Combining Type Disciplines

Combining Type Disciplines

F.Cardone U. de'Liguoro M. Dezani Ciancaglini

Dedicated to Corrado Bohm on the occasion of his 70th birthday

Abstract

We present a type inference system for pure ^-calculus which includes, in addition to arrow types, also universal and existential type quantiers, intersection and union types, and type recursion. The interest of this system lies in the fact that it oers a possibility to study in a unied framework a wide range of type constructors. We investigate the main syntactical properties of the system, including an analysis of the preservation of types under parallel reduction strategies, leading to a form of the subject- reduction property. We describe a model for this system where types are special subsets of a^D1model for^-calculus, without imposing any formal contractiveness constraint on types of the kind considered for a closely related system in MacQueen, Plotkin and Sethi [17].

Introduction

Current research in the theory of programming languages has emphasized the relevance of investigating the properties of type disciplines with a suciently rich set of type constructors, in order to achieve greater exibility in the use of type annotations as descriptions of the functional behaviour of programs. One of many possible ways to meet this requirement is exemplied by the family of higher-order, strongly typed languages patterned after the Theory of Constructions (Coquand and Huet [14]), in which a type of a program can be considered as alogical specication of it. Another, orthogonal, line of research consists in studying rst order type constructors more directly related to the intuition of a type as a collection of values.

From the latter viewpoint it is important to emphasize the connections between computational properties of expressions (e.g. strong normalizability, subject reduction or even strictness properties) and the possible forms of their typings. There are by now several examples in the literature which demonstrate the interest of this line of research. Theintersection types of Coppo and Dezani [12], originally introduced for studying the normalization properties of pure -terms, have been shown to characterize exactly the class of strongly normalizable -terms (Pottinger [22]). Recursive typesin which the recursion variable occurs only posistively can be assigned only to strongly normalizing terms (Mendler [18]), and interesting developments in the use of intersection types to detect strictness properties of functional programs have been found recently (Coppo and Ferrari [13]). It turns out that combinations of some of these type constructors oer an abstract environment for studying features coming from the theory and practice of programming. In particular, recent research by John Reynolds (Reynolds [24, 25]) has shown how to encode record types using intersection, and their interaction with general type recursion allows, to a certain extent, to formalize examples from object oriented programming, like that of a class of points described by the type:

Point = P:(setX : Int^!P ^{^}getX : Int):

Benjamin Pierce (Pierce [21]) has also devised the following example, showing that some real expressive power is gained whenunion types are added to intersection types. The

if

then

else

operator is such that the type NegNum^_PosNum can be assigned to the term

n

=

if

b

then

1

else

^;1. To test whether

n

is zero, using the function

IsZero : (NegNum^!False)^{^}(Zero^!True)^{^}(PosNum^!False);

amounts to derive the typing

IsZero

n

: False:

Without using union types, the best information about IsZero

n

is that it is just a boolean value. Recently, ML types have been rened using intersection and union type constructors (Pfenning [15]). Moreover, some examples show the utility of adding intersection types to the Logical Frameworks (Pfenning [20]). In these extensions decidability of type inference (resp. type checking) is preserved by permitting only the intersection of types which are subtypes of a common ML (resp. LF) type.

The form of polymorphismdescribed by universal and existential type quantication has been used in the description of free algebras (Bohm and Berarducci [5]) and abstract data types (Mitchell and Plotkin [19]).

More recently, Pierce and Turner have proposed an alternative approach to the embedding of some features of object-oriented programming into higher-order typed systems with existential types, in order to avoid the use of recursive types which are, instead, the main motivation to the introduction ofF-bounded quantication of Cook, Canning, Hill, Mitchell and Oltho [6]. In the analysis of object-oriented programming, the interaction of polymorphism and rst-order type constructors has also proved to be a exible tool, especially when a notion of subtyping is added to the system and polymorphic type constructors include bounded universal quantication and record types as in the languages Fun (Cardelli and Wegner [8]) and Quest (Cardelli [7]).

In this perspective, the present paper studies a type inference system which, in addition to the standard function type constructor, has intersection and union operators, type recursion and both universal and existential type quantiers. We are interested in exploring the consequences of having a wide range of type constructors on the syntactical and semantical properties of the resulting type system. Here we give two equivalent formulations of the type system, one in a natural deduction style and the other in the form of a sequent calculus, and show the invariance of types with respect to a general notion ofparallel reduction of terms, a property which fails for ordinary -reduction of -terms. The natural deduction formulation coincides with the system introduced by MacQueen, Plotkin and Sethi [17], where, however, no proof- theoretic investigation of the system is carried out, while a semantical interpretation based on a complete metric space of ideals is presented. In the present paper we describe a new interpretation for the system, which does not require any restriction on the formation rules for types as those imposed in that approach, and is based on the approximation properties of D¹ -models (Scott [26]) of which the types are taken to be particular subsets. We do not consider subtyping rules for our system, for their formalization in sequent calculus destroys the symmetry of the rules. It is this symmetry that allows us to prove a restricted form of the Haupsatz, the main technical tool used in establishing the preservation of types under parallel reduction.

Observe however that subtyping rules like those of Cardelli and Wegner [8] are satised by the semantical interpretation we propose, essentially because it formalizes in a natural way the intuitions on which these rules are based.

Section 1 and 2 are essentially due to the last two authors, while section 3 is essentially due to the rst author.

1 The type assignment system.

In the present section we describe the syntax of the type inference system that we shall study in the sequel.

The rules for the system are presented in two equivalent ways: the rst one is that given by [17], and is patterned after a natural deduction system of the kind considered in [23]. The second formulation is a sequent calculus in the style of [27], for which a restricted form of cut elimination will be proved in the next section.

Denition 1.1 (Types)

The set T of types is inductively dened by

- t0;t1;:::²

T

(

V

set of type variables, ranged over bys;t;:::) - !²

T

(type constant)

- ; ⁾(^!);(^{^});(^_)²

T

- t²

V

; ²

T

⁾t:;⁸t:;⁹t: ²

T

.

Convention

: we omit parentheses according to the precedence rule: \^{^}and^_over^!".

Atyping statementis an expression of the form M : , where M is a -term and  a type; M is called the subjectand  thepredicate of the typing statement. Abasic typing statement is a typing statement whose subject is a variable. Abasisis a set of basic typing statements such that subjects are pairwise distinct. If B is a basis, FV(B) will denote the set of free term and type variables which occur in B. B;x :  will denote the basis B^[fx : ^gwhen B is a basis such that either x⁶²FV(B) or x : ²B.

Astatementis an expression of the form B ^`M :  (where B is a basis and M :  is a typing statement) that can be derived by the axioms and rules of Denition 1.2.

Denition 1.2 (Natural Deduction Formulation)

The axioms and rules to derive statements are:

(Ax) B;x : ^{`</sup>x :  (!) B<sup>`}M : !

(^!E) B^{`</sup>M : <sup>!</sup> B<sup>`}N : 

B^{`</sup>MN :  (<sup>!</sup>I) B;x : <sup>`}M : 

B^{`</sup>x:M : <sup>!</sup> (I) B<sup>`}M : [t:=t]

B^{`</sup>M : t: (E) B<sup>`}M : t:

B^`M : [t:=t]

(⁸I) B^`M : 

B^{`</sup>M :<sup>8</sup>t: if t<sup>62</sup>FV(B) (<sup>8</sup>E) B<sup>`}M :⁸t:

B^`M : [=t]

(⁹I) B^`M : [=t]

B^{`</sup>M :<sup>9</sup>t: (<sup>9</sup>E) B;x : <sup>`}M :  B ^`N :⁹t:

B^{`</sup>M[N=x] :  if t<sup>62</sup>FV(B)<sup>[</sup>FV() (<sup>^</sup>I) B<sup>`}M :  B^`M : 

B^{`</sup>M : <sup>^</sup> (<sup>^</sup>E) B<sup>`}M : ^{^}

B^{`</sup>M :  B<sup>`}M : ^{^} B^{`</sup>M :  (<sup>_</sup>I) B <sup>`}M : 

B^{`</sup>M : <sup>_</sup> B <sup>`}M : 

B ^{`</sup>M : <sup>_</sup> (<sup>_</sup>E) B;x : <sup>`}M :  B;x :  ^{`</sup>M :  B <sup>`}N : ^_ B^`M[N=x] : 

The admissibility of the following rules is straightforward.

(Weakening) B^`M : 

B;x : ^{`</sup>M :  (Strengthening) B;x : <sup>`}M : 

B^`M :  if x⁶²FV(M):

This presentation looks familiar and intuitive, and it shares with natural deduction systems the nice property of dening the \meaning" of type operators directly, through introduction-elimination rules.

However, if one is interested in the proof theoretical properties of the system it is useful to translate it into a sequent calculus style. To this aim we introduce a type assignment system whose rules are symmetrically introductions to the left and to the right of type constructors. Although we do this primarily for technical reasons, we think that this system is of interest on its own.

This calculus is not a pure sequent calculus since we still consider bases assetsof premises, in order both to keep the two systems as close as possible, and to avoid in the following proofs the boring treatment of structural rules. The \multiplicative" character of its rules is however a typical feature of Gentzen's original calculus that we preserve.

A sequent is an expression of the form B :^; M :  that can be derived by the axioms and rules of Denition 1.3.

We write B;B⁰ to mean B^[B⁰, provided that this is a still a basis, i.e. x is the subject of the same basic typing statement whenever x is in FV(B) and in FV(B⁰).

Denition 1.3 (Sequent Calculus Formulation)

The axioms and rules to derive sequents are:

B;x :  :^;x :  Ax B :^;M : ! ! B;x :  :^;M :  B⁰:^;N : 

B;B⁰;y : ^! :^;M[yN=x] :  ^!L B;x :  :^;M : 

B :^;x:M : ^{! !}R B;x : [t:=t] :^;M : 

B;x : t: :^;M :  L B :^;M : [t:=t]

B :^;M : t: R B;x : [=t] :^;M : 

B;x :⁸t: :^;M :  ⁸L B :^;M : 

B :^;M :⁸t: ⁸R if t⁶²FV(B) B;x :  :^;M : 

B;x :⁹t: :^;M :  ⁹L if t⁶²FV(B)^[FV() B :^;M : [=t]

B :^;M :⁹t: ⁹R B;x :  :^;M : 

B;x : ^{^} :^;M :  B;x :  :^;M : 

B;x : ^{^} :^;M :  ^{^}L B^`M :  B⁰:^;M :  B;B⁰:^;M : ^{^ ^}R B;x :  :^;M :  B⁰;x :  :^;M : 

B;B⁰;x : ^_ :^;M :  ^_L B :^;M : 

B :^;M : ^_ B :^;M : 

B :^;M : ^{_ _}R B;x :  :^;M :  B⁰:^;N : 

B;B⁰:^;M[N=x] :  cut:

It is immediate to verify that rules (Weakening) and (Strengthening) are admissible also in the sequent formulation.

Recall that, by the notational convention just before this denition, the set of assumptions in the conclusion of each rule has to be actually a basis, that is each term variable must occur at most once. There is no loss of generality in this restriction. In fact if B :^;M :  and B⁰ :^;N : , using^{^}L we can always build B⁰⁰ and B⁰⁰⁰ such that B⁰⁰ :^;M :  and B⁰⁰⁰:^;N : , and B⁰⁰;B⁰⁰⁰is a basis. More precisely B⁰⁰ and B⁰⁰⁰will contain x : ^{^} whenever x : ²B and x : ²B⁰.

Notation

(i) If^Dis a derivation ending with B :^;M :  we write^D: B :^;M : .

(ii) We shall denote an arbitrary rule of the sequent calculus by Bi:^;M : i

B :^;N :  rule

assuming that the index i will have the correct value (i.e. i=0, i=1 or i=1,2) and that the involved terms and types will t the rules as dened in Denition 1.3.

The proof of the equivalence between the two formulations is standard.

Lemma 1.4 (Substitution Lemma)

B;x : ^{`</sup>M :  and B<sup>`}N :  ⁾ B^`M[N=x] : .

Proof. This can be proved as usual for Curry type systems, by induction on the derivation of B;x : ^`M : .

However in the present setting we can shorten the proof as follows:

(^_E) B;x :  :^;M :  B;x :  :^;M :  (^_I) B^{`</sup>N :  B <sup>`}N : ^_ B :^;M[N=x] :  :

2

Theorem 1.5 (Equivalence between

^`

and

:^;

)

For all basesB,M ²and types ,

B^`M :  ^, B :^;M : .

Proof. (⁾) By induction on the derivation of B ^`M : , distinguishing cases according to the last inference.

We consider only the interesting cases, i.e. the elimination rules.

Case (^!E):

(^!E) B ^{`</sup>M : <sup>!</sup> B<sup>`}N :  B^`MN :  becomes

x :  :^;x :  Ax ind. hyp.

B :^;N : 

B;y : ^! :^;yN :  ^!L ind. hyp.

B ^`M : ^!

B :^;MN :  cut

Case (E) where ^2f;⁸;^{^g}:

(E) B^{`</sup>M :  B<sup>`}M :  becomes

x :  :^;x :  Ax

x :  :^;x :  L ind. hyp.

B^`M : 

B :^;M :  cut

Case (⁹E):

(⁹E) B;x : ^{`</sup>M :  B<sup>`9}t:N :  B^`M[N=x] : 

becomes ind. hyp.

B;x :  :^;M : 

B;x :⁹t: :^;M :  ⁹L ind. hyp.

B^`N :⁹t:

B :^;M[N=x] :  cut

since t⁶²FV(B)^[FV().

Case (^_E):

(^_E) B;x : ^{`</sup>M :  B;x :  <sup>`}M :  B^{`</sup>N : <sup>_</sup> B<sup>`}M[N=x] : 

becomes ind. hyp.

B;x :  :^;M :  ind. hyp.

B;x :  :^;M : 

B;x : ^_ :^;M :  ^_L ind. hyp.

B^`N : ^_

B :^;M[N=x] :  cut .

(⁽) Symmetrically, by induction on the derivation of B :^; M : . In case of cut use the Substitution Lemma 1.4. The other non trivial cases are the left rules.

Case^!L: B;x :  :^;M :  B⁰:^;N : 

B;B⁰;y : ^! :^;M[yN=x] :  ^!L

We can freely assume that x⁶²FV(B⁰). Now by the induction hypothesis and the admissibility of weakening we have

B;B⁰;y : ^!;x :  ^{`</sup>M :  and B;B<sup>0</sup>;y : <sup>! `}N : :

From this, by (Ax) and (^!E), we get B;B⁰;y : ^{! `}yN : , hence the thesis follows by the Substitution Lemma.

Case L where ^2f;⁸;^_g:

B;x :  :^;M :  B;x :  :^;M :  L :

We have that B;x : ^{`</sup>M :  implies B;x : <sup>`}M :  since each occurrence of the axiom (Ax) B;x : ^`x : 

can be replaced by the following deduction

(E) (Ax) B;x : ^{`</sup>x :  B;x : <sup>`}x :  :

Case⁹L: B;x :  :^;M : 

B;x :⁹t: :^;M :  ⁹L where t⁶²FV(B)^[FV():

By the induction hypothesis B;x :  ^{`</sup>M : , hence, if y is fresh, B;y : <sup>`}M[y=x] : , being deductions independent of the names of variables. By weakening B;x :⁹t:;y : ^`M[y=x] :  so we can conclude:

(⁹E) B;x :⁹t:;y : ^{`</sup>M[y=x] :  B;x :<sup>9</sup>t:<sup>`}x :⁹t:

B;x :⁹t:^`M :  if t⁶²FV(B)^[FV() since M[y=x][x=y]^M.

Case^_L: B;x :  :^;M :  B⁰;x :  :^;M : 

B;B⁰;x : ^_ :^;M :  ^_L :

By the induction hypothesis B;x : ^{`</sup>M : , hence, if y is fresh, B;B<sup>0</sup>;x : <sup>_</sup>;y : <sup>`}M[y=x] : , being deductions independent of the names of variables and using weakening. Similarly, B;B⁰;x : ^_;y :  ^` M[y=x] : ; hence the thesis follows from:

(^_E) B;B⁰;x : ^_;y : ^{`</sup>M[y=x] :  B;B<sup>0</sup>;x : <sup>_</sup>;y : <sup>`}M[y=x] :  B;B⁰;x : ^{_ `</sup>x : <sup>_</sup> B;B<sup>0</sup>;x : <sup>_ `}M :  :

2

2 Invariance of types under parallel reduction of subjects.

The type assignments^`and :^; are not invariant under -reduction of subjects. The problem is that in rule cut we lose the correspondence between subterms and subdeductions; many occurrences of the same subterm correspond infact to a unique subdeduction. For example one can deduce the type ( ^!  ^!)^{^}( ^!

 ^! ) ^! ( ^! ^_) ^!  ^!  both for xyz:x(yz)(yz) and for xyz:x((u:u)yz)((u:u)yz), but this type cannot be deduced for xyz:x(yz)((u:u)yz) or xyz:x((u:u)yz)(yz) (Benjamin Pierce showed us this example). Analogously the type (⁸t:^!^!)^!( ^!9t:)^! ^! (where t does not occur in ) can be deduced for the rst two but not for the second two -terms. Then in this system types are preserved neither under -reduction nor under -expansion. Similar examples show that types are not preserved under

-reduction.

One may ask why the second example does not provide a counterexample to the Type Preservation theorem of [19] which states the invariance of types under -reduction of subjects. Indeed Mitchell and Plotkin's calculus is a strongly typed calculus and the erasure map from typed terms to pure -terms is not onto; now it turns out that the term of type (⁸t: ^! ^! ) ^! ( ^{! 9}t:) ^!  ^!  whose erasure is

xyz:x((u:u)yz)((u:u)yz) does not reduce to any term corresponding either to xyz:x(yz)((u:u)yz) or to xyz:x((u:u)yz)(yz); on the contrary its immediate reduct corresponds to xyz:x(yz)(yz).

Invariance under -reduction is a desirable property, since it gives us the feeling that the rules in the system are, in a sense, correct. But in the present case rules ⁹E, ^_E and cut could hardly be considered

uncorrect; indeed, beside their similarity with rules of the sequent calculus in logic, they turn out to be sound e.g. with respect to the semantics we propose in section 3 of the present paper.

Instead it seems that the phenomenon we are about arises from a mismatch between the type system and the possibility of unbalanced reductions of the subject. In fact we prove the system :^; to be invariant under parallel reduction, hence, by the equivalence of :^; and ^{`</sup>, the same property is established for <sup>`}. More precisely types are invariant under -reductions which are done simultaneously on all occurences of the same subterm which corresponds to the same subdeduction. Since this reduction relation is conal with the usual -reduction, we conclude that each term will have, soon or later, all the types of its expansions, which is in particular true for normal forms.

Our proof is inspired by Gentzen's proof of the Hauptsatz [27]. Following his lines we introduce the notions of rank and degree of cuts, that are used to show that the cut elimination procedure terminates. A similar but simpler proof is carried out for a sistem without ,⁸ and⁹in [2].

The main dierence between our proof and that by Gentzen lies in the fact that we do not have a normal from property (indeed in presence of the universal type and of recursive types also non strongly noramlizable terms are typable), but only a property of preservation of types under the complete development of a suitable set^F of redexes (a \uniform set", see Denition 2.5).

Some technical remarks about the denition of degree are in order. Firstly the degree of a cut is dened to be dierent from 0 only if this cut is relative to a redex belonging to ^F (see Denition 2.11). Secondly union and intersection are proof functional connectives, in the sense of Lopez-Escobar [

?

]: in particular rules

^R and^_L require the same subject in both premises. This implies that cuts whose cut type is an arrow type have to be eliminated all together and after any other cut whose cut type has a \logical" connective as its main operator: this is the reason why arrows have a minimal degree. Finally problems arise from rules

L, R,⁸L and⁹R, since the cut elimination in general results in a cut whose cut type is more complex than the original one: this contradicts the fact that the proof has been shortened, so that the obvious solution is to make degree a function of the \history" of the type occurrence we are considering.

In each rule of the sequent calculus it is natural to distinguish between the type occurrence which has been just generated from the other ones. This can be formalized as follows.

Denition 2.1 (Fathers and Generated Types)

(i) Given any arbitrary rule

rule B_i:^;M : _i B :^;N :  we say that:

- the occurrence ofi in a premise is thefatherof the occurrence of  ii^ (this is true in all left rules and in rulecut);

- if x : ²Bi and x : ²B with^ then the occurrence of  is afatherof the occurrence of; - if the rule isa cut of the shape in Figure 1 then both occurrences of x :  and of y :  in theleft

premise are fathers of the occurrence of x : in the conclusion.

(ii) Looking at the shapes of logical rules as shown in Figure 1 we say that:

- ^! is the typegenerated by^!L and ^!R from and ; -  is the typegeneratedby L and ⁰R from ;

- ^{^} is the type generatedby ^{^}R from and ; - ^_ is the type generatedby ^_L fromand .

Clearly if i⁶= 0 each type either is generated or it has at least one father, the only exception being rule^!L, where the generated type may have two fathers..

The standard denition of type degree is the number of type symbols. We need a more rened notion of type degree which depends on the structure of the derivation rather than on the syntax of the types; in particular it should give the same degree to all arrow types and distinguish between occurrences of the same non arrow type. In fact we need take to take into account the number of rules which have been used in generating the occurrence of non arrow types. This will be claried in remark 2.12.

^R B :^;M :  B⁰:^;M : 

B;B⁰:^;M : ^{^ _}L B;x :  :^;M :  B⁰;x :  :^;M :  B;B⁰;x : ^_ :^;M : 

L B;x :  :^;M : 

B;x :  :^;M :  ^{2f^};⁸;⁹;^{g 0}R B :^;M : 

B :^;M :  ^02f_;⁸;⁹;^g

!L B;x :  :^;M :  B⁰:^;N : 

B;B⁰;y : ^! :^;M[yN=x] :  ^!R B;x :  :^;M :  B :^;x:M : ^! B;x : ;y :  :^;M :  B;x :  :^;x : 

B;x :  :^;M[x=y] :  cut

Figure 1: Possible shapes of logical rules.

Denition 2.2 (Degree of Type Occurrences)

The degree of an occurrence of a typein a deduction

Dis dened by induction on ^D:

- if occurs in the conclusion of Axor! then its degree is 0;

- if  occurs in the conclusion of a logical rule or of the cut and if it is not the generated type, then its degree is the maximum of the degrees of its fathers;

- if^! is the type generated by^!L then its degree is the maximum between the degrees of its fathers and 0:5;

- if ^! is the type generated by ^!R then its degree is0:5;

- if ^{^} (^_) is the type generated by^{^}R (^_L) fromand  then its degree is the maximum of the degrees of and  plus1;

- if  is the type generated byL (^2f;⁸;⁹;^{^g}) or by ⁰R (^02f;⁸;⁹;^_g) from  then its degree is the degree of plus1.

Denition 2.3 (Cut-type and Rank)

Given a cut

cut B;x :  :^;M :  B⁰:^;N :  B;B⁰:^;M[N=x] :  we callthe cut-type.

(i) Theleft rankof the cut is the largest number of consecutive statements in a path such that the lowest of these is the left premise of the cut and the basis of each of these statements contains x : .

(ii) Theright rank of the cut is the largest number of consecutive statements in a path such that the lowest of these statements is the right premise of the cut and  is the predicate of the succedent of each of these statements.

(iii) Therankof the cut is the sum of its left and right ranks.

Denition 2.4 (Ready Cuts and Ready Derivations)

(i) Acutisready i it has rank2;

(ii) aderivationisready i it contains only ready cuts.

where  is either Ax or !

B;x : ! :^;x : !  B⁰:^;M : ! ! B;B⁰:^;M : ! cut (g)

where  is any type constructor

B;x :  :^;x :  Ax Bi:^;M : i

B⁰:^;M :  R

B;B⁰:^;M :  cut

(f)

B_i :^;M : 

B;x :  :^;M :  L B⁰;y :  :^;y :  Ax B;B⁰;y :  :^;M[y=x] :  cut (e)

B;x :  :^;P :  B⁰⁰;x :  :^;P : 

B;B⁰⁰;x : ^_ :^;P :  ^_L B⁰:^;Q :  B⁰:^;Q : ^_ ^_R B;B⁰;B⁰⁰:^;P[Q=x] :  cut (d)

B;x :  :^;P : 

B;x : ^{^} :^;P :  ^{^}L B⁰:^;Q :  B⁰⁰:^;Q :  B⁰;B⁰⁰:^;Q : ^{^} ^{^}R B;B⁰;B⁰⁰:^;P[Q=x] :  cut (c)

where ^2f;⁹;^8g

B;x :  :^;P : 

B;x :  :^;P :  L B⁰:^;Q : ⁰ B⁰:^;Q :  R B;B⁰:^;P[Q=x] :  cut (b)

B;z :  :^;P :  B⁰:^;R : 

B;B⁰;x : ^! :^;P[xR=z] :  ^!L B⁰⁰;y :  :^;Q :  B⁰⁰:^;y:Q : ^! ^!R B;B⁰;B⁰⁰:^;P[xR=z][y:Q=x] :  cut (a)

Figure 2: Possible shapes of ready cuts.

If a cut is ready either its left and right premises are respectively the conclusions of the left and right introduction rule for the principal constructor of the cut-type, or one of its premises is an axiom or an instance of rule !. Figure 2 shows all possible shapes of ready cuts.

We introduce now a notion of parallel reduction. The parallelism comes out from the fact that in each reduction step more than a single redex is contracted.

In order to formalize this idea we dene the notion of uniform set of redex occurrences in a term.

Informallya set of redex occurrences in a term M is called uniform if, whenever it contains a redex occurrence, every other occurrence of the same redex is in the set as well.

As usual any -term M can be identied with its binary syntactical tree, where nodes are represented by the subset ^f0;1^gwhich is the tree domain of M; if N is a subterm of M, and its syntactical subtree is rooted at ^2f0;1^gin the tree of M, then we say that \N occurs at  in M", and denote this occurrence by^h;Nⁱ.

Denition 2.5 (Uniform and

1

-uniform Set of Redexes)

LetM be any -term, then:

(i) Occ(M) =^fh;N^ijN occurs atin M^g;

(ii) Red(M) =^fh;(x:P)Qⁱ²Occ(M)^jP;Qany terms;xany variable^g; (iii) ^{F }Red(M) isuniformi

h;R^{i2F^h};Rⁱ²Red(M)^)h;R^i2F;

(iv) ^{F }Red(M) is1-uniformi^F is uniform and ^fR^j9:^h;R^i2Fgis a singleton.

In the sequel we need the notions of residual and development, which are well known concepts of -calculus theory: we refer the reader to [3] chapter 11, from which we take the notation.

Denition 2.6 (Parallel Reduction)

The reduction relation⁾pover -terms is dened by:

M ⁾pN i^{9F }Red(M):^Fis uniform and(M;^F)^!!cplN where(M;^F)^!!cplN is the complete development of(M;^F) (see [3], p. 286).

In the literature the idea of parallel reduction in the framework of the -calculus is usually formalized by the Gross-Knuth Reduction as dened in [4] and [16] (see also [3], 13:2:7).

Denition 2.7 (Gross-Knuth Reduction)

M ^!gkN i(M;Red(M))^!!cplN:

Actually this is a particular case of the relation⁾p since Red(M) is trivially uniform.

Lemma 2.8

Let^FRed(M)be uniform and ^F=^F1^[:::^[Fm where each ^Fi is1-uniform. If(M;^F)^!

!cpl N, then there areN0;:::;Nm and a permutation  of orderm such that M ^N0,N ^Nm and for all1^i^m,

(Ni^;1;^F_⁰_(i))^!!cplNi

where^F_⁰_(i) is the set of residuals of redexes in ^F(i) with respect to the-reduction M ^! Ni^;1, and ^F_⁰_(i) is1-uniform.

Proof. We introduce an ordering on the 1-uniform sets of redexes of M. Let ^F =^fhh;R^ijh²H^gand

F

0=^fhk;R^0ijk²K^g; then

FF

0i⁹h²H⁸k²K: k^lexh;

where ^lex is the lexicographic order. This is a total ordering and we take  as the permutation s.t. for all i,^F(i) <^F(i+1). If i < j then ^F(i) <^F(j), so that all occurrences of R^02F(j) either contain the same copies of redexes R ^2F(i) by 1-uniformity, in which case they are modied in the same way while

contracting the R; or they do not contain any such occurrence, in which case they remain unchanged. In any case their residuals are syntactically equal, so that the^F_⁰_(i)are 1-uniform. Now the thesis follows from the uniqueness of the result of a complete development (see [3], Theorem 11:2:25) since then the reduction (M;^F)^!!cplN can be rearranged as we need.

2

Denition 2.9 (Cuts generating

^F

-redexes)

Let^Dbe a deduction whose conclusion subject isM; x a uniform^FRed(M); nally let

cut B;x :  :^;P :  B⁰:^;y:Q :  B;B⁰:^;P[y:Q=x] : 

be a cut in ^D. We say that the above cut generates ^F-redexes of M i P has at least a subterm of the shape xR, such that all occurrences of (y:Q⁰)R⁰ in M belong to ^F, where(y:Q⁰)R⁰ is a xed instance of (y:Q)R.

Remark 2.10

We have to consider the substitution instance (y:Q⁰)R⁰ instead of (y:Q)R itself because of the possibility that other cuts, placed under the given one in the current deduction, substitute variables inside (y:Q)R.

Denition 2.11 (Cut Degree)

Let ^D be a deduction whose conclusion subject is M; x a uniform^{F } Red(M). Moreover let

cut B;x :  :^;P :  B⁰:^;Q :  B;B⁰:^;P[Q=x] : 

be a cut inference in ^D. Then the degree of this cut in^Drelative to ^F is dened by cases:

- if this cut does not generate ^F-redexes then its degree is0;

- otherwise its degree is the sum of the degrees of the occurrences of its cut-type in the left and right premises of the cut.

Remark 2.12

Our denition of cut degree is not the classical one, which simply records the number of symbols of the cut-type. The distinctive features of our cut degree are:

(i) if the degree is 0 then the cut does not generate^F-redexes;

(ii) if the degree is 1 then the cut is ready and the cut-type is an arrow;

(iii) if the degree is greater than 1 and the cut-type is an arrow then the cut is not ready;

(iv) otherwise the degree is a function of the number of inferences of the form L an R which have been used in generating the occurrences of the cut-type.

Feature (i) has to be so because we will eliminate only cuts generating^F-redexes. Moreover when eliminating a cut generating an^F-redex, whose cut-type is of the form  ^!, the redexes generated by the new cuts produced by the contraction cannot be in ^F; hence their degree relative to ^F will be 0. Indeed if the contraction of a redex in^F produces new redexes, these will never be contracted in the development of^F. Feature (ii) will imply that, if in a ready deduction the maximum degree of a cut generating ^F-redexes is 1, then all cuts generating^F-redexes have as cut-type an arrow type (i.e. they have the shape of Figure 2 (a)). As a matter of fact our proof of subject reduction (proof of 2.16) actually hints to an algorithm which performs a preliminary elimination of all \logical" cuts, which does not aect the subject, ending with the

\parallel" elimination of arrow cuts, which causes actual -contraction.

Feature (iv) takes into account that when we shall eliminate a ready cut whose premises are conclusions of say⁸L and⁸R, the number of symbols of the cut-type of the newly generated cut may well be greater than that of the original cut-type, despite of the intuition that the derivation has been semplied. Note that in this third case the degree of the cut is always greater than 2.

Denition 2.13 (Degree of Deductions)

(i) Let^D be a deduction whose conclusion subject isM; x a uniform^{F }Red(M). Thedegree (^D;^F) of ^Drelative to ^F is the highest degree of a cut in ^D.

(ii) Let ^D : B :^; M :  and ^D0 : B⁰ : ^; M : ; then ^D0 is non-increasing with respect to ^D i

(^D0;^F)^(^D;^F)for all uniform ^FRed(M).

We prove that we can transform deductions by adding assumptions, by changing the names of (free) term variables and by eliminating the cuts with shapes (f) and (g) of Figure 2, preserving readiness and non increasing the cut degrees.

We say that a deduction^D0issimilarto a deduction^Di^D0is obtained from^Dby adding (basic) typing statements to the bases, renaming term variables and substituting type expressions to free occurrences of type variables. This means that ^D0and ^D have the same deduction tree and dier only for the bases and for the names of term variables and, possibly, because type-occurrences are substitution instances of their counterparts in^D. Since the notion of degree does not depend on the length of type expressions involved in cuts, but rather on the structure of the derivation in which they occurr, similar deductions have the same degree with respect to any uniform^F.

Lemma 2.14

(i) If^D: B :^;M :  and B^0B then there is ^D0: B⁰:^;M :  such that^D0 is similar to ^D. (ii) If^D: B;x :  :^;M :  and y is fresh then there is

D

0: B;y :  :^;M[y=x] :  such that ^D0is similar to ^D.

(iii) If^D: B :^;M : ,  is a type andt is any type variable, then there is^D0: B[=t] :^;M : [=t]such that ^D0is similar to ^D.

(iv) All occurrences of ready cuts of the shapes (f) and (g) of Figure 2 can be eliminated preserving readiness and obtaining a non-increasing deduction of the same statement.

Proof. (i). Easy by adding the premises of B^0;B to each statement, possibly renaming some variables not in B.

(ii). Immediate, since deductions are independent of the names of (free) term variables.

(iii). By denition of similarity.

(iv). Let us consider a cut of the shape (f) or (g):

B;x :  :^;x :  Ax Bi:^;M : i

B⁰:^;M :  R

B;B⁰:^;M :  cut

B;x : ! :^;x : !  B⁰:^;M : ! ! B;B⁰:^;M : ! cut where  is either Ax or !. In both cases (i) implies that we can replace

B⁰:^;M :  by B;B⁰:^;M :  obtaining a deduction which satises the given conditions. ² The following Lemma (proved in the Appendix) claims that every deduction can be transformed into a ready deduction of the same statement. This can be accomplished without increasing the complexity of the proof. Formally:

Lemma 2.15 (Rank Lemma)

For any derivation^D: B :^;M : there exists a ready derivation

D

0: B :^;M :  such that ^D0is non increasing with respect to ^D.

Theorem 2.16 (Invariance of Types under Parallel Reduction)

(i) B :^;M :  and M ⁾pN implyB :^;N : .

(ii) B ^{`</sup>M : and M <sup>)</sup>pN implyB<sup>`}N : .

Proof. (i) If M ⁾pN then for some^{F }Red(M), (M;^F)^!!cplN. By Lemma 2.8 this reduction can be splitted into a nite number of steps, whose^F's are 1-uniform. Hence it suces to prove the thesis when^F is 1-uniform. On the other hand by Lemmas 2.14 (iv) and 2.15, we can assume that the given^D: B :^;M :  is ready and does not contain cuts of shapes (f) and (g). Since redexes in^F are exactly those which determine the positive degrees of cuts, we prove the theorem as a kind of cut elimination: indeed it is a such, being parametrized with respect to^F.

If (^D;^F) = 0 and^Dis ready, then no cut generates^F-redexes, hence^F-redexes may occur only as subterms of terms of type !: in this case clearly B :^;N :  is derivable introducing by rule ! the reducta of those subterms of M.

If (^D;^F) = 1 then all cuts which generate^F-redexes have an arrow type as cut-type; hence, by the readiness of^D, they have the shape

B;z :  :^;P :  B⁰:^;R : 

B;B⁰;x : ^! :^;P[xR=z] :  ^!L B⁰⁰;y :  :^;Q :  B⁰⁰:^;y:Q : ^! ^!R B;B⁰;B⁰⁰:^;P[xR=z][y:Q=x] :  cut Then all these cuts can be replaced as follows:

B;z :  :^;P :  B⁰⁰;y :  :^;Q :  B⁰:^;R :  B⁰;B⁰⁰:^;Q[R=y] :  cut B;B⁰;B⁰⁰:^;P[Q[R=y]=z] :  cut

and in the remaining parts of ^Dthe subjects have to be reduced (by⁾p) in order to match P[Q[R=y]=z].

Eventually we get a deduction of degree 0.

If (^D;^F) > 1 then all cuts with degree (^D;^F) are of the shape (b), (c) or (d) of Figure 2. In fact all cuts are ready and moreover all cuts of shape (e) have degree 0, since they cannot generate any redex. We replace the cuts of shape (b) when  =⁹:

B;x :  :^;P : 

B;x :⁹t: :^;P :  ⁹L B⁰:^;Q : [=t]

B⁰:^;Q :⁹t: ⁹R B;B⁰:^;P[Q=x] :  cut

by B;x : [=t] :^;P :  B⁰:^;Q : [=t]

B;B⁰:^;P[Q=x] :  cut

where the left premise of the new cut is obtained by a derivation similar to the subderivation whose conclusion was B;x :  :^;P : , which is non-increasing by Lemma 2.14 (iii). The degree of each occurrence of the cut-type decreases by 1, so that the degree of the cut is lowered by 2. The cases  =⁸ or  =  are similar.

Finally cuts of shape (c) or (d) are replaced by

B;x :  :^;P :  B⁰;B⁰⁰:^;Q :  B;B⁰;B⁰⁰:^;P[Q=x] :  cut

where some basic statements are added to the bases of the premises using Lemma 2.14 (i). It is easy to verify that we obtain cuts of lower degrees.

After these transformations have been performed we get a derivation, say^D0, of lower degree; we then apply Lemma 2.15 to obtain a ready derivation which is non-increasing with respect to ^D0, so that the inductive hypothesis applies.

(ii) Immediate form (i) and from Theorem 1.5. ²

Corollary 2.17 (Invariance under Gross-Knuth Reduction)

(i) B ^{`</sup>M : ; M <sup>!</sup>gkN <sup>)</sup>B <sup>`}N : .

(ii) B ^{`</sup>M : ; M <sup>!</sup>N <sup>)9</sup>L: N<sup>!</sup>L and B<sup>`}L : .

Proof. (i) Immediate from Theorem 2.16 (ii) and the remark after Denition 2.7.

(ii) Is a consequence of (i) and of the conality of^!gkwith respect to^!, proved in [3] 13:2:11. ² Note that the above proof cannot be transformed into a proof of normalization of -terms (which does not hold since we allow recursive type and the universal type !). Indeed the parameter ^F is essential to the proof and cannot be dropped; what we have actually shown is a kind of typed version of the nite development theorem of the untyped -calculus.

3 Semantics

In the present section we describe the construction of a model for our type system, based on a technique introduced in Coppo [11] that permits to interpret type recursion even when type constructors are not monotonic with respect to the (semantical) relation of subtyping induced by the interpretation of types as sets of values. This technique diers from that used by MacQueen, Plotkin and Sethi [17] in exploiting only the approximation properties of the domain in which untyped terms are interpreted, without any appeal to a complete metric space structure that can be dened on the collection of (denotations of) types. This approach to type interpretations has some advantages over that followed by MacQueen, Plotkin and Sethi [17], in not requiring any restriction on the formation rules for types and also in oering a powerful proof technique for many semantical properties of the type system (see Cardone and Coppo [10] for some examples).

Starting from a model D¹ of the -calculus, obtained as the inverse limit of a sequence of complete lattices as in Scott [26], each type will be interpreted as a subset of D¹ satisfying constraints derived from the order-theoretic nature of this model. For example, as every type can be assigned to the combinator ^ (x:xx)(x:xx), and the interpretation of in every continuous -model D is the least element ^? (see Barendregt [3]), we require that each of the subsets of D¹ that we will consider as candidates for the interpretation of types should contain^?. Furthermore, if A^D¹is such a subset and
^A is a directed set, then also ^F
2A: this condition yields the correctness of the typing of the xed-point combinator Y as a term of type (^!)^!, for any type .

The explicit construction of the domain D¹ (refer to Barendregt [3] for a detailed description) starts from the two-points lattice D0 =^f?;^>g and, given the lattice Dn, the lattice Dn+1 is dened to be the lattice ofcontinuous functions [Dn^! Dn] from Dn to itself, with an embedding n : Dn^! Dn+1 and a projection n: Dn+1^!Dn. The inverse limit of the diagram

::: ^n;2;Dn^;1 ^n;1; Dn ^n;Dn+1 ^n+1; :::

satises the recursive domain equation D^1= [D^1!D¹], with isomorphisms  : D^1![D^1!D¹] and : [D^1!D¹]^!D¹. This induces an operation of application over D¹ dened by

d
e = (d)(e) for d;e²D¹:

The construction of D¹endows it with an approximation structure, orthogonal to its order structure, which takes the form of a denumerable sequence of continuous mappings (
)n: D^1!D¹, that provide an image of each Dninside D¹, and in fact we shall identify in the sequel Dnwith the nite subset ^fdn^jd²D^1g of D¹. In particular, the following properties will be used without explicit mention throughout this section (see Barendregt [3], 18.2.8 and 18.2.9):

Proposition 3.1 (Properties of approximation mappings)

The family^f(
)n: D^1!D^1gn²IN satis- es the following conditions, for allf;d²D¹ and m;n;k²IN:

1. Ifd =^>thend0=^>, otherwised0=^?. 2. (d_n)_m= (d_m)_n= dmin(m;n).

3. d =^F_n²_INdn.

4. Ifn^kthen fn+1
dk= fn+1
dn.

5. Ifn^kthen (fk+1
dn)n= fn+1
dn. 6. fn+1
dn= fn+1
d = (f
dn)n.

7. f = f_n+1 if and only if ⁸d²D¹:f
d = (f
d_n)_n.

A consequence of this Proposition is that for d;e²D¹, d
e =^F_n²_INdn+1
en.

We shall require each subset A of D¹which interprets a type to be closed under each of these mappings, in the sense that d²A implies that dn²A for all n²IN. We obtain in this way a collection of subsets of D¹ that is closed under a wide range of type constructors, and also oers some technical advantages over ideals that have been often used in the semantics of type inference systems (see, for example, MacQueen, Plotkin and Sethi [17]).

Denition 3.2 (Pronite Subsets)

(i) The class

P

of pronite subsets of D¹ is dened to consist of those subsetsAof D¹ such that:

 ?;^>2A;

 Aiscomplete: if^hd⁽ⁱ⁾ⁱi²INis an increasing chain inD¹such that⁸i²IN:d⁽ⁱ⁾²A, then^F_i²_INd⁽ⁱ⁾²A;

 A isclosed under approximations: d²A impliesdn²A, for alln²IN.

(ii) For pronite subsetsA;BofD¹, the relationA<nB is dened to hold if and only ifA^B anddn²A wheneverd²B.

Note that^>belongs to every pronite subset of D¹: this would not be possible if we used ideals (the only ideal containing^>is D¹). Observe the close connection between this class of subsets of D¹and the class of relations used in Amadio [1] and Cardone [9] in the construction of models for strongly typed, polymorphic languages with type recursion and subtyping.

Obviously, the intersection of an arbitrary family^X of pronite subsets of D¹is pronite, so the structure

h

P

;^iis a complete lattice having^f?;^>gand D¹as bottom and top elements, respectively. We shall denote the innitary lattice operations by

inf

and

sup

whenever convenient (observe however that the supremum of a nite familyof pronite subsets coincides with their set-theoretic union). The following Proposition collects the main properties of this lattice. For a pronite subset A, the notation Andenotes the set^fdn^jd²A^g.

Proposition 3.3 (Properties of Pronite Subsets)

ForA²

P

and any n²IN: 1. An^A;

2. A_n²

P

; 3. An<nAn+1;

4. For any family^{X }

P

,(^S_A^2XAn)²

P

; 5. For any family^{X }

P

we have

(

sup

^X)n= ^[

A^2XAn: Proof.(1) Immediate, as A is closed under approximations.

For proving (2), observe that An is complete because every nite subset of D¹ is obviously complete.

Furthermore, in order to show that Anis also closed under approximations, let d²An. There are two cases:

 m > n: d_m= d (because d²D_n), so d_m²A_n.

 m^n: As d²A (by (1)), dm²A, and dm= (dm)n²An,