Dipartimento di Informatica Università degli Studi di Verona

Size: px

Start display at page:

Download "Dipartimento di Informatica Università degli Studi di Verona"

Shana Hardy
5 years ago
Views:

1 Dipartimento di Informatica Università degli Studi di Verona Rapporto di ricerca Research report 40/2006 On the observational theory of the CPS-calculus Massimo Merro Corrado Biasi

3 Dipartimento di Informatica Università degli Studi di Verona Rapporto di ricerca Research report April 2006 (revised version) 40/2006 On the observational theory of the CPS-calculus Massimo Merro Dipartimento di Informatica, Università di Verona, Italy Corrado Biasi Department of Computer Science, Queen Mary University of London, UK Questo rapporto è disponibile su Web all indirizzo: This report is available on the web at the address:

4 Abstract We study the observational theory of Thielecke s (recursive) CPS-calculus, a target language for CPS transforms designed to bring out the jumping, imperative nature of continuationpassing. We define a labelled transition system for the CPS-calculus from which we derive a (weak) labelled bisimilarity that completely characterises Morris context-equivalence. We prove a context lemma showing that Morris context-equivalence coincides with a simpler contextequivalence closed under a certain class of contexts. Then we profit of the determinism of the CPS-calculus to give a simpler labelled characterisation of Morris equivalence, resembling Abramsky s applicative bisimilarity. We enhance our bisimulation proof-methods with up-to bisimilarity and up-to context proof techniques. We use our bisimulation proof techniques to study the algebraic theory of the CPS-calculus proving two new algebraic laws that we conjecture cannot be derived using the original axiomatic semantics for the CPS-calculus. Finally, we prove the full abstraction of Thielecke s encoding of the CPS-calculus into a fragment of Fournet and Gonthier s Join-calculus with single pattern definitions.

5 Introduction Continuations represent a fundamental concept in the semantics of programming languages. In functional languages, a continuation is a parameter of a function that represents the rest of the computation [49, 50]. Functions taking continuations as arguments are called functions in Continuation-Passing Style (briefly CPS functions), and have a special syntactic form: they terminate their computation by passing the result to the continuation. A fairly vast literature on functional programming studies transformations of functions into CPS functions. They are called CPS transforms. CPS transforms, as syntactic technique for introducing continuations, were first published by Fisher [10] and studied in detail by Plotkin in his seminal paper on call-by-name and call-by-value λ-calculus [39]. Plotkin showed that the evaluation of CPS programs produces correct outputs and that this evaluation yields the same results under call-by-value and call-by-name. Moreover, he established the soundness and the incompleteness of the call-by-value λ-calculus for reasoning about CPS programs. More recently, Sabry and Felleisen [41] proved the completeness of an optimised version of Fisher s CPS transform, in an untyped setting. A similar result, but relying on types, has been proved by Führmann and Thielecke [12]. The target language of CPS transforms is usually a simple subset of the λ-calculus that admits a very imperative reading in terms of jumping [48]. Thielecke [51] proposed a target language called CPS-calculus, similar to the intermediate language of Appel s compiler [3], designed to bring out the jumping, imperative nature of the continuation-passing. Thielecke showed that the more traditional CPS transforms factorise through his calculus. The CPS-calculus comes equipped with an axiomatic semantics defined as the congruence induced by four simple axioms. Merro and Sangiorgi [26] proved the soundness of those axioms with respect to Milner and Sangiorgi s barbed congruence [32], a standard branchingtime contextually-defined behavioural equality. Thielecke provided also a categorical account of the structure inherent in first-class continuations building a term model, from the syntax of the CPS-calculus, as an instance of the categorical framework. A more recent account of the state of the art of the axiomatic and categorical semantics in a simply-typed call-by-value setting can be found in [12]. In the current paper we study the observational theory of the recursive CPS-calculus (although our results can be adapted to other variants of the calculus). More precisely, we are interested in establishing when two CPS-term have the same observable behaviour, that is, they are indistinguishable in any context. Behavioural equivalences are fundamental for justifying program transformations performed either by programmers, during system development, or by the optimising phases of compilers. A standard notion of behavioural equality is Morris context-equivalence [33]. The definition of Morris equivalence is simple and intuitive; inn practise, however, it is difficult to use as the quantification on all contexts is a heavy proof obligation. Simpler proof techniques are based on labelled bisimilarities [36, 28], which are co-inductive relations that characterise the behaviour of processes using a labelled transition system (abbreviated, LTS). 1

6 Contribution The contribution of the paper includes the following. In Section 2 we define a labelled transition system for the CPS-calculus, in the SOS style of Plotkin [40], which captures the possible interactions of a term with its environment, represented by external jumps. We prove that the LTS-based semantics coincides with the reduction semantics modelling the dynamics of the calculus in terms of internal jumps. In Section 3, we define a (weak) labelled bisimilarity in delay style [53, 44], resembling the formulation of Sangiorgi s context bisimulation for Higher-Order π-calculus [44]. We prove that our labelled bisimilarity completely characterises Morris context-equivalence. Notice that, in general, congruence proofs for higher-order bisimulations are quite hard, in particular when the syntax of the calculus is very rigid; we believe that our proof is quite simple and hence interesting in itself. Then, as simple corollary, we derive a context lemma showing that Morris contextequivalence coincides with a simpler contextually-based equivalence closed only under a certain class of contexts. Moreover, we profit of the determinism of the CPS-calculus to prove a simpler characterisation of Morris context-equivalence, resembling Abramksy s applicative bisimilarity [1]. In Section 3.2, we enhance our proof methods by providing up-to context proof techniques for both bisimilarities. Up-to contexts proof techniques are very effective to reduce the size of the candidate bisimulation. In particular, this proof technique is very useful when working with contextual bisimulations for factoring out the universally quantified processes provided by the environment (see, for instance, the proof of the algebraic law of Theorem 4.1(2)). In Section 4 we study the algebraic theory of the CPS-calculus. We use our bisimulationbased proof techniques to prove, in a very effective manner, two algebraic laws that we conjecture cannot be derived using Thielecke s axiomatic semantics. We also prove that the looping operator (proposed at pag. 94 of [51]), introduced categorically as a dinatural transformation [24], is not well-defined. This operator was meant as a step toward the definition of a term model from the recursive CPS-calculus. Finally, we study Thielecke s encoding of the CPS-calculus into the π-calculus [51]. An interpretation of a calculus is said to be sound if it equates only operational equivalent terms, complete if it equates all operationally equivalent terms, and fully abstract if it sound and complete. Merro and Sangiorgi proved the soundness of Thielecke s encoding with respect to barbed congruence, when considering as target language the Localised π-calculus [26]. Here, we prove the full abstraction of the encoding when considering as target language a fragment of Fournet and Gonthier s Join-calculus [11] with single pattern definitions. 2

7 1 The CPS-calculus 1.1 Syntax and reduction semantics The CPS-calculus is very simple and low-level: only variables can be passed as arguments, moreover application is like a jump, with variables as argument. The terms of the CPScalculus are given by the following grammar: M, N ::= a b M{a b N} where lowercase letters a, b, c,... range over variables (names) and uppercase letter L, M, N,... range over terms. The intended meaning is that a b is a jump to the continuation a with actual parameter b, while M{a b N} binds the continuation with body N and formal parameter b to a in M. We study the monadic and recursive variant of the calculus, in that jumps have a single argument, and in a term M{a b N} the sub-term N may refer to itself under a. More precisely, in a term M{a b N} the scope of variable a comprehends both M and N, while that of b extends to N only. All results can be extended to the polyadic or non-recursive variant of the CPS-calculus, unless differently stated. The set of free variables fv(m) of a CPS term M is defined as follows. fv(a b ) def = {a, b} fv(m{a b N}) def = (fv(m) \ {a}) (fv(n) \ {a, b}) We write fv(m, N) as an abbreviation for fv(m) fv(n). In a jump a b we say that a is in subject and b in object position. The function fvsp( ) returns the set of free variables appearing in subject position. We write M[a/b] for the capture avoiding substitution of b for a in M. So, alpha-conversion can be formally defined by the following two equations M{a b N} = M{a c N[c/b]} for c fv(n) M{a b N} = M[c/a]{c b N[c/a]} for c fv(m) fv(n). We will identify processes up to alpha-conversion. We propose the reduction semantics of [26] which is a slight variant of the operational semantics given by Thielecke. For this purpose, notice that every CPS-term is in the form a b {a 1 b 1 M 1 }... {a n b n M n } for some n 0. This allows us to model the behaviour of CPS-terms by means of just one (global) reduction rule: a i b {a 1 b 1 M 1 }... {a i b i M i }... {a n b n M n } M i [b/b i ]{a 1 b 1 M 1 }... {a i b i M i }... {a n b n M n } where 1 i n and a j fv(m i ) for 1 j < i. We denote with the reflexive and transitive closure of. 3

8 1.2 Behavioural semantics In an operational semantics, two terms are deemed equivalent if they have the same observable behaviour in all contexts. In the CPS-calculus the notion of observability is represented by the external jump that a term may perform after some possible internal jumps. We define an observability predicate a, for each variable a, which detects the possibility of a term to interact with the environment via a. For instance, in a jump of the form a b, we can observe (the occurrence of a jump to) a, whereas the argument b does not play any direct role. More generally, a free variable in the leftmost position can be observed. Definition 1.1 (Observability) Let M be a term of the CPS-calculus and a be a name, we write M a if there are names b, a 1, b 1,..., a n, b n, for some integer n 0 with a a i for every 1 i n, such that M = a b {a 1 b 1 M 1 }... {a n b n M n }. We write M a if there exists a CPS-term N such that M N a. In order to define contextually-based equivalences we need to specify what is a context. A (monadic) context C[ ] is a CPS-term with a hole, denoted by [ ]. CPS-contexts are generated by the following grammar: C[ ] ::= [ ] C[ ]{a x M} M{a x C[ ]}. A static context is a context that can be generated only using the first two productions of the grammar above. Now, everything is in place to define Morris context-equivalences for the CPS-calculus. Definition 1.2 (Observational equalities) Let M and N be two CPS terms. We say that M and N are observational equivalent, written M N, if for all static contexts C[ ] and variables a, it holds that C[M] a iff C[N] a ; they are observationally congruent, written M = N, if for all contexts C[ ] and variables a, it holds that C[M] a iff C[N] a. Obviously, =. Notice that, as the CPS-calculus is deterministic (and hence confluent), observational congruence (respectively, observational equivalence) coincides with Milner and Sangiorgi s barbed congruence (respectively, barbed equivalence). 1.3 Axiomatic semantics The original semantics [51] of the CPS-calculus is given in terms of an axiomatic semantics defined as the congruence induced by the following four axioms: (DISTR) L{a b M}{c d N} L{c d N}{a b M{c d N}} where a c and a, b fv(n) (GC) a b {c d N} a b, where c fv(a b ) (JMP) a b {a c N} N[b/c]{a c N} (ETA) M{a b c b } M[c/a] where a c. 4

9 Table 1 Labelled Transition System for the CPS-calculus (Jmp) x fv(a b ) a x M a b M[b/x]{a x M} (Tau) a x N M M M{a x N} M (Cxt Tau) M M M{a x N} M {a x N} (Cxt Jmp) a x N M M {a x N} a b b fv(n) M{b y O} a x N M {b y O}{a x N} The (JMP) axiom is in some sense what drives the computation. In fact our reduction rule can be seen as a contextual variant of the (JMP) axiom. The axiom (GC) allows us to garbage unreachable definitions, whereas (DISTR) is a kind of structural law similar to those for process calculi [30]. Most of the axioms above appear in [3]. We write CPS M N to denote that the equality M N can be derived by the axiomatic semantics. The axiomatic semantics is sound with respect to barbed congruence, and hence also with respect to observational congruence. Theorem 1.3 (Merro and Sangiorgi [26]) Let M and N be two CPS-terms. Then, CPS M N implies M = N Remark 1.4 Notice that the axiomatic semantics is meant to be the least equality on CPSterms that one would wish to impose, while observational equivalence is arguably the greatest such notion one could consider. 2 A Labelled Transition System In Table 1, we provide a labelled transition system (LTS) for the CPS-calculus. Transitions are of the form M α M in which α can be either, to model internal jumps, or a x N, for some variable a and CPS-term N, to model external jumps. In particular, the observable action a x N model the capability to perform an external jump a b, for some parameter b. Notice that our actions do not mention the argument of the jump (in this case b), although such argument has its influence on the derivative M. Intuitively, in a transition M a x N M the action a x N codifies the discriminating context [ ]{a x N} with which M can interact. This context then becomes part of the derivative of the transition. The main inference rules are (Jmp) and (Tau) modelling external and internal jumps, respectively. Rules (Cxt Jmp) and (Cxt Tau) are their contextual counterparts. 5

10 We define weak transitions in delay style [53, 44] where = denotes the reflexive and transitive closure of ; α == stands for =, α and ˆα == for α == if α, and for = if α =. Unlike first-order process-calculi, like CCS [28] and π-calculus [31], our LTS is necessarily higher-order to properly model the interaction with the environment while preserving the determinism of the calculus. Proposition 2.1 (Derivation closure) Let M be a CPS-term. If M still a CPS-term. α M then M is Proof By a simple transition induction. Proposition 2.2 (Determinism) Let M be a CPS-term. Then only one of the following two cases applies. 1. M may perform at most one transition of the form M M, for some term M. 2. Fixed an arbitrary term L, the term M may perform at most one transition of the form M a x L M, for some variable a and term M. Proof By the definition of the LTS and because every CPS-term is in the form a b {a 1 b 1 M 1 }... {a n b n M n }. An easy consequence of the determinism of the calculus, and in particular of Lemma 2.2(1), is the insensitiveness of behavioural equalities to -actions. Lemma 2.3 (Insensitiveness to -actions) Let M be a CPS-term. If M M = M. M then We end this section showing that the LTS-based semantics coincides with the reduction semantics of Section 1.1 Theorem 2.4 Let M and N be two CPS-terms. Then, 1. M a iff M a x L M {a x L} for some CPS-terms L and M 2. M N iff M N. Proof 1. Let us consider the implication from left to right. If M a then, by definition, there are names b, a 1, b 1,..., a n, b n, for some integer n 0, with a a i for every 1 i n, such that M = a b {a 1 b 1 M 1 }... {a n b n M n }. By an application of rule (Jmp) and n applications of rule (Cxt Jmp) we get the required derivation. Let us prove the implication from right to left. We do induction on the length of the derivation of a a x L action. 6

11 Suppose that a b a x L L[b/x]{a x L} then a b a. Suppose that M{b y O} a x L M {b y O}{a x L} because M a x L M {a x L}, with a b and b fv(l), by an application of rule (Cxt Jmp). By inductive hypothesis M a, and since a b we also have M{b y O} a. 2. Let us start with the implication from left to right. The only reduction rule is a i b {a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n } M i [b/b i ]{a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n }. Now, by applying in sequence, the rule (Jmp), i 1 times the rule (Cxt Jmp), one time the rule (Tau), and n i times the rule (Cxt Tau), we get a i b {a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n } M i [b/b i ]{a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n }. For the implication from right to left we do rule induction on the derivation M N. Suppose that M{a x N} M by an application of rule (Tau) with premise M a x N M. By Item 1 of this theorem we have M a. By Definition 1.1 it follows that M = a b {a 1 b 1 M 1 }... {a n b n M n } with As a consequence, M = N[b/x]{a 1 b 1 M 1 }... {a n b n M n }{a x N}. a b {a 1 b 1 M 1 }... {a n b n M n }{a x N} N[b/x]{a 1 b 1 M 1 }... {a n b n M n }{a x N} and hence M{a x N} M. Suppose that M{a x N} M {a x N} by an application of rule (Cxt Tau) with premise M M. By inductive hypothesis M M which is a reduction of the form: This implies a i b {a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n } M i [b/b i ]{a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n } a i b {a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n }{a x N} M i [b/b i ]{a 1 b 1 M 1 }...{a i b i M i }...{a n b n M n }{a x N} 7

12 and therefore M{a x N} M {a x N}. 3 Bisimulation proof methods In this section we propose two labelled characterisations of Morris context-equivalence. We then prove a context lemma showing that static contexts have the same discriminating power as full contexts. As a consequence, observational congruence and observational equivalence coincide. Finally, we enhance our proof methods with up-to context proof techniques. 3.1 A labelled characterisation of Morris context-equivalence Starting from the labelled transition system we can define our notion of bisimulation for CPS-terms. Definition 3.1 (Bisimulation) A symmetric relation S on CPS-terms is a bisimulation if whenever M S N and M α M there exists a CPS-term N such that N == ˆα N and M S N. Two CPS-terms M and N are bisimilar, written M N if there is some bisimulation S such that M S N. It is easy to show that is an equivalence relation. In order to show that our bisimilarity characterises the observational congruence we first prove the completeness of the bisimilarity with respect to the observational equivalence (and not the observational congruence). Notice that in general such a result does not hold when dealing with bisimilarities in delay style [53, 44]; however, in our case, Lemma 2.3 on -insensitiveness allows us to easily prove the result. Lemma 3.2 (Completeness of w.r.t. ) Let M and N be two CPS-terms. Then M N implies M N. Proof We prove that the relation is a bisimulation. Let M S N. S def = { ( M, N ) : M N} Suppose that M M. By Lemma 2.3 we have M = M and hence also M M. Now, let us choose as matching transition N = N. By transitivity of it follows that M S N, as required. a x L Suppose that M M {a x L}. By Theorem 2.4(1) we have M a. As M N we also have N a. By several applications of Theorem 2.4 we have N ===== a x L N {a x L}. As M N and is preserved by all static contexts, we also have M{a x L} N{a x L}. As M a x L M {a x L} and N ===== a x L 8

13 N {a x L}, by several applications of rules (Tau) and (Cxt Tau) we have M{a x L} M {a x L} and N{a x L} = N {a x L}. By applying Lemma 2.3 on the two derivations we obtain M {a x L} N {a x L}, as required. As regards the soundness, the main difficulty resides in proving that is preserved by all contexts. A direct proof of that is far from trivial, due to the quite rigid syntax of the calculus. To this purpose we define an up-to (weak) bisimilarity proof technique. It is well known that such proof techniques are in general non sound [46, 28]; so we will provide a more robust definition that abstracts over weak bisimilarity only on observable actions. Definition 3.3 (Bisimulation up to ) A symmetric relation S over CPS-terms is bisimulation up to if M S N implies, 1. Whenever M M then, for some N, N = N and M S N 2. Whenever M α M, α, then, for some N, N α == N and M S N. Lemma 3.4 If S is a bisimulation up to then S. Proof It suffices to prove that the symmetric relation S is bisimulation. Let L and O be two CPS-terms such that L S O. This means that there are M and N such that L M S N O. There are two cases. 1. Suppose L L. As L M, there is M such that M = M and L M. As M S N, if M = M then there is N such that N = N and M S N. Finally, as N O, if N = N then there is O such that O = O and N O. Summarising we have L S O, as required. 2. Suppose L α L. As L M, there are M and M such that M = M α M and L M. As M S N, if M = M then there is N such that N = N and M S N. As a consequence, if M α M then there are N and N such that N = N α N and M S N. Finally, as N O, if N = α N then there are O and O such that O = O α O and N O. By transitivity of we have L S O, as required. Now, everything is in place to prove that is a congruence. Our proof relies on the axiom (DISTR) for permuting definitions and the axiom (ETA) for encoding substitutions. We then use Theorem 1.3 and Lemma 3.2 to validate these two axioms with respect to bisimilarity. The proof combines our up-to-bisimilarity proof technique together with Howe s method. Notice that we prove the two statements of Lemma 3.5 separately, by applying Howe s method only in the first case. Had we used Howe s method also for the second statement, then we could not conclude the proof as we would need to apply the up-to-bisimilarity technique when dealing with -actions. Lemma 3.5 ( is preserved by all contexts) Let M and N be two CPS-terms such that M N. Then, 9

14 1. M{a b O} N{a b O} for all terms O and variables a and b. 2. O{a b M} O{a b N} for all terms O and variables a and b. Proof Let us prove that M{a b O} N{a b O} first. Let S be the least symmetric relation inductively defined as follows: S M S N implies M{a x O} S N{a x O}, for all variables a and terms O. We prove that S is a bisimulation up to, by induction on why two terms M and N are in S. The case when M N follows by definition. Suppose that M{a x O} S N{a x O} because M S N. We do induction on the derivation M{a x O} α M. Let M{a x O} M =M {a x O}, by an application of rule (Cxt Tau), because M M. By inductive hypothesis M S N, hence there is N such that N = N with M S N. By several applications of rule (Cxt Tau), we get N{a x O} = N {a x O}. By definition of S it follows that ( M {a x O}, N {a x O} ) S. Let M{a x O} M, by an application of rule (Tau), because M By inductive hypothesis M S N, hence there is N such that N a x O a x O M. ===== N and M S N. By several applications of rule (Cxt Tau) and one application of rule (Tau) we have N{a x O} = N, with M S N, as required. b y O Let M{a x O} M, by an application of rule (Cxt Jmp), because M M {b y O }, with M = M {a x O}{b y O }. b y O By inductive hypothesis M S N, and there is N s.t. N b y O ===== N {b y O } with M {b y O } S N {b y O }. By applying rules (Cxt Tau) and (Cxt Jmp) we get N{a x O} To conclude this case we have to prove that b y O ===== N {a x O}{b y O }. M {a x O}{b y O } S N {a x O}{b y O }. As M b y O M {b y O }, by applying rule (Tau) we obtain M{b y O } M {b y O }. 10

15 By an application of rule (Cxt Tau) we get M{b y O }{a x O{b y O }} M {b y O }{a x O{b y O }}. By Lemmas 2.3, the inclusion of =, and Lemma 3.2 it follows that M{b y O }{a x O{b y O }} M {b y O }{a x O{b y O }} (1) With a similar reasoning, from N ===== b y O N {b y O }, by several applications of rules (Cxt Tau) and one application of rule (Tau) we get N{b y O } = N {b y O }. By several applications of rule (Cxt Tau) we obtain N{b y O }{a x O{b y O }} = N {b y O }{a x O{b y O }}. By Lemmas 2.3, the inclusion =, Lemma 3.2, and the transitivity of it follows that N{b y O }{a x O{b y O }} N {b y O }{a x O{b y O }} (2) By applying in sequence, axiom (DISTR), Theorem 1.3, the inclusion =, and Lemma 3.2 we get M {b y O }{a x O{b y O }} M {a x O}{b y O } (3) N {b y O }{a x O{b y O }} N {a x O}{b y O } (4) By inductive hypothesis M S N. By construction S is closed under static contexts, and hence: M{b y O }{a x O{b y O }} S N{b y O }{a x O{b y O }}. Finally, using the equivalences (1), (2), (3), and (4), and the transitivity of we derive as required. M {a x O}{b y O } S N {a x O}{b y O } Now, we prove that M N implies O{a x M} O{a x N}. We will show that the relation S def = { ( O{a x M}, O{a x N} ) : for all a, M, N, O such that M N} is a bisimulation up to. We do a case analysis on the action O{a x M} Let O{a x M} O {a x M}, because O (Cxt Tau). This case is easy. 11 α M. O by an application of rule

16 Let O{a x M} for some variable b and some context M, by an application of rule (Tau), because O Then there is N such that a x M C[M[b/x]]{a x M} = M, C[ ] = [ ]{a 1 x 1 M 1 }... {a n x n M n }. O a x N C[N[b/x]]{a x N} = N and hence, by an application of rule (Tau), we have O{a x N} N. As M N, by applying the first part of the current lemma we derive M{x y b y } N{x y b y }. By applying in sequence the axiom (ETA), Theorem 1.3, the inclusion =, and Lemma 3.2 we obtain: M[b/x] M{x y b y } N[b/x] N{x y b y }. By the transitivity of we derive M[b/x] N[b/x]. As C[ ] is a static CPS context, by several applications of the first part of the current lemma we obtain C[M[b/x]] C[N[b/x]] and hence also M N. So, M S N, as required. Suppose that O{a x M} b y L b y L M, by an application of rule (Cxt Jmp), because O O {b y L} with M = O {a x M}{b y L}. By an application of rule (Cxt Jmp), we have O{a x N} b y L N, with N = O {a x N}{b y L}. By applying in sequence the axiom (DISTR), Theorem 1.3, the inclusion =, and Lemma 3.2 we obtain: O {a x M}{b y L} O {b y L}{a x M{b y L}} O {a x N}{b y L} O {b y L}{a x N{b y L}} As M N, by Item (1) of this lemma we also have M{b y L} N{b y L}. As a consequence, O {a x M}{b y L} S O {a x N}{b y L} as required. 12

17 We can now prove the characterisation result. Theorem 3.6 (Characterisation of =) Let M and N be two CPS-terms. Then M N iff M = N. Proof As to the implication from left to right, by Lemma 3.5 we have C[M] C[N], for all contexts C[ ]. By Definition 3.1 and Theorem 2.4 we derive C[M] a iff C[N] a, as required. The implication from right to left follows from Lemma 3.2 and the fact that =. An easy consequence of the previous result and Lemma 3.2 is the following. Theorem 3.7 (Context lemma) On CPS-terms the relations and = coincide. As our equivalences are insensitive to -actions (by Lemma 2.3) we can simplify the definition of bisimulation by removing the clause on -actions. In this manner we basically get a kind of applicative bisimilarity. Definition 3.8 (Applicative bisimilarity) A symmetric relation S on CPS-terms is an applicative bisimulation if whenever M S N and M == α M, α, then there exists a CPS-term N such that N == α N and M S N. Two CPS-terms M and N are applicative bisimilar, written M A N, if there is some applicative bisimulation S such that M S N. In general, applicative bisimulations are smaller in size than bisimulations as they allow us to collapse terms that differs only for -actions. Proposition 3.9 The applicative bisimilarity is an equivalence relation. Theorem 3.10 On CPS-terms the relations and A coincide. Proof Let us prove that A. We show that the relation S def = {(M, N) : M N} is an applicative bisimulation. Let M S N and M == M, α. Then, by definition there is M such that M = M α M. By Lemma 2.3 and Lemma 3.2 we have M M N. As M N there is N such that N == α N and M N, as required. Let us prove now that A. We show that the relation is a bisimulation. Let M S N. S def = {(M, N) : M A N} 1. If M M, then by Lemma 2.3, Lemma 3.2, and the inclusion A we derive M A M. As matching transition we choose N = N. By M A N and the transitivity of A we obtain M S N, as required. 2. If M α M, as M A N, there is N such that N α α == N and M A N, as required. 13

18 Recapitulating, all behavioural equivalences defined up to now coincide. Corollary 3.11 On CPS-terms the relations =,,, and A coincide to each other. 3.2 Up-to context proof technique In this section we introduce up-to context proof techniques [47, 45] for both bisimilarity and applicative bisimilarity. When comparing terms in higher-order calculi, (equipped with a higher-order LTS) up-to context proof techniques reveals to be very useful to reduce the size of the candidate bisimulation. Intuitively these techniques allow us to strip off a common context from the terms under consideration. Definition 3.12 (Bisimulation up to context and up to ) A symmetric relation S over CPS-terms is a bisimulation up to context and up to if whenever M S N and M == α M, there is a term N such that N == ˆα N and there is a static context C[ ], and terms M and N such that M C[M ], C[N ] N and M S N. To prove the soudness of the above proof technique we need a technical lemma. Lemma 3.13 Let R be a bisimulation up to context and up to. If M R N and for some static context C[ ] and term M α it holds that C[M] M, then there exists a term N ˆα such that C[N] == N and there are a static context C [ ] and terms M and N such that M C [M ], C [N ] N and M R N. Proof Let R be a bisimulation up to context and up to. Suppose that (M, N) R and α that C[M] M for some static context C[ ] def = [ ]{a 1 x 1 M 1 }... {a n x n M n }. We decompose the transition C[M] α M, distinguishing two cases. 1. The transition is performed by M, that is, M α M. depending on α. There are two sub-cases (a) Let M M. By several applications of rule (Cxt Tau) we derive M = C[M ]. As (M, N) R there is N such that N = N and there is a static context C [ ], and terms M and N such that M C [M ] and N C [N ] with (M, N def ) R. Let D[ ] = C[C [ ]]. D[ ] is a static context. As M C [M ] and is preserved by all contexts M = C[M ] C[C [M ]] = D[M ]. As N = N, by several applications of rule (Cxt Tau) we have C[N] = C[N ] with C[N ] C[C [N ]] = D[N ]. To conclude, we recall that (M, N ) R. (b) Let M a x L M = ˆM{a x L}, for some a, L and ˆM. By several applications of rule (Cxt Jmp) we derive M = C[ ˆM]{a x L}. As (M, N) R there is N such that N ===== a x L N = ˆN{a x L} and there is a static context C [ ], and terms M and N such that M C [M ] and 14

19 a x L N C [N ] with (M, N ) R. As N ===== N, by several applications of a x L rules (Cxt Tau) and (Cxt Jmp), we have C[N] ===== N = C[ ˆN]{a x L}. Let Ĉ[ ] def = [ ]{a 1 x 1 M 1 {a x L}}... {a n x n M n {a x L}}. By applying n times the axiom (DISTR) (to shift {{a x L} at the extreme left), Theorem 1.3, the inclusion =, Lemma 3.2 and Lemma 3.5 we obtain: C[ ˆM]{a x L} Ĉ[ ˆM{a x L}]. As ˆM{a x L} = M C [M ] and is preserved by all contexts, it follows that Ĉ[ ˆM{a x L}] Ĉ[C [M ]]. With a similar resoning we derive: C[ ˆN]{a x L} Ĉ[ ˆN{a x L}] Ĉ[C [N ]]. def Let D[ ] = Ĉ[C [ ]]. D[ ] is a static context. By the transitivity of we obtain M D[M ], N D[N ] and (M, N ) R. 2. The transition is due to an interaction between M and the context C[ ]. More precisely, M a i x i M i M = ˆM{a i x i M i }, for some 1 i n. By i 1 applications of rule (Cxt Jmp) we have M{a 1 x 1 M 1 }... {a i 1 x i 1 M i 1 } a i x i M i ˆM{a 1 x 1 M 1 }... {a i 1 x i 1 M i 1 }{a i x i M i }. By an application of rule (Tau) we have M{a 1 x 1 M 1 }... {a i x i M i } ˆM{a 1 x 1 M 1 }... {a i x i M i } and by n i applications of rule (Cxt Tau) we have M = C[ ˆM]. As (M, N) R there is N such that N a i x i M i ======= N = ˆN{a i x i M i } and there is a static context C [ ], and terms M and N such that M = C [M ] and N C [N ] with (M, N ) R. As N a i x i M i ======= N, by i 1 applications of rule (Cxt Jmp), and n i applications of rule (Cxt Tau) we have C[N] = N = C[ ˆN]. Let Ĉ[ ] def = [ ]{a 1 x 1 M 1 {a i x i M i }}... {a i 1 x i 1 M i 1 {a i x i M i }}{a i+1 x i+1 M i+1 }... {a n x n M n }. 15

20 By applying i 1 times the axiom (DISTR) (to shift {a i x i M i } at the extreme left), Theorem 1.3, the inclusion =, Lemma 3.2 and Lemma 3.5 we obtain: C[ ˆM] Ĉ[ ˆM{a i x i M i }]. As ˆM{a i x i M i } = M C [M ] and is preserved by all contexts, it follows that Ĉ[ ˆM{a i x i M i }] Ĉ[C [M ]]. With a similar reasoning we derive C[ ˆN] Ĉ[ ˆN{a i x i M i }] Ĉ[C [N ]]. def Let D[ ] = Ĉ[C [ ]]. D[ ] is a static context. By the transitivity of we obtain M D[M ], N D[N ] and (M, N ) R. Corollary 3.14 Let R be a bisimulation up to context and up to. If M R N and for some static context C[ ] and term M α it holds that C[M] == M, then there exists a term N ˆα such that C[N] == N and there are a static context C [ ] and terms M and N such that M C [M ], C [N ] N and M R N. Proof The result follows by induction on the length of the transition C[M] using Lemma α == M, Theorem 3.15 If R is a bisimulation up to context and up to, then R. Proof We show that the relation S def = {(M, N) : C[ ], M, N, such that M C[M ], C[N ] N, and M R N } is a bisimulation. Suppose (M, N) S and M == α M 1. Since (M, N) S there exist C[ ], M, N such that M C[M ], and C[N ] N, and M R N. As M C[M ], the definition of bisimilarity ensures that there exists M 1 such that C[M ˆα ] == M 1 and M 1 M 1. As M R N, Corollary 3.14 tells us that there exist N 1, C [ ], M 2, N 2 such that C[N ˆα ] == N 1, M 1 C [M 2 ], and N 1 C [N 2 ], with M 2 R N 2. As N C[N ], the definition of bisimilarity ensures that there exists N 1 such that N == ˆα N 1 and N 1 N 1. The transitivity of and the definition of S ensures that (M 1, N 1 ) S. 16

21 In deterministic higher-order calcului, as the CPS-calculus, it is more convenient to work with applicative bisimulations up to context and up to A. Definition 3.16 (Applicative bisimulation up to context and up to A ) A symmetric relation S over CPS-terms is an applicative bisimulation up to context and up to A if whenever M S N and M == α M, for α, there is a term N such that N == α N and there is a static context C[ ], and terms M and N such that M A C[M ], C[N ] A N and M S N. The soundness of this proof technique follows from Theorem 3.15 and Theorem Theorem 3.17 If R is an applicative bisimulation up to context and up to A, then R A. Proof R. Let us prove that R is also a bisimulation up to context and up to. Let (M, N) 1. If M = M, for some M def, then we can choose N = N. Let C[ ] = [ ]. By Lemma 2.3 and 3.2 we have M M = C[M], C[N] N, and M R N, as required. 2. If M α == M, with α, the result follows from Definition 3.16 and Theorem By Theorem 3.15 it follows that M N. By Theorem 3.10 we derive M A N. 4 On the algebraic theory of the CPS-calculus As already pointed out, the axioms in Section 1.3 are sound with respect to Morris equivalence. In this section, we study the algebraic theory of the CPS-calculus looking for new algebraic laws that cannot be derived by the axiomatic semantics. In a more recent paper, Führmann and Thielecke [12] presents an axiomatisation of the non-recursive CPS-calculus, a sub-calculus where in a term M{a x N} the sub-term N cannot refer to itself under a, i.e. for which a fv(n). Such axiomatisation is basically the same as that in Section 1.3 except for the axiom (JMP) that can be simplified as (SIMPLE-JMP) a b {a x M} M[b/x] and for the addition of the axiom (CONTR) M{a x N}{a x N} M[a/a ]{a x N} for {a, a } fv(n) = (this requirement is implicit in the non-recursive CPS-calculus). Obviously, the axiom (SIMPLE-JMP) holds also in the recursive CPS-calculus, provide that a fn(m). So, our first question is whether, in the recursive calculus, the axiom (CONTR) is primitive or it can be derived by the axioms we already have. The answer is that this axiom is 17

22 not primitive as it can be derived by applying in sequence the axioms (ETA), (DISTR), (SIMPLE-JMP), and alpha conversion: CPS M[a/a ]{a x N} M{a y a y }{a x N} y fn(n) M{a x N}{a y a y {a x N}} M{a x N}{a y N[y/x]} = M{a x N}{a x N}. As a second attempt, we investigate an algebraic law used by Thielecke in his thesis (at pag. 94) to categorically define a looping operator as a dinatural transformation [24]: q f {f z N}{k y M{n z N}} = q n {n z N{k y M}}. Thielecke noticed that this equality cannot be derived by the axiomatic semantics; however, he conjectured that the equality should hold with respect to Morris equivalence. Here we show that this is not the case. Take for instance N def = n z, and M arbitrary. Then the def context C[ ] = [ ]{q x x a } is able to take the two sides of the equation apart. In fact, if we call LHS and RHS the left and the right hand side of the dinatural equation we get C[LHS] n a {f z N}{k y M{n z N}}{q x x a } n while C[RHS] n, as the variable n is not free in C[RHS]. As consequence Thielecke s looping operator is not well-defined. This operator was meant as a step toward the definition of a term model using the recursive CPS-calculus. Finally, we exhibit two algebraic laws that we conjecture cannot be derived by the axiomatic semantics although they are observationally equivalent. We recall that fvsp( ) returns the free variables in subject position of a term. We first prove the axioms and then we provide their intuition. Theorem M{a x M } = N{a x N } for all terms M, M, N, and N such that fvsp(m, M, N, N ) {a}. 2. L{a x M} = L{a x N} for all terms L, M, N such that fvsp(m, N) {a}. Proof 1. It suffices to prove that the relation S def = { ( M{a x M }, N{a x N } ) : fvsp(m, M, N, N ) {a}} is an applicative bisimulation. This is trivially true because neither terms can perform any action ==, α for α. 18

23 2. It suffices to prove that the relation S def = { ( L{a x M}, L{a x N} ) : for any L, M, N with fvsp(m, N) {a}} is an applicative bisimulation up to context. Let L{a x M} == α O, for some α. We can suppose α = b y L, for some b and L. As fvsp(m) {a}, the weak action above cannot contain any interaction along the variable a. In fact, if there would be such a interaction the term would evolve as b y L L{a x M} = M[c/x]{...}... {...}{a x M} ===== for some variable c, and it would diverge without being able to perform any visible action. So the only possibility is that L As a consequence, L{a x N} b y L ===== L {b y L } for some L with O = L {a x M}{b y L }. b y L ===== L {a x N}{b y L }. To conclude, we can factor out the context [ ]{b y L } obtaining L {a x M} S L {a x N} as required. Notice that the first axiom equates two diverging processes that cannot perform any observable (weak) action. So, they are obviously equivalent, although they can have different free names in object position. A simple instance of this axiom is: a b {a x a b } = a c {a x a c }. (5) The second axiom is a bit more delicate; a simple instance of it is b a {a x a c } = b a {a x a d } (6) where after the jump b a, the environment can either pass around variable a or or use the variable to perform jumps of the form a e, giving rise to same kind of divergence as in the previous axiom. Notice that the proofs of the left and right hand side of the Law 6 above, on the style of the natural deduction for non-recursive CPS calculus presented in [12], are basically the same:. Γ, c : A, a : A, x : A a : A Γ, c : A, a : A, x : A c : A Γ, c : A, a : A b a Γ, c : A, a : A, x : A a c Γ, c : A b a {a x a c } 19

24 for the left hand side and. Γ, d : A, a : A, x : A a : A Γ, d : A, a : A, x : A d : A Γ, d : A, a : A b a Γ, d : A, a : A, x : A a d Γ, d : A b a {a x a d } for the right hand side. The two terms are arguably the same because they can be typed in two different contexts: Γ, d : A and Γ, c : A. As a consequence, the typing match our observational theory. On categorical counterpart for both derivations we have the same morphism Γ A and therefore these two terms should be considered semantically equivalent. 5 Encoding the CPS-calculus into the π-calculus In this section we study Thielecke s encoding of the CPS-calculus into the π-calculus. Merro and Sangiorgi proved the soundness of this encoding with respect to barbed congruence, when considering as target language the Localised π-calculus [26]. Here, we achieve full abstraction by cutting down the co-domain of the interpretation. More precisely, we prove the full abstraction of the encoding when the target language is a simple variant of Fournet and Gonthier s Join-calculus [11], with single pattern definitions. For simplicity we call this process calculus Jπ. The syntax of the the processes in Jπ is given by the following grammar: P ::= M P 1 P 2 def a x =M in P M ::= a b def a x =M 1 in M 2 Here the syntax is just syntactic sugar as this calculus is clearly a fragment of the asynchronous π-calculus [14, 7] and more precisely, a sub-calculus of the Localised π-calculus [26], an asynchronous π-calculus where only the output capability of names can be transmitted. The particle a b denotes the asynchronous output a b of name b at channel a. P 1 P 2 denotes two processes P 1 and P 2 running in parallel. The construct def a x =M in P is a sort of amalgamation of the operators of replication, parallel composition, and restriction, of the π-calculus. Basically, def a x =M in P is a macro for the π-calculus process (νa)(p!a(x).m), where the name x can appear in M only in output position (both in subject and object position). The static contexts of Jπ are given by the following grammar: C[ ] ::= [ ] C[ ] P P C[ ] def a x =M in C[ ] The definition of free names (denoted by fn( )) and bound names (denoted by bn( )) can be easily derived from those of the π-calculus, and so also the definition of alpha-conversion. As usual we identify processes up to alpha-conversion. Also the operational semantics could be inherited from the π-calculus. However, as the calculus is quite simple, in Table 2 we report an optimised version of the reduction relation without using structural congruence [30]. Notice that our operational semantics coincides with the standard one for the Join-calculus [11], in particular it allows scope extrusion. Table 2 contains also an inductive definition of barb 20

25 Table 2 Reduction relation and barbs for the Jπ-calculus (Red Tau) C[ ] is static a bn(c[ ]) bn(c[ ]) (fn(m) \ {x}) = def a x =M in C[a b ] def a x =M in C[M[b/x]] (Red Par) P P P Q P Q Q P Q P (Red Def) def a x =M in P def a x =M in P def a x =M in P Q def a x =M in P Q def a x =M in Q P def a x =M in Q P (Barb) a b a (Barb Par) P a P Q a Q P a (Barb Def) P b a b def a x =M in P b for Jπ. As usual we write P a if there is P such that P P a. We write Jπ to denote the observational equivalence (Definition 1.2) for the Jπ-calculus. The Jπ-calculus enjoys the following replication theorem. Lemma 5.1 For any P, Q and M it holds that def a x =M in (P Q) Jπ def a x =M in P def a x =M in Q. Notice that the formulation above is slightly stronger than the original one proposed by Milner [30], as name a can appear in output object position in P, Q and M. However, we do not need to prove Lemma 5.1 as it has already been proved with respect to barbed congruence in Localised π-calculus [26]. As the Jπ-calculus is a sub-calculus of Localised π, and barbed congruence in Localised π implies the observational equivalence in Jπ, the replication theorem above holds also in Jπ. The encoding of the CPS-calculus into the Jπ-calculus is the following: ( a b ) def = a b ( M{a x N} ) def = def a x =( N ) in ( M ). As already proved in [26] there is a straightforward operational correspondence between a CPS-term M and its encoding ( M ) 1. Lemma 5.2 (Merro and Sangiorgi [26]) Let M be a CPS-term. Then:. 1 In [26], the operational correspondence is up to structural congruence because 21 is used instead of

26 1. If M N then ( M ) ( N ). 2. If ( M ) P then there is a CPS-term N such that M N and P = ( N ). 3. M a iff ( M ) a. 4. If M N then ( M ) ( N ). 5. If ( M ) P then there is a CPS-term N such that M N and P = ( N ). 6. M a iff ( M ) a. In order to prove our full abstraction result we introduce an auxiliary calculus obtained by extending the CPS-calculus with parallel composition. This is basically the CPS counterpart of Jπ. We call the calculus CPS +. The grammar is the following: H ::= M H 1 H 2 (H){a x M} M ::= a b M 1 {a x M 2 } The meta-variable M ranges over CPS-terms while H ranges over CPS + -terms. The parentheses in (H){a x M} are used to avoid confusion in a process of the form H 1 (H 2 ){a x M}. We will omit brackets when there is no ambiguity. The operational semantics of the CPS + - calculus is basically the same as that of Jπ, as reported in Table 3. In the sequel, we write CPS + to denote the observational equivalence for the CPS + -calculus. Notice that two CPS + -terms in parallel cannot interact to each other, although they can be bound to the same variable. Lemma 5.3 Let H 1 and H 2 be two CPS + -terms. If H 1 H 2 a then either H 1 a or H 2 a. Now, we define ( ) + as the homomorphic extension of the definition of ( ) to the CPS + -calculus: ( a b ) + def = a b ( H 1 H 2 ) + def = ( H 1 ) + ( H 2 ) + ( (H){a x M} ) + def = def a x =( M ) + in ( H ) +. The generalisation of Lemma 5.2 to the encoding ( ) + is straightforward. Lemma 5.4 (Operational correspondence of ( ) + ) Let H be a CPS + -term. Then: 1. If H H then ( H ) + ( H ) If ( H ) + P then there is a term H such that H H and P = ( H ) H a iff ( H ) + a. 22

27 Table 3 Reduction relation and barbs for the CPS + -calculus (Red Tau) C[ ] is static a bv(c[ ]) bv(c[ ]) (fv(m) \ {x}) = (C[a b ]){a x M} (C[M[b/x]]){a x M} (Red Par) H 1 H 1 H 2 H 1 H 1 H 2 H 2 H 1 H 2 H 1 (Red Def) (H 1 ){a x M} (H 1){a x M} (H 1 H 2 ){a x M} (H 1 H 2 ){a x M} (H 2 H 1 ){a x M} (H 2 H 1){a x M} (Barb) a b a (Barb Par) H 1 a H 1 H 2 a H 2 H 1 a (Barb Def) H b a b (H){a x M} b 4. If H H then ( H ) + ( H ) If ( H ) + P then there is a term H such that H H and P = ( N ) H a iff ( H ) a. Notice that the encoding ( ) + is trivially surjective. Lemma 5.5 For every process P in Jπ there is a process H in CPS + such that ( H ) + = P. Proof By induction on the structure of process P. By Lemmas 5.4 and 5.5, and the compositionality of the encoding ( ) + we derive the following partial result. Lemma 5.6 Let H 1 and H 2 be CPS + -terms. Then H 1 CPS + H 2 iff ( H 1 ) + Jπ ( H 2 ) +. Proof In the implication from right to left we prove that for all static contexts C[ ] in CPS + it holds that C[H 1 ] a iff C[H 2 ] a. Let us fix the context C[ ]. We recall that the encoding ( ) + is compositional. Let Ĉ be the Jπ-context defined as Ĉ[ ] def = ( C[ ] ) +. By hypothesis we have Ĉ[( H 1 ) + ] a iff Ĉ[( H 2 ) + ] a. By the compositionality of ( ) + we have ( C[H 1 ] ) + a iff ( C[H 2 ] ) + a. By Lemma 5.4 we obtain C[H 1 ] a iff C[H 2 ] a, as required. As to the implication from left to right, we have to prove that for all static contexts Ĉ[ ] in Jπ it holds that Ĉ[( H 1 ) + ] a iff Ĉ[( H 2 ) + ] a. By Lemma 5.5 there is a context C[ ] in CPS + such that Ĉ[ ] = ( C[ ] )+. By hypothesis we have C[H 1 ] a iff C[H 2 ] a. By Lemma 5.4 and the compositionality of ( ) + we get Ĉ[( H 1 ) + ] a iff Ĉ[( H 2 ) + ] a, as required. 23

28 In the sequel, we use the symbol CPS to denote the relation (Definition 1.2) extended to CPS + -terms. Thus, the relation CPS is contained in CPS + CPS + but it is preserved only by CPS static contexts. Now we show that CPS + -contexts do not add discriminating power with respect to CPS-contexts (we consider only static contexts). More precisely, we prove that CPS is preserved by all CPS + static contexts, and hence that CPS and CPS + coincide, on CPS + -terms. This is the crucial technical point in the proof of the full abstraction. First, we need to restate the replication theorem for the CPS + -calculus. Lemma 5.7 Let H 1 and H 2 be CPS + -terms and M a CPS-term. Then, (H 1 H 2 ){a x M} CPS + (H 1 ){a x M} (H 2 ){a x M}. Proof By Lemma 5.1 and Lemma 5.6. The next result is a generalisation of the previous replication theorem. Lemma 5.8 Let H 1 and H 2 be CPS + -terms and C[ ] a CPS static context. Then, Proof C[H 1 H 2 ] CPS + C[H 1 ] C[H 2 ]. By induction on the structure of C[ ]. Let C[ ] = [ ]. Straightforward. Let C[ ] = C [ ]{a x L}. By inductive hypothesis, C [H 1 H 2 ] CPS + C [H 1 ] C [H 2 ]. As CPS + is preserved by the context [ ]{a x L} we also have C[H 1 H 2 ] = C [H 1 H 2 ]{a x L} CPS + (C [H 1 ] C [H 2 ]){a x L}. By Lemma 5.7 we obtain (C [H 1 ] C [H 2 ]){a x L} CPS + C [H 1 ]{a x L} C [H 2 ]{a x L}. As C [H 1 ]{a x L} C [H 2 ]{a x L} = C[H 1 ] C[H 2 ], this concludes the proof. Lemma 5.9 Let H 1 and H 2 be two CPS + -terms. Then, H 1 CPS + H 2 iff H 1 CPS H 2. Proof The implication from left to right is straightforward, so we concentrate on the other implication. Let H 1 CPS H 2, we have to prove that C[H 1 ] a iff C[H 2 ] a, for all CPS + static contexts C[ ]. We actually prove a stronger result: C[H 1 ] CPS C[H 2 ], for all CPS + static context C[ ]. In other words we prove that CPS is preserved by all CPS + static contexts. Let H 1 CPS H 2, we have to show that: 1. (H 1 ){a x L} CPS (H 2 ){a x L}, for all variables a and CPS-terms L; 2. H 1 H CPS H 2 H, for all CPS + -terms H. 24

29 The first item follows from the definition of CPS. As to the second item, we have to prove that C[H 1 H] a iff C[H 2 H] a, for all CPS static contexts C[ ]. Suppose that C[H 1 H] a. By Lemma 5.8 we have C[H 1 H] = CPS + C[H 1 ] C[H] and C[H 2 H] = CPS + C[H 2 ] C[H]. As a consequence, C[H 1 ] C[H] a. By Lemma 5.3 there are two possibilities, either C[H 1 ] a or C[H] a. 1. If C[H 1 ] a then, since H 1 =CPS H 2, it holds that C[H 2 ] a. This implies C[H 2 ] C[H] a. As C[H 2 ] C[H] = CPS + C[H 2 H], we derive C[H 2 H] a, as required. 2. If C[H] a then C[H 2 ] C[H] a. As C[H 2 ] C[H] = CPS + C[H 2 H], we derive C[H 2 H] a, as required. The proof that C[H 2 H] a implies C[H 1 H] a is similar. Finally, everything is in place to prove our main result. Notice that if M is a CPS-term then ( M ) = ( M ) +. Theorem 5.10 (Full abstraction of ( )) Let M and N be two CPS-terms. Then, M CPS N iff ( M ) Jπ ( N ). Proof By Lemmas 5.6 and Conclusion and Related work We have proposed two labelled characterisations of Morris observational equivalence for Thielecke s CPS-calculus. The former resembles Sangiorgi s context bisimulation for Higher- Order π-calculus [44], whereas the latter is similar to Abramsky s applicative bisimilarity [1], an operational theory for higher-order languages, inspired by bisimulation theories for concurrency [36, 28]. Since Abramsky s work, the idea of applicative bisimilarity has been applied to a variety of higher-order sequential languages; see [13, 38] for surveys. Our characterisation proof for the applicative bisimilarity is quite different from that of [2] (due to Stoughton), as we use as an auxiliary relation. Stoughton s proof uses a variant of Milner s [27] and Berry s [5] Context Lemma. Our congruence proof relies on Howe s congruence proof method [15] and an ad hoc up to (weak) bisimilarity proof technique. We have enhanced our bisimulation proof-methods with up-to bisimilarity and up-to context proof techniques [45, 47]. In higher-order languages, up-to context proof techniques are notoriously hard. Sangiorgi s bisimulation up to context is a powerful bisimulation proof method for process calculi [45, 47]. Unfortunately, his correcteness proof does not carry over to applicative bisimilarities for higher-order languages. Pitts [37] extended Howe s congruence proof to establish an up to context rule for applicative bisimulation. Gordon [13] and Sands [42] presented restricted applicative bisimulation up to context rules. They demonstrated the power of this approach to produce concise proofs of equivalences which are difficult to derive by other operational methods. However, the validity of general applicative bisimulations up-to context remains an open problem [18]. Other examples of up to context bisimulation proof techniques in higher-order languages are [17] and [19]. More precisely, Koutavas and Wand [17] introduced a new notion of bisimulation for showing contextual 25

30 equivalence in an untyped λ-calculus augmented with higher-order procedures and a general store. Lassen [19] provided an operational bisimulation account for Böhm tree equivalence including an elementary congruence proof, from which a bisimulation up to context technique is derived. This work is extended and generalised in [20], where underlying principles from Böhm tree [4] and Lévy-Longo tree equivalences [22, 23] are adapted to the call-by-value λ-calculus. A notion of enf bisimulation is defined using eager normal form(enf) equivalence classes and eager reductions, to reduce function s argument to a values before application. It is then shown that enf bisimulation congruences are analogues to Lévy-Longo tree equivalence and that they both coincide on terms in the target of the CPS transforms. It is also introduced an up to η-reduction proof technique for enf bisimulation since enf bisimulation does not relate terms induced by the η equation x = λy.xy. Finally, we should also mention that up-to context bisimulation proof techniques for higher-order languages have been defined in [25], for Mobile Systems. As to the algebraic theory we used our bisimulation proof methods to prove two new algebraic laws for the recursive CPS-calculus that we conjecture cannot be derived by Thielecke s axiomatisation. On the other hand, Thielecke s axioms seems to completely characterise the observational equivalence in the non-recursive CPS-calculus. Finally we provided a fully abstract encoding of the CPS-calculus into a significant fragment of Fournet and Gonthier s Join-calculus [11] with single pattern definitions. The encoding has already been proved sound when considering as target language the quite expressive Localised π-calculus [26]. Translations of functions into process calculi were given by Kennaway and Sleep [16], Leth [21], Thomsen [52], and Boudol [6]. Milner s work on functions as π-calculus processes [29] is a landmark in the area. Milner proved the operational correspondence between reductions in the λ-terms and their process encodings; he also proved that, in both cases, the encoding is operationally sound but not complete. Sangiorgi [43] showed that the semantics induced by Milner s encoding of the call-by-name λ-calculus in the π-calculus is the equality of Lévy-Longo trees [22, 23], a quite discriminating equivalence on λ-terms. A slightly different encoding was then proposed by Ostheimer and Davie [35], and some researchers observed a similarity with the continuation passing style (see [34, 11]). This similarity was formalised by Boudol [8], showing that both Ostheimer and Davie s encoding and Milner s encoding of the call-by-value λ-calculus are the standard CPS-transforms of Plotkin [39], written in a different syntax. Thielecke s CPS-calculus is essentially a subcalculus of both the π-calculus and the λ-calculus. The main CPS transforms factorise through the CPS-calculus. So, one may wonder whether the call-by-name CPS transforms already offers the same, very strong discriminating ability as the π-calculus. Boudol [9] proved that this is the case: the semantics induced by the call-by-name CPS transform on λ-terms is Lévy-Longo trees equality. In the light of this result we believe that Thielecke s encoding into a richer π-calculus, such as Localised π-calculus, should be not only sound but also complete. Acknowledgements We would like to thank the anonymous referees for their constructive comments. A special thank to the anonymous referee who spotted a problem in the proof of Lemma 3.5. The first author would like to thank Davide Sangiorgi for insightful comments on a early draft. The second author would like to thank Gianluigi Bellin for discussions on 26

31 the logical aspects of the CPS-calculus. References [1] S. Abramsky. The lazy lambda calculus. In D. Turner, editor, Research Topics in Functional Programming, pages Addison-Wesley, [2] S. Abramsky and L. Ong. Full abstraction in the lazy lambda calculus. Information and Computation, 105: , [3] A. Appel. Compiling with Continuations. Cambridge University Press, [4] H. Barendregt. The Lambda Calculus: Its Syntax and Semantics, volume 103 of Studies in Logic. North Holland, Revised edition. [5] G. Berry. Some syntactic and categorical constructions of lambda calculus models. Rapport de Recherche 80, Institute National de Recherche en Informatique et en Automatique (INRIA), [6] G. Boudol. Towards a lambda calculus for concurrent and communicating systems. In Proc. TAPSOFT 89, volume 351 of LNCS, pages Springer Verlag, [7] G. Boudol. Asynchrony and the π-calculus. Technical Report RR-1702, INRIA-Sophia Antipolis, [8] G. Boudol. The pi-calculus in direct style. In Proc. 24th POPL. ACM Press, [9] G. Boudol. On the semantics of the call-by-name CPS transforms. Theoretical Computer Science, pages , [10] M. J. Fischer. Lambda-calculus schemata. In Proceedings of ACM Conference on Proving Assertions about Programs, pages SIGPLAN Notice 7(1), [11] C. Fournet and G. Gonthier. The Reflexive Chemical Abstract Machine and the Join calculus. In Proc. 23th POPL. ACM Press, [12] C. Führmann and H. Thielecke. On the Call-by-Value CPS transform and its semantics. Information and Computation, 188(2): , [13] A. D. Gordon. Bisimilarity as a theory of functional programming: mini-course. Notes Series BRICS-NS-95-3, BRICS, Department of Computer Science, University of Aarhus, July [14] K. Honda and M. Tokoro. An Object Calculus for Asynchronous Communications. In Proc. ECOOP 91, volume 512 of LNCS. Springer Verlag, [15] D. J. Howe. Proving congruence of bisimulation in functional programming languages. Information and Computation, 124(2): , [16] J.R. Kennaway and M.R. Sleep. Expressions as processes. In ACM Conference on LISP and Functional Programming, pages ACM,

32 [17] V. Koutavas and M. Wand. Small bisimulations for reasoning about higher-order imperative programs. In Conference record 33rd Symposium on Principles of Programming Languages, pages ACM Press, [18] S. B. Lassen. Relational reasoning about contexts. In Higher Order Operational Techniques in Semantics, pages Cambridge University Press, [19] S. B. Lassen. Bisimulation in untyped lambda calculus: Böhm trees and bisimulation up to context. In Proc. 15th Conference on the Mathematical Foundations of Programming Semantics, volume 20 of Electronic Notes in Theoretical Computer Science, [20] S.B. Lassen. Eager normal form bisimulation. In Proc. 20th LICS Conf., [21] L. Leth. Functional Programs as Reconfigurable Networks of Communicating Processes. Ph.D. thesis, Imperial College, University of London, [22] J.J. Lévy. An algebraic interpretation of the λβκ-calculus; and an application of a labelled λ-calculus. Theoretical Computer Science, 2(1):97 114, [23] G. Longo. Set theoretical models of lambda calculus: Theory, expansions and isomorphisms. Annales of Pure and Applied Logic, 24: , [24] S. Mac Lane. Categories for the working mathematician. Graduate Texts in Mathematics. Springer-Verlag, 2nd. edition edition, [25] M. Merro and F. Zappa Nardelli. Behavioral theory for mobile ambients. Journal of the ACM, 52(6): , [26] M. Merro and D. Sangiorgi. On asynchrony in name-passing calculi. Journal of Mathematical Structures in Computer Science, 14: , An extended abstract appeared in the Proc. of ICALP 98. [27] R. Milner. Fully abstract models of typed lambda calculus. Theoretical Computer Science, 4:1 22, [28] R. Milner. Communication and Concurrency. Prentice Hall, [29] R. Milner. Functions as processes. Research Report 1154, INRIA, Sophia Antipolis, Final version in Journal of Mathem. Structures in Computer Science 2(2): , [30] R. Milner. The polyadic π-calculus: a tutorial. Technical Report ECS LFCS , LFCS, Dept. of Comp. Sci., Edinburgh Univ., October Also in Logic and Algebra of Specification, ed. F.L. Bauer, W. Brauer and H. Schwichtenberg, Springer Verlag, [31] R. Milner, J. Parrow, and D. Walker. A calculus of mobile processes, (Parts I and II). Information and Computation, 100:1 77, [32] R. Milner and D. Sangiorgi. Barbed bisimulation. In Proc. 19th ICALP, volume 623 of LNCS, pages Springer Verlag, [33] J. Morris. Lambda-Calculus Models of Programming Languages. PhD thesis, Massachusetts Institute of Technology,

33 [34] Martin Odersky. Polarized name passing. In Proc. FST & TCS, LNCS. Springer Verlag, [35] G.K. Ostheimer and A.J.T. Davie. π-calculus characterisations of some practical λ-calculus reductions strategies. Technical Report CS/93/14, St. Andrews, [36] D.M. Park. Concurrency on automata and infinite sequences. In P. Deussen, editor, Conf. on Theoretical Computer Science, volume 104 of LNCS. Springer Verlag, [37] A. M. Pitts. An extension of Howe s construction to yield simulation-up-to-context results. Unpublished Manuscript, [38] A. M. Pitts. Operationally-based theories of program equivalence. In P. Dybjer and A. M. Pitts, editors, Semantics and Logics of Computation, Publications of the Newton Institute, pages Cambridge University Press, [39] G.D. Plotkin. Call by name, call by value and the λ-calculus. Theoretical Computer Science, 1: , [40] G.D. Plotkin. A structural approach to operational semantics. DAIMI-FN-19, Computer Science Department, Aarhus University, [41] A. Sabry and M. Felleisen. Reasoning about programs in continuation-passing style. Lisp and Symbolic Computation, 6: , [42] D. Sands. From SOS rules to proof principles: An operational metatheory for functional languages. In Proc. 24th POPL, pages ACM Press, [43] D. Sangiorgi. The lazy lambda calculus in a concurrency scenario. Information and Computation, 111(1): , [44] D. Sangiorgi. Bisimulation for Higher-Order Process Calculi. Information and Computation, 131(2): , [45] D. Sangiorgi. On the bisimulation proof method. Journal of Mathematical Structures in Computer Science, 8: , [46] D. Sangiorgi and R. Milner. The problem of Weak Bisimulation up to. In Proc. CONCUR 92, volume 630 of LNCS, pages Springer Verlag, [47] D. Sangiorgi and D. Walker. Some results on barbed equivalences in pi-calculus. In Proc. CONCUR 01, volume 2154 of LNCS. Springer Verlag, [48] G. Steele. RABBIT: A compiler for SCHEME. Technical Report AITR-474, MIT Artificial Intelligence Laboratory, [49] C. Strachey and P. Wadsworth. Continuations: A mathematical semantics for handling full jumps. Technical report, Oxford University Computing Laboratory, Programming Research Group, [50] C. Strachey and P. Wadsworth. Continuations: A mathematical semantics for handling full jumps. Higher-Order and Symbolic Computation, 13(1/2): , [51] H. Thielecke. Categorical Structure of Continuation Passing Style. PhD thesis, University of Edinburgh, Also available as technical report ECS-LFCS

34 [52] B. Thomsen. Calculi for Higher Order Communicating Systems. PhD thesis, Department of Computing, Imperial College, [53] W.P. Weijland. Synchrony and Asynchrony in Process Algebra. PhD thesis, University of Amsterdam,

36 University of Verona Department of Computer Science Strada Le Grazie, 15 I Verona Italy

An introduction to process calculi: Calculus of Communicating Systems (CCS)

An introduction to process calculi: Calculus of Communicating Systems (CCS) Lecture 2 of Modelli Matematici dei Processi Concorrenti Paweł Sobociński University of Southampton, UK Intro to process calculi: