filter models for conjunctive-disjunctive λ-calculi

Filter Models for Conjunctive-Disjunctive

�-calculi?

Mariangiola Dezani-Ciancaglini 1 Ugo de'Liguoro 1 Adolfo Piperno 2

1 Dipartimento di Informatica, Universit�a di TorinoCorso Svizzera 185, 10149 Torino, Italyfdezani,[email protected]

2 Dipartimento di Scienze dell'InformazioneUniversit�a di Roma \La Sapienza"Via Salaria 113, 00198 Roma, [email protected]

January 24, 1996

Abstract. The distinction between the conjunctive nature of non-determinism as opposed to the dis-junctive character of parallelism constitutes the motivation and the starting point of the present work.�-calculus is extended with both a non-deterministic choice and a parallel operator; a notion of reductionis introduced, extending �-reduction of the classical calculus.We study type assignment systems for this calculus, together with a denotational semantics which is initiallyde�ned constructing a set semimodel via simple types. We enrich the type system with intersection andunion types, dually re ecting the disjunctive and conjunctive behaviour of the operators, and we build a�lter model. The theory of this model is compared both with a Morris-style operational semantics andwith a semantics based on a notion of capabilities.

1 Introduction

A variety of non-deterministic and parallel operators have been added to the �-calculus by several

authors with di�erent aims. One has been the study of non-determinism in the functional setting

(see e.g. [7, 14, 2] and more recently [1, 36]), i.e. the study of (computable) multivalued functions.

This view is strictly connected with the theory of powerdomains introduced in [38, 43].

These e�orts receive new interest in connection with recent research activities aiming at a

theory of higher-order communicating processes. So it is natural to ask for a theory in which

communication embodies functional application. This has been studied by Thomsen in [44] and by

Boudol in [15] explicitly, while it is an implicit theme in current research on Milner's �-calculus

[32].

Non-determinism and parallelism (usually represented by an interleaving operator) are fun-

damental concepts in process algebra theory. Combining them and �-calculus can enlighten the

theory of higher-order process algebras. Indeed an open problem with the former theory is the

lack of a good denotational semantics. It is encouraging that a main step toward a de�nition of

? This work has been partially supported by grants from ESPRIT-BRA 7232 GENTZEN and from CNR-

GNASAGA.

M.Dezani-Ciancaglini, U.de'Liguoro and A.Piperno - Conjunctive-Disjunctive �-calculi 2

what is a model of a higher-order process algebra has been done by Hennessy in [22] by resorting

to logical models of type-free lazy �-calculus. On the other hand higher-order process algebras

may be helpful in understanding �-calculus theories capturing evaluation strategies, like lazy and

call-by-value �-calculi, as shown in [31, 44, 41].

Extensions of the �-calculus with non-deterministic and/or parallel operators have been also

considered in order to gain de�nability of combinators like Plotkin's parallel-or [37]. These ex-

tensions increase the power of the �-calculus to detect convergence internally (easily done by

call-by-value mechanisms) also in those cases in which a term converges as soon as at least one

of its subterms does, no matter in which order they are evaluated. This amounts to have the de-

�nability of all compact points in a standard model, that is, by Milner's theorem, to have a fully

abstract interpretation for the language.

In [16] an analysis of parallel-or in terms of an asynchronous parallel operator (k) and call-

by-value abstraction is proposed. Because of this asynchronicity, a term MkN can be reduced

independently on both sides; to make it convergent if and only if M or N are, Boudol de�nes a

term to be convergent if at least one of its possible computations (properly reductions) ends, what

is called a may convergency notion. In the same paper a fully abstract, denotational semantics is

provided for this calculus. This semantics is based on the Stone duality paradigm, implicitly intro-

duced for use in denotational semantics in [42] [13]. This paradigm has been explicitly advocated

in [3], where the �lter model construction of [13] has been put in its right mathematical setting. A

full abstraction theorem is then stated and proved.

The investigation carried out in [16] has been pursued further by the present authors both

in a richer setting and in a di�erent perspective in [20]. In that paper we consider the calculus

proposed by Ong in [35]. It includes a parallel and a non-deterministic operator, as well as call-by-

name and call-by-value abstractions. To gain the expected behaviour, the parallel operator (always

denoted by k) is a synchronous operator. The non-deterministic operator (denoted by +) is instead

an internal choice operator. By synchronicity, a term MkN is irreducible as soon as M or N is

in normal form, and hence there is no need for a may convergency predicate. This choice makes

explicit the di�erent meanings of k and +, which are kept distinct by stipulating that a term is

convergent if and only if all its reductions eventually stop, that is by using a must convergency

criterion.

In [20] we construct a denotational model by means of a logical system. This time, however,

intersection type discipline does not su�ce any more (as in case of [16]). We use also union types,

introduced for the classical �-calculus in [11]. The operators k and + are respectively interpreted

as join and meet over the semantic domain, and they are dually typed by intersection and union.

Even in this case a fully abstract semantics is obtained.

[6] de�nes a powerdomain functor, which has the features of being convex and of preserving

algebraic lattices. This allows to give a fully abstract interpretation of a call-by-name and call-

by-value lazy �-calculus enriched with a parallel operator, a non-deterministic operator and an

operator mapping a set of terms into its join.

[16], [20], and [6] consider variants of the lazy �-calculus. The present paper aims instead

to study the full classical �-calculus extended with k and +. This essentially amounts to allow

reduction under abstraction and evaluation of the argument even before passing it.


Since the original paper [4] by Abramsky and Ong, it has been argued that the lazy �-calculus

is a better model of actual implementations of functional programming languages like Scheme.

Indeed these languages do not evaluate the bodies of functions before formal parameters have

been replaced by the arguments to which functions are applied. Similarly they do not evaluate the

arguments before passing them.

There is, however, a missing point in treating functional languages in a lazy perspective. In that

setting we are forced to look at functions in a merely extensional way, that is as black boxes whose

di�erent behaviours can be detected just testing them against application to suitable arguments

and waiting for the output (but also, possibly, waiting forever). As a matter of fact, the semantics

of the lazy �-calculus has been de�ned in [4] by introducing the notion of functional bisimulation,

which is nothing but a sophisticated version of the extensional idea.

The unfolding semantics (sometimes called algebraic semantics) is a well established theory of

recursive languages, originated with Tarsky's �xed point theorem and with Kleene's �rst recursion

theorem. This theory has its �-calculus counterpart in the notion of B�ohm tree, which �nely recover

topological ideas from the syntactical notions of head normal forms and separability (see [12]). Now

it seems that such a theory does not exist in the case of lazy �-calculus. As a matter of fact, the

problem cannot be remedied by resorting to L�evy-Longo trees, since they induce a �ner semantics

than functional bisimulation (this has been shown in Ong's thesis [34]). This justi�es our choice of

considering the classical �-calculus.

In the present paper we give a semantics based on the notion of unfolding for our parallel and

non-deterministic extension of classical �-calculus. This is not achieved by means of trees, but by

using the equivalent notion of approximant originated, in the case of �-calculus, from the works of

L�evy [28] and Wadsworth [45].

In the �rst section of the paper we introduce the syntax of the calculus and two reduction

relations. The �rst one explicitly makes the + into a choice operator, while the second one, instead,

simulates the choice by a distribution law. Adapting to the present case the notion of head reduction

and head normal form, we prove that both reductions de�ne the same set of solvable terms, so

that in the following we study the second reduction relation which is technically easier to handle.

After a short discussion of the contextual theory induced by the set of solvable terms, we de�ne

the concept of approximant and the connected notion of capability (reminiscent of the homonymous

notion in [35]), formally setting the unfolding semantics that we study.

In the subsequent two sections we introduce a type assignment system in two steps. The �rst

one considers just Curry types, simply adding to the assignment system the rules for typingMkN

and M + N . As a preliminary result we get Plotkin's set semimodel [39] for our calculus and the

equational theory on terms which it induces. We then enrich the type syntax with intersection,

union types, and the universal type !. Types are partially ordered so that they give rise, by the

usual �lter construction, to a distributive lattice which, as a domain, is an !-algebraic prime

lattice. We refer to [5] for more details and for the description of the domain equation underlying

the construction, which involves both lower and upper powerdomain functors, combined with the

space of Scott-continuous functions. By adding a subtyping rule and an intersection introduction

rule, the type assignment system turns out to be sound and complete with respect to �-lattices,

which are �-models with a lattice structure.


The last section contains the main results of the paper, namely the approximation theorem and

the full abstraction theorem. Roughly speaking, the approximation theorem says that the set of

types of any term is the union of all types that can be given to its approximations, hence being

the limit of them in the logical semantics. The full abstraction theorem states that the unfolding

semantics and the logical semantics are actually the same. Moreover, we get that solvable terms

are characterized as those terms which are typeable by a type which is not equivalent to !.

Some of the results of the present paper were stated in [19], where only the reduction relation here

called �!pn was considered.

2 Conjunctive and Disjunctive �-calculus

In this section we give the syntax of our calculus and prove the basic properties of two reduction

relations. The general theme is that of distinguishing between non-determinism and parallelism.

It is certainly debatable whether these two notions have to be kept distinct, since in many

cases parallelism is explained in terms of non-determinism. This is true in particular when the aim

of parallelism is the possibility of handling simultaneously several di�erent computations and of

terminating as soon as one of these computations terminates.

But if we implement this device using a choice operator, then we must assume the existence of

an oracle which, at each stage, will suggest the right decision. In this way the oracle will prevent

any non terminating computation, whenever at least one output of the non-deterministic program

exists. This is no more necessary if, instead, we use an operator which does not make choices, but

which evaluates in a synchronous way its arguments. I.e. an operator which does one reduction

step only when both its arguments are reducible, and which stops otherwise.

On the contrary the choice operator comes out as a tool for representing programs whose

behaviour can be determined, at a certain time, by unpredictable events. In this case the choice

has no guidance. Therefore the criterion of taking into account all possible cases when studying

the convergency of the program (that is the total correctness criterion) is the most natural one.

We will analyze the distinction between the internal choice operator and the parallel syn-

chronous operator using the logical distinction between disjunction and conjunction in section

5.

2.1 �-calculus with Choice and Parallel Operators

Let �+k be the set of pure �-terms enriched with the binary operators + and k, that is the set of

expressions generated by the following grammar:

M ::= x j �x:M jMM jM +M jMkM

where x ranges over a denumerable set Var of variables. As usual, FV (M ) is the set of variables

which occur free in M . To simplify notation we assume that abstraction and application take

precedence over + and k.

As usual, if �!R is a one-step reduction relation on �+k, then �!� R and =R denote the

transitive and re exive, the transitive and re exive and symmetric closure of �!R, respectively.

Finally �!n R means the n-times self-composition of �!R.


To extend the �-reduction relation �!� of classical �-calculus to �+k, we explicitly mention

rules (�), (�) and (�), instead of considering the closure under contexts of the �-rule. Therefore we

implicitly forbid reductions of the form:

M �! N ) op(: : : ;M; : : :) �! op(: : : ; N; : : :)

where op is either + or k.

We also de�ne explicitly the subrelation of �!� called in the literature head reduction (see [12]

also for the subsequent notion of solvable terms).

De�nition1.

(i) The relation �!� is the least binary relation on �+k de�ned by:

(�) (�x:M )N �!� M [N=x] (�) M �!� N ) LM �!� LN

(�) M �!� N )ML �!� NL (�) M �!� N ) �x:M �!� �x:N .

(ii) The relation �!h� is the least binary relation on �+k satisfying (�) and (�) above and

(��) M �!h� M

0 and M 62 Abst)MN �!h� M

0N

where Abst = f�x:P j P 2 �+k; x 2 Varg.

In the solvability theory of the classical of �-calculus, meaningful terms are not just those

possessing a normal form with respect to �!�, but more in general those which determine a

terminating �!� reduction, when applied to suitable terms. These are characterized as those

terms having a normal form with respect to the �!h� relation (see [12] Theorem 8.3.14). This

normal form is called head normal form, and, in view of the characterization just mentioned, terms

possessing a head normal form are called solvable.

De�nition2. The subset of �+k

SOL� = fM j 9M 0: M �!h�� M

0 and : 9N: M 0 �!h� Ng

is the set of �-solvable terms.

Note that �!h�-reduction is deterministic since any term has at most one head redex because

of rule (��). Hence we have immediately:

M 2 SOL� , 9n 8m � n: : 9N: M �!hm� N:

2.2 The Parallel and Non-deterministic Calculus

In this subsection we think of + as an internal choice operator and of k as a synchronous parallel

evaluator of its arguments. Indeed, rule (+c) allows to freely choose between the arguments of +.

Instead, MkN reduces according to rule (ks) only when both M and N reduce. Moreover, since

every term represents a function in the �-calculus, we further de�ne MkN as the function which,

when applied to some L, returns MLkNL (rule (kapp)). All this is formalized in the following

de�nition.

De�nition3.

(i) The relation �!pn (Parallel and Non-deterministic reduction) is the least binary relation on

�+k satisfying (�), (�), (�), (�) and


(+c) M +N �!pn M; M + N �!pn N

(ks) M �!pn M0; N �!pn N

0 )MkN �!pn M0kN 0

(kapp) (MkN )L �!pn MLkNL.

(ii) The relation �!hpn (Parallel and Non-deterministic head reduction) is the least binary rela-

tion on �+k satisfying (�), (�), (+c), (ks), (kapp) and

(�pn) M �!hpn M

0 and M 62 Abst [ Par)MN �!hpn M

0N

where Par = fPkQ j P;Q 2 �+kg.

Because of rule (+c), the relation �!pn is not con uent. Moreover, because of rule (ks), the

set of \head redexes" of a term M (that is the set of redexes that will be contracted in the �rst

step of a �!hpn reduction) can be larger than a singleton. These facts imply that a term M may

have more than one immediate reduct with respect to �!hpn (but always �nitely many).

Consequently there are at least two natural ways of extending the notion of solvability to �!pn.

We could say that M is solvable if at least one �!hpn reduction starting fromM ends in a (head)

normal form. This de�nition, however, does not distinguish between + and k by the property of

being solvable. Indeed, both M + N and MkN would be solvable if and only if either M or N is

solvable.

Since we are looking for a semantics keeping distinct + and k wrt convergency, we de�ne M to

be solvable if and only if all head reductions starting from it terminate. We immediately have that

M +N is solvable if and only if both M and N are, while MkN is solvable if and only if either M

is solvable or N is solvable.

As observed above, the reduction tree of any term under the relation �!hpn is a �nitary tree,

hence by K�onig's Lemma, it is �nite if and only if all its branches have �nite lengths, i.e. there is

an upper bound to the length of all head reductions of the given term. We use this in the following

de�nition.


SOLpn = fM j 9n 8m � n: : 9N: M �!hmpn Ng

is the set of pn-solvable terms.

As observed above, this de�nition of solvability �ts well with the conjunctive behaviour of +

and the disjunctive behaviour of k since

M + N 2 SOLpn , M 2 SOLpn and N 2 SOLpn

while

MkN 2 SOLpn , M 2 SOLpn or N 2 SOLpn:

For example, if I � �x:x, and � � �x:xx, we have that I + � is pn-unsolvable, since

I + �� !hpn �� !h

pn ��. Instead Ik�� is a normal form, so a fortiori it is pn-solvable.

�x:(xI + x(��)) is a pn-solvable term, since it head reduces to �x:xI and to �x:x(��). Notice

that �x:x(��) reduces to itself, but it is a head normal form.


2.3 Synchronous and Asynchronous Calculus

We introduce a slightly di�erent reduction relation, still extending �-reduction and still ascribing a

conjunctive semantics to + and a disjunctive one to k. The aim is that of eliminating rule (+c). The

advantage will be that the existence of a �nite reduction path out of a term assures the solvability

of the term (see Corollary 9). In this reduction + is an asynchronous evaluator of its operands,

while k is a synchronous one. Moreover, both + and k have the feature of passing to their operands

any argument to which they apply.

De�nition5.

(i) The relation �!sa (Synchronous and Asynchronous reduction) is the least binary relation

on �+k satisfying (�); (�), (�); (�), (ks); (kapp) and

(+a) M �!sa M0 )

(M + N �!sa M 0 +N

N +M �!sa N +M 0

(+app) (M + N )L �!sa ML +NL:

(ii) The relation �!hsa (Synchronous and Asynchronous head reduction) is the least binary re-

lation on �+k satisfying (�), (�), (+a), (+app), (ks), (kapp) and

(�sa) M �!hsa M

0 and M 62 Abst [ Par [ Sum)MN �!hsa M

0N

where Sum= fP +Q j P;Q 2 �+kg.

Even if rule (+c) has been dropped, the presence of rule (+a), together with the synchronous

character of k, implies that �!sa is not Church-Rosser. For example, being I � �x:x, if P �!sa P 0

and Q �!sa Q0, then (P +Q)kII reduces both to (P 0+Q)kI and to (P +Q0)kI. These are normal

forms, since the reducibility of a parallel composition requires reducibility of both its operands.

For the same reason the head reduction �!hsa is non-deterministic. Consequently, we de�ne

the notion of sa-solvability in the same way as we did for pn-solvability.


SOLsa = fM j 9n 8m � n: : 9N: M �!hmsa Ng

is the set of sa-solvable terms.

The di�erence between + and k with respect to the solvability criterion is still expressed as

follows

M +N 2 SOLsa , M 2 SOLsa and N 2 SOLsa

while

MkN 2 SOLsa , M 2 SOLsa or N 2 SOLsa:

In spite of the lack of the Church-Rosser property, the existence of a �nite �!hsa-reduction

path now implies the �niteness of all �!hsa-reduction paths. To prove this we need to prove a more

general statement, since a stronger induction hypothesis is used when dealing with rules (�) and

(�sa). In particular, (�sa) forces us to consider term vectors and consequently rule (�) forces us to

consider substitutions (see Proposition 8).


The following properties of the reduction relation �!hsa are crucial in subsequent proofs. They

are an immediate consequence of the constraint in rule (�sa).

Proposition7.

(i) If P 2 Abst [ Par [ Sum, then any head reduction out of PL0~L will start by reducing the

subterm PL0.

(ii) If P � P1 op P2 (where op is + or k) then any exhaustive head reduction of PL0 � � �Lk�1

will start with k steps leading to P1L0 � � �Lk�1 op P2L0 � � �Lk�1.

As usual a substitution is a map from variables to terms which is the identity for all variables but

a �nite set.

Proposition8. If M �!hsa N , then

8(�)r; ~L: Nr~L 2 SOLsa , Mr~L 2 SOLsa;

where (�)r ranges over substitutions and ~L is a vector of terms.

Proof. By induction on the de�nition of �!hsa.

Case (+a) : then M � P + Q �!hsa P 0 + Q � N with P �!h

sa P 0. Now

(P 0r +Qr)~L 2 SOLsa , P 0r~L+ Qr~L 2 SOLsa

, P 0r~L 2 SOLsa and Qr~L 2 SOLsa

, Pr~L 2 SOLsa and Qr~L 2 SOLsa by induction

, Pr~L +Qr~L 2 SOLsa

, (Pr + Qr)~L 2 SOLsa

where the ( part of the �rst implication and the last , are trivial if the vector ~L is empty.

Otherwise they readily follows from 7(i).

Case (+app) : then M � (P +Q)R �!hsa PR+QR � N . We have:

(PrRr +QrRr)~L 2 SOLsa , (Pr + Qr)Rr~L 2 SOLsa

as in previous case.

Case (ks) : then M � PkQ �!hsa P 0kQ0 � N with P �!h

sa P 0 and Q �!hsa Q

0. Then this case is

similar to case (+a), where + is replaced by k and \: : : 2 SOLsa and : : : 2 SOLsa" is replaced

by \: : : 2 SOLsa or : : : 2 SOLsa".

Case (kapp) : same as case (+app) where + is replaced by k.

Case (�) : then M � (�x:P )Q �!hsa P [Q=x] � N . By 7(i), the �rst step out of (�x:Pr)Qr~L

must be a �-reduction. Then

Mr~L � (�x:Pr)Qr~L 2 SOLsa , Nr~L � Pr[Qr=x]~L 2 SOLsa:

Note that, being x bound in �x:P , we can freely assume that the substitution (�)r does not

a�ect it.

Case (�) : then M � �x:P �!hsa �x:P 0 � N with P �!h

sa P 0. If the vector ~L is empty, then the

thesis follows from the induction hypothesis. Otherwise, taking the non empty vector L0~L, the

�rst step out of (�x:P 0r)L0~L will be a �-reduction by 7(i). Then:

(�x:P 0r)L0~L 2 SOLsa , (P 0r[L0=x])~L 2 SOLsa

, (Pr[L0=x])~L 2 SOLsa by induction

, (�x:Pr)L0~L 2 SOLsa;


where in the induction hypothesis the substitution is the composition of (�)r and [L0=x]. As

in case (�) we assume that (�)r does not substitute for x.

Case (�sa) : then M � PQ �!hsa P

0Q � N with P �!hsa P

0. Then, by the induction hypothesis,

taking the vector Qr~L, we immediately have that

Nr~L � P 0rQr~L 2 SOLsa , PrQr~L �Mr~L 2 SOLsa:

2

Corollary9. M 2 SOLsa , 9M 0: M �!h�sa M

0 and : 9N: M 0 �!hsa N:

Proof. ) is trivial.

The proof of ( follows by straightforward induction on the length of the reduction M �!h�sa M

0

using Proposition 8 with the identical substitution and the empty vector. 2

2.4 Relationships between the two Calculi

Even if the reductions �!hpn and �!h

sa are di�erent, as it is clear also from Corollary 9, they are

equivalent in the sense that they determine the same set of solvable terms, i.e. SOLpn and SOLsa

coincide.

To show this we need a de�nition and some Lemmas, all proved by induction on the structure

of one-step head reductions.

De�nition10. De�ne SOLnsa as the set of terms whose longest �!hsa reduction has at most n

steps, i.e.:

SOLnsa = fM j 8m � n: : 9N: M �!hm

sa Ng:

Comparing this with De�nition 6 it is clear that SOLsa =Sn�0 SOL

nsa.

The �rst lemma connects the reduction �!hpn with the set SOLnsa.

Lemma11. If M �!hpn N then, for all ~L and substitutions (�)r:

Mr~L 2 SOLnsa ) 9m � n: Nr~L 2 SOL

msa:

Moreover, if m = n, then we used rule (+c) in deriving that M �!hpn N .

Proof. By induction on �!hpn.

Case (+c) : then M � P + Q �!hpn P � N , say.

If (P+Q)r~L � (Pr+Qr)~L 2 SOLnsa and r is the length of

~L, then by 7(ii) any�!hsa reduction

out of (Pr + Qr)~L will produce Pr~L + Qr~L in r steps. Hence Pr~L +Qr~L 2 SOLn�rsa and,

a fortiori, Pr~L 2 SOLn�rsa . If ~L is empty, we get m = n.

Case (ks) : then M � PkQ �!hpn P

0kQ0 � N with P �!hpn P

0 and Q �!hpn Q

0.

Now if r is the length of ~L, then

Mr~L � (PrkQr)~L 2 SOLnsa ) Pr~LkQr~L 2 SOL

n�rsa

) Pr~L 2 SOLn�rsa or Qr~L 2 SOL

n�rsa

) 9m � n � r: P 0r~L 2 SOLmsa or Q0r~L 2 SOLmsaby induction

) 9m � n � r: (P 0rkQ0r)~L � Nr~L 2 SOLm+rsa


and clearly m + r � n.

Notice that if ~L is empty, we can have m = n. In this case Pr~L 2 SOLnsa or Qr~L 2 SOL

nsa. So

we have by induction that we used rule (+c) in deriving P �!hpn P 0 or Q �!h

pn Q0. Therefore

rule (+c) has also been used in deriving M �!hpn N .

Case (kapp) : then M � (PkQ)R �!hpn PRkQR � N .

If ((PkQ)R)r~L � (PrkQr)Rr~L 2 SOLnsa, then we immediately have

(PrRrkQrRr)~L � (PRkQR)r~L 2 SOLn�1sa :

Case (�) : then M � (�x:P )Q �!hpn P [Q=x] � N .

Now for all (�)r ((�x:P )Q)r � (�x:Pr)Qr up to renaming of the bound variable x, and for

all ~L, any �!hsa reduction out of (�x:Pr)Qr~L will start by

(�x:Pr)Qr~L �!hsa P

r[Qr=x]~L

hence, if (�x:Pr)Qr~L 2 SOLnsa, then Pr[Qr=x]~L 2 SOL

n�1sa .

Case (�) : then M � �x:P �!hpn �x:P 0 � N , with P �!h

pn P 0.

Now, up to renaming of the bound variable x, (�x:P )r � �x:Pr. Assume that (�x:Pr)~L 2

SOLnsa, then if ~L is empty the thesis follows immediately by induction. Otherwise the �rst step

of any �!hsa will be

(�x:Pr)Q~L �!hsa P

r[Q=x]~L;

so that Pr[Q=x]~L 2 SOLn�1sa . From the induction hypothesis there exists m � n� 1 such that

P 0r[Q=x]~L 2 SOLmsa

which implies that

(�x:P 0r)Q~L 2 SOLm+1sa

and clearly m + 1 � n.

Case (�pn) : then M � PQ �!hpn P 0Q � N with P �!h

pn P 0, where P 62 Abst [ Par.

Now, if (PQ)r~L � PrQr~L 2 SOLnsa, then by induction and considering the vector Qr~L we

have P 0rQr~L 2 SOLmsa for some m � n and we are done.

If m = n, then by induction we used rule (+c) in deriving P �!hpn P 0. Therefore we used rule

(+c) also in deriving M �!hpn N . 2

Lemma12. If M �!hsa M

0 then, for all ~L and substitution (�)r:

M 0r~L 62 SOLsa ) 9N: Nr~L 62 SOLsa and M �!hpn N :

Proof. By induction on �!hsa.

Case (+a) : then assume that M � P +Q �!hsa P

0 + Q � M 0 with P �!hsa P

0. Now

(P 0r +Qr)~L 62 SOLsa ) P 0r~L 62 SOLsa or Qr~L 62 SOLsa :

If P 0r~L 62 SOLsa , choosing N � P , we have

M � P +Q �!hpn N

and by Proposition 8

P 0r~L 62 SOLsa ) Pr~L 62 SOLsa:

Otherwise, if Qr~L 62 SOLsa, we take N � Q and we have M � P + Q �!hpn N . The case

M � P + Q �!hsa P +Q0 � M 0, with Q �!h

sa Q0, is symmetric.


Case (+app) : then M � (P +Q)R �!hsa PR+QR �M 0. Now

(PrRr +QrRr)~L 62 SOLsa ) PrRr~L 62 SOLsa or QrRr~L 62 SOLsa :

If PrRr~L 62 SOLsa, then it su�ces to choose N � PR, with (P +Q)R �!hpn PR. Otherwise

QrRr~L 62 SOLsa, so that we choose N � QR and we conclude similarly.

Case (ks) : then M � PkQ �!hsa P

0kQ0 � M 0 with P �!hsa P 0 and Q �!h

sa Q0. If (P 0rkQ0r)~L 62

SOLsa, then both P 0r~L 62 SOLsa and Q0r~L 62 SOLsa, so that, by induction

9N1; N2: Nr1~L;Nr

2~L 62 SOLsa and P �!h

pn N1 and Q �!hpn N2 :

Therefore we choose N � N1kN2.

Case (kapp) : then M � (PkQ)R �!hsa PRkQR �M 0. Hence we take N �M 0.

Case (�) : then M � (�x:P )Q �!hsa P [Q=x]�M 0. Clearly the choice N � M 0 works.

Case (�) : then M � �x:P �!hsa �x:P

0 �M 0 with P �!hsa P 0.

If the vector ~L is empty, then the thesis follows from the induction hypothesis. Otherwise

consider the non empty vector L0~L:

(�x:P 0r)L0~L 62 SOLsa ) P 0r[L0=x]~L 62 SOLsa by 7(i)

) 9N 0: N 0r[L0=x]~L 62 SOLsa and P �!hpn N 0 by induction.

Then �x:P �!hpn �x:N 0 and we take N � �x:N 0.

Case (�sa) : then M � PQ �!hsa P 0Q � M 0 with P �!h

sa P 0 and P 62 Abst [ Par [ Sum. From

the induction hypothesis

P 0rQr~L 62 SOLsa ) 9N 0: N 0rQr~L 62 SOLsa and P �!hpn N 0 :

Then PQ �!hpn N 0Q by (�pn) since in particular P 62 Abst[Par. Therefore we take N � N 0Q.

2

We are now ready to prove that �!hpn and �!h

sa determine the same set of solvable terms.

To prove this, we will apply the previous Lemmas, using the identical substitution and the empty

vector of terms.

Theorem13. SOLsa = SOLpn:

Proof. First we show that SOLsa � SOLpn. Toward a contradiction suppose that M 2 SOLsa

but M 62 SOLpn. If M 2 SOLsa, then there exists n such that M 2 SOLnsa. The hypothesis that

M 62 SOLpn implies that there is a set fMigi2! such that M0 � M and, for all i, Mi �!hpn Mi+1.

By Lemma 11 there is a k such that Mk 2 SOL0sa, i.e. Mk is in normal form wrt �!h

sa. This is

because the only case in which the n of SOLnsa does not decrease is when in the �!hpn reduction

rule (+c) is used. But the number of consecutive steps of this kind is bounded by the number of

the occurrences of + in the term to be reduced.

It is easy to see that, if Mk can be further reduced under �!hpn, then only steps involving the use

of (+c) are possible, which again are bounded by the number of +'s in Mk. So any sequence of

�!hpn reductions out of M has to be �nite: a contradiction.

To show that SOLpn � SOLsa assume, toward a contradiction, that M 2 SOLpn and M 62

SOLsa. Then there exists M1 such that M �!hsa M1 and M1 62 SOLsa. By Lemma 12 this implies

that there exists N such that M �!hpn N and still N 62 SOLsa. Iterating the same reasoning, we

build an in�nite �!hpn reduction out of M , so that M 62 SOLpn: a contradiction. 2


Since our aim is that of developing an unfolding semantics for our calculus, we are interested

essentially in the set of solvable terms. So Theorem 13 gives us the possibility of choosing freely

between the reduction relations �!pn and �!sa. For technical reasons we will concentrate in the

following on �!sa. Consequently we will write simply �! for it, and SOL for the set of solvable

terms.

3 Operational Semantics

In the previous section the semantics of our calculi has been described by means of reduction

relations. Here we develop a theory to compare terms with respect to their functional behaviours.

We do this in two di�erent ways. The �rst one is by means of contexts. The second one is more

re�ned and compares terms by means of their \approximants", where the set of approximants of

a term can be viewed as a generalization to our calculus of the notion of B�ohm tree.

3.1 Contextual Semantics

Following the standard approach for de�ning equational theories from convergency predicates (orig-

inated with Morris' thesis [33]; see also [12] 16.5.5), we state:

De�nition14. For any M;N 2 �+k we de�ne:

M vO N , 8C[ ]: C[M ] 2 SOL) C[N ] 2 SOL:

Accordingly,

M 'O N ,M vO N vO M:

Clearly, the relation vO is a precongruence. The set SOL, when restricted to pure �-terms, is

the set of terms having a head normal form, that is those terms which are solvable in the classical

sense. Hence the restriction of 'O to pure �-terms is the �-theory of D1 by a well known result

of Wadsworth [45].

Proposition15. The following (in)-equations hold:

(i) (�x:M )N 'O M [N=x]; (vii) �x:(MkN ) 'O �x:Mk�x:N ;

(ii) (M + N )L 'O ML+ NL; (viii) M + N vO M;N ;

(iii) L(M +N ) vO LM + LN ; (ix) L vO M;N ) L vO M + N ;

(iv) (MkN )L 'O MLkNL; (x) M;N vO MkN ;

(v) LMkLN vO L(MkN ); (xi) M;N vO L)MkN vO L.

(vi) �x:(M +N ) 'O �x:M + �x:N ;

where the inequalities (iii) and (v) are in general proper.

Proof. We consider only the interesting cases.

To prove that the inequality (iii) is proper, let � � �x:xx,M � �x:x(�yzv:v)� and N � �x:�.

�M and �N both �-reduce to � and therefore �M+�N is solvable. Instead, �(M +N ) reduces

to �+��+�+�, which is unsolvable.

To prove that the inequality (v) is proper, let � be as above, I � �x:x, K � �xy:x, T �

�x:x�I� and R � �x:x�� . (T + R)(IkK) is solvable since it reduces to (�k��) + (��k�).

Instead, (T +R)Ik(T + R)K reduces to (�+��)k(��+�) and therefore it is unsolvable.


(ix). First, we prove the idempotence of +. P + P vO P follows immediately from (viii).

P vO P + P follows from (iii) choosing L � KP . Now, given an arbitrary context C[ ], let

C0[ ] � C[[ ] + L] and C 00[ ] � C[M + [ ]]. If L vO M;N , then

C[L] 2 SOL) C[L+ L] � C0[L] 2 SOL) C0[M ] � C00[L] 2 SOL

) C00[N ] � C[M +N ] 2 SOL:

(xi). Similarly, we prove the idempotence of k using (x) and (v). Now, given an arbitrary context

C[ ], let C0[ ] � C[[ ]kN ] and C00[ ] � C[Lk[ ]]. If M;N vO L, then

C[MkN ] � C0[M ] 2 SOL) C0[L] � C00[N ] 2 SOL) C00[L] � C[LkL] 2 SOL

) C[L] 2 SOL:2

3.2 Capabilities Semantics

'O is an extensional theory by de�nition, and in fact �x:(M + N ) 'O �x:M + �x:N holds.

However, if + is interpreted as an operation to form \sets" of values and �x is the standard

functional abstraction, then this equality identi�es any set of functions with a single multivalued

function (see [30, 29]). This is not very natural if one considers that L(M +N ) 6'O LM +LN . This

problem becomes more evident when modeling the calculus by means of type assignment systems,

as we shall do in the forthcoming sections.

For these reasons we introduce a �ner, non extensional semantics which is still based on the

notion of head normal form and solvability, but uses ideas underlining B�ohm trees. More precisely,

we �rst show the shape of head normal forms in the present setting. Then we associate to each

term the set of head normal forms (the capabilities) which can be obtained out of it using a more

liberal reduction relation (�!a, see De�nition 19). Lastly we de�ne a notion of approximation

patterned after [45] and we compare terms via the approximate normal forms of their capabilities.

It is easy to verify that the terms irreducible according to �!h (i.e. the head normal forms)

satisfy the conditions of the following proposition.

Proposition16. The set H of head normal forms is the least one such that:

(a) M1; : : : ;Mn 2 �+k; x 2 V ar ) xM1 : : :Mn 2 H (n � 0);

(b) H 2 H; x 2 V ar ) �x:H 2 H;

(c) H1;H2 2 H ) H1 +H2 2 H;

(d) H 2 H;M 2 �+k ) HkM;MkH 2 H.

De�nition17. The set H(M ) of head normal forms of M is de�ned by:

H(M ) = fH 2 H j M �!h� Hg:

For example, let us consider the terms F0 and G0, where

F � �(�fx:(x + f(Succ x))); G � �(�fx:(xkf(Succ x)));

� � (�zx:x(zzx))(�zx:x(zzx)) is the Turing �xed point combinator, 0 and Succ are the zero and

successor of Church numerals respectively. Let n be the Church numeral for the natural number

n, then it is easy to check that for any n

F0 �!h� 0+ 1+ : : :+ n + F (Succ n)


which is never in H. So H(F0) = ;.

On the other hand H(G0) = f0kG(Succ 0)g. However, if we consider its reducts with respect to

�!, then we see that for any n, putting G0 � (�fx:(xkf(Succ x))), we have:

G0 �!� G0G0

� � �

�!� G0(� � � (G0| {z }n+1

G) � � �)0

�!� 0kG0(� � � (G0| {z }n

G) � � �)1

giving rise to an in�nite set of (distinct) head normal forms, none of which even reduces to a head

normal form of the shape

0k1k : : :knkG(Succ n);

because of the synchronous character of k. This is unfortunate, since the last term is a better

candidate for describing the behaviour of G0 when it is applied to an argument.

Being H the set of normal forms wrt �!h, by Corollary 9, it follows that

SOL = fM 2 �+k j H(M ) 6= ;g:

Observe that H 2 H(M +N ) implies H � H1 +H2 where H1 2 H(M ) and H2 2 H(N ), while

H 2 H(MkN ) implies H � L1kL2 where L1 2 H(M ) or L2 2 H(N ), only.

Remark 18. Since �!h � �!, it holds

SOL � fM 2 �+k j 9H 2 H: M �!� Hg:

Also the viceversa is true, because, by a standardization argument,M��! H implies that

9N: M��!

hN and N

��!

iH

where �!i is obtained out of �! by forbidding the �!h steps. In other words, only internal

redexes are reduced according to �!i. But we omit this quite long proof, since we do not need

this result.

Notice that, due to the lack of the Church-Rosser property, our language does not �t the conditions

of [21], therefore we cannot directly use their proof method.

As it is clear from Proposition 16, we have shifted to the head normal forms the distinction

between the conjunctive behaviour of + and the disjunctive nature of k. We capitalize on this

fact and we remedy the drawback outlined in the above example by abstracting away from the

synchronous reduction of k.

De�nition19.

(i) Let �!a be the least binary relation on �+k which is de�ned as �! adding the clause:

M �!a M0 )MkN �!a M

0kN and NkM �!a NkM0:

(ii) The set C(M ) of the capabilities of M is de�ned by:

C(M ) = fH j 9H 0 2 H(M ): H0 �!� a Hg:


As examples, consider the terms F0 and G0 and observe that C(F0) = ;, while

0k1k : : :knkG(Succ n) 2 C(G0) for all n � 0:

We now introduce the formal de�nition of approximate normal form. This will be useful for

comparing the capabilities of terms through their approximate normal forms (see De�nition 23).

De�nition20. Let �+k be the language obtained from �+k by adding the constant . The set

of approximate normal forms A � �+k is the least one such that:

(i) 2 A;

(ii) A1; : : : ; An 2 A ) xA1 : : :An 2 A (n � 0);

(iii) A 2 A ) �x:A 2 A;

(iv) A1; A2 2 A ) A1 +A2; A1kA2 2 A.

We de�ne a preorder relation on approximate normal forms which generalizes the classical one

taking into account the intended meanings of + and k. Moreover an �-redex is always less than its

contractum according to this preorder.

De�nition21. Over the set A de�ne � as the least preorder which makes A into a distributive

lattice with + as meet, k as join and as bottom, and such that:

(i) �x: � ;

(ii) A � A0 ) �x:A � �x:A0;

(iii) A1 � A01; : : : ; An � A0

n ) xA1 : : :An � xA01 : : :A

0n;

(iv) �x:(AkA0) � �x:Ak�x:A0;

(v) �y:xA1 : : :Any � xA1 : : :An, if y 62 FV (xA1 : : :An).

Let � be the equivalence relation induced by �.

As usual, we associate to each termM an approximate normal form �(M ) obtained by replacing

to all subterms which are not head normal forms.

De�nition22. Let �:�+k !A be the following map:

(i) �(�x1 : : :xn:xM1 : : :Mm) = �x1 : : :xn:x�(M1) : : : �(Mm);

(ii) �(�x1 : : :xn:H +H0) = �x1 : : :xn:�(H) + �(H0), if H;H0 2 H;

(iii)�(�x1 : : :xn:MkH) = �x1 : : : xn:�(M )k�(H)

�(�x1 : : :xn:HkM ) = �x1 : : : xn:�(H)k�(M )

)if H 2 H;

(iv) �(M ) = , if M 62 H.

Now we relate the capabilities of two terms by comparing their approximate normal forms in a

co�nal way.

De�nition23. For any M;N 2 �+k we de�ne:

M vA N , 8H 2 C(M ) 9H0 2 C(N ): �(H) � �(H0):

Accordingly,

M 'A N ,M vA N vA M:

The possibility of taking an element out of the set of capabilities allows us to choose any term

obtainable by reducing according to �!a. Notice that �!a is the more permissive among the


reduction relation we introduced. The fact of considering then the approximate normal form of

this term means (as usual) that we disregard redexes.

If one de�nes the set of approximants of a term as the downward closure of the set of approxi-

mate normal forms of its capabilities, one immediately obtains that the relation vA coincides with

the inclusion between sets of approximants.

De�nition24. Let M 2 �+k, then the set A(M ) of approximants of M is de�ned by:

A(M ) = fA 2 A j 9H 2 C(M ): A � �(H)g [ fg:

For example,

0k1k : : :knk 2 A(G0) for all n � 0:

The following properties of the sets of approximants follow immediately from previous de�ni-

tions.

Proposition25.

(i) A(M +N ) = A(M ) \A(N );

(ii) A(MkN ) = fHkH0 j H 2 A(M ) and H0 2 A(N )g;

(iii) M vA N ,A(M ) � A(N );

(iv) M��!

hN )A(N ) � A(M ).

Remark 26. 25 (iv) is weak. Indeed a stronger connection between the reduction relation and the

sets of approximate normal forms holds, i.e.:

M =a N )A(M ) = A(N ):

This will follow from the subject conversion of L (Theorem 49) and the full abstraction of the �lter

model (Theorem 83).

Now we can prove for our calculus a standard property of �-calculus: a term is solvable i� it

has an approximant di�erent from .

Proposition27.

(i) M 2 SOL () C(M ) 6= ;;

(ii) M 2 SOL () A(M ) 6= fg.

Proof. (i) follows from De�nitions 17, 19(ii) and Corollary 9.

(ii) is a consequence of (i) and of De�nition 24. 2

One would expect vA to be a re�nement of vO ; this is in fact true. A direct proof based on

an approximation theorem �a la Wadsworth [45] is possible, but we will obtain it for free from the

adequacy and full abstraction results of Section 6.

4 Simple Types and Semimodels

In this section we type the terms of our calculus by means of simple types and we de�ne a set

semimodel in the sense of [39].


4.1 The Type Assignment System B

Curry types are thought of as properties of terms. The properties in which we are mainly interested

concern solvability. This guides the choice of typing rules for + and k.

Indeed to assure that M +N normalizes with respect to �!h, we have to prove that both M and

N have the same property. Generalizing to arbitrary properties we type M +N with � if both M

and N can be typed with �. This is also the choice of [1].

Conversely, for MkN to be normalizable it su�ces that either M or N normalizes. Extending this

notion to arbitrary properties, it follows that one is entitled to type MkN with � as soon as M or

N (or both) can be typed with �. See [16] for further motivations.

Let the set Type of types be de�ned by

� ::= t j � ! �;

where t ranges over a denumerable collection of type variables. A statement is an expression of the

form M :�, where M is a �-term and � a type. A basis � is a set of statements such that subjects

are pairwise distinct variables. FV (� ) is the set of term variables in � .

De�nition28 (The System B). The axioms and rules of the basic assignment system B are the

following:

(Ax) �; x:� ` x:�

(! I)�; x:� ` M : �

� ` �x:M :�! �(! E)

� ` M :�! � � ` N :�

� ` MN : �

(+ I)� ` M :� � ` N :�

� ` M + N :�(k I)

� ` M :�

� ` MkN :�

� ` N :�

� ` MkN :�

If � ` M :� is provable in B, we write � `B M :�.

In this system, as in Curry's original one, there is a correspondence between the main construc-

tor of the subject of the conclusion in each rule and the rule itself; this does not hold for the type.

However, classical terms (i.e. those without occurrences of + and k) have just their simple types.

This property results in a simple theory of the type assignment system.

A routine induction on derivations in B shows:

Lemma29 (Structural Properties of Deductions in B).

(i) � `B x: � , x: � 2 � ;

(ii) � `B �x:M :�! � , �; x:� `B M : � ;

(iii) � `B MN : � , � `B M :� ! � and � `B N :� for some �;

(iv) � `B M +N :� , � `B M :� and � `B N :�;

(v) � `B MkN :� , � `B M :� or � `B N :�.

Using this lemma it is easy to prove the following corollary by induction on the de�nition of �!a.

We consider this reduction, since it includes �! (which includes �!h).

Corollary30 (Subject Reduction of B). � `B M :� and M �!� a N ) � `B N :�:

As an immediate consequence of 30, we have the subject reduction property of B for �!� .


Remark 31. As stated in [19], also �!� pn enjoys the subject reduction property.

4.2 The Set Semimodel

For the classical �-calculus, a �lter model construction with simple types, even considering as a

\�lter" any set of types, does not yield a �-model (see e.g. [25]). Indeed the best one can obtain

is a semimodel in the sense of [39]. I.e. a model in which interreducible terms are equal, but in

general convertible terms are not (M;N are interreducible i� M��! N and N

��!M ). Adapting

Plotkin's de�nition to the present context (see also [1]) we introduce the following notion:

De�nition32. A semimodel is a structure

P = hP;v; �;u;t; [[�]]Pi

where hP;vi is a poset, and �;u;t are binary monotonic operations that satisfy the following

requirements:

d u e v d; du e v e; d v d t e; e v dt e

and (d t d0) � e v (d � e) t (d0 � e):

Finally [[�]]P:�+k � Env ! P , where Env = f� j �:TermVar! Pg, is such that:

(a) [[M +N ]]P� = [[M ]]P� u [[N ]]P� ;

(b) [[MkN ]]P� = [[M ]]P� t [[N ]]P� ;

(c) [[x]]P� = �(x);

(d) [[MN ]]P� = [[M ]]P� � [[N ]]P� ;

(e) 8d 2 P: [[�x:M ]]P� � d v [[M ]]P�[d=x];

(f) 8x 2 FV(M ): �(x) = �0(x)) [[M ]]P� = [[M ]]P�0;

(g) (8d 2 P: [[M ]]P�[d=x] v [[N ]]P�[d=x])) [[�x:M ]]P� v [[�x:N ]]P� .

Semimodels interpret the reduction relation, as stated in the following proposition, which can

be proved by induction on the de�nition of �!a. In the case of (M + N )L �!a ML + NL this

follows from the monotonicity of the application which implies (d u d0) � e v (d � e) u (d0 � e).

Proposition33. M �!� a N ) 8�: [[M ]]P� v [[N ]]P� for all semimodels P.

Notice that Proposition 33 holds even if �!� a is replaced by �!� pn. In the case of the classical �-

calculus one has , (see [39]). Here, instead, completeness with respect to reduction does not hold:

e.g. we have, by de�nition, that 8� 2 Env: [[M ]]� v [[MkN ]]� but we do not have M �!� a MkN .

This does not seem to be unfortunate; indeed we are looking for a partial order (and its relative

equivalence) which is, in a sense, more abstract than reducibility.

As expected, the type assignment B induces a semimodel.

Proposition34. For a; b � Type, let a � b = f� 2 Type j 9� 2 b: �! � 2 ag and

[[M ]]B� = f� j � `B M :� for some � � fx:� j � 2 �(x)gg:

The structure

h}(Type);�; �;\;[; [[�]]Bi

is a semimodel (the set semimodel).


The interpretation of the parallel and non-deterministic constructors in the set semimodel can

also be easily stated using set theoretic operators. I.e., for all �:

[[M + N ]]B� = [[M ]]B� \ [[N ]]B� and [[MkN ]]B� = [[M ]]B� [ [[N ]]B� :

To interpret types over a given semimodel we use the simple semantics of types (see [23, 39]).

De�nition35. A type structure over P = hP;v; �;u;t; [[�]]Pi is a pair hT ;)i where:

(i) T � fX 2 }(P ) j X is not empty, upper closed and d; e 2 X imply d u e 2 Xg;

(ii)) is a binary function over T such that

(a) X ) Y � fd 2 P j 8e 2 X: d � e 2 Y g,

(b) d 2 X and [[M ]]P�[d=x] 2 Y imply [[�x:M ]]P� 2 X ) Y ,

for all X;Y 2 T .

De�nition36.

(i) A type environment is a map � from type variables to T .

(ii) [[�]]T� 2 T is de�ned by

[[t]]T� = �(t) and [[�! � ]]T� = [[�]]T� ) [[� ]]T� :

(iii) A basis � satis�es � and � i�, for all x: � 2 � , �(x) 2 [[� ]]T� .

(iv) � j= M :� , 8P; hT ;)i over P; �; �: � satis�es �; �) [[M ]]P� 2 [[�]]T� :

Theorem37 (Completeness of B). � `B M :� , � j=M :�.

Proof. This proof essentially adapts Plotkin's completeness proof in [39].

()) Simple induction on the derivation of � ` M :�. If the last applied rule is (! I), the thesis

follows from 35(ii) (b). For rule (+ I) use 35(i).

(() Using the set semimodel. If we de�ne:

�� = fa � Type j � 2 ag; T = f��g�2Type; and �� ) �� = ��!� ;

then the pair hT ;)i is a type structure for the set semimodel.

We take � and � such that �(x) = f� j x:� 2 �g for every term variable x and �(t) = �t for

every type variable t. Then we have [[�]]T� = �� for all � 2 Type and [[M ]]B� 2 [[�]]T� , which imply

� `B M :�. 2

The set semimodel allows to de�ne a preorder over terms which is a precongruence:

M vB N ,def 8�: [[M ]]B� � [[N ]]B� :

We list in the following proposition the main (in)-equations holding in the set semimodel se-

mantics.

Proposition38. Let 'B = vB \ wB, then:

(i) (�x:M )N vB M [N=x]; (vii) �x:(MkN ) 'B �x:Mk�x:N ;

(ii) (M + N )L vB ML+ NL; (viii) M + N vB M;N ;

(iii) L(M +N ) vB LM + LN ; (ix) L vB M;N ) L vB M + N ;

(iv) (MkN )L 'B MLkNL; (x) M;N vB MkN ;

(v) L(MkN ) 'B LMkLN ; (xi) M;N vB L)MkN vB L,

(vi) �x:(M +N ) 'B �x:M + �x:N ;

where the inequalities (i), (ii) and (iii) are in general proper.


Proof. By the Completeness of B (Theorem 37) we have

M vB N , 8�; �: � `B M :� ) � `B N :�:

The positive statements are straightforward consequences of the structural properties of deductions

(Lemma 29). To prove that the inequality (i) is proper observe that (i) essentially claims that the

set semimodel is not a �-model. To see (ii), let

� = fx:�1 ! �; y:�2 ! �; z:�1; v:�2g

where �1 6� �2. Then � `B x(zkv) + y(zkv): � , but � 6`B (x + y)(zkv): � since x + y has no type.

Similarly, for (iii), we have that � `B (xky)z + (xky)v: � , but � 6`B (xky)(z + v): � since z + v has

no type. 2

Comparing the properties of vB with those of vO (Proposition 15) and of vA (Proposition

60) it turns out that the set semimodel does not agree neither with the operational semantics �a la

Morris nor with the inclusion of sets of approximants. This failure suggests us to look at a more

expressive type assignment system.

5 Intersection, Union Types and �-lattices

In this section we extend the notion of �lter model introduced in [13] to our calculus, the aim being

this time to interpret the terms of �+k in such a way that the usual �-calculus equations hold and

which �ts better the operational behaviour of + and k.

5.1 The Set of Types and its Preorder

Let us rede�ne the syntax of types as follows:

� ::= t j ! j � ! � j � ^ � j � _ �;

and call again Type the resulting set. In writing types, we assume that ^ and _ take precedence

over !.

It is clear that to build a �lter model a critical choice is that of the preorder between types,

since this preorder will appear in a subtyping rule.

De�nition39.

(i) Let � be the smallest preorder over types s.t. hType;�i is a distributive lattice, in which ^

is the meet, _ is the join and ! is the top, and moreover the arrow satis�es:

(a) ! � ! ! !;

(b) (� ! �) ^ (� ! � ) � � ! � ^ � ;

(c) �0 � �; � � � 0 ) � ! � � �0 ! � 0.

(ii) Let � = � mean � � � � �.

The subtype relation � can be presented axiomatically by adding the inequalities (a)-(c) to

any standard axiomatization of distributive lattices. For proof purpose we assume that such a

presentation has been �xed.

We need some properties of the � relation, whose proof requires a strati�cation of Type.


De�nition40 (Strati�cation of Type). Let us de�ne three subsets T0; T1; T2 ofType recursively:

- t 2 T0;

- ! 2 T2;

- � 2 T2; � 2 T1 ) � ! � 2 T0;

- n � 1; �1; : : : ; �n 2 T0 ) �1 _ : : :_ �n 2 T1;

- n � 1; �1; : : : ; �n 2 T1 ) �1 ^ : : :^ �n 2 T2:

Remark 41. Notice that the set T2, when restricted to types without _ occurrences, coincides

with the set of normal type schemes of [24] and the set of strict types of [8]. Normal type schemes

in [24] were introduced to prove the properties stated in Lemma 45 (for types without _). Strict

types, instead, have been introduced with a di�erent preorder to obtain a syntax directed type

assignment system in [8, 10].

Taking n = 1 in the clauses above, one sees that T0 � T1 � T2, and such inclusions are clearly

proper.

Over each of these sets we introduce a preorder.

De�nition42. �i � Ti � Ti is the least preorder such that:

(�0) � �0 � , � � � or (� � �0 ! �00 and � � � 0 ! � 00 and � 0 �2 �0 and �00 �1 � 00);

(�1) �1 _ : : :_ �n �1 �1 _ : : :_ �m , 8i � n 9 j � m: �i �0 �j;

(�2) � �2 � , � � ! or (� � �1 ^ : : :^ �n, � � �1 ^ : : :^ �m and 8j � m 9i � n: �i �1 �j).

For each type in Type we can �nd an equivalent type in T2; this means that we can limit ourself

to consider types in T2, provided that there is a map ( )� associating to each type in Type a

standard form in T2.

Notation. In writing �� Vi2I �i we assume that �i 2 T1 for all i 2 I.

De�nition43. The map ( )�:Type! T2 is de�ned by:

t� � t; !� � !

(� ! � )� �

(Vi2I(�

� ! �i) if �� Vi2I �i and �� 6� !

! otherwise

(� _ � )� �

(Vi2I

Vj2J (�i _ �j) if �

� �Vi2I �i, �

� 6� ! and �� Vj2J �j , �

� 6� !

! otherwise

(� ^ � )� �

8><>:�� if �� !

�� if �� !

�� ^ �� otherwise.

Proposition44. For all �; � 2 Type:

(i) � = ��;

(ii) �; � 2 Ti; � �i � ) � � � for i = 0; 1; 2;

(iii) � � � ) �� 2 ��.

Proof. (i) By induction on the de�nition of the map ( )�.

(ii) By induction on the de�nition of �i.


(iii) By (i) it su�ces to show that �� implies �� 2 ��. This is done by induction on the

formal derivation of �� . 2

Lemma45.

(i) �^� � �! � and � 6= ! and � 6= !) 9�1; �2: � = �1^ �2 and � � � ! �1 and � � � ! �2;

(ii)V

i2I(�i ! �i) � �! � and � 6= ! ) 9J � I: � �V

j2J �j andV

j2J �j � � .

Proof. (i) : let

(� ^ �)� =î2I

�i ^^j2J

�j and (� ! � )� =^k2K

(�� ! �k);

supposing �� =V

i2I �i; �� =

Vj2J �j and �� =

Vk2K �k. Using 44(i), (ii), (iii) and the

de�nition of �2, we have that

8k: (9i: �i �1 �� ! �k) or (9j: �i �1 �� ! �k):

Therefore we can choose �1 as the intersection of the �k which satisfy the �rst inequality and

�2 as the intersection of the remaining �k. If one of these intersections is empty, we choose !

for the corresponding �i (i = 1; 2).

(ii) : let ��i =V

l2L �i;l (where L depends on i) and �� =V

k2K �k. Then, by 44 (iii) and De�nition

43, î2I

(�i ! �i) � � ! � )î2I

^l2L

(��i ! �i;l) �2

^k2K

(�� ! �k):

It follows that

8k 9i; l: ��i ! �i;l �1 �� ! �k;

which in this case is equivalent to

8k 9i; l: ��i ! �i;l �0 �� ! �k;

and hence

8k 9i; l: �� 2 ��i and �i;l �1 �k:

So we conclude

8k 9i: � � �i and^l2L

�i;l �2 �k:

Taking J as the set of i's which satisfy these inequalities for some k 2 K, we are done. 2

5.2 The Type Assignment System L

We introduce now a type assignment system for our extended language of types. We add a rule

(!) which takes into account the universal character of !, and two standard rules of introduction

of ^ and _. Moreover we use the preorder on types de�ned in previous section in a subtyping rule.

Notice that a rule of ^ elimination is derivable, while a rule of _ elimination would be unsound

(see Remark 47(ii)).

De�nition46. The system L is obtained by adding to the basic system B the following axiom

and rules:


(!) � ` M :! (^ I)� ` M :� � `M : �

� ` M :� ^ �

(_I)� `M :�

� `M :� _ �

� ` M : �

� `M :� _ �(�)

� ` M :� � � �

� `M : �

If � ` M :� is provable in the system L we write � `L M :�.

Notation. In the following we shall sometimes refer to the stronger basis which can be formed

out of two given bases. This is done by taking the intersection of the types which are predicates of

the same variable:� ] � 0 = fx:� ^ � j x:� 2 � and x: � 2 � 0g

[ fx:� j x:� 2 � and x 62 FV (� 0)g

[ fx: � j x: � 2 � 0 and x 62 FV (� )g:

Accordingly we de�ne:

� �+ � 0 , 9� 00: � ] � 00 = � 0:

Remark 47. (i) Of course rule (_I) is derivable. The following rules are admissible:

� ` M :� � ` N : �

� ` M + N :� _ �

� `M :� � ` N : �

� ` MkN :� ^ �

� `M :� ^ �

� ` M :�

� ` M :� ^ �

� `M : �

�; x:� `M : � �0 � �

�; x:�0 ` M : �:

(ii) A natural rule of _ elimination in the present setting would be:

(_E)�; x:� `M :� �; x:� `M :� � ` N :� _ �

� ` M [N=x]:�.

This is a rule of the system proposed in [11], where only pure �-terms are considered. In

presence of + and of the corresponding typing rule, however, rule (_E) causes the loss of the

subject reduction property (established below in Theorem 49).

Moreover with (_E) we would lose also the property (proved in Corollary 69) that unsolvable

terms have only types equivalent to !.

We give an example showing both failures. Let I;K;� be as in the proof of Proposition 15,

and O � �xy:y, then we have:

x: (� ! ! ! �) ^ � `L xxKI(��):�;

x:! ! � ! � `L xxKI(��):�;

and `L K +O: ((� ! ! ! �)^ �) _ (! ! � ! �);

where � � t! t; � � �! ! ! �:

This can be easily checked considering that

`L I:�; `L K: (� ! ! ! �)^ � and `L O:! ! � ! �:

Therefore using (_E) we could derive:

M � (K +O)(K +O)KI(��):�:

But M reduces to I+��+I+I and therefore it is unsolvable. We lose subject reduction, since

only type ! can be deduced for ��, and hence for I+��+ I+ I. Moreover M is unsolvable

but it has type � 6� !.


(iii) Notice that

� _ � ! � � (� ! �) ^ (� ! �);

but the converse does not hold. The equality is derivable in the system proposed in [11]. In the

present system, by postulating

(� ! �) ^ (� ! �) � � _ � ! �

we would have the same problems we discussed in (ii) with rule (_E). In fact the following

derivation would be possible:

�; x:� `M :�

� ` �x:M :�! �(! I)

�; x:� `M :�

� ` �x:M : � ! �(! I)

� ` �x:M : (� ! �) ^ (� ! �)(^I)

� ` �x:M :� _ � ! �(�)

� ` N :� _ �

� ` (�x:M )N :�(! E)

If we compare this derivation with the (_E) rule we see that from the same premises we obtain

the same type for a �-expansion of the subject.

(iv) In a �-calculus enriched with constants (and with the corresponding constant types) in the

standard way, the typing rules for + and k give a sort of abstract interpretation [26, 18]. As

an example we would have that 1+true has type integer_ boolean and 1ktrue has both types

integer and boolean.

For the present type assignment system the proof of structural properties is a bit more involved

than in case of system B. If x : � 2 � , then we de�ne � (x) =Df � .

Lemma48 (Structural Properties of Deductions in L ).

(i) If � 6= !, then � `L x: � , � (x) � � ;

(ii) � `L �x:M : � ,

9�1; : : : ; �n; �1; : : : ; �n: � `L �x:M :Vni=1(�i ! �i) and

Vni=1(�i ! �i) � � ;

(iii) � `L �x:M :� ! � , �; x:� `L M : � ;

(iv) � `L MN : � , 9�: � `L M :�! � and � `L N :�;

(v) � `L M + N :� , � `L M :� and � `L N :�;

(vi) � `L MkN : � , 9�; �0: � ^ �0 � � and � `L M :� and � `L N :�0.

Proof. (i) and (iv): it is easy to extend to union types the proof given in [13].

In (ii), (iii) (v) and (vi), ( is immediate. We show ).

(ii) If � = ! we can take n = 1, �1 = �1 = !, since � ` �x:M :! ! ! is provable in L. Otherwise

choose a derivation of � ` �x:M : � . Being � 6= ! rule (! I) has been used. Let

� ` �x:M :�1 ! �1; : : : ; � ` �x:M :�n ! �n

be the conclusions of all (! I) rules having �x:M as subject in this derivation. Now �x:M is

the same subject of the conclusion of the derivation itself; hence below such rules only (�) and

(^ I) rules are possible. This implies that

(�1 ! �1) ^ � � � ^ (�n ! �n) � �:


(iii) Assume � 6= !. Let �1; : : : ; �n; �1; : : : ; �n be as in the proof of (ii). Then by (ii) itself:

(�1 ! �1) ^ � � � ^ (�n ! �n) � � ! �

so that, by Lemma 45 (ii),

9J � f1; � � � ; ng: � �^j2J

�j and^j2J

�j � �:

On the other hand the premises of the (! I) rules are of the shape �; x:�i ` M :�i and have

been derived for 1 � i � n. Hence �; x:� `L M : � .

(v) Let a deduction of � ` M +N :� be given and let

� ` M +N :�1; : : : ; � ` M + N :�n

be all the statements in this deduction on which � ` M +N :� depends and which are conclu-

sions of rule (+I). Then

�1 ^ � � � ^ �n � � and � `L M :�i; � `L N :�i;

for 1 � i � n. So we can derive � ` M :� and � ` N :� using (^ I) and (�).

(vi) Finally, given a deduction of � ` MkN : � , let

� ` MkN :�1; : : : ; � ` MkN :�n

be all the statements in this deduction on which � ` MkN :� depends and which are conclusions

of rule (kI). Then

�1 ^ � � � ^ �n � � and 8 i � n: (� `L M :�i or � `L N :�i):

We assume, without loss of generality, that, for some h, � `L M :�i for 1 � i � h and

� `L N :�j for h + 1 � j � n. It follows that, by rule (^ I), � ` M :� and � ` N :�0 are

provable, where � � �1 ^ : : :^ �h, �0 � �h+1 ^ : : :^ �n and � ^ �0 � � . 2

The invariance of types under subject conversion with respect to =a is now an easy consequence

of the previous Lemmas. We consider =a, since it includes =.

Theorem49 (Subject Conversion of L).

� `L M :� and M =a N ) � `L N :�:

Proof. It su�cies to prove the thesis when M =a N is replaced by M �!� a N (subject reduction)

and by N �!� a M (subject expansion). We show this by induction on the de�nition of �!a.

The most interesting case is (PkQ)L �!a PLkQL. Let � `L (PkQ)L: � ; then we have, by

Lemma 48(iv), that � `L L:� and � `L PkQ:� ! � for some �. This implies, by Lemma 48(vi),

that there exist �; � such that

� `L P :�; � `L Q:� and � ^ � � � ! �:

Assuming � 6= ! and � 6= ! we have, by Lemma 45(i),

9 �1; �2: � = �1 ^ �2 and � � � ! �1 and � � � ! �2:

It follows that � `L P :� ! �1 and � `L Q:� ! �2, so we conclude � `L PLkQL: � .

The case in which � = ! or � = ! is similar and simpler.


Viceversa, let � `L PLkQL: � . By Lemma 48(vi) there are �; � such that

� `L PL:�; � `L QL: � and � ^ � � �:

This implies by Lemma 48(iv) that there are �1; �2 such that

� `L P :�1 ! �; � `L L:�1 and � `L Q:�2 ! �; � `L L:�2:

Therefore, by rules (k I), (^ I), and (�)

� `L PkQ:�1 ^ �2 ! � ^ � and � `L L:�1 ^ �2;

so that � `L (PkQ)L: � . 2

Remark 50. As an immediate consequence of Theorem 49, we have the subject conversion of L

also for the relation =. Instead, as stated in [19], only subject reduction of L holds for the reduction

�!pn. This is clear looking at rule (+c), because this rule properly increases the set of types of

the subject.

5.3 The �-lattices

As the set semimodel suggests, when interpreting our calculus we naturally get lattices. We make

precise now what is a model of this calculus. We do this by incorporating the notion of lattice into

that of �-model of [25].

De�nition51. A �-lattice is a structure D = hD;v; �;u;t; [[�]]Di where:

(i) hD;v;u;ti is a lattice;

(ii) � : D �D ! D is monotonic;

(iii) 8d; d0; e 2 D: (d t d0) � e v (d � e) t (d0 � e) and (d � e) u (d0 � e) v (d u d0) � e;

(iv) [[�]]D : Env � �+k ! D, where Env = f� j �:TermVar! Dg, is such that:

(a) [[M + N ]]D� = [[M ]]D� u [[N ]]D� ;

(b) [[MkN ]]D� = [[M ]]D� t [[N ]]D� ;

(c) [[x]]D� = �(x);

(d) [[MN ]]D� = [[M ]]D� � [[N ]]D� ;

(e) 8d 2 D: [[�x:M ]]D� � d = [[M ]]D�[d=x];

(f) 8x 2 FV(M ): �(x) = �0(x) ) [[M ]]D� = [[M ]]D�0;

(g) (8d 2 D: [[M ]]D�[d=x] = [[N ]]D�[d=x]) ) [[�x:M ]]D� = [[�x:N ]]D� .

Clauses (iv) from (c) to (g) de�ne syntactical �-models (see [25]). They have been written to state

explicitly that the map [[�]]D satis�es these clauses not just on the classical �-terms, but on the

whole set �+k.

It is interesting to relate semimodels and �-lattices considering the role of the order in the

structure. Indeed by Proposition 33 the meaning of a term in a semimodel increases along reduction.

In the case of �-lattices, instead, we have:

Proposition52. M =a N ) 8�: [[M ]]D� = [[N ]]D� for all �-lattices D.


Proof. By induction on the de�nition of �!a using the conditions of 51(iii). The proof is a straight-

forward variant of the analogous proof for classical �-calculus (see [25] or [12] 5.3.4). 2

Moreover it is not di�cult to show that we have:

M �!� pn N ) 8�: [[M ]]D� v [[N ]]D�

for all �-lattices D, where v can be proper. Indeed M +N �!� pn M and in general [[M +N ]]D� <

[[M ]]D� .

As immediate consequence of Proposition 15 we obtain a term model based on the contextual

semantics which is a �-lattice.

Proposition53. For M;N 2 �+k de�ne [M ] = fM 0 2 �+k jM 'O M 0g, [M ] � [N ] = [MN ],[M ]t

[N ] = [MkN ], [M ] u [N ] = [M + N ], and [M ] v [N ] i� M vO N . These de�nitions induce a

�-lattice, where [[M ]]� = [M [ ~N=~x]] when FV (M ) = ~x and �(~x) = [ ~N ].

The existence of the term model implies an adequacy result.

Corollary54. 8M;N 2 �+k. (8�-lattice D; 8�: [[M ]]D� v [[N ]]D� ))M vO N .

5.4 The Filter �-lattice

Given the usual notion of �lter, rules (!), (�) and (^ I) imply that, for any � and M , f� j � `L

M :�g is a �lter. A �lter model construction as in [13] can be carried out. If X is a subset of any

poset, then let "X be its upward closure.

Theorem55. Let F(Type) be the set of �lters over Type and de�ne, for f; f 0 2 F(Type):

f[f 0 = "f� ^ � j � 2 f; � 2 f 0g; f � f 0 = f� j 9� 2 f 0: � ! � 2 fg:

Then f[f 0; f � f 0 2 F(Type). Moreover the structure

hF(Type);�; �;\;[; [[�]]Li;

where

[[M ]]L� = f� j � `L M :� for some � � fx: � j � 2 �(x)gg;

is a �-lattice (the �lter �-lattice).

Proof. f[f 0 is the least �lter including f [ f 0, therefore it is the join wrt inclusion in the set of

�lters. Since �lters are closed under intersection, hF(Type);\;[i is a lattice, so that (i) of De�nition

51 is satis�ed.

It is easy to see that f � f 0 is a �lter too: hence \�" is well de�ned. Moreover \�" is clearly

monotonic in both its arguments. So that also (ii) of De�nition 51 holds.

Now we prove the �rst clause of (iii). By de�nition we know

� 2 (f0[f1) � f2 ) 9 � 2 f2: � ! � 2 f0[f1

) 9 � 2 f2; � 2 f0; � 2 f1: � ^ � � � ! �:

The more interesting case is � 6= ! and � 6= !. By 45(i) there are �1; �2 such that � = �1 ^ �2 and

� � � ! �1; � � � ! �2. Therefore by de�nition �1 2 f0 � f2 and �2 2 f1 � f2, so we can conclude


� 2 (f0 � f2)[(f0 � f1).

The proof of the other clause of (iii) is similar and simpler.

Lastly we prove (iv). Lemma 48(v) implies that

[[M + N ]]L� = [[M ]]L� \ [[N ]]L�

and Lemma 48(vi) implies that

[[MkN ]]L� = [[M ]]L�[[[N ]]L�

for all �. Hence clauses (a) and (b) follow.

The clauses from (c) to (g) follow easily from points (i); (ii); (iii) and (iv) of Lemma 48 as in the

case of classical �-calculus. 2

De�nition56. Let D = hD;v; �;u;t; [[�]]Di be a �-lattice. Then a type structure over D is a pair

hT ;)i such that T is a sublattice of the lattice of �lters over D, D 2 T , and) is a binary function

over T such that X ) Y = fd 2 D j 8e 2 X: d � e 2 Y g, for all X;Y 2 T . Moreover T is closed

under \, and [ de�ned by X[Y =" fd u d0 j d 2 X; d0 2 Y g, where we overload [.

The map [[�]]T , interpreting types over T , is de�ned as in De�nition 36(iii), adding three clauses:

(iii) [[!]]T� = D;

(iv) [[� ^ � ]]T� = [[�]]T� \ [[� ]]T� ;

(v) [[� _ � ]]T� = [[�]]T� [[[� ]]T� .

In the �lter �-lattice de�ned in Theorem 55, the interpretation of a type turns out to be a �lter

of �lters of types. Since the lattice of types is distributive, the lattice of �lters forming the �lter

�-lattice is distributive too, hence the upward closure in clause (v) above is redundant in this case.

The following proposition is proved by routine calculations.

Proposition57. Let �� = ff 2 F(Type) j � 2 fg. Then hf�� j � 2 Typeg;)i is a type structure

over the �lter �-lattice. Moreover it satis�es the following equations:

(i) �! = F(Type); (iii) ��^� = �� \ �� ;

(ii) ��!� = �� ) �� ; (iv) ��_� = ��[�� = ff \ f 0 j f 2 �� ; f0 2 ��g.

As for system B, the immediate consequence of Theorem 55 and of Proposition 57 is complete-

ness. Rede�ning j= for �-lattices in the same way as it has been de�ned for semimodels in 35, this

is stated as follows.

Corollary58 (Completeness of L). � `L M :� , � j=M :�.

The �lter �-lattice naturally induces a preorder on terms.

De�nition59. M vL N ,def 8�: [[M ]]L� � [[N ]]L� :

We state some (in)-equations which show that vL discriminates terms which are equated by vO.

This implies that the �lter �-lattice is not fully abstract with respect to the contextual semantics.

Proposition60. The following (in)-equations hold:


(i) (�x:M )N 'L M [N=x]; (vii) �x:(MkN ) 'L �x:Mk�x:N ;

(ii) (M + N )L 'L ML+NL; (viii) M +N vL M;N ;

(iii) L(M +N ) vL LM + LN ; (ix) L vL M;N ) L vL M +N ;

(iv) (MkN )L 'L MLkNL; (x) M;N vL MkN ;

(v) LMkLN vL L(MkN ); (xi) M;N vL L)MkN vL L.

(vi) �x:(M +N ) vL �x:M + �x:N ;

where the inequalities (iii), (v) and (vi) are in general proper.

Proof. Points (i); (ii); (iv); (viii); (ix); (x) and (xi) hold by de�nition of �-lattice. For the other

points, the positive statements are easy consequences of Lemma 48.

The examples given in the proof of Proposition 15 show that the inequalities (iii) and (v) are

proper. Indeed we have that both �M +�N and (T + R)(IkK) have type � ^ (� ! � )! � . On

the contrary, ! is the only type which can be deduced for �(M +N ) and for (T +R)Ik(T +R)K.

To prove that the inequality (vi) is proper we have for example `L �x:x+�x:xx : (�! �)_(�^(� !

� )! � ), but this type cannot be deduced for �x:(x+ xx): 2

Notice that the �lter model turns out to be a (properly) semilinear applicative structure as

de�ned in [29, 30], because of 60(ii) and (iii). This was not true for the set semimodel. It is worth

to stress that, without the union type constructor, this cannot be achieved (see [1]). From this fact

and from Proposition 38 it is also clear that the theories induced by 'B and 'L are incomparable.

6 Approximation Theorem and Full Abstraction

In this section we prove the main results of the present paper, i.e.:

{ the �lter �-lattice is adequate with respect to the contextual semantics;

{ the �lter �-lattice is fully abstract with respect to the capabilities semantics.

A main tool in these proofs is the notion of approximant. The �rst result essentially follows from

the Approximation Theorem for the �lter �-lattice. For the second result we introduce a one-to-

one correspondence between approximate normal forms (considered modulo �) and suitable pairs

< basis, type > (where types are considered modulo =). This correspondence essentially shows

that the discrimination power of approximants and types is the same.

6.1 The Approximation Theorem and The Adequacy for theContextual Semantics

In this section we prove that the set of types which can be deduced for any term coincides with

the union of the sets of types deducible for its approximants. Since in the �lter �-lattice these sets

are thought of as the \meanings" of terms, this shows that the meaning of any term is the join of

the meanings of its approximants.

Let us call L the type system resulting from L when subjects are from �+k. Since no explicit

typing rule is added for the constant , if � `L :�, then � = !. Viceversa, a straightforward

induction shows that, if A is an approximate normal form and A 6� , then there are a basis �

and a type � 6= !, such that � `L A:�. All the properties of the system L proved in previous

section extends easily to L. So we will freely use them in the following proofs.


The Approximation Theorem is proved by means of a variant of Tait's \computability" tech-

nique. We de�ne sets of \approximable" and \computable" terms (De�nition 61). The computable

terms are de�ned by induction on types, and every computable term is shown to be approximable

(Lemma 64(ii)). Using induction on typings, we show that every term is computable for the ap-

propriate type (Lemma 67).

De�nition61. We de�ne two predicates App(�; �;M ) and Comp(�; �;M ) as follows:

(i) App(�; �;M ) , 9A 2 A(M ): � `L A:�;

(ii) (a) Comp(�; !;M ) is always true;

(b) Comp(�; t;M ) , App(�; t;M );

(c) Comp(�; �! �;M ) , 8� 0; N:Comp(� 0; �;N )) Comp(� ] � 0; �;MN );

(d) Comp(�; � ^ �;M ) , Comp(�; �;M ) and Comp(�; �;M );

(e) Comp(�; � _ �;M ) , App(�; � _ �;M ).

We can easily prove that Comp agrees with some head reductions. More precisely we have:

Lemma62. Let M be a redex and N its immediate contractum. Then, for any �; �,

Comp(�; �;N~L) ) Comp(�; �;M~L)

where ~L is any vector of terms.

Proof. The proof is by induction on �.

If � � t or � � �1 _ �2 the thesis follows immediately from 25(iv) since the hypothesis on M and

N implies M~L��!

hN~L, so that A(N~L) � A(M~L).

If � � �1 ^ �2 the thesis follows by induction.

If � � �1 ! �2, let P be such that Comp(� 0; �1; P ) so that by de�nition Comp(� ] � 0; �2; N~LP ).

This implies by induction Comp(� ] � 0; �2;M~LP ), so we can conclude Comp(�; �;M~L), by the

arbitrariness of the term P . 2

Really Comp is invariant under =a, but we do not prove this, since we would need M =a N )

A(M ) = A(N ) (see Remark 26).

We show some properties of types which are deducible for approximate normal forms.

Lemma63. Let A;A0 2 A.

(i) � `L A:� and A � A0 ) � `L A0:�.

(ii) Let z 62 FV (M ) and suppose that z does not occur in the basis � .

If A 2 A(Mz), then

�; z:� `L A: � ) 9 bA 2 A(M ): � `L bA:�! �:

Proof. (i) By induction on �. The more interesting case is A � �y:xA1 : : :Any and A0 �

xA1 : : :An, where y 62 FV (xA1 : : :An). By 48(ii) � `L A:� implies � `L A:Vmi=1(�i ! �i),

for some �1; : : : ; �m; �1; : : : ; �m such thatVmi=1(�i ! �i) � �. From � `L A:�i ! �i by 48(iii)

we have �; y:�i `L xA1 : : :Any:�i. Therefore by 48(iv) and 48(i) �; y:�i `L xA1 : : :An:�i !

�i hold for 1 � i � m. Since y 62 FV (xA1 : : :An), we can prove using (^ I) and (�) that

� `L A0:�.


(ii) A(M ) is the downward closure of

A0(M ) = f�(H) j H 2 C(M )g

with respect to �. It follows that, by (i), it su�ces to show the thesis when A 2 A0(Mz).

If A 2 A0(Mz) then, for some H;H0,

A � �(H0) and Mz��!

hH �!� a H

0:

The proof is by induction on the length k of the reduction��!

h. If k = 0 then Mz �

H � xM1 : : :Mnz. Hence H0 � xM 01 : : :M

0nz where M 0

i �!�

a Mi for i � n. Therefore A �

x�(M 01) : : :�(M

0n)z, so that we take bA � x�(M 0

1) : : :�(M0n) 2 A

0(M ). We have � `L bA:� ! �

using 48(i) and (iv).

If k > 0 , then

Mz��!

hM 0z �!h L

��!

hH �!� a H

0

where M��!

hM 0 and M 0, L have one of the following shapes:

(a) M 0 � �x:P and L � P [z=x];

(b) M 0 � P + Q and L � Pz + Qz;

(c) M 0 � PkQ and L � PzkQz:

Case (a). Then A 2 A0(P [z=x]), which implies �z:A 2 A0(�z:P [z=x]). Now �z:P [z=x] � �x:P

since by hypothesis z 62 FV (P ). From�; z:� `L A: � we derive by (! I) � `L �z:A:� !

� . So we can choose bA � �z:A, since A0(�x:P ) � A0(M ) by 25(iv).

Case (b). In this case H � H1 + H2, H0 � H0

1 + H02, and Pz

��!

hH1 �!

�a H0

1, Qz��!

h

H2 �!�

a H02. Moreover

A � �(H 01) + �(H0

2);

where �(H01) 2 A0(Pz) and �(H0

2) 2 A0(Qz). Now �; z:� `L A: � implies, by Lemma

48(v), �; z:� `L �(H 0i): � for i = 1; 2. Notice that the length of the reductions Pz

��!

h

H1; Qz��!

hH2 is lower than k. Then by induction there are A1 2 A0(P ) and A2 2 A0(Q)

such that � `L Ai:� ! � , for i = 1; 2 hence

� `L A1 + A2:�! �:

Therefore we can choose bA � A1 +A2; in fact bA 2 A0(M ), since M��!

hP + Q.

Case (c). Similar to case (b), using Lemma 48(vi) and M��!

hPkQ. 2

We can now show that computability implies approximability.

Lemma64. For all � , �, ~L and M :

(i) App(�; �; x~L)) Comp(�; �; x~L);

(ii) Comp(�; �;M )) App(�; �;M ).

Proof. (i) and (ii) can be simultaneously proved by induction on �. We show (ii) in the case

� � �1 ! �2, only.

Let � 0 = �; z:�1 where z 62 FV (M ) and suppose Comp(�; �1 ! �2;M ); then

Comp(fz:�1g; �1; z) by (i)

) Comp(� 0; �2;Mz) by de�nition

) App(� 0; �2;Mz) by induction

) 9A 2 A(M ): � `L A:�1 ! �2 by Lemma 63(ii):2


The following two Lemmas state that computability agrees with the typing rules (�), (+ I)

and (k I).

Lemma65. For all � and � :

(i) � � � ) 8�;M: App(�; �;M )) App(�; �;M );

(ii) � � � ) 8�;M: Comp(�; �;M )) Comp(�; �;M ).

Proof. If A 2 A(M ) is such that � `L A:� then by rule (�) � `L A: � , hence (i).

(ii) is easily proved, using (i) and Lemma 64(ii), by induction on any standard axiomatic

presentation of �. In particular, for the basic case � � � _ � we have:

Comp(�; �;M ) ) App(�; �;M ) by Lemma 64(ii)

) App(�; � _ �;M ) by (i)

) Comp(�; � _ �;M ) by de�nition:

2

Lemma66. For all �; �; � and terms M;N :

(i) Comp(�; �;M ) and Comp(�; �;N )) Comp(�; � _ �;M + N );

(ii) Comp(�; �;M )) Comp(�; �;MkN ).

Proof. (i) By Lemma 64(ii), the hypothesis implies App(�; �;M ) and App(�; �;N ), that is, for

some A 2 A(M ) and A0 2 A(N ), � `L A:� and � `L A0: � . This implies, by rules (�) and

(+ I), that � `L A+A0:�_� . Since A+A0 2 A(M+N ), it follows that App(�; �_�;M+N ),

hence the thesis by de�nition.

(ii) By induction on �. If � has the shape t or �1_�2, then Comp(�; �;M ) implies (by de�nition)

App(�; �;M ), that is, for some A 2 A(M ), � `L A:�. Hence, by rule (k I), � `L Ak:�.

Since Ak 2 A(MkN ) for any N , we conclude that App(�; �;MkN ) holds. This implies the

thesis.

If � � �1 ^ �2, then the thesis is an immediate consequence of the induction hypothesis.

Finally, if � � �1 ! �2, let P be any term such that Comp(� 0; �1; P ), so that by de�nition

Comp(� ] � 0; �2;MP ). By induction,

Comp(� ] � 0; �2;MPkQ);

for any Q, hence for any N we can take Q � NP so that

Comp(� ] � 0; �2;MPkNP ):

Lemma 62 implies Comp(� ] � 0; �2; (MkN )P ), so we can conclude:

Comp(�; �1! �2;MkN ):

2

Lemma67. Let � = fx1:�1; : : : ; xn:�ng and � `L M : � .

Assume that, for each i � n, Comp(�i; �i; Ni); then, taking � 0 =Uni=1 �i,

Comp(� 0; �;M [N1=x1; : : : ; Nn=xn]):

Proof. By induction on the derivation of � `L M : � .

Cases (Ax) and (!) are immediate.


Cases (! E) and (^ I) follow by induction. Cases (+ I) and (�) follow from the induction hypothesis

and Lemmas 66(i) and 65(ii) respectively.

If we are in case (k I), then M � PkQ for some P and Q and, say, � `L P : � has been derived.

From the induction hypothesis, Comp(� 0; �; P [ ~N=~x]), so that by Lemma 66(ii),

Comp(� 0; �; P [ ~N=~x]kQ[ ~N=~x]);

i.e. Comp(� 0; �; (PkQ)[ ~N=~x]).

Finally, in case (! I) suppose that M � �y:P , � � �1 ! �2 and �; y: �1 ` P : �2 has been derived.

Now, if Comp(� 00; �1; Q), from the induction hypothesis

Comp(� 0 ] � 00; �2; P [Q=y; ~N=~x]):

There is no theoretical loss in assuming that y 62 FV ( ~N ) so that

P [Q=y; ~N=~x] � P [ ~N=~x][Q=y] and (�y:P [ ~N=~x])Q � ((�y:P )[ ~N=~x])Q:

By 62, it follows that Comp(� 0 ] � 00; �2; ((�y:P )[ ~N=~x])Q), and hence

Comp(� 0; �1 ! �2; (�y:P )[ ~N=~x])

being the computable term Q arbitrary. 2

Theorem68 (Approximation Theorem). For any term M , basis � and type �:

� `L M :� , 9A 2 A(M ): � `L A:�:

Proof. ()) Since, for any variable x and type � , App(fx: �g; �; x) holds, then by Lemma 64(i),

Comp(fx: �g; �; x) holds. Taking in Lemma 67 the identical substitution, the hypothesis implies

Comp(�; �;M ), and the thesis follows from Lemma 64(ii).

(() Easy from subject conversion (Theorem 49) and the de�nition of A. 2

From the Approximation Theorem it follows that any term which is typeable with a type 6= !

has an approximant which di�ers from , i.e. it is solvable. Viceversa, by Proposition 27(ii) any

solvable term has an approximant di�erent from and therefore it can be typed with a type 6= !.

Corollary69.

SOL = fM 2 �+k j 9�; � 6= !: � `L M :�g:

The Approximation Theorem is useful to state properties of the precongruence induced on terms

by the �lter �-lattice. In fact we immediately have that the �lter �-lattice is adequate with respect

to the observational semantics based on contexts.

Theorem70 (First Adequacy Theorem). The �lter �-lattice is adequate for the contextual

theory based on solvability, i.e.:

M vL N )M vO N:

Proof. Since vL is a precongruence, we immediately have that

M vL N ) 8C[ ]: C[M ] vL C[N ]:

It follows that, by Corollary 69,

C[M ] 2 SOL) 9�; � 6= !: � `L C[M ]:�

) 9�; � 6= !: � `L C[N ]:�

) C[N ] 2 SOL:2


6.2 Principal Pairs and Full Abstraction for the Capability Semantics

To prove adequacy for the semantics based on capabilities and approximants, a suitable extension

of the notion of principal type scheme (as given in [17, 40, 9]) is in order. Since we need to consider

open terms, we introduce the notion of principal pair consisting of a type and a basis. Such a

notion is based on a strati�cation of the set of approximate normal forms, to be compared with

the strati�cation of Type introduced in De�nition 40.

De�nition71 (Strati�cation of A). Let us de�ne three subsets A0;A1;A2 of A recursively:

- 2 A2;

- A 2 A1 ) �x:A 2 A0;

- m � 0; A1; : : : ; Am 2 A2 ) xA1 : : :Am 2 A0 (the �-free approximate normal forms);

- n � 1; A1; : : : ; An 2 A0 ) A1 + : : :+An 2 A1;

- n � 1; A1; : : : ; An 2 A1 ) A1k : : :kAn 2 A2:

Taking n = 1 in the clauses above, one sees that A0 � A1 � A2, and such inclusions are clearly

proper. Over each of these sets we introduce a preorder.

De�nition72. �i� Ai �Ai is the least preorder such that:

(�0) A �0 A0 if and only if one of the following holds:

{ A � �x:B;A0 � �x:B0 and B �1 B0;

{ A � xB1 : : :Bn; A0 � xB0

1 : : :B0n and 8i � n:Bi �2 B

0i;

{ A0 is �-free, x 62 FV (A0) and A �0 �x:A0x .

(�1) A1 + : : :+ An �1 B1 + : : :+Bm , 8j � m 9i � n: Ai �0 Bj .

(�2) A �2 A0 if and only if one of the following holds:

{ A � ;

{ A � B1k : : :kBn; A0 � B0

1k : : :kB0m and 8i � n 9j � m: Bi �1 B

0j .

As in the case of types, for each approximate normal form we can �nd an equivalent element

of A2. The following de�nition has to be compared with 43.

Notation. In writing A� � ki2IAi we assume that Ai 2 A1 for all i 2 I.

De�nition73. Let ( )� : A! A2 be de�ned by:

{ � =

{ (xA1 : : :An)� = xA�1 : : :A

�n (n � 0)

{ (�x:A)� =

(�x:A1k : : :k�x:An if A� = A1k : : :kAn and A� 6� (n � 1)

otherwise

{ (A+ A0)� =

(ki2I; j2J (Bi + B0

j) if A� = ki2IBi, A

� 6� and A0� = kj2JB0j , A

0� 6�

otherwise

{ (AkA0)� =

8><>:A� if A0� �

A0� if A� �

A�kA0� otherwise.

The proof of the following proposition is analogous to the proof of Proposition 44.


Proposition74. For all A;A0 2 A:

(i) A � A�;

(ii) A;A0 2 Ai; A �i A0 ) A � A0 for i = 0; 1; 2;

(iii) A � A0 ) A� �2 A0�.

The following de�nition of principal pair is a generalization to our calculus of that one given in

[17], [40], and [9], where it was used to prove the principal type property for various intersection

type disciplines.

Let Basis be the set of all bases and TV (< � ;� >) be the set of type variables which occur in

� or in �.

De�nition75.

(i) The mapping pp : A2 ! Basis � T2 is inductively de�ned by:

(a) pp() =< ;;! >;

(b) if pp(Ai) =< �i;�i >, TV (< �i;�i >) \ TV (< �j;�j >) = ; for 1 � i 6= j � n and t is

fresh, then

pp(xA1 : : :An) =< (]i�n

�i) ] fx:�1 ! : : :! �n ! tg; t > (n � 0);

(c) if pp(A) =< �; x : � ;� >, then

pp(�x:A) =< � ; � ! � >;

(d) if pp(A) =< � ;� > and x 62 FV (� ), then

pp(�x:A) =< � ;!! � >;

(e) if pp(Ai) =< �i;�i > (i = 1; 2) and TV (< �1;�1 >) \ TV (< �2;�2 >) = ;, then

pp(A1 +A2) =< �1 ] �2;�1 _ �2 >;

(f) if pp(Ai) =< �i;�i > (i = 1; 2) and TV (< �1;�1 >) \ TV (< �2;�2 >) = ;, then

pp(A1kA2) =< �1 ] �2;�1 ^ �2 > :

(ii) The set � of principal pairs is the range of the mapping pp.

(iii) A type � is principal i� < �; � >2 � for some basis � . A basis � is principal i� < �; � >2 �

for some type �.

To build a unique principal pair, in clause 75(i) (b) we assume to pick up fresh type variables

in a deterministic way.

For example we have

pp(xyy + (�z:yk�z:z)) =< x : t1 ! t2 ! t3; y : t1 ^ t2 ^ t4 ; t3 _ ((! ! t4) ^ (t5 ! t5)) > :

From the de�nition it follows immediately that the principal pair of an approximate normal form

can be deduced for it. Moreover it is easy to prove that the mapping pp agrees with the strati�cation

of types and approximate normal forms.

Proposition76. If pp(A) =< � ;� > then � `L A : � and A 2 Ai i� � 2 Ti where i = 0; 1; 2.


� turns out to be a very restricted set with closure properties which follow easily from its

de�nition.

Proposition77. Let < � ;� >2 �.

(i) Each type variable occurs exactly twice in �; �.

(ii) All types which occur in a principal basis belong to T2. Moreover they are intersections of

arrow types belonging to T0 and terminating with a type variable.

(iii) If x: �1 ! : : :! �n ! � 2 � , then for all 1 � i � n there is �i �+� such that < �i; �i >2 �.

(iv) If � � �! � , then < �; x : � ; � >2 � for all variables x.

(v) If � � �1 _ �2 or � � �1 ^ �2, then there are �1; �2 �+ � such that < �i;�i >2 � (i = 1; 2).

The types which can be deduced for a variable from a principal basis are of limited shape.

Lemma78. Let � be a principal basis.

(i) If � 2 T1 and � ` x: � , then � (x) = � ^ � for some �; � such that � 2 T0 and � �1 � .

(ii) If � _ � 2 T1 and � ` x: �1 ! : : :! �n ! � _ �, then either � ` x: �1 ! : : :! �n ! � or

� ` x: �1 ! : : :! �n ! � (n � 0).

Proof. (i) Notice that � 2 T1 implies �� .

� `L x: �

) � (x) � � by Lemma 48(i)

) � (x) �2 � by 77(ii) and Proposition 44(iii)

) 9� 2 T1; �: � (x) = � ^ � and � �1 � by De�nition 42 since � 2 T1

) 9� 2 T0; �: � (x) = � ^ � and � �1 � by 77(ii):

(ii) From (i) there are �1 2 T0; �2 such that � (x) = �1 ^ �2 and �1 �1 ��1 ! : : :! ��n ! � _ �.

Let �1 � �1 ! : : : ! �n ! �, where � 2 T0 by 77(ii). Then � �1 � _ � which implies, by

De�nition 42, either � �1 � or � �1 �. 2

The principal pair carries out the same information of the corresponding approximate normal

form. This implies that pp(A) can be deduced only for approximate normal forms which are better

than A according to the preorder �. The proof of this fact will be done in Lemma 81 using some

preliminary properties (Lemmas 79 and 80).

Lemma79. Let A 2 A, � be a principal basis, and � `L A:�.

(i) � 2 T1 implies 9A0 2 A1; A00 2 A: A � A0kA00 and � `L A0:�.

(ii) A 2 A0, and � � �1 _ �2 2 T1 imply either � `L A:�1 or � `L A:�2.

Proof. (i) If A 2 A1 it is trivial choosing A0 � A and A00 � . Otherwise, let A � A1k : : :kAm,

where Ai 2 A1 (1 � i � m). Then � `L A:� ) 9�1; : : : ; �m: � `L Ai: �i and �1^: : :^�m � �

by Lemma 48(v).

Let ��i =Vl2L �i;l (where L depends on i). Then �1^ : : :^ �m � � and � 2 T1 imply that there

exist i; l such that �i;l �1 �, by De�nition 42 and Proposition 44. Hence � `L Ai:�:

(ii) By cases on A 2 A0.

{ A � is trivial.


{ A � xA1 : : :Am (m � 0) implies by 48(iv) � `L x: �1 ! : : : ! �m ! � for some

�1; : : : ; �m, so the result follows by 78(ii).

{ A � �x:A0 implies, by Lemma 48(ii), �1 ^ : : : ^ �m � � and � `L A: �j (j � m) for

some arrow types �1; : : : ; �m. Let ��j =Vl2L(�j;l ! �j;l) (where L depends on j). We

have by De�nition 42 and Proposition 44 that �j;l ! �j;l �1 � for some j; l , since � 2 T1.

Therefore if � � �1 _�2 we have by De�nition 42 and by Proposition 44 �j;l ! �j;l �1 �1

or �j;l ! �j;l �1 �2. 2

Lemma80. Let A 2 A, �; � 0 be principal basis and � be a principal type such that � 0 �+ � and

< � 0; � >2 �. Then � `L A : � implies � 0 `L A : � .

Proof. We prove a more general statement, i.e.:

Let �; � 0; � 00 be principal basis and � be a principal type such that � 00 �+� 0 �+� and

< � 00; � >2 �. Then � `L A : � implies � 0 `L A : � .

The proof is by a principal induction on A and a secondary induction on � .

The case A � is immediate.

The case � 2 T2 � T1 follows easily by the secondary induction. In fact if � � �1 ^ �2, then

� `L A : � implies both � `L A : �1 and � `L A : �2. Moreover by 77(v) there are �1; �2 �+ � 0

such that < �i; �i >2 � (i = 1; 2).

A � xA1 : : :An and n � 0 implies by 48(iv) � `L x:�1 ! : : : ! �n ! � for some �1; : : : ; �n,

such that � `L Ai:�i for all i � n. By 78(i) � (x) = �^ � for some �; � such that � 2 T0 and

� �1 �1! : : :! �n ! � . Let � � �n+1 ! : : :! �n+m ! � 0 (m � 0), where either � 0 is a type

variable, say � 0 � t, or � 0 2 T1�T0. Then � � �01 ! : : :! �0n+m ! t with t �1 �0 and �i �2 �

0i

for i � n+m by De�nition 42. If � 0 6� t by 42 we have that � 0 = t_� 00 for some � 00. In both cases

the hypothesis < � 00; � >2 � assures us that t must occur in � 00 �+ � 0. Therefore � 0(x) = �^�0

for some �0 and we have � 0 `L x : �01! : : :! �0n+m ! � 0. � `L Ai:�i implies � `L Ai:�0i

by rule (�). By 77(iii) there are �i �+� 0 such that < �i; �0i >2 �. Therefore by the principal

induction � 0 `L Ai:�0i for all i � n. So we can conclude � 0 `L A : � .

A � �x:A0.

� 2 T0. Let � � �1 ! �2. By 77(iv) < � 00; x : �1; �2 >2 �. By Lemma 48(iii) �; x : �1 `L

A0 : �2. Therefore by the principal or the secondary induction � 0; x : �1 `L A0 : �2. By

rule (! I) we conclude � 0 `L A : � .

� 2 T1 � T0. Let � � �1 _ �2. By Lemma 79(ii) � `L A : �1 or � `L A : �2. By 77(v) there

are �1; �2 �+ � 0 such that < �i; �i >2 � (i = 1; 2). Therefore the secondary induction

applies.

A � A1 +A2 implies by 48(v) � `L A1: � and � `L A2: � . By the principal induction we have

� 0 `L A1: � and � 0 `L A2: � , so we can conclude � 0 `L A: � by rule (+ I).

A � A1kA2 implies by 48(vi) � `L A1:�1 and � `L A2:�2 for some �1; �2 such that �1^�2 � � .

We need to consider only the case � 2 T1, therefore by 42 and 44 either �1 � � or �2 � � .

In the �rst case � `L A1: � , so by the principal induction � 0 `L A1: � . The second case is

symmetric. 2


Lemma81 (Principal Pair Lemma).

If A;A0 2 A, pp(A) =< � ;� > and � `L A0 : �, then A � A0:

Proof. By cases and then by induction on the structure of A. By hypothesis A 2 A2.

Case A 2 A1. In this case � 2 T1, then by Lemma 79(i) there exists B 2 A1 and some B0 such

that A0 � BkB0 and � `L B:�. Let B = B1 + : : :+ Bn where Bi 2 A0 (1 � i � n); then

� `L Bi:� (i � n) by Lemma 48(v). We distinguish three subcases after the shape of �.

Subcase � � t. In this case we have A � xA1 : : :Am for some A1; : : : ; Am (m � 0). Moreover

by 77(i) there is only one type in � which contains the type variable t; let x: �1 ! : : :!

�m ! t 2 � . Therefore we have by De�nition 75(i)(b):

� = (]j�m

�j) ] fx:�1 ! : : :! �m ! tg and �j `L Aj : �j (j � m):

� `L Bi: t (i � n) and Bi 2 A0 imply by Lemma 48(ii) Bi � xCi;1 : : :Ci;m. Moreover

using Lemma 48(i) and (iv) � `L Ci;j: �j (i � n; j � m). This implies by Lemma 80

�j `L Ci;j: �j (i � n; j � m). So we have by induction Aj � Ci;j (j � m). Therefore

Aj � Ci;j (i � n; j � m)) A � Bi (i � n)) A � B ) A � A0:

Subcase � � � ! �. In this case A � �x:A00. If Bi � �x:B0i, it is easy by induction. If Bi is a

�-free term, then also �z:Biz 2 A0, where z is fresh, and � `L �z:Biz: � ! �. We are in

the previous case and we can prove A �0 �z:Biz, so we can conclude A �0 Bi.

Subcase � � �1 _ �2 . In this case we have A � A1 +A2 , � = �1 ] �2 and �j `L Aj : �j (j =

1; 2) by 75(i)(d). � `L Bi:� implies, by Lemma 79(ii), 9li � 2. � `L Bi: �li , since

Bi 2 A0. This implies by Lemma 80 �li `L Bi: �li . By induction, Ali � Bi, for all i � n,

which implies A � B, so we can conclude A � A0.

Case A 62 A1. In this case � � �1 ^ �2, A � A1kA2 � = �1 ] �2 and �j `L Aj : �j (j = 1; 2) . By

rule (�) we have � `L A0: �j (j = 1; 2) and this implies by Lemma 80 �j `L A0: �j (j = 1; 2).

By induction A1 � A0 and A2 � A0, so we can conclude A � A0. 2

We are �nally in place to prove:

Theorem82 (Second Adequacy Theorem).

The �lter �-lattice is adequate for the semantics based on capabilities, i.e.:

M vL N )M vA N:

Proof. We prove M 6vA N )M 6vL N . By Proposition 25(iii),

M 6vA N ) 9A 2 A(M ):A 62 A(N ):

Let pp(A�) =< � ;� >; by the Approximation Theorem, � `L M :�. Assume now � `L N :�.

Then, by the Approximation Theorem again, there exists A0 2 A(N ) such that � `L A0:�.

Hence, by the Principal Pair Lemma, A � A0 so that A 2 A(N ), which is absurd. It follows that

� 6`L N :�, so we can conclude M 6vL N . 2

We immediately have


Theorem83 (Full Abstraction Theorem). The �lter �-lattice is fully abstract for the seman-

tics based on capabilities, i.e.:

M vL N ,M vA N:

Proof. Immediate consequence of the Approximation Theorem 68 and of the Second Adequacy

Theorem 82. 2

From the Full Abstraction Theorem and the invariance of types under =a (Theorem 49), we

have that the set of approximate normal forms is invariant under =a (see Remark 26).

By the Full Abstraction Theorem, in Proposition 60 we can replace vL by vA.

Theorems 70 and 83 relate also the two operational semantics we considered: as expected vA

turns out to be a re�nement of vO.

Acknowledgments

We are very grateful to Martin Abadi, Fabio Alessi, Ste�en van Bakel, Furio Honsell and Jim

Lipton for helpful discussions about the subject of this paper. We thank also the referees for their

insighful comments.

References1. M. Abadi, \A Semantics for Static Type Inference in a Non-Deterministic Language", Info. and

Comp. 109, 1994, 300-306.

2. S. Abramsky, \On Semantic Foundations for Applicative Multiprogramming", ICALP'83, LNCS 154,Springer-Verlag, Berlin, 1983, 1-14.

3. S. Abramsky, \Domain Theory in Logical Form", Ann. of Pure and Appl. Logics 51, 1991, 1-77.

4. S. Abramsky, C.-H.L. Ong, \Full Abstraction in the Lazy Lambda Calculus", Inf. and Comp.105,1993, 159-267.

5. F. Alessi, \ Type Preorders", CAAP'94, LNCS 787, Springer-Verlag, Berlin, 1994, 37-51.

6. F. Alessi, M. Dezani-Ciancaglini, U. de'Liguoro, \Must and May convergency in Concurrent LambdaCalculus", MFCS'94, LNCS 841, Springer-Verlag, Berlin, 1994, 211-221.

7. E.A. Ashcroft, M.C.B. Hennessy, \A Mathematical Semantics for a Non-Deterministic Typed LambdaCalculus", Theor. Comp. Sci. 11, 1980, 227-245.

8. S.van Bakel, \Complete Restrictions of the Intersection Type Discipline", Theor. Comp. Sci. 102,1992, 135-163.

9. S.van Bakel, \Principal Type Schemes for the Strict Type Assignment System", J. Logic and Comp.

3(6), 1993, 643-670.

10. S.van Bakel, \Essential Intersection Type Assignment System", FSTTCS'93, LNCS 761, Springer-Verlag, Berlin, 1993, 13-23.

11. F. Barbanera, M. Dezani-Ciancaglini, U. de'Liguoro, \Intersection and Union Types: Syntax andSemantics", Info. and Comp. 119(2), 1995, 202-230.

12. H.P. Barendregt, The Lambda-Calculus: Its Syntax and Semantics, North-Holland, Amsterdam, 1984.

13. H. Barendregt, M. Coppo, M. Dezani-Ciancaglini, \A Filter Lambda Model and the Completenessof Type Assignment", J.Symbolic Logic 48, 1983, 931-940.

14. G. Boudol, \Semantique Operationelle et Algebrique des Programmes Recursifs Non-Deterministes",Th�ese d'Etat, Universit�e de Paris VII, 1980.

15. G. Boudol, \Toward a Lambda-calculus for Concurrent and Communicating Systems", TAPSOFT'89,LNCS 351, Springer-Verlag, Berlin, 1989, 149-161.


16. G. Boudol, \A Lambda Calculus for (Strict) Parallel Functions", Info. and Comp. 108, 1994, 51-127.

17. M.Coppo, M. Dezani-Ciancaglini, B.Venneri, \Principal Type Schemes and �-calculus Semantics", ToH.B.Curry, Essays on Combinatory Logic, Lambda Calculus and Formalism, Academic Press, NewYork, 1980, 535-560.

18. M.Coppo, A.Ferrari, \Type Inference, Abstract Interpretation and Strictness Analysis", Theor.

Comp. Sci. 121, 1993, 113-144.

19. M. Dezani-Ciancaglini, U. de'Liguoro, A. Piperno, \Filter Models for a Parallel and Non-Deterministic�-calculus", MFCS'93, LNCS 711, Springer-Verlag, Berlin, 1993, 403-412.

20. M. Dezani-Ciancaglini, U. de'Liguoro, A. Piperno, \Fully Abstract Semantics for Concurrent �-calculus", TACS'94, LNCS 789, Springer-Verlag, Berlin, 1994, 16-35.

21. G.Gonthier, J.J. L�evy, P.A.Melli�es, \An Abstract Standardization Theorem", LICS '92, IEEE Com-puter Soc. Press, Silver Spring, 1992, 72-81.

22. M. Hennessy, \A Fully Abstract Denotational Model for Higher-Order Processes", Info. and Comp.

112(1), 1994, 55-95.

23. R. Hindley, \The Completeness Theorem for Typing �-terms", Theor. Comp. Sci. 22, 1983, 1-17.

24. R. Hindley,\The Simple Semantics for Coppo-Dezani-Sall�e Type Assignment", Int. Symp. on Prog.,LNCS 137, Springer-Verlag, Berlin, 1982, 212-226.

25. R. Hindley, G. Longo, \Lambda Calculus Models and Extensionality", Z. Math. Logik 26, 1980,289-310.

26. T.P.Jensen, \Disjunctive Strictness Analisys", LICS '92, IEEE Comp. Soc. Press, Silver Spring, 1992,174-185.

27. J.L. Krivine, Lambda-calcul, types et mod�eles, Masson, Paris 1990.

28. J.J. L�evy, \An Algebraic Interpretation of the ��K-calculus and a Labelled �-calculus", �-calculusand Computer Science Theory, LNCS 37, 1975,147-165 .

29. U. de' Liguoro, \Non-deterministic Untyped �-calculus", PhD Thesis, Un. di Roma I, 1991.

30. U. de' Liguoro, A. Piperno, \Must Preorder in Non-deterministic Untyped �-calculus", Info. and

Comp. 122(2), 1995, 149-177.

31. R. Milner, \Functions as Processes", J. Math. Struc. in Comp. Sci. 2(2), 1992, 119-142.

32. R. Milner, J.G. Parrow, D.J. Walker, \A Calculus of Mobile Processes, Part I" Info. and Comp.

100(1), 1992, 1-40.

33. J.H. Morris, Lambda Calculus Models of Programming Languages, Dissertation, M.I.T. 1968.

34. C.-H.L. Ong, \The Lazy �-Calculus : an Investigation into the Foundations of Functional Program-ming", Ph.D. Thesis , University of London, 1988. Also Prize Fellowship Dissertation, Trinity College,Cambridge.

35. C.-H.L. Ong, \The Concurrent Lambda Calculus 1: a General Precongruence Theorem for ApplicativeBisimulation", Unpublished Manuscript, Cambridge University Computer Laboratory, 1992.

36. C.-H.L. Ong, \Non-Determinism in a Functional Setting", LICS '93, IEEE Computer Soc. Press,Silver Spring, 1993, 275-286.

37. G.D. Plotkin, \LCF Considered as a Programming Language", Theor. Comp. Sci. 5, 1977, 223-256.

38. G.D. Plotkin, \A Powerdomain Construction", SIAM J. of Comp. 3, 1976, 452-487.

39. G. D. Plotkin, \A Semantics for Static Type Inference", Info. and Comp. 109, 1994, 256-299.

40. S.Ronchi della Rocca, B.Venneri, \Principal Type Schemes for an Extended Type Theory", Theor.Comp. Sci. 28, 1984, 151-169.

41. D. Sangiorgi, \The Lazy �-calculus in a Concurrency Scenario", LICS'92, IEEE Computer Soc. Press,Silver Spring, 1992, 102-109.

42. D. Scott, \Domains for Denotational Semantics", ICALP'82, LNCS 140, Springer-Verlag, Berlin,1982, 577-613.

43. M.B. Smyth, \Power Domains", J. Comp. Sys. Sci. 16, 1978, 23-36.


44. B. Thomsen, \ Calculi for Higher-Order Communicating Systems", Ph.D. Thesis, Imperial College,1990.

45. C.P. Wadsworth, \ The Relation between Computational and Denotational Properties for Scott'sD1-models of the Lambda Calculus", SIAM J. of Comp. 5, 1976, 488-521.

filter models for conjunctive-disjunctive λ-calculi

Documents