have a step G τ ∪ G ′′ u-eliminate G τ · ( x v ) ∪ G ′ and by Lem. A.2we have that G τ · ( x v ) ∪ G ′ is coherent, as required.1.2 If it is not an u-eliminate step, then we also have a step G τ ∪ G ′′ G τ ∪ G ′ and by Lem. A.2 we have that G τ ∪ G ′ is coherent, as required.From this claim we have that if G ∗ { x • = v , . . . , x n • = v n } and σ := { x v , . . . , x n v n } then G σ ∪ { x • = v , . . . , x n • = v n } is coherent,which entails the required property.2. We claim that if G ∗ G ′ then for any allocated abstraction λ ℓ x. P in G ′ , thelocation ℓ decorates an allocated abstraction in G . This is straightforwardto prove by induction on the length of the reduction sequence, and it entailsthe required property. A.2 Properties of Most General UnifiersLemma A.1 (Properties of most general unifiers).
1. If σ, σ ′ are idempotent most general unifiers of G , there is a renaming , i.e. a substitution of the form ρ = { x y , . . . , x n y n } , such that σ ′ = σ · ρ .2. If σ is an idempotent most general unifier of G and y fv ( G ) , then σ ′ :=( y x ) · σ is an idempotent most general unifier of G { x := y } .3. If σ is an idempotent most general unifier of G and ℓ ′ locs ( G ) then thesubstitution σ ′ given by σ ′ ( x ) = σ ( x ) { ℓ := ℓ ′ } is an idempotent most generalunifier of G { ℓ := ℓ ′ } .Proof. We prove each item:1. A standard result, see for example [4, Section 4.6].2. Indeed:2.1
Unifier:
For each goal ( v • = w ) ∈ G , we have that v { x := y } σ ′ = v σ = w σ = w { x := y } σ ′ since y fv ( G ) and σ is a unifier of G .2.2 Most general:
Let ρ be a unifier of G { x := y } , i.e. such that v { x := y } ρ = w { x := y } ρ for every goal ( v • = w ) ∈ G . Then it is easily checked( x y ) · ρ is a unifier of G . Since σ is a most general unifier of G , wehave that ( x y ) · ρ = σ · τ for some τ . Hence ρ = ( y x ) · ( x y ) · ρ =( y x ) · σ · τ = σ ′ · τ as required.3. It suffices to observe that if G G ′ then G { ℓ := ℓ ′ } G ′ { ℓ := ℓ ′ } . Thisis easy to check for each rule. The only noteworthy remark is that in the u-clash we have that if v and w have a location clash, then v { ℓ := ℓ ′ } and w { ℓ := ℓ ′ } also have a location clash, because ℓ ′ locs ( G ).Then by induction on the number of steps, we have that if the normalform of G is { x • = v , . . . , x n • = v n } , then the normal form of G { ℓ := ℓ ′ } is { x • = v { ℓ := ℓ ′ } , . . . , x n • = v n { ℓ := ℓ ′ }} . Lemma A.2 (Compositionality of most general unifiers).
The followingare equivalent:1. σ = mgu ( G ∪ H ) exists.2. σ = mgu ( G ) and σ = mgu ( H σ ) both exist.Moreover, if σ, σ , σ exist, then σ = σ · σ · ρ for some renaming ρ .Proof. (1 = ⇒
2) Let σ = mgu ( G ∪ H ). Note in particular that σ is a unifier for G ,so σ = mgu ( G ) exists by Thm. A.1.3. On the other hand, note that σ ismore general than σ , so σ = σ · τ for some substitution τ . Since σ is a unifierfor H , we have that τ is a unifier for H σ . This means that σ = mgu ( H σ )exists by Thm. A.1.3.(2 = ⇒
1) We claim that σ · σ is a unifier of G ∪ H . Indeed, note if v • = w is agoal in G we have that σ is a unifier for G , so v σ = w σ and v σ · σ = w σ · σ .Moreover, if v • = w is a goal in H , then v σ • = w σ is a goal in H σ , and since σ is a unifier for H σ we conclude that v σ · σ • = w σ · σ , as required. emantics of a Relational λ -Calculus (Extended Version) 23 For the final property in the statement, by Lem. A.1, it suffices to show that σ · σ is more general than σ . Indeed, since σ is a unifier of G , we have that σ = σ · τ for some substitution τ , and since τ is a unifier of H σ , we have that τ = σ · τ ′ for some substitution τ ′ , then σ = σ · σ · τ , which means that σ · σ is more general than σ . A.3 Proof of Lem. 3.2 — Coherence Invariant
Proof.
Item 1. is immediate by inspection of all the possible rules defining ≡ .For item 2., rules guard , fresh , and fail are immediate. Let us analyze theremaining cases:1. alloc : W h λx. t i → W h λ ℓ x. t i . Immediate, as evaluation is under a weakcontext W , so the newly allocated abstraction has no variables bound by W .Moreover the new location is fresh so there are no other abstractions in thesame location, and the rest of the program remains unmodified.2. beta : W h ( λ ℓ x. P ) v i → W h P { x := v }i . First consider an allocated abstrac-tion λ ℓ ′ y. Q in W h P { x := v }i and let us show that it has no variables boundby the context. If it is disjoint from the contracted redex, it is immediate.If it is in P , i.e. P = C h λ ℓ ′ y. Q ′ i then λ ℓ ′ y. Q ′ has no variables bound by C , so λ ℓ ′ y. Q = λ ℓ ′ y. Q ′ { x := v } also has no variables bound by C . If it isinside one of the copies of v , then it also has no variables bound by C , assubstitution is capture-avoiding.Consider any two abstractions λ ℓ ′ y. Q and λ ℓ ′ y. R in W h P { x := v }i suchthat they have the same location, and consider three cases, depending onthe positions of the lambdas:2.1 If each lambda lies inside W or inside one of the copies of v , then theycan be traced back to abstractions in the term on the left-hand side, so Q = R by hypothesis.2.2 If the lambdas are both in P , i.e. P = C h λ ℓ ′ y. Q || λ ℓ ′ y. R i then Q = R by hypothesis. Moreover, note that by the invariant x fv ( Q ) ∪ fv ( R ),so the lambdas in the reduct are equal.2.3 If one lambda is in P , i.e. P = C h λ ℓ ′ y. Q i , and the other one in W or ina copy of v , note that by the invariant x fv ( Q ), so ( λ ℓ ′ y. Q ) { x := v } = λ ℓ ′ y. Q , so the lambdas in the reduct are equal.3. unif : W h v • = w i → W h ok i σ . First consider an allocated abstraction λ ℓ x. P in W h ok i σ . Then W h ok i = C h λ ℓ x. P ′ i such that P ′ σ = P . Note that P ′ hasno variables bound by C , so P ′ σ also has no variables bound by C , given thatsubstitution is capture-avoiding, and σ is coherent.Consider moreover any two allocated abstractions λ ℓ x. P and λ ℓ x. Q , in W h ok i σ such that they have the same location, and consider three casesdepending on the positions of the lambdas:3.1 If the lambdas are both in W , then their bodies trace back to the termon the left-hand side, λ ℓ x. P and λ ℓ x. Q , so P = Q are equal byhypothesis, and moreover P = P σ = Q σ = Q , as required. W and the other one in σ ( y ) for some variable y ∈ fv ( W h ok i ), suppose without loss of generality that the position of thelambda of λ ℓ x. P is inside W . Then there is an abstraction λ ℓ x. P inthe term of the left-hand side of the rule such that P = P σ . Moreover, λ ℓ x. Q is an abstraction of the term σ ( y ). By Thm. A.1.3, there mustbe an abstraction λ ℓ x. Q of v • = w such that, moreover, Q σ = Q . Thensince λ ℓ x. P and λ ℓ x. Q are abstractions on the left-hand side, we haveby hypothesis that P = Q , hence P = P σ = Q σ = Q , as required.3.3 If the lambdas are in the terms σ ( y ) and σ ( z ), for certain variables y, z ∈ fv ( W h ok i ), then by Thm. A.1.3, there must terms λ ℓ x. P and λ ℓ x. Q each of which is an abstraction of v • = w , and such that moreover P σ = P and Q σ = Q . Then since λ ℓ x. P and λ ℓ x. Q are abstractionson the left-hand side, we have by hypothesis that P = Q , hence P = P σ = Q σ = Q , as required. A.4 Proof of Lem. 3.3 — Reduction modulo structural equivalenceLemma A.1.
Basic properties of structural equivalence The following propertieshold:1. P ⊕ Q ≡ Q ⊕ P
2. If P ≡ P ′ then Q ⊕ P ⊕ Q ≡ Q ⊕ P ′ ⊕ Q Proof.
Straightforward, by induction on the derivation of the correspondingequivalences.We turn to the proof of Lem. 3.3:
Proof.
By induction on the derivation of P ≡ P ′ . The reflexivity and transitivitycases are immediate. Moreover, it is easy to check that the axioms are symmetric.So it suffices to show that the property holds when P ≡ P ′ is derived using oneof the axioms:1. ≡ -swap : Let t → Q . The situation is: P ⊕ t ⊕ s ⊕ P (cid:15) (cid:15) ≡ P ⊕ s ⊕ t ⊕ P (cid:15) (cid:15) P ⊕ Q ⊕ s ⊕ P ≡ P ⊕ s ⊕ Q ⊕ P The equivalence at the bottom is justified by Lem. A.1.2. ≡ -var : Let t → Q , z fv ( t ). Then we argue that t { y := z } → Q { y := z } ≡ Q . By case analysis on the reduction rule applied.2.1 alloc : The situation is: P ⊕ W h λx. P i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W { y := z }h λx. P { y := z }i ⊕ P (cid:15) (cid:15) P ⊕ W h λ ℓ x. P i ⊕ P ≡ P ⊕ W { y := z }h λ ℓ ′ x. P { y := z }i ⊕ P For the equivalence at the bottom is justified using ≡ -var to rename y to z , and ≡ -loc if necessary to rename ℓ to ℓ ′ . emantics of a Relational λ -Calculus (Extended Version) 25 beta : The situation is: P ⊕ W h ( λ ℓ x. P ) v i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W { y := z }h ( λ ℓ x. P { y := z } ) v { y := z }i ⊕ P (cid:15) (cid:15) P ⊕ W h P { x := v }i ⊕ P ≡ P ⊕ W { y := z }h P { x := v }{ y := z }i ⊕ P For the equivalence at the bottom, note that by Lem. A.1, P { x := v }{ y := z } = P { y := z }{ x := v { y := z }} .2.3 guard : This case is straightforward.2.4 fresh : The situation is: P ⊕ W h νx. t i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W { y := z }h νx. t { y := z }i ⊕ P (cid:15) (cid:15) P ⊕ W h t i ⊕ P ≡ P ⊕ W { y := z }h t { y := z }i ⊕ P Note that assume x = y by Barendregt’s variable convention.2.5 unif : Let mgu ( v • = w ) = σ . Then σ ′ := ( z y ) · σ is an idempotent mostgeneral unifier of the single goal v { y := z } • = w { y := z } by Lem. A.1. So σ ′′ = mgu ( v { y := z } • = w { y := z } ) exists and σ ′′ = σ ′ · ρ = ( z y ) · σ · ρ for some renaming ρ . P ⊕ W h v • = w i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W { y := z }h v { y := z } • = w { y := z }i ⊕ P (cid:15) (cid:15) P ⊕ W { y := z }h ok i σ ′′ ⊕ P P ⊕ W h ok i σ ⊕ P ≡ P ⊕ W h ok i σ · ρ ⊕ P The equivalence at the bottom may be deduced by repeatedly applyingthe ≡ -var rule to perform the renaming ρ .2.6 fail : Suppose that mgu ( v • = w ) fails. Then mgu ( v { y := z } • = w { y := z } )must also fail, for if σ were a unifier of ( v { y := z } • = w { y := z } ) then( y z ) · σ would be a unifier of v • = w by Lem. A.1. So we have: P ⊕ W h v • = w i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W { y := z }h v { y := z } • = w { y := z }i ⊕ P (cid:15) (cid:15) P ⊕ P ≡ P ⊕ P ≡ -loc : If the ≡ -loc rule and the rewriting rule are applied on differentthreads, it is straightforward. Otherwise we proceed by case analysis on thereduction rule applied:3.1 alloc : Let us write W ′ := W { ℓ := ℓ } and Q ′ := Q { ℓ := ℓ } . Then: P ⊕ W h λx. Q i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W ′ h λx. Q ′ i ⊕ P (cid:15) (cid:15) P ⊕ W h λ ℓ x. Q i ⊕ P ≡ P ⊕ W ′ h λ ℓ ′ x. Q ′ i ⊕ P The equivalence on the bottom may be deduced by applying the ≡ -loc rule to rename ℓ to ℓ , and possibly the ≡ -loc again to rename ℓ to ℓ ′ .Note that there is no possibility of conflict because ℓ and ℓ ′ are fresh.3.2 beta : Let us write W ′ := W { ℓ := ℓ } , Q ′ := Q { ℓ := ℓ } , and v ′ := v { ℓ := ℓ } . Then we have: P ⊕ W h ( λ ℓ x. Q ) v i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W ′ h ( λ ℓ { ℓ := ℓ } x. Q ′ ) v ′ i ⊕ P (cid:15) (cid:15) P ⊕ W h Q { x := v }i ⊕ P ≡ P ⊕ W ′ h Q ′ { x := v ′ }i ⊕ P The equivalence on the bottom may be deduced by repeatedly applyingthe ≡ -loc rule.3.3 guard : This case is straightforward.3.4 fresh : This case is straightforward.3.5 unif : Consider a thread of the form W h v • = w i , and suppose that σ = mgu ( v • = w ) exists. Let us write W ′ := W { ℓ := ℓ ′ } , v ′ := v { ℓ := ℓ ′ } ,and w ′ := w { ℓ := ℓ ′ } . By Lem. A.1, the substitution σ ′ given by σ ′ ( x ) = σ ( x ) { ℓ := ℓ ′ } is an idempotent most general unifier of { v ′ • = w ′ } so σ ′′ = mgu ( v ′ • = w ′ ) exists and moreover, by Lem. A.1, we have σ ′′ = σ ′ · ρ for some renaming ρ . Note that W ′ h ok i σ ′ = W h ok i σ { ℓ := ℓ ′ } ; so: P ⊕ W h v • = w i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W ′ h v ′ • = w ′ i ⊕ P (cid:15) (cid:15) P ⊕ W ′ h ok i σ ′ · ρ ⊕ P P ⊕ W h ok i σ ⊕ P ≡ P ⊕ W h ok i σ { ℓ := ℓ ′ } ρ ⊕ P The equivalence at the bottom may be deduced applying the ≡ -loc rule to rename ℓ to ℓ ′ and then repeatedly applying the ≡ -var rule toperform the renaming ρ .3.6 fail : Consider a thread of the form W h v • = w i , and let us write W ′ := W { ℓ := ℓ ′ } , v ′ := v { ℓ := ℓ ′ } , and w ′ := w { ℓ := ℓ ′ } . Suppose moreoverthat mgu ( v • = w ) fails. Then mgu ( v ′ • = w ′ ) must also fail, for if σ werea unifier of v ′ • = w ′ , the substitution σ ′ given by σ ′ ( x ) = σ ( x ) { ℓ ′ := ℓ } would be a unifier of v • = w . Hence: P ⊕ W h v • = w i ⊕ P (cid:15) (cid:15) ≡ P ⊕ W ′ h v ′ • = w ′ i ⊕ P (cid:15) (cid:15) P ⊕ P ≡ P ⊕ P A.5 Proof of Prop. 4.1 — Characterization of Normal FormsLemma A.1 (Values are irreducible). If v is a value, then it is a normalform. emantics of a Relational λ -Calculus (Extended Version) 27 Proof.
Straightforward by induction on v . Lemma A.2 (Application of a stuck term). If S is stuck and t ⋆ is a normalterm, then S t ⋆ is stuck.Proof. Straightforward by case analysis on the derivation of the judgment “ S ▽ ”. Lemma A.3 (Values and stuck terms are disjoint).
A stuck term S is nota value.Proof. By induction on the derivation of the judgment “ S ▽ ”. First, note thatif S = x t ⋆ . . . t ⋆n is stuck, it cannot be value because n >
0. Second, note that if S = c t ⋆ . . . t ⋆n is stuck, it cannot be value because by i.h. there is an i such that t ⋆i is not a value. In the remaining cases, we have either S = ( t ⋆ ; t ⋆ ) s ⋆ . . . s ⋆n , S = ( t ⋆ • = t ⋆ ) s ⋆ . . . s ⋆n or S = ( λ ℓ x. P ) t ⋆ s ⋆ . . . s ⋆n , so the term S is clearly not avalue.We turn to the proof of Prop. 4.1. We prove the two inclusions. For the( ⊆ ) inclusion, by induction on a given normal program, it suffices to show thatany normal term t ⋆ is a → -normal form, which can be seen by induction onthe derivation that t ⋆ is a normal term. Recall that values are → -normal forms(Lem. A.1) so we are left to check that any stuck term is a → -normal form. If t ⋆ is stuck, it is straightforward to check, in each case of the definition of thejudgment t ⋆ ▽ , that the resulting term has no → -redexes. Using the fact that astuck term S cannot be a value (Lem. A.3), the key remarks are that:1. stuck-guard : t ⋆ ; t ⋆ cannot be a guard −−−→ -redex because t ⋆ is stuck (hence nota value);2. stuck-unif : t ⋆ • = t ⋆ cannot be a unif −−−→ -redex nor a fail −−−→ -redex because forsome i ∈ { , } the term t ⋆i is stuck (hence not a value);3. stuck-lam : ( λ ℓ x. P ) t ⋆ cannot be a beta −−−→ -redex because the term t ⋆ is stuck(hence not a value).For the ( ⊇ ) inclusion, by induction on a given program, it suffices to showthat any term t in → -normal form is actually a normal term. By induction on t :1. Variable, t = x . Then t is a value.2. Constructor, t = c . Then t is a value.3. Fresh variable declaration, t = νx. s . Impossible, as it is not a → -normalform.4. Abstraction code, t = λx. s . Impossible, as it is not a → -normal form.5. Allocated abstraction, t = λ ℓ x. s . Then t is a value.6. Application, t = s u . Note that s and u are → -normal forms. By i.h. , s and u are normal terms, that is they are either a value or a stuck term. We considerthe following four cases, depending on the shape of s :6.1 If s = x , then x u is stuck by stuck-var .6.2 If s = c v . . . v n , then:6.2.1 If u is a value, c v . . . v n u is a value. u is stuck, c v . . . v n u is stuck by stuck-cons .6.3 If s = λ ℓ x. P then:6.3.1 If u is a value, this case is impossible because ( λ ℓ x. P ) u has a beta −−−→ -redex.6.3.2 If u is stuck, then ( λ ℓ x. P ) u is stuck by stuck-lam .6.4 If s is stuck, then s u is stuck by Lem. A.2.7. Guarded expression, t = ( s ; u ) . Note that s and u are → -normal forms. By i.h. , s and u are normal terms, that is they are either a value or a stuckterm. Note that s cannot be a value, because s ; u would have a guard −−−→ -redex,so s is stuck and s ; u is stuck by stuck-guard .8. Unification, t = ( s • = u ) . Note that s and u are → -normal forms. By i.h. , s and u are normal terms, that is they are either a value or a stuck term.Note that s and u cannot both be values, because s • = u would have eithera unif −−−→ -redex (if mgu ( s • = u ) exists) or a unif −−−→ -redex (if mgu ( s • = u ) fails). Soeither s is stuck or u is stuck, so we have that s • = u is stuck by stuck-unif . A.6 Proof of Lem. 4.2, item 3. — Simultaneous reduction modulostructural equivalenceLemma A.1 (Goals in a simultaneous reduction are in the term).
Let t G = ⇒ P . Then G is a subset of the set: { v • = w | ∃ W . t = W h v • = w i} In particular, fv ( G ) ⊆ fv ( t ) and locs ( G ) ⊆ locs ( t ) .Proof. Straightforward by induction on the derivation of t G = ⇒ P . Lemma A.2 (Simultaneous evaluation of an alternative).
The followingare equivalent:1. P ⊕ Q ⇒ R R can be written as P ′ ⊕ Q ′ , where P ⇒ P ′ and Q ⇒ Q ′ .Proof. Straightforward, by induction on P . Lemma A.3 (Action of renaming on simultaneous evaluation).
1. If t G = ⇒ P then t { x := y } G { x := y } ===== ⇒ P { x := y } .2. If t G = ⇒ P then t { ℓ := ℓ ′ } G { ℓ := ℓ ′ } ===== ⇒ P { ℓ := ℓ ′ } .Proof. Straightforward by induction on the derivation of t G = ⇒ P .We turn to the proof of Lem. 4.2, item 3: Proof.
By induction on the derivation of P ≡ P ′ . It suffices to show that theproperty holds when P ≡ P ′ is derived using one of the axioms: emantics of a Relational λ -Calculus (Extended Version) 29 ≡ -swap : The situation is P ⊕ t ⊕ t ⊕ P (cid:11) (cid:19) ≡ P ⊕ t ⊕ t ⊕ P (cid:11) (cid:19) P ′ ⊕ Q ⊕ Q ⊕ P ′ ≡ P ′ ⊕ Q ⊕ Q ⊕ P ′ where by Lem. A.2 we have that P ⇒ P ′ , t ⇒ Q , t ⇒ Q , and P ⇒ P ′ .The equivalence at the bottom is justified by Lem. A.1.2. ≡ -var : Consider a program of the form P ⊕ t ⊕ P , and let y fv ( t ).Moreover, suppose that P ⊕ t ⊕ P ⇒ R . By Lem. A.2 we have that R = P ′ ⊕ Q ⊕ P ′ where P ⇒ P ′ , t ⇒ Q , and P ⇒ P ′ . The simultaneousreduction step t ⇒ Q is deduced from t G = ⇒ Q ′ for some set of goals G , insuch a way that: Q = ( Q ′ σ if σ = mgu ( G ) fail if mgu ( G ) failsBy Lem. A.3, this means that t { x := y } G { x := y } ===== ⇒ Q ′ { x := y } . Note that fv ( G ) ⊆ fv ( t ) by Lem. A.1, so in particular y fv ( G ). This implies byLem. A.1 that σ = mgu ( G ) exists if and only if σ ′ = mgu ( G { x := y } )exists.If σ = mgu ( G ) exists, moreover by Lem. A.1 we have that σ ′ = ( y x ) · σ · ρ for some renaming ρ , and the situation is: P ⊕ t ⊕ P (cid:11) (cid:19) ≡ P ⊕ t { x := y } ⊕ P (cid:11) (cid:19) P ⊕ Q ′ { x := y } ( y x ) · σ · ρ ⊕ P P ⊕ Q ′ σ ⊕ P ≡ P ⊕ ( Q ′ σ ) ρ ⊕ P The equivalence at the bottom is justified using ≡ -var to apply the renaming ρ . If mgu ( G ) fails, the situation is: P ⊕ t ⊕ P (cid:11) (cid:19) ≡ P ⊕ t { x := y } ⊕ P (cid:11) (cid:19) P ⊕ P ≡ P ⊕ P ≡ -loc : Similar as the previous case. Let ℓ ′ locs ( t ). By Lem. A.3 we mayconclude that if t G = ⇒ Q ′ then t { ℓ := ℓ ′ } G { ℓ := ℓ ′ } ===== ⇒ Q ′ { ℓ := ℓ ′ } . Note that locs ( G ) ⊆ locs ( t ) by Lem. A.1, so in particular ℓ ′ fv ( G ). This implies byLem. A.1 that σ = mgu ( G ) exists if and only if σ ′ = mgu ( G { ℓ := ℓ ′ } ) exists.If σ = mgu ( G ) exists, moreover by Lem. A.1 we have that σ ′ = σ ′′ · ρ where ρ is a renaming, and σ ′′ is a substitution such that σ ′′ ( x ) = σ ( x ) { ℓ := ℓ ′ } . Hence the situation is: P ⊕ t ⊕ P (cid:11) (cid:19) ≡ P ⊕ t { ℓ := ℓ ′ } ⊕ P (cid:11) (cid:19) P ⊕ Q ′ { ℓ := ℓ ′ } σ ′′ · ρ ⊕ P P ⊕ Q ′ σ ⊕ P ≡ P ⊕ Q ′ σ { ℓ := ℓ ′ } ρ ⊕ P The equivalence at the bottom is justified using ≡ -loc to rename ℓ to ℓ ′ ,and ≡ -var to apply the renaming ρ . If mgu ( G ) fails, the situation is: P ⊕ t ⊕ P (cid:11) (cid:19) ≡ P ⊕ t { x := y } ⊕ P (cid:11) (cid:19) P ⊕ P ≡ P ⊕ P A.7 Proof of Prop. 4.3 — Tait–Martin-L¨of ’s Technique
For the proofs, we work with the following
Thread rule and the following variantof the
Alt rule, which is obviously equivalent to the one in the main body of thepaper: t G = ⇒ P P ′ = ( P σ if σ = mgu ( G ) fail if mgu ( G ) fails Thread t ⇒ P ′ t ⇒ P Q ⇒ Q ′ Alt’ t ⊕ Q ⇒ P ⊕ Q ′ Lemma A.1 (“ → ⊆ ⇒≡ ”). If t → P then t ⇒≡ P .Proof. By case analysis on the rule used to conclude t → P .1. alloc : W h λx. P i → W h λ ℓ x. P i for some location ℓ locs ( W h λx. P i ). Notethat λx. P ∅ = ⇒ λ ℓ ′ x. P for an (a priori different) fresh location ℓ ′ by rule Abs C .By context closure (Lem. 4.2), applying the Thread rule once, we have that W h λx. P i ⇒ W h λ ℓ ′ x. P i ≡ W h λ ℓ x. P i as required. The last equivalence isjustified renaming ℓ ′ to ℓ .2. beta : W h ( λ ℓ x. P ) v i → W h P { x := v }i . Note that ( λ ℓ x. P ) v ∅ = ⇒ P { x := v } by rule App , so by context closure (Lem. 4.2), applying the Thread ruleonce, we conclude.3. fresh : W h νx. t i → W h t { x := y }i for some variable y fv ( W ). Note that νx. t ∅ = ⇒ t { x := y } for an (a priori different) fresh variable y by rule Fresh .By context closure (Lem. 4.2), applying the Thread rule once, we have that W h νx. t i ⇒ W h t { x := y }i ≡ W h t { x := y }i The last equivalence is justifiedrenaming y to y .4. guard : W h v ; t i → W h t i . Note that v ; t ∅ = ⇒ t by rule Guard . By contextclosure (Lem. 4.2), applying the Thread rule once, we have that W h v ; t i ⇒ W h t i as required. emantics of a Relational λ -Calculus (Extended Version) 31 unif : Suppose that σ = mgu ( v • = w ), and let W h v • = w i → W h ok i σ . Notethat v • = w { v • = w } ==== ⇒ ok by rule Unif , so by context closure and applying the Thread rule once we have that W h v • = w i ⇒ W h ok i σ , as required.6. fail : Suppose that mgu ( v • = w ) fails, and let W h v • = w i → W h ok i σ . Notethat v • = w { v • = w } ==== ⇒ ok by rule Unif , so by context closure and applying the Thread rule once we have that W h v • = w i ⇒ fail , as required. Lemma A.2 (“ ⇒ ⊆ ։ ≡ ”). Let t G = ⇒ P . Given any weak context W and anysubstitution α we have:1. If σ = mgu ( G α ) , then W h t i α ։ ≡ W h P i α · σ .2. If mgu ( G α ) fails, then W h t i α ։ ≡ fail .Proof. By induction on the derivation of t G = ⇒ P :1. Var : Note that mgu ( ∅ ) is the identity substitution, so W h x i α ։ W h x i α inzero steps.2. Cons : Immediate, similar to the
Var case.3.
Fresh : Immediate, similar to the Var case.4.
Fresh : Let νx. t G = ⇒ P be derived from t G = ⇒ P , where x is a fresh variable.Moreover, let x ′ fv ( W α ). Then we have that: W h νx. t i α = W α h νx ′ . t { x := x ′ } α i fresh −−−→ W α h t { x := x ′ } α i = W h t { x := x ′ }i α ≡ W h t i α There are two subcases, depending on whether mgu ( G α ) exists:4.1 If σ = mgu ( G α ), then by i.h. , W h t i α ։ ≡ W h P i α · σ , so since ≡ is a strongbisimulation (Lem. 3.3), W h νx. t i α ։ ≡ W h P i α · σ as required.4.2 If mgu ( G α ) fails, then by i.h. , W h t i α ։ ≡ fail , so since ≡ is a strongbisimulation (Lem. 3.3), W h νx. t i α ։ ≡ fail as required.5. Abs C : Immediate, similar to the Var case.6.
Abs C : Let λx. P ∅ = ⇒ λ ℓ x. P , where ℓ is a fresh location. Moreover, let ℓ ′ locs ( W h λx. P i α ). Then: W h λx. P i α = W α h λx. P α i alloc −−−→ W α h λ ℓ ′ x. P α i ≡ W α h λ ℓ x. P α i = W h λ ℓ x. P i α so W h λx. P i α ։ ≡ W h λ ℓ x. P i α . Note that mgu ( ∅ ) is the identity substitu-tion, so we are done.7. Abs A : Immediate, similar to the Var case.8.
App : Let t s G ∪ H === ⇒ P Q be derived from t G = ⇒ P and s H = ⇒ Q . We consider twosubcases, depending on whether mgu ( G α ) exists:8.1 If σ = mgu ( G α ) exists. Let us write P = L ni =1 t i . Then applying the i.h. for the term t under the weak context W h (cid:3) s i , we have that W h t s i α ։ ≡ W h P s i α · σ = L ni =1 W h t i s i α · σ . We consider two further subcases, de-pending on whether mgu ( H α · σ ) exists: ρ = mgu ( H α · σ ) exists, then applying the i.h. for each 1 ≤ i ≤ n , for the term s under the weak context W h t i (cid:3) i , we have that W h t i s i α · σ ։ ≡ W h t i Q i α · σ · ρ . Moreover, by the compositionality prop-erty (Lem. A.2) we have that τ = mgu ( G α ∪ H α ) exists, and it is arenaming of σ · ρ . In summary, we have: W h t s i α ։ ≡ W h P s i α · σ by i.h. on t = L ni =1 W h t i s i α · σ ։ ≡ L ni =1 W h t i Q i α · σ · ρ by i.h. on s = W h P Q i α · σ · ρ ≡ W h P Q i α · τ so since ≡ is a strong bisimulation (Lem. 3.3), W h t s i α ։ ≡ W h P Q i α · τ ,as required.8.1.2 If mgu ( H α · σ ) fails, then applying the i.h. for each 1 ≤ i ≤ n , for theterm s under the weak context W h t i s i , we have that W h t i s i α · σ ։ ≡ fail . Moreover, by the compositionality property (Lem. A.2) wehave that mgu ( G α ∪ H α ) also fails, so we have: W h t s i α ։ ≡ W h P s i α · σ by i.h. on t = L ni =1 W h t i s i α · σ ։ ≡ L ni =1 fail by i.h. on s = fail so since ≡ is a strong bisimulation (Lem. 3.3), W h t s i α ։ ≡ fail , asrequired.8.2 If mgu ( G α ) fails, then applying the i.h. for the term t under the weakcontext W h (cid:3) s i we have that W h t s i α ։ ≡ fail . Moreover, by the com-positionality property (Lem. A.2) we have that mgu ( G α ∪ H α ) also fails,so we are done.9. App : Let ( λx. P ) v ∅ = ⇒ P { x := v } . Then since mgu ( ∅ ) is the identity substi-tution we have: W h ( λx. P ) v i α = W α h ( λx. P α ) v α i beta −−−→ W α h P α { x := v α }i = W h P { x := v }i α This concludes this case. The fact that v α is indeed a value (required to beable to apply the beta rule), and the last equality are justified by Lem. A.1.10. Guard : Similar to the App case.11. Guard : Let v ; t G = ⇒ P be derived from t G = ⇒ P . Let us write P = L ni =1 t i . Weconsider two cases, depending on whether mgu ( G α ) exists:11.1 If σ = mgu ( G α ) exists, then applying the i.h. on the term t under thecontext W h v ; (cid:3) i we have that W h v ; t i α ։ ≡ W h v ; P i α · σ . Moreover, byLem. A.1, v α · σ is a value so we may apply the guard rule: W h v ; t i α ։ ≡ W h v ; P i α · σ by i.h. on t = W α · σ h v α · σ ; P α · σ i = L ni =1 W α · σ h v α · σ ; t iα · σ i guard −−−→−→ L ni =1 W α · σ h t iα · σ i = L ni =1 W h t i i α · σ = W h P i α · σ emantics of a Relational λ -Calculus (Extended Version) 33 so since ≡ is a strong bisimulation (Lem. 3.3), we have that W h v ; t i α ։ ≡ W h P i α · σ as required.11.2 If mgu ( G α ) fails, then applying the i.h. on the term t under the context W h v ; (cid:3) i we have that W h v ; t i α ։ ≡ fail , as required.12. Unif : Similar to the App case.13. Unif : Let v • = w { v • = w } ==== ⇒ ok . We consider two cases, depending on whether mgu ( { v α • = w α } ) exists:13.1 If σ = mgu ( { v α • = w α } ) exists, note that by Lem. A.1, v α · σ and w α · σ arevalues and we may apply the unif rule: W h v • = w i α = W α h v α • = w α i unif −−−→ W α h ok i σ = W h ok i α · σ so W h v • = w i α ։ ≡ W h ok i α · σ as required.13.2 If mgu ( { v α • = w α } ) fails, note that by Lem. A.1, v α · σ and w α · σ are valuesand we may apply the fail rule: W h v • = w i α = W α h v α • = w α i fail −−−→ fail so W h v • = w i α ։ ≡ fail as required. Lemma A.3 (Values are irreducible).
Let v G = ⇒ P with v a value. Then G = ∅ and P = v .Proof. Straightforward by induction on v . Note that the only rules that may beapplied are Var , Cons , Abs A , and App . Lemma A.4 (Diamond property).
Let t G = ⇒ L ni =1 t i and t G = ⇒ L mj =1 t ⋆j .Then there exist two sets of goals G ′ and G ′ , and programs P , . . . , P n and P ⋆ , . . . , P ⋆m such that:1. t i G ′ = ⇒≡ P i for all ≤ i ≤ n ;2. t ⋆j G ′ = ⇒≡ P ⋆j for all ≤ j ≤ m ;3. ⊕ ni =1 P i ∼ ⊕ mj =1 P ⋆j where “ ∼ ” denotes the least equivalence generated bythe ≡ -swap axiom, i.e. structural equivalence allowing only permutation ofthreads;4. G ∪ G ′ = G ∪ G ′ .Proof. By induction on t :1. Variable, t = x . The only rule that applies is
Var , i.e. x ∅ = ⇒ x , so this caseis trivial. More precisely, we have that n = m = 1 and t = t ⋆ = x , with G = G = ∅ , so taking G ′ = G ′ = ∅ and P = P ⋆ = x it is straightforwardto check that all the properties hold. Constructor, t = c . Immediate, similar to the variable case.3.
Fresh variable declaration, t = νx. s . There are four cases, depending onwhether each of the simultaneous steps is deduced by
Fresh or Fresh :3.1 Fresh / Fresh : Immediate, similar to the variable case.3.2 Fresh / Fresh : Let νx. s ∅ = ⇒ νx. s be derived by rule Fresh (so that n = 1, t = νx. s , and G = ∅ ), and let νx. s G = ⇒ L mj =1 t ⋆j be derivedby rule Fresh from s G = ⇒ t ⋆j . Then taking G ′ := ∅ , G ′ := G , P := L mj =1 t ⋆j and P ⋆j := t ⋆j for each 1 ≤ j ≤ m , using reflexivity for terms(Lem. 4.2) we have: Fresh t = νx. s G = ⇒ m M j =1 t ⋆j (Lem. 4.2) t ⋆j ∅ = ⇒ t ⋆j Fresh / Fresh : Symmetric to the previous case ( Fresh / Fresh ).3.4 Fresh / Fresh : Let νx. s G = ⇒ L ni =1 t i be derived by rule Fresh from s G = ⇒ L ni =1 t i , and let νx. s G = ⇒ L mj =1 t j be derived by rule Fresh from s G = ⇒ L nj =1 t ⋆j . Then by i.h. on s there exist sets of goals G ′ , G ′ andprograms P , . . . , P n , P ⋆ , . . . , P ⋆m such that: t i G ′ = ⇒≡ P i t ⋆i G ′ = ⇒≡ P j n M i =1 P i ∼ m M j =1 P j G ∪ G ′ = G ∪ G ′ which concludes this subcase.4. Abstraction code, t = λx. P . There are four cases, depending on whethereach of the simultaneous steps is deduced by
Abs C or Abs C :4.1 Abs C / Abs C : Immediate, similar to the variable case.4.2 Abs C / Abs C : Let λx. P ∅ = ⇒ λx. P be derived from rule Abs C , and let λx. P ∅ = ⇒ λ ℓ x. P be derived from rule Abs C , where ℓ is a fresh location.Note that n = m = 1 and G = G = ∅ . Taking G ′ = G ′ = ∅ , for somefresh location ℓ ′ , we have that: Abs C λx. P ∅ = ⇒ λ ℓ ′ x. P ≡ λ ℓ x. P Abs A λ ℓ x. P ∅ = ⇒ λ ℓ x. P which concludes this subcase.4.3 Abs C / Abs C : Symmetric to the previous case ( Abs C / Abs C ).4.4 Abs C / Abs C : Let λx. P ∅ = ⇒ λ ℓ x. P and λx. P ∅ = ⇒ λ ℓ x. P be derived fromrule Abs C , where ℓ and ℓ are fresh locations. Note that n = m = 1 and G = G = ∅ . Taking G ′ = G ′ = ∅ we have that: Abs A λ ℓ x. P ∅ = ⇒ λ ℓ x. P ≡ λ ℓ x. P Abs A λ ℓ x. P ∅ = ⇒ λ ℓ x. P Allocated abstraction, t = λx. s . Immediate, similar to the variable case. emantics of a Relational λ -Calculus (Extended Version) 35 Application, t = s u . There are four cases, depending on whether each of thesimultaneous steps is deduced by
App C or App C :6.1 App / App : This subcase is heavy to write—we give a detailed proof—but actually it follows directly by resorting to the inductive hypothesis.Let s u G ∪ H ==== ⇒ L ni =1 L n ′ i ′ =1 s i u i ′ be derived by rule App from s G = ⇒ L ni =1 s i and u H = ⇒ L n ′ i ′ =1 u i ′ . Similarly, let s u G ∪ H ==== ⇒ L mj =1 L m ′ j ′ =1 s ⋆j u ⋆j ′ be derived by rule App from s G = ⇒ L mj =1 s ⋆j and u H = ⇒ L m ′ j ′ =1 u ⋆j ′ .By i.h. on s , we have that there are sets of goals G ′ , G ′ and programs P , . . . , P n , P ⋆ , . . . , P ⋆m such that for each 1 ≤ i ≤ n and each 1 ≤ j ≤ m : s i G ′ = ⇒≡ P i s ⋆j G ′ = ⇒≡ P ⋆j n M i =1 P i ∼ m M j =1 P ⋆j G ∪ G ′ = G ∪ G ′ Similarly, by i.h. on u , we have that there are sets of goals H ′ , H ′ andprograms Q , . . . , Q n ′ , Q ⋆ , . . . , Q ⋆m ′ such that for each 1 ≤ i ′ ≤ n ′ andeach 1 ≤ j ′ ≤ m ′ : u i ′ H ′ = ⇒≡ Q i ′ u ⋆j ′ H ′ = ⇒≡ Q ⋆j ′ n ′ M i ′ =1 Q i ′ ∼ m ′ M j ′ =1 Q ⋆j ′ H ∪ H ′ = H ∪ H ′ This implies that, for each 1 ≤ i ≤ n , 1 ≤ j ≤ m , 1 ≤ i ′ ≤ n ′ , and1 ≤ j ′ ≤ m ′ : App s i u i ′ G ′ ∪ H ′ ==== ⇒≡ P i Q i ′ App s ⋆j u ⋆j ′ G ′ ∪ H ′ ==== ⇒≡ P ⋆j Q ⋆j ′ Moreover, note that L ni =1 L n ′ i ′ =1 P i Q i ′ ∼ L mj =1 L m ′ j ′ =1 P ⋆j Q ⋆j ′ , and that G ∪ H ∪ G ′ ∪ H ′ = G ∪ H ∪ G ′ ∪ H ′ . This concludes this subcase.6.2 App / App : Note that s = λ ℓ x. L ni =1 r i and u = v , which are both values.Using the fact that a value only reduces to itself with an empty set ofgoals (Lem. A.3), let ( λ ℓ x. L ni =1 r i ) v ∅ = ⇒ ( λ ℓ x. L ni =1 r i ) v be derivedby App from λ ℓ x. L ni =1 r i ∅ = ⇒ λ ℓ x. L ni =1 r i and v ∅ = ⇒ v . Moreover, let( λ ℓ x. L ni =1 r i ) v ∅ = ⇒ L ni =1 r i { x := v } be derived by App . It is then easyto conclude this subcase noting that, for each 1 ≤ i ≤ n , using reflexivityfor terms (Lem. 4.2), we have: App λ ℓ x. n M i =1 r i ! v ∅ = ⇒ n M i =1 r i { x := v } (Lem. 4.2) r i { x := v } ∅ = ⇒ r i { x := v } App / App : Symmetric to the previous case ( App / App ).6.4 App / App : There is only one way to derive a reduction using rule App ,namely ( λx. L ni =1 s i ) v ∅ = ⇒ L ni =1 s i { x := v } . It is then easy to conclude this subcase noting that, for each 1 ≤ i ≤ n , using reflexivity for terms(Lem. 4.2), we have: (Lem. 4.2) s i { x := v } ∅ = ⇒ s i { x := v } Guarded expression, t = ( s ; u ) . There are four cases, depending on whethereach of the simultaneous steps is deduced by
Guard or Guard :7.1 Guard / Guard : This subcase follows directly by resorting to the induc-tive hypothesis, similar to the App / App case.7.2 Guard / Guard : Note that s must be a value s = v . Using the fact thata value only reduces to itself with an empty set of goals (Lem. A.3), let v ; u G = ⇒ L ni =1 v ; u i be derived by Guard from u G = ⇒ L ni =1 u i . Moreover,let s ; u = v ; u G = ⇒ L mj =1 u ⋆j be derived from u G = ⇒ L mj =1 u ⋆j . By i.h. on u ,there are sets of goals G ′ , G ′ and programs P , . . . , P n , P ⋆ , . . . , P ⋆m suchthat for each 1 ≤ i ≤ n and 1 ≤ j ≤ m : u i G ′ = ⇒≡ P i u ⋆j G ′ = ⇒≡ P ⋆i n M i =1 P i ∼ m M j =1 P ⋆j G ∪ G ′ = G ∪ G ′ To conclude this subcase, note that moreover: u i G ′ = ⇒≡ P i Guard v ; u i G ′ = ⇒≡ P i Guard / Guard : Symmetric to the previous case ( Guard / Guard ).7.4 Guard / Guard : Straightforward by i.h. . More precisely, let v ; u G = ⇒ L ni =1 u i be derived from u G = ⇒ L ni =1 u i and, similarly, let v ; u G = ⇒ L mj =1 u ⋆j be derived from u G = ⇒ L mj =1 u ⋆j . By i.h. on u , there are setsof goals G ′ , G ′ and programs P , . . . , P n , P ⋆ , . . . , P ⋆m such that for each1 ≤ i ≤ n and 1 ≤ j ≤ m : u i G ′ = ⇒≡ P i u ⋆j G ′ = ⇒≡ P ⋆i n M i =1 P i ∼ m M j =1 P ⋆j G ∪ G ′ = G ∪ G ′ which concludes this subcase.8. Unification, t = ( s • = u ) . There are four cases, depending on whether eachof the simultaneous steps is deduced by
Unif or Unif :8.1 Unif / Unif : This subcase follows directly by resorting to the inductivehypothesis, similar to the App / App case.8.2 Unif / Unif : Note that s and u must both be values, i.e. s = v and u = w . Using the fact that a value only reduces to itself with an emptyset of goals (Lem. A.3), let v • = w ∅ = ⇒ v • = w be derived by Unif from emantics of a Relational λ -Calculus (Extended Version) 37 v ∅ = ⇒ v and w ∅ = ⇒ w , and let v • = w { v • = w } ==== ⇒ ok be derived by Unif . Toconclude this subcase, note that: Unif v • = w { v • = w } ==== ⇒ ok Cons ok ∅ = ⇒ ok Unif / Unif : Symmetric to the previous case ( Unif / Unif ).8.4 Unif / Unif : There is a unique way that the reduction may be derivedfrom rule Unif , namely v • = w { v • = w } ==== ⇒ ok . To conclude this case, notethat: Cons ok ∅ = ⇒ ok We now turn to the proof of Prop. 4.3 itself:1. Item 1. of the proposition is precisely Lem. A.1.2. For item 2. of the proposition, let P ⇒ Q , and proceed by induction on P .If P = fail , then Q = fail , and indeed P ։ Q with the empty reductionsequence. If P = t ⊕ P ′ , then Q = R ⊕ Q ′ where t ⇒ R and P ′ ⇒ Q ′ . Thisin turn means that t G = ⇒ R ′ in such a way that: R def = ( R ′ σ if σ = mgu ( G ) fail if mgu ( G ) fails.Then: t ⊕ P ′ ։ ≡ R ⊕ P ′ by Lem. A.2 ։ ≡ R ⊕ Q ′ by i.h. Using the fact that ≡ is a strong bisimulation (Lem. 3.3), this implies that P = t ⊕ P ′ ։ ≡ R ⊕ Q ′ = Q , as required.3. For item 3. of the proposition let P ⇒ P and P ⇒ P , and proceed byinduction on P . If P = fail then P = P = fail and the diamond maybe closed with fail ⇒ fail on each side. If P = t ⊕ P ′ then P = Q ⊕ P ′ where t ⇒ Q and P ′ ⇒ P ′ , and similarly P = Q ⊕ P ′ where t ⇒ Q and P ′ ⇒ P ′ . By i.h. there are programs P ′ , P ′′ such that P ′ ⇒ P ′ and P ′ ⇒ P ′′ ≡ P ′ . Moreover t G = ⇒ L ni =1 t i and t G = ⇒ L mj =1 t ⋆j in such a waythat: Q = (L ni =1 t iσ if σ = mgu ( G ) fail if mgu ( G ) fails Q = (L mj =1 t ⋆j σ if σ = mgu ( G ) fail if mgu ( G ) failsBy Lem. A.4, there exist sets of goals G ′ , G ′ and programs R , . . . , R n , R ⋆ , . . . , R ⋆m such that, for each 1 ≤ i ≤ n and 1 ≤ j ≤ m : t i G ′ = ⇒ R i t ⋆j G ′ = ⇒ R ⋆j n M i =1 R i ∼ m M j =1 R ⋆j G ∪ G ′ = G ∪ G ′ We consider two subcases, depending on whether mgu ( G ) exists: σ = mgu ( G ) exists, then by Lem. 4.2 we have that t iσ G ′ σ === ⇒ R iσ for each 1 ≤ i ≤ n . We consider two further subcases, depending onwhether mgu ( G ′ σ ) exists:3.1.1 If ρ = mgu ( G ′ σ ) exists, then by the compositionality property(Lem. A.2) we have that mgu ( G ∪ G ′ ) = mgu ( G ∪ G ′ ) also ex-ists, and it is a renaming of σ · ρ . Again, by the compositionalityproperty (Lem. A.2), this in turn implies that σ = mgu ( G ) and ρ = mgu ( G ′ σ ) both exist, and σ · ρ is a renaming of σ · ρ , i.e. σ · ρ = σ · ρ · τ for some renaming τ . So by Lem. 4.2 we have that t ⋆j σ G ′ σ === ⇒ R ⋆i σ for each 1 ≤ j ≤ m , and the situation is: t ⊕ P ′ + (cid:11) (cid:19) L ni =1 t iσ ⊕ P ′ (cid:11) (cid:19) L mj =1 t ⋆j σ ⊕ P ′ + L mj =1 R ⋆j σ · ρ ⊕ P ′′ ≡ L ni =1 R iσ · ρ ⊕ P ′ The structural equivalence at the bottom of the diagram is justifiedas follows: L mj =1 R ⋆j σ · ρ ⊕ P ′′ ∼ L ni =1 R iσ · ρ ⊕ P ′′ since L mj =1 R ⋆j ∼ L ni =1 R i ≡ L ni =1 R iσ · ρ ⊕ P ′′ since σ · ρ = σ · ρ · τ ≡ L ni =1 R iσ · ρ ⊕ P ′ since P ′′ ≡ P ′ mgu ( G ′ σ ) fails, then by the compositionality property (Lem. A.2)we have that mgu ( G ∪ G ′ ) = mgu ( G ∪ G ′ ) also fails. Again, by thecompositionality property (Lem. A.2), this in turn implies that either σ = mgu ( G ) fails or mgu ( G ′ σ ) fails. On one hand, if mgu ( G ) fails,the situation is: t ⊕ P ′ + (cid:11) (cid:19) L ni =1 t iσ ⊕ P ′ (cid:11) (cid:19) P ′ + P ′′ ≡ P ′ On the other hand, if σ = mgu ( G ) exists and mgu ( G ′ σ ), the situ-ation is: t ⊕ P ′ + (cid:11) (cid:19) L ni =1 t iσ ⊕ P ′ (cid:11) (cid:19) L mj =1 t ⋆j σ ⊕ P ′ + P ′′ ≡ P ′ σ = mgu ( G ) fails, then by the compositionality property (Lem. A.2)we have that mgu ( G ∪ G ′ ) = mgu ( G ∪ G ′ ) also fails. Again by the com-positionality property (Lem. A.2) this implies that either σ = mgu ( G ) emantics of a Relational λ -Calculus (Extended Version) 39 fails or ρ = mgu ( G ′ σ ) fails. On one hand, if mgu ( G ) fails, the situationis: t ⊕ P ′ + (cid:11) (cid:19) P ′ (cid:11) (cid:19) P ′ + P ′′ ≡ P ′ On the other hand, if σ = mgu ( G ) exists and mgu ( G ′ σ ), the situationis: t ⊕ P ′ + (cid:11) (cid:19) P ′ (cid:11) (cid:19) L mj =1 t ⋆j σ ⊕ P ′ + P ′′ ≡ P ′ A.8 Proof of Prop. 5.2 — Subject ReductionDefinition A.1 (Typing unification problems).
We define the judgment Γ ⊢ G for each unification problem G as follows: Γ ⊢ v i • = w i : T ok for all i = 1 ..nΓ ⊢ { v • = w , . . . , v n • = w n } Lemma A.2 (Subject reduction for the unification algorithm).
Let Γ ⊢ G and suppose that G H is a step that does not fail. Then Γ ⊢ H .Proof. Routine by case analysis on the transition G H , using Lem. 5.1.We turn to the proof of Prop. 5.2 itself. The proof proceeds by case analysis,depending on the rule applied to conclude that P → Q . Most cases are straight-forward using using Lem. 5.1. The only interesting case is when applying the unif rule. Then we have that: P ⊕ W h v • = w i ⊕ P unif −−−→ P ⊕ W h ok i σ ⊕ P where σ = mgu ( { v • = w } ). Moreover, by hypothesis the program is typable, i.e. Γ ⊢ P ⊕ W h v • = w i ⊕ P : A By Lem. 5.1 the following holds for some type B : Γ ⊢ P : A Γ, (cid:3) : B ⊢ W : A Γ ⊢ v • = w : B Γ ⊢ P : A The third judgment can only be derived using the t-unif rule, so necessarily B = T ok , and in particular Γ ⊢ W h ok i : A by contextual substitution (Lem. 5.1).Note that Γ ⊢ { v • = w } . Moreover the most general unifier exists by hypothesis, so the unification algorithm terminates, i.e. there is a finite sequence of n ≥ { v • = w } = G G . . . G n = { x • = v ′ , . . . , x n • = v ′ n } such that for all i, j we have that x i = x j and x i fv ( v ′ j ). Moreover σ = mgu ( { v • = w } ) = { x v ′ , . . . , x n v ′ n } . Recall that the unification algorithmpreserves typing (Lem. A.2) so for each i = 1 ..n there is a type C i such that Γ ⊢ x i : C i and Γ ⊢ v ′ i : C i hold. This means that Γ is of the form ∆, x : C , . . . , x n : C n . By repeatedly applying the substitution property (Lem. 5.1),we conclude that ∆ ⊢ W h ok i{ x := v ′ } . . . { x n := v ′ n } : A , that is ∆ ⊢ W h ok i σ : A . Finally, applying Lem. 5.1 we obtain that the following judgment holds, asrequired: Γ ⊢ P ⊕ W h ok i σ ⊕ P : A A.9 Proof of Prop. 6.1 — Properties of the denotational semantics
Let us introduce some auxiliary notation. We write Φ , Φ ′ , etc. for sequences ofvariables ( Φ = x A , . . . , x A n n ) without repetition. If A = ( A , . . . , A n ) is a se-quence of types, we write [[ A ]] for [[ A ]] × . . . × [[ A n ]]. If x = ( x , . . . , x n ) is asequence of variable names, we write x A for the sequence ( x A , . . . , x A n n ). More-over, if a = ( a , . . . , a n ) ∈ [[ A ]] then we write ρ [ x a ] for ρ [ x a ] . . . [ x n a n ]. Sometimes we treat sequences of variables as sets, when the order is notrelevant. If X is a term or a program we define [[ X ]] Φρ as follows, by induction on Φ : [[ X ]] ∅ ρ def = [[ X ]] ρ [[ X ]] x A ,Φρ def = { b | a ∈ [[ A ]] , b ∈ [[ X ]] Φρ [ x a ] } The following lemma generalizes the
Irrelevance property of Lem. 6.1. An easycorollary of this lemma is that [[ P ]] = [[ P ]] fv ( P ) ρ , whatever be the environment ρ . Lemma A.1 (Irrelevance — proof of Lem. 6.1, point 1).
Let ⊢ X : A bea typable term or program.1. If ρ, ρ ′ are environments that agree on fv ( X ) \ Φ , i.e. for any variable x B ∈ fv ( X ) \ Φ one has that ρ ( x B ) = ρ ′ ( x B ) , then [[ X ]] Φρ = [[ X ]] Φρ ′ .2. Let Φ, Φ ′ be sequences of variables such that fv ( X ) \ Φ = fv ( X ) \ Φ ′ . Then [[ X ]] Φρ = [[ X ]] Φ ′ ρ .Proof.
1. By induction on Φ .1.1 Empty, i.e. Φ = ∅ . By induction on X , i.e. the term or program:1.1.1 Variable, X = x A . Immediate, as [[ x A ]] ρ = ρ ( x A ) = ρ ′ ( x A ) =[[ x A ]] ρ ′ .1.1.2 Constructor, X = c. Immediate, as [[ c ]] ρ = { c } = [[ c ]] ρ ′ .1.1.3 Abstraction, X = λx A . P . Note that [[ λx A . P ]] ρ = { f } where f ( a ) = [[ P ]] ρ [ x A a ] . Symmetrically, [[ λx A . P ]] ρ ′ = { g } where g ( a ) =[[ P ]] ρ ′ [ x A a ] . Note that, for any fixed a ∈ [[ A ]], we have that ρ [ x A a ]and ρ ′ [ x A a ] agree on fv ( λx. P ) and also on x so they agree on emantics of a Relational λ -Calculus (Extended Version) 41 fv ( P ). This allows us to apply the i.h. to conclude that [[ P ]] ρ [ x A a ] =[[ P ]] ρ ′ [ x A a ] , so f = g as required.1.1.4 Allocated abstraction, X = λ ℓ x A . P . Similar to the previous case.1.1.5
Application, X = t s . Straightforward by i.h. , as [[ t s ]] ρ = { b | f ∈ [[ t ]] ρ , a ∈ [[ s ]] ρ , b ∈ f ( a ) } = { b | f ∈ [[ t ]] ρ ′ , a ∈ [[ s ]] ρ ′ , b ∈ f ( a ) } = [[ t s ]] ρ ′ .1.1.6 Unification, X = ( t • = s ) . Straightforward by i.h. as [[ t • = s ]] ρ = { ok | a ∈ [[ t ]] ρ , b ∈ [[ s ]] ρ , a = b } = { ok | a ∈ [[ t ]] ρ ′ , b ∈ [[ s ]] ρ ′ , a = b } =[[ t • = s ]] ρ ′ .1.1.7 Guarded expression, X = t ; s . Straightforward by i.h. as [[ t ; s ]] ρ = { b | a ∈ [[ t ]] ρ , b ∈ [[ s ]] ρ } = { b | a ∈ [[ t ]] ρ ′ , b ∈ [[ s ]] ρ ′ } = [[ t ; s ]] ρ ′ .1.1.8 Fresh, X = νx A . t . Note that [[ νx A . t ]] ρ = { b | a ∈ [[ A ]] , b ∈ [[ t ]] ρ [ x A a ] } .Symetrically, [[ νx A . t ]] ρ ′ = { b | a ∈ [[ A ]] , b ∈ [[ t ]] ρ ′ [ x A a ] } . Note that,for any fixed a ∈ [[ A ]] we have that ρ [ x A a ] and ρ ′ [ x A a ]agree on fv ( νx A . t ) and also on x , so they agree on fv ( t ). This al-lows us to apply the i.h. to conclude that [[ t ]] ρ [ x A a ] = [[ t ]] ρ ′ [ x A a ] ,so [[ νx A . t ]] ρ = [[ νx A . t ]] ρ ′ , as required.1.1.9 Fail, X = fail A . Immediate, as [[ fail A ]] ρ = ∅ = [[ fail A ]] ρ ′ .1.1.10 Alternative, X = t ⊕ P . Straightforward by i.h. as [[ t ⊕ P ]] ρ =[[ t ]] ρ ∪ [[ P ]] ρ = [[ t ]] ρ ′ ∪ [[ P ]] ρ ′ = [[ t ⊕ P ]] ρ .1.2 Non-empty, i.e. Φ = x A , Ψ . Then note that ρ [ x a ] and ρ [ x a ]agree on fv ( X ) \ Ψ for any a ∈ [[ A ]]. Then:[[ X ]] x A ,Ψρ = { b | a ∈ [[ A ]] , [[ X ]] Ψρ [ x a ] } = { b | a ∈ [[ A ]] , [[ X ]] Ψρ ′ [ x a ] } by i.h. = [[ X ]] x A ,Ψρ ′
2. Note that, seen as sets, fv ( X ) ∩ Φ = fv ( X ) ∩ Φ ′ so the sequence Φ may beconverted into the sequence Φ ′ by repeatedly removing spurious variables(not in fv ( X )), adding spurious variables, and swapping variables. Indeed,we first note that the two following properties hold: – Add/remove spurious variable. [[ X ]] Φρ = [[ X ]] x A ,Φρ if x A fv ( X ).It suffices to show that [[ X ]] Φρ = { b | a ∈ [[ A ]] , b ∈ [[ X ]] Φρ [ x a ] } , whichis immediate since by item 1. of this lemma, [[ X ]] Φρ = [[ X ]] Φρ [ x a ] for all a ∈ [[ A ]]. Note that here we crucially use the fact that [[ A ]] is a non-emptyset. – Swap. [[ X ]] Φ ,x A ,Φ ρ = [[ X ]] x A ,Φ ,Φ ρ .Proceed by induction on Φ . If Φ is empty, it is immediate. Otherwise,let Φ = y B , Φ ′ . Then:[[ X ]] y B ,Φ ′ ,x A ,Φ ρ = { c | b ∈ [[ B ]] , c ∈ [[ X ]] Φ ′ ,x A ,Φ ρ [ y b ] } = { c | b ∈ [[ B ]] , c ∈ [[ X ]] x A ,Φ ′ ,Φ ρ [ y b ] } by i.h. = { c | b ∈ [[ B ]] , a ∈ [[ A ]] , c ∈ [[ X ]] Φ ′ ,Φ ρ [ y b ][ x a ] } = { c | a ∈ [[ A ]] , b ∈ [[ B ]] , c ∈ [[ X ]] Φ ′ ,Φ ρ [ x a ][ y b ] } ( ⋆ )= [[ X ]] x A ,y B ,Φ ′ ,Φ ρ To justify the ( ⋆ ) step, note that ρ [ y b ][ x a ] = ρ [ x a ][ y b ]holds by definition.Now we proceed by induction on Φ :2.1 Empty, i.e. Φ = ∅ . Then fv ( X ) = fv ( X ) \ Φ ′ so Φ ′ ∩ fv ( X ) = ∅ . Byiteratively adding spurious variables we have that [[ X ]] Φρ = [[ X ]] ρ = [[ X ]] Φ ′ ρ as required.2.2 Non-empty, i.e. Φ = x A , Ψ . We consider two subcases, depending onwhether the variable x A is spurious ( i.e. x A fv ( X )) or not:2.2.1 If x A fv ( X ) then note that fv ( X ) \ Ψ = fv ( X ) \ Φ = fv ( X ) \ Φ ′ , soremoving the spurious variable and appyling the i.h. we have that[[ X ]] x A ,Ψρ = [[ X ]] Ψρ = [[ X ]] Φ ′ ρ .2.2.2 If x A ∈ fv ( X ) then since fv ( t ) \ Φ = fv ( t ) \ Φ ′ we have that x A ∈ Φ ′ .Hence Φ ′ must be of the form Φ ′ = Φ ′ , x A , Φ ′ . Then by apply-ing the i.h. and swapping we have that [[ X ]] x A ,Ψρ = [[ X ]] x A ,Φ ′ ,Φ ′ ρ =[[ X ]] Φ ′ ,x A ,Φ ′ ρ as required.The following lemma generalizes the Compositionality property of Lem. 6.1.
Lemma A.2 (Compositionality — proof of Lem. 6.1, point 2). [[ P ⊕ Q ]] Φρ = [[ P ]] Φρ ∪ [[ Q ]] Φρ .2. If W is a context whose hole is of type A , then [[ W h t i ]] ρ = { b | a ∈ [[ t ]] ρ , b ∈ [[ W ]] ρ [ (cid:3) A a ] } .Proof.
1. By induction on the length of Φ .1.1 Empty, Φ = ∅ . Then we proceed by induction on P :1.1.1 If P = fail , then [[ fail ⊕ Q ]] ρ = [[ Q ]] ρ = [[ fail ]] ρ ∪ [[ Q ]] ρ .1.1.2 If P = t ⊕ P ′ , then:[[( t ⊕ P ′ ) ⊕ Q ]] ρ = [[ t ⊕ ( P ′ ⊕ Q )]] ρ = [[ t ]] ρ ∪ [[ P ′ ⊕ Q ]] ρ = [[ t ]] ρ ∪ [[ P ′ ]] ρ ∪ [[ Q ]] ρ by i.h. = [[ t ⊕ P ′ ]] ρ ∪ [[ Q ]] ρ Non-empty, Φ = x A , Φ ′ . Then:[[ P ⊕ Q ]] x A ,Φ ′ ρ = { b | a ∈ [[ A ]] , b ∈ [[ P ⊕ Q ]] Φ ′ ρ [ x a ] } = { b | a ∈ [[ A ]] , b ∈ ([[ P ]] Φ ′ ρ [ x a ] ∪ [[ Q ]] Φ ′ ρ [ x a ] ) } by i.h. = { b | a ∈ [[ A ]] , b ∈ [[ P ]] Φ ′ ρ [ x a ] } ∪ { b | a ∈ [[ A ]] , b ∈ [[ Q ]] Φ ′ ρ [ x a ] } = [[ P ]] x A ,Φ ′ ρ ∪ [[ Q ]] x A ,Φ ′ ρ
2. By induction on the structure of the weak context W . – Empty, W = (cid:3) . [[ t ]] ρ = { b | a ∈ [[ t ]] ρ , b ∈ { a }} = { b | a ∈ [[ t ]] ρ , b ∈ [[ (cid:3) ]] ρ [ (cid:3) A a ] } emantics of a Relational λ -Calculus (Extended Version) 43 – Left of an application, W = W ′ s . [[ W ′ h t i s ]] ρ = { b | f ∈ [[ W ′ h t i ]] ρ , c ∈ [[ s ]] ρ , b ∈ f ( c ) } = { b | a ∈ [[ t ]] ρ , f ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , c ∈ [[ s ]] ρ , b ∈ f ( c ) } (By i.h. )= { b | a ∈ [[ t ]] ρ , f ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , c ∈ [[ s ]] ρ [ (cid:3) A a ] , b ∈ f ( c ) } (By Lem. 6.1)= { b | a ∈ [[ t ]] ρ , b ∈ [[ W ′ s ]] ρ [ (cid:3) A a ] } – Right of an application, W = s W ′ . [[ s W ′ h t i ]] ρ = { b | f ∈ [[ s ]] ρ , c ∈ [[ W ′ h t i ]] ρ , b ∈ f ( c ) } = { b | f ∈ [[ s ]] ρ , a ∈ [[ t ]] ρ , c ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , b ∈ f ( c ) } (By i.h. )= { b | a ∈ [[ t ]] ρ , f ∈ [[ s ]] ρ [ (cid:3) A a ] , c ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , b ∈ f ( c ) } (By Lem. 6.1)= { b | a ∈ [[ t ]] ρ , b ∈ [[ s W ′ ]] ρ [ (cid:3) A a ] } – Left of a unification, W = W ′ • = s . [[ W ′ h t i • = s ]] ρ = { ok | c ∈ [[ W ′ h t i ]] ρ , d ∈ [[ s ]] ρ , c = d } = { ok | a ∈ [[ t ]] ρ , c ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , d ∈ [[ s ]] ρ , c = d } (By i.h. )= { ok | a ∈ [[ t ]] ρ , c ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , d ∈ [[ s ]] ρ [ (cid:3) A a ] , c = d } (By Lem. 6.1)= { b | a ∈ [[ t ]] ρ , b ∈ [[ W ′ • = s ]] ρ [ (cid:3) A a ] } – Right of a unification, W = s • = W ′ . [[ s • = W ′ h t i ]] ρ = { ok | c ∈ [[ s ]] ρ , d ∈ [[ W ′ h t i ]] ρ , c = d } = { ok | a ∈ [[ t ]] ρ , c ∈ [[ s ]] ρ , d ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , c = d } (By i.h. )= { ok | a ∈ [[ t ]] ρ , c ∈ [[ s ]] ρ [ (cid:3) A a ] , d ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , c = d } (By Lem. 6.1)= { b | a ∈ [[ t ]] ρ , b ∈ [[ s • = W ′ ]] ρ [ (cid:3) A a ] } – Left of a guarded expression, W = W ′ ; s . [[ W ′ h t i ; s ]] ρ = { b | c ∈ [[ W ′ h t i ]] ρ , b ∈ [[ s ]] ρ } = { b | a ∈ [[ t ]] ρ , c ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , b ∈ [[ s ]] ρ } (By i.h. )= { b | a ∈ [[ t ]] ρ , c ∈ [[ W ′ ]] ρ [ (cid:3) A a ] , b ∈ [[ s ]] ρ [ (cid:3) A a ] } (By Lem. 6.1)= { b | a ∈ [[ t ]] ρ , b ∈ [[ W ′ ; s ]] ρ [ (cid:3) A a ] } – Right of a guarded expression, W = s ; W ′ . [[ s ; W ′ h t i ]] ρ = { b | c ∈ [[ s ]] ρ , b ∈ [[ W ′ h t i ]] ρ } = { b | a ∈ [[ t ]] ρ , c ∈ [[ s ]] ρ , b ∈ [[ W ′ ]] ρ [ (cid:3) A a ] } (By i.h. )= { b | a ∈ [[ t ]] ρ , c ∈ [[ s ]] ρ [ (cid:3) A a ] , b ∈ [[ W ′ ]] ρ [ (cid:3) A a ] } (By Lem. 6.1)= { b | a ∈ [[ t ]] ρ , b ∈ [[ s ; W ′ ]] ρ [ (cid:3) A a ] } Lemma A.3 (Free variables).
The following hold:1. fv ( P ⊕ Q ) = fv ( P ) ∪ fv ( Q ) fv ( W h t i ) = fv ( W ) ∪ fv ( t ) fv ( W h P i ) = fv ( W ) ∪ fv ( P ) fv ( t σ ) ⊆ ( fv ( t ) \ supp σ ) ∪ S x ∈ supp σ fv ( σ ( x )) fv ( P σ ) ⊆ ( fv ( P ) \ supp σ ) ∪ S x ∈ supp σ fv ( σ ( x )) Proof.
Routine by induction on P , W , or t , correspondingly. Lemma A.4 (Interpretation of values — proof of Lem. A.4, point 3). If v is a value then [[ v ]] ρ is a singleton.Proof. By induction on v . If v is a variable or an allocated abstraction, it isimmediate, so let v = c v . . . v n . In that case, by induction on n we claim that[[ c v . . . v n ]] ρ is a singleton of the form { a } where moreover a is unitary:1. If n = 0 . Then [[ c ]] ρ = { c } , which is a singleton. Moreover, recall that c isalways requested to be unitary.2. If n > . Then by i.h. of the innermost induction [[ c v . . . v n − ]] ρ is a sin-gleton of the form { f } , where f is unitary, and by i.h. of the outermostinduction [[ v n ]] ρ is a singleton of the form { a } , so we have that:[[ c v . . . v n − v n ]] ρ = { b | f ∈ [[ c v . . . v n − ]] ρ , a ∈ [[ v n ]] ρ , b ∈ f ( a ) } = f ( a )Since f is unitary, f ( a ) is a singleton of the form { b } , where b is unitary,as required. Lemma A.5 (Interpretation of substitution — proof of Lem. 6.1, point4).
Let σ = { x A v , . . . , x A n n v n } be a substitution with support { x A , . . . , x An } and such that x i / ∈ fv ( v j ) for any two ≤ i, j ≤ n . Recall that the interpretationof a value is always a singleton (Lem. 6.1), so let [[ v i ]] ρ = { a i } for each i = 1 ..n .Then:1. [[ t σ ]] ρ = [[ t ]] ρ [ x a ] ... [ x n a n ] [[ P σ ]] ρ = [[ P ]] ρ [ x a ] ... [ x n a n ] Proof.
By simultaneous induction on the term t (resp. program P ).1. Variable, t = x A . There are two subcases, depending on whether x ∈{ x , . . . , x n } or not.1.1 If x = x i for some 1 ≤ i ≤ n , then:[[( x Ai ) σ ]] ρ = [[ v i ]] ρ = { a i } = [[ x Ai ]] ρ [ x a ] ... [ x n a n ] x / ∈ { x , . . . , x n } , then:[[( x A ) σ ]] ρ = ρ ( x A ) = [[ x A ]] ρ [ x a ] ... [ x n a n ] Constructor, t = c. Immediate, as:[[ c σ ]] ρ = [[ c ]] ρ = { c } = [[ c ]] ρ [ x a ] ... [ x n a n ] emantics of a Relational λ -Calculus (Extended Version) 45 Abstraction code, t = λx A . P . Then:[[( λx A . P ) σ ]] ρ = [[ λx A . P σ ]] ρ = { f } where f ( a ) = [[ P σ ]] ρ [ x a ] = { g } where g ( a ) = [[ P ]] ρ [ x a ][ x a ] ... [ x n a n ] (By i.h. )= [[ λx A . P ]] ρ [ x a ] ... [ x n a n ] Allocated abstraction, t = λ ℓ x. P . Similar to the previous case.5.
Application, t = s u . Then:[[( s u ) σ ]] ρ = [[ s σ u σ ]] ρ = { b | f ∈ [[ s σ ]] ρ , a ∈ [[ u σ ]] ρ , b ∈ f ( a ) } = { b | f ∈ [[ s ]] ρ [ x a ] ... [ x n a n ] , a ∈ [[ u ]] ρ [ x a ] ... [ x n a n ] , b ∈ f ( a ) } (By i.h. )= [[ s u ]] ρ [ x a ] ... [ x n a n ] Unification, t = ( s • = u ) . Then:[[( s • = u ) σ ]] ρ = [[ s σ • = u σ ]] ρ = { ok | a ∈ [[ s σ ]] ρ , b ∈ [[ u σ ]] ρ , a = b } = { ok | a ∈ [[ s ]] ρ [ x a ] ... [ x n a n ] , b ∈ [[ u ]] ρ [ x a ] ... [ x n a n ] , a = b } (By i.h. )= [[ s • = u ]] ρ [ x a ] ... [ x n a n ] Guarded expression, t = s ; u . Then:[[( s ; u ) σ ]] ρ = [[ s σ ; u σ ]] ρ = { a | b ∈ [[ s σ ]] ρ , a ∈ [[ u σ ]] ρ } = { a | b ∈ [[ s ]] ρ [ x a ] ... [ x n a n ] , a ∈ [[ u ]] ρ [ x a ] ... [ x n a n ] } (By i.h. )= [[ s ; u ]] ρ [ x a ] ... [ x n a n ] Fresh, t = νx A . s . Then:[[( νx A . s ) σ ]] ρ = [[ νx A . s σ ]] ρ = { b | a ∈ [[ A ]] , b ∈ [[ s σ ]] ρ [ x a ] } = { b | a ∈ [[ A ]] , b ∈ [[ s ]] ρ [ x a ][ x a ] ... [ x n a n ] } (By i.h. )= { b | a ∈ [[ A ]] , b ∈ [[ s ]] ρ [ x a ] ... [ x n a n ][ x a ] } (Since x / ∈ { x , . . . , x n } )= [[ νx A . s ]] ρ [ x a ] ... [ x n a n ] Fail, P = fail . Immediate, as:[[ fail σ ]] ρ = [[ fail ]] ρ = ∅ = [[ fail ]] ρ [ x a ] ... [ x n a n ] Alternative, P = t ⊕ P . Then:[[( t ⊕ P ) σ ]] ρ = [[ t σ ⊕ P σ ]] ρ = [[ t σ ]] ρ ∪ [[ P σ ]] ρ = [[ t ]] ρ [ x a ] ... [ x n a n ] ∪ [[ P ]] ρ [ x a ] ... [ x n a n ] (By i.h. )= [[ t ⊕ P ]] ρ [ x a ] ... [ x n a n ] A.10 Proof of Thm. 6.2 — SoundnessDefinition A.1 (Goal satisfaction).
Let ρ be a fixed variable assignment, andlet x A be a fixed sequence of variables. Moreover, let G = { ( v • = w ) , . . . , ( v n • = w n ) } be a unification problem. Given a sequence of elements a ∈ [[ A ]] we say that a satisfies G (with respect to ρ, x ), written a (cid:15) ρ, x G , if and only if [[ v i ]] ρ [ x a ] =[[ w i ]] ρ [ x a ] for all i = 1 ..n . We write a (cid:15) G if ρ and x are clear from the context. Lemma A.2 (Unification preserves satisfaction).
Let G H be a step ofthe unification algorithm that does not fail. Then for any ρ, x A we have that: { a | a (cid:15) ρ, x G } = { a | a (cid:15) ρ, x H } Proof.
Note that the step does not fail so it cannot be the result of applying the u-clash or the u-occurs-check rules. We consider the five remaining cases:1. u-delete : Our goal is to prove that: { a | a (cid:15) ρ, x { y • = y } ⊎ G ′ } = { a | a (cid:15) ρ, x G ′ } This is immediate since [[ y ]] ρ [ x a ] = [[ y ]] ρ [ x a ] always holds.2. u-orient : Our goal is to prove that: { a | a (cid:15) ρ, x { v • = y } ⊎ G ′ } = { a | a (cid:15) ρ, x { y • = v } ⊎ G ′ } . Immediate by definition.3. u-match-lam : Our goal is to prove that: { a | a (cid:15) ρ, x { λ ℓ y. P • = λ ℓ y. P } ⊎ G ′ } = { a | a (cid:15) ρ, x G ′ } This is immediate since [[ λ ℓ y. P ]] ρ [ x a ] = [[ λ ℓ y. P ]] ρ [ x a ] always holds.4. u-match-cons : Our goal is to prove that: { a | a (cid:15) ρ, x { c v . . . v n • = c w . . . w n }⊎ G ′ } = { a | a (cid:15) ρ, x { v • = w , . . . , v n • = w n }⊎ G ′ } Recall that [[ c ]] ρ [ x a ] = { c } is T c -unitary, and the interpretation of a value isalways a singleton (Lem. 6.1), so let [[ v i ]] ρ [ x a ] = { b i } and [[ w i ]] ρ [ x a ] = { b ′ i } .It suffices to note that: a (cid:15) ρ, x { c v . . . v n • = c w . . . w n }⇐⇒ [[ c v . . . v n ]] ρ [ x a ] = [[ c w . . . w n ]] ρ [ x a ] ⇐⇒ c ( b ) . . . ( b n ) = c ( b ′ ) . . . ( b ′ n ) ⇐⇒ b i = b ′ i for all i = 1 ..n ( ⋆ ) ⇐⇒ [[ v i ]] ρ [ x a ] = [[ w i ]] ρ [ x a ] , for all i = 1 ..n ⇐⇒ a (cid:15) ρ, x { v • = w , . . . , v n • = w n } The step ( ⋆ ) is justified by the fact that we assume that constructors areinjective.5. u-eliminate : Our goal is to prove that: { a | a (cid:15) ρ, x { y • = v } ⊎ G ′ } = { a | a (cid:15) ρ, x { y • = v } ⊎ G ′ { y := v }} emantics of a Relational λ -Calculus (Extended Version) 47 if y ∈ fv ( G ′ ) \ fv ( v ). Moreover, let G ′ = { ( v • = w ) , . . . , ( v n • = w n ) } . Recallthat the interpretation of a value is always a singleton (Lem. 6.1), so let[[ v ]] ρ [ x a ] = { b } . Let a ∈ [[ A ]]. It suffices to show that whenever ρ [ x a ]( y ) = b then the following equivalence holds: a (cid:15) ρ, x G ′ ⇐⇒ a (cid:15) ρ, x G ′ { y := v } Note that, for each fixed i = 1 ..n :[[ v i ]] ρ [ x a ] = [[ v i ]] ρ [ x a ][ y b ] ( ⋆ )= [[ v i { y := v } ]] ρ [ x a ] (By Lem. 6.1)The step ( ⋆ ) is trivial because, as we have already noted, ρ [ x a ]( y ) = b so ρ [ x a ] and ρ [ x a ][ y b ] are the same variable assignment. And,similarly, [[ w i ]] ρ [ x a ] = [[ w i { y := v } ]] ρ [ x a ] . Then: a (cid:15) ρ, x G ′ ⇐⇒ [[ v i ]] ρ [ x a ] = [[ w i ]] ρ [ x a ] for all i = 1 ..n ⇐⇒ [[ v i { y := v } ]] ρ [ x a ] = [[ w i { y := v } ]] ρ [ x a ] for all i = 1 ..n (Lem. 6.1) ⇐⇒ a (cid:15) ρ, x G ′ { y := v } The following theorem generalizes Thm. 6.2:
Theorem A.10.3 (Soundness).
Let Γ ⊢ P : A and P → Q . Let Φ = fv ( P ) and Φ ′ = fv ( Q ) . Then for any variable assignment ρ : [[ P ]] Φρ ⊇ [[ Q ]] Φ ′ ρ Moreover, the inclusion is an equality for all reduction rules other than the fail rule.Proof.
Let P → Q . We consider six cases, depending on the rule applied toconclude that P → Q :1. alloc : Note that Φ = Φ ′ , and suppose that Φ = y B . Then:[[ P ⊕ W h λx A . Q i ⊕ P ]] Φρ = { a | b ∈ [[ B ]] , a ∈ [[ P ⊕ W h λx A . Q i ⊕ P ]] ρ [ y b ] } = { a | b ∈ [[ B ]] , a ∈ [[ P ⊕ W h λ ℓ x A . Q i ⊕ P ]] ρ [ y b ] } ( ⋆ )= [[ P ⊕ W h λ ℓ x A . Q i ⊕ P ]] Φρ To justify ( ⋆ ), note that, by Compositionality (Lem. 6.1), it suffices to provethat [[ λx A . Q ]] ρ [ y b ] = [[ λ ℓ x A . Q ]] ρ [ y b ] for all b ∈ [[ B ]]. This holds by defini-tion so we are done.2. beta : Note that Φ = Φ ′ , z C where z = ( ∅ if x / ∈ fv ( Q ) fv ( v ) \ fv ( P ⊕ W h ( λx. Q ) (cid:3) i ⊕ P ) if x ∈ fv ( Q ) Moreover, suppose that Φ ′ = y B . Then:[[ P ⊕ W h ( λ ℓ x A . Q ) v i ⊕ P ]] y B , z C ρ = { a | b ∈ [[ B ]] , c ∈ [[ C ]] , a ∈ [[ P ⊕ W h ( λ ℓ x A . Q ) v i ⊕ P ]] ρ [ y b ][ z c ] } = { a | b ∈ [[ B ]] , a ∈ [[ P ⊕ W h Q { x A := v }i ⊕ P ]] ρ [ y b ] } ( ⋆ )= [[ P ⊕ W h Q { x A := v }i ⊕ P ]] y B ρ To justify ( ⋆ ) we proceed as follows. Let us write ρ ′ for ρ [ y b ]. Recallthat the interpretation of a value is always a singleton (Lem. 6.1), so let[[ v ]] ρ ′ [ z c ] = { a } . By Compositionality (Lem. 6.1) it suffices to note that:[[( λ ℓ x A . Q ) v ]] ρ ′ [ z c ] = { b | a ∈ [[ v ]] ρ ′ [ z c ] , b ∈ [[ Q ]] ρ ′ [ z c ][ x A a ] } = [[ Q ]] ρ ′ [ z c ][ x A a ] = [[ Q ]] ρ ′ [ x A a ] (By Irrelevance (Lem. 6.1))= [[ Q { x A := v } ]] ρ ′ (By Lem. 6.1)3. guard : Note that Φ = Φ ′ , z C , where z C = fv ( v ) \ fv ( P ⊕ W h (cid:3) ; t i ⊕ P ).Suppose that Φ ′ = y B . Then:[[ P ⊕ W h v ; t i ⊕ P ]] y B , z C ρ = { a | b ∈ [[ B ]] , c ∈ [[ C ]] , a ∈ [[ P ⊕ W h v ; t i ⊕ P ]] ρ [ y b ][ z c ] } = { a | b ∈ [[ B ]] , a ∈ [[ P ⊕ W h t i ⊕ P ]] ρ [ y b ] } ( ⋆ )= [[ P ⊕ W h t i ⊕ P ]] y B ρ To justify ( ⋆ ) we proceed as follows. Let us write ρ ′ for ρ [ y b ]. Recallthat the interpretation of a value is always a singleton (Lem. 6.1), so let[[ v ]] ρ ′ [ z c ] = { b } . By Compositionality (Lem. 6.1) it suffices to note that:[[ v ; t ]] ρ ′ [ z c ] = { a | b ∈ [[ v ]] ρ ′ [ z c ] , a ∈ [[ t ]] ρ ′ [ z c ] } (By Irrelevance Lem. 6.1)= [[ t ]] ρ ′ fresh : Note that Φ ′ = Φ, y A where y is a fresh variable. Suppose that Φ = z B . Then:[[ P ⊕ W h νx A . t i ⊕ P ]] Φρ = { a | b ∈ [[ B ]] , a ∈ [[ P ⊕ W h νx A . t i ⊕ P ]] ρ [ z b ] } = { a | b ∈ [[ B ]] , a ∈ [[ P ⊕ W h t { x A := y A }i ⊕ P ]] y A ρ [ z b ] } ( ⋆ )= [[ P ⊕ W h t { x A := y A }i ⊕ P ]] Φ,y A ρ To justify ( ⋆ ) we proceed as follows. Let ρ ′ stand for ρ [ z b ]. By Irrele-vance (Lem. 6.1), [[ P ]] ρ ′ = [[ P ]] y A ρ ′ . Similarly, [[ P ]] ρ ′ = [[ P ]] y A ρ ′ . By Compo-sitionality (Lem. 6.1), it suffices to show that [[ W h νx A . t i ]] ρ ′ = [[ W h t { x A := y A }i ]] y A ρ ′ . Indeed:[[ W h νx A . t i ]] ρ ′ = { c | b ∈ [[ νx A . t ]] ρ ′ , c ∈ [[ W ]] ρ ′ [ (cid:3) b ] } (By Lem. 6.1)= { c | a ∈ [[ A ]] , b ∈ [[ t ]] ρ ′ [ x A a ] , c ∈ [[ W ]] ρ ′ [ (cid:3) b ] } = { c | a ∈ [[ A ]] , b ∈ [[ t { x A := y A } ]] ρ ′ [ y A a ] , c ∈ [[ W ]] ρ ′ [ (cid:3) b ] } (By Lem. 6.1 and Lem. 6.1)= { c | a ∈ [[ A ]] , b ∈ [[ t { x A := y A } ]] ρ ′ [ y A a ] , c ∈ [[ W ]] ρ ′ [ y A a ][ (cid:3) b ] } (By Lem. 6.1)= { c | a ∈ [[ A ]] , c ∈ [[ W h t { x A := y A }i ]] ρ ′ [ y A a ] } (By Lem. 6.1)= [[ W h t { x A := y A }i ]] y A ρ ′ emantics of a Relational λ -Calculus (Extended Version) 49 unif : Our goal is to prove that [[ P ⊕ W h v • = w i⊕ P ]] Φρ = [[ P ⊕ W h ok i σ ⊕ P ]] Φ ′ ρ ,where σ = mgu ( { v • = w } ). Note that Φ ′ is a subset of Φ , so suppose that Φ = Φ ′ , y B and Φ ′ = x A . Note also that σ = mgu ( v • = w ) exists, so { v • = w } ∗ { x • = v , . . . , x n • = v n } such that x i / ∈ fv ( v j ) for all i, j , and the mostgeneral unifier is σ = { x v , . . . , x n v n } . Moreover, recall that theinterpretation of a value is always a singleton (Lem. 6.1), so for each fixedassignment ρ ′ let us write b ρ ′ i for the only element in [[ v i ]] ρ ′ . Moreover, let z C = x A , y B . By Compositionality (Lem. 6.1) and Irrelevance (Lem. 6.1),it suffices to note that:[[ W h v • = w i ]] z C ρ = { a | c ∈ [[ C ]] , a ∈ [[ W h v • = w i ]] ρ [ z c ] } = { a | c ∈ [[ C ]] , b ∈ [[ v • = w ]] ρ [ z c ] , a ∈ [[ W ]] ρ [ z c ][ (cid:3) b ] } (By Lem. 6.1)= { a | c ∈ [[ C ]] , b ∈ [[ v • = w ]] ρ [ z c ] , a ∈ [[ W ]] ρ [ z c ][ (cid:3) ok ] } = { a | c ∈ [[ C ]] , c (cid:15) ρ, z { v • = w } , a ∈ [[ W ]] ρ [ z c ][ (cid:3) ok ] } = { a | c ∈ [[ C ]] , c (cid:15) ρ, z { x • = v , . . . , x n • = v n } , a ∈ [[ W ]] ρ [ z c ][ (cid:3) ok ] } (By Lem. A.2)= { a | c ∈ [[ C ]] , ρ [ z c ]( x i ) = b ρ [ z c ] i for all i, a ∈ [[ W h ok i ]] ρ [ z c ] } (By Lem. 6.1)= { a | c ∈ [[ C ]] , a ∈ [[ W h ok i ]] ρ [ z c ][ x b ρ [ z c ]1 ] ... [ x n b ρ [ z c ] n ] } ( ⋆ )= { a | c ∈ [[ C ]] , a ∈ [[ W h ok i σ ]] ρ [ z c ] } (By Lem. 6.1)= [[ W h ok i σ ]] z C ρ = [[ W h ok i σ ]] x A ρ (By Lem. 6.1)To justify ( ⋆ ) note that ρ [ z c ]( x i ) = { b ρ [ z c ] i } for all i = 1 ..n . Therefore,we can write ρ [ z c ] as ρ [ z c ][ x b ρ [ z c ]1 ] . . . [ x n b ρ [ z c ] n ].6. fail : Our goal is to prove that:[[ P ⊕ W h v • = w i ⊕ P ]] Φρ ⊇ [[ P ⊕ P ]] Φ ′ ρ which is immediate by definition. References
1. Albert, E., Hanus, M., Huch, F., Oliver, J., Vidal, G.: Operational semantics forfunctional logic languages. Electronic Notes in Theoretical Computer Science ,1–19 (2002)2. Arbiser, A., Miquel, A., R´ıos, A.: A lambda-calculus with constructors. In: In-ternational Conference on Rewriting Techniques and Applications. pp. 181–196.Springer (2006)3. Ayala-Rinc´on, M., Bonelli, E., Edi, J., Viso, A.: Typed path polymorphism. The-oretical Computer Science , 111–130 (2019)4. Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press(1999)5. Barendregt, H.: The Lambda Calculus: Its Syntax and Semantics, vol. 103. Elsevier(1984)0 P. Barenbaum, F. Lochbaum, M. Milicich6. Barendregt, H., Dekkers, W., Statman, R.: Lambda calculus with types. CambridgeUniversity Press (2013)7. Byrd, W.E.: Relational programming in miniKanren: techniques, applications, andimplementations. [Bloomington, Ind.]: Indiana University (2010)8. Chakravarty, M.M., Guo, Y., K¨ohler, M., Lock, H.C.: Goffin: Higher-order func-tions meet concurrent constraints. Science of Computer Programming (1-2),157–199 (1998)9. Faggian, C., Rocca, S.R.D.: Lambda calculus and probabilistic computation. In:34th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2019,Vancouver, BC, Canada, June 24-27, 2019. pp. 1–13. IEEE (2019)10. Friedman, D.P., Byrd, W.E., Kiselyov, O.: The Reasoned Schemer. The MIT Press(July 2005)11. Gould, W.E.: A Matching Procedure for Omega-Order Logic. Ph.D. thesis, Prince-ton University (1966)12. Hanus, M.: Functional logic programming: From theory to Curry. In: ProgrammingLogics - Essays in Memory of Harald Ganzinger. pp. 123–168. Springer LNCS 7797(2013)13. Hanus, M.: A unified computation model for functional and logic programming. In:Lee, P., Henglein, F., Jones, N.D. (eds.) Conference Record of POPL’97: The 24thACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages,Papers Presented at the Symposium, Paris, France, 15-17 January 1997. pp. 80–93.ACM Press (1997)14. Huet, G.P.: The undecidability of unification in third order logic. Information andcontrol (3), 257–267 (1973)15. Huet, G.P.: A unification algorithm for typed λ -calculus. Theoretical ComputerScience (1), 27–57 (1975)16. Jay, B., Kesner, D.: Pure pattern calculus. In: European Symposium on Program-ming. pp. 100–114. Springer (2006)17. Klop, J.W., Van Oostrom, V., De Vrijer, R.: Lambda calculus with patterns. The-oretical Computer Science (1-3), 16–31 (2008)18. Levy, J., Veanes, M.: On the undecidability of second-order unification. Informationand Computation (1-2), 125–150 (2000)19. Martelli, A., Montanari, U.: An efficient unification algorithm. ACM Transactionson Programming Languages and Systems (TOPLAS) (2), 258–282 (1982)20. Miller, D.: A logic programming language with lambda-abstraction, function vari-ables, and simple unification. Journal of logic and computation (4), 497–536(1991)21. Miller, D.: Unification of simply typed lambda-terms as logic programming. Tech.Rep. MS-CIS-91-24, University of Pennsylvania (1991)22. Miller, D., Nadathur, G.: Programming with higher-order logic. Cambridge Uni-versity Press (2012)23. Milner, R.: A theory of type polymorphism in programming. Journal of computerand system sciences (3), 348–375 (1978)24. Nadathur, G., Miller, D.: Higher-order logic programming. Proceedings of theThird International Logic Programming Conference pp. 448–462 (1984)25. Petit, B.: Semantics of typed lambda-calculus with constructors. Log. MethodsComput. Sci. (1) (2011)26. Ramsey, N., Pfeffer, A.: Stochastic lambda calculus and monads of probabilitydistributions. In: Proceedings of the 29th ACM SIGPLAN-SIGACT symposiumon Principles of programming languages. pp. 154–165 (2002)emantics of a Relational λ -Calculus (Extended Version) 5127. Rozplokhas, D., Vyatkin, A., Boulytchev, D.: Certified semantics for minikanren.In: Proceedings of the 2019 miniKanren and Relational Programming Workshop.pp. 80–98 (2019)28. Schmidt-Schauß, M., Huber, M.: A lambda-calculus with letrec, case, constructorsand non-determinism. arXiv preprint cs/0011008 (2000)29. Smolka, G.: A foundation for higher-order concurrent constraint programming. In:Mathematical Methods in Program Development, pp. 433–458. Springer (1997)30. Somogyi, Z., Henderson, F., Conway, T.: The execution algorithm of mercury,an efficient purely declarative logic programming language. The Journal of LogicProgramming (1-3), 17–64 (1996)31. The Coq Development Team: The Coq proof assistant reference manual. LogiCalProject (2004), http://coq.inria.fr, version 8.032. Urban, C., Pitts, A.M., Gabbay, M.J.: Nominal unification. Theoretical ComputerScience323