A completeness result for a realisability semantics for an intersection type system

HAL Id: hal-00380177

https://hal.archives-ouvertes.fr/hal-00380177

Submitted on 4 May 2009

HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

A completeness result for a realisability semantics for an intersection type system

Fairouz Kamareddine, Karim Nour

To cite this version:

Fairouz Kamareddine, Karim Nour. A completeness result for a realisability semantics for an in- tersection type system. Annals of Pure and Applied Logic, Elsevier Masson, 2007, 146, pp.180-198.

�hal-00380177�

A completeness result for a realisability semantics for an intersection type system

Fairouz Kamareddine

^∗

and Karim Nour

^†

May 4, 2009

Abstract

In this paper we consider a type system with a universal type ω where any term (whether open or closed, β-normalising or not) has type ω. We provide this type system with a realisability semantics where an atomic type is interpreted as the set of λ-terms saturated by a certain relation. The variation of the saturation relation gives a number of interpretations to each type. We show the soundness and completeness of our semantics and that for different notions of saturation (based on weak head reduction and normal β-reduction) we obtain the same interpretation for types. Since the presence of ω prevents typability and realisability from coinciding and creates extra difficulties in characterizing the interpretation of a type, we define a class U

⁺

of the so-called positive types (where ω can only occur at specific positions). We show that if a term inhabits a positive type, then this term is β-normalisable and reduces to a closed term. In other words, positive types can be used to represent abstract data types. The completeness theorem for U

⁺

becomes interesting indeed since it establishes a perfect equivalence between typable terms and terms that inhabit a type. In other words, typability and realisability coincide on U

⁺

. We give a number of examples to explain the intuition behind the definition of U

⁺

and to show that this class cannot be extended while keeping its desired properties.

1 Introduction

The ground work for intersection types and related notions was developed in the seventies [5, 6, 18] and have since proved to be a valuable tool in the theoretical studies and applications of the lambda calculus. Intersection types incorporate type polymorphism in a finitary way (where the usage of types is listed rather than quantified over). Since the late seventies, numerous intersection type systems have been developed or used for a multitude of purposes (the list is huge; for a very brief list we simply refer the reader to the recent articles [1, 4] and the references there, for a longer list we refer the reader to the bibliography of intersection types and related systems available (while that URL address is active) at http://www.macs.

hw.ac.uk/

^∼

jbw/itrs/bibliography.html). In this paper, we are interested in the interpretation of an intersection type. We study this interpretation in the context of the so-called realisability semantics.

The idea of realisability semantics is to associate to each type a set of terms which realise this type. Under this semantics, an atomic type is interpreted as the set of

∗School of Mathematical and Computer Sciences, Heriot-Watt Univ., Riccarton, Edinburgh EH14 4AS, Scotland, fairouz@macs.hw.ac.uk

†Universit´e de Savoie, Campus Scientifique, 73378 Le Bourget du Lac, France, nour@univ- savoie.fr

λ-terms saturated by a certain relation. Then, arrow and intersection types receive their intuitive interpretation of functional space and set intersection. For example, a term which realises the type N → N is a function from N to N . Realisability semantics has been a powerful method for establishing the strong normalisation of type systems ` a la Tait and Girard. The realisability of a type system enables one to also show the soundness of the system in the sense that the interpretation of a type contains all the terms that have this type. Soundness has been an important method for characterising the algorithmic behaviour of typed terms through their types as has been illuminative in the work of Krivine.

It is also interesting to find the class of types for which the converse of soundness holds. I.e., to find the types A for which the realisability interpretation contains exactly (in a certain sense) the terms typable by A. This property is called com- pleteness and has not yet been studied for every type system.

In addition to the questions of soundness and completeness for a realisability semantics, one is interested in the additional three questions:

1. Can different interpretations of a type given by different saturation relations be compared?

2. For a particular saturation relation, what are the types uniquely realised by the λ-terms which are typable by these types?

3. Is there a class of types for which typability and realisability coincide?

In this paper we establish the soundness and completeness as well as give answers to questions 1, 2 and 3 for a strict non linear intersection type system with a universal type. We show that for different notions of saturation (based on weak head reduction and normal β-reduction) we obtain the same interpretation for types answering question 1 partially. Questions 2 and 3 are affected by the presence of ω which prevents typability and realisability from coinciding and creates extra difficulties in characterizing the interpretation of a type. We define a class U

⁺

of the so-called positive types (where ω can only occur at specific positions). We show that if a term inhabits a positive type, then this term is β -normalisable and reduces to a closed term. In other words, positive types can be used to represent abstract data types. This result answers question 2 and depends on the full power of soundness.

The completeness theorem for U

⁺

becomes interesting indeed since it establishes a perfect equivalence between typable terms and terms that inhabit a type. In other words, typability and realisability coincide on U

⁺

answering question 3. We give a number of examples to explain the intuition behind the definition of U

⁺

and to show that this class cannot be extended while keeping its desired properties.

Hindley [12, 13, 14] was the first to study the completeness of a simple type sys- tem and he showed that all the types of that system have the completeness property.

Then, he generalised his completeness proof for an intersection type system [11].

Using his completeness theorem for the realisability semantics based on the sets of λ-terms saturated by βη-equivalence, Hindley has shown that simple types have property 2 above. However, his completeness theorem for intersection types does not allow him to establish property 2 for the intersection type system. Moreover, Hindley’s completeness theorems were established with the sets of λ-terms saturated by βη-equivalence, and hence they don’t permit a comparison between the differ- ent possible interpretations. In our method, saturation is not by βη-equivalence.

Rather, it is by the weaker requirement of weak head normal forms. Hence, all of Hindley’s saturated models are also saturated in our framework and moreover, there are saturated models based on weak head normal form which cannot be models in Hindley’s framework.

[16] has established completeness for a class of types in Girard’s system F (also

independently discovered by Reynolds as the second order typed λ-calculus) known

as the strictly positive types. [9, 10] generalised the result of [16] for the larger class which includes all the positive types and also for second order functional arithmetic.

[7] established recently by a different method using Kripke models, the completeness for the simply typed λ-calculus. Finally [17] introduced a realizability semantics for the simply typed λµ-calculus and proved a completeness result.

The paper is structured as follows: In section 2, we introduce the intersection type system that will be studied in this paper. In section 3 we study both the subject reduction and subject expansion properties for β. In section 4 we establish the soundness and completeness of the realisability semantics based on two notions of saturated sets (one using weak head reduction and the other using β-reduction).

In section 5 we show that the meaning of a type does not depend on the chosen notion of saturation (based on either weak head reduction or β-reduction). We also define a subset of types which we show to satisfy the (weak) normalisation property and for which typability and realisability coincide.

2 The typing system

A number of intersection type systems have been given in the literature (for a very brief list see [1, 4] and the references there; for a longer list (and while that URL ad- dress is active) see http://www.macs.hw.ac.uk/

^∼

jbw/itrs/bibliography.html).

In this paper we introduce an interesection type system due to J.B. Wells and in- spired by his work with S´ebastien Carlier on expansion [4]. We follow [4] and write the type judgements Γ ⊢ M : U as M : hΓ ⊢ Ui. There are many reasons why this latter notation is to be prefered over the former (see [4]). In particular, this typing notation allowed J.B. Wells in [20] to give a very simple yet general definition of principal typings.

Before presenting the type system, we give a number of its characteristics:

• The type system is relevant: this means that the type environments contain all and only the necessary assumptions as is shown in lemma 7.1.

• The type system is strict and non-linear. Following the terminology of [19]

(who advocated the use of of linear systems of intersection types only with strict intersection types), types are strict if ω and ⊓ do not occur immediately to the right of arrows. Our type system is non-linear since ⊓ is idempotant.

We guarantee strictness by using two sets of types T and U such that T ⊂ U and T is only formed by either basic types or using the arrow constructor (without permitting ω and ⊓ to occur immediately to the right of arrows).

This means that one does not need to state laws relating A → (B

1

⊓ B

2

) to (A → B

1

) ⊓ (A → B

2

), yet one can still establish a number of type inclusion properties as is shown in lemma 5.

Definition 1 1. Let V be a denumerably infinite set of variables. The set of terms M, of the λ-calculus is defined as usual by the following grammar:

M ::= V | (λV.M) | (MM)

We let x, y, z, etc. range over V and M, N, P, Q, M

1

, M

2

, . . . range over M.

We assume the the usual definition of subterms and the usual convention for parenthesis and omit these when no confusion arises. In particular, we write M N

1

...N

n

instead of (...(M N

1

) N

2

...N

n−1

) N

n

.

We take terms modulo α-conversion and use the Barendregt convention (BC)

where the names of bound variables differ from the free ones. When two terms

M and N are equal (modulo α), we write M = N . We write F V (M ) for the

set of the free variables of term M .

2. We define as usual the substitution M [x := N ] of the term N for all free oc- currences of x in the term M and similarly, M [(x

i

:= N

i

)

ⁿ₁

], the simultaneous substitution of N

i

for all free occurrences of x

i

in M for 1 ≤ i ≤ n.

3. We assume the usual definition of compatibility.

• The weak head reduction ⊲

f

on M is defined by: M ⊲

f

N if M = (λx.P )Q Q

1

...Q

n

and N = P [x := Q] Q

1

...Q

n

where n ≥ 0.

• The reduction relation ⊲

_β

on M is defined as the least compatible relation closed under the rule: (λx.M)N ⊲

_β

M [x := N ].

• For r ∈ {f, β}, ⊲

^∗_r

denotes the reflexive transitive closure of ⊲

r

.

• ≃

β

denotes the equivalence relation induced by ⊲

^∗_β

.

The next theorem is standard and is needed for the rest of the paper.

Theorem 2 1. Let r ∈ {f, β}. If M ⊲

^∗_r

N , then F V (N ) ⊆ F V (M ).

2. If M ⊲

^∗_f

N, then, for all P ∈ M, M P ⊲

^∗_f

N P .

3. If M ⊲

^∗_β

M

1

and M ⊲

^∗_β

M

2

, then there is M

^′

such that M

1

⊲

^∗_β

M

^′

and M

2

⊲

^∗_β

M

^′

. 4. M

1

≃

β

M

2

iff there is a term M such that M

1

⊲

^∗_β

M and M

2

⊲

^∗_β

M .

5. Let n ≥ 1 and assume x

i

6∈ F V (M ) for every 1 ≤ i ≤ n. If M x

1

...x

n

⊲

^∗_β

x

j

N

1

...N

m

for some 1 ≤ j ≤ n and m ≥ 0, then for some k ≥ j and s ≤ m, M ⊲

^∗_β

λx

1

....λx

k

.x

j

M

1

...M

s

where s + n = k + m, M

i

≃

β

N

i

for every 1 ≤ i ≤ s and N

s+i

≃

β

x

k+i

for every 1 ≤ i ≤ n − k.

6. If M x is weakly β-normalising and x 6∈ F V (M ), then M is also weakly β- normalising.

Proof See [3] for more detail. Here, we sketch the proofs. 1 (resp. 2) is by induction on M ⊲

^∗_r

N (resp. M ⊲

^∗_f

N ). 3 is the Church-Rosser. 4 if) is by definition of ≃

β

whereas only if) is by induction on M

1

≃

β

M

2

using 3.

5. is as follows: Since M x

1

...x

n

⊲

^∗_β

x

j

N

1

...N

m

, then by page 23 of [15], M x

1

...x

n

is solvable and hence, M is also solvable and its head reduction terminates.

Therefore, M ⊲

^∗_β

λx

1

...λx

k

.zM

1

...M

s

for s, k ≥ 0. Since x

j

N

1

...N

m

≃

β

(λx

k

.zM

1

...M

s

)x

1

...x

n

then k ≤ n, x

j

N

1

...N

m

≃

β

zM

1

...M

s

x

k+1

...x

n

. Hence, z = x

j

, s ≤ m, j ≤ k (since x

j

6∈ F V (M )), m = s+(n−(k+1))+1 = s+n−k, M

i

≃

β

N

i

for every 1 ≤ i ≤ s and N

s+i

≃

β

x

k+i

for every 1 ≤ i ≤ n − k.

6. is by cases:

– If M x ⊲

^∗_β

M

^′

x where M

^′

x is in β-normal form and M ⊲

^∗_β

M

^′

then M

^′

is in β-normal form and M is β-normalising.

– If M x ⊲

^∗_β

(λy.N) x ⊲

_β

N[y := x] ⊲

^∗_β

P where P is in β-normal form and M ⊲

^∗_β

λy.N then by 1, x 6∈ F V (N ) and so, M ⊲

^∗_β

λy.N = λx.N [y :=

x] ⊲

^∗_β

λx.P . Since λx.P is in β-normal form, M is β-normalising.

Definition 3 1. Let A be a denumerably infinite set of atomic types. The types are defined by the following grammars:

T ::= A | U → T U ::= ω | U ⊓ U | T

We let a, b, c, a

1

, a

2

, . . . range over A, T, T

1

, T

2

, T

^′

, . . . range over T and U, V , W , U

1

, V

1

, U

^′

, . . . range over U .

We quotient types by taking ⊓ to be commutative (i.e. U

1

⊓ U

2

= U

2

⊓ U

1

), associative (i.e. U

1

⊓ (U

2

⊓U

3

) = (U

1

⊓ U

2

)⊓ U

3

), idempotent (i.e. U ⊓ U = U ) and to have ω as neutral (i.e. ω ⊓ U = U ).

We denote U

n

⊓ U

n+1

. . . ⊓ U

m

by ⊓

^m_i=n

U

i

(when n ≤ m).

2. A type environment is a set {x

i

: U

i

/ 1 ≤ i ≤ n, n ≥ 0, and ∀1 ≤ i ≤ n, x

i

∈ V , U

i

∈ U and ∀1 ≤ i, j ≤ n, if i 6= j then x

i

6= x

j

}. We denote such environment (call it Γ) by x

1

: U

1

, . . . , x

n

: U

n

or simply by (x

i

: U

i

)

n

and define dom(Γ) = {x

i

/ 1 ≤ i ≤ n}. We use Γ, ∆, Γ

1

, . . . to range over environments and write () for the empty environment.

If M is a term and F V (M ) = {x

1

, ..., x

n

}, we denote env

^Mω

= (x

i

: ω)

n

. If Γ = (x

i

: U

i

)

n

, x 6∈ dom(Γ) and U ∈ U , we denote Γ, x : U the type environment x

1

: U

1

, . . . , x

n

: U

n

, x : U .

Let Γ

1

= (x

i

: U

i

)

n

, (y

j

: V

j

)

m

and Γ

2

= (x

i

: U

i^′

)

n

, (z

k

: W

k

)

l

. We denote Γ

1

⊓ Γ

2

the type environment (x

i

: U

i

⊓ U

_i^′

)

n

, (y

j

: V

j

)

m

, (z

k

: W

k

)

l

. Note that dom(Γ

1

⊓ Γ

2

) = dom(Γ

1

) ∪ dom(Γ

2

) and that ⊓ is commutative, associative and idempotent on environments.

3. The typing rules are the following:

x : hx : T ⊢ T i ax

M : henv

_ω^M

⊢ ωi ω M : hΓ, x : U ⊢ T i λx.M : hΓ ⊢ U → T i →

i

M : hΓ ⊢ T i x 6∈ dom(Γ) λx.M : hΓ ⊢ ω → T i →

^′_i

M

1

: hΓ

1

⊢ U → T i M

2

: hΓ

2

⊢ U i

M

1

M

2

: hΓ

1

⊓ Γ

2

⊢ T i →

e

M : hΓ ⊢ U

1

i M : hΓ ⊢ U

2

i M : hΓ ⊢ U

1

⊓ U

2

i ⊓

i

M : hΓ ⊢ U i hΓ ⊢ Ui ⊑ hΓ

^′

⊢ U

^′

i M : hΓ

^′

⊢ U

^′

i ⊑

In the last clause, the binary relation ⊑ is defined by the following rules:

Φ ⊑ Φ ref

Φ

1

⊑ Φ

2

Φ

2

⊑ Φ

3

Φ

1

⊑ Φ

3

tr

U

1

⊓ U

2

⊑ U

1

⊓

e

U

1

⊑ V

1

U

2

⊑ V

2

U

1

⊓ U

2

⊑ V

1

⊓ V

2

⊓

U

2

⊑ U

1

T

1

⊑ T

2

U

1

→ T

1

⊑ U

2

→ T

2

→

U

1

⊑ U

2

x 6∈ dom(Γ) Γ, x : U

1

⊑ Γ, x : U

2

⊑

c

U

1

⊑ U

2

Γ

2

⊑ Γ

1

hΓ

1

⊢ U

1

i ⊑ hΓ

2

⊢ U

2

i ⊑

_hi

Throughout, we use Φ, Φ

^′

, Φ

1

, . . . to denote U ∈ U , or environments Γ or typings hΓ ⊢ Ui. Note that when Φ ⊑ Φ

^′

, then Φ and Φ

^′

belong to the same set (either U or environments or typings).

The next lemma gives the shape of a type in U .

Lemma 4 1. If U ∈ U , then U = ω or U = ⊓

ⁿ_i=1

T

i

where n ≥ 1 and ∀ 1 ≤ i ≤ n, T

i

∈ T .

2. U ⊑ ω.

3. If ω ⊑ U , then U = ω.

Proof

1. By induction on U ∈ U . 2. By rule ⊓

e

, U = ω ⊓ U ⊑ ω.

3. By induction on the derivation ω ⊑ U .

The next lemma studies the relation ⊑ on U . Lemma 5 Let V 6= ω.

1. If U ⊑ V , then U = ⊓

^k_j=1

T

j

, V = ⊓

^p_i=1

T

_i^′

where p, k ≥ 1, ∀1 ≤ j ≤ k, 1 ≤ i ≤ p, T

j

, T

_i^′

∈ T , and ∀ 1 ≤ i ≤ p, ∃1 ≤ j ≤ k such that T

j

⊑ T

_i^′

. 2. If U ⊑ V

^′

⊓ a, then U = U

^′

⊓ a and U

^′

⊑ V

^′

.

3. Let p, k ≥ 1. If ⊓

^k_j=1

(U

j

→ T

j

) ⊑ ⊓

^p_i=1

(U

_i^′

→ T

_i^′

), then ∀1 ≤ i ≤ p, ∃1 ≤ j ≤ k such that U

i^′

⊑ U

j

and T

j

⊑ T

i^′

.

4. If U → T ⊑ V , then V = ⊓

^p_i=1

(U

i

→ T

i

) where p ≥ 1 and ∀1 ≤ i ≤ p, U

i

⊑ U and T ⊑ T

i

.

5. If ⊓

^k_j=1

(U

j

→ T

j

) ⊑ V where k ≥ 1, then V = ⊓

^p_i=1

(U

_i^′

→ T

_i^′

) where p ≥ 1 and ∀1 ≤ i ≤ p, ∃1 ≤ j ≤ k U

_i^′

⊑ U

j

and T

j

⊑ T

_i^′

.

Proof

1. By induction on the derivation U ⊑ V using lemma 4.1.

2. By induction on U ⊑ V

^′

⊓ a.

3. By induction on ⊓

^k_j=1

(U

j

→ T

j

) ⊑ ⊓

^p_i=1

(U

_i^′

→ T

_i^′

). We only do the tr case.

If ⊓

^k_j=1

(U

j

→ T

j

) ⊑ V V ⊑ ⊓

^p_i=1

(U

_i^′

→ T

_i^′

)

⊓

^k_j=1

(U

j

→ T

j

) ⊑ ⊓

^p_i=1

(U

_i^′

→ T

_i^′

) , then, by 1, V = ⊓

^q_l=1

T

_l^′′

where q ≥ 1 and ∀1 ≤ l ≤ q, ∃1 ≤ j ≤ k, such that U

j

→ T

j

⊑ T

_l^′′

. If T

_l^′′

= a, then, by 2, U

j

→ T

j

= U

^′

⊓ a. Absurd. Hence, ∀1 ≤ l ≤ q, T

_l^′′

= V

l

→ T

_l^′′′

and V = ⊓

^q_l=1

(V

l

→ T

_l^′′′

). Let 1 ≤ i ≤ p. By IH, ∃1 ≤ l ≤ q, U

i^′

⊑ V

l

and T

_l^′′′

⊑ T

i^′

. Also, by IH, ∃1 ≤ j ≤ k, V

l

⊑ U

j

and T

j

⊑ T

_l^′′′

. Hence, ∀1 ≤ i ≤ p,

∃1 ≤ j ≤ k, such that U

_i^′

⊑ U

j

and T

j

⊑ T

_i^′

.

4. By 1, V = ⊓

^p_i=1

T

_i^′

where p ≥ 1 and ∀1 ≤ i ≤ p, U → T ⊑ T

_i^′

. If T

_i^′

= a, then, by 2, U → T = U

^′

⊓ a. Absurd. Hence, T

_i^′

= U

i

→ T

i

. Hence, by 3,

∀1 ≤ i ≤ p, U

i

⊑ U and T ⊑ T

i

.

5. Since V 6= ω, then, by lemma 4.1, V = ⊓

^p_i=1

T

_i^′

where p ≥ 1 and ∀1 ≤ i ≤ p, T

_i^′

∈ T . Let 1 ≤ i ≤ p. By 1, ∃1 ≤ j

i

≤ k such that U

ji

→ T

ji

⊑ T

_i^′

. By 4, and since T

_i^′

∈ T , T

_i^′

= U

_i^′

→ T

_i^′′

where U

_i^′

⊑ U

ji

and T

ji

⊑ T

_i^′′

. Hence, V = ⊓

^p_i=1

(U

_i^′

→ T

_i^′′

) where p ≥ 1 and ∀1 ≤ i ≤ p, ∃1 ≤ j

i

≤ k U

_i^′

⊑ U

ji

and T

ji

⊑ T

_i^′′

.

The next lemma studies the relation ⊑ on environments and typings.

Lemma 6 1. If Γ ⊑ Γ

^′

, then dom(Γ) = dom(Γ

^′

).

2. If Γ ⊑ Γ

^′

, U ⊑ U

^′

and x 6∈ dom(Γ), then Γ, x : U ⊑ Γ

^′

, x : U

^′

.

3. Γ ⊑ Γ

^′

iff Γ = (x

i

: U

i

)

n

, Γ

^′

= (x

i

: U

_i^′

)

n

and for every 1 ≤ i ≤ n, U

i

⊑ U

_i^′

. 4. If dom(Γ) = F V (M ), then Γ ⊑ env

^Mω

5. If env

^M_ω

⊑ Γ, then Γ = env

_ω^M

.

6. hΓ ⊢ U i ⊑ hΓ

^′

⊢ U

^′

i iff Γ

^′

⊑ Γ and U ⊑ U

^′

. 7. If Γ ⊑ Γ

^′

and ∆ ⊑ ∆

^′

, then Γ ⊓ ∆ ⊑ Γ

^′

⊓ ∆

^′

. Proof

1. By induction on the derivation Γ ⊑ Γ

^′

.

2. First show, by induction on the derivation Γ ⊑ Γ

^′

(using 1), that if Γ ⊑ Γ

^′

, V ∈ U and y 6∈ dom(Γ) then Γ, y : V ⊑ Γ

^′

, y : V . Then use tr.

3. Only if) By 1, Γ = (x

i

: U

i

)

n

and Γ

^′

= (x

i

: U

i

)

n

. The proof is by induction on the derivation (x

i

: U

i

)

n

⊑ (x

i

: U

_i^′

)

n

. If) By induction on n using 2.

4. Let F V (M ) = {x

1

, . . . , x

n

} and Γ = (x

i

: U

i

)

n

. By definition, env

_ω^M

= (x

i

, ω)

n

. Hence, by lemma 4.2 and 3, Γ ⊑ env

_ω^M

.

5. Let F V (M ) = {x

1

, . . . , x

n

}. By definition, env

_ω^M

= (x

i

, ω)

n

. By 3, Γ = (x

i

: U

i

)

n

and ∀1 ≤ i ≤ n, ω ⊑ U

i

. Hence by lemma 4.3, ∀1 ≤ i ≤ n, ω = U

i

. 6. Only if) By induction on the derivation hΓ ⊢ U i ⊑ hΓ

^′

⊢ U

^′

i. If) By ⊑

_hi

. 7. This is a corollary of 3.

The next lemma shows that we do not allow weakening in our type system.

Lemma 7 1. If M : hΓ ⊢ U i, then dom(Γ) = F V (M ).

2. For every Γ and M such that dom(Γ) = F V (M ), we have M : hΓ ⊢ ωi.

Proof

1. By induction on the derivation M : hΓ ⊢ Ui.

2. By ω, M : henv

^M_ω

⊢ ωi. By lemma 6.4, Γ ⊑ env

_ω^M

. Hence, by ⊑ and ⊑

hi

, M : hΓ ⊢ ωi.

Finally, it may come as a surprise that the rule ax uses types in T instead of U and that in the rule ⊓ we take the same environment. The lemma below shows that this is not restrictive.

Lemma 8 1. The rule M : hΓ

1

⊢ U

1

i M : hΓ

2

⊢ U

2

i

M : hΓ

1

⊓ Γ

2

⊢ U

1

⊓ U

2

i ⊓

^′_i

is derivable.

2. The rule

x : h(x : U ) ⊢ U i ax

^′

is derivable.

Proof

1. Let M : hΓ

1

⊢ U

1

i and M : hΓ

2

⊢ U

2

i. By lemma 7, dom(Γ

1

) = dom(Γ

2

) = F V (M ). Let Γ

1

= (x

i

: V

i

)

n

and Γ

2

= (x

i

: V

_i^′

)

n

. Hence, Γ

1

⊓ Γ

2

= (x

i

: V

i

⊓ V

_i^′

)

n

. By V

i

⊓ V

_i^′

⊑ V

i

and V

i

⊓ V

_i^′

⊑ V

_i^′

for all 1 ≤ i ≤ n.

Hence, by lemma 6.3, Γ

1

⊓ Γ

2

⊑ Γ

1

and Γ

1

⊓ Γ

2

⊑ Γ

2

, and, by rules ⊑ and ⊑

hi

, M : hΓ

1

⊓ Γ

2

, U

1

i and M : hΓ

1

⊓ Γ

2

, U

2

i. Finally, by rule ⊓

i

, M : hΓ

1

⊓ Γ

2

, U

1

⊓ U

2

i.

2. By lemma 4.1:

– Either U = ω, then, by rule ω, we have x : h(x : ω) ⊢ ωi.

– Or U = ⊓

^k_i=1

T

i

where ∀1 ≤ i ≤ k, T

i

∈ T , then, by rule ax, x : h(x : T

i

) ⊢ T

i

i and, by k − 1 applications of rule ⊓

^′_i

, x : h(x : U ) ⊢ U i.

3 Subject reduction and expansion properties

In this section we establish the subject reduction and subject expansion properties for β.

3.1 Subject reduction for β

We start with a form of the generation lemma.

Lemma 9 (Generation) 1. If x : hΓ ⊢ U i, then Γ = (x : V ) and V ⊑ U . 2. If M x : hΓ, x : U ⊢ V i and x 6∈ F V (M ), then V = ω or V = ⊓

^k_i=1

T

i

where

k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ ⊢ U → T

i

i.

3. If λx.M : hΓ ⊢ U i and x ∈ F V (M ), then U = ω or U = ⊓

^k_i=1

(V

i

→ T

i

) where k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ, x : V

i

⊢ T

i

i.

4. If λx.M : hΓ ⊢ U i and x 6∈ F V (M ), then U = ω or U = ⊓

^k_i=1

(V

i

→ T

i

) where

k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ ⊢ T

i

i.

Proof 1. By induction on the derivation x : hΓ ⊢ U i. We have four cases:

• If

x : h(x : T ) ⊢ T i , nothing to prove.

• If

x : h(x : ω) ⊢ ωi , nothing to prove.

• Let x : hΓ ⊢ U

1

i x : hΓ ⊢ U

2

i

x : hΓ ⊢ U

1

⊓ U

2

i . By IH, Γ = (x : V ), V ⊑ U

1

and V ⊑ U

2

, then, by rule ⊓, V ⊑ U

1

⊓ U

2

.

• Let x : hΓ

^′

⊢ U

^′

i hΓ

^′

⊢ U

^′

i ⊑ hΓ ⊢ Ui

x : hΓ ⊢ U i . By lemma 6.6, Γ ⊑ Γ

^′

and U

^′

⊑ U and, by IH, Γ

^′

= (x : V

^′

) and V

^′

⊑ U

^′

. Then, by lemma 6.3, Γ = (x : V ), V ⊑ V

^′

and, by rule tr, V ⊑ U .

2. By induction on the derivation M x : hΓ, x : U ⊢ V i. We have four cases:

• If

M x : henv

^{M x}_ω

⊢ ωi , nothing to prove.

• Let M : hΓ ⊢ U → T i x : h(x : V ) ⊢ U i

M x : hΓ, x : V ⊢ T i (where, by 1. V ⊑ U ).

Since U → T ⊑ V → T , we have M : hΓ ⊢ V → T i.

• Let M x : hΓ, x : U ⊢ U

1

i M x : hΓ, x : U ⊢ U

2

i

M x : hΓ, x : U ⊢ U

1

⊓ U

2

i . By IH, we have four cases:

– If U

1

= U

2

= ω, then U

1

⊓ U

2

= ω.

– If U

1

= ω, U

2

= ⊓

^k_i=1

T

i

, k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ ⊢ U → T

i

i, then U

1

⊓ U

2

= U

2

(ω is a neutral element).

– If U

2

= ω, U

1

= ⊓

^k_i=1

T

i

, k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ ⊢ U → T

i

i, then U

1

⊓ U

2

= U

1

(ω is a neutral element).

– If U

1

= ⊓

^k_i=1

T

i

and U

2

= ⊓

^l_i=1

T

k+i

(hence U

1

⊓ U

2

= ⊓

^k+l_i=1

T

i

) , where k, l ≥ 1 and ∀1 ≤ i ≤ k + l, M : hΓ ⊢ U → T

i

i.

• Let M x : hΓ

^′

, x : U

^′

⊢ V

^′

i hΓ

^′

, x : U

^′

⊢ V

^′

i ⊑ hΓ, x : U ⊢ V i

M x : hΓ, x : U ⊢ V i (by lemma 6).

By lemma 6, Γ ⊑ Γ

^′

, U ⊑ U

^′

and V

^′

⊑ V . By IH, we have two cases:

– If V

^′

= ω, then, by lemma 4.3, V = ω.

– If V

^′

= ⊓

^k_i=1

T

_i^′

, where k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ ⊢ U → T

_i^′

i. By lemma 5.1, V = ω (nothing to prove) or V = ⊓

^p_i=1

T

i

where p ≥ 1 and

∀1 ≤ i ≤ p, ∃1 ≤ j

i

≤ k such that T

j^′i

⊑ T

i

. Since, by lemma 6.6, hΓ

^′

⊢ U

^′

→ T

j^′i

i ⊑ hΓ ⊢ U → T

i

i for any 1 ≤ i ≤ p, then ∀1 ≤ i ≤ p, M : hΓ ⊢ U → T

i

i.

3. By induction on the derivation λx.M : hΓ ⊢ U i. We have four cases:

• If

λx.M : henv

_ω^λx.M

⊢ ωi , nothing to prove.

• If M : hΓ, x : U ⊢ T i

λx.M : hΓ ⊢ U → T i , nothing to prove.

• Let λx.M : hΓ ⊢ U

1

i λx.M : hΓ ⊢ U

2

i

λx.M : hΓ ⊢ U

1

⊓ U

2

i . By IH, we have four cases:

– If U

1

= U

2

= ω, then U

1

⊓ U

2

= ω.

– If U

1

= ω, U

2

= ⊓

^k_i=1

(V

i

→ T

i

) where k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ

2

, x : V

i

⊢ T

i

i, then U

1

⊓ U

2

= U

2

(ω is a neutral element).

– If U

2

= ω, U

1

= ⊓

^k_i=1

(V

i

→ T

i

) where k ≥ 1 and ∀1 ≤ i ≤ k, M : hΓ

1

, x : V

i

⊢ T

i

i, then U

1

⊓ U

2

= U

1

(ω is a neutral element).

– If U

1

= ⊓

^k_i=1

(V

i

→ T

i

), U

2

= ⊓

^k+l_i=k+1

(V

i

→ T

i

) (hence U

1

⊓ U

2

=

⊓

^k+l_i=1

(V

i

→ T

i

)) where k, l ≥ 1, ∀1 ≤ i ≤ k + l, M : hΓ, x : V

i

⊢ T

i

i, we are done.

• Let λx.M : hΓ ⊢ U i hΓ ⊢ U i ⊑ hΓ

^′

⊢ U

^′

i

λx.M : hΓ

^′

⊢ U

^′

i . By lemma 6.6, Γ

^′

⊑ Γ and U ⊑ U

^′

. By IH, we have two cases:

– If U = ω, then, by lemma 4.3, U

^′

= ω.

– Assume U = ⊓

^k_i=1

(V

i

→ T

i

), where k ≥ 1 and M : hΓ, x : V

i

⊢ T

i

i for all 1 ≤ i ≤ k. By lemma 4.1:

∗ Either U

^′

= ω, and hence nothing to prove.

∗ Or, by lemma 5.5, U

^′

= ⊓

^p_i=1

(V

i^′

→ T

i^′

), where p ≥ 1 and ∀1 ≤ i ≤ p,

∃1 ≤ j

i

≤ k such that V

i^′

⊑ V

ji

and T

ji

⊑ T

i^′

. Let 1 ≤ i ≤ p.

Since, by lemma 6.6, hΓ, x : V

ji

⊢ T

ji

i ⊑ hΓ

^′

, x : V

i^′

⊢ T

i^′

i, then M : hΓ

^′

, x : V

i^′

⊢ T

i^′

i.

4. Same proof as that of 3.

Now, we establish the substitution lemma.

Lemma 10 (Substitution) If M : hΓ, x : U ⊢ V i and N : h∆ ⊢ U i, then M [x := N ] : hΓ ⊓ ∆ ⊢ V i.

Proof By induction on the derivation M : hΓ, x : U ⊢ V i.

• If

x : h(x : T ) ⊢ T i and N : h∆ ⊢ T i, then N = x[x := N ] : h∆ ⊢ T i.

• If

M : h(x

i

: ω)

n

, x : ω ⊢ ωi where F V (M ) = {x

1

, . . . , x

n

, x} and if N : h∆ ⊢ ωi, then since F V (M [x := N]) = {x

1

, . . . , x

n

} ∪ F V (N ), we have by ω, M [x := N ] : h(x

i

: ω)

n

⊓ env

^N_ω

⊢ ωi. By lemmas 6.4 and 7, ∆ ⊑ env

^N_ω

and by lemma 6.7, (x

i

: ω)

n

⊓ ∆ ⊑ (x

i

: ω)

n

⊓ env

^N_ω

. Hence, by ⊑

hi

, M [x := N ] : h(x

i

: ω)

n

⊓ ∆ ⊢ ωi.

• Let M : hΓ, x : U, y : U

^′

⊢ T i

λy.M : hΓ, x : U ⊢ U

^′

→ T i . By IH, M [x := N] : hΓ ⊓ ∆, y : U

^′

⊢ T i. By rule →

i

, (λy.M )[x := N ] = λy.M [x := N ] : hΓ ⊓ ∆ ⊢ U

^′

→ T i.

• Let M : hΓ, x : U ⊢ T i y 6∈ dom(Γ) ∪ {x}

λy.M : hΓ, x : U ⊢ ω → T i . By IH, M [x := N ] : hΓ ⊓ ∆ ⊢ T i.

By rule →

^′_i

, (λy.M )[x := N ] = λy.M [x := N ] : hΓ ⊓ ∆ ⊢ ω → T i.

• Let M

1

: hΓ

1

, x : U

1

⊢ V → T i M

2

: hΓ

2

, x : U

2

⊢ V i

M

1

M

2

: hΓ

1

⊓ Γ

2

, x : U

1

⊓ U

2

⊢ T i where x ∈ F V (M

1

) ∩ F V (M

2

) and N : h∆ ⊢ U

1

⊓ U

2

i. By rules ⊓

e

and ⊑, N : h∆ ⊢ U

1

i and N : h∆ ⊢ U

2

i. Now use IH and rule →

e

.

The cases x ∈ F V (M

1

) \ F V (M

2

) or x ∈ F V (M

2

) \ F V (M

1

) are easy.

• If M : hΓ, x : U ⊢ U

1

i M : hΓ, x : U ⊢ U

2

i

M : hΓ, x : U ⊢ U

1

⊓ U

2

i use IH and ⊓

i

.

• Let M : hΓ

^′

, x : U

^′

⊢ V

^′

i hΓ

^′

, x : U

^′

⊢ V

^′

i ⊑ hΓ, x : U ⊢ V i

M : hΓ, x : U ⊢ V i (by lemma 6).

By lemma 6, dom(Γ) = dom(Γ

^′

), Γ ⊑ Γ

^′

, U ⊑ U

^′

and V

^′

⊑ V . Hence by

⊑, N : h∆ ⊢ U

^′

i and, by IH, M [x := N ] : hΓ

^′

⊓ ∆ ⊢ V

^′

i. It is easy to show Γ ⊓ ∆ ⊆ Γ

^′

⊓ ∆. Hence, hΓ

^′

⊓ ∆ ⊢ V

^′

i ⊑ hΓ ⊓ ∆ ⊢ V i and by ⊑, M [x := N] : hΓ ⊓ ∆ ⊢ V i.

Since our system does not allow weakening, we need the next definition (and the related lemma below it) since when a term is reduced, it may lose some of its free variables and hence will need to be typed in a smaller environment.

Definition 11 If Γ is a type environment and U ⊆ dom(Γ), then we write Γ ↾

_U

for the restriction of Γ on the variables of U. If U = F V (M ) for a term M , we write Γ ↾

M

instead of Γ ↾

F V(M)

.

Lemma 12 1. If F V (N ) ⊆ F V (M ), then env

^M_ω

↾

N

= env

^N_ω

. 2. If F V (M ) ⊆ dom(Γ

1

) and F V (N ) ⊆ dom(Γ

2

), then

(Γ

1

⊓ Γ

2

) ↾

M N

⊑ (Γ

1

↾

M

) ⊓ Γ

2

.

Proof 1. Easy. 2. First, note that dom((Γ

1

⊓ Γ

2

) ↾

M N

) = F V (M N ) = F V (M )∪

F V (N ) = dom(Γ

1

↾

M

) ∪ dom(Γ

2

) = dom((Γ

1

↾

M

) ⊓ Γ

2

). Now, we show by cases that if x : U

1

∈ (Γ

1

⊓ Γ

2

) ↾

M N

and x : U

2

∈ (Γ

1

↾

M

) ⊓ Γ

2

then U

1

⊑ U

2

:

• If x ∈ F V (M )∩F V (N ) then x : U

₁^′

∈ Γ

1

, x : U

₁^′′

∈ Γ

2

and U

1

= U

₁^′

⊓U

₁^′′

= U

2

.

• If x ∈ F V (M ) \ F V (N) then x 6∈ dom(Γ

2

), x : U

1

∈ Γ

1

and U

1

= U

2

.

• If x ∈ F V (N ) \ F V (M ) then

– If x ∈ dom(Γ

1

) then x : U

₁^′

∈ Γ

1

, x : U

2

∈ Γ

2

and U

1

= U

₁^′

⊓ U

2

⊑ U

2

. – If x 6∈ dom(Γ

1

) then x : U

2

∈ Γ

2

and U

1

= U

2

.

Now we give the basic block in the subject reduction for β.

Theorem 13 If M : hΓ ⊢ Ui and M ⊲

β

N , then N : hΓ ↾

N

⊢ U i.

Proof By induction on the derivation M : hΓ ⊢ U i. Rule ω follows by theorem 2.1 and lemma 12.1. Rules →

i

, →

^′_i

, ⊓

i

and ⊑ are by IH. We do →

e

Let M

1

: hΓ

1

⊢ U → T i Q : hΓ

2

⊢ Ui M

1

Q : hΓ

1

⊓ Γ

2

⊢ T i .

• If M = M

1

Q⊲

β

P Q = N where M

1

⊲

β

P then by IH, P : hΓ

1

↾

P

⊢ U → T i. By

→

e

, P Q : h(Γ

1

↾

P

) ⊓ Γ

2

⊢ Ti. By lemma 12.2, (Γ

1

⊓ Γ

2

) ↾

P Q

⊑ (Γ

1

↾

P

) ⊓ Γ

2

. Finally, by ⊑

hi

, P Q : h(Γ

1

⊓ Γ

2

) ↾

P Q

⊢ T i.

• The case M = M

1

Q ⊲

β

M

1

P = N where Q ⊲

β

P is similar to the above.

• Assume M

1

= λx.P and M

1

M

2

= (λx.P )M

2

⊲

β

P [x := M

2

] = N . Since λx.P : hΓ

1

⊢ U → T i, we have two cases:

– If x ∈ F V (P), then, by lemma 9.3, P : hΓ

1

, x : U ⊢ T i. By lemma 10, P[x := M

2

] : hΓ

1

⊓ Γ

2

⊢ T i. Moreover, F V (M

1

M

2

) = F V (N ) = dom(Γ

1

⊓ Γ

2

). Hence (Γ

1

⊓ Γ

2

) ↾

_N

= Γ

1

⊓ Γ

2

and N : h(Γ

1

⊓ Γ

2

) ↾

_N

⊢ T i.

– If x 6∈ F V (P ), then, by lemma 9.4, P : hΓ

1

⊢ T i. Moreover, by lemma 7.1, F V (P ) = F V (M

1

) = dom(Γ

1

). Hence, (Γ

1

⊓Γ

2

) ↾

P

= Γ

1

↾

P

= Γ

1

and P[x := M

2

] = P : h(Γ

1

⊓ Γ

2

) ↾

P

⊢ T i.

Corollary 14 (Subject reduction for β) If M : hΓ ⊢ U i and M ⊲

^∗_β

N, then N : hΓ ↾

N

⊢ U i.

Proof By induction on the length of the derivation M ⊲

^∗_β

N using theorem 13.

Remark 15 Note that using lemma 9.(2 and 3), we can also prove the subject reduction property for η-reduction.

3.2 Subject expansion for β

Subject reduction for β was shown using generation, substitution and environment restriction. Subject expansion for β needs something like the converse of the sub- stitution lemma and environment enlargement.

The next lemma can be seen as the converse of the substitution lemma.

Lemma 16 If M [x := N ] : hΓ ⊢ Ui, x ∈ F V (M ) and x 6∈ F V (N), then ∃ V type and ∃ Γ

1

, Γ

2

type environments such that:

• M : hΓ

1

, x : V ⊢ U i

• N : hΓ

2

⊢ V i

• Γ ⊑ Γ

1

⊓ Γ

2

Proof By induction on the derivation M [x := N] : hΓ ⊢ U i.

If M = x, then x : hx : U ⊢ U i, N : hΓ ⊢ U i and Γ = Γ ⊓ (). Then we can assume that M 6= x.

• The last typing rule can not be ax.

• Let M [x := N] : hΓ, y : W ⊢ T i

λy.M [x := N ] : hΓ ⊢ W → T i where y 6∈ F V (N ).

By IH, ∃ V type and ∃ Γ

1

, Γ

2

type environments such that M : hΓ

1

, x : V ⊢ T i, N : hΓ

2

⊢ V i and Γ, y : W ⊑ Γ

1

⊓ Γ

2

. Since y ∈ F V (M ) and y 6∈ F V (N ), by lemma 6.3, Γ

1

= ∆

1

, y : W

^′

and W ⊑ W

^′

. Hence M : h∆

1

, y : W

^′

, x : V ⊢ T i.

By rule →

i

, λy.M : h∆

1

, x : V ⊢ W

^′

→ T i and since W

^′

→ T ⊑ W → T , then by rule ⊑, λy.M : h∆

1

, x : V ⊢ W → T i. Finally by lemma 6.3, Γ ⊑ ∆

1

⊓ Γ

2

.

• Let M [x := N ] : hΓ ⊢ T i y 6∈ dom(Γ) λy.M [x := N ] : hΓ ⊢ ω → T i .

By IH, ∃ V type and ∃ Γ

1

, Γ

2

type environments such that M : hΓ

1

, x : V ⊢ T i, N : hΓ

2

⊢ V i and Γ ⊑ Γ

1

⊓ Γ

2

. Since y 6= x, λy.M : hΓ

1

, x : V ⊢ ω → T i.

• Let M

1

[x := N ] : hΓ

1

⊢ W → T i M

2

[x := N ] : hΓ

2

⊢ W i M

1

[x := N] M

2

[x := N] : hΓ

1

⊓ Γ

2

⊢ T i where M = M

1

M

2

and x ∈ F V (M

1

) ∩ F V (M

2

).

By IH, ∃ V

1

, V

2

types and ∃ ∆

1

, ∆

2

; ∇

1

, ∇

2

type environments such that M

1

: h∆

1

, x : V

1

⊢ W → T i, M

2

: h∇

1

, x : V

2

⊢ W i, N : h∆

2

⊢ V

1

i, N : h∇

2

⊢ V

2

i, Γ

1

⊑ ∆

1

⊓ ∆

2

and Γ

2

⊑ ∇

1

⊓ ∇

2

. Then, by rules ⊓

^′

and →

e

, M

1

M

2

: h∆

1

⊓ ∇

1

, x : V

1

⊓ V

2

⊢ T i and N : h∆

2

⊓ ∇

2

⊢ V

1

⊓ V

2

i. Finally, by lemma 6.7, Γ

1

⊓ Γ

2

⊑ (∆

1

⊓ ∆

2

) ⊓ (∇

1

⊓ ∇

2

).

The cases x ∈ F V (M

1

) \ F V (M

2

) or x ∈ F V (M

2

) \ F V (M

1

) are easy.

• Let M [x := N ] : hΓ ⊢ U

1

i M [x := N ] : hΓ ⊢ U

2

i M [x := N ] : hΓ ⊢ U

1

⊓ U

2

i .

By IH, ∃ V

1

, V

2

types and ∃ Γ

1

, Γ

2

; ∆

1

, ∆

2

type environments such that M :

hΓ

1

, x : V

1

⊢ U

1

i, M : h∆

1

, x : V

2

⊢ U

2

i, N : hΓ

2

⊢ V

1

i, N : h∆

2

⊢ V

2

i, Γ ⊑

Γ

1

⊓Γ

2

and Γ ⊑ ∆

1

⊓∆

2

. Then, by rule ⊓

^′

, M : hΓ

1

⊓∆

1

, x : V

1

⊓V

2

⊢ U

1

⊓U

2

i

and N : hΓ

2

⊓∆

2

⊢ V

1

⊓ V

2

i. Finally, by lemma 6.7, Γ ⊑ (Γ

1

⊓Γ

2

) ⊓ (∆

1

⊓∆

2

).

• Let M [x := N ] : hΓ

^′

⊢ U

^′

i hΓ

^′

⊢ U

^′

i ⊑ hΓ ⊢ Ui

M : hΓ ⊢ Ui .

By lemma 6.3, Γ ⊑ Γ

^′

and U

^′

⊑ U . By IH, ∃ V type and ∃ Γ

^′₁

, Γ

^′₂

type environments such that M : hΓ

1

, x : V ⊢ U

^′

i, N : hΓ

2

⊢ V i and Γ

^′

⊑ Γ

1

⊓ Γ

2

. Then by rules ⊑

_hi

, ⊑ and tr, M : hΓ

1

, x : V ⊢ U i and Γ ⊑ Γ

1

⊓ Γ

2

.

Since more free variables might appear in the β-expansion of a term, the next definition gives a possible enlargement of an environment.

Definition 17 Let m ≥ n, Γ = (x

i

: U

i

)

n

and U = {x

1

, ..., x

m

}. We write Γ↑

^U

for x

1

: U

1

, ..., x

n

: U

n

, x

n+1

: ω, ..., x

m

: ω. If dom(Γ) ⊆ F V (M ), we write Γ↑

^M

instead of Γ↑

^{F V(M)}

.

The next lemma is basic for the proof of subject expansion for β.

Lemma 18 If M [x := N] : hΓ ⊢ Ui, x 6∈ F V (N ) and U = F V ((λx.M)N ), then (λx.M )N : hΓ↑

^U

⊢ U i.

Proof We have three cases:

• If U = ω: By lemma 7.2, we have (λx.M )N : hΓ↑

^U

⊢ ωi.

• If U ∈ T : We have two cases:

– If x ∈ F V (M ), then, by lemma 16, ∃ V type and ∃ Γ

1

, Γ

2

type environ- ments such that M : hΓ

1

, x : V ⊢ U i, N : hΓ

2

⊢ V i and Γ ⊑ Γ

1

⊓ Γ

2

. Hence, by rules →

i

and →

e

, λx.M : hΓ

1

⊢ V → U i and (λx.M )N : hΓ

1

⊓ Γ

2

⊢ U i. Since F V ((λx.M)N ) = F V (M [x := N ]), then Γ↑

^U

= Γ, and, by rule ⊑, (λx.M )N : hΓ↑

^U

⊢ U i.

– If x 6∈ F V (M ), then M : hΓ ⊢ U i and, by rule →

^′_i

, λy.M : hΓ ⊢ ω → Ui.

By rule ω, N : henv

_ω^N

⊢ ωi, then, by rule →

e

, (λx.M )N : hΓ⊓env

_ω^N

⊢ Ui.

Since F V ((λx.M)N ) = F V (M [x := N ])∪F V (N), then Γ↑

^U

= Γ⊓env

_ω^N

.

• If U = ⊓

^k_i=1

T

i

where ∀ 1 ≤ i ≤ k, T

i

∈ T : By rule ⊑, we have ∀ 1 ≤ i ≤ k, M [x := N] : hΓ ⊢ T

i

i, then, by the previous case, ∀ 1 ≤ i ≤ k, (λx.M)N : hΓ↑

^U

⊢ T

i

i, then, by k − 1 applications of rule ⊓

i

, (λx.M)N : hΓ↑

^U

⊢ Ui.

Next, we give the main block for the proof of subject expansion for β . Theorem 19 If N : hΓ ⊢ U i and M ⊲

β

N, then M : hΓ↑

^M

⊢ U i.

Proof By induction on the derivation N : hΓ ⊢ Ui.

• If

x : hx : T ⊢ T i and M ⊲

β

x, then M = (λy.M

1

)M

2

where y 6∈ F V (M

2

) and x = M

1

[y := M

2

]. By lemma 18, M : h(x : T )↑

^M

⊢ T i.

• If

N : henv

_ω^N

⊢ ωi and M ⊲

β

N , then since by theorem 2.1, F V (N ) ⊆ F V (M ), (env

^Nω

)↑

^M

= env

ω^M

. By ω, M : henv

^M_ω

⊢ ωi. Hence, M : h(env

_ω^N

)↑

^M

⊢ ωi.

• If N : hΓ, x : U ⊢ T i

λx.N : hΓ ⊢ U → T i and M ⊲

β

λx.N , then we have two cases:

– If M = λx.M

^′

where M

^′

⊲

β

N , then by IH, M

^′

: h(Γ, x : U )↑

^M′

⊢ T i.

Since by theorem 2.1 and lemma 7.1, x ∈ F V (N ) ⊆ F V (M

^′

), then

we have (Γ, x : U )↑

^{F V(M′)}

= Γ↑

^{F V(M′)\{x}}

, x : U and Γ↑

^{F V(M′)\{x}}

=

Γ↑

^λx.M′

. Hence, M

^′

: hΓ↑

^λx.M′

, x : U ⊢ T i and finally, by →

i

, λx.M

^′

:

hΓ↑

^λx.M′

⊢ U → T i.

– If M = (λy.M

1

)M

2

where y 6∈ F V (M

2

) and λx.N = M

1

[y := M

2

], then, by lemma 18, since y 6∈ F V (M

2

) and M

1

[y := M

2

] : hΓ ⊢ U → T i, we have (λy.M

1

)M

2

: hΓ↑

^(λy.M1)M2

⊢ U → T i.

• If N : hΓ ⊢ T i x 6∈ dom(Γ)

λx.N : hΓ ⊢ ω → T i and M ⊲

β

N then similar to the above case.

• If N

1

: hΓ

1

⊢ U → T i N

2

: hΓ

2

⊢ U i

N

1

N

2

: hΓ

1

⊓ Γ

2

⊢ T i and M ⊲

β

N

1

N

2

, we have three cases:

– M = M

1

N

2

where M

1

⊲

β

N

1

. By IH, M

1

: hΓ

1

↑

^M1

⊢ U → T i. It is easy to show that (Γ

1

⊓ Γ

2

)↑

^M1N2

= Γ

1

↑

^M1

⊓ Γ

2

. Now use →

e

.

– M = N

1

M

2

where M

2

⊲

β

N

2

. Similar to the above case.

– M = (λx.M

1

)M

2

where x 6∈ F V (M

2

) and N

1

N

2

= M

1

[x := M

2

]. By lemma 18, (λx.M

1

)M

2

: h(Γ

1

⊓ Γ

2

)↑

^(λx.M1)M2

⊢ T i.

• If N : hΓ ⊢ U

1

i N : hΓ ⊢ U

2

i

N : hΓ ⊢ U

1

⊓ U

2

i and M ⊲

β

N then use IH.

• Let N : hΓ ⊢ U i hΓ ⊢ U i ⊑ hΓ

^′

⊢ U

^′

i

N : hΓ

^′

⊢ U

^′

i and M ⊲

β

N. By lemma 6.6, Γ

^′

⊑ Γ and U ⊑ U

^′

. It is easy to show that Γ

^′

↑

^M

⊑ Γ↑

^M

and hence by lemma 6.6, hΓ↑

^M

⊢ U i ⊑ hΓ

^′

↑

^M

⊢ U

^′

i. By IH, M ↑

^M

: hΓ ⊢ U i. Hence, by ⊑

hi

, we have M : hΓ

^′

↑

^M

⊢ U

^′

i.

Corollary 20 (Subject expansion for β) If N : hΓ ⊢ U i and M ⊲

^∗_β

N , then M : hΓ↑

^M

⊢ U i.

Proof By induction on the length of the derivation M ⊲

^∗_β

N using theorem 19 and the fact that if F V (P ) ⊆ F V (Q), then (Γ↑

^P

)↑

^Q

= Γ↑

^Q

.

4 The realisability semantics, its soundness and completeness

In this section we give a realisability semantics for our type system and establish both the soundness and completeness of this semantics.

We start with the definition of the function space and saturated sets.

Definition 21 Let X , Y ⊆ M.

1. We use P (X ) to denote the powerset of X, i.e. {Y / Y ⊆ X }.

2. We define X Y = {M ∈ M / M N ∈ Y for all N ∈ X }.

3. Let r ∈ {f, β}. We say that X is r-saturated if whenever M ⊲

^∗_r

N and N ∈ X , then M ∈ X .

Lemma 22 Let r ∈ {f, β}.

1. If X is β-saturated, then X is f -saturated.

2. If X , Y are r-saturated sets, then X ∩ Y is r-saturated.

3. If Y is r-saturated, then, for every set X ⊆ M, X Y is r-saturated.

Proof 1. Note that ⊲

^∗_f

⊂ ⊲

^∗_β

. 2. is easy. 3. Let N ∈ X Y, M ⊲

^∗_r

N and P ∈ X . Then, by theorem 2.2, M P ⊲

^∗_r

N P and N P ∈ Y. Since Y is r-saturated,

then M P ∈ Y. Thus, M ∈ X Y.

We interpret basic types as saturated sets. The interpretation of complex types is built up from smaller types in the obvious way.

Definition 23 Let r ∈ {f, β}.

1. An r-interpretation I : A 7→ P (M) is a function such that:

∀ a ∈ A, I (a) is r-saturated.

2. An r-interpretation I can be extended to U as follows:

I(ω) = M I(U

1

⊓ U

2

) = I(U

1

) ∩ I(U

2

) I(U → T ) = I(U ) I(T ) Lemma 24 If I is a β-interpretation then I is an f -interpretation.

Proof Use lemma 22.1.

The next lemma shows that the interpretation of any type (basic or complex) is saturated, that the interpretation function respects the relation ⊑ and that we can in some sense expand the terms in the interpretation.

Lemma 25 Let r ∈ {f, β} and let I be an r-interpretation.

1. For any U ∈ U , we have I(U) is r-saturated.

2. If U ⊑ V , then I (U ) ⊆ I(V ).

3. Let n ≥ 0 and ∀1 ≤ i 6= j ≤ n, x

i

6= x

j

. If ∀ N

i

∈ I(U

i

) (1 ≤ i ≤ n), M [(x

i

:= N

i

)

ⁿ₁

] ∈ I(U ), then

λx

1

....λx

n

.M ∈ I(U

1

→ (U

2

→ (... → (U

n

→ U )...))).

Proof 1. By induction on U using lemma 22.

2. By induction of the derivation U ⊑ V . 3. By induction on n ≥ 0 using 1.

We now show the soundness of our sematics.

Theorem 26 (Soundness) Let r ∈ {f, β}. If M : h(x

i

: U

i

)

n

⊢ U i, I is an r-interpretation and ∀1 ≤ i ≤ n, N

i

∈ I (U

i

), then M [(x

i

:= N

i

)

ⁿ₁

] ∈ I(U ).

Proof By induction on the derivation M : h(x

i

: U

i

)

n

⊢ Ui.

• Let

x : h(x : T ) ⊢ T i . If N ∈ I(T ) then x[x := N ] = N ∈ I(T ).

• Let

M : henv

^M_ω

⊢ ωi where env

^M_ω

= (x

i

: ω)

n

. We have M [(x

i

:= N

i

)

ⁿ₁

] ∈ M = I(ω).

• Let P : h(x

i

: U

i

)

ⁿ₁

, x : U ⊢ Ti λx.P : h(x

i

: U

i

)

n

⊢ U → T i .

If I(U ) = ∅ then (λx.P)[(x

i

:= N

i

)

ⁿ₁

] ∈ I (U ) I (T ) = M.

If I (U ) 6= ∅ then let N ∈ I(U ). By IH, P[(x

i

:= N

i

)

ⁿ₁

, x := N ] ∈ I(T ). By lemma 25.1, I(T ) is r-saturated.

Moreover, (λx.P )[(x

i

:= N

i

)

ⁿ₁

] N ⊲

^∗_r

P[(x

i

:= N

i

)

ⁿ₁

, x := N ]. Hence, (λx.P )[(x

i

:= N

i

)

ⁿ₁

]N ∈ I(T ) and (λx.P )[(x

i

:= N

i

)

ⁿ₁

] ∈ I(U ) I(T ).

• Let P : h(x

i

: U

i

)

n

⊢ T i x 6= x

i

λx.P : h(x

i

: U

i

)

n

⊢ ω → T i and N ∈ M. Note that x 6∈ F V (P ).

By IH, P [(x

i

:= N

i

)

ⁿ₁

] ∈ I (T ). By lemma 25.1, I(T ) is r-saturated.

Moreover, (λx.P )[(x

i

:= N

i

)

ⁿ₁

] N ⊲

^∗_r

P[(x

i

:= N

i

)

ⁿ₁

]. Hence

(λx.P )[(x

i

:= N

i

)

ⁿ₁

] N ∈ I(T ) and (λx.P)[(x

i

:= N

i

)

ⁿ₁

] ∈ I (ω) I (T ).

• Let M

1

: hΓ

1

⊢ U → T i M

2

: hΓ

2

⊢ U i

M

1

M

2

: hΓ

1

⊓ Γ

2

⊢ T i where Γ

1

= (x

i

: U

i

)

n

, (y

j

: V

j

)

m

, Γ

2

= (x

i

: U

_i^′

)

n

, (z

k

: W

k

)

l

and Γ

1

⊓Γ

2

= (x

i

: U

i

⊓U

_i^′

)

n

, (y

j

: V

j

)

m

, (z

k

: W

k

)

l

. Let ∀1 ≤ i ≤ n, P

i

∈ I(U

i

⊓ U

_i^′

), ∀1 ≤ j ≤ m, Q

j

∈ I (V

j

) and ∀1 ≤ k ≤ l, R

k

∈ I(W

k

). By IH, M

1

[(x

i

:= P

i

)

ⁿ₁

, (y

j

:= Q

j

)

^m₁

] ∈ I (U ) I (T ) and M

2

[(x

i

:= P

i

)

ⁿ1

, (z

k

:= R

k

)

^l1

] ∈ I (U ),

then (M

1

M

2

)[(x

i

:= P

i

)

ⁿ₁

, (y

j

:= Q

j

)

^m₁

, (z

k

:= R

k

)

^l₁

] =

M

1

[(x

i

:= P

i

)

ⁿ₁

, (y

j

:= Q

j

)

^m₁

] M

2

[(x

i

:= P

i

)

ⁿ₁

, (z

k

:= R

k

)

^l₁

] ∈ I (T ).

• Let M : h(x

i

: U

i

)

n

⊢ V

1

i M : h(x

i

: U

i

)

n

⊢ V

2

i

M : h(x

i

: U

i

)

n

⊢ V

1

⊓ V

2

i . By IH, M [(x

i

:= N

i

)

ⁿ₁

] ∈ I(V

1

) and M [(x

i

:= N

i

)

ⁿ₁

] ∈ I(V

2

). Hence, M [(x

i

:= N

i

)

ⁿ₁

] ∈ I(V

1

⊓ V

2

).

• Let M : Φ Φ ⊑ Φ

^′

M : Φ

^′

where φ

^′

= h(x

i

: U

i

)

n

⊢ U i.

By lemma 6.6 and 6.3, Φ = h(x

i

: U

i^′

)

n

⊢ U

^′

i, ∀ 1 ≤ i ≤ n, U

i

⊑ U

i^′

and U

^′

⊑ U . By lemma 25.2, N

i

∈ I(U

_i^′

), then, by IH, M [(x

i

:= N

i

)

ⁿ1

] ∈ I (U

^′

) and, by lemma 25.2, M [(x

i

:= N

i

)

ⁿ₁

] ∈ I (U ).

Roughly speaking, completeness of the semantics amounts to saying that if M is in the meaning of type U (i.e., M is in I(U ) for any interpretation I) then M has type U . In order to show completeness, we define a special interpretation function I through the typing relation ⊢ in such a way that, if M ∈ I (U ) then M can be shown to have type U . This is done in the next definition and lemma.

Definition 27 1. For every U ∈ U , let an infinite subset V

_U

of V such that:

• If U 6= V , then V

_U

∩ V

_V

= ∅. • S

U∈U

V

_U

= V.

2. We denote G = {(x : U ) / U is a type and x ∈ V

_U

}. Note that since G is infinite, G is not a type environment.

3. Let M ∈ M and U ∈ U . We write M : h G ⊢ U i if there is a type environment Γ ⊂ G such that M : hΓ ⊢ U i.

4. Let I : A 7→ P(M) be the function defined by:

∀ a ∈ A, I (a) = {M ∈ M / M : h G ⊢ ai}.

Remark 28 Note that in Definition 27, we have associated to each U ∈ U , an infinite set of variables V

_U

in such a way that no variable is used in two different types, and each variable of V is associated to a type. Obviously, as long as these conditions are satisfied, we have the liberty of dividing the set V as we wish. We will practice this liberty in the proof of theorem 32.

Lemma 29 1. If Γ, Γ

^′

⊂ G and dom(Γ) = dom(Γ

^′

), then Γ = Γ

^′

. 2. If Γ, Γ

^′

⊂ G , then Γ ⊓ Γ

^′

= Γ ∪ Γ

^′

⊂ G .

3. I is a β-interpretation. I.e., ∀ a ∈ A, I (a) is β -saturated.

Hence, I is an f -interpretation.

Furthermore, we extend I to U as in Definition 23.2.

4. If U ∈ U , then I (U ) 6= ∅ and I (U ) = {M ∈ M / M : h G ⊢ U i}.

Proof

1. Let (x : U ) ∈ Γ and (x : U

^′

) ∈ Γ

^′

. Hence, x ∈ V

_U

and x ∈ V

_U′

and so, U = U

^′

(otherwise, V

_U

∩ V

_U′

= ∅).