culi of combinators, particularly those of categorical combinators [4]. ... the )ta-calculus over combinator calculi is that it re- ..... where Y is a fixpoint combinator,.
Explicit M. Abadi*
Substitutions
L. Cardelli*
P.-L. Curien+
Abstract
The correspondence between the theory and its implementations becomes highly nontrivial, and the correctness of the implementations can be compromised,
The )tu-calculus is a refinement of the &calculus where substitutions are manipulated explicitly. The Acr-calculus provides a setting for studying the theory of substitutions, with pleasant mathematical properties. It is also a useful bridge between the classical &calculus and concrete implementations.
1
In this paper we study the Ao-calculus, a refinement of the X-calculus [l] where substitutions are manipulated explicitly. Substitutions have syntactic representations, and if a is a term and s is a substitution then the term a[s] represents u with the substitution s. We can now express a p rule with delayed substitution, called Beta:
Introduction
(Ax.u)b
Substitution is the e’minence gtise of the X-calculus. The classical p rule,
uses substitution crucially though informally. Here a and b denote two terms, and a{b/z} represents a where al1 free occurrences of z are replaced with b. This substitution does not belong in the calculus proper, but rather in an informal meta-level. Similar situations arise in dealing with all binding constructs, from universal quantifiers to type abstractions. A naive reading of the p rule suggests that the substitution of b for 1: should happen at once, when the rule is applied. In implementations, substitutions invariably happen in a more controlled way. This is due to practical considerations, relevant in the implementation of both logics and programming languages. The term a{b/z} may contain many copies of b (for instance, if a = azzt); without sophisticated structure-sharing mechanisms [13], performing substitutions immediately causes a size explosion. Therefore, in practice, substitutions are delayed and explicitly recorded; the application of substitutions is independent, and not coupled with the ,.0rule.
+/z)
’ id]
When one considers weak reduction strategies, the treatment of substitutions can remain quite simpleand then our approach may seem overly general. Weak reduction strategies do not compute in the scope of A’s. Then, there arise no nested substitutions or substitutions in the scope of A’s. All substitutions are at the top level, as simple environments. An ancestor of the &r-calculus, the Xpcalculus, suffices in this setting [5]. However, strong reduction strategies are useful in general, both in logics and in typechecking higher-
‘Digital Equipment Corporation, Systems Research Center. t Ecole Normale Supbieure; part of this work was completed while at Digital Equipment Corporation. tINRIA Rocquencourt; part of this work was completed while at Digital Equipment Corporation.
Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by pcrmkion of the Association for Computing Machinery. To copy otherwise. or to republish, requires a fee and/or specific permission.
$1.50
-‘Bela
where (b/z) . id is syntax for the substitution that replaces z with b and affects no other variable (“.>’ represents extension and id the identity substitution). Of course, additional rules are needed to distribute the substitution later on. The Au-calculus is a suita.ble setting for st.udying the theory of substitutions, where we can express and prove desirable mathematical properties. For example, the calculus is Church-Rosser and it is a conservative extension of the X-calculus. Moreover, the Xa-calculus is strongly connected with the categorical understanding of the X-calculus, where a substitution is interpreted as a composition [5]. We propose the Xa-calculus as a step in closing the gap between the classical Lcalculus and concrete implementations. The calculus is a vehicle in designing, understanding, verifying, and comparing implementations of the X-ca.lculus, from interpreters to machines. Other applications are in the analysis of typechecking algorithms for higher-order languages and in the mechanization of logical systems.
(Xx.a)b +p a{b/x}
0 1990 ACM 089791-3434/90/0001/0031
J.-J. Livyt
31
In first-order typed systems, the binder be preserved, for example:
order programming languages. In fact, strong reduction strategies are useful in all situations where symbolic matching has to be conducted in the scope of binders. Thus, a general treatment of substitutions is required, where substitutions may occur at the top level and deep inside terms.
De Bruijn
(h)b
2.2
-+p a{b/l,i/2,2/3,...)
An untyped
calculus
We shall study a simple set of algebraic operators that perform all these index manipulations-without * . *‘s, even though we treat infinite substitutions that replace all indexes. If s represents the infinite substitution {a1/i,a2/2,a3/3,. . .}, we write a[s] for a with the substitution s. A term of the form a[s] is called a closure. The change from { }‘s to [ 1’s emphasizes that the substitution is no longer a meta-level operation.
overview
notation
becomes
AAl.
When pushing this substitution inside a, we may come across a X term (Xc)(b/i, l/2,2/3,. . .}. In this case, we must be careful to avoid replacing the occurrences of 1 in c with b, since these occurrences correspond to a bound variable and the substitution should not affect them. Hence we must “shift” the substitution. In addition, we must “lift” all the indices of b in order to prevent captures. We obtain ik{i/l, b{2/1,3/2,...}/2,2/3,...}. This informal introduction to De Bruijn not,ation should suffice to give the flavor of things to come.
The syntax of the untyped
In De Bruijn notation, variable occurrences are replaced with positive integers (caIIed De Bruijn indices); binding occurrences of variables become unnecessary. The positive integer n refers to the variable bound by the n-th surrounding X binder, for example: Xx.Xy.xy
too are re-
De Bruijn notation is unreadable, but it leads to simple formal systems. Hence we use indices in inference rules, but variable names in examples. Classical /3 reduction and substitution must be adapted for De Bruijn notation. In order to reduce (/\a)b, it does not suffice to substitute b into a in the appropriate places. If there are occurrences of 2, 3, 4, . . . in a, these become “one off,” since one of the X binders surrounding a has been removed. Hence, all the remaining free indices in a must be decremented; the desired effect is obtained with an infinite substitution: the /? rule becomes
We start with a review of De Bruijn notation, and then preview untyped, first-order, and second-order calculi of substitutions.
2.1
becomes
hAJx:A.x
There are actually several versions of the calculus of substitutions. We start out by discussing an untyped calculus. The main value of the untyped calculus is for studying evaluation methods. We give reduction rules that extend those of the classical X-calculus and investigate their confluence. \Ve concentrate on a presentation that relies on De Bruijn’s numbering for variables [2], and briefly discuss presentations with more traditional variable names. Then we proceed to consider typed calculi of substitutions, in De Bruijn notation. We discuss typing rules for a first-order system and for a higherorder system; we prove some of their central properties. The typing rules are meant to serve in designing typechecking algorithms. In particular, their study has been of help for both soundness and efficiency in the design of the Quest typechecking algorithm (31. We postpone discussion of the untyped calculi to section 3 and of the typed calculi to sections 4 and 5. We now proceed with a gentle technical overview.
Informal
XA.XB. 21
In second-order systems, type variables placed with De Bruijn indices:
In some respects, the Ao-calculus resembles the calculi of combinators, particularly those of categorical combinators [4]. The Xa-calculus and the combinator calculi all give full formal accounts of the process of computation, without suffering from unpleasant complications in the (informal) handling of variables. They all make it easy to derive machines for the X-calculus and to show the correctness of these machines. From our perspective, the advantage of the )ta-calculus over combinator calculi is that it remains closer to the original A-calculus.
2
becomes
Xx:A.Ay:B.xy
types must
Terms Substitutions
Xo-calculus
is:
a::= lIab))LaIu[s] s ::= id)l]a.s]sot
This syntax of substitutions corresponds to the index manipulations described in the previous section:
xx21
l
32
id is the identity
substitution
{i/i}
(for all i)
l
l
l
l
2.3
t (shift) is the substitution {(i+ 1)/i}; for example, l[l] = 2. Thus, we need only the index I; n+lis coded as l[l”], where I” is the composition 0 t. We also write 1’ for id. ofnshifts,lo...
{a/i,
1 +T
=
{l/lJ(1)/2,T(2)/3,.
l/2,2/3,.
The environments are used in the type inference rules, as is commonly done, to record the types of the free variables of terms. Naturally, in this setting, environments are indexed by De Bruijn indices. The environment Al, AZ, . . . , A,, nil associates type Ai with index i. For example, the axiom for I and the rule for X abstraction are:
. .) . .} = id
s o t (the composition of s and t) is the substitution such that a[s o t] = a[s][t], hence s o t = {s(i)/i) ot = (s(i)[l]/i) and, for example, id 0 t to(a.s)
=
{id(i)[2]/i}
=
{t(i)[u.
= {t(i)/i} s]/i}
= t
= {s(i)/ij
A,E
A,E t- b:B E 1 r4A.b:A-+B In the first-order Xa-calculus, environments also serve as the “types” of substitutions. 1C’ewrite s :_ E to say that the substitution s “has” the environment E. For example, the typing rule for cons is:
we can write the Beta rule as
E I- a:A E I- s :. E’ E I- a:A 9s :, A, E’
(Aa)b ~~~~~ a[b . id] To complement this rule, we can write rules to evaluate 1, for instance l[c.s]
and rules to push substitution
The main use of this new notion is in typing closures. Since s provides the context in which a should be understood, the approach is to compute the environment E’ of s, and then type a in that environment:
-+c
inwards,
I- 1:A
= s
At this point, we have shown most of the algebraic properties of the substitution operations. In addition, composition is associative and distributes over cons (that is, (a . s) o t = u[s] . (s o t)). Moreover, the last example above indicates that I o s is the “rest” of s, without the first component of s; thus, i[s].(fos) = s. Using this notation,
A ::= Ir’ 1A ---f B E ::= nil/A, E a ::= 1) ab 1XA.a 1a[s] s ::= idJ+:A.sjsot
Types Environments Terms Substitutions
a . s (the cons of (z onto s) is the substitution {a/i, s(i)/(i + I)}; for example, =
calculus
When we move to a typed calculus, we introduce types both in terms and in substitutions. We assume a set of constant types I
Ah CIOS
(xa)[s] = x(a[i . (s 0 T>]> 44 PI = a[s 0 t]
IdL
idos=s
= 1
ShiftId
toid=t
ShiftCons
f o (u . s) = s
Map
(a . s) 0 t = u[t] 1(s 0 t)
Ass
(61 0 $2) 0
s3
except in subterms Bruijn index n+l. classical &calculus i[r”] and n+i). In summary, the
= $1 0 (sa 0 s3)
Terms Substitutions
The equational theory follows from these axioms and rules for replacing equals for equals. Our choice of presentation is guided by the structure of terms and substitutions. The Beta rule eliminates A’s and creates substitutions; the function of the other rules is to eliminate substitutions. Two rules deal with the evaluation of 1. The next three deal with pushing substitutions inwards. The remaining five express substitution computations. We prove below that the substitution rules always produce unique normal forms; we denote by cr(u) the u normal form of a. The classical p rule is not directly included, but it can be simulated. The crucial fact is that, if Ql,...) an,... is a sequence of consecutive integers after some point, then the meta-level substitution {al/l,. . . ,u,/n,. . .} corresponds closely to an explicit substitution:
Therefore, the simulation of the ,0 rule consists in first applying Beta and then (J until a (I normal form is reached.
3.4 p is confEvent on u normalforms.
Lemma S -Beta
3.5 If u ~~~~~ b then u(u) t then u(s) +; u(t).
-i;
a(b).
If
Variants
Some subsystems of u are reasonable first steps to deterministic evaluation algorithms. ?Ve can restrict u in three different ways. The rule Clos can be removed. The inference rule s = s’ t = t’ sot = dot
3.2 Beta + u is confluent.
can be removed, and the inference rule for the closure operator can be restricted to
The proof does not rely on standard rewriting techniques, as Beta + 0 does not pass the Knuth-Bendix test (but u does). We come back to this point below. Instead, the proof relies on the termination and confluence of 6, the confluence of the classical Xcalculus, and Hardin’s interpretation technique [7]. First we show that CYis noetherian (that is, d reductions always terminate) and confluent. 3.3 u is noetherian
a ::= r]l[t”]lablXu s::= idIfnlu.s
Lemma
3.2
As usual, we want a confluence theorem. This theorem will guarantee that all rewrite sequences yield identical results, and thus that the strategies used by different implementations are equivalent:
Proposition
syntax of u normal forms is:
After these remarks on u, we can apply Hardin’s interpretation technique to show that the full Au system is confluent. First, we review Hardin’s method. Let X be a set equipped with two relations R and S. Suppose that R is noetherian and confluent, and denote by R(t) the R normal form of I; that 5’~ is a relation included in (R U S)* on the set of R normal forms; and that, for any z and y in X, if S(I, y) then SWW R(Y)). A n easy diagram chase yields that if SR is confluent then so is (R U S)‘. In our case, we take R to be the relation induced by u, that is, R(r, y) holds if zr reduces to y with the u rules. We take SR to be classical p conversion, that. is, SR(Z, y) holds if y is obtained from z by replacing a subterm of the form (Xu)b with u(a[b id]). Thus two lemmas suffice for proving confluence:
Proposition 3.1 If there ezist m 2 0 and p 2 0 such that am+g = p + q foT all q 2 1, then a{al/l, , . . , u,/n, . . ,} = a(u[ai . a2 . . . . . a, . IPI).
Theorem
such as i[l”], which codes the De Thus, a term in normal form is a term (module the equivalence of
s = s’ 1 [s] = l(s’] These restrictions (even cumulated) do not prevent us from obtaining u normal forms and confluence, through the interpretation technique. Confluence properties suggest a second kind of variant. Although Beia $ u is confluent, when we view it as a standard rewriting system on first-order terms it is not even locally confluent. The subtle point is that we have proved confluence on closed Xu terms, that is, on terms exclusively constructed from the operators of the Xu-calculus: In contrast, checking critical
and confluent.
Since 0 is noetherian, let us examine the form of CT normal forms. A substitution in normal form is necessarily in the form ai . (ur . (. . . (a,,, . U) . .)) where U is either id or a composition IO (. . . (I 0 I). . #). A term in normal form is entirely free of substitutions,
35
us from the claimed counterexample. There are two additional cases for term u normal forms:
pairs involves considering open terms over this signature, with metavariables (that is, variables x and u ranging over terms and substitutions, different from De Bruijn indexes 1,2,. . .). Consider, for example, the critical pair:
Terms
For local confluence, we would want the equation (s o id) = s, but this equation is not a theorem of c. Similar critical pair considerations suggest the addition of four new rules: a[id] = a
IdR
soid-s
VarShift
l.t=
scans
l[s] . (to s) = s
3.3
id
o (I . zd)] . (to (u o ((21)
The
Xo-calculus
with
names
Let us discuss a more traditional formulation of the calculus, with variable names z, y, z, . . , , a.s a small digression. Two ways seem viable. In one approach, we consider the syntax: Terms Substitutions
a ::= x(ab(Xx.a)a[s] s::=id~(a/++ot
The corresponding
These additional rules are well justified from a theoretical point of view. However, confluence on closed terms can be established without them, and they are not computationally significant. Moreover some of them are admissible (that is, every closed instance is provable). More precisely Id and IdR are admissible in u, and SCons is admissible in c~ + VarShij?. We should particularly draw attention to the last rule, SCons. It expresses that a substitution is equal to its first element appended in front of the rest. This rule is reminiscent of the surjective-pairing rule, which deserved much attention in the classical Xcalculus. Klop has showed that sujective pairing destroys confluence for the X-calculus [IO]. Similarly, we conjecture that our system is not confluent when we have metavariables for both terms and substitutions. (Local confluence still holds.) The following term, inspired by Klop’s counterexample [lo], seems to work as a counterexample to confluence: Y(Y(XAx[l[u
l]i[t”]]ab]Xa]x]x[s]
We believe that confluence can be proved in this case by the interpretation technique. Confluence on normal forms would be obtained through an encoding of the normal forms in the X-calculus extended with constants, which is known to be confluent (x becomes a constant; x[s] becomes a constant applied to the elements of s).
NWbM -+* a[b[u]. u] ((Xa)b)[u]+* a[b[u]*(u0id)]
Id
a::=
theory includes axioms such as:
Beta
(X~.a)b = a[(b/~)
. id]
Varl
x[(a/x)
Var2
X[(QlY) . 4 = 44
Var3
x[id] = x
Abs
(~x.4[4 = XY.(4(Y/4 .sI) (y occurs in neither a nor s)
* s] = a (x # Y>
The rules correspond closely to the basic ones presented in De Bruijn notation. The Abs rule does not require a shift operator, but involves a condition on variable occurrences. (The side condition could be weakened.) The consideration of the critical pairs generated by the previous rules immediately suggests new rules, for example: wJ4
. WY)
- s> = WY) . Wx)
.s>
(x f Y>
These are unpleasant rules. The given rule destroys the existence of substitution normal forms. Intuitively, we may take this as a hint that this calculus with names does not really enjoy nice confluence features. In this respect, the calculus in De Bruijn notation seems preferable.
id)))]))
where Y is a fixpoint combinator, x is a term metavariable, and u is a substitution metavariable. The reader may wonder what thwarts the techniques used in the last subsection. The point is that in Lemma 3.5, our reduction to the classical substitution lemma depended on the syntax of substitutions in normal form, which is not so simple any more (the syntax allows in particular expressions of the form u o (1 . id), as in the claimed counterexample). \?e can go half way in adding metavariahles. If we add only term metavariables, the syntax of substitution CTnormal forms is unchanged. This protects
There is an alternative solution, erator. The syntax is now: Terms Substitutions
with the shift op-
a ::= xlablJtx.ala[s]
s::= ia~t((a/z)~s~so2
In this notation, intuitively, x[I] refers to x after the first binder. The equations are the ones of the Xacalculus in De Bruijn notation except for:
36
Beta
(Ax.a)b = a[(b/x)
Varl
x[(u/x)
. s] = a
Var2
4WY)
’ 4 = zbl
Var3
x[id] = 2
Abs
(Xz.a)[s]
The new rule is an optimization reduction steps
. id]
ttwsl)b 1* a[(~
tx # Y)
= xx.(u[(x/x)
A normal-order
. (s 0 t)])
strategy
As usual, we want a complete rewriting strategy-a deterministic method for finding a normal form whenever one exists. Here we study normal-order strategies (the leftmost-outermost redex is chosen at each step). Completeness follows from the completeness of the normal-order strategy for the X-calculus. The normal-order algorithm naturally decomposes into two parts: a weak normal-order algorithm, for obtaining weak head normal forms, and recursive calls on this algorithm. In our setting, weak head normal forms are defined as follows:
3.5
Proposition 3.7 If a r, b then either u(a) 2, a(b) or U(U) and o(b) are identicd. The 1 reduction of a ?erminates (with a weak head normal form) i# the Z:p reduction of u(a) terminates. is a complete strategy.
We can also define a system “3, which incorporates some slight optimizations (present also in our abstract machine, below). In “-“, the rule ((Au) [s])b “1 a[b . s] replaces the rules (An)b 5 a[b . id]
(Xu)[s] :
Towards
an implementation
As a further refinement, we adapt “2, to manipulate only expressions of the forms c[1] and s o t. The substitution t corresponds to the “global environment ,” whereas substitutions deeper in a or s correspond to “local declarations.” In defining our machine, we take the view that the linear representation of a can he read as a sequence of machine instructions acting on the graph representation of t. In this approach, some of the original rules are no longer acceptable, since they do not yield expressions of the desired forms, For example, the reduct of the App rule, (u[s])(b[s]), is not a closure. In order to reduce (ab)[s], we have to reduce a[sJ to a weak head normal form first. In the machine discussed below! we use a stack for storing b[s]. The following reducer whnf () embodies these modifications to Y. The reducer takes a pair of arguments, the term a and the substitution s of a clo sure, and returns another pa.ir, of one of the forms (nai . ..a., id) and (Au’, s’). To compute whnf 0, the following axioms and rules should be applied, in the order of their listing. W’e proceed by cases on the structure of a, and when a is n by cases on the SLPUCture of s, and when s is a composition t o t’ by cases on the structure of t.
We write 1 p for the usual (one step) weak normalorder fl reduction in the A-calculus, and write -% for the (one step) weak normal-order Beta + u reduction in the Xa-calculus. Clearly, 1, and 2 are related:
3.8 1
(s o t)) o (b . id)] -+* a[b I s]
Proposition 3.9 If a 2 b then either C(U) and b(b) are identical or u(a) 4, o(b). The y reduction terminates (with a term of the form (Xa)[s] or ml . . . a,,,) iff the 1, reduction of u(a) terminates.
Definition 3.6 A weak head normal form (whnffor short) is a Ag term of the form Aa or nal - - - a,,,.
CorollarS;
by the v
which is not allowed in z. Both -5 and “2 are weak in the sense that they do not reduce under X’s. In addition, “1 is also weak in the sense that substitutions are not pushed under X’s. In this respect, “1 models environment machineswhile 5 is closer to combinator reduction machines. We do not exactly get weak head normal formsfor instance, 2 does not reduce even (X11)(X11) or (l[(~ll) . id])(Xll). This motivates a syntactic restriction which entails no loss of generality: we start with closures, and all conses have the form a[s].t. Under this restriction, we cannot start with (~ll)(Xll)~ but instead have to write ((Xil)(All))[id], which has the expected, nonterminating behavior. We obtain:
This framework may be useful for showing the differences between dynamic and lexical scopes in pro gramming languages. The rules here correspond to lexical binding, but dynamic binding is obtained by erasing the shift operator in rule A bs.
3.4
justified
whnf(ia,
A(a[l -(s or)])
37
s) = (An, s)
whnf(a,sj = (Ad,s’j whnf(ab, zuhnf(a,sj
Subst t u[s] * t a.s sod
s) = zohnf(a’, b[s] . s’)
= (a’, id) (a’ not an abstraction) whnf(ab, sj = (a’(b[s]j, id) whnf(n,
id) = (n, id)
whnf(n, whnf(1,
S
t) = (n+l, id)
u[s] * tj = whnf(a,
S
s)
S
whnf(n,
S’
s o s’) = whnf (n[s], s’)
whnf(n[id], whnf(n[t], whnf(i[a whnf(nti[a.
S’ S”
s) = whnf (n, s)
A simple extension
. ~1,s’) = whnf(a,
S
Subst id S S .d S
6.s S S S’
Term n+l a n 44 a a n n+i a
S’ 44 s’ 0 s” n[sl s 0 s’ a
Stack S S s s b[s] .S S S S S
s s S
s’j Specifically, when the machine terminates with the triplet (s,Xa, ( >>, we restart it in the initial state (1 . (s 0 t),a, ( )I, and when the machine terminates wit.h the triplet (id,n, ul[s1] . . . . . a,[~,] . ( )), we restart n copies of the machine in the states
~1,s’) = whnf(n[s],s’j
s’j = whnf(a,
s o s’)
of the rules yields normal forms:
whnf(a,sj d(a,
44
S’
Stack S S S S S b.5’ S S S S S
s) = urh?zf(n+i, sj
zuhnf(nfs o s’], s”) = zuhnf(n[s], s’ o s”) whnf(a[s],
4tl l[aas] nti[a.s] n[s 0 s’]
S
whnf (n+i, a . s) = whnf (n, s)
Term n 1 n+l n ab Xa n[id]
(Sl,al,oj,...,(s,,a,,o).
The machine is correct:
= (Xa’,t)
3.11 Starting in the state (s,a, ( )), the machine terminates in (id,n, al . . . . . a,,,) ifl whnf(a, s) = (nal . . . am, id), and it terminates in (s, Xa, ( )j ifl whnf(a, s) = (Xa, s).
Proposition
sj = A(nf (a’, 1 . (10 t)))
whnf(a, s> = (n(al[sll) . . . (~mI~m3)j 4 nf(a,s) = n(nf(al, slj). . . (nf(a,, smj> The precise soundness property
of whnf()
is:
By now, we are far away from the wiidiy nondeterministic basic rewriting system ‘of Section 3.1. However, through the derivations, we have managed to keep some understanding of the successive refinements and to guarantee their correctness. In great part, this has been possible bec.ause the Xc-calculus is more concrete than the X-calculus, and hence an easier starting point.
3.10 Given a and s, whnf(a,s) = (a’, s’) is provable if and only if u(a’[s’]) is the weak head normal form of o(a[s]j.
Proposition
The last step we consider is the derivation of a transition machine from the rules for whnf(j. One basic idea is to implement the recursive call on u[s] during the evaluation of (ab)[s] by using a stack to store the argument b[s]. Thus, the stack contains closures. The following table represents an extension of Krivine’s abstract machine [ll, 5]. The first column represents the “current state,” the second one represents the “next state.” Each line has to be read as a transition from a triplet (Subst., Term, Stack) to a triplet of the same nature. To evaluate a program a in the global environment s, the machine is started in state (s, a, ( )), where ( ) is the empty stack. The machine repeatedly uses the first applicable rule. The is applicable any machine stops when no transition more. These termination states have one of the forms (id,n,ul . ... . a,) and (s,Xu, ( )), which represent nul a, and (Xa)[s], respectively. The machine can be rest,arted when it stops, and then we have a full normal form X reducer.
4
First-order
theories
In the previous section, we have seen how to derive a machine that can be used as a sensible implementation of the untyped )ra-calculus, a.nd in turn of the untyped X-calculus. Different implementation issues arise in typed systems. For typed calculi, we need not just an execution machine, but also a typechecker. As will become apparent when we discuss second-order systems, explicit substitutions can also help in deriving typecheckers. Thus, we want a typechecker for the Xu-calculus. At the first order, the typechecker does not present much diffculty. In addition to the usual rules for a classica.1 syst,em Ll, we nlust handle the typechecking of substitutions. Inspection of the rules of Ll shows
38
that this can be done easily, since the rules are deterministic.
(ST-id)
E k id :. E
In this section we describe the first-order typed Xacalculus. We prove that it preserves types under reductions, and that it is sound with respect to the X-calculus. We move on to the second-order calculus in the next section. We start by recalling the syntax and the type rules of the first-order X-calculus with De Bruijn’s notation.
(Sl-shift)
A,E
(S l-cons)
E I- u:A EtE I- a:A.s:.A,E’
(Sl-Comp)
E k s’, :. E” El’ t 5’ :. E’ E k s’ o s” :. E’
A ::= K 1 A -+ B E ::= nil 1A, E a ::= n 1 AA.a 1 ab
Types Environments Terms Definition
4.1 (Theory A,E
(Ll-varn)
E I- n:B A,E t n+i:
(Ll-lambda)
W-vp)
.
I- i:A
B VarCons
l[a:A
A,E t b:B E I- AA.b:A-+B
Abs
(X.4.a)[s] = X=l.(a[l:A
ShiftCons
t o (a:A
E I- a:A E t- b:A+B E I- ba:B
Map
(u:A . s) o t = a[t] :A
&r-calculus
KIA --+ B nil IA, E l(ab(XA.a(a[s] idItja:A.slsot
4.2 (Theory
Together,
(s o t)
E 5.1 ~1.4
(Sl-var)
A,E
(Sl-lambda)
A,E k b:B E t- XA.b: A -
W-44
E !- a:A E t- b:A+B E k ba:B
(Sl-40s)
E’k E I- s :. E’ E t- a[s] : A
the two lemmas give us soundness:
Proposition 4.5 (Soundness) E k~l a(a):A.
If E ksl
a:.4 then
One may wonder whether a cornpletemss result holds, as a converse to our soundness result. T:nfwtunately, the answer is no. For instance. if Ll gives a t,ype to a but not to b, then Sl cannot give a type to l[a.b.id], while Ll gives a type to a(l[cl.b. in]), that is, to a. However, if Ll gives types to a aud b. then Sl gives a type to 11~~. b. id]. Conversely, if S1 gives a type to l[a . 6. id], theu Ll gives types to a and b. These observations suggest a reformulation of the sounduess and completeness claim. Informally, me would like to show that Sl can give a type to a tcrl1-i iff I,1 can give a type to the normal forms of the terns a,nd of some subterms tlrat c normalization discardc..
Sl) t
s) = s
Lemma 4.4 (Subject reduction) If a -d CL’ ancf E kl a:A, then E I-..1 a’:A. Simzlnrly, ifs -r s’ and E’ bl s :. E”, then E’ bl s’ :. E”.
The type rules come in two groups, one for giving types to terms, and one for giving environments to substitutions. The two groups interact through the rule for closures. Definition
. (s 0 t)])
Lemma 4.3 For all a in c~ normalform, iffE h1 a:A.
has the syntax:
A ::= E ::= a::= s::=
Types Environments Terms Substitutions
. s] = a
The typed version of u enjoys the propertirs of t11e untyped version. A term in u normal form is typeable in S1 iff it. is typeable in Ll, and cr reduction -u preserve typings:
We do not include the p rule, because we now focus on typechecking-rather than on evaluation. The first-order
s:.E’
In Sl, we include neither the Beta nor the u axioms. Clearly, typechecking is decidable in Sl. \Ve proceed to show that Sl is sound. I-is a yrelirninar\.. we prove two lemmas. The first lemma relies on the notion of u normal form: which was defined in the previous section. We use a modified version of the cr rules for typed terms; four of the rules change.
Ll)
{Ll-var)
k t:.E
1:A
B
a:A
39
5
Second-order
theories
(L2-ext2)
Type rules and typecheckers are also needed for second-order calculi. Unfortunately, the situation is more complex than at the first order, because types include binding constructs (quantifiers). These interact with substitutions in the same subtle ways in which A interacts with substitutions, (We have no equivalent of ,O reduction here, but this too reappears in higher-order typed systems.) In implementing a typechecker (or proofchecker) for the second or higher orders, we face the same concerns of efficient handling of substitution and correctness of implementation that pushed us from the untyped X-calculus to the untyped Au-calculus. It is nice to discover that we can apply the same concept of explicit substitutions to tackle typechecking problems as well. In order to carry out this plan, we must first obtain a second-order system with explicit substitutions, which already incurs several difficulties. Then we must refine the system, and obtain an actual typechecking algorithm. During this enterprise, we should keep in mind the goal of deriving an algorithm that is correct and close to a sensible implementation by virtue of handling substitutions explicitly.
(L2-tvar)
(L2-tvarn)
(L2-tvarn2)
(LZtfun)
(L2-tgen)
(LS-var)
(LZvarn)
Second-order theories are considerably more complex than untyped or first-order theories, both in number of rules and in subtlety. The complication is already apparent in the De Bruijn formulation of the ordinary second-order X-calculus (L2, below). The complication intensifies in the second-order Aucalculus (S2) b ecause of unexpected difficulties. (We mentioned some of them in the overview.) \T’e begin with a description of L2, then we define S2 and prove that it is sound with respect to L2. Unlike Ll L2, and even Sl, the new system S2 is not deterministic. Therefore, we also define a secondorder typechecking algorithm S2alg, and prove that it is sound with respect to S2. The syntax and the type rules for the second-order X-calculus are:
(L’Z-nil)
( L’L-ext)
env
t E env Ty,E
I- i::Ty
E I- A::Ty E I- n::Ty A,E I- n+l::Ty
E I- n::Ty Ty,E
I- n+i :: Ty
E I- A::Ty A,E E I- A-+B::Ty Ty,E
t- B::Ty
E I- VB::Ty E t A::Ty A, E t I : A(l) Et-
n:B E I- A::Ty A,E I- n+i: B(f) E I- n:B
Ty,E
t n+l : B(t)
(La-lambda)
A,E t- b:B E I- XA.b:A+B
(L2-Lambda)
Ty,E I- b:B E t AG :VB
W-awl
(L2-APP)
I- B::Ty
Et
b:A+B E f- a:A E I- b(a) : B{a:A aid}
E I- b:VB E i- A::Ty E t b(A) : B(A::Ty . id)
A::=n(A+B)VA
Types Environments Terms
Definition
(L2-varn2)
t E env t- Ty,E
E ::= nil 1 A, E 1Ty, E a ::= n 1XA.a 1An 1a6 1aB
5.1 (Theory t
nil
I- E
We now move on to the S2 system, with the following syntax: Types Envi~omnents Terms Substitutions
L2) env env
I- A,E
E t A::Ty env
A ::= 1 1A + B 1VA 1A[s] E ::= nil 1A? E ) Ty, E a ::= I ) 4lA.a 1Au J ab I aB 1u[sj s ::= icl )t 1a:A.s 1A::Ty.s ]sot
In the previous section, we have seen how to formulate a first-order Acr-calculus (Sl) by adding one
40
closure rule and a group, of substitution rules to the first-order &calculus (Ll). In Sl, the task of deriving types can be separated from the task of applying substitutions. As indicated in the informal overview, this approach does not extend to S2. The rules of S2 described below are structured in such a way that substitutions are automatically pushed inside terms during typechecking. The unfortunate side effect is a small explosion in the number of rules. We do not include an analogue for Sl-clos (in fact, we conjecture that it is admissible). S2 is formulated with equivalence judgments, for example judgments of the form E l- a - b : A. This judgment means that a and 6 are equivalent terms of type A in the environment E. We can recover the standard judgments, with definitions such as E k a:A
z&f
where we would more naturally expect Bool::Ty, nil. The information that i is Boo1 is not found in the environment: s has to be used to check that i is indeed Boal. It seems thus that the type of a substitution cannot be intrinsically defined. With these explanations in mind, the reader should be able to approach the rules of the theory S2. Definition
Proposition
7.
sense:
5.3 (Soundness)
1. If E k..~ a - b : A then a(E) b2 u(a) : a(A)
and U(U) = a(b).
2. IfE I-.Yz A-B::Ty then a(E) htz cr(A) :: Ty and a(A) = a(B).
E I- a-a:A
3. If FSP E - E’ then ~b2 a(E) $2
4. UE l
s - s’
env env and o(E)
= a( E’).
substp then for some vn and n
u(s) = G1 . _. . . Gk . 1” G’,, .a. .G:,-r”,
and
a(~‘) =
:: T> for all q < 772, either G,=Gb=A A :: Ty for some A, and a(E) t-L2 or G, = a:A, Gi = a:A’, o(.d[l? o s]) = o(A’[tQos’]), and c(E) htz a : a(-l[tq OS]) for some a, A, and A’, p=m+jEI--n.
E t- a-b: A[s] E k s-t:.E’ E I- A[s] N B[t] :: Ty E I- a:A . s - b:B . t :. A, E’
As for Sl, we speculate that the soundness claim for S2 can be strengthened, and that a converse completeness result then holds. We now provide a typechecking algorithm S2alg for the second-order calculus. The algorithm is formallat,ed as a set of rules, for easy comparison with S2. For terms that are not closures, S2alg snd L2 opera.te identically. However, these are the least interesting cases: an actual implementation would manipulate only closures (as in subsection 3.5). In order to typecheck a term a[~], the strategy is to analyze simpler and simpler components of a lvhile accumulating more and more complex substitutious in s. \\‘hen we reach an index, we extract the relevant infori,~atir~rl from the substitution or from t,he environment. Informally, the algorithmic flow of control for each rule is: stdrt with the given parts of the conclusion. recursively do what the assumpt.ions on top require. accumulate the results, and from them prod,Jce the unknown parts of the conclusion. For example, if we want to type a in the environment E, we select an
Note that, in the hypothesis, we require that a have type A[s] rather than A: the reason is that A is wellformed in E’ rather than in E. Furthermore, we require that s and t be equivalent substitutions of type E’, but in truth their type is irrelevant. This suggests a new approach: we deal with judgments of the form subs$,
where p records the length 1 E’ 1 of E’. In fact, we could hardly do more than keep track of the lengths of substitutions. As the following example illustrates, the type of a substitution cannot be determined satisfactorily. In the tentative rule above, let E = nil, s = t = Bool::Ty . id, a = b = true, and A = I and B = Bo~l. We obtain nil
S2) See appendix
S2 is sound, in the following
In S2, equivalence judgments are needed because it is not always possible to prove directly E l- a : A, but only E l- b : A for a term b that is cr-equivalent to a (as in the example above). Formally, in order to prove E 1 a - a : A, we first prove E I- a - b : A, and then use symmetry and transitivity. Similarly, it is not always possible to prove directly E I- a : A, but instead E l- a : B for a type B that is u-equivalent to A-then we “retype” a from J3 to A. We have seen in section 2 how the typing axiom for i has to be modified. Similar considerations show that the rule for conses, Sl-cons, needs to be modified as well, and suggest the following, tentative rule:
E I- s - t
5.2 (Theory
I- true:1 es - true: Boo1 . t :. I ::Ty, nil
41
substitutions, both for untyped systems and typed systems. The theory and the manipulation of explicit substitutions can be delicate, but useful for correct and efficient implementations.
inference rule of S2alg by inspecting the shape of its conclusion. Then we move on to the assumptions of this rule, recursively; we solve the typing problems presented by each of them, and collect the results to produce a type for the original term a. Some of the rules involve tests for type equivalence; two auxiliary 9eduction” judgments are used: E k s .x+ s’
subst,
and
E I- AU
Acknowledgements We have benefited from discussions on untyped systems with P. CrCgut, T. Hardin, E. Muller, and A. Suarez, and from C. Hibbard’s editorial help.
A’::Ty
In these judgments, s’ and A’ are in a sort of weak head normal form, namely: s’ is never a composition and if A’ is a closure then it has the form i[l”]. Definition
5.4 (SZalg)
7
Appendix:
7.1
See appendix 8.
Type
equivalence
E l- A-B::Ty E I- B-C::Ty E t- A^,C::Ty I- E env Ty, E I- 1 - 1:: Ty A,E l- B-B’::Ty E l- A-A’::Ty E I- A--+B-A’--+B’::Ty Ty, E I- B - B’ :: Ty E t- QB - QB’ :: Ty I- E enu E t- i[id] N 1 ::Ty E t- 1::Ty E t- A::Ty A, E t l[t] - l[r] :: Ty
l IfE
l- sms’ subst, then’s’ has one of the forms id, l”, a:,4 t, and A::Ty . t.
Ty,E
E I- 1::Ty l- i[l] w i[t] :: Ty
E I- i[t”] :: Ty A, E I- l[t”+‘]
If E t- A u A’ :: Ty then A’ has one of the forms 1, 1[~“], B + C, and VB.
Finally, the algorithm always terminates, with success or failure, because every rule either reduces the size of terms or moves terms towards a normal form. The algorithm S2alg is sound with respect to S2. For example, if E l-szalg A :: Ty then we can prove E ks2 -4 - A :: Ty. We conjecture that the algorithm is also complete, in the sense that for example ifE bss A-A’::Tythen E ~~~~~ A::Ty.
6
s2
E I- ANB::Ty E l- B-A::Ty
To show that S2alg really defines an algorithm, we first notice that only one rule can be applied bottomup in each situation. For the judgments E I- A::Ty and E l- A u A’::Ty, we test applicability by cases on A: when A = B[s], by cases on B; and when B = I by cases on the reduction of s. For E I- a : A, we proceed by cases on a; when a = b[s], by cases on b; and when b = I by cases on the reduction of s. For E t- s su bst, , we proceed by cases on s, and when s = t o u by cases on t. For E k s ru s’ subs& u-e proceed by cases on s; when s = t o u, by cases on t; and when t = 1 by cases on the reduction of U. FinalIS*, E t- A ++ B :: Ty is handled by cases on the reductions of A and B. The following invariants can be used to show that the algorithm considers all the cases that may arise when the input terms are well typed:
l
Theory
Ty,E
E I- l[t”] l- l[T"+']-
E I- A::Ty - l[t”+‘] :: Ty :: Ty l[T”+‘]
:: Ty
E t- A::Ty . s substp E I- i[A::Ty . s] - A :: Ty El-
s - s’ sub&, E I- l[s'] :: Ty E I- i[s] - i[s’] :: Ty
E t- A[s] -+ B[l:A.(s o I)] :: Ty E t- (A + B)js] - A[s] + B[l:A . (s o t)] :: Ty E t V(B[l :: Ty. (sot)]) :: Ty E l- (VB)[s] - V(B[i::Ty . (s o l)]) :: Ty
Conclusion
The usual presentations of the X-calculus discreetly pla>r dolvn the handling of substitutions. This helps in developing the metatheory of the A-calculus, at a suitable level of abstraction, We hope to have demonstrated the benefits of a more explicit treatment of
E l- A[sot]::Ty E t- A[s][t] - A[s o t] :: Ty t- E - E’ E I- A-B::Ty E’ l- A-B::Ty
42
enu
7.2
Term
7.3
equivalence
Substitution
E I- a-b:A E t- b-a:A
E t- s - t subst, E t- t - s substp
E t- b-c:A E I- a-b:A E I- a-c:A
E t s- t
E t- A::Ty A, E I- 1 - 1 : A[t]
Ty,E t b-b’: E I- hb-Ab’:VB
E I- t - u sub& E t s - u subst,
B
E t A::Ty A, E t t - t substIE,
E t a-a’:A E I- b-b’:A+B E t- b(a) - b’(a’) : B[a:A * id] Ty,E
E I- A-A’::Ty E I- b-b’:QB E I- b(A) - b’(A’) : B[A::Ty . id]
E t .s - t
E I- 1:A E I- l[id] - 1 : A E t
B::Ty
B, E I- l[tl
- l[tl
: Attl
TY,E
: A[tl
E I- a:A .s subsip E t- l[a:A.s]-a:A[s] EI-s-s’ E t
Et
subsfp E t- l[s’] : A I[S] - I[s’] : A
subst, s-s’ E I- a : A[s] E t to (a:A s) - s’ substp
substp E I- s-s’ E I- .4::Ty E t t o (A::Ty s) - s’ substp
E I- XA[s].b[l:A . (sot)] : B E I- (AA.b)[s] - XA[s].b[l:A . (s o t)] : B
E I- s - s’ szrhstp+I E I- tos - 10s’ subsip
E t A(b[l::Ty +(so r)) : B E t (Ab)[s] - A(b[i::Ty . (s o t)]) : B
E I- W>(+l> : A E t- W[sI - (bbl)(a[sl> :A E t- wl)Msl) : B E I- %Wl - P+~l)(Abl): B
E t
Et E I- a-b:B
E t
t E-E’ E’ I- a-b:A
a-b:A
E t a[t]:A . (s o t) substp (a:A . s) o 1 - a[t]:A s (s o t) subsf,,
E t A[t]::Ty (sot) E t- (A::Ty . s) o t - A[t]::Ty
E t- a[s ot] : A E I- a[s][t] - a[s ot] : A E I- a-b:A
substp s,ubst,
E t t subs+, E t r o id - t subst,
:A
- l[t”+‘]
E I- s - t subst, .s - B::Ty.t substp+l
E I- s - s’ E t idos-s’
E t B::Ty - l[t”+‘] : A[t]
E I- l[t”] I- l[t”+l]
: A[tl
I- E env t 1 - t substIE
subst, E t A[s] - B[t] :: TJ E I- a - b:A[s] a:A . s - b:B -t subst,+I
E t A-B::Ty E I- A::Ty
i:A
I- l[t] - l[tl
E I- i[t”] : A B, E I- l[t”+l] Ty,E
E t
1:A Et
subsi,
t E env E r- id - id substlEt
A,E I- b-b’:B E I- A-A’::Ty E I- XA.b - XA’.b’ : A + B
Et-
equivalence
A-B::Ty
E t
43
.subatp
E I- so (1 o IL) subsi>, - s o (t o u) subhip (sot)orr
E k s- t
env
subsip (s o t)
substp E’ t s N t
t Esubstp
E’
~1111
7.4
Environment
t E - E’ I- E’ - E I- E-E’
8.2
equivalence
env I- E-E”
Inference
E I- A::Ty A, E I- 1 : A[t]
env env I- E’env
t- nil - nil
for terms
E”
env
A,E E I- A::Ty Et AA.b:A-+B
env Ty,E E t
I- E - E’ env E I- AaB::Ty I- A,E-B,E’ env
Appendix:
8.1
Inference
Algorithm
E I- A::Ty E t- b:VB E I- b(A) : B[A::Ty 3id]
S2alg
for types
A, E t s R++id subst, A, E t- i[s] : A[t]
I- E env Ty,E I- i::Ty E I- A::Ty A,E E k A-+B::Ty
I- b:B hb:\dB
E t a:A b:A-+B E I- b(a) : B[a:A . id]
Et
t E - E’ env Ty, E’ env I- Ty,E-
8
I- b:B
E t I- B::Ty
E I- B::Ty 1:A B, E I- 1-h] : A[t] E I- i:A
Ty,E I- B::Ty E I- VB :: Ty
E !- A::Ty E J- i::Ty A, E t- i[t] :: Ty
E t TY,E
Eti::Ty Ty, E I- l[t] :: Ty
: AhI
t
l[t”] l[t”+‘]
:A : A[t]
E I- s m a:A .t substp E I- l[s] : A[t]
E I- l[t”] :: Ty E I- A::Ty A, E t- I[,“+‘] :: Ty
Et
E t- i[t”] :: Ty Ty, E t i[t”+‘] :: Ty
s-f”
substp E t E I- I[S] : A
i[t”]
:A
A[s], E k b[l : A +(so I)] : B E t (XA.b)[s] : A[s] + B
E k s w A::Ty . t subs& E I- I[S] :: Ty s&t, E I- i[t”] E t- l[s]::Ty
l[tl
E I- l[t”] : A E k B::Ty B, E I- l[t”+‘] : A[t]
Ty, E I- s w id sub&, Ty, E I- l[s] :: Ty
Eks’L,t”
t
TY,E
Ty, E t- b[i::Ty . (s o t)] : B E l- (hb)[s] : VB
:: Ty
E I- a[s] : A’ b[s]:A-+B E I- A++A’::Ty E t- (b(a))[s] : B[a[s] : A . id]
E t E I- A[s] :: Ty A[s], E I- B[I : A. (s o t)] :: Ty E I- (A4 -+ B)[s] :: Ty
E I- b[s] : VB E I- (b(A))[s]
Ty, E I- B[l::Ty ’ (so t)] :: Ty E k (VB)[s] :: Ty
E I- A[s] :: Ty : B[A[s]::Ty . id]
E t a[sot] : A E t a[s][t] : A
E t A[sot]::Ty E k A[s][t] :: Ty
44
8.3
Inference
E t s - id substp+l E t t o s ‘u 1 substp
for substitutions t E env E I- id subsilel
substp+l Etsut” E t to s r~* tnS1 substp
E I- A::Ty A, E I- t substlEt
subst,+l s-a:A.s’ E !- s’ - s” sub& E t t OS - s” substp
E t
t E env Ty, E k r substlst
s ‘L* A::Ty .s’ substp+l E t s’ u s” substp su bsiP E t fos-s”
E t E I- s substp a:B E I- A[s] c+ B :: Ty E I- a : A . s substp+l
E t
E I- s substp E I- A::Ty E k A::Ty . s subsipS
E t
E t a[t] : A (s o 1) subst, (u : A. s) o t ru u[t] : A. (s o t) E t A[t]::Ty
E I- s subst, E I- id o s subs$
E t (A::Ty.s)ot
E t so (t o u) E t (s o t) o u -
E I- s subst,+l E k t o s substp
8.5
E I- a[t] : A. (s o t) subs$ E I- (Q : A -s) o t substp E t A[t]::Ty . (sot) E I- (A::Ty . s) o t E t so (t ou) E t (sot)ou
8.4
Substitution
. (sot) substp Q A[t]::Ty . (s o t)
subst,
Type
Ty,E
env
t IC\AI::T~
A,E E t- A::Ty. Et A--,B-A-B::Ty
subst, subst,
svbstp substp
reductions I- E
subst, substp
v v
subsip
k B::Ty
Ty,E t B::Ty E t VBvVB::Ty
reduction Ty, E t s - id subst, Ty, E I- l[s] - 1 :: Ty
t E env E t id ry id substl,q Et
E t i::Ty A, E t t - t substtq t
E Ty, E t t -
s-T”
E t i[r”] substp E I- i[s] - i[t”] :: Ty
:: Ty
E t s ry A::Ty s’ suhstp E t A[s’] w B :: Ty E I- i[s] - B :: Ty
env t subst\,q
E I- a:B E t A[s] :: Ty E t s subst, E t B w A[s] :: Ty E t a : A. s w a : Aa s substp+l
E t
E t s subst, E t A::Ty E I- A::Ty - s ru A::Ty 1s substp+l
E t A[s] :: Ty A[s],E I- B[l: A.(so~)]::Ty (A 3 B)[s] r\~ A[s] i B[I : =1 (s o t)] :: Ty
Ty,E t B[i::Ty+of)] E t- (VB)[s] - V(B[i::Ty
E t s w s’ subst,, E t idos - s’ substp
::T> (s o t)]) :: Ty
E t A[sot]-B::Ty E t A[s][t] - B :: Ty
45
Type
8.6
E t
E t .4~1::Ty E t AoA’::Ty
E I- Arr*B-+C::Ty E t A’wB’--+C’::Ty B,E E k B++B’::Ty E t Awd4’::Ty Et
A’ r\~ 1 :: Ty
t
C-C’
[9] G. Huet, D.C. Oppen, Equations and Rewrite Rules: A Survey, in Formal Languages Theory: Perspectives and Open Problems (R. Book, editor), pp. 349-393, Academic Press, 1980.
::Ty
E t A’wVB’::Ty AuVB::Ty Ty,E I- B+-+B’::Ty E t A++A’::Ty
E t A ‘u l[t”]
8.7
[S] T. Hardin, A. Laville, Proof of Termination of the Rewriting System SUBST on CCL, Theoretical Computer Science 46, pp. 305-312, 1986.
equivalence
E C A’ Q l[t”] :: Ty E k A+-+A’::Ty
Inference
t
E
nil
:: Ty
E t A::Ty env t A, E env t E env t Ty, E env
References [I] H.P. Barendregt, The Lambda Calculus: Its Syntar and Semantics, North Holland, 1985. [2] S. De Bruijn, Lambda-calcuIus Notation with Nameless Dummies, a Tool for Automatic Formula X,Ianipulation, Indag. Mat. 34, pp. 381-392, 1972. [3] L. Cardelli, Typeful Programming, SRC Report ?\‘o. 45, Digital Equipment Corporation, 1989.
[>] P.-L. Curien, The Xp-calculi: An Framework for Closures, unpublished nary version printed as LIENS report,
[ll]
J.-L. Krivine,
Systems, 1980.
unpublished.
[13] C.P. Wadsworth, Semantics and Pragmatics of the Lambda Calculus, Dissertation, Oxford University, 1971.
env
[4] H.P. Curry and R. Feys, Combinatory Vol. 1, North Holland, 1958.
J.W. Klop, Combinatory Reduction Math. Center Tracts 129, Amst.erdam,
[I21 P. Martin-Lijf, Intuitionistic Type Theory, notes by G. Sambin of a series of lectures given in Padova in 1980, Bibliopolis, 1984.
for environments t
[lo]
Logic, Abstract (prelimi1988).
[G] P.-L. Curien, Categorical Combinators, Seqmeniral’ .-llgoriihms and Functional Programming, Pitman, 1986. [7] T. Hardin, Confluence Results for the Pure Strong Categorical Combinatory Logic, to appear in Theoretical Computer Science, 1988.
46
