Final Semantics for untyped -calculus

Final Semantics for untyped -calculus? Furio Honsell1 and Marina Lenisa1;2 1

Dipartimento di Matematica e Informatica Universita di Udine, Italy. fhonsell,[email protected]

2

Dipartimento di Informatica Universita di Pisa, Italy. [email protected]

Abstract. Proof principles for reasoning about various semantics of untyped -calculus are discussed. The semantics are determined operationally by xing a particular reduction strategy on -terms and a suitable set of values, and by taking the corresponding observational equivalence on terms. These principles arise naturally as co-induction principles, when the observational equivalences are shown to be induced by the unique mapping into a nal F -coalgebra, for a suitable functor F . This is achieved either by induction on computation steps or exploiting the properties of some, computationally adequate, inverse limit denotational model. The nal F -coalgebras cannot be given, in general, the structure of a \denotational" -model. Nevertheless the \ nal semantics" can count as compositional in that it induces a congruence. We utilize the intuitive categorical setting of hypersets and functions. The importance of the principles introduced in this paper lies in the fact that they often allow to factorize the complexity of proofs (of observational equivalence) by \straight" induction on computation steps, which are usually lengthy and error-prone.

Introduction In this paper we present various proof-principles for reasoning about various semantics of -calculus which arise in the literature. The word semantics is often used ambiguously. In fact, it can either refer to an interpretation function mapping terms into a space of denotations, or to a procedure for determining an equivalence relation, or to an equivalence relation on terms per se (e.g. the one induced by an interpretation function). We shall be careful in distinguishing between semantics and semantical equivalence. The proof principles that we introduce in this paper will be, therefore, rules for establishing semantical equivalence. All the semantics that we consider originate operationally by xing a suitable reduction strategy ! on -terms (denoted by ), or closed -terms (denoted ?

Work supported by EEC Science contract MASK, HCM contract \Lambda Calcul Type" and MURST 40% and 60% grants.

by 0 ). A reduction strategy is a procedure for determining, for each term, a suitable -redex appearing in it, to be contracted. A (possibly non-deterministic) strategy can be formalized as a relation !     (0  0 ) such that, if (M; N ) 2! (also written in x as M ! N ), then N is a possible result of applying the reduction strategy ! to M . Reduction paths are de ned, as usual, by repeatedly applying the reduction strategy (possibly zero times). The set of terms which do not belong to the domain of ! are partitioned into two disjoint sets: the set of -values, denoted by V al and the set of -deadlocks. Given a xed strategy ! , we can de ne the evaluation relation +     (0  0 ), such that M + N holds if and only if there exists a reduction path leading from M to N and N is a -value. If there exists N such that M + N , we shall say that the reduction ! halts successfully (terminates) on N , otherwise we shall write M 6+ and say that the reduction strategy ! diverges on M or reaches a deadlock from M . Often, the relation + can be axiomatized pleasantly using Plotkin's S.O.S. style (see [16]). Once we have a reduction strategy we may well say that we have an operational semantics, for we can imagine a machine which evaluates terms by implementing the given strategy. A natural semantical equivalence to de ne on terms is the observational equivalence. This arises if we consider programs as black boxes and take them to be equivalent if we cannot tell them apart by observing that for a given program context the machine halts successfully when one is used as a subprogram but does not halt when the other is used as a subprogram. De nition 1 (-observational Equivalence). Let ! be a reduction strategy and let M; N be programs, i.e. closed -terms. The observational equivalence  is de ned by M  N i 8C [ ]:(C [M ]; C [N ] 2 0 ) (C [M ] + , C [N ] + )): Notice that -observational equivalence is a congruence for every . In this paper we consider many dierent reduction strategies, and corresponding observational equivalences, appearing in the literature. These strategies include those realized by the two most widespread implementations of functional programming languages, i.e.call-by-value and lazy. We shall focus in particular on the former. This was de ned by Plotkin in [15] and is the one implemented by Landin's SECD machine or by the FAM. The observational equivalence induced by this strategy has been investigated in [6]. The latter strategy, which is the one used by lazy functional languages, induces an observational equivalence which has been studied in [1, 13]. Other strategies considered in the paper are: - the \initial" leftmost strategy which stops on head normal forms; its observational equivalence is induced by the canonical D1 model of Scott (see [20]); - the -normalizing strategy, i.e. the\complete" leftmost strategy, whose observational equivalence, we conjecture coincides with the equivalence induced by the model de ned in [5]; - Barendregt's perpetual strategy, which reduces the leftmost -redex, which is either an I-redex, or a K-redex whose operand is in normal form, and which

can be shown to terminate exactly on strongly normalizing terms; we conjecture that the model de ned in [10] for the N 0 -calculus is computationally adequate w.r.t. the observational equivalence induced by Barendregt's perpetual strategy; - a non-deterministic strategy with a non-trivial set of deadlock terms, which induces as observational equivalence the congruence which cannot be realized by a continuously complete C.P.O. model (see [11]). The importance of establishing observational equivalence of terms is unquestionable, e.g. it is at the core of the software development methodology of \program transformation". However, showing equivalences by induction on computation steps, is a lengthy and error-prone activity. Powerful proof-principles, which allow to factorize this dicult task, are therefore very precious. In recent years, much attention has been devoted to so-called \coinduction principles", see e.g. [14, 7]. These concepts arose independently in two unrelated areas: that of semantics for concurrent languages [12] and that of nonwellfounded sets [8]. Aczel made the connection and pioneered their categorical account in terms of nal coalgebras (see [2, 3]). Recently, various authors have deeply investigated nal semantics (see e.g. [18, 7, 19]). They have developed a general categorical methodology for deriving coinduction principles whenever the semantical equivalence is induced by a nal semantics. In this paper we apply this methodology to various semantics of -calculus. We proceed as follows. Given a reduction strategy ! and a set V al , we endow 0 (possibly in various ways), with the structure of a F -coalgebra, for suitable functors F . These functors are then proved to be \well behaved" in the sense that they admit a nal F -coalgebra and preserve \weak kernel pairs" (see Appendix A and [18] for categorical de nitions). Hence the nal interpretation given by the unique morphism into the nal F -coalgebra induces an equivalence which can be characterized by a coinduction principle, i.e. as the union of all F -bisimulations. Finally we are left with the task of showing that this equivalence coincides with the observational equivalence determined by the original reduction strategy. The nal F -coalgebra cannot be given, in general, the usual structure of a \denotational" -model. Nevertheless the nal semantics can count as compositional in that the equivalence induced by it is a congruence, w.r.t. the syntactical constructors of the language. Actually, this is precisely what implies, in all the cases discussed here, that the nal semantics induces the observational equivalence. Technically, it is quite hard to show that the nal semantics induces a congruence. We prove it either by induction on computation steps or exploiting some property of the observational equivalence itself, which, in turn, can be proved exploiting the properties of some, computationally adequate, inverse limit denotational model. We could have considered various categorical settings, such as that of complete metric spaces or complete partial orders. We prefer to utilize that of hypersets and functions, because this categorical setting is natural and it allows to keep the naive set-theoretic intuition. Hypersets are non-wellfounded sets belonging to a Universe of ZF0?(U )FCU . This is a Zermelo Frnkel like set-theory with extensionality \up to"Urelementen and with the Axiom of Foundation replaced

by the \unique" antifoundation axiom FCU , which generalizes the antifoundation axiom X1 introduced by Forti and Honsell in 1982 (also called AFA by Aczel [2]). The paper is organized as follows. In Section 1 we present the reduction strategies and the corresponding evaluation relations that we shall deal with. In Section 2, we apply the nal methodology. In particular we introduce, for each reduction strategy, a suitable functor and we derive a sound coinduction principle. In Section 3 we focus on the call-by-value observational equivalence and, applying again the nal methodology, we derive yet another coinduction principle. In Section 4 we present an \induction-coinduction" principle for the call-by-value observational equivalence inspired by [14]. Final remarks, comments and conjectures appear in Section 5. In Appendix A we recall some useful de nitions. The authors are grateful to Mariangiola Dezani, Gordon Plotkin, Simona Ronchi Della Rocca, Jan Rutten and Daniele Turi for useful discussions.

1 Operational Semantics Throughout the paper we use standard -calculus concepts and notation as de ned in [4]. In this Section we present six operational semantics for -calculus. More precisely we give six reduction strategies together with the corresponding evaluation relations. The latter are presented using Plotkin's S.O.S. style, (cfr. [16]).

De nition 2 (!v strategy, +v evaluation). The lazy call-by-value strategy !v  0  0 reduces the leftmost -redex, not appearing within a -abstraction, whose argument is a -abstraction. V alv = fx:M j M 2 g\0 . The evaluation +v is the least binary relation over 0  V alv satisfying the following rules: M +v x:P N +v Q P [Q=x] +v U x:M +v x:M MN +v U De nition 3 (!l strategy, +l evaluation). The lazy call-by-name strategy !l  0  0 reduces the leftmost -redex not appearing within a -abstraction. V all = fx:M j M 2 g\ 0 . The evaluation +l is the least binary relation over 0  V all satisfying the following rules: M +l x:P P [N=x] +l Q x:M +l x:M MN +l Q De nition 4 (!h strategy, +h evaluation). The eager call-by-name strategy !h     reduces the leftmost -redex, if the term is not in head normal form. V alh is the set of -terms in head normal form. The evaluation +h is the least binary relation over   V alh satisfying the following rules: M +h N xM1 : : : Mn +h xM1 : : : Mn n  0 x:M +h x:N M [N=x]M1 : : : Mn +h P (x:M )NM1 : : : Mn +h P n  0

De nition 5 (!n strategy, +n evaluation). The normalizing strategy !n  reduces the leftmost -redex. V aln is the set of -terms in normal form. The evaluation +n is the least binary relation over   V aln satisfying the following rules: M1 +n M10 : : : Mn +n Mn0 M +n N x:M +n x:N xM1 : : : Mn +n xM 0 : : : M 0 n  0 1 n M [N=x]M1 : : : Mn +n P (x:M )NM1 : : : Mn +n P n  0

De nition 6 (!i strategy, +i evaluation). Barendregt's perpetual strategy !i     reduces the leftmost -redex not in the operator of a redex, which is either an I -redex, or a K -redex whose argument is a normal form. V ali is the set of -terms in normal form. The evaluation +i is the least binary relation over   V ali satisfying the following rules: M1 +i M10 : : : Mn +i Mn0 n  0 M +i N x:M +i x:N xM1 : : : Mn +i xM10 : : : Mn0 (x:M )N I -redex M [N=x]M1 : : : Mn +i V n  0 (x:M )NM1 : : : Mn +i V (x:M )N K -redex N +i P MM1 : : : Mn +i V n  0 (x:M )NM1 : : : Mn +i V De nition 7 (!e strategy, +e evaluation). Let be a new constant. The non-deterministic strategy !e  0 (f g)  0(f g) rewrites -terms which contain occurrences of the constant by reducing any -redex. V ale = 0 . Normal forms which are not in V ale are the !e -deadlock terms. The evaluation relation +e is the least binary relation over 0 (f g)  V ale satisfying the following rules: M 2 V ale M +e M

C [(x:M )N ] 62 V ale C [M [N=x]] +e P C [(x:M )N ] +e P

2 Final Descriptions of observational Equivalences In this section we give a rst series of \ nal" accounts of the observational equivalences induced by the evaluation relations de ned in the previous section. Each of these accounts gives rise to a particular coinductive characterization of the observational equivalence under consideration. We work in the category Class whose objects are the classes of non-wellfounded sets belonging to a Universe of ZF0?(U )FCU , and the arrows are the functional classes. The theory ZF0? (U )FCU is a Zermelo-Frnkel-like set theory with extensionality, \up to" the proper class U of Urelementen (atoms), and with the axiom of Foundation replaced by the anti-foundation axiom FCU of [9] (see De nition 23 in Appendix A). This axiom is the version of X1 (AFA) \up to" Urelementen, see [8, 2]. The Axiom FCU implies that the Universe is strongly extensional, i.e. that sets are unique \up to" bisimulations which preserve atoms

(see De nition 23 in Appendix A, and [8, 2, 9] for more details). Alternatively we could have used the category Class of [18], the category of C:P:O:'s and strict functions, or the category of complete metric spaces and non-distance increasing functions. Given an evaluation relation + , we will proceed uniformly as follows (see [18]): 1. we endow the set 0 with a structure of F -coalgebra, for a suitable functor F : Class ! Class ; 2. we prove that the functor has a nal F -coalgebra; 3. we de ne the interpretation function M as the unique F -coalgebra morphism from the F -coalgebra on 0 into the nal F -coalgebra; 4. we prove that the the equivalence induced by M is given by the union of all F -bisimulations on the F -coalgebra on 0; 5. we prove that the equivalence induced by M is  . The steps 1 and 5 above are motivated and simpli ed if we introduce and discuss the notion of applicative equivalence. 0 0 De nition 8. Let app      , for  2 fv; l; h; n; i; eg, be the applicative equivalence de ned by 0 M app  N () 8P1 ; : : : ; Pn 2  : (MP1 : : : Pn + , NP1 : : : Pn + ) : In general app n; eg, we can  is not a congruence, but for all  2 fv; l; h; 3 coincides with  and hence it is a congruence. The proofs of prove that app   these facts will be outlined in the sequel. The relation app  , for  2 fv; l; h; n; i; eg can be characterized coinductively as the greatest xed point of a suitable monotone operator. Namely: De nition 9. Let X be a set and : P (X  X ) ! P (X  X ) be an operator. A -bisimulation is a relation R  X  X s.t. R  (R). If is monotone, then the greatest xed point of is the greatest -bisimulation. Lemma 1. The applicative equivalence app  ; for  2 fv; l; h; n; i; eg, can be viewed as the greatest xed point of the monotone operator  : P (0  0 ) ! P (0  0 ) de ned by  (R) = f(M; N ) j (M 6+ ^ N 6+ ^ 8P 2 0 : ((MP; NP ) 2 R)) _ (M + ^ N + ^ 8P 2 0 : ((MP; NP ) 2 R))g: Proof. Let R:  (R) be the greatest xed point of  . It is immediate to show app that app  is a  -bisimulation, hence   R:  (R). In order to show the ! app converse, i.e.   R:  (R), we prove rst, by induction on the length of ? P ! (? P abbreviates P1 : : : Pn for n?  0), that: ! (M; N ) 2 R:  (R) =) (M ! P ; N? P ) 2 R:  (R): Hence, reasoning by contradiction, we get app   R:  (R). 3

We conjecture that the same holds also for  = i.

ut Notation. Throughout the paper we will denote by X ! Y the class of all functions de ned on X taking values in Y ; and we will denote by X + Y the \disjoint sum" of X and Y , e.g. fvg  X [ fug  Y , where v and u are two distinct \fresh" atoms.

2.1 A nal Description of v in the Hyperset Setting

The set 0 can be endowed with a coalgebra structure appropriate for dealing with v as follows: De nition 10. i) Let Fv : Class ! Class be the endofunctor de ned by Fv (X ) = (0 ! X ) + fg ; where  is a generic atom; the de nition of Fv on morphisms is canonical. ii) Let (0 ; v ) be the Fv -coalgebra de ned by  u; ) if M 6+v v (M ) = ((v; f(N; MN ) j N 2 0 g) if M +v :

Lemma2. The functor Fv has a greatest xed point Xv such that (Xv ; id) is a nal Fv -coalgebra. Proof. One can easily extend the \Special Final Coalgebra Theorem" (see [2] and Corollary 4.23 of [18]) to ZF0? (U )FCU . The functor Fv can be easily seen to satisfy the appropriate generalizations, to ZF0?(U )FCU , of the hypotheses of the above theorem: i.e. it is set-continuous, inclusion preserving and uniform on maps.

ut

De nition 11. Let Mv : 0 ! Xv be the unique Fv -morphism from the Fv coalgebra (0 ; v ) to the Fv -coalgebra (Xv ; id), i.e.:  ) if M 6+v Mv (M ) = ((u; v; f(N; Mv (MN )) j N 2 0 g) if M +v : The following lemma can be proved straightforwardly. Lemma3. R is a v -bisimulation if and only if R is a Fv -bisimulation Lemma4. Let M; N 2 0. Then: Mv (M ) = Mv (N ) () M app v N: Proof. One can easily see that Fv weakly preserves kernel pairs, and hence, by Corollary 3.9 of [18], the equivalence induced by the nal morphism is the greatest Fv -bisimulation. Now, the thesis follows immediately from Lemma 3.

ut

Lemma 5 (Theorem 33 of [6]). v =app v Using the above lemmata we can establish the validity of the following proof principle:

Theorem 6. Let M; N 2 0, then the following coinduction principle holds: (M; N ) 2 R R is a Fv -bisimulation M v N Remark. A more general coinduction principle can be given introducing the notion of v -bisimulation up to v following [12]. Since for any R; S , if R  v (R1 ) and S  v (S1 ) then R  S  v (R1  S1 ), the following principle holds (M; N ) 2 R R  v (v R v ) M v N 2.2 A nal Description of l in the Hyperset Setting

The set 0 can be endowed with a coalgebra structure appropriate for dealing with l as follows: De nition 12. i) Let Fl : Class ! Class be the endofunctor de ned by

Fl (X ) = (0 ! X ) + fg ; where  is a generic atom; the de nition of Fl on morphisms is canonical. ii) Let (0 ; l ) be the Fl -coalgebra de ned by



u; ) if M 6+l l (M ) = ((v; f(N; MN ) j N 2 0 g) if M +l : Following the same lines of reasoning as in Section 2.1, provided we prove l =app l , we can eventually show that:

Theorem 7. Let M; N 2 0.

i) Then

Ml (M ) = Ml (N ) () M l N :

ii) The following coinduction principle holds: (M; N ) 2 R R is a Fl -bisimulation

M l N The coincidence of the observational equivalence with the applicative equivalence can be proved in various ways (see e.g. [1]). Here we give a syntactical proof, similar to one of those in [1].

Lemma 8. l=app l

Proof. Clearly l app l . In order to show the converse, we proceed by induction on computation steps. Suppose by contradiction that there is a context C [ ] such that C [P ] +l and C [P 0 ] 6+l . Choose a context Cmin [ ] satisfying the property above such that the length of a path starting from Cmin [P ], converging to a value, is minimal. Since Cmin [P ] +l and Cmin [P 0 ] 6+l , an occurrence of P must necessarily appear as the head of a term in the !l -reduction path leading from Cmin [P ] to a value. Consider the rst time in which an occurrence of P appears in the head in the reduction starting from Cmin [P ]. Then we have Cmin [P ] !l PC 0 [P ] and Cmin [P 0 ] !l P 0 C 0 [P 0 ], for some context C 0 [ ]. By de nition of app 0 0 0 applicative equivalence, we have P C [P ] l PC 0 [P 0 ]. Now P +l , otherwise we have immediately a contradiction. Therefore, suppose P +l x:M , we have PC 0 [P ] !l (x:M )C 0 [P ] !l M [C 0 [P ]=x] = C 00 [P ] +l PC 0 [P 0 ] !l (x:M )C 0 [P 0 ] !l M [C 0 [P 0 ]=x] = C 00 [P 0 ] 6+l , for some context C 00 [ ] such that C 00 [P ] converges to a value with a path whose length is strictly less than the length of the converging path of Cmin [P ].

ut

2.3 A nal Description of h in the Hyperset Setting

The set 0 can be endowed with a coalgebra structure appropriate for dealing with h as follows: De nition 13. i) Let Fh : Class ! Class be the endofunctor de ned by Fh (X ) = (0 ! X ) + fg ; where  is a generic atom; the de nition of Fh on morphisms is canonical. ii) Let (0 ; h ) be the Fh -coalgebra de ned by  u; ) if M 6+h h (M ) = ((v; f(N; MN ) j N 2 0 g) if M +h : Following the same lines of reasoning as in Section 2.1, we can show: Theorem 9. Let M; N 2 0. i) Then Mh(M ) = Mh (N ) () M h N : ii) The following coinduction principle holds: (M; N ) 2 R R is a Fh -bisimulation M h N The proofs of the lemmata necessary for showing Theorem 9 are similar to those in Section 2.1, but for: Lemma10. h=app h A proof of this lemma can be achieved along the lines of the corresponding lemma in Section 2.2, extending the notion of app h to open terms. It can be also obtained using Wadsworth's extension of Bohm's \separability" Theorem (see [20]).

2.4 A nal Description of n in the Hyperset Setting The n equivalence does not equate all !n -divergent terms, in fact it is not true that a divergent term applied to any argument always diverges. Hence, in order to de ne a non well-founded nal semantics which induces the n equivalence,

we consider the following functor and coalgebra on -terms, which allow us to distinguish correctly between divergent -terms whose applicative behavior is dierent: De nition 14. i) The endofunctor Fn : Class ! Class is de ned by Fn (X ) = (0 ! X ) + (0 ! X ) ; the de nition of Fn on morphisms is canonical. ii) Let (0 ; n ) be the Fn -coalgebra de ned by  u; f(N; MN ) j N 2 0 g) if M 6+n n (M ) = ((v; f(N; MN ) j N 2 0 g) if M +n : Following the same lines of reasoning as in Section 2.1, we can show: Theorem 11. Let M; N 2 0. i) Then Mn (M ) = Mn (N ) () M n N : ii) The following coinduction principle holds: (M; N ) 2 R R is a Fn -bisimulation M n N The proofs of the lemmata necessary for showing Theorem 11 are similar to those used in Section 2.1, but for: Lemma 12. n=app n A proof of this lemma can be achieved along the lines of the corresponding lemma in Section 2.2, extending the notion of app n to open terms.

2.5 A nal Description of i in the Hyperset Setting A nal semantics inducing the app i equivalence can be given similarly to the previous cases where all divergent terms are equated, say !h . We conjecture the coincidence between i and app i . 2.6 A nal Description of e in the Hyperset Setting The equivalence e does not equates all !e -divergent terms. A nal semantics for handling this observational equivalence can be given along the lines of that for n in Section 2.4. The coincidence between e and app e can be proved using a model theoretic argument similar to that utilized for v in [6]. More details will be given in a forthcoming paper.

3 Yet another nal Description of v in the Hyperset setting In this section we present another nal semantics, inducing the v equivalence, which makes use of a functor dierent from the one considered in the previous section. From this semantics we derive yet another coinduction principle for establishing v . In particular we prove that app v can be viewed as the greatest xed point of the following monotone operator:

De nition 15. Let v : P (0  0) ! P (0  0) be the operator de ned by v (R) = f(M; N ) j (M 6+v ^ N 6+v ) _ (M +v ^ N +v ^ 8P 9Q: ((P; Q) 2 R ^ (MP; NQ) 2 R) ^ 8P 9Q: ((P; Q) 2 R ^ (NP; MQ) 2 R))g: De nition 16. i) Let Gv : Class ! Class be the endofunctor de ned by Gv (X ) = P (X  X ) + fg ; where  is a generic atom; the de nition on morphisms is canonical. ii) Let (0 ; v ) be the Gv -coalgebra de ned by  u; ) if M 6+v v (M ) = ((v; f(N; MN ) j N 2 0 g) if M +v : Lemma13. R is a v -bisimulation if and only if R is a Gv -bisimulation.

Proof. ()) The assertion follows from the de nition of Gv -bisimulation. (() By contradiction.

ut

The following lemma is proved as Lemma 2. Lemma14. The functor Gv has a greatest xed point Yv such that (Yv ; id) is a nal Gv -coalgebra.

De nition 17. Let Nv : 0 ! Yv be the unique Gv -morphism from the Gv coalgebra (0 ; v ) to the Gv -coalgebra (Yv ; id), i.e.:  ) if M 6+v Nv (M ) = ((u; v; f(Nv (N ); Nv (MN )) j N 2 0 g) if M +v : Now we prove that the greatest v -bisimulation, v , coincides with the applicative equivalence app v , and hence that the equivalence induced by Nv coincides with v . To this end we introduce the syntactical counterparts of the relations n introduced in Section 3.1 of [6]. De nition 18. Let P be the initial solution in the category C:P:O:E of the domain equation D = [D !? D]? , i.e. P = lim Pn . Let 0n be the set of all closed -terms whose interpretation, up to isomorphism, belongs to Pn . i) For all n, let nv  0n  0n be the relation inductively de ned as follows 0v = 00  00

nv +1 = f(M; N ) 2 0n+1  0n+1 j 8P; Q 2 0n :(P nv Q ) MP nv NQ)g. ii) For all n, let nv  0n  0n be the relation inductively de ned as follows 0v = 00  00 nv +1 = f(M; N ) 2 0n+1  0n+1 j M 2 00 _ (M 62 00 ^ N 62 00 ^ 8P; Q 2 0n :(P nv Q ) MP nv NQ))g. iii) Since the projections n : P ! Pn are all -de nable (see [6]), say by n , we de ne, for all M 2 0 , Mn to be the term (n M ) 2 0n. In the sequel we use freely that for all M; N 2 0 , (Mn+1 N ) =P (Mn+1 Nn ) =P (Mn+1 Nn )n =P (MNn)n , where =P denotes equality in the model P ; and also that application is monotone w.r.t. P . The following lemma is instrumental:

Lemma 15. o) For all n 2 !, nv is P -saturated, i.e. if M nv N , M =P M 0 and N =P N 0 ,then M 0 nv N 0 . Moreover for all n 2 !, nv is P -saturated, i.e. if M nv N , M P M 0 and N P N 0 , then M 0 nv N 0 . i) For all n 2 !, nv =nv \ nv . ii) For all n 2 !, nv is an equivalence relation. n iii) For all M; N 2 0 , M app v N () 8n 2 !: Mn v Nn : app iv) v v . v) For all n: nv =nv, where nv  0n  0n is inductively de ned as follows: 0v = 00  00 nv +1 = f(M; N ) 2 0n+1  0n+1 j 8P 2 0n 9Q 2 0n ((P; Q) 2nv ^ (MP; NQ) 2nv ) ^ 8Q 2 0n 9P 2 0n ((Q; P ) 2nv ^ (NQ; MP ) 2nv )g. vi) For all M; N 2 0 , M v N () 8n 2 !: Mn nv Nn. Proof. o) Both assertions are easily proved by induction on n. We show only the rst one. The case n = 0 is trivial. Suppose M nv +1 N , M =P M 0 and N =P N 0 , then if P nv Q, we have MP nv NQ, hence by induction hypothesis M 0 P nv N 0 Q. i) The assertion is proved by induction on n, using the fact that, for all n and m such that n + m  1,

M nv +m N ^ P1 vn+m?1 Q1 ^ : : : ^ Pm nv Qm ) MP1 : : : Pm nv NQ1 : : : Qm , which is easily provable by induction on n, regrouping n + 1 + m. ii) Symmetry is proved straightforwardly by induction on n. Re exivity follows from the fact that, for all n and m such that n + m  1, (M 2 0n+m ^ P1 vn+m?1 Q1 ^ : : : ^ Pm nv Qm ) ) MP1 : : : Pm nv MQ1 : : : MQn , which is easily provable by induction on n, regrouping n + 1 + m. Finally, transitivity is proved straightforwardly by induction on n, using re exivity. iii) Immediate from Theorem 33 of [6]. iv) The assertion is easily proved by coinduction. v) The assertion is proved by induction on n. If n = 0 the thesis is trivially true.

Let nv =nv. Then using the induction hypothesis and re exivity of nv , one gets immediately nv +1 nv +1. Now suppose by contradiction that nv +1 6nv +1 . Then there exist M; N such that M nv +1 N and M 6nv +1 N , i.e. there are P; T 2 0n such that P nv T and MP 6nv NT . But there is Q 2 0n such that P nv Q and MP nv NQ. By induction hypothesis, P nv Q and MP nv NQ, hence, by (ii), NQ nv NT and MP nv NT , which is a contradiction. vi) The implication (() follows immediately from (iii), (iv) and (v). The other implication is proved by induction on n. If n = 0 the thesis is trivially true. Let Mn nv Nn . We will show that 8P 2 0n 9Q 2 0n such that P nv Q and Mn+1P nv Nn+1 Q. Let P 2 0n , then there is Q such that P v Q and MP v NQ. By induction hypothesis, (v) and (o) P nv Pn nv Qn , (MP )n nv (NQ)n and Mn+1P nv (NQ)n . Now (NQ)n nv Nn+1 Qn nv Nn+1 P , and in particular Mn+1P nv Nn+1 Qn . Now we show the converse, i.e. Mn+1 P nv Nn+1 Qn . By de nition of v , there exists T such that Qn v T and MT v NQn . By induction hypothesis and (v), Qn nv Tn, hence Tn nv P , and (MT )n nv (NQn )n nv Nn+1 Qn . Hence, Nn+1 Qn nv (MT )n nv Mn+1P . Summing up we have Nn+1 Qn nv Mn+1 P ; and hence P nv Qn and Mn+1 P nv Nn+1 Qn .

ut

Now we can give: Theorem 16. The greatest v -bisimulation, v , coincides with the applicative equivalence app v .

Proof. The thesis follows immediately from points (iii), (v) and (vi) of lemma 15.

Proceeding as in the previous section we can now prove:

ut

Theorem 17. Let M; N 2 0. i) Then

Nn (M ) = Nn (N ) () M v N :

ii) The following coinduction principle holds: (M; N ) 2 R R is a Gv -bisimulation

M v N

4 A syntactical induction-coinduction Principle for v In this section we prove the soundness of an induction-coinduction principle for establishing v -equivalence. This principle should deserve more investigation; however, it can be viewed as a syntactical version of the semantical inductioncoinduction principle appearing in [14]. We use the notation introduced in the previous section.

De nition 19. Let T : P (0  0)  P (0  0) ! P (0  0)  P (0  0) be the operator de ned by

T (R?; R+ ) = (f(M; N ) j (M 6+v ^ N 6+v ) _ (M +v ^ N +v ^ 8(P; Q) 2 R+ : (MP; NQ) 2 R? )g; f(M; N ) j (M 6+v ^ N 6+v ) _ (M +v ^ N +v ^ 8(P; Q) 2 R?: (MP; NQ) 2 R+ )g).

De nition 20. A relation R  0  0 is -inclusive if for all M; N 2 0, if for all n 2 ! there exist M 0 ; N 0 such that (M 0 ; N 0 ) 2 R, M 0 v Mn and N 0 v Nn , then (M; N ) 2 R. Theorem 18. Let R?; R+ be two relations on 0  0 such that R+ is inclusive. Then the following principle holds

R?  1 (T (R? ; R+)) 1 (T (R+; R? ))  R+ R? v  R+ Proof. First of all we prove by induction on n that, for all n, Ren? nv R+ ; where Ren? = f(M; N ) 2 0n  0n j 9(P; Q) 2 R? :(Pn v M ^ Qn v N )g. The base case (n = 0) follows trivially from the hypotheses of the principle. Suppose that Ren? nv  R+ . Then, since (nv +1 ; nv +1 ) = T (nv; nv) \ (0n+1  0n+1 ) and T is monotone in the rst component and antimonotone in the second component, we have: 1. nv +1  1 (T (nv ; Ren?))\(0n+1 0n+1 ) = 1 (T (nv ; R?))  1 (T (R+ ; R?))\ (0n+1  0n+1 )  R+ , where the equality is established using (MNn )n v (Mn+1 Nn ). 2. Ren?+1  1 (T (Ren?; nv )) \ (0n+1  0n+1)  1 (T (nv ; nv)) \ (0n+1  0n+1) = nv +1 , where the rst inclusion follows, using (MNn)n v (Mn+1 Nn ), from R?  1 (T (R?; nv )), which in turn is a consequence of the left hypothesis of the principle and the induction hypothesis. Now the inclusion v  R+ follows immediately from the fact that R+ is inclusive, while the inclusion R? v can be directly obtained by contradiction.

ut

5 Final Remarks The constructions carried out in this paper raise many open questions and all should deserve more investigations. For lack of space, we can give here only a list of conjectures, claims and concise remarks. We shall elaborate on them in a forthcoming paper.

1. Coinductive characterizations of app  are useful in factoring out the complexity of establishing observational equivalences between -terms. It would be interesting to compare the strength of coinduction principles to that of other tools, e.g. \approximation theorems" such as arise from \computationally adequate" mathematical models (see [20, 6, 11]). Here are some equivalences on which to test the power of coinduction principles: { divergent terms are  for  2 fv; l; h; ig; { black holes (i.e. closed -terms M s.t. 8P: MP ! M ) are  for  2 fv; l; h; i; n; eg; { appropriate classes of xed point operators are  for each ; { many identities involving xed points (e.g. the double iteration identity, i.e. Fix(x:(Fix(y:fxy)))  Fix(x:fxx)), hold, for each , for appropriate classes of xed points. 2. We have considered only coinductive characterizations of equivalence relations. We could have discussed, more generally, coinductive principles for establishing partial orders such as observational approximation and applicative approximation. These are obtained by replacing the bi-implication in the \equitermination" predicate by a simple implication. 3. All the nal semantics that we have introduced do not yield \standard" denotational models for -calculus. Nevertheless, they can count as compositional, in that they induce observational equivalences, which are congruences w.r.t. the syntactical operators of the language. They can be seen to provide, in eect, alternative presentations of the, obviously fully abstract, term model. To this end it is useful to extend the equivalences considered to open -terms: Let  2 fv; l; h; n; i; eg and let P; P 0 2  be s.t. FV (P; P 0 )  fx1 ; : : : ; xn g. 0 0 app We say that P app  P if and only if, for all P1 ; : : : ; Pn 2  , P [Pi =xi ]  0 P [Pi =xi ]. Models could have been de ned also using the technique of processes as terms introduced by J.J.M.M.Rutten (see [17, 19]). 4. We conjecture that both the syntactical induction-coinduction principle and the alternative nal description of v could be de ned and shown to hold for all the observational equivalences discussed in the paper. For instance, the de nitions and proofs, presented here for v , can be readily adapted to the case of e . The crucial fact is that both equivalences have \computationally adequate" inverse limit models with -de nable projections. And hence one can obtain  (for  2 fv; eg) by de ning inductively on approximations a quotient of the interior of the model. This is shown for v in [6]; the appropriate denotational model for e is the one discussed in [11]. 5. Purely set theoretic models in ZF ? X1 , where values are modeled by settheoretic functions, can be readily obtained for v and l if we modify the de nition of the functors Fv ; Fl ; Gv by replacing the disjoint union by the set-theoretic union and the atom  by the empty set.

References 1. S.Abramsky, L.Ong, Full Abstraction in the Lazy Lambda Calculus, Information and Computation, 105(2):159{267, 1993. 2. P.Aczel, Non-wellfounded sets, Number 14, Lecture Notes CSLI, 1988. 3. P.Aczel, N.Mendler, A nal coalgebra theorem Category Thepry and Computer Science Proceedings, D.Pitt et al. eds., Springer LNCS n.389:357-365, 1989. 4. H.Barendregt, The Lambda Calculus, its Syntax and Semantics, North Holland, Amsterdam, 1984. 5. M.Coppo, M.Dezani-Ciancaglini, M.Zacchi, Type Theories, Normal Forms and D1 -Lambda-Models, Information and Computation, 72(2):85{116, 1987. 6. L.Egidi, F.Honsell, S.Ronchi Della Rocca, Operational, denotational and logical Descriptions: a Case Study, Fundamenta Informaticae, 16(2):149{169, 1992. 7. M.Fiore, A Coinduction Principle for Recursive Data Types Based on Bisimulation, 8th LICS Conference Proceedings, IEEE Computer Society Press:110-119, 1993. 8. M.Forti, F.Honsell, Set Theory with Free Construction Principles, Annali Scuola Normale Sup. Pisa, Cl. Sci., (IV), 10:493{522, 1983. 9. M.Forti, F.Honsell, M.Lenisa, Processes and Hyperuniverses, MFCS'94 Conference Proceedings, I.Privara et al. eds., Springer LNCS n.841:352-363, 1994. 10. F.Honsell, M.Lenisa, Some Results on Restricted -calculi, MFCS'93 Conference Proceedings, A.Borzyszkowski et al. eds., Springer LNCS n.711:84-104, 1993. 11. F.Honsell, S.Ronchi Della Rocca, An approximation theorem for topological lambda models and the topological incompleteness of lambda calculus, J. of Computer and System Sciences (45) 1:49-75, 1992. 12. R.Milner, Operational and Algebraic Semantics of Concurrent Processes, Handbook of Theoretical Computer Science, Ch.19, 1990. 13. C.H.L.Ong, The lazy lambda calculus: an investigation into the foundations of functional programming, Ph.D. thesis, Imperial College of Science and Technology, University of London, 1988. 14. A.M.Pitts, Relational Properties of Recursively De ned Domains, 8th LICS Conference Proceedings, IEEE Computer Society Press:86-97, 1993. 15. G.D.Plotkin, Call-by-name, Call-by-value and the -calculus, Theoretical Computer Science (1):125-159, 1975. 16. S.Ronchi Della Rocca, International Summer School in Logic for Computer Science, Chambery 28/6 { 9/7 1993, lecture notes. 17. J.J.M.M.Rutten, Processes as terms: non-wellfounded models for bisimulation, Math.Struct.Comp.Sci., 2(3):257{275, 1992. 18. J.J.M.M.Rutten, D.Turi, On the Foundations of Final Semantics: Non-Standard Sets, Metric Spaces, Partial Orders, REX Conference Proceedings, J.deBakker et al. eds., Springer LNCS n.666:477-530, 1993. 19. D.Turi, B.Jacobs, On nal Semantics for applicative and non-deterministic languages, Fifth Biennial Meeting on Category Theory and Computer Science, Amsterdam, 1993. 20. C.P.Wadsworth, The relation between computational and denotational properties for Scott's D1 -models of the -calculus, SIAM J. of Computing, 5(3):488-521 ,1976.

Appendix A We recall some categorical de nitions (for more details see [18]).

De nition 21 (F-coalgebra). Let C be a category and F : C ! C an endofunctor. i) A F -coalgebra is a pair (A; ), where A is an object of C and  : C ! F (C ) is a morphism of C . ii) Let CF be the category whose objects are F -coalgebras and whose morphisms are F -coalgebra morphisms. A F -coalgebra morphism f : (A; ) ! (B; ) is an arrow f : A ! B in the category C such that the following diagram commutes:  F (A) A f

?

B

F (f )

- F (B?)



De nition 22 (F -bisimulation). Let C be a category with products. Let F : C ! C be an endofunctor and (A; ) a F -coalgebra. A F -bisimulation on the F coalgebra (A; ) is a relation R  A  A such there exists an arrow : R ! F (R) which makes the following diagram commutes: 1 A  R



2

-

A 

? F ( ) F (?R) F (2)-F (?A) F (A)  1 In the following de nition we recall the Antifoundation Axiom FCU and the Super Strong Extensionality Axiom up to the set of atoms U (SSExtU ), which is a consequence of FCU and gives an interesting characterization of the equality between sets (for more details see [8]): De nition 23. i) Unique Free Construction with respect to a set U of atoms FCU : Let X be a set such that X \ U = ;. For every function f : X ! P (X [ U ) there is a unique function g : X ! V verifying g(x) = (f (x) \ U ) [ fg(y) j y 2 f (x) \ X g; 8x 2 X: ii) Super Strong Extensionality Axiom up to the set of atoms U SSExtU : Let V be the set theoretic Universe. Two sets X; Y are equal if and only if there exists a relation R  V  V such that (X; Y ) 2 R and R  (R)+ , where ( )+ is the operator on relations de ned by (R)+ = f(X; Y ) j X \ U = Y \ U and 8W 2 (f (X ) n U ):9Z 2 (Y n U ): (W; Z ) 2 R and 8W 2 (Y n U ):9Z 2 (X n U ): (W; Z ) 2 Rg. (Categorically, R is a P ( ) + U -bisimulation on the coalgebra (V; id).) This article was processed using the LATEX macro package with LLNCS style