An alternate proof of Statman's finite completeness theorem

HAL Id: hal-00660832

https://hal.archives-ouvertes.fr/hal-00660832

Preprint submitted on 17 Jan 2012

HAL

is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire

destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

An alternate proof of Statman’s finite completeness theorem

B. Srivathsan, Igor Walukiewicz

To cite this version:

B. Srivathsan, Igor Walukiewicz. An alternate proof of Statman’s finite completeness theorem. 2010.

�hal-00660832�

An alternate proof of Statman’s finite completeness theorem

B. Srivathsan, Igor Walukiewicz

LaBRI, Universit´e de Bordeaux, 351 cours de la lib´eration, 33400 Talence, France

Abstract

Statman’s finite completeness theoremsays that for every pair of non-equivalent terms of simply-typed lamda-calculus there is a model that separates them. A direct method of constructing this model is provided using a simple induction on the B¨ohm tree of the term.

Keywords: Simply typed lambda calculus, formal semantics, theory of computation

1. Introduction

Statman’s finite completeness theorem [5, 6] shows that standard models are strong enough to separate terms, uptoβηreductions. It states that given a simply typed lambda termM, there exists a finitestandard model [1] such that for every termN that is notβη-equivalent toM there is a variable assignement separating the two terms: making their values in the model different. At the time of publication of this work, a crucial corollary of this theorem, again proved in [5, 6], was that theλ-definability conjecture implies the higher order matching conjecture [5, 6, 7]. However,λ-definability was shown to be undecidable later by Loader in [2].

The first proof of this theorem appeared in [5]. It was explained in more detail in [6] since the previous proof was considered “not accessible to readers not familiar with this subject” [6]. The proof proceeds by definining a suitable syntactic equivalence over the lambda terms. The required model is then the set of lambda terms quotient with respect to this equivalence.

Salvati in [4] proves thatsingleton sets, that is sets of the form{N|N =βη M} can be characterized by suitableintersection types. In another paper [3], Salvati gives a notion of recognizability of languages of lambda terms based on these intersection types. Additionally, another definition of recognizability is also provided using finite standard models in the same work, and it is shown to be equivalent to the recognizability in terms of intersection types. This provides an alternate proof to Statman’s finite completeness theorem.

In this paper, we give yet another proof of this theorem. Our proof carries a semantic flavour, constructing the required model for a termM step-by-step,

by performing an induction on the B¨ohm tree of the η-long β normal form of M. The B¨ohm trees are the only syntactic tools used. This proof is very direct, especially in comparison to the existing proofs mentioned above. The proof also gives a slightly stronger result: for every term M there is a model and a valuation such that ifN evaluates to the same value asM thenM =βη N.

In Section 2, we give the necessary preliminaries. In Section 3, we define the notion of anextended model, and explain the relation between the elements of the initial model and the extended model. Section 4 contains our proof of the finite completeness theorem.

2. Simply typed λ-calculus

The set oftypes T is constructed from a uniquebasic type 0 using a binary operator →. Thus 0 is the unique basic type, and if α, β are types, then α→ β is also a type. The order of a type is defined by: order(0) = 1, and order(α→β) =max(1 +order(α), order(β)).

The set of simply typed λ terms is defined inductively as follows. For each typeα, there is a countable set of variables x^α, y^α, . . . which are also terms of typeα. IfM is a term of typeβ and xis a variable of typeα, thenλx^α.M is a term of typeα→β. Such a term is called aλ-abstraction. IfM is a term of typeα→β andN is a term of typeαthenM N is a term of typeβ. Terms of this kind are calledapplications.

Astandard finite model Dis a family of finite sets (D_α)_α∈T indexed by the set of types. Dis determined byD₀ which is a finite set of elements of type 0.

For typesα,β, the setD_α→β is the set of functions fromD_αtoD_β.

Avariable assignmentis a function assigning to every variablex^αan element ofD_α. Ifdis an element ofD_αandx^αis a variable of typeα,v[d/x^α] denotes the variable assignment which assignsdtox^αand is identical tov otherwise.

Theinterpretation of a simply typedλ-termM in the modelDand variable assignmentvis defined inductively:

• [[x^α]]^v_D=v(x^α)

• [[M N]]^v_D = [[M]]^v_D[[N]]^v_D

• [[λx^α.M]]^v_D is a function mappingd∈Dαto [[M]]^v[d/x

α] D

We recall the two types of reduction over simply typedλterms.

β-reduction (λx.M)N→βM[N/x]

η-reduction (λx.M x)→ηM, providedxis not free inM.

A lambda term in long normal form is of the shape λ~x.zM1. . . Mk where M1, . . . , Mk are in long normal form,z is a variable, the termzM1. . . Mk is of type 0 and the sequenceλ~xmight be empty.

For a lambda termM in long normal form, its B¨ohm tree,BT(M) is defined inductively as follows. IfM =λ~x.zM1. . . Mk, withzbeing a variable, then the root ofBT(M) is labeledλ~x.zand it hasBT(M1) toBT(Mk) as its children.

2

M is said to beuniquely determinedin a modelDwith a variable assignment vif for all lambda terms N, [[N]]^v_D= [[M]]^v_D iffN =βη M.

In the following sections, we prove Statman’s finite completeness theorem in a slighlty stronger form:

Theorem 1 For everyλ-termM, there exists a finite model Dand a variable assignmentv such that M is uniquely determined in Dandv.

To prove this theorem, we consider a lambda term in long normal form.

We construct a model in which all its subterms are uniquely determined. An additional element is added and the interpretations then altered to make the lambda term interpret uniquely to this newly added element.

3. Extended model

Consider a lambda term M of type 0. Let D be a standard finite model andv a variable assignment, so that [[M]]^v_D =e, with e∈D₀. In general, there exist many lambda terms that interpret to e. Our objective is to add a new element toD0and makeM interpret to this new element. In addition, the other lambda terms of type 0 should interpret as before. This would ensure thatM interprets uniquely to this new element. Intuitively, the other lambda terms should not “notice” a difference betweene and this new element. We call this new elementeclone. Given a model D= (Dα)_α∈T and an elemente∈D0, the extended model D^e= (D^e_α)_α∈T is the model determined byD₀^e=D0] {eclone}.

As a consequence of adding this extra element, many new higher order functions are generated. Hence we force theλ-terms to interpret to those functions that behave identically oneclone and one. In the subsequent sections, we study this newextended model and furnish a variable assignment so thatM gets uniquely interpreted toe_clone.

3.1. Relating the models

Consider the functionf ∈D0→0 shown in Figure 1. The same figure shows some functions in the extended modelD^e. The functionf₁⁰ acts the same way as f on all the common elements. However,f₁⁰(eclone) is not equal tof₁⁰(e) which is undesirable. Hence we would like to ignore such a function. The functionf₂⁰ on the other hand acts the same way asf on all the common elements and in additionf₂⁰(e_clone) is equal tof₂⁰(e). We consider f₂⁰ as the representative off in D^e. An interesting case is given byf₃⁰ that instead of mapping the element toemaps it toe_clone. By the intuition thate_cloneisequivalent toe, we wish to say thatf₃⁰ isequivalent to f₂⁰.

We define two notions to relate the elements of the extended model D^e to elements of the original modelD:

• an injection functioninαα→D^e_αthat for every elementf ∈Dα gives its representative f⁰∈D^e_α,

D0 D0

e e

f

D^e0 D^e0 e

e_clone

e e_clone f₁⁰

D0^e D0^e e

e_clone

e e_clone f₂⁰

D^e₀ D^e₀

e e_clone

e e_clone f₃⁰

Figure 1: Higher order functions in the extended modelD^e

• an equivalence relation ↔α over D_α^e that groups e and eclone at type 0 and propagates this basic equivalence to higher order functions.

In general, we would like to visualize each setD_α^e as shown in Figure 2.

Before formally defining these notions we designate anull element for every type.

Definition 2 Thenull element∆0is any arbitrary element ofD^e₀different from eclone. For a typeα→β, element ∆α→βis the constant function mapping every element to ∆β.

The definitions of in_α and ↔α are mutually dependent. For an element d⁰ in D^e_α, let [d⁰] denote the equivalence class of d⁰ with respect to ↔α. For a higher order type α → β and for a function f ∈ D_α→β, in_α→β(f) maps every element d⁰ in [in_α(d)] to in_β(f(d)). We say that a functionf⁰ ∈D_α→β^e simulatesa functionf ∈D_α→β, written assim(f⁰, f) iff⁰maps every element in an equivalence class [in_α(d)] to an element in the equivalence class [in_β(f(d))].

These notions are pictorially represented in Figure 3. The equivalence relation

↔_α→βgroups functions ofD^ethatsimulatethe same function ofD. The formal definitions follow.

Definition 3 inα,simα,↔α

4

Dα D_α^e

d1

d₂ d₃

[in_α(d₁)]

[inα(d2)]

[in_α(d₃)]

equivalence class representing elements that can be ignored

Figure 2: Visualizing a set in the extended model

• in₀,sim₀, ↔₀

– in0:D0→D^e₀ is the identity.

– sim0(d, d) for every elementd∈D0.

– ↔0 is the smallest equivalence containinge↔0eclone.

• inα→β

For an elementf ∈Dα→β, inα→β(f) is a functionf⁰ ∈D_α→β^e such that for all elementsd⁰∈D_α^e,

f⁰(d⁰) =

(in_β(f(d)) ifd⁰∈[in_α(d)]

∆β otherwise

• sim_α→β

Forf ∈D_α→β, f⁰∈D_α→β^e , we sayf⁰ simulates f, written as sim(f⁰, f), if for alld∈D_α, for alld⁰∈[in_α(d)]: f⁰(d⁰)↔_β in_β(f(d)).

• ↔_α→β

Forf⁰, g⁰∈D_α→β^e ,f⁰↔_α→βg⁰ if for allh∈D_α→β, sim(f⁰, h)⇔sim(g⁰, h).

Remark 4 Subsequently, we drop the type subscript ininα, simαand↔αsince it is the same as the type of the elements associated.

Lemma 5 For everyd∈ D,in(d)simulates d.

Proof

The lemma is direct for type 0. For a higher order functionf ∈D_α→β, it follows

from the definitions.

Lemma 6 Ford, d1, d2∈Dα andd⁰ ∈D_α^e, 1. sim(d⁰, d1) andsim(d⁰, d2) impliesd1=d2,

D_α D_β f

d f(d)

D^e_α D^e_β inα→β(f)

[inα(d)]n

inβ(f(d))

D^e_α D^e_β inα→β(f),f⁰

Figure 3:f,inα→β(f),sim(f⁰, f)

2. sim(d⁰, d)⇔d⁰ ↔in(d), 3. d₁6=d₂⇒in(d₁)=in(d₁).

Proof

The proof proceeds by induction on the types. The lemma is clear for type 0.

We prove the lemma for a higher order typeα→β. Considerf, f1, f2∈D_α→β andf⁰∈D_α→β^e .

1. Supposesim(f⁰, f1) and sim(f⁰, f2). Taked ∈Dα and d⁰ ∈ [in(d)]. By definition of sim, f⁰(d⁰) ↔ in(f1(d)) and f⁰(d⁰) ↔ in(f2(d)). Hence in(f1(d)) ↔ in(f2(d)) and by 3), f1(d) = f2(d). Since d is arbitrary, f1=f2.

2. Supposesim(f⁰, f). By 1) ifsim(f⁰, h) thenh=f. Since from Lemma 5, sim(in(f), f), the same holds forin(f). Therefore, for allh,sim(f⁰, h)⇔ sim(in(f), h) and hence by definition of↔,f⁰↔in(f).

Suppose f⁰ ↔ in(f). By Lemma 5, sim(in(f), f) and by definition of sim,sim(f⁰, f).

3. Suppose f1 6= f2. From Lemma 5, sim(in(f1), f1). Hence by 1), not sim(in(f1), f2). But sincesim(in(f2), f2), we getin(f1)=in(f2).

3.2. Interpreting the lambda terms in the extended model

To interpret the lambda terms in D^e, we need to define the variable as- signmentv^e that interprets the variables. We intend to pick one from a set of variable assignments thatsimulate v.

6

Definition 7 A variable assignmentv⁰ onD^e simulates a variable assignment vonDif for all variablesx: sim(v⁰(x), v(x)).

Lemma 8 Ifv⁰ simulates v then for every lambda termM: sim(JMK

v⁰ D^e,JMK

v D) Proof

We proceed by induction on the structure of the lambda term.

1. For variables, the lemma follows from the hypothesis.

2. Consider an application M N, with M of type α → β and N of type α. By induction, sim([[N]]^v_D⁰e,[[N]]^v_D) and hence from 2) of Lemma 6, [[N]]^v

0

D^e ↔ in([[N]]^v_D). Also by induction, sim([[M]]^v

0

D^e,[[M]]^v_D) and hence from definition, [[M]]^v_D⁰e([[N]]^v_D⁰e) ↔ in([[M]]^v_D([[N]]^v_D)). Therefore by 2) of Lemma 6,sim([[M N]]^v_D⁰e,[[M N]]^v_D).

3. Consider a lambda abstraction λx^α.M. Take d ∈ Dα and d⁰ ∈ [in(d)].

Since sim(v⁰, v), we have sim(v⁰[d⁰/x^α], v[d/x^α]) and hence by induc- tionsim([[M]]^v_D⁰e^[d0/xα],[[M]]^v[d/x_D ^α]). From 2) of Lemma 6, [[M]]^v_D^0[de^0/xα] ↔ [[M]]^v[d/x_D ^α]. This is true for alld∈D_α. Hence, by definitionsim([[λx^α.M]]^v_D⁰e, [[λx^α.M]]^v_D).

Corollary 9 If v⁰ simulates v, then every term uniquely determined in (D, v) is uniquely determined in (D^e, v⁰).

Proof

LetM be uniquely determined in (D, v) but not in (D^e, v⁰). Therefore, there existsN 6=βη M such that [[N]]^v_D⁰e = [[M]]^v_D⁰e. From Lemma 8, this would mean that sim([[M]]^v_D⁰e,[[M]]^v_D) and sim([[M]]^v_D⁰e,[[N]]^v_D). Hence by 1) of Lemma 6,

[[M]]^v_D = [[N]]^v_D. A contradiction.

4. Proof of the theorem

The proof proceeds by an induction on the size of the B¨ohm tree BT(M) of the lambda term M. Let BT(M) contain m nodes. Consider an ordering s₁<· · ·< s_mof the nodes ofBT(M) that satisfies the condition that if a node s_i is a child ofs_j, thens_i < s_j. Assume thatD_k is a model andv_k a variable assignment such that all the lambda terms rooted in the nodessiwithi≤kare uniquely determined in (Dk, vk). We then construct (Dk+1, vk+1) where all the lambda terms rooted in the nodes si with i ≤k+ 1 are uniquely determined.

ConsequentlyM gets uniquely determined in (Dm, vm).

Base case

The base case refers to (D₁, v₁) which uniquely determines a leaf ofBT(M).

A leaf is variablez of type 0. Starting with the trivial modelD0 which has a singleton{⊥}in its basic set and the trivial variable assignmentv0, we construct the extended modelD₀^eby adding a new element⊥clone to the atomic set. The new variable assignmentv₀^eassignszto⊥clone and the rest of the variables are maintained with the same interpretation. Clearly,z is uniquely determined in (D^e₀, v^e₀). SetD1as D₀^eandv1 asv₀^e.

Induction case

Let the lambda term rooted atskbeλ~x.yM1. . . Mnand let [[yM1. . . Mn]]^v_D^k

k = e. For notational simplicity let D=Dk and v=vk. By induction hypothesis, M1, . . . , Mn are uniquely determined in (D, v).

Construct the extended model D^eby adding an elementeclone to the basic setD0 ofD. Consider the variable assignmentv^edefined below.

• v^e(x) =in(v(x)), ifx6=y.

• For the variabley,

v^e(y)(d⁰₁, . . . , d⁰_n) =







eclone ifd⁰_i∈[in(JMiK

v D)], fori∈ {1, . . . , n}

in(v(y))(d⁰₁, . . . , d⁰_n) otherwise Sincee_clone↔e,v^esimulates v. Hence we infer the following.

1. From Lemma 8, for every lambda term N, [[N]]^v_D^ee simulates [[N]]^v_D, and hence from Lemma 6

[[N]]^v_D^ee ↔in([[N]]^v_D) 2. [[yM1. . . Mn]]^v_D^ee =eclone.

We now prove that [[yM1. . . Mn]]^v_D^ee is uniquely interpreted to eclone. Let zN₁. . . N_p be a lambda term such that [[zN₁. . . N_p]]^v_D^e_e = e_clone. If z 6= y, thenv^e(z) =in(v(z)). However, observe that there does not exist an element d∈D₀such that in(d) =e_clone. Also, note that ∆₀6=e_clone. Hence by defini- tion,in(v(z))(d⁰₁, . . . , d⁰_p) cannot be equal to eclone for any values of d⁰₁, . . . , d⁰_p implyingz=y.

Sincez=y, pequals n. We show thatNi =Mi for alli. Now, if [[Ni]]^v_D^e

e ∈/ [in([[M_i]]^v_D)] for some i, by the same reasoning as above, [[zN₁. . . N_p]]^v_D^e_e cannot be equal to e_clone. Therefore, [[N_i]]^v_D^e

e ↔ [[M_i]]^v_D for all i. In addition, from Lemma 8, we know that [[Ni]]^v_D^e

e ↔ [[Ni]]^v_D too. Hence from the third part of Lemma 6, [[N_i]]^v_D = [[M_i]]^v_D. From the assumption that each M_i is uniquely determined in (D, v), one can deduce that N_i = M_i for i ∈ {1, . . . , n}. We hence infer thatyM₁. . . M_k is uniquely determined in (D^e, v^e).

8

Note that this impliesλ~x.yM1. . . Mk is uniquely determined too in (D^e, v^e) since, for another lambda termλ~x.N, if [[λ~x.N]]^v_D^ee = [[λ~x.yM₁. . . M_k]]^v_D^ee, then N with~xsubstituted by values from v^eand yM₁. . . M_k with~xsubstituted by values fromv^e interpret to the same element ofD^e, contradicting the fact that yM1. . . Mk is uniquely determined with the variable assignmentv^e.

Set Dk+1 = D^e and vk+1 = v^e. Therefore, from the above argument and from Corollary 9, the lambda terms rooted at nodes si with i ≤ k+ 1 are uniquely determined in (Dk+1, vk+1), thus proving the inductive step.

[1] L. Henkin. Completeness in the theory of types. Journal of symbolic logic, 15(2):81–91, 1950.

[2] R. Loader. The undecidability of-definability. Logic, meaning, and compu- tation: essays in memory of Alonzo Church, page 331, 2001.

[3] S. Salvati. Recognizability in the simply typed lambda-calculus. Logic, Language, Information and Computation, pages 48–60, 2009.

[4] S. Salvati. On the membership problem for non-linear Abstract Categorial Grammars. Journal of Logic, Language and Information, 19(2):163–183, 2010.

[5] R. Statman. Completeness, invariance andλ-definability. Journal of Sym- bolic Logic, 47(1):17–26, 1982.

[6] R. Statman and G. Dowek. On Statman’s Finite Completeness Theorem.

Carnegie Mellon University, School of Computer Science, 1992.

[7] DA Wolfram. The clausal theory of types. PhD thesis, 1989.