Monadic Refinements for Relational Cost Analysis (Appendix)
Size: px
Start display at page:

Download "Monadic Refinements for Relational Cost Analysis (Appendix)"

Transcription

1 Monadic Refinements for Relational Cost Analysis (Appendix) Ivan Radiček Gilles Barthe Marco Gaboardi Deepak Garg Florian Zuleger Structure of the Appendix In the appendix we give material that was omitted from the paper for the lack of space (see the table of contents below) Note: In the appendix we distinguish different (small-step) reductions, such as β, ζ, ι and µ, and hence write β,ζ,ι,µ (for their union), or any single appropriate reduction; for example ζ is the impure reduction In the paper, for simplicity, we conflate all the reductions to simply Contents 1 Generalized data types 3 2 Rules 5 21 Typing rules 5 22 L C rules 5 23 U C rules 7 24 R C rules 8 3 Metatheory proofs L C metatheory U C metatheory R C metatheory 25 4 Embedding of RelCost Types and rules Translation rules Proofs 37 5 Embedding of amortized cost analysis Syntax Semantics Translation rules Proofs 48 6 Additional examples List flattening (unary and relational) Red-black tree search (unary) Balanced binary tree search (relational) Lookup in random-access list (unary) 61 1

2 65 Minimum list element using the insertion sort (unary lazy data-structures) take and map (relational lazy data-structures) 65 7 Proofs of the examples from the paper Insert into a sorted list Insertion sort Fixed-width counter 69 2

3 1 Generalized data types In this section we generalize data types to also allow monadic types C( ) in definitions, thus permitting reasoning with lazy data structures 1 in the style of Danielsson (2008) Elementary types definitions: First we define types (named elementary) that we allow in data type σ ::= b θ C(σ) where b ranges over base types, θ ranges of data types, and C(σ) is a monadic computation that returns a result of type σ Data types A data type θ is defined by an equation: θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) where K 1,, K n are constructors All data type definitions are collected in a context Θ A context Θ is well defined if for every θ Θ, an equation for θ satisfies: 1 For each 1 i, j n such that i j, also K i K j 2 For each 1 i n, K i Θ \ {θ} 3 For each 1 i n and 1 j a i, if θ σ i,j, then θ Θ The first two conditions ensure that all constructors (across all data type definitions) are unique The third condition ensures that any data-type θ mentioned in an equation is defined in Θ (note that this definition allows mutually recursive data-types) We assume some data-type environment Θ, and leave it implicit in all judgments Examples Some standard data types, also used in the examples through the paper, are: Unit: unit = () Boolean: bool = tt() + ff() List: list σ = nil() + cons(σ list σ ) Lazy list: list L = nil() + cons(σ C(list L )) (note C(list L ) in cons constructor) Note that we use duplicate constructor names in examples, where it does not cause confusion Also, in examples we often omit parentheses around constructors with no arguments (eg,, tt, nil) 1 See Section 65 and Section 66 for examples 3

4 Depth of elementary types Depth is defined as an axiom scheme over σ; We write e, n σ to mean that e of type σ has depth n (of type N) Let θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ x : b, n : N x, n b n = 0 x : θ x, 0 θ x : θ, n : N x, n + 1 θ K i (x 1,, x ai ) 1 i n a i >0 1 i n a i =0 x = K i () ( x 1 : σ i,1, n 1 : N,, x ai : σ i,ai, n ai : N x = 1 j a i ( x, n j σi,j ) n = max{n 1,, n ai }) x : C(σ), n : N x, n C(σ) n : R, y : σ x = {cstep n (cret(y))} y, n σ The axioms formalize the following: Any value of a base type has depth zero Any data type value, st its constructor has not arguments (ie K()) has depth zero Any data types value, st its constructor has arguments has depth one larger than any of its arguments Any monadic elementary type has depth equal to the depth of its underlying pure value It is not difficult to prove by induction on σ and L C s other axioms that (a) x : σ n : N x, n σ and (b) x : σ, n 1, n 2 : N ( x, n 1 σ x, n 2 σ ) n 1 = n 2 Hence, for every x : σ, there is a unique n : N such that x, n σ We abuse notation slightly and write x σ for this unique n When σ is obvious from the context, we simplify this further to x Elementary type interpretation theory We assume q N b q b Next we define interpretation of elementary types in set C(σ) q σ q R If θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ then: θ 0 {K i () for all 1 i n where a i = 0} θ q+1 1 i n {K i(x 1,, x ai ) a i > 0 x j σ i,j q for any 0 q q and all 1 j a i } These are well defined by induction on the index q Type interpretation types as: Based on the definitions above we define the interpretation of data θ q N θ q 4

5 Interpretation of the size predicate Next, we define the interpretation of depth predicate σ We define v, n σ v σ n = min{q v σ q } This yields the following interpretation for the depth function: σ v = min{q v σ q } Lemma The following hold: For any v b, min{q v b q } = 0 For any K(v 1,, v n ) θ, such that K(σ 1,, σ n ) Θ: if n = 0, then min{q v b q } = 0, otherwise min{q v θ q } = max{q 1,, q n } + 1, where q i = min{q v σ i q }, for all 1 i n For any v = (v, n) σ R, min{q v C(σ) q } = min{q v σ q } Proof Immediate from the definition of σ q Lemma All L C axioms relating to σ are sound for the semantic definition of σ Proof By case analysis of the axioms that define σ See Proof 5 2 Rules In this section we list most of the typing rules and most of the rules of L C, U C, and R C ; the exception are the rules from Aguirre et al (2017), and standard typing rules 21 Typing rules We elide the standard typing rules for pairs, projection, abstraction, application c b Γ c : b i {1, 2} Γ e : τ i Γ e : τ 1 + τ 2 Γ e 1 : τ 1 τ Γ e 2 : τ 2 τ Γ inj i e : τ 1 + τ 2 Γ case e of e 1 ; e 2 : τ K(σ 1 σ n ) Θ(θ) Γ K(e 1,, e n ) : θ Γ e i : σ i for all 1 i n Γ e : θ θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ e i : σ i,1 σ i,ai τ for all 1 i n Γ match e with K 1 e 1 ; ; K n e n : τ Γ, f : θ τ, x : θ e : τ Def (f, x, e) Γ rec f (x)e : θ τ Γ m τ Γ {m} : C(τ) Γ e : τ Γ cret(e) τ Γ n : R Γ m τ Γ cstep n (m) τ Γ e : C(τ ) Γ, x : τ m τ Γ cbind(e, {x} m) τ 22 L C rules We elide the standard logic connectives rules; they can be found in Aguirre et al (2017) 5

6 General rules for equality Here, u ::= e m u 1 β,ι,µ,ζ u 2 C u 1 = u2 BETA Γ; Ψ C L u = Γ; Ψ C u REFL L u 1 = u2 Γ; Ψ C L φ[u 1 /x] Γ; Ψ C L φ[u 2 /x] SUBST The following rules are derivable: C u 2 = u1 C u 1 = u2 SYM Γ; Ψ C L u 1 = u Γ; Ψ C L u = u2 TRANS Γ; Ψ C L u 1 = u2 Axioms specific to monadic expression equality C x, y τ {x} = {y} x = y C x : C(τ) y τ x = {y} C x τ y : R, z : τ x = cstep y (cret(z)) C x 1, x 2 : R, y 1, y 2 : τ cstep x1 (cret(y 1 )) = cstep x2 (cret(y 2 )) x 1 = x2 y 1 = y2 The following axioms are derivable: C x 1, x 2 : R, y 1 τ, y 2 : τ cstep x1 (y 1 ) = cstep x2 (cret(y 2 )) x 3 : R x 2 = x1 + x 3 y 1 = cstepx3 (cret(y 2 )) C x 1, x 2 : τ cret(x 1 ) = cret(x 2 ) x 1 = x2 6

7 Rules about data types C K(e 1,, e n ) = K (e 1,, e n) C e i = e i CONS K K Γ; Ψ C L K(e 1,, e n ) = K (e 1,, e m) NC θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ e : θ Γ, x 1 : σ i,1,, x ai : σ i,ai ; Ψ, e = K i (x 1,, x ai ) C L φ for all 1 i n where x 1,, x ai φ C φ ELIM θ Θ Γ, x : θ; Ψ, y : θ y < x φ[y/x] L C φ C x : θ φ IND θ 1, θ 2 Θ Γ, x 1 : θ 1, x 2 : θ 2 ; Ψ, y 1 : θ 1, y 2 : θ 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] C L φ 23 U C rules C x 1 : θ 1, x 2 : θ φ DBLIND Here we show the most interesting U C rules, primarily all the rules related to cost and datatypes Other rules can be found in Aguirre et al (2017) Rules for the pure judgment Γ; Ψ e : τ φ Def (f, x, e) Γ, x : θ, f : θ τ; Ψ, φ, y y < x φ[y/x] φ [y/x][f y/r] e : τ φ Γ; Ψ rec f (x)e : θ τ x φ φ [r x/r] Γ; Ψ e 1 : τ τ xφ φ [r x/r] Γ; Ψ e 2 : τ φ[r/x] Γ; Ψ e 1 e 2 : τ φ U-APP K(σ 1 σ n ) Θ(θ) Γ; Ψ e i : σ i φ i for all 1 i n Γ; Ψ C L x 1 : σ 1,, x n : σ n φ 1 [x 1 /r] φ n [x n /r] φ[k(x 1,, x n )/r] Γ; Ψ K(e 1,, e n ) : θ φ U-LETREC θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ; Ψ e : θ φ For all 1 i n : Γ; Ψ e i : σ i,1 σ i,ai τ φ i where φ i x 1 : σ i,1,, x ai : σ i,ai φ [K i (x 1,, x ai )/r] φ[(r x 1 x ai )/r] Γ; Ψ match e with K 1 e 1 ; ; K n e n : τ φ Γ; Ψ m τ k l φ[r/x] Γ; Ψ {m} : C(τ) Cu(r, k, l, xφ) U-MONAD U-CONS U-MATCH 7

8 Rules for the monadic judgment Γ; Ψ m τ k l φ Γ; Ψ e : τ φ Γ n : R Γ; Ψ m τ k l φ Γ; Ψ cret(e) τ 0 0 φ U-RET Γ; Ψ cstep n (m) τ k + n l + n φ U-STEP Γ; Ψ e 1 : C(τ 1 ) Cu(r, k, l, xφ 1 ) Γ, x : τ 1 ; Ψ, φ 1 m 2 τ 2 k l φ 2 x k, l, φ 2 Γ; Ψ cbind(e 1, {x}m 2 ) τ 2 k + k l + l φ 2 U-BIND Structural rules Γ; Ψ e : τ φ Γ; Ψ C L φ [e/r] φ[e/r] Γ; Ψ e : τ φ U-SUB Γ; Ψ m τ k l φ Γ; Ψ C L k k Γ; Ψ C L l l Γ; Ψ m τ k l φ U-SUBC C x : τφ Γ, x : τ; Ψ, φ m τ k l φ x m, n, φ Γ; Ψ m τ k l φ EM Admissible rules Γ; Ψ m τ k l φ Γ; Ψ C L m = cstep n (cret(e)) Γ; Ψ C L k n l Γ; Ψ C L φ [e/r] φ[e/r] Γ; Ψ m τ k l φ Γ; Ψ e : τ φ Γ; Ψ C L e = e Γ e : τ Γ; Ψ e : τ φ U-EQ-PURE U-SUBM1 Γ; Ψ m τ k l φ C k k C l l C r φ φ Γ; Ψ m τ k l φ U-SUBM2 Γ; Ψ m τ k l φ Γ; Ψ C L m = m Γ m τ Γ; Ψ m τ k l φ U-EQ-MONADIC 24 R C rules Here we show the most interesting R C rules, primarily all the rules related to cost and datatypes Other rules can be found in Aguirre et al (2017) 8

9 Two-sided rules for the pure judgment Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ Def (f 1, x 1, e 1 ) Def (f 2, x 2, e 2 ) Γ, x 1 : θ 1, x 2 : θ 2, f 1 : θ 1 τ 1, f 2 : θ 2 τ 2 ; Ψ, φ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][f 1 y 1 /r 1 ][f 2 y 2 /r 2 ] e 1 : τ 1 e 2 : τ 2 φ Γ; Ψ rec f 1 (x 1 )e 1 : θ 1 τ 1 rec f 2 (x 2 )e 2 : θ 2 τ 2 x 1 x 2 φ φ [r 1 x 1 /r 1 ][r 2 x 2 /r 2 ] Γ; Ψ e 1 : τ σ 1 e 2 : τ 1 σ 2 x 1 x 2 φ φ [r 1 x 1 /r 1 ][r 2 x 2 /r 2 ] Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ[r 1 /x 1 ][r 2 /x 2 ] Γ; Ψ e 1 e 1 : σ 1 e 2 e 2 : σ 2 φ R-APP R-LETREC θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ; Ψ e : θ e : θ φ For all 1 i, j n : Γ; Ψ e i : σ i,1 σ i,ai τ 1 e j : σ j,1 σ j,aj τ 2 φ i,j where φ i,j x 1 : σ i,1,, x ai : σ i,ai, y 1 : σ j,1,, y aj : σ j,aj φ [K i (x 1,, x ai )/r 1 ][K j (y 1,, y aj )/r 2 ] φ[(r 1 x 1 x ai )/r 1 ][(r 2 y 1 y aj )/r 2 ] Γ; Ψ match e with K 1 e 1 ; ; K n e n : τ 1 match e with K 1 e 1; ; K n e n : τ 2 φ R-MATCH K(σ 1 σ n ) Θ(θ) Γ; Ψ e i : σ i e i : σ i φ i for all 1 i n Γ; Ψ C L x 1, y 1 : σ 1,, x n, y n : σ n φ 1 [x 1 /r 1 ][y 1 /r 2 ] φ n [x n /r 1 ][y n /r 2 ] φ[k(x 1,, x n )/r 1 ][K(y 1,, y n )/r 2 ] Γ; Ψ K(e 1,, e n ) : θ K(e 1,, e n) : θ φ Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ {m 1 } : C(τ 1 ) {m 2 } : C(τ 2 ) Cr(r 1, r 2, n, r 1 r 2 φ) R-MONAD R-CONS Two-sided rules for the monadic judgment Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ Γ; Ψ cret(e 1 ) τ 1 cret(e 2 ) τ 2 0 φ R-RET Γ n 1 : R Γ n 2 : R Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ cstep n1 (m 1 ) τ 1 cstep n2 (m 2 ) τ 2 n + n 1 n 2 φ R-STEP Γ; Ψ e 1 : τ 1 e 2 : τ 2 Cr(r 1, r 2, n, x 1 x 2 φ ) Γ, x 1 : τ 1, x 2 : τ 2; Ψ, φ m 1 τ 1 m 2 τ 2 n φ x 1, x 2 n, φ Γ; Ψ cbind(e 1, {x 1 } m 1 ) τ 1 cbind(e 2, {x 2 } m 2 ) τ 2 n + n φ R-BIND 9

10 One-sided rules for the pure judgment Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ (selected) Def (f, x, e) Γ, x : θ, f : θ τ 1 ; Ψ, φ, y y < x φ[y/x] φ [y/x][f y/r 1 ][e 2 /r 2 ] e : τ 1 e 2 : τ 2 φ Γ; Ψ rec f (x)e : θ τ 1 e 2 : τ 2 x φ φ [r 1 x 1 /r 1 ] Γ; Ψ e : τ σ 1 e 2 : σ 2 xφ φ [r x/r] Γ; Ψ e : τ φ[r/x] Γ; Ψ e e : σ 1 e 2 : σ 2 φ R-APP-L R-LETREC-L One-sided rules for the monadic judgment Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ e 1 τ 1 Γ; Ψ m 2 τ 2 k l φ[e 1 /r 1 ][r/r 2 ] Γ; Ψ cret(e 1 ) τ 1 m 2 τ 2 k φ R-RET-L Γ n 1 : R Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ cstep n1 (m 1 ) τ 1 m 2 τ 2 n + n 1 φ R-STEP-L Γ; Ψ e 1 : C(τ 1) Cu(r, k, l, xφ ) Γ, x : τ 1; Ψ, φ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ cbind(e 1, {x} m 1 ) τ 1 m 2 τ 2 l + n φ R-BIND-L Structural rules Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ C φ [e 1 /r 1 ][e 2 /r 2 ] φ[e 1 /r 1 ][e 2 /r 2 ] Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ Γ; Ψ m 1 τ 1 m 2 τ 2 n φ C n n Γ; Ψ m 1 τ 1 m 2 τ 2 n φ R-SUBC R-SUB 10

11 Admissible rules Ψ; Γ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ C L m 1 = cstepn1 (cret(e 1 )) Γ; Ψ C L m 2 = cstepn2 (cret(e 2 )) Γ; Ψ C L n 1 n 2 n Γ; Ψ C L φ [e 1 /r 1 ][e 2 /r 2 ] φ[e 1 /r 1 ][e 2 /r 2 ] Ψ; Γ m 1 τ 1 m 2 τ 2 n φ R-SUBM1 Ψ; Γ m 1 τ 1 m 2 τ 2 n φ Ψ; Γ L C n n Ψ; Γ L C r 1, r 2 φ φ Ψ; Γ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ m 1 τ 1 k 1 l 1 φ 1 Γ; Ψ m 2 τ 2 k 2 l 2 φ 2 C l 1 k 2 n Γ; Ψ m 1 τ 1 m 2 τ 2 n φ 1 [r 1 /r] φ 2 [r 2 /r] R-SUBM2 R-SPLIT Γ; Ψ e 1 : τ 1 φ 1 Γ; Ψ e 2 : τ 2 φ 2 Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ 1 [r 1 /r] φ 2 [r 2 /r] R-RC -U C Γ; Ψ e 1 : τ 1 Cu(r, k, l, rφ 1 ) Γ; Ψ e 2 : τ 2 Cu(r, k, l, rφ 2 ) C l k n Γ; Ψ e 1 : τ 1 e 2 : τ 2 Cr(r 1, r 2, n, r 1 r 2 φ 1 [r 1 /r] φ 2 [r 2 /r]) 3 Metatheory proofs R-SPLIT-PURE In this section we give proofs of lemmas and theorems of our framework s metatheory stated in the paper, as well as some supporting lemmas 31 L C metatheory Lemma 1 If m is closed and m n e, then m = cstep n (cret(e)) Proof By induction on the forcing derivation cret(e) 0 e TS: cret(e) = cstep 0 (cret(e)) Immediately from cstep 0 (cret(e)) ζ cret(e) e 1 β {m 1 } m 1 n 1 e 1 m 2 [e 1/x] n 2 e 2 cbind(e 1, {x}m 2 ) n+n 2 e 2 TS: cbind(e 1, {x} m 2 ) = cstep n1 +n 2 (cret(e 2 )) From IH on the second premise we have m 1 = cstepn1 (cret(e 1 )), and then from the first premise we have e 1 = {m1 } = {cstep n1 (cret(e 1 ))} Then we have cbind(e 1, {x} m 2 ) = cbind({cstep n1 (cret(e 1 ))}, {x} m 2) ζ { (cstep n1 (cret(e 1 )))/x }m 2 = cstep n1 ({ cret(e 1 )/x }m 2) = cstep n1 (m 2 [e 1 /x]) 11

12 By IH on the second premise we have m 2 [e 1 /x] = cstep n2 (cret(e 2 )) Hence, cbind(e 1, {x} m 2 ) = cstep n1 (cstep n2 (cret(e 2 ))) ζ cstep n1 +n 2 (cret(e 2 )), as required m n e cstep n (m) n+n e TS: cstep n (m) = cstep n+n (cret(e)) By IH on the premise we have m = cstep n (cret(e)) Hence, cstep n (m) = cstep n (cstep n (cret(e)) ζ cstep n+n (cret(e)), as required Theorem 2 (Soundness (typing)) Let ρ Γ mean that for each x dom(γ), ρ(x) Γ(x) Then, 1 If Γ e : τ and ρ Γ, then e ρ τ 2 If Γ m τ and ρ Γ, then m ρ τ R Proof By simultaneous induction on the given typing derivations We show some representative cases Proof of (1) c b Γ c : b TS: c ρ b Immediately by expanding the definitions i {1, 2} Γ e : τ i Γ inj i e : τ 1 + τ 2 TS: inj i e ρ τ 1 + τ 2 Fix i The result follows immediately by IH on the typing premise Γ e : τ 1 + τ 2 Γ e 1 : τ 1 τ Γ e 2 : τ 2 τ Γ case e of e 1 ; e 2 : τ TS: case e of e 1 ; e 2 ρ τ From the IH on the first premise, e ρ τ 1 + τ 2, hence e ρ = inj i v and v τ i for either i = 1 or i = 2 We consider the case where i = 1; the other case is similar By IH on the second premise, we have e 1 ρ τ 1 τ, hence case e of e 1 ; e 2 ρ e 1 ρ v τ, as required K(σ 1 σ n ) Θ(θ) Γ e i : σ i for all 1 i n Γ K(e 1,, e n ) : θ TS: K( e 1 ρ,, e n ρ ) θ By IH on e i premises we have e i ρ σ i, hence by expanding the definition, there exists q i, st e i ρ σ i qi, for all 1 i n Therefore, K( e 1 ρ,, e n ρ ) θ max{qi 1 i n}+1, and then K( e 1 ρ,, e n ρ ) θ, as required 12

13 Γ e : θ θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ e i : σ i,1 σ i,ai τ for all 1 i n Γ match x with K 1 e 1 ; ; K n e n : τ TS: match e with K 1 e 1 ; ; K n e n ρ τ From the IH on the first premise, e ρ θ Therefore, e ρ = K i (v 1,, v ai ), for some 1 i n, and v j σ i,j for all 1 j a i By IH on e i s premise, we have that e i ρ σ i,1 σ i,ai τ, hence e i ρ v 1 v ai τ Since, match e with K 1 e 1 ; ; K n e n ρ e i ρ v 1 v ai, the required result follows immediately Γ m τ Γ {m} : C(τ) TS: {m} C(τ) From IH on the premise we have m ρ τ R, hence the result follows immediately by expanding the definitions Proof of (2) Γ e : τ Γ cret(e) τ TS: cret(e) ρ τ R From IH on the premise we have e ρ τ, hence cret(e) ρ ( e ρ, 0) τ R Γ n : R Γ m τ Γ cstep n (m) τ TS: cstep n (m) τ R By IH on the second premise we have m ρ τ R, and then m ρ = (v, n ) for some v τ and n R By IH on the first premise, n ρ R Therefore cstep n (m) ρ (v, n ρ + n ) τ R Γ e : C(τ ) Γ, x : τ m τ Γ cbind(e, {x} m) τ TS: cbind(e, {x} m) ρ τ R By IH on the first premise we have e ρ C(τ ) τ R, hence e ρ = (v, n 1 ) and v τ and n 1 R Let ρ = ρ[v /x] By IH on the second premise we have m ρ τ R, hence m ρ = (v, n 2 ), v τ and n 2 R Finally, then cbind(e, {x} m) ρ = (v, n 1 + n 2 ) τ R Lemma 3 The following hold: 1 If Γ e 1 : τ and e 1 β,ι,µ,ζ e 2 and ρ Γ, then e 1 ρ = e 2 ρ 13

14 2 If Γ m 1 τ and m 1 β,ι,µ,ζ m 2 and ρ Γ, then m 1 ρ = m 2 ρ Proof By simultaneous induction on the typing derivations and case analysis of β,ι,µ,ζ Proof of (1) Γ e : τ 1 + τ 2 Γ e 1 : τ 1 τ Γ e 2 : τ 2 τ Γ case e of e 1 ; e 2 : τ Assume: case e of e 1 ; e 2 β,ι,µ,ζ e We case-analyze β,ι,µ,ζ : Subcase case e of e 1 ; e 2 β,ι,µ,ζ case e of e 1 ; e 2 and e β,ι,µ,ζ e TS: case e of e 1 ; e 2 ρ = case e of e 1 ; e 2 ρ By IH we have e ρ = e ρ, hence the result holds Subcase case e of e 1 ; e 2 β,ι,µ,ζ case e of e 1 ; e 2 and e 1 β,ι,µ,ζ e 1 TS: case e of e 1 ; e 2 ρ = case e of e 1 ; e 2 ρ By IH we have e 1 ρ = e 1 ρ, hence the result holds Subcase case e of e 1 ; e 2 β,ι,µ,ζ case e of e 1 ; e 2 and e 2 β,ι,µ,ζ e 2 TS: case e of e 1 ; e 2 ρ = case e of e 1 ; e 2 ρ By IH we have e 2 ρ = e 2 ρ, hence the result holds Subcase case inj i e of e 1 ; e 2 β,ι,µ,ζ e i e TS: case inj i e of e 1 ; e 2 ρ = e i e ρ Since case inj i e of e 1 ; e 2 ρ e i ρ e, the result holds Γ e : θ θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ e i : σ i,1 σ i,ai τ for all 1 i n Γ match e with K 1 e 1 ; ; K n e n : τ Assume (for an arbitrary 1 i n): match K i (e 1,, e a i ) with K 1 e 1 ; ; K n e n ι e i e 1 e a i TS: match K i (e 1,, e a i ) with K 1 e 1 ; ; K n e n ρ = e i e 1 e a i ρ Since K i (e 1,, e a i ) ρ K i ( e 1 ρ,, e a i ρ ), we have: match K i (e 1,, e a i ) with K 1 e 1 ; ; K n e n ρ e i ρ e 1 ρ e a i ρ as required The congruence rules are the same as in the previous case Γ m τ Γ {m} : C(τ) Assume: {m} β,ι,µ,ζ {m } and m β,ι,µ,ζ m TS: {m} ) ρ = {m } ρ By the definition this reduces to m ρ = m ρ This follows by IH on m 14

15 Proof of (2) Γ e : τ Γ cret(e) τ Assume: cret(e) β,ι,mu,ζ cret(e ) and e β,ι,µ,ζ e TS: cret(e) ρ = cret(e ) ρ By the definition this reduces to e ρ Γ n : R Γ m τ Γ cstep n (m) τ Subcase cstep n (cstep n (m )) ζ cstep n+n (m ) = e ρ This follows by IH on the premise TS: cstep n (cstep n (m )) ρ = cstep n+n (m ) ρ We have: cstep n (cstep n (m )) ρ (π 1 cstep n (m ) ρ, π 2 cstep n (m ) ρ + n) (π 1 m ρ, π 2 m ρ + n + n ) cstep n+n (m ) ρ Subcase cstep 0 (m) ζ m TS: cstep 0 (m) ρ = m ρ We have cstep 0 (m) ρ (π 1 m ρ, π 2 m ρ + 0) m ρ, as required Γ e : C(τ ) Γ, x : τ m τ Γ cbind(e, {x} m) τ Assume: cbind({m 1 }, {x} m 2 ) ι { m 1 /x }m 2 TS: cbind({m 1 }, {x} m 2 ) ρ = { m 1 /x }m 2 ρ Let m 1 ρ = (v, n 1 ) τ R, ρ = ρ[v /x], and m 2 ρ = (v, n 2 ) (this well-defined, since {m 1 } and m 2 are well-typed) Then, we have cbind({m 1 }, {x} m 2 ) ρ (v, n 1 + n 2 ) We show that { m 1 /x }m 2 ρ = (v, n 1 + n 2 ) by sub-induction on m 1 Subcase m 1 cret(e ) TS: { cret(e )/x }m 2 ρ = (v, n 1 + n 2 ) From the assumption we have n 1 = 0 and e ρ = v We have { cret(e )/x }m 2 ρ m 2 [e /x] ρ = m 2 ρ = (v, n 2 + 0) = (v, n 1 + n 2 ), as required Subcase m 1 cstep n (m ) TS: { cstep n (m )/x }m 2 ρ = (v, n 1 + n 2 ) From the assumption we have m ρ = (v, n 1 ) and n 1 = n+n 1 By sub-ih on m we then have { m /x }m 2 ρ = (v, n 1 + n 2) Hence, { cstep n (m )/x }m 2 ρ = (v, n 1 + n + n 2) = (v, n 1 + n 2 ) 15

16 Subcase m 1 cbind(e, {y} m ) TS: { cbind(e, {y} m )/x }m 2 ρ = (v, n 1 + n 2 ) Let e ρ = (v, n 1 ) and m ρ[v /y] = (v, n 1 ) such that n 1 = n 1 + n 1 (note that this is well-defined since by the assumption e {m 1 } {cbind(e, {y} m 2 )} is well-typed) Hence, by sub-ih on m we have { m /x }m 2 ρ[v /y] = (v, n 1 + n 2) The we have { cbind(e, {y} m )/x }m 2 ρ cbind(e, {y} { m /x }m 2 ) ρ = (v, n 1 + n 1 + n 2) = (v, n 1 + n 2 ), as required Lemma 4 The following hold: For any v b, min{q v b q } = 0 For any K(v 1,, v n ) θ, such that K(σ 1,, σ n ) Θ: if n = 0, then min{q v b q } = 0, otherwise min{q v θ q } = max{q 1,, q n } + 1, where q i = min{q v σ i q }, for all 1 i n For any v = (v, n) σ R, min{q v C(σ) q } = min{q v σ q } Proof Immediate from the definition of σ q Lemma 5 All L C axioms relating to σ are sound for the semantic definition of σ Proof We case analyze the axioms that define σ x : b, s : N x, s b s = 0 We need to show x, s b s = 0 ρ for all v b, n N and ρ = {x v, s n} direction: Assume: v b and n = min{q v b q } We need to show n = 0 This follows by Lemma 4 direction: Assume n = 0 We need to show v b and 0 = min{q v b q } This follows by the assumptions and Lemma 4 x : θ x, 0 θ 1 i n a i =0 x = K i () We need to show x, 0 θ 1 i n a i =0 x = K i () ρ for all v θ and ρ = {x v} Let θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ be the equation of θ direction: Assume: x, 0 θ ρ v θ 0 = min{q v θ } TS: 1 i n a i =0 v = K i () From the assumption we have v θ 0, and by the definition v = K i () for some i where a i = 0, hence the result holds direction: Assume: 1 i n a i =0 x = K i() TS: v θ and 0 = min{q v θ } Suffices to show: v θ 0 ; this follows from the assumption, since that means that x = K i () for some i 16

17 x : θ, s : N x, s + 1 θ 1 i n a i >0 ( x 1 : σ i,1, s 1 : N,, x ai : σ i,ai, s ai : N x = K i (x 1,, x ai ) 1 j a i ( x, s j σi,j ) s = max{s 1,, s ai }) We need to show x, s + 1 θ 1 i n a i >0 ( x 1 : σ i,1, s 1 : N,, x ai : σ i,ai, s ai : N x = K i (x 1,, x ai ) 1 j a i ( x, s j σi,j ) s = max{s 1,, s ai }) ρ for all v θ, k N and ρ = {x v, s k} Let θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ be the equation of θ direction: Assume: v θ and k + 1 = min{q v θ q } Hence, v = K i (v 1,, v ai ), such that a i > 0 and v j σ i,j kj for some k j k, for all 1 j a j We instantiate x j := v i,j and s j := k j min{q v j σ i,j } for all 1 j a j Hence, it remains to show: k = max{k 1,, k ai } This follows by Lemma 4 direction: Assume v = K i (v 1,, v ai ) for some a i > 0, v j σ i,j, k j = min{q v j σ i,j } for all 1 j a i, and k = max{k 1,, k ai } We need to show: v θ and k + 1 = min{q θ q } The first goal follows directly from the assumption The second goal follows by Lemma 4 x : C(σ), s : N x, s C(σ) n : R, y : σ x = {cstep n (cret(y))} y, s σ We need to show x, s C(σ) n : R, y : σ x = {cstep n (cret(y))} y, s σ ρ for all (v, n) σ R, k N, and ρ = {x (v, n), s k} direction: Assume: (v, n) C(σ) σ R and k = min{q (v, n) C(σ) q } We instantiate n := n, and y := v We need to show (after expanding the definitions) (v, n) = (v, n), v σ and k = min{q v σ } The first two goals follow directly from the assumptions, the third goal follows by Lemma 4 direction: Assume: v = (n, v ), v σ and k = min{q v σ } From this follows that n = n and v = v We need to show (v, n) C(σ), and k = min{q (v, n) C(σ) } The first goal follows from the definitions, and the second goal follows by Lemma 4 Theorem 6 (Soundness (L C )) If C φ, ρ Γ and φ Ψ φ ρ, then φ ρ Proof By induction on the L C derivation We consider L C axioms and the additional data-type rules θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ e : θ Γ, x 1 : σ i,1,, x ai : σ i,ai ; Ψ, e = K i (x 1,, x ai ) C L φ for all 1 i n where x 1,, x ai φ C φ ELIM TS: φ ρ By Theorem 2 applied to the premise Γ e : θ, we have e ρ θ, hence by the first premise and the definition of θ, we have for some 1 i n: e ρ = K i (v 1,, v ai ) and v j σ i,j for all 1 j a i Let ρ = ρ[v 1 /x 1 ] [v ai /x ai ] Since, e ρ = K i (v 1,, v ai ), 17

18 we can apply IH, and we have φ ρ However, since x 1, x ai φ, we also have φ ρ, as required Γ, x : θ; Ψ, y : θ y < x φ[y/x] L C φ IND Γ; Ψ C L x : θ φ TS: x : θ φ ρ This is the same as showing that φ ρ[v/x] for all v θ For all v θ, we show by induction on v θ that φ ρ[v/x] When v θ = 0, we apply the IH to the premise with substitution ρ := ρ[v/x] This yields: ( y θ y < x φ[y/x] ρ[v/x] ) φ ρ[v/x] Since v θ = 0, y < x ρ[v/x] is the same as y < 0 ), which is, so ( y θ y < x φ[y/x] ρ[v/x] ) is the same as Hence, we get φ ρ[v/x], as needed When v θ > 0, we again apply the IH on the premise to get ( y θ y < x φ[y/x] ρ[v/x] ) φ ρ[v/x] which is the same as ( y θ y < v φ[y/x] ρ[v/x] ) φ ρ[v/x] Now, y θ y < v φ[y/x] ρ[v/x] holds by the subinduction hypothesis, so we get φ ρ[v/x], as needed θ 1, θ 2 Θ Γ, x 1 : θ 1, x 2 : θ 2 ; Ψ, y 1 : θ 1, y 2 : θ 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] C L φ C x 1 : θ 1, x 2 : θ φ DBLIND This is the same as showing that φ ρ[v1 /x 1 ][v 2 /x 2 ] for all v 1 θ 1 and v 2 θ 2 For all v 1 θ 1 and v 2 θ 2, we show by induction on ( v 1, v 2 ) that φ ρ[v1 /x 1 ][v 2 /x 2 ] When ( v 1, v 2 ) = (0, 0), we apply the IH to the premise with substitution ρ := ρ[v 1 /x 1 ][v 2 /x 2 ] This yields: ( y 1 θ 1, y 2 θ 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] ρ[v1 /x 1 ][v 2 /x 2 ]) φ ρ[v1 /x 1 ][v 2 /x 2 ] Since ( v 1, v 2 ) = (0, 0), ( y 1, y 2 ) < ( x 1, x 2 ρ[v1 /x 1 ][v 2 /x 2 ] is the same as ( y 1, y 2 ) < (0, 0) ), which is ; therefore y 1 θ 1, y 2 θ 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] ρ[v1 /x 1 ][v 2 /x 2 ] is the same as Hence, we get φ ρ[v1 /x 1 ][v 2 /x 2 ], as needed When ( v 1, v 2 ) > (0, 0), we again apply the IH on the premise to get ( y 1 θ 1, y 2 θ 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] ρ[v1 /x 1 ][v 2 /x 2 ]) φ ρ[v1 /x 1 ][v 2 /x 2 ], which is the same as ( y 1 θ 1, y 2 θ 2 ( y 1, y 2 ) < ( v 1, v 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] ρ[v1 /x 1 ][v 2 /x 2 ]) φ ρ[v1 /x 1 ][v 2 /x 2 ] Now, y 1 θ y 2 θ 2 ( y 1, y 2 ) < ( v 1, v 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] ρ[v1 /x 1 ][v 2 /x 2 ] holds by the subinduction hypothesis, so we get φ ρ[v1 /x 1 ][v 2 /x 2 ], as needed Γ; Ψ L C e = e REFL TS: e = e ρ Immediately by reflexivity of = 18

19 C e 1 = e 2 Γ; Ψ C L φ[e 1 /x] SUBST Γ; Ψ C L φ[e 2 /x] TS: φ[e 2 /x] ρ This is equivalent to φ ρ[v/x] where v = e 2 ρ By IH on the first premise e 1 = e2 ρ, hence e 1 ρ = e 2 ρ = v By IH on the second premise φ[e 1 /x] ρ = φ ρ[v/x], as required Γ e 1 : τ e 1 β,ι,µ,ζ e 2 C e 1 = e2 BETA TS: e 1 = e2 ρ Immediately by Lemma 3 applied to the premises K K Γ; Ψ C L K(e 1,, e n ) = K (e 1,, e m) NC TS: K(e 1,, e n ) = K (e 1,, e m) ρ This reduces to K(e 1,, e n ρ K(e 1,, e m ρ, and further to K( e 1 ρ,, e n ρ ) K ( e 1 ρ,, e m ρ ), which follows immediately by the assumption K K C K(e 1,, e n ) = K (e 1,, e n) C e i = e i CONS TS: e i = e i ρ for any 1 i n This reduces to e i ρ = e i ρ By IH we have K(e 1,, e n ) = K (e 1,, e n) ρ, and then K(e 1,, e n ) ρ = K (e 1,, e n) ρ and further K( e 1 ρ,, e n ρ ) = K( e 1 ρ, e n ρ ), and hence e i ρ = e i ρ, for all 1 i n, as required Γ; Ψ L C x : C(τ) m τ x = {m} TS: x : C(τ) m τ x = {m} ρ Let v C(τ) τ R Then, RTS: m τ x = {m} ρ[v/x] We pick m := v, and then RTS: x = {m} ρ[v/x][v/m] v = v, which holds trivially Γ; Ψ L C m τ n : R, e : τ m = cstep n (cret(e)) TS: m τ n : R, e : τ m = cstep n (cret(e)) ρ Let v τ R, hence v = (v, q), where v τ and q R Further, we pick n := q and e := v Then RTS: m = cstep n (cret(e)) ρ[(v /q)/m][q/n][v /w] (v, q) = (v, q+0), which holds immediately Γ; Ψ L C {m 1 } = {m 2 } m 1 = m2 TS: {m 1 } = {m 2 } m 1 = m2 ρ Assume {m 1 } = {m 2 } ρ, which is equivalent to m 1 ρ = m 2 ρ RTS: m 1 is equivalent to m 1 ρ = m 2 ρ, which we have assumed = m2 ρ, which 19

20 Γ; Ψ L C cstep n1 (cret(e 1 )) = cstep n2 (cret(e 2 )) e 1 = e2 n 1 = n2 TS: cstep n1 (cret(e 1 )) = cstep n2 (cret(e 2 )) e 1 = e2 n 1 = n2 ρ Assume cstep n1 (cret(e 1 )) = cstep n2 (cret(e 2 )) ρ, which is equivalent to ( e 1 ρ, n 1 + 0) = ( e 2 ρ, n 2 +0) RTS: e 1 ρ = e 2 ρ and n 1 = n 2, which follows trivially from the assumption 32 U C metatheory Theorem 7 (U C L C ) The following hold: 1 If Γ; Ψ e : τ φ then C φ[e/r] 2 If Γ; Ψ m τ k l φ then C e, n m = cstep n (cret(e )) φ[e /r] k n l Proof By simultaneous induction on the given U C derivations Proof of (1) θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ; Ψ e : θ φ For all 1 i n : Γ; Ψ e i : σ i,1 σ i,ai τ φ i where φ i x 1 : σ i,1,, x ai : σ i,ai φ [K i (x 1,, x ai )/r] φ[(r x 1 x ai )/r] Γ; Ψ match e with K 1 e 1 ; ; K n e n : τ φ To show: C φ[(match x with K 1 e 1 ; ; K n e n )/r] By the L C ELIM rule for θ, we need to show: Γ, x 1 : σ i,1,, x ai : σ i,ai ; Ψ, e = K i (x 1,, x ai ) L C φ[(match e with )/r] for all 1 i n Fix some i This is reduced to: Γ, x 1 : σ i,1,, x ai : σ i,ai ; Ψ, e = K i (x 1,, x ai ) L C φ[(e i x 1 x ai )/r] U-MATCH By IH on the first premise we have C weakening): φ [e/r], and then combined with the above (and Γ, x 1 : σ i,1,, x ai : σ i,ai ; Ψ, φ [K i (x 1,, x ai )/r] L C φ[(e i x 1 x ai )/r] By IH on the given i we obtain (after eliminating and ): Γ, x 1 : σ i,1,, x ai : σ i,ai ; Ψ, φ [K i (x 1,, x ai )/r] L C φ[(r x 1 x ai )/r][e i /r] which is equivalent to the goal that we need to show K(σ 1 σ n ) Θ(θ) Γ; Ψ e i : σ i φ i for all 1 i n Γ; Ψ C L x 1 : σ 1,, x n : σ n φ 1 [x 1 /r] φ n [x n /r] φ[k(x 1,, x n )/r] Γ; Ψ K(e 1,, e n ) : θ φ U-CONS To show: C φ[k(e 1,, e n )/r] By IH on e i premises we have C φ i [e i /r] (*), for all 1 i n By instantiating the last premise with x i = e i, for all 1 i n, and after eliminating all implications with (*), we obtain C φ[k(e 1,, e n )/r] 20

21 θ Θ Def (f, x, e) Γ, x : θ, f : θ τ; Ψ, φ, y y < x φ [y/x] φ[y/x][f y/r] e : τ φ Γ; Ψ rec f (x)e : θ τ x φ φ[r x/r] TS: C xφ φ[((rec f (x)e) x)/r] Let θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) be an equation for θ By induction principle IND for θ, it suffices to prove that: Γ, x : θ; Ψ, y y < x φ [y/x] φ[y/x][((rec f (x)e) y)/r] L C φ φ[((rec f (x)e) x)/r] Let F (rec f (x)e) Then, the goal above is: Γ, x : θ; Ψ, y y < x φ [y/x] φ[y/x][(f y)/r] L C φ φ[(f x)/r] which further reduces (by the introduction rule for ) to: Γ, x : θ; Ψ, φ, y y < x φ [y/x] φ[y/x][(f y)/r] L C φ[(f x)/r] Now note that F x = e[f/f][x/x] = e[f/f] Hence, we reduce further to: Γ, x : θ; Ψ, φ, y y < x φ [y/x] φ[y/x][(f y)/r] L C φ[e[f/f]/r] Applying the IH to the third premise of U-LETREC, we get: Γ, x : θ, f : θ τ; Ψ, φ, y y < x φ [y/x] φ[y/x][(f y)/r] L C φ[e/r] Instantiating with f := F, we get the required result Γ; Ψ m τ k l φ Γ; Ψ {m} : C(τ) Cu(r, k, l, rφ) U-MONAD To show: C Cu({m}, k, l, rφ) e, n {m} = {cstep n (cret(e ))} φ[e /r] k n l By IH on the premise, we get C e, n m = cstep n (cret(e )) φ[e /r] k n l The required result trivially follows by picking the same e and n (Note that m = cstep n (cret(e )) implies {m} = {cstep n (cret(e ))}) Proof of (2) Γ; Ψ e : τ φ Γ; Ψ cret(e) τ 0 0 φ U-RET To show: C e, n cret(e) = cstep n (cret(e )) φ[e /r] 0 n 0 We pick e := e and n := 0 Then, cret(e) = cstep 0 (cret(e)) by the rule cstep 0 (m) ζ m, φ[e/r] by the IH on the premise and trivially Γ n : R Γ; Ψ m τ k l φ Γ; Ψ cstep n (m) τ k + n l + n φ U-STEP To show: C e, n cstep n (m) = cstep n (cret(e )) φ[e /r] (k + n) n (l + n) By IH on the second premise we get C e, n m = cstep n (cret(e )) φ[e /r] k n l We pick e := e and n := n + n Then, we have: - cstep n (m) = cstep n (cstep n (cret(e )) = cstep n+n (cret(e )) by rule cstep n (cstep n (m)) ζ cstep n+n (m) - φ[e /r] from the IH - (k + n) n (l + n), since n = n + n and k n l U-LETREC Γ; Ψ e 1 : C(τ 1 ) Cu(r, k, l, xφ 1 ) Γ, x : τ 1 ; Ψ, φ 1 m 2 τ 2 k l φ 2 x n 2, φ 2 Γ; Ψ cbind(e 1, {x}m 2 ) τ 2 k + k l + l φ 2 U-BIND 21

22 To show: C e, n cbind(e 1, {x}m 2 ) = cstep n (cret(e )) φ 2 [e /r] (k + k) n (l + l) From ih(1) on the first premise, C Cu(e 1, k, l, xφ 1 ) e 1, n 1 e 1 = {cstep n 1 (cret(e 1 ))} φ 1 [e 1 /x] k n 1 l From ih(2) on the second premise, Γ, x : τ 1 ; Ψ, φ 1 L C e 2, n 2 m 2 = cstep n 2 (cret(e 2 )) φ 2 [e 2 /r] k n 2 l Hence, C e 2, n 2 m 2[e 1 /x] = cstepn 2 (cret(e 2 )) φ 2[e 2 /r] k n 2 l (since x n 2, φ 2 ) We choose e := e 2 and n := n 1 + n 2 Then, we have: - cbind(e 1, {x}m 2 ) = cbind({cstep n 1 (cret(e 1 ))}, {x}m 2)) ζ { cstep n 1 (cret(e 1 ))/x }m 2 = cstep n 1 (m 2 [e 1 /x]) = cstep n 1 (cstep n 2 (cret(e 2 ))) ζ cstep n 1 +n (cret(e 2 2 )) = cstep n (cret(e )) - We already know that C φ 2 [e 2 /r] φ 2[e /r] - (k + k) n (l + l), since n = n 1 + n 2, k n 1 l, and k n 2 l Γ; Ψ m τ k l φ Γ; Ψ C L k k Γ; Ψ C L l l U-SUBC Γ; Ψ m τ k l φ To show: C e, n m = cstep n (cret(e )) φ[e /r] k n l From the ih, C e, n m = cstep n (cret(e )) φ[e /r] k n l Since C k k and C l l, the required result follows immediately C x : τφ Γ, x : τ; Ψ, φ m τ k l φ x m, n, φ Γ; Ψ m τ k l φ EM To show: C e, n m = cstep n (cret(e )) φ [e /r] k n l By ih on the second premise, Γ, x : τ; Ψ, φ L C e, n m = cstep n (cret(e )) φ [e /r] k n l By rule E in L C, C e, n m = cstep n (cret(e )) φ [e /r] k n l, as required Lemma 8 (Trivial refinements) The following hold: 1 If Γ e : τ then Γ; Ψ e : τ 2 If Γ m τ then Γ; Ψ m τ Proof By simultaneous induction on the given typing derivations Proof of (1) K(σ 1 σ n ) Θ(θ) Γ e i : σ i for all 1 i n Γ K(e 1,, e n ) : θ TS: Γ; Ψ K(e 1,, e n ) : θ By IH on the e i premises we have Γ; Ψ e i : σ i for all 1 i n, and the result follows by the rule U-CONS θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ e : θ Γ e i : σ i,1 σ i,ai τ for all 1 i n Γ match e with K 1 e 1 ; ; K n e n : τ 22

23 TS: Γ; Ψ match x with K 1 e 1 ; ; K n e n : τ By IH on the e premise we have Γ; Ψ e : θ By IH on e i premises we have Γ; Ψ e i : σ i,1 σ i,ai τ, for all 1 i n The result follows from the rule U-MATCH Def (f, x, e) Γ, f : θ τ, x : θ e : τ Γ rec f (x)e : θ τ TS: Γ; Ψ rec f (x)e : θ τ By IH we have Γ, f : θ, x : θ; Ψ e : τ, from which we have Γ, f : θ, x : θ; Ψ, y y < x e : τ, and the result follows by the rule U-LETREC Γ m τ Γ {m} : C(τ) TS: Γ; Ψ {m} : C(τ) By IH on the premise we have Γ; Ψ e τ, and hence Γ; Ψ {m} : C(τ) Cu(r,,, r ) by the rule U-MONAD Since C Cu({m},,, r ), by U-SUB rule we obtain Γ; ψ {m} : C(τ), as required Proof of (2) Γ e : τ Γ cret(e) τ TS: Γ; Ψ cret(e) τ By IH on the premise we have Γ; Ψ e : τ, and by the U-RET rule we have Γ; Ψ cret(e) τ 0 0 By rule U-SUBC, Γ; Ψ cret(e) τ Γ n : R Γ m τ Γ cstep n (m) τ TS: Γ; Ψ cstep n (m) τ By IH on the second premise we have Γ; Ψ m τ, and then by the U-STEP rule Γ; Ψ cstep n (m) τ + n + n Since C + n, and C + n, the result follows by rule U-SUBC Γ e 1 : C(τ 1 ) Γ, x : τ 1 m 2 τ 2 Γ cbind(e 1, {x} m 2 ) τ 2 TS: Γ; Ψ cbind(e 1, {x} m 2 ) τ 2 τ 2 By IH on the premises we have Γ; Ψ e 1 : C(τ 1 ) and Γ, x : τ 1 ; Ψ m 2 τ 2 By the (first two) L C axioms we have C e 1 = {cstepn (cret(e 1 ))}, for some n and e 1 Further we have C n and hence C Cu(e 1,,, r ) and from that Γ; Ψ e 1 : C(τ 1 ) Cu(r,,, r ) (by rule U-SUB on Γ; Ψ e 1 : C(τ 1 ) ), and then by the rule U-BIND Γ; Ψ cbind(e 1, {x} m 2 ) τ 2 ( ) + ( ) + The result follows by rule U-SUBC Theorem 9 (L C U C, pure) If C φ[e/r] and Γ e : τ then Γ; Ψ e : τ φ Proof Immediate from Lemma 8(1) and the subsumption rule U-SUB Theorem 10 (L C U C, monadic) If C e, n m = cstep n (cret(e )) φ[e /r] k n l and Γ m τ then Γ; Ψ m τ k l φ 23

24 Proof By induction on the derivation of Γ m τ Γ e : τ Γ cret(e) τ TS: Γ; Ψ cret(e) τ k l φ From assumption, cret(e) = m = cstep n (cret(e )) and, hence, by an L C axiom, e = e and n = 0 Therefore, from φ[e /r], we get φ[e/r] By Theorem 9 on the premise, Γ; Ψ e : τ φ By the rule U-RET, we get Γ; Ψ cret(e) τ 0 0 φ and by U-SUBC, since k n = 0 l, we get Γ; Ψ cret(e) τ k l φ, as required Γ n 1 : R Γ m τ Γ cstep n1 (m ) τ TS: Γ; Ψ cstep n1 (m ) τ k l φ From assumption, cstep n1 (m ) = m = cstep n (cret(e )) By an L C axiom, there is a n 2 such that n = n1 + n 2 and m = cstepn2 (cret(e )) From the latter, and the remaining assumptions it follows that m = cstepn2 (cret(e )) φ[e /r] (k n 1 ) n 2 (l n 1 ) Hence, by ih on the second premise, Γ; Ψ m τ k n 1 l n 1 φ By the rule U-STEP if follows that Γ; Ψ cstep n1 (m ) τ k n 1 + n 1 l n 1 + n 1 φ By rule U-SUBC, Γ; Ψ cstep n1 (m ) τ k l φ, as needed Γ e 1 : C(τ 1 ) Γ, x : τ 1 m 2 τ Γ cbind(e 1, {x}m 2 ) τ TS: Γ; Ψ cbind(e 1, {x}m 2 ) τ k l φ From the premise Γ e 1 : C(τ 1 ) and L C s axioms, it follows that there exist e 1, n 1 such that Γ; L C e 1 = {cstepn 1 (cret(e 1 ))} By definition, it follows that Γ; L C C u(e 1, n 1, n 1, xx = e 1 ) Applying Theorem 9 on the first premise, we get Γ; Ψ e 1 : C(τ 1 ) Cu(r, n 1, n 1, xx = e 1) Similarly, from the premise Γ, x : τ 1 m 2 τ and L C s axioms, it follows that Γ, x : τ 1 ; L C n 2, e 2 m 2 = cstep n 2 (cret(e 2 )) Consequently, Γ; L C n 2, e 2 m 2[e 1 /x] = cstepn 2 (cret(e 2 )) Therefore, there exist e 2, n 2 such that Γ; L C m 2[e 1 /x] = cstepn 2 (cret(e 2 )) It follows that Γ, x : τ 1 ; Ψ, x = e 1 L C m 2 = cstep n 2 (cret(e 2 )) Call this statement (A) Further, Γ; L C cbind(e 1, {x}m 2 ) = cbind({cstep n 1 (cret(e 1 ))}, {x}m 2) = cstep n 1 (m 2 [e 1 /x]) = cstep n 1 (cstep n 2 (cret(e 2 ))) = cstep n 1 +n (cret(e 2 2 )) However, from assumption, C cbind(e 1, {x}m 2 ) = m = cstep n (cret(e )) Hence, C cstep n (cret(e )) = cstep n 1 +n (cret(e 2 2 )) By an LC axiom, C n = n 1 + n 2 e = e 2 Next, C e = e 2 and the assumption C φ[e /r] imply (by weakening) that Γ, x : τ 1 ; Ψ, x = e 1 L C φ[e 2 /r] Call this statement (B) Applying the ih to the second premise, using statements (A) and (B), we get Γ, x : τ 1 ; Ψ, x = e 1 m 2 τ n 2 n 2 φ Using the rule U-BIND, we derive Γ; Ψ cbind(e 1, {x}m 2 ) τ n 1 + n 2 n 1 + n 2 φ Since C k n = n 1 + n 2, and C n 1 + n 2 = n l, by rule U-SUBC, we get Γ; Ψ cbind(e 1, {x}m 2 ) τ k l φ, as required Corollary 11 (Pure equivalence closure) If Γ; Ψ e : τ φ and C e = e and Γ e : τ, then Γ; Ψ e : τ φ 24

25 Proof From Theorem 7(1) applied to Γ; Ψ e : τ φ, we get C φ[e/r] From C e = e we get C φ[e /r] The required result follows from Theorem 9 Corollary 12 (Monadic equivalence closure) If Γ; Ψ m τ k l φ and C m = m and Γ m τ, then Γ; Ψ m τ k l φ Proof From Theorem 7(2) applied to Γ; Ψ m τ k l φ, we get C e, n m = cstep n (cret(e )) φ[e /r] k n l Combining with C m = m, we get C e, n m = cstepn (cret(e )) φ[e /r] k n l The required result follows from Theorem 10 Theorem 13 (Subsumption, monadic) The following rules are admissible: Γ; Ψ m τ k l φ Γ; Ψ C L m = cstep n (cret(e)) Γ; Ψ C L k n l Γ; Ψ C L φ [e/r] φ[e/r] Γ; Ψ m τ k l φ Γ; Ψ m τ k l φ C k k C l l C r φ φ Γ; Ψ m τ k l φ U-SUBM1 U-SUBM2 Proof (U-SUBM1) From Theorem 7(2) applied to the first premise, C e 1, n 1 m = cstep n1 (cret(e 1 )) φ [e 1 /r] k n 1 l Using the second premise, C e 1 = e From the last premise, C φ[e/r] The conclusion follows from the third premise and Theorem 10 (U-SUBM2) From Theorem 7(2) applied to the first premise, C e 1, n 1 m = cstep n1 (cret(e 1 )) φ [e 1 /r] k n 1 l Using the second, third and fourth premises, C e 1, n 1 m = cstep n1 (cret(e 1 )) φ[e 1 /r] k n 1 l The conclusion follows from Theorem 10 Theorem 14 (Forcing subject reduction) If ; m τ k l φ and m n e, then k n l and ; e : τ φ Proof Suppose ; m τ k l φ and m n e By Theorem 7(2), there exist e, n such that m = cstep n (cret(e )) φ[e /r] k n l From Lemma 1, it follows that m = cstep n (cret(e)), hence n = n, e = e, and k n l Further, since φ[e /r] and e = e, we also have φ[e/r] and, hence, by Theorem 9, that ; e : τ φ (We also need to prove that e : τ, but this follows from type preservation since m n e and m τ from ; m τ k l φ) 33 R C metatheory Theorem 15 (R C L C ) The following hold: 1 If Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ then C φ[e 1 /r 1 ][e 2 /r 2 ] 2 If Γ; Ψ m 1 τ 1 m 2 τ 2 n φ then C e 1, e 2, n 1, n 2 m 1 = cstepn1 (cret(e 1 )) m 2 = cstepn2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 n Proof By simultaneous induction on the given R C derivations We show some representative cases Proof of (1) 25

26 Def (f 1, x 1, e 1 ) Def (f 2, x 2, e 2 ) Γ, x 1 : θ 1, x 2 : θ 2, f 1 : θ 1 τ 1, f 2 : θ 2 τ 2 ; Ψ, φ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][f 1 y 1 /r 1 ][f 2 y 2 /r 2 ] e 1 : τ 1 e 2 : τ 2 φ Γ; Ψ rec f 1 (x 1 )e 1 : θ 1 τ 1 rec f 2 (x 2 )e 2 : θ 2 τ 2 x 1 x 2 φ φ [r 1 x 1 /r 1 ][r 2 x 2 /r 2 ] TS: C x 1 x 2 φ φ [((rec f 1 (x 1 )e 1 ) x 1 )/r 1 ][((rec f 2 (x 2 )e 2 ) x 2 )/r 2 ] By double-induction principle DBLIND for θ 1, θ 2, it suffices to show that: R-LETREC Γ, x 1 : θ 1, x 2 : θ 2 ; Ψ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][((rec f 1 (x 1 )e 1 ) y 1 )/r 1 ][((rec f 2 (x 2 )e 2 ) y 2 )/r 2 ] L C φ φ [((rec f 1 (x 1 )e 1 ) x 1 )/r 1 ][((rec f 2 (x 2 )e 2 ) x 2 )/r 2 ] Let F 1 rec f 1 (x 1 )e 1 and F 2 rec f 2 (x 2 )e 2 Then the above goal is: Γ, x 1 : θ 1, x 2 : θ 2 ; Ψ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][(F 1 y 1 )/r 1 ][(F 2 y 2 )/r 2 ] L C φ φ [(F 1 x 1 )/r 1 ][(F 2 x 2 )/r 2 ] which is (by the introduction rule for ) reduced to: Γ, x 1 : θ 1, x 2 : θ 2 ; Ψ, φ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][(F 1 y 1 )/r 1 ][(F 2 y 2 )/r 2 ] L C φ [(F 1 x 1 )/r 1 ][(F 2 x 2 )/r 2 ] Note that F i x 1 = ei [F i /f i ][x i /x i ] = e i [F i /f i ] (for i {1, 2}), hence this further reduces to: Γ, x 1 : θ 1, x 2 : θ 2 ; Ψ, φ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][(F 1 y 1 )/r 1 ][(F 2 y 2 )/r 2 ] L C φ [e 1 [F 1 /f 1 ]/r 1 ][e 2 [F 2 /f 2 ]/r 2 ] Applying the IH to the third premise we get: Γ, x 1 : θ 1, x 2 : θ 2, f 1 : θ 1 τ 1, f 2 : θ 2 τ 2 ; Ψ, y 1 y 2 ( y 1, y 2 ) < ( x 1, x 2 ) φ[y 1 /x 1 ][y 2 /x 2 ] φ [y 1 /x 1 ][y 2 /x 2 ][(f 1 y 1 )/r 1 ][(f 2 y 2 )/r 2 ] L C φ [e 1 /r 1 ][e 2 /r 2 ] By instantiating it with f 1 := F 1 and f 2 := F 2, we get the required result θ = K 1 (σ 1,1 σ 1,a1 ) + + K n (σ n,1 σ n,an ) Θ Γ; Ψ e : θ e : θ φ For all 1 i, j n : Γ; Ψ e i : σ i,1 σ i,ai τ 1 e j : σ j,1 σ j,aj τ 2 φ i,j where φ i,j x 1 : σ i,1,, x ai : σ i,ai, y 1 : σ j,1,, y aj : σ j,aj φ [K i (x 1,, x ai )/r 1 ][K j (y 1,, y aj )/r 2 ] φ[(r 1 x 1 x ai )/r 1 ][(r 2 y 1 y aj )/r 2 ] Γ; Ψ match e with K 1 e 1 ; ; K n e n : τ 1 match e with K 1 e 1; ; K n e n : τ 2 φ R-MATCH 26

27 TS: C φ[(match e with K 1 e 1 ; ; K n e n )/r 1 ][(match e with K 1 e 1 ; ; K n e n)/r 2 ] By the L C ELIM rule (on e) for θ we need to show: Γ, x 1 : σ 1,i,, x ai : σ i,ai ; Ψ, e = K i (x 1,, x ai ) L C φ[(match e with K 1 e 1 ; ; K n e n )/r 1 ][(match e with K 1 e 1 ; ; K n e n)/r 2 ] for all 1 i n Fix an i By the L C ELIM rule (on e ) for θ we need to show: Γ, x 1 : σ 1,i,, x ai : σ i,ai, y 1 : σ j,1,, y aj : σ j,aj ; Ψ, e = K i (x 1,, x ai ), e = Kj (y 1,, y a,j ) L C φ[(match e with K 1 e 1 ; ; K n e n )/r 1 ][(match e with K 1 e 1 ; ; K n e n)/r 2 ] for all 1 j n Fix an j This reduces to: Γ, x 1 : σ 1,i,, x ai : σ i,ai, y 1 : σ j,1,, y aj : σ j,aj ; Ψ, e = K i (x 1,, x ai ), e = Kj (y 1,, y a,j ) L C φ[(e i x 1 x ai )/r 1 ][(e j y 1 y aj )/r 2 ] By IH on the first premise we have C φ [e/r 1 ][e /r 2 ], and then obtained with the above (and weakening): Γ, x 1 : σ 1,i,, x ai : σ i,ai, y 1 : σ j,1,, y aj : σ j,aj ; Ψ, φ [K i (x 1,, x ai )/r 1 ][K j (y 1,, y a,j )/r 2 ] L C φ[(e i x 1 x ai )/r 1 ][(e j y 1 y aj )/r 2 ] By IH on the given i, j pair we have (after eliminating and ): Γ, x 1 : σ i,1,, x ai : σ i,ai, y 1 : σ j,1,, y aj : σ j,aj ; Ψ, φ [K i (x 1,, x ai )/r 1 ][K j (y j,, y aj )/r 2 ] L C φ[(e x 1 x ai )/r 1 ][(e y i y aj )/r 2 ] This is exactly the goal that we need to show K(σ 1 σ n ) Θ(θ) Γ; Ψ e i : σ i e i : σ i φ i for all 1 i n Γ; Ψ C L x 1, y 1 : σ 1,, x n, y n : σ n φ 1 [x 1 /r 1 ][y 1 /r 2 ] φ n [x n /r 1 ][y n /r 2 ] φ[k(x 1,, x n )/r 1 ][K(y 1,, y n )/r 2 ] Γ; Ψ K(e 1,, e n ) : θ K(e 1,, e n) : θ φ R-CONS TS: C φ[k(e 1,, e n )/r 1 ][K(e 1,, e n)/r 2 ] By IH on e i premises we have C φ i [e i /r 1 ][e i /r 2] (*), for all 1 i n By instantiating the last premise with x i = e i and y i = e i, for all 1 i n, and after eliminating all implications with (*), we obtain C φ[k(e 1,, e n )/r 1 ][K(e 1,, e n)/r 2 ], as required Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ {m 1 } : C(τ 1 ) {m 2 } : C(τ 2 ) Cr(r 1, r 2, n, r 1 r 2 φ) R-MONAD TS: C Cr({m 1 }, {m 2 }, n, r 1 r 2 φ) e 1, n 1, e 2, n 2 {m 1 } = {cstep n1 (cret(e 1 ))} {m 2 } = {cstep n2 (cret(e 2 ))} φ[e 1 /r 1][e 2 /r 2] n 1 n 2 n By IH on the premise we have: C e 1, e 2, n 1, n 2 m 1 = cstepn1 (cret(e 1 )) m 2 = cstep n2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 n We pick e 1 := e 1, e 2 := e 2, n 1 := n 1, n 2 := n 2, and then the required result follows, since m i = cstepni (cret(e i )) implies {m i} = {cstep ni (cret(e i ))} (for i {1, 2}) Proof of (2) 27

28 Γ; Ψ e 1 : τ 1 e 2 : τ 2 φ Γ; Ψ cret(e 1 ) τ 1 cret(e 2 ) τ 2 0 φ R-RET TS: C e 1, e 2, n 1, n 2 cret(e 1 ) = cstep n1 (cret(e 1 )) cret(e 2) = cstep n2 (cret(e 2 )) φ[e 1 /r 1][e 2 /r 2] n 1 n 2 0 We pick e i := e i, n 1, n 2 := 0 Then cret(e i ) = cstep 0 (cret(e i )) by the cstep 0 ζ rule, φ[e 1 /r 1 ][e 2 /r 2 ] from the IH on the premise, and we have that Γ n 1 : R Γ n 2 : R Γ; Ψ m 1 τ 1 m 2 τ 2 n φ R-STEP Γ; Ψ cstep n1 (m 1 ) τ 1 cstep n2 (m 2 ) τ 2 n + n 1 n 2 φ TS: C e 1, e 2, n 1, n 2 cstep n 1 (m 1 ) = cstep n 1 (cret(e 1 )) cstep n2 m 2 = cstepn 2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 (n + n 1 n 2 ) By IH on the third premise we have: C m 2 = cstepn (cret(e 2 2 )) φ[e 1 /r 1][e 2 /r 2] n Then we have: 1 n e 1, e 2, n 1, n 2 m 1 = cstep n (cret(e 1 1 )) 2 n We pick e i := e i, n i := (n i + n i) (a) cstep ni (m i ) = cstep ni (cstep n i (cret(e i ))) = cstep ni +n i (cret(e i )) (by cstep ζ rule); (b) φ[e 1 /r 1][e 2 /r 2] from the IH; and (c) n 1 n 2 n + n 1 n 2, since n 1 = n 1 + n 1, n 2 = n 2 + n 2, and n 1 n 2 n Γ; Ψ e 1 : τ 1 e 2 : τ 2 Cr(r 1, r 2, n, x 1 x 2 φ ) Γ, x 1 : τ 1, x 2 : τ 2; Ψ, φ m 1 τ 1 m 2 τ 2 n φ x 1, x 2 n, φ Γ; Ψ cbind(e 1, {x 1 } m 1 ) τ 1 cbind(e 2, {x 2 } m 2 ) τ 2 n + n φ R-BIND TS: C e 1, e 2, n 1, n 2 cbind(e 1, {x 1 } m 1 ) = cstep n1 (cret(e 1 )) cbind(e 2, {x 2 } m 2 ) = cstep n2 (cret(e 2 )) φ[e 1 /r 1][e 2 /r 2] n 1 n 2 (n + n) From IH on the first premise we have: C Cr(e 1, e 2, n, x 1 x 2 φ ) e 1, e 2, n 1, n 2 e 1 = {cstepn 1 (cret(e 1))} e 2 = {cstepn 2 (cret(e 2))} φ [e 1/x 1 ][e 2/x 2 ] n 1 n 2 n Using φ, from IH on the second premise we have (noting that x 1, x 2 n, φ): C e 1, e 2, n 1, n 2 m 1 [e 1/x 1 ] = cstep n 1 (cret(e 1 )) m 2 [e 2/x 2 ] = cstep n 2 (cret(e 2 )) We pick e i (a) := e φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 n i, and n i := n i + n i, and then we have: cbind(e i, {x i } m i ) = cbind({cstep n i (cret(e i ))}, {x i} m i ) ζ { cstep n i (cret(e i ))/x i }m i = cstep n i (m i [e i /x i]) = cstep n i (cstep n i i ))) ζ cstep n i +n (cret(e i i )) = cstep ni (cret(e i )) (b) We already established φ[e 1 /r 1][e 2 /r 2] φ[e 1 /r 1][e 2 /r 2] 28

29 (c) We have n 1 n 2 (n + n), since n 1 = n 1 + n 1, n 2 = n 2 + n 2, n 1 n 2 n, and n 1 n 2 n Γ; Ψ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ C L n n Γ; Ψ m 1 τ 1 m 2 τ 2 n φ R-SUBC TS: C e 1, e 2, n 1, n 2 m 1 = cstepn1 (cret(e 1 )) m 2 = cstepn2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 n From IH on the first premise we have: C e 1, e 2, n 1, n 2 m 1 = cstepn1 (cret(e 1 )) = cstepn2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 n From the second premise we have m 2 n 1 n 2 n n, hence the result holds Γ e 1 τ 1 Γ; Ψ m 2 τ 2 k l φ[e 1 /r 1 ][r/r 2 ] R-RET-L Γ; Ψ cret(e 1 ) τ 1 m 2 τ 2 k φ TS: C e 1, e 2, n 1, n 2 cret(e 1 ) = cstep n1 (cret(e 1 )) m 2 = cstepn2 (cret(e 2 )) φ[e 1 /r 1][e 2 /r 2] n 1 n 2 k By Theorem 7(2) applied to the second premise, e 2, n 2 m 2 = cstepn2 (cret(e 2)) φ[e 1 /r 1 ][e 2/r 2 ] k n 2 l (and by noting that (φ[e 1 /r 1 ][r/r 2 ])[e 2 /r] = φ[e 1/r 1 ][e 2 /r 2]) We pick e 1 := e 1, e 2 := e 2, n 1 := 0, n 2 := n 2 Then we have: (a) cret(e 1 ) = cstep 0 (cret(e 1 )) (b) m 2 = cstepn2 (cret(e 2 )) (c) φ[e 1 /r 1 ][e 2 /r 2] (d) From k n 2, we have 0 n 2 k Γ n 1 : R Γ; Ψ m 1 τ 1 m 2 τ 2 n ψ Γ; Ψ cstep n1 (m 1 ) τ 1 m 2 τ 2 n + n 1 ψ R-STEP-L TS: C e 1, e 2, n 1, n 2 cstep n 1 (m 1 ) = cstep n 1 (cret(e 1 )) m 2 = cstepn 2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 (n + n 1) By IH on the second premise we have: C e 1, e 2, n 1, n 2 m 1 = cstep n (cret(e 1)) 1 m 2 = cstepn 2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 n We pick e i := e i, n 2 := n 2, and n 1 := n 1 + n 1 Since m 1 = cstepn (cret(e 1)), we have 1 cstep n1 (m 1 ) = cstep n1 (cstep n (cret(e 1))) 1 ζ cstep n1 +n (cret(e 1)) 1 Hence, it remains to show that n 1 + n 1 n 2 (n + n 1), which follows from n 1 n 2 n Γ; Ψ e 1 : C(τ 1) Cu(r, k, l, xφ ) Γ, x : τ 1; Ψ, φ m 1 τ 1 m 2 τ 2 n φ Γ; Ψ cbind(e 1, {x} m 1 ) τ 1 m 2 τ 2 l + n φ R-BIND-L TS: C e 1, e 2, n 1, n 2 cbind(e 1, {x}m 1) = cstep n 1 (cret(e 1 )) m 2 = cstepn 2 (cret(e 2 )) φ[e 1 /r 1 ][e 2 /r 2 ] n 1 n 2 (l + n) By Theorem 7(1) applied to the first premise we have C Cu(e 1, k, l, xφ ) e 1, n 1 e 1 = {cstep n (cret(e 1 1 ))} φ [e 1 /x] k n 1 l Using φ, by IH on the second premise we have: Γ, x : τ 1 ; Ψ, φ L C e 1, e 2, n 1, n 2 m 1 = cstep n (cret(e 1 1 )) m 2 = cstep n 2 (cret(e 2 )) φ[e 1 /r 1][e 2 /r 2 ] n 1 n 2 n Hence, 29

30 C e 1, e 2, n 1, n 2 m 1[e 1 /x] = cstep n (cret(e 1 1 )) m 2 = cstep n 2 (cret(e 2 )) φ[e 1 /r 1][e 2 /r 2 ] n 1 n 2 n (since, x n, φ) We pick e 1 := e 1, e 2 := e 2, n 1 (a) cbind(e 1, {x} m 1) (b) m 2 = cstepn 2 (cret(e 2 )) (c) φ[e 1 /r 1][e 2 /r 2 ] (d) From, n 1 l and n 1 n 2 we then have n 1 n 2 l + n := n 1 + n 1, and n 2 := n 2, and then we have: = cbind({cstep n (cret(e 1 1 ))}, {x} m 1) ζ { cstep n (cret(e 1 1 ))/x }m 1 = cstep n (m 1[e 1 1 /x]) = cstep n (cstep 1 n (cret(e 1 1 ))) = cstep n 1 +n (cret(e 1 1 )) n, we have n 1 + n 1 n 2 l + n, and from n 1 = n 1 + n 1, Lemma 16 (Trivial refinements) The following hold: 1 If Γ e 1 : τ 1 and Γ e 2 : τ 2, then Γ; Ψ e 1 : τ 1 e 2 : τ 2 2 If Γ m 1 τ 1 and Γ m 2 τ 2, then Γ; Ψ m 1 τ 1 m 2 τ 2 Proof Proof of (1) Assume Γ e 1 : τ 1 and Γ e 2 : τ 2 By Lemma 8(1) on the first premise, we have Γ; Ψ e 1 : τ 1 Using the rule UHOL-L of the original RHOL paper, we now derive Γ; Ψ e 1 : τ 1 e 2 : τ 2, as required Proof of (2) By induction on the first typing derivation (Γ m 1 τ 1 ) Γ e 1 : τ 1 Γ cret(e 1 ) τ 1 TS: Γ; Ψ cret(e 1 ) τ 1 m 2 τ 2 By Lemma 8(2) applied to the second assumption we have: Γ; Ψ m 2 τ 2 Then, by rule R-RET-L, with the first premise we have: Γ; Ψ cret(e 1 ) τ 1 m 2 τ 2 ( ) and the required result follows by rule R-SUBC Γ n 1 : R Γ m 1 τ 1 Γ cstep n1 (m 1) τ 1 TS: Γ; Ψ cstep n1 (m 1 ) τ 1 m 2 τ 2 By IH on the second premise we have: and then by rule R-STEP-L: Γ; Ψ m 1 τ 1 m 2 τ 2 Γ; Ψ cstep n1 (m 1) τ 1 m 2 τ 2 + n 1 The required result follows by rule R-SUBC (since C + n 1 30

Similar documents

Monadic refinements for relational cost analysis

Monadic refinements for relational cost analysis Monadic refinements for relational cost analysis IVAN RADIČEK, TU-Wien, Austria GILLES BARTHE, IMDEA Software Institute, Spain MARCO GABOARDI, University at Buffalo, SUNY, USA DEEPAK GARG, Max Planck Institute

More information

Monadic Refinements for Relational Cost Analysis

Monadic Refinements for Relational Cost Analysis Monadic Refinements for Relational Cost Analysis IVAN RADIČEK, TU-Wien, Austria GILLES BARTHE, IMDEA Software Institute, Spain MARCO GABOARDI, University at Buffalo, SUNY, USA DEEPAK GARG, Max Planck Institute

More information

Beyond First-Order Logic

Beyond First-Order Logic Beyond First-Order Logic Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) Beyond First-Order Logic MFES 2008/09 1 / 37 FOL

More information

Denotational semantics: proofs

Denotational semantics: proofs APPENDIX A Denotational semantics: proofs We show that every closed term M has a computable functional [[M ] as its denotation. A.1. Unification We show that for any two constructor terms one can decide

More information

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC)

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC) University of Science and Technology of China (USTC) 09/26/2011 Overview Predicate logic over integer expressions: a language of logical assertions, for example x. x + 0 = x Why discuss predicate logic?

More information

Lecture 2: Syntax. January 24, 2018

Lecture 2: Syntax. January 24, 2018 Lecture 2: Syntax January 24, 2018 We now review the basic definitions of first-order logic in more detail. Recall that a language consists of a collection of symbols {P i }, each of which has some specified

More information

Automated Synthesis of Tableau Calculi

Automated Synthesis of Tableau Calculi Automated Synthesis of Tableau Calculi Renate A. Schmidt 1 and Dmitry Tishkovsky 1 School of Computer Science, The University of Manchester Abstract This paper presents a method for synthesising sound

More information

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P. First-Order Logic Syntax The alphabet of a first-order language is organised into the following categories. Logical connectives:,,,,, and. Auxiliary symbols:.,,, ( and ). Variables: we assume a countable

More information

Predicate Logic. x. x + 0 = x. Predicate logic over integer expressions: a language of logical assertions, for example. Why discuss predicate logic?

Predicate Logic. x. x + 0 = x. Predicate logic over integer expressions: a language of logical assertions, for example. Why discuss predicate logic? Predicate Logic Predicate logic over integer expressions: a language of logical assertions, for example x. x + 0 = x Why discuss predicate logic? It is an example of a simple language It has simple denotational

More information

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC)

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC) University of Science and Technology of China (USTC) 11/20/2013 Overview Predicate logic over integer expressions: a language of logical assertions, for example x. x + 0 = x Why discuss predicate logic?

More information

Cut-elimination for Provability Logic GL

Cut-elimination for Provability Logic GL Cut-elimination for Provability Logic GL Rajeev Goré and Revantha Ramanayake Computer Sciences Laboratory The Australian National University { Rajeev.Gore, revantha }@rsise.anu.edu.au Abstract. In 1983,

More information

A simple proof that super-consistency implies cut elimination

A simple proof that super-consistency implies cut elimination A simple proof that super-consistency implies cut elimination Gilles Dowek 1 and Olivier Hermant 2 1 École polytechnique and INRIA, LIX, École polytechnique, 91128 Palaiseau Cedex, France gilles.dowek@polytechnique.edu

More information

5. The Logical Framework

5. The Logical Framework 5. The Logical Framework (a) Judgements. (b) Basic form of rules. (c) The non-dependent function type and product. (d) Structural rules. (Omitted 2008). (e) The dependent function set and -quantification.

More information

Reasoning with Higher-Order Abstract Syntax and Contexts: A Comparison

Reasoning with Higher-Order Abstract Syntax and Contexts: A Comparison 1 Reasoning with Higher-Order Abstract Syntax and Contexts: A Comparison Amy Felty University of Ottawa July 13, 2010 Joint work with Brigitte Pientka, McGill University 2 Comparing Systems We focus on

More information

Consequence Relations and Natural Deduction

Consequence Relations and Natural Deduction Consequence Relations and Natural Deduction Joshua D. Guttman Worcester Polytechnic Institute September 9, 2010 Contents 1 Consequence Relations 1 2 A Derivation System for Natural Deduction 3 3 Derivations

More information

Minimal logic for computable functionals

Minimal logic for computable functionals Minimal logic for computable functionals Helmut Schwichtenberg Mathematisches Institut der Universität München Contents 1. Partial continuous functionals 2. Total and structure-total functionals 3. Terms;

More information

The Locally Nameless Representation

The Locally Nameless Representation Noname manuscript No. (will be inserted by the editor) The Locally Nameless Representation Arthur Charguéraud Received: date / Accepted: date Abstract This paper provides an introduction to the locally

More information

A simplified proof of arithmetical completeness theorem for provability logic GLP

A simplified proof of arithmetical completeness theorem for provability logic GLP A simplified proof of arithmetical completeness theorem for provability logic GLP L. Beklemishev Steklov Mathematical Institute Gubkina str. 8, 119991 Moscow, Russia e-mail: bekl@mi.ras.ru March 11, 2011

More information

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications NICTA Advanced Course Theorem Proving Principles, Techniques, Applications λ 1 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic, natural

More information

Soundness Theorem for System AS1

Soundness Theorem for System AS1 10 The Soundness Theorem for System AS1 1. Introduction...2 2. Soundness, Completeness, and Mutual Consistency...2 3. The Weak Soundness Theorem...4 4. The Strong Soundness Theorem...6 5. Appendix: Supporting

More information

Formalising the Completeness Theorem of Classical Propositional Logic in Agda (Proof Pearl)

Formalising the Completeness Theorem of Classical Propositional Logic in Agda (Proof Pearl) Formalising the Completeness Theorem of Classical Propositional Logic in Agda (Proof Pearl) Leran Cai, Ambrus Kaposi, and Thorsten Altenkirch University of Nottingham {psylc5, psxak8, psztxa}@nottingham.ac.uk

More information

LTCS Report. A finite basis for the set of EL-implications holding in a finite model

LTCS Report. A finite basis for the set of EL-implications holding in a finite model Dresden University of Technology Institute for Theoretical Computer Science Chair for Automata Theory LTCS Report A finite basis for the set of EL-implications holding in a finite model Franz Baader, Felix

More information

Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types

Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types Lars Birkedal IT University of Copenhagen Joint work with Kristian Støvring and Jacob Thamsborg Oct, 2008 Lars

More information

Consequence Relations and Natural Deduction

Consequence Relations and Natural Deduction Consequence Relations and Natural Deduction Joshua D Guttman Worcester Polytechnic Institute September 16, 2010 Contents 1 Consequence Relations 1 2 A Derivation System for Natural Deduction 3 3 Derivations

More information

An Overview of Residuated Kleene Algebras and Lattices Peter Jipsen Chapman University, California. 2. Background: Semirings and Kleene algebras

An Overview of Residuated Kleene Algebras and Lattices Peter Jipsen Chapman University, California. 2. Background: Semirings and Kleene algebras An Overview of Residuated Kleene Algebras and Lattices Peter Jipsen Chapman University, California 1. Residuated Lattices with iteration 2. Background: Semirings and Kleene algebras 3. A Gentzen system

More information

Step-indexed models of call-by-name: a tutorial example

Step-indexed models of call-by-name: a tutorial example Step-indexed models of call-by-name: a tutorial example Aleš Bizjak 1 and Lars Birkedal 1 1 Aarhus University {abizjak,birkedal}@cs.au.dk June 19, 2014 Abstract In this tutorial paper we show how to construct

More information

The Importance of Being Formal. Martin Henz. February 5, Propositional Logic

The Importance of Being Formal. Martin Henz. February 5, Propositional Logic The Importance of Being Formal Martin Henz February 5, 2014 Propositional Logic 1 Motivation In traditional logic, terms represent sets, and therefore, propositions are limited to stating facts on sets

More information

Elimination of binary choice sequences

Elimination of binary choice sequences Elimination of binary choice sequences Tatsuji Kawai Japan Advanced Institute of Science and Technology JSPS Core-to-Core Program Workshop on Mathematical Logic and its Application 16 17 September 2016,

More information

Interpolation in Logics with Constructors

Interpolation in Logics with Constructors Interpolation in Logics with Constructors Daniel Găină Japan Advanced Institute of Science and Technology School of Information Science Abstract We present a generic method for establishing the interpolation

More information

Mathematics 114L Spring 2018 D.A. Martin. Mathematical Logic

Mathematics 114L Spring 2018 D.A. Martin. Mathematical Logic Mathematics 114L Spring 2018 D.A. Martin Mathematical Logic 1 First-Order Languages. Symbols. All first-order languages we consider will have the following symbols: (i) variables v 1, v 2, v 3,... ; (ii)

More information

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw Applied Logic Lecture 1 - Propositional logic Marcin Szczuka Institute of Informatics, The University of Warsaw Monographic lecture, Spring semester 2017/2018 Marcin Szczuka (MIMUW) Applied Logic 2018

More information

Every formula evaluates to either \true" or \false." To say that the value of (x = y) is true is to say that the value of the term x is the same as th

Every formula evaluates to either \true or \false. To say that the value of (x = y) is true is to say that the value of the term x is the same as th A Quick and Dirty Sketch of a Toy Logic J Strother Moore January 9, 2001 Abstract For the purposes of this paper, a \logic" consists of a syntax, a set of axioms and some rules of inference. We dene a

More information

An Introduction to Modal Logic III

An Introduction to Modal Logic III An Introduction to Modal Logic III Soundness of Normal Modal Logics Marco Cerami Palacký University in Olomouc Department of Computer Science Olomouc, Czech Republic Olomouc, October 24 th 2013 Marco Cerami

More information

Typing λ-terms. Types. Typed λ-terms. Base Types. The Typing Relation. Advanced Formal Methods. Lecture 3: Simply Typed Lambda calculus

Typing λ-terms. Types. Typed λ-terms. Base Types. The Typing Relation. Advanced Formal Methods. Lecture 3: Simply Typed Lambda calculus Course 2D1453, 200607 Advanced Formal Methods Lecture 3: Simply Typed Lambda calculus Mads Dam KTH/CSC Some material from B. Pierce: TAPL + some from G. Klein, NICTA Typing λterms The uptyped λcalculus

More information

SUBLATTICES OF LATTICES OF ORDER-CONVEX SETS, III. THE CASE OF TOTALLY ORDERED SETS

SUBLATTICES OF LATTICES OF ORDER-CONVEX SETS, III. THE CASE OF TOTALLY ORDERED SETS SUBLATTICES OF LATTICES OF ORDER-CONVEX SETS, III. THE CASE OF TOTALLY ORDERED SETS MARINA SEMENOVA AND FRIEDRICH WEHRUNG Abstract. For a partially ordered set P, let Co(P) denote the lattice of all order-convex

More information

Kleene realizability and negative translations

Kleene realizability and negative translations Q E I U G I C Kleene realizability and negative translations Alexandre Miquel O P. D E. L Ō A U D E L A R April 21th, IMERL Plan 1 Kleene realizability 2 Gödel-Gentzen negative translation 3 Lafont-Reus-Streicher

More information

VAUGHT S THEOREM: THE FINITE SPECTRUM OF COMPLETE THEORIES IN ℵ 0. Contents

VAUGHT S THEOREM: THE FINITE SPECTRUM OF COMPLETE THEORIES IN ℵ 0. Contents VAUGHT S THEOREM: THE FINITE SPECTRUM OF COMPLETE THEORIES IN ℵ 0 BENJAMIN LEDEAUX Abstract. This expository paper introduces model theory with a focus on countable models of complete theories. Vaught

More information

Truth-Functional Logic

Truth-Functional Logic Truth-Functional Logic Syntax Every atomic sentence (A, B, C, ) is a sentence and are sentences With ϕ a sentence, the negation ϕ is a sentence With ϕ and ψ sentences, the conjunction ϕ ψ is a sentence

More information

COMP 409: Logic Homework 5

COMP 409: Logic Homework 5 COMP 409: Logic Homework 5 Note: The pages below refer to the text from the book by Enderton. 1. Exercises 1-6 on p. 78. 1. Translate into this language the English sentences listed below. If the English

More information

An Introduction to Logical Relations Proving Program Properties Using Logical Relations

An Introduction to Logical Relations Proving Program Properties Using Logical Relations An Introduction to Logical Relations Proving Program Properties Using Logical Relations Lau Skorstengaard lask@cs.au.dk July 27, 2018 Contents 1 Introduction 2 1.1 Simply Typed Lambda Calculus....................

More information

Relations to first order logic

Relations to first order logic An Introduction to Description Logic IV Relations to first order logic Marco Cerami Palacký University in Olomouc Department of Computer Science Olomouc, Czech Republic Olomouc, November 6 th 2014 Marco

More information

Handout: Proof of the completeness theorem

Handout: Proof of the completeness theorem MATH 457 Introduction to Mathematical Logic Spring 2016 Dr. Jason Rute Handout: Proof of the completeness theorem Gödel s Compactness Theorem 1930. For a set Γ of wffs and a wff ϕ, we have the following.

More information

Propositional and Predicate Logic - V

Propositional and Predicate Logic - V Propositional and Predicate Logic - V Petr Gregor KTIML MFF UK WS 2016/2017 Petr Gregor (KTIML MFF UK) Propositional and Predicate Logic - V WS 2016/2017 1 / 21 Formal proof systems Hilbert s calculus

More information

Coinductive big-step operational semantics

Coinductive big-step operational semantics Coinductive big-step operational semantics Xavier Leroy a, Hervé Grall b a INRIA Paris-Rocquencourt Domaine de Voluceau, B.P. 105, 78153 Le Chesnay, France b École des Mines de Nantes La Chantrerie, 4,

More information

A Logical Formulation of the Granular Data Model

A Logical Formulation of the Granular Data Model 2008 IEEE International Conference on Data Mining Workshops A Logical Formulation of the Granular Data Model Tuan-Fang Fan Department of Computer Science and Information Engineering National Penghu University

More information

Propositional Logic: Part II - Syntax & Proofs 0-0

Propositional Logic: Part II - Syntax & Proofs 0-0 Propositional Logic: Part II - Syntax & Proofs 0-0 Outline Syntax of Propositional Formulas Motivating Proofs Syntactic Entailment and Proofs Proof Rules for Natural Deduction Axioms, theories and theorems

More information

Programming Languages Fall 2013

Programming Languages Fall 2013 Programming Languages Fall 2013 Lecture 11: Subtyping Prof Liang Huang huang@qccscunyedu Big Picture Part I: Fundamentals Functional Programming and Basic Haskell Proof by Induction and Structural Induction

More information

Propositional and Predicate Logic - VII

Propositional and Predicate Logic - VII Propositional and Predicate Logic - VII Petr Gregor KTIML MFF UK WS 2015/2016 Petr Gregor (KTIML MFF UK) Propositional and Predicate Logic - VII WS 2015/2016 1 / 11 Theory Validity in a theory A theory

More information

Löwenheim-Skolem Theorems, Countable Approximations, and L ω. David W. Kueker (Lecture Notes, Fall 2007)

Löwenheim-Skolem Theorems, Countable Approximations, and L ω. David W. Kueker (Lecture Notes, Fall 2007) Löwenheim-Skolem Theorems, Countable Approximations, and L ω 0. Introduction David W. Kueker (Lecture Notes, Fall 2007) In its simplest form the Löwenheim-Skolem Theorem for L ω1 ω states that if σ L ω1

More information

A Tableau Calculus for Minimal Modal Model Generation

A Tableau Calculus for Minimal Modal Model Generation M4M 2011 A Tableau Calculus for Minimal Modal Model Generation Fabio Papacchini 1 and Renate A. Schmidt 2 School of Computer Science, University of Manchester Abstract Model generation and minimal model

More information

CS522 - Programming Language Semantics

CS522 - Programming Language Semantics 1 CS522 - Programming Language Semantics Simply Typed Lambda Calculus Grigore Roşu Department of Computer Science University of Illinois at Urbana-Champaign 2 We now discuss a non-trivial extension of

More information

DISJOINT-UNION PARTIAL ALGEBRAS

DISJOINT-UNION PARTIAL ALGEBRAS Logical Methods in Computer Science Vol. 13(2:10)2017, pp. 1 31 https://lmcs.episciences.org/ Submitted Dec. 07, 2016 Published Jun. 22, 2017 DISJOINT-UNION PARTIAL ALGEBRAS ROBIN HIRSCH AND BRETT MCLEAN

More information

185.A09 Advanced Mathematical Logic

185.A09 Advanced Mathematical Logic 185.A09 Advanced Mathematical Logic www.volny.cz/behounek/logic/teaching/mathlog13 Libor Běhounek, behounek@cs.cas.cz Lecture #1, October 15, 2013 Organizational matters Study materials will be posted

More information

Preliminaries. Introduction to EF-games. Inexpressivity results for first-order logic. Normal forms for first-order logic

Preliminaries. Introduction to EF-games. Inexpressivity results for first-order logic. Normal forms for first-order logic Introduction to EF-games Inexpressivity results for first-order logic Normal forms for first-order logic Algorithms and complexity for specific classes of structures General complexity bounds Preliminaries

More information

Principal-Centric Reasoning in Constructive Authorization Logic

Principal-Centric Reasoning in Constructive Authorization Logic Principal-Centric Reasoning in Constructive Authorization Logic Deepak Garg Revised February 09, 2009 CMU-CS-09-120 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 e-mail: dg@cs.cmu.edu

More information

Madhavan Mukund Chennai Mathematical Institute

Madhavan Mukund Chennai Mathematical Institute AN INTRODUCTION TO LOGIC Madhavan Mukund Chennai Mathematical Institute E-mail: madhavan@cmiacin Abstract ese are lecture notes for an introductory course on logic aimed at graduate students in Computer

More information

Notation for Logical Operators:

Notation for Logical Operators: Notation for Logical Operators: always true always false... and...... or... if... then...... if-and-only-if... x:x p(x) x:x p(x) for all x of type X, p(x) there exists an x of type X, s.t. p(x) = is equal

More information

hal , version 1-21 Oct 2009

hal , version 1-21 Oct 2009 ON SKOLEMISING ZERMELO S SET THEORY ALEXANDRE MIQUEL Abstract. We give a Skolemised presentation of Zermelo s set theory (with notations for comprehension, powerset, etc.) and show that this presentation

More information

AN ALTERNATIVE NATURAL DEDUCTION FOR THE INTUITIONISTIC PROPOSITIONAL LOGIC

AN ALTERNATIVE NATURAL DEDUCTION FOR THE INTUITIONISTIC PROPOSITIONAL LOGIC Bulletin of the Section of Logic Volume 45/1 (2016), pp 33 51 http://dxdoiorg/1018778/0138-068045103 Mirjana Ilić 1 AN ALTERNATIVE NATURAL DEDUCTION FOR THE INTUITIONISTIC PROPOSITIONAL LOGIC Abstract

More information

Resolution for Predicate Logic

Resolution for Predicate Logic Resolution for Predicate Logic The connection between general satisfiability and Herbrand satisfiability provides the basis for a refutational approach to first-order theorem proving. Validity of a first-order

More information

Introduction to Metalogic

Introduction to Metalogic Introduction to Metalogic Hans Halvorson September 21, 2016 Logical grammar Definition. A propositional signature Σ is a collection of items, which we call propositional constants. Sometimes these propositional

More information

Operational Semantics Using the Partiality Monad

Operational Semantics Using the Partiality Monad page.1 Operational Semantics Using the Partiality Monad Nils Anders Danielsson (Göteborg) Shonan Meeting 026: Coinduction for computation structures and programming languages The research leading to these

More information

Structuring the verification of heap-manipulating programs

Structuring the verification of heap-manipulating programs Structuring the verification of heap-manipulating programs Aleksandar Nanevski (IMDEA Madrid) Viktor Vafeiadis (MSR / Univ. of Cambridge) Josh Berdine (MSR Cambridge) Hoare/Separation Logic Hoare logic

More information

From pre-models to models

From pre-models to models From pre-models to models normalization by Heyting algebras Olivier HERMANT 18 Mars 2008 Deduction System : natural deduction (NJ) first-order logic: function and predicate symbols, logical connectors:,,,,

More information

A Monadic Analysis of Information Flow Security with Mutable State

A Monadic Analysis of Information Flow Security with Mutable State A Monadic Analysis of Information Flow Security with Mutable State Karl Crary Aleksey Kliger Frank Pfenning July 2003 CMU-CS-03-164 School of Computer Science Carnegie Mellon University Pittsburgh, PA

More information

Lecture Notes on Heyting Arithmetic

Lecture Notes on Heyting Arithmetic Lecture Notes on Heyting Arithmetic 15-317: Constructive Logic Frank Pfenning Lecture 8 September 21, 2017 1 Introduction In this lecture we discuss the data type of natural numbers. They serve as a prototype

More information

Proof Theoretical Studies on Semilattice Relevant Logics

Proof Theoretical Studies on Semilattice Relevant Logics Proof Theoretical Studies on Semilattice Relevant Logics Ryo Kashima Department of Mathematical and Computing Sciences Tokyo Institute of Technology Ookayama, Meguro, Tokyo 152-8552, Japan. e-mail: kashima@is.titech.ac.jp

More information

On the Complexity of the Reflected Logic of Proofs

On the Complexity of the Reflected Logic of Proofs On the Complexity of the Reflected Logic of Proofs Nikolai V. Krupski Department of Math. Logic and the Theory of Algorithms, Faculty of Mechanics and Mathematics, Moscow State University, Moscow 119899,

More information

Propositional Logic. CS 3234: Logic and Formal Systems. Martin Henz and Aquinas Hobor. August 26, Generated on Tuesday 31 August, 2010, 16:54

Propositional Logic. CS 3234: Logic and Formal Systems. Martin Henz and Aquinas Hobor. August 26, Generated on Tuesday 31 August, 2010, 16:54 Propositional Logic CS 3234: Logic and Formal Systems Martin Henz and Aquinas Hobor August 26, 2010 Generated on Tuesday 31 August, 2010, 16:54 1 Motivation In traditional logic, terms represent sets,

More information

Mathematical Logic. Reasoning in First Order Logic. Chiara Ghidini. FBK-IRST, Trento, Italy

Mathematical Logic. Reasoning in First Order Logic. Chiara Ghidini. FBK-IRST, Trento, Italy Reasoning in First Order Logic FBK-IRST, Trento, Italy April 12, 2013 Reasoning tasks in FOL Model checking Question: Is φ true in the interpretation I with the assignment a? Answer: Yes if I = φ[a]. No

More information

Applied Logic for Computer Scientists. Answers to Some Exercises

Applied Logic for Computer Scientists. Answers to Some Exercises Applied Logic for Computer Scientists Computational Deduction and Formal Proofs Springer, 2017 doi: http://link.springer.com/book/10.1007%2f978-3-319-51653-0 Answers to Some Exercises Mauricio Ayala-Rincón

More information

Axiomatisation of Hybrid Logic

Axiomatisation of Hybrid Logic Imperial College London Department of Computing Axiomatisation of Hybrid Logic by Louis Paternault Submitted in partial fulfilment of the requirements for the MSc Degree in Advanced Computing of Imperial

More information

Algebraizing Hybrid Logic. Evangelos Tzanis University of Amsterdam Institute of Logic, Language and Computation

Algebraizing Hybrid Logic. Evangelos Tzanis University of Amsterdam Institute of Logic, Language and Computation Algebraizing Hybrid Logic Evangelos Tzanis University of Amsterdam Institute of Logic, Language and Computation etzanis@science.uva.nl May 1, 2005 2 Contents 1 Introduction 5 1.1 A guide to this thesis..........................

More information

Axioms of Kleene Algebra

Axioms of Kleene Algebra Introduction to Kleene Algebra Lecture 2 CS786 Spring 2004 January 28, 2004 Axioms of Kleene Algebra In this lecture we give the formal definition of a Kleene algebra and derive some basic consequences.

More information

Propositional and Predicate Logic. jean/gbooks/logic.html

Propositional and Predicate Logic. jean/gbooks/logic.html CMSC 630 February 10, 2009 1 Propositional and Predicate Logic Sources J. Gallier. Logic for Computer Science, John Wiley and Sons, Hoboken NJ, 1986. 2003 revised edition available on line at http://www.cis.upenn.edu/

More information

Combined Satisfiability Modulo Parametric Theories

Combined Satisfiability Modulo Parametric Theories Intel 07 p.1/39 Combined Satisfiability Modulo Parametric Theories Sava Krstić*, Amit Goel*, Jim Grundy*, and Cesare Tinelli** *Strategic CAD Labs, Intel **The University of Iowa Intel 07 p.2/39 This Talk

More information

Lecture Notes on Inductive Definitions

Lecture Notes on Inductive Definitions Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 September 2, 2004 These supplementary notes review the notion of an inductive definition and

More information

Lecture Notes on Data Abstraction

Lecture Notes on Data Abstraction Lecture Notes on Data Abstraction 15-814: Types and Programming Languages Frank Pfenning Lecture 14 October 23, 2018 1 Introduction Since we have moved from the pure λ-calculus to functional programming

More information

A New Look At Generalized Rewriting in Type Theory

A New Look At Generalized Rewriting in Type Theory A New Look At Generalized Rewriting in Type Theory Matthieu Sozeau Harvard University TYPES 09 May 13th 2009 Aussois, France Generalized Rewriting Equational reasoning x = y - x + 1 ==> y + 1 Logical reasoning

More information

Mechanizing Metatheory in a Logical Framework

Mechanizing Metatheory in a Logical Framework Under consideration for publication in J. Functional Programming 1 Mechanizing Metatheory in a Logical Framework Robert Harper and Daniel R. Licata Carnegie Mellon University (e-mail: {rwh,drl}@cs.cmu.edu)

More information

State-Dependent Representation Independence (Technical Appendix)

State-Dependent Representation Independence (Technical Appendix) State-Dependent Representation Independence (Technical Appendix) Amal Ahmed Derek Dreyer Andreas Rossberg TTI-C MPI-SWS MPI-SWS amal@tti-c.org dreyer@mpi-sws.mpg.de rossberg@mpi-sws.mpg.de Contents August

More information

General methods in proof theory for modal logic - Lecture 1

General methods in proof theory for modal logic - Lecture 1 General methods in proof theory for modal logic - Lecture 1 Björn Lellmann and Revantha Ramanayake TU Wien Tutorial co-located with TABLEAUX 2017, FroCoS 2017 and ITP 2017 September 24, 2017. Brasilia.

More information

SEPARABLE MODELS OF RANDOMIZATIONS

SEPARABLE MODELS OF RANDOMIZATIONS SEPARABLE MODELS OF RANDOMIZATIONS URI ANDREWS AND H. JEROME KEISLER Abstract. Every complete first order theory has a corresponding complete theory in continuous logic, called the randomization theory.

More information

VC-DENSITY FOR TREES

VC-DENSITY FOR TREES VC-DENSITY FOR TREES ANTON BOBKOV Abstract. We show that for the theory of infinite trees we have vc(n) = n for all n. VC density was introduced in [1] by Aschenbrenner, Dolich, Haskell, MacPherson, and

More information

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms First-Order Logic 1 Syntax Domain of Discourse The domain of discourse for first order logic is FO structures or models. A FO structure contains Relations Functions Constants (functions of arity 0) FO

More information

Complete Axiomatization of Discrete-Measure Almost-Everywhere Quantification

Complete Axiomatization of Discrete-Measure Almost-Everywhere Quantification Complete Axiomatization of Discrete-Measure Almost-Everywhere Quantification Luís Cruz-Filipe 1 João Rasga 2 Amílcar Sernadas 2 Cristina Sernadas 2 1 LASIGE and Dep. Informática, FC, U Lisbon, Portugal

More information

Existential Second-Order Logic and Modal Logic with Quantified Accessibility Relations

Existential Second-Order Logic and Modal Logic with Quantified Accessibility Relations Existential Second-Order Logic and Modal Logic with Quantified Accessibility Relations preprint Lauri Hella University of Tampere Antti Kuusisto University of Bremen Abstract This article investigates

More information

Peano Arithmetic. CSC 438F/2404F Notes (S. Cook) Fall, Goals Now

Peano Arithmetic. CSC 438F/2404F Notes (S. Cook) Fall, Goals Now CSC 438F/2404F Notes (S. Cook) Fall, 2008 Peano Arithmetic Goals Now 1) We will introduce a standard set of axioms for the language L A. The theory generated by these axioms is denoted PA and called Peano

More information

3 Propositional Logic

3 Propositional Logic 3 Propositional Logic 3.1 Syntax 3.2 Semantics 3.3 Equivalence and Normal Forms 3.4 Proof Procedures 3.5 Properties Propositional Logic (25th October 2007) 1 3.1 Syntax Definition 3.0 An alphabet Σ consists

More information

Deriving natural deduction rules from truth tables (Extended version)

Deriving natural deduction rules from truth tables (Extended version) Deriving natural deduction rules from truth tables (Extended version) Herman Geuvers 1 and Tonny Hurkens 2 1 Radboud University & Technical University Eindhoven, The Netherlands herman@cs.ru.nl Abstract

More information

Syntactic Characterisations in Model Theory

Syntactic Characterisations in Model Theory Department of Mathematics Bachelor Thesis (7.5 ECTS) Syntactic Characterisations in Model Theory Author: Dionijs van Tuijl Supervisor: Dr. Jaap van Oosten June 15, 2016 Contents 1 Introduction 2 2 Preliminaries

More information

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052

More information

Propositional Logics and their Algebraic Equivalents

Propositional Logics and their Algebraic Equivalents Propositional Logics and their Algebraic Equivalents Kyle Brooks April 18, 2012 Contents 1 Introduction 1 2 Formal Logic Systems 1 2.1 Consequence Relations......................... 2 3 Propositional Logic

More information

Proof Theory of Induction

Proof Theory of Induction 1/ 70 Proof Theory of Induction Stefan Hetzl Institute of Discrete Mathematics and Geometry Vienna University of Technology Summer School for Proof Theory in First-Order Logic Funchal, Madeira August 2017

More information

Principles of AI Planning

Principles of AI Planning Principles of 5. Planning as search: progression and regression Malte Helmert and Bernhard Nebel Albert-Ludwigs-Universität Freiburg May 4th, 2010 Planning as (classical) search Introduction Classification

More information

INSTANTIAL NEIGHBOURHOOD LOGIC

INSTANTIAL NEIGHBOURHOOD LOGIC INSTANTIAL NEIGHBOURHOOD LOGIC JOHAN VAN BENTHEM, NICK BEZHANISHVILI, SEBASTIAN ENQVIST, JUNHUA YU Abstract. This paper explores a new language of neighbourhood structures where existential information

More information

Lecture Notes on Sequent Calculus

Lecture Notes on Sequent Calculus Lecture Notes on Sequent Calculus 15-816: Modal Logic Frank Pfenning Lecture 8 February 9, 2010 1 Introduction In this lecture we present the sequent calculus and its theory. The sequent calculus was originally

More information

A New Look at Generalized Rewriting in Type Theory

A New Look at Generalized Rewriting in Type Theory A New Look at Generalized Rewriting in Type Theory Matthieu Sozeau Harvard University 1st Coq Workshop August 21th 2009 Munich, Germany Generalized Rewriting Equational reasoning x = y - x + 1 ==> y +

More information

Congruence Boolean Lifting Property

Congruence Boolean Lifting Property Congruence Boolean Lifting Property George GEORGESCU and Claudia MUREŞAN University of Bucharest Faculty of Mathematics and Computer Science Academiei 14, RO 010014, Bucharest, Romania Emails: georgescu.capreni@yahoo.com;

More information

Type Theory and Constructive Mathematics. Type Theory and Constructive Mathematics Thierry Coquand. University of Gothenburg

Type Theory and Constructive Mathematics. Type Theory and Constructive Mathematics Thierry Coquand. University of Gothenburg Type Theory and Constructive Mathematics Type Theory and Constructive Mathematics Thierry Coquand University of Gothenburg Content An introduction to Voevodsky s Univalent Foundations of Mathematics The

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback