Strong Normalization in Typed -Calculi - Semantic Scholar

New Notions of Reduction and Non-Semantic Proofs of -Strong Normalization in Typed -Calculi J. B. Wells A. J. Kfoury [email protected] [email protected] Dept. of Computer Science Dept. of Computer Science Boston University Boston University December 19, 1994 Boston University Computer Science Department Technical Report 94-014

Abstract

Two new notions of reduction for terms of the -calculus are introduced and the question of whether a -term is -strongly normalizing is reduced to the question of whether a -term is merely normalizing under one of the new notions of reduction. This leads to a new way to prove -strong normalization for typed -calculi. Instead of the usual semantic proof style based on Girard's \candidats de reductibilite", termination can be proved using a decreasing metric over a well-founded ordering in a style more common in the eld of term rewriting. This new proof method is applied to the simply-typed -calculus and the system of intersection types.



This work is partly supported by NSF grant CCR{9113196.

1 Introduction

1.1 Background and Motivation.

The problem of strong normalization of -reduction ( -SN) has been considered for various typed -calculi for over 25 years. Tait's proof that all -terms typable in the simply-typed -calculus (actually, Godel's system T) are -SN can be seen as the basis of Girard's proof of the -SN property for higher-order typed -calculi, speci cally, for systems F and F! [Tai67, Gir71, Gir72]. Girard's method, using the so-called reducibility candidates (\candidats de reductibilite"), has been the paradigm for all later -SN proofs for system F and other extensions of the simply-typed -calculus such as the system of positive-recursive types and the system of intersection types. Although later proofs of the -SN property have their respective merits, they are essentially variations on Girard's original proof, simplifying or reformulating or cleaning up many of the concepts. All of these proofs rely heavily on semantics (model theory). Underlying them all is the concept of \reducibility candidate" (or \saturated set" or \type set") which is a set of strongly normalizable -terms (typed in some papers, untyped in others) satisfying certain closure conditions. Perhaps the least transparent part of this approach is the choice of closure conditions, which indeed vary from one proof to another, sometimes in subtle ways. (Gallier's paper [Gal90] is a useful comparative study of all proofs published until 1990.) In a very recent proof [MKO94], although the closure conditions are formally eliminated, they are still present in the guise of an evaluation function. In any case, there is a certain amount of diculty in understanding the semantic de nitions. In this paper, we deal with the system of intersection types, so we brie y review the background of this system here. This type system was introduced by Coppo and Dezani just before 1980 [CDC80, CDCV81]. There are two important variants of the system, one of which is an extension of the other. We deal with the more basic system here which does not mention the ! type constant, for which the -SN property has been established in papers by Pottinger [Pot80] and Leivant [Lei86] by extending Girard's original method. This system has the interesting property that the set of -terms typable in this system is exactly the set of -terms which are -SN.

1.2 Contributions of This Paper.

For the last 25 years or so, proving the -SN property for typed -calculi has been done one way|one basic method with many variations and re nements. Although there have undoubtedly been attempts to prove the -SN property in other ways, no such results have been seen in the literature. We wish to break this trend by presenting a completely dierent method for proving the -SN property. Our method is strictly proof-theoretic, relying on simple combinatorial properties of -reduction and type-inference systems. The method consists of two parts: 1. The question of whether a -term is -strongly normalizing is reduced to the question of whether the -term is normalizing under a new notion of reduction, ?-reduction. 2. The ?-normalization of all -terms typable in certain typed -calculi is established. For didactic reasons, we rst apply our method to the simply-typed -calculus. The proof for simple types then extends in a simple way to the system of intersection types. For the rst part, in Section 3, we de ne new notions of reduction. One notion is ?-reduction, mentioned above, which is itself based on another new notion called -reduction. These notions 1

of reduction have several implications regarding the pure untyped -calculus that go beyond the scope of the present report. Enough of their properties are included here in order to present our method for proving the -SN of typed -calculi. Essentially, -reduction is a simple size-preserving transformation that reorganizes -bindings in a -term without changing the \meaning" of the -term. -reduction can be seen as \raising" a -abstraction outside of an enclosing -redex. ?reduction combines a -reduction step of an I -redex followed by reduction to -normal form to bypass K -redexes. This behavior leads to the results that ?-reduction preserves the -SN property and every ?-normal form is -SN. From this, it can be seen that ?-normalization implies -strong normalization. Thus, to prove the -SN property, that every possible -reduction sequence must terminate, it is sucient to show the ?-normalization property, that there is some ?-reduction sequence that terminates. For the second part, in Section 4, we show that if a -term M is typable in the simply-typed -calculus (or in the intersection-type discipline in Section 5) then we can devise a ?-reduction strategy from M and attach a particular well-founded partial ordering to it that guarantees the reduction strategy must terminate (normalize)|thus implying -SN by the rst part. The required reduction strategy is very simple: just reduce innermost I -redexes. The new proof method for proving -SN results which we present is important for several reasons. First, it is completely dierent from the previous methods. Nowhere does the new method involve concepts related to reducibility candidates, closure conditions, interpretation with respect to a model, validity, or soundness. Instead, the new method is very much in the style of decreasingmetric termination proofs found in the term rewriting literature. Second, we feel the new method compares well in understandability with previous proof methods. Using a decreasing metric on a well-founded order is a simple-to-understand way to show termination. In terms of proof length, this presentation includes all details; the reader is not asked to ll anything in. Although some recent proofs utilizing the reducibility candidate method have been very short, they do not seem to be any more intuitive. It would seem more appropriate to compare the length of this paper to the length of early -SN results using the semantic methods, since this method has not yet had 25 years of work on simplifying the proof. We feel that the end result is a transparent proof, but we let the reader be the nal judge on this.

1.3 Future Work.

The two typed -calculi for which we have carried our method all the way through give us reason for optimism regarding applying the method to other typed -calculi. In a sense, simple types and intersection types correspond respectively to a minimal and a maximal type discipline for which -SN holds; every type system in use includes the simple types, while the intersection-type discipline can derive a type for every -SN -term. Hence, given any other higher-order typed calculus for which we are interested in proving -SN|such as System F or some of its restrictions or extensions|there are two ways of proceeding. The direct way is to attach a well-founded partial ordering to a ?-reduction sequence, guaranteeing its termination. The indirect way is to translate an arbitrary derivation in the given type system into a derivation in the intersection-type discipline for the same untyped -term, without making use of the already-known fact that the type system types only -SN -terms. We are particularly interested in system F (and certain restrictions and extensions of F) and in the positive-recursive-type discipline. In subsequent reports we wish to examine the -SN property for these systems. 2

2 The Untyped -Calculus In this section we present our de nitions, notation, and nomenclature for standard concepts of the untyped -calculus.

2.1 -Terms.

The set of all -terms  is built from the countably in nite set of -term variables V using application and -abstraction as speci ed by the usual grammar  ::= V j ( ) j (V : ). Small Roman letters (e.g. x, y , z ) are used as metavariables ranging over V and capital Roman letters as metavariables ranging over . When writing -terms, application associates to the left so that MNP  (MN )P and the scope of \x:" extends as far to the right as possible. We assume at all times that every -term M obeys the restriction that no variable is -bound more than once and no variable occurs both -bound and free in M . We assume -conversion is used when necessary to make this happen. As usual, FV(M ) and BV(M ) denote the free and -bound variables of a -term M . The expression M [x := N ] denotes the result of substituting N for all free occurrences of x in M , renaming -bound variables in M as necessary to maintain our assumptions and to avoid capturing free variables of N . A context C [ ] is a -term with one hole (sometimes more than one) and if M is a -term then C [M ] denotes the result of inserting M into the hole in C [ ], including the capture of free variables in M by the -bound variables of C [ ]. Unless speci ed otherwise, a context has only one hole. If M and N are -terms, then M  N means that M and N are identical after allowing -conversion. N  M denotes that N is a proper subterm of M and N  M includes the possibility that N  M .

2.2 Reduction. Our notation on reduction generally follows Barendregt's [Bar84, x 3.1, p. 50{59] with some minor dierences. A reduction relation R is a set of pairs of -terms. If (M; N ) 2 R, then we say that M is an R-redex and N is its contractum. If C [ ] is a context and (M; N ) 2 R, then (C [M ]; C [N ]) is in the contextual closure of R and we say that C [M ] R-reduces to C [N ] via the redex M and M C [N ]. If M R-reduces to N by some unspeci ed redex, we write this we write this as C [M ] ?! as M ?! N . If M ?! N , we say that N is a R-reduct of M . The transitive, re exive closure of \?!" is written as \?! !". A R-normal form is a -term containing no R-redexes which therefore does not R-reduce to any other term. If M ?! ! N and N is a R-normal form, we say that M R-normalizes and that N is a R-normal form of M . If M has only one R-normal form N , this is denoted by R-nf (M ) = N or by M ??! N . If there are no in nite R-reduction sequences starting from M , then M is R-strongly normalizing, also written as R-SN. M is R-in nite, denoted R?1(M ), if and only if M is not R-SN. The standard notion of reduction, -reduction, is of course the least relation such that: R

R

R

R

R

R

R-nf

((x:P )Q) ?! P [x := Q] It is well-known that all -terms are -con uent (Church-Rosser) and that -normal forms are unique. 3

3 -Strong Normalization and ?-Normalization In this section, we introduce two new notions of reduction, -reduction and ?-reduction (a combination of -reduction and -reduction), which are used throughout the rest of the paper. These notions of reduction transform -terms in ways that are easier to analyze than -reduction. The main result of this section is Theorem 3.11 which implies that the question of -strong normalization can be reduced to the question of ?-normalization. Subsequent sections will then show for certain typed -calculi that all typable terms have ?-normal forms, implying that all typable terms are -strongly normalizing.

3.1 -Reduction and -Normal Forms.

De nition 3.1 -reduction is the least reduction relation such that: ((x:(y:N ))P ) ?!

(y:((x:N )P )) We assume that x = 6 y and y 62 FV(P ), using -conversion if necessary. In a pictorial format, this reduction looks like this:

y

x P y N

?!

x P N

All of the standard notation for a reduction relation is used for -reduction.

Lemma 3.2 For every M 2 : 1. M is -SN.

2. -nf (M ) is unique.

Proof: The claims are proved separately. 1. Count the number of pairs of subterm occurrences P and Q in M such that P is a -redex, P contains Q, and there is no subterm (RS ) contained within P such that Q is contained within S . It is easy to see that every -reduction step reduces this count. Thus, there cannot be an in nite -reduction sequence. 2. First, we show that -reduction is con uent (Church-Rosser), from which our claim follows:


M



?

N

P

Q

Let
 ((x:(y:S ))T ) and let M  C [
] for some context C [ ]. Let ?  ((w:(v:U ))V ). Consider the possible relationships between the -redexes
and ?. (a) ? 
. The result is immediate. 4

(b) ? 
or
 ?. If this is the case, then one of ?  S or ?  T or
 U or
 V holds. Since all of these case are handled identically, suppose that ?  S . Let S  D[?] and let ? be the -contractum of ?. Clearly: 0

M  C [((x:(y:D[?]))T )] N  C [(y:((x:D[?])T ))] P  C [((x:(y:D[? ]))T )] 0

If we de ne Q as follows:

Q  C [(y:((x:D[? ])T ))] ? Q and that P ?! Q. then it is easy to check that N ?!

(c) ? 6
and
6 ?. Let M  C [
; ?] where C [ ; ] is a context with two holes. Let ? be the -contractum of ? and
the -contractum of
. Clearly, P  C [
; ? ] and ? N  C [
; ?]. If we let Q  C [
; ? ], then it is easy to check that N ?!

Q and that
Q. P ?!

0

0

0

0



0

0

It is easy to give an inductive de nition of those -terms which happen to be in -normal form. The set  of -normal forms is de ned inductively as follows: 1. x 2  if x 2 V . 2. (MN ) 2  if M; N 2  and M is not a -abstraction. 3. (x:M ) 2  if M 2  and x 2 V . 4. ((x:M )N ) 2  if M; N 2  , M is not a -abstraction, and x 2 V .

Lemma 3.3 A -term M is in -nf if and only if M 2  . Proof: The two directions are proved separately. ( If M 2  , then M can not contain a -redex, by induction on the de nition of M . ) Suppose M is in -nf and M 62  and then derive a contradiction. Let N be a least subterm of M such that N 62  . Since N is a least such subterm, every proper subterm of N must belong to  . For every possible shape of N , we derive a contradiction. 1. Obviously, N can not be a variable because that would contradict part 1 of the de nition of  . 2. N can not be of the form ((x:y:P )Q) because then N would be a -redex, contradicting the fact that M is in -nf . 3. It is also impossible for N to be of the form (PQ) (respectively ((x:P )Q)) where P is not a -abstraction. If this were the case, then since P 2  and by part 2 (respectively part 4) of the de nition of  , N would be in  , a contradiction. 4. N can not be of the form (x:P ) because the fact that P 2  would mean that N 2  by part 3 of the de nition of  . 5



A subterm occurrence N in M is passive if N  M or N occurs as (PN )  M for some P or N occurs as (x:N ) where (x:N ) is passive, otherwise N is active. (Note that this de nition is dierent from [Bar84, x 2.1.8 (iv), p. 25].) Generally, if there is a -abstraction (z:Z ) in X and X ?!

Y and there is a -abstraction (z:Z ) in Y , we say that (z:Z ) and (z:Z ) are the same -abstraction, even though the bodies Z and Z may be dierent. Lemma 3.4 -reduction has these properties: 1. -abstractions are neither destroyed nor introduced. 2. If a -abstraction is the function of a -redex before a -reduction step, it is still the function of a -redex after the -reduction step. 3. If a -abstraction becomes the function of a fresh -redex after a -reduction step, then it was active before the -reduction step. 4. If a -abstraction is passive before a -reduction step, then it is still passive after the reduction step. 5. If a -term is in -normal form, then all of its active -abstractions are functions of -redexes. Proof: Each property is proved separately. 1. Obvious from the de nition. 2. Obvious from the de nition. 3. There is only one case when a -abstraction which was not part of a -redex before a reduction step becomes part of a -redex after the -reduction step. This can only happen when a -redex ?  ((x:(y:M ))N ) occurs as the function of an application as in (?P ). In this case, the -abstraction which becomes part of a -redex was (y:M ) which was in an active position. 4. When a -redex ?  ((x:(y:M ))N ) in the -term C [?] is reduced, the subterm M is active both before and after the -reduction step, the subterm N is passive both before and after, the abstraction over x is active both before and after, the abstraction over y is active before, and all subterms not inside ? retain their active or passive status as do all subterms inside M or N . 5. Suppose M 2  and (y:N )  M is active but not the function of a -redex. Since (y:N ) is active, it must occur either as ((y:N )P ) or as (x:(y:N )) where (x:(y:N )) is active. The rst alternative, ((y:N )P ), is impossible since (y:N ) is not the function of a -redex. By induction on the number of enclosing abstractions, we prove that the second alternative, occuring as (x:(y:N )) which is active, is also impossible. In the base case, there may not be any enclosing abstractions, so (x:(y:N )) is immediately impossible. In the induction case, there may be n + 1 enclosing abstractions around (y:N ), so there may be only n enclosing abstractions around (x:(y:N )). By induction, it is then the case that since (x:(y:N )) is active it must be the function of a -redex, so it occurs as ((x:(y:N ))P ). However, this is a -redex which is impossible since M is in -normal form. 0

0

0



6

3.2 -Reduction and -Strong Normalization.

In this subsection, we show that if the result of -reduction is -SN, then the input must also have been -SN. (We could show that -reduction preserves the -SN property, but we will not need such a general result later.) To reach this result we will need some auxiliary lemmas and a method for keeping track of the residuals of both -redexes and -redexes under both -reduction and -reduction. To keep track of a -redex
 ((x:P )Q) and its residuals relative to -reduction as well as -reduction, we mark its leading  with a subscripted index i 2 N. For example, the marked -redex
is written as ((ix:P )Q). The notation we use is in the style of [Bar84, x 11.1.2, p. 279 and x 11.2.4, p. 284]. It is also necessary to keep track of -redexes and their residuals relative to both -reduction and -reduction. For this, we also mark the leading  of the -redex with an index j 2 N, but this time in superscript position. For example, for the -redex ((x:y:N )P ), the marked version will be written as ((j x:y:N )P ). It will be possible for the same  to be marked as part of both a -redex and a -redex, in which case it will have both a subscript and a superscript. The set ] of marked terms is de ned inductively as follows: 1. x 2 ] if x 2 V . 2. (MN ) 2 ] if M; N 2 ] . 3. (x:M ) 2 ] if M 2 ] and x 2 V . 4. Marked -redex: ((ix:M )N ) 2 ] if M; N 2 ] , x 2 V , and i 2 N is a fresh index. 5. Marked -redex: ((ix:y:M )N ) 2 ] if M; N 2 ] , x; y 2 V , and i 2 N is a fresh index. 6. Simultaneously marked -redex and -redex: ((ji x:y:M )N ) 2 ] if M; N 2 ] , x; y 2 V , and i; j 2 N are fresh indices. If M 2 ] then jM j denotes the term in  resulting from erasing all indices in M . The notions of reduction and are extended to marked terms in the following manner. The notation [i] means the index i may or may not be present, but if it is present in one occurrence of [i] it is present in all others. (([[ji]]x:M )N ) ?! M [x := N ] (([[ji]]x:(y:M ))N ) ?!

(y:(([i]x:M )N )) It is important to notice that -reduction of a redex that is both a marked -redex and a marked

-redex will erase both markings, while -reduction will erase only the marking of the -redex, preserving the marking of the -redex. Let M; N be terms in ,
be a -redex (respectively -redex) occurrence in M , ? be a -redex (respectively -redex) occurrence in N , and  a -reduction from M to N :

 : M ?! ! N 7

The redex ? is a residual of the redex
(relative to the reduction  ) if  can be lifted to a reduction  from M 2 ] to N 2 ] such that: : M N 0

0

0

0

0

0

j j

:

j j

M

N



where
is the only marked redex in M (with some index i 2 N) and ? is one of the marked redexes in N (with the same index i). 0

0

Lemma 3.5 For every M 2  it is the case that: M














Proof: Let ?  ((x:(y:N ))P ) be a -redex occurrence in M . Let
be a -redex occurrence in

M . Consider the dierent possible relationships between ? and
. 1. If
 ?, then this is the case: M ? M 0









0




where
 ((x:N )P ) is the residual of
in M . 2. If either
 ? (in which case either
 N or
 P ) or
6 ? and ? 6
, then it must be the case that: ? 0

0

M




M

M

0


?0

00




where ? is the residual of ? in M . Notice that the the residual of
in M is exactly
and that when ? 6
it is the case that ?  ? . 3. If ? 
, then this must be the case: 0

00

0

0

M

?




M

M

0




00

8

M

0

000

where
is the residual of
in M and the reduction from M to M reduces all residuals of ? in M . Thus, for all cases it holds that: 0

0

00

000

00

M














Diagram chasing then produces the desired conclusion:

M
















Lemma 3.6 For every M 2 , if -nf (M ) is -SN then M is -SN. (We claim that the converse of Lemma 3.6 is also true. However, it requires a more subtle argument and it is not needed in this paper.)

Proof: Let M = -nf (M ). We now prove that if -1(M ) then -1(M ), which is logically 0

0

equivalent to the claim of the lemma. Suppose  were an in nite -reduction from M . Using Lemma 3.5 allows erecting an in nite -reduction  from M : : M





0

-nf

: 0

M

0



0























3.3 Preservation of -Strong Normalization by I-Reduction.

When -reduction is restricted to I -redexes, we call it I -reduction. It is already known that I -reduction preserves the -SN property. We present here the necessary observations to make use

of this known result. Let
 ((x:P )Q). If x 2 FV(P ) then
is an I -redex. Otherwise, if x 62 FV(P ) then
is a K -redex. (Following [Bar84, x 11.3.6, p. 296].)
N where
is an I -redex. Then M is -SN if and only if N is -SN. Lemma 3.7 Let M ?! Proof: The two directions of the equivalence are proved separately.

9



) Immediate. ( This is true if and only if the contrapositive is true: -1(M ) implies -1(N ). This is exactly the statement of the Conservation Theorem [Bar84, x 13.4.12, p. 343].

3.4 ?-Reduction.

In this subsection, we de ne ?-reduction, a combination of -reduction and -reduction. We then prove the major result of Theorem 3.11, showing that the question of -strong normalization can be reduced to the question of ?-normalization. The importance of this result is the fact that it is easier to prove a normalization result than a strong normalization result, because the reduction strategy can be chosen. De nition 3.8 For two terms M; N 2  , we de ne M ?! ? N to hold if there is an I -redex ? in M and a term M 2  such that: 0

? M ??! N M ?!

0

-nf

All of the standard notation for a reduction relation is used for ?-reduction. Lemma 3.9 For all M; N 2  , if M ?! ?! N and N is -SN, then M is also -SN. Proof: It is sucient to show the claim for a single ?-reduction step: if M ?! ? N and N is -SN,
M where
then M is also -SN. This is a consequence of Lemma 3.7 (for the reduction M ?! is an I -redex) and Lemma 3.6 (for the reduction M ??! N ). 

Lemma 3.10 Let M 2  be a term containing no I -redexes. Then M is -SN. Proof: By induction on the number of -redexes in M . For the base case where there are no redexes, the result is immediate. For the induction step, let f
1; : : : ;
n+1g be the set of all redex occurrences in M . All of these redexes are K -redexes. Let
n+1  ((x:P )Q) where x does not occur in P . Assume for some j 2 f1; : : :; ng it is the case that
i  Q if and only if j < i  n.
n N . We now show that the set of all -redexes in N is exactly Consider the -reduction step M ?! f
1; : : : ;
jg where for 1  i  j it is the case that
i is the residual of
i and that N 2  . Let M  C [
n+1] for some context C [ ] with exactly one hole. It is clear that N  C [P ]. Because M is in -normal form, P can not be a -abstraction, and since x does not occur in P , no new -redex is formed by the reduction. Any -redex that occurred inside Q was discarded and all others were kept but not duplicated, so the set of remaining -redexes is exactly as claimed. Since N contains only j < n + 1 -redexes and since N 2  , we can assume by induction that N is -SN. Since the -redex
n+1 which we reduced was picked arbitrarily and no in nite -reduction can follow from its reduction, this proves that M is -SN.  Theorem 3.11 For any term M 2 , if -nf (M ) is ?-normalizing (there is at least one ?-reduction from -nf (M ) which terminates) then M is -SN. (We claim the converse of Theorem 3.11 is also true, but do not prove it and do not need it.) Proof: If -nf (M ) is ?-normalizing, then by Lemma 3.9 and Lemma 3.10 (since a ?-normal form belongs to  and has no I -redexes) it holds that -nf (M ) is -SN. By Lemma 3.6 we conclude that M is -SN.  0

0

-nf

0

0

0

10

4 ?-Normalization of the Simply-Typed -Calculus In this section, we prove that every simply-typed -term is -SN. This is a new proof for a wellknown result and it is probably not any simpler than many of the other proofs in the literature already. The novelty of this proof is that the argument does not depend on semantic notions such as models, interpretations, proofs of soundness, etc. Instead, this proof is a decreasing-metric termination proof of the style more frequently seen in the eld of term rewriting. In Section 5, we will generalize this proof to the more complicated intersection-type discipline.

4.1 The Simply-Typed -Calculus.

In this paper, it is convenient to de ne the simply-typed -calculus in an explicitly-typed manner, where every subterm and bound variable of a typed -term is annotated with an explicit type, written in superscript position for convenience. (This can be called \Church" style.) For example, one simple typing of ((x:x)(y:y )) might be written as: ((x :x )( !

!

)!(!)(y :y )!)!

!

Let  be the set of simply-typed -terms. The set of simple types T is built from the countably in nite set of type variables V using the \!" type constructor as speci ed by the grammar T ::= V j (T! T). A type is therefore either a type variable or a !-type. Small Greek letters from the beginning of the alphabet (e.g. , ,

, ) are metavariables over V and small Greek letters towards the end of the alphabet (e.g.  and  ) are metavariables over T. When writing types, the arrows associate to the right so that  !  !  =  ! ( ! ). The -term variables are pairs of untyped variables and types, written as x , y  , z  , and so on. Instead of using type assignments (sometimes called contexts or environments), we require every typed -terms M to satisfy the property that: !

(y)

For all x ; y  2 FV(M ) [ BV(M ); if x = y then  = 

The set  of simply-typed -terms and a type-erasing function j j from  to  are de ned inductively as follows: 1. x 2  and jx j = x if x 2 V and  2 T. 2. (M   N  ) 2  and j(M   N  ) j = (jM   jjN  j) if M   2  and N  2  . 3. (x :M  )  2  and j(x :M  )  j = (x:jM  j) if M  2  and  2 T. Provided all of the free and bound variables in a -term are annotated with types, the types annotating applications and -abstractions may be omitted with no loss of information. We choose to present the simply-typed -terms in a \Church" style rather than a \Curry" style partly because this gives a natural interpretation for -reduction and -reduction. In the Church style, using the natural extension of -reduction to the simply-typed -calculus, a -reduct or a -reduct of M automatically inherits a simple-typing from M . This will prove to be vital for our purposes. In the Curry style, if M is typable and M ?! N , then N is also typable, but a !

!

!

!

!

!

!

!

!

!

!

!

!

11

!

mechanism must be de ned to construct the typing for N from the typing for M . Also, if M ?! N, the reduct N may have typings that are not necessarily derived from the typing for M . We now de ne explicitly how -reduction and -reduction work on simply-typed -terms. If M 2  and
is a -redex occurrence in M such that !


 ((x :P  )  Q ) !

and M  C [
] where C [ ] is a context with exactly one hole, then:
C [P  [x := Q ]] M ?!

If ? is a -redex occurrence in M such that ?  ((x :(y :N  )  ) !

  P  )!

! !

and M  D[?] where D[ ] is a context with exactly one hole, then: ? D[(y :((x :N  )  P  ) )  ] M ?!

!

!

4.2 A Metric on Simply-Typed -Terms.

The proof for ?-normalization later in this section uses a metric order on -terms that decreases after each reduction step. This metric is de ned on the types involved in the I -redexes in the -term. For simple types, de ne the function order inductively as follows: 1. order () = 0 where  2 V is a type variable. 2. order ( !  ) = maxf1 + order ( ); order ( )g. Let
be a simply-typed -redex so that: 


 ((x :P  )  Q ) !

De ne order (
) = order ( ). Let M be a simply-typed -term. Let the set of all I -redex occurrences in M be f
1; : : :;
ng. De ne the function order from -terms to multisets over N so that: 

order (M ) = forder (
1); : : :; order (
n)g 

Thus, for any -term M , order (M ) is a nite multiset of natural numbers. Observe that K -redexes do not contribute to the value of order (M ). 



4.3 A Well-Founded Multiset Ordering.

Since the metric order computes multisets of natural numbers instead of just single natural numbers, we can not use the simple, numeric \ 1

it must be the case that either order ( ~jk) = order (j~k;1 ) or order ( ~jk ) = maxforder (j~k;1 ); : : :; order (~jk;p )g for some p > 1

Thus, in either case, for any p  1, order ( ~jk)  order (~jk;p ). Since ~jk = ('~kj ! ~jk+1), by de nition it is the case that order (~jk ) = maxf1+ order ('~kj ); order ( ~jk+1)g. Thus, both order (~jk )  order ( ~jk+1) and order (~jk ) > order ('~kj ). At this point, a simple induction establishes that for 1  j  m, for 1  i  n, and for any ~k that begins with i that order (X )  order (i )  order (~jk ) > order ('~kj ). For each active occurrence of v in S , one or more -redexes will be formed by the ?-reduction step. Usually, some of these -redexes will be formed by the -reduction step from M to M and some will be formed by the -reduction steps from M to N . 0

0

20

First, we show that for each -redex Y formed by the -reduction step that order (Y ) < order (X ). Examine the untyped version of the -reduction step. Wherever v occurs as (vR) for some subterm R, the -reduction step will form the -redex ((x1: : : : :xm:Q)R). No other kind of -redex can be formed by the -reduction step. Examine now the typed version of the -reduction step. Within each Si, occurrences of vii are replaced by Pii . Suppose the type i is a ^-type. Since the rule for forming applications requires a !-type for the function, there must be an occurrence of the ^?E constructor. So an instance of the substitution will look like this: i;1

i;p

((^?E (^?I (W1i;1)1


(W1i;p )1 ))R) for some p > 1. One r-reduction step will produce this: i;j

((W1i;j )1 R) where 1  j  p. Suppose instead the type i is a !-type. Then an instance of the substitution will look like this: i;1 ((W1i;1)1 R) In either case, the type of the function of the new 1-redex is 1i;1 = ('i;1 1 ! 2i;1). Thus, the value of order on the new 1-redex is order ('i;1 1) which has already been shown to be smaller than order (i) which is less than or equal to order (X ). The new -redex Y is a parallel set of such new 1-redexes. The value of order (Y ) is the maximum of the value on each of its constituent 1-redexes. Thus, the desired result is shown. Now, we show that for each -redex Y formed by the -reduction steps from M to N that order (Y ) < order (X ). To do this, rst we analyze the -abstractions which may become involved in fresh -redexes. By Lemma 3.4, we know that (at the untyped level) if a -redex is formed by one of the -reduction steps from M to N , the function of the new -redex must be a -abstraction that existed in M , which was not already part of a -redex, and which was active in M . Since M was in -normal form, all active -abstractions in M were already the functions of -redexes. The only active abstractions in M which are not functions of -redexes are the outermost abstractions of the copies of P wherever an active occurrence of v was replaced. Thus, for each fresh (untyped) -redex ?, the function of ? must be a copy of one of the outermost abstractions of P . Consider a fresh (typed) -redex Y = fZ11 ; : : :; Zrr g. From the preceding statements we may conclude that for each 1-redex Zi that the bound variable of the function of Zi is a copy of x~kj for some j and ~k. Recall the de nition of how -reduction works on -terms in  . When a -reduction step rearranges -abstractions, the types assigned to the bound variables move with them. When a r-reduction step rearranges subterms, any types assigned to bound variables after~ the step were assigned to those bound variables before the step. Thus, order (Zii ) = order ('kj ) < order (X ). Since order (Y ) is the maximum of these values, it is clear that order (Y ) < order (X ).  0

0

0

0

0

^

Theorem 5.2 If M  2  , then M  is -SN. Proof: The proof is a combination of the proofs for Lemma 4.3 and Theorem 4.4 except that it depends on Lemma 5.1 instead of Lemma 4.2.  ^

21

References [Bar84] [Bar92]

H. P. Barendregt. The Lambda Calculus: Its Syntax and Semantics. North-Holland, revised edition, 1984. H. P. Barendregt. Lambda calculi with types. In S. Abramsky, D. M. Gabbay, and T. S. E. Maibaum, eds., Handbook of Logic in Computer Science, vol. 2, chapter 2, pp. 117{309. Oxford University Press, 1992. [CC90] F. Cardone and M. Coppo. Two extensions of Curry's type inference system. In Odifreddi [Odi90], chapter 1, pp. 19{75. [CDC80] M. Coppo and M. Dezani-Ciancaglini. An extension of basic functionality theory for lambda-calculus. Notre Dame J. Formal Log., 21:685{693, 1980. [CDCV81] M. Coppo, M. Dezani-Ciancaglini, and B. Venneri. Functional characters of solvable terms. Z. Math. Log. Grund. Math., 27:45{58, 1981. [DM79] N. Dershowitz and Z. Manna. Proving termination with multiset orderings. J. ACM, 22:465{476, 1979. [Gal90] J. H. Gallier. On Girard's \candidats de reductibilite". In Odifreddi [Odi90], pp. 123{203. [Gir71] J.-Y. Girard. Une extension de l'interpretation de Godel a l'analyse, et son application a l'elimination des coupures dans l'analyse et la theorie des types. In J. E. Fenstad, ed., Proceedings of 2nd Scandinavian Logic Symposium, pp. 63{92, Amsterdam, 1971. North Holland. [Gir72] J.-Y. Girard. Interpretation Fonctionnelle et Elimination des Coupures de l'Arithmetique d'Ordre Superieur. These d'Etat, Universite Paris VII, 1972. [Lei86] D. Leivant. Typing and computational properties of lambda expressions. Theoretical Comput. Sci., 44:51{68, 1986. [MKO94] D. A. McAllester, J. Kucan, and D. Otth. A proof of strong normalization for F2 , F! , and beyond. Technical report, Massachusetts Institute of Technology Laboratory for Computer Science, 1994. [Odi90] P. Odifreddi, ed. Logic and Computer Science. Number 31 in the APIC Series. Academic Press, 1990. [Pot80] G. Pottinger. A type assignment for the strongly normalizable -terms. In J. P. Seldin and J. R. Hindley, eds., To H. B. Curry: Essays on Combinatory Logic, Lambda Calculus, and Formalism, pp. 561{577. Academic Press, 1980. [Tai67] W. W. Tait. Intensional interpretation of functionals of nite type I. J. Symbolic Logic, 32:198{212, 1967.

22