Texts in Theoretical Computer Science

An EATCS Series
Editors: W. Brauer G. Rozenberg A. Salomaa
On behalf of the European Association
for Theoretical Computer Science (EATCS)

Advisory Board: G. Ausiello M. Broy C. S. Calude

S. Even J. Hartmanis J. Hromkovic N. Jones
T. Leighton M. Nivat C. Papadimitriou D. Scott
Springer-Verlag Berlin Heidelberg GmbH
Simona Ronchi DeHa Rocca
Luca Paolini

The Parametric
lambda Calculus
A Metamodel for Computation

Springer
Authors Series Editors
Prof. Simona Ronchi Delia Rocca Prof. Dr. Wilfried Brauer
Universita di Torino Institut rur Informatik der TUM
Dipartimento di Informatica Boltzmannstr. 3, 85748 Garching, Germany
corso Svizzera 185 Brauer@informatik.tu-muenchen.de
10149 Torino, Italy
ronchi@di.unito.it Prof. Dr. Grzegorz Rozenberg
www.di.unito.iU-ronchi Leiden Institute of Advanced Computer Science
University of Leiden
Dr. Luca Paolini Niels Bohrweg 1,2333 CA Leiden, The Netherlands
Universita di Torino rozenber@liacs.nl
Dipartimento di Informatica
corso Svizzera 185 Prof. Dr. Arto Salomaa
10149 Torino, Italy Turku Centre for Computer Science
paolini@di.unito.it Lemminkiiisenkatu 14 A, 20520 Turku, Finland
www.di.unito.it/-paolini asalomaa@utu.fi

Library of Congress Cataloging-in-Publication Data

Ronchi Della Rocca, S. (Simona)
The parametric lambda calculus : A metamodel for computation / Simona Ronchi Della Rocca,
Luca Paolini.
p. cm. - (Texts in theoretical computer science)
Includes bibliographical references and index.
ISBN 978-3-642-05746-5 ISBN 978-3-662-10394-4 (eBook)
DOI 10.1007/978-3-662-10394-4
1. Lambda calculus. 1. Paolini, Luca, 1970- II. Title. III. Series.
QA9.5.R66 2004 511.3'5-dc22 2003069100

ACM Computing Classification (1998): FA, F,3, 1.2.3, D.2

ISBN 978-3-642-05746-5

This work is subject to copyright. AlI rights are reserved, whether the whole or part of the material is
concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broad-
casting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this
publication or parts thereof is permitted only under the provisions of the German Copyright Law of
September 9, 1965, in its current version, and permission for use must always be obtained from
Springet-Verlag Berlin Heidelberg GmbH .
Violations are liable for prosecution under the German Copyright Law.
springeronline.com
© Springer-Verlag Berlin Heidelberg 2004
Originally published by Springet:-Verlag Berlin Heidelberg New York in 2004
Softcover reprint of the hardcover 1st edition 2004

The use of general descriptive names, trademarks, etc. in this publication does not imply, even in the
absence of a specific statement, that such names are exempt from the relevant protective laws and
therefore free for general use.
Cover Design: KiinkelLopka, Heidelberg
1)1pesetting: Camera-ready by the authors
Printed on acid-free paper 45/3142/GF - 5432 1 O
To Corrado Băhm, fram which Simona and -
by transitivity - Luca leamed the pleasure
of research and the interest in A-calculus
Preface

The A-calculus was invented by Church in the 1930s with the purpose of sup-
plying a logical foundation for logic and mathematics [25]. Its use by Kleene
as a coding for computable functions makes it the first programming lan-
guage, in an abstract sense, exactly as the Thring machine can be considered
the first computer machine [57]. The A-calculus has quite a simple syntax
(with just three formation rules for terms) and a simple operational seman-
tics (with just one operation, substitution), and so it is a very basic setting
for studying computation properties.
The first contact between A-calculus and real programming languages was
in the years 1956-1960, when McCarthy developed the LISP programming
language, inspired from A-calculus, which is the first "functional" program-
ming language, Le., where functions are first-dass citizens [66]. But the use
of A-calculus as an abstract paradigm for programming languages started
later as the work of three important scientists: Strachey, Landin and B6hm.
Strachey used the A-notation as a descriptive tool to represent functional
features in programming when he posed the basis for a formal semantics of
programming languages [92]. Landin formalized the idea that the semantics
of a programming language can be given by translating it into a simpler
language that is easier to understand. He identified such a target language
in A-calculus and experimented with this idea by giving a complete transla-
tion of ALGOL60 into A-calculus [64]. Moreover, he dedared in [65] that a
programming language is nothing more than A-calculus plus some "syntactic
sugar". B6hm was the first to use A-calculus as an effective programming
language, defining, with W. Gross, the CUCH language, which is a mixture
of A-calculus and the Curry combinators language, and showing how to rep-
resent in it the most common data structures [19].
But, until the end of the 1960s, A-calculus suffered from the lack of a for-
mal semantics. In fact, while it was possible to codify in it aH the computable
functions, the meaning of a generic A-term not related to this coding was un-
dear. The attempt to interpret A-terms as set-theoretic functions failed, since
it would have been necessary to interpret it into a set D isomorphic to the
set offunctions from D to D, which is impossible since the two spaces always
have different cardinality. Scott [88, 89] solved the problem by interpreting
A-calculus in a lattice isomorphic to the space of its continuous functions,
VIII Preface

thus giving it a clear mathematical interpretation. So the technique of inter-

pretation by translation, first developed by Landin, became a standard tool
to study the denotational semantics of programming languages; almost all
textbooks in denotational semantics follow this approach [91, 98].
But there was a gap between A-calculus and the real functional program-
ming languages. The majority of real functionallanguages have a "call-by-
value" parameter passing policy, Le., parameters are evaluated before being
passed to a function, while the reduction rule of A-calculus reflects a "call-
by-name" policy, Le., a policy where parameters are passed without being
evaluated. In the folklore there was the idea that a call-by-value behaviour
could be mimicked in A-calculus just by defining a suitable reduction strategy.
Plotkin proved that this intuition was wrong and that A-calculus is intrinsi-
cally call-by-name [78]. So, in order to describe the call-by-value evaluation,
he proposed a difIerent calculus, which has the same syntax as A-calculus,
but a difIerent reduction rule.
The aim of this book is to introduce both the call-by-name and the call-
by-value A-calculi and to study their syntactical and semantical properties, on
which their status of paradigmatic programming languages is based. In order
to study them in a uniform way we present a new calculus, the A.1-calculus,
whose reduction rule is parametric with respect to a subset .1 of terms (called
the set of input values) that enjoy some suitable conditions. DifIerent choices
of .1 allow us to define difIerent languages, in particular the two A-calculus
variants we are speaking about. The most interesting feature of A.1-calculus
is that it is possible to prove important properties (like confluence) for a large
class of languages in just one step. We think that A.1-calculus can be seen as
the foundation of functional programming.

Organizat ion of the Book

The book is divided into four parts, each one composed of difIerent chap-
ters. The first part is devoted to the study of the syntax of A.1-calculus. Some
syntactical properties, like confluence and standardization, can be studied for
the whole .1 class. Other properties, like solvability and separability, cannot
be treated in a uniform way, and they are therefore introduced separately for
difIerent instances of .1.
In the second part the operational semantics of A.1-calculus is studied.
The notion of operational semantics can be given in a parametric way, by sup-
plying not only a set ofinput values but also a set of output values 8, enjoying
some very natural properties. A universal reduction machine is defined, para-
metric into both .1 and 8, enjoying a sort of correctness property in the sense
that, if a term can be reduced to an output value, then the machine stops, re-
turning a term operationally equivalent to it. Then four particular reduction
machines are presented, three for the call-by-name A-calculus and one for the
call-by-value A-calculus, thereby presenting four operational behaviours that
 Preface IX

are particularly interesting for modeling programming languages. Moreover,

the notion of extensionality is revised, giving a new parametric definit ion that
depends on the operational semantics we want to consider.
The third part is devoted to denotational semantics. The general notion
of a model of ALl-calculus is defined, and then the more restrictive and use-
fuI notion of a filter model, based on intersection types, is given. Then four
particular filter models are presented, each one correct with respect to one of
the operational semantics studied in the previous part. For two of them com-
pleteness is also proved. The other two models are incomplete: we prove that
there are no filter models enjoying the completeness property with respect
to given operational semantics, and we build two complete models by using
a technique based on intersection types. Moreover, the reIat ion between the
filter models and Scott's models is given.
The fourth part deals with the computational power of ALl-calculus. It is
well known that A-calculus is TUring complete, in both its calI-by-name and
calI-by-value variants, i.e. it has the power of the computable functions. Here
we prove something more, namely that each one of the reduction machines
we present in the third part of this book can be used for computing alI the
computable functions.

Use of the Book

This book is dedicated to researchers, and it can be used as a textbook
for master's Of PhD courses in Foundations of Computer Science. Moreover,
we wish to advise the reader that its aim is not to cover alI possible topics
concerning A-calculus, but just those syntactical and semantics properties
which can be used as tools for the foundation of programming languages.
The re ader interested in studying A-calculus in it self can use the classical
textbook by Barendregt [9], or other more descriptive ones such as [51] or
[60]. The reader interested in a typed approach can read MitchelI's text [69]
for an introduction, in which two chapters are dedicated to simply typed A-
calculus and its model, and the book of Hindley for a complete development
of the topic [49].

Acknowledgement. Both authors would like to thank alI the people of the
"lambda-group" at the Dipartimento di Informatica of the Universita di
Torino for their support and collaboration. Moreover they are grateful to
Roger Hindley and Elaine Pimentel for pointing out some inaccuracies. Luca
Paolini thanks Pino Rosolini for the useful and interesting discussions about
the topics of this book. Simona Ronchi DelIa Rocca did the final revision of
the book during a sabbatical period. Some friends offered her hospitality and
a stimulating scientific environment: Betti Venneri, Gigi Liquori, Rocco De
Nicola, Pierre Lescanne and Philippe De Groote. To alI of them she wants to
X Preface

express her gratitude. Last but not least, both the authors thank the pub-
lisher lngeborg Mayer, whose patient assistance made possible the publication
of this book.

Torino, May 2004 Simona Ronchi DeHa Rocca

Luca Paolini
Contents

Part I. Syntax

1. The Parametric A-Calculus ............................... 3

1.1 The Language of >,-Terms ............................... 3
1.2 The >'d-Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2.1 Proof of Confluence and Standardization Theorems . .. 14
1.3 d-Theories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 21

2. The Call-by-Name A-Calculus ............................ 25

2.1 The Syntax of >'A-Calculus .............................. 25
2.1.1 Proof of A-Solvability Theorem .................... 27
2.1.2 Proof of Bohm's Theorem . . . . . . . . . . . . . . . . . . . . . . . .. 28

3. The Call-by-Value A-Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 35

3.1 The Syntax of the >,r-Calculus ......................... " 35
3.1.1 Ef-Confluence and Ef-Standardization. . . . . . . . . . . . .. 41
3.1.2 Proof of Potential r -Valuability and r -Solvability
Theorems ....................................... 43
3.1.3 Proof of r-Separability Theorem . . . . . . . . . . . . . . . . . .. 49
3.2 Potentially r-Valuable Terms and A-Reduction ............ 58

4. FUrther Reading. ... . .. . . .... .. . . .. . . .. . . .. . ... . . .. .. .. . .. 61

Part II. Operational Semantics

5. Parametric Operational Semantics . . . . . . . . . . . . . . . . . . . . . . .. 65

5.1 The Universal d-Reduction Machine. . . . . . . . . . . . . . . . . . . . .. 70

6. Call-by-Name Operational Semantics .. .. .. .... .. . . .... . .. 73

6.1 H-Operational Semantics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 73
6.2 N-Operational Semantics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 77
6.3 L-Operational Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 81
6.3.1 An Example . . .... .... ... . .. . . .... ... . ... . ....... 85
XII Contents

7. Call-by-Value Operational Semantics ..................... 89

7.1 V-Operational Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 89
7.1.1 An Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 93

8. Operational Extensionality ............................... 95

8.1 Operational Semantics and Extensionality . . . . . . . . . . . . . . . .. 95
8.1.1 Head-Discriminability............................. 99

9. Further Reading .......................................... 101

Part III. Denotational Semantics

10. Ă~-Models ............................................... 105

10.1 Filter AL1-Models ....................................... 108

11. Call-by-Name Denotational Semantics .................... 119

11.1 The Model1i .......................................... 119
11.1.1 The ~oo-Intersection Relation ...................... 129
11.1.2 Proof of the 1i-Approximation Theorem ............. 132
11.1.3 Proof of Semiseparability, 1i-Discriminability and
1i-Characterization Theorems ...................... 136
11.2 The Model N .......................................... 144
11.2.1 The ~wlntersection Relation ...................... 151
11.2.2 Proof of N-Approximation Theorem ................ 154
11.2.3 Proof of N-Discriminability and N-Characterization
Theorems ....................................... 157
11.3 The Model C .......................................... 162
11.3.1 Proof of C-Approximation Theorem ................ 168
11.3.2 Proof of Theorems 11.3.15 and 11.3.16 .............. 170
11.4 A Fully Abstract Model for the L-Operational Semantics .... 172
11.5 Crossing Models ........................................ 178
11.5.1 The Model1i .................................... 178
11.5.2 The Model N .................................... 179
11.5.3 The Model C .................................... 179

12. Call-by-Value Denotational Semantics .................... 181

12.1 The Model V .......................................... 181
12.1.1 The ~v'-Intersection Relation ...................... 190
12.1.2 Proof of Theorem 12.1.6 ........................... 192
12.1.3 Proof of the V-Approximation Theorem ............. 195
12.1.4 Proof of Theorems 12.1.24 and 12.1.25 .............. 198
12.2 A Fully Abstract Model for the V-Operational Semantics .... 201
 Contents XIII

13. Filter A.d-Models and Domains ........................... 207

13.1 Domains .............................................. 207
13.1.1 1i as Domain .................................... 214
13.1.2 N as Domain .................................... 216
13.1.3 C as Domain ..................................... 217
13.1.4 Vas Domain ..................................... 218
13.1.5 Another Domain ................................. 219

14. Further Reading .......................................... 221

Part IV. Computational Power

15. Preliminaries ............................................. 225

15.1 Kleene's Recursive Functions ............................. 225
15.2 Representing Data Structures ............................ 227

16. Representing Functions ................................... 233

16.1 Call-by-Name Computational Completeness ................ 233
16.2 Call-by-Value Computational Completeness ................ 237
16.3 Historical Remarks ..................................... 239

Bibliography . ................................................. 241

Index ......................................................... 247

 Part 1

Syntax
1. The Parametric A-Calculus

A calculus is a language equipped with some reduction rules. AlI the calculi
we consider in this book share the same language, which is the language of A-
calculus, while they differ each other in their reduction rules. In order to treat
them in an uniform way we define a parametric calculus, the A.d-calculus,
which gives rise to different calculi by different instantiations of the parameter
.d. In Part 1 we study the syntactical properties of the A.d-calculus, and in
particular those of its two most important instances, the calI-by-name and
the calI-by-value A-calculi. The A.d-calculus has been introduced first in [85]
and further studied in [74]. We use the terminology of [9].

1.1 The Language of Ă- Terms

Definition 1.1.1 (The language A).

Let Var be a countable set of variables. The set A of A-terms is a set of words
on the alphabet Var U { ( , ) , . , A} inductively defined as follows:

• x E Var implies x E A,
• MEA and x E Var implies (),.x.M) EA (abstract ion) ,
• MEA and NEA implies (M N) EA (application).
),.-terms will be ranged over by Latin capital letters. Sets of ),.-terms will be
denoted by Greek capital letters.

Sometimes, we will refer to ),.-terms simply as terms. The symbol == will

denote syntactical identity of terms. We will use the folIowing abbreviations in
order to avoid an excessive number of parenthesis: AXI" .xn.M will stand for
(Axd ... (AXn.M) ... )), and MN I N 2 ... N n will stand for ( ... ((MNdN2 ) ... N n ).
Moreover, M will denote a sequence of terms MI, ... , M n for some n ~ O, and
Ax.M and MN will denote respectively AXI" .xn.M and MI ... MmN I ... N n
for some n, m ~ O. The length of the sequence N is denoted by liNII. By
abusing the notation, N E N denotes that the term N occurs in the sequence
N.
Example 1.1.2. AX.XX, AX.X(AZ.zy), Ay.(AX.X)(AUV.U) are examples of A-
terms. Some A-terms have standard names for historical reasons. The names
4 1. The Parametric A-Calculus

that will be extensively used in this book are:

1 == AX.X , K == Axy.X , 0== Axy.y , D == Ax.xx , E == Axy.xy.

Definition 1.1.3 (Subterms).

A term N is a subterm of M if and only if one of the following conditions
arises:

• M==N,
• M == Ax.M' and N is a subterm of M',
• M == PQ and N is a subterm either of P or of Q.

A term N occurs in a term M if and only if N is a subterm of M.

Example 1.1.4. The set of subterms of the term AX.X(AZ.zy) is

{AX.X(AZ.zy), X(AZ.zy), AZ.zy, zy, x, z, y}.

The symbol "A" plays the role of binder for variables, as formalized in the
next definition.

Definition 1.1.5 (Free variables).

(i) The set offree variables of a term M, denoted by FV(M), is inductively
defined as follows:
• M == x implies FV(M) = {x},
• M == Ax.M' implies FV(M) = FV(M') - {x},
• M == PQ implies FV(M) = FV(P) U FV(Q).
A varia bie is bound in M when it is not free in M.
(ii) A term M is closed if and only if FV(M) = 0. A term is open if it is
not closed. For every subset of terms 8 <;;; A, we will denote with 8° the
restriction of 8 to closed terms.

Example 1.1.6. FV(AZ.(AX.X(AZ.zy))(AxyZ.yZ)) = {y}, FV(AZ.X(AX.xy)) =

{x,y}, and FV((AyX.X)y) = {y}.

The replacement of a free variable by a term is the basic syntactical op-

eration on A on which the definit ion of reduction rules will be based. But the
replacement must respect the status of the variables: e.g., x can be replaced
by M == Ay.ZY in AU.XU, so obtaining the term AU.(Ay.ZY)U, while the same
replacement cannot take place in the term AZ.XZ, since in the obtained term
AZ.(Ay.ZY)Z the free occurrence of Z in M would become bound. The notion
is formalized in the next definition.

Definition 1.1. 7. The statement "M is free for x in N" is defined by induc-
tion on N as follows:
• M is free for x in x;
• M is free for x in y;
• lf M is free for x both in P and Q then M is free for x in PQ;
 1.1 The Language of A- Terms 5

• lf M is free for x in N and x '1=- Y and Y rţ FV(M)

then M is free for x in AYoNo
Example 101.80 AXYoXZ is free for x and Y in (AUoX)(AUoXZ) but is not free for
U in both AXZoU and AZUoUo
Let M be free for x in N; so N[M/x] denotes the simultaneous replacement
of alI free occurrences of x in N by M o Clearly,
FV(N) if x rţ FV(N),
FV(N[M/x]) = { (FV(N) - {x}) U FV(M) otherwiseo
For example, (AXoU(XY»[xy/u] is not defined because xy is not free for U in
AXoU(XY), while (AXoU(XU»[U(AZoZ)/U] == AXoU(AZoZ)(XU(AZoZ))o

Let liNII = Ilxll; both M[Ndxl, 000' Nn/xn] and M[N /X] are abbreviations
for the simultaneous replacement of Xi by Ni in every M j (O :S i :S Ilxll = n,
O :S j :S IIMII)o

In the standard mathematical notation, the name of a bound variable is

meaningless; for example, Ll:::;i:::;n i and Ll:::;j:::;n j both denote the sum of
the first n natural numberso AIso in the language A, it is natural to consider
the terms modulo names of bound variableso The renaming is formalized in
the next definitiono
Definition 1.1.9 (a-Reduction).
(i) AXoM ----" AYoM[y/x] if Y is free for x in M and Y rţ FV(M)o
(ii) =" is the reflexive, symmetric, transitive and contextual closure of ----"O
Example 1.10100 AXoX =" AYoY =" AZoZ, AXYoX =" AXZoX and AXYoX ="
AYXoYo On the other hand, AXoY =1=-" AXoX and AXoYX =1=-" AYoYYo
In the entire book, we will consider terms modulo ="0

Thus we can also safely extend the notat ion N[M/x] to the case where M
is not free for x in No In this case N[M/x] denotes the result of replacing
x by M in a term N' =" N such that M is free for x in N'o Clearly such
an N' always exists and the notation is well posed o So (AXoU(XY))[xy/u] is
a-equivalent to the term AZoXY(ZY)o
An alternative way of denoting a simultaneous replacement is by explicitly
using the notion of substitutiono A substitution is a function from variables
to termso If s is a substitution and FV(M) = {Xl,ooo,Xn}, s(M) denotes
M[s(xd/Xl' 000' s(xn)/xn]o

An important syntactical tool that will be extensively used in the folIowing

chapters is the notion of contexto InformalIy, a context is a term that can
contain some occurrences of a hole (denoted by the constant [o]) that can be
filled by a termo
6 1. The Parametric .A.-Calculus

Definition 1.1.11 (Context).

Let Var be a countable set of variables, and [.] be a constant (the hole).
(i) The set Ac of contexts is a set of words on Var U { ( , ) , . , A, [.] }
inductively defined as follows:
• [.] E Ac;
• x E Var implies x E Ac;
• C[.] E Ac and x E Var implies (Ax.C[.]) E Ac;
• CIl·] E Ac and C 2 [.] E Ac implies (CIl.]C2 [.]) E Ac·
Contexts will be denoted by C[.], C'[.], CIl.]' ....

(ii) A context of the shape: (AX.[.])? is a head context.

(iii) Let C[.] be a context and M be a term. Then C[M] denotes the term
obtained by replacing by M every occurrence of [.] in C[.].

We will use the same abbreviation notation for contexts that we used for
terms.
Note that filling a hole in a context is not a substitution; in fact, free variables
in M can become bound in C[M]. For example, filling the hole of Ax.[.] with
the free variable x results in the term Ax.x.

1.2 The Ă...::1-Calculus

We will present some A-calculi, alI based on the language A, defined in the
previous section, each one characterized by different reduction rules.
The A.1-calculus is the language A equipped with a set .1 ~ A of input
values, satisfying some closure conditions. InformalIy, input values represent
partialIy evaluated terms that can be pas sed as parameters. CalI-by-name and
calI-by-value parameter passing can be seen as the two most radical choices;
parameters are not evaluated in the former policy, while in the latter they
are evaluated until an output result is reached.
Most of the known variants of A-calculus can be obtained from this para-
metric calculus by instantiating .1 in a suitable way. The set .1 of input values
and the reduction ----+ Ll induced by it are defined in Definition 1.2.1.

Definition 1.2.1. Let .1 ~ A.

(i) The .1-reduction (----+ Ll) is the contextual closure of the following rule:

(Ax.M)N ----+ M[N/x] if and only if NE .1.

(Ax.M)N is called a .1-redex (or simply redex), and M[N/x] is called its
.1-contractum (or simply contmctum).
 1.2 The AL1-Calculus 7

(ii) ----+:1 and =.c. are respectively the reflexive and transitive closure of----+.c.
and the symmetric, reflexive and transitive closure of ----+ .c..
(iii) A set .1 ~ A is said set of input values when the following conditions are
satisfied:

• Var ~ .1 (Var-closure) ;
• P, Q E .1 implies P[Q/x] E .1, for each x E Var (substitution closure);
• M E .1 and M ----+.c. N imply N E .1 (reduction closure).

(iv) A term is in L1-normal form (L1-nf) if it has not L1-redexes and it has a
L1-normal form, ar it is L1-normalizing if it reduces ta a L1-normal form;
the set of L1-nf is denoted by L1-NF.
(v) A term is L1-strongly normalizing if it is L1-normalizing, and moreover
there is not an infinite L1-reduction sequence starting fram it.
The closure conditions on the set of input values need some comment.
Since, as already said, input values represent partially evaluated terms, it is
natural to ask that this partial evaluation is preserved by reduction, which
is the rule on which the evaluat ion process is based. The substitution closure
comes naturally from the fact that variables always belong to the set of input
values.
In this book the symbol .1 will denote a generic set of input values. We
will omit the prefix .1 in cases where it is clear from the context.
Example 1.2.2. Let I, K, 0, D be the terms defined in the Example 1.1.2, and
let M, N be input values. Then I M ----+.c. M, so I has the behaviour of the
identity function, KMN ----+:1 M, OMN ----+:1 N, DM ----+.c. MM. If D E .1
then DD ----+:1 DD.
Now some possible sets of input values will be defined.
Definition 1.2.3. (i) r = Var U {Ax.M I MEA}.
(ii) AI is the language obtained fram the grammar generating A, given in
Definition 1.1.1, by modifying the formation rule for abstraction in the
following way:
(.>..x.M) EAl if and only if MEA and x E Var and x occurs in M.
The next property shows that there exists some set of input values, al-
though not all sets of terms are sets of input values.
Property 1.2.4. (i) A is a set of input values.
(ii) r is a set of input values.
(iii) AI is a set of input values.
(iv) A-NF is not a set of input values.
(v) Var U A-NFo is a set of input values.
(vi) Y = Var U {Ax.P I x E FV(P)} is not a set of input values.
8 1. The Parametric >'-Calculus

Praof The first case is obvious. In cases 2,3, and 5, it is easy to check that the
closure properties of Definition 1.2.1 are satisfied. A-NF is not closed under
substitution. It is easy to see that Y is closed under substitution, but it is not
closed under reduction. In fact, Ax.KIx E Y, while Ax.KIx - t y Ax.I <ţ Y. D
The choice ..1 = A gives rise to the classical call-by-name A-calculus [25],
while ..1 = r gives rise to a pure version (Le. without constants) of the
call-by-value A-calculus, first defined by Plotkin [78J.
The fact that VarUA-NFo is a correct set ofinput values was first noticed
in [39J.

It is easy to check that every term M has the following shape:

(n,m ~ O),
where Mi E A are the arguments of M (1 :::; i :::; m) and ( is the head
of M. Here ( is either a variable (head variable) or an application of the
shape (AZ.P)Q, which can be either a redex (head redex) or not (head block),
depending on the fact that Q belongs or not to the set ..1.

The natural interpretation of an abstraction term Ax.M is a function

whose formal parameter is x. The interpretation of an application (Ax.M)N,
when N E ..1, is the application of the function Ax.M to the actual par am-
eter N, and so the Ll-reduction rule models the replacement of the formal
parameter x by the actual parameter N in the body M of the function. Thus
the Ll-normal form of a term, if it exists, can be seen as the final result of a
computation.
The following fundamental theorem implies that this interpretation is
correct, Le. if the computation process stops, then the result is unique.

Theorem 1.2.5 (Confluence). [26,74J

Let M -t~ NI and M -t~ N 2 . There is Q such that both NI -t~ Q and
N 2 -t~ Q.

Praof The proof is in Sect. 1.2.1. D

Corollary 1.2.6. The Ll-normal form of a term, if it exists, is unique.

Proof Assume by absurdum that a term M has two different normal forms
MI and M 2 • Then, by the confluence theorem, there is a term N such that
both MI and M 2 Ll-reduce to N, against the hypothesis that both are normal
~~. D
It is natural to ask if the closure conditions on input values, given in
Definition 1.2.1, are necessary in order to assure the confluence of the calculus.
It can be observed that they are not strictly necessary, but a weaker version
of them is needed.
 1.2 The )'Ll-Calculus 9

Let P E ,,1 be such that, for every Q t= P such that P ---+~ Q, Q rţ ,,1.
Thus (>..x.M)P reduces both to M[P/x] and to (>..x.M)Q, which do not have
a common reduct, since the last term will be never a redex. Thus the weaker
version of reduction closure that is necessary is the following: M E ,,1 and
M ---+~ N imply that there is P E ,,1 such that N ---+~ P.
On the other hand, let N,P E ,,1 but for all Q such that N[P/x]---+~ Q,
Q rţ ,,1. Thus (>..x.(>..y.M)N)P reduces both to (>..y.M[P/x])N[P/x] and to
(M[N/y]) [P/x], which do not have a common reduct. Thus the weaker vers ion
of the substitution closure that is necessary is the following: P, Q E ,,1 implies
there is R E ,,1 such that P[Q/x] ---+~ R.

Assume M ---+~ N, and assume that there is more than one L1-reduction
sequence from M to N. The standardization theorem says that, in case the set
of input values enjoys a particular property, there is a "standard" reduction
sequence from M to N, reducing the redexes in a given order.
Let us introduce formally the notion of standard reduction sequence.
Definition 1.2.7. (i) A symbol >.. in a term M is active if and only if it is
the first symbol of a L1-redex of M.
(ii) The L1-sequentialization (M)O of a term M is a function fram A to A
defined as follows:
• (xMI ... Mm)O = x (MI) ° ... (Mm)O;
• ((>..x.P)QMI ... Mm)O = (>..x.P)O(Q)O(MI)° ... (Mm)O, if Q E ,,1;
• ((>"x.P)QMI ... Mm)O = (Q)O(>..x.P)O(MI)o ... (Mm)O, ifQ rţ ,,1;
• (>..x.P)O = >..x.(P)o.
(iii) The degree of a redex R in M is the numbers of>.. 's that both are active
in M and occur on the lefi of (R)O in (M)o.
(iv) The principal redex of M, if it exists, is the redex of M with minimum
degree. The principal reduction M ---+~ N denotes that N is obtained
fram M by reducing the principal redex of M. M oreover, ---+:f is the
reflexive and transitive closure of ---+~.
(v) A sequence M == Po ---+ Ll P I ---+ Ll ... ---+ Ll Pn ---+ Ll N is standard if and
only if the degree of the redex contracted in Pi is less than 01' equal to the
degree of the redex contracted in Pi+I, for every i < n.
We denote by M ---+:d N a standard reduction sequence from M to N.
It is important to notice that the degree of a redex can change during the
reduction; in particular, the redex of minimum degree always has degree zero.
Moreover, note that the reduction sequences of length O and 1 are always
standard. It is easy to check that, for every M, the A-sequentialization is
(M)O == M; thus in this case the redex of degree O is always the leftmost one.
Example 1.2.8. (i) Let ,,1 = A, and let M == (>..x.x(KI)) (II). Thus M has
degree O, KI has degree 1 and II has degree 2 (in the term M). The
following reduction sequence is standard:
(>"x.x(KI))(II) ---+A (II)(KI) ---+A I(KI) ---+A I(>..y.I).
10 1. The Parametric A-Calculus

(ii) Let M be as before, and let Ll = r. Thus II has degree O, and KI has
degree 1. Note that now M is no more a redex. The following reduction
sequence is standard:
(>.x.x(KI))(II) - r (>.x.x(KI))I - r I(KI) - r I(>.y.I) - r >.y.I.
(iii) Let M be as before, and let Ll = Var U A-NFo. Thus K 1 has degree O
and II has degree 1. Aiso in this case M is not a redex. The following
reduction sequence is standard:
(>,x.x(KI))(II) -L1 (>.x.x(KI))I -L1 (>.x.x(>.y.I))I.
The notion of a standard set of input values, which is given in Definition
1.2.9 is key for having the standardizat ion property.

Definition 1.2.9 (Standard input values).

A set Ll of input values is standard if and only if M fţ. Ll and M -~ N by
reducing at every step a not principal redex imply N fţ. Ll.
Now the standardization property can be stated.
Theorem 1.2.10 (Standardization). [74]
Let Ll be standard. M - ~ N implies there is a standard reduction sequence
from M to N.
Proof. The proof is in Sect. 1.2.1. D

The next property shows that some sets of input values are standard,
while some are not standard.
Properly 1.2.11. (i) A and r are standard.
(ii) Var U Ll-NFo is standard, for every Ll.
(iii) AI is not standard.
Proof (i) A is trivially standard. Let us consider r; we will prove that, if
M fţ. r, and M - r N through a not principal reduction, then N fţ. r.
M fţ. r implies that M has one of the following shapes:
1. yM1 ... M m (m > 1).
2. (>.x.M1)M2... M m (m ~ 2) and either (>.x.MdM2 is a redex or it is
a head block.
Case 1 is trivial, since M can never be reduced to a term in r.
In case 2, if M 2 E r then the principal redex is (>.x.MdM2, while if
M 2 fţ. r then if M 2 fţ. r-NF the principal redex is in M 2; if M 2 E r-NF
then the principal redex is in some M j (j :s; 3). So the reduction of a not
principal redex cannot produce a term belonging to r.
(ii) VarU Ll-NFo is standard since not principal reductions preserve the pres-
ence of the redex of minimum degree.
(iii) Consider the term, M == >.x.x(DD)((>.z.I)I). Clearly M fţ. AI and the
principal redex of M is DD. So M-AI >.x.x(DD)I E AI and in this
reduction the reduced redex is not principal, while for every sequence of
-Z reductions; M - Z M fţ. AI. D
 1.2 The >.Ll-Calculus 11

It is easy to see that the substitut ion closure on input values, given in
Definition 1.2.1, is necessary in order to assure the standardizat ion property.
In fact, let M, N E Ll and M[N/x] ti. Ll. The following non-standard
reduction sequence (Ax.IM)N ---+Ll (Ax.M)N ---+Ll M[N/x] does not have a
standard counterpart, in fact I(M[N/x]) f+Ll M[N/x].

Theorem 1.2.12. The condition that Ll is standard is necessary and suffi-

cient for the ALl-calculus enjoys the standardization p'rOpeny.

P'rOof. The sufficiency of the condition is a consequence of the Standardiza-

tion Theorem. To prove its necessity, assume Ll is not standard; we can find a
term M ti. Ll such that M ---+:1 NE Ll, without reducing the principal redex.
Hence 1 M ---+ Ll IN ---+ Ll N, by reducing first a redex of degree different from
O and then a redex of degree o. Clearly, there is no way of commuting the
order of reductions. D

An important consequence of the standardization property is the fact

that the reduction sequence reducing, at every step, the principal redex is
normalizing, as shown in Corollary 1.2.13.

Corollary 1.2.13. Let Ll be standard.

If M ---+:1 N and N is a normal form then M ---+::f N.

P'rOof. By Corollary 1.2.6 and by the definit ion of the standard set of input
values. D

Example 1.2.14. (i) Let Ll = A. The term KI(DD) has A-normal form 1. In
fact, the principal A-reduction sequence is K I(DD) ---+ A (Ay.I)(DD) ---+ A
1, while the A-reduction sequence choosing at every step the rightmost
A-redex never stops. Notice that, if we choose Ll = r,
KI(DD) has not
r-normal form.
(ii) The term II(II(II)) is A-strongly normalizing and r-strongly normal-
izing, while K I(DD) is neither A-strongly normalizing nor r-strongly
normalizing.
(iii) Let Ll = Var U A- NFo. Thus 1 (K (xx)) is the Ll- normal form of term
I(II)(K(xx) ).

Remark 1.2.15. The first notion of standardizat ion was given, for the AA-
cakulus, by Curry and Feys [34, 35]. With respect to their notion, if M ---+Â N
then there is a standard reduction sequence from M to N, but this re-
duct ion sequence is not necessarily unique. For instance, Ax.x(II)(II) ---+ A
Ax.xI(II) ---+ A Ax.xII and Ax.x(II)(II) ---+ A Ax.x(II)I ---+ A Ax.xII are both
standard reduction sequences. Klop [58] introduced a notion of strong stan-
dardization, according to which, if M ---+Â N, then there is a unique strongly
standard reduction sequence from M to N, and he designed an algorithm
for transforming a re duct ion sequence into a strongly standard one. Accord-
ing to his notion, in the example before only the first reduction sequence is
12 1. The Parametric >'-Calculus

standard. Our definition, when restricted to the AA-calculus, is quite sim-

ilar to the strong standardization. In fact, according to our definition, the
standard reduction sequence is unique, but in some degenerated case: e.g. for
Ll = A, there are infinite reduction sequences from x(DD) to x(DD), each
one performing a different number of A-reductions.
Plotkin [78] extended the notion of standardization to the Ar-calculus.
Ris notion of standardization is not strong using Klop's terminology. Our
definition, when restricted to Ar-calculus, is similar to a strong version of
Plotkin's standardization. The advantage of our notion of standardization is
the validity of Corollary 1.2.13, Le. the fact that the principal reduction is
Ll-normalizing.

A notion that will play an important role in what follows is that one of
solvability.

Definition 1.2.16. (i) An head context (Ax[.])fi is Ll-valuable if and only

if each PE fi is such that P E Ll.
(ii) A term M is Ll-solvable if and only if there is a Ll-valuable head context
C[.] == (Ax.[.])N such that:

C[M] =4 I.

(iii) A term is Ll-unsolvable if and only if it is not Ll-solvable.

Note that (Ax.[.])N =4 I means (Ax.[.])N -:d I, since I is in Ll-nf, for

every..:1.
We will abbreviate Ll-solvable and Ll-unsolvable respectively as solvable
and unsolvable, when the meaning is clear from the context. Informally speak-
ing, a solvable term is a term that is in some sense computationally mean-
ingful. In fact, let M E AO be solvable, and let P be an input value; we can
always find a sequence N of terms such that M N reduces to P: just take the
sequence Osuch that MO =4 I, which exists since M is solvable, and pose
N == OP. So a closed solvable term can mimic the behaviour of any term, if
applied to suitable arguments.
It would be interesting to syntactically characterize the solvable terms.
Unfortunately, there is not a general characterization for the ALl-calculus, so
we will study this problem for some particular instances of Ll.

Example 1.2.17. (i) Consider the two sets of input values A and r. In
both calculi, the term I is solvable, while DD is unsolvable. Ax.x(DD)
is an example of a term that is A-solvable and r-unsolvable. In fact,
(Ax.x(DD))O -Â I, while there is no term P such that P(DD) -rI,
since DD ~ r and DD -r DD.
(ii) Let cI> be the set ofinput values VarUA-NFo. Then I(Ax.I(xx)) E cI>-NF
is a cI>-unsolvable term.
 1.2 The >.Ll-Calculus 13

In order to understand the behaviour of unsolvable terms, it is important

to stress some of their closure properties.

Property 1.2.18. (i) The unsolvability is preserved by substitution of vari-

ables by input values.
(ii) The unsolvability is preserved by ,1-valuable head contexts.

Proof. Let M be unsolvable.

(i) By contraposition let us assume M[P / z] to be solvable for some input
values P. Then there is a ,1-valuable head context C[.] == (AX. [.])0 such
that C[M[P/z]]-4:d I.
Without loss of generality, we can assume 11011 > Ilxll. lndeed, in the case
11011 : : : Ilxll, we can choose a closed solvable term N such that there is
R such that NR -4:d I and IIRII = Ilxll - 11011, and then consider the
,1-valuable context C[.]NR. 80 let 0== QIQ2' where IIQIiI = Ilxll·
(Ax.M[P/Z])QIQ2 -4:d I implies (AX.(AZ.M)P)QIQ2 -4:d I (since
P E ,1). This in turn implies (AZ.(AX.M)Qd(P[QI/XJ)Q2 -4:d I and
(Azx.M)(P[QI/X])QIQ2 -4:d I, because by a-equivalence we can as-
sume z ti- FV(Qd and z ti- x. But P[QI/XJ E ,1 (since input values are
closed under substitution) which means that the ,1-valuable head context
C'[.] == (AzX.[.])(P[QI/X])QIQ2 is such that C'[M] -4:d I.
(ii) By contraposition let us assume C'[M] to be solvable for some ,1-valuable
head context C'[.] == (AZ.[.])P. Then there is a ,1-valuable head context
C[.] == (AX.[.])O, such that C[C'[M]] -4:d I. If Z == zazl and IIPII = Ilzall
then C[C'[M]] -4:d C[Azl.M[P/za]] -4:d I, thus M[P/za ] is solvable,
and by the previous part of this property M is also solvable. Otherwise
P == PoA, IIPIII > 1 and IIPol1 = 11Z11. Thus
C[C'[M]] -4:d C[M[Po/Z1A] == (Ax.M[Po/Z1PI)O -4:d I.
Without loss of generality we can assume 11011 > Ilxll, O== QOQI and
IIQ~II = Ilxll· 80
(Ax.M[Po/Z1PI)O -4:d (M[Po/Z1A)[Qo/X]QI ==
(M[Pa/Z1[Qo/x])(PdQo/X])QI -4:d I,

which implies (M[Po/Z1[Qo/x]) solvable. Again the proof follows from

part (i) of this property. D

We will see that in all the calculi we will study in the following, the
property of solvability is not preserved by either substitut ion or by head
contexts. As an example in the AA-calculus xD is A-solvable, but xD[D/x]
is not A-solvable.
14 1. The Parametric A-Calculus

1.2.1 Proof of Confluence and Standardization Theorems

Both the proofs are based on the notion of parallel reduction.

Definition 1.2.19. Let Ll be a set of input values.
(i) The deterministic parallel reduction '--+ Ll is inductively defined as follows:
1. x '--+ Ll x;
2. M '--+Ll N implies Ax.M '--+Ll Ax.N;
3. M '--+Ll M',N '--+Ll N' and NE Ll imply (Ax.M)N '--+Ll M'[N'/x];
4. M '--+ Ll M' ,N '--+ Ll N' and N rţ Ll imply M N '--+ Ll M' N' .
(ii) The nondeterministic parallel reduction =* Ll is inductively defined as fol-
lows:
1.X=*LlX;
2. M =*Ll N implies Ax.M =*Ll Ax.N;
3. M =*Ll M',N =*Ll N' and N E Ll imply (Ax.M)N =*Ll M'[N' Ix];
4. M =*Ll M',N =*Ll N' imply MN =*Ll M'N'.

Roughly speaking, the deterministic parallel reduction reduces in one step

alI the redexes present in a term, while the nondeterministic one reduces a
subset of them.

Example 1.2.20. Let M == I(II). If Ll == A then M '--+Ll 1, while M =*Ll M,

M =* Ll II and M =* Ll 1. If Ll == r then M '--+ Ll II while M =* Ll M and
M =*Ll II.
The following Iemma shows the reIat ion between the =* Ll and --.. Ll reductions.
Lemma 1.2.21. Let Ll be a set of input values.
(i) M --.. Ll N implies M =* Ll N.
(ii) M =*Ll N implies M --..:d N.
(iii) --..:d is the transitive closure Of=*Ll.
Proof. Easy. D

=* Ll enjoys a useful substitut ion property.

Lemma 1.2.22. Let M =* Ll M' and N =* Ll N'.

If NE Ll then M[N/x] =*Ll M'[N' Ix].
Proof. By induction on M. Let us prove just the most difficult case, Le. the
term M is a Ll-redex. Let M == (AZ.P)Q, Q E Ll, P =*Ll P', Q =*Ll Q'
and M' == P'[Q'/z]. By induction P[N/x] =*Ll P'[N'/x] and Q[N/x] =*Ll
Q'[N' Ix]' where Q'[N' /x] E Ll for the closure conditions on Ll. Thus

((Az.P)Q)[N/x] == (Az.P[N/x])Q[N/x] =*Ll

P'[N'/x][Q'[N'/xl/z] == (P'[Q'/z]) [N'/x]

by point 3 of the definit ion of =* Ll. D
 1.2 The >.Ll-Calculus 15

The next property, whose proof is obvious, states that, for every term M,
there is a unique term N such that !vI '----* Ll N.

Property 1.2.23. M '----*Ll P and M '----*Ll Q implies P == Q.

Proof. Trivial. o
Let [M]Ll be the term such M '----* Ll [M]Ll. In the literature [M]Ll is called
the complete development of M (see [93]). The following lemma holds.

Lemma 1.2.24. M =}Ll N implies N =}Ll [M]Ll.

Proof. By induction on M.
• If M == x, then N == x and [M]Ll == X.
• If M == AX.P then N == AX.Q, for some Q such that P =}Ll Q. By induction
Q =}Ll [P]Ll, and so N =}Ll Ax,[P]Ll == [M]Ll.
• If M == Pi P2 and it is not a Ll-redex, then N == Qi Q2 for some Qi and Q2
such that Pi =} Ll Qi and P2 =} Ll Q2. 80, by induction, Qi =} Ll [Pi]Ll and
Q2 =}Ll [P2]Ll, which implies N =}Ll [Pi ]Ll[P2]Ll == [M]Ll'
• If M == (Ax.H)P2 is a redex (i.e. P2 E Ll) then either N == (Ax.QdQ2 or
N == Qi [Q2/ x], for some Qi such that Pi =} Ll Qi (1 :S i :S 2). By induction,
Qi =}Ll [Pi]Ll (1 :S i :S 2). Note that [P21Ll E Ll by Lemma 1.2.21.(ii). In
both cases, N =}Ll [Pil d[P21Ll/xl == [M1Ll, in the former case simply by
induction, and in the latter both by induction and by Lemma 1.2.22. O

Fig. 1.1. Diamond property.

The proof of confiuence follows the Takahashi pattern [93], which is a

simplificat ion of the original proof made by Talt and Martin Lof for classical
AA-calculus. It is based on the property that a reduction that is the transitive
closure of another one enjoying the Diamond Property is confiuent.

Lemma 1.2.25 (Diamond property of =}Ll).

Ii M =} Ll N a and M =} Ll Ni then there is N 2 such that both N a =} Ll N 2 and
Ni =}Ll N2 ·
16 1. The Parametric A-Calculus

Proof. By Lemma 1.2.24, M =*.1 N implies N =*.1 [M]Ll. So, if M =*.1 MI

and M =*.1 M2, then both MI =*.1 [M]Ll and M 2 =*.1 [M]Ll, as shown in
Fig. 1.1 (pag. 15). O

>NJ ;. ... =====? N;o ====? No

.1 .1

~~ ~ ~~ ~ ~~
;. ...
Ll ţ [MIlLl~'"
ţ
.1 .1

~~ ~Ll
.1*

~~ ~Ll ~Ll
.1*

ţ :
.1

.1
~~ ~Ll
NI > '" ţ ... ;. ... >N2
.1 .1 .1 .1

Fig. 1.2. Diamond closure.

T Proof of Confluence Theorem (Theorem 1.2.5 pag. 8).

By Property 1.2.21.(iii), --+~ is the transitive closure of =* .1. This means that
there are NJ, ... ,Nf)°, N[, ... ,N~l (no,nI ;::: 1) such that M =*.1 NJ ... =*.1
Nf)° =*.1 N o and M =*.1 N[... =* .1 N~l =*.1 NI. Then the proof follows
by repeatedly applying the diamond property of =* .1 (diamond closure), as
shown in Fig. 1.2. •
The rest of this subsection is devoted to the proof of the standardization
theorem. First, we need to establish some technical results.
Let M =*:d N denote "M --+:d N and M =* .1 N".
The following lemma, at the point (ii), shows that a nondeterministic parallel
reduction can always be transformed into a standard reduction sequence.
 1.2 The 'x.1-Calculus 17

Lemma 1.2.26. Let P, Q be two sequences of terms such that IIPII = IIQlli
moreover, let Pi E Ll and Pi =}~ Qi for all i:::; IIPII.
(i) lf M =}~ N then M[P/x] =}~ N[Q/x].
(ii) lf M =}Ll N then M =}~ N.
Proof. Parts (i) and (ii) can be proved by mutual induction on M.
(i) By Lemma 1.2.22, M[P / x] =} Ll N[Q / X], hence it suffices to show that
M[P/X] -+~ N[Q/x].
Let M == >'YI ...Yh.(MI ... Mm (h, m E N), where either ( is a variable or
( == (>.z.T)U.
If h > O, then the proof follows by induction.
Let h = O, thus N == ~NI ... Nm such that ( =}~ ~ and Mi =}~ Ni; fur-
thermore, let MI == MdP/x] and NI == NdQ/x] (1:::; i:::; m).
The proof is organized according to the possible shapes of (.

1. Let ( be a variable. If m = O then the proof is trivial, so let m > o.

There are two cases to be considered.
1.1. ( rţ x, so ~[Q/x] == (. By induction MdP /X] -+~ NdQ/X] and
the standard reduction sequence is

(M{ ... M;" -+~ (N{M~ ... M;" -+~ ..... -+~ (N{ ... N;".

1.2. (== Xj E x (1 :::; j :::; l), so ~[Q/x] == Qj. But Pj =}~ Qj means
that there is a standard sequence Pj == Sa -+ Ll ..... -+ Ll Sn == Qj
(n E N). Two cases can arise.
1.2.1. Vi :S n, Si 1= >'z.S'. Then the following reduction sequence

is standard. Since by induction MdP/x]-+~ NdQ/x], there

is a standard reduction sequence

Note that SoM{ ... M:r, == M[P/x] and SnN{ ... N:r, == N[Q/x],
so (J" followed by T is the desired standard reduction sequence.
1.2.2. There is a minimum k :S n such that Sk == >'z.S'.
By induction on (ii), MI =}~ NI. Therefore, by induction
MI [P/x] =}~ NdQ/X] , where MI[P/X] -+~ NdQ/X] is
MI[P/x] == Ro -+Ll ..... -+Ll Rp == NI [Q/X] (p E N). There
are two subcases:
18 1. The Parametric .A-Calculus

1.2.2.1. Vi:::; p, Ri (j. ..:1. Then the following reduction sequence:

a' : M[P/X] == SoRoM~ ... M:n, ~.d ..... ~.d SkRoM~ ... M:n,
~.d ..... ~.d SkRpM~ ... M:n,
~.d Sk+lRpM~ ... M:n, ~.d ..... ~.d SnRpM~ ... M:n,

is also standard. Moreover, since Mi[P/X] ~~ NdP/X], the

following reduction sequence:

T' : SnRpM~ ... M:n, ~~

SnRpN~M~ ... M:n, ~~ ..... ~~ SnRpN~ ... N:n,

is also standard. Clearly a' followed by T' is the desired stan-

dard reduction sequence.

1.2.2.2. There is a minimum q :::; p such that Rq E ..:1. 80

a": M[P/X] == SoRoM~ ... M:n, ~.d ..... ~.d SkRoM~ ... M:n,
~.d ..... ~.d SkRqM~ ... M:n, ~.d Sk+lRqM~ ... M:n,
~.d ..... ~.d SnRqM~ ... M:n, ~.d ..... ~.d SnRpM~ ... M:n,

is a standard reduction sequence. The desired standard re-

duction sequence is a" followed by T'.

2. Let (== (.Az.T)U. Thus N == (.Az.T)UN1 ... N m or N == T[U /z]N1 ... N m ,

where T::::}.d T, U::::}.d U and Mi ::::}.d Ni (1:::; i :::; m).

By induction, U' == U[P/X] ::::}~ U[Q/x] == U", T' == T[P/x] ::::}~
T[Q/X] == T" and MI == MdP/X] ::::}~ NdQ/X] == NI (1:::; i:::; m).
Let U' == Ro ~.d ... ~.d R p == U" (p E N) be the standard sequence
U' ~ ~ U". Without loss of generality let us assume z (j. x.
2.1. Let N == (.Az.T)UN1 ... N m . There are two cases.
2.1.1. Vi :::; p Ri (j. ..:1. Then the standard reduction sequence
M[P/X] ~~ N[Q/X] is
(.Az.T')RoM{ ... M:n, ~.d ..... ~.d (.Az.T')RpM{ ... M:n,
~~ (.Az.T")RpM{ ... M:n, ~~ (.AZ.T")RpN{M~ ... M:n,
~~ ..... ~~ (.Az.T") RpN{ ... N:n,.

2.1.2. There is a minimum q :::; p such that Rq E ..:1. Thus the

desired standard reduction sequence is:

(.Az.T')RoM{ ... M:n, ~.d ..... ~.d (.Az.T')RqM{ ... M:n,

~~ (.AZ.T")RqM{ ... M:n,~.d ..... ~.d (.Az.T")RpM{ ... M:n,
~~ (.Az.T")RpN{ M~ ... M:n, ~~ ..... ~~ (.Az.T")RpN{ ... N:n,.
 1.2 The >.L\-Calculus 19

2.2. Let N == '1'[U /z]N1 ... N m . So, there is a minimum q ::::; p such
that Rq E .1; let ţJ, be the standard reduction sequence:
M[P/X] == (>.z.T')RoMi···M:n ~L1 ..... ~L1 (>.z.T')RqMi···M:r,
~L1 T'[Rq/z]Mi···M:r,.
T =?~ '1', by induction on (ii). Furthermore, since Rq =?~ U", it
follows by induction that T[P/x][Rq/z] =?~ '1'[Q/x][U"/z].
Let T[P/x][Rq/z] == To ~L1 ..... ~L1 Tt == '1'[Q/X] [U"/z] be the
corresponding standard reduction sequence. Two subcases can
arise:
2.2.1. 'Vi ::::; t, Ti -ţ. >'z.8'. The desired standard reduction se-
quence is ţJ, followed by:
T'[Rp/z]Mi···M:r, == T[P/x][Rp/z]Mi···M:r, ~L1 T1Mi···M:r,
~L1 ..... ~L1 TtMi···M:r, ~~ ..... ~~ TtNi···N:r, == [Q/X]
2.2.2. Let k ::::; t be the minimum index such that T k == >'y.T~.
The construction of the standard reduction sequence depends
on the fact that M 2 may or may not become an input value,
but, in every case, it can be easily built as in the previous
cases.
(ii) The cases M == x and M == >.z.M' are easy.
1. Let M == PQ =?L1 P'Q' == N, P =?L1 P' and Q =?L1 Q'.
By induction, there are standard sequences P == Po ~ L1 ... ~ L1 Pp ==
P' and Q == Qo ~L1 ... ~L1 Qq == Q'.
If 'Vi::::; P Pi -ţ. >'z.P[, then M ~~ N is PoQo ~~ PpQo ~~ PpQq.
Otherwise, let k be the minimum index such that Pk == >'z.P~.
- If 'Vj ::::; q Qj ti. .1, then M ~~ N is
PoQo ~L1 ..... ~L1 PkQo ~~ PkQq ~L1 Pk+lQq ~L1 ..... ~L1 PpQq.
- If there is a minimum h such that Qh E ,1, the standard sequence
is PoQo ~~ PkQo ~~ PkQh ~L1 Pk+lQh ~~ PpQh ~~ PpQq.
2. Let M == (>,x.P)Q =?L1 P'[Q'/x] == N where P =?L1 P', Q =?L1 Q'
and Q E .1. Hence P =?~ P' and Q =?~ Q' follow by induction, so
P[Q/x] =?~ P'[Q' Ix]' by induction on (i). Thus, the desired stan-
dard re duct ion sequence is (>'x.P)Q ~ L1 P[Q/x] ~~ P'[Q' Ix]. D

In order to prove the standardization theorem some auxiliary definitions

are necessary.
Definition 1.2.27. Let M, NEA.
(i) M ~~ N denotes that N is obtained from M by reducing a redex that is
not the principal redex.
(ii) M =?~ N denotes M =? L1 N and M ~"2 N.
20 1. The Parametric A-Calculus

According to this new terminology, a set of input values is standard, in

the sense of Definition 1.2.9 (pag. 10), if and only if M ~ .1 and M ----~ N
imply N ~ .1.

Lemma 1.2.28. M::::}..1 N implies there is P such that M ----:f P::::}~ N.

Proof Trivial, by Lemma 1.2.26.(ii).
Notice that it can "be M == P, by definit ion of ---- :f. D

Example 1.2.29. Let M == (>.xy.I(>.z.IK(II)))I::::}r >.yz.IKI.

Therefore M ----j, >.y.I(>.z.IK(II)) ----j, >.yz.IK(II) ::::}} >.yz.IKI and
clearly >.yz.IK(II) E r.

Note that if.1 is standard and Ris the principal redex of M and M ----~ N,
then R is the principal redex of N.

Lemma 1.2.30. Let.1 be standard.

M::::}~ P ----~ N implies M ----:f Q::::}~ N, for some Q.

Proof By induction on M. If either M == >.x.M' , or the head of M

is a variable, then the proof follows by induction. Otherwise, let M ==
(>.y.Mo)Ml ... M m ; thus it must be P == (>'y.PO)Pl ... Pm. Note that M::::}~ P
implies Mi ::::}..1 Pi (1 :::; i :::; m). Now there are two cases, according to
whether Pl E .1 or not.
• Let Pl E .1; it follows that Pl is the argument of the principal redex of P,
thus N == Po[Pl/y]P2 ... Pm.
Let MI E .1. Then we can build the following reduction sequence:
M == (>.y.Mo)Ml ... Mm ----~ Mo[Ml/y] ... Mm ::::}..1 PO[Pl/y]P2 ... Pm, which
can be transformed into a standard one by Lemma 1.2.28.
Let MI ~ .1 and Pl E .1; since the set .1 is standard, MI ::::}..1 Pl E .1 if
and only if MI ----:f P{ ::::}~ Pl , where P{ E .1. But this would imply that
in the reduction M ::::}~ P the principal redex of MI has been reduced; but
by definit ion the principal redex of MI coincides with the principal redex
of M, against the hypothesis that M::::}~ P. So this case is not possible .
• Let Pl ~ .1. Then there is j 2: O such that the principal redex of Pj
is the principal redex of P. Let j 2: 2; so Vk :::; j Pk is a normal form.
So N == (>,y.PO)Pl ... Pj..Pm, where Pj ----~ Pj. From the hypothesis that
M ::::}~ P, it follows that Mi == Pi (O :::; i :::; j - 1), and Mi ::::}..1 Pi
(j < i :::; m). Then by induction there is Pj* such that Mj ----:f Pj* ::::} ~ Pj,
and we can build the following reduction sequence:

which can be transformed into a standard one by Lemma 1.2.28.

The case j < 2 is similar. D

This Lemma has a key corollary.

 1.3 ,;1- Theories 21

Corollary 1.2.31. Let L1 be standard.

lf M --+~ N then M --+1 Q =}~ ... =}~ N, for some Q and some k.
'-v-"
k

Praof. Note that if P --+L1 P' then P =}L1 P'. So M --+~ N implies M =}L1
N n =} L1 N. So, by repeatedly applying Lemma 1.2.28 and
NI =} L1 ... =} L1
Lemma 1.2.30 we reach the proof. D
Now we are able to prove the standardization theorem.

~ Proof of Standardizat ion Theorem (Theorem 1.2.10 pag. 10).

The proof is given by induction on N. From CorolIary 1.2.31, M --+~ N
implies M --+1 Q --+:;{ N for some Q. Obviously, the reduction sequence
a : M --+1 Q is standard by definit ion of --+~. Note that, by definit ion of
--+:;{, Q --+::l N implies that Q and N have the same structure, i.e. Q ==
AXI ... Xn.(Ql ... Qn and N == AXI ... Xn.('Nl ... Nn, where Qi --+~ Ni (i :::; n)
and either ( and (' are the same variable, or ( == (Ax.R)S, (' == (Ax.R')S',
R --+~ R' and S --+~ S'.
The case when ( is a variable folIows by induction. Otherwise, by induction
there are standard reduction sequences ai : Qi --+~ Ni (1 :::; i :::; n), TR :
R --+~ R' and TS : S --+~ S'. Let S == So --+L1 ..... --+L1 Sk == S' (k E N).
If 'Vi :::; k Si ti- L1 then the desired standard reduction sequence is a folIowed
by TS, TR, al, ... , an·
Otherwise, there is Sh E L1 (h:::; k). In this case, let T~ : So --+L1 ..... --+L1 Sh
and T§ : Sh+1 --+ L1 ..... --+ L1 Sk; the desired standard reduction sequence is a
folIowed by T~, TR, T§, al, ... , an. •

1.3 ...::1- Theories

In order to model computation, L1-equality is too weak. As an example,

let L1 be either A or r. If we want to model the terminat ion property,
both the terms DD and (AX.XXX)(AX.XXX) represent programs that run for-
ever, while the two terms are -I-L1 each other. Indeed DD --+L1 DD and
(AX.XXX)(AX.XXX) --+L1 (AX.XXX) (AX.XXX)(AX.XXX). So it would be natural to
consider them equal in this particular setting. But if we want to take into
account not only terminat ion but also the size of terms, they need to be dif-
ferent; in fact, the first one reduces to it self while the second increases its
size dur ing the reduction. As we will see in the folIowing, for alI instances of
L1 we will consider, alI interesting interpretations of the calculus also equate
terms that are not = L1.
Let us introduce the notion of L1-theory.

Definition 1.3.1. (i) T s:;; A x A is a congruence whenever:

• (M,M) E T for each MEA,
22 1. The Parametric A-Calculus

• (M, N) E 7 implies (N, M) E T,

• (M, P) E T and (P, N) E T imply (M, N) E 7,
• (M,N) E T implies (C[M],C[N]) E T, for all contexts C[.].
(ii) 7 ~ A x A is a ..1-theory if and only if it is a congruence and M =..:l N
implies (M, N) E T.

We will denote (M, N) E 7 also by M =T N.

Clearly a ..1-theory equating aH terms would be completely uninteresting.
80 we will ask for consistency.
Definition 1.3.2. (i) A ..1-theory T is consistent if and only if there are
M, NEA such that M IT N. Otherwise T is inconsistent.
(ii) A ..1-theory 7 is input consistent if and only if there are M, N E ..1 such
that M IT N. Otherwise T is input inconsistent.
(iii) A ..1-theory T is maximal if and only if it has no consistent extension,
i.e. for all M, NEA such that M IT N, any ..1-theory 7' containing T
and such that M =T' N is inconsistent.

Property 1.3.3. Let T be a ..1-theory.

If T is input consistent then it is consistent.

Proof. Obvious. D

In the last section of this book, we will see that in order to use a >'..1-
calculus for computing, we need to work inside theories that are both consis-
tent and input consistent .
..1-theories can be classified according to their behaviour with respect to
the ..1-solvable terms.

Definition 1.3.4. (i) A ..1-theory is sensible if it equates all ..1-unsolvable

terms.
(ii) A ..1-theory is semisensible if it never equates a ..1-solvable term and a
..1-unsolvable term.

Another important notion for ..1-theories is that of separability. In fact,

this property help us to understand what equalities cannot be induced by a
theory.

Definition 1.3.5. Let..1 be a set of input values.

Two terms M, N are ..1-separable if and only if there is a context C[.] such
that C[M] =..:l x and C[N] =..:l Y for two different variables x and y.

Property 1.3.6. Let M, N be ..1-separable.

If T is a ..1-theory such that M =T N then T is input inconsistent.
 1.3 .1- Theories 23

Proof. Let C[.] be the context separat ing M and N, Le. C[M] =.:l x and
C[N] =.:l Y for two different variables x and y. Since =7 is a congruence,
M =7 N implies C[M] =7 C[N], and so, since T is closed under =.:l,
x =7 y. But this implies >.xy.x =7 >.xy.y, Le. K =7 O. But, since =7 is a
congruence, this implies K M N =7 OM N for alI terms M, N. In particular,
if M, N E L1 then M =7 N by L1-reduction. D

A theory is fully extensional if alI terms in it (not only abstractions)

have a functional behaviour. So, in a fulIy extensional theory, the equality
between terms must be extensional (in the usual sense), Le., it must satisfy
the property:

(EXT) Mx = Nx =} M =N x rţ FV(M) U FV(N).

Clearly =.:l does not satisfy (EXT). In fact, (EXT) holds for =.:l only ifit
is restricted to terms that reduce to an abstraction: indeed, xy =.:l (>.z.xz)y,
but x i=-.:l >.z.xz.
The least extensional extension of =.:l is induced by the TJ-reduction rule,
defined as folIows:

Definition 1.3.7 (TJ-Reduction).

(i) The TJ-reduction {--7'T/} is the contextual closure of the following rule:
>.x.Mx --7'T/ M if and only if x rţ FV(M);
>.x.Mx is a TJ-redex and M is its contractum;
(ii) M --7.:l'T/ N if N is obtained from M by reducing either a L1 or a TJ redex
in M;
(iii) --7 ~'T/ and =.:l'T/ are respectively the reflexive and transitive closure of --7.:l'T/
and the symmetric, reflexive and transitive closure of --7.:l'T/.

The next theorem shows an interesting result for TJ-reduction.

Theorem 1.3.8. =.:l'T/ is the least extensional extension of =.:l.

Proof. It is immediate to check that =.:l'T/ is extensional. In fact, for x rţ

FV(M), Mx =.:l'T/ Nx implies >.x.Mx =.:l'T/ >.x.Nx (since =.:l'T/ is a congru-
ence) , and this implies, M =.:l'T/ N by =w
On the other hand, let T be a fulIy extensional L1-theory, Le. M x =7 N x
implies M =7 N. For x rţ FV(M), (>.x.Mx)x =7 Mx, since (>.x.Mx)x --7.:l
Mx, and thus by (EXT), >.x.Mx =7 M. So T is closed under ='T/. D

In the literature, fun extensionality is called simply extensionality. We use

this name to stress the fact that it is also possible to define weaker notions
of extensionality. We will develop this topic in Sect. 8.1.
2. The Call-by-Name A-Calculus

A parameter passing policy is said to be call-by-name if the parameters need

not be evaluated in order to be supplied to the function. In our setting, this
means that all terms can be considered as input values. 80, in order to mimic
this policy with the parametric AL1-calculus, it is sufficient to define L1 = A.
Then alI terms are input values, and every application of the shape (Ax.M)N
is a redex. The AA-calculus coincides with the standard A-calculus, defined
by Church [25], and the reduction ---+ A is the well known J)-reduction.

2.1 The Syntax of 'xA-Calculus

By the definit ion of ---+ A, in the AA-calculus the head of a term is either a
variable or a redex. If the head of M is a variable then M is in A -head normal
form (A-hnf), namely M is of the shape AXl ... Xn.zMl ... Mm (n, m E N).
M has a A-head normal form if it reduces to a term in A-hnf. A-HNF denotes
the set of all A-head normal forms.
It is easy to see that M is in A-normal form (A-nf) if and only if both its
head is a variable and its arguments are in A-normal form too. 80 the set of
terms having A-hnf strictly includes the set of terms having A-nf. Consider,
for example, the term Ax.x(DD); it is in A-hnf, but it does not have A-nf.
An example of a term having neither A-hnf nor A-nf is DD.
A term is in A-lazy head normal form (A-Ihnf) if and only it is either an
abstraction or a head normal form. A term has a A-lazy head normal form if
and only if it reduces to a lazy head normal form. A-LHNF denotes the set of
all A-Iazy head normal forms. Clearly Ax.DD is a A-Ihnf, but it has neither
A-hnf nor A-nf. In the literature, a A-Iazy head normal form is called weak-
head normal form. We changed this terminology to stress the fact that to
reach a A-Iazy head normal form it is not necessary to reduce the A-redexes
that do not occur under the scope of a A-abstraction. Both A-head normal
forms and A-Iazy head normal forms are important classes of terms from the
computational point of view.

The general definit ion of L1-solvability is given in Definition 1.2.16. In the

AA-calculus, solvable terms have a very nice syntactical characterization.
26 2. The Call-by-Name A-Calculus

Theorem 2.1.1 (A-Solvability).

A term is A -solvable if and only if it has a A -head normal form.

Proof. The proof is in Sect. 2.1.1. o

Let us notice that the A-head normal form of a term is not unique. Con-
sider >.x.(>.uv.u)x(DD)(II). It reduces both to >.x.x(II) and to >.x.xI, which
are both A-head normal forms. But it is easy to show that aH the A-hnf's oh-
tained by A-reduction from the same term share some structural properties.
First we need to introduce some naming. If M == >.XI ... xn.zMI ... M m ,
then n is the A-order of M and m is its A-degree.

Property 2.1.2. Let M be A-solvable. Then there are unique n,m E N such
that M -7Â N and N in A-hnf, imply that the A-order and the A-degree of
N are respectively n and m.

Proof. By contraposition, let M have two A-head normal forms with different
A-order and A-degree, i.e. M -7Â P I == >'xI.··xn.xMI· .. M m and M -7Â P2 ==
>.xI ... xp-xNI ... N q , where n =f. p and/or m =f. q. By the confluence theorem,
it must be a term Q such that both P I -7 Â Q and P2 -7 Â Q. But this is
impossible, since the only redexes can occur in Mi or in N j (1 :::; i :::; m,
1 :::; j :::; q), and their reduction cannot change any of n, m,p, q. O

The notion of A-order of a term can be easily extended to terms not in

A-head normal form.

Definition 2.1.3. A term M has A-order n il and only il n is the largest i

such that M =A >.XI ... Xi.N. If such an n does not exist M has A-order 00.

Example 2.1.4. DD and xMI ... M m (m 2: O) have A-order O; while both

>.XI ... xn.DD and >.XI ... xn.z have A-order n and (>.xy.xx)(>.xy.xx) has
A-order 00, since Vk E N (>.xy.xx)(>.xy.xx) -7Â >,xo ... xd>'xy.xx)(>.xy.xx).

A particularly interesting A-theory is the theory A'Tl. The A-normal forms

play an important role in this theory, as shown in the next theorem.

Theorem 2.1.5 (Bohm's theorem). [15]

Let M,N E A-NF. If M =f.A'1 N then M and N are A-separable.

Proof. The proof is in Sect. 2.1.2. o

B6hm's theorem has an interesting semantical consequence, namely that
two A-nf's that are =f.A'1 cannot be equated in any consistent or input con-
sistent A-theory (note that, for the >'A-calculus, consistency and input con-
sistency coincide).

Corollary 2.1.6. Let M, N be two A-normal forms and let M =f.A'1 N.

For every A-theory T, if M =7 N then T is (input) inconsistent.
 2.1 The Syntax of >'A-Calculus 27

Proof. The proof is identical to the proof of Property 1.3.6, just putting
~=A. O

Given a A-theory, there is an easy way of proving its full extensionality,

as shown in the following property.

Property 2.1.7. Let E == >.xy.xy, and let T be a A-theory.

1 =T E if and only if T is fully extensional.

Proof. (=}) 1 =T E implies 1 M =T EM, which implies, by A-reduction

M =T >.x.Mx, where x rţ FV(M). The proof follows, by Theorem 1.3.8.
C<=) By Theorem 1.3.8 x =T >.y.xy where y rţ FV(M); so >.x.x =T >.xy.xy,
since =T is a congruence. O

We will prove in Chap. 16 that the >'A-calculus can be considered as a

programming language, in the sense that it is possible to define some evalua-
tion machines performing the A-reduction, and the >'A-calculus equipped by
each of this machines, has the computational power of all the partial com-
putable functions. The key property on which this result is based is the fact
that every term in the >'A-calculus has a fixed point.

Theorem 2.1.8 (Call-by-name fixed point).

Every term MEA has a fixed point, i. e. for every term M there is a term
N such that MN =11 N.

Proof. Let Y == >.x.(>.y.x(yy))(>.y.x(yy)). It is readily checked that, for every

M, YM =11 M(YM). Hence YM is a fixed point of M. O

The term Y in the proof of the previous theorem is called a call-by-name

fixed point operator since, when applied to a term M, it produces one of its
fixed points.

2.1.1 Proof of A-Solvability Theorem

First we need to prove a property.

Property 2.1.9. (i) The lack of A-hnf is preserved by substitution, i.e. if M

does not have A-hnf then M[N /y] does not have A-hnf either, for aH
x E Var and NEA.
(ii) The lack of A-hnf is preserved by head contexts, Le. if M does not have
A-hnf then (>.x.M)N does not have A-hnf either, for aH x and N.

Proof. (i) By contraposition assume that M[N/y] has A-hnf. We will prove
that this implies that M has A-hnf too. The proof is given by induction
on the length p of standard A-reduction sequence from M[N /y] to its
A-hnf. The cases p = 0,1 are trivial. Let p > 1 and M == >.x.(>.z.P)QM,
otherwise M is already in A-hnf, and let R == >.x.P[Q/z]M. Then
28 2. The Call-by-Name .A-Calculus

M[Njy] == >.x.(>.z.P')Q' M' -+ A .AX.P'[Q' j z]M' == R[Njy],

where P' == P[Njy]' Q' == Q[Njy] and M' == M[Njy]. Thus R[Njy]
has A-hnf in less than p steps, so by induction R has A-hnf, and by the
Church Rosser theorem M has A-hnf too.
(ii) We as sume that (>.x.M)N has A-hnf and we prove that this implies that
M has A-hnf too. The proof is given by induction on the length p of a
standard A-reduction sequence from (>.x.M)N to its A-hnf. The cases
p = 0,1 are trivial. Let p > 1 and M == )..fj.(>.z.P)QM. If 111711 + Ilxll ~
liNII then the proof folIows from part (i) of this property and from the
confluence property of the A-reduction. Otherwise 3N1 such that IINIII =
111711 + Ilxll, N == N1N 2 and IIN2 11 > 1. In this case, it must be

(>.x.(>.y.(>.z.P)QM))N1N 2 -+Â (>.z.P')Q' M' N 2 -+ A P'[Q' j z]M' N 2 ,

where P' == P[NI/Xill, Q' == Q[NI/xm and Vi, MI == MdNI/xm.

P'[Q' j z]M' N 2 has A-hnf in fewer steps than (>.x.M)N, so by induction
>.g.P[Qj z]M has A-hnf and by confluence (>.x.M)N has A-hnf too. D
Note that analogous properties have been proved for the A-unsolvable
terms (Property 1.2.18).

Now we are able to prove the theorem.

~ Proof of A-Solvability Theorem (Theorem 2.1.1 pag. 26).

({=) Without loss of generality, we can assume that M is closed. Let M ==
>'Xl ... Xn.XiMl ... Mm (1 ~ i ~ n). Let Pi == >'Xl ... Xm+l.Xm+l. Then for
every sequence P1 ... Pi ... Pn, where Pj is any term, for i =1= j,

(=?) If M does not have A-hnf, then by Property 2.1.9, for alI head contexts
C[.], C[M] does not have A-hnf; in particular, C[M] cannot be reduced
to 1. •

2.1.2 Proof of Bohm's Theorem

The proof will be given in a constructive way, by showing a separability al-

gorithm. The algorithm is defined as a formal system, proving statements of
the shape:
M,N ~A C[.],
where M, N are A-normal forms such that M =l=A7) N and C[.] is a context.
(A very general presentation offormal systems can be found at the beginning
of Chap. 5).
 2.1 The Syntax of '>"A-Calculus 29

The rules of the system are defined by induction on the fact that M, N are
A-normal forms that are 1]-different.

Definition 2.1.10. Let c be a sequence of n ::::: O natural numbers (E denotes

the empty sequence) and M, N be A-normal forms. M etc N if and only if
one of following cases arises:
(i) if c ==then either Ip - mi =1- Iq - ni or x =ţ y;
E
(ii) ifc == i,c' thenM
=1) AXI·· .xp.xMI ... M m andN =1) AXI ... xp.yNI ... N m
where Mi etc'
Ni (1 :S i :S m).

Property 2.1.11. Let M and N be A-nf's such that M =l-A1) N. Then there is
a sequence c of natural numbers such that M etc N.

Proof. Easy. o

Some terms will be used extensively in the rest of this section, in particular

Bn == AXI",Xn+I.Xn+IXI",Xn
an == AXI",Xn+I.Xn+1
U~ == AXI ... Xi,Xn (i :S n, nE N).

A useful structural measure of a term M in A-nf is the maximum A-degree

of its subterms.

Definition 2.1.12. Let M E A-NF; args(M) E N is defined inductively as:

• args(xMI ... M m ) = max{m, args(MI ), ... , args(Mn )};
• args(Ax.M) = args(M).

Example 2.1.13. Let M == .>..x.x(>..xy.x)x(xu); so

args(M) = max{3, args(Axy.X), args(x), args(xu)} = 3.

It is easy to check that if N is a subterm of M then args(N) :S args(M).

Definition 2.1.14. Let M be a term having A-normal form. The A-normal

form of M will be denoted by nfA(M).

The separability algorithm is presented in Fig. 2.1 (pag. 32). For the
sake of simplicity, we assume that aU bound and free variables have different
names.
The foUowing lemma proves a property on which both the termination
and the correctness proofs of the algorithm are based. In fact, rule (A7) of
the algorithm is based on it.

Lemma 2.1.15.
Let M, NE A-NF, r ::::: max{args(M), args(N)} and C;[.] == (Ax.[.])B T •
30 2. The Call-by-Name >'-Calculus

(i) 3M E A-NF such that O;[M)-Â M and r 2:: args(M).

(ii) II M 'te N then nfA(O;[M]) 'te nfA(O;[N]).
Proof. (i) By induction on M.
If M == )..z.P or M == zMI ... M m (where z -ţ. X and m ~ r) then the
prooffollows by induction. Let M == xMI ... M m (m ~ r); so by induction
Vi ~ m there is Mi E A-NF such that O;[Mi ) -Â Mi and r 2:: args(Mi ).
Clearly ()..x.M)B r -Â )..Xm+I ... Xr+1.Xr+IMI ... Mmxm+1 ... xr; hence
r 2:: max{r, args(MI ), ... , args(Mm ), O, ..... , O} = r.
'-v--'
r-m
Note that nfA(O;[M]) is well defined.
(ii) Let M == )..ZI .. . zp.zMI ... M m and N == )..YI .. .Yq.yN I ... N n ; we reason by
induction on c. Let c == E. Let z == y.
If x is different from y, z then the proof is trivial.
In case Ip - mi =1- Iq - ni, let Mi == nfA(O;[Mi]) and Ni == nfA(O;[Ni ]) for
each i; thus
nfA(O;[M]) == )..ZI •. •ZpXm+I ... Xr+I.Xr+IMI ... Mmxm+I ... Xr,
nfA(O;[N]) == )..ZI.· .ZqXn+I ... Xr+I.Xr+1NI ... NnXn+1 ... xr.
Since Ip - mi =1- Iq - ni,
l(p+(r+l)-m)-rl = Ip-m+ll =l-lq-n+ll = I(q+(r+l)-n)-rl·
If Z -ţ. Y then the proof is simpler.
== i, c' (where i 2:: 1) then the proof follows by induction.
If c O
Example 2.1.16. Let M == )..xyu.x(u(x(yy))(vv)) and N == )..xyu.x(u(yy)(vv)).
Thus args(M) = args(N) = 2, so let us pose r = 2.
The derivation proving the statement M, N ~ A 0[.) follows:

X3 t; Y 0 5[.] == (>.X3Y·[·])(>.XI X2. X)(>.XI X2X3·Y)

- - - - - - - - - - - - - - - - - - - (A5)
X3(YY)X2, YYX2X3 ~A 0 5[.]
-----------------(A2)
>'X2X3.X3(YY)X2, YY ~A 02[·] == 05[[.]X2 X3]
- - - - - - - - - - - - - - - - - - - - - (A6)
U(>'X2X3.X3(YY)X2)(VV), U(YY)(VV) ~A 0 6[.] == 02 [(>.U.[.])(>.ZlZ2.zd]
-------------------------(A7)
X(U(X(YY))(VV)) , X(U(YY)(VV)) ~A 0 7[.] == 06[(>.X.[.])(>'XIX2X3.X3XIX2)I(>'ZlZ2.zd]
-------------------------(Al)
>.xYU.X(U(X(YY))(Vv)) , >.xYU.X(U(YY)(Vv)) ~A 07[[.]XYU]

where:
0 5 [.) == ()..X3Y. [.) ) ()..XI X2. X)()..XI X2X3·Y)
O2[.) == ()..X3Y. [.) X2 X3) ()..XIX2.X) ()..XI X2X3·Y)
0 6 [.) == ()..X3Y.(()..U. [.) )UiX2X3)) ()..XI X2.X)()..XI X2X3·Y)
0 7 [.) == ()..X3Y.(()..U.()..X. [.) )B 2IUi)Uix2x3)) ()..XI X2. X)()..XIX2 X3·Y)
0[.) == ()..X3Y.(()..U.()..X. [.) xyu)B2IUi)Uix2x3)) ()..XI X2. X)()..XI X2X3·Y)·
 2.1 The Syntax of AA-Calculus 31

So
C[M] == ()..x3y.()..u.()..x.Mxyu)B2 IU.})U.}x2x3) ) ()..XIX2. X)()..XIX2 X3·Y) -+:1
()..X3Y' ()..u.M B 2yuIU.} )U.}X2 X3)) ()..XIX2. X)()..XIX2 X3·Y) --*Â
()..X3Y' (M B 2yU.} IU.}x2 x3)) ()..XIX2.X) ()..XIX2 X3·Y) --*Â
()..xyu.x( u(x(yy))( vv)))B2()..XIX2X3·Y)U.} IU.}X2()..XIX2. X) --*Â
B 2(U.} (B 2 ()..XIX2X3'Y) ()..XIX2X3.Y)))( vv) )IU.} X2 ()..XIX2. X) --*Â
u.} (U.} (B 2 ()..XIX2X3.Y) ()..XIX2X3 .Y)))( vv))I X2 ()..XIX2. X) --*Â
U.} (B 2()..XIX2X3.Y)()..XIX2X3'Y))) (vv )X2 ()..XIX2. X) --*Â
B 2 ()..XIX2 X3.Y) ()..XIX2 X3·Y) )X2 ()..XIX2. X) --* Â
()..XIX2. X) ()..XIX2 X3.Y) ()..XIX2 X3.y) )X2 --* Â X,

while on the other hand

C[N] == ()..X3Y' ()..u.()..x.N xyu)B 2lUi) u.} X2X3) ) ()..XIX2, X)()..XIX2 X3·Y) --*Â
()..X3Y· ()..u.N B 2yuIUi)U.}x2 x3)) ()..XIX2.X) ()..XIX2 X3·Y) --*Â
()..X3Y· (N B 2yU.} IU.}x2 x 3)) ()..XIX2.X) ()..XI X2X3·Y) --*Â
()..xyu.x( u(yy)( vv)))B2()..XIX2X3'Y)U.} IU.}X2()..XIX2. X) --*Â
B2 (U.} «)..XIX2X3.Y)()..XIX2X3.Y))( vv)) IU.}X2()..XIX2 .x) --*Â
Ui (Ui «)..XI X2X3·Y) ()..XIX2 X3.y))( vv)) 1X2 ()..XIX2. X) --*Â
Ui «)..XIX2 X3·Y) ()..XIX2 X3·Y)) (vv )X2 ()..XIX2. X) --* Â
()..XIX2 X3·Y)()..XI X2X3·Y)X2()..XIX2.X) --*Â y.
Now we will prove that the algorithm is correct and complete.
Lemma 2.1.17 (Termination).
II M,N E A-NF and M Ţ.c N then M,N ~A C[.].
Proof. By induction on c.
Let c = E. Let us consider first the case when M and N have no initial
abstractions. If they have different head variables, then axiom (A5) must be
applied, otherwise either axiom (A3) or axiom (A4), and then the algorithm
stops. If they have initial abstractions, then either rule (Al) or (A2) must be
applied, and the previous situat ion is reached.
If c -=f=. E, either rule (A6) or (A7) must be used, and then the result follows,
in the first case by induction, in the second one by induction and Lemma
2.1.15. O

Lemma 2.1.18 (Correctness).

Let M,N E A-NF be such that M Ţ.c N. II M,N ~A C[.] then C[M] =A x
and C[N] =A y.
Proof. By induction on the derivation of M, N ~A C[.], i.e. by cases on the
last applied rule.
32 2. The Call-by-Name '\-Calculus

Let M,N EA-normal form, M Ţ.c N, r 2: max{args(M),args(N)} and x,f) be

fresh variables such that x 't f).

The rules of the system proving statements M, N ~A C[.], are the following:

p::; q XM1 ... MmXp+l ... Xq,yNl ... Nn ~A C[.]

(Al)
'\Xl ... xp.xM1 ... M m, '\Xl ... xq.yN1 ... N n ~A C[[.]Xl ... Xq]

q<p XM1 ... Mm,yNl ... NnXq+l ... Xp ~A C[.]

- - - - - - - - - - - - - - - - - - - - (,12)
'\Xl ... xp.xM1 ... M m, '\Xl ... xq.yN1 ... N n ~ A C[[.]Xl ... Xp]

n<m
-------------------(,13)
XM1 ... M m , xN1 ... N n ~A ('\x.[.])Om 1 ..... 1 Kxf)
'-v-'
rn-n-2

m<n
- - - - - - - - - - - - - - - - - (,14)
xM1 ... Mm,xN1 ... N n ~A ('\x.[.])On 1 ..... 1 Kf)x
'-v-'
n-m-2

---------------------(,15)
xM1 ... M m, yN1 ... N n ~A ('\xy.[.])('\Xl ... Xm.X)('\Xl ... Xn.f))

x rf. FV(Mk) U FV(Nk)

M N _ _ _Mk,Nk
_----'--'-----'-_k
k #,1'7 ~A C[.]
----'_ _ _----'--'-c:- (,16)

xM1 ... Mm,xNl ... N m ~A C[('\X.[.])U~]

x E FV(Mk) U FV(Nk) Mk #,1'7 Nk

C~[.] == ('\X.[.])W nfA(C~[Mk]),nfA(C~[Nk]) ~A C[.]
(,17)
xM1 ... Mm,xN1 ... N m ~A C[C~[.]I ..... IU;]
'-v-"
r-m

Fig. 2.1. Call-by-name separability algorithm.

 2.1 The Syntax of >'A-Ca\culus 33

(Al) By induction C[xMI ... Mmxp+1 ... Xq] '-'Â x and C[yNI ... Nn] '-'Â i); so

C[(..\xI ... xp-xMI ... Mm)XI ... Xq] '-'Â C[xMI ... Mmxp+I ... Xq] '-'Â X
C[(..\xI ... xq.yNI ... Nn)XI ... Xq]'-'Â C[yNI ... Nn] '-'Â i).
(A2) Similar to (Al).
(A3) Clearly
(..\x.xMI ... Mm)om 1 ......... 1 Kxi)'-'Â
'--v---"
m-n-2

while on the other hand,

(..\x.xNI ... Nn)om ~Kxi)'-'Â

m-n-2
om NI [om Ix] ... Nn[om Ix] 1 ......... 1 K xi)'-'Â i).
, #

(A4) Similar to (A3).

(AS) Easy.
(A6) By induction.
(A7) By induction C[nfA(C~[Mk])] '-'Â x and C[nfA(C~[Nk]) '-'Â i), where
C~[.] == (..\X.[.])BT; thus C[Mk[BT Ix]] '-'Â x and C[Nk[BT Ixll'-'Â i) too.
Hence
C[((..\X.XMI ... Mm)BT)~U:]'-'Â
T-m

T-m

T-m

T-m D

~Proof of Bohm's Theorem (Theorem 2.1.S pag. 26).

The proof follows directly from Lemmas 2.1.17 and 2.1.18. •
Note that M, N ~ A C[.] does not imply that C[.] is a head context. The
original algorithm designed by Băhm produces head contexts. However, the
proof of correctness for our vers ion is simpler than that of Băhm. It can be
an useful exercise for the reader to modify the algorithm of Fig. 2.1 in such
a way that it produces as output a head context.
3. The Call-by-Value A-Calculus

The more usual programming languages are such that parameters must be
evaluated in order to be supplied to a function, and moreover the body of
a function is evaluated only when parameters are supplied. The first policy
is the so called call-by-value parameter passing, and the second policy is
called lazy-evaluation. In order to mimic this kind of computation with the
parametric ALl-calculus, it is necessary that Ll be a proper subset of A, and
moreover it contain alI the abstract ion terms.
80 we choose Ll = r, where r = VarU{.Ax.M I MEA} was proved to be
a set of input values in Property 1.2.4. The Ar-calculus coincides with the
APv-calculus, first introduced by Plotkin in [78].

3.1 The Syntax of the ..xr-Calculus

A term of the Ar-calculus is always of the shape: AXl ... Xn.(Ml ... Mm, where
the head ( is either a variable or a r-redex or a head block (see pag. 8).
A term is in r-normal form (r-nf) if it is of the shape AXl ... Xn.(Ml ... Mm,
where Mi is in r-normal form (1 SiS m) and (is either a variable or a head
block (AX.P)Q, where both P and Q are in r-normal form. r-NF denotes
the set of alI r-normal forms.

Example 3.1.1. Both xID and (AX.XI)(yz)w are terms in r-normal form.
DD is a term without r-normal form.

Note that, differently from the AA-calculus, here if we want to manipulate

some subterms, we need first to transform them into input values. 80 the
notions of r-valuable and potentialIy r-valuable terms are important for
studying such a calculus.

Definition 3.1.2. (i) A term M is r-valuable if and only ifthere is NEr

such that M -+} N.
(ii) A term M is potentialIy r-valuable if and only if there is a substitution
s, replacing variables by closed terms belonging to r, such that s(M) is
r -valuable.
36 3. The Call-by-Value .A-Calculus

It is readily verified that a closed term is potentially r-valuable if and only

if it is valuable. Note that a term can be in r -normal form and not potentially
r-valuable; consider, for example, the term M == (Az.D)(yI)D, which is in
r-normal form. For each term Q E AO, the term M[Q/y] == (Az.D)(QI)D is
not r-valuable; indeed, there are two possible cases:
1. QI is r-valuable. Then M[Q/y] -+r DD and DD is not r-valuable,
being closed and such that D D -+ r D D rţ r.
2. QI is not r-valuable. Then (Az.D)Q' D is not r-valuable, for every Q'
such that QI -+r Q', since (Az.D)Q' is not a r-redex.
80 to be potentially r-valuable is a stronger and more interesting property
than to have r-normal form.
The class of potentially r -valuable terms cannot be characterized through
the -+ r reduction; a new kind of reduction must be defined.

Definition 3.1.3. Let lf/ ~ A.

(i) The lazy lf/-reduction (-+.pf) is the closure under application of the fol-
lowing rule:
(Ax.M)N -+ M[N/x] if and only if NE lf/,-
(Ax.M)N, when it does not occur under the scope of a A-abstraction, and
when NE lf/, is called a lf/C-redex (or lazy lf/-redex) and M[N/x] is called
its lf/C-contractum (or lazy lf/-contractum).
(ii) -+;/;f and =.pf are respectively the reflexive and transitive closure of -+.pjl
and the symmetric, reflexive and transitive closure of -+.pf.
(iii) A term is in lf/C-normal form (lf/C-nf) if it has not lf/C-redexes and it has
a lf/€-normal form, or it is lf/C-normalizing if it reduces to a lf/C-normal
form,- the set of lf/C-nf is denoted by lf/C-NF.
(iv) A term is lf/C-strongly normalizing if it is lf/C-normalizing and moreover
there is not an infinite lf/C-reduction sequence starting from it.

Let us notice that, in the previous definit ion , lf/ is not asked to be a set
of input values. Moreover, the definit ion of lf/C-reduction, in point (i), does
not agree with Definition 1.2.1. In fact, the reduction is defined by closing
the reduction rule only under application, while in the standard case the
closure is under abstract ion too. This allows us to formalize the notion of
lazy reduction, where no reduction can be made under the scope of a A-
abstraction.
Potentially r-valuable terms will be characterized by the lazy reduction
induced by the following subset of A.

Definition 3.1.4. E ~ A is defined as follows:

E = r U {xM1 ... M m IVi:S; m Mi EE}.

 3.1 The Syntax of the .xr-Calculus 37

Example 3.1.5. >.x.DD E E, xy(>.x.II) E E, I(xy) (j. E. Note that the last
term is in r -normal form, while the first two are not.
We will show that terms having Ee-normal forms are aH and only the
potentiaHy r-valuable terms.
Property 3.1.6. Let MEA.
A term M has Ee-normal form if and only if M -+:se P for some P E E.
Proof. It is easy to see that M E E if and only if M is a Ee-normal form. o
Note that E is not a set of input values. In fact, it is easy to see that the con-
textual reduction --"s would not be confiuent. Let P == (>.x.(>.yz.z)(xD))D.
Clearly P --"s P1 == (>.yz.z)(DD) and P --"s P2 == (>.xz.z)D, but there does
s
not exist a P3 E A such that P 1 --" P3 and P2 --" S P3 .
Thanks to its "lazy" definition, the --"se reduction enjoys aH the good
properties we expect.
Theorem 3.1.1. The --"se reduction enjoys both the conftuence and the
standardization properties.
Proof. The proof is in Sect. 3.1.1. o
Moreover, --"se and --"r reductions commute as proved by Property 3.1.8.
Property 3.1.8. Let M --"se P and M --"r Q. Then there is N such that
both Q --"se N and P --"r
N.
Proof. M --"se P implies M is of the shape (M, where (is either a variable,
or a r-redex, or a head block. Let M == (>.x.R)(zS)M, since the variable's
case is simpler. The proof is given by cases.
1. Let R --" r R'. It is easy to see that the following diagram commutes:

(>.x.R) (zS)M ~ (>.x.R')(zS)M

lse lse
R[zSjx]M r ) R'[zSjx]M

2. Let S == Sl ... Sj ",Sm and let Sj --" r Sj (1 :S j :S m). S' will denote
the sequence Sl ... Sj",Sm' It is easy to see that the following diagram
commutes:
(>.x.R)(zS)M ~ (>.x.R)(zS')M

lse lse
R[zSjx]M ; ) R[zS' jx]M
when a number ~ O of r-reductions is needed in order to deal with the
copies of zS generated by the Ee-reduction.
38 3. The Call-by-Value A-Calculus

3. Let M == MIoo.Mjoo.Mm and let M j ----'tr Mj (1 ~ j ~ m) and let M'

denote the sequence MI oo.1I1joo.Mm . It is easy to see that the following
diagram commutes:

(>..x.R)(zS)M ~ (>..x.R)(zS)M'

lEl lEl
R[zSjx]M r ) R[zS' jx]M'

4. The cases when the SI! and r-reductions are made in disjoint subterms
of either S or Mare immediate.
5. The cases when the SI! and r-reductions are made in the same subterm
of either S or M can be treated in a similar way as the previous ones.
6. Let M == (>..x.R)SM, where SEr. Then either P == Q, or one of the
previous cases applies. o
The ----'t5c-reduction allows a complete characterization of the potentially
r-valuable terms.

Theorem 3.1.9 (Potential r-valuability). [74]

M is potentially r -valuable if and only if there is NES such that M ----'t ~ c N.
Proof. The proof is in Sect. 3.1.2. o

As an example, let us consider the term M == (>..z.D) (yI)D, which we

proved before to be not potent.ially r-valuable. In fact, (>..z.D)(yI)D ----'tEl
DD, and clearly DD does not have SI!-normal form, since DD ----'tEl DD.
Now let us study the problem of characterizing the r-solvable terms. The
next lemma shows us the relat.ionship between the potentially r-valuable
terms and the r -solvable ones.

Lemma 3.1.10. The class of r-solvable terms is properly included in the

class of potentially r -valuable terms.

Proof. Let us first prove the inclusion. Let M be r-solvable, so there is a

head context (>"x.[.])N such that (>..x.M)N ----'tr I (since I is in normal form).
Assume Ilxll ~ liNII (otherwise consider the context (>"x.[.])N L:;.J, where
p

p = Ilxll-IINII) and N == N I N2 such that Ilxll = IINIII· So M[Nr/iJN2 ----'tr I.

Let s be a substitution such that s(x) E rO, for each x E Var. Therefore
s(M[Nr/x])N2 ----'tr s(I) == I, by Remark 3.1.30 pag. 43, hence s(M[N jx]) ==
s(M)[s(N)jx] is r-valuable.
The inclusion is proper, since >..:r.DD is valuable, and so potentially valuable,
but clearly r-unsolvable. O
 3.1 The Syntax of the Ar-Calculus 39

In order to characterize the r-solvable terms, we need to define a relation

between terms, based on the --+5e-reduction.

Definition 3.1.11. (i) The relation ~<;;; A x A is defined inductively in the

foltowing way:
• AX.P ~ AX.Q if and only if P ~ Q,
• xMI ... M m ~ xNI ... N m if and only if Mi --+:ke Ni E S (1 ::; i ::; m),
• (Ax.P)QMI ... M m ~ R if and only ifQ --+:ke Q E S and
P[Qjx]M I ... M m ~ R.
(ii) M is in r-head normal form (r-hnf) if and only if M == Ax.xMI ... M m ,
and for altI::; i ::; m, Mi E S; r-HNF denotes the set of alt r-head
normal forms.
(iii) M has r-head-normal form if and only if M ~ Ax.xMI ... M m and Mi E
S, for aUI::; i ::; m. Ilxll is the r-order and m is the r-degree of M.

Note that r-HNF is a proper subclass of A-HNF. In fact, Ax.x(DD) E A-

HNF, but Ax.x(DD) rţ r-HNF since DD rţ S.
The notion of r-order (or simply order, when the set of input values is
clear from the context) can be extended to terms not having r-hnf in the
following way:

Definition 3.1.12. (i) M is of r-order O if and only if there is no P such

that M --+:ke AX.P;
(ii) M is of r -order n 2 1 if and only if n is the maximum integer such
that M --+:ke AXI.MI, Mi --+:ke AXi+I.Mi+1 (1 ::; i ::; n) and M n is
r -unsolvable of order o. lf such an n does not exists M is of r -order 00.

Example 3.1.13. DD and (Azx.xD)(yI)D are r-unsolvable of order O, and

xy is r-solvable of order o. (AXY.XX)(AXY.XX) is r-unsolvable of order 00.

Theorem 3.1.14 (r-Solvability). [74]

A term is r -solvable if and only if it has r -head-normal form.

Praof. The proof is in Sect. 3.1.2. o

It is also possible to give an operational characterization of the r -solvable
terms through the notion of SC-reduction.

Praperty 3.1.15. M is r-solvable if and only if there are terms MI, .. , M n ,

for some n E N, such that M --+:ke AXI.MI, Mi --+:ke AXi+I.Mi+1 (1::; i ::; n)
and M n == XPI ... Pm where P i E S for some m E N.

Praof. (=}) By induction on Definition 3.1.11.(i). If M is in r-hnf then the

proof is trivial. Otherwise, the only not obvious case is when M ==
(Ax.P)QM. In this case M is r-solvable if and only if Q --+:ke Q'
and P[Q' jx]M ~ R, and R is in r-hnf. By induction there are terms
40 3. The Call-by-Value A-Calculus

Mf, .. , M~" for some n E N, such that P[Q'/x]M ---tEl' AX1.Mf, MI ---tEl'
AXi+1.MI+1 (1:::; i :::; n') and M~ == xP{ ... p:r" , for some m'.
Let M~ == P[Q'/x]M. Since M ---tEl' Mâ, the proof is given.
({:::) By induction on n. If n = 1, then M ---tEl' xM1 ... M m , and so M is
r -solvable. In alI other cases the proof folIows easily by induction. O
Differently from the calI-by-name case, in the Ar-calculus the notion of
r-nf is not semanticalIy meaningful; in fact, we have seen that a term in r-nf
can be not potentialIy valuable, and so is r-unsolvable. Moreover, consider
the two terms (Az.D)(yI)D and (Az.D)(yK)D: they are r-normal forms, and
they are #r, but they are both r-unsolvable of r-order o. We will see that
alI the r-unsolvable terms of r-order O can be consistently equated.
Nevertheless, A-normal forms maintain a semantic importance also in this
calculus, as the next theorem shows. Note that a A-normal form is a particular
case of a Ee-normal form.

Theorem 3.1.16 (r-Separability). [72]

Let M,N E A-NF. lf M #.11/ N then M and N are r-separable.

Proof. The proof is in Sect. 3.1.3. o

The r -separability theorem has an interesting semantical consequence.
Corollary 3.1.17. Let M, N be two A-normal forms, and let M #.11/ N.
For every r -theory T, if M =7 N then T is input inconsistent.

Proof. The proof is identical to the proof of Property 1.3.6, just putting
Ll = r. O

We proved that, for every AA-theory T, 1 =7 E if and only if T is

fully extensional. In the case of the Ar-calculus, we can prove only a weaker
property.

Property 3.1.18. Let MEA and x ~ FV(M).

1 =7 E if and only if M =7 Ax.Mx, for every M E r.

Proof. (=?) 1 =7 E implies IM =7 EM, for alI M. Thus, if M E r then

M =7 Ax.Mx (x ~ FV(M)).
({:::) If M =7 Ax.Mx, for each M E r, then x =7 Ay.XY, so AX.X =7
AXY.XY. O

The notion of fixed point can be easily extended in the call-by-value setting, in
the sense that N is a calI-by-value fixed point of M if and only if MN =r N.

Theorem 3.1.19. M is r-valuable implies that M has a call-by-value fixed

point, i. e. there is N such that M N = r N.
 3.1 The Syntax of the >.r-Calculus 41

Proof Let M -+ r M' E r and let Y be defined as in the proof of Theorem

2.1.8. Then YM -+r YM' -+r (>..y.M'(yy»(>..y.M'(yy)) =r M'(YM') =r
M(YM). O

Let us call call-by-value jixed point operator terms Z such that if M is

r-valuable then ZM is a call-by-value fixed point of M.
We will see, using denotational tools, that in the call-by-value setting,
the notion of fixed point is in some sense meaningless, since every fixed point
operator Z is such that ZM is not potentially r-valuable, for every M.
A more useful notion related to this one is the notion of call-by-value
recursion operator. In fact, it will be used in Sect. 16.2, for expressing the
recursive functions in a calI-by-value setting. A calI-by-value recursion oper-
ator is a term Z such that ZM =r M(>..z.ZMz) , for alI r-valuable terms
M. The folIowing theorem holds.

Theorem 3.1.20. A call-by-value recursion operator exists.

Proof The term >..x. (>..y.x(>..z.yyz»(>..y.x(>..z.yyz)) has the desired behaviour. O

3.1.1 S.e-Confluence and S.e-Standardization

The confluence property for the reduction -+ El follows directly from the fact
that it enjoys the diamond property, as proved in the next lemma.

Lemma 3.1.21 (Ei-Diamond property).

Let M, N o, NI E A and N o =ţ. NI. II M -+El N o and M -+El NI then there
is Q E A such that N o -+El Q and NI -+El Q.

Proof We will prove only the most difficult case, Le. M == (>..x.P)MI ... M m ,
by induction on M.
• If N o == (>"X.P)MI ... M~ ... Mm such that Mk -+El M~, for some k, and
NI == (>"X.P)MI ... M~ ... Mm such that Mh -+El M~, for some k =1= h, then
Q == (>"X.P)MI ... M~ ... M~ ... Mm.
• Let No == (>"X.P)MI ... M~ ... Mm and NI == (>..x.P)MI ... M;: ... Mm such that
M~ =ţ. M;:, M k -+El M~ and M k -+El M;:, for some k. By induction
on Mk there is Q' such that M~ -+El Q' and M;: -+El Q', thus Q
(>..x.P)MI ... Q' ... M m.
• Let MI E E, so both (>"x.P) and MI are Ei-normal forms. Let N o
P[Mtfx]M2... M m and NI == (>"X.P)MI ... M~ ... Mm such that Mk -+El M~,
for some k. Clearly, Q == P[MtfxlM2 ... M~ ... Mm. O

Theorem 3.1.22 (Ei-Confluence).

Let M, N o, NI EA. II M -+Sl N o and M -+Sl NI then there is P E A such
that No -+Sl P and NI -+Sl P.
Proof By Lemma 3.1.21, following the same reasoning as in Theorem 1.2.5. O
42 3. The Call-by-Value A-Calculus

Let M ----7Ec N; by the SC-confluence theorem, M has SC-normal form if

and only if N has SC-normal form.
Corollary 3.1.23. The SC-normal form of a term, if it exists, is unique.
In order to state a standardization theorem for ----7SC, we need to redefine
some notions already stated for the A.::1-calculus. The fact that S is not a set
of input values forces this redefinition.
Definition 3.1.24. (i) A symbol A in a term M is SC-active if and only if
it is the first symbol of a SC-redex of M.
(ii) The SC-degree of a SC-redex R in M is the numbers of A 's that both are
active in M and occur an the left of R.
(iii) The principalSC-redex of M, if it exists, is the redex of M with minimum
degree.
(iv) A sequence M == Pa ----7SC Pi ----7EC ••• ----7SC Pn ----7SC N is standard if and
only if the SC-degree of the redex contracted in Pi is less than ar equal
ta the degree of the redex contracted in P i +!, for every i < n. We denote
by M ----7~c N a standard reduction sequence from M ta N.
It can be easily checked that the definit ion of SC-degree of a redex, given
in the definit ion before, can be obtained by specializing the general notion
of sequentialization given in Definition 1.2.7: its simplificat ion is due to the
laziness of the reduction.
If M ----7SC N by reducing a SC-redex of degree k E N, then we use the
notation M ~EC N.
Lemma 3.1.25. Let Pa ~EC P I l:.sc P2 and k > h.
There is n E N and P{ EA such that Pa l:.sc P{ ~sc P 2 and n ?: h.
Proof. By induction on Pa.
We will prove only the most clifficult case, when Pa == (Ax.P)QMI ... M m
(m E N). Note that k > h implies k ?: 1, so the principal redex cannot be
reduced in Pa ~sc P I ; thus either P I == (AX.P)Q' MI···Mm where Q ~sc Q'
or P I == (Ax.P)QMI ... Mj. .. M m where M j ----7SC Mj (1::; j ::; m) .
• In the first case, k > h implies there is Q" E A such that Q' ----7El Q",
P2 == (AX.P)Q" MI ... M m . The proof follows by induction on Q.
Note that Q ~sc Q' implies Q tţ S; moreover, Q ~sc Q' and k > h imply
Q' tţ S, since the reduction is not principal.
• In the last case:
1. either P2 == (Ax.P)QMI ... Mj' ... M m where M ~sc M' ~sc M" and
k' ?: h';
2. or P 2 == (Ax.P)QMI ... Mj ... M; ... M m where l' > j.
In case 1 the proof follows by induction on M j , in case 2 we take the
reduction sequence Pa ----7SC (.\x.P)QMI ... Mj. .. M m ----7SC P 2 •
o
 3.1 The Syntax of the .>..r-Calculus 43

k o
Corollary 3.1.26. lf Po P I ---+a P2 and k ;:::: 1, then there are Pi EA
---+a

and hEN such that Po ~ a Pi !!" a P2 .

Proof. By the Lemma 3.1.25, just putting h = O. o

Now we can state the standardization theorem.

Theorem 3.1.27 (Si-Standardization).

lf M ---+SR N then there is a standard reduction sequence from M to N.

Proof. By induction on M. Let M == xMI ... M m , thus N must be of the

shape xPI ... Pm , where Mi ---+SR Pi. By induction there is a standard re-
duction sequence Mi ---+~R Pi, and so the desired standard sequence is:
M ---+~R xPI M 2 ... M m ---+~R XPI P2 ... M m ---+~R XPI ... Pm (1::; i ::; m).
If M == Ax.M' then it must be that M == N, and the empty reduction se-
quence is trivially standard.
Let M == (Ax.P)MI ... M m (m ;:::: 1). The proof follows by induction on the
length of the reduction M ---+SR N, by using the previous corollary. O

The principal reduction is normalizing.

Corollary 3.1.28. M ---+SR NES if and only if M ---+~R NES.

Proof. Trivial. o

3.1.2 Proof of Potential r- Valuability and r-Solvability

Theorems

In order to prove the theorems, we need to introduce a measure for carrying

out some inductive proofs.

Definition 3.1.29. The weight q :A -----7 N is the partial function defined

as follows:
• (Ax.M' ) = O.
• (xMI ... Mm) = 1 + (MI) + ..... + (Mm).
• (Ax.Mo)MI ... Mm) = 1 + (MI) + (Mo[MI/x]M2 ... Mm).
In Sect. 3.2, we will show that the weight of a term M is defined if and
only if M has Si-normal form.
The following remark will be extensively used in what follows.

Remark 3.1.30. Let M, N, P, Q E .::1, where .::1 is a set of input values.

If M ---+,:1 N and P ---+,:1 Q then M[P/z]---+,:1 N[Q/z].

Proof. Easy, by induction on M. o

44 3. The Call-by-Value >'-Calculus

Lemma 3.1.31. Let Q E E, PE A and e[.] be a context.

(i) lf Q E E then (Q) is defined.
(ii) lf M -'>Si N and (N) is defined then (M) is defined.
(iii) lf M has Ei-normal form then (M) is defined.
Proof. (i) By induction on Q.
(ii) By induction on (N).
If (N) = O then N == >..x.N', so M == (>..z.P)Q and Q E E; hence,
(M) = 1 + (Q) + (N) where (Q) is defined by the previous point of this
lemma.
Let (N) ;::: 1; there are many cases.
1. Let M == xMI ... M m -'>Si xNI ... N m == N (m ;::: 1), where there is a
unique k ::; m such that Mk -'>Si Nk while Mh == Nh if h =f k. The
proof folIows easily by induction.
2. Let M == (>..z.P)QMI ... M m -'>Si RMI ... M m == N (m ;::: 1), where
Q E E and (>..z.P)Q -'>Si R; hence, (M) = 1 + (Q) + (N) where (Q)
is defined by the point (i) of this lemma.
3. The case M == >..x.P is not possible, since -'>Si is lazy.
(iii) By induction on the length of the sequence to Ei-normal form, by using
the previous points of this lemma. O

The weight of a term alIows us to induce on the length of reduction

sequences with respect to different notions of reduction.
Remark 3.1.32. If M E AO is r-valuable then M == (>..z.P)QMI ... M m , for
some m E N; moreover, Mi is closed and also r-valuable (1 ::; i ::; m).
Property 3.1.33. Let M,N E AO.
(i) If M is r-valuable then (M) is defined.
(ii) M -'>A N and (M) is defined imply (N) is defined and (M) ;::: (N).
(iii) Let either M -'>r N or M -'>Ei N.
If (M) is defined then (N) is defined and (M) ;::: (N).

Proof. (i) ris a standard set of input values and M -'>r NEr imply that
there is N' E r such that M -'>f N' E r; moreover, since M is closed
there is M' such that M -'>~ MI -'>~ M 2 ••• -'>~ M r -'>~ >..z.M' -'>~*
N' E r, where Mi is not an abstractioil, for alI i (1 ::; i ::; r).
Then M -'>Ti >..z.M' by definit ion of principal reduction. Clearly M -'>ri
>..z.M' E r implies M -'>Sl >..z.M' E E, so the proof folIows by Lemma
3.1.31.(iii).
(ii) Let (M) = k and let p be the number of steps of the standard reduction
sequence M -'>A N. The proof is given by induction on the pair (k,p),
ordered according to the lexicographical order.
The cases where either (M) = O or p = O are trivial. M == xMI . . .M m is
not possible, since M E AO by hypothesis. Let M == (>..x.Mo)MI ... M m ,
h' = (MI) and h" = (Mo[MI/x]M2 ••• M m ), thus k = 1 + h' + h".
 3.1 The Syntax of the >.r-Calculus 45

Let the reduction path be: M-A RI -A ..... -A R p == N (p > O).

There are three cases:
1. If RI == Mo[MI/xJM2 •• • M m then (R I ) = h" < k, so the prooffollows
by induction.
2. Let RI == (>.x.No)MI N 2 •.• N m where 3!j E N such that Mj -A N j ,
while Vi #- j, Mi == Ni (O ~ i ~ m and i #- 1).
Hence Mo[MI/xJM2 .• •M m - A N o[MI/xJN2 .• •N m and h" < k im-
ply (No[MI/xJN2 .• •N m ) ~ h", by induction.
Thus (RI) = 1 + (MI) + (No[MI/xJN2 •• •N m ) ~ k and the proof
follows by induction.
3. Let RI == (>.x.Mo)NI M 2 ••• M m , where MI -A NI. Thus by induc-
tion on Mo[MI/xJM2 .. . M m -:1 Mo[NI/xJM2 .. . M m and h" < k,
(Mo[NI/xJM2 .• . M m ) ~ h". Again, by induction (MI) 2:: (NI)' Thus
the conclusion follows by definition of weight and by induction.
(iii) By the previous point ofthis Property, since M -ljF N implies M-A N,
for each IJ! ~ A. O

The Lemma 3.1.34 proves that if a term is potentially r-valuable, then it

has Ei-normal form.
Lemma 3.1.34. Let MEA, FV(M) ~ {Xl" .Xn } and let s be a substitution
such that S(Xi) = Pi E rO. Ii seM) -r
M E r then there is N E E such
that both M -El N and s(N) -r M.
Proof. The proofis carried out by induction on k = (s(M)), where we assume
S(Xi) = Pi (1 ~ i ::; n) and seM) == M[PI/xI, ... , Pn/XnJ .
• k = O. Thus seM) is an abstraction; there are two cases:
1. M == Xj and Pj == >.z.P E AO, so N == Xj'
2. M == >'z.P, so N == >.z.P.
In both cases the proof is immediate .
• k > O. seM) E AO, so seM) == (>.u.Ro)RI ... R r (r 2:: 1). Two cases are
possible, according to the shape of M:
1. M == xjMI ... M m (j ~ n, 1 ~ m). Assume Pj == (>.z.P I ) (indeed
Pj E rO); then seM) == Pjs(MI) ... s(Mm ) -r
M E r.
Since seM) is r-valuable, there are Mi such that S(Mi) -r
Mi E r
and (s(Mi )) < (s(M)); hence, by induction there are Ni E E such that
Mi - E l Ni and s(Ni ) -r Mi (1 ~ i ~ m).
Let N == xjNI ... N m E E, thus xjMI ... M m -El xjNI ... N m and
Pjs(NI) ... s(Nm)-r PjMI" .Mm -r
M (1 ~ i ~ m).
2. M == (>.z.P)QM I ... M m (m 2:: O). Since seM) is r-valuable, there is
Q such that s(Q) -r r
Q E and s(P[Q/zJ)s(MI) ... s(Mm ) M.-r
Moreover, (s(Q)) < (s(M)), so by induction there is R E E such that
Q -El R and seR) -r Q.
But from s(P[R/zJ)s(Md···s(Mm) -r
s(P[Q/zJ)s(MI) ... s(Mm ) to-
gether with s(P[Q/zJ)s(MI) ... s(Mm ) -r
M it follows that:
s(P[R/zJ)s(Md ... s(Mm) -rM and, by Property 3.1.33.(iii)
46 3. The Call-by-Value A-Calculus

(s(P[s(R)/z])s(MI) ... s(Mm)) ~ (s(P[Q/z])s(MI) ... s(Mm )) < (s(M)).

Then, by induction, there is T E E such that P[R/z]MI ... M m ~:kR T
and s(T) ~} M. Let N == T; clearly M == (>-.z.P)QM t ... M m ~:kR
(>-.z.P)RMt ... M m ~ER P[R/z]MI ... M m ~:kR N, so the proofis given.
O

The Lemma 3.1.35 proves that if a term has Ee-normal form then it is
potentially r-valuable.
Lemma 3.1.35. Let MEA, FV(M) <;;; {Xl," .,xn }.
M ~:kR N E E implies that 3h E N such that Vr ~ h, 3Mr Er
M[or /XI, ... , or /X n ] ~} Mr,
N[or /Xl, ... , or /X n ] ~} Mr,

Proof. Let Pr be the substitution such that Pr(Y) = or, for alI y E Var and
r ~ O; so Pr(M) = M[or /XI, ... , or /x n ].
The proof will be given by induction on (M).
• Let (M) = O, so M is an abstract ion and the proof is trivial.
• Let (M) ~ 1. If M == xMI ... M m (m E N) then by induction, Vi ~ m there
are hi E N such that Vr ~ max{ m, h l , ... , hm }, Pr(Mi ) ~} Mi E r and
the proof is immediate.
Otherwise, let M == (>-.z.P)QM I ... M m (m E N); M has Ee-normal form
implies that there is R E E such that Q ~:kR R. Hence (Q) < (M) and
this implies by induction, that there is ho E N such that Vr ~ h o 3Qr E r,
Pr(Q)~} Qr and Pr(R) ~T' Qr. Clearly P[R/z]MI ... M m ~:kR N too.
By Property 3.1.33.(iii) (P[R/z]M I ... M m ) ~ (P[Q/z]M t ... M m ) < (M)
then, by induction, there is h l E N such that Vr ~ h l 3Pr E r satisfying
Pr(P[R/z]MI ... M m ) ~} pr and Pr(N) ~} pr.
Vr ~ max{ho, ht}, 3Qr E AO Pr(R)~} Qr implies, by the confluence
theorem,

Pr(P[R/z])Pr(Md ... Pr(Mm)~} Pr(p[Qr /z])Pr(Md ... Pr(Mm)~} pr.

Since Pr(M) ~} Pr(P[Qr /z])Pr(Md ... Pr(Mm ), the proof is done.

o

• Proof of Potential r- Valuability Theorem (Theorem 3.1.9 pag. 38).

The proof of the (only if) part folIows directly from Lemma 3.1.34, while
the proof of the (if) part folIows directly from Lemma 3.1.35. •
The Lemma 3.1.36 implies as an immediate corolIary that, if MEA has
r-head normal form. then M is r-solvable.
 3.1 The Syntax of the Ar-Calculus 47

Lemma 3.1.36. lf M has r-head normal form and FV(M) = {XI, ... ,xn}
then :3s E N, "ir ;:: s, :3k E N such that (AXl ... Xn .M) ~ _ Ok. r
r

Proof. Let Pr (where rEN) be the substitution such that Pr(Y) = or, for
each Y E Var. The proof is done by induction on the minimum number q of
steps necessary to prove that M "" N, for some N in r-head normal form.
If M is an abstraction, the proof follows directly by induction. Let M ==
xMl ... M m , where Mi have Ei-normal forms (1 :::; i :::; m). By Lemma 3.1.35,
-r
:3s i E N such that "ir ;:: Si, MdO r IxI, ... , or IXn] Mi E r (1 :::; i :::; m).
Let r;:: max{m,n,sl, ... ,Sm}j thus for some k E N,
( AXl···Xn·M)or
~-r
or * orM1··· AIm~-r
or or * or-mor or * Ok
~-r'
r r-n r-n
If r - m ;:: r - n then n ;:: m and k = (r - m) - (r - n) = n - mj otherwise
r-m < r-n and or-m ~ -r ~, thus r-n- (r-m) = m-n
r-n r-n-(r-m)
and k = r - (m - n - 1) = r + 1 + n - m.
Let M == (Ax.P)QMl ... M m (m ;:: 1). By definit ion Q -Si R E E and
M "" P[Rlx]Ml ... M m , which has r-head normal form. Q -Si R E E
implies that :3ho E N such that "ir ;:: ho, :3Qr E r, Pr(Q) -r
Qr and
Pr(R) -r Qr, by Lemma 3.1.35. By induction :3h E N such that "ir ;:: h,
(AXl ... Xn.P[Rlx]Ml ... Mm)~ -rOk, for some k E N.
r
Let r;:: max{ho,h}, so for some vE N,
(AXl ... Xn.M)~ -r (Pr(AX'P)Pr(Q)Pr(MI)"'Pr(Mm))~
r r-n

r-n
- r (Pr(P[Qr IX])Pr(MI) ... Pr(Mm )) or .. .or
'"-v--'
-r Ov.
r-n

r
too. D

The following lemma implies as an immediate corollary that, if MEA is

r -solvable, then Mhas r -head normal form.
Lemma 3.1.37. Let MEA, FV(M) ~ {XI, ... ,xn} and P l ,.. ',Pk E rO.
-r
lf (AXl ... xn.M)Pl ... Pk 1 then there is N in r-head-normal form such
that M "" N and (AXl ... xn.N)Pl ... Pk -r
1.
Proof. Let s be a substitution such that S(Xi) = P i E rO.
Let M == AXn+1",xr.~Ml ... Mm (m,r E N, n:::; r) where either ~ == Xj (j:::; r)
or ~ == (AX.P)Q, for some P,Q E A, and let e[.] == (AXl",Xn.[.])Pl ... Pk, SO
48 3. The Call-by-Value A-Calculus

Note that r :::; k + 1, otherwise C[M] -+} >'Xk+l ... Xr.S' =f.r 1. The proof is
given for induction on (C[M])e by taking into account an possible shapes of
the term M .
• M == >,xn+l ... xr.xjMl ... Mm. If m = O then the proof is trivial by putting
N == M, so let m 2 1. There are 2 cases.
1. If r ::; k then

C[M] == (>'xl ... xr.xjMl ... Mm)Pl ... Pk

-+} Pjs(Md ... s(Mm)Pr + 1...Pk -+} 1.

By Remark 3.1.32, let s(Mi ) -+} Mi E r (1 :::; i :::; m); so by Lemma

3.1.34 Mi -+~e Ni E 5 and s(Ni ) == N;[Pl/xl, ... , Pn/xn] -+} Mi.
Let N == >,xn+l ... xr.xjNl ... Nm; SO >,xn+l ... Xr.XjMl ... Mm "" N and

(>'Xl ... xr.XjNl ... Nm)Pl ... Pk -+} Pjs(Nd···s(Nm)Pr+l ... Pk

=r (>'Xl ... xr.XjMl ... Mm)Pl ... Pk
-+} PjMl ... MmPr+l ... Pk
=r (>'xl ... Xn.M)Pl ... Pk -+} 1.

2. If r = k + 1 then the proof is similar to that of the previous case, since

C[M] == (>'Xl ... xr.XjMl ... Mm)Pl ... Pk

-+} >'Xr.Pjs(Md···s(Mm) -+} >'xr.xr·
• M == >'xn+l ... xr.(>.z.P)QMl ... M m (m 2 O, r 2 n); there are 2 cases.
1. If r ::; k then

C[M] == (>'xl ... xr.(>.z.P)QMl ... Mm)Pl ... Pk

-+} s(>.z.P)s(Q)s(Md···s(Mm)Pr+l ... Pk
-+} s(>.z.P) Q s(MI) ... s(Mm)Pr+l ... Pk -+} 1,

where s(Q) -+} Q E r. Hence, by Lemma 3.1.34 Q -+~e R E 5 and

s(R) -+} Q E r.
Moreover

s(P[R/z])s(MI) ... s(Mm)Pr+l ... Pk -+}

s(P[Q/z])s(Ml) ... s(Mm)Pr+l ... Pk -+} 1.
Let U == >'xn+l ... xr.P[R/z]Ml ... M m , thus ClUJ -+} 1. Remember that
Pl ,... , Pk E rO; then
(C[M]) =
= r + (Pl ) + ..... + (Pr) + (s(>.z.P)s(Q)s(Md···s(Mm)Pr+l ... Pk) =
= r + O + ..... + 0+1 + (s(Q)) + (s(P[s(Q)/z])s(Ml) ... s(Mm)Pr+l ... Pk),
'--v-----"
r
 3.1 The Syntax of the .xr-Calculus 49

and by Property 3.1.33.(ii)

(S(P[S(Q)/ZJ)S(Ml) ... s(Mm)Pr+l"'Pk) ~

(s(P[s(R)/ zJ)s(M1) ... s(Mm)Pr+l ... Pk).

Hence (C[U]) < (C[M]) , and by induction, we can state U "" T and
C[U]-} 1, for some T in r-head normal form.
Let N be Ti so C[N] - } 1 and

M == AXnH ... Xr.(>\z.P)QM1 ... Mm "" AXnH ... Xr.P[R/z]M1 ... Mm "" T.

2. The case r = k + 1 is similar to the previous one. o

T Proof of r-Solvability Theorem (Theorem 3.1.14 pag. 39).

Let FV(M) = {x!, ... ,xn }.
(::::}) By Lemma 3.1.36 for some r and h:

(AX1 ... xn.M)~ -} ah (h ~ O).

r

r
(.ţ:;) By Lemma 3.1.37.
•
3.1.3 Proof of r-Separability Theorem

The proof will be given in a constructive way, by showing a separability al-

gorithm. The algorithm is defined as a formal system, proving statements of
the shape
M,N ~r C[.],
where M,N are A-normal forms such that M #A1) N.
Differently from the call-by-name case, the context C[.] generated from the
algorithm is not yet the separating one. More precisely, it is a separating
context if M, N E AO, but for open terms some additional work must be
done.
Let B n == AX1",Xn+l,Xn+1Xl ... Xn, an == AX1",XnH,XnH and Ur ==
AX1",Xn,Xi (i :::; n, n E N).
Fur thermore,l'f seu th 1 t xn - {AZ1 .. 'Zn· XiZl·· 'Zn if X ~ S,
_ var en e x,S = X otherwise.

The notions of args, nfA and ':::'c are defined respectively in Definitions
2.1.12. 2.1.14 and 2.1.10.
50 3. The Call-by-Value A-Calculus

Remark 3.1.38. It is easy to check that every A-normal form M is a poten-

tially r-valuable term; so every subterm of a r-nf, being in turn a r-nf, is
potentially r-valuable.

A first problem in the development of a separability theorem for the r-

calculus is the transformation of potentially valuable terms (subterms) in
valuable ones. As proved in the next Lemma, the solution is to substitute to
free variables some values with a suitable number of initial abstractions.

Lemma 3.1.39. Let M E A-NF, FV(M) = {Xl, ... ,Xn} and r 2: args(M).
IfVj::; n, Qj = AXI ... Xr.Qj and Qj E r then

M[Qijxl, ... , Q~/Xn]-+} M E r.

Proof. By induction on M. D

Lemma 3.1.40 proves an important result on which the inductive rule (r7)
of the algorithm is based. The relation 'te was defined in Definition 2.1.10.

Lemma 3.1.40. Let M, N be A-NF, r 2: max{args(M), args(N)}, y, z E Var

and Ck[.] = (AXI ... Xk,[,])X;l,{y,Z}",X;k,{Y,Z}' for some k E N.
(i) 3M E A-NF such that q;[M]-+Â M and r 2: args(M).
(ii) lf M 'te N then nfA(Ck[M]) 'te nfA(Ck[N]).
Proof. (i) By induction on M.
If M = AU.P or M = uM1 ... M m (where u rJ. {Xl, ... , xd and m ::; r) then
the prooffollows by induction. Let M =
xjMI ... M m (1::; j ::; k, m ::; r);
so by induction Vi::; m there is Mi E A-NF such that Ck[Mi]-+Â Mi and
r 2: args(Mi ). If Xj E {y, z} the proof is immediate, since X;j,{Y,z} Xj' =
Let Xj ~ {y, z}; dearly

Ck[M] = (AXI ... Xk.XjMI ... Mm)X;l,{Y,Z}·"X;k,{Y,z} -+Â

(AUI .. ,Ur,XjUI·· .ur)MI ... Mm -+Â AUm+I .. ,Ur.XjMI ... Mmum+I.' .ur;
so
r 2: max{r, args(MI ), ... , args(Mm ), O, ..... , O} = r.
'---v---'
r-m
Note that nfA(Ck[M]) is well defined.
(ii) Let M = AUI ... up.uMI ... M m and N =
AVI ... vq.vNI ... N n ; we reason
=
by induction on c. Let c E, Ip - ml-=l-Iq - ni and v u. =
Vi Mi = nfA(Ck[Mi ]) and Ni = nfA(Ck[Ni ]). Let U = v = Xj, for some
j ::; k and u, v ~ {y, z}; otherwise the proof is simpler. Thus

nfA(Ck[M]) = AUI ...UpWm+I" ,Wr.XjMI ... Mmwm+I ...Wr ,

nfA(Ck[N]) = AVI" ,VqWn+I" 'Wr.xjNI ... Nnwn+I ...wr·
 3.1 The Syntax of the ).r-Calculus 51

1(P + (r - m)) - (m + (r - m))1 "l1(q + (r - n)) - (n + (r - n))l, since

Ip - mi "llq - ni·
If u v the proof is similar.
-:ţ

If c == i, c' (where i 2: 1) then the proof follows by induction. O

The call-by-value separability algorithm is presented in fig. 3.1 (pag. 52).

For sake of simplicity, in the algorithm description we assume that different
bound variables have different names. The algorithm follows essentially the
same pattern as the call-by-name separability algorithm, but the context in
the conclusion replaces variables by terms having enough initial abstractions
to assure that subterms become r-valuable, by using the result of Lemma
3.1.39. Note that, in rules (r3)-(r6), every occurrence of the term B T in the
context could be safely replaced by I, thereby following an approach similar
to the call-by-name case. In fact such terms are erased when the context,
filled by one of the two input terms, is r-reduced. Using BT allows for an
easier correctness proof.

Example 3.1.41. Let us consider the same terms as in Example 2.1.16, i.e.
let M == AXYU.X(u(x(yy))(vv)) and N == AXYU.X(u(yy)(vv)).
Clearly args(M) = args(N) = 2, so let r = 2. The derivat ion proving the
statement M,N ~r C[.] is the following:

C 5 [.] ==
C2 [.] ==
C6['] ==

We can check that (C[M])[02jv]-tr X; in fact,

52 3. The Call-by-Value A-Calculus

Let M,N E A-NF, M Ţ.c N, r ~ max{args(M),args(N)} and fi,f} be fresh

variables such that fi =/= f}.

The rules of the system proving statements M, N ~r C[.), are the following:

p::; q C k[·) == (AXI ... Xk,[,))X;!,{x,y}",X;k>{x,y} (kE{P,q})

XnfA(C;[MI)) ... nt1 (C;[Mm))X;p+l,{X,y} ... X;q,{X,y},} ~ C[.)
ynfA(C;[NI)) ... nfA(C;[Nn )) r
----------------------------------------~----------(rl)
AXI ... Xp.XMI.' .Mm,AXI . .. xq.yNI ... N n ~r C[[,)X;lo{X,y} ... X;q,{x,y})

p>q C k[·) == (AXI ... Xk,[,))X;!,{x,y}",X;k'{X,y} (kE{P,q})

xnfA(C; [MI)) ... nfA (C; [Mm)), }
ynfA(C;[NI)) ... nt1 (C;[Nn))X;q+l ,{x,y}· .. X;p,{x,y} ~r C[.)
--------------------------~~~--~~~~----------(r2)
AXI ... Xp.XMI ... Mm, AXI ... Xq.yNI ... N n ~r C[[,)X;!,{x,y} ... X;p,{x,y})

n<m
----------------------------------------------------(r3)
XMI ... Mm,xNI ... N ~r (AX.[.))Or+n Br ..... BT(AXI ... xm-n.fi)y ..... f)
n
'"-v--' '-v-'
r+n-m m-n

m<n
----------------------------------------------------(r4)
XMI ... Mm,xNI ... Nn ~r (AX. [.))Or+m ~;.l[)AxI ... Xn-m.f})~
r+m-n n-m

X=/=y
-------------------------------------------------------(r5)
xMI ... Mm,yNI" .Nn ~r (AXy.[.))(AXI ... Xr+m.fi)(AXI ... Xr+n.f})~
T

Mk #A'l Nk X fţ FV(Mk) U FV(Nk) Mk, Nk ~r C[.)

(r6)
XMl ... Mm,xNI" .Nm ~r C[(AX,[,))Uk J3T ..:.. B TJ
T-m
M k #A'l Nk X E FV(Mk) U FV(Nk)
C~[.) == (AX.[.))W nfA(C~[Mk)), nfA(C~[Nk)) ~ r
~~--~~~------~~~~--~~~----~(r7)
C[.)
XMI ... Mm,xNI" .Nm ~r c[C;[.)~UkJ
T-m

Fig. 3.1. Call-by-value separability algorithm

 3.1 The Syntax of the Ar-Calculus 53

(AX3Y' ((AU.(AX.M[02 jV]XY(AU1U2,UU1U2))B2 B 2Ui)Ui (AV1 V2.X2V1 V2)X3) )X4Y5B2 B2 --4r

(Ax3y.((AU.M[02 jv]B2Y(AU11L2,UU1U2)B2Ui)Ud (AV1 V2.X2V1 V2)X3) ) X 4Y5B 2B 2 -->r
(AX3y.(M[02 jv]B2Y(AU1 u2.uiu1U2)B2Ud(AV1 V2.X2V1 V2)X3) )X4Y5B 2B 2 --4r
(AXYU.X(U(X(YY))(VV))) [0 2jv]B2Y5(AU1 u2.Udu1 u2)B 2Ui (AV1 V2.X2V1V2)X4B2 B 2 --4r
(AXYU.X( U(X(yy)) (0 20 2) ))B2Y5(AU1 U2.U1)B2Ui (AV1 V2.X2V1 V2)X4B 2B 2 --> r
B 2((AU1 U2.U1)(B2(Y5Y5))(0202)) B2Ui(AV1 V2.X2V1 V2)X4B 2B 2 --4r
B 2 ((AU1 U2.U1)(B2(AX2X3X4X5.Y))01 )B2Ui(AV1 V2.X2V1 V2)X4B 2B 2 --4r
B 2(( AU1 U2. U1)( AX2X3 ,X3 (AX2X3X4X5 ,Y)X2 )0 1) B 2Ui( AV1 V2.X2V1 V2 )X4B 2B 2 --4 r
B 2(AX2X3 ,X3 (AX2X3X4X5,Y)X2) B 2ui (AV1 V2 .X2V1 V2 )X4B 2B2 --4 r
ui (AX2X3,X3(AX2X3X4X5,Y)X2)B2(AV1 V2.X2V1V2)X4B2 B 2 -->r
(AX2X3 .X3 (AX2X3X4X5 ,Y)X2) (AV1 V2 .X2V1 V2)X4B2 B2 --4 r
X4(AX2X3X4X5.Y)(AV1 V2.X2V1V2)B2 B 2 -->r
X.

While (C[N])[02jV]----+j-, y; in fact,

(AX3y.((AU.(AX.N[02 jV]XY(AU1 U2.UU1 u2))B 2B2Ui)Ud(AV1 V2.X2V1 V2)X3) )X4Y5B 2B 2 --4r

(AX3Y' ((Au.N[02 jv]B2Y(AU1 U2,UU1U2)B2UJ)Ui(AV1 V2.X2V1 V2)X3) )X4Y5B2 B 2 --4r
(Ax3y.N[02 jv]B2Y(AU1 u2.udu1U2)B2Ui(Av1 V2.X2V1 V2)X3)X4Y5B2 B 2 -->r
(AXYU.X( u(yy)( 0 20 2) ))B2Y5(AU1 u2.udu1 u2)B 2Ud (AV1 V2.X2V1 V2)X4B 2B 2 --4r
B 2((AU1 u2.udu1 U2)(Y5Y5)(0202) )B2Ud(AV1 V2.X2V1 V2)X4B 2B 2 --4r
B 2((AU1 U2,U1)(AX2X3X4X5.Y)01 )B2Ud(AV1 V2.X2V1 V2)X4B 2B 2 --4r
B 2(AX2X3X4X5 .Y)B 2Ud (AV1 V2 .X2V1 V2 )X4B 2B 2 --4 r
ud (AX2X3X4X5 .y)B2(AV1 V2 .X2V1 V2 )X4B 2B2 --> r
(AX2X3X4X5.Y)(AV1 V2 .X2V1 V2 )X4B 2B 2 --4 y. r
Lemma 3.1.42 (Termination).
If M,N E A-NF and M Ţ.c N then M,N ~r e[.].
Proof. By induction on c. Similar to the terminat ion proof (Lemma 2.1.17)
of the Băhm Theorem, by using Lemma 3.1.40. O

The next Lemma is necessary for proving the correctness.

Lemma 3.1.43. Let ZPl ... Pm, TE A-NF, args(zPI ... Pm) ::::: r, args(T) ::::: r.
Let D[.] == ('\ul ... ud.])RI ... R h be a context (k ::::: h) such that both Rj ==
'\xI ... xr.Jlj (1::::: j ::::: h) and nfA(D[T]) == ZPI ... Pm.
Let b denote a substitution such that, if y E FV (D [T]) then there is QY E A
and b(y) = '\XI",X r .QY. In particular, b( z) = '\XI .. 'X r .Qz .
If Xl, ... , Xr si FV( QZ) then b(D[T]) ----+j-, '\xr_m-"Xr.Qz.
Proof. The proof is given by induction on h.
h = O. Clearly D[.] == [.], so T must be ZPI ... Pm.
b(Pj) ----+j-, Pj E r (1 ::::: j ::::: m), by Lemma 3.1.39; so, b(ZPI ... Pm) ----+j-,
('\xI ... xr.QZ)b(Pd ... b(Pm ) ----+j-, ('\XI ... Xr.QZ)PI ... Pm ----+j-, '\xr_m ... xr.Qz.
54 3. The Call-by-Value A-Calculus

h? 1. If k = O then TR1 ... Rh == ZP1 ... Pm, so the proof is similar to the
previous case.
Let k ? 1, let D'[.] be [.]Rk+1 ... Rh and b' denote a substitution such
that b'(uj) = Rj (1 :S j :S k), while b'(y) = b(y) for alI other variables.
Hence, b'(D'[T]) -t} >..xr_m ... xr.Qz by case k = O; the proof folIows,
since b(D[zPl ... Pm]) -t} b'(D'[T]).
o
In the next lemma, X, fi are the pair of fresh variables considered by the
algorithm.

Lemma 3.1.44 (Correctness).

Let M, N be different A-normals Jorm such that r ? max{ args(M), args(N)}.
IJM,N =?tr C[.] and FV(C[M]) UFV(C[N]) = {ul, ... ,un}-{x,fI} then
(>"Ul ... un.c[M])~ -t} X and (>"Ul ... un.c[N])~ -t} fi.
n n

Proof Let e denote a substitution such that e(x) = x, e(fI) = fi, while
Vz E Var - {x, fi}, e(z) = ar.
We will prove that e(C[M]) -t} X and e(C[N]) -t} fi;
moreover, let T E A-NF, let args(T) :S r, let D[.] == (>"Ul",Uk.[.])Rl ... Rh be a
context (k :S h) such that either Rj = B r or Rj = U[ or Rj = X~ s (where
1 :S j :S h, t :S r, U E Var and S ~ Var) and let x, fi (j. FV(D[T]) , s~:
• if nfA(D[T]) == M then e(C[D[T]]) -t} x,
• if nfA(D[TJ) == N then e(C[D[T]]) -t} fi.
The proofis given by induction on the derivat ion proving M,N =?tr C[.].
(FI) Let C;[.] == (>..Xl"'Xp.[.])X;t,{x,y} ... X;p,{x,y} and

xnfA(Cpr[Ml]) ... nfA(Cpr[Mm])X; {x y} ... X; {x y' },}

p+l" q" =?t C[.]·
ynfA(C~[Nl]) ... nfA(C~[Nn]) r ,

so the two inductive hypothesis folIow .

• e(C[xnfA(C;[M1J) ... nfA(C;[MmJ)X;p+t,{x,y} ... X;q,{x,y}]) -t} X •
• Moreover, if T E A-NF, args(T) :S r, D[.] == (>"Ul",Uk.[.J)R1 ... Rh is a
context (k :S h), where Rj E {Br, U[, X~,s I t E N'Au E VarAS ~ Var}
(1 :S j :S h),

nfA(D[T]) == xnfA(C;[M1J) ... nfA(C;[MmJ)X;P+l,{X,y}··.X;q,{x,y}

and x, fi (j. FV(D[T]) then e(C[D[T]]) -t} X.
Let T == xM1... M m and D[.] == C;[.]; so, args(T) :S r, x,fI (j. FV(D[TJ)
and nfA(C;[T]) == xnfA(C;[M1J) ... nfA(C;[Mm])X;p+dx,y} ... X;q,{x,y} im-
ply, by induction, e(C[D[xM1...M m]]) -t} x, so
 3.1 The Syntax of the >.r-Calculus 55

e(C[(>.Xl" .xp.xMl ... Mm)X~l'{X,y} ... X~q,{X,y}]) ~} X.

We must yet prove that, if T* E A-NF, D*[.] == (>'ui- .. u;:'*.[.])Ri- .. Ri;,* is
a context (k* ::; h*) such that either Rj = B r or Rj = U[ or Rj = X~,s
(where 1 :::; j :::; h*, tEN, u E Var and S ~ Var), args(T*) ::; r,
x, fi rţ FV(D*[T*]) and nfA(D*[T*]) == >'Xl •. . xp.xMl ... M m then
e(C* [D* [T*]]) ~} X, where C*[.] == C[[.]X~l,{X,y} ... X~q,{x,y}].
r { x,y } ... X Xr , {x ,y }; thus, both
Let T == T* and D[.] == D*[.]XXl, q

nfA (D* [T*]X~l'{X,y} ... X~q,{x,y})

== XnfA(C;[Ml]) ... nfA(C;[Mm])X~p+l,{X,y}···X~q,{x,y},
args(T) ::; r and X, fi rţ FV(D[T*]). By induction,

e(C[D[T*ll) == e(C*[D*[T*ll) ~} x.
The proof for the term on the right is similar.
(r2) Similar to (rl).
(r3) Let n < m and let xMl ... Mm,xNl ... N n ~r C[.] where

We will prove that, ifT E A-NF, args(T) ::; r, D[.] == (>.Ul ... Uk.[.])Rl ... R h
is a context (h, k E N), where

Rj E {B r , U[, X~,s I tEN A u E Var A S ~ Var} (1 ::; j ::; h),

x, fi rţ FV(D[T]) and nfA(D[T]) == xMl ... M m then e(C[D[T]]) ~} X.

Let b(x) = or+n and b(y) = e(y) for aH other variables; therefore, by
Lemma 3.1.43, b(D[T])) ~} or+n-m. Hence

e ((>.x.D[T])or+n lE..;.:~;.:!!:}>'Xl' . .xm-n.x) t:.:;J) ~}

r+n-m m-n
Or+n-mB r ..... Br(\AXl·· .xm-n·x-) y- ..... y- ~r
*-x.
'-v---' '-v-'
r+n-m m-n

On the other hand, we will prove that, if TE A-NF, args(T) ::; r, D[.] ==
(>'Ul",Uk.[.])Rl ... Rh is a context (h, k E N), where

Rj E {B r , U[, X~,s I tEN A U E Var A S ~ Var} (1 ::; j ::; h),

x,fI rţ FV(D[T]) and nfA(D[T]) == xNl ... N n then e(C[D[T]])~} fi.

Let b(x) = or+n and b(y) = e(y) for aH other variables; therefore, by
Lemma 3.1.43, b(D[T])} ~} or. Hence
56 3. The Call-by-Value >'-Calculus

e( (Ax.D[T])or+n !!~.;;!!:)AXl ...xm~n.x) ~) -'r

r+n~m

-'r y.
m~n

or Br ..... B r (AXl ... Xm~n.x) y ..... y

" V .1

r+l

(r4) Symmetric to (r3).

(r5) Let xMl ... Mm,yNl ... N n ~r C[.] where
C[.] == (AXy·[·])(AXl ... xr+m.X)(AXl ... Xr+n.Y)~.
r

We will prove that, if TE A-NF, args(T) :::; r, D[.] == (AUl ... ud.])Rl ... Rh
is a context (h, k E N), where

Rj E {B r , U;, X~,s I tEN /\ u E Var /\ S ~ Var} (l:::;j:::;h),

x, Y tţ FV(D[T]) and nfA(D[T]) == xMl ... M m then e(C[D[T]]) X. -'r
Let b(x) = AXl ... xr+m.x, b(y) = AXl ... xr+n.y and b(z) = e(z) for each
other variable z; thus, by Lemma 3.1.43, b(D[T]) -'r
AXl ... xr.x. Hence
e((AXy.xMl ... Mm)(AXl ... xr+m.X)(AXl ... Xr+n.Y)~) -'r X.
r

On the other hand, we will prove that, if T E A-NF, args(T) :::; r, and
D[.] == (AUl ... ud.])Rl ... Rh is a context (h, k E N) where
Rj E {B r , U;, X~,s It E N /\ u E Var /\ S ~ Var} (l:::;j:::;h),
x, Y tţ FV(D[T]) and nfA(D[T]) == yNl ... N n then e(C[D[T]]) y. -'r
Let b(x) = AXl ... xr+m.x, b(y) = AXl ... xr+n.y and b(z) = e(z) for each
other variable z; thus, by Lemma 3.1.43, b(D[T])) -'r
AXl ... xr.y. Hence
e((AXy.yNl ... Nn)(AXl ... xr+m.X)(AXl ... Xr+n.Y)~) -'r y.
r
(r6) Let Mk #A'7 N k , X tţ FV(Mk ) U FV(Nk) and Mk, Nk ~r C[.].
The two inductive hypothesis follow.
• e(C[Mkl) -'r
X.
• If T E A-NF, args(T) :::; r, D[.] == (AUl ... ud.])R1 ... Rh is a context
(k:::; h), where
Rj E {Br,U;,X~,s It E N /\u E Var/\ S ~ Var} (l:::;j:::;h),
nfA(D[T]) == M k and X, Y tţ FV(D[T]) then e(C[D[T]]) -'r X.
Let T == xM1... M m and D[.] == (AX. [.])Uk ~; thus, args(T) :::; r,
r~m

x, Y tţ FV(D[T]) and nfA(D[T]) == M k impIy, by induction,

e(C[D[Tll) == e(C[(Ax.xM1... Mm)uk!Y ..:,.. B~]) -'r X.

r~m
 3.1 The Syntax of the .x.r-Calculus 57

We must yet prove that, ifT* E A-NF, D*[.] == (.x.ui",uk*.[.])Ri ... Rh* is
a context (k* ::; h*) such that either R; = B r or R; = U[ or R; = X~,s
(where 1 ::; j ::; h*, t E fii, u E Var and S <:;;; Var), args(T*) ::; r,
x,i) ti- FV(D*[T*]) and nfA(D*[T*]) == xM1·· .Mm, then
e(C*[D*[T*]]) --7r x, where C*[.] == C[(.-\x.[.])Ur !Y ..~.. B].
r-m
Let D[.] == (.-\xui ... u,,* .[.])UrRi[uklx] ... Rh* [Uklx] ~ and T == T*;
r-m
therefore R;[Uklx] E {Br,U[,X~,s I t E fii 1\ u E Var 1\ S <:;;; Var}
(1 ::; j ::; h*), nfA(D[T]) == M k (since x ti- FV(Mk)), args(T) ::; r and
X, i) ti- FV(D[T]). 80, by induction,

e(C[(.-\x.D*[T*])Ur ,W ...;... B:]) =r e(C[D[T]]) --7r x.

r-m
The proof for the term on the right is similar.
(r7) Let M k =I-Ar] N k and x E FV(Mk) U FV(Nk); furthermore, let C~[.] ==
(.-\x.[.])B r and nfA(C~[Mk]), nfA(C~[Nk]) =1'r C[.].
The two inductive hypothesis follow .
• e(C[nfA(C~[Mk])]) --7r
x.
• moreover, if T E A-NF, args(T) ::; r, and D[.] == (.-\Ul ... Uk.[.])R1 ... Rh
is a context (k ::; h), where

Rj E {B r , U[, X~,s I t E fii 1\ U E Var 1\ S <:;;; Var} (1 ::; j ::; h),

nfA(D[T]) == nfA(C~[Mk]) and X, i) ti- FV(D[T]), then e(C[D[T]]) --7r x.

Let T == xM1... M m and D[.] == (.-\x.[.])Br ~Ur; so, args(T) ::; r,
T-1n

x, i) ti- FV(D[T]) and nfA(D[T]) == nfA(C~[Mk]) imply, by induction,

e(C[D[Tll) == e(C[(.-\x.xM 1 ... Mm)B r ~Ukl) --7r x.

r-m
We must yet prove that, if T* E A-NF, D*[.] == (.-\ui",uk*.[.])Ri ... Rh* is
a context (k* ::; h*) such that either R; = Br or R; = U[ or R; = X~,s
(where 1 ::; j ::; h*, t E fii, u E Var and S <:;;; Var), args(T*) ::; r,
X, i) ti- FV(D*[T*]) and nfA(D*[T*]) == xM1 .· .Mm, then
e(C*[D*[T*]]) --7rx, where C*[.] == C[(.-\x.[.])B r Br ..... B r Un
--------
r-m

r-m
T == T*. Thus R;[B r Ix] E {Br, U[,X~,s It E fii 1\ u E Var 1\ S <:;;; Var}
where 1 ::; j ::; h*, nfA(D[T]) == nfA(C~[Mk]), args(T) ::; r and x,i) ti-
FV(D[T]). By induction,
58 3. The Call-by-Value A-Calculus

e(C[('xx.D*[T*])B r ~Ukl) =r e(C[D[Tll) ~} x.

r-m

The proof for the term on the right is similar.

o

T Proof of r-Separability Theorem (Theorem 3.1.16 pag. 40).

The prooffollows directly from Lemmas 3.1.42 and 3.1.44.
•
3.2 Potentially r-Valuable Terms and A-Reduction
In this section the reIat ion between the call-by-value 'xr-calculus and the
call-by-name 'xA-calculus is explored. In particular, we show that the po-
tentially r-valuable terms, which were characterized through the notion of
SR-reduction, introduced on purpose, coincide with the strongly normaliz-
ing terms with respect to the AR-reduction. The notion of AR-reduction is a
particular case of Definition 3.1.3. In order to prove the result, the notion of
weight of a term, introduced in Definition 3.1.29, will be used.
Lemma 3.2.1. lf (M) is dejined then M has SR-normal form.
Proof. By induction on (M).
(M) = O. Trivial, since M is an abstraction.
(M) 2 1. If M == xMI ... M m (m E N) the proof follows by induction. Let
M == (Ax.P)QMI ... M m (m E N). By induction P[Q/x]MI ... M m and Q
have SR-normal forms, so let Q ~:kl R E S; by Property 3.1.33.(ii)

so the proof follows by induction.

o
Corollary 3.2.2. M has SR-normal form if and only if (M) is dejined.
Proof. By the previous lemma and Lemma 3.1.31.(iii). o
The next lemma proves that the notion of weight also works well for the
AR-reduction.
Lemma 3.2.3. Let MEA and (M) be dejined.
lf M ~ Al N then (N) is dejined and (N) < (M).
Proof. The proof is given by induction on k = (M).
The case where k = O is not possible, since M is an abstraction and it cannot
be AR-reduced; so let k 2 1.
If M == xMI ... M m then the proof follows by induction.
Let M == ('xx.Mo)MI ... M m , h' = (MI) and h" = (Mo[Ml/x]M2 ... M m ),
thus k = 1 + h' + h". There are only three cases, by the laziness of ~ Al.
 3.2 Potentially r-Valuable Terms and A-Reduction 59

(i) If N == M o[MI/xJM2 .• •M m then the prooffollows from the definit ion of

weight.
(ii) Let N == (>..x.Mo)MI N 2 •.• N m where there is a unique j 2 2 such that
M j --->Al N j , while Vi -1=- j Mi == Ni (O:::; i :::; m and i -1=- 1).
M o[MI/xJM2 •• •M m --->Al M o[MI/xJN2 •. •N m and h" < k imply, by in-
duction, (No[MI/xJN2 •• •N m ) < h".
Thus (N) = 1 + (MI) + (No[MI/xJN2 •• •N m ) < k.
(iii) Let N == (>..x.Mo)NI M 2 ••• M m , where MI --->Al NI. By Property 3.1.33.(ii)
we can state (Mo[NI/xJM2 •. •M m ) :::; h", since M o[MI/xJM2 •. •M m --->:1
M o[NI/xJM2 •• •M m . Again, by induction (MI) < (NI); so the proof fol-
lows by the definit ion of weight.
o
Theorem 3.2.4.
M has SC-normal form if and only if M is AC-strongly normalizing.

Proof. ({:::) Trivial, since M --->51. N implies M ---> Al N.

(::::}) By Corollary 3.2.2, (M) is defined. Let N be such that M ---> Al N;
thus by Lemma 3.2.3, both (N) is defined and (N) < (M). This implies that
there is not an infinite sequence of AC-reductions starting from M, and so M
is AC-strongly normalizing, by Definition 3.1.3.(iv). O

Corollary 3.2.5 shows the desired result.

Corollary 3.2.5. Let M E AO.

M is r -valuable if and only if M is AC-strongly normalizing.

Proof. From Theorems 3.1.9 and 3.2.4. o

4. Further Reading

A-separability. The separability property of A-normal forms was extended

to finite sets of different A1J-normal forms in [18], and the separability of
infinite sets of A-normal forms was studied in [84]. An algebraic analysis of
the technique used by B6hm for proving his theorem was developed in [76].
More refined notions of separability were studied in [20] and [22].
Call-by-value A-calculus. Extensions of the Ar-calculus for studying im-
perative and control features in the call-by-value setting were introduced
respectively in [45] and [46]. Moggi [70], starting from the Ar-calculus, de-
veloped a further paradigmatic language for reasoning about the call-by-value
computation, called the partial A-calculus.
Call-by-value versus call-by-name. Some interesting observations on
the relationship between call-by-value and call-by-name computation can be
found in [33], in a typed setting, where it was shown that call-by-value is the
De Morgan dual of call-by-name. This idea was further developed in [96].
 Part II

Operational Semantics
5. Parametric Operational Semantics

In this part we will study the evaluat ion of terms and the induced operational
semantics. Our notion of operational semantics is inspired by the structured
operational semantics (SOS) developed by Plotkin [80] and by Kahn [55].
In Sect. 1.2, we introduced in an informal way the notion of evaluat ion,
by saying that a possible way of evaluat ing a term is to apply the reduction
rule to it until a normal from is reached. Clearly, such evaluat ion can never
stop, for example, in the case when D E ..1 and the ..1-reduction is applied to
the term DD, which do not have ..1-normal form.
But the normal forms are not the only terms we can reasonably consider
as output results. For example, we defined the notion of head normal form,
both in the AA and in the Ar setting. It is natural to ask if such terms can
be considered as output values, and so if it is possible to check, through an
evaluation, whether or not a term possesses head normal form.
Hence, in order to study the evaluation of terms, we need to introduce
behind the notion of input values, that of out put values. The definition of a
set of output results is parametric with respect to the set of input values.

Definition 5.0.1. Let..1 be a set of input values.

A set of output values with respect to L\ is any set e ~ A such that:
(i)e contains all the ..1-normal forms,
(ii) if M =Ll N and NE e then there is P E e such that M --t1 P
(principality condition).
The first condition of the previous definit ion takes into account the fact
that the set of normal forms is in some sense the most "natural" set of output
values, corresponding to the complete evaluation of terms. Remember that
Corollary 1.2.13 assures us that, to reach the normal form of a term, if it
exists, it is sufficient to perform at every step the principal redex. So the
second condition simply says that we are interested in those evaluations that
are an initial step of the complete one. As we show in the following, each
evaluat ion of interest is of this kind.

Lemma 5.0.2. Let e ~ A be such that ..1-NF~ e.

lf e is closed under --tLl and the set {M EAl M rţ e} is closed under --t~,
then e is a set of output values with respect to ..1.
66 5. Parametric Operational Semantics

Proof. We must prove that e satisfies the principality condition.

If M =.4 N E e then there is a term M' E A such that M -+:1 M' and N -+:1
M' by the confl.uence theorem; so M' E e by the fact that out put values
are closed under -+.4. By the standardization theorem, there is a standard
reduction sequence M -+7 M" -+1 M'; hence M' E e implies M" E e, by
the fact that {M EAl M rţ e} is closed under -+~. O

The next property shows some examples of sets of output values.

Property 5.0.3. 1. A, A-NF, A-HNF and A-LHNF are sets of output values
with respect to A.
2. A and r-NF are sets of output values with respect to r.
3. The set of r-lazy blocked normal forms (r-lbnf's), namely r-LBNF =
{Ax.M I M E A}U{xM1 ... M m IMi EA, m E N}U{(AX.P)QM1 ... M m I
P, Mi EA, Q rţ r , Q E r-LBNF , m E N}, is a set of output values
with respect to r.
4. ris not a set of output values with respect to either A nor r.
5. E is a set of output values with respect to A, but not with respect to r.
6. rf-NF is not a set of out put values with respect to either A nor r.

Proof. 1. The case for A is trivial. In case e E {A-NF, A-HNF, A-LHNF},

the proof follows by Lemma 5.0.2. In fact,
• A-NF ~ A-HNF ~ A-LHNF,
• if P E e and P -+ A Q then Q Ee,
• if P -+~ Q and P rţ e then Q rţ e.
2. The case for A is trivial.
r-NF is a set of out put values with respect to r by Corollary 1.2.13.
3. The proof follows by Lemma 5.0.2. In fact,
• r-NF ~ r-LBNF,
• if PE r-LBNF and P -+r Q then Q E r-LBNF,
• if P -+} Q and P rţ r-LBNF then Q rţ r-LBNF.
4. In fact, xl E A-NF and xl E r-NF, but xl rţ r.
5. It is easy to see that E == Af-NF (see Definition 3.1.3 and Property
3.1.6), thus A-NF ~ E; so E is a set of output values with respect to A,
by Lemma 5.0.2. But it is not a set of output values with respect to r;
in fact, I(xI) E r-NF, but I(xI) rţ E.
6. Let Ll E {A, r}; thus (Ax.DD)(xI)(II) =.4l (Ax.DD)(xI)I E rf-NF;
nevertheless, there is no P E Llf-NF such that (Ax.DD)(xI)(II) -+1 P,
against the principality condition. O

e always denotes a generic set of out put values.

In what follows,

Definition 5.0.4. Let e be a set of output values with respect to Ll.

(i) An evaluation relation O on the ALl-calculus with respect to e is any
subset of Ax e, such that (M, N) E O implies M -+:1 N.
 5. Parametric Operational Semantics 67

(ii) t'(L1,8) denotes the class of aU evaluation relations O on the )..L1-calculus

with respect to 8.

Evaluation relations are denoted by bold capitalletters.

Example 5. O. 5. It is easy to see that the following evaluation relations are

well defined.
1. Let N nd E t'(A, A-NF) be {(M, N) E A x A-NF I M ----Ă N}.
2. Let N E t'(A,A-NF) be {(M,N) E A x A-NF I M N}. ----'1
3. Let Hnd E t'(A, A-HNF) be {(M, N) E A x A-HNF I M ----Ă N}.
4. Let H E t'(A, A-HNF) be {(M, N) E A x A-HNF I M ----~ M 1 ----~ ...
... ----~ M r ----~ N, and Mi ţf. A-HNF(l :::; i :::; r)}.
5. Let Lnd E t'(A, A-LHNF) be {(M, N) E A x A-LHNF I M ----Ă N}.
6. Let L E t'(A,A-LHNF) be {(M,N) E A x A-LHNF I M ----~ M 1 ----~ ...
... ----~ M r ----~ N, and Mi ţf. A-LHNF(l :::; i :::; r)}.
7. Let Gnd E t'(r,r-NF) be {(M,N) E A x r-NF I M ----} N}.
8. Let G E t'(r,r-NF) be {(M,N) E A x r-NF I M ----7 N}.
9. Let V nd E t'(r, r-LBNF) be {(M, N) E A x r-LBNF I M ----} N}.
10. Let V E t'(r, r-LBNF) be {(M, N) E A x r-LBNF I M ----If, M 1 ----If, ...
... ----If, M r ----~ N, and Mi ţf. r-LBNF(l :::; i :::; r)}.
An evaluat ion relation can be presented by using a formal system.
A Iogicai ruIe, or briefly rule, has the following shape:

~l .•.•. ~m
name
Q:
where the premises ~i (1 :::; i :::; m) and the conclusion Q: are logical
judgments (written using metavariables); while name is the name of
the rule.
The intended meaning of a rule is that, for every instance s of
the metavariables in the rule, s(Q:) is implied by the logical AND of
S(~i) (1:::; i:::; m).

For sake of simplicity, we will use the syntax of terms for denoting the
metaterms in the logical rules.

A derivation is a finite tree of logical rules, such that each leaf is

an axiom, each intermediate node has as premises the consequences
of its son nodes and its consequence is one of the premises of its
father node. The conclusion of the root node is the proved judgment.
The size of a derivation is the number of nodes in it.

A formal system defining an evaluat ion reIat ion O E t'(L1, 8) is a set oflogical
rules for establishing judgments of the shape M ..1).0 N, whose meaning is
(M, N) E O. We will denote with M ..1).0 the fact that the judgment M ..1).0 N
68 5. Parametric Operational Semantics

can be proved in the system for some N, Le. (M, N) E O. We will denote
with M 1\'0 the fact that there is no N E 8 such that M -U-o N.
The evaluation reiat ion O E [(..1,8) is deterministic if, in case M -U-o,
there is a unique term N such that M -U-o N (Le. the evaluation reiat ion is
a partial function). All the evaluat ion relations we show in this part of the
book are deterministic.

Example 5. O. 6. The evaluation relations N nd and N, defined in Example

5.0.5, coincide and are both deterministic by Corollaries 1.2.6 and 1.2.13.
The same is true for the evaluation relations Gnd and G.
The evaluation relations H, L and V are deterministic, while Hnd, Lnd and
V nd are not deterministic. For example, both (>..x.x(II) , Ax.x(II)) E Hnd
and (Ax.x(II) , AX.XI) E H nd ; the same two pairs of terms are in Lnd and
V nd .
A formal system establishing judgments of the shape M -U-o N can be
viewed as a logical representation of a reduction machine. In particular the
evaluat ion process of the machine is simulated by a derivation in the logic al
system. In the terminology of reduction machines, M -U-o N means that "on
input M, the reduction machine O stops and gives as out put N"; M -U-o
means that "on input M, the reduction machine O stops"; while M 1\'0
meanS "on input M, the reduction machine never stops".
In the rest of the book, we will use the metavariable O to denote an
evaluation reiat ion actually defined by a formal system.
Definition 5.0.7. An evaluation relation O E [(..1,8) induces naturally an
operational semantics, i.e. a preorder relation on terms denoted by ~o. The
operational preorder induced by O is defined as:

M~oN
if and only if
\fC[.] such that C[M], C[N] E AO (C[M] -U-o implies C[N] -U-o ).
-<o denotes the strict version of ~o, while ~o is the equivalence relation
on terms induced by ~o.
lf M ~o N then M and N are O-operationally equivalent.

This operational equivalence amounts to the Leibniz Equality Principle

for programs, Le. a criterion for establishing equivalence On the basis of the
behaviour of programs regarded as black boxes. It is natural to model a
program by a closed term. 80 a context can be viewed as a partially specified
program, where every occurrence of the hole denotes a place that must be
filled by a subprogram, while a generic term can be viewed as a subprogram.
80 two terms are equivalent if they can be replaced by each other in the
same program without changing its behaviour (with respect to an evaluation
reiat ion O).
 5. Parametric Operational Semantic8 69

Since we are considering "pure" calculi, i.e. calculi without constants, the
only behaviour we can observe on terms is the termination, and this justifies
the previous definit ion of operational semantics.
In the presence of constants, a subset of them (the "basic con-
stants") will be the possible results of a computation, and the defi-
nit ion would change in the folIowing way:
M~N
if and only if
'v'C[.] such that C[M], C[N] E AO, for alI basic constants a,
(C[M].lJ. a implies C[N].lJ. a).
Definition 5.0.8. Let O E &(,,1,8) be an evaluation relation.
(i) The )..,,1-calculus is correct with respect to the O-operational semantics il
and only il M =.4 N implies M ~o N.
(ii) The )..,,1-calculus is complete with respect to the O-operational semantics
il and only il M ~o N implies M =.4 N.
The )..,,1-calculus is correct with respect to the O-operational semantics if
and only if ~o is a ,,1-theory. In fact, it is easy to check that ~o is always a
congruence relation (see Definition 1.3.1).
Example 5.0.9. The evaluat ion relations of Example 5.0.5 are correct with
respect to their respective set of input values. Some counterexamples to the
correctness folIow:
(i) Let J E &(A, A-NF) be {(M, N) E A x A-NF I M -t;{ N}.
The )..A-calculus is not correct with respect to J. In fact, KI(DD) =A I
but KI(DD) ~J I, since KI(DD) 1b while I.lJ.J.
(ii) Let W E &(r, r-LBNF) be {(M, N) E r x r-LBNF I M -->jf N}. The
)..r-calculus is not correct with respect to W. In fact, KI()..x.DD) =r I
but KI()..x.DD) ~w I, since KI()..x.DD) 1fw while I.lJ.w.
The notion of O-relevant context, introduced in the next definition, is a
technical tool that is useful for proving operational equivalences.
Definition 5.0.10. Let O E &(,,1,8).
(i) A context C[.] is O-relevant il and only il there are M, NE AO such that
C[M].lJ.o and C[N]1fo.
(ii) Let M, NEA. A context C[.] is said a discriminating context for M and
N il and only il C[M].lJ.o and C[N]1fo, or vice versa.

This notion of relevance is inspired by the corresponding one of relevant

context, introduced by Plotkin in order to study the operational behaviour
of the paradigmatic programming language PCF (see [79]).
70 5. Parametric Operational Semantics

5.1 The Universal ..d-Reduction Machine

The fact that the set of output values satisfies the principality condition
allows us to define a universal evaluat ion relation, parametric both in the set
of input and out put values, from which many interesting evaluat ion relations
can be derived by suitable instantiations. Such an evaluat ion reIat ion is based
on a formal system, defining the principal evaluation of a term of the >.,d-
calculus.

Definition 5.1.1. A formal system proving statements of the kind

M-+~N

where M, NEA, is formalized in Fig. 5.1.

The notation M -+~ N is defined in Definition 1.2.7 (N is obtained from M
by reducing its principal redex).

M-+~N
------pl
>..x.M -+~ >..x.N

i = min{j :s:: mlMi ~ Ll-nf} Mi -+~ Ni

-----------------p2

QELl
---------------p3
(>"x.P)QM1 ... M m -+~ P[Q/X]Ml ... M m

Q ~ Ll Q ~ Ll-nf Q -+~ Q'

----------------p4
(>"x.P)QM1 ... M -+~ (>"x.P)Q'Ml ... M
m m

Q ~ Ll Q E Ll-nf P ~ Ll-nf P -+~ P'

p5
(>"x.P)QM1 ... M m -+~ (>..x.P')QM1 ... M m

P, Q E Ll-nf i = min{j :s:: mlMi ~ Ll-nf} Mi -+~ Ni

-------------------------p6
(>"x.P)QM1 ... M -+~ (>"x.P)QM1 .. .Ni ... M
m m

Fig. 5.1. Principal reduction machine

 5.1 The Universal Ll-Reduction Machine 71

The machine described in Fig. 5.1 is "step-by-step", since each of its rules
describes just one application of the reduction ruIe.
Definition 5.1.2 (Universal evaluat ion relation).
Let 8 be a set of output values with respect ta the set of input value ,1.
(i) u~ E 6'(,1,8) is the evaluation relation defined through the following
rules:
M ---+~ P P JJ.uLl N
- - - - (axiom) --------="'- (eval)
M JJ.ULl M M JJ.ULl N
'" '"
(ii) M ~Uf] N if and only il, for all contexts C[.] such that C[M], C[N] E AO,
(C[M] JJ.Uf] implies C[N] JJ.Uf] ).
(iii) M ~uf] N if and only if M ~Uf] N and N ~Uf] M.
It is easy to check that the previous definit ion is well posed, i.e. M JJ.ULl N
implies M ---+~ N. Furthermore, the evaluation reiat ion U~ is deterministic '"
for aU ,1,8.
Theorem 5.1.3 proves that the evaluat ion relation U~ is universal, in
the sense that it subsumes all deterministic evaluation relations obtained by
instantiating ,1 and 8 in a correct way.
Theorem 5.1.3. lf M ---+~ NE 8 then M JJ.ULl.
'"
Proof. Since 8 satisfies the principality condition, M ---+~ N E 8 implies
there is N' E 8 such that M ---+:f N'. Then the proof folIows by induction
on the length of the reduction sequence M ---+:f N' E 8. If M E 8, then the
proof foUows by rule (axiom) of the formal system defining U~. Otherwise,
M ---+:f N' means M ---+~ Nil ---+:f N', so the proof follows by induction. O
For each choice of the sets of the input and out put values, the A,1-calculus
is correct with respect to the U~ operational semantics, as proved in Theorem
5.1.4.
Theorem 5.1.4 (U~-Correctness).
The A,1-calculus is correct with respect ta the U~-operational semantics.
Proof. M =,1 N implies C[M] =,1 C[N], for aU contexts C[.].
If there is P E 8 such that C[M] ---+~ P, then C[M] JJ.ULl, by Theorem
5.1.3. Clearly P =,1 C[N]; thus, by principality, there is P ''" E 8 such that
C[N]---+:f pl, so C[N] JJ.ULl.
In case there is not such a'" P, both C[M]lIuLl and C[N]lIuLl. O
'" '"
So, U~-operational semantics induce a ,1-theory; as far as completeness
is concerned, it depends on the choice of the set of out put values. But alI
operational semantics of interest are not complete, as we will see in the fol-
lowing.
72 5. Parametric Operational Semantics

Example 5.1.5. Let U;(_HNF be the universal evaluat ion reIat ion , where A is
the set of input values and A-HNF is the set of output values.
(i) Let Ma == >..x.(>..uv.xuv)I(DD), MI == >..x. (>..v.xlv) (DD) and M 2 ==
>..x.xI(DD); note that Ma ---+~ MI ---+~ M 2 E A-HNF.
>..x.(>..uv.xuv)I(DD) ,jJ.uAA-HNF >..x.xI(DD); in fact, we can build the fol-
lowing derivation:

M 2 E A-HNF
- - - - - - (axiom)
MI ---+~ M 2 M 2 ,jJ.uA M2
A-HNF (eval)
Ma ---+~ MI MI ,jJ.uA M2
A-HNF (eval)
>..x.(>..uv.xuv)I(DD) ,jJ.uAA-HNF >..x.xI(DD)

(ii) It is possible to check that there is not a derivat ion proving >..x.DD ,jJ.uA ,
A-HNF
i.e. >..x.DD 1Î'uAA-HNF .
Every derivation proving >..x.DD ,jJ.uA A-HNF
must be of the folIowing shape:

>..x.DD ---+~ >..x.DD d

- - - - - - - - - - - (eval)
>..x.DD ---+~ >..x.DD >..x.DD ,jJ.uA R
A-HNF (eval)
>..x.DD ,jJ.uAA-HNF R

for some REA and some derivation d proving >..x.DD ,jJ.uAA-HNF R. Since
alI derivations are applications of a finite number of rules, d cannot exist,
and so also the whole derivation.

In the remainder of this part of the book we will present four different
operational semantics: three for the calI-by-name >..-calculus and one for the
calI-by-value calculus. They formalize the deterministic evaluat ion relations
given in Example 5.0.5, except for G. We will not develop such a semantics,
since the notion of r-normal form is semanticalIy meaningless, as already
noted.
Each one of the operational semantics we are interested in can be derived
from the "universal .d-reduction machine" by instantiating the sets of input
and out put values in a suitable way. But we choose to present the various
operational semantics independently, both for clarity and for technical rea-
sons. In fact, while the universal reduction machine is based on a step-by-step
description of the evaluation relation, the reduction machines we will present
supply an input-output description of it, and this makes the proofs easier.
6. Call-by-Name Operational Semantics

6.1 H-Operational Semantics

H E [(A, A-HNF) is the first evaluation relation that we will study; it is the
universal evaluat ion reiat ion U;(_HNF (see Example 5.1.5).
In this setting, the converging terms represent computations that can
always produce a given output value when applied to suitable arguments.
In fact, the set of terms having A-HNF coincides with the set of A-solvable
terms.

Definition 6.1.1 (H-Operational semantics).

(i) H E [(A, A-HNF) is the evaluation relation induced by the formal system
proving judgments of the shape

M-lJ-HN

where MEA and NE A-HNF. It consists of the foltowing rules:

m~O
- - - - - - - - - - (var)
xM1 ... M m -lJ-H xM1 ... M m

- - - - - - (abs)
Ax.M -lJ-H Ax.N

P[Qjx]M1... M m N -lJ-H
- - - - - - - - - (head)
(Ax.P)QM1... M m N -lJ-H

(ii) M ~H N if and only if, for alt contexts C[.] such that C[M], C[N] E AO,
(C[M] -lJ-H implies C[N] -lJ-H ).

(iii) M ~H N if and only if M ~H N and N ~H M.

74 6. Call-by-Name Operational Semantics

As we already noticed, H is deterministic.

Example 6.1.2. (i) Ax.(Auv.xuv)I(DD) .JJ.H Ax.xI(DD). In fact, we can

build the folIowing derivation:

- - - - - - - - (var)
xI(DD) .JJ.H xI(DD)
- - - - - - - - - - (head)
(Av.xlv)(DD) .JJ.H xI(DD)
- - - - - - - - - - - (head)
(Auv.xuv)I(DD) .JJ.H xI(DD)
- - - - - - - - - - - - - - (abs)
Ax.(Auv.xuv)I(DD) .JJ.H Ax.xI(DD)
where the unique leaf is the axiom (var) and the conclusion of the root
node is the judgment Ax.(Auv.xuv)I(DD) .JJ.H Ax.xI(DD). Note that, in
the particular case of the system .JJ.H, every derivat ion is such that each
node has a unique son.
(ii) It is possible to check that there is no derivation proving Ax.DD .JJ.H. In
fact, if a such derivation exists then it must be of the folIowing shape:

d
----(head)
DD.JJ.HR
- - - - - - (abs)
Ax.DD .JJ.H Ax.R
for some R, and some derivation d. But the rule (head) implies that the
derivat ion d must be in its turn of the shape

d
----(head)
DD.JJ.HR
Since alI derivations are the application of a finite number of rules, d
cannot exist, and so also the whole derivation.

The system .JJ.H characterizes completely the class of terms having A-head
normal forms, as shown in Theorem 6.1.3.

Theorem 6.1.3. (i) M .JJ.H N implies M -1' N and N is in A-hnf

(ii) M .JJ.H ii and only ii M has a A-hnf
Proof (i) By induction on the definit ion of .JJ.H.
(ii) (=}) The proof is a consequence of (i).
(.ţ::) M has A- hnf means that there is N E A- HNF such that M = AN.
But A-HNF is a set of output values with respect to A, by Property 5.0.3;
so there is a reduction sequence M -1' M' E A-HNF.
The proof is done by induction on the length of the reduction sequence
M -1' M'. Let M == AX1 ... xn.(M1 ... M m (n,m E N).
If ( is a variable then M is already in A-hnf. In fact M .JJ.H M, by n
applications of rule (abs) and one application of the rule (var).
 6.1 H-Operational Semantics 75

If (== (>,x.P)Q then by induction, P[Q/x]Ml ... M m .!.l-H N, for some N;

thus M .!.l-H >'Xl .. .xn.N, by n applications ofrule (abs) and one applica-
tion of the rule (head). O

The following property will be quite useful in the Sect. 15.2.

Praperty 6.1.4. Let M, N, T, U E A and M .!.l-H N.

(i) M[T / Z].!.l-H U if and only if N[T / Z].!.l-H U.
(ii) MT.!.l-H U if and only if NT .!.l-H U.

Praof. (i) Clearly M[T / z] =A N[T / z], so by the confl.uence theorem M[T / z]
has A-hnf if and only if N[T/z] has A-hnf; hence let M[T/z].!.l-H Uo and
N[T/z].!.l-H Ul , for some UO,Ul EA.
We show that Uo == U1 by induction on the derivat ion of M .!.l-H N.
The case (var) is trivial. The case (abs) follows by induction. The
more complex case is (head); if P[Q/x]M1... M m .!.l-o N then by induc-
tion, (P[Q/x])[T/z]M1[T/z] ... Mm[T/z] .!.l-H V and N[T/z] .!.l-H V, thus
(>.x.P[T/z])Q[T/z]M1[T/z] ... Mm[T/z].!.l-H V too and the proofis done.
(ii) Since M =A N implies MT =A NT, we can assume MT .!.l-H Uo if and
only if NT .!.l-H U1. We show that Uo = U1 by induction on the derivation
of M .!.l-H N. The case (var) is trivial. The case (abs) follows by using the
previous point. The case (head) follows by induction. O

~H is a A-theory, as proved by Theorem 6.1.5.

Theorem 6.1.5 (H-Correctness).

The >'A-calculus is CO'f"'f"ect with respect to the H-operational semantics.
Praof. We must prove that M = A N implies M ~H N, by definit ion of
correctness. Let M =A N and let C[.] be a context such that C[M], C[N] E
AO. By definit ion of =A, C[M] =A C[N]. So the prooffollows from Theorem
6.1.3.(ii), since by the confl.uence theorem the property of having A-hnf is
closed under = A. O

The >'A-calculus, nevertheless, is not complete with respect to the H-

operational semantics. To show the incompleteness, the notion of H-relevant
context is used, which is the specialization to H of the general notion pre-
sented in Definition 5.0.10. Lemma 6.1.6 shows a syntactical characterization
of H-relevant context.

Lemma 6.1.6 (H-Relevance).

A context C[.] is H-relevant whenever there is a context C'[.] == [.]Cd.] ... Cm [.]
(m E N) such thatjor aU M E AO, C[M].!.l-H ij and only ijC'[M].!.l-H.

Praof. (=» Assume that C[.] is H-relevant, namely there are M, N E AO such
that C[M] .!.l-H and C[N] 1IH. By induction on C[M] .!.l-H we will prove that
there is a context C'[.] satisfying the statement.
76 6. Call-by-Name Operational Semantics

If the last applied rule is (var) then either C[.] == xCd.] ... Cm [.] (m E N) or
C[.] == [.]Cd.] ... Cm [.] (m N). In the first case the context is not relevant,
E
while the second case is not possible, since M E AO.
If the Iast applied rule is (abs) then either C[.] == [.] or C[.] == AZ.C"[.]. The
first case is immediate, while the second folIows by induction.
If the last applied rule is (head) then either C[.] == [.]CI[.] ... Cm[.] (m E N)
or C[.] == (AZ.Co[.])C1[.] ... Cm [.] (m 2: 1). The first case is trivial, while the
second folIows by inductionj in fact, the context Co[.][CI[.]jz]C2 [.]. •• Cm [.] is
discriminating M and N and so is H-relevant too.
(-{:::) Let C' [.] be a context satisfying the statement of this Lemma, so
C'[M] -ll-H if and only if C[M] -ll-H, for each MEA. Thus M == DD and
N == AXl ... XmZ.z are witnesses of the H-relevance of C[.]. O

By observing the details of the proof, it is easy to see that actualIy,

for alI M E AO, if C[M] -ll-H then in the derivat ion of C[M] -ll-H there
are contexts CI[.], ... , Cm [.] (m E N) and there is a subderivation proving
MCdM] ... Cm[M]-ll-H.
Lemma 6.1.7. LetC[.] beH-relevant. IIM E AO andC[M]-ll-H thenM -ll-H.

Proof. By induction on the derivation of C[M]-ll-H.

If the last applied rule is (var) then either C[.] == xCd.] ... Cm [.] (m E N) or
C[.] == [.]C1[.] ... Cm [.] (m E N). In the first case the context is not relevant,
while the second case is not possible, since M E AO.
If the last applied rule is (abs) then either C[.] == [.] or C[.] == AZ.C"[.]. The
first case is immediate, while the second follows by induction.
If the last applied rule is (head) then either C[.] == [.]C1[.] .. .Gm [.] (m E N)
or C[.] == (Az.Go[.])Cd.] ... Cm [.] (m 2: 1). The first case follows by Property
2.1.9.(ii), while the second folIows by induction on the derivat ion proving
Co[M][C1 [M]jz]C2 [M] ... Cm [M]. O
We can check that alI closed A-unsolvable terms are equated in the H-
operational semantics.

Theorem 6.1.8 (H-Incompleteness).

The A-calculus is incomplete with respect to the H-operational semantics.
Proof. Let P and Q be two closed A-unsolvable terms such that M #A N.
A non-H-relevant context cannot discriminate P and Q. Let C[.] be a H-
relevant context: P, Q have not A-hnf (by Theorem 2.1.1), thus both P itH
and Q itH. Thus C[P] itH and C[Q] itH by Lemma 6.1.7. Hence, P ~H Q. O
The proof of the folIowing property is an example of a useful technique
for proving operational equality between terms.

Properly 6.1.9. 1 ~H E.
 6.2 N-Operational Semantics 77

Proof By absurdum assume that the two terms can be discriminated. This
means that there is a context C[.] discriminating them. Let C[.] be such that
C[I] .JJ.H while C[E]l'IH. Clearly C[.] must be H-relevant.
Let C[.] be a minimal discriminating context for I and E, in the sense that the
derivation of C[I] .JJ.H has a minimal size between alI the proofs of C'[I] .JJ.H,
for every C'[.] discriminating between I and E in such a way that C'[I] .JJ.H
while C'[E]l'IH. The proof is done by considering the last applied rule in the
derivation proving C[I] .JJ.H.
The last used rule cannot be (var), since C[.] == xCd.] ... Cm [.] (m E N) is
not H-relevant. If the last used rule is (abs) then either C[.] == Ax.C'[.] or
C[.] == [.]. In the former case, C'[.] would be a discriminating context such that
the derivation of C'[I] .JJ.H has smaller size than the derivation of C[I] .JJ.H,
against the hypothesis. The latter case is not possible, since clearly [.] is not
a discriminating context for I and E.
Let the last used rule be (head); thus either C[.] == (Ax.Co[.])Cd.] ... Cm [.]
(m ~ 1) or C[.] == [.]Ct[.] ... C m [.] (m E N). Let consider the former case. By
the rule (head), C[I] .JJ.H if and only if Co [I][C1 [IJ/x]C2 [I] .. .Gm [I] .JJ.H. But in
this case Co[.][Cd.]/x]C2 [.] .. .Gm [.] would be a discriminating context for M
and N with a derivat ion having smaller size than C[.], against the hypothesis
that C[.] is minimum.
The case C[.] == [.]C1[.] ... Cm[.]leads to a similar contradiction. In fact, in this
case C1[.] ... Cm [.] would be a discriminating context "smaller" than C[.].
The case when C[I]l'IH and CrE] .JJ.H is symmetric. D
Theorem 6.1.10. The theory H is fully extensional.

Proof By Properties 2.1.7 and 6.1.9. D

6.2 N-Operational Semantics

N E &(A, A-NF) is the evaluation reIat ion studied in this section; it is the
universal evaluat ion relation U1_NF.
In some sense, N induces the most natural operational semantics for the
AA-calculus; in fact, converging terms represent the completely terminating
computations.

Definition 6.2.1 (N-Operational semantics).

(i) N E &(A, A-NF) is the evaluation relation induced by the formal system
proving judgments of the shape

M.JJ.NN

where MEA and NE A-NF. It consists of the following rules:

78 6. Call-by-Name Operational Semantics

MJJ-NN
------(abs)
Ax.M JJ-N Ax.N

P[Qjx]Ml ... M m JJ-N N

- - - - - - - - - (head)
(Ax.P)QMl ... M m JJ-N N

(ii) M::S N N if and only iI, for aU contexts C[.] such that C[M], C[N] E AO,
(C[M] JJ-N implies C[N] JJ-N ).
(iii) M::::O N N if and only if M ::SN N and N ::SN M.
As is true for H, the relation N is also deterministic.

Example 6.2.2. AXIX2.Xl(ID)((Auv.u)(II)X2) JJ-N AXIX2.XIDI, as shown by

the following derivation.

- - - (var)
XJJ-N X
- - - (var) -----(abs)
XJJ-N X Ax.x JJ-N Ax.x
- - - - (var) - - - - - (head)
xxJJ-N xx II JJ-N 1
- - - - - - (abs) (abs)
Ax.xx JJ-N Ax.xx Av.II JJ-N Av.I
- - - - - - (head) (head)
ID JJ-N D (Auv.u)(II) JJ-N Av.I
- - - - - - - - - - - - - - - - - - (var)
Xl (ID)((Auv.u) (II)) JJ-N xlD(Av.I)
- - - - - - - - - - - - - - - - (abs)
AX2.Xl(ID)((Auv.u)(II)) JJ-N AX2.XID(Av.I)
- - - - - - - - - - - - - - - - - - (abs)
AXIX2.Xl(ID)((Auv.u)(II)) JJ-N AXIX2.XID(Av.I)
The system JJ-N characterizes completely, from an operational point of
view, the class of A-normal forms.

Theorem 6.2.3. (i) M JJ-N N implies M -+1 N and N is in A-nf.

(ii) M JJ-N if and only if M has A-nf.

Proof. (i) By induction on the definit ion of JJ-N.

(ii) (=}) Directly from (i).
({=) If M -+Â N E A-NF then M -+1 N, by Corollary 1.2.13. The proof
follows by induction on the pair (M,p), where p is the length of the re-
duct ion sequence M -+1 N ordered in a lexicographic way.
Let M == AXl ... xn.(Ml ... M m .
 6.2 N-Operational Semantics 79

If ( is a variable then N == AX1 ... xn.(nfA(Md ... nfA(Mm ). By induction

Mi -1J..N (1 ::; i ::; m), thus M -1J..N by rule (var) having as premises the
derivation proving Mi -1J..N and n instances of (abs).
If ( == (AX.P)Q then nfA(M) == AX1 ... x n .nfA(P[Q/x]M1 .. .Mm)j so, by in-
duction, P[Q/X]M1 ... M m -1J..N R, for some Rj hence (Ax.P)QM1... M m -1J..N
N, by applying rule (head) and M -1J..N AX1 ... xn.N by n instances of
(abs). D

The following property will be quite useful in Sect. 15.2.

Properly 6.2.4. Let M -1J..N N. MT -1J..N U if and only if NT -1J..N U.

Proof Clearly MT =A NT, so the by confluence theorem MT has A-nf if
and only if NT has A-nfj hence let MT -1J..N Uo and NT -1J..N U1. By Corollary
1.2.6, it is easy to show that Uo == U1 . D

An immediate consequence ofthe Theorem 6.2.3.(ii) is that M -1J..N implies

M -1J..H. Moreover, ~N is a A-theory as proved in Theorem 6.2.5.

Theorem 6.2.5 (N-Correctness).

The AA -calculus is correct with respect to the N -operational semantics.
Proof. By definit ion of correctness, we must prove that M = A N implies
M ~N N. Let M =A N and let C[.] be a context such that C[M], C[N] E AO.
By definit ion of =A, C[M] =A C[N]. So the prooffolIows from Theorem 6.2.3,
since by the confluence theorem the property of having A-nf is closed under
=A. D
We will prove that the AA-calculus is not complete with respect to the N-
operational semantics by using a syntactical characterization of N-relevant
context.
Lemma 6.2.6 (N-Relevance).
A context C[.] is N-relevant whenever there are n ~ 1 contexts Ci[.] ==
[.]CH-] ... C:"J] (mi E N, 1 ::; i ::; n) such that for all M E AO, C[M] -1J..N
if and only ifVi ::; n, C i [M]-1J..N.
Proof. (=» Assume that C[.] is N-relevantj namely, there are M, N E AO
such that C[M] -1J..N and C[N]1I'N. By induction on C[M]-1J..N we will prove
that there is at least one context satisfying the statement.
If the last applied rule is (var) then either C[.] == xC1[.] ... Cm [.] (m E N) or
C[.] == [.]C1[.] ... Cm [.] (m E N). In the first case the N-relevance implies m ~ 1,
and C[M]-1J..N implies that Cj [M]-1J..N, for each 1::; j ::; m. Let {D 1[.], ... Dh[.]}
(h ::; m) be the subset of alI relevant contexts in {C1 [.] ... Cm [.]}; it is not empty
by the hypothesis that C[.] is N-relevant. So the proof folIows by induction
on contexts D i [.]. The second case is not possible, since M E AO.
If the last applied rule is (abs) then either C[.] == [.] or C[.] == AZ.C"[.]. The
first case is immediate, while the second folIows by induction.
80 6. Call-by-Name Operational Semantics

If the last applied rule is (head) then either C[.] == [.]Ct[.]. . .Gm [.] (m E N) or
C[.] == (AZ.Co[.])Cl [.] .. .Gm [.] (m ~ 1). The first case is trivial, while the
second folIows by induction; in fact, the context Co[.][Cd.lIz]C2 [.] ••. Cm [.] is
discriminating M and N and so is N-relevant too.

(-<=) Let k = max{ml, ... ,mn }; it is easy to see that M == DD and N ==

AX1 ... XkZ.Z make C[.] relevant. O

By observing the details of the proof, it is easy to see that actualIy,

for alI ME AO, if C[M] .!J.N then in the derivation of C[M] .!J.N there are
contexts CH.], ... , C:nJ] (mi E N) and there are n subderivations proving
c:n
MCHM] ... i [M].!J.N (1 ::; i ::; n).
The notion of N-relevant context is weaker than that of H-relevant con-
text. In particular, it does not enjoy a property similar to that proved
in Lemma 6.1.7. Let C[.] == [.](Ax.I)(DD), so C[Axy.x(DD)] .!J.N 1 but
Axy.y(DD) îtN; moreover, C[AyX.X] îtN while AyX.X .!J.N.
SO, in order to prove the operational equality between closed unsolvable
terms, we will use a less general property of relevant contexts, but sufficient
for our purpose.

Lemma 6.2.7. Let C[.] be N-relevant.

II M E AO and C[M].!J.N then M is solvable.
Proof. By induction on the derivation proving C[M].!J.N.
If the last applied rule is (var) then either C[.] == xCd.] ... Cm [.] (m E N) or
C[.] == [.]C1[.] .. .Gm [.] (m E N). In the first case the relevance implies m ~ 1, so
the prooffolIows by induction; the second case is not possible, since M E AO.
If the last applied rule is (abs) then either C[.] == [.] or C[.] == AZ.C'[.]. The
first case is trivial, since M has A-nf; the second case follows by induction.
If the last applied rule is (head) then either C[.] == [.]Cd.] ... Cm [.] (m E N) or
C[.] == (AZ.Co[.])C1[.] ... Cm [.] (m ~ 1).
The first case folIows by Property 2.1.9.(ii), while the second follows by in-
duction on CO[M][C1[MlIz]C2 [M] ... Cm [M]. O

Aiso the N-operational semantics, like the H one, equates aH closed A-

unsolvable terms.

Theorem 6.2.8 (N-Incompleteness).

The AA-calculus is incomplete with respect to the N -operational semantics.

Proof. Let P and Q be two closed A-unsolvable terms such that P iA Q.

A non-N-relevant context cannot discriminate P and Q. Let C[.] be an N-
relevant context; P, Q do not have hnf (by Theorem 2.1.1), thus both P îtN
and Q îtN; so C[P] îtN and C[Q] îtN by Lemma 6.2.7. Hence, P ~N Q. O

The foHowing property holds.

 6.3 L-Operational Semantics 81

Prope'rty 6.2.9. 1 ~N E.

Proof. By absurdum assume I?6N E. This means that there is a context C[.]
discriminating them. Let C[.] be such that C[I] -U-N while CrE] lIN.
Let C[.] be a minimal discriminating context for 1 and E, in the sense
that the derivat ion of C[I] -U-N has a minimal size between alI the proofs of
C'[I] -U-N, for every C' [.] such that C'[I] -U-N and C'[E] lIN. The proofis done
by considering the last applied rule in the derivation proving C[I] -U-N.
Ifthe last applied rule is (var) then C[.] == XCI [.] ... Cm [.] (m E fiI), so there is
a C k [.] (1 ::::; k ::::; m) discriminating 1 and E with a derivat ion having smaller
size, against the hypothesis that C[.] is minimum.
If the last used rule is (abs) then, either C[.] == AX.C' [.] or C[.] == [.]. In the
former case, C ' [.] would be a discriminating context such that the deriva-
tion of C' [1] -U-N has smaller size than the derivation of C[I]-U-N, against the
hypothesis. The latter case is not possible, since clearly [.] is not a discrimi-
nating context for 1 and E.
Let the last used rule be (head), thus either C[.] == (Ax.Co[.])CI[.] ... C m [.]
(m ~ 1) or C[.] == [.]CI[.] ... Cm [.] (m E fiI). In the former case, the context
C' [.] == Co[.][CI[.]jx]C2 [.] ... Cm [.] would be a discriminating context, such that
the derivation C'[I] has smaller size than C[.], against the hypothesis that
C[.] is minimum. The case C[.] == [.]CI[.] ... Cm[.]leads to a similar contra-
diction. In fact, in this case CI [.] ... C m [.] would be a discriminating context
"smalIer" than C[.].
The case C[I]lIN and CrE] -U-N is symmetric. D
Theorem 6.2.10 shows that the N-operational semantics is fully exten-
sion al (see Sect. 1.3).

TheoreIll 6.2.10. The theory ~N is fully extensional.

Proof. By Properties 2.1.7 and 6.2.9. D

6.3 L-Operational Semantics

L E [(A, A-LHNF) is the evaluation reIat ion studied in this section; it is the
universal evaluation relation U1_LHNF'
The L-operational semantics models the so-called lazy evaluation in a call-
by-name parameter passing environment. It is characterized by the fact that
a A-redex is never reduced in case it occurs under the scope of an abstraction.
This behaviour is similar to that of the real (call-by-name) programming lan-
guages, where the body of a procedure is evaluated only when its parameters
are supplied.
82 6. Call-by-Name Operational Semantics

Definition 6.3.1 (L-Operational semantics).

(i) L E E(A, A-LHNF) is the evaluation relation induced by the formal sys-
tem proving judgments of the shape

M.JJ..LN
where MEA and NE A-LHNF. It consists of the foUowing rules:
m20
- - - - - - - - - - (var)
xM1 ... Mm.JJ..L xM1···Mm

- - - - - - (Iazy)
>..X.M.JJ..L >..x.M

P[Q/x]M1... M m .JJ..L N
- - - - - - - - - (head)
(>"x.P)QM1... Mm.JJ..L N

(ii) M jL N if and only ii, for aU contexts C[.] such that C[M], C[N] E AO,
(C[M] .JJ..L implies C[N] .JJ..L ).

(iii) M ~L N if and only if M jL N and N jL M.

The formal system described before, when restricted to closed terms, cor-
responds to the call-by-name lazy evaluat ion machine introduced by Plotkin
[78]. It is easy to check that L is deterministic.

Example 6.3.2. (>..xy.x)(DD).JJ..L >..y.DD. In fact, we can build the following

derivation:

- - - - - - - (Iazy)
>..y.DD .JJ..L >..y.DD
- - - - - - - - - (head)
(>..xy.x)(DD) .JJ..L >..y.DD
The following theorem proves that the system L characterizes completely
the class of A-Iazy head normal forms.

Theorem 6.3.3. (i) M .JJ..L N implies M -+1' N and N is in A-lhnf.

(ii) M .JJ..L if and only if M has a A-lhnf.
 6.3 L-Operational Semantics 83

Proof. (i) By induction on the definit ion of JJ.L.

(ii) (=» The proof is a consequence of (i).
({:::) M has a A-Ihnf means that there is N E A-LHNF such that
M =A N. But A-LHNF is a set of output values with respect to A,
by Property 5.0.3; so there is a reduction sequence M -t
l' M' E A-
LHNF. The proof is done by induction on the length of the reduction
sequence M -t1'
M'. Let M == AX1 ... xn.(,M1... M m .
If either n ~ 1 or (, is a variable, then a A-Ihnf of M is M it self, so
M JJ.L M, by an application of rule (lazy) or an application of rule (var).
If n = O and (, == (AX.P)Q then the A-Ihnf of M is the A-Ihnf of
P[Q/x]M1... M m . By induction P[Q/x]M1... M m JJ.L N, for some N,
so M JJ.L N, by applying the rule (head). O
By Theorem 6.3.3, it follows that both M JJ.H and M JJ.N imply M JJ.L.
The following property will be quite useful in Sect. 15.2.

Property 6.3.4. Let M, N, T, U E AO and M JJ.L N.

MT JJ.L U if and only if NT JJ.L U.
Proof. By induction on M JJ.L N. The last applied rule cannot be (var), since
M E AO. If the last applied rule is (lazy) then the proof is trivial. If the last
applied rule is (head) then the proof follows by induction. O

Theorem 6.3.5 proves that ~L is a A-theory.

Theorem 6.3.5 (L-Correctness).

The AA-calculus is correct with respect to the L-operational semantics.
Proof. By definit ion of correctness, we must prove that M = A N implies
M ~L N. Let M =A N and let C[.] be a context such that C[M], C[N] E AO.
By definition of =A, C[M] =A C[N]. So the proof follows by Theorem 6.3.3,
since by the confluence theorem the property of having A-Ihnf is closed under
=A. O

We will prove that the AA-calculus is not complete with respect to the
L-operational semantics by using a syntactical characterization of L-relevant
context.

Lemma 6.3.6 (L-Relevance).

A context C[.] is L-relevant whenever there is a context C / [.] == [.]C1 [.] ... Cm [.]
(m E N) such that for all M E AO, C[M] JJ.L if and only ifC/[M] JJ.L.

Proof. (=» Assume that C[.] is L-relevant; namely, there are M, N E AO such
that C[M] JJ.L and C[N] 11'L. By induction on C[M] JJ.L we will prove that
there is a context C / [.] satisfying the statement.
The last applied rule cannot be (var), since C[.] == xC![.] ... Cm [.] (m E N)
is not relevant. If the last applied rule is (lazy) then either C[.] == [.] or
84 6. Call-by-Name Operational Semantics

C[.] == >.z.C"[.]. The first case is immediate; while the second is not possible,
since >.z.C"[.] is not relevant.
If the last applied rule is (head) then either C[.] == [.]C1[.] .. .Gm [.] (m E N)
or C[.] == (>'z.Co[.])Cd.] ... Cm [.] (m ;::: 1). The first case is trivial, while the
second folIows by induction; in fact, the context Co[.][Cd.]jz]C2 [.] ••• Cm [.] is
discriminating M and N and so is L-relevant too.

(~) Let C'[.] be a context satisfying the statement ofthis lemma, so C'[M] JJ..L
if and only if C[M] JJ..L, for each MEA. Thus M == DD and N == >'Xl ... XmZ.z
are witnesses of the L-relevance of C[.]. O

By observing the details of the proof, it is easy to see that, for alI MEA, if
C[M] JJ..L then in the derivation of C[M] JJ..L there are contexts Cd·] , ... , Cm [.]
(m E N) and there is a subderivation proving MC1[M] .. .Gm[M] JJ..L. Note
that the context >.z.[.] is H-relevant nevertheless it is not L-relevant.
Lemma 6.3.7. Let C[.] be L-relevant. If M E AO and C[M] JJ..L then M JJ..L.
Praof. By induction on the derivat ion proving C[M] JJ..L.
The last applied rule cannot be (var), since C[.] == xC1[.] .. .Gm [.] (m E N)
is not relevant. If the last applied rule is (abs) then C[.] == >.z.C'[.] is not
relevant, while the case C[.] == [.] is trivial.
If the last applied rule is (head) then either C[.] == [.]C1[.] .. .Gm [.] (m E N)
or C[.] == (>'z.CO[.])C1[.] ... Cm [.] (m;::: 1). The last case folIows by induction
on Co[M][CdM]jz]C2 [M] ... Cm [M]; so let C[.] == [.]Cd.] ... Cm [.] (m E N). If
M == >.z.M' then immediately M JJ..L, so let M == (>.z.P)QM1 ... M n (n E N).
C[M] JJ..L implies, by rule (head) that P[Q/z]M1 ••• M nCdM] ... C7n [M] -U-L;
since [.]C1[M] .. .Gm[M] is a relevant context (it discriminates DD and M),
by induction P[Q/z]M1 ... M n JJ..L. Thus by applying the rule (head), M JJ..L
folIows. O

An incompleteness result holds.

Theorem 6.3.8 (L-Incompleteness).
The >'A-calculus is incomplete with respect to the L-operational semantics.
Proof. Let P and Q be two closed A-unsolvable terms of order zero such that
P #A Q. A non-L-relevant context cannot discriminate them. By Definition
2.1.3, if either P ~Â R or Q ~Â R, for some R, then R cannot be an
abstraction, hence P "ÎtL and Q "ÎtL. Let C[.] be any L-relevant context; so,
by Lemma 6.3.7, C[P]"ÎtL and C[Q]"ÎtL' Hence, P ~L Q. O
Praperty 6.3.9. (i) m #n implies >'xl ... xn.DD :f;L >'xl ... xm.DD.
(ii) I:f;L E.
Praof. (i) It is an exercise, by using the fact that DD "ÎtL.
(ii) The context [.](DD) discriminates the two given terms. o
From the previous property and by Property 2.1.7, it folIows that the
operational semantics ~L, being a A-theory, is not fulIy extensional.
 6.3 L-Operational Semantics 85

6.3.1 An Example

We will show now that Lo ~L Li, where

Lo == >"x.x(x(>"x.DD)(DD))(>"x.DD) ,
Li == >..x.x(>..y.x(>..x.DD)(DD)y)(>..x.DD).
This equivalence was first stated in [2]. The interest of such a result will
be clear when we will study the denotational semantics. First, let us prove a
general property.
Lemma 6.3.10. Let M --t~ N. II N -U-L then M -U-L.
Prool. Let 8 be the size ofthe derivat ion praving N -U-L, and let l be the length
of the reduction sequence from M to N. The proof is given by induction on
the pair (8, l); the pairs are ordered according to the lexicographicalorder.
If l = O then the proof is immediate, so let l 2: 1.
If N == xNi ... N n (n E N) then there are three cases.
1. M == >..y.MoY, where M o --t~ N and y fj. FV(Mo). The praof folIows
immediately by rule (lazy).
2. M == (>..y.Moy)Mi ... M m (1 :S m :S n), where MoMi ... M m --t~ N and
y fj. FV(Mo). By induction MoMi ... M m -U-L, hence M -U-L by rule (head).
3. M == xMi ... M n , where Mi --t~ Ni (1 :S i :S n). The proof folIows by rule
(var).
If N == >..x.No then M == >..y.Mo and the proof folIows by rule (lazy). If
N == (>..x.No)Ni ... N n (n 2: 1), then there are three cases.
1. M == >..y. MoY , where Mo --t~ N and y fj. FV(Mo). The proof folIows by
rule (lazy).
2. M == (>..y.Moy)Mi ... M m (1 :S m :S n), where MoMi ... M m --t~ N and
y fj. FV(Mo). By induction MoMi ... M m -U-L, hence M -U-L by rule (head).
3. M == (>..x.Mo)Mi ... M n , where Mi --t~ Ni (1 :S i :S n). It is easy to
see that M o[Mtfx]M2 •.. M n --t~ N o[Ntfx]N2 •.• N n . But N -U-L implies
N o[Ntfx]N2 ••• N n -U-L, and there is a derivation having size less than 8
proving it; hence by induction M o[Mtfx]M2 •.• M n -U-L. Then the proof
folIows by rule (head). O

Lemma 6.3.10 implies the CorolIary 6.3.11.

Corollary 6.3.11. II M --t; N then N:SL M.
Proof. Clearly C[M] --t~ C[N], for alI contexts C[.]. Then by Lemma 6.3.10,
C[N] -U-L implies C[M] -U-L. O

In particular, it folIows that Lo :SL Li. The next goal is to prave the
reverse relation, namely Li :SL Lo.
Let M E AO; it is easyto check that M(>..y.M(>..x.DD) (DD)y)(>..x.DD) -U-L
if and only if LiM -U-L, by rule (head).
86 6. Call-by-Name Operational Semantics

Lemma 6.3.12. Let M, NE AO be such that N =A M.

lf M(Ay.N(AX.DD)(DD)y)(AX.DD) -ll-L, then either N -<; AXOXI.XO or
N --+Â AXOXI.XI or N --+Â AXOXIX2.M"', for some M"' E A.
Praof. Let R == M(Ay.N(AX.DD)(DD)y)(AX.DD). The proof is given by
induction on the size of the derivat ion proving R -ll-L.
The last applied rule cannot be (var), since R E AO. The last applied rule
cannot be (lazy), since R is not an abstract ion. Hence the last applied rule
is (head); we consider alI the possible shapes of M.
• M == xMI ... M m (m E N) is not possible, since M E AO.
• M == (Axo.M')MI ... Mm (m 2: 1). The proof folIows by induction on
M'[MI/ xo]M2... M m (Ay.N(AX.DD)(DD)y)(AX.DD) -ll-L .

• Let M == Axo.M', so FV(M') ~ {xo}.

- M' == xOMI ... M m (m E N) is not possible; in fact, ~L is a A-theory,
so N(AX.DD)(DD) ~L M(AX.DD)(DD) ~L (Ax.DD)M{ ... M:r,(DD),
where MI == Mi [Ax.DD/xo] (1:::; i :::; m).
This fact implies M(Ay.N(AX.DD)(DD)y)(AX.DD) ÎîL.
-- Let M' == (AXI.Mo)MI ... Mm (m 2: 1) and T == Ay.N(AX.DD)(DD)y, so
there is a derivat ion d and a term R' such that
d
-------------------- ( ... )
(Mo[MI/xIJ) [T/xo]MI[T/xo] ... Mm [T/xo] (Ax.DD) -ll-L R'
- - - - - - - - - - - - - - - - - - - - (head)
(AXI.Mo[T/xo])MdT/xo] ... Mm[T/xo](AX.DD) -ll-L R'
- - - - - - - - - - - - - - - - - - - - - - (head)
(AXo.(AXI.Mo)MI ... Mm)(Ay.N(AX.DD)(DD)y)(AX.DD) -ll-L R'
hence the proof folIows by induction on the folIowing derivation
d
- - - - - - - - - - - - - - - - - - - - ( ... )
(Mo[MI/xl]) [T/xo] MI [T/xo] ... Mm [T/xo] (Ax.DD) -ll-L R'
- - - - - - - - - - - - - - - - - - - - - - - (head)
(Axo.(Mo[MI/xl])M2 ... Mm)(Ay.N(AX.DD)(DD)y)(AX.DD) -ll-L R'
-- Let M' == AXI.Mo. Since M E AO, there are only three further cases.
(i) M == AXOXI.XoMI ... Mm (m E N). If m 2: 1, then N(AX.DD)(DD) ~L
(AXOXI.XoMI ... Mm)(AX.DD)(DD) ~L (Ax.DD)M{ ... M:r" where MI ==
MdAX.DD/xo, DD/xIJ (1 :::; i :::; m), because ~L is a A-theory.
Hence R ÎîL since

So let m = O and the proof is done.

(ii) M == AXOXI.XIMI ... Mm (m E N); it is easy to see that m 2: 1 implies
R ÎîL. Thus m = O.
(iii) The case M == AXOXIX2.M'" is immediate. D
 6.3 L-Operational Semantics 87

By using the previous characterization we can prove that LI :SL Lo.

Lemma 6.3.13. Let C[.] be such that C[Lo], C[L l ] E A O.

Ii C[L l ] .JJ.L then C[Lo] .JJ.L.
ProoJ. The proofis given by induction on the size of C[Ll] .JJ.L, by considering
the last applied rule.
(var) It is not possible, since C[Ll] E A O.
(lazy) If C[.] == [.] then the proof is trivial, since Lo .JJ.L. If C[.] == AZ.C'[.]
then the proof is trivial, since C[.] is not relevant.
(head) Either C[.] == (Az.Co[.])Cd.] ... Cm [.] or C[.] == [.]Cd.] ... Cm [.] (m 2: 1).
In the first case, the proof follows by induction on

In the second case, the hypothesis that the last applied rule is (head)
implies m 2: 1, and there is a derivation d and a term R such that

By inductive hypothesis,

CI [Lo](Ay.C l [L o](AX.DD)(DD)y)(AX.DD)C2 [Lo] ... Cm[Lo] .JJ.L

so by Lemma 6.3.12, there are three possible cases.
(i) If CI [Lo] -+:; AXOXl.XO then it is easy to see that

CI [Lo] (Ay.C l [Lo](AX.DD)(DD)y)(AX.DD) =11 Ay.DD;

so m 2: 2 is not possible. Let m = 1; so it is easy to see that

Ay.CdLo](AX.DD)(DD)y =11 Ax.DD =11 Cl[Lo](AX.DD)(DD).

Hence CdLo](Cl[Lo](AX.DD)(DD))(AX.DD) .JJ.L, since ~L is a A-

theory. By rule (head), C[LO].JJ.L.
(ii) If Cl[Ll]-+Ă AXOXl.Xl then it is easy to see that

CdLo](Ay.CdLo](AX.DD)(DD)y)(AX.DD) =11 h.DD;

so m 2: 2 is not possible and we can assume m = 1.

But Cl[L l ] -+Ă AXOXl.Xl implies Cl[Lo]Q(AX.DD) =11 Ax.DD, for
each Q E A. Hence CI [Lo] (CI [Lo](AX.DD)(DD))(AX.DD) .JJ.L, since
~L is a A-theory. By rule (head), C[Lo] .JJ.L.
88 6. Call-by-Name Operational Semantics

(iii) If C 1[L o]--+Â AXOX1X2.MIII, for some M"' E A, then

C1[Lo] (Ay,C 1[Lo] (Ax.DD)(DD)y)(AX.DD)C2 [Lo] ... Cm[Lo] =A

C1[LO](Ay.MIII[AX.DD Ixo, DD IX1, Ylx2]) (Ax.DD)C2[Lo] ... Cm[Lo] =A
C1[Lo](C1[L O](AX.DD)(DD))(AX.DD)C2 [Lo] ... Cm[Lo]
Since ~L is a AA-theory,

C1[Lo](C1[Lo](AX.DD)(DD))(AX.DD)C2[Lo]",Cm[Lo].I.l-L

and the proof follows by applying the rule (head). o

Theorem 6.3.14. L 1 ~L Lo·

Proof By Corollary 6.3.11 and Lemma 6.3.13. o

7. Call-by-Value Operational Semantics

7.1 V-Operational Semantics

As proved in Property 5.0.3, the set of r-lazy blocked normal forms (r-
lbnf's), namely r-LBNF = {Ax.M I MEA} U {xM1 ... M m IMi EA, m E
N} U {(Ax.P)QM1 ... M m I P,Mi EA, Q rţ r, Q E r-LBNF, m E N}, is a
set of out put values with respect to r. Notice that r-LBNF o = rO.
v E [(r, r-LBNF) is the evaluation relation studied in this section; it is
the universal evaluation relation UF-LBNF' This operational semantics models
the call-by-value parameter passing together with lazy evaluation.

Definition 7.1.1 (V-Operational semantics).

(i) V E [(r, r -LBNF) is the evaluation relation induced by the formal sys-
tem proving judgments of the shape

M.l.l-v N
where MEA and NEr -LBNF. It consists of the following rules:

- - - - - - - - - - (var)
xM1 ... Mm.l.l-v xM1 ... M m

- - - - - - (lazy)
Ax.M.l.l- v Ax.M

Q.l.l-v Q' Q' E r P[Q' /x]M 1... M m .l.l-v N

- - - - - - - - - - - - - - - - (head)
(Ax.P)QM1... M m .l.l-v N

Q.l.l-v Q' Q' rţ r

- - - - - - - - - - - - - - - (block)
(Ax.P)QM 1.. .Mm.l.l- v (Ax.P)Q'M1... M m
90 7. Call-by-Value Operational Semantics

(ii) M ~y N if and only il, for all context C[.] such that C[M], C[N] E AO,
(C[M] .u.y implies C[N] .u.y ).

(iii) M ~y N if and only if M ~y N and N ~y M.

The formal system described before, when restricted to closed terms, cor-
responds to the SECD machine introduced by Landin [63], and further stud-
ied by Plotkin [78].

Example 7.1.2. (Ax.yx)(Ky).u.y y(AZ.y). In fact, we can build the following

derivation:
---(var) - - - - - (lazy)
y.u.yy AZ.y.u.y AZ.y
- - - - - - - - - - - - (head) - - - - - - - (var)
Ky.u.y AZ.y y(AZ.y) .u.y y(AZ.y)
- - - - - - - - - - - - - - - - - - - - (head)
(Ax.yx)(Ky) .u.y y(AZ.y)

Vis deterministic and it characterizes the set r-LBNF.

Theorem 7.1.3. (i) M .u.y N implies M ---tf N and N is in r-lbnf.

(ii) M .u.y if and only if M has a r -lbnf.
Proof. (i) By induction on the rules of .u.y.
(ii) (:::}) The proof is a consequence of (i).
({:::) M has a r -lbnf means that there is N E r -LBNF such that
r
M ---t N. But r -LBNF is a set of output values with respect to r,
by Property 5.0.3; so there is a reduction sequence M ---tf M' E r-
LBNF.
Let M == AXl ... Xn.(;Ml ... Mm; we reason by induction on the length of
M ---t f M ' . If n i- O then the proof follows by rule (lazy), so let n = O. If
<: E Var the proof follows by rule (var). Otherwise <: == (AZ.P)Q; hence,
if Q is r-valuable then the proof follows by induction and rule (head),
otherwise it follows by induction and rule (block). O

Corollary 7.1.4. Let M E AO. Then M .u.y if and only if M is r-valuable.

Proof. Since rO = r-LBNFo, the proof follows by Theorem 7.1.3.(ii). o

It follows by Theorem 7.1.5 that ~y is a r-theory.

Theorem 7.1.5 (V-Correctness).

The Ar -calculus is correct with respect to the V -operational semantics.

Proof. By definition of correctness, we must prove that M = r N implies

M ~y N. Let M =r N and let C[.] be a context such that C[M], C[N] E AO.
By definit ion of =r, C[M] =r C[N]. So the prooffollows from Theorem 7.1.3,
since by the confluence theorem the property ofhaving r-Ibnfis closed under
=r. O
 7.1 V-Operational Semantics 91

The V-relevant contexts cannot be characterized by using contexts of the

shape [.]Cd.] ... Cm [.] (m E N), as in the call-by-name operational settings;
in fact, [.](DD[.])I is not V-relevant, while (AXy.y)([.]I) is V-relevant. How-
ever, the following lemma establishes a negative characterization taking into
account not V-relevant contexts.

Lemma 7.1.6 (V-Relevance).

Let C[.] be not V -relevant and M E AO. Ii C[M] .ij.v then there is a context
C'[.] such that, VP E AO C[P].ij.y C'[P]; moreover, C'[P] E r ii and only ii
C'[M]Er.
Proof. By induction on C[M] .ij.y, so by cases on the last applied rule.
(var) IfC[.] == xC1[.] ... Cm [.] (m E N) then the proofis trivial and C'[.] == C[.].
The case C[.] == [.]C1[.] ... Cm [.] (m E N) is not possible, since M E AO.
(lazy) The case C[.] == [.] is not possible, since it is trivially V-relevant; while
in case C[.] == AZ.C"[.], the proof is trivial.
(head) C[.] == [.]Cd.] ... Cm [.] (m E N) is not possible, since C[M] .ij.y while
C[DD]lIY thus C[.] is V-relevant, against the hypothesis; so, let C[.] ==
(Az.Co[.])Cd.] ... Cm [.] (m :::: 1). If there is N E AO such that C 1 [N]lIy
then C[N]lIY, by implying that C[.] is V-relevant, against the hypoth-
esis. Hence Cd.] is not relevant and C1[M].ij.y, thus by induction there
is Dd.] such that VP E AO CdP] .ij.y Dl[P] and Dl[P] E r if and only
if Dl[M] E r. By induction on Co[M][D 1[Ml/x]C2 [M] ... Cm [M] there is
a context C'[.] such that Co[N][D 1[N]/x]C2 [N] .. .Gm [N] .ij.y C'[N] and
C'[N] E r if and only if C'[M] E r, for all N E AO. The proof follows
by rule (head).
(block) The case C[.] == [.]C1[.] ... Cm [.] (m E N) is not possible, since it is
V-relevant (as in the previous case); so, let C[.] == (AZ.Co[.])C1[.] ... Cm [.]
(m 2': 1). Clearly C 1 [.] is not relevant and C1[M] .ij.y, so by induction
there is Dd.] such that VP E AO CdP] .ij.y Dl[P] and Dl[P] ~ r. Let
C'[.] == (Az.Co[.])Dd.]C2 [.] ... Cm [.] and the proof follows easily. D

We will prove that the Ar-calculus is not complete with respect to the
V-operational semantics by using the notion of V-relevant context.

Lemma 7.1.7. Let C[.] be V-relevant. Ii M E AO and C[M].ij.y then M .ij.y.

Proof. By induction on C[M].ij.y, so by cases on the last applied rule.

(var) C[.] == xCd.] ... Cm [.] (m E N), is not V-relevant.
(lazy) C[.] == AZ.C'[.] is not V-relevant, while C[.] == [.] is trivial.
(head) Let C[.] == [.]Cd.] ... Cm [.] (m E N), so there are two cases.
1. If M == Az.M' then M .ij.y.
2. Let M == (Az.P)QM1 ... M n (n E N). C[M] .ij.y implies, by rule
(head) that Q.ij.y Q' and P[Q'/z]M1 ... MnC1[M] ... Cm[M].ij.y; since
[.]C1[M] .. .Gm[M] is a relevant context (it discriminates M and DD),
92 7. Call-by-Value Operational Semantics

by induction P[Q'/z]M1 ••• M n -IJ.v. Thus by rule (head), it follows

that M -IJ.v.
Let C[.] == (Az.Co[.])Cd.] ... Cm [.] (m ~ 1) so there two cases again.
1. If C 1 [.] is not relevant then there exists C~ [.] satisfying the Lemma
7.1.6, thus by induction on Co[MJ[Q[Ml/z]C2 [M] ... Cm [M] -IJ.L, the
proof follows.
2. Otherwise, C1 [.] is relevant and the proof follows by induction on
C1 [M]-IJ.L.
(block) Let C[.] == [.]C1[.] .. .Gm [.] (m E N); if M == (Ax.P)QN1... N n (n E N)
then Q -IJ.v Q', but Q E AO and Q' is a closed F-Ibnf imply that Q' is an
abstraction, against the hypothesis that the last applied rule is (block);
thus M == Ax.M' and M -IJ.v by rule (lazy).
Let C[.] == (AZ.CO [.])CI[.] ... Cm [.] (m ~ 1), so C1 [.] is relevant and the
proof follows by induction. O

The following result holds.

Theorem 7.1.8 (V-Incompleteness).
The AF -calculus is incomplete with respect to the V -operational semantics.
Proo! Let P and Q be two closed F-unsolvable termş of order zero such that
P #A Q. A non-V-relevant context cannot discriminate them. By Definition
3.1.12, if P -+} R or Q -+} R, for some R, then R cannot be an abstraction,
hence P 1Î'v and Q 1Î'v. Let C[.] be a V-relevant context. So, by Lemma 7.1.7,
C[P]1Î'v and C[Q]1Î'v. Hence, P ~v Q. O

As a corollary, we obtain that the V-operational equivalence equates all

closed F-unsolvable terms of the same order.
Corollary 7.1.9. Let P and Q be closed F-unsolvable terms of the same
order n. Then P ~v Q.
Proo! By induction on n. If n = 0, then the proof follows from the proof of
the incompleteness result. Otherwise, it follows by induction. O

The next property shows an interesting characterization of the V-operational

semantics.
Property 7.1.10. Let M and N be such that M is potentially F-valuable
while N is not potentially F-valuable. Then M ~v N.
Proo! According to the definit ion of potentially F-valuable terms, we will
consider only substitutions whose codomain is F. M potentially F-valuable
means that there is a substitution s such that s(M) E AO is F-valuable, while
s'(N) is not F-valuable, for each substitution s' such that s'(N) E AO. So let
s be such that s(M) is F-valuable; we can easily extend s to a substitution
s' such that s'(M) E AO is F-valuable while s'(N) E AO is not F-valuable.
Let C[.] == (AX1 ... Xn.[.])S'(X1) ... S'(xn) where FV(M) U FV(N) ~ {Xl, ... , x n };
therefore, by Corollary 7.1.4, C[.] is discriminating for M and N. O

The V-theory is not fully extensional. In fact, DD ~v Ax.DDx.

 7.1 V-Operational Semantics 93

7.1.1 An Example
We will show now that Vo ~v VI, where
Vo == >"X.(>"X1X2.DD)(x(>'X1.DD)(>'X1.DD)) ,
VI == >.X.(>'X1X2X3.DD)(x(>'X1.DD)(>'X1X2.DD))(x(>'X1X2.DD)(>"Xl.DD)).
This equivalence was first proved in [44]. The interest of such a result will
be clear when we will study denotational semantics.
Lemma 7.1.11. Let M E AO.
(i) Ii VoM -ll-v then VoM -ll-v >.x.DD.
(ii) liV1M -ll-v then V1M -ll-v >.x.DD.
Proof. Clearly, P E AO and P -ll-v P' imply P' is an abstraction.
(i) Let D 1 == (>'x1.DD) and D 2 == (>'X1X2.DD); thus
d1
1 (iazy)
do MoD 1D -ll-v MI >'x2. DD -ll-v >'x2· DD
1 1 (head)
M-ll-vMo (>'X1X2.DD)(MoD D ) -ll-v >'x2. DD
- - - - - - - - - - - - - - - - - - - - (head)
(>.x.D 2(xD 1D1))M -ll-v >'x2.DD
(ii) Let D 1 == (>'x1.DD), D 2 == (>'X1X2.DD) and D 3 == (>'X1X2X3.DD); thus

do
MJJ-vMo

o
Lemma 7.1.12. Let C[.] be a context such that C[Vo], C[V1] E AO.
(i) Ii C[Vo]-ll-v then :3C'[.] such that C[Vo]-ll-v C'[Vo] and C[V1 ]-ll-v C'[V1].
(ii) Ii C[V1] -ll-v then :3C'[.] such that C[Vo]-ll-v C'[Vo] and C[V1 ]-ll-v C'[V1].
Praof. (i) By induction on the derivat ion proving C[Vo] -ll-v.
(var) This case is not possible, since by hypothesis C[Vo] E AO.
(lazy) C[.] == >'z.Co [.] and C[.] == [.] are both trivial.
(head) Let C[.] == [.]C1[.] ... Cm [.] (m ;::: 1); if m ;::: 2 then by Lemma
7.1.11.(i) it is easy to see that C[Vo]1I'v. In case m = 1, the proof
follows by Lemma 7.1.11. Let C[.] == (>'z.Co[.])CI[.]. ..Gm [.] (m;::: 1),
so by induction on CI [Vo] -ll-v there is CU·] such that CI [Va] -ll-v
C~ [Vo] and CI[V1] -ll-v C~ [VI]. The proof follows by induction on
Co[Vo][C~ [Vo]/ z]CdVo] ... Cm[Vo]-ll-v.
(block) This case is not possible, since by hypothesis C[Vo] E AO.
94 7. Call-by-Value Operational Semantics

(ii) By induction on the derivat ion proving C[V1 ] .\J..v.

(var) This case is not possible, since by hypothesis C[Va] E AO.
(lazy) C[.] == AZ.Co[.] and C[.] == [.] are both trivial.
(head) Let C[.] == [.]C1[.] .. .Gm [.] (m ?: 1), if m ?: 2 then by Lemma
7.1.11.(ii) it is easy to see that C[Va] Ît"v. In case m = 1, the proof
follows by Lemma 7.1.11. Let C[.] == (Az.Co[.])Cd']' .. Cm[.] (m ?: 1)
so by induction on C1[V1] .\J..v there is CU.] such that CdVo] .\J..v
C~ [Vo] and CdV1 ] .\J..v CUVi]. The proof follows by induction on
CO[Vl][Q[Vll!Z]C2[Vi]",Cm[Vi].\J..v.
(block) This case is not possible, since by hypothesis C[Va] E AO. O

Theorem 7.1.13. Vo ~v Vi·

Proof. The proof follows from Lemma 7.1.12. o
8. Operational Extensionality

8.1 Operational Semantics and Extensionality

In Sect. 1.3, the notion of full extensionality was introduced. A L1-theory T
is fulIy extensional when alI terms in it can be interpreted as functions, i.e.
if and only if the full extensionality principle holds:

(EXT) Mx =T Nx =} M =T N x rţ FV(M) U FV(N).

Moreover, we proved that a L1-theory T is fulIy extensional if and only if

it is closed under 1]-equality, which is the congruence relation induced by the
1]-reduction rule:.

(1]) >..x.Mx -7'1 M if and only if x rţ FV(M).

Now the notion of extensionality will be considered in the particular set-

ting of the L1-theories that arise from operational semantics, namely the ,,1-
operational theories. In the rest of this section, we will restrict our discussion
to L1-operational theories induced from a formal system such that the ,,1-
calculus is correct with respect to them. Sometimes, for sake of simplicity, we
will skip the prefix il.
Let O E &(,,1,8); intuitively a term M has a functional behaviour in
O, or equivalently it can be interpreted as a function, when M i'::;jo >..x.M x
(x rţ FV(M)). If an terms have a functional behaviour in O, then it is natural
to expect that i'::;jo in its turn behaves like the extensional equivalence on
functions, Le. ifVP E A, MP i'::;jo NP then M i'::;jo N. But not alI operational
theories give a functional interpretat ion to an terms.
Let us consider, for example, the L-operational theory: DD and >..x.DD
have the same applicative behaviour (since, for an y E Var, both DDy 1tL
and (>..x.DDx)y 1tL), nevertheless they cannot be equated, since the context
[.] separates them. In some sense DD, in the L-operational theory, can be
see as a function too, but of arity O. Butthe extensionality principle becomes
vacuous if extended to O-arity functions. So we will introduce the notion of
operational extensionality.
In order to formalize such a notion, let us introduce the key notion of
O-comparable terms, with respect to an operational theory O.
96 8. Operational Extensionality

Definition 8.1.1. Let O E [(.:1,8) be defined by a formal system.

M and N are O-comparable (notation M '--'o N) when, for each substitution
s : Var -+ .:1 such that s(M), s(N) E AO
s(M) ..u-o if and only if s(N) ..u-o·
Otherwise, M and N are said to be O-incomparable (notation M ~o N).
We will speak simply about comparable terms if the involved operational
semantics is clear by the context.
Note that being O-comparable does not imply equivalent. In fact, if
O E {H, N, L, V} then )..x.xzI '--'o )..x.xzO but )..x.xzI ?60 )..x.xzO. Note
that x(DD) '--'v ()..y.xy)(DD) are V-comparable, although x(DD) ..u-v and
()..y.xy)(DD) 1tv.
To be comparable in a given operational semantics is a necessary condition
for two terms being equivalent.
In the rest of this section, )..*x.Mx will denote the fact that x fi. FV(M).
Now we can state formalIy the operational functionality principle.

(OP-FUN) O E [(.:1,8) is op-functional if and only if,

for an MEA, M '-"'o )..*x.Mx implies M ~o )..*x.Mx.
It is easy to see that M ~o )..*x.Mx implies M '--'o )..*x.Mx.
InformalIy, an operational theory O is op-extensional when, for alI terms
M and N, if they can be interpreted as functions and they have the same
applicative behaviour, then M ~o N.

(OP-EXT) O E [(.:1,8) is op-extensional if and only if,

for an M, NEA, for an x fi. FV(M) U FV(N),
if M '-"'o )..*x.Mx, N '-"'o )..*x.Nx and Mx ~o Nx then M ~o N.
It is easy to check that the two principles are equivalent when the opera-
tional semantics are correct.
Praperty 8.1.2. OP-FUN if and only if OP-EXT.
Praof. (=}) Let O E [(.:1,8) satisfy OP-FUN. For an x fi. FV(M) U FV(N),
let M '--'o )..*x.Mx, N '--'o )..*x.Nx and Mx ~o Nx.
OP-FUN implies both M ~o )..*x.Mx and N ::::::0 )..*x.Nx. Moreover,
)..x*.Mx::::::o )..*x.Nx, since Mx::::::o Nx and::::::o is a congruence; thus

M ::::::0 )..*x.Mx::::::o )..*x.Nx::::::o N.

C{=) Let O E [(.:1,8) satisfy OP-EXT; let M '--'o )..*x.Mx.

Mz ::::::0 ()..*x.Mx)z and )..*x.Mx ::::::0 )..*u.()..*x.Mx)u, since ::::::0 is a .:1-
theory; thus, )..*x.Mx '--'o )..*u.()..*x.Mx)u and by OP-EXT, M::::::o )..*x.Mx. D

The notion of op-extensionality can be captured by a suitable reduction

rule, parameterized with respect to the considered operational semantics.
 8.1 Operational Semantics and Extensionality 97

Definition 8.1.3. Let O E E(L1, 8) be an evaluation relation.

(i) The Ory-reduction ~01) is the contextual closure of the following rule:
)..*x.Mx ~01) M if and only if M '---'o )..*x.Mx.
)..*x.Mx is a Ory-redex and M is its contractum.
(ii) M ~O1) N and =01) are respectively the reflexive and transitive closure
of ~01) and the symmetric, reflexive and transitive closure of ~01)'
(iii) M ~LlO1) N when either M ~01) N or M ~Ll N.
(iv) M ~~01) N and =LlO1) are respectively the reflexive, symmetric and
transitive closure of ~ LlO1) and the symmetric, reflexive and transitive
closure of ~ LlO1)'

A L1-theory ~o is a L10ry-theory, when ~o is closed under =01)' namely

p =01) Q implies P ~o Q.
The relationship between op-extensionality and Ory-reduction rule is clar-
ified in the next theorem.

Theorem 8.1.4. Let O E E(L1, 8) be correct with respect to the )..L1-calculus.

O is op-extensional if and only if ~o is closed under =01)'

Proof. (=;.) Assume C[M] =01) C[)..*x.Mx], so M '---'o )..*x.Mx by definit ion
of ~01)' Clearly )..*u.()..*x.Mx)u =Ll )..*u.Mu, so )..*u.()..*x.Mx)u ~o
)..*u.Mu, since O is a L1-theory, thus )..*x.Mx '---'o )..*u.()..*x.Mx)u too.
Mz ~o ()..*x.Mx)z, since O is a L1-theory. Hence M ~o )..*x.Mx by
op-extensionality. Thus, C[M] ~o C[)..*x.Mx].
({=) Let M '---'o )..*x.Mx, N '---'o )..*x.Nx and Mx ~o Nx, for all
x rţ FV(M)UFV(N). Since O is a L10ry-theory, both M ~o )..*x.Mx and
N ~o )..*x.Nx. Moreover, Mx ~o Nx implies ()..*x.Mx) ~o ()..*x.Nx),
so the proof follows by transitivity of ~o. D

We will prove that H, N, L and V are operationally extensional.

First we need to characterize the class of terms M such that M and
)..*x.Mx are O-comparable, when O E {H, N, L, V}.

Lemma 8.1.5. Both M '---'H )..*x.Mx and M '---'N )..*x.Mx, for all MEA.

Proof. This proof is easy. D

In Hand N, the operational extensionality corresponds to full extension-

ality (see Theorems 6.1.10 and 6.2.10).

Theorem 8.1.6. Hand N are operational extensional A-theories.

Proof. Obvious, since full extensionality implies operational extensionality. D

In L, it is no longer true that M '---'L )..*z.Mz holds for all MEA. In

fact, y and )..z.yz are not L-comparable (take the substitution s such that
s(y) = DD).
98 8. Operational Extensionality

Lemma 8.1.7. M '-'L )..*z.Mz if and only if M -+Â )..x.N, for some NEA.
Proof. (=:}) Assume M does not reduce to an abstraction.
This means that either M -+Â xQ or M -+Â U, where U is a A-unsolvable
term of order o. By correctness, this implies either M ~L xQ or M ~L U.
Let s be a substitution such that s(x) = DD, for aH x.
In both cases, s(xQ) and s(U) are A-unsolvable of order O, therefore
s(xQ) 11'L and s(U) 11'L. On the other hand, s()..*z.Mz) =A )..*z.s(M)z,
so s()..*z.Mz) .u..L, against the hypothesis that M '-'L )..*z.Mz.
C~=) Let M -+Â )..x.N; so )..*z.Mz -+Â )..z.N[z/x] = 0 )..x.N, therefore by
correctness M ~L )..*z.Mz, which implies M '-'L )..*z.Mz. D

By the previous lemma, the L1J-reduction (-+L7)) can be restated, without

any explicit reference to the comparability reIat ion L, as follows:
)..*x.Mx -+L7) M if and only if there is NEA such that M -+Â )..x.N.
Theorem 8.1.8. L is an operational extensional A-theory.

Proof. By Lemma 8.1.7, if M =L7) N then M =A N so M ~L N by correct-

ness and the proof folIows by Theorem 8.1.4. D

Now let us consider the calI-by-value operational semantics ~v.

Lemma 8.1.9. M '-'v )..*z.Mz if and only if M is r-valuable.

r
Proof. (=:}) Assume that M -+ N implies N ţf. r. This means that either
N == xQ for some sequence IIQII > 0, or N == ()..x.P)QR where Q -+r Q'
and Q' (j. r, or M -+r U where U is a r-unsolvable term of order o. We
prove by induction on N that there is a substitution s such that s(N) 11'v.
Let s be a substitution such that Vx E Var, s(x) = )..x.DD E r. The first
and the third cases are obvious: both s(xQ) and s(U) are unsolvable of
order 0, hence s(xQ) 11'v and s(U) 11'v. In the second case, by induction
s(Q) 11'v; so, s(()..x.P)QR) 11'v. In alI cases, s(M) 11'v.
On the other hand, s()..*z.Mz) = )..*z.s(M)z, so s()..*z.Mz) .u..v by rule
(lazy), against the hypothesis that M '-'v )..*z.Mz.
({:::) By definition, r = Var U {Ax.M I MEA}. If M -+r )..x.P' , for some
P', then M =r )..*z.Mz, so M ~v )..*z.Mz and M '-'v )..*z.Mz.
Let M -+r x; for every substitution s : Var -+ rO, it is easy to see
that s(x) E rO and s(M) -+r s(x). By correctness, s(M) .u..v and
s()..*z.Mz) = )..*z.s(M)z E rO, so s()..*z.Mz) .u..v. This implies, by defi-
nition, M '-'v )..*z.Mz. D

By the previous lemma, the V1J-reduction (-+V7)) can be restated, without

any explicit reference to the evaluation reIat ion V, as folIows:
)..*x.Mx -+V7) M if and only if M is r-valuable.
 8.1 Operational Semantics and Extensionality 99

We prove that V is an operational extensional r-theory by using some de-

notational tools, in Property 12.1.20.(i). An interesting overview on rewriting
and extensionality can be found in [41].

8.1.1 Head-Discriminability

We introduced in Definition 5.0.10, the notion of context discriminating a

pair of terms, for a given evaluat ion reIat ion O. We will refine such a no-
tion defining O head-discriminable, if the operational difference between two
terms can be tested through an head context. Clearly, this notion is in some
sense related to extensionality, since filling a head context C[.] by a closed
term M corresponds just to applying M to a suitable sequence of arguments.

Definition 8.1.10. O E E(.:1, G) is head discriminable if and only if M 'f,o

N implies there is a .:1-valuable head context C[.] such that C[M], C[N] E AO
and C[M] -lJ-o while C[N] 110 (or vice versa).
Now let us define a particular class of operational semantics.

Definition 8.1.11. An evaluation relation O is uniform if and only if

)...y.M ~o )...x.N implies M ~o N.

Informally, the uniformity condition says that a reduction machine either

computes under a )...-abstraction or not; in other words, it has either a lazy
or a not lazy behaviour, but it cannot mix the two styles of computing. Note
that all the semantics we defined in this chapter are uniform. Moreover, we
would like to stress that uniformity is quite a natural property to expect for
every reasonable operational semantics.
We will prove in the next theorem that, for all the uniform operational
semantics, head discriminability implies operational extensionality.

Theorem 8.1.12. lf O E E(.:1, G) is uniform and head discriminable then

it is operationally extensional.

Proof. Let O be head discriminable, M '-../0 )...*x.Mx and N '-../0 )...*x.Nx; we

will prove that M 'f,o N implies Mx 'f,o Nx, for all x (j. FV(M) U FV(N).
Since ;:::;0 is head discriminable, M 'f,o N implies that there is a .:1-valuable
head context ()...y.[.])P such that ()...y.M)P, ()...Y.N)P E AO, and ()...Y.M)P-lJ-o
and ()...y.N)P 110 (or vice versa) .

• Let us consider the case IIPII = IIYlI· Thus M[P /Y1 -lJ-o and N[P /Y1110, by
correctness. Since M '-../0 )...*x.Mx and N '-../0 )...*x.Nx, )...*x.M[P/Y1x-lJ-o
and )...*x.N[P/Y1x 110. Thus the context ()...Yx.[.])P discriminates Mx and
Nx, namely Mx 'f,o Nx.
100 80 Operational Extensionality

• Let IIPII > IIYllo Then P == PIP2, where IIPIII = IIYlI, and so M[PdY1 P2 -U-o
and N[PdY1P2 11'00 Since X fi. FV(M) U FV(N), ~o is closed under =.<1
and IIP2 11 > O, both (AxoM[PdY1x)P2 -U-o and (AxoN[PdY1x)P2 11'0, and
consequently, by correctness, (AifxoMx)PIP2 -U-o and (AifxoNx)PIP2 11'00
So the context (Aifxo[0])PIP2 is a head context discriminating Mx and Nx,
namely M x ~o N Xo
• Let IIPII < IIYllo Then if == ihif2, where IIPII = Iliflll, and, by .,1-
reduction, Aif20M[PlifIJ -U-o and Aif20N[PlifIJ 11'00 By uniformity, this im-
plies there is a substitut ion s such that s(M[Plifl]) -U-o and s(N[Plifl]) 11'0,
and consequently there is a substitution s' such that s' (M) -U-o and
s'(N) 11'00 Since M '--'o A*xoMx and N '--'o A*xoNx, A*xos'(M)x -U-o
and A*xos'(N)x 11'00 Let FV(M) U FV(N) ~ {ZI, 000' Zk} for some k E N,
and C'[oJ == (AZloooZko[o])S'(Zl)oooS'(Zk)o Then AXoC'[oJ is the context discrim-
inating Mx and Nx, namely Mx ~o Nxo
o
The previous theorem assures us that the notion of operational extension-
ality we defined is meaningful under the hypothesis of uniformityo In fact,
head discriminability means that terms can be discriminated just observing
their applicative behaviour, so by considering them as functions, may be of
arity 00 AH operational theories we considered are head-discriminableo
9. Further Reading

Operational semantics. An algebraic view of structural operational se-

mantics (SOS) can be found in [94]. A formalization of the SOS. operational
semantics based on natural deduction is given in [24]. In [77] the reader can
find a presentation of the different approaches to structural operational se-
mantics, concentrat ing on the advantages and disadvantages of each one for
reasoning about operational equivalence of programs.
A-Reduction machines. Some abstract machines for evaluat ing A-terms
according to different evaluat ion strategies have been performed. The CUCR
machine, defined in [16] and whose implementation is described in [21], per-
forms the N-evaluation. Krivine [60J designed an abstract machine perform-
ing a variant of the H-evaluation, inducing the same operational semantics.
The Bologna Optimal Righer Order Machine (BORM) machine implements
an optimal evaluation relation, in the sense that it optimizes the number
of A-reduction performed in parallel [6J. The optimality is reached through
a graph representation of terms based on linear logic [48]; a survey on the
optimal implementation of AA-calculus can be found in [7J.
 Part III

Denotational Semantics
10. ALl-Models

To study the operational behaviour of >.-terms, we will use the denotational

(mathematical) approach. A denotational semantics for a language is based
on the choice of a space of semantics values, or denotations, where terms are
to be interpreted. Choosing a space with nice mathematical properties can
help in proving the semantic properties of terms, since to this aim standard
mathematical techniques can be used.
In the next definition, we will give the properties that a structure must
satisfy in order to be used as denotations space for the >.Ll-calculus, or,
equivalently, to be a model for this calculus.
Definition 10.0.1 (>'Ll-Calculus model).
A >.Ll-model is a quadruple < Jl)), lI, o, [.] >, where:
Jl)) is a set, o is a map fram Jl))2 in Jl)) and II c::;: Jl)). Moreover, ifE is the collection
of functions (environments) fram Var to lI, ranged over by p,p', .. then the
interpretation function [.] : A x E ----+ Jl)) satisjies the following conditions:
1. [x]p = p(x),
2. [M N]p = [M]p o [N]p,
3. [>.x.M]p o d = [M]p[djx] if dE lI,
4· if [M]p[djx] = [M']p/[djy] for each d ElI, then [..\x.M]p = [>.y.M']pl,
5. M E Ll implies \ip.[M]p ElI,
where p[d/x](y) = if y == x then d else p(y).
This definit ion ensures that a >.Ll-model respects some elementary key
properties, namely the interpretation of a term depends only on the behaviour
of the environment on the free variables of the term itself, the a-rule is
respected, the syntactical substitut ion is modeled by the environment and
the interpretation is contextually closed [59, 50]. Moreover, II is the semantical
counterpart of the set of input values.
Property 10.0.2. Let < Jl)), > be a >.Ll-model.
lI, o, [.]
(i) If p(x) = p'(x), for an x E FV(M), then [M]p = [M]p, .
(ii) If y rţ FV(M) then [M]p[djx] = [M[y/X]]p[djy], for all d E lI.
(iii) If y rţ FV(M) then [>.x.M]p = [>.y.M[y/x]]p .
(iv) If NE Ll then [M[N/x]]p = [M]p[[N]pjx] .
(v) If [M]p = [N]p then, for every context C[.], [C[M]]p = [C[N]]p .
106 10. >.Ll-Models

Proof (i) By induction on M. If M E Var then by Definition 10.0.1.1, the

proof is immediate. If M == PQ then the proof folIows by induction and
Definition 10.0.1.2. If M == >.x.N then by induction, Vd E lI, [N]p[d/x] =
[N]p'[d/x]; so [>.x.N]p = [>.x.N]p' by Definition 10.0.1.4.
(ii) By induction on M. If M E Var then by Definition 10.0.1.1, the
proof is immediate. If M == PQ then the proof folIows by induc-
tion and Definition 10.0.1.2. If M == >.z.N then by Definition 10.0.1.3,
Vd' E lI, [N]p[d/x][d' /z] = [N[Y/X]]p[d/Y][d' /z] (clearly p[do/xo][dI/xl] =
p[dI/Xl][do/xo]); hence, [>.Z.N]p[d/x] = [(>.z.N)[Y/X]]p'[d/y] by Definition
10.0.1.4 and the proof is done.
(iii) Vd E lI, [M]p[d/x] = [M[Y/X]]p[d/y] by the previous point ofthis property.
The proof folIows by Definition 10.0.1.4.
(iv) By induction on M. If M E Var then the proofis immediate. If M == PQ
then the proof folIows by induction.
If M == >.z.P then Vd E lI, [P[N/X]]p[d/z] = [P]p[d/z][[N]p/x] , by Definition
10.0.1.3. Hence, [M[N /x]]p = [M]p[[N]p/x], by Definition 10.0.1.4.
(v) By induction on the context C[.].
If C[.] does not contains holes or C[.] == [.], then the proof is obvious.
If C[.] is C1 [.]C2 [.] then the proof folIows immediately by induction.
Let C[.] be >.x.C'[.]; thus, Vd E lI, [C'[M]]p[d/x] = [C'[N]]p[d/x] by Defi-
nit ion 10.0.1.3. The proof folIows by Definition 10.0.1.4. D

The previous property implies that condition 3 of Definition 10.0.1 is the

semantics counterpart of the Ll-reduction rule. It says that the interpretation
of a term is closed under = L1, as proved in the folIowing.
Corollary 10.0.3. Let < Jl)), lI, 0, [.] > be a >.Ll-model.
lf M =L1 N then [M]p = [N]p, for all p.

Proof It is sufficient to prove that if M -+ L1 N then [M]p = [N]p, for alI p.

Let Q E .,1; so [(>.z.P)Q]p = [>.z.P]p o [Q]p = [P]p[[Q]p/z] = [P[Q/z]]p by
the definition of the model and by Property 1O.0.2.(iv). The proof follows by
Property 10.0.2.(v). D

Given a >.Ll-model M, the interpretation function [.]M induces

a denotational semantics on A. Namely, two terms M and N are
denotationally equivalent in M (and we write M rv M N) if and only
if:
[M]~ = [N]~, for alI environments p.

CorolIary 10.0.3 ensure us that rv M is a Ll-theory; moreover, it implies

that if M =L1 NE .,1 then Vp.[M]p ElI.

The denotational semantics induced by a model M is correct with

respect to an operational equivalence ~o if:
 10. >.Ll-Models 107

M "'M N implies M ~o N, for alI M and N;

while it is complete if:
M ~o N implies M "'M N, for alI M and N.
A model is called fully abstract [68J with respect to an operational
equivalence if the induced denotational semantics is both correct and
complete with respect to it.

As we will see in the rest of this section, if our aim is to study an op-
erational equivalence then the correctness is the key point. The next lemma
gives us a useful tool for testing the correctness of a model.

Lemma 10.0.4. Let M be a .>..Ll-model such that:

M.JJ.o and N 11'0 imply M 7'M N, for all M,N E A.
Then M is correct with respect to the operational equivalence ~o.

Proof. Let M "'M N, so by Property 1O.0.2.(v), for each context C[.],

C[MJ "'M C[NJ; hence, by hypothesis, C[MJ and C[NJ either both .JJ.o or
both 11'0. Since this is true in particular when C[MJ, C[NJ E AO, it folIows
that M ~o N. D

The simplest denotational model is the so-called term model. Let 1 M 1 be

the Ll-equivalence class of M, Le. 1M 1= {N 1N =.::1 M}; let 1Albe the set
alI the equivalence classes of A with respect to =.::1, while 1Ll I~I A 1is the
set of equivalence classes containing at least one input value. The term model
T M(Ll) is the quadruple <1 A 1,1 Ll 1, o, [.FM(.::1) >, where o is defined as
1M 1o 1N 1=1 MN 1. The interpretation of a term M in T M(Ll), with
FV(M) = {Xl,"" Xm}, is given by [M]p =1 M[Ndxll··[Nm/Xml 1, where
Ni E P(Xi) (1 :::; i :::; m). It is easy to verify that T M(Ll) satisfies the
conditions of Definition 10.0.1.

Theorem 10.0.5. Let O be an evaluation relation. If the .>..Ll-calculus is

correct with respect to ~o then T M(Ll) is correct for ~o.

Proof. Since the .>..Ll-calculus is correct with respect to ~o, =.::1 implies ~o.
Since "'T M(.::1) coincides with =.::1, the result folIows. D

It is easy to check that T M(A) is not complete with respect to the oper-
ational semantics H, N and L; while T M(r) is not complete with respect to
the operational semantics V. Just take two unsolvable terms of order O, e.g.
DD and (.>..x.xxx)(.>..x.xxx). They are equated in alI the operational semantics
above, while they are different in both T M(A) and T M(r).
108 10. '>'.:1-Models

Remark 10.0.6. In case .d = A and ][)) = lI, our definit ion of the >..d-calculus
model becomes the well-known definit ion of a >.-calculus model. But it looks
different from the original one, given by Hindley and Longo in [50]. In fact,
they ask the interpretation function to satisfy the following six conditions:
1. [x]p = p(x);
2. [M N]p = [M]p o [N]p;
3. [>.x.M]p o d = [M]p[d/x];
4. p(x) = p'(x) for all x E FV(M) ~ [M]p = [M]p,;
5. Y ~ FV(M) ~ [>.x.M]p = [>.y.M[yjx]]p;
6. if [M]p[d/x] = [M']p[d/x] for each d ElI, then [>.x.M]p = [>.x.M']p.
Conditions from 1 to 3 occur identical in our definition. Condition 4 is
more restrictive than the corresponding one in Definition 10.0.1, while con-
ditions 5 and 6 ask that the interpretation be closed by a-equivalence and
>.-abstraction, respectively. Our definition is shorter, and the strengthening
of condition 4 allows one to obtain, as side effect, both the a-equality and
the contextual equality (see Property 10.0.2).
It is an useful exercise for the reader to prove that the two definitions are
equivalent.

10.1 Filter ĂL1-Models

The idea of filter >..d-model is based on the notions of type and of type as-
signment system. Types represent properties of terms, and they are expressed
through the language of the implicative and conjunctive fragment of intuition-
istic logic, i.e. the predicate logic with just two connectives, the implicat ion
(--+) and the conjunction (1\), and the constant true (w). For historical rea-
sons, the conjunction will be called the intersection. Intersection types were
first introduced in [27].
Very informally, a term M has the property (]" --+ T if its application
to every term N having the property (]" has the property T, and M has
the property (]" 1\ T if and only if it has both property (]" and property T.
The constant w represents the property of being a term, so it holds for all
terms. A formal description of types is sketched in Sect. 13.1 where types are
interpreted as compact elements of suitable domains.

A type assignment system is a set of rules assigning types to terms, start-

ing from a basis, i.e. a function assigning types to variables. A type assignment
system can induce a >..d-model, where the interpretation of a term is given
by the set of types that can be assigned to it.
This kind of model is particularly interesting, since the type assignment
system is not only a support for defining the model itself, but it is a tool
for reasoning, in a finitary way, on the interpretations of terms in it. So a
 10.1 Filter ALl-Models 109

filter model, if it is correct with respect to an operational semantics 0, gives

standard and powerful techniques for studying the O-operational behaviour
of terms.

Definition 10.1.1 (The intersection type assignment system).

(i) Let C be a non empty countable set oftype constants, containing at least
the constant w (the universal type).
The set T( C) of types is inductively defined as follows:

(JEC =} (J E T(C),
(J, TE T(C) =} ((J --t T) E T(C),
(J, TE T(C) =} ((J 1\ T) E T(C).
(ii) An intersection reIat ion :::; is a preorder relation on T(C), closed under
the following rules:
--(a) ---Ce')
CY:::;w (JI\T:::;T

- - - - - - - - - - - - (d)
(CY ~ T) 1\ (CY ~ 7r):::; CY ~ (TI\7r)

------(g)
(J :::; p, P:::; T
----(t)
CY~w:::;w~w

(iii) Let:::; be a intersection relation on T(C).

:::; induce a type theory ~
(J ~ T if and only if (J :::; T and T :::; (J.
(iv) A type system V' is a triple < C,:::; ~, 1(C) >, where C is a set of type
constants, :::;~ is an intersection relation on T(C) and I(C) ~ T(C) is a
set of input types with respect to :::;~; namely, it is not empty and it is
closed under the following conditions:
1. (J E I(C) and (J ~~ T imply T E I(C),
2. (J E I(C) and T ~ I(C) imply (J :::;~ T.

(v) Given a type system V', the corresponding type assignment system f--~ is
a formal system proving statements of the shape:
B f--~ M: (J
where M is a term, (J E T(C) and B is a basis, i.e a function from Var
to I( C).
B[(J/x] denotes the basis such that B[(J/x](y) = if y == x then (J else B(y).

The type assignment system consists of the following rules:

110 10. >..Ll-Models

- - - - - - (var) ----(w)
B[O" / xl f-" x : O" B f-" M: w

B[O"/x] f-" M: T O"EI(C) Bf-"M:O"-+T Bf-"N:O"

(-+1) - - - - - - - - - - - - - - - (-+E)
B f-" >..x.M : O" -+ T B f-" MN: T

B f-" M: O" B f-" M:

- - - - - - - - - - (!Il)
T B f-" M: O" O" <::::" T
--------(~~)
B f-" M : O" 1\ T B f-" M: T

B f-" M : O" 1\ T B f-" M : O" 1\ T

- - - , . . - - - (I\E,) - - - - - - ( I \ Er )
B f-" M : O" B f-" M: T

Note that ruZes (I\E I ) and (I\Er ) are redundant, since the ruZe (:::::,,).

In the definit ion of intersection relation, note the controvariance of ::::: v

with respect to the left-hand argument of ~ in rule (1). Moreover, note
that the rule (~ E) imposes a condition on the type of the argument of
application, namely that it belongs to the set of input types.
A derivation is a tree whose nodes are instances of rules, such that the
premises of a rule are the consequences of its son nodes. If the root of a
derivation d has as consequence the statement B f-- v M : 0", we will say that
d proves B f-- v M : 0". The notion of subderivation then corresponds to the
notion of subtree. We write B f-- v M : O" when there is a derivation proving
B f-- v M : 0"; moreover, B f-- v M : O" is called a typing. If B f-- v M : O"
and B 1-'17 N : 0", then we will say that the terms M and N have a typing
in common. B Ifv M : O" will denote that there are not derivations proving
B f-- v M: 0".

ExampZe 10.1.2. Let il =< {w}, :::::u'!u > where lu = T({w}) and :::::u is the
least intersection reIat ion such that w :::::u 0", for alI O" E T ({w } ).
It is easy to check that O" c::::u w, for alI O" E T( {w}); in particular, w c::::u w ~ w.
Let Bw be the basis such that Bw(x) = w, for alI x E Var; hence, the folIowing
derivation proves Bw I-u (>.x.xx)(>.x.xx) : w ~ w:

------(w)
Bw I-u DD: w w :::::u w ~ w
----------------(~ll)
Bw I-u DD : w ~ w
It is easy to check that, for every set C of type-constants, it is correct to
choose I(C) = T(C).

Lemma 10.1.3. Let'V be the type system < C, :::::v,!(C) >.

(i) lfn E I(C) and O":::::v n then O" E I(C).
(ii) lf O" E I(C) then O" 1\ TE I(C), for all TE T(C).
(iii) lf n rţ I(C) and n :::::v O" then O" rţ I(C).
 10.1 Filter AL1-Models 111

Proof. (i) Assume Jr E 1(C) and rY :::;'17 Jr and rY rţ 1(C); so Jr :::;'17 rY by

cond it ion 2 on the set of input types. Hence rY ~v Jr; by condition 1 on
the set of input types, this is absurd.
(ii) rY 1\ T :::;'17 rY, by rule (c) of intersection relations. The proof follows by the
result proved in the previous point.
(iii) Similar to the proof of point (i). D

Note that if 1(C) =1= T(C) then w rţ 1(C), by the previous lemma.
In the next lemma some useful equivalences between types, true in all
type theories, are proved.

Lemma 10.1.4. Let \7 be the type system < C, :::;v,1(C) >.

(i) rY ~v rY 1\ rY;
(ii) wl\rY~vrY;
(iii) rY --+ (T 1\ Jr) ~v (rY --+ T) 1\ (rY --+ Jr);
(iv) rY --+ W ~v W --+ W;
(v) (rY 1\ T) 1\ Jr ~v rY 1\ (T 1\ Jr);
(vi) rY 1\ T ~v T 1\ rY;
(vii) Jr:::;v rY and Jr :::;'17 T ii and only ii Jr :::;'17 rY 1\ T.

Proof. (i) By rules (b) and (c) of the definit ion of intersection relations.
(ii) By the rule (c) of definit ion of intersection relations, w 1\ rY :::; V rY. On the
other side, rY :::;'17 rY 1\ rY :::;'17 W 1\ rY, by rules (a), (b) and (e) and by the
reflexivity of :::;'17. The proof follows by (t).
(iii) Since rule (d), we need just to prove rY --+ (T 1\ Jr) :::;'17 (rY --+ T) 1\ (rY --+ Jr).
rY --+ (T 1\ Jr) :::; V rY --+ T and rY --+ (T 1\ Jr) :::; V rY --+ Jr by rules (1), (c)
and (c'); thus, rY --+ (T 1\ Jr) :::;'17 (rY --+ (T 1\ Jr)) 1\ (rY --+ (T 1\ Jr)) :::;'17 (rY --+
T) 1\ (rY --+ Jr) by rules (b) and (e). The proof follows by (t).
(iv) Since rule (g), we need just to prove w --+ W S;v rY --+ w, which follows by
rules (a) and (1), and by the reflexivity of :::; v.
(v) Let f.Lo == (rY 1\ T) 1\ Jr and f.Ll == rY 1\ (T 1\ Jr).
f.Lo, f.Ll :::;'17 rY, T, Jr by rules (c), (c') and (t), hence f.Lo 1\ (f.Lo 1\ f.Lo) :::;'17 f.Ll by
rule (e). Thus f.Lo :::;'17 f.Lo 1\ (f.Lo 1\ f.Lo) by rule (b) and then f.Lo :::;'17 f.Ll by
rule (t). The reverse relation can be proved in a symmetric way.
(vi) Both rY 1\ T :::;'17 rY, T and T 1\ rY :::;'17 rY, T by rules (c) and (c'); hence
(rY 1\ T) 1\ (rY 1\ T) :::; V T 1\ rY, and then rY 1\ T :::; V T 1\ rY by rules (b) and (e).
The reverse reIat ion can be proved in a symmetric way.
(vii) By rules (b), (c), (c') and (e). D

In order to decrease the number of parenthesis in types, we will use the

following precedence rules between connectives: 1\ binds stronger than --+,
moreover --+ associates to the right. For example, rY --+ T 1\ p, rY --+ T --+ p and
rY 1\ T --+ p stand respectively for rY --+ (T 1\ p), rY --+ (T --+ p) and (rY 1\ T) --+ p.
Since the result of the previous lemma, at point (v), when no ambiguity
can arise, we will use rY 1\ T 1\ P for denoting both rY 1\ (T 1\ p) and rY 1\ (T 1\ p).
 112 10. ALl-Models

The notion of legal type theory, given in the next definition, is a key one,
since we will prove that to be legal is a necessary condition for a type theory
to induce a 'xL1-model.

Definition 10.1.5. Let V' be the type system < G, ::::; V', 1 (G) >.
V' is legal if and only if for alt aEI (G) and T 7=-V' w:

(al ---+ Td /\ ... /\ (an ---+ Tn ) ::::;V' a ---+ T (1 ::::; n) implies

:J{il, ... ,id ~ {l, ... ,n} such that (ai! /\ ... /\ aik) 2:V' a
and (Ti! /\ ... /\ Tik) ::::;V' T.

Let V' be a type system < G, ::::;V', I(G) > such that I(G) = T(G) and ::::;V'
is the least inclusion relation: V' is legal.
In case of a legal type theory, rule (f) of the intersection relation defined
in Definition 10.1.1 becomes a double implication. This will be useful in the
following for proving properties of 'xL1-models.

Property 10.1.6. Let V' =< G, ::::;V', I(G) > be legal.

If T 7=-V' w and a E l( G) then
a' ---+ T' ::::;V' a ---+ T if and only if a ::::;V' a' and T' ::::;V' T.

Proof. By Definition 10.1.5 and by rule (f) of Definition 10.1.1.(ii). D

In order to show that a legal type theory induces a 'xL1-model, first some
syntactical properties of a type assignment system induced by a legal type
theory must be proved.

Lemma 10.1.7. Let V' =< G, ::::;V',!(G) > be legal.

(i) B f-V' M : a and x rţ FV(M) imply'iT E I(G), B[T/X] f-V' M : a.
(ii) B f-V' x : a if and only if B(x) ::::;V' a.
(iii) B[T/X] f-V' M : a and 1r ::::;V' T imply B[1r/x] f-V' M : a.
(iv) lf B f-V' 'xx.M : a then either a C:::OV' w ar a 2:V' 1rl /\ ... /\ 1rn (n 2: 1),
where 1ri C:::OV' !-li ---+ Vi, !-li E I(G) and B[!-li/x] f-V' M: Vi (1::::; i ::::; n).
(v) lf B f-V' MN: a then either a C:::OV' w ar a 2:V' 1rl/\ ... /\ 1rn (n 2: 1) such
that B f-V' M : Ti ---+ 1ri and B f-V' N : Ti, for some Tl, ... ,Tn E I(G)
(1::::;i::::;n).
(vi) Let T 7=-V' w and a E I(G).
B f-V' 'xx.M: a ---+ T if and only if B[a/x] f-V' M: T.
(vii) Let a 7=-V' w. B f-V' M N : a if and only if B f-V' M T ---+ a and
B f-V' N : T, for some T E I(G).

Proof. (i) Immediate, from the definit ion of the type assignment system.
(ii)(~) By rules· (var) and (::::;V').
(=» By induction on the derivation. Note that (---+ 1) and (---+ E) cannot
be used.
(iii) By induction on the derivat ion. Note that 1r E I(G) by Lemma 1O.1.3.(i).
 10.1 Filter -XLl-Models 113

(iv) By induction on the derivation proving B f-v Ax.M : a. If the last

applied rule is either (w) or (-t 1), then the proof is trivial. In case the
last applied rule is (:~ v ), the prooffolIows from the inductive hypothesis
and the transitivity of :::;'17' In case the last applied rule is (/\1), the proof
folIows from the inductive hypothesis. The case of rule (-t E) is not
possible.
(v) By induction on the derivat ion proving B f- v MN : a. Ifthe last applied
rule is (w) or (-t E), then the proof is trivial. In case the last applied
rule is (:::;'17)' the proof folIows from the inductive hypothesis and the
transitivity of :::;'17' In case the last applied rule is (/\1), the prooffollows
from the inductive hypothesis. (-t 1) cannot be the last applied rule.
(vi) (<=:) By rule (-t 1).
(=}) B f- v Ax.M: a - t T implies (/L1 - t vd /\ ... /\ (/Lm - t vm ) :::;'17 a - t T
for some m 2: 1, where /Li E I(C) and B[/Li/x] f- v M : Vi (1 :::; i :::; m), by
point (iv). 8ince the type theory is legal, 3{il, ... , id ~ {1, ... , m} such
that /Lil /\ •.• /\ /Lik 2:'17 a and Vil /\ •.• /\ Vik :::;'17 T. By Lemma 10.1.3.(ii)
/Lil /\ ... /\ /Lik E I(C), so B[/Lij/X] f- v M : Vij (1 :::; j :::; k) imply
B[/Lil /\ ... /\/Lik/X] f- v M: Vil/\",/\Vik' by rule (/\1) and by point (iii) of
this lemma. Again by point (iii) ofthis lemma, B[a / x] f- v M : Vil/\",/\Vik
and by rule (:::;'17) we can conclude B[a/x] f- v M: T.
(vii) (<=:) By rule (-t E). Note that T E I(C) is a necessary hypothesis.
(=}) By point (v), if B f- v M N : a and a i:-v w then a 2:'17 /L1 /\ •.• /\ /Lm
for some m 2: 1; moreover, B f-v M : ai - t /Li and B f-v N : ai, for some
ai E I(C) (1 :::; i :::; m). Hence 0'1/\ ... /\ am E I(C) by Lemma 10.1.3.(ii).
By rule (/\1), B f-v M: (al - t /L1) /\ ... /\ (am - t /Lm)' Note that
(al ---+ J-tl) /\ ... /\ (am ---+ J-tm) 5:'17 (al /\ ... /\ am ---+ J-td /\ ... /\ (al /\ ... /\ am ---+ J-tm)
5:'17 al /\ ... /\ am ---+ J-tl /\ ... /\ J-tm
since al /\ ... /\ am :S:v ai (1 :s: i :s: m) and by Lemma 1O.1.4.(iii).
80 B f- v M : al /\ ... /\ am -t /L1 /\ ... /\ /Lm by rule (:::;'17); moreover,
B f-v N : al /\ ... /\ am, by rule (/\1).
8ince B f- v M : (al /\ ... /\ am) - t a by rule (:::;'17)' the proof is done. O
Note that the notion of legality is essential in the proof of point (vi) of
Lemma 10.1.7.

Remark 10.1.8. By Lemma 10.1.7.(i), it folIows that the derivat ion of a type
for a closed term is independent from the basis, Le. if M is a closed term
then B f- v M : a implies that B ' f- v M : a, for alI B ' .

Now we are ready to introduce the basic ingredients for defining a filter
model.

Definition 10.1.9. Let'V be the type system < C, :::;'17, I(C) >.
(i) A fllter f an 'V is any set cantaining w and clased under /\ and :::; v,
namely:
114 10. 'xLl-Models

• f-l, v E f implies f-l A v E f;

• f-l E f and f-l ::; V T imply T E f·

Let .1'(\7) be the set of alt filters on \7, and let I(\7) be the set of filters
containing at least one type belonging to 1 (C).
(ii) Let S be a set of types; '1 S is the filter obtained from S by closing it
under A and ::; v, i. e the least filter containing S.
(iii) Let 0'17 be the binary operation defined on .1'(\7) in the foltowing way:

fI 0'17 12 = '1 {w} U {T [ O' -+ T E fI and O' E 12 and O' E 1 (C)}.

Note that f E I(\7) and O' ti. I( C) imply O' E f by the conditions on the
set of input types.
The folIowing lemma shows that the definit ion of 0'17 is correct.

Lemma 10.1.10. Let \7 =< C, ::;v,!(C) >.

If fI, 12 E .1'(\7) then fI 0'17 12 E .1'(\7).

Proof. Clearly W E .1'(\7).

Let us prove that fI 0'17 12 is closed under intersection.
Let 0:, /3 E fI 0'17 12; so, there are 0', TE hnI(C) such that O' -+ 0:, T -+ /3 E fI·
Both fI and 12 are filters, thus O' A T E 12 n I(C) and O' A T -+ 0:, O' A T -+
/3 E fI (since O' -+ o: ::;'17 O' A T -+ o: and T -+ /3 ::;'17 O' A T -+ /3). Hence
(O' AT -+ 0:) A (O' AT -+ /3) EfI and O'AT -+ o:A/3 E fI, by Lemma 1O.1.4.(iii).
Thus O' AT E 12 n I(C) implies o: A /3 E fI 0'17 12, by definit ion of 0'17'
Now let us prove that o: E fI 0'17 12 implies TE fI 0'17 12, for every T 2'17 0:. In
fact, o: E fI 0'17 12 implies that there is O' E 12 n 1 (C) such that O' -+ o: EfI.
O' -+ o: ::;'17 O' -+ T and fI is a filter imply that O' -+ T E fI, thus TE fI 0'17 h. O

The interpretation function will associate ta every term alI the types that
can be assigned to it.

Let \7=<C,::;v,I(C) >.

[.]1''('\7) : A x (Var -+ I(\7)) -+ .1'(\7) is the interpretation function,
defined as folIows:

[M];(V) = {O' E T(C) [3B cx p such that B f- v M: a},

where B cx p means that \Iz E Var B(z) E p(z), and it can be read
as "B agree with p".

Remember that a basis B is a function from Var to I(C).

Theorem 10.1.11 (Filter .-\L1-models).

Let \7 = < C,::; v, 1 (C) > be a legal type system, and let M E L1 implies
[M]p E I(\7), for alt environments p.
Then < .1'(\7),I(\7), 0'17, [.]F(V) > is a .-\L1-model.
 10.1 Filter >.Ll-Models 115

Proof. It is easy to see that [M]:(V') is a filter, for alI terms M. The proof
is carried out by verifying the conditions of Definition 10.0.l.
1. We will prove p(x) = {O" E T(O) I::lB cx p such that B f-V' x: O"}.
Let O" E I(O); so, O" E p(x) if and only if ::lB cx p such that B(x) = 0",
which means B f-V' x : O" by rule (var). Note that p(x) E I('\l) implies
that there is J.t E I (O) such that J.t E p( x); if O" ti. I (O) then O" E p( x)
since J.t ::;V' O" by conditions on the input types, hence B f-V' x : J.t implies
B f-V' x : O" by rule (::;V').
2. Let Bo U BI be the basis such that (Bo U BI)(X) = Bo(x) 1\ BI(x).
By using Lemmas 10.1.7.(iii) and 1O.l.7.(vii):

[MN]:(V') = {O" E T(O) I::lB cx p such that B f-V' MN: O"} =

::lB cx p B f-V' N : T and}
I {w} U { O" Ţ.V' W ! ::lT E I(O) such that both B f-V' M: T ---+ O" =

::lBo, BI cx p Bo U BI cx p and }
I {w} U { O" Ţ.V' W ! ::lT E I (O) such that Bo f-V' N : T and =
BI f-V' M : T ---+ O"

t {}
I W U
{,...L
O" -/-V' W
!::lBo, BI cx p
E I(O) suc
h th Bo f-V' N : T
at B l I'V' M : T
and }
=
::J T
::J O"
---+

I {w} U { O" Ţ.V' W I ::lT E I(O) such that

TE
T
[N]F(V') and
P F(V')
---+ O" E [M]p }=
[M]:(V') 0V' [N]:(V')

3. Let f E I('\l); so by Lemma 1O.1.7.(vi)

[>.x.M]:CV') 0V' f =
l' {w} U {T Ţ.V' w I (J E f and (J E I(C) and (J --> T E [>.x.M]:CV')} =
l' {w} U {T Ţ.V' w I (J E f n I( C) and :lB cx p such that B f-V' >.x.M : (J --> T} =
l' {w} U {T Ţ.V' w I :lB cx p such that B[(J/x] f-V' M: T and (J E I(C) and (J E f}
Thus the proof is done, since

[M]:r}~~] = {T E T(O) I::lB' cx p[flx] such that B' f-V' M: T}.

4. We assume that [M]:r~~2] = [M']:'\d')y] , for alI d E lI; namely Vd E II

{O" I::lE cx p[d/x] s.t. E f-V' M: O"} = {O" I::lE' cx p'[d/y] s.t. E' f-V' M': O"},
in particular, for alI T E I (O)

{O" I::lE cx P[I T/X] s.t. E f-V' M: O"} = {O" I ::lE' cx P'[I T/Y] s.t. E' f-V' M': O"}.

Hence, it is easy to see that for alI T E I (O):

116 10. >.Ll-Models

3B cx P s.t. B[T/X] f---\7 M: (J if and only if 3B' cx p' S.t. B'[T/Y] f---\7 M' : (J.

Let us assume lr E [>'x.M]:(\7), so 3B cx p such that B f---\7 >.x.M : lr

by the definit ion of the interpretation function. By Lemma 1O.1.7.(iv),
lr ~\7 (f-ll ----; lII) A ... A (f-lm ----; lIm ) for some m ~ 1, where f-li E I(C) and
B[f-ldx] f--\7 M : lIi (1 'S i 'S m). But B[f-ldx] f---\7 M : lIi if and only if
3B' cx p' such that B'[f-ldy] f---\7 M' : lIi. 80 by rules (----; 1), (AI) and ('S\7)
3B' cx p' such that B' f---\7 >.y.M' : lr. Hence, [>'x.M]:(\7) = [>.y.M,];(\7)
by the definit ion of the interpretation function.
5. By hypothesis. D

Now we can define the notion of filter >'.1-model (or briefly filter model,
when .1 is either not instantiated Of clear from the context).

Definition 10.1.12. (i) A filter >'.1-model is any quadruple

< F(V7),I(V7), 0\7, [.V(\7) >

such that V7 =< C, 'S \7,1 (C) > is a legal type system, and M E .1 implies
[M]p E I(V7) for aU environments p.
(ii) The partial order between terms induced by a filter >'.1-model Fis defined
as foUows:
M ~F N if and only if Vp, [M]: ~ [N]: '
i.e.

M LF N wiU denote the proper inclusion.

The two properties proved in the next lemma are quite useful for proving
operational properties of terms.

Lemma 10.1.13. Let F be a >'.1-model.

(i) If M ~F N then C[M] ~F C[N], for aU context C[.].
(ii) If M ~F N and B f---\7 M : (J then B f---\7 N : (J, for aU bases B.

Proof. (i) By induction on the context C[.], similarly to the proof ofProperty
1O.O.2.(v).
(ii) B f---\7 M: (J implies (J E [M]:B' where PB(X) =1 B(x), for each x E Var.
But M ~F N implies (J E [N]:B' so ?JB' cx PB such that B' f---\7 N : (J.
It is easy to see that B(x) 'S\7 T E PB(X), so B(x) 'S\7 B'(x), for each
x E Var and, by Lemma 1O.1.7.(iii), B f---\7 N : (J. D

We can refine both the notion of correctness and completeness of a model

with respect to a given operational semantics by taking into account the
preorder reIat ion instead of the equivalence one.
 10.1 Filter >.Ll-Models 117

Definition 10.1.14. Let:F be a fllter model. :F is correct with respect to the

O-operational semantics if and only if M !;;;F N implies M :::<0 N, for all
M, NEA. :F is complete with respect to the O-operational semantics if and
only if the inverse implication holds.
M oreover, :F is fully abstract with respect ta O, in case it is both correct and
complete with respect to O.

The next property will be very useful in what follows in order to prove
the correctness of some filter models.

Praperiy 10.1.15. Let:F be a filter model such that

M -U-o and N 1to implies N LF M, for all M, NEA.

Then :F is correct with respect to O.

Praof. We will prove that the given hypothesis implies the following implica-
tion: Q i;o P implies Q g;F P. If Q i;o P then there is a context C[.] such
that C[Q] -U-o while C[P]1to, which implies, by hypothesis, C[P] LF C[Q],
which in turn implies C[Q] g;F C[P]. 80 Q g;F P by Property 1O.1.13.(i). O

The first filter model for the AA-calculus was built in [10]. A presentation
of a class of filter models, which includes models of both AA-calculus and
Ar-calculus, can be found in [38]; it is less general the that one given in this
book, and it is based on the notion of partial intersection type assignment
system.
11. Call-by-Name Denotational Semantics

To model a >'A-theory, it is necessary to reflect in the model the fact that

the set of input values coincides with the whole set A. So it is natural to ask
that in every model the set JI)) and the set of semantic input values Il must
coincide. In a filter model, it must be F(C, \7) = I(C, \7), so T(C) = I(C).
The characterization of a model of >'A-calculus folIows quite easily, re-
membering the notion of a legal type system.

Theorem 11.0.1. Let \7 =< C, :::;'\7, T(C) >.

If \7 is legal then < F(\7), F(\7), 0'\7, [.V('\7) > is a >'A-model.
Proof. The proof folIows from Theorem 10.1.11, since L1 = A. D

11.1 The Model 1-l

In this section, we will introduce a filter model that is fulIy abstract with
respect to the H-operational semantics. By keeping in mind Property 10.1.15
and by observing that if N is A-solvable and M A-unsolvable then M -<H N,
in order to define a model that is correct with respect to the H-operational
semantics, it is sufficient to ask for the property:

VM, N if M is A-solvable and N is A-unsolvable then N L1t M.

So we must define a legal type system \7 based on a set of constants C

such that, for every A-solvable term M and A-unsolvable term N, there is a
basis B and at least one type u such that B r-'\7 M : u while not B r-'\7 N : u.
It is not possible to find a type u having this property, because solvable terms
are not closed under application (as we already observed at the end of Sect.
1.2), while a type must have a uniform functional behaviour.
In order to characterize the operational semantics H, we will introduce the
class of openly solvable terms, which is a proper subclass of A-solvable terms
closed under application. We will prove that it is possible to characterize this
class in the sense as before, and moreover the same model characterizes, in a
weaker sense, the class of alI A-solvable terms.
120 11. Call-by-Name Denotationai Semantics

Definition 11.1.1. A term M is openly A-solvable il and only il M

>'xl ... xn.zM1 ... M m where z E FV(M).

By abuse of notation, we will speak about the head variable of a term for
denoting the head variable of its A-hnf.

Example 11.1.2. 1(lx) and 1(>'y.xx) are openly A-solvable, while 1(>'x.xy)
is A-solvable but non-openly A-solvable.

It is immediate to verify that the property of being openly A-solvable is

closed under application; namely if M is openly solvable then M N is openly
solvable too, for aH N. This behaviour suggests that a type a characterizing
the openly solvable terms must satisfy the equation a ~ w ........ a (remember
that the constant w can be assigned to every term).

Definition 11.1.3. Let Coo = {4J,w} and I(Coo ) = T(Coo ).

00 is the type system < Coo , :Soo, I(Coo ) >, where :Soo is the least intersection
relation induced by the rules in Fig. 11.1.

---(a) ----(b) ----(c) ----(c')

a::;oo w a ::;00 a /\ a a /\ r ::;00 a a/\r::;oor

- - - - - - - - - - - (d) ------(9)
(a --+ r) /\ (a --+ 7r) ::;00 a --+ (r /\ 7r) a --+ W ::;00
w --+ W
u ~oo (7', 'T ::;00 T' a' ~(X) a,T ~oo T'
---(r)
a::;oo P P::;oo r
, ,(e) , , (1) ------(t)
a /\ r ::;00 a /\ r (J ---t r ~oo (j ---+ T
a::;oo a a::;oo r
----(hl) ----(h2) ----(h3)
1> ::;00 w --+ 1> W --+ 1> ::;00 1> W::;00
w --+ W

Fig. 11.1. oo-intersection reIat ion

Example 11.1.4. It is easy to check that 4J ~oo w -+ 4J, w ~oo W -+ W and

a -+ W ~oo w, for aH a. Moreover B f- oo D : 4J -+ 4J, for every basis B. In
fact, we can build the foHowing derivation:

- - - - - - (var)
B[4J/x] f- oo X : 4J
--------«00) (w)
B[Nx] f- oo X : w -+ 4J - B[4J/x] f- oo X : w
( --+E)
B[4J/x] f-CX} xx: 4J
- - - - - - (--+1)
B f- oo D : 4J -+ 4J
In Sect. 11.1.1, the intersection reIat ion :Soo is extensively studied.
 11.1 The Model 1t 121

Theorem 11.1.5. The type system 00 is legal.

Proof. The proof is in Sect. 11.1.1. o

Hence the following definition is well posed, by Theorem 11.0.1.
Definition 11.1.6. 1i is the AA-model: < F(oo),F(oo), 000' [.].1'"(00) >.

We will prove that 1i is fully abstract with respect to H.

Property 11.1. 7.
(i) Let M be openly A-solvable and let z be its head variable. If B is the
basis such that B(z) = <jJ, then B 1--00 M : <jJ.
(ii) Let M = AXI ... Xn.zMI ... Mm (m, n E N). If B 1--00 M : <jJ then M is
openly solvable.
(iii) If M =A AXI .. ,Xn,XkMI ... Mm (1:S k:S n), then for all bases B:

• B 1--00 M : <jJ -> ... -> <jJ, for every p such that k + 1 :S p :S n + 1;
'-.,-'
p
• B li00 M : <jJ -> ... -> <jJ, for any p :S k.
'-.,-'
p

Proof. (i) Let M =A AXI",Xn.zMI ... Mm, where z E FV(M). Clearly

B[W/XI, ... ,w/xnl 1--00 z: <jJ and B[W/XI' ... ,w/xnl 1--00 z: ~ -> <jJ,
m

by rule (:Soo). Since B[w/xt, ... ,w/xnl 1--00 Mi : W (1 :S i :S m) by rule

(w), by m applications of rule (-> E) we can build a derivation proving
B[W/Xl, ... ,w/xnl 1--00 zM1 ... M rn : <jJ. Hence, by n applications of rule
(-> 1), we have B 1--00 AXI",Xn.zMI ... Mm : ~ -> <jJ, which
n
implies B 1--00 AXI ... Xn.zMI ... Mm : <jJ, by rule (:Soo)' Thus B 1--00 M : <jJ,
by Corollary 10.0.3.
(ii) By induction on n. If n = Othen M = zMI ... M m and the proof is trivial;
so let n ~ 1 and B 1--00 AXI",Xn.zMI ... Mm : <jJ.
So B 1--00 M : W -> <jJ by rule (:Soo); so B[W/Xll 1--00 AX2 ... Xn.zMI ... Mm :
<jJ, by Lemma 10.1.7.(vi). By inductive hypothesis z ţf. {X2, ... , x n }. More-
over, B(z) Ţ.oo w; otherwise it would be <jJ ~oo W by Lemma 10. 1.7. (ii) ,
against the fact that <jJ Ţ.oo w, proved in Sect. 11.1.1. Then z -ţ Xl since
B(XI) = W, so M is openly solvable.
(iii) Let M =A AXI",Xn.XkMI ... Mm, and let p ~ k. As for the point (i), we
can build a derivat ion proving

B[<jJ/XI, ... , <jJ/xp ,w/xP+1, ... , w/xnl 1--00 XkMI ... Mm : <jJ,

and so, by rules (-> 1) and (:Soo),

 122 11. Call-by-Name Denotational Semantics

Hence, by rule (---t 1), B r- oo AXl",Xn.XkMl ... Mm : cjJ ---t •.• ---t cjJ ---t cjJ.
~
p
A derivat ion assigning to M a type of the shape cjJ ---t .•• ---t cjJ ---t cjJ, with
~
p
p < k cannot exist, since the only possibility to derive it would be to as-
sign to Xk a type equivalent to w, and in this case only a type equivalent
to w can be assigned to M. O

By using the type assignment system, we can easily prove that the A-
theory induced by the model 'H is a A1']-theory.

Property 11.1.8. '""H is a A1']-theory.

Proof. The theory induced by 'H is a A-theory by Corollary 10.0.3, since 'H is
a AA-model by Theorem 11.0.1. In order to prove that it is aIso a A1']-theory,
by Property 2.1. 7, it is sufficient to prove that I '""H E. We will prove both
I [;;;H E and E [;;;H I.
(I [;;;H E) We will prove that B r- oo I : (J implies B r- oo E: (J.
By Property 11.1.36.(i), either (J '::::'.00 W or (J '::::'.00 (Ja 1\ ... 1\ (Jn (n 2: O)
such that 'Vi ~ n, (Ji '::::'.00 71 ---t •.• ---t 7:n
i ---t cjJ for some mi E N. The case

(J '::::'.00 W is trivial, by rule (w); so the proof follows by induction on n.

Let n = 0, thus we can assume (J '::::'.00 f..1 ---t II ---t 7, by Property
11.1.36.(ii). Note that B r- oo I : (J implies B r- oo I: f..1 ---t II ---t 7, by rule
(:Soo); thus B[f..1/x] r oo x : II ---t 7 by Lemma 1O.1.7.(vi), and f..1 :Soo II ---t 7
by Lemma 10.1. 7.(ii). We can build the following derivation:

- - - - - - - (var)
r
B[J.L/x][v/y] oo x: J.L J.L::;00 V ---+ T
- - - - - - - - - - - - - - - (:S=) (var)
B[J.L/x][v/y] r oo x: V ---+ T
V B[J.L/x][v/y] r oo y:
-----------------------(~E)
B[J.L/x][v/y] oo xy : Tr
- - - - - - - - - (~I)
r
B[J.L/x] oo Ay.XY : V ---+ T
- - - - - - - - - (~I)
r J.L ---+ V ---+ T ::;00 a
B oo AXY.XY : J.L ---+ V ---+ T
---------------------(:S=)
B r oo AXY.XY : a

If n 2: 1 then the proof follows by inductive hypothesis.

(E [;;;H I) We will prove that B r- oo E : (J implies B r- oo I : (J.

By Property 11.1.36.(i), either (J '::::'.00 W or (J '::::'.00 (Ja 1\ ... 1\ (Jn (n 2: O)
such that 'Vi ~ n, (Ji '::::'.00 71 ---t ••• ---t 7:n
i ---t cjJ and mi E N. The case

(J '::::'.00 W is trivial, by rule (w); so the proof follows by induction on n.

Let n = 0, thus we can assume (J '::::'.00 f..1 ---t V ---t 7, by Property
11.1.36.(ii). Note that B r- oo AXY.XY : (J implies B r- oo AXY.XY :
 11.1 The Model H 123

J-l -+ V -+ T, by rule (:::;00); thus, by Lemma lO.1.7.(vi), this implies

B[J-l/x][v/y] f- oo xY : T, which in turn implies B[J-l/x][v/y] f- oo x : (J -+ T
and B[J-l/x][v/y] f- oo y : (J, for some (J, by Lemma lO.1.7.(vii). Rence, by
Lemma lO.1.7.(ii), J-l :::;00 (J -+ T and v :::;00 (J (so J-l :::;00 v -+ T). Then we
can build the following derivation:

- - - - - - (var)
B[J-l/x]
f- oo x : J-l
-+ T J-l :::;00 v
---------------(~=)
B[J-l/x]
f- oo -+ T X:v
- - - - - - - - - (-tI)
B f- oo AX.X : J-l -+ V -+ T J-l -+ V -+ T :::;00 a-
---------------------(~=)
B f- oo AX.X : a-
Hn ~ 1 then the proof follows by inductive hypothesis. D

In order to prove that H is correct with respect to the H-operational

semantics, it is necessary to prove that an unsolvable term cannot be assigned
a type of the shape rjJ -+ ... -+ rjJ, for every n. To this aim we will introduce a
~
n
general tool for reasoning about interpretations of terms in a model, namely
an approximation theorem. More precisely, we will prove that the meaning
of a term (i.e. the set of types that can be derived for it) is the collection of
the meanings of a set of normal forms of an extended language. 80 it will be
possible to reason on the denotational semantics of terms simply by induction
on normal forms.

First, we extend the language by adding a constant D to the formation

rules of terms, then we define two new reduction rules on the so-obtained
language.

Definition 11.1.9. (i) AD is the language obtained by adding ta A the con-

stant D, namely the language inductively defined as follows:
• DE AD,
• x E Var implies x E AD,
• M E AD and x E Var implies (Ax.M) E AD,
• M E AD and N E AD implies (M N) E AD.
(ii) -+ n is the reduction defined as the contextual closure of the following
rules:
DM -+ D, Ax.D -+ D.
(iii) The AD-reduction (-+ An) is the contextual closure of the following rules:
(Ax.M)N -+ M[N/x], DM -+ D, Ax.D -+ D.
-+ Ân is the reflexive and transitive closure of -+ An·
The TJ-reduction (-+1)) can be directly applied ta the language AD (see
Definition 1.3.7).
124 11. Call-by-Name Denotational Semantics

M E Aft is in Aft-normal form (Aft-ni) if and only if it does not contain

Aft-redexes.

As usual, terms of Aft will be considered modulo a-equality. The type

assignment system of Definition 10.1.1 can be applied to Aft without modifi-
cations. It is easy to see that to the term ft only the type w can be assigned,
by rule (w).

Property 11.1.10. The type assignment system f--- 00 is closed under = An.
Proof. Easy. D

The intuitive interpretation of the constant ft is that it represents a term

with an unknown behaviour. The interpretation function is therefore natu-
ralIy extended to Aft, i.e. the interpretation of a term of Aft is the set of alI
types that can be assigned to it.

Definition 11.1.11. The set of approximants of a term M is defined as

follows:

A(M) = {A I there is M' such that M =A M' and A is a Aft-normal f orm }

obtained from M' by replacing some subterms with ft.

Example 11.1.12. Some sets of approximants are shown.

A(I) = {ft, AX.X}, A(D) = {ft, AX.XX, AX.xft} ,

A(DD) = {ft} , A(K(Ax.x(II))(DD)) = {ft, AX.Xft, AX.XI}.

Approximants can be defined inductively as folIows.

Definition 11.1.13. The set A of Aft-normal forms can be inductively de-

fined as follows:
• ft E A,
• Aj EA imply AXl ... xn.xAl ... Am EA (1 ::; j ::; m).
Aft-normal forms will be ranged over by A, A', possibly indexed.

Clearly every A-normal form is an approximant of some term. So, we will

simply call approximant a Aft-normal form.

Property 11.1.14. (i) For every A, there is a term M such that A E A(M).
(ii) If M =A N then A(M) = A(N).

Proof. (i) Easy.

(ii) By definit ion of approximant. D
 11.1 The Model 1t 125

An approximant A is openly solvable if and only if A == AXl ... Xn.zA1 ... A m

and z E FV(A). It is easy to check that Property 11.1.7 holds for approxi-
mants too.
A key property of the approximants is that the [;;;1t order reIat ion between
them can be syntactically axiomatized.

Definition 11.1.15. Let A and A' be two approximants.

A « A' if and only if one of the two following cases arises:
(i) A == a;
(ii) A ="1 AXl···Xn.zAl .. ·Am, and A' ="1 AXl ... Xn.zA~ ... A~,
and Ai« A~ for each i (1::::: i::::: m; n,m E N).

Although the 1']-reduction (-+"1) can be directly applied to the language

Aa, often we are only interested in its use on approximants. Note that a ="1
AZ.aZ and AX.X ="1 Ay·(AX.X)Y, but both AZ.aZ ~ A and Ay·(AX.X)Y ~ A,
since they are not Aa-normal forms. However, AZ.aZ -+ Ar.? a E A, and
Ay·(AX.X)Y -+Ar.? AX.X E A.

Example 11.1.16. A(Ax.xII) = {a, AX.Xaa, Ax.xaI, Ax.xla, Ax.xII}. It is

easy to see that Ax.xaI <ţ:.. Ax.xla, while AX.Xaa « Ax.xII.

Clearly « is a preorder relation on A and a partial order on the set of

approximants considered up to 1']-equivalence.
The next theorem proves that two approximants A and A' such that
A <ţ:.. A' can be semiseparated, in the sense that there is a context that Aa-
reduces either to 1 or to a where it is filled respectively by A and A'. The
fact that the model 1i is fully abstract with respect to the H-operational
semantics is based essentially on this property.

Theorem 11.1.17 (Semiseparability).

Let A <ţ:.. A'. Then there is a context C[.] such that C[A] -+Ăr.? 1 while
C[A'] -+Ăr.? a.

Proof. The proof is in Sect. 11.1.3. o

Hence, « is a syntactical axiomatization of the [;;;1t order relation between
approximants.

Lemma 11.1.18. A [;;;1t A' if and only if A « A'.

Proof. (.ţ::) We will prove that, if A « A', then B f-- 00 A : a implies B f-- 00
A' : a, by induction on the definition of «. If A == a, then a == w and
the proof is trivial, by rule (w). Otherwise, let A ="1 AXl ... Xn.zAl ... Am and
A' ="1 AXl ... Xn.zA~ ... A~ and Ai« A~ (1::::: i::::: m). By Property 11.1.36.(i),
either a ~oo w or a ~oo ao/\ .. ·/\ak (k ~ 1), where ai ~oo 71
-+ ... -+ 7t
-+ rjJ
(h i E N,i ::::: k). The case a ~oo w is trivial; so let a ~oo 0'0/\ ... /\ ak (k ~ 1).
126 11. Call-by-Name Denotational Semantics

B 1-00 A : a implies B 1-00 A : ai (i ::; k), by rule (::;00)' As shown in

Property 11.1.8, the type assignment system is closed under 1}-equality, thus
Tt -
B 1-00 AXl ... Xn.zAl ... Am : TI - ... - cjJ.
Without loss of generality, we can assume h i ~ n (Vi ::; k) by Property
- ... - Tt -
11.1.36.(ii), thus B[Tt!Xl, ... , T~/Xn] 1-00 zAl ... Am : T~+l cjJ,
by Lemma 1O.1.7.(vi). Hence, by Lemma 1O.1.7.(vii) there are ţ.tL ... ,ţ.t~i E
T(Coo ) such that

and B[Tt/Xl, ... , T~/Xn]l-oo Aj : ţ.t) (j::; m, i ::; k).

By induction B[Tt!Xl, ... , T~/Xn]l-oo Aj : ţ.t) (j ::; m, i ::; k); so by m ap-
plications of rule (- E) and n applications of rule (- 1), it folIows that
B 1-00 A' : ai, for alI i ::; k; the prooffolIows by rule (/\1).

(==» By the semiseparability theorem, A 1:.. A' implies there is a context C[.]
such that C[A] -Ân 1 while C[A'] -Ân n. By Property 11.1.10, this implies
C[A] !l1t C[A'], which in turn implies A !l1t A'. D

The folIowing theorem states that the interpretation of a term is the

collection of the interpretations of its approximants.

Theorem 11.1.19 (fi-Approximation).

B 1-00 M : a if and only if B 1-00 A : a, for some A E A(M).
Proof The proof is in Sect. 11.1.2. D

The syntactic shape of the approximants of a term having A-hnf is related

to the syntactic shape of its A-hnf's, as showed in the folIowing property.

Properly 11.1.20. (i) M is A-unsolvable if and only if A(M) = in}.

(ii) Let A E A(M) and A -ţ n.
M -Â AXl ... Xn.zMl ... M m if and only if A == AXl ... xn.zA l ... Am, for
some A E A(Mi ).
(iii) Let A E A(M) and A -ţ n. M =A'I/ AXl",Xn.zMl ... Mm if and only if
A ='1/ AXl.· .xn·zAl .· .Am, for some Ai E A(Mi ) (1 ::; i ::; m).
Proof (i) If M is a A-unsolvable and M =A N == AXl ... Xn.RNl ... Nm,
then R is a A-redex. So the only An-normal form that can be obtained
from N by replacing some of its subterms by n is n itself.
(ii) By definit ion of approximants and Property 2.1.2.
(iii) By definit ion of approximants and by definition of of A1}.
D

Corollary 11.1.21. The theory induced by fi is sensible.

Proof. By Property 11.1.20.(i), remembering Definition 1.3.4. D

 11.1 The Model 'H 127

So the correctness of 11. with respect to the H-operational semantics fol-

lows easily.
Theorem 11.1.22 (li-Correctness).
The model 11. is correct with respect to the H-operational semantics.
Proof. By Property 10.1.15 it is sufficient to prove that, for alI M, N, if M
is A-solvable and N is A-unsolvable then N L1i M.
By Property 11.1.7 a solvable term can be assigned at least one type 7:-00 w,
while only type c::: oo w can be assigned to an unsolvable term, since it has il
as the only approximant. D

The correctness of the model 11. with respect to the operational semantics
H alIows us to transfer some results from the denotational world to the
operational one. So some interesting properties of H can be proved. The
reader can see that the approximation theorem is a quite useful tool.
Corollary 11.1.23. The H-operational semantics is fuUy extensional.
Proof. By correctness and Property 11.1.8. D

In Sect. 2.1 the notion of calI-by-name fixed-point operator was intro-

duced, and a term with this behaviour was shown in the proof of Theorem
2.1.8. An example of another fixed-point operator will be show in the last
chapter. It is an easy exercise to prove that it is possible to build an infinite
number of such operators (see [83]). The next theorem proves that an are
equated in the H-operational semantics.
Theorem 11.1.24. AU caU-by-name jixed-point operators are H-equivalent.
Proof. Let P be any calI-by-name fixed-point operator, so PM =A M(PM),
for alI MEA. Then P ='7 )..z.pz =A )..z.z(Pz) , where z fj. FV(P);
by iterating this reasoning, by the confluence theorem and by Properties
11.1.8 and 11.1.20, every approximant of P is either il or of the shape
)..z. z(z ... (z il) ... )(n ~ 1). Hence the result folIows, by the approximation
'"-v--'
n
theorem. D

The next theorem proves a key result, which implies directly the fulI-
abstraction of the model 11. with respect to the H-operational semantics. It
proves that, if M !;?;1i N, then there is a context H-discriminating them.
Its proof uses the semiseparability property between approximants, namely
if M !;?;1i N then it is possible to find two approximants A E A(M) and
A' E A(N), such that A 1;:. A' and the context discriminating M and N is a
minor modificat ion of the context semiseparating A and A'.
Theorem 11.1.25 (li-Discriminability).
II M !;?;1i N then there is a context C[.] such that C[M], C[N] E AO and
C[M]-U-H while C[N] ltH.
128 11. Call-by-Name Denotational Semantics

Proof. The proof is in Sect. 11.1.3. D

Theorem 11.1.26 (1t-Completeness).

The model1t is complete with respect to the H-operational semantics.

Proof. We must prove that M ~H N implies M G;H N. Let M gH N. By

the 1t-discriminability Theorem, there is a context C[.] such that both C[M]
and C[N] are closed and C[M]-lJ.H while C[N]1Î'H, hence M ~H N. D

Corollary 11.1.27 (1t-Full abstraction).

The model1t is fully abstract with respect to the H-operational semantics.

Proof. By Theorems 11.1.22 and 11.1.26. D

The 1t-discriminability Theorem allows for a finite axiomatization of the

preorder G;H between terms.

Definition 11.1.28. (i) The relation G;kS;:; A x A (k E N) is defined, by

induction on k, as follows:
• M G;k N, for aU k, if M is A-unsolvable;
• M G;o N if and only if M =A1] AXl ... Xn·xMl.·.Mm and N =A1]
AXl ... Xn.xNl ... Nm;
• M G;k+1 N if and only if M =A1] AXl ... xn·xM1 ... M m and N =A1]
AXl·· .xn.xN1 ·· .Nm , where Mi G;k Ni, for aU i (1::::: i ::::: m).
(ii) M "'k N if both M G;k N and N G;k M.

Example 11.1.29. Ax.x(DD)I ~o Ax.xIK while Ax.x(DD)I gl Ax.xIK.

Roughly speaking, two terms M and N are in the reIat ion G;k if there are
two terms M' =A1] M and N' =A1] N, having the same structure "up to level
k". So, if Vk ~ 0, M "'k N, any structural difference between them is pushed
to the infinite.

Theorem 11.1.30 (1t-Characterization).

M r:H N if and only ifVk ~ 0, M G;k N.

Proof. The proof is in Sect. 11.1.3. D

The next theorem proves an unexpected result. It has been proved that the
H-operational semantics is fully-extensional, Le. it is closed under 1]-equality.
We will prove now that it also equates terms being differents for an infinite
number of 1]-reductions.
Let Eoo == Y(Axyz.y(xz)) where Y is a call-by-name fixed point operator.
Observe that, if MEA then EooM =A Az.M(Eooz) =A Az.M(AZl.Z(Eooz1))
=A Az.M(Azl.Z(AZ2.Z1(EooZ2))), and so ono So z can be viewed as obtained
from Eooz by means of an infinite number of applications of the 1] -reduction
rule. We will prove that EooM ~H M.

Theorem 11.1.31. EooM ~H M.

 11.1 The Model 1t 129

Proof. We prove 1 "'11. Eoo; the result follows from A-reduction and correct-
ness. Clearly A(I) = {n, AX.X}. Moreover, it is straightforward to check that
A(Eoo) = {n, AZOZl.ZOn, AZOZl.Zo(AZ2.Z1( ... (AZn+l.Znn) ... )) I n ~ O}.
(Eoo [;11. 1) It is immediate to check that every A E A(Eoo) is such that
A ~ 1. Thus the proof follows from Lemma 11.1.18 and from the 'J-i-
approximation theorem.
(I [;11. Eoo) It is easy to see that 1 [;k Eoo, for all k. Then the prooffollows
from the 'J-i-characterization theorem. D

EooM has no normal form, also when M has a normal form. So a term
with normal form is always H-operationally equivalent to a term without nor-
mal form. A syntactical proof of the H-equivalence between the two terms 1
and Eoo was done in [36].

11.1.1 The ~oo-Intersection Relation

::;00 is a preorder relation on T(Coo ); so it induces a partial order on T(Coo )

considered up to ~oo'
Note that O' E T(Coo ) implies that O' == 0'0 Â ..... Â O'n (n E N) where,
O'i E T(Coo ), and either O'i == W or O'i == c/J or O'i == 7ri - t Ti (i ::; n).
Some key properties of oo-type theory will be shown. The next theorem
characterizes the set of types that are 00 equivalent to w.

Theorem 11.1.32. O' ~oo w if and only if O' E n11. , where

n11. ={ (T E
T(C )IO'==O'OÂ ..... ÂO'n(n~O)SUchthat
00 Vi::; n either O'i == W, or O'i == 7ri - t Ti and Ti ~oo W
}
.

Proof. Note that w ~oo O' if and only if w ::;00 0', by the rule (a).
{::: We will prove that O' E n11. implies w ::;00 0', by induction on n. Let n = O.
If 0'0 == w then the proof is trivial; otherwise, 0'0 == 7r - t T and T ~oo w.
Hence w ::;00 w - t W ::;00 7r - t T, respectively, by rules (h3), (1) and (a);
by rule (t), the proof follows.
Let n ~ 1 and O' == 0'0 Â ..... Â O'n; so Vi ::; n w::;oo O'i by induction. So

w ::;00 ~ ::;00 0'0 Â •.... Â O'n

n

by rules (b), (e) and (t).

'* Let us first prove that, if O' E n11. and O' ::;00 T then T E n11. , by induction
on the rules of ::;00'
(a) Trivial, since w E n11. .
(b), (c), (Ci) By definition of n11. •
130 11. Call-by-Name Denotational Semantics

(d) (fl -- p) /\ (fl -- 7r) E [21-l implies p,7r '::::'00 W by definit ion of [21-l, so
w :<:;00 w /\ w :<:;00 p /\ 7r, by rules (b) and (e); hence p /\ 7r '::::'00 W and
fl -- (p /\ 7r) E [21-l.
(e) Let fl :<:;00 fl' and 7r :<:;00 7r'; fl /\ 7r E [21-l implies fl,7r E [21-l, so
fl' ,7r' E [21-l by induction; hence fl' /\ 7r' E [21-l.
(1) Let fl' :<:;00 fl and 7r :<:;00 7r'; fl -- 7r E [21-l implies 7r '::::'00 w, hence
w :<:;00 7r :<:;00 7r' implies 7r' '::::'00 W; thus, fl' -- T' E [21-l by definit ion
of [21-l.
(g) trivial, since w __ w E [21-l.
(r), (t), (h3) Easy.
(h1), (h2) Not possible.
Then the proof is done, since O" '::::'00 W implies w :<:;00 0", and therefore
w E [21-l implies O" E [21-l. D

As a corollary, we can prove that :<:;00 is well posed, in the sense that it
does not equate different type constants in C oo •

Corollary 11.1.33. (i) cp 't-oo w.

(ii) 0"1 -- .. , -- O"n -- W '::::'00 w, for aU 0"1, ... , O"n (n E N).
Proof. (i) Since cp ti- [21-l.
(ii) Easy, by Theorem 11.1.32. D

cp is the "minimum" type with respect to :<:;00'

Lemma 11.1.34. lf O" E T(Coo ) then cp :<:;00 0".

Proof. By induction on 0". If O" == w then the proof is trivial, by rule (a). If
O" == cp then the proof is trivial, by rule (r). If O" == 0"0 /\ 0"1 then cp :<:;00 O"i
(i :<:; 1) by induction, thus cp :<:;00 cp /\ cp :<:;00 0"0/\ 0"1, by rules (b) and (e). If
O" == 0"0 -- 0"1 then cp :<:;00 0"1 by induction, and 0"0 :<:;00 w by rule (a); thus

cp :<:;00 w -- cp:<:;oo 0"0 -- 0"1 by rules (h1) and (1). D

The class of types equivalent to cp is characterized in the following theorem.

Theorem 11.1.35. Let.p1-l = Um2:0 .p~, where .p'{j = {cp} and, for m E N,

O" == 0"0 /\ ••.•• /\ O"n (n E N) and 3k :<:; n such that, }

.p~+l = { O" E T(Coo ) either O"k E.p~ .
or O"k == 7rk -- Tk with 7rk '::::'00 W and Tk E .p~

O" '::::'00 cp if and only if O" E .p1-l, for aU O" E T(Coo )'

Proof. Note that O" '::::'00 cp if and only if O" :<:;00 cp, by Lemma 11.1.34. Moreover,
it is easy to check that

.p1-l = {O" E T(Coo ) 10" == 0"0 /\ ••••• /\ O"n (r:

E N) and 3k :<:; n, either O"k == cp} .
or O"k == 7rk -- Tk wlth 7rk '::::'00 W and Tk '::::'00 cp
 11.1 The Model 'H 131

~ By induction on m. If m = O then the proof is trivial; so let m 2: 1,

a == ao /\ ..... /\ an (n E N) and either ak E ([>";/;_1 or ak == 7fk ---> Tk,
7fk ~oo w and Tk E ([>";/;_1. If ak E ([>";/;_1 then ak ~oo rp by induction;
otherwise, ak ::;00 w ---> rp ::;00 rp by rules (hl) and (1) and by induction.
Hence, by rules (e), (c), (r) and (t):

ao /\ ... /\ ak ... /\ an ::;00 ao /\ ... /\ rp /\ ... /\ an ::;00 rp.

=} Let us first prove that, if a E ([>1t and T ::;00 a then T E ([>1t, by induction
on the rules of ::; 00.
(a) Not possible, since w ti. ([>1t.
(b), (c), (c') By definit ion of ([>1t.
(d) f.l ---> (p /\ 7f) E ([>1t implies f.l ~oo w and p /\ 7f E ([>1t, so it is easy
to see that either p E ([>1t or 7f E ([>1t; thus either f.l ---> P E ([>1t or
f.l ---> 7f E ([>1t; hence (f.l ---> p) /\ (f.l ---> 7f) E ([>1t.
(e) Let f.l ::;00 f.l' and 7f ::;00 7f'; so f.l' /\ 7f' E ([>1t implies either f.l' E ([>1t or
7f' E ([>1t, thus f.l E ([>1t or 7f E ([>1t by induction; hence f.l/\ 7f E ([>1t.
(1) Let f.l' ::;00 f.l and 7f ::::;00 7f'; f.l' ---> 7f' E ([>1t implies f.l' ~oo w and
7f' E ([>1t; hence, 7f E ([>1t by induction and w ::;00 f.l by rule (t), so
f.l ---> 7f E ([>1t.
(g), (h3) Not possible, since w ---> W ti. ([>1t.
(r), (t), (hl), (h2) Easy.
Then the proof is done, since a ~oo rp implies a ::;00 rp, and therefore
rp E ([>1t implies a E ([>1t. O

The next property shows some type characterization.

Property 11.1.36. (i) If a Ţ.oo w then a ~oo ao /\ ... /\ an (n 2: O) such that

Vi ::; n, ai ~oo T{ ---> ... ---> T:"i ---> rp for some mi E N.
(ii) If a ~oo TI ---> ••• ---> T n ---> rp (n E N) then, for all pE N,

rp.
---------- rp
a ~oo TI ---> •.• ---> T n ---> W ---> ••. ---> W --->
p

Proof. (i) By induction on a. If either a == w or a == then the proof is

trivial. Let a == f.l ---> 7f; so, by induction 7f ~oo 7fo /\ ... /\ 7fh (h E N)
such that Vi ::; h, 7fi ~oo vi ---> •.• ---> V:"i ---> rp. By Lemma 10.1.4.(iii),
a ~oo ao /\ ... /\ ah, where ai ~oo f.l ---> vi ---> ••• ---> V~i ---> rp.
The case a == f.l/\ 7f follows by induction.
(ii) By rules (hl), (h2) and (1) it is easy to see that:

TI ---> ••• ---> T n ---> rp ~oo TI ---> •.• ---> T n ---> W ---> rp
so the proof follows by induction on p. o
132 11. Call-by-Name Denotational Semantics

The next property implies the legality of 00. Let us notice that every type
in T(Goo ) has the following syntactical shape:
(iTI ---+ Td A '" A (iT n ---+ Tn ) A CI A ... A Cm where m, n ~ 0, m +n ~ 1,
where Ci E {W, <,b} (1 :.::; i :.::; m). Moreover remember that every constant in
Goo is equivalent to an arrow type; indeed, W c::: oo W ---+ W and <,b c::: oo w ---+ <,b.
Property 11.1.37. Let m, n,p, q ~ 0, m +n ~ 1, p + q ~ 1, and
(iTI ---+ TI)A ... A(iTn ---+ Tn)AcIA ... ACm :'::;00 (iT~ ---+ TnA ... A(iT~ ---+ T;)AdIA ... Adq

where ci,dj E {W,<,b}, Ci C::: OO iTn+i ---+ Tn+i and dj c::: oo iT~+j ---+ T;+j
(Tn+i, T;+j E {w, <,b}, 1 :.::; i :.::; m,1 :.::; j :.::; q). If T~ '1. W (1 :.::; h :.::; p + q),
then there is {il, ... , id ~ {1, ... , n + m} such that iTi! A ... A iTik ~oo iT~,
Ti! A ... A Tik :'::;00 T~ and Tj '1. w, for each j E {iI, ... , ido
Proof. We reason by induction on the last rule of the derivat ion proving

(iTI ---+ TdA ... A(iTn ---+ Tn)AcIA ... Acm :'::;00 (iT~ ---+ TnA ... A(iT~ ---+ T;)AdIA ... Adq •

(a) Trivial, since w c::: oo w ---+ w makes the implicat ion empty.
(g), (h3) Trivial, since w ---+ w makes the implicat ion empty.
(b), (c), (Ci), (d), (r), (hl), (h2) Immediate.
(e), (f) By induction.
(t) Let pE T( Goo ) be such that (iTI ---+ Td A ... A (iT n ---+ Tn ) ACI A ... ACm :'::;00 p
and p :'::;00 (iT~ ---+ T{) A ... A (iT~ ---+ T;) A d l A ... A d q . p must be of the
shape (/-lI ---+ vd A ... A (/-lt ---+ Vt) A el A ... A e s , where ei E {w, <,b} and
ei C::: oo /-lt+i ---+ Vt+i (Vt+i E {w, <,b}, 1 :S i :S s). By induction, for ev-
ery h such that T~ '1.00 w, there is {i~, ... , i~J ~ {1, ... , t + s} such that
/-li~ A ... A/-li~h ~oo iT~, Vi~ A ... AVi~h :'::;00 T~ and vi7 '1. w, for alll :.::; j :.::; k h .
By induction, for every Vih, J
there is {r~,j, ... , r~,j}
h,l
~ {1, 2, ... , n + m}
such that iT h,j A ... A iT h,j ~oo /-lih and T h,j A ... A T h,j :'::;00 vih and
Tl TWh,j ) Tl TWh,j J

Tr~,j '1. w, for all 1 :.::; u :.::; Wh,j' So the proof follows by rule (e). O

• Proof of Theorem 11.1.5 (pag. 121).

The legality of the type system is a particular case of Property 11.1.37.
•
00

11.1.2 Proof of the 'H-Approximation Theorem '

The most difficult part of the proof is to prove that B f- 00 M : iT implies

B f- oo A : iT, for some A E A(M).
The technique used here is a variant of Tait's notion of computability, first
defined for intersection types in [30].
Let us sketch the general idea of the proof.
 11.1 The Model 1-{ 133

Definition 11.1.38. ApP1i is the predicate defined as follows:

ApP1i(B, u, M) if and only if there is A E A(M) such that B f- oo A: u.

Our aim is to prove the following implication:

B f- oo M: u implies ApP1i(B,u,M).

We will build the proof in two steps. First, it will be proved that:
B f- oo M: u implies Comp1i(B,u,M), (11.1)
and then
Comp1i(B, u, M) implies ApP1i(B, u, M), (11.2)
where ComP1i(B, u, M) (read: the term M is computable of type u with
respect to a basis B) is a property of the triple < B, u, M >. We will prove
Eq. (11.1) by induction on terms and Eq. (11.2) by induction on types.
A basis B is finite if and only if B(y) c::: oo w except in a finite number of
variables. We will use [Ul/XI, ... , un/xnl to denote a finite basis. By Lemma
1O.1.7.(i), in this section we limit ourselves to consider only such a kind of
basis.
Let B and B' be two basis. B u B' denotes the basis such that, for every
x, B U B'(x) = B(x) 1\ B'(x) (remember that, for every type u, u 1\ w c::: u).

Definition 11.1.39. The predicate ComP1i is defined by induction on types

as follows:
• Comp1i(B,w, M) is truei
• ComP1i(B, q;, M) if and only ifVN, ApP1i(B, q;, MN);
• ComP1i(B, u --t T, M) if and only if
"'IN E A, ComP1i(B', u, N) implies Comp1i(BUB',T,MN);
• ComP1i(B, u 1\ T, M) if and only if
both ComP1i(B, u, M) and Comp1i(B, T, M)).

Note that ComP1i(B, q;, M) implies ApP1i(B, q;, M), as a particular case.
Lemma 11.1.40. Comp1i(B,u,M) andM =A M' imply Comp1i(B,u, M'),
i.e. ComP1i is defined modulo =A on terms.

Proof. The proof is given by induction on u.

The case u == w is obvious. Let u == q; and M =A M'; so Comp1i(B, q;, M)
if and only if "'IN, ApP1i(B, q;, MN), thus "'IN, ::lA E A(MN), B f- oo A : q;,
which imply "'IN, ::lA' E A(M'N), B f- oo A' : q; (since approximants are
defined up to =A) if and only if "'IN, ApP1i(B, q;, M' N) (by definition of
ApP1i) if and only if Comp1i(B, q;, M') (by definition of ComP1i). The cases
u == J.L --t // and u == J.LI\// follow immediately from the inductive hypothesis. O
Point (ii) of the following lemma proves the implication of Eq. (11.2).
134 11. Call-by-Name Denotational Semantics

Lemma 11.1.41. (i) ApP1-i(B, a, xM) implies Comp1-i(B, a, xM).

(ii) Comp1-i(B, a, M) implies ApP1-i(B, a, M).

Praof. The proof is do ne by mutual induction on a. The only not obvious

case is when a == T ---> P and p Ţ. w.
(i) By induction on (ii), Comp1-i(B',T,N) implies ApP1-i(B',T,N). Thus, if
ApP1-i (B, T ---> p, xM) then ApP1-i (B UB', p, xM N) by rule ( ---> E), since if
xA E A(M) and A' E A(N) then xAA' E A(M N). Hence, by induction,
Comp1-i(B U B',p,xMN), so Comp1-i(B,T ---> p,xM) by definit ion of
Comp1-i.
(ii) Let Z ti. FV(M) be such that B(z) ~oo w. Note that there exists a
such z, from the hypothesis that B is a finite basis. Clearly z E A
and [T/Z] f- oo z : T, so by induction on (i), APP1-i([T/Z],T,Z) implies
COmp1-i([T/Z],T,Z). Thus Comp1-i(B,T ---> p,M) and COmp1-i([T/z],T,Z)
imply Comp1-i(B[T / Z], p, M z), and this implies ApP1-i(B[T / Z], p, M z), by
induction; which means there is A E A(Mz) such that B[T/Z] f- oo A: p.
Note that A == il is not possible, since by hypothesis p Ţ. w. By rule
(---> I), B f- oo Âz.A: T ---> p. By definit ion of approximant, A E A(Mz)
implies Âz.A E A(Âz.Mz). Now there are two cases.
1. M --->Â xM1··.Mm , thus A is of the shape xA1 ... Amz.
So B f- oo XAl ... Am : T ---> p, by Property 11.1.8. The proof is given,
since XAl ... Am E A(M).
2. Otherwise M =A Ây.M', so Âz.Mz =A Âz.M'[z/y] =", Ây.M', which
implies Âz.A E A(M), and the proof is given. O

Comp1-i is closed under ::;00.

Lemma 11.1.42. (i) Comp1-i(B,~, M) if and only ifComp1-i(B, w ---> ~,M).

(ii) If Comp1-i(B, a, M) and a ::;00 T then Comp1-i(B, T, M).

Praof. (i) (=*) Comp1-i(B,~,M) implies \:IN, \:IP, ApP1-i(B,~,MNP) (by

definit ion of Comp1-i), which imply \:IN, Comp1-i(B,~, M N) (by defini-
tion of Comp1-i). Hence, Comp1-i(B,w ---> ~,M) again by definit ion of
Comp1-i.
({=) We prove that \:IN, APP1-i(B,~,MN), by induction on liNII. Then
the prooffollows, by definit ion of Comp1-i. Clearly, Comp1-i(B, w ---> ~,M)
implies ApP1-i(B, w ---> ~,M) by Lemma 11.1.41.(ii), and this implies
ApP1-i(B,~, M) by rule (::;00).
In case liNII 2: 1, let N == N' P. Therefore ApP1-i(B,~, M N') by induc-
tion. Clearly ApP1-i(B, w, P), hence the prooffollows by rules (::;00) and
(---> E).
(ii) By induction on the rules of ::;00.
(a), (b), (c), (c'), (e), (r), (t) Trivial.
 11.1 The Model 'H 135

(d) Comp'H(B, (ao ~ TO) 1\ (ao ~ ?ro), M) implies, by definit ion of

Comp'H, Comp'H(B, ao ~ TO, M) and Comp'H(B, ao ~ ?ro, M)o
If Comp'H(B', ao, N) then Comp'H(BUB', TO, MN) and Comp'H(BU
B', ?ro, M N); therefore, both Comp'H(B U B', TO 1\ ?ro, M N) and
Comp'H(B,ao ~ (TO l\?ro),M), by definit ion ofComp'Ho
(f) Let ab :S;(X) ao, TO :S;(X) T6 and Comp'H(B, ao ~ TO, M)o
If Comp'H(B',ab,N) then Comp'H(B',ao,N) by induction; hence
Comp'H(B U B', TO, M N) by definit ion of Comp'Ho Again, by induc-
tion, Comp'H(B U B', T6, M N), so the proof is doneo
(g), (h3) Easy, since ComP'H(B, w, M N) is always trueo
(hl), (h2) By point (i) of this lemmao O
The folIowing lemma alIows us to prove the implicat ion of Eqo (11.1)0

Lemma 11.1.43. Let FV(M) ~ {Xl, .. o,X n } and B = [al/Xl, .. o, an/Xn] o

IjComp'H(Bi,ai, Ni) (1:S; i:S; n) and B f---(X) M: T then
Comp'H(B I U .. oU Bn, T, M[Nl/xI, .. o, Nn/xn]) o
Proof. By induction on the derivation of B f---(X) M : To The most interesting
case °is when the last applied rule is (~I); so M == AXoM', T == ţL ~ 1/ and
the derivation is:

B[ţL/x] f---(X) M' : 1/

- - - - - - - - (--+I)
B f---(X) AXoM' : ţL ~ 1/

IfComp'H(B', ţL, N) then Comp'H(B'UI':5.j':5.nBj, 1/, M'[Nl/XI, .. o, Nn/xn, N/x]) ,

by induction; hence Comp'H(B' UI':5.j':5.n Bj, 1/, (AxoM'[Nl/XI, .. o, Nn/xn])N)
by Lemma 1101.40, thus Comp'H(B I U .. o U Bn, T, M[Nl/XI, .. o, Nn/xn]) by
definit ion of Comp'Ho
AlI other cases folIow directly from the inductive hypothesiso O

~ Proof of the H-Approximation Theorem (Theorem 1101.19 pago 126)0

(=}) Let us prove that B f---(X) M: a implies B f---(X) A: a, for some A E A(M)o
Clearly COmp'H([T/X],T,X), by Lemma 11.1.41.(i)0
Let FV(M) ~ {Xl, .. o, Xn}, SO we can assume B = [al/xl, .. o, an/Xn]
without loss of generality, by Lemma 1001.70(i)0 Hence B f---(X) M : a and
Comp'H([ai/Xi], ai, Xi) (1 :s; i :s; n) imply Comp'H(B, a, M) by Lemma
11.1.430 Thus by Lemma 11.1.41.(ii) and the definit ion of approximant,
the proof is doneo
(-{=) We must prove that B f--- (X) A : a for some A E A( M) implies B f--- (X)
M : ao By definition, there is M' such that M =A M' and A matches
M' except at occurrences of Do A derivation of B f---(X) A : acan be
transformed into a derivation of B f---(X) M' : a, simply by replacing every
subderivation
136 11. Call-by-Name Denotational Semantics

-----(w) -----(w)
by
Br-ooD:w Br-ooN:w'
where N is the subterm replaced by D in M'. B f- 00 M' : (J" implies
B f- 00 M : (J", since the type assignment system is closed under = A on
terms, as a consequence of the fact that it induces a AA-model, and the
proof is given.
•
11.1.3 Proof of Semiseparability, 1-l-Discriminability and
1-l-Characterization Theorems

In order to prove the three theorems, we need a deeper investigation on the

preorder reIat ion induced by the model 1i on A. First of all, let us formalize
a stratified version of the reIat ion « and of its negat ion <;t.

Definition 11.1.44. Let a path c be a finite sequence of natural numbers

greater than O (E is the empty sequence).
(i) A «c A' if and only if one of the following cases arises:
(a) A == D;
(b) c == E, A =1) AXl ... Xn.xAl ... Am and A' =1) AXl ... Xn.xA~ ... A~ for
some n,m E N;
(c) c == j,c' , A =1) AXl ... Xn.xAl ... Am, A' =1) AXl ... Xn.xA~ ... A~, and
Aj «c' Aj (1 ::; j ::; m).

(ii) A <;te A' if and only if one of the following cases arises:
(a) A -=j. D and A' == D;
(b) A =1) AXl ... Xn.xAl ... Am, A' =1) AXl ... Xp.yA~ ... A~ and, either x -=j. y
or I n - m 1#1 p - q 1;
(c) c == j,c' , A =1) AXl ... Xn.xAl ... Am, A' =1) AXl ... Xn.xA~ ... A~ and
Aj <;tc' Aj (1 ::; j ::; m).

Two approximants A and A' are structurally different in a path c if A <;tc A'
is proved without using rule (a), they are structurally similar in a path c if
and only if A <;tc A' is proved using rule (a).

Example 11.1.45. x «3,1 x; in fact, x =1) AXIX2X3.XXIX2X3 and x3 «1 X3,

since X3 =1) AYl. X3Yl and Yl «E Yl·
Moreover, Ax.xOD «2,3 Ax.xKI since D «3 1, but Ax.xOD <;tI Ax.xKI
since O <;tE K; in particular, Ax.xOD and Ax.xKI are structurally similar
along path 2, but they are structurally different along the path 1.

Property 11.1.46. Let c be a path.

(i) A« A' if and only if A «c A', for all path c.
(ii) A <;t A' if and only if A <;tc A', for some path c.
 11.1 The Model 1{ 137

Proof. (i) (=}) Easy, by Definition 11.1.15 (pag. 125).

({=) By induction on A.
(ii) We show that either A «c A' or A f::-c A' in an exclusive sense, for alI
paths c. In case A == fl then A «c A by Definition l1.1.44.(i).(a); while
A, A' are not in reIat ion f::-c, for alI paths c.
Let A -=j. fl and A' == fl then A f::-c A', for alI paths c; while A, A' are
not in relation «c, for alI path c.
Otherwise, A == AXl",Xn.xAl ... Am, A' == AXl",xp"yA~ ... A~, and the proof
folIows by taking into account alI possible cases.
Thus by the previous point, the proof is done. o
The proof of the semiseparability theorem will be done by showing a
semiseparability algorithm, which is in some sense an extension to approxi-
mants of the A-separability algorithm. The main difIerence between the two
algorithms is that the semiseparability one is defined depending on a par-
ticular path. Namely, given two approximants A and A' and a path c such
that A f::-c A', it gives as output a context C[.] such that C[A] --+~w 1 while
C[A'] --+Â.a fl. The path c is explicitly used by the algorithm.
The terms Bn, an and U:" are defined as in Sect. 2.1.2. Since approxi-
mants are Afl-normal forms, the notion of args (see Definition 2.1.12 pag. 29)
is naturalIy extended to them, by args(fl) = O. Moreover, if P E Afl has a
Afl-normal form, then nfA.a(P) will denote the Afl-normal form of P.
The algorithm is defined as a formal system, proving statements of the
shape:
A, A' =?t'D C[.],
where A f::-c A' and C[.] is a context.
The design of the algorithm folIows the same pattern as the separability
algorithm, but for some rules dealing with fl; it is presented in Fig. 11.2
(pag.138). For the sake of simplicity, we assume that alI bound and free
variables have difIerent names.

Lemma 11.1.47. LetA, A' be two approximants, r::::: max{args(A),args(A')}

and C;[.] == (Ax.[.])B r .
(i) There is A E A such that C;[A] --+Â.a A and r ::::: args(A).
(ii) Ii A f::-c A' then nfA.a(C;[A]) f::-c nfA.a(C;[A']).

Proof. The proof is quite similar to the proof of Lemma 2.1.15, by replacing
A-NF by A and Ţ.c by f::-c.
(i) By induction on A.
(ii) By induction on c. o
Now we can prove that the algorithm is correct and complete.
138 11. Call-by-Name Denotational Semantics

Let A,A' be approximants such that A <ţ:.c A' and r 2: max{args(A),args(A')}.

The rules of the system proving statements A, A' ~D C[.], are the following:

- - - - - - - - - - - (D1)
xA1 ... A m, n ~D (AX.[.])om

- - - - - - - - - - - - - - - (D2)
AXl ... Xn.xAl ... Am, n ~D C[[,]Xl ... Xn]

p ~q XAl ... Amxp+l ... Xq,yA~ ... A~ ~D C[.]

----------------------(D3)
AXl ... Xp.xAl ... Am,AXl ... Xq.yA~ ... A~ ~D C[[.]Xl ... Xq]

n<m
---------------------(D5)
XAl ... Am'xA~ ... An ~D (AX.[.])Om 1.. ... 1 KIn
'-v-"
m-n-2

m<n
--------------------(D6)
XAl ... Am'xA~ ... A~ ~D (AX.[.])on KnI L.:;!.-
n-m-2

x f- FV(Ak) U FV(AD
Ak <ţ:. A~ Ak, A~ ~D C[.]

x E FV(Ak) U FV(AD Ak <ţ:. A~

C~[.] == (Ax.[.])B r nfAa(C~[Ak]), nfAa(C~[Am ~D C[.]
(D9)

r-m

Fig. 11.2. Semiseparability algorithm

 11.1 The Model H 139

Lemma 11.1.48 (Termination).

If A f;:..c A' then A,A' ~D C[.].
ProoJ. The proof can be done by induction on c. The proof follows essentially
the same pattern as the proof of terminat ion of the A-separability algorithm
(see Lemma 2.1.17). The only different cases are rules (D1) and (D2), and
in both cases the proof is immediate. O

Lemma 11.1.49 (Correctness).

Let A f;:..c A', for some path c.
If A,A' ~D C[.] then C[A]-+Ân 1, while C[A']-+Ân D.
ProoJ. By in duct ion on the derivation of A, A' ~A C[.].
(D1),(D2) Obvious.
(D3),(D4),(D5),(D6),(D7),(D8) Respectively similar to case (Al), (A2), (A3),
(A4), (A5) and (A6) in the proof of correctness of the A-separability al-
gorithm (see Lemma 2.1.18).
(D9) The proof is similar to the proof of rule (A 7) of the proof of correctness
of the A-Separability algorithm, using Lemma 11.1.47 instead of Lemma
2.1.15. O

T Proof of the Semiseparability Theorem (Theorem 11.1.17 pag. 125).

By Lemmas 11.1.48 and 11.1.49. •
The proof of the 1i-discriminability theorem is based on the semisepara-
bility property. In fact, we will prove that, given two terms M and N such
that M !f;H N, it is always possible to find two approximants A E A(M) and
A' E A(N) and a path c such that A f;:..c A', and the context C[.] such that
A, A' ~D C[.] can be easily transformed in a context discriminating M and
N. In order to choose the correct approximants, we need a lemma, based on
the following formalizat ion of a "strict" vers ion of «c.
Definition 11.1.50. A«~ A' if and only if one of the following cases arises:
(a) A == D and A' =/=- D;
(b) c == j,c' , A =", AXl ... xn.xAl ... Am, A' =", AXl ... xn.xA~ ... A~ where j :::;
m, and Aj «~I Aj.
Moreover, A E A(M) is maximal along c in A(M) if and only ii there is no
A' E A(M) such that A«~ A'.
It is easy to check that A «~ A' implies A «c A', while the opposite does
not hold; in particular, A f;:..~ A, for alI A E A.
Example 11.1.51. Let Eoo be defined as in Sect. 11.1, before Theorem 11.1.31.
Ax.xID is maximal along 1 in A(Ax.xIEoo ), although Ax.xID is not maximal
along 2 in A(AX.xEooI). In particular, there is no maximal approximant along
paths starting with 2 in A(Ax.xIEoo ).
140 11. Call-by-Name Denotational Semantics

Properiy 11.1.52. Let A EA be such that B f- oo A : a. Let N be such that,

for each A' E A( N):
A k A'· r b th { (a) A, A' are structuralIy similar in e,
'f'--c lmp leS o (b) A' is not maximal along e in A(N).
Then B f- 00 N : a.

Proof. Let a be a type generated from the folIowing grammar:

a ::= W I al 1\ ... 1\ an I al ----+ ••• ----+ an ----+ ep.

If B f- oo A : T where T E T(Coo ) then by Property l1.1.36.(i), there is a a
produced from the previous grammar such that T ~oo a; hence there is no
loss of generality by considering only this kind of types.

The proof is given by induction on the pair (A, a) endowed by the lexico-
graphic order, where a is a type of the considered grammar. If a == W then
the proof is trivial. If a == al 1\ ... 1\ ak for some k ~ 1 then the proof folIows
by induction. Thus, let A =ţ. [2 and a == al ----+ ••• ----+ ak ----+ ep for some k ~ 1.
• Let A == XAI ... Am for some m E N.
Clearly [2 E A(N) and A 1::-c [2, for alI paths e; but [2 is not maximal along
e in A(N), by hypotheses. Namely, there is A' E A(N) such that [2 «~ A',
i.e. A' =ţ. [2, by definit ion of «~. 80, there is n ~ max{ k, m} such that
A =1] >'YI···Yn.xAI··.AmYI···Yn and A' =1] >'YI· .. Yn.xA~ ... A~+n E A(N)
by hypothesis (a). ActualIy, alI approximants of N but [2 have the shape
of A'; furthermore, N =111] >'YI ... Yn.xNI ... Nm+n by Property 1l.1.20.(iii),
where A~ E A(Ni ) (1 ::; i ::; m + n). There are two cases.
- Let k > m. 80 B f- oo >'YI ... Yn.xAI ... AmYI ... Yn : ao ----+ ••• ----+ ak ----+ ep, by
Property 11.1.8. By Property l1.1.36.(ii),

n-k
By Lemma 1O.1.7.(vi)

B[al/YI, ... ,ak/Yk,w/Yk+l, ... ,w/Ynl f- oo xAI ... AmYI···Yn: ep.

80 B[al/YI, ... ,ak/Yk,w/Yk+I, ... ,w/Ynl f- oo x: a~ ----+ ••• ----+ a~+m ----+ ep,
B[al/YI, ... , ak/Yk,w/Yk+l, ... ,w/Ynl f- oo Ai : a~ (1 ::::; i ::::; m) and
B[al/YI, ... ,ak/Yk,w/Yk+I, ... ,w/Ynl f- oo Yi : a~+m (1 ::::; i ::::; n) by
Lemma 1O.1.7.(vii). Note that, both ai ::::;00 a~+m (1 ::::; i ::::; k) and
W ::::;00 a~+m (k + 1 ::::; i ::::; n) by Lemma 10.1.7.(ii). By Property 10.1.6
a~ ---> •.• ---> a~+m ---> ep :::; DO a~ ---> •.• ---> a:n ---> al ---> ..• ---> a k ---> ~ ---> q;
n-k
and by rule (::::;00)

B[al/YI, ... ,ak/YklW/Yk+1, ... ,W/Ynl f- oo X:

alI ----+ ••• ----+ am
I
----+al----+ ... ----+ ak ----+~----+
~
'f'.

n-k
 11.1 The Model 1{ 141

If A; E A(N) (1 ~ i ~ m) then it would be clear that

,.. { (a) A, A; are structurally similar in e,
Ai l:.c Ai lmphes both (b) A; is not maximal along e in A(Ni ).
Thus B[aI/Yl, ... , ak/Yk,w/Yk+l, ""w/Yn] f--- exo Ni : a; (1 ~ i ~ m) by
induction on A.
Bh/Yl, ... ,ak/Yk,w/Yk+l, ... ,W/Yn] f--- exo Yi : ai (1 ~ i ~ k), by rule
(var); moreover, if A; E A(N) (m + 1 ~ i ~ m + k) then it would be
clear that
,.. { (a) Yi, A; are structurally similar in e,
Yi l:.c Ai lmphes both (b) A; is not maximal along c in A(Ni ). 80
B[aI/Yl, ... ,ak/Yk,w/Yk+l, ... ,w/Yn] f--- exo Ni: ai (m + 1 ~ i ~ m + k) by
induction on a in case m = O, by induction on A otherwise. Moreover,
B[aI/Yl, ... ,ak/Yk,w/Yk+l, ... ,W/Yn] f--- exo Ni: W (m+k+ 1 ~ i ~ m+n)
by rule (w).
Hence B[aI/Yl' ... ,ak/Yk,w/Yk+l, ... ,w/Yn] f--- exo xN1 ... Nm+n : cp by m+n
applications of rule (----+ E), that implies B f--- exo AYl"'Yn.xNl ... Nm+n : a
by n applications of rule (----+ 1) and by an application of (~exo)' 8ince
typings are preserved by = A1]' the proof follows.
- In case k ~ m the proof is simpler.
• Let A == Ax.A and a == ţL ----+ V (i.e. k 2: 1). Clearly D E A(N) and
A l:.c D, so by hypothesis (b) there is A' E A( N) such that D «~ A' and
A' =1] AX.A*. 80 by Property l1.1.20.(ii), N =A1] Ax.N' and A* E A(N').
Moreover, B[ţL/x] f--- exo A : v by Lemma 1O.1.7.(vi).
Note that A and N' satisry the hypothesis of this property (indeed, l:.c is
defined modulo =A1]), thus B[ţL/x] f--- exo N' : v by induction. This implies
B f--- exo Ax.N': ţL ----+ v, by rule (----+ I) .
• Let A == Ax.A and k = O. 8ince cp ~exo W ----+ cp, the proof can be done as in
the previous point. D

Example 11.1.53.
A(Eexo ) = {D,AZOZl.ZoD,AZOZl,Zo(AZ2,Zl( ... (AZn+!,znD) ... )) In 2: O}.
It is easy to see that 1 1:. A', for all A' E A( E exo ).
Let An == AZOZl,Zo(AZ2,Zl( ... (AZn+l,ZnD) ... )), therefore An «~ An+! where
e == 1.. ... 1. It is easy to see that B f--- exo 1 : a implies that there is A E A(Eexo )
'-v-"
n
such that B f--- exo A: a, by the previous property.
This agrees with the Theorem 11.1.31.
The next lemma shows that, if M g1{ N, there are always two approx-
imants of them which are the "witness" of the difference between M and
N, and such that the context semiseparating the two approximants can be
transformed in a context descriminating the two terms.
Lemma 11.1.54. M g1{ N implies that there are two approximants A E
A(M) and A' E A(N), and a path e such that A l:.c A', and either A and
A' are structurally different in c, or A' is maximal along e in A( N).
142 11. Call-by-Name Denotational Semantics

Praof. M gH N means that there are a basis B and a type a such that
B f- oo M : a while B 1100 N: a. By the approximation theorem, this means
that there is A E A(M) such that B f- A : a, while there is not A' E A(N),
such that B f- A' : a. This implies: A <j;;.. A', for aU A' E A(N).
The proof foUows by Property 11.1.52. D

Now we are ready to prove the 1t-discriminability theorem.

~ Proof ofthe 1t-Discriminability Theorem (Theorem 11.1.25 pag. 127).

Let M gH N. Choose A E A(M), A' E A(N) and a path c satisfying Lemma
11.1.54. Hence A, A' ~D C[.] such that C[A] -<1n I and C[A']-+Ân f2. Let
C / [.] be the context obtained by C[.] by replacing every occurrence of f2 by a
A-unsolvable term (say DD). We will prove that C / [.] is a H-discriminating
context between M and N, by induction on the derivation d of A, A' ~c C[.].
If the only used rule is an axiom, then if the axiom is either (D5) or (D6) or
(D7), the proof foUows from the fact that M and N have both A-hnf, and
by Property l1.1.20.(iii), their A-hnf's have the same shape respectively of A
and A'. Ifaxiom (D1) was used, then A' == f2 and A' is maximal along the
empty path in A(N). Hence, N is A-unsolvable and C[.] is the discriminating
context.
If the last rule applied is (D2), (D3), (D4), (D8) or (D9), then the proof
foUows by induction, always taking into account the fact that M and N both
have A-hnf, and by Property l1.1.20.(iii), their A-hnf's have the same shape
respectively of A and A'. •

Example 11.1.55. Let M == Ax.xII and N == Ax.xBXJ(DD).

Let Bw be the basis such that Bw(x) = w, for aU x E Var; it is easy to see
that:
Bw f- oo M: (w -+ (cjJ -+ cjJ) -+ cjJ -+ cjJ) -+ cjJ -+ cjJ,
Bw 1100 N: (w -+ (cjJ -+ cjJ) -+ cjJ -+ cjJ) -+ cjJ -+ cjJ.
Hence M gH N.
Two approximants respectively of Ax.xII and Ax.xEoo(DD) and a path sat-
isfying the conditions of Lemma 11.1.54 are Ax.xf2I, AX.Xf2f2 and path 2.
In fact, aU approximants of Ax.xEoo(DD) are of the shape Ax.xAf2, where
A E A(Eoo ), and so AX.Xf2f2 is maximal along path 2 in A(N).
Ax.xf2I, AX.Xf2f2 ~1 C[.] where C[.] == Ay.(AX.([.]x))Uiy; in fact,
------(DI)
y, f2 ~D Ay·[·]
- - - - - - - (D2)
Ay.y, f2 ~D Ay·[·]y
2 2 (D8)
xf2I,xf2f2 ~D Ay.(AX.[.])U2 y
2 2 (D3)
Ax.xf2I, AX.Xf2f2 ~ D Ay.(AX.([.]x))U2 Y
It is easy to see that C[Ax.xf2I] -+ An I and C[Ax.xII] JJ.H I, while
C[AX.xf2f2]-+An f2 and C[Ax.xEoo(DD)] îtR
 11.1 The Model 1-{ 143

Finally, the proof of the H-characterization theorem can be done.

T Proof ofthe H-Characterization Theorem (Theorem 11.1.30 pag. 128).

(M ~rt N implies Vk ~ O, M ~k N) We will prove that if there is k such

that M gk N then there are A E A(M) and A' E A(N) and a path c
satisfying the conditions of Lemma 11.1.54. Then, by the proof of the H-
discriminability theorem, there is a context C[.] discriminating between
M and N, i.e. C[M] ~Â 1 and C[N] is a Â-unsolvable. By the com-
pleteness of the model with respect to the H-operational semantics, this
implies M grt N. The existence of A E A(M) and A' E A(N) and a path
c satisfying the conditions of Lemma 11.1.54 can be proved by induction
on k. If k = O, then there are two cases.
(i) N is Â-unsolvable and M is Â-solvable; take an A ;ţ il and the only
approximant of N, namely A' == il; so the empty path satisfies the
given conditions.
(ii) Every Â-hnf of M is of the shape AX1oo,Xn.xM1°o.Mm, every Â-hnf of
N is of the shape AX1°o.Xp.yN1°o.Nq, and either x;ţ y or 1m - n 1=1=1
p - q 1. 80 every A E A( M) and A' E A( N) such that A, A' ;ţ il and
the empty path satisfy the given conditions.
If k ~ 1, then !v! =Ary AX1oo,Xn.xM1°o.Mm, N =Ary AX1°o.Xn.xN1°o.Nm
and Mi gk-1 Ni, for some 1 :s; i :s; m. Then by induction there are
A* E A(Mi ), A** E A(Ni ) and a path c satisfying Lemma 11.1.54.
Hence, take approximants A E A(M) and A' E A(N) such that both

A =ry AX1°o.xn.x~A* ~ and A' =ry AX1oo.xn.x~A**~;

i-1 m-i i-1 m-i
so the path i, c satisfies the conditions.
(Vk 2 0, M !;;;k N implies M !;;;rt N) Assume M grt N; by Lemma 11.1.54
there are A E A(M), A' E A(N) and there is a path c such that A 1:..c A'
and either A, A' are structurally different in c, or A' is maximal along c
in A(N). Note that A;ţ il, since il« A'.
By induction on c, we prove that there is k such that M gk N.
• Let c == E and A' == il; so A' is maximal implies that N is Â-unsolvable
and so M go N.
• Let A == AX1 ... x n .xA 1... A m and A' == AX1 ... xp.yA1... Aq, where ei-
ther In - mi =1= Ip - ql or x ;ţ y; so M go N.
• Let c == i, Ci and A =ry AX1 ... x n .xA 1... A m , A' =ry AX1 ... x n .xA 1... Am.
Then Ai 1:.. e' A~ and the proof follows by induction and by Property
11.1.20.(iii). •

Remark 11.1.56. It is possible to transform the semiseparability algorithm

in such a way that it always produces a head context. 80, from the H-
characterization theorem and from the completeness of H with respect to
the H-operational semantics it follows that H is head-discriminable.
144 11. Call-by-Name Denotational Semantics

11.2 The Model .N'

In this section, we will introduce the filter model N, which is fully abstract
with respect to the N-operational semantics.
By keeping in mind Property 10.1.15 and by observing that, if N has A-nf
and M has not A-nf then M -<N N, in order to define a model correct with
respect to the N -operational semantics, it is sufficient to ask for the property:
VM, N if M has A-nf and N has not A-nf then N LN M.
So we must define a legal type system \7 based on a set of constants C such
that there is a type a characterizing the terms having A-nf. While the class of
A-nf's is not closed under application, as the class of A-solvable terms, such
a characterization is possible, thanks to the existence of a particular class of
terms, which is a proper subclass of A-NF, and such that the two classes are
mutually closed under application.
Definition 11.2.1. A term M has a A-persistent normal form (A-pnf) if
and only if it has A-normal form and moreover, for each sequence IV of
terms having A-nf, M IV has a A-persistent normal form too.
The class of A-persistent normal forms is not empty, since at least the
variables belong to it.
Example 11.2.2. If M -<;. AXI",Xn.zMI ... Mm E A-NF and z ti- {Xl, ... , Xn}
then M has a A-pnf.
Now an alternative definit ion of A-normal forms can be given, thanks to
the following property.
Property 11.2.3. A term M has a A-nf if and only if, for each sequence IV of
terms having A-pnf, M IV has a A-nf too.
Proof. Let IV == NI, ... , Nh (h?: 1).
(=}) Let M -+:;. M E A-NF; we reason by induction on M.
If M == zMI ... M m (m E N) then the proof is immediate; other-
wise M == AXI",xn-zMI ... Mm (n ?: 1). If h :S n then MIV -.:1
AXh+1 ... xn.(M{ ... M;'" where ( == z[NI/XI, ... , Nh/xhl and Mj ==
Mj[NI/XI, ... , Nh/xhl =A (AXI ... xn.Mj)N (1 :S j :S m). Since Ni
(1 :S i :S h) has a A-pnf, by induction Mj has a A-nf (1 :S j :S m).
If ( == z then the proof is given. Otherwise ( == N j , for some j, and the
proof follows from the definit ion of A-persistent normal form.
Let h > n, P == NI ... N n , Q == Nn+l ... N h ; so MPQ -.:1 (M{ ... M;",Q,
where Mj == Mj[NI/xI, ... , Nn/xnl =A (AXI ... Xn.Mj)P and ( ==
Z[NI/XI, ... , Nn/xnl (1 :S j :S m). Mj has a A-nf (1 :S j :S m) by
induction, while each term in Q has a A-nf too by hypothesis. If ( == z
then the proof is trivial; otherwise it follows from the fact that ( has
A-pnf.
 11.2 The Model N 145

({=) It is easy to check that M x has A- nf if and only if M has A-nf, so the
proof is done since x is a A-pnf. D

So the class of A-normal forms and the class of A-persistent normal forms
are mutually closed under application.
We will take the set of constants C~ = {4>,,,p, w} and we will use the
type constants 4> and "p, for characterizing respectively the class of A-normal
forms and the class of A-persistent normal forms. Since a A-persistent normal
form is a A-normal form too, it must be that "p ::; 4>. Moreover, by definition
of A-persistent normal form, it must be that "p '::::: 4> ---+ ••• ---+ 4> ---+ "p, and
~
n
4> '::::: "p ---+ ••• ---+ "p ---+ 4>, for aH n ~ 1, by Property 11.2.3 (n E N). We want
'-v--'
n
also w '::::: W ---+ w, since aH terms must have a functional behavior.

Definition 11.2.4. Let C~ = {4>,,,p,w} and I(C~) = T(C~).

~ is the type system < C~, ::;~, I( C~) >, where ::;~ is the least intersection
relation induced from the rules in Fig. 11.3.

--(a) ----(b) ----Ce) ----Ce')

a :::;..,w a:::;.., a /\ a a /\ T :::;.., a a /\ T:::;.., T

------------(d) ------(9)
(a --> T) /\ (a --> 71") :::;.., a --> (T /\ 71") a --> W :::;.., W --> W

a:::;.., a',T:::;'" T' a':::;.., a,T:::;.., T'

--(r)
a:::; p p:::; T
-----(t)
a /\ T :::;..,
I
a /\ T
I (e)
a --> T :::;.., a
I
--> T
I (1) a:::;.., a a:::;.., T
--enO) ----(nl) ----(n2)
'I/J :::;.., 4> 'I/J :::;.., 4> --> 'I/J 4> --> 'I/J :::;.., 'I/J

----(n3) ----(n4) ----(n5)

4> :::;.., 'I/J --> 4> 'I/J --> 4> :::;.., 4> w:::;.., W --> W

Fig. 11.3. IXI-intersection reIat ion

Note that 4> ':::::~ "p ---+ 4>, "p ':::::~ 4> ---+ "p and w ':::::~ W ---+ w. Some key
properties of the ~-intersection reIat ion are shown in the Sect. 11.2.1.

Theorem 11.2.5. The type system ~ is legal.

Proof. The proof is in Sect. 11.2.1. D

80 the model N can be defined.

Definition 11.2.6. N is the >"A-model < F(~),F(~),o~, [.V(~) >.

146 11. Call-by-Name Denotational Semantics

We will prove that the type assignment system f- w characterizes the terms
having normal form. Let B'ljJ be the basis assigning 'lj; to each variable; the
typing B'ljJ f- w M : cjJ can be proved if and only if M has A-normal form. So
the correctness of N with respect to the N-operational semantics follows by
Theorem 10.0.4.

Lemma 11.2.7. If M has a A-normal form then there is a derivation prov-

ing B'ljJ f- w M : cjJ, where B'ljJ(x) = 'lj; for every x.

Proof. Since N is a AA-model, by Lemma 10.1.13.(ii), the ~-type assignment

system is closed under A-reduction; so, let M == AXl ... Xn.xMl ... Mm where
Mi E A-NF (1 :::; i :::; m), without loss of generality. The proof is given
by induction on M. Thus B'ljJ f- w Mi : cjJ (1 :::; i :::; m) by induction. But
B'ljJ f- w x : 'lj; by rule (var), hence B'ljJ f- w x: cjJ ---t ••• ---t cjJ ---t 'lj; by rule
"--v--'
m
(:::;w). We obtain B'ljJ f- w xM1 ... M m : 'lj; by m application of the rule (---t E),
therefore B'ljJ f- w AXl ... Xn.xMl ... Mm : 'lj; ---t ••• ---t 'lj; ---t cjJ, by rule (:::;w) and
"-..---'
n
n applications of rule (---t 1). Yet, by applying the rule (:::;w) the proof is
done. D
To prove the correctness of the model with respect to the N-operational
semantics, we need an approximation theorem. We will prove that such a
theorem holds for the same definition of approximants given for the model
'li. First, we need to prove that the theory induced by the model N is a
A1]-theory.

Property 11.2.8. "'N is a A1]-theory.

Praof. The theory induced by N is a A-theory by Corollary 10.0.3, since N is

a AA-model by Theorem 11.0.1. In order to prove that it is also a A1]-theory,
by Property 2.1.7, it is sufficient to prove that 1 "'N E. We will prove both
1 !;;;N E and E !;;;N 1.
(I r;;;N E) We prove that B f-I><l 1 : a implies B f- w E : a.
By Property 1l.2.27.(i), either a 7:1><l W or a ~I><l ao A ... A an (n ;:: O) such
that 'Vi :::; n, ai ~w Tt T:n
---t .•• ---t i ---t p, mi E N and p E {cjJ, 'lj;}. The
case a ~w W is trivial, by rule (w); otherwise the proof can be done by
induction on n.
Let n = O, thus we can assume a ~w J-L ---t V ---t T, by Property 11.2.27.(ii).
Note that B f- oo 1 : a implies B f- oo 1 : J-L ---t V ---t T, by rule (:::;00); thus
B[J-L/x] f- w x : v ---t T by Lemma 10.1.7.(vi), and J-L :::;w v ---t T by Lemma
10.1.7.(iii). We can build the following derivation:
 11.2 The Model N 147

- - - - - - - (var)
B[ţL/x][v/y] f--~ x: ţL ţL::;~ V -> T
- - - - - - - - - - - - - - - (:S",,) - - - - - - - (var)
B[ţL/x][v/y] f--~ x: V -> T B[ţL/x][v/y] f--~ y: V
------------------------(~E)
B[ţL/x][v/y] f--~ xy : T
- - - - - - - - - (~I)
B[ţL/x] f--~ Ây.xy : V -> T
- - - - - - - - - (~I)
B f--~ ÂXY.XY : ţL -> V -> T ţL -> V -> T ::;~ (]"
---------------------(:S"")
B f--~ Âxy.xy : (]"

If n ~ 1 then the proof follows by inductive hypothesis.

(E [;;;N 1) We prove that B hXI E : a implies B h<l 1 : a.

By Property l1.2.27.(i), either a ~I><l w or a ':::O1><l ao /\ ... /\ an (n ~ O) such
that 'Vi :S n, ai ':::O1><l T{ -+ ... -+ T:"i -+ p, mi E N and p E {cp, 'IjJ}. The
case a ':::O1><l w is trivial, by rule (w); otherwise the proof can be done by
induction on n.
Let n = O, thus we can assume a ':::O1><l J-l -+ v -+ T, by Property 11.2.27.(ii).
Note that B f-I><l AXY.XY : a implies B f-I><l AXY.XY : J-l -+ v -+ T, by rule
(:SI><l); thus, by Lemma 10.1.7.vi), this implies B[J-l/x][v/y] f-I><l xy : T,
e
which in turn implies B[J-l/x][v/y] f-I><l x : -+ T and B[J-l/x][v/y] f-I><l
Y : e, for some e, by Lemma 1O.1.7.(vii). Hence, by Lemma 10.1.7.(iii),
J-l :S1><l e -+ T and v :S1><l e (so J-l :S1><l V -+ T). Then we can build the
following derivat ion:
- - - - - - (var)
B[J-l/x] f-I><l x: J-l J-l:S1><l V -+ T
---------------(~w)
B[J-l/x] f-I><l X : v -+ T
- - - - - - - - - (-+I)
B f-I><l AX.X : J-l-+ V -+ T J-l-+ V -+ T:S1><l a
-----------------------(S"")
Bf-I><l Ax.x:a
If n ~ 1 then the proof follows by inductive hypothesis. D

Let An and the set A(M), for a term M, be defined as in Definitions

11.1.9 and 11.1.11. As before, we will use A, A' for ranging over the class of
approximants. We can extend to An the type assignment system f-I><l, as we
did for the system f- 00. It is immediate to verify that f-I><l is closed under = An.
Theorem 11.2.9 (N-Approximation).
B f-I><l M : a if and only if B f-I><l A : a, for some A E A(M).
Proof. The proof is in Sect. 11.2.3. D

As already observed, A-normal forms are approximants.

Property 11.2.10. M has A-normal form if and only if there is A E A(M)
having no occurrences of the constant n.
Proof. Trivial. D
148 11. Call-by-Name Denotational Semantics

Let B1j; be the basis such that B(x) = 1/J, for alI x E Var, as in Lemma
11.2.7; moreover, let Bw be the basis such that Bw(x) = w, for alI x E Var.

Lemma 11.2.11. (i) B1j; f-~ M : </> if and only if M has A-normal form.
(ii) B f-~ M : a and a ~~ w if and only if M has a A-head normal form.

Proof. (i) ('*) By the approximation theorem, B1j; f-~ M : </> implies there is
A E A(M) such that B1j; f-~ A : </>. We will prove that A does not contain
occurrences of D, by induction on A. Hence M has A-normal form, by
Property 11.2.10.
A == D is not possible, since types derivable for Dare equivalent to w.
If A == AXI",Xn.zAI ... Am and B1j; f-~ A : </> then, by rule (::;~), B1j; f-~ A :
1/J ---7 •••• ---7 1/J ---7 </>, and thus B1j; f-~ zAI ... A m : </> by Lemma 10.1.7.(vi).
~
m
By Lemma 10.1.7.(vii) this implies both (*) B1j; f-~ z : al ---7 ••• ---7 am ---7
</>, and (**) B1j; f-~ Ai : ai, for some al, ... , am (1 ::; i ::; m). (*) implies
1/J ::;~ al ---7 ••• ---7 am ---7 </> by Lemma 1O.1.7.(iii) and so ai ::;~ </>, since 1><1
is legal and 1/J ::::o~ </> ---7 ••• ---7 </> ---7 1/J.
"--v--"
m
Hence B1j; f-~ Ai : </> (1 ::; i ::; m), by rule (::;~). By inductive hypothesis
Ai (1 ::; i ::; m) has no occurrences of D and the proof is done.

(.ţ=) By Lemma 11.2.7.

(ii) ('*) If M is A-unsolvable then the only approximant of M is D, so the
proof folIows from the N-approximation theorem.

(.ţ=) Let M ---7A AXI ... xn.zMI ... M m , for some n, m E N.

Let J1 == w ---7 ••• ---7 W ---7 1f, where 1f ~ w. Clearly B w[J1/z] f-~ Mi : w
'---v---"
m
(1::; i ::; m) by rule (w); so B w[J1/z] f-~ zMI ... M m : 1f by m applications
of rule (---7 E). If z fţ FV (M) then, by applying n times the rule (---7 1),

Bw[J1/ z] f-~ AXI .,. xn.zMI ... Mm : ~ ---7 1f.

n

80 Bw [J1 / z] f-~ M : w ---7 ••• ---7 W ---7 1f, since the type assignment system
~
n
is closed under =A. If z == Xk for some k ::; n then, it is easy to see that

B w f- ~ M : w ---7 • • • ---7 W ---7 (w ---7 • • • ---7 W ---7 1f) ---7 W ---7 • • • ---7 W ---7 1f,
~~ ~
k-l m n-k

hence the proof folIows by Theorem 11.2.23. D

The order reIat ion ~N between approximants can be axiomatized through

the same syntactical reIat ion «defined in Definition 11.1.15 for the model H.
N amely A « A' if and only if one of the two folIowing cases arises:
 11.2 The Model N 149

(i) A == n;
(ii) A=.,., AXl",xn.zAl ... Am and A' =.,., AXl".xn.zA~ ... A~
and Ai « A~, for alI i (1 ~ i ~ m), for some n, m E N.

Lemma 11.2.12. A [;;:N A' if and only if A « A'.

Proof. ({:::) We prove that, if A « A', then B f-~ A : a implies B f-~ A' : a.
The proof is by induction on the definit ion of «, and it is similar to the proof
of the (~) part of the proof of Lemma 11.1.18, where, instead of Properties
11.1.36.(ii) and 11.1.8, Properties 11.2.27.(ii) and 11.2.8 must be respectively
used.
(~) We prove, by contraposition, that A 1:. A' implies A fl:.N A'.
By the semiseparability theorem (Theorem 11.1.17), A 1:. A' implies there
is a context C[.] such that C[A] ---tÂn I while C[A'] ---tÂn n. Since the type
assignment system is closed under =An, this implies C[A] fl:.N C[A'], which
in turn implies A fl:.N A'. O

Now we are able to prove the correctness of the model, with respect to
the N-operational semantics.

Theorem 11.2.13 (N-Correctness).

The model N is correct with respect to the N -operational semantics.

Proof. By Property 10.1.15 it is sufficient to prove that, for alI M, N, if M

has A-nf and N has not A-nf then M fl:.N N.
Hence, either N is a A-unsolvable term or it has a A-head normal form. Then
the proof folIows respectively from Lemmas 11.2.11.(i) and 11.2.11.(ii). O

The model N also characterizes the class of A-persistent normal forms.

Here we will prove just a partial characterization, namely that if a term can
be assigned type 'ljJ, from the basis B"" then it has A-persistent normal form.
The inverse implication has a rather technical proof, which is out of the scope
of this book. The interested reader can read it in [30].
Let us notice that the fact that a term is a A-persistent normal form if
and only if B", f-~ M : 'ljJ implies that A-persistent normal forms are closed
under substitution. An interesting consequence of this fact is that the set of
A-persistent normal forms is a set of input values.

Theorem 11.2.14. If B", f-~ M : 'ljJ then M has a A-persistent normal

form.

Proof. B", f-~ M : 'ljJ implies B", f-~ M : cp ---t .•. ---t cp ---t 'ljJ (n E N) by rule
""'---.....--
n
(~~). Let N be a sequence of normal forms, so by Lemma 11.2.11 B", f-~
N : cp, for every NE N. Hence B", f-~ MN : 'ljJ implies, by rule (~~), that
B", f-~ M N : cp, and so M N has a normal form. O
150 11. Call-by-Name Denotational Semantics

Using the same techniques as for model H, we can use the correctness of
the model N with respect to the N-operational semantics for proving some
of its properties. The proofs of the folIowing properties can be easily carried
out in a similar way to the analogous properties for model H.

Properly 11.2.15. (i) ~N is a sensible theory.

(ii) ~N is fulIy extensional.
(iii) AlI fixed-point operators are equated by ~N.

For proving that N is also complete with respect to the N-operational

semantics, we can state a discriminability property between terms which are
not in the [;;;N relation, which is based on a minor variant of the semisepara-
bility algorithm between approximants showed in Sect. 11.1.3.

Theorem 11.2.16 (N-Discriminability).

lf M If":N N then there is a context C[.] such that both C[M] and C[N] are
closed and C[M]-IJ..N while C[N]1Î'N'

Proof. The proof is in Sect. 11.2.3. O

Theorem 11.2.17 (N-Completeness).

The model N is complete with respect to the N -operational semantics.

Proof. Let M If":N N. By the N-discriminability theorem, there is a context

C[.] such that both C[M] and C[N] are closed and C[M]-IJ..N while C[N]1Î'N,
which implies, by definition, that M ~N N. O

FinalIy, we can state the full abstract ion result.

Corollary 11.2.18 (N-Full abstraction).

The model N is fully abstract with respect to the N -operational semantics.

Proof. By the N-correctness and N-completeness theorems. o

Thanks to the N-discriminability theorem, a finite axiomatization of the
preorder [;;;1i between terms can be given. Note that this characterization is
simpler than the characterization of [;;;1i.

Definition 11.2.19. The relation [;;;<;;; A x A is defined as follows:

M [;;; N if and only if one of the following conditions holds:
• M is A -unsolvable;
• M =A1] AXl .. ·Xn.xMl ... Mm, N =A1] AX1",Xn.xNl ... Nm, where Mi [;;; Ni,
and M has A-nf implies N has A-nf (1 :; i :; m).

Theorem 11.2.20 (N-Characterization).

M [;;;N N if and only if M [;;; N.

Proof. The proof is in Sect. 11.2.3 o

 11.2 The Model N 151

Then the folIowing corolIary can be easily proved.

Corollary 11.2.21. M r:N N if and only ifVA E A(M), ::lA' E A(N) such
that A r:N A'.

Note, for model H, only the if implication of a similar corolIary holds.

It seems that the Hand N operational theories coincide. The next prop-
erty shows that this is not true.

Properly 11.2.22. Eoo -<N I.

Proof. Let Eoo == Y(..\xyz.y(xz)), where Y is a calI-by-name fixed-point op-
erator, so A(Eoo ) = {n,..\ZOZI.ZOn,..\ZOZI.ZO(..\Z2.ZI( ... (..\Zn+1.Znn) ... )) In;:::
O} (see Example 11.1.53). For alI A' E A(Eoo ) it is easy to see that I1;:. A'
and A' «I, hence Eoo r:N I but I f1N Eoo. D

So the N-operational semantics is fulIy extensional, but it is not able to

grasp the =1) "up to infinite", as the model H does.

11.2.1 The :::;[><I-Intersection Relation

First, let us prove that ::;[><1 is well posed, i.e. different type constants in C[><I
are not ':::0[><1. The folIowing theorem characterizes the syntactic shape of types
that are ':::0[><1 W.

Theorem 11.2.23. CY ':::0[><1 W if and only if CY E nN , where

nN = {CY E T(C[><I) I CY ~CYo 1\ ..... I\.!!n (n E N), dwhere Vi ::;l n<e!t<her }.
CYi = W, or CYi = 7ri --+ 7i an 7i ':::0[><1 W, _ Z _ n
Proof. Note that W ':::0[><1 CY if and only if W ::;[><1 CY, by rule (a).
{= The proof can be obtained from that of Theorem 11.1.32, taking into
account that now rule (h3) is named (n5).
=? First we will prove that, if CY E nN and CY ::;[><1 7 then, 7 E nN , by
induction on the rules of ::;[><1.
(a),(b), (c),( c'),( d),( e ),(f),(g ),(r ),(t) See Theorem 11.1.32.
(nO),(n1),(n2),(n3),(n4) Not possible.
(n5) Corresponds to case (h3) in Theorem 11.1.32.
The proof is done, since CY ':::0[><1 W implies W ::;[><1 CY, but W E nN implies
CY E nN . D

Note that CYI --+ ... --+ CYn --+ W ':::0[><1 W, for alI CYI, ... ,CYn (n E N).
Corollary 11.2.24. (i) 4> 7:[><1 w,
(ii) ~7:[><Iw.
152 11. Call-by-Name Denotational Semantics

Proof. For proving both points, it is sufficient to observe that both <jJ and 'l/J
do not belong to the set nN. D

In order to prove that <jJ ;i'1Xl 'l/J, we need the foUowing lemma.
Lemma 11.2.25. a E I:pN and T ~1Xl a imply TEI:pN, where

IJIN _ {
- a E
T(G) la
== ao A ..... A an (n E N), where
lXl::li ~ n such that ai == ?fI -+ ..• -+ ?fhi -+ 'l/J (h i E N)
}
.

Proof. By induction on the definit ion of ~1Xl. If the last applied rule is either
(b), (c), (c'), (r), (nI) or (n2) the proof is obvious.
If the last applied rule is (f), then T == I-L -+ v and a == p -+ ?f, where p ~1Xl I-L
and v ~1Xl ?f; so, by induction, v E IJIN, which implies T E IJIN.
Cases (t) and (e) foUow easily by induction. AU other cases are not possible. D
Note that a E IJIN does not imply a ~1Xl 'l/J.

Corollary 11.2.26. <jJ;i'1Xl 'l/J.

Proof. Since 'l/J ~1Xl <jJ, <jJ ~1Xl 'l/J if and only if <jJ ~1Xl 'l/J. But 'l/J E IJIN, so this
would imply <jJ E IJIN, by Lemma 11.2.25. But this is not possible, by the
definit ion of IJIN. D

The foUowing property characterizes the shape oftypes in T(CIXl ), modulo

It will be extensively used in order to prove some properties about the
~1Xl.
type assignment system f- 1Xl •

Properly 11.2.27. (i) If a ;i'1Xl w then a ~1Xl ao A ... A an (n ?: O) such that

Vi ~ n, ai ~1Xl TI -+ .•. -+ T:"i -+ Pi for some mi E N, and Pi E {<jJ, 'l/J}.
(ii) If a ~1Xl TI -+ ... -+ Tn -+ P (n ?: O), where P E {<jJ, 'l/J}, then for aU pE N,

a~IXlTl-+··· -+Tn -+~-+P,

where ?f E {<jJ, 'l/J} but ?f -ţ p.

Proof. (i) By induction on a. If a == w, <jJ, 'l/J then the proof is trivial.

Let a == I-L -+ ?f; so, by induction ?f ~1Xl ?fo A ... A?fh (h E N) such
that Vi ~ h, ?fi ~1Xl vi -+ ••. -+ v:n i -+ P and P E {<jJ, 'l/J}. By Lemma
1O.1.4.(iii), a ~1Xl ao A ... A ah, where ai ~1Xl I-L -+ vi -+ ... -+ v:n i -+ p.
The case a == I-L A?f foUows by induction.
(ii) By rules (nI), (n2), (n3), (n4) and (f) it is easy to see that

TI -+ ... -+ Tn -+ P ~1Xl TI -+ ... -+ Tn -+?f -+ P,

where ?f E {<jJ, 'l/J} but ?f -ţ p, so the proof follows by induction on p. D

 11.2 The Model N 153

The following lemma implies the legality of ~. Note that a type in T( C IXl )
has the following syntactical shape:

(0"1 -7 TI) 1\ ... 1\ (O"n -7 T n ) 1\ CI 1\ ... 1\ Cm where m, n 2 0, m +n 2 1,

where Cj E {cp,'Iji} (1 ::; j ::; m). Moreover, let us recall that every constant
in C IXl is C::::1Xl to an arrow type, indeed w c:::: w -7 w, cp C::::1Xl 'Iji -7 cp and
'Iji C::::1Xl cp -7 'Iji.

Property 11.2.28. Let n, m,p, q 20, n +m 21, p +q 2 1, and

where ci,dj E {w,cp,'Iji}, Ci C::::1Xl O"n+i -7 Tn+i and d j C::::1Xl /-lp+j -7 vp+j
(Tn+i,T;+j E {w,cp,'Iji}, 1::; i::; m, 1 ::; j::; q). If T~ 7'1Xl w (1 ::; h::; p+ q),
then there is {il, ... , ik} ~ {1, ... , n + m} such that O"i1 1\ ... 1\ O"ik 21Xl O"~,
Ti1 1\ ... 1\ Ti k ::;1Xl T~ and Tj 7' w, for each j E {il, "', ido

Proof. We reason by induction on the last rule of the derivat ion proving

(b), (r), (a) Obvious.

(c), (c'), (d) Easy.
(e) By induction.
(1) n = 1, m = 0, p = 1 and q = O. Then 0"1 -7 TI ::;1Xl O"i -7 T{ if and only if
O"i ::;1Xl 0"1 and TI ::;1Xl T{.
(nO), (nI), (n2), (n3), (n4) Immediate, since 'Iji C::::1Xl cp -7 'Iji and cp ::;1Xl 'Iji -7 cp.
(n5), (g) Trivial.
(t) Let p E T(C IXl ) be such that (0"1 -7 Tdl\ ... I\(O"n -7 T n )I\C I I\ ... l\cm ::;1Xl p
and p ::;1Xl (ai -7 T{) 1\ ... 1\ (O"~ -7 T;) 1\ d l 1\ ... 1\ dq . p must be of the
shape (/-lI -7 vI) 1\ ... 1\ (/-lt -7 Vt) 1\ el 1\ ... 1\ es , where ei E {w, cp, 'Iji} and
ei C::::1Xl /-lt+i -7 Vt+i (1 ::; i ::; s). By induction, for all h such that T~ 7'1Xl w,
there is {i~, ... ,i~J ~ {1, ... ,t + s} such that /-li~ 1\ ... 1\ /-li~ 21Xl O"~,
h
V i 1h 1\ ... 1\ Vih ::;1Xl T~ and Vih 7' w, for an 1 ::; j ::; kh. By induc-
kh J

tion, for every Vih,

J
there is {r~,j, ... , r~'!},J
~ {1, 2, ... , n + m} such that
O" h,j 1\ ... 1\ O" h,j >1Xl /-lih and T h,j 1\ .. , 1\ T h,j <1Xl Vih.
TI TWh,j - j TI TWh,j - j

80 the proof follows from rule (e), D

~ Proof of Theorem 11.2.5 (pag, 145).

The Iegality of the type system ~ is a particular case of Property 11.2.28. •
154 11. Call-by-Name Denotational Semantics

11.2.2 Proof of N-Approximation Theorem

Also in this case, the proof is very similar to the proof of the approximation
theorem for the model 1i. We will show here just the differences with respect
that proof.

Definition 11.2.29. Let the predicate ApPN be so defined:

ApPN(B, a, M) if and only if there is A E A(M) such that B h<J A: a.

In order to prove the ({=) part of the theorem, we need to prove the
following implication:

B f- M M : a =} ApPN(B, a, M).

We will huild the proof in two steps. First, it will he proved that

(11.3)

and then

CampN(B, a, M) =} ApPN(B, a, M), (11.4)

where CampN(B, a, M) (read: the term M is computable of type a with

respect to a hasis B) is a property of the triple < B, a, M >. We will prove
Eq. (11.3) hy induction on terms and Eq. (11.4) hy induction on types.
A hasis B is finite if and only if B(y) :::::'M W except in a finite numher of
variahles. We will use [al/xl, ... , an/Xn] to denote a finite hasis. By Lemma
10.1.7.(i), in this section we limit ourselves to consider only such a kind of
hasis.
Let B and B' he two hasis. Recall that B U B' denotes the hasis such that,
for every x, BUB'(x) = B(x)I\B'(x) (rememher that, for every type a, al\w :::::'
a). The key point is the difference in the definit ion of the computahility
predicate.

Definition 11.2.30. The predicate CompN is defined by induction on types

as follows:
• CompN(B,w,M) is true;
• CompN(B, </J, M) if and only if ApPN(B, </J, M);
• CompN(B, 'IjJ, M) if and only if ApPN(B, 'IjJ, M)
and'VN E N, ApPN(B',</J,N) implies ApPN(BUB','IjJ,MN);
• CompN(B, a -+ 7, M) if and only if
'IN, CompN(B',a,N) implies CompN(BUB',7,MN);
• CompN(B, a1\7, M) if and only ifCompN(B, a, M) and CompN(B, 7, M).

It can he proved that CompN is defined modulo =A, as for the model1i.
 11.2 The Model N 155

Lemma 11.2.31. (i) ApPN(B, a, xM) implies ComPN(B, a, xM).

(ii) CompN(B, a, M) implies ApPN(B, a, M).
Proof. As for modelH, the proof can be done by mutual induction on a. D

ComPN is closed under :::::1><1.

Lemma 11.2.32. (i) If CompN(B, 'ljJ, M) then CompN(B, </J, M).

(ii) CompN(B, 'ljJ, M) if and only if CompN(B, </J ---+ 'ljJ, M).
(iii) ApPN(B['ljJ/z], </J, M) and CompN(B: 'ljJ, N) imply ApPN(BUB: </J, M[N/z]).
(iv) CompN(B, </J, M) if and only if CompN(B, 'ljJ ---+ </J, M).
(v) If ComPN(B, a, M) and a :::::1><1 T then CompN(B, T, M).

Proof. (i) Trivial.

(ii) (=}) We prove that CompN(B',</J,N) implies CompN(B U B','ljJ,MN)
under the hypothesis that CompN(B, 'ljJ, M).
CompN(B', </J, N) implies ApPN(B', </J, N), by Lemma l1.2.31.(ii).
CompN(B,'ljJ,M) implies, by definition, that ifVQ E Q, ApPN(B', </J,Q)
then ApPN(B U B','ljJ,MQ). Hence ApPN(B U B','ljJ, MN) and VP E P,
ApPN(B', </J,P) imply ApPN(B UB','ljJ,MNP).
Thus CompN(B U B', 'ljJ, M N); so, by definit ion CompN(B, </J ---+ 'ljJ, M).
({=) We prove that ApPN(B, 'ljJ, M) and ifVN E N ApPN(B' , </J, N) then
ApPN(BUB', 'ljJ, M N), under the hypothesis that CompN(B, </J ---+ 'ljJ, M).
ApPN(B, </J ---+ 'ljJ, M), by Lemma l1.2.31.(ii); thus, by rule (:::::1><1), we ob-
tain both ApPN(B, 'ljJ, M) and ApPN(B, </J ---+ .•. ---+ </J ---+ 'ljJ, M), for all
~
h
hEN. If N == NI ... N m is such that ApPN(B', </J, Ni) (1 ::::: i ::::: m) then
ComPN(B;'ljJ,N) implies ApPN(B U B','ljJ,MN), by m applications of
the rule (---+ E).
Hence, by definit ion CompN(B U B','ljJ,MN).
(iii) ApPN(B['ljJ/ z], </J, M) means that there is A E A(M) such that B['ljJ / z] f-1><1
A : </J. The proof is given by induction on A.
Clearly, A :ţ. [l since B IfI><1 [l : </J. Let A == z; the proof follows since
CompN(B', 'ljJ, N) implies ApPN(B','ljJ,N), therefore ApPN(B', </J, N) by
rule (:::::1><1), and ApPN(B U B', </J, M[N/ z]) by Lemma 1O.1.7.(iii).
The case A E Var, but A :ţ. z is trivial.
Let A == zAI ... A m (m 2 1), thus M =A zMI ... M m and A E A(Mi ), for
all i::::: m. Hence B['ljJ/z] f-1><1 z: TI ---+ ••• ---+ Tm ---+ </J and B['ljJ/z] f-1><1 A: Ti
for some Ti, by Lemma 1O.1.7.(vi). Since </J ---+ •.• ---+ </J ---+ 'ljJ :::::1><1 'ljJ by rule
~
m
(:::::1><1) and 'ljJ Tm ---+ </J by Lemma 1O.1.7.(ii), it follows
:::::1><1 TI ---+ ••• ---+
that Ti :::::1><1 </J by Property 10.1.6. Thus B['ljJ / z] f-1><1 Ai : </J and this implies
ApPN(B['ljJ/z], </J, Mi). Therefore ApPN(BUB', </J, MdN/z]) by induction.
So CompN(B','ljJ,N) implies ApPN(BUB',</J,NMI[N/z] ... Mm[N/z]) by
definition, i.e. ApPN(B U B', </J, M[N / z]).
156 11. Call-by-Name Denotational Semantics

The case A == yA I ... A m (m 2: 1) where y -ţ. z is simpler.

Let A == '\y.A', for some A' E A, thus M =Ary '\y.M' and A' E A(M').
Hence, B[tP/z] f-1><1 '\y.A': tP -+ 1>byrule(::;I><1), andB[tP/z,tP/y] f-1><1 A': 1>
by Lemma 1O.1.7.(vi). Without loss of generality, let B'(y) = tP; so the
prooffollows by induction on ApPN(B[tP/z,tP/y],1>,M').
(iv) (=*) We willprovethat CompN(B', tP, N) implies CompN(BUB', 1>, MN),
under the hypothesis that CompN(B, 1>, M).
By definit ion ApPN(B, 1>, M), so ApPN(B, tP -+ 1>, M) by rule (::;1><1),
which means there is A E A(M) such that B f-1><1 A : tP -+ 1>.
If A is of the shape '\x.A' then M =A '\x.M' and A' E A(M'); thus
B[tP/x] f-1><1 A' : 1>, by Lemma 1O.1.7.(vi) and so ApPN(B[tP/x], 1>, M').
Hence, ApPN(B U B', 1>, M'[N/x]) by the point (iii) of this Lemma. But
MN =A M'[N/x], so ApPN(BUB',1>,MN) and by definit ion ofCompN
the proof follows. The case A == zA is simpler.
(<{=) If CompN(B,tP -+ 1>,M) then ApPN(B,tP -+ 1>,M), by Lemma
l1.2.31.(ii), hence ApPN(B, 1>, M), by rule (::;1><1).
(v) By induction on the rules of ::;1><1.
(a), (b), (e), (e'), (e), (r), (t) Trivial.
(d) Comp1t(B, (0"0 -+ Ta) A (0"0 -+ ?fa), M) implies, by definit ion of
ComPN, CompN(B,O"o -+ Ta, M) and CompN(B,O"o -+ ?fa, M).
If CompN(B', 0"0, N) then CompN(BUB', Ta, M N) and CompN(BU
B', ?fa, MN); hence, CompN(BUB', Ta A?fa , MN) and CompN(B, 0"0 -+
(Ta A ?fa), M), by definition of CompN.
(1) Let 0"0 ::;1><1 0"0, Ta ::;1><1 T6 and CompN(B, 0"0 -+ Ta, M).
If CompN(B',O"o,N) then CompN(B',O"o,N) by induction, hence
ComPN(BUB', Ta, M N) by definit ion of CompN. Again by induction
CompN(B U B', T6, M N), so the proof is done.
(g), (n5) Easy, since CompN(B, w, M N) is always true.
(nO), (nI), (n2), (n3), (n4) By using points (i), (ii) and (iii) ofthis lemma.
D

Now we will prove the implicat ion of Eq. (11.3).

Lemma 11.2.33. Let FV(M) ~ {Xl, ... , Xn } and B = [O"dXI, ... , O"n/Xn].
Ii CompN(B i , O"i, Ni) (1 ::; i ::; n) and B f-1><1 M : T then

CompN(B I U ... U Bn, T, M[NdxI, ... , Nn/Xn]).

Praof. Similar to the proof of Lemma 11.1.43, for model Ti. D

~ Proof of N-Approximation Theorem (Theorem 11.2.9 pag. 147).

(=*) We prove that B f-1><1 M : O" implies B f-1><1 A : 0", for some A E A( M).
Clearly COmp1t([T/X], T, x) from Lemma l1.2.31.(i).
Let FV(M) ~ {Xl, ... , Xn}, SO we can assume B = [O"dXI, ... , O"n/Xn] with-
out loss of generality, by Lemma 1O.1.7.(i). Therefore B f-1><1 M : O" and
 11.2 The Model N 157

Comp1-l([ai/xi], ai, Xi) (1 ~ i ~ n) imply Comp1-l(B, a, M) by Lemma 11.2.33.

So, by Lemma 11.2.31.(ii) and by definit ion of App.N, the proof is given.

({:::) By definition, there is M' such that M = A M', and A matches M' ex-
cept at occurrences of il. A derivat ion of B f--~ A : acan be transformed into
a derivation of B f--~ M' : a simply by replacing every subderivation
----(w) by ----(w)
B f--~ il: w Bf--~N:w '
where N are the subterms replaced by il in M'.
B f--~ M' : a implies B f--~ M : a, since the type assignment system is closed
under = A on terms, as a consequence of the fact that it induces a AA-model,
and the proof is given. •

11.2.3 Proof of Af-Discriminability and Af-Characterization

Theorems

In this section we use the notion of path c and of the relation «c between
approximants, as defined in Sect. 11.1.3. Moreover, a minor modificat ion of
the semiseparability algorithm presented in Fig. 11.2 (pag.138) is introduced.
Let M and N be two terms such that M "l:..N N; it is always possible
to find two approximants A E A( M) and A' E A( N) and a path c such
that A %:.C A', and the context C[.] such that A,A' ~D C[.] can be easily
transformed in a context N-discriminating M and N.
In order to choose the correct approximants, we use the next definition.

Definition 11.2.34. A path c is deep on A under the following conditions:

• if c == E then A E A-NF, namely in A there are no occurrences of il;
• if c == i, c' then A =1) AX1 .. Xn.xAl ... Am (i ~ m) and c' is deep an Ai,

Example 11.2.35. Let A E A(AX.xE",,I); it is easy to see that E is not deep

on A, paths having 1 as prefix are not deep on A, while if A == Ax.xA1A 2
and A 2 :ţ. il, then every path having 2 as prefix is deep on A.

Note that if c is deep on A then c, c' is deep on A, for aH paths Ci.

Property 11.2.36. Let B f--~ A : a and let N be such that:

1. for each A' E A(N), A %:.C A' implies A, A' are structurally similar along
c and A' is not maximal along c in A(N);
2. c is deep on A implies that there is A' E A(N) such that c is deep on A'.
Then B f--~ N : a.

Proof. The proof is given by induction on the derivation proving B f--~ A : a.

158 11. Call-by-Name Denotational Semantics

(var) Then A == x, and the derivat ion is

- - - - - - (var)
B[a/x] f-~ x: a

Note that the path E is deep on X, so there is A* E A(N) such that E

is deep on A*. Hence A* ;ţ. il, Le. A* is of the shape AX1 ... Xp.zA~ ... A~.
From the condition that A <,k.c A * implies A, A * are structurally similar
along c, it follows that it must be X == z; otherwise it would be A <,k., A*,
and A, A* not structurally similar along E, against the hypothesis. By the
same reasoning, it must be p = q.
Clearly A* E A-NF implies that x ='1 A* and A~ ='1 Xi; moreover,
N =A'1 A*. Since typings are preserved by =A'1' the proof follows.
(- I) Then A == Ax.A, a == f.,L - v, and the derivation is

B[f.,L/x] f-~ A : v
- - - - - - - (-->I)
B f-~ Ax.A : f.,L - v

Clearly il E A(N) and A <,k.c il, so by hypothesis 1 there is A' E A(N)

such that il «~ A' and A' ='1 Ax.A*. Hence, by Property 11.1.20.(ii),
N =A'1 Ax.N' and A* E A(N' ).
Note that B[f.,L/x] h<l A : v and N' satisfy the hypothesis ofthis property
(indeed, <,k.c is defined modulo =A'1)' thus B[f.,L/x] f-~ N' : v by induction.
This implies B h<l Ax.N' : f.,L - v, by rule (- I).
(- E) Then A == XA1 ... AmAm+l, since A E A, and the derivation is

for some T. Clearly il E A( N) and A <,k.c il, so by hypothesis 1 there

is A' E A(N) such that il «~ A'. Assume that for every A' E A(N), if
A' ;ţ. il then A' is of the shape AX1 ... Xp.zA~ ... A~. The given conditions
assure us that z == X, q = m + 1 + p and A~+i+l ='1 Xi (1::; i ::; p), Le.

So N =A'1 xN1 ... N m+ 1 and A~ E A(Ni ) (1 ::; i ::; m + 1). Note that, for
Ai and every A~ E A(Ni ), the conditions ofthe theorem are satisfied. So,
by induction, B f-~ Nm+l : T and B f-~ xN1 ... N m : T - a. So, by rule
(- E), B f-~ xN1 ... NmNm+l : a, and the prooffollows by the fact that
typings are preserved by = AI'/"
(AI), (AE), (::;~) The proof follows directly from the inductive hypothesis.
(w) Trivial. O

We need a further definition.

 11.2 The Model N 159

Definition 11.2.37. Let c a path and A an approximant:

• if c == E then c is defined on A;
• if c == k, c' then c is defined on A, whenever A ='1/ AXl ... Xp.zAl ... Aq (q ~ k)
and c' is defined on A.

Example 11.2.38. 1 is defined on Az.xflI, 1 is defined on Az.xlfl, but 1 is

not defined on fl.

Lemma 11.2.39. Let M rzNN. Then there are A E A(M), A' E A(N) and
a path c such that A 1C-c A', c is defined on A, A' and one of the following
conditions holds:
1. A and A' are structurally different in c;
2. A' is maximal along c in A( N);
3. c is deep on A but c is not deep on A", for all A" E A( N).

Proof. M rzN N implies there are B, a such that B r-IXI M : a while B IfIXl
N : a. By the N-approximation theorem, this means there is A E A(M) such
that B r-IXI A : a. Then, by Property 11.2.36, there are three cases.
1. There is A' E A(N) such that A 1C-c A', and A and A' are structuralIy
different along c. Then A and A' are the desired approximants.
2. There is A' E A(N) such that A 1C-c A', and A and A' are structuralIy
similar along c, and A' is maximal along c in A( N). Then A and A' are
the desired approximants.
3. Otherwise, c is deep in A and not deep in A", for alI A" E A(N) . So each
A" such that A 1C-c A" and c is defined on A" can be chosen. O

The N-semiseparability algorithm is presented in Fig. 11.4. The al-

gorithm is defined as a formal system, proving statements of the shape:
A, A' ~N C[.], where A 1C-c A' and C[.] is a context. The N-semiseparablity
algorithm is a minor modification of that we given in Fig. 11.2 (pag.138).
Rule (D1) has been divided in two rules, namely (NO) and(N1), according
to the fact that the given path is deep or not in A.
For the sake of simplicity, in the N-semiseparablity algorithm we assume
that an bound and free variables have different names.

Theorem 11.2.40. (i) If A 1C-c A' then A, A' ~N C[.].

(ii) If A, A'
~N C[.] then C[A] has A-normal form, while C[A'] ----An fl.

Proof. (i) Similar to the proof of Lemma 11.1.48.

(ii) The proof is carried out by induction on the derivat ion proving A, A' ~N
C[.]. In case the last applied rule is (NO), then the proof folIows from
definition of deep. In case the last applied rule is (N1), then obviously
C[A] ----An 1, while C[A'] ----An fl. In the remaining cases, the proof is
similar to that of the Lemma 11.1.49. O
160 11. Call-by-Name Denotational Semantics

Let A, A' be approximants such that A </:-c A' and r 2': max{args(A), args(A' )}.
The rules of the system proving statements A, A' ~ N C[.], are the following:

E is deep on xA I ... A m E is not deep on XAI ... Am

- - - - - - - - (NO) - - - - - - - - - - (NI)
xAI ... Am,S? ~N [.] xAI ... A m, S? ~N (AX.[.])Om

--------------(D2)
AXI ... Xn.XAI ... Am, S? ~N C[[.]XI ... Xn]

p:S q XAI ... AmXp+I ... Xq,yA~ ... A~ ~N C[.]

--------------------(D3)
AXI ... Xp.xAI ... Am, AXI ... Xq.yA~ ... A~ ~N C[[,]XI .. 'Xq]

q<P XAI ... Am,yA~ ... A~Xq+I ... Xp ~N C[.]

--------------------(D4)
AXI ... Xp.xAI ... Am, AXI ... Xq.yA~ ... A~ ~N C[[.]XI ... Xp]

n<m
-------------------(D5)
XAI ... Am'XA~ ... An ~N (AX.[.])Om 1 .... .! K1S?
'--..-"
m-n-2

m<n
-------------------(D6)
XAI ... Am'XA~ ... A~ ~N (AX.[.])On 1 ..... 1 KfU
'--..-"
n-m-2

Xo1=y
---------------------(D7)
XAI ... Am'yA~ ... A~ ~N (Axy.[.])(AXI ... Xm.1)(AXI ... Xn.S?)

x rf. FV(A k ) U FV(AU

Ak </:- A~ Ak, A~ ~N C[.]
XAI ... Am,xA~ ... A~ ~~c C[(AX.[.])U!] (D8)

r-m

Fig. 11.4. N-Semiseparability algorithm

 11.2 The Model N 161

~ Proof ofthe N-Discriminability Theorem (Theorem 11.2.16 pag. 150).

Let M 'IlN N. Choose A E A(M), A' E A(N) and a path e satisfying the
conditions of Lemma 11.2.39. Then A,A' ~N C[.]. Let C'[.] be the context
obtained from C[.] by replacing every occurrence of n by a A-unsolvable
term, say DD. We will prove that C'[.] is a context N-discriminating M and
N. The proofwill be done by induction on the derivat ion of A,A' ~N C[.].
If the derivation coincides with an application of the axiom (NO), then e is
deep in A but not deep in A'. Thus M has A-nf while N does not have A-nf;
so [.] is a discriminating context.
Ifthe derivat ion coincides with an application ofthe axiom (NI), then A' == n
and A' is maximal along the empty path in A(N). Thus N is A-unsolvable
and (AX.[.])om is the discriminating context.
If the used axiom is either (D5), (D6) or (D7), the proof follows from the
fact that M and N have both A-hnf, and by Property 11.1.20, their A-hnf's
have the same shape respectively as A and A'. Ifthe last rule applied is (D2),
(D3), (D4), (D8) or (D9), the proof follows by induction, always taking into
account that M and N have both A-hnf, and that by Property 11.1.20, their
A-hnf's have the same shape respectively as A and A'. •

Example 11.2.41. (i) Let M == 1 and N == ErXJ , where Eoo == Y(AXYZ.Y(xz)).

Clearly 1 E A(M), and, for every A' E A(N), for every path e, 1 and A'
are structurally similar along e, and e is not maximal in A'. Moreover,
every path e is deep on 1, while e is not deep in A', for all A' E A(N).
80, a choice satisfying the conditions of Lemma 11.2.39 is AX.X E A(M),
nE A(N) and e == f. In fact,
-----(NO)
x, n ~N AX.[.]
- - - - - - - (D2)
AX.X, n ~N AX.[.]X
Therefore (Ax.IX) --+A (AX.X) and (Ax.IX) .tJ.N, while (Ax.Eoox) îtN, since
it has no A-nf.
(ii) Let M == Axz.xzI and N == Axz.xzEoo . Then two approximants of M
and N and a path e satisfying the conditions of Lemma 11.2.39 are re-
spectively A == Axz.xzI, A' == AXZ.Xnn and e == 2.
Note that the A, A' and path e' == 1 does not satisfy the requirements of
Lemma 11.2.39. In fact, e' is not deep on all A" E A(N). Note that also
A == Axz.xnI, A' == AXZ.Xnn and e == 2 can be safely chosen.

~ Proof ofthe N-Characterization Theorem (Theorem 11.2.20 pag. 150).

( ~) We will prove that if M 'Il N then there are A E A( M) and A' E A( N)

and a path e satisfying the conditions of Lemma 11.2.39. By the proof of
162 11. Call-by-Name Denotational Semantics

the N-discriminability theorem, there is a context C[.] N-discriminating

M and N, Le. C[M].J.I.N while C[N]1'l'N. By the correctness ofthe model
with respect to the N-operational semantics, this implies M rJ,.N N.
The existence of A E A(M) and A' E A(N) and a path e satisfying the
conditions of Lemma 11.2.39 can be proved by induction on the definit ion
of!;;;. There are four cases:
1. N is A-unsolvable and M is A-solvable; let A E A(M) and A -:t il.
Thus A, il and the empty path satisfy the given conditions.
2. M =A'1/ AXl ... Xn.xMl···Mm, N =A'1/ AXl ... Xp.yMl ... Mq, and M has
A-nf while N has not A-nf; so M E A(M), every A' E A(N) such
that A' -:t il and the empty path satisfy the given conditions.
3. Each A-hnf of M is of the shape AXl ... Xn.xMl ... Mm, each A-hnf of
N is of the shape AXl ... Xp.yNl ... Nq, and either x -:t y or I m - n I~
I p - q 1· 80 every A E A(M) and A' E A(N) such that A,A' -:t il
and the empty path satisfy the given conditions.
4. Let M =A'1/ AXl ... Xn.xMl ... Mm, N =A'1/ AXl ... Xn.xNl ... Nm and
Mk rJ,. Nk, for some k (1 ::; k ::; m). Then by induction there are
A* E A(Mk), A** E A(Nk) and a path e satisfying Lemma 11.2.39.
Hence A E A(M) and A' E A(M' ) having the folIowing shapes,
A AXl ... Xn.x il ... il A* il ... il,
='1/
'-v--' '-v--'
k-l m-k
A' ='1/ AXl ... xn.x~A** ~,
k-l m-k
and the path k, c satisfy the conditions.
(=*) Assume M rJ,.N N; by Lemma 11.2.39 there are A E A(M), A' E A(N),
and there is a path e such that A 1:-c A' and either A, A' are structuralIy
different in e, or A' is maximal along e in A(N) or there is not A" maxi-
mal along e, e' in A( N), for alI e', and e is deep in A and not deep in A'.
Note that A -:t il, since il «: A'.
By induction on e, we will prove that M rJ,. N.
= =
Let e E. Let A' il. If A' is maximal then N is A-unsolvable, and so
M rJ,. N. If there is not A" maximal along e, c' in A(N), for alI e', and e is
deep in A and not deep in A', then M has A-nf while N has not A-nf, and
so M rJ,. N. Let A = AXl ... xn.xA l ... A m and A' =
AXl ... xp-yA l ... A q,
where either In - mi ~ Ip - ql or x -:t y. Then M rJ,. N by definit ion. Let
=
e i, e'. Then A ='1/ AXl·· .xn.xAl ... A m and A' ='1/ AXl ... xn.xA l ... A m
where Ai 1:-c A~, and the proof folIows by induction. •

11.3 The Model C,

In this section we will introduce a filter model correct with respect to the
L-operational semantics. Property 10.1.15 says that a filter model such that
 11.3 The Model .c 163

for aH M, N, if M -U-L (Le. it has A-lazy head normal form) and N 1fL
(Le. it has not A-lazy head normal form) then N Ce M.
is correct with respect to the L-operational semantics.
So we define a legal type theory, say L., based on a set of constants C L
such that, for every M with A-lhnf and N without A-lhnf, there is a basis
B and at least one type a such that B f- L M : a while not B f- L N : a.
Since terms without A-lhnf are aH and only the A-unsolvable terms of order 0,
foHowing the same approach as for the previous two models, it seems natural
to characterize them by assigning them only type w. Let us recall that L
induces a not sensible A-theory; in fact, DD 1fL while >.x.DD -U-L. Since, by
rules (w) and (-+ l), >.x.DD can always be assigned type w -+ W, a natural
choice is to characterize the convergent terms by this type. This aHows us to
have as set of type constants just the singleton {w}. Clearly the inequality
w ~ w -+ w, which holds in the two previous models, is no longer correct in
this setting.

Definition 11.3.1. Let CL = {w} and l(CL) = T(CL).

L. is the type system < CL, ~L,l(CL) >, where ~L is the least intersection
relation induced by the rules of Fig. 11.5.

--(a) ----(b) ----(c) ----(c')

(T :SL W (T :SL (T /\ (T (T /\ T :SL (T (T /\ T :SL T

- - - - - - - - - - - - (d)
((T ---> T) /\ ((T ---> 7l") :SL (T ---> (T /\ 7l")

a' SL U,T SL T'

------(9) --(r)

(T ---> T :SL (T
I
---> T
I (1) (T ---> W:SL W ...... W (T :SL (T

Fig. 11.5. L-intersection reIat ion

Note that ~L is the minimum intersection relation, and we already noticed

that L. is a legal type system.

Definition 11.3.2 . .c is the >'A-model < F(L.), F(L.), 0L, [.]F(L) >.
Now we will state some properties of the L.-intersection reIat ion that will
be useful in this chapter. Namely, it will be proved that w is Ţ.L to any arrow
type, and the general shape of a type, modulo '::::!.L will be shown. To do this,
we need to characterize the set of types that are'::::!. w.

Theorem 11.3.3. a '::::!.L w if and only if a == ~ (n ~ 1).

n
164 11. Call-by-Name Denotational Semantics

Proof Note that W '::::!.L a if and only if W ::;L a, by rule (a).

({:::) The prooffollows by rules (b), (e) and (t).
(:::}) It is easy to prove, by induction on the rules of ::;L, that if a ==
~, for some k ~ 1, and a ::;L 7 then 7 ==~, for
k h
some h
1. Then the proof is done, since a '::::!.L
~ W implies W ::;L a, so
a==~, forsome n ~ 1. O
n

Corollary 11.3.4. a == ţl--+ V implies a:t.L w.

The following property states a characterization of the shape of types in

the theory L.

Properly 11.3.5. (i) If a :t.Lthen a '::::!.L ao fi ... fi an such that Vi ::; n,

W
ai '::::!.L 71 --+ ... --+ 7:"i
for some n, mi E N.
--+ W --+ W,
(ii) There is p E N such that ~ --+ W --+ W ::;L a, for all k ~ p.
k
(iii) If a :t.L W then a ::;L W --+ W.

Proof (i) By induction on a. The case a == W is against the hypothesis. If

a == 1f fi 7 then the proof follows by induction. Let a == 7 --+ 1f. If 1f '::::!.L W
then by rules (g), (1) and (a) it is easy to check that w --+ W '::::!.L 7 --+ 1f.
Otherwise, by induction 1f '::::!.L 1fo fi ... fi 1fk for some k E N and 1fi '::::!.L
1fi --+ ... --+ 1fL --+ W --+ W for some ki E N. Hence, by Lemma 1O.1.4.(iii),
a '::::!.L (7 --+ 1fO) fi ... fi (7 --+ 1fk), and the proof is done.
(ii) If a '::::!.L w then p = 0, and the proof follows from rule (a). Otherwise,
by the previous point, a '::::!.L ao fi ... fi an (n E N) such that Vi ::; n,
ai '::::!.L 71 --+ ... --+ 7:"i --+ W --+ W for some mi E N. Notice that

W --+ ... --+ W --+ W --+ W <L 7Ii --+ .•. --+ T m
i . --+ W --+ W
~ - ,
mi
W --+ •.• --+ W --+ W --+ W --+ W <L W --+ .•• --+ W --+ W --+ W
~ -~
mi mi

so, posing p = max{ mI, ... , m n }, the proof is easy.

(iii) By point (i), a '::::!.L ao fi ... fi an (n E N) such that Vi ::; n, ai '::::!.L
71 --+ .•• --+ 7:". --+ W --+ W for some mi E N. It is easy to see that
ai ::;L 71 --+ W ~L W --+ w (1 ::; i ::; n) by rules (a), (1) and (g), so the
proof follows by rule (b). O

In the related type assignment system, every term having A-Ihnf can be
assigned at Ieast the type w --+ W.

Lemma 11.3.6. If M has A-lhnf then B f- L M: w --+ W, for some basis B.

 11.3 The Model 12 165

Praof. Let M == AX.P and let Bw be a basis such that Bw(x) = w, for alI
x E Var. 80 B f-- L P : w by rule (w), and B f-- L AX.P : w ---+ w by rule (---+ I).
Let M == xM1 ... M m . Let B be such that B(x) = w ---+ ••• ---+ W ---+ W ---+ w.
~
m
Clearly B f-- L Mi : w (1 ::; i ::; m) by rule (w), therefore by rule (---+ E),
B f-- L xM1 ... M m : w ---+ w.
The proof is done, since C is a AA-model, hence it is closed under =A. D

In order to show that this model is correct with respect to the L-

operational semantics, we must show that if M has no A-Ihnf, i.e. it is a
A-unsolvable term of order 0, and B f-- L M : a then a ~L w. To prove this,
we need an approximation theorem.
The notion of approximant needed for studying the lazy evaluation is
different from that used in the previous sections.

Definition 11.3.7. Let AO be defined as in Definition 11.1.9 pag. 123.

(i) The LO-reduction (---+Ln)is defined as the contextual closure of the fol-
lowing rule:
OM ---+ O.
(ii) The ALO-reduction (---+ ALn) is the contextual closure of the following
rules:
(Ax.M)N ---+ M[Njx], for all NE AO, OM ---+ O.
---+ Ln
denotes the symmetric and transitive closure of ---+ Ln.
The 'TJ-reduction (---+7)) can be directly applied to the language AO (see
Definition 1.3.7). M E AO is in ALO-normal form (ALO-nf) if and
only if it does not contain ALO-redexes.

Note that the reduction rule AX.n ---+n n, which has been used in both
models 1i and N, is no longer correct for the lazy semantics.

Definition 11.3.8. The set of LO-approximants of a term M is defined as

follows:

L
A (M) = A
{I ::JM' such that M =A M' and A is a ALO-normal f orm }
obtained fram M' by replacing some subterms with O.

In this chapter, we will simply caII approximant a ALO-normal form.

Example 11.3.9. Some sets of approximants are shown.

AL(I) = {O,AX.O,AX.X};
AL(D)= {O, AX.O, AX.XX, AX.XO};
AL(DD) = {O};
AL(K(>-.x.x(II))(DD)) = {O, AX.O, AX.XO, AX.X(AX.O), AX.XI}.
166 11. Call-by-Name Denotational Semantics

Theorem 11.3.10 (C-Approximation).

B I-- L M: (J" if and only if B I--L A: (J", for some A E AL(M).

Proof. The proof is in Sect. 11.3.1. D

The folIowing property shows that the theory of the model C is not sensible.

Property 11.3.11.
(i) If M is A-unsolvable of order n then AL(M) = {Ax1 ... Xp.n I O :::; p:::; n}.
(ii) If M is A-unsolvable of infinite order then AL(M) = {AX1 ... Xp.n I p E N}.
(iii) Let M and N be A-unsolvable respectively of order p and q (p, q E N).
Ifp < q then M Ce N.

Proof. Easy. D

Corollary 11.3.12. M -U-L if and only if B 1-- L M : w -+ w, for some B.

Proof. By Lemma 11.3.6, by Property 11.3.11 and by the approximation

theorem. D

Thus we can prove the correctness of the model.

Theorem 11.3.13 (C-Correctness).

The model C is correct with respect to the L-operational semantics.

Proof. From Property 10.1.15 and CorolIary 11.3.12 . D

The correctness implies some properties of the L-operational semantics.

PropeTty 11.3.14. (i) M -+1/ N implies N ::5L M.

(ii) AlI calI-by-name fixed-point operators are equated in L.
(iii) Let Z be a calI-by-name fixed-point operator. M ::5L ZK, for aH MEA.
(iv) AH A-unsolvable of the same order are equated in L.

Proof. (i) It is sufficient to prove that 1 ::5L E. Let B 1-- LI: (J"; by Lemma
l1.3.5.(i), either (J" ::::=L w or (J" ::::=L (J.L1 -+ 111) /\ ... /\ (J.Lk -+ IIk), for some
k E N. The case (J" ::::=L w is trivial, so let (J" ::::=L (J.L1 -+ IId /\ ... /\ (J.Lk -+ IIk)'
But B 1-- LI: J.Li -+ IIi by rule (:::;L), therefore by Lemma 1O.1.7.(vi)
B[J.Li/xll--LX: IIi, and by Lemma 1O.1.7.(ii) J.Li :::;L IIi (i:::; k). We prove
that, if J.Li :::;L IIi then B 1-- LE: J.Li -+ IIi; thus the proof folIows by rule
(/\I). The proof is given by induction on J.Li·
If J.Li ::::=L w then IIi ::::=L w, so it is easy to see that B 1-- LE: w -+ W, by
rules (w) and (-+ 1). If J.Li == Ti -+ Pi then B[J.Li/x, Ti/yll-- L xy : Pi, so
B 1-- L AXY.XY : J.Li -+ J.Li, by applying rule (-+ I) twice. FinalIy, by rule
(:::;L), B 1-- L AXY·XY : J.Li -+ IIi, If J.Li is an intersection type then the proof
foHows by induction.
Note that this inclusion is strict. In fact, B 1-- L AXY.XY : w -+ W -+ w, for
alI B, while this typing is not derivable for 1.
 11.3 The Model .c 167

(ii) Similar to the proof of Theorem 11.1.24.

(iii) By definit ion of call-by-name fixed-point, ZM =A M(ZM), for all terms
M, so ZK =A K(ZK) =A >.x.ZK. So AL(ZK) = {>.xl ... xp.D I O ~ p},
and W -7 ... -7 W -7 W -7 W E [ZK]p:F(L') for all environments p and

----------
p
natural numbers p.
The prooffollows by Property l1.3.5.(ii) and by Correctness.
(iv) By Property l1.3.11.(iii) and by correctness. D

It is interesting to compare the proof of point (i) of the previous lemma

with the proof of the Lemma 6.3.10, proving the same statement. The deno-
tational proof is much easier, this fact is a witness of the powerful of the type
assignment system for proving properties of filter models.
The model C is not fully abstract with respect to the L-operational se-
mantics. In fact, an incompleteness result holds.

Theorem 11.3.15 (C-Incompleteness).

The model C is incomplete with 'respect to the L-opemtional semantics.
Pmof. The proof is in Sect. 11.3.2. D

There is no a filter >'A-model fully abstract with respect to the L-

operational semantics, as will be proved in the next theorem.

Theorem 11.3.16. The're is no a fllte'r >'A-model that is fully abstmct with

'respect to the L-opemtional semantics.

Pmof. The proof is in Sect.11.3.2. D

Until now, a syntactical axiomatization of the reIat ion ::$L has not been
found. Note that the "'e reIat ion has an unusual behaviour under application,
as can be seen from the following example, first proved in [2].

Example 11.3.17. x efe >.y.xy but xx "'e x(>.y.xy).

x efe >.y.xy follows from the fact that, if B is a basis such that B(x) = w,
then B li LX: w -7 w, while B f--- L >.y.xy : w -7 W.
To prove xx "'e x(>.y.xy) , by Property l1.3.14.(i), it is sufficient to prove
x(>.y.xy) ~e xx, namely that B f--- L x(>.y.xy) : (Y implies B f--- LXX: (Y.
Without loss of generality let (Y Ţ.'\l w; thus B f--- L x(>.y.xy) : (Y implies, by
Lemma 1O.1.7.(vii), that B f--- LX: p -7 (Y and B f--- L >.y.xy : p, for some p.
Moreover, B(x) ~L p -7 (Y by Lemma 1O.1.7.(ii).
If p r::::.L w then p -7 (Y ~L W -7 (Y thus

------(var)
B f--- LX: B(x)
-----------(~L) --------(w)
Bf--- L x:w-7(Y Bf---Lx:w
--------------------------(~E)
B f--- LXX: (Y
168 11. Call-by-Name Denotational Semantics

:s
Otherwise, p r:::!.L 0"01\ ... 1\ O"n (n :::: 1) such that Vi n, O"i r:::!.L /-Li - Vi by
Property l1.3.5.(i) Hence B[/-Li/y] f- L xy : Vi by Lemma 10.1.7.(vi), and by
Lemma 10.1.7.(vii), B[/-Li/y] f- L Y : Ti and B[/-Li/y] f- LX: Ti - Vi, for some
Ti. 80 by Lemma 10.1.7.(ii), /-Li :SL Ti and B(x) :SL Ti - Vi, hence by rule (f)
:s
of the .L-intersection relation, B(x) :SL /-Li - Vi (i n); it is easy to see that
B(x) :SL 0"01\ ... 1\ O"n. 80 it is possible to build the following derivation:
------(var) -----(var)
B f- LX: B(x) B f- LX: B(x)
----------(~L) --------(~L)
B f- LX: 0"0 1\ ... 1\ O"n - O" B f- LX: 0"0 1\ ... 1\ O"n
-----------------------(~E)
B f- LXX: O"

11.3.1 Proof of C-Approximation Theorem

We define a computability predicate as for the previous models. The notion
of approximants is different from the previous one given in Definition 11.1.39,
since it takes into account the different behaviour of the f- L type assignment
system with respect to f- 00'
A basis B is finite if and only if B(y) r:::!.L W except in a finite number of
variables. We will use [O"dxl, ... , O"n/xn] to denote a finite basis. By Lemma
1O.1.7.(i), in this section we limit ourselves to consider only such a kind of
basis.
Let B and B' be two basis. B U B' denotes the basis such that, for every
x, B U B'(x) = B(x) 1\ B'(x) (remember that, for every type 0", O" 1\ w r:::!. 0").
Definition 11.3.18. (i) App.c(B, 0", M) if and only if there is A E AL(M)
such that B f- LA: 0".
(ii) The predicate ComP.c is defined by induction on types as follows:
• Comp.c(B,w,M) is true;
• Comp.c(B, O" - T, M) where T r:::!.L W, if and only if ApP.c(B,w - w, M);
• Comp.c(B, O" - T, M) where T 'tL W, if and only if
VN, Comp.c(B',O",N) implies Comp.c(BUB',T,MN);
• Comp.c(B, O"I\T, M) if and only ifComp.c(B, 0", M) and Comp.c(B, T, M).
To prove the (:::}) part of the C-approximation theorem, we will prove,
in the usual way, that B f- L M : O" implies Comp.c(B, M, 0"), which in turn
implies App(B, 0", M).
It is easy to check, by induction on 0", that Comp.c(B, 0", M) and M =11 M'
imply Comp.c(B, 0", M'); by induction on 0", the proof is easier than that of
Lemma 11.1.40 pag. 133.
Note that typings are not preserved by the 1J-reduction, as we observed
in the proof of Property 11.3.14.(i). This property was used for proving the
approximation theorem in both models 1i and N. Here a weak version of this
property holds, just for approximants of a particular shape, but it is sufficient
for the rest of the proof.
 11.3 The Model 12 169

Property 11.3.19. Let A == Az.xA1 ... Amz, where z tJ- FV(xA1 ... A m ).
If B f- L A: a-+ T, with T 'l-L w then B f-L XAl ... Am: a -+ T.

ProoJ. B f-L A : a -+ T and T 'l-L w imply B[a/z] f- L xA1 ... Amz : T, by

Lemma 1O.1.7.(vi), so B[a/z] f- L XAl ... Am : E -+ T and B[a/z] f- L z: E for
some E, by Lemma 10.1.7.(vii). Thus a ~L E, SO E -+ T ~L a -+ T; hence by
rule (~L) B[a/z] f- L XAl ... Am: a -+ T.
B f- L XAl ... Am : a -+ T, by Lemma 1O.1.7.(i) since z tJ- FV(xA1 ... A m ). O

Lemma 11.3.20. (i) App.c(B, a, xM) implies Comp.c(B, a, xM).

(ii) Comp.c(B, a, M) implies App.c(B, a, M).
ProoJ. The proof is done by mutual induction on a. The only non obvious
case is when a == T -+ p and p 'l-L w.
(i) We will prove that Comp.c(B',T,N) implies Comp.c(B U B',p,xMN),
thus Comp.c(B, T -+ p, xM) follows by definition.
Comp.c(B',T,N) implies App.c(B',T,N), by induction on (ii). By hy-
pothesis App.c(B,T -+ p,xM), so App.c(BUB',p,xMN) by rule (-+ E),
since A E AL(M) and A' E AL(N) imply xAA' E AL(xMN); hence,
Comp.c(B U B',p,xMN) by induction.
(ii) Let z tJ- FV(M) and B(z) C:::.L w. Note that both z E AL and [T/Z] f- L z:
T, hence App.c([T/Z],T,Z). Thus by induction on (i), Comp.c([T/z],T,Z).
Comp.c(B,T -+ p, M) and Comp.c([T /Z],T, z) imply Comp.c(B[T/ z], p, M z)
and this implies App.c(B[T/Z],P, Mz), by induction; which means there
is A E AL(M z) such that B[T / z] f- LA: p. The case A == il is not possi-
bIe, since by the hypothesis p 'l-L w. By rule (-+ I), B f- L Az.A : T -+ p.
By definit ion of the L-approximants of a term, A E AL(Mz) implies
Az.A E AL(AZ.Mz). Now there are two cases.
1. If M is of order O then A is of the shape xA1 ... Amz, where z tJ-
FV(xAl ... Am) and XAl ... Am E AL(M). So B f- L XAl ... Am : T -+ p,
by Property 11.3.19 and the proof is given.
2. Otherwise M =A Ay.M', so Az.Mz =A Az.M'[z/y] =" Ay.M', which
implies Az.A E Av' (M), and the proof is given. O

Lemma 11.3.21. lf Comp.c(B, a, M) and a ~L T then Comp.c(B, T, M).

ProoJ. By induction on the rules of ~L. The more complex case is the rule
(1), so let 7f' ~L 7f, T ~L T' and Comp.c(B, 7f -+ T, M).
If T C:::.L w then T' C:::.L W, so the proof is immediate. If T, 7f 'l-L w then the proof
follows by induction. If T 'l-L w but T' C:::.L w then, by Lemma l1.3.20.(ii),
App.c(B,7f -+ T, M). By definit ion of ApPL:, there is an A E AL(M) such
that B f- LA: 7f -+ T, thus B f- LA: w -+ w, and the proof follows by the
definit ion of CompL:. O

The following lemma will be used in the proof of the .c-approximation

theorem.
 170 11. Call-by-Name Denotational Semantics

Lemma 11.3.22. Let FV(M) ~ {Xl, ... , Xn} and B = lat/xl, ... , an/xn).
II Camp.c(Bi , ai, Ni) (1 ~ i ~ n) and B f- L M : T then
Comp.c(B l U ... U Bn, T, M[Nt/XI, ... , Nn/xn]).

Proof. By induction on the derivation B f- L M : T. o

T Proof of C-Approximation Theorem (Theorem 11.3.10 pag. 166).

(=?) Clearly Comp.c([T/x],T,X), by Lemma 11.3.20.(i).

Let FV(M) ~ {Xl, .•. , Xn}, SO we can assume B = lat/xl, ... , an/Xn] with-
out loss of generality, by Lemma 10.1.7.(i). Therefore B f- L M : a and
Comp.c([ai/xi],ai,xi) (1 ~L i ~L n) imply Camp(B,a,M) by Lemma
11.3.22, which in turn implies App.c(B,a,M), by Lemma 11.3.20.(ii).
({=) By definition, there is M' such that M = A M' and A matches M' except
at occurrences of il. A derivat ion of B f- LA: acan be transformed into
a derivation of B f- L M' : a, simply by replacing every sub derivat ion

by ----(w)

.
Bf-LN:w '
where N is the subterm replaced by il in M'. B f- L M' : a implies
B f- L M : a, since the type assignment system is closed under = A on
terms as a consequence of the fact that it induces a >'A-model, so the
~~~~~

11.3.2 Proof of Theorems 11.3.15 and 11.3.16

Let Lo = >.x.x(x(>.x.DD)(DD))(>.x.DD),
LI = >.x.x(>.y.x(>.x.DD)(DD)y)(>.x.DD).
We already showed, in Sect. 6.3, that Lo ~L LI. Now we will prove Lo f.c LI,
so C is not complete with respect to the L-operational semantics.

T Proof of C-Incompleteness Theorem (Theorem 11.3.15 pag. 167).

Let us prove that LI f.c Lo; namely we will show that, for every basis B,
B f- L LI : «w-+ w) -+ (w -+ w) -+ W -+ w) -+ W -+ w, while Lo has no such
a typing. Let a = (w -+ w) -+ (w -+ w) -+ W -+ W.

-----------(w)
B[a/x][w/y] f- L x(>-.x.DD)(DD)y : w
---:-----,--- (var) (~l) - , - - - - - . , - - - - - - - (w)
B[a/x] f- LX: a B[a/x] f- L >..y.x(>..x.DD)(DD)y : w -> w (B[a/x])[w/x] f- L DD: w
------------------- (~E) - - - - - - - - (~l)
B[a/x] f- L x(>..y.x(>..x.DD)(DD)y) : (w -> w) -> W -> W B[a/x] f- L >..x.DD : w -> W
----------,,---.,-----------------------(_E)
B[a/x] f- L x(>..y.x(>..x.DD)(DD)y)(>..x.DD) : w -> W
---.:....:---=----=----..:...-...:--...:--...:----..:...-...:----- (-l)
B f- L Li : ((w -> w) -> (w -> w) -> W -> w) -> W -> W
 11.3 The Model .c 171

On the other hand, assume B f- L La : u ---t w ---t w; so, by Lemma 1O.1.7.(vi)

B[ujx] f- L x(x()..x.DD)(DD))()..x.DD) : w ---t W.
By Lemma 1O.1.7.(vii), there is ţl such that B[ujx] f- L ()..x.DD) : ţl and
B[u jx] f- L x(x()..x.DD)(DD)) : ţl ---t w ---t W.
By Lemma 1O.1.7.(vii), there is v such that B[ujx] f-L x()..x.DD)(DD) : v
and B[u jx] f- LX: v ---t ţl ---t W ---t W.
By Lemma 1O.1.7.(ii), u :::;L v ---t ţl ---t W ---t w, hence v,ţl :::;L w ---t w by
Property 10.1.6; but B[u jx] f- L )..x.DD : ţl implies, by the C-approximation
theorem and Property 11.3.11, that ţl ~L w ---t W, SO ţl ~L w ---t w and
moreover v ~L w.
By Lemma 1O.1.7.(vii), there is 7l' such that B[ujx] f- L x()..x.DD) : 7l' ---t V
and
B[ujx] f- L DD: 7l'. (11.5)
Again by Lemma 10.1.7.(vii), there is T such that B[ujx] f- LX: T ---t 7l' ---t V
and B[ujx] f- L )..x.DD : T. By Lemma 1O.1.7.(ii), u :::;L T ---t 7l' ---t v, so by
Property 10.1.6 it folIows that 7l' :::;L w ---t w, which together with Eq. (11.5)
and CorolIary 11.3.12 is absurd. •
In order to prove the nonexistence of a fulIy abstract filter model for the
L-operational semantics, we will prove that in every such model, if it did
exist, the two terms La and Ll would be denotationalIy different, so reaching
an absurdum. Let us notice that, while we said that a natural choice for a
calI-by-name filter )..A-model is T(C) = 1(C), a priori we cannot exclude that
a different choice could be made. 80, in order to prove the nonexistence of
a fulIy abstract filter model, we must prove it in the case of every (correct)
choice of the set of input types.

First, we need some properties.

Properly 11.3.23. Let U be any closed A-unsolvable term of order O, and let
the type system V' =< C, :::;v,I(C) > induce a )..A-model M that is fulIy
abstract with respect to the L-operational semantics.
(i) ULM )..x.U LM )..y.x()..x.DD)(DD)y.
(ii) There is () E 1(C), such that B f- v )..x.U : () but B Ifv U: (), for alI bases
B; furthermore, B f- v )..y.x()..x.DD)(DD)y : (), for alI bases B.
(iii) If () is the type considered in point (ii) then () ---t (), () ---t () ---t () E 1 (C) .
Proof. (i) Clearly U -<L )..x.U -<L )..y.x()..x.DD)(DD)y. 80 the prooffolIows
from the definition of a fulIy abstract model.
(ii) By point (i), by the fact that alI A-unsolvables of the same order are
equated in L (by Property 11.3.14.(iv)) and by definition of filter model,
there is () E T(C) such that B f- v )..x.U : () but B Ifv U : (), for every
basis B (since U is closed). So, always by point (i) and by Property
1O.1.13.(ii), for every B, B f-v )..y.x()..x.DD)(DD)y : (). Note that U is
172 11. Call-by-Name Denotational Semantics

an input value for the >'A-calculus, so by definit ion of filter >'A-model,

there is a type a E 1( C) such that a E [U]~, for alI environments p.
If we assume () ti- 1(C) then a :<:;V' (), by conditions on input types, thus
B f-V' U : (), against hypotheses. Hence it must be that () E 1(C).
(iii) Since U is an input value for the >'A-calculus, there exists a type a E 1( C)
such that a E [U]~, for alI environments p. If () --+ () ti- 1( C) then
a :<:;V' () --+ (), thus B f-V' U : () --+ (). But B f-V' >.x.U : () and () E 1(C)
imply that B f-V' U(>.x.U) : (), by rule (--+ E); this is an absurdum, since
U(>.x.u) is it self a closed A-unsolvable term of degree O, by Property
1.2.18.(ii). In a similar way it is easy to check that () --+ () --+ () E 1(C). O

• Proof of the Theorem 11.3.16 (pag.167).

Let 'V =< C, :<:;V',I( C) > be a legal type system, inducing a filter >'A-model
that is fulIy abstract with respect to the L-operational semantics. Let () be
the input type considered in Property 11.3.23 and note that () Ţ.V' w.
Let a denote () --+ () --+ (); since a E 1(C), B[a/x] f-V' >.y.x(>.x.DD)(DD)y : ()
and B f-V' DD : (), by Property 11.3.23.(ii); so B f-V' LI : a --+ (), by rules
(--+ E) and (--+ 1). Now, let us assume B f-V' Lo : a --+ ().
B[a/x] f-V' x(x(>.x.DD)(DD))(>.x.DD) : (), by Lemma 1O.1.7.(vi); thus there
is an input type f-L such that B[a/x] f-V' x(x(>.x.DD)(DD)) : f-L --+ () and
B[a/x] f-V' >.x.DD : f-L, by Lemma 1O.1.7.(vii).
If f-L --+ () ~V' w then f-L --+ W :<:;V' f-L --+ (), since f-L --+ W :<:;V' W by rule (a) of
intersection relations. By Property 10.1.6, W :<:;V' () and thus () ~V' w, which
is not possible, since B !IV' U : (); hence f-L --+ () Ţ.V' w.
So B[a/x] f-V' x(>.x.DD)(DD) : 1/ and B[a/x] f-V' x : 1/ --+ f-L --+ () for some
1/ E 1(C), by Lemma 10.1.7.(vii). By Lemma 1O.1.7.(ii), a :<:;V' 1/ --+ f-L --+ (),
hence I/,f-L :<:;V' () by Property 10.1.6. Again by Lemma 10. 1.7. (vii), there is
7f E 1(C) such that B[a/x] f-V' x(>.x.DD) : 7f --+ 1/ and

B[a/x] f-V' DD: 7f. (11.6)

If 7f --+ 1/ ~V' W then 7f --+ W :<:;V' W :<:;V' 7f --+ 1/ thus, by Property 10.1.6,
W :<:;V' which would be in contradiction with () Ţ.V' w, hence we assume 7f --+
1/,
1/ Ţ.V' w. Yet by Lemma 1O.1.7.(vii), there is TE 1(C) such that B[a/x] f-V'
x : T --+ 7f --+ 1/ and B[a/x] f-V' (>.x.DD) : T. Hence by Lemma 1O.1.7.(ii),
a :<:;V' T --+ 7f --+ 1/, so by Lemma 10.1.6, it folIows that () :<:;V' 1/ and 7f, T :<:;V' ().
But 7f :<:;V' () and Eq. (11.6) imply an absurd, since from rule (:<:;V') , it folIows
B[a/x] f-V' DD : (), against Property l1.3.23.(ii). •

11.4 A Fully Abstract Model for the L-Operational

Semantics
It was proved, in Theorem 11.3.16, that there is not a filter model that is
fulIy abstract with respect to the L-operational semantics. But we will show
 11.4 A Fully Abstract Model for the L-Operational Semantics 173

now that it is possible to build, start ing from the model 12, the desired fully
abstract model. In a very general way, the idea is to start from the model 12,
to build a space of filters that is a subspace of F( L), consisting just of filters
that are interpretations of closed terms, and then to identify those filters
that are interpretations of terms L-operationally equivalent. The so-obtained
model is no longer a filter model, and the interpretat ion of a term is no longer
the collection of the types that can be assigned to it. The fully abstract model
amounts just to the closed term model of the A-theory L, equipped with a
partial order relation, which is obtained from a preorder on terms, defined in
a stratified way by using the type assignment f- L.
Definition 11.4.1. (i) ~a is a relation on AO defined as follows:
• M ~w N is true;
• M ~a-->T N, where T '::::L W, if and only if
B f- L M : w ~ w implies B f- L N : w ~ w, for all bases B;
• M ~a-->T N, where T 'tL W,
if and only if
VP E AO, B f-L P: (J implies MP ~T NP;
• M ~at\T N if and only if both M ~a N and M ~T N.

(ii) M ~ N if and only if M ~a N, for all (J.

The next property will be useful in order to better understand the previous
definit ion.
Property 11.4.2. There is P E AO such that B f- L P : (J, for all B and (J.

Proof. We will prove, by induction on that there is P of the shape:

(J,

AXI ... xn.DD, for n 2 0, to which (J can be assigned.

If (J '::::L w, then B f- L DD : (J, by rules (w) and (:SL)'
If (J '::::L W ~ w, then, by rule (w), B[T/X] f- L DD: w, and, by rule (~1),
B f- L Ax.DD : T ~ w. The proof follows by rule (:SL)'
If (J == J-L ~ v, where v 'tL w, then by induction there is P E AO such that
B f- L P : v. Hence B[J-L/x] f- L P : v, and the prooffollows by rule (~ 1).
Let (J == J-L!\ v. By induction, there are AXI ... xp.DD and AXI ... xq.DD such
that B f- L AXI ... xp.DD : J-L and B f- L AXI ... xq.DD : v. Let n = max{p, q}:
AXI ... xn.DD is the desired term by Lemma l1.3.5.(ii). D

If a type can be assigned to a closed term, then it is said to be inhabited.

Note that although in the model 12 all types are inhabited, this does not
imply that aH filters are inhabited, i.e. it does not imply that every filter is
the interpretat ion of a closed term. lndeed, the filter
l' {(w ~ w) ~ (w ~ w) ~ w ~ w}
is not the interpretat ion of any term, since the reader can check that every
term having type (w ~ w) ~ (w ~ w) ~ w ~ w also has the type w ~ w ~
w ~ w, which is not in the filter. If this filter were inhabited, then it would
be L o ?6L LI (see Sect. 11.3.2).
174 11. Call-by-Name Denotational Semantics

Properly 11.4.3. Let M, NE AO.

(i) If M I;;:;e N then M :::1 N.
(ii) :::1 is reflexive.
(iii) :::1 is transitive.

Proof. (i) We will prove that M 11 N implies M 'le N. By definition,

M 11 N means there is a such that M 110- N. The proof is given by
induction on a.
Clearlya 7:-L w, since by definit ion M :::1w N is true. If a == J1 -+ II where
II ~L w, then B f- L M : w -+ W and B liL N : w -+ w by definit ion 11.4.1,
so the proof is immediate.
If a == J1-+ II where II 7:-L w, then there is PE AO such that M P 11" N P,
by definition of :::1. Hence, M P 'le N P by induction, so M 'le N by
Lemma 1O.1.13.(i).
If a == J1A II then the proof folIows by induction.
(ii) We will prove that M :::10- M, for alI a, by induction on a. The case w is
obvious. Let a == J1 -+ II; the case II ~L W is obvious. Let II 7:-L w, thus
P E AO and B f-L P : J1 imply MP :::1" MP, by inductionj the proof
folIows by definition of :::1. The case a == J1A II folIows by induction.
(iii) We will prove that :::10- is transitive, for alI a, by induction on a.
The cases w and J1 -+ II where II ~L W are obvious.
Let a == J1 -+ II, II 7:-L w and M :::11'-+" N :::11'-+" P. If Q E AO and
B f- L Q : J1 then MQ :::1" NQ :::1" PQ, and by induction MQ :::1" PQ.
Thus, the proof folIows by the definit ion of :::1/.1-+".
The case a == J1A II folIows by induction. O

In next two lemmas it is proved that :::1 corresponds exactly to the oper-
ational inclusion :5L.

Lemma 11.4.4. Let M,N E AO.

M :::1 N if and only if M P :::1w-+w N P for each sequence of closed terms P.

Proof. (~) We will prove that M 11 N implies that there is a closed sequence
of terms P such that M P l1w-+w N P. By hypothesis there is a type a
such that M 110- N, so the proof is done by induction on a.
If a ~L w then a == ~ (n ~ 1), by Theorem 11.3.3; but, since
n
M :::1w N by definit ion, this is not possible.
Let a 7:-L w. If a == J1 -+ II where II ~L w, then the proof is vacuous. If
a == J1 -+ II where II 7:-L w, then there is P E AO such that MP 11" NP,
so the proof folIows by induction. If a == J1A II then the proof folIows by
induction.
(::::}) We will prove that if there is a sequence of closed terms P and a type
r 7:-L w such that MP 117 NP then M 11 N, by induction on IIPII.
If IIPII = O then the proof is trivial, so let IIPII ~ 1 and P == QQ'. But
 11.4 A Fully Abstract Model for the L-Operational Semantics 175

B f- L Q' : w by rule (w) implies M Q llW-+T N Q by definit ion of :::l; so

the proof folIows by induction. O

Note that, although Ax.DD llw-+w DD, Ax.DD :::lw-+w-+w DD; in fact
for each P E AO, B f- L P : w, and so, by definit ion of :::l, (Ax.DD)P :::lw-+w
(DD)P is true. Hence M :::l0" N and (J :SL T does not imply M :::lT N.
Lemma 11.4.5. Let M,N E AO.
M ~L N if and only if MF :::lw-+w NF, for each sequence of closed terms F.
Proof. Remember that, for every term Q, Q JJ.L if and only if B f- L Q : w ----t
w, by CorolIary 11.3.12.
(=}) Let F be a sequence of closed terms and let B be a basis.
If M ~L N then MF JJ.L implies NF JJ.L; therefore, by CorolIary 11.3.12,
B f- L M F : w ----t w implies B f- L N F : w ----t w. Hence, by definit ion of
:::lw-+w the proof is done.
({:::) Let M F :::lw-+w N F, for each sequence of closed terms F. We will prove
that, if C[M], C[N] E AO and C[M] JJ.L, then C[N] JJ.L, for alI contexts
C[.]. The proof is done by induction on the derivation proving C[M] JJ.L.
If the last applied rule is either (var) or (lazy) , then the proof is immedi-
ate. If the last applied rule is (head), then there are two cases, according
to the possible shape of C[.] .
• C[.] == [.]Cd.] ... C m [.] (m E N).
If m = O then M JJ.L implies B f- L M : w ----t w, so B f- L N : w ----t w by
definit ion of :::lw-+w, and the proof folIows by CorolIary 11.3.12.
Now, let m 2: 1 and D[.] == MCd.] ... C m [.]. Clearly D[M] == C[M] and
- - .
D[.] = (Az.Mo)MCd.] ... C m [.] (m E N), smce MEA. °
If IIMII = O then let D*[.] == Mo[C I [.]jZ]C2[.]. .. C m [.], otherwise
let D*[.] == Mo[Mdz]RCI[.] ... Cm[.] where NI == MIR. In alI cases
D*[M] JJ.L and by induction D*[N] JJ.L, so D[N] JJ.L by rule (head). But
MCI[N] ... Cm[N] JJ.L implies B f- L MCI[N] ... Cm[N] : w ----t w, so by
hypothesis B f- L NCdN] ... Cm[N] : w ----t w. Hence, NCI[N] .. .Gm[N] JJ.L
by CorolIary 11.3.12 .
• C[.] == (Ay.Co[.])CI[.] ... Cm [.] (m E N).
The case m = O is not possible, otherwise the proof folIows by induc-
tion on the derivat ion proving C o [M][CI [M]jy]C2[M] ... C m [M] JJ.L. O

Theorem 11.4.6. M:::l N if and only if M ~L N, for aU M,N E AO.

Proof. By Lemmas 11.4.4 and 11.4.6. O

The next definition overloads the meaning of :::l on a subset of filters.

Definition 11.4.7. Let f,g E ?(L) and let p be an environment.

f :::l g if and only if M, N E AO, [M];(L) = f and [N];(L) = g imply
M :::l N. Moreover, f ~ g if and only if f:::l g and g :::l f·
176 11. Call-by-Name Denotational Semantics

Note that if M is closed then [M]~ = [M]~" for alI p,p'; moreover,
if M, N are closed then [M]~ = [N]~, implies M ~ N and N ~ M, by
Property 11.4.3.(i). Now we can define the new .AA-model.

Definition 11.4.8. Let f,g E .ro(L).

(i) [f] is the equivalence class of f with respect to the equivalence relation ~,
while ~ is the set of of equivalence classes induced from ~ on .ro(L).
(ii) o~: ~ x~ -+ ~ is defined as [f]o~[g] = [foLg], for alt [f], [g] E~.
(iii) The interpretation function U Cc : A x (Var -+~) -+ ~ is defined as:
[M]fC = [[M];(L)], where p is such that p(x) E «(x) for alt x E Var.
(iv) Let ce be the quadruple: < ~,~, o~, [.V c >.

Note that the interpretation is defined for open terms too.

Property 11.4.9. Let M, N, P, QEAo. If M ~ N and P ~ Q then MP ~ NQ.

Proof. Clearly M :::5L N and P :::5L Q imply M P :::5L NQ, therefore the proof
folIows by Theorem 11.4.6. O

It is easy to see that o ~ is well defined, by using the previous property.

Lemma 11.4.10. ce is a .AA-model.

Proof. We check that ce satisfies the conditions of Definition 10.0.1.
If ( E (Var -+.11) then let p be such that p(x) E «(x) for alI x E Var.

1. [x]fC = [[x];(L)] = [p(x)] = «(x).

2. [MN]fC = [[MN];(L)] = [[M];(L) 0L [N];(L)] = [[M];(L)] o~
[[N];(L)] = [M]fC o~ [N]fc.
3. [.Ax.M]f C o~ d = [[.Ax.M];(L)] o~ d = [[.Ax.M]f(L) 0L f] = [[M]~j~~l] =
[M]f[~/xl' for alI d E ~ and f E d.
4. Let [M]Z[~/xl = [N]z,Ţd'/x'l' where d,d' E~, f E d and f' E d'.
[M]:rj~~l = [N]:rj~}x'l since e is a model, so [[M]:rj~~l] = [[N]:rj~}x'l]'
therefore [[.Ax.M]p] = [[.Ax'.N]p'] thus [.Ax.M]fC = [.AX'.N]f,c.
5. Trivial. o
Since ~ is a preorder on .ro (L) it induces a partial order on ~.
Definition 11.4.11. Let M [:;;cc N denote [M]fC ~ [N]fC, for each ( E
(Var -+ ~). Moreover, let M "'CC N denote M [:;;cc N and N [:;;cc M.

Consequently, the model ce

induces a partial order on the interpretation
of terms (not only closed terms).
 11.4 A Fully Abstract Model for the L-Operational Semantics 177

Property 11.4.12. Let M, NE AO. M ~.c.c N if and only if M::::! N.

Proof. Let ( E (Var -+ ~) and let p be such that p(x) E ((x) for alI x E Var.
M ~.c.c N if and only if [M]fC ::::! [N]fC if and only if [[M]{CLl] ::::! [[N]{CLl]
if and only if [M]{CLl ::::! [N]{<Ll if and only if M ::::! N. D
The correctness is easy.
Theorem 11.4.13 (CC-Correctness).
The modelCC is correct with respect to the Loperational semantics.
Proof. We will prove that M ~cc N implies M ::5L N, by definition of
correctness. M ~.c.c N implies C[M] ~.c.c C[N], for each closing context
C[.], by Property 1O.O.2.(v). Thus C[M] ::::! C[N], by Lemma 11.4.12; hence
C[M] ::::!w->w C[N], thus B f- L C[M] : w -+ w implies B f- L C[N] : w -+ w,
for alI bases B. So, by CorolIary 11.3.12, C[M] .lJ..L implies C[N] .lJ..L, and so
M::5L N. D
The following theorem implies the full abstraction of CC with respect to
the L-operational semantics.
Theorem 11.4.14 (CC-Completeness).
The modelCC is complete with respect to the Loperational semantics.
Proof. We will prove !l.c.c implies ~L.
M !l.c.c N means [M]fC ~ [N]f C, for some ( E (Var -+ ~).
Since the codomain of ( is ~, if FV (M) U FV (N) = {Xl, ... , Xm} then there
are Pi E AO such that ((Xi) = [[Pi]{CLl]. Thus, let s be such that S(Xi) = Pi
(1:::; i :::; m), hence s(M), s(N) E AO.
[s(M)]f,C ~ [s(N)]f,C, for all (' E (Var -+ ~) by Property 10.0.2.(iv),
since s(M) and s(N) are closed. Therefore s(M) gee s(N) and, by Lemma
11.4.12, s(M) ~ s(N). So there is a sequence of closed terms Q such that
s(M)Q ~w->w s(N)Q, by Lemma 11.4.4.
Let C[.] = (..\XI ... Xm.[.])S(XI) ... S(xm)Q; clearly C[M], C[N] E AO and, more-
over it is such that C[M].lJ..L and C[N] 1rL, so M ~.c.c N. D
Hence, CC is fully abstract with respect to the L-operational semantics.
Corollary 11.4.15. Ii M ~L N then there is a head context separating M
andN.
Proof. Immediate, by the proof of Theorem 11.4.14. o
The technique used here for building the fully abstract model of the L-
operational semantics is similar to that used in [71] and [44], for different
calculi. The use of intersection types and filter models alIows for the appli-
cation of such techniques to a wider class of models. A further fully abstract
model for the L-operational semantics, based on a variant of the game se-
mantics, was built in [42].
178 11. Call-by-Name Denotational Semantics

11. 5 Crossing Models

It can be interesting to ask for the behaviour of the three filter '\A-models we
defined, with respect to alI the considered calI-by-name operational semantics.

11.5.1 The Model1i

In Sect. 11.1, we already proved that 'li is fulIy abstract with respect to the
H-operational semantics.
It can be readily noticed that 'li is not correct with respect to the N-
operational semantics. In fact, by Property 11.2.22 and by Theorem 11.1.31,
1 ~1t Eoo, but 1 ~N Eoo.
On the other hand, 'li is complete with respect to the N-operational
semantics, namely M ~N N implies M ~1t N. Let us prove that M ~1t N
implies M ~N N. Let M ~1t N; so by the correctness of 'li with respect to
H-operational semantics, this implies that there is a closing context C[.] such
that C[M] has A-hnf, while C[N] has not A-hnf. So there are P1"'Pn such
that C[M]H ... Pn =A 1, while C[N]Pl ... Pn has no A-hnf. Since 1 is a A-nf
and a term without A-hnfin particular does not have A-nf, C'[.] == C[,]Pl ... Pn
is a context such that C'[M]-1.J.N while C'[N]1tN, so M ~N N.
'li is not correct with respect to the L-operational semantics. In fact,
'\y.xy ~1t x while '\y.xy ~L x, as shown in Example 11.3.17. Another coun-
terexample is the pair of terms DD and '\x.DD; indeed, by CorolIary 11.1.21
and Property 11.3.11, Ax.DD ~1t DD but Ax.DD ~L DD.
'li is not complete with respect to the L-operational semantics. In fact,
for every calI-by-name fixed-point operator Z, ZK is a A-unsolvable term of
infinite order, so ZK ~1t 1 while ZK ~L 1 (see Property 11.3.14.(iii)).
But if we take into account the equivalence relation, we have that ~L
implies "'1t. In fact, the folIowing lemma holds, which, together with the
completeness of 'li with respect to the H-operational semantics, proves this
implication.

Lemma 11.5.1. II M ~L N then M ~H N.

Proof. We prove that M ~H N implies M ~L N. By hypothesis there is

a context C[.] such that C[M],C[N] E AO, C[M]-1.J.H and C[N]1tH (or vice
versa). Thus there is a sequence ofterms P1"'Pn such that C[M]Pl ... Pn =A 1
and C[N]Pl ... Pn is A-unsolvable, since the unsolvability is closed under head
contexts. If C[N]Pl ... Pn is A-unsolvable of the finite order p then let C* [.] ==
C[,]Pl ... Pn 1 .... .!. Clearly C*[M]-1.J.L while C*[N]1tL, so M ~L N.
"-v--'
p
Otherwise, C[N]Pl ... Pn must be a A-unsolvable of infinite order, therefore let
C*[.] == C[.]P1 ... Pn(DD). Clearly C*[N]-1.J.L while C*[M]l'IL, so M ~L N. O
 11.5 Crossing Models 179

11.5.2 The ModelA!

In Sect. 11.2, we already proved N is fully abstract with respect to the N-

operational semantics.
Lemma 10.0.4 and Property l1.2.11.(ii) imply that N is correct with
respect to the H-operational semantics. On the other hand, it is easy to see
that it is not complete; in fact, by Property 11.2.22 and by Theorem 11.1.31,
1 ~H Eoo while 1 fiN Eoo.
Finally, N is not correct with respect to the L-operational semantics;
in fact, by Property l1.2.15.(ii) and by Example 11.3.17, Ay.XY ~N x, but
Ay.XY ~L x. On the other hand, N is not complete with respect to the
L-operational semantics; in fact, 1 ~L ZK while 1 fiN ZK, for every call-
by-name fixed-point operator Z (see Property l1.3.14.(iii)). Note that ZK is
a A-unsolvable term of infinite order, hence it is easy to see ZK CN 1.

11.5.3 The Model C,

In Sect. 11.3, we already proved that .c is correct but not complete with
respect to the L-operational semantics .
.c is not correct with respect to both Hand N-operational semantics; in
fact, 1 ~e ZK (see Property l1.3.14.(iii)) while 1 ~H ZK and 1 ~N ZK,
for every call-by-name fixed point operator Z, by Corollary 11.1.21 and by
Property l1.2.15.(i) .
.c is not complete with respect to both Hand N-operational semantics;
in fact, Ax.DD ~H DD and Ax.DD ~N DD while Ax.DD fie DD.
12. Call-by-Value Denotational Semantics

For modeling the >.r-calculus, we must reflect in the model the fact that the
set r of input values is a proper subset of the whole set A. In the setting
of filter >.r-models, this implies that every type system \7 inducing a filter
>.r-model must be such that I(\7) C F(\7).
Since w is the universal type it cannot characterize any property of terms;
note that from B f- v >.x.M : w - a- we cannot conclude B f- v (>.x.M)N : a-
for every N in a correct >.r-model. Indeed, (>.x.M)(DD) 1rv and so every
type a- such that B f- v (>.x.M)(DD) : a- must be such that a- ~ 1(C). Thus
the type w - a- cannot have a meaningful applicative power. This is simply
formalized by assuming w (j. 1 (C), since the condition on the rule (- E) of
the intersection type assignment system, namely

a- E 1(C) B f- v M : a- - T B f-v N: a-
------------------------------(~E).
B f- v MN: T

The simplest choice in order to build a filter >.r-model is to choose a legal

type system \7 =< C,-:::'v,!(C) > such that 1(C) = {a- E T(C) la- 7:-v w}.

12.1 The Model V

In this section, we will define a filter >.r-model that is correct with re-
spect to the V-operational semantics. In the >.r-calculus, there are terms,
as (>.z.D)(x1)D, that are r-unsolvable of order O but r-normal form. So
(>.z.D)(x1)D .u..v and DD 1rv, while they are ~v. This implies that Prop-
erty 10.1.15 cannot be a guideline for building a correct model. But we can
use the fact, proved in Property 7.1.10, that if M is potentialIy r-valuable
and N is not potentialIy r-valuable then N -<v M.

Property 12.1.1. Let F be a filter model such that

P potentialIy r-valuable and Q not potentialIy r-valuable
imply Q C-r- P, for alI P, Q E A.
Then F is correct with respect to ~v.
182 12. Call-by-Value Denotational Semantics

Proof. If Q L-F P then P g-F Q, so the hypothesis implies the folIowing

statement:
"P (;;;-F Q and P is potentialIy r-valuable imply Q is potentialIy r-valuable."
Let M (;;;-F N, so by Property 10.1.13 C[M] (;;;-F C[N], for each closing
context C[.]; hence, by hypothesis, if C[M] is potentialIy r-valuable then
C[N] is potentialIy r-valuable too. Since C[M], C[N] E AO, the potential r-
valuability coincides with the r-valuability, and C[M] -ll-y implies C[N] -ll-y;
hence M j y N. O

So, we want a legal type system y', based on a set of constants C..;,
such that there is at least one type a and a basis B such that, if M is
potentialIy r-valuable then B f-..; M : a, otherwise B 17..; M : a. A term is
potentialIy r-valuable if and only if it has S.e-normal form, so it is natural
to characterize terms without S.e-normal form by assigning them only type
w. Moreover, the V-operational semantics performs a lazy evaluation (so it
cannot be w c::::...; W -+ w), and this alIows us to use the type w -+ W to
characterize S.e-normal form.

Definition 12.1.2. y' is the type system <C..;, :;'..;,!(C..;» where C..; = {w},

I(C..;)={aoA ... Aan I3k:;'n 3a,TET(C) ak=a-+T},

and :;,..; is the intersection relation induced by the rules in Fig. 12.1.

---(a) ----(b) ----le) ----le')

er :S;v' w er :S;v' er II er erIlT:S;v'er er II T :S;v' T

- - - - - - - - - - - - (d)
(er --t T) II (er --t 7r) :S;v' er --t (T II 7r)

------(9)
er :S;v' P, P :S;v' T
------(t)
er --t W :S;v' W --t W

- - - - - - - - (v)
(W --t W) --t T :S;v' W --t T

Fig. 12.1. y'-Intersection reIat ion

Some properties ofthe :;'..;-intersection relation are proved in Sect. 12.1.1.

In particular notice that (w -+ w) -+ T c::::...; W -+ T, for alI T E T(C..;).
By the definit ion of I( C..;) and the rule (-+ E), a type of the shape w -+ a
does not have applicative power. So a typing as B[w -+ a/x] f-..; xM : a
 12.1 The Model V 183

cannot be proved, for aH M, while it is a correct typing in every other type

assignment system we have seen before.
Let I(J) = {f E F(J) I f #i {w} }, so the type system J induces a
Ar-model, by Theorems 10.1.11 and 12.1.3.

Theorem 12.1.3. (i) The type system J is legal.

(ii) lf M
E r then [M]p E I(C,;), for aU environments p.

Proof. (i) The proof is in Sect. 12.1.1.

W E I( J); thus it is sufficient to check that B r,; M : w
(ii) w --+ --+ w, for
aH M E r and aH bases B. Let M == Ax.P and a E I(C,;), so

------(w)
B[a/x] r,; P: w
- - - - - - - (-+1)
B r,; Ax.P : a --+ W a --+ W S,; W --+ W
-~-----------~---(~v)
B r,; Ax.P : w --+ W

If a E I(C,;) then a 7:-,; w, hence a S,; w --+ W by Property 12.1.28.(ii).

Let M == x, so

-----(var)
B r,; x: B(x) B(x) S,; w --+ W
-~---------~---(~v)
Br,;x:w--+w
o
The next definit ion is weH given by CoroHary 12.1.27.

Definition 12.1.4. Vis the Ar-model < F(J),I(J),o,;, [.V(';) >.

Since V is a Ar-model the intepretation of terms is closed under = r;
hence, by CoroHary 10.1.13, typings are closed under =r. We will prove that
they are closed under the El-reduction too. First of aH, let us prove that a
El-nf can always be assigned the type w --+ w.

Lemma 12.1.5. lf M is a El-nf then B r,; M : w --+ W, for some basis B.

Proof. By induction on M. If M E r then the proof is similar to that of

Theorem 12.1.3.(ii). Let M == xM1 ... M m (m 2:: 1) where Mi is a El-nf, so by
induction Bi r,; Mi : w --+ w (1 SiS m).
Let B be a basis such that B(y) = Bl(Y) /\ ... /\ Bm(Y) for y ţ. x, while

B(x) = Bl(X) /\ ... /\ Bm(x) /\ ,(w --+ w) --+ ... --+ (w --+ w), --+ W --+ w.
v
m

B r,; Mi : w --+ W, by Lemma 1O.1.7.(iii); so B r,; M : w --+ W, by rules

(var), (S,;) and m applications ofrule (--+ E). O
184 12. Call-by-Value Denotational Semantics

TheoreIll 12.1.6. (i) B f-..; M : a and M --+sc N imply B f-..; N : a;

(ii) B f-..; M : a and N --+sc M imply there is B ' such that, for all x,
B'(x) <5...; B(x), and B ' f- ..; N : a.
Prao! The proof is in Sect. 12.1.2. o
In order to understand the difference between the two points of the pre-
vious theorem, consider the two terms 1 and (Azt.t)(xy). They are =sc but
they are not "'v. Let Bw be the basis such that, for alI x, Bw(x) = w; thus
Bw f-..; 1 : ((w --+ w) --+ W --+ w) --+ (w --+ w) --+ W --+ W

nevertheless, in order to assign the same type to the term (Azt.t)(xy) it is

necessary to change the basis, choosing, for example, a basis B such that
B(x) = (w --+ w) --+ W --+ W and B(y) = w --+ W. SO the folIowing corolIary
holds for closed terms only.
Corollary 12.1.7. If M,N E AO and M =sc N then M "'v N.
Prao! From Theorem 12.1.6, since the typings of a closed term are indepen-
dent of the basis. O

So the folIowing property holds.

Praperty 12.1.8. If M is potentialIy r-valuable then B f-..; M : w --+ w, for
some basis B.
Prao! M potentialIy valuable means M has ER-nf. The proof folIows from
Lemma 12.1.5 and Theorem 12.1.6.(ii). O

In order to prove that a term that is not potentialIy r-valuable cannot be

assigned the type w --+ W from any basis, we need an approximation theorem.
As usual, we extend the language by adding a constant fi to the formation
rules of terms; hence we define some new reduction rules on the so-obtained
language.
Definition 12.1.9. Let Afi be defined as in Definition 11.1.9.
(i) --+..;n is defined as the contextual closure of the following rules:
fiM --+ fi, Mfi--+ fi.

(ii) The set of approximated input values is rn = Var U {>.x.M I M E Afi}.

The r fi-reduction (--+ rn) is the contextual closure of the following rules:
fiM --+ fi, Mfi--+ fi,
(Ax.M)N --+ M[N/x] if NE rn.
--+}n is the symmetric and transitive closure of --+rn. The ry-reduction
can be directly applied to the language Afi (see Definition 1.3.7 pag. 23).
M E Afi is in r fi-normal form (r fi-nf) if and only if it does not contain
rfi-redexes.
 12.1 The Model V 185

(iii) Let En = rn U {xM1 ... M m I MiE En (i:S m)}. The Efa-reduction

(~EW) is the applicative closure (see Definition 3.1.3 pag. 36) of the
following rules:

aM~a, Ma~a,

(>.x.M)N ~ M[N Ix] if N E En

~EW is the symmetric and transitive closure of ~EW. M E Aa is

in Efa-normal form (Efa-nf) if and only if it does not contain Efa-
redexes. Note that M is a Efa-normal form if and only if M E EnU{ a}.

The first reduction rule defined in point (i) of Definition 12.1.9, namely
aM ~ a, reflects the lazy behaviour of the r-calculus, while Ma ~ a
reflects its call-by-value behaviour. Note that the Efa-reduction is lazy, since
it is closed under application, but not under abstraction. As usual, terms of
Aa will be considered modulo =Q!.

Example 12.1.10. The term >.x.x(II)a is a Efa-normal form, but it is not a

ra-normal form. Indeed, its subterm II is not a Efa-redex (since it occurs
under the scope of a >.-abstraction), but it is a ra-redex.
>.x.x(II)a ~rn >.x.a, which is ara-normal form.

The type assignment system of Definition 10.1.1 can be applied to Aa

without modifications. It is easy to see that to the term a only the type w can
be assigned, by using rule (w). The intuitive interpretation of the constant a
is that it represents a term with an unknown behaviour. The interpretation
function is naturally extended to Aa, Le. the interpretation of a term of Aa
is the set of types that can be assigned to it.

Definition 12.1.11. The set of y'a-approximants of a term M is defined

as follows:

A"'(M) = {A I::IM' such that M =r M' and A is a ra-nf

obtained from M' by replacing some subterms by a.
}

The set of upper approximants of a term M is defined as follows:

U"'(M) = {u I::IA E A"'(M) such that A ~EW U E Efa-NF.}

Example 12.1.12. Some sets of approximants are shown.
• A"'((>'y.I)(DD)) = U"'((>'y.I) (DD)) = {a}.
• A"'((>.zt.t)(xy)) = {a, (>.z.a)(xy), (>.zt.a)(xy), (>'zt.t) (xy)} ,
U'"((>.zt.t)(xy)) = {a, >.t.a, >.t.t} and note that (>.zt.t)a ~ U'" ((>.zt.t)(xy)).
• A"'((>.zx.xD)(yI)D) ;2 {a, (>.z.a)(yI)(>.x.a), (>.zx.xD)(yI)D},
U((>.zx.xD)(yI)D) = {a}.
• A"'(>'z.II) =U"'(>'z.II) = {a, >.z.a, >.zx.a, >.zx.x}.
186 12. Call-by-Value Denotational Semantics

• AV'«AXYZ.yI)(UV)I) :2 {(Axyz.yI)(uv)I}.
U«AxYZ.yI)(uv)I) :2 {>..z.II}.

Approximants can be inductively defined.

Definition 12.1.13. The set AV' of approximants can be inductively defined

as follows:

• fl E AV';
• If Aj E AV' and Aj ;ţ fl then AXloo.Xn.xAloo.Am E AV'
(1:::; j :::; m and n,m E N).
• If A, Aj E AV', Al rţ rn and Aj ;ţ fl then
AXloo.Xn.(AX.A)Aloo.Am E AV' (1 :::; j :::; m, m ~ 1 and nE N).

Approximants will be ranged over by A, A', possibly indexed. Upper ap-

proximants will be ranged over by U, U ' , possibly indexed.

PropeTty 12.1.14. A E AV' if and only if there is M such that A E AV' (M).

Proof. Easy. D

An approximation theorem holds, relating the interpretation of a term to

the intepretations both of its approximants and of its upper approximants.

Theorem 12.1.15 (V-Approximation).

(i) B f-- V' M : (l if and only if B f-- V' A: (l, for some A E AV'(M).
(ii) B f--..; M : (l if and only if B ' f--..; U : (l where U E UV'(M), for some
basis B, B ' such that B(x) :::;..; B'(x), for all x.

Proof. Both proofs are in Sect. 12.1.3. D

The next property implies A V' (M) { fl} if and only if M is not r-
valuable, for each closed term M. It also implies UV'(M) = {fl} if and only
if M is not potentially r-valuable, for each term M (not necessarily closed).

Property 12.1.16. (i) M is r-

valuable if and only if there is A E A V' (M)
such that A E rn.
(ii) M is potentially r-valuable if and only if there is U E uV' (M) such that
U;ţ fl.

Proof. (i) C{=:) If x E AV'(M) then M =r x, by definit ion of AV'(M). If

Ax.A E AV'(M) then there is M' E A such that M =r Ax.M' and
A E A V' (M'), by definit ion of A V' (M). (::::}) Trivial, by definit ion of r-
valuable terms and by definit ion of AV' (M).
 12.1 The Model V 187

(ii) (~) If there is U E uv' (M) such that U -ţ. il then :lA E Av' (M) such
that A ~~w U E SCil-NF. As done in the proof of Lemma 3.1.35, it
is possible to show that there is rEN and Ar E r n such that both
A[or/xI, ... ,or/xnl ~r Ar and u[or/xI, ... ,or/xnl ~r Ar, where
or == .xXI .. .Xr+I.Xr+I. Since Ar E Av'(M[or /XI, ... , or /x n]), by the
point (i) of this Lemma the proof is done.
(=}) By Property 12.1.8 and by point (ii) ofthe V-approximation theorem.
O

Note that point (i) of the V-approximation theorem is not sufficient

in order to give a complete characterization of the not potentially r-
valuable terms, through the syntactical shape of the approximants. In fact,
(.xzx.xD)(yI)D is not potentially r-valuable, but it is an approximant, as
shown in Example 12.1.12.
Moreover, point (ii) of the V-approximation theorem cannot be used to
characterize the equivalence in the model, if we want to take into account
also open terms (see Corollary 12.1.7).

Lemma 12.1.17. Let M be not potentially r -valuable.

lf B 1-,; M : a then a '::::'.,; w.

ProoJ. M not potentially r-valuable implies Uv'(M) = {!?}, by Property

12.1.16.(ii). Hence, the result follows from point (ii) of the V-approximation
theorem. O

Now we are able to state the correctness of the model.

Theorem 12.1.18 (V-Correctness).

The model V is correct with respect to the V -operational semantics.
ProoJ. By Property 12.1.1, it is sufficient to check that M is potentially r-
valuable and N is not potentially r- valuable imply N Itv M. The proof
follows by Property 12.1.8 and Lemma 12.1.17. O

The model gives also a (partial) characterization of the r-solvable terms.

Theorem 12.1.19. (i) Let M be either a r -solvable term or a r -unsolvable

term of infinite r -order. Then for all p ~ O there is a basis B and types
aI,··.,ap such that B 1-,; M : al ~ a2 ~ ... ~ a p ~ w.
(ii) Let M be ar -unsolvable term of r -order p. lf B 1-,; M : a then for some
k ~ 1, a == al/\ ... /\ ak, where ai == TI ~ T2 ~ ... ~ Tn ~ w, and n :::; p.
ProoJ. (i) By Property 3.1.15 (pag. 39), M is r-solvable if and only if there
are terms MI, .. , M n (n E N) such that M ~~f .xxI·MI , Mi ~~f
.xxi+I.Mi+I (1 :::; i :::; n) and M n == xPI .. 'Pm where Pi E S for some
m E N. Let M be r-solvable. The proof will be given by induction on n.
If n = O. then choose a basis B such that
188 12. Call-by-Value Denotational Semantic8

B(x) = (w --+ w) --+ ... --+ (w --+ w) --+ al --+ a2 --+ ... --+ a p --+ w.
, v "
m

Then B f-,j xPI ... Pm : al --+ a2 --+ ... --+ a p --+ w, by rule (--+ E) and
Property 12.1.8. The inductive step is easy, using the basic case, Theorem
12.1.6 and rule (--+ 1).
Let M be r-unsolvable of r-order 00. For every i ~ 1, M --+51' AXI.M1,
Mi --+51' AXi+I.Mi+1' So choose i = p, and obviously there is a typing
B f- ,j Axp.Mp : w --+ W, by Property 12.1.8. Then the proof is similar to
the previous case.
(ii) By induction on p. If p = O, then M is not potentially r-valuable, and
the result follows from Lemma 12.1.17. The case p ~ O follows easily from
the definit ion of r -solvability and of r -order. D

As the previous theorem shows, the V-model does not permit us to dis-
criminate between r-solvable terms and r-unsolvable terms of infinite order.
An intersection type assignment system giving a complete characterization
of the r-solvable terms is shown in [73].
Some properties of the V-operational semantics can be proved by the
approximation theorem.

Praperly 12.1.20. (i) The theory ~v is operationally extensional.

(ii) All call-by-value fixed-point operators are equated in V.
(iii) All call-by-value recursion operators are equated in V.
(iv) Let Z be a call-by-value recursion operator. Then every term M is such
that M:::5v ZK.

Praof. (i) It is sufficient to prove that 1 "'v E, then the result follows by
Property 3.1.18 and Lemma 8.1.9. The proof of 1 "'v E can be easily
constructed in a way similar to the proof of Lemma 11.1.8, taking into
account the differences between the two type assignment systems, namely
Property 12.1.28 must be used in place of Property 11.1.36. The proof
follows by correctness.
(ii) Let Z be a fixed-point operator, i.e. ZM =r M(ZM), for all r-valuable
terms M. Then A,j(Z) = {il, Ax.il}.
(iii) Let Z be a call-by-value recursion operator, i.e. ZM =r M(AZ.ZMz),
for all r-valuable terms M.
Then AV(Z) = {il, Az.il, AX.X(AZo.( ... (AZn.il) ... )zo) I n ~ 1}.
(iv) ZK =r K(AZ.ZKz) =r Ayz.ZKz. So AV(ZK) = {AxI ... xn.il I n E N}.
As a result, it is easy to check that B f-,j ZK : a, for all a E T(C,j) and
for all bases B. D

As we anticipated at the end of Sect. 3.1, the notion of fixed-point in the

call-by-value setting is in some sense meaningless. In fact, it follows from the
proof of Property 12.1.20.(ii), that a fixed point operator Z is such that, for
every r-valuable term M, ZM is r-unsolvable of order O.
 12.1 The Model V 189

The model V induces a not semisensible r-theory (this notion was defined
in Definition 1.3.4). In order to prove this result, we need to show that there
is an infinite class of approximants which behaves, with respect to typing, as
free variables.

Lemma 12.1.21. Let Ao == >"z.fl and A n+1 == >..z.(>..x.An)(xz).

(i) For all a 1:-,; w there is n such that B[a/x] f-,; An: a.
(ii) B[a/x] f-,; An: T implies a ~,; T.

Proof. (i) a':::!.,; ao /\ ... /\ an (n E N), where ai ':::!.,; TI - t ... - t T:"i - t W - t W

(mi E N, i ~ n) by Property 12.1.28.(iii). Moreover, without loss of
generality, we can assume that T:
1:-,; w for all r, by Property 12.1.28.(i).
We will show that if Pi :2: mi then B[ai/x] f-,; Api : ai (i ~ n), by
induction on mi. Since r :2: max{pl, ... ,Pn} implies B[ai/x] f-,; Ar : ai
(i ~ n), the proof follows by rule (/\1) and Lemma 10.1.7.(iii).
If mi = O then the proof is trivial, by Lemma 12.1.5. Otherwise
B[T2 - t ... - t Tmi -t W - t w/x] f-,; Ap : T2 - t ... - t Tmi -t W -t w
where P :2: mi - 1, by induction. By Lemma 10.1.7.(i), it follows that
B[T2 - t ... - t Tmi -t W - t W/X,T1/Z] f-,; Ap : T2 - t ... - t Tmi -t W - t w.
So Bh/z] f-,; >..x.Ap : (T2 - t ... - t Tmi - t W - t w) - t T2 - t ... - t Tmi - t
W - t w by rule (-t 1). Thus, always by Lemma 10.1.7.(i),

B[Tdz,T1 - t ... - t Tmi -t W - t w/x] f-,; >..x.Ap :

(T2 - t ... - t Tmi - t W - t w) - t T2 - t ... -t Tmi -t W -t W

and by rule (-t E)

Bh/z,Tl -> ... -> Tm , -> W -> w/x] 1-..; (Ax.Ap)(xz) : T2 -> ... -> Tm , -> W -> w.
Finally, Bh - t ... - t Tmi - t W - t w/x] f-,; >..z.(>..x.Ap)(xz) : a.
(ii) By induction on n. If n = O then the proof is obvious, since a E I(G,;).
Let n :2: 1. If T ':::!.,; W - t W T ':::!.,; W - t w then the proof is obvious. Other-
wise, B[a/x] f-,; An: T implies, by Lemma 10.1.7.(iv), T :2:,; T1/\ ... /\ Tr
(r :2: 1) where Ti == /-ti - t Vi, B[a/x, /-ti/z] f-,; (>..x.An- 1)(xz) : Vi and
/-ti 1:-,; w (1 ~ i ~ r). Since T ':::!.,; w - t w has been already con-
sidered, we can assume Vi 1:- w without loss of generality. Therefore
B[a/x,/-ti/z] f-,; (>"x.An-d : 7ri - t Vi and B[a/x,/-ti/Z] f-,; xz : 7ri
for some 7ri 1:-,; W, by Lemma 1O.1.7.(vii). So, by Lemma 1O.1.7.(iv),
B[a/x,/-ti/Z,7ri/y] f-,; An- 1[y/x] : Vi, and by induction 7ri~'; Vi.
Moreover, by Lemma 10.1.7.(vii) and (ii), B[a/x,/-ti/z] f-,; xz: 7ri implies
a ~,; /-ti - t 7ri. Thus a ~ Ti, and the proof follows. O

Now we are ready to prove the next theorem.

Theorem 12.1.22. Let Z be a call-by-value recursion operator.

I! B == >..xyz.x(yz) then 1 "'V ZB.
190 12. Call-by-Value Denotational Semantics

Proof. It is easy, but boring, to check that Av'(ZB) = {Q, Ax.Q, Axy.Q} U
{Ax.A n I n ~ 1}, where An == Az.(Ax.An_I)(xz). Then the prooffoUows from
Lemma 12.1.21, since B f- 1 : a if and only if either a c:::..,; W or a c:::..,; w - t w
or a c:::..,; al  a2 or a c:::..,; f.L - t v, where f.L s..,; v. O
Corollary 12.1.23. The V -operational semantics is not semisensible.
Proof Since ZB is a r-unsolvable term of infinite order, the r-theory V is
not semisensible, by Theorem 12.1.22. Then, by correctness, V is also not
semisensible. O

The fact that V is not semisensible was first proved in [73], using syntac-
tical tools. The model V is not fuUy abstract with respect to V-operational
semantics. In fact, the next theorem shows its incompleteness.
Theorem 12.1.24 (V-Incompleteness).
The model V is incomplete with respect to the V -operational semantics.
Proof. The proof is in Sect. 12.1.4 O

The next theorem proves that there is not a filter Ar-model that is fully
abstract with respect to the V-operational semantics. The proof is similar to
the corresponding one for the L-operational semantics, given in Sect. 11.3.2.
Namely, we will show that there are two terms that are ~v, but they cannot
be equated in every filter model correct with respect to the V-operational
semantics.
Theorem 12.1.25. There is not a fllter Ar -model that is /ully abstract with
respect to the V -operational semantics.
Proof The proof is in Sect. 12.1.4. O

12.1.1 The ::;v'-Intersection Relation

In order to prove that the S..,;-intersection relation is weU posed, Le. it does
not identify aU types, we need to characterize the types c:::..,; w.
Theorem 12.1.26. ac:::..,; w if and only if a rt 1(0.,;), for all a E T(O.,;).
Proof. Note that w c:::..,; a if and only if w s..,; a, by the rule (a).
({:=) By induction on a. The case a == w is obvious. The case a == T - t 1T is
not possible. The case of intersection follows by induction.
(=» rt
Let us first prove that if a 1 (O.,;) and as..,; T then T rt
1 (0.,;), by
induction on the rule of s..,;.
(a),(b ),( c),( c'),(r) Trivial.
(d),(f),(g),(v) Not possible.
(e),(t) By induction.
rt
Since w 1(0.,;), if ac:::..,; w then w s..,; a, so the proof is done. O
 12.1 The Model V 191

Corollary 12.1.27. Let [lv = {O"o /\ ••••. /\ O"n (n E N) 1 'Vi :S n O"i == w}.
[lv = T(C..;) - 1(C..;).

The previous theorem implies that 1 (C..;) is a weU-defined set of input

types, since it satisfies the conditions of Definition 10.1.1. (iv). Moreover, not
aU types in T(C..;) are equated by :::::'..;; in fact, w ---+ W 7:-..; w.

Praperiy 12.1.28. (i) w ---+ 0":::::'''; (w ---+ w) ---+ 0".

(ii) O" ---+ T:S"; W ---+ w, for aU O",T E T(C..;).

(iii) If O" 7:-..; w then O" :::::'..; 0"0 /\ ••. /\ O"n (n E N) where

(mi E N,i:S n).

Praaf. (i) By rule (a), (1) and (v).
(ii) Clearly O" ---+ T 7:-..; w and O" ---+ T :S..; O" ---+ W :S..; w ---+ W by rules (a), (1)
and (g).
(iii) By induction on 0". The case O" == w is against the hypothesis. If O" == 7r /\ T
and 7r, T 7:-..; w then the proof foUows by induction. If O" == 7r /\ T and
7r 7:-..; w but T :::::'''; w the proof foUows by induction on 7r, since O" :::::'..; 7r.
If O" == 7r /\ T and T 7:-..; w but 7r :::::'''; w the proof foUows by induction on
T, since O" :::::'..; T.
Let O" == T ---+ 7r. If 7r :::::'..; w then O" :::::'..; W ---+ W by rules (g), (1) and (a);
so, let 7r 7:-..; w. By induction 7r :::::'..; 7ro /\ ... /\ 7rk (k E N), where

~ '"" ~i i ---+ W ---+ W

H i -..; H 1 ---+ ••• ---+ 7r k i (k i E N, i :S k).

Hence, 0":::::'..; (T ---+ 7ro) /\ ... /\ (T ---+ 7rk) by Lemma 10.1.4.(iii). O

It is easy to check that a type in T( C..;) has the following shape:

where n, m 2: O, m + n 2: 1. The foUowing lemma implies the legality of yI.

Praperty 12.1.29. Let n, m, p, q E N be such that n, p 2: 1 and

m q

Let h :S p; if T~ 7:-..; w then 3{il' ... , ik} s::; {I, ... , n}, for some k E N, such
that O"i, /\ .•• /\ O"ik 2:..; O"h /\ (w ---+ w) and Ti, /\ •.• /\ Tik :Sv T~, where Tij 7:-..; w
(i j E {i1, ... ,id).

Praaf. By induction on the definition of :S..;.

(a), (g),(b), (c), (c'), (e), (1), (r) Easy.
192 120 Call-by-Value Denotational Semantics

(d) Let (a --t T) A (a --t 7r) 5:,; a --t (T A 7r)0 The case T,7r i:-,; w is easyo
If T ':::!.,; W and 7r i:-,; w then it is easy to see that T A 7r ':::!.,; 7r, so the
proof is immediateo The remaining case is similar to the previous oneo
(v) It is sufficient to check that w --t w ~,; w A (w --t w); the proof follows
by rule (c')o
(t) Let p be such that (al --t TI) A 000 A (an --t Tn ) A ~ 5:,; p and
m
p 5:,; (a~ --t T{) A 000 A (a~ --t T;) A~o
q
If p ':::!.,; w then w 5:,; (a~ --t T{) A 000 A (a~ --t T;) A~ 5:,; aj --t Tj
q
implies w ':::!.,; aj --t Tj (j 5: p) and so p = O, by Theorem 1201.260
Let p == (MI --t 111) A 000 A (Mr --t IIr ) AwAoooAw, for some r,s E N
~
8

such that r ~ 1. If T~ i:- w (h 5: p) then, by inductive hypothesis,

3{il, ooo,ih} ~ {1, ooo,r} such that Mi! A 000 A Mih ~,; a~ A (w --t w) and
IIi! AoooAllih 5:';TJ.o Since lIij i:-,;w (i j E {il,ooo,ih}), the prooffollows
by applying the inductive hypothesis to each arrow Mij --t lIij o D

~Proof of Theorem 12.1.3.(i) (pago 183)0

The legality of the type system vi is a particular case of Property 1201.290 •

12.1.2 Proof of Theorem 12.1.6

In order to show that the type assignment system f-,; is closed under Ef-
reduction, first we prove that the type assignment system f- ,; is closed under
A-reductiono

Lemma 12.1.30 (A-Subject reduction).

If M --tA N and B f- ,; M : a then B f- ,; N : a o

Proofo Let M == (.AXoP)Q and N == P[Q/x]o If a ':::!.,; w then the proof is

trivial, so let a i:-,; Wo B f-,; (.AXoP)Q : a implies, by Lemma 1001.70(vii),
both B f-,; (.AXoP) : T --t a and B f-,; Q : T, for some T E I(C,;)o By Lemma
1001.70(vi), B f-,; .AxoP : T --t a if and only if B[T/X] f-,; P : ao
Without loss of generality, we can assume that there is a derivat ion d proving
B[T / x] f-,; P : a such that all typings occurring in it have the same basis
B[T/X]o Indeed, the only rule that can change the basis is (--t 1), and we can
assume that free and bound variables have different names in Po Derivation
d can be transformed into a derivation d' proving B f-,; P[Q/x] : a, by
performing the following operations:
1. replace each subderivation of d of the shape
 12.1 The Model V 193

- - - - - - (var)
B[T/X]f-";X:T
by a copy of a derivat ion proving B f- ..; Q : T ;
2. replace each typing B[T/X] f-..; P* : f..L in d by B f-..; P*[Q/x] : f..L.
By induction on the derivation d, it is easy to check that d' is well defined.
Let M == C[(AX.P)Q] and N == C[P[Q/x]]. If an occurrence of (AX.P)Q in
M is inside a subterm of M typed by the rule (w), then just replace Q to
each free occurrence of x in term being subject of typings in d. Otherwise,
replace each sub derivat ion d proving a typing for (AX.P)Q by a subderivation
d' built as described before. O

Obviously, f-..; cannot be closed under A-expansion, Le. B f-..; P[Q/x]

cannot imply B \-..; (AX.P)Q, since in this case the model would be incorrect.
But a restricted form of A-expansion can be proved. First, we will prove a
property.
Properly 12.1.31. Let d be a derivation proving B f-..; M : a where a 7:...; w.
If N is a subterm of M not occurring under the scope of a A-abstraction,
then in d there is a subderivation d' proving B f-..; N : T, where T 7:...; w.
Proof. We will prove that aH subterms S of M not occurring under the scope
of a A-abstraction are typed in d by a sub derivat ion ds proving a typing
Bs f-..; S : T 8 where T s 7:...; w. The proof is given by induction on M.
The proof is obvious for M == x; so let M == M 1M 2 •
B f-..; M 1 M 2 : a and a 7:...; w imply that there is T E I(C..;) such that
B f-..; M 1 : T --+ a and B f-..; M 2 : T, by Lemma 1O.1.7.(vii). Moreover, by
induction the property is true for aH subterms S of Mi not occurring under
the scope of a A-abstraction (1 ::::; i ::::; 2).
The case M == Ax.N and S occur in N is against the hypothesis. O

Lemma 12.1.32. Let d be a derivation proving B f-..; C[M] : a, where

a 7:...; w. If M occurs in C[M], and there is at least one subderivation of
d assigning to M a type 7:...; w, then B f- ..; (Ax.C[x])M : a.
Proof. Without loss of generality, let each typing in d have the same basis B;
indeed, the only rule that can change the basis is (--+ 1), and we can assume
that free and bound variables have different names in C[M].
Let M occur in C[M] and let there exist n ;::: 1 subderivations di in d proving
B f- ..; M : Ti, where Ti 7:...; w (1 ::::; i ::::; n).
Let x be a fresh variable, so d can be transformed into a derivat ion d' proving
Bh 1\ ... 1\ Tn/X] f-..; (Ax.C[x])M : a by performing the following operations.
First,
• replace di by
- - - - - - - - - - - - - - (var)
Bh 1\ ... 1\ Tn/X] f-..; x: T1 1\ ... 1\ Tn
--------------(~v)
B[T1 1\ ... 1\ Tn/X] f-..; x: Ti
194 12. Call-by-Value Denotational Semantics

• replace each typing B f-,; P[M/x] : ţl occurring in the derivation d by the

typing Bh /\ ... /\ Tn/X] f- ,; P : ţl.
It is easy to check that d' is well defined, by induction on d.
So, by rule (- 1), B f- ,; AX.C[X] : (T1/\ •.• /\ T n ) _ a and, by rule (/\1), B f- ,;
M : T1/\ ... /\ T n , so the prooffollows by rule (- E), since T1/\ ... /\ T n E I(C,;).
D

Lemma 12.1.33 (Weak Ef-subject expansion).

M - E l N and B f-,; N : a imply that there is B' such that B' f-,; M : a
and B'(x) S,; B(x), for each x E Var.
Proof. Let M == C[(AX.P)Q] , let N == C[P[Q/x]] and, let d be the derivation
proving B f-,; C[P[Q/xJJ : a. If a ':::!.,; w then the proof is trivial, so let
a E I(C,;). The proof is given by induction on C[.].
Without loss of generality, let each typing in d have the same basis B. Indeed,
the only rule that can change the basis is (- 1), and we can assume that free
and bound variables have different names in P. Let C[.] == [.]. There are two
cases.
(i) Either Q does not occur in P[Q/x], so x ~ FV(P) and N == P, or Q
occurs in subterms of P that are subjects of an application ofthe rule (w).
Since Q is a Ef-nf, then there is a basis B* such that B* f-,; Q : w _ w
by Lemma 12.1.5. Let B'(y) = B(y) /\ B*(y), for each y E Var; so,
by Lemma 1O.1.7.(ii) B'[w _ w/x] f-,; N : a. Thus, by rule (- 1),
B' f-,; AX.P: (w _ w) _ a. Hence B' f-,; (AX.P)Q: a by rule (- E).
(ii) In the case where Q occurs in P[Q/x] and there is at least one sub-
derivation of d assigning to Q a type '1-,; w, the proof follows by Lemma
12.1.32.
In the general case either C[.] == M'C'[.] or C[.] == C'[.]M', since the reduc-
tion is lazy. Let us consider the first case. By Lemma 10.1.7.(vi), there are
subderivations do and d1 of d proving respectively B f-,; C'[P[Q/x]] : ao
and B f-,; M' : ao _ a, for ao '1-,; w. By induction there is a derivat ion d*
proving B* f-,; C'[(AX.P)Q] : ao where B*(x) S,; B(x), for each x E Var. By
Lemma 1O.1.7.(iii) B* f-,; M' : ao _ a; hence it is easy to build a derivat ion
proving B* f- ,; C[(AX.P)Q] : a. The second case is similar. D

Now we are able to prove the theorem.

~ Proof of Theorem 12.1.6 (pag.184).

(i) By the A-subject reduction lemma, taking into account that Ef-reduction
is a special case of A-reduction.
(ii) By the weak Ef-subject expansion lemma. •
 12.1 The Model V 195

12.1.3 Proof of the V-Approximation Theorem

The proof follows the same lines as the corresponding proof in the previous
models. In order to prove the (=» implication both parts of the theorem, we
need to define a computability predicate.
A basis B is finite if and only if B(y) ::::=.,; w -+ W except in a finite number
ofvariables. We will use [aI/xI, ... , an/xnl to denote a finite basis. By Lemma
1O.1.7.(i), in this section we limit ourselves to consider only such a kind of
basis.
Let B and B' be two basis. B U B' denotes the basis such that, for every
x, B U B'(x) = B(x) 1\ B'(x) (remember that a 1\ (w -+ w) ::::=.,; a, for every
type a i:-,; w).

Definition 12.1.34. (i) Appv(B,a,M) if and only ifthere is A E A';(M)

such that B f- ,; A : a.
(ii) The predicate Compv is defined by induction on types as follows:
• Compv(B,w,M) is true;
• Compv(B, a -+ T, M) where T ::::=.,; w, if and only if ApPv(B, w -+ w, M);
• Compv(B, a -+ T, M) where T i:-,; w, if and only if
"IN E r, Compv(B',a,N) implies Compv(BUB',T,MN);
• Comp.c(B, al\T, M) if and only ifCompv(B, a, M) and Compv(B, T, M).

In the usual way, we prove that B f-,; M : a implies Compv(B, a, M),

which in turn implies ApPv(B, a, M).

Lemma 12.1.35. Compv(B,a,M) andM=r M' implyCompv(B,a,M').

Proof. The proof is given by induction on a. The case a == w is obvious.

If a== a -+ T where T ::::=.,; w, then the proof follows from the definition of
Appv, since Appv is closed under = r.
The other cases follow by the inductive hypothesis. O

Hence, Compv is defined modulo =r on terms. The following property holds.

Property 12.1.36. Let B be a basis, M be a term and T a type.

Compv(B, w -+ T, M) if and only if Compv(B, (w -+ w) -+ T, M).

Proof. The proof is easy by induction on the definition of Compv, since

NEr implies B' f- N : w -+ W for some B', by Theorem 12.1.3.(ii). O

In order to prove that Compv(B, a, M) implies ApPv(B, a, M), we need

the following property.

Property 12.1.37. Let A be an approximant such that A == Az.(AI ... Amz,

where ( is either a variable or a head block, and z .ţ FV((AI ... Am ).
If B f-,; A: a -+ T where a,T i:-,; w then B f-,; (AI ... Am : a -+ T.
196 12. Call-by-Value Denotational Semantics

Praof· a E I(Cv ) and B f- V A: a -+ 7 imply B[a/z] f- V (AI ... Amz : 7, by

Lemma 10.1.7.(vi). Since 7 Ţ.v w, by Lemma 1O.1.7.(vii) there is E E I(Cv )
such that B[a/z] f- V Z : E and B[a/z] f- V (AI ... Am : E -+ 7. By Lemma
1O.1.7.(ii) a ~v E; hence E -+ 7 ~v a -+ 7. So B[a/z] f- V (AI ... Am : a -+ 7
by rule (~v). Clearly B f- V (AI ... Am : a -+ 7, since Z (j. FV((AI ... A m ). O

Lemma 12.1.38. (i) Appv(B, a, xM) implies Campv(B, a, xM).

(ii) Compv(B, a, M) implies ApPv(B, a, M).
PraoJ. The proof is done by mutual induction on a.
The only nonobvious case is when a == 7 -+ p, where p Ţ.v w.
(i) We will prove that NEr and Campv(B' ,7,N) imply Compv(BUB',p,
xM N), thus Compv(B, 7 -+ p, xM) follows by definition.
Compv(B' ,7,N) implies ApPv(B' ,7,N), by induction on (ii).
By hypothesis Appv (B, 7 -+ p, xM); thus B U B ' f- V A * : p, for some
A* E AV(xMN) by rule (-+ E), since xA E AV(xM) and A' E AV(N)
imply xAA' E AV(xMN). Thus Appv(BUB',p,xMN) and by induction,
Compv(B U B',p,xMN).
(ii) Let Z (j. FV(M) and B(z) ':::::.v W -+ w. Note that both Z E AV and
[7/X] f- v x: 7, thus ApPV([7/Z],7,Z). Hence, Campv([7/Z],7,Z) by in-
duction on (i).
CompV(B,7 -) p, M) and Campv([7/Z],7, z) imply Compv(B[7/Z], p, Mz)
and this implies ApPv(B[7/Z],P, Mz), by induction; which means there
is A E AV(Mz) such that B[7/Z] f- v A: p.
The case A == il is not possible, since by the hypothesis p Ţ.v w. Hence
B f- v Az.A : 7 -+ p, by rule (-+ I). By definition of the y'-approximants
of a term, A E A(Mz) implies Az.A E A(AZ.Mz). Now there are two
cases.
1. M is of order O, so A is of the shape A' z, where either A' == xA I ... A m
or A' == (Ax.A')A" AI ... Amz and Z (j. FV(A' ).
In both cases A' E AV(M). By Property 12.1.37, B f- A' : 7 -+ p,
and so Appv(B, 7 -+ p, M).
2. Otherwise M =r Ay.M' , so Az.Mz =r Az.M/[z/y] = " , Ay.M' , which
implies Az.A E AV (M) and the proof is given. O

Lemma 12.1.39. Compv(B, a, M) and a ~V 7 implies Compv(B, 7, M).

PraoJ. By induction on the definition of ~v. The more complex case is that
of rule (J), so let 1f' ~v 1f, 7 ~V 7' and Campv(B, 1f -+ 7, M).
If 7 ':::::.V w then 7 ' ':::::.V W, so the proofis immediate. If 7, 1f Ţ.v w then the proof
follows by induction. If 7 Ţ.v w but 7 ' ':::::.V w then, by Lemma 12.1.38.(ii),
ApPv(B,1f -+ 7, M). By definit ion of Appv, there is an A E AL(M) such that
B f- v A : 1f -+ 7; thus B f- v A : w -+ w, and the proof follows by definition
of Compv. O
 12.1 The Model V 197

Lemma 12.1.40. Let FV(M) <:;; {Xl' ... , Xn} and B = [al/xl, ... , an/xn].
II Ni E r, Compv(B i , ai, Ni) (1 :::; i :::; n) and B f- v M : T, then

Praof. The proof is given by induction on the derivation of B f- v M : T. The

most interesting case is when the last applied rule is (---+ 1).
Let M == Ax.M' , T == ţL ---+ 1/, ţL E I(C v ) and

B[ţL/x] f- V M' : 1/
- - - - - ' - - - - - - (-+I).
B f- V Ax.M' : ţL ---+ 1/

If NEr and Compv(B' , ţL, N), then by induction

Compv(B ' U BI U ... U Bn, 1/, M' [Nl/xl, ... , Nn/xn, N/x])

which implies

by Lemma 12.1.35. 80 Compv(B I U ... U Bn, T, M[Nl/xI, ... , Nn/xn]) by def-

inition of Compv. AU other cases foUow directly from the inductive hypoth-
esis. D

Moreover, the foUowing property holds.

Praperly 12.1.41. Let M, NE Af? such that M ---+an N.

(i) If B f- M : a then B f- N : a.
(ii) If B f- N : a then B ' f- M : a, for some B ' such that '<Ix E Var,
B'(x) "'5c v B(x).

Praof. Easy, by Theorem 12.1.6, and by the fact that to the term f? only the
type w can be assigned. D

~ Proof of the V-Approximation Theorem (Theorem 12.1.15 pag. 186).

(i)(=?) Clearly Compv([T/X],T,X) by Lemma 12.1.38.(i).

Let FV(M) <:;; {Xl, ... , Xn}; if B f- v M : a, B = [al/xl, ... , an/xn] and
Compv([a;jxi], ai, Xi) (1 :::; i :::; n) then Compv(B, a, M) by Lemma
12.1.40. By Lemma 12.1.38.(ii) and definit ion of Appv the proof is done.
({=) By definit ion, there is M' such that M = r M' and A matches M' ex-
cept at occurrences of f? A derivat ion of B f- v A : acan be transformed
into a derivation of B f- v M' : a, simply by replacing every subderivation
----(w) -----(w)
Bf-vf?:w by Bf-vN:w
 198 12. Call-by-Value Denotational Semantics

where N is the subterm replaced by il in M'. B 1- v' M' : a implies

B 1- v' M : a, since the type assignment system is closed under = r on
terms as consequence ofthe fact that it induces a Ar-model, so the proof
is given.
(ii) It folIows by point (i) of the V-approximation theorem and Property
12.1.41. •

12.1.4 Proof of Theorems 12.1.24 and 12.1.25

Let Vo == AX.(AXIX2.DD)(X(AXI.DD)(AXI.DD)),
VI == AX.(AXIX2X3.DD)(X(AXI.DD)(AXIX2.DD))(X(AXIX2.DD)(AXI.DD)).
In Sect. 7.1.1 we proved that Vo ~v VI; now we will prove Vo rfv VI. Note
that both Vo and Vi are r-unsolvable of order 2, so the model does not equate
alI r-unsolvable terms of the same order.

• Proof of V-Incompleteness Theorem (Theorem 12.1.24 pag. 190).

Let a == ao 1\ al, where ao == (w -+ w) -+ (w -+ W -+ w) -+ W -+ w,
al == (w -+ W -+ w) -+ (w -+ w) -+ W -+ W,

and let D I == AXI.DD, D 2 == AXIX2.DD and D 3 == AXIX2X3.DD.

We will show that B 1- v' VI : a -+ W -+ w while B liv' Va : a -+ W -+ w, for
alI bases B. Let dl2 be the derivat ion

------------(w)
B[a/x,w -> W/X1,W -> v' DD: W w/x2ll-
- - : - - - : - - - - - : - : - - - - - (w) - - - - - - - - - , - - - - ; - . . , . : - . . . . : . . . . - - : - - (~I)
B[a/x,w -> w/xI] 1- v' DD: w B[a/x,w -> w/xI] 1- v' D 1 : (w -> w) -> W
- - - - - (var) ------;----'--- (~I) «v')
B[a/xll- v' x: a B[a/xll- v' D 1 : (w -> w) -> W B[a/x,w -> w/x1ll- v' D 1 : w -> W -
- - - ' - - - (AE) - - - - ' - - - - - , - - - - «v') ----=---~--- (~I)
B[a/xll- v' x: ao B[a/xll- v' D 1 : w -> W - B[a/xll- v' D 2 : (w -> w) -> W -> W
--------~--~--:--~~~'-----(~E) --------~:---~----«v')
B[a/xll- v' xD 1 : (w -> W -> w) -> W -> W B[a/xll- v' D 2 : w -> W -> W -
--~-------------:~------~------(~E)
B[a /xll- v' xD 1 D 2 : w -> W

and let d21 be the derivation

- - : - - - : - - - - - : - - - - - : - - - : - - - - (w)
B[a/x,w w/x2ll- v' DD : w
-> W/X1,W ->
--------:--~-- (~I)
B[a/x,w w/x1ll- v' D 1 : (w -> w) -> W
->
«v')
B[a/x,w -> w/x1ll- v' D 1 : w -> W -
- - , - - - , , - - - (var) (~I) - - : - - - - - - - : - : - - - - - (w)
B[a/xll- v' x: a B[a/xll- v' D2 : (w -> w) -> W -> W B[a/x,w -> w/x1ll-
v' DD: w
- - - ' - - - (AE) - - - - - - , - - - - ' - - - (~I)
(~v')
B[a/xll- v' x: al B[a/xll- v' D 2 : w -> W
B[a/xll- v' D 1 : (w -> w) -> W
-> W
- - - - - ' - - - - - - : : - - - - - - - ' - - - - - (~E) ----.:.......:.---'-----:------- (~v')
B[a/xll- v' xD 2 : (w -> w) -> W -> W B[a/xll- v' D 1 : w -> W
--------~----------~_:__------------'~----(~E)
B[a/xll- v' xD2 D 1 : w -> W
 12.1 The Model V 199

It is easy to build a derivat ion d3 proving the typing

B[a/x] r..; D 3 : (w --t w) --t (w --t w) --t W --t W.

Now, we can build the following derivation:

d3 d'2
B[u/x]I-,;D3 :(w--->w)--->(w--->w)--->w--->w" B[u/x]l-,;xD I D2 :w--->w'" d21
-'-'--'-----=-----::-:--:-:---::-;;-:--:-;-:::-;;:---,---,--'-'--'---'------ (~E) ( ... )
B[u/x] 1-,; D3(xD I D2) : (w ---> w) ---> W ---> W B[u/x] 1-,; xD 2D I : w ---> W
--------=-------------------------------~-------(~E)
B[u/x] 1-,; (>.X,X2X3.DD)(x(>.x,.DD)(>.XIX2.DD))(x(>.XIX2.DD)(>.XI.DD)): w ---> W
-'-'--'-----=---'-'--------'-'---'--------'-'---------'---'---------'-'--------'-'-'---- (~I)
BI-,;V,:u--->w--->w

Note that we can apply the rule (--t E), since w --t W E 1(0..;); moreover,
each type considered in the basis is an input type.
On the other hand, B r..; Va : a --t w --t w implies, by Lemma 1O.1.7.(vi),
B[a/x] r..; (>.XIX2.DD)(x(>.Xl.DD)(>.Xl.DD)) : w --t w.
Therefore there is J-L E 1(0..;) such that B[a/x] r..; >'XIX2.DD : J-L --t w --t w
and B[a/x] r..; x(>'xl.DD)(>'Xl.DD) : J-L, by Lemma 1O.1.7.(vii).
Since J-L '/:...; w, again by Lemma 10. 1.7. (vii) , there is T E 1(0..;) such that
B[a/x] r..; x(>'xl.DD) : T --t J-L and
B[a/x] r..; >.xl.DD : T. (12.1)
Since T --t J-L '/:...; w, again by Lemma 1O.1.7.(vii), there is 7r E 1(0..;) such
that B[a/x] r..; x: 7r --t T --t J-L and
B[a/x] r..; >.xl.DD : 7r. (12.2)
By Lemma 1O.1.7.(ii) a 5:..; 7r --t T --t J-L, so, since J is legal, there are 3
possible cases.
1.7r 5:..; w --t W --t w is not possible; in fact, it is easy to see that the typing
given in Eq. 12.2 implies w --t w 5:..; 7r, by Theorem 12.1.19.(ii). So, by
Property 12.1.28.(ii), this would imply w --t w '.::::!...; W --t W --t w, which is
an absurd.
2. 7r 5:..; (w --t w) 1\ (w --t W --t w) is not possible. In fact, by rules (c),
(w --t w) 1\ (w --t W --t w) 5:..; w --t W --t W, so we can reason as in the
previous case.
3. 7r 5:..; w --t w and (w --t w --t w) --t W --t w 5:..; T --t J-L, therefore
T 5:..; w --t W --t w by Property 10.1.6. Yet an absurd, by the typing given
in Eq. 12.1 and by Theorem 12.1.19.(ii). •

In order to prove Theorem 12.1.25, we need Lemma 12.1.42.

Lemma 12.1.42. Let U be a closed r-unsolvable term of order O and let

V be a type system < 0,5:"1,1(0) > inducing a >.r-model M that is fully
abstract with respect to the V -operational semantics.
200 12. Call- by- Value Denotational Semantics

(i) Alt closed F-unsolvable terms of the same finite order n are equated in M.
(ii) ULM >.x.U.
(iii) There exists (J E I(C) such that B f-V' >.x.U : (J and B f-V' >.xy.U : (J -+ (J,
while B 1iV' U : (J and B 1iV' >.x.U : (J -+ (J, for alt bases Bj moreover,
(J -+ (J E I(C).
(iv) If (J is the type considered in the previous point then ((J -+ (J) -+ (J -+
(J, (J -+ ((J -+ (J) -+ (J E 1(C).

Proof. (i) By the fact that all closed r-unsolvable terms of the same finite
order are equated in V (see Corollary 7.1.9) and by definit ion of full
abstract ion.
(ii) By the fact that U -<v >.x.U and by definit ion of full abstraction.
(iii) Note that >.x.U is an input value for the >.r-calculus, so by the definit ion
of the >.r-model and by the previous point of this lemma, there is (J E
I(C) such that B f-V' >.x.U : (J and B 1iV' U: (J, for all bases B (since U
is closed). It is easy to build a derivation proving B f-V' >.xy.U : (J -+ (J.
If B f-V' >.x.U : (J -+ (J then B f-V' (>.x.U)>.x.U : (J, but (>.x.U)>.x.U is a
A-unsolvable term of order O, so B 1iV' >.x.U : (J -+ (J.
If (J -+ (J rţ I(C) then (J ~V' (J -+ (J, so B f-V' >.x.U : (J -+ (J; hence,
(J -+ (J E I(C).
(iv) If ((J -+ (J) -+ (J -+ (J rţ I(C) then (J ~V' ((J -+ (J) -+ (J -+ (J and
B f-V' Ax.U : ((J -+ (J) -+ (J -+ (J, so B f-V' (>.x.u)(>.xy.U)(>.x.u) : (J
which is an absurdum; hence, ((J -+ (J) -+ (J -+ (J E 1(C). In a similar way,
(J -+ ((J -+ (J) -+ (J E I(C). D

~ Proof of Theorem 12.1.25 (pag.190).

We prove that every r-model fully abstract with respect to the V-operational
semantics would equate the two terms Va and VI.
Let < C, ~V', I(C) > be a legal type system inducing a filter >.r-model which
is fully abstract with respect to the V-operational semantics, and let (J be
the input type considered in the Lemma 12.1.42. Note that (J 7:V' w.
Let (T == (Ta 1\ (TI where (Ta == (J -+ ((J -+ (J) -+ (J and (TI == ((J -+ (J) -+ (J -+ (J;
moreover let D I == (>.xI.DD), D 2 == (>.XIX2.DD) and D 3 == ()..XIX2X3.DD).
We will show that B f-V' VI : (T -+ (J while B 1iV' Va : (T -+ (J, for all basis B.
It is easy to build derivations proving the typings

B[(T/x] f-V' xD I D 2 : (J
B[(T/x] f-V' xD 2D I : (J
B[(T/x] f-V' D 3 : (J -+ (J -+ (J

thus can build the following derivation

 12.2 A Fully Abstract Model for the V-Operational Semantics 201

Note that we can apply the rule (-- E), since () E 1 (C); moreover each type
considered in the basis is an input type.
Since in Sect. 7.1.1 we proved that Va ~v VI, by the full abstraction
hypothesis it follows that B f-V' Va : a -- (); so, by Lemma 10.1.7.(vi),
B[a/x] f-V' (AXIX2.DD)(X(AXI.DD)(AXI.DD)) : ().
So there is f.L E 1(C) such that B[a/x] f-V' AXIX2.DD: f.L -- () and B[a/x] f-V'
X(AXI.DD)(AXI.DD) : f.L, by Lemma 10.1.7.(vii).
If f.L ~,; w then w E 1(C), so 1(C) = T(C) and B[a/x] f-V' AXIX2.DD :
w -- (); so B[a /x] f-V' (AXIX2.DD)(DD) : () by rule (-- E), against Lemma
12.1.42.(iii), since (AXIX2.DD)(DD) is a r-unsolvable term of order O.
Let f.L 't,; W; again by Lemma 10.1.7.(vii), there exists T E 1(C) such that
B[a/x] f-V' X(AXI.DD) : T -- f.L and,
B[a/x] f-V' AXI.DD: T. (12.3)
If T -- f.L ~,; w then T - - w 5:.,; w 5:.,; T -- f.L, so by Property 10.1.6 w 5:.,; f.L
and thus f.L ~,; w, which is not possible; hence, T -- f.L 't,; w.
Since T - - f.L 't,; w, again by Lemma 1O.1.7.(vii), there is 7r E 1(C) such that
B[a/x] f-V' x: 7r - - T - - f.L and,
(12.4)
By Lemma 10.1. 7. (ii) a 5:.,; 7r - - T - - f.L, so, since \7 is legal, there are three
possible cases:
1. 5:.V' () -- () is not possible; otherwise the typing given in Eq. 12.4 would
7r
imply B[a/x] f-V' AXI.DD : () -- () against Lemma 12.1.42.
2. 7r 5:. V' ()A (() -- ()) is not possible. In fact, by rule (c), ()A (() -- ()) 5:. V' () -- (),
so we can reason as in the previous case.
3. 7r 5:.V' () and (B -- ()) -- B 5:.V' T - - f.L, so by Property 10.1.6, T 5:.,; () -- ();
yet an absurdum, by the typing given in Eq. 12.3. •

12.2 A Fully Abstract Model for the V-Operational

Semantics

It was proved in Theorem 12.1.25 that there is not a filter Ar-model that is
fully abstract with respect to the V-operational semantics. But we will show
that it is possible to build a fully abstract model starting from the model V,
202 12. Call-by-Value Denotational Semantics

in a way similar to that presented in the Sect. 11.4. We start by defining a

preorder reIat ion on terms.

Definition 12.2.1. (i) :::la is a relation on AO defined as foUows:

• M :::lw N is truei
• M :::la-n N where T ~..; w, if and only if
B f- ..; M : w ---t w implies B f- ..; N : w ---t w, for aU basis B;
• M :::la-+T N where T 't..; w, if and only if
VP closed r -valuable term, B f- ..; P : (J" implies M P :::lT N P;
• M :::laM N if and only if both M :::la N and M :::lT N.

(ii) M:::l N if and only if M :::la N, for aU (J".

The previous definit ion is well posed, thanks to the following property.

Praperty 12.2.2. There is P E rO such that B f-..; P : (J", for all B and (J".

Praof. By induction on (J", we will prove that there is P of the shape:

).xI ... xn.DD, for n ~ 0, to which (J" can be assigned.
If (J" == w then B f-..; DD : w, by rule (w). Let (J" == fJ, ---t v.
If v ~..; w and fJ, 't..; w then, by rule (w), B[fJ,/x] f-..; DD : w, and then, by
rule (---t 1) and (:::;..;) , B f- ..; DD : fJ, ---t V.
If fJ"V ~..; w, then, by rule (w), B[w ---t w/x] f-..; DD : w, and the result
follows by rules (---t I) and (:::;..;) , taking into account Property 12.1.28.(i).
If fJ" v 't..; w, then by induction there is P E rO such that B f- ..; P : v and,
since P E rO, B [fJ, / x] f- ..; P : v, so the proof follows by rule (---t I).
Let (J" == fJ, 1\ v. By induction, there are ).xI ... xp.DD and ).xI ... xq.DD such
that B f-..; ).xI ... xp.DD : fJ, and B f-..; ).xI ... xq.DD : v. Let n = max{p, q},
so ).xI ... xn.DD is the desired term. O

Note that although in the model V all types are inhabited, this does
not imply that all filters are inhabited. lndeed, the filter 1 {(J"}, where (J" is
((w ---t w) ---t (w ---t W ---t w) ---t W ---t w)I\((w ---t w ---t w) ---t (w ---t w) ---t W ---t w)
is not the interpretat ion of any term, since the re ader can check that every
term having type (J" has also the type (w ---t w) ---t (w ---t w) ---t W ---t w, which
is not in the filter. If this filter were inhabited, then it would be Vo 'tV VI
(see Sect. 12.1.4).

Prapeny 12.2.3. Let M, NE AO.

(i) If M I;;;;v N then M :::l N.
(ii) :::l is reflexive.
(iii) :::l is transitive.

Praof. (i) We will prove that M ~ N implies M gv N. By definition,

M ~ N means there is (J" such that M ~a N. The proof is given by
induction on (J".
 12.2 A Fully Abstract Model for the V-Operational Semantics 203

Clearlya '$...; w, since by definit ion M :SIw N is true. If a == f..l --+ 1/, there
are two cases. If 1/ '::::'...; w then B f-..; M : w --+ W and B li..; N : w --+ W,
so the proof is immediate by definition of [::;; v.
If 1/ '$...; w then there is a r-valuable PE AO such that MP ilv NP,
by definit ion of :SI. Hence, M P !le N P by induction, so M !lv N by
Lemma 10.1.13.(i). If a == f..lA 1/ then th~ proof follows by induction.
(ii) We will prove that M :SIa M, for all a, by induction on a. The caSe w is
obvious. Let a == f..l --+ 1/; the case 1/ '::::'...; W is obvious. Let 1/ '$...; w and let
PE AO be a closed r-valuable term such that B f-..; P : f..l. By induction
M P :SIv M P, so the result follows by definition of :SI.
The case a == f..lA 1/ follows by induction.
(iii) By induction on a we prove that :SIa is transitive. The only nontrivial
case is a == 7r --+ T, where T '$...; w. Let M o :SI7r->r MI and MI :SI7r->r M 2 .
If PE AO is a r-valuable term and B f- ..; P : 7r, then MoP :SIr MIP and
MIP :SIr M 2 P, by definition of :SI. So MoP :SIr M 2 P by induction; hence
M o :SI7r->r M 2 by definit ion of :SI. D

Next two lemmas prove that the reIat ion :SI grasps exactly the behaviour
of the V-operational semantics.
Lemma 12.2.4. Let M, N E AO.
M :SI N if and only if M P :SIw->w N P, for each sequence of closed r -valuable
terms P.
Praof. (-{:=) We will prove that M il N implies that there is a closed sequence
of r-valuable terms P such that MP ilw->w NP. By hypothesis there is
a type a such that M ilO' N, so the proof is done by induction on a.
If a'::::'...; w then a == ~ (n 2: 1), by Theorem 12.1.26; but since
n
M :SIw N by definit ion, this is not possible. If a == f..l --+ 1/ and 1/ '::::'...; w
then the proof is trivial. If a == f..l --+ 1/ and 1/ '$...; w then there is a
r-valuable term P E AO such that MP ilv NP, so the proof follows by
induction. If a == f..lA 1/ then the proof follows by induction.
(=}) We will prove that, if there is a sequence of closed r-valuable terms P
and a type T '$...; w such that M P ilr N P, then M il N. The proof will
be given by induction on IIPII.
If IIPII = O then the proof is trivial, so let IIPII 2: 1 and P == QQ'. Since
Q' is a closed r-valuable term, B f-..; Q' : w --+ w by Property 12.1.8.
This implies MQ il(w->w)->r NQ by definition of :SI; so the proof follows
by induction. D

Note that M :SIa N and a :::;L T do not imply M :SIr N. Nevertheless,

M N if and only if M :SI(w->w)->a N.
:SIw->a

Lemma 12.2.5. Let M, N E AO.

M :::Sv N if and only if M P :SIw->w N P, for each sequence of closed
r -valuable terms P.
204 12. Call-by-Value Denotational Semantics

Prao! Let Q be a closed r-valuable term. Then Q -ll-v if and only if B f- y'
Q:w -> w, by Property 12.1.8 and Lemma 12.1.17.

'*Let P be a sequence of closed r-valuable terms, and let B be a basis.

If M ::sv N then MP -ll-v implies NP -ll-v; thus B f- y' MP : w -> W
implies B f- y' N P : w -> w. So the proof is done, by definit ion of :'Slw--.w.
~ Let M P :'Slw--.w N P, for each sequence of closed terms P. Let us recall
the notion of weight of a term, defined in Definition 3.1.29 (pag. 43), and
the fact, proved in Corollary 3.2.2, that the weight of a term is defined
if and only if it has SE-normal form.
We will prove that, if C[M], C[N] E AO and (C[M]) is defined then
(C[N]) is defined, for all contexts C[.]. Hence the result follows from
Theorem 7.1.3, taking into considerat ion that the set of closed r-lazy
blocked normal forms coincides with the set of closed SE-normal forms.
The proof will be given by induction on (C[M]). There are two cases,
according to the possible shape of C[.] .
• C[.] == [.]Cd.] ... Cm[.] (m E N).
If m = O then (M) defined implies M has SE-normal form, so B f- y'
M : w -> w. But B f- y' N : w -> W by definition of :'Slw--.w, and the
proof follows by Property 12.1.8 and Lemma 12.1.17.
Let m 2: 1 and let M == (Ax.Mo)M1 ... Mp. Pose D[.] == MCd.] ... Cm[.]'
so D[M] == C[M] and D[.] == (Ax.Mo)M1 ... MpCd']' .. Cm[.] (m E N).
If p > O then let D*[.] == M o[Mdx]M2 ... MpCd.] ... Cm[.]' otherwise let
D*[.] == M O [C1[.]/X]C2 [.] ••• Cm[.]; in both cases the weight of D*[M]
is defined, since (C[M]) is defined. Moreover, (D*[M]) < (C[M]) , so
by induction (D*[N]) is defined. But D*[N] == MC1[N]C2 [N] .. .Gm[N]
has SE-normal form implies B f- y' MC1[N] .... Cm[N] : w -> w, so by
hypothesis B f- y' NCdN] ... Cm[N] : w -> w. Hence, NC1[N] ... Cm[N]
has SE-normal and the proof follows by Corollary 3.2.2 .
• C[.] == (Ay.Co[.])Cd']' ..Gm[.] (m E N).
The case m = O is trivial; otherwise the proof follows by induction on
the weight of CO[M][C1[Ml!y]C2 [M] ... Cm[M] and CdM ]. D

So the desired result follows.

Theorem 12.2.6. M:'Sl N if and only if M ::sv N, for all M, NE AO.

Prao! By Lemmas 12.2.4 and 12.2.5. D

The next definit ion overload the meaning of :'Sl on a subset of filters,
namely :'Sl induces a preorder on ? (J), i.e. the set of filters of F( J) that
are interpretations of closed terms.
Definition 12.2.7. Let f,g E ?(J) and let p be an enviranment.
f :'Sl g if and only if M, N E AO such that [M]:(v') = f and [N]:(y') = g
imply M :'Sl N. Moreover, f ~ g if and only if f :'Sl g and g :'Sl f·
 12.2 A Fully Abstract Model for the V-Operational Semantics 205

Note that if M is closed then [M] ~ = [M]~" for aU p, p'; moreover, if

M, N are closed then [M]~ = [N]~ implies M ~ N and N ~ M, by Property
12.2.3.(i). Note that ~ is overloaded, since it denotes both a relation on AO
and a relation on ?( y').
Now we can define the new Ar-model.

Definition 12.2.8. Let f, 9 E ? (y').

(i) [f] is the equivalence class of f with respect to the equivalence relation ~,
while .r1 is the set of of equivalence classes induced from ~ on ? (y').
Moreover, let I1 =
{[f] E .r113M E rO such that [M];(V) E f}.
(ii) o~ : .r1 x.r1 -+.r1 is defined as [1] o~ [g] = [f 0v g], for aU [f], [g] E.r1.
(iii) The interpretation junction [.]VV : A x (Var -+ I1) -+.r1 is defined as:
[M]~V = [[M];(V)], where p is such that p(x) E «(x) for aU x E Var.
(iv) Let VV be the quadruple: < .r1,I1,
o, [.]vv >.

Note that the interpretation is defined for open terms too.

Property 12.2.9. Let M,N,P,Q E AO.

If M ~ N and P ~ Q then M P ~ N Q.

Proof Clearly M :::v

N and P :::v Q imply MP :::v NQ, therefore the
proof foUows by Theorem 12.2.6. D

Note that o~ is weU defined, by using the previous property. Furthermore,

it is easy to see that [f] E I1
and f' E [f] imply that f' E I( y').

Lemma 12.2.10. VV is a Ar -model.

Proof. We check that VV satisfies the conditions of Definition 10.0.1.

If ( E (Var -+ I1)
then let p be such that p(x) E «(x) for aU x E Var.

1. [x]~V = [[x];(v)] = [p(x)] = «(x).

2. [MN]~V = [[MN];(v)] = [[M];(v) 0v [N];(V)] = [[M];(V)] o~
[[N];(V)] = [M]~V o~ [N]~v.
3. [Ax.M]~Vo~d= [[Ax.M];(V)]o~d= [[Ax.M];(V)°vf] = [[M]:r~~~J] =
[M]~[~/xJ' for aU d E I1 and f E d.
4. Let [M]~(~JlxJ= [N]~j[d'J/X'J' where d, d' E ~(y').
Thus [[M]:r~~J] = [[N]:r~1x'J], therefore [[Ax.M]p] = [[Ax'.N]p'], and
so [Ax.M]~V = [Ax'.Nn,v.
5. Trivial. D

Since ~ is a preorder on ? (y') then it induces a partial order on 11.

206 12. Call-by-Value Denotational Semantics

Definition 12.2.11. Let M t:vv N denote [MI~V :::! [NI~V, for alt ( E
(Var - t ~ ). Moreover, let M "'vv N denote M t: vv N and N t: vv M.
Consequently, the model VV induces a partial order on the interpretation
of terms (not only closed terms).
Lemma 12.2.12. Let M,N E AO. M t:vv N if and only if M:::! N.
Proo! Let ( E (Var -t 71), and let p be such that p(x) E «x) for all x E Var.
M t:vv Nifandonlyif[MI~v:::! [NI~V ifandonlyif[[MI:(v)]:::! [[NI:(v)]
if and only if [MI:(v') :::! [NI:(v) if and only if M :::! N. D

The correctness is easy.

Theorem 12.2.13 (VV-Correctness).
The model VV is correct with respect to the V -operational semantics.
Prao! M t:vv N implies C[M] t:vv C[N], for each closing context C[.], by
Property 1O.O.2.(v). Hence C[M] :::! C[N] by Lemma 12.2.12; in particular,
C[M] :::!w .....w C[N], so B f- v C[M] : w - t w implies B f- v C[N] : w - t w,
for all bases B. Therefore, if C[M] is r-valuable then C[N] is r-valuable, by
Property 12.1.8, since C[M] and C[N] are closed. Hence M :5v N. D

The following theorem implies the full abstract ion of VV with respect to
the V-operational semantics.
Theorem 12.2.14 (VV-Completeness).
The model VV is complete with respect to the V -operational semantics.
Prao! We will prove [f;vv implies lcv.
M [f;vv N means [MI~V :ll [NI~V, for some ( E (Var - t 71).
Since the
codomain of (is 71,
if FV(M)UFV(N) = {Xl, ... , Xm} then there are Pi E rO
such that «xd = [[PiI:(v)]. Thus, let s be such that s(xd = Pi (1 ::; i ::; m),
hence s(M), s(N) E AO. By Property 10.0.2.(iv), [s(M)I~,v :ll [s(N)I~,v, for
all (' E (Var - t ~), so in particular s(M) [f;vv s(N).
By Lemma 12.2.12, s(M) :ll s(N), so there is a sequence of closed r-valuable
terms Q such that s(M)Q :llw .....w s(N)Q, by Lemma 12.2.4.
Let C[.] == (AXI ... Xm.[.])s(xt) ... s(xm)Q; clearly C[M], C[N] E AO, and more-
over C[M].JJ.v and C[N]1rv, so M lcv N. D

Corollary 12.2.15. lf M lcv N then there is a head context separating M

and N.
Proo! Immediate, by the proof of Theorem 12.2.14. D

The technique used here for building the fully abstract model of the V-
operational semantics is similar to that used in [71] and [44], for different
calculi. The use of intersection types and filter models allows for the appli-
cation of such techniques to a wider class of models.
13. Filter Ă~-Models and Domains

13.1 Domains
There is an analogy between A.1-filter models and A.1-models that are w-
algebraic lattices, which was first noticed in [28] and further developed in [1]
and [3]. This analogy lies in the fact that type symbols in a ,xLl-filter model
play the role of names for compact elements in the corresponding w-algebraic
lattice. It is out of the aim of this book to give a complete survey of the ,xLl-
models based on w-algebraic lattices. In case where Ll = A, there are some
textbooks giving a complete development of this topic, e.g. [5, 81, 87]. Here
we will just give some basic informations in order to assure readability to
those readers who are not expert in this topic, without developing the proofs
for standard properties.
Let us recall the definit ion of a w-algebraic complete lattice.
Definition 13.1.1. (i) A complete lattice (IL, [;;;IL) is a set IL, equipped by
a order relation [;;;IL, such that for aU X ~ IL both uX (the least upper
bound of X) and nX (the greatest lower bound of X) exist.
(ii) X ~ IL is directed if and only if every two elements of X have an upper
bound in X.
(iii) x E IL is compact if and only if every directed X ~ IL is such that:
x [;;;IL uX implies x [;;;IL y for some y E X.
Let comp(lL) be the set of compact elements of L.
(iv) IL is w-algebraic if and only if x = u{y [;;; x I y compact} and comp(lL)
is countable.
Let us use the word domain in order to denote a w-algebraic complete
lattice. It is easy to see that in a domain there is always a bot tom (minimum)
element, that as usual we denote by _L
Definition 13.1.2. (i) A function h : IL ~ IL' is monotone if and only if:
x [;;;IL y implies h(x) ~IL' h(y).

(ii) A junction h : IL ~ IL' is continuous if and only if it is monotone, and

moreover:

h(UX) = U{h(x) Ix E X} for aU sets X ~ IL.

208 13. Filter >.Ll-Models aud Domaius

(iii) A continuous function h : lI.. ---'> lI.. ' is strict if and only if:

h(..LJL) =v ..Lv·

(iv) The pointwise order between two continuous functions h, k : lI.. ---'> lI..' is
defined in the following way:

h [;:;IL-+IL' k if and only ifVx E 1I... h(x) [;:;v k(x).

(v) Two domains (lI.., [;:;IL) and (lI..', [;:;v) are isomorphic if and only if there
are two continuous functions h : lI.. ---'> lI..' and k : lI..' ---'> lI.. such that:
- h o k = idv ,
- k o h = idlL ,
where idlL and idv denote the identity function respectively on lI.. and lI..' .

The notion of step function will play a key role in the construction of the
isomorphism between filter spaces and domains.

Definition 13.1.3. (i) Let a E lI.. and b E 1I..'.

The step function Sa,b : lI.. ---'> lI..' is defined as

l.x : 1I... if a [;:;IL x then b else ..Lv ,

where l. denotes the metatheoretic abstmction.

(ii) A step function Sa,b is strict if and only if Sa,b(..LJL) = ..Lv.
(iii) The partial order between step functions fram lI.. to lI..' is defined as follows:

Sa,b [;:;IL-+IL' Sc,d if and only if c [;:;IL a and b [;:;v d.

Let [lI.. ---'> 1I..'] = {f I f : lI.. ---'> lI..' is continuous }, and let [lI.. ---'>.L lI..'] = {f I
f : lI.. ---'> lI..' is continuous and strict}. The following result holds.
Lemma 13.1.4. Let lI.. and lI..' be domains.
(i) ([lI.. ---'> lI..' ], [;:;IL-+V) is a dom ain whose compact elements are least upper
bounds of finite sets of step functions.
(ii) ([lI.. ---'>.L lI..'], [;:;IL-+V) is a dom ain whose compact elements are least upper
bounds of finite sets of strict step junctions.

Praof. Define U{f,g}(x) = U{f(x),g(x)} and n{f,g}(x) = n{f(x),g(x)};

then both ([lI.. ---'> lI..' ], [;:;IL-+V) and ([lI.. ---'>.L 1I..'], [;:;IL-+V) are complete lattices
since (lI..', [;:;v) is a complete lattice.
The fact that both constructions give rise to an w-algebraic lattice is an
obvious consequence of the fact that both lI.. and lI..' are w-algebraic.
Moreover, note that if f is a continuous function from lI.. to 1I..', such that
f(a) = b, then Sa,b [;:;IL-+V f. Then f = U{Sa,b I f(a) = b}. O
 13.1 Domains 209

A further operat ion on domains that will be useful is the lijting. Let
(IL, ~lL) be a domain and let IL.l= IL U {..i}, where ..i is a fresh element not
belonging to IL. Moreover, let a ~lLl. b if and only if either a = ..i or a ~lL b.
The foUowing lemma holds.

Lemma 13.1.5. lf (IL, ~d is a dom ain then (IL.l, ~lLl.) is a dom ain (the
lijting of (IL, ~lL)).

Praof. Easy. o
Let us caU domain constructor an operat ion on domains. We will consider
in this section a restricted set of domain constructors, namely

c = {[o ~.J, [. ~.l .J, (.).L}.

Let c denote an element of C. We will use aU constructors in C as being
unary. It is possible to compose domain constructors, in order to obtain
further domain constructors.

Praperty 13.1.6. Let (IL, ~lL) be a domain.

If CI E {[o ~ .J,[. ~.l .]} and C2 == (.).L then (C2(CI(IL)),~c2(cl(lL))) is a
domain.

Proof. Easy. o

Definition 13.1. 7. Let (IL, ~d and (IL', ~v) be domains. A retraction pair
is a pair of continuous functions (i : IL ~ IL', j : IL' ~ IL) such that:
- joi = idlL ,
- i oj ~ idv .
Ii (i, j) is a retraction pair fram IL to IL', i is called the embedding and j is
called the projection.

Recalling the notion of isomorphism between domains, given in Definition

13.1.2.(v), if there is a retraction pair from IL to IL', then sometimes IL is caUed
a subdomain of IL'.

Property 13.1.8. (i) Let (il,jl) be a retraction pair from IL to IL' and (i 2,j2)
be a retraction pair from IL' to IL". Then (i 2 o il, jl o j2) is a retraction
pair from IL to IL".
(ii) An embedding (projection) function has a unique corresponding projec-
tion (embedding).
(iii) If (i, j) is a retraction pair from IL to IL' then both i and j are strict.

Domain constructors can be extended to retraction pairs. Let us show

how the extension can be made in the particular cases we are interested in .
• Let (i,j) be a retraction pair between IL and c(IL), where either c = [. ~ .]
Of C = [. ~.l .]. Let
210 13. Filter >'..:1-Models and Domains

- c(i) = Ax:c(IL). i o x o j ,
- c(j) = Ax:c 2 (IL).j o x o i.
It is easy to check that (c(i),c(j)) is a retraction pair between c(IL) and
c 2 (IL) .
• In case of lifting, let (i,j) be a retraction pair between IL and c(IL), where
c = (.).L. Let
- c(i) = Ax:c(IL). if x = ..lc(IL) then ..lc2(IL) else i(x) ,
- c(j) = Ax:c 2 (IL). if x = ..lc2(IL) then ..lc(IL) else j(x).
Then (c(i), c(j)) is a retraction pair between c(IL) and c 2 (IL).
In case c is a compound domain constructor, the extension of c to retraction
pairs can be made starting from the previous defined extension and then
using Property 13.1.8.(i).

Definition 13.1.9. Let ILo, IL 1, ... ,ILn , ... be domains.

(i) A retraction sequence is a pair whose first component is the set

and whose second component is the set

{(ii,ji) I (ii,ji) is a retraction pair from ILi to ILi+l,i ~ O}.

(ii) The inverse limit of a retraction sequence is the set

partially ordered by the relation !;;;IL oo ' defined as follows:

The following property holds.

Property 13.1.10. The inverse limit IL oo of retraction sequence is a domain.

A domain equation is an equation of the shape

x = c(X),
where c is a domain constructor, and = denotes the isomorphism between
domains.

Theorem 13.1.11. Let (IL, !;;;IL) be a domain, and let (i,j) be a retraction
pair between IL and c(IL). The inverse limit

is a solution of the domain equation X = c(X), i.e. IL oo = c(ILoo ).

 13.1 Domains 211

Proof. Let CO(X) = x and cn+1 (x) = c(cn(x)) for alI n E N.

Let rm,n : cm(lL) --+ cn(lL) be the folIowing function:

idcm(II..) if m = n,
{ n 1
rm,n = c - (i) o .. o cm(i) if m < n,
cn(j) o .. o c m - 1 (j) if n < m
It is easy to check that if m :S n then (rm, n , r n, m) is a retraction pair between
cm(lL) and cn(lL), by Property 13.1.8.(i). Let
- in,oo : cn(IL) --+ IL oo be Ax:cn(lL). (r n,o(x),rn,l(x), ... , rn,n(X), rn,n+l(X), ... );
- jn,oo : IL oo --+ cn(IL) be Ax:lL oo . (x)n ,
where (.)n denotes the n-th element of a sequence;
- 1: lLoo --+ c(lLoo ) be U(n20) (in+1 ,oo o rn,n+1 o jn,oo);
- J:c(lLoo)--+lLoo be U(n20)(in,ooorn+1,nojn+l,oo)'
Then (I, J) is a retraction pair between IL oo and c(IL oo ), such that 10 J =
idc(II.. oo )' so the two domains are isomorphic. O

By Property 13.1.8.(ii), the solution of a domain equation X = c(X)

is completely determined by the initial domain (IL, ~II..) and the embedding
function i between lL and c(lL).
Definition 13.1.12. A solution of a domain equation is minimal, if the ini-
tial domain (IL,~II..) is isomorphic to the domain ({-L},id{ . L})'
Now we have alI the ingredients in order to show the correspondence
between a ALl-model that is an inverse limit solution of a domain equation
of a given shape and a filter model.
Let us assume that the initial domain lL always has a finite number of
elements, which implies that alI the elements of IL are compact. Let us define
the folIowing procedure, in order to build from IL oo the filter space F(ILoo ).
Let lL oo be a solution of the domain equation X = c(X), where
c E {[o --+ .], [. --+ .]..1, [. --+..1 .]..1}, starting from the initial domain
(lL, ~II..) and from the embedding function i between lL and c(lL).
Note that by the particular set of constructors we chosen and by
the fact that domain equations are defined modulo isomorphisms, by
Lemma 13.1.4 we can consider the compact elements of lL oo to be
either -LII..oo or least upper bounds of finite sets of step functions from
lL oo to lL oo . Moreover, comp(lLoo ) = Un>O in,oo(comp(cn(lL))). The
set of type constants CII.. and the inclusion relation :SV'1L can be built
according to the folIowing procedure compact-as-types(.).
212 13. Filter >'i1-Models and Domains

Procedure compact-as-types(lI.. oo )
1. Choose a set of type constants C IL such that there is a bijection (.)+
between CIL and the compact elements of 1I.., such that (w)+ = ..iIL .
2. Define an intersection reIat ion :S:V'IL such that a :S:V'IL T if and only if
(T)+ !;;;;IL (a)+, for alI a, TE C IL .
3. Let T( CIL ) be the set of types built from the set of constants CIL.
Let (.)* be the function from T(CIL ) to comp(lI.. oo ) defined as folIows.
(3.1) If a E CIL then (a)* = io,oo((a)+).
(3.2) If cE {[o ---+.], [. ---+ .]..L,} then (a ---+ T)* = S(a)',(T)"
Otherwise, in case c = [. ---+..L ']..L, if (a)* i=- ..iIL oo then (a ---+ T)* =
S(a)' ,(T)" while if (a)* = ..iIL oo then (a ---+ T)* = Sa,(T)* where a =
S ..L ILoo ,..LILoo •
(3.3) (a A T)* = (a)* U (T)*.
4. Extend the intersection reIat ion :S:V'IL as folIows.
(4.1) If a, ţii, I/i E CIL (1 :s: i :s: n) and i((a)+) = Ul<i<n S(JLi)+,(Vi)+
where n E N, then both a :S:V'IL (ţiI ---+ 1/1) A ... A rţi~ ---+ I/n ) and
(ţiI ---+ I/d A ... A (ţin ---+ I/n ) :S:V'IL a.
(4.2) If c = [. ---+..L ']..L then (w ---+ w) ---+ T :S:V'IL W ---+ T,

The definit ion ofthe mapping (.)* need some comments. Point (3.2) maps
every arrow type into a step function. Note that if c = [. ---+..L ']..L, by definit ion
of strict function, Sa,b E lI.. oo implies either a i=- ..i or a, b = ..i. So types of
the shape w ---+ T, where (T)* i=- ..i, are in some sense redundant, and they
are mapped into a step function that is the maximum one less to the step
function S..L,(T)*'
Point (4.1) takes into account the initial retraction pair. Point (4.2) re-
flects point (3.2). Moreover, if C IL is finite (so lI.. and c(lI..) are finite) then
the number of rules to be joined to the intersection reIat ion :S:V'IL can be
transformed in a finite number.
The folIowing lemma proves that the procedure is correct, in the sense
that (.)* is a surjection, and the inclusion reIat ion between types respects the
order reIat ion of the domain.

Lemma 13.1.13. Let lI.. oo be a solution of the domain equation X = c(X),

where c E {[. ---+ .], [. ---+ ']..L, [. ---+..L .]..L}, starting fram the initial domain
(lI.., !;;;;IL) and fram the embedding function i between lI.. and c(lI..).
(i) (.)* : T(CJL) ---+ comp(lI.. oo ) is a surjection.
(ii) For aU a,T E T(CJL), a :S:V'IL T if and only if(T)* !;;;;IL oo (a)*.
Praof. (i) Let (lI.. oo , !;;;;IL oo ) be the solution of the given domain equation.
The set comp(lI.. oo ) can be viewed as Un>O in,oo (comp( cn(lI..))). We will
prove that, if a E in,oo (comp( cn(lI..))) th;n there is a such that (a)* = a,
by induction on n. If n = 0, then the proof folIows by construction.
Let n 2: 1. Since the set of constructors c we are taking into considerat ion
 13.1 Domains 213

is restricted, a compact element d of c n (lI..) meets one of the foHowing

constraints.
• d is the bottom, then ..1 = (w) *, by construction.
• dis a step function Sa,b : cn-1(1I..) ---> cn-1(1I..), where a, b E cn-1(1I..).
Note that c n - 1 (lI..) has a finite number of elements, for aH n ~ 1; hence,
if a E cn-1(1I..) then in-1,oo(a) is compact. So, by induction, there are
U,T such that in-l,oo(a) = (u)* and in-1,oo(b) = (T)*, and therefore
s·'n-l,oo (a)"n-l,oo
. (b) = (u ---> T)*.
• d is the least upper bound of a finite set of step functions, namely
U{ Sa;,b; I 1 ~ i ~ m}; then by induction there are Ui, Ti such that
in-1,oo(ai) = (Ui)* and in-l,oo(bi ) = (Ti)*, and

(ii) (~) By induction on the definition of ~V'IL' taking into account the last
used rule.
(a) Then the prooffoHows since ..1 ~lI..oo a, for aH a, and since (w)* = ..1.
(b), (c), (e'), (e) By the definition of least upper bound.
(1), (d) By the Definition 13.1.3.iii.
(g) By the fact that (w ---> w)* = .lx ...1, that is the smaHest step function.
(r) Obvious.
(t) By induction.
Let U ~V'1L (f..ll ---> vd  ...  (f..ln ---> vn) be the conclusion of a rule added
by the point (4.1) of the procedure compact-as-types. Clearly also the
rule (f..ll ---> vd  ...  (f..ln ---> vn) ~V'1L U was added by construction, i.e.
U ~V'1L (f..ll ---> VI) Â ... Â (f..ln ---> v n). Hence (U)* and Ul<i<n S(JL;)*,(v;)*
denote the same compact element. - -
The case (f..ll ---> VI) Â ... Â (f..ln ---> V n) ~V'1L U is symmetric.
In both cases, u, /-li, Vi E CII.. (1 ::; i ::; n), i((u)+) = Ul<i<n s(JL;)+,(v;)+
and (u)+ = j (Ul~i~n s(JL;)+ ,(v;)+ ). - -
Let (w ---> w) ---> T ~V'1L W ---> T be the conclusion of a rule added by the
point (4.2) ofthe procedure compact-as-types. Hence c = [. --->l- ']l- and
if (T)* i=- (w)* then s(w)*,(r)* does not belong to lI..oo . In such case, by the
point (3.2) of the procedure compact-as-types,
((w ---> w) ---> T)* = (w ---> T)*.

( ~) Let (T) * ~lI..oo (u) *. The proof is given by induction on the total
number of symbols of u and T.
If (T) * = ..1 then the proof is trivial, since ..1 = (w) *, and w is the biggest
type. If T or u are type constants then the proof foHows by construction.
If u == Ul ---> U2 and T == TI ---> T2, then by the Definition 13.1.3.(iii)
and the definit ion of (.) *, (T2) * ~lI..oo (U2) * and (Ul) * ~lI..oo h) *. Thus by
induction TI ~V'1L Ul and U2 ~V'1L T2, and the prooffoHows by rule (f) of
Definition 1O.1.1.(ii).
214 13. Filter ,XL\-Models and Domains

If T == TI ~ T2 and (0')* == U{(/Li ~ Vi)* I 1 ::; i ::; m}, then there is

{il, ... ,ik} ~ {l, ... ,m}suchthat(/Lil/\ .. ·/\/Lik)* ~Loo (Tl)*and(T2)* ~Loo
(Vil/\",/\Vik)* , andso (TI ~T2)* ~Loo ((/Lil/\ .. ·/\/Lik) ~ (vh/\",/\Vik))*'
80, by induction, TI ::;VIL /Lh /\ ... /\ /Lik and Vil /\ ... /\ Vik ::;VL T2, and,
by rule (f) of Definition 1O.1.1.(ii), TI ~ T2 ~VIL (/Lil /\ ... /\ /Lik) ~
Vil /\ ... /\ Vik ~VL ((/Lil /\ ... /\ /Lik) ~ ViJ /\ ... /\ (/Lil /\ ... /\ /Lik) ~ Vik ~VL
(/Lil ~ ViJ /\ ... /\ (/Lik ~ Vik) ~VIL 0', by applying respectively Lemma
10.1.4.(iii), and the rules (c) and (f) of Definition 10.1.1. (ii).
If (T)* == U{(/Li ~ Vi)* 11::; i::; m}, then (/Li ~ Vi)* ~Loo (0')*, for alI i
(1 ::; i ::; m), and the proof folIows the same lines as the previous point.
D

Note that the proof of part (-{=) of the Lemma 13.1.13 gives a justification
of the legality condition (Definition 10.1.5) on a type system in order to
induce a >'..:1-model. In fact, this condition reflects a semantic property on
step functions.

Theorem 13.1.14. Let ILoc be a solution of the domain equation X = c(X),

where c E {[. ~ .], [. ~ 11., [. ~ J.. •h}, starling from the initial domain
(IL, ~L) and fram the embedding function i between IL and c(IL).
Let V' be a type system such that C(IL) and ::;vL are built according to the
pracedure compact-as-types(ILoc ).
Then ILoc is isomorphic to the space of filters F(V'L), ordered by set inclusion.

Praof. Let us define the functions h : ILoc ~ F(V'L) and k : F(V'L) ~ ILoc in
the folIowing way:
- h(a) =i {O' I (0')* ~ a},
- k(f) = U{(O')* 10' E f}.
By Lemma 13.1.13, hand k realize the desired isomorphism. D

Now we are ready to prove that each of the filter models we presented is
isomorphic to a model built as the inverse limit solution of a domain equation.

13.1.1 11. as Domain

Take the domain equation:

X= [X~Xl.

Note that the minimal solution ofthis equation is the domain ({..1.}, id{J..})'
since there is just one continuous function from {..1.} to {..1.}, namely the func-
tion ).x . ..1.. 80 take as initial domain (IT, ~u), where IT = {..1.u, Tu}, and ~u is
defined as ..1.u ~u Tu. Take the domain ([IT ~ IT], ~u--->u), which is a domain
by Lemma 13.1.4.(i), and choose, as embedding function between (IT, ~u) and
([IT ~ IT], ~u--->u), the function i so defined:
 13.1 Domains 215

- i(..ill ) = ..i[ll-+ll]'
- i(T ll ) = 8.l 1l ,T p
and let TI oo be the inverse limit solution so obtained.
The correspondence between C oo and comp(TI) is defined in the following
way:
- (w)+ = ..ill,
- (cjJ)+ = T ll ·
Let the function (.)* : T(Coo ) --+ comp(TI oo ) be the function made according
to the procedure compact-as-types.
The procedure compact-as-types(TI oo ) generates, at point (4.1), the rules
(h1), (h2) and (h3) of Fig. 11.1 (pag. 120) of the intersection relation ::;00.
Note that point (4.2) is not applied in this case.
Let p : Var --+ TI oo ; the interpretation function [.]lloo (see [67]) is:
- [x]~oo = p(x),
- [M N]~oo = I([M]~oo) ([N]~oo),

- [>'x.M]~oo = J(l-d.[M]~[d/x])'
where 1 and J are defined in the proof of Theorem 13.1.11.

Theorem 13.1.15. LetI =< TI oo , TI oo , 0lloo' [.]lloo > where 0lloo == l-xy.I(x)(y).
I i8 a >'A-calculus model, and it is isomorphic to 'H.
ProoJ. It is easy to check that I satisfies the conditions of Definition 10.0.1,
so it is a >.,d-model. By Theorem 13.1.14, (TI oo , [;;;lloo) is isomorphic to F(oo),
ordered by set inclusion. Now we will prove that, if ( : Var --+ TI oo and
p : Var --+ F(oo) are such that "ix E Var, ((x) and p(x) are isomorphic
elements, then "iM E A [M]~oo is isomorphic to [M]:(oo). Since an element
in a domain is completely determined by the set of compact elements less
equal to it, we need only to prove that:

B p f- oo M : (J if and only if ((J)* [;;;y [M]~oo,

where Bp(x) E p(x), for all x E Var.

(:::;..) The prooffollows by induction on M.

If M == x then Bp(x) ::;00 (J, so ((J)* [;;;y ((x) and the proof is given.
Let M == PQ. So B p f- oo PQ : (J implies that there is a type 7 such that
B p f- oo P : 7 --+ (J and B p f- oo Q : 7 by Lemma 10.1.7.(vii). By induction both
(7 --+ (J)* [;;;y [P]~OO and (7)* [;;;y [Q]~OO; thus 8(T)*,(U)* [;;;y [P]~oo = I([P]~oo)
by isomorphism. Hence (CJ)* [;;;y 1 ([P]~oo) ([Q]~oo) = ([PQ]~oo).
Let M == >.x.N. By Lemma 1O.1.7.(iv), B p f- oo >.x.N : (J implies that there are
{Li, Vi (1::; i::; n) for some nE 1'1", such that ({LI --+ vdA ... A({Ln --+ vn ) ::;00 (J,
Bp[{Li/x] f- oo N : Vi (1 ::; i ::; n). By induction (Vi)* [;;;y [N]~[d/x] where
({Li)* [;;;y d. Therefore
216 13. Filter >.Ll-Models and Domains

lS;iS;n
dE comp(lloc)

(.ţ=) The proof folIows by induction on M. If M == X then the proof is easy.

Let M == PQ. SO (u)* [;;;y [PQ]~OO = I([P]~OO )([Q]~OO). Thus there is T such
that 8(T)*,(a)* [;;;y [P]~OO and
(T)* [;;;y [Q]~oo. The prooffolIows by induction.
Let M == Ax.N. So (u)* [;;;y [M]~OO = J(~d.[N]~[dlx]) implies that there are
/-Li, Vi (1 ~ i ~ n) for some n E N, such that both (Vi)* [;;;y [N]~[dlx] and
(u)* [;;;y UlSisn 8(l-'i)*,(l/i)* and (/-Li)* [;;;y d. Hence u 200 !\lSisn(/-Li -- Vi)
where Bp[/-Ldx] f- oo N : Vi (1 ~ i ~ n), so B p f- oo Ax.N : /-Li -- Vi (1 ~ i ~ n)
by rule (-- I), and B p f- oo Ax.N: u by rule (~oo). D

The model I was the first denotational AA-calculus model. It was built
by Scott [89], and the induced A-theory was extensively studied in [54, 97],
where the approximation theorem is proved by using the technique of indexed
reductions. An analysis of the characterization of term in the I-model can be
found in [32]. By the structure of lI, it is possible to have a different inverse
limit solution, by choosing as initial embedding function the function i', such
that i'(J..IT) = 1.[IT-tIT] and i'(T IT ) = 8hTIl • This model was first defined by Park
[75], and it induce a A-theory quite different from H, which was extensively
studied in [53].

13.1.2 N as Domain

N is isomorphic to a AA-model, which arises from an inverse limit solution

of the same domain equation as H, i.e.

Take as initial domain (N, [;;;1\1), where N = {1.I\I' x, T I\I}, and [;;;1\1 is defined
as 1.1\1 [;;;1\1 b, for alI bEN and x [;;;1\1 T 1\1. Take the domain ([N -- N], [;;;I\I-tl\l) ,
which is a domain by Lemma 13.1.4.(i), and choose, as embedding function
between (N, [;;;1\1) and ([N -- N], [;;;I\I-tl\l) , the function i so defined:
- i(1.I\I) = 1. [I\I-tl\l],
- i(x) = 8T N ,x,
- i(T 1\1) = 8 x ,T N,

and let N oo be the inverse limit solution so obtained.

The correspondence between C N and comp(N) is defined in the folIowing
way:
- (w)+ = 1.1\1,
- (7/;)+ = x,
- (<p)+ = T 1\1.
 13.1 Domains 217

Let the function (.)* : T(C~) --t comp(Noe ) be the function made according
to the procedure compact-as-types.
The procedure compact-as-types(Noe ) generates, by point 2, the rule
(nO) of Fig. 11.3 (pag. 145). Furthermore, point (4.1) generates the rules
(nI), (n2), (n3), (n4) and (n5) of Fig. 11.3 of the intersection relation ~~.
Note that point (4.2) is not applied in this case.
Let the interpretation function [.]1'>1 and the composition 0N oo be defined
00

as for the the model ][oe.

Theorem 13.1.16. Let.J =< Noe, Noe, 0N oo ,[.]N oo > and 0N oo == .lxy.I(x)(y) .
.J is a )..A-calculus model, and it is isomorphic to N.

Proof. Similar to the proof of Theorem 13.1.15. D

The model.J was first presented and studied in [30], as filter model. There
the approximation theorem was proved using the computability technique
we also used here. The notion of A-persistent normal form, on which the
construction of the model is based, was first introduced in [17].

13.1.3 .c as Domain
Take the following domain equation:

x= [X --t X]~.
By the presence of the lift ing domain constructor, this equation admits a
minimal solution. In fact, take as initial domain (lE, ~1E), where lE = {..lJE}, and
~1E is the identity relation. Take the domain ([lE --t lEh, ~[IE--+IE]..L)' which is a
domain by Lemma 13.1.4.(i) and Property 13.1.6, and choose, as embedding
function between (E, !;1E) and ([E --t E], !;[IE--+IE]), the function i so defined:
- i(..lIE) = ..l[IE--+IE]..L'
and let lE oe be the inverse limit solution so obtained.
The correspondence between eL and comp(lE) is defined in the following
way:
- (w)+=..lIE.
Let the function (.)* : T(C~) --t comp(lEoe ) be the function made according
to the procedure compact-as-types.
The procedure compact-as-types(lEoe ) generates, at point (4.1), the
trivial rule w ~ w of the intersection relation ~L. Note that point (4.2)
is not applied in this case.
Let the interpretation function [.]1E and the composition 0lE oo be defined
00

as follows:
- [x]~oo = p(x),
218 13. Filter Ad-Models and Domains

- [M N]~oo = J' (I([M]~oo) )([N]~oo ),

- [>'x.M]~oo = J(I'(Ad.[M]![d/X])) ,
where I and J are defined in the proof of Theorem 13.1.11, I' and J' are the
isomorphism pair between [lE oo ---> lE oo ] and [lE oo ---> lEool.J...

Theorem 13.1.17. Let E =< lE oo , lE 00 , 0IEoo' [.]IEoo > where 0IEoo is defined
as Axy.I(x)(y).
E is a >'A-calculus model, and it is isomorphic to 12.

Proof. Similar to the proof of Theorem 13.1.15, taking into account the dif-
ferent definit ion of interpretat ion. O

The model E was first presented and studied in [2].

13.1.4 V as Domain

Take the following domain equation:

This equation, like that one showed in the previous subsection, also admits
a minimal solution. In fact, take as initial domain (1U, ~u), where 1U = {l.u},
and ~u is the identity relation. Take the domain ([1U --->.1 1U].1,~[U->.l.U].l.)'
which is a domain by Lemma 13.1.4.(i) and Property 13.1.6, and choose, as
embedding function between (1U, ~1[J) and ([1U --->1- 1U], ~[l[J->.l.l[Jl)' the function
i so defined:
- i(l.u) = l.[u->.l.u].l.
and let 1U 00 be the inverse limit solution so obtained.

The function (.)*, generated by the procedure compact-as-types(1U oo ),

has the following behaviour:

(CJ ---> 7)* = S(a)*,(r)* if either (CJ)*, (7)* = l.Uoo or (CJ)* "1 l.U oo '
(CJ ---> 7)* = S(w->w)*,(r)* if (CJ)* = l.U oo .
Moreover, the intersection reIat ion built by the procedure generates, at point
(4.1), the trivial rule w :S w, while at point (4.2) rule (v) of Fig. 12.1 (pag.
182) is generated.
Let p: Var ---> 1U oo /l.u oo ; the interpretation function [.]uoo(see [44]) is:
- [x]~oo = p(x),
- [M N]~oo = J' (I([M]~oo) )([N]~oo),
- [>'x.M]~oo = J(I'(strict(Ad.[M]~[d/x])))'
 13.1 Domains 219

where 1 and J are defined in the proof of Theorem 13.1.11, l' and J' are the
isomorphism pair between [1U oo ~1- 1U oo ] and [1U oo ~1- 1U oo h, and strict is a
function such that

x = ..l1!J=,
strict(f)(x) = {~(~) otherwise.

Theorem 13.1.18. Let U =<1U oo , 1Uoo / ..l1!J=, 0I!J=, [.]I!J=> where 0I!J= is de-
fined as J..xy.I(x)(y).
U is a >..r -calculus model, and it is isomorphic ta V.

Proof. Similar to the proof of Theorem 13.1.15, taking into account the fact
that only the strict functions are present in the domain.
By Theorem 13.1.14, (1U oo , ~I!J=) is isomorphic to F(y') , ordered by set
inclusion. Then the proof follows from the definit ion of [.]I!J= . O

The model V was first presented and studied in [44], both as an inverse
limit solution of the previous domain equation and as a filter model. There
the approximation model was proved using the indexed reduction technique.

13.1.5 Another Domain

Every solution of the domain equation

is a model for the A-NFo-calculus.

This fact was first noticed in [39]. We did not develop the study of such
a calculus, since it does not seem to have interesting operational properties.
14. Further Reading

Other filters >'A-models. In [37] two filter >'A-models are designed which
completely characterise sets of terms with similar computational behaviours.
Moreover, in [4, 40] filter >'A-models characterizing the easiness property
of terms are proposed. Shortly, a term is easy when it can be consistently
equated to every other term.
Other classes of >'A-models. Berry [14] proposed a different class of do-
mains based on the notion of sta bIe functions. Starting from this notion,
Girard [47] proposed qualitative domains as >'A-models. Later qualitative
domains were that were later refined in the coherence domains. The first de-
notational semantics of linear logics is based on this kind of domains[48]. The
definit ion of intersection reIat ion can be modified in order to describe this
class of models using intersection types, as was proved in [52]. The notions of
strongly stable functions and hypercoherence spaces, on which another class
of >'A-models is based, were introduced in [23]. Models based on the notion
of bidomain, which is a space endowed with two notions of order (continuous
order and stable order), were introduced in [99]. In this setting, a model cor-
rect with respect to the L-operational semantics was constructed in [61]. A
quite complete presentation of the "webbed" >'A-models, i.e. those whose do-
mains are subdomains of some (P(D), s.:;:), can be found in [13]; clearly aH the
>'A-models presented in this book belong to this class. >'A-models based on
game sematics were presented in [43]. Categorical presentations of >'A-models
in a typed setting can be found [8, 31, 62, 59, 90].
Incompleteness. The first incompleteness result fQJ the >'A-calculus seman-
tics was proved in [53], where a >.-theory was shown for which there do not
exist a correct and complete model in the class of Scott's models built by an
inverse limit construction. Further investigations on this topic, using topolog-
ical tools, was made in [86]. Incompleteness results for the class of >'A-models
based on sta bIe functions was proved in [11].
222 14. Further Reading

Lazy semantics. A general characterization of models that are correct with

respect to the L-operational semantics was given in [12].
>.r-Models. A general characterization of models that are correct with re-
spect to the V-operational semantics was given in [82].
Semiseparability. An extension of the semiseparability algorithm to a finite
set of approximants was introduced in [29].
 Part IV

Computational Power
15. Preliminaries

In the Introduction we claimed that both the >'A-calculus and the >.r-calculus
can be seen as paradigms for programming languages in the calI-by-name and
calI-by-value settings respectively. In this chapter this claim will be justified.
In fact, we will show that both the calI-by-name and the calI-by-value >.-
calculi have the computational power of Turing machines, or equivalently,
they are computationally complete. The completeness can be achieved without
adding special constants to the language, but alI data structures needed for
computing, in particular booleans, natural numbers and functions, can be
coded into A.
We will show how to code useful data structures. Moreover, we will prove
that alI the calI-by-name and calI-by-value reduction machines presented in
Part II of this book can be effectively used for computing. In fact, computa-
tional completeness can be achieved by using each one of them.

15.1 Kleene's Recursive Functions

It is well known that not alI the partial functions from natural numbers to
natural numbers can be effectively computed. The most famous detinition of
the class of computable functions was given by Turing, by using the Turing
machines. But Kleene's definition of partial recursive functions [56] makes it
easier to detine the coding of functions in a >.Ll-calculus [57].
The class of computable functions, or partial recursive functions, is given
in two stages. First, the class of primitive recursive functions is defined.
They are generated from a set of initial functions by closure under particular
constructions (composition and primitive recursion). The primitive recursive
functions include most functions ever encountered in practical mathematics
and computer science. However, alI primitive recursive functions are total,
and hence the class must necessarily falI short of the full class of computable
functions.
The second stage of Kleene's characterization extends the class of prim-
itive recursive functions by adding an additional operator of minimalization
that introduces unbounded and possibly nonterminating searches. Therefore
the class of alI partial recursive functions is obtained.
226 15. Preliminaries

Definition 15.1.1 (Primitive recursive functions).

(i) The jollowing junctions are primitive recursive functions:
1. The junction Z : N ---+ N such that Z(n) = O;
2. The successor S : N ---+ N such that S (n) = n + 1;
3. The projection junctions 7ri(X1' ... ,xm ) = Xi (1 ~ i ~ m E N).
(ii) lj h : Nn ---+ N and gl, ... ,9n : Nm ---+ N are primitive recursive junctions
then the junction j, defined as their composition in the jollowing way:

is primitive recursive too (n, m E N).

(iii) lj h : Nm+2 ---+ N and 9 : Nm ---+ N are primitive recursive junctions then
j defined by primitive recurs ion in the jollowing way:

ij k = O,

otherwise.

is primitive recursive too (m E N).

By induction on the depth of nested instances of composition and prim-

itive recursion, it is easy to check that each primitive recursive function is
total. The next definit ion allows the construction of partial functions.

Definition 15.1.2. Let h : N2 ---+ N be a total junction, and let x E N. Then

a junction j : N ---+ N can be defined by minimalization jram h in the jollowing
way:

j( x) = [h(x) = O] = {min{k E N I h(x, k) = O} ij such a k E N exists,

~ ,y ~d~n~ otherwise.

Note that, in the previous definition, the function h is defined on all nat-
ural numbers, by hypothesis. Now, the full class of partial recursive functions
can be defined as follows.

Definition 15.1.3 (Partial recursive functions).

A junction j : Nm ---+ N (m E N) is partial recursive ij and only ij one oj
the jollowing conditions holds:
(i) j is a primitive recursive junction;
(ii) j is defined by composition oj partial recursive junctions;
(iii) j is defined by minimalization starting jrom a total recursive junction.
It is important to notice that, in the previous definition, the minimal-
ization construction must be applied only to total recursive functions, which
form a nonrecursive class. By Church's thesis, the class of partial recursive
functions coincides with the whole class of computable functions.
 15.2 Representing Data Structures 227

15.2 Representing Data Structures

The start ing point for transforming a ALl-calculus in a programming lan-

guage is to code some fundamental data structures in it, namely booleans
and natural numbers.
Let us study the problem of representing booleans in a ALl-calculus whose
operational behaviour is described by an evaluation relation O E &(Ll, 8).
In order to represent the truth values True and False, we need to define
two terms having a suitable behaviour; in particular, they must be the basis
for the definition of a further term having the behaviour of a conditional
operator.

Definition 15.2.1. Let O E &(Ll, 8) be a evaluation relation.

An O-representation of booleans is any set {T, F} such that:
(i) T, F E Ll n 8;
(ii) there is a term Cond such that, for every M, NE Ll n 8:

CondTMN./J.o M; Cond FMN./J.o N.

The next lemma shows that in order to represent the booleans, the choice
of taking two A1J-different normal forms is correct in each one of the re duct ion
machines we defined.

Lemma 15.2.2. Let O E {H, N, L, V}, and let M, NE AO be two different

A1J-normal forms. {M, N} is an O -representation of booleans.

Proof. If O E {H, N, L} then let C[.] be such that M, N =t A C[.] (see Fig. 2.1
pag. 32), otherwise let C[.] be such that M, N =t r C[.] (see Fig. 3.1 pag. 52).
Then C[M] ./J.o x and C[M] ./J.o y, for two different variables x and y. The
term Cond == AUXY.C[u] plays the desired role in all the reduction machines
under consideration. D

It is a standard choice to define T == AXY.X and F == Axy.y. In this

case Cond can be taken as the identity term 1, or simply omitted. In fact, if
M,N E A-NF then TMN./J.o M and FMN ./J.o N, for all O E {H,N,L, V}.
A boolean expression is every term B, such that B ./J.o implies either B ./J.o T
or B./J.o F.
Through the coding of the booleans it is possible to code more complex
data structures, for example, the pairs. Let M, N be two A-normal forms;
the pair [M, N] can be coded as Ax.xM N. 80 projections can be built using
booleans, by defining Ax.xT and Ax.xF as respectively the first and the
second projections. In fact, (Ax.xT)[M,N]./J.o M and (Ax.xF)[M,N]./J.o N.
We will denote Ax.xMN by [M,N].
The coding of the natural numbers can be based on Peano's axioms,
recalled in the following definit ion.
228 15. Preliminaries

Definition 15.2.3 (Peano's natural numbers).

1. There is a natural number, eaUed zero.
2. Given a natural number n, there is a unique natural number m that is
its sueeessor.
3. Two different natural numbers have different sueeessors.
4. If n is a natural number then its sueeessor is different from zero.
5. If A is a subset of natural numbers satisfying:
• zero belongs to A,
• if n belongs to A then it sueeessor belongs to A too,
then A is the set of aU natural numbers.

The notion of an O-numeral system, given in the next definition, gives

the conditions for building the coding of natural numbers with respect to
an evaluation relation O. FoHowing the lines of Peano's axioms, the infinite
set of natural numbers can be generated by two suitable terms playing the
role of zero and successor. The other conditions assure that aH the terms
generated by iterating the application of successor to zero are different in the
operational setting we are considering.

Definition 15.2.4. Let O E t'(..d, 8) be a deterministie evaluation relation.

An O-numeral system is a 5-tuple (lffi, Zero, Suee, Test, Pred), where:
(i) lffi is an O-representation of booleans.
(ii) Zero, Suee, Test, Pred E ..d n 8 are sueh that, for aU nE N:
1. , Suee ( ... (Suee ., Zero) ... ) .u..o.
n
Moreover, if , Suee ( ... (Suee ., Zero) ... ) .u..o r n.., then r n.., E ..d n 8;
n
we wiU say that r n'" is the numeral representation of n.
2. p.u..o r n'" implies Suee P .u..o r n + 1"'.
3. p.u..o Zero implies Test p.u..o T.
4. Q.u..o r n + 1'" implies Test Q.u..o F.
5. p.u..o r n + 1'" implies Pred p.u..o r n..,.

This definition is weH posed. According to it, the number n E N is repre-

sented by the numerals r n ..,.

Property 15.2.5. Definition 15.2.4 respects the Peano constraints.

Proof. AH points of Peano's definition are satisfied.

1. Immediate, by the definition.
2. Immediate, by the definition and since O is deterministic.
 15.2 Representing Data Structures 229

3. Let r n .., ~o r m ..,. Assume, by absurd, Succ r m.., ~o Succ r n ..,.

Then, by the context ual closure of ~o and point (ii).5 of Definition 15.2.4,
r m.., ~o Pred(Succ r m..,) ~o Pred(Succ r n ..,) ~o r n .." against the
hypothesis.
4. Trivial, by using Test.
5. {rn.., EAl ,Succ ( ..... (Succ, Zero) ... ).u.o
v
rn.., for some n E N } is the
n
set of the numerals. D

In the next definit ion a numeral system is presented that plays the desired
role in aU the operational semantics we have studied.

Definition 15.2.6. Let(]t=. ({T,F},Zero,Succ, Test,Pred), where

- T=. >..xy.x and F=. >..xy.y;
- Zero =. [T, T];
- Succ=. >..t.t(>..uvx.xF(>"y.yuv));
- Test =. >..x.x T;
- Pred =. >..x.xF.
We will check that (]t is a numeral system in the sense of Definition
15.2.4, for aU O E {H, N, L, V}. It is easy to see that "In E N , the nu-
meral r n'" in (]t is the same term for aU O-numeral system; in particular,
r n .., =. [F, [F .... [F, Zero] ... ]] and r n + 1'" =. >"x.xFrn..,.
'----v--"
n

Note that basic elements of (]t are A-normal forms, so they are both input
and output values for all the machines. The proof can be done in the same
manner for aH the caH-by-name reduction machines.
In all the formal systems presented in order to induce evaluation relations
H, N, L, V, there is a rule named (head). It is easy to see that, for each
one of the given operational machines, (head) is reversible in the sense that
in aH considered cases when the conclusion is derivable then its premises
are derivable. In order to simplify the proofs, in the call-by-name setting,
i.e. when O E {H,N,L}, we will denote by (head)+ a sequence of n ~ 1
applications of rule (head) in a derivation.
We need some properties of the operational semantics.

Property 15.2.7. Let M, N, P, Q E AO.

(i) Let O E {H,N,L, V}. M .u.o N and NP.u.o Q if and only if MP.u.o Q.
(ii) If M ÎîH, M ÎîN, M ÎîL and M Îîv then MN Îîo, for all NEA and
O E {H,N,L,V}.
230 15. Preliminaries

Praof. (i) In case O E {H, N, L}, the proof follows respectively by Proper-
ties 6.1.4,6.2.4 and 6.3.4. Let O == V. By the confluence theorem we can
assume MP -1).v R if and only if NP -1).v Q. We show that R == Q by
induction on the last applied rule in M -1).v N. Rules (var) and (block)
are not possible, since M E AO; while (abs) and (head) are trivial.
(ii) Since M 11'0, for all O, implies that M is both a A and a r-unsolvable
of order O, then M N is an unsolvable of order O too. D

Note that point (i) of the previous property is just a consequence of the
fact that every reduction machine reduces at every step the head redex.
Theorem 15.2.8. If O E {H, N, L} then lJt is an O-numeral system.
Praof. We prove that lJt satisfies all the conditions given in Definition 15.2.4.
(i) {T, F} is an O-representation of booleans, by Lemma 15.2.2 and since in
all cases ~o is a A-theory.
(ii) Zero, Succ, Test, Pred are both input and out put values.
1. Zero -1).0 'O', where 'o' == Zero. By induction on n we will prove that
the numeral 'n + l' is the term Ax.xF' n' E L1 n 8.
Let Succ( ... (SuccZero) ... ) -1).0 'n'; thus
'----v----"
n
Succ(Succ( ... (SuccZero) ... )) -1).0 R,
, v
"
n+l

if and only if, since Succ == At.t(Auvx.xF(Ay.yuv)),

Succ( ... (Succ Zero) ... )(Auvx.xF(Ay.yuv)) -1).0 R
'----v----"
n

by (head), if and only if 'n'(Auvx.xF(Ay.yuv)) -1).0 R, by Property

15.2.7.(i).
If n = O, then this happens only if (Auvx.xF(Ay.yuv))TT -1).0 R, by
(head), so R == Ax.xF(Ay.yTT) == '1 '.
Otherwise, 'n'(Auvx.xF(Ay.yuv)) -1).0 R if and only if
(Auvx.xF(Ay.yuv))F'n - l ' -1).0 R
by (head), if and only ifAX.xF(Ay.yF' n - 1') -1).0 R by (head)+. But
Ax.xF(Ay.yF' n-l ') E A-NF, so R == Ax.xF(Ay.yF'n-l') == 'n+l '.
2. If P E A is such that P -1).0 'n' then Succ 'n' -1).0 'n + 1', reasoning
as in the previous point.
3. Let P -1).0 Zero, so Test == Ax.xT implies TestP -1).0 R if and only if
PT -1).0 R by (head) , if and only if ZeroT -1).0 R by Property 15.2.7.(i),
if and only if T -1).0 R (by (head)+ again); thus R == T.
4. The case P -1).0 'n + l' is similar to the previous point.
5. Let P -1).0 'n + 1'. Then PredP -1).0 R if and only if PF -1).0 R by
(head), if and only if 'n + l'F -1).0 R (by Property 15.2.7.(i)) if and
only if 'n' -1).0 R (by (head)+). So it must be R == 'n'o D
 15.2 Representing Data Structures 231

Now we check that 1)1 is also a numeral system in a call-by value setting.

Theorem 15.2.9. 1)1 is a V -numeml system.

Proof. (i) {T, F} is an V-representation of booleans, by Lemma 15.2.2.

(ii) Zero, Succ, Test, Pred E r n r-LBNF.

Zero .JJ-v 'O', where 'O, == Zero. By induction on n we will prove that
the numeral 'n + l' is the term Ax.xF'n' E r n r-LBNF.
Let us assume that Succ( ... (SuccZero) ... ) .JJ-v 'n', by induction; there-

-----------.JJ-v
n
fore Succ(Succ( ... (SuccZero) ... ))
~ V J
R if and only if Succ'n' .JJ-v R by
n+l
induction and (head), if and only if'n'(Auvx.xF(Ay.yUV)).JJ-v R by rules
(head) and (lazy), since Succ == At.t(AUVX.xF(Ay.yUV)).
If n = O, then this happens only if (Auvx.xF(Ay.yuv))TT .JJ-v R by rules
(head) and (lazy), so it is easy to see that R == Ax.xF(Ay.yTT) == '1'.
Otherwise, 'n'(Auvx.xF(Ay.yUV)).JJ-v R if and only if

(Auvx.xF(Ay.yuv))F'n -1'.JJ-v R,
if and only ifAX.xF(Ay.yF' n - 1') .JJ-v R. But Ax.xF(Ay.yF' n - 1') E A-
NF, so R == Ax.xF(Ay.yF' n - 1') == 'n + 1'.

It is easy to check the remaining constraints given in Definition 15.2.4,

since the proof follows the same lines as the Theorem 15.2.8. D
16. Representing Functions

In order to represent a numeric al function with respect to an evaluation

relation O, it is necessary to exhibit a term mimicking the behaviour of the
function itself. More precisely the reduction machine, taken as input this term
applied to a sequence of terms representing natural numbers, gives as output
the term representing the result, if it exists, and does not stop otherwise.
The term representing the function cf; will be denoted by r cf;', extending
the same notation used for natural numbers. The notion is defined in a formal
way in the next definition.
Definition 16.0.10. Let O E &(..1,8) be an evaluation relation, and let
cf; be a partial recursive function with arity p E N; let r n' be the numeral
representation of nE N in an O-numeral system.
cf; is O-representable if and only if there is a term r cf;' E AO such that, for
aU terms Ni such that Ni .lJ..o r ni' (1 ::; i ::; p; nI, ... , n p E N),'
• if cf;(nl, ... , n p ) is defined then r cf;'NI ... N p .lJ..o r cf;(nl, ... , n p )';
• if cf;(nl, ... , n p ) is undefined then r cf;'NI ... N p 110.
We will prove that in alI given reduction machines alI partial recursive
functions are representable. To do so, we need to consider separately the
call-by-name cases and the call-by-value one.

16.1 Call-by-Name Computational Completeness

We will prove that each one of the studied calI-by-name reduction machines
can be used for computing alI partial recursive functions. In alI this section,
O will range over the set {H,N,L}, Le. it denotes each one of the calI-by-
name evaluation relations, and 1)1 is the O-numeral system given in Definition
15.2.8.
As a first step, it must be checked that primitive recursive functions are
O-representable.
Lemma 16.1.1. (i) Z is O-representable,
(ii) S is O-representable,
(iii) Projections are O-representable.
234 16. Representing Functions

Proof (i) 'Z"" == Ax.Zero,

(ii) 'S"" == Succ,
(iii) '1f~ ..., == AXl ... Xm.Xi (1 :S i :S m E N). o
Now let us consider the composition between primitive recursive functions.

Lemma 16.1.2. Let h : Nm -+ N and 91, ... , 9m : NP -+ N be O-representable

primitive recursive iunctions; so their composition:

is O-representable.

Proof By hypothesis there are terms 'h"", , 91"", ... ,' 9m ..., O-representing func-
tions h, 91, ... , 9m. Let

'f"" -= "Xl··
, .x p •'h""('''''
91 Xl· .. X p ) ••• ('''''
9m Xl .. .X p ) •

Let Ni E A be such that Ni -0-0 'ni"", for some ni E N (1 :S i :S p); by

hypothesis '9j ""Nl ... N p -0-0 '9j(nl' ... , n p )"" (1 :S j :S m).
Let Ri E A be such that Ri -0-0 'ni"", for some ni E N (1 :S i :S m); by
hypothesis 'h""Rl ... R m -0-0 'h(nl, ... ,nm )"", so in particular

'h""(' 9l""Nl ... N p ) ••• (' 9m ""Nl ... N p ) -0-0 'h(9l(nl' ... , n p ), •• ·,9m(n1, ... , n p ))"".

But' f'N1 ... N p -0-0 R if and only if 'h ""(' 91""N1... N p ) ••• (' 9m ""N1 ... N p ) -0-0 R
(by (head)+), so the proof is done since h, 91, ... , 9m are total. O

In order to represent the functions built by primitive recurs ion and by

minimalization, a "fixed-point operator" is needed, that work well in alI the
calI-by-name re duct ion machines. We already proved that in the AA-calculus
every term has a fixed-point, and we showed, in the proof of Theorem 2.1.8,
an operator building it, namely the term Y.
But, while YM =A M(YM), it does not hold that YM -+Â M(YM),
which is a necessary condition for using it as recursion operator in a calI-by-
name reduction machine.

80 in the next theorem a further fixed-point operator, suitable for our

purposes, is defined.

Theorem 16.1.3. Let lA == (Axy.y(xxy))(Axy.y(xxy)). Ii MEA then

lAM -+Â M(lAM); moreover, lAM -0-0 R ii and only ii M(lAM) -0-0 R.

Proof Trivial. o
The folIowing lemma shows how YA can be used for mimicking primitive
recurSlOn.
 1601 Call-by-Name Computational Completeness 235

Lemma 16.1.4. Let h : Nm+2 ~ N and 9 : Nm ~ N be O-representable

primitive recursive functionso The following function is O-representable:

f(k ) - {g(XI, 000' x m ) if k = O,

, Xl, 000' Xm - h(f(k - 1, Xl, 000' x m ), k - 1, Xl, 000' x m ) otherwiseo

Proof. By hypothesis there are terms rh' and rg, representing hand go We
will prove that r f' is O-represented by JAP, where P is:

Let Ni -U-o r ni" Q -U-o rk' for some k,ni E N (1 ~ i ~ m); the proofwill be
given by induction on ko

Let k = 00 JAPQNIoooNm -U-o R if and only if P(JAP)QNIoooNm -U-o R

(by (head)+), if and only if
Test Q(r g'xIoooxm)(rh'(JAP(Pred Q)xIoooxm)(Pred Q)XIoooX m ) -U-o R
(by (head)+), if and only if
T (r g'xIoooxm)(rh'(JAP(Pred Q)NIoooNm)(Pred Q)NIoooNm ) -U-o R
(by Property 1502070(i), since Test Q -U-o T), if and only if r g'NIoo.Nm -U-o Ro
But, by hypothesis rg'NIoooNm -U-o rg(nl,ooo,nm)'o

Let k > 00 JAPQNIoooNm -U-o R if and only if P(JAP)QNIoooNm -U-o R

(by (head)+), if and only if
Test Q(r g'NIoooNm)(rh'(JAP(Pred Q)NIoo.Nm ) (Pred Q)NIoooNm ) -U-o R
(by (head)+), if and only if
F(r g'NIoooNm)(rh'(JAP(Pred Q)NIoo.Nm ) (Pred Q)NIoooNm ) -U-o R
(by Property 1502070(i), since Test Q -U-o F), if and only if
rh'(JAP(Pred Q)NIoooNm)(Pred Q)N1 000Nm -U-o R (by (head)+)o
But, by induction (JAP)(Pred Q)NIoooNm -U-o r f(k - 1, nI, 000' n m )'; thus
R = rh(f(k-l,xl,ooo,x m ),k -1,xl,ooo,xm )', since by hypothesis rh' is an
O-representation of ho O

Thus alI primitive recursive functions are representable in the considered

settingso
In order to represent the composition of partial functions in a call-by-name
setting, the main problem is to make the representation "strict"; namely,
when a function is applied to an undefined argument then its evaluation must
divergeo The proposed solution takes into account the fact that terms repre-
senting natural numbers are in A-head normal form and so are A-solvableo

Lemma 16.1.5. lf M -U-o r n, then MKII -U-o 10

Proofo By Property 1502070(i), MKII -U-o R if and only if rn'KII -U-o Ro
Thus by (head)+ the proof folIows by observing the shape of r n 'o O
236 16. Representing Functions

Then the representation of a function built by composition of partial

functions is a term with the folIowing operational behaviour: first it checks
if alI its arguments are defined and, in case at least one is undefined then it
diverges; otherwise it computes the result.

Lemma 16.1.6. Let h: Nn ---; N and gl, ... ,gn : Nm ---; N be O-representable
partial recursive functions. The function dejined f'T"Om them by composition,
namely
f(X1, ... ,xm ) = h(gl(X1, ... ,xm ), ..... 'gn(X1, ... ,xm )),
is O-representable.
P'T"Oof. Let

F == AX1",Xm.rh,(rg1'X1 ... Xm) ... (rgn 'X1",Xm) and

r f' == AX1 ... Xm. r gl'X1 ... xmK II) ... r gn 'Xl ... xmK II) (FX1" .xm ).

Let Ni -U-o r ni' (1 :::; i :::; m). r f'N 1... N m -U-o R if and only if
rg1'N1... N m KII) ... (r gn 'N1... N m KII)(FN1... N m ) -U-o R (by (head)+).
Let j be the minimum integer such that r gj 'N1 ... N m 11'0 (1 :::; j :::; m).
rg1'N1 ... NmKII) ... (rgn'N1 ... NmKII)(FN1 ... Nm) -U-o R if and only if
Irg2'N1 ... NmKII) ... (rgn'N1 ... NmKII)(FN1 ... Nm) -U-o R (by (head)+) if
and only if r g2'N1... N m KII) ... (r gn 'N1 ... NmKII)(FN1 ... N m ) -U-o R (by
(head) if and only if r gj 'N1 ... NmKII)···r gn 'N1... N m KII)(FN1... N m ) -U-o
R. But r gj 'N1... N m 11'0 implies r gj 'N1... N m is a A-unsolvable of order O
in case 0== L. So rgj'Nl ... NmKII) ... rgn'Nl ... NmKII)(FN1 ... Nm) is a
A-unsolvable of order O, respectively, and so in alI cases,

In case r gi 'N1... N m -U-o, for alI i (1 :::; i :::; n), r f'N 1... N m -U-o R if and
only if (FN1 ... N m ) -U-o R, and the proof folIows the same line as that of
Lemma 16.1.2. D

FinalIy, we check the computability of functions defined by minimaliza-

tion. Let P == Athxy.Test(hxy)y(thx(Succ y)).

Lemma 16.1.7. Let h: N 2 ---; N be an O-representable total recursive func-

tion. Let N and Q be such that N -U-o rn, and Q -U-o rk'.
(i) Ifh(n,k) = °then ~prh'NQ-U-o rk'.
(ii) Let h(n, k) =F O; so
~prh'NQ -U-o R if and only if~prh'N(SuccQ) -U-o R.
P'T"Oof. (i) ~prh'NQ -U-o R if and only if p(~prh'NQ -U-o R (by
(head)+) if and only if Test(rh'NQ)Q(~prh'N(Succ Q)) -U-o R, (by
(head)+) if and only if Q -U-o R (since rh'NQ -U-o rO', always by
(head)+), but Q -U-o r k " so the proof is done.
 16.2 Call-by-Value Computational Completeness 237

(ii) The proof is similar to that of the previous point, by using the fact that
h is a total function. O

Properiy 16.1.8. Let h : N2 -7 N be an 0- representable total recursive

function.
(i) If f(n) = My[h(n,y) = O] is defined then ~P'h'NZero JJ-o 'f(n)', for
every N such that N JJ-o 'n '.
(ii) If f(n) = My[h(n, y) = O] is undefined then ~P'h'NZero 110, for alI N
such that N JJ-o 'n '.

Proof (i) Let f(n) = k, thus k is the minimum integer such that h(n, k) = O.
By induction on k, the prooffolIows by Lemma 16.1.7.
(ii) By Lemma 16.1.7. O

Lemma 16.1.9. Let h : N 2 -7 N be an O-representable total recursive func-

tion. f(x) = My[h(x, y) = O] is O-representable.

Proof Let ' f ' == Ax.~P'h'xZero, where

P == Athxy.Test(hxy)y(thx(Succ V)).
Then the proof folIows directly by Property 16.1.8. o
So the O-representability of alI partial recursive function folIows.

Theorem 16.1.10. Let O E {R, N, L}.

All partial recursive functions are O-representable.

16.2 Call-by-Value Computational Completeness

Now let us prove that also the V-reduction machine can compute alI partial
recursive functions. We will point out just the differences between calI-by-
name and calI-by-value computability. The most interesting difference occurs
in the coding of recurs ion and minimalization, which is done through a fixed-
point operator in the calI-by-name setting. We have seen that a calI-by-value
fixed-point operator is such that, when applied to a r-valuable term, it is
operationalIy equal to a not r-valuable term. In fact, if we think to interpret
terms as function, the undefined value is the fixed-point of every function,
when parameters are passed by value. So in order to deal with both recursion
and minimalization, we will use a calI-by-value recursion operator, whose be-
haviour was been defined at the end of Sect. 3.1. Other quite small differences
are in the composition of partial functions.
Let Yr == (Axf.f(AZ.xxfz))(Axf.f(AZ.xxfz)); clearly Yr is a recurs ion
operator. The folIowing theorem shows its operational behaviour.
238 16. Representing Functions

Theorem 16.2.1 (Recursion).

Let Yr == (>.xf.f(>.z.xxfz»(>.xf.f(>.z.xxfz)).
If M E r then YrM .JJ-v if and only if M(>'z.YrMz) .JJ-v, where z fi. FV(M).
Praof. Easy. D

Now we can show that the >.r-calculus is computationally complete.

Lemma 16.2.2. Primitive recursive junctions are V -representable.
Praof. The proof follows the same lines as Lemmas 16.1.1, 16.1.2 and 16.1.4,
taking into account that Yr must be used instead of YA, and moreover taking
into account the behaviour of the V-reduction machine. D

The extension to partial functions is easier than in the call-by-name case.

In fact the mathematical functions are naturally "strict", in the sense that
a function diverges if one of its arguments diverges, and this behaviour is
exactly the behaviour of the V -evaluation. In fact the following property
holds.
Praperty 16.2.3. Let M,N E AO; M îtv implies NM îtv.
Praof. Trivial, by the rule (head). D

Lemma 16.2.4. Let h : Nn ---+ N and gt, ... , gn : N m ---+ N be V -representable

partial recursive junctions. The junction f defined by composition from them
in the following way:

f(Xl, ... ,xm ) = h(gl(Xl, ... ,xm ), ..... 'gn(xt, ... ,xm »
is V -representable.

Praof. Let H == >.xl ... xm.rh'(rgl'Xl ... Xm) ..... (rgn'Xl ... Xm); it is easy to
check that H is a V-representation of f, by Property 16.2.3. D

Finally, we check the V -computability of functions defined by minimal-

ization. Let F == >.thxy.Test(hlxy)(>.v.y) (>.u.thx(Succ y»)I.
Lemma 16.2.5. Let h : N2 ---+ N be a V -representable total recursive junc-
tion such that h(n, k) = m where n, k, m E N.
(i) Ifm = O then (YrF)(>.z.rh'rnlrk'.JJ-v rk'.
(ii) Let m =1 O.
(YrF)(>.z.rh'rn,rk'.JJ-v if and only if (YrF) (>.z.rh'rnlrk + l ' .JJ-v.

Praof. (i) (YrF)(>.z.rh'rnlrk'.JJ-v R if and only if

F(>'z.YrFz) (>.z.rh'rnlrk' .JJ-v R if and only iL
'r
Test((>.z.rh ')Ir n Irk')(>.v.rk ') (>'u.(>'z.YrFz)(>.z.rh n '(Succ rk'»)I .JJ-v
R by two applications of rule (head), if and only if (>.v.rk')I .JJ-v R if
and only if r k' .JJ-v R, always by (head), and this implies R == r k '.
 16.3 Historical Remarks 239

(ii) (YrF)(-Xz.rh,)rn"k' -U-y if and only if F(-Xz.YrFz)(-Xz.rh'fn"k'-U-y

if and only if
Test((-Xz.rh')1r n "k ')(-Xv.rk') (-Xu. (-Xz.YrFz) (-Xz.rh 'fn '(Succ rk '))1 -U-y
if and only if F(-Xv.rk')(-Xu.(-Xz.YrFz)(-Xz.rh'fn'(Succ rk'))1 -U-y al-
ways by (head), if and only if (-Xu.(-Xz.YrFz)(-Xz.rh'fn'(Succ rk'))1 -U-y
if and only if (-Xz.YrFz)(-Xz.rh'fn'(Succ rk') -U-y And, again by (head),
if and only if YrF(-Xz.rh'fn'(Succ rk') -U-y. D

The representation of a function defined by minimalization is different

from the call-by-name case, since the term P, performing the iteration in the
call-by-name case, does not work correct1y in the call-by-value one. In fact,
in P, the second argument of the function Test is not a value. The term F is
a slight modificat ion of P, playing the desired role in this particular setting.

Lemma 16.2.6. Let h : N 2 -+ N be a V -representable total recursive junc-

tion. f(x) = My[h(x,y) = O] is V-representable.

Proo! Let rf' == -Xx.YrF(-Xz.rh')xZero, where

F == -Xthxy.Test(h1xy)(-Xv.y)(-Xu.t(hx(Succ y)))1.
The proof follows by Lemma 16.2.5, in the same way as the proof of Lemma
16.1.9. D

Theorem 16.2.7. AU partial recursive junctions are V -representable.

16.3 Historical Remarks

In the literature, computability, for both the call-by-name and the call-by-
value -X-calculi, was defined starting from an approach different from the
present one. In fact, the representation of computable functions was devel-
oped inside a theory, while we have chosen an operational point of view. The
next definit ion is the classical one for the -XA-calculus.

Definition 16.3.1. Let cf> be a partial recursive junction with arity pE N.

cf> is -X-definable if and only if there is a term r cf>' such that
• cf>(nl, ... ,np) defined implies rcf>"n'l ... rn,p =A rcf>(n!, ... ,np)';
• cf>(nl, ... , n p) undefined implies r cf>"n'l ... rn,p is an unsolvable term.

Inside the -XA-calculus, the first numeral system was introduced by

Church. In it, r n , is the term -Xfx.f( ..... (fx) ... ), which represents the n-
'--v-'
n
th iteration of a function f applied to an argument x. This numeral system
has been the starting point for the first -X-representation of partial recursive
240 16. Representing Functions

functions, given by Kleene, in the >'-I-calculus [57]. The idea of using fixed-
point operators to represent primitive recursion and minimalization comes
from Turing [95].
The system we proposed in Section 15.2 is a slight modification of the
numeral system of Barendregt [9], recalled in the following definition.

Definition 16.3.2 (Barendregt numeral system).

Let s.l3 == ({T,F},Zero'B,Succ'B,Test'B,Pred'B), where
- T == >.xy.x and F == >.xy.y;
- Zero'B == >.x.x;
- Succ'B == >.n.[F, n] == >.nx.xFn;
- Test'B == >.n.nT;
- Pred'B == >.n.nF.

s.l3 is a N-numeral system but is neither a L-numeral system nor a

H-numeral system. In fact, the Barendregt representation of 1 is r1'" ==
>.x.xF Zero'B, and Succ'B Zero'B ..().o >.x.xF Zero'B where O E {L, H}; never-
theless
S ucc'B(Pred'Br1"')..().H >.x.x«>.n.nFf1"')
Succ'B(Pred'Brl'fn"'..().L >.x.x«>.n.nFf1"')
but >.x.x«>.n.nFf1"') t= r1"', although
>.x.x«>.n.nFfl') =A rl'.

As far as the call-by-value computability is concerned, Plotkin [78] was

the first to point out the difference between call-by-name and call-by-value
recursion. He proposed the following recursion operator:

>.f. (>.x·f( >.z .xxz» (>'x.f(>'z.xxz» ,

which works similarly to Yr. The computability in the theory =r was com-
pletely developed by Paolini [72], using Y r and the Barendregt numeral sys-
tem.
Bibliography

1. Samson Abramsky. Domain theory in logical form. Annals of Pure and Applied
Logic, 51(1-2):1-77, 1991.
2. Samson Abramsky and Luke Ong. FuH abstract ion in the lazy lambda calculus.
Information and Computation, 105(2):159-267, 1993.
3. Fabio Alessi. Strutture di Tipi, Teorie dei Domini e Modelli del Lambda Calcolo.
Tesi di dottorato di ricerca in informatica, Universita di Milano e Torino, 1990.
4. Fabio Alessi, Mariangiola Dezani-Ciancaglini, and Furio HonseH. Filter models
and easy terms. In Antonio Restivo, Simona Ronchi DeHa Rocca, and Luca
Roversi, editors, Theoretical Computer Science, 7th Italian Conference, ICTCS
2001, Torino, Italy, October 4-6, 2001, volume 2202 of Lecture Notes in Com-
puter Science, pages 17-37. Springer-Verlag, 2001.
5. Roberto M. Amadio and Pierre-Louis Curien. Domains and Lambda-Calculi,
volume 46 of Cambridge 'I'racts in Theoretical Computer Science. Cambridge
University Press, Cambridge, 1998.
6. Andrea Asperti, Cecilia Giovannetti, and Andrea Naletto. The bologna optimal
higher-order machine. Technical Report UBLCS-95-9, University of Bologna,
Department of Computer Science, March 1995.
7. Andrea Asperti and Stefano Guerrini. The Optimal Implementation of Func-
tional Programming Languages. Cambridge University Press, Cambridge, 1998.
8. Andrea Asperti and Giuseppe Longo. Categories, Types, and Structures: An
Introduction to Category Theory for the Working Computer Scientist. Founda-
tions of Computing Series. The MIT Press, Cambridge, MA, 1991.
9. Henk Barendregt. The Lambda Calculus: Its Syntax and Semantics (2nd edi-
tion). North-HoHand, Amsterdam, 1984.
10. Henk Barendregt, Mario Coppo, and Mariangiola Dezani-Ciancaglini. A fil-
ter lambda model and the completeness of type assignment. The Joumal of
Symbolic Logic, 48(4):931-940, December 1983.
11. Olivier Bastonero and Xavier Gouy. Strong stability and the incompleteness of
stable models for lambda- calculus. Annals of Pure and Applied Logic, 100(1-
3):247-277, 1999.
12. Olivier Bastonero, Alberto Pravato, and Simona Ronchi DeHa Rocca. Struc-
tures for lazy semantics. In Gries and de Roever, editors, Programming Concepts
and Methods, pages 30-48. Chaptman & HalI, 1998.
13. Chantal Berline. From computation to foundations via functions and appli-
cation: The A-calculus and its webbed models. Theoretical Computer Science,
249(1):81-161, October 2000.
14. Gerard Berry. Stable models of typed lambda-calculi. In Giorgio Ausiello and
Corrado Bohm, editors, Automata, Languages and Programming, Fifth Collo-
quium, ICALP, Udine, Italy, July 17-21, 1978, volume 62 of Lecture Notes in
Computer Science, pages 72-89. Springer-Verlag, 1978.
242 Bibliography

15. Corrado Băhm. Alcune proprieta delle forme ,81]-normali nel >'K-calculus. Pub-
blicazione n. 696, Instituto per le Applicazioni del Calcolo, Roma, 1968.
16. Corrado Băhm and Mariangiola Dezani-Ciancaglini. A CUCH-machine: the
automatic treatment of bound variables. International Journal of Computer
and Information Sciences, 1(2):171-191, June 1972.
17. Corrado Băhm and Mariangiola Dezani-Ciancaglini. >.-terms as total or partial
functions on normal forms. In G. Goos and J. Hartmanis, editors, >'-Calculus
and Computer Science Theory, volume 37 of Lecture Notes in Computer Science,
pages 96-121, Berlin, DE, 1975. Springer-Verlag.
18. Corrado Băhm, Mariangiola Dezani-Ciancaglini, P. Peretti, and Simona Ronchi
Della Rocca. A discrimination algorithm inside >.-calculus. Theoretical Com-
puter Science, 8(3):271-291, 1978.
19. Corrado Băhm and W. Gross. Introduction to the CUCH. In E. R. Caianiello,
editor, Automata Theory, pages 35-65. Academic Press, New York, 1966.
20. Corrado Băhm and Adolfo Piperno. Characterizing X-separability and one-
side invertibility in >'-,8-il-calculus. In Proceedings, Third Annual Symposium
on Logic in Computer Science - LICS'88, pages 91-103, Edinburgh, Scotland,
5-8 July 1988. IEEE Computer Soeiety Press.
21. Corrado Băhm, Adolfo Piperno, and Stefano Guerrini. Lambda-definition of
function(al)s by normal forms. In Donald Sannella, editor, Programming Lan-
guages and Systems-ESOP'94, 5th European Symposium on Programming, vol-
ume 788 of Lecture Notes in Computer Science, pages 135-149. Springer-Verlag,
1994.
22. Corrado Băhm, Adolfo Piperno, and Enrico Tronei. Solving equations in
lambda-calculus. In Logic Colloquium'88, Amsterdam, 1988. North-Holland.
23. Antonio BuceiareIIi and Thomas Ehrhard. A theory of sequentiality. Theoretical
Computer Science, 113(2):273-291, 7 June 1993.
24. Rod Burstall and Furio Honsell. Operational semantics in a natural deduction
setting. In Gerard Huet and Gordon Plotkin, editors, Logical F'rameworks, pages
185-214, Cambridge, 1991. Cambridge University Press.
25. Alonzo Church. The Calculi of Lambda Conversion, volume 6 of Annals of
Mathematical Studies. Princeton University Press, Princeton, 1941. Reprinted
by University Microfilms Inc., Ann Arbor, MI in 1963 and by Klaus Reprint
Corp., New York in 1965.
26. Alonzo Church and J. Barkley Rosser. Some properties of conversion. Trans-
actions of the Aerican Mathematical Society, 39:472-482, 1936.
27. Mario Coppo and Mariangiola Dezani-Ciancaglini. An extension of the basic
functionality theory for the >.-calculus. Notre Dame Journal of Formal Logic,
21 (4) :685-693, October 1980.
28. Mario Coppo, Mariangiola Dezani-Ciancaglini, Furio Honsell, and Giuseppe
Longo. Extended type structure and filter lambda models. In G. LoIIi, G. Longo,
and A. Marcja, editors, Logic Colloquim'82, pages 241-262. Elsevier Seience
Publishers B.V. (North-Holland), Amsterdam, 1984.
29. Mario Coppo, Mariangiola Dezani-Ciancaglini, and Simona Ronchi Della
Rocca. (Semi)-separability of finite sets of terms in Scott's Doo-models of the >.-
calculus. In Giorgio Ausiello and Corrado Băhm, editors, Automata, Languages
and Programming, Fifth Colloquium, volume 62 of Lecture Notes in Computer
Science, pages 142-164, Udine, Italy, 17-21 July 1978. Berlin, Springer-Verlag.
30. Mario Coppo, Mariangiola Dezani-Ciancaglini, and Maddalena Zacchi. Type
theories, normal forms and Doo lambda models. Information and Computation,
72(2):85-116, 1987.
31. Roy L. Crole. Categories for Types. Cambridge University Press, Cambridge,
1993.
 Bibliography 243

32. Pierre Louis Curien. Sur l'eta-expansion infinie. Comptes Rendus de l'Academie
des Sciences, to appear.
33. Pierre-Louis Curien and Hugo Herbelin. The duality of computation. In
Proceedings of the ACM Sigplan International Conference on Functional Pro-
gramming (ICFP-OO), volume 35(9) of ACM Sigplan Notices, pages 233-243,
Montreal, Canada, September 18-21 2000. ACM Press.
34. Haskell B. Curry and Robert Feys. Combinatory Logic - Volume 1. Studies in
Logic and the Foundations of Mathematics. Elsevier, North-Holland, (Amster-
dam, London, New York), L. E. J. Brouwer, E. W. Beth, A. Heyting editors,
edition, 1958. With two sections by William Craig. Second edition, 1968.
35. Haskell B. Curry, J. Roger Hindley, and Jonathan P. Seldin. Combinatory Logic
- Volume 2, volume 65 of Studies in Logic and the Foundations of Mathematics.
Elsevier, North-Holland, (Amsterdam, London, New York), A. Heyting, H. J.
Keisler, A. Mostowski, A. Robinson, P. Suppes editors, edition, 1972.
36. Rene David and Karim Nour. A syntactical proof of the operational equivalence
of two A-terms. Theoretical Computer Science, 180(1-2):371-375, 10 June 1997.
37. Mariangiola Dezani-Ciancaglini, Silvia Ghilezan, and Silvia Likavec. Be-
havioural inverse limit models. Theoretical Computer Science, 2003. To appear.
38. Mariangiola Dezani-Ciancaglini, Furio Honsell, and Fabio Alessi. A complete
characterization of complete intersection-type preorders. ACM Transactions on
Computational Logic, 4(1):120-147, January 2003.
39. Mariangiola Dezani-Ciancaglini, Furio Honsell, and Simona Ronchi
Delia Rocca. Models for theories of functions strictly depending on ali
their arguments. The Journal of Symbolic Logic, 51(3):845-846, 1986.
(Abstract).
40. Mariangiola Dezani-Ciancaglini and Stefania Lusin. Intersection
types and lambda theories. In Electronic Proceedings of WIT'02
(http://www.irit.Jr/zeno/WIT2002/proceedings.shtml). 2002.
41. Roberto Di Cosmo. A brief history of rewriting with extensionality. In Fairouz
Kamareddine, editor, International Summer School on Type Theory and Rewrit-
ing, Glasgow, 1996. Kluwer.
42. Pietro Digianantonio. Game semantics for the pure lazy A-calculus. In Samson
Abramsky, editor, Typed Lambda Calculi and Applications: 5th International
Conference, TLCA 2001 Krakow, Poland, May 2-5, 2001, volume 2044 of Lec-
ture Notes in Computer Science, pages 106-120, Berlin, June 2003. Springer-
Verlag.
43. Pietro Digianantonio, Gianluca Franco, and Furio Honsell. Game semantics
for untyped A,81)-calculus. In Jean-Yves Girard, editor, Typed Lambda Cal-
culi and Applications: 4th International Conference, TLCA '99, L'Aquila, ltaly,
Apri11999, volume 1581 of Lecture Notes in Computer Science, pages 114-128,
Berlin, July 2003. Springer-Verlag.
44. Lavinia Egidi, Furio Honsell, and Simona Ronchi Delia Rocca. Operational,
denotational and logical descriptions: a case study. Fundamenta Informatica?,
16(2):149-170, 1992.
45. Matthias Felleisen and Daniel P. Friedman. A syntactic theory of sequential
state. Theoretical Computer Science, 69(3):243-287, 1989. Preliminary version
in Proc. 14th ACM Symp. Principles of Programming Languages 1987, pages
314-325.
46. Matthias Felleisen, Daniel P. Friedman, Eugene E. Kohlbecker, and Bruce F.
Duba. A syntactic theory of sequential control. Theoretical Computer Science,
52:205-237, 1987.
47. Jean-Yves Girard. The system F of variable types, fifteen years later. Theo-
reti cal Computer Science, 45(2):159-192, 1986.
244 Bibliography

48. Jean-Yves Girard. Linear logic. Theoretical Computer Science, 50:1-102,1987.

49. J. Roger Hindley. Rasic Simple Type Theory, volume 42 of Cambridge Tracts
in Theoretical Computer Science. Cambridge University Press, Cambridge, UK,
1997.
50. J. Roger Hindley and Giuseppe Longo. Lambda calculus models and exten-
sionality. Zeitschrift fUr mathematische Logik und Grundlagen der Mathematik,
26:289-310, 1980.
51. J. Roger Hindley and Jonathan P. Seldin. Introduction to Combinators and A-
Calculus, volume 1 of London Mathematical Society Student Texts. Cambridge
University Press, Cambridge, UK, 1986.
52. Furio Honsell and Simona Ronchi della Rocca. Reasoning about interpretation
in qualitative lambda-models. In M. Broy and C.B. Jones, editors, Proceeding
of IFIP 2.2 Working Conference on Programming Concepts and Methods, pages
505-521, Sea of Galilee, Israel, 1990. North Holland.
53. Furio Honsell and Simona Ronchi DelIa Rocca. An approximation theorem
for topological lambda models and the topological incompleteness of lambda
calculus. Journal of Computer and System Sciences, 45(1):49-75, August 1992.
54. J. Martin E. Hyland. A syntactic characterization of the equality in some
models of the lambda calculus. Journal of the London Mathematical Society,
2(12):361-370, 1976.
55. Gilles Kahn. Natural semantics. In Symposium on Theoretical Aspects of Com-
puter Science, volume 247 of Lecture Notes in Computer Science, pages 22-39,
1987.
56. A. J. Kfoury, Robert A. Moll, and Michael A. Arbib. A Programming Approach
to Computability. Texts and Monographs in Computer Science. Springer-Verlag,
Berlin, 1986. Second edition.
57. Stephen Cole Kleene. Lambda definability and recursiveness. Duke Mathemat-
ical Journal, 2:340-353, 1936.
58. Jan Willem Klop. Combinatory Reduction Systems, volume 127 of Mathematical
Centre Tracts. Mathematischen Centrum, 413 Kruislaan, Amsterdam, 1980.
59. C. P. J. Koymans. Models of the lambda calculus. Information and Computa-
tion, 52(3):306-323, 1982.
60. Jean Louis Krivine. Lambda-Calculus, Types and Models. Ellis Horwood Series
in Computers and Their Applications. Masson, Paris, and Ellis Horwood, Hemel
Hempstead, 1993. Transation from French by Rene Cori, French orig. ed.,
Masson, Paris, 1990.
61. James Laird. A fully abstract bidomain model of unary PCF. In Martin Hof-
mann, editor, Typed Lambda Calculi and Applications, 6th International Con-
ference, TLCA 2003, Valencia, Spain, June 10-12, 2003, Proceedings, volume
2701 of Lecture Notes in Computer Science, pages 211-225. Springer-Verlag,
2003.
62. Joachim Lambek. From lambda calculus to cartesian closed categories. In To
H.B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism,
pages 375-402. Academic Press, 1980.
63. Peter J. Landin. The mechanical evaluat ion of expressions. Computer Journal,
6:308-320, January 1964.
64. Peter J. Landin. A correspondence between ALGOL 60 and Church's lambda-
notation: Part I and Part II. Communications of the ACM, 8(2-3):89-101,158-
165, 1965.
65. Peter J. Landin. The next 700 programming languages. Communications of
the ACM, 9(3):157-166, March 1966.
66. John McCarthy. LISP 1.5 Programmer's Manual. The MIT Press, Cambridge,
Mass., 1962. (with Abrahams, Edwards, Hart, and Levin).
 Bibliography 245

67. Albert Meyer. What is a model of the lambda calculus? Information and
Computation, 52(1):87-122, 1982.
68. Robert Milner. FulIy abstract models of typed lambda-calculus. Theoretical
Computer Science, 4:1-22, 1977.
69. John C. Mitchell. Foundations of Programming Languages. The MIT Press,
Cambridge, MA, 1996.
70. Eugenio Moggi. The Partial Lambda-Calculus. PhD thesis, Edinburgh Univer-
sity, February 1988. Report CST-53-88.
71. C.-H. Luke Ong. FulIy abstract models of the lazy lambda calculus. In 29th
Annual Symposium on Foundations of Computer Science, pages 368-376, White
Plains, New York, 24-26 October 1988. IEEE Computer Society Press.
72. Luca Paolini. Call-by-value separability and computability. In Antonio Restivo,
Simona Ronchi DelIa Rocca, and Luca Roversi, editors, Theoretical Computer
Science, 7th Italian Conference, ICTCS 2001, Torino, Italy, October 4-6, 2001,
volume 2202 of Lecture Notes in Computer Science, pages 74-89. Springer-
Verlag, 2001.
73. Luca Paolini and Simona Ronchi DelIa Rocca. CaII by value solvability. Theo-
retical Informatics and Applications, 33(6):507-534, nov 1999.
74. Luca Paolini and Simona Ronchi DelIa Rocca. The parametric parameter pass-
ing },-calculus. Information and Computation, 189(1):87-106, feb 2004.
75. D. M. R. Park. The Y-combinator in scott's lambda-calculus models. Research
Report CS-RR-013, Department of Computer Science, University of Warwick,
Coventry, UK, June 1976.
76. Adolfo Piperno. An algebraic view of the Bohm-out technique. Theoretical
Computer Science, 212(1-2):233-246, February 1999.
77. Andrew M. Pitts. Operational semantics and program equivalence. In
G. Barthe, P. Dybjer, and J. Saraiva, editors, Applied Semantics, volume 2395
of Lecture Notes in Computer Science, pages 378-412. Springer-Verlag, 2002.
(Revised version of lectures at the International Summer School On Applied
Semantics, APPSEM 2000, Caminha, Minho, Portugal, 9-15 September 2000.).
78. Gordon D. Plotkin. CalI-by-name, calI-by-value and the },-calculus. Theoretical
Computer Science, 1:125-159, 1975.
79. Gordon D. Plotkin. LCF considerd as a programming language. Theoretical
Computer Science, 5:223-225, 1977.
80. Gordon D. Plotkin. A structural approach to operational semantics. DAIMI
FN-19, Aarhus University, Aarhus, Denmark, September 1981.
81. Gordon D. Plotkin. Domains. Dept. of Computer Science, University of Edin-
burgh, 1983.
82. Alberto Pravato, Simona Ronchi DelIa Rocca, and Luca Roversi. The caII by
value },-calculus: a semantic investigation. Mathematical Structures in Computer
Science, 9(5):617-650, 1999.
83. G. E. Revesz. Lambda-Calculus Combinators and Functional Progmmming,
volume 4 of Cambridge 'JIracts in Theoretical Computer Science. Cambridge
University Press, Cambridge, 1988.
84. Simona Ronchi DeHa Rocca. Discriminability of infinite sets of terms in the
Doo -models of the },-calculus. In Egidio Astesiano and Corrado Bohm, edi-
tors, Proceedings of the 6th ColZoquium on Trees in Algebra and Progmmming
(CAAP'81), volume 112 of Lecture Notes in Computer Science, pages 350-364,
Genova, Italy, March 1981. Springer-Verlag.
85. Simona Ronchi DeHa Rocca. Operational semantics and extensionality. In
Proceedings of the 2nd Imternational ACM SIGPLAN Conference on Principles
and Practice of Declarative Programming (PPDP-OO), pages 24-31, Montreal,
September 20-23 2000. ACM Press.
246 Bibliography

86. Antonino Salibra. Topological incompleteness and order incompleteness of the

lambda calculus. ACM Transactions on Computational Logic, 4(3):379-401,
July 2003.
87. David A. Schmidt. Denotational Semantics: A Methodology for Language De-
velopment. Allyn and Bacon, Boston, 1986.
88. Dana S. Scott. Continuous lattices. In F. William Lawvere, editor, Toposes,
Algebmic Geometry, and Logic, volume 274 of Lecture Notes in Mathematics,
pages 97-136. Springer-Verlag, Berlin, Heidelberg, and New York, 1972.
89. Dana S. Scott. Data types as lattices. SIAM Journal of Computing, 5:522-587,
September 1976.
90. Dana S. Scott. Relating theories of the A-calculus. In J. P. Seldin and J. R.
Hindley, editors, To H. B. Curry: Essays on Combinatory Logic, Lambda Cal-
culus and Formalism, pages 403-450. Academic Press, 1980.
91. Joseph E. Stoy. Denotational Semantics of Progmmming Languages: The Scott-
Stmchey Approach to Progmmming Language Theory. The MIT Press, Cam-
bridge, USA, 1977.
92. Christopher Strachey. Fundamental concepts in programming languages.
Higher-Order and Symbolic Computation, 13(1-2):11-49, April 2000. Notes
for the International Summer School in Computer Programming, Copenhagen,
1967.
93. Masako Takahashi. Parallel reductions in lambda-calculus. Information and
Computation, 118(1):120-127, April1995.
94. Daniele Thri and Gordon Plotkin. Towards a mathematical operational seman-
tics. In Proceedings, Twelth Annual IEEE Symposium on Logic in Computer
Science LICS'97, pages 280-291, Warsaw, Poland, 29 June-2 July 1997. IEEE
Computer Society Press.
95. Alan M. Thring. The P-functions in A-K-conversion. The Journal of Symbolic
Logic, 2:164, 1937.
96. Philip Wadler. Call-by-value is dual to call-by-name. In Cindy Norris and Jr.
James B. Fenwick, editors, Proceedings of the Eighth ACM SIGPLAN Inter-
national Conference on Functional Progmmming (ICFP-03), volume 38, 9 of
ACM SIGPLAN Notices, pages 189-201, New York, August 25-29 2003. ACM
Press.
97. Christopher P. Wadsworth. The relation between computational and denota-
tional properties for scott's Doo-models of the lambda-calculus. SIAM Journal
of Computing, 5(3):488-521, September 1976.
98. Glynn Winskel. The Formal Semantics of Progmmming Languages: An Intro-
duction. Foundations of Computing Series. The MIT Press, February 1993.
99. Glynn Winskel. Stable bistructure models of PCF. In Igor Privara, Branislav
Rovan, and Peter Ruzicka, editors, Mathematical Foundations of Computer Sci-
ence 1994, 19th International Symposium, volume 841 of Lecture Notes in Com-
puter Science, pages 177-197, Kosice, Slovakia, 22-26 August 1994. Springer.
Index

->LlO1/,97 nfA,29
(.)*, 212 .J).0,67
(.)+, 212 r,7
=Ll,7 r-NF,35
=01/,97 r-hnf,39
=Llo1/,97 r-lbnf,66
=Ll1/,23 r-nf, 35, 66
App1i, 133 rn,184
App.c, 168 ~, 145
ApPN,154 La, 85, 170
Appv,195 LI, 85, 170
BUB', 133, 168, 195 A,3
B,189 An, 123
B n ,29 A1],26
C M ,145 A-hnf, 25, 66
CL, 163 A-lhnf, 25, 66
C oo , 120 A-nf, 25, 66
C.,;,182 A-pnf,144
Comp1i,133 An-nf,124
Comp.c,168 AI, 7
ComPN,154 N,77
Compv,195 n,123
Cond, 227 n 1i ,129
Eoo, 128, 139 tp1i, 130
l(C), 109 Pred, 229
l(CM), 145 Ift, 36
l(CL), 163 Ift.e, 36
l(Coo ), 120 Ift.e-nf, 36
l(C.,;), 182 ~D' 138
an, 29 ~N' 159, 160
T(C),109 ~r, 52
T(CM),145 ~A, 28
T(CL), 163 Succ,229
T(Coo ), 120 T,229
T(C.,;),182 Test, 229
U,I71 e,65
U~, 29 '\t0,68
Y,27 Va, 93,198
Yr,238 VI, 93,198
YA,234 Var, 3
lil,205 e,65
248 Index

-+.d,6 'IjJ,145
-+:d,9 -+n,123
'\., 39 -+01),97
se, 36 -+'6.01),97
SeD-nf,185 -+'6.,7
S, 36, 66 -+rn,184
Zero, 229 -+vn , 184
L,163 -+ALn,165
~N, 78 -+An,123
~H, 73 -+Ln,165
~v, 90 -+01),97
~L, 82 -+'pf,36
~o, 68 -+3fn,185
args, 29 <:::],202
H, 67, 73 <:::]0",202
L,67 J).v,89
N,67 :::::'e,29
0,66 '-', 96
V, 67 '-'H,97
-+;f,42 '-'L, 98
0,105 '-'N, 97
0'17,114 '-'v, 98
1;;;1L,207 n,207
e,210 I;;;k, 128
[.], 105 1;;;:F,116
"'1212,176 I;;;rt, 125
"'VV, 206 1;;;1212, 176
=,3 I;;;N,146
E(.1, 8), 67 I;;;vv,206
')1, 229 V, 182
~, 96 i,114
J).H,73 f- L ,164
00, 120 f-CX),120
A-term,3 f- v' 183
(.Î, 44 f-~, 146

J).L, 82 M, 3
:s;~, 145 A, 124
:S;L,163 AV,185
:S;CX),120 AL, 165
:S;v,182 E,218
:S;'I7IL, 212 F( V), 204
«, 125 7-l, 121
«~, 139 'I, 215
«e, 136 :1,217
A, 208 LL,176
'\7,109 L,163
J).N,77 N,145
qy, 120 U,219
:::Sv,90 Uv, 185
:::SN,78 VV,205
:::SH,73 V, 183
:::SL,82 rr..,207
:::S0,68 rr..CX),21O
 Index 249

abstraction, 3 contractum
active, 9 - tJie, 36
- Ee, 42 - .1,6
algorithm correctness
- r -separability, 52 - H, 75
- A-separability, 32 - L, 83
- N-Semiseparability, 160 - N, 79
- semiseparability, 138 - V, 90
application, 3
approximant, 124 D,4
- ..In, 185 defined, 159
- Ln, 165 degree
- defined, 159 - r, 39
- maximal along a path, 139 - A, 26
- upper, 185 derivation, 67, 110
arguments, 8 - size, 67
discriminability
basis, 109 - 'H, 127
- agree, 114 - N, 150
- finite, 133, 154, 168, 195 - head, 99
binder,4 domain, 207
block - constructor, 209
- head, 8
body, 8 E,4
embedding, 209
calculus environment, 105
- AA, 25 equivalence
- Ar, 35 - operational, 68
- A.1, 6 evaluat ion relation, 66
- complete, 69 - deterministic, 68
correct, 69 - nondeterministic, 68
call-by-name, 8, 25 - uniform, 99
call-by-value, 8, 35 universal, 71
closure
- Var, 7 filter, 113
- reduction, 7 fixed point
- substitution, 7 - r, 40
compact, 207 - A, 27
compact-as-types procedure, 212 - operator, 27, 41
complete development, 15 function
confluence, 8 - Z, 226
- Ee, 41 - O-representable, 233
congruence, 21 - composition, 226
context, 6 - continuous, 207
- H-relevant, 75 - embedding, 209
- L-relevant, 83 - minimalization, 226
- N-relevant, 79 - monotone, 207
- V-relevant, 91 - partial recursive, 226
- .1-valuable, 12 - primitive recursive, 226
- discriminating, 69 - projection, 209, 226
- head, 12 - step, 208
- relevant, 69 - strict, 207
cont inuous , 207 - successor, 226
250 Index

greatest lower bound, 207 - V, 183

lift ing, 209
head
- block, 8 machine
- context, 6 - reduction, 68
- redex, 8 minimalization, 226
- variable, 8 model
head normal form - .\..:1, 105
- r, 39 - H, 121
- A, 25, 66 - ,C,c, 176
- A-lazy, 25, 66 - ,c, 163
- IN, 36 - N, 145
hole,6 - VV, 205
- V, 183
1,4 - complete, 106
incompleteness - correct, 106
- H, 76 - filter, 116
- L, 84 - - complete, 117
- N, 80 - - correct, 117
- V, 92 - - fully abstract, 117
inhabited, 173 - fully abstract, 107
input value, 7 monotone, 207
- approximated, 184
- standard set, 10
normal form, 7
interpretation 105 114
intersection' , - r, 35, 66
- relation, 109
- rn, 184
- A, 25, 66
- - [xl, 145
- An, 124
-- L, 163
-- 00,120
- Ln, 165
-- V, 182 - tliE, 36
- ..:1,7
- type assignment system, 108
- sen, 185
- types, 109
- persistent, 144
inverse limit, 210
isomorphic, 208 normalizing
- tliE, 36
- ..:1,7
K,4
numeral system, 228
language, 3
- An, 123 0,4
lattice occur,4
- w-algebraic, 207 operational semantics
- complete, 207 - L, 82
lazy - N, 77
- tli-contractum, 36 - V, 89
- tli-redex, 36 - H, 73
- tli-reduction, 36 order
lazy blocked nf - r, 39
- r, 66 - A, 26
least upper bound, 207 output value, 65
legality, 112
- [xl, 145 pair, 227
- L, 163 partial recursive, 226
- 00, 121 Peano's natural numbers, 228
 Index 251

pointwise, 208 -- H, 137

primitive recursive, 226 -- N, 159
principality condition, 65 separability, 22
principle - r, 40
- operational extensionality, 96 - A, 26
- operational functionality, 96 separable, 22
projection, 209 sequentialization, 9
set of input types, 109
recursion size, 67
- call-by-value, 41 solvability
redex - r, 39
r,35 - A, 26
lfte,
36 SOS, 65,101
Ll,6 standardization, 9
Se-degree, 42 - se, 43
- Se-principal, 42 - theorem, 10
- degree, 9 strict, 207
- head, 8 strongly normalizing
- principal, 9 - lfte, 36
reduction, 6 - Ll, 7
ra,184 subdomain, 209
substitution, 5
Vil, 184
AL il, 165 subterm, 4
Ail,123 term
Lil, 165 r -solvable, 38
0",,97 r-valuable, 35
- il, 123 O-comparable, 96
- lft-Iazy, 36 Ll-solvable, 12
- ....... .:1, 14 Ll-unsolvable, 12
- Ll,6 - H-computable, 133
- =>.:1,14 - .c-computable, 168
=>~, 16 - N-computable, 154
=>~, 19 - V-computable, 195
---+~, 19 - closed, 4
- ---+~, 9 - occurrence, 4
- seil, 185 - open, 4
S-lazy,36 - openly A-solvable, 120
a,5 - potentially r-valuable, 35
- "', 23 term model, 107
- parallel deterministic, 14 theory
- parallel nondeterministic, 14 - LlO"" 97
- principal, 9 - Ll, 21
- standard, 9 - consistent, 22
replacement, 4 - fuU extensional, 23
- simultaneous, 5 - inconsistent, 22
retraction, 209 - input consistent, 22
retraction sequence, 210 - input inconsistent, 22
- maximal, 22
semantics - semisensible, 22
- denotational, 106 - sensible, 22
- operational, 68 type
semiseparability - assignment system, 109
- algorithm - constant, 109
252 Index

- input, 109 typing, 110

- system, 109
-- ~, 145 variable
-- L, 163 - bound, 4
-- 00,120 - free, 4
-- V, 182 - head, 8
- - legal, 112
- theory, 109 weight, 43
Monographs in Theoretical Computer Science • An EATCS Series

K. Jensen E. Best, R. Devillers, M. Koutny

Coloured Petri Nets Petri Net Algebra
Basic Concepts, Analysis Methods S.P. Demri, E. S. Odowska
and Practical Use, VoI. 1 Incomplete Information:
2nded. Structure, Inference, Complexity
K. Jensen J.C.M. Baeten, C.A. Middelburg
Coloured Petri Nets Process Algebra with Timing
Basic Concepts, Analysis Methods L.A. Hemaspaandra, L.Torenvliet
and Practical Use, VoI. 2 Theory of Semi-Feasible Algorithms
K. Jensen E. Fink, D. Wood
Coloured Petri Nets Restricted-Orientation Convexity
Basic Concepts, Analysis Methods
Zhou Chaochen, M. R. Hansen
and Practical Use, VoI. 3
Duration Calculus
A. Nait Abdallah A Formal Approach to Real-Time
The Logic of Partial Information Systems
Z. Fiilop, H. Vogler M. GroBe-Rhode
Syntax-Directed Semantics Semantic Integration
Formal Models Based of Heterogeneous Software
on Tree Transducers Specifications
A. de Luca, S. Varricchio
Finiteness and Regularity
in Semigroups and Formal Languages
Texts in Theoretical Computer Science . An EATCS Series

J. L. Balea.zar, J. Diaz, J. Gabarr6 S. Jukna

Structural Complexity I Extremal Combinatorics
With Applications
M. Garzon
in Computer Science
Models of Massive Parallelism
Analysis of Cellular Automata P. Clote, E. Kranakis
and Neural Networks Boolean Functions
and Computation Models
J. Hromkovic
Communication Complexity L. A. Hemaspaandra, M. Ogihara
and Parallel Computing The Complexity Theory Companion
A. Leitsch C.S. Calude
The Resolution Calculus Information and Randomness.
G. Păun, G. Rozenberg, A. Salomaa An Algorithmic Perspective
DNA Computing 2nd ed.
New Computing Paradigms J. Hromkovic
A. Salomaa Theoretical Computer Science
Public-Key Cryptography Introduction to Automata,
2nd ed. Computability, Complexity,
Algorithmics, Randomization,
K. Sikkel Communication and Cryptography
Parsing Schemata
A Framework for Specification A. Schneider
and Analysis of Parsing Algorithms Verification of Reactive Systems
Formal Methods and Algorithms
H. Vollmer
Introduction to Circuit Complexity S. Ronchi Della Rocca, L. Paolini
A Uniform Approach The Parametric Lambda Calculus
A Metamodel for Computation
w. Fokkink
Introduction to Process Algebra Y. Bertot, P. Casteran
K. Weihrauch Interactive Theorem Proving
Computable Analysis and Program Development
An Introduction Coq' Art: The Calculus
of Inductive Constructions
J. Hromkovic
Algorithmics for Hard Problems L. Libkin
Introduction to Combinatorial Elements of Finite Model Theory
Optimization, Randomization,
Approximation, and Heuristics
2nded.