Intersection-Types à la Church

Transcription

1 Intersection-Types à la Church Luigi Liquori INRIA Sophia Antipolis, France Simona Ronchi Della Rocca Dipartimento di Informatica, Università di Torino, Italy Abstract In this paper, we present Λ t, a fully typed λ-calculus based on the intersection-type system discipline, which is a counterpart à la Church of the type assignment system as invented by Coppo and Dezani. The relationship between Λ t and the intersection type assignment system is the standard isomorphism between typed and type assignment system, and so the typed language inherits from the untyped system all the good properties, like subject reduction and strong normalization. Moreover both type checking and type reconstruction are decidable. Key words: Logics and Types, λ-calculus 1 Introduction The Intersection-Type Assignment System (Λ u ) is a set of inference rules for assigning intersection-types to terms of the untyped λ-calculus. Intersectiontypes are formulæ of the implicational and conjunctive fragment of propositional logic. The syntax and the typing rules are presented in Figure 1. Intersectiontypes were introduced by Coppo and Dezani, to increase the typability power of Curry s type assignment system for the λ-calculus [Coppo and Dezani-Ciancaglini (1980)]. Since then, intersection-types have been fruitfully used for designing static semantics of programming languages (e.g. Algol-like [Reynolds (1996)]), for characterizing interesting classes of λ-terms (e.g. the strongly normalizing ones [Pottinger (1980)]), and for studying denotational semantics of various untyped λ- calculi (e.g. [Barendregt et al. (1983)] and [Coppo et al. (1983)]). There are many versions in the literature of intersection-type assignment systems. Here we choose that one presented as System D [Krivine (1990)], characterized by the presence of non syntax-directed rules for dealing with the introduction and Preprint submitted to Elsevier Science January 14, 2007

2 Syntax of Λ u Let α range over a denumerable set V of type-constants Let take precedence over M ::= x λx.m M M σ ::= α σ σ σ σ Type System for Λ u Let E = {x 1 :σ 1,..., x n :σ n } (i j implies x i x j ), and E, x:σ = E {x:σ} x:σ E E x : σ (Var) E, x:σ 1 M : σ 2 E λx.m : σ 1 σ 2 E M : σ 1 σ 2 E N : σ 1 E M N : σ 2 E M : σ 1 σ 2 E M : σ 1 ( E L ) ( E) E M : σ 1 E M : σ 2 E M : σ 1 σ 2 E M : σ 1 σ 2 E M : σ 2 ( E R ) ( I) Figure 1. The Intersection-Type Assignment System Λ u. elimination of the intersection. Note that, differently from most of the systems presented in the literature, as for example [Dezani-Ciancaglini et al. (1998)], in this system the connective is neither commutative nor associative nor idempotent. The choice of this presentation has been taken since we are looking for a typed version of the calculus, where bound variables come decorated with their types, and in this setting it is natural to consider types as syntactical entities. In any case, this presentation does not have any consequence on the typability power of the intersection type assignment system, which is well known to characterize all and only the strongly normalizing terms [Krivine (1990), Pottinger (1980)]. Following the standard terminology, let us call à la Curry a system assigning types to untyped terms, and à la Church a system assigning types to typed terms, i.e. where types are part of the syntax of terms, by decorating bound-variables in abstractions. Differently from other type assignment systems à la Curry, Λ u has no natural counterpart à la Church. The classical example is the polymorphic identity in Λ u that has the following type-derivation: x:σ 1 x : σ 1 λx.x : σ 1 σ 1 x:σ 2 x : σ 2 λx.x : σ 2 σ 2 λx.x : (σ 1 σ 1 ) (σ 2 σ 2 ) but is untypable using a naïve corresponding rule à la Church for the introduction ( I) 2

3 of intersection-types [Hindley (1984)]. x:σ 1 x : σ 1 λx:σ 1.x : σ 1 σ 1 x:σ 2 x : σ 2 λx:σ 2.x : σ 2 σ 2 λx:?.x : (σ 1 σ 1 ) (σ 2 σ 2 ) By the Curry-Howard isomorphism [Howard (1980)], a λ-term must record the shape of its type-derivation. A standard proof decoration would give rise to a language which is a λ-calculus extended with a pair construction. For example, according to [Ronchi Della Rocca (2002)], the previous proof would be decorated in the following way: x:σ 1 x : σ 1 λx:σ 1.x : σ 1 σ 1 ( I) x:σ 2 x : σ 2 λx:σ 2.x : σ 2 σ 2 < λx:σ 1.x, λx:σ 2.x >: (σ 1 σ 1 ) (σ 2 σ 2 ) ( I) The resulting language has a very difficult syntax, since the pairing construct can be applied only on terms, which can be different, but their below untyped versions must be identical. An example in the literature of λ-calculus typed à la Church with intersection types, where the syntax is exactly the classical one, but for types, is the language Forsythe in [Reynolds (1996)]. But it is incomplete, in the sense that the resulting typed system has less typability power than the type assignment one. In fact, in the Reynolds s syntax, assuming that a term M has type τ under the assumption that the variable x has any one of the types σ i (1 i n), we can form the typed term: λx:σ 1 σ 2... σ n.m having types (σ i τ) for 1 i n, and all types derived from these by applying intersection introduction, intersection elimination and subtyping relations. So, for example, there is not a typed version of λx.λy.x, giving it the type δ = (σ (σ σ)) (τ (τ τ)), where σ and τ are uncomparable. In fact, according to the Forsythe syntax, we can form the two terms, namely λx:σ τ.λy:σ.x, having types σ (σ σ) and τ (σ τ), and λx:σ τ.λy:τ.x, having types τ (τ τ) and σ (τ σ); however, the term λx:σ τ.λx:σ τ.x seems not typable with δ (this example has been taken from [Wells and Haack (2006)]). Moreover, Forsythe appear something in between a typed and a type assignment language, since terms do not have unique types. The problem is, as the skilled reader can understand, the presence of non syntaxdirected rules that disconnect the λ-term from its type-derivation (hence losing the Curry-Howard correspondence). It is important to point out that this problem does not depend on the chosen intersection-type assignment system; indeed, not one of the intersection type assignment systems presented in the literature is completely syntax directed (and not-even it cannot be!) 3

4 Our goal is to build a λ-calculus à la Church, typed by intersection types, whose syntax is, as far as possible, similar to other typed λ-calculi. We want to design this calculus through a typed system, building typed terms together with their type, such that the typed system and the type assignment system Λ u are related by the standard path designed in [Giannini et al. (1993), Liquori (1996), van Bakel et al. (1997)]. More precisely, the following requirement list must be satisfied: Desiderata (1) there exists an erasing function E, erasing type information from typed terms, such that, if M is a typed term, then E(M) Λ; (2) typed and type assignment derivations are isomorphic, under the assumption that they share the same type syntax. I.e., the application of an erasing function E on all typed terms and contexts (in a typed derivation judgment) produces a derivable type assignment derivation, and every type assignment derivation is obtained from a typed one by applying the same erasure E. Such a kind of isomorphism has been studied in [van Bakel et al. (1997)]. Moreover, we want that the intersection calculus à la Church inherits all the properties of intersection type assignment à la Curry, namely: (3) subject reduction; (4) strong normalization of typable terms; plus the following ones, which are typical of typed languages: (5) (typed) subject expansion; G[Ma non ci vuole OMEGA?] (6) unicity of typing; (7) decidability of type reconstruction and of type checking. Not one of the proposals present in the literature satisfies all the given requirements. The typed calculi proposed in [Reynolds (1996)] and [Pierce and Turner (1994)] do not satisfy requirement 2 and 6, the ones in [Capitani and Venneri (2001)], [Ronchi Della Rocca (2002)], and [Wells et al. (2002)] do not satisfy requirement 1, while the language in [Wells and Haack (2006)] does not satisfy requirement 2. In order to find a solution to this challenge, our attempt has been to design a calculus, where typing depends on a new imperative-like formulation of context, assigning types to term-variables at a given mark/location. In the typed term, a bound variable is associated to a mark, and a term is associated to a kind of store, remembering both the associations between marks and types and the structure of the typed derivation. Hence a store is a truly typed proof-calculus that can be executed by means of suitable reduction rules. The store-calculus can be defined per se, as decoration of the implicative and conjunctive fragment of intuitionistic logic; it codifies a set of proofs that is strictly bigger than these corresponding to intersection-type derivations (see [Ronchi Della Rocca and Roversi (2001)]). As example, the typed identity with type (σ 1 σ 1 ) (σ 2 σ 2 ) 4

5 can be written in our proposal as the term 1.0) (λ0:σ 2.0) where 0 is a mark, and (λ0:σ 1.0) (λ0:σ 2.0) is the store for λx:0.x. The typed λ- calculus so obtained satisfies all the above requirements. As a nice consequence of these choices, we get decidability of the type reconstruction and type checking, both being also easy to define. The paper is organized as follows: Section 2 presents the calculus of stores, Section 3 shows the whole intersection-typed λ-calculus, in Section 4 the isomorphism between it and Λ u is proved, Section 5 contains some examples, Section 6 lists the metatheory and the type checking/type inference algorithms. Conclusions and final remarks end the paper. 2 The Proof-calculus ΛP The syntax of intersection-types is that of the formulas of the implicative and conjunctive fragment of the intuitionistic logic (denoted by L ), where the logical connectives and denote the implication and the conjunction. Unfortunately, the intersection-type assignment system Λ u does not correspond, in the Curry-Howard sense, to this logic [Hindley (1984)], because of the anomalous decoration of the rules dealing with conjunction. In what follows, we present a typed λ-calculus, obtained by decorating the proof of such a logic. The main peculiarity of this calculus is that it is defined on marks instead of on variables; the calculus will be used to record the structure of an intersection derivation, though an association between marks and types. Syntax of ΛP. We start with some useful definitions. Definition 2.1 (1) Type-marks (denoted by ι) range over Nat; (2) Intersection-types are defined as follows: σ ::= α σ σ σ σ where α ranges over a denumerable set V of constants; (3) Proof-contexts are finite associations between marks and types, where all marks are different, and they are defined by the following grammar: G ::= ɛ G, ι:σ 5

6 (4) Pseudo-proof-trees are labeled unary/binary trees defined as follows: ::= ι λι:σ. (5) The set Fm( ) of the free-marks in a pseudo-proof-tree is Fm(ι) = {ι} Fm(λι:σ. ) = Fm( ) \ {ι} Fm( 1 2 ) = Fm( 1 ) Fm( 2 ) Fm( 1 2 ) = Fm( 1 ) Fm( 2 ) Fm( ) = Fm( ) Fm( ) = Fm( ) A mark is bound in if it is not free in. Let Mk( ) denote the set of marks occurring (either bound or free) in. Type System for ΛP. The system proves judgments of the shape: G P : σ where G is a proof-context, is a pseudo-proof-tree, and σ is a type. The pseudoproof-tree is a legal proof-tree if there are G and σ such that G P : σ. The rules of the system, obtained by decorating the rules of the logic L, are showed in Figure 2. Note that ΛP is just an unusual syntax for the simply typed λ-calculus with pairs, which can be seen, via the Curry-Howard isomorphism, as a decoration of L. Reduction Semantics of ΛP. Every term being in ΛP a decoration of a proof of L, the reduction rules of the languages correspond to the proof-reduction steps of the logic. While the proof normalization procedure for L and its properties are well-known, we recall it formally in ΛP, in order to use it for further proofs. Following the Curry-Howard isomorphism, and with a little abuse of notation, proof-reduction stands for proof-reduction in ΛP. Definition 2.2 (Proof redundancies in ΛP) (1) A -redundancy is an application of rule ( I) immediately followed by an application of either rule ( E L ), or rule ( E R ); 6

7 The Logic L Let Σ = {σ 1,..., σ n }, and Σ, σ = Σ {σ} σ Σ Σ L σ (Var) Σ L σ 1 σ 2 Σ L σ 1 Σ L σ 2 Σ L σ 1 σ 2 Σ L σ 1 ( E L ) ( E) Σ, σ 1 L σ 2 Σ L σ 1 σ 2 Σ L σ 1 Σ L σ 2 Σ L σ 1 σ 2 Σ L σ 1 σ 2 Σ L σ 2 ( E R ) ( I) The Proof-calculus ΛP. Let G = {ι 1 :σ 1,..., ι n :σ n } (i j implies ι i ι j ), and G, ι:σ = G {ι:σ} ι:σ G G P ι : σ (Var) G, ι:σ 1 P : σ 2 G P λι:σ 1. : σ 1 σ 2 G P 1 : σ 1 σ 2 G P 2 : σ 1 G P 1 2 : σ 2 G P : σ 1 σ 2 G P : σ 1 ( E L ) ( E) G P 1 : σ 1 G P 2 : σ 2 G P 1 2 : σ 1 σ 2 G P : σ 1 σ 2 G P : σ 2 ( E R ) ( I) Figure 2. The Logic L and its Proof-calculus ΛP. (2) An arrow-redundancy is an application of rule immediately followed by an application of rule ( E). Definition 2.3 (Proof-reduction for ΛP) (1) A -proof-reduction is defined as follows: D 1 : G P 1 : σ 1 G P 2 : σ 2 G P 1 2 : σ 1 σ 2 ( E L ) G P ( 1 2 ) : σ 1 the ( E R ) rule being similar; (2) A -proof-reduction is defined as follows: D 1 : G, ι:σ 1 P 1 : σ 2 G P λι:σ 1. 1 : σ 1 σ 2 D 2 : G P 2 : σ 1 G P (λι:σ 1. 1 ) 2 : σ 2 ( I) ( E) = D 1 : G P 1 : σ 1 = D 3 : G P 1 [ 2 /ι] : σ 2 7

8 where D 3 is the derivation obtained from D 1 as follows: (a) replace every axiom of the shape ι:σ 1 G G P ι : σ 1 (Var) by a derivation D 2 : G P 2 : σ 1 (this last derivation can easily be obtained from D 2 since G G and weakening is a derived rule); (b) erase the applications of rules and ( E) below D 1 ; (c) replace every free occurrence of ι by 2. (3) We denote by D 1 = D 2 the fact that D 2 is obtained from D 1 by either a or a -proof-reduction step. Let = denote the transitive, reflexive, and contextual closure of =. It is easy to check that the two proof-reductions defined in the points (1) and (2) of the previous definition are correct, in the sense that their result is a correct derivation. For the -proof-reduction the proof is trivial, for the -proof-reduction a proof can be easily carried out, by induction on the derivation D 1. The -proof-reduction gives rise to the following reduction rule (similar to the standard β-rule), indexed by the name of the abstracted mark: (λι:σ. 1 ) 2 ι 1 [ 2 /ι] and the -proof-reductions give rise to the following two reduction rules: ( 1 2 ) π1 1 ( 1 2 ) π2 2 By abuse of notation, ι, π1, π2 will denote the contextual closure of the above rules. As usual, the ΛP calculus works modulo α-conversion, as the symmetric, transitive, reflexive, and contextual closure of the following rule: λι 1 :σ. α λι 2 :σ. [ι 2 /ι 1 ] where ι 2 is fresh As a consequence of the fact that L is strongly normalizing, the following result holds: Fact 1 (Strong Normalization of ΛP) ΛP is strongly normalizing. The reader will find useful the following example of a type-derivation in ΛP. 8

9 Example 2.1 (Type derivation) We show a type-derivation for the proof-tree (λ0:σ 1.0) (λ0:σ 2.0). 0:σ 1 P 0 : σ 1 (Var) P λ0:σ 1.0 : σ 1 σ 1 0:σ 2 P 0 : σ 2 (Var) P λ0:σ 2.0 : σ 2 σ 2 P (λ0:σ 1.0) (λ0:σ 2.0) : (σ 1 σ 1 ) (σ 2 σ 2 ) ( I) 3 The Intersection-Typed System Λ t The intersection-typed system is built starting from an unusual formulation of contexts. In fact, a context associates to a variable both a mark and a type, such that different variables are associated to different marks. This novel formulation of contexts allows to remember, in rule, just the mark, the corresponding type being stored in the proof-tree, built by the system in parallel with the typed term. In this way the underlying term is de facto a term of the classical untyped λ-calculus. Since the proof-tree describes the structure of the type-derivation, we also obtain the decidability of type reconstruction and type checking. Syntax of Λ t. Definition 3.1 (1) Type-marks, intersection-types and proof-trees are defined as in Definition 2.1. (2) Contexts are finite associations between different variables and types at a given mark, such that different variables are associated with different marks. They are defined as follows: Γ ::= ɛ Γ, x@ι:σ (3) The set of marked-terms is defined as follows: M ::= x λx:ι.m M M (4) A pseudo-term of Λ t has the shape where M is a marked-term and is a proof-tree. In what follows, the symbol denotes the syntactic equality for marked-terms, types, contexts, type-marks and proof-trees, respectively. Definition 3.2 (Fv, Fm G[Ti proporrei questa definizione di FV e FM]) 9

10 The set of free-variables of a pseudo-term is defined as follows: Fv(x@ι) = {x@ι} ) = ) ) = ) Fv((λx:ι.M)@(λι:σ. )) = ) \ {x@ι} Fv((M N)@( 1 2 )) = 1 ) 2 ) 1 2 ) = 1 ) 2 ) The set of free-marks of a pseudo-term is defined as follows: Fm(x@ι) = {ι} ) = ) ) = ) Fm((λx:ι.M)@(λι:σ. )) = ) \ {ι} Fm((M N)@( 1 2 )) = 1 ) 2 ) 1 2 ) = 1 ) 2 ) We also need to formally define the set of free-variables and free-marks in Λ t. Definition 3.3 (Fv, Fm, Mk) (1) The set of free-variables of a marked-term is defined as follows: Fv(x) = {x} Fv(λx:ι.M) = Fv(M) \ {x} Fv(M N) = Fv(M) Fv(N) (2) The set of free-marks of a marked-term is defined as follows: Fm(x) = Fm(λx:ι.M) = {ι} Fm(M) Fm(M N) = Fm(M) Fm(N) (3) The set of free-marks of a proof-term is defined as follows: Fm(ι) = {ι} Fm(λι:σ. ) = Fm( ) \ {ι} Fm( 1 2 ) = Fm( 1 ) Fm( 2 ) Let ) denote the set of all marks (either bound or free) in 10

11 Γ Γ : σ (Var) Γ, 1 : σ 2 Γ (λx:ι.m)@(λι:σ 1. ) : σ 1 σ 2 Γ 1 : σ 1 σ 2 Γ 2 : σ 1 Fm(M) Fm(N) = Γ (M N)@( 1 2 ) : σ 2 Γ 1 : σ 1 Γ 2 : σ 2 Γ 1 2 ) : σ 1 σ 2 ( I) ( E) Γ : σ 1 σ 2 Γ ) : σ 1 ( E L ) Γ : σ 1 σ 2 Γ ) : σ 2 ( E R ) Figure 3. The Type System for Λ t. The premises of a rule are intended to be ordered. Type System for Λ t. the shape: The judgments of the intersection-typed calculus Λ t have Γ : σ where Γ is a context, M is a marked-term, and is a proof-tree. Intuitively: in the judgment, the type-context Γ assigns intersection-types to the free-variables of M annotated by free-marks; if Γ : σ, then we say that is a term of Λ t. The proof-tree keeps track of the type of the used mark together with a trace of the skeleton of the derivation tree. The proof-tree plays the role of a road map to backtrack (i.e. roll back) the derivation tree. The typing rules are presented in Figure 3. Some comments are in order: (Var) gives types to free-variables at a given mark; is a quasi-classical abstraction rule, but it records in the term only the type-mark associated to the abstracted variable; the proof-tree evolves in a new proof-tree enriched with the binding for the mark ι; ( E) is a quasi-classical application rule; observe that the two type-stores of the premises become sub proof-trees in the conclusion (the hidden application operator being the root); moreover, a linearity condition is imposed on the freemarks occurring marked-term; ( I) is the most important rule; given two judgments for M assigning types σ 1 and type σ 2, in the same context Γ but with different proof-trees 1, and 2, we can assign the intersection-type σ 1 σ 2 to M in the context Γ but in the new proof-tree 1 2. At this point the marked-term M loses the one-to-one correspondence with its proof. Luckily, the new proof-tree keeps track of the derivation and guarantees unicity of typing; ( E L ), and ( E R ) are the two standard rules that eliminate intersection-types. 11

12 Also in this case the marked-term M loses the one-to-one correspondence with its (logical) proof, but the proof is memorized by the proof-tree, thanks to the two place-holders and, indicating the applied rule. If a rule have more than one premise, its premises are intended to be ordered, since we consider intersection not commutative, so we want the derivation of 1 2 be different from the derivation of 2 1. Now we will list some syntactical properties of terms of Λ t. First, a definition is needed. Definition 3.4 Let D be a derivation of Λ t, and let D 1 and D 2 be two subderivations of D. D 1 and D 2 are disjoint if and only if there are two subderivations of D, let D 1 and D 2 such that: (1) D 1 is a subderivation of D 1; (2) D 2 is a subderivation of D 2; (3) in D there is an application of rule ( I), whose premises are D 1 and D 2. Analogously, if is a proof-term, two its subterms 1 and 2 are disjoint if and only if there are 1 and 2 such that: (1) 1 is a subterm of 1; (2) 2 is a subterm of 2; (3) 1 2 is a subterm of. Fact 2 Let D : Γ : σ. (1) every mark ι occurs free at most once in Γ; (2) every mark ι occurs free at most once in M; (3) if in M there are n 1 free occurrences of the variable x, then there are p 1 disjoint subderivations of D, each one containing n axioms with subject x. (4) if in M there are n 1 free occurrences of the variable x, and in Γ the variable x is typed at the location ι, then there are p 1 disjoint subterms of each one containing n free occurrences of ι. Proof. All points can be easily proved by induction on the derivation. (1) Trivial; (2) On rule (V ar), the proof comes by the condition that different variables in the context be associated to different mark and point 2 from the syntax of marked terms. On rule ( E), the proof comes by induction and by the condition that the set of free marks of the two marked terms in the premises are disjoint. All other cases come directly by induction; 12

13 (3) In case the last applied rule is (Var) the proof is obvious. In case of rules, ( I) and ( E) the proof comes immediately by induction. Let we consider rule ( E): D 1 : Γ 1 : σ 1 σ 2 D 2 : Γ Q@ 2 : σ 1 Fm(P ) Fm(Q) = Γ (P Q)@( 1 2 ) : σ 2 ( E) where M P Q. Let n = n 1 + n 2 and let x have n 1 occurrences in P and n 2 occurrences in Q. By induction there are p i disjoint subderivations of D i, containing respectively n i free occurrences of x (1 i 2). Since subderivations disjoint in D 1 and D 2 remain disjoint after the application of rule ( E), the result follows; (4) It is a direct consequence of the previous point. Note that, derivations in Λ t can be considered modulo α-rule on the marked terms, where the α rule is the symmetric, transitive and contextual closure of the following rule: λx:ι.m α λy:ι.m[y/x] y fresh In fact Γ : σ if and only if Γ : σ, where M α M (taking care that the bound variables in M be replaced by variables fresh with respect to either M and Γ). Note also, that no α-rule is defined on proof-terms. In fact, marks represent physical locations, each one with a fixed name. Now, let us introduce a non-standard notion of substitution. Definition 3.5 (Renaming function) (1) A renaming function of rank n is a function ρ, associating to every mark a sequence of n different marks. (2) Let M and N be two marked-terms, and let M have n occurrences of the free variable x, which we can enumerate x 1,..., x n, reading M from left to right. Moreover let ρ be a renaming function of rank n, and let N i be a copy of N obtained by replacing every mark ι occurring free in N by the i-th elements of ρ(ι) (denoted by ρ(ι) i ). Let M{N/x} ρ denote the term obtained from M by replacing, in a capture free way, the occurrence x i of x by N i (1 i n). Then M{N/x} ρ can be defined inductively as follows: y{n/x} ρ = if y x then N else y; (λy.m){n/x} ρ = λz.m[z/y]{n/x} ρ, where z is fresh; (MN){N/x} ρ = M{N/x} ρ1 N{N/x} ρ2, where, if M and N have respectively p and q occurrences of x, then ρ 1 (ι) = ρ(ι) 1,.., ρ(ι) p and ρ 2 (ι) = ρ(ι) p+1,.., ρ(ι) p+q, where the index i denotes the i-th component of the sequence ρ(ι). (3) Let ρ be a renaming function of rank n, and let the proof-term contain p disjoint subterms i (1 i p) each one containing n free occurrences of ι. 13

14 Let j be a copy of obtained by replacing every mark ι occurring bound in ρ(ι ) j (1 j n). { /ι} ρ denotes the term obtained from by replacing the j-th occurrence of ι in i by j (1 i n). (4) A renaming function ρ is suitable for with respect to x if its rank is the same as the number of free occurrences of x in M, and moreover ) and the codomain of ρ are disjoint. This definition needs some comments. If a mark ι occurs in a marked term N, then there is a subterm of N of the shape λy:ι.p, so ι identifies the location of the bound variable y. Let M have two free occurrences of x, and let we want to replace both by N; in duplicating N, two subterms λy:ι.p are generated, so, in particular, y becomes two different bound variables, which cannot be stored in the same location. Since every mark occurring free in a marked term occurs bound in the associated proof term, the substitution in a proof term in defined in a similar way, but renaming the bound variables. Since no α rule has been defined on proof terms, this definition of substitution is correct. Property 3.1 (Substitution) If D : Γ, x@ι:σ : τ, and Γ : σ, and Fm(M) Fm(N) =, then Γ M{N/x} { /ι} ρ : τ, for every renaming function ρ suitable for with respect to x. Proof. By induction on D. Example 3.1 Let σ = σ 1 σ 1, and τ = τ 1 τ 1, and µ = ((σ σ) σ) ((τ τ) τ)). It is easy to verify that the following derivations are correct: D 1 : y@1:µ y y@(( ( 1))(( 1) )) (( (1 ))((1 ) )) : σ τ D 2 : λz:2.z@ : µ, where ((λ2:σ.2) (λ2:σ 1.2)) ((λ2:τ.2) (λ2:τ 1.2)). D 3 : w@2:µ w@2 : µ and let ρ(2) = 3, 4. Moreover, let 1 ( 2 ) be where the bound mark 1 has been replaced by 3 (4). Then: (y y){λz:2.z/y} ρ (λz:3.z) (λz:4.z) (y y){w/y} ρ w w (( ( 1))(( 1) )) (( (1 ))((1 ) )){ /1} ρ (( ( 1 ))(( 2 ) )) (( ( 1 ))(( 2 ) )). ( ( 1))(( 1) ) ( (1 ))((1 ) ){2/1} ρ ( ( 1))(( 1) ) ( (1 ))((1 ) ). It is easy to check that the following derivations are also correct: y@1:µ (yy){λz:2.z/y} ( 1))(( 1) ) ( (1 ))((1 ) ){ /1} ρ : σ τ, w@1:µ (ww)@( ( 1))(( 1) ) ( (1 ))((1 ) ) : µ. 14

15 4 Reduction Semantics of Λ t. The reduction rules of Λ t are derived from the proof-reduction procedure. Definition 4.1 (Proof-reduction for Λ t ) (1) A -redundancy is a derivation either of the shape: D 1 : Γ 1 : σ 1 Γ 2 : σ 2 Γ 1 2 : σ 1 σ 2 ( E L ) Γ ( 1 2 ) : σ 1 or of the shape: ( I) Γ 1 : σ 1 D 2 : Γ 2 : σ 2 Γ 1 2 : σ 1 σ 2 ( E R ) Γ 1 2 ) : σ 2 and the corresponding reducts are respectively: ( I) D 1 : Γ 1 : σ 1 and D 2 : Γ 2 : σ 2 (2) A -proof-reduction is a proof transformation defined as: D = D if and only if D is obtained from D by replacing one subderivation which is a -redundancy by the corresponding reduct and by arranging the subjects accordingly. (3) Let ι be a type-mark. A -redundancy, with respect to ι, is a subderivation of the shape: D 1 : Γ, x@ι:σ 1 1 : σ 2 Γ (λx:ι.m)@(λι:σ 1. 1 ) : σ 1 σ 2 The corresponding -reduct is: Γ (λx:ι.m) 1. 1 ) 2 : σ 2 D 2 : Γ 2 : σ 1 ( E) D 3 : Γ M{N/x} 1 { 2 /ι} ρ : σ 2 where ρ is a renaming function suitable for 1 with respect to x, and D 3 is the subderivation obtained from D 1 as follows: 15

16 (a) replace the i-th axiom (reading the leafs of D from left to right) of the shape x@ι:σ 1 Γ Γ x@ι : σ 1 (Var) in every disjoint subderivation of D by a D i : Γ N i 2 : σ 1, a copy of the derivation D 2 : Γ 2 : σ 1, where all and only the marks free in N have been renamed according to ρ. (D 2 last derivation can easily be obtained from D 2 since Γ Γ and weakening is a derived rule); (b) erase the applications of rules and ( E) below D 1 ; (c) replace the i-th free occurrence of x by N i and the i-th occurrence of ι in every disjoint subderivation by i 2. (4) A -proof-reduction is a proof transformation defined as: D = D if and only if D is obtained from D by: (a) replacing all -redundancies, with respect to the same mark ι, by the corresponding -reduct, using a given renaming function ρ; (b) let (λx:ι.m)n and (λι:σ. ) be the marked term and the proof-tree in the subject of one of the previous -redundancies: replace in all the derivation every occurrence of the first by M{N/x} ρ and of the second by { /ι} ρ. (5) We denote, with a little overload in notations, by D 1 = D 2 the fact that D 2 is obtained from D 1 by either a - or a - proof reduction. Let = denote the transitive and reflexive closure of =. Property 4.1 If D : Γ M@ : σ and D= D, then D is a correct derivation. Proof. S[DA RIFARE!] The correctness of the -proof-reductions is immediate. For proving the correctness of the -proof-reduction, assume D= D by applying a -proof reduction with respect to the mark ι. This means that D contains n 1 redundancies with respect to ι, so there are n subderivations D i (1 i n) of the shape: D i : Γ, x@ι:σ i i : τ i Γ i. i : σ i τ i D Γ (λx:ι.p )Q@(λι:σ i. i ) i : τ i i : Γ Q@ i : σ i By Fact 2, P and Q do not contain occurrences of ι. Let D be the maximal subderivation of D containing all D i as its subderivations, and such that the market term of its subject is (λx:ι.p )Q. D has the following properties: E 16

17 all paths from the conclusion of a D i to the conclusion of D consist in applications of rules ( I) and ( E), since they are the only rules whose applications do not modify the subject; let δ be the path from the conclusion of D to the conclusion of D. Each marked term in δ does not contain occurrences of ι, but in the subterm (λx:ι.p )Q; every marked term in D, not in D and not in δ, does not contain free occurrences of ι; every proof term in D, not in D and not in δ, does not contain occurrences of ι, neither free nor bound. The last three properties come directly from Fact 2. After the -proof reduction, every D i becomes a correct derivation Di : Γ P [Q/x]@ i [ i/ι], by Property 3.1. Moreover, according with the procedure described in Definition 4.1.(4), applications of rules and ( E) after D i are erased (1 i n). Since the marked terms in each of Di are the same, D is transformed in a correct derivation. Then the correctness of all the resulting derivation follows, from the properties listed below. In fact, in the rest of the derivation, the only changement is the replacement of the marked subterm (λx:ι.p )Q by P [Q/x] and of the proof subterms (λι:σ i. i ) i by i [ i/ι] (1 i n). Example 4.1 (Proof-reduction in Λ t ) S[SI POTREBBE METTERE UN ESEM- PIO CON UNA DUPLICAZIONE, RIUTILIZZARE L ESEMPIO DELLA SOSTI- TUZIONE] Let D be the following derivation: D 1 D 2 y@0:σ 1 σ 2 (λx:1.x) y@((λ1:σ 1.1) 0) ((λ1:σ 2.1) 0 ) : σ 1 σ 2 ( I) where D 1 is: y@0:σ 1 σ 2, x@1:σ 1 x@1 : σ 1 (V ar) y@0:σ 1 σ 2 (λx:1.x)@(λ1:σ 1.1) : σ 1 σ 1 and D 2 is: y@0:σ 1 σ 2 (λx:1.x) y@(λ1:σ 1.1) 0 : σ 1 y@0:σ 1 σ 2, x@1:σ 2 x@1 : σ 2 (V ar) y@0:σ 1 σ 2 (λx:1.x)@(λ1:σ 2.1) : σ 2 σ 2 y@0:σ 1 σ 2 (λx:1.x) y@(λ1:σ 2.1) 0 : σ 2 y@0:σ 1 σ 2 y@0 : σ 1 σ 2 (V ar) y@0:σ 1 σ 2 y@ 0 : σ 1 ( E L ) ( E) y@0:σ 1 σ 2 y@0 : σ 1 σ 2 (V ar) y@0:σ 1 σ 2 y@0 : σ 2 ( E R ) ( E) 17

18 In D there are two -redundancies, both with respect to the same mark 1. So they need to be reduced in parallel. The reduced derivation is: y@0:σ 1 σ 2 y@0 : σ 1 σ 2 (V ar) y@0:σ 1 σ 2 y@ 0 : σ 1 ( E L ) y@0:σ 1 σ 2 y@ 0 0 : σ 1 σ 2 y@0:σ 1 σ 2 y@0 : σ 1 σ 2 (V ar) y@0:σ 1 σ 2 y@0 : σ 2 ( E R ) Note that reducing just one -redundancy would obtain an incorrect derivation. The three proof-reduction procedures give rise to three reduction rules, which, in order to maintain the correct relation with the derivations, work in parallel both on terms and on proof-trees. First of all, we need to define a reduction rule on marked terms, similar to a β- rule, indexed by both the mark associated to the marked variable and a renaming function ρ: (λx:ι.m)n ρ βι M{N/x} ρ. By abusing the notation, we will denote by ρ βι the contextual closure of the above rule. Then, we need to modify the definition of the reduction rule ι on proofterms, by allowing the renaming of bound marks: ( I) (λι:σ. 1 ) 2 ρ ι 1 { 2 /ι} ρ Moreover, let ι ρ denotes the transitive and contextual closure of ρ ι. where does not contain any bound occurrence of ι. In other words, is obtained from by performing all and only the reductions indexed by ι, with respect to ρ. Reduction rules. We are now ready to define the reduction rules of Λ t as follows: M ρ βι N 1 ρ ι 2 ρ suitable for 1 1 βt 2 ( βt ) 1 π1 2 1 π1 2 ( π1 ) 1 π2 2 1 π2 2 ( π2 ) Note that the occurrences of the marks inside a marked term are essential to identify the redexes that need to be reduced in parallel. Let βπ denote one reduction step, either βι or π1 or π2. A term is in normal form, if no one of the above reduction rules can be applied to it. 18

19 It is important to remark that on the proof-terms no α-rule is defined: in fact the marks are essential for identifying redexes. But, since terms of the language are defined as subjects of a derivation, on terms we can work modulo α-conversion, defining it in a global way, as follows: M α N α ( α) α {ι /ι} ι Mk( ) α M[ι /ι]@ {ι /ι} ( α) where ι is fresh and {ι /ι} denotes the proof-tree obtained from by replacing the bound mark ι by ι. The condition that ι is a fresh mark is essential for preserving the property showed in Fact 2. Definition 4.2 (α-conversion G[Io ti proporrei questa defn...]) α x y (λι 1 :σ. ) α M[ι 2 /ι 1 (λι 2 :σ. [ι 2 /ι 1 ]) ι 1 ι Discussion on proof-reduction for Λ t The reader could object that the definition of and -proof reduction is not exhaustive, since it does not take into account situations like: D : Γ (λx:ι.m)@ 1 : (σ 1 τ 1 ) (σ 2 τ 2 ) Γ (λx:ι.m)@ 1 : σ 1 τ 1 ( E) Γ (λx:ι.m) ( 1 ) 2 : τ 1 Γ 2 : σ 1 ( E) where a redex is created in the marked term, but there is neither a corresponding redex on the associated proof-term nor a corresponding -redundancy in the proof. But let us consider the subderivation D. It need to contain a subderivation D ending by the rule: Γ, x@ι:σ 1 1 : τ 1 Γ 1. 1 : σ 1 τ 1 and, in the path from this rule to the conclusion of D only rules ( E) and ( I) are applied, since they are the only rules that do not change the shape of the marked term. It is possible to prove, by induction on the lenght of this path, that it can be completed erased by a sequence of -proof reductions, 19

20 transforming D in D. So a -redundancy now appears, corresponding to the redex (λx:ι.m) 1. 1 ) 2. We will briefly sketch the proof. The case the path is of lenght 1 is not possible. In case it has lenght 2, the only possible case is that it is composed by a sequence of a ( I) followed by ( E), i.e.: Γ, x@ι:σ 1 1 : τ 1 Γ (λx:ι.m)@(λι:σ 1. 1 ) : σ 1 τ 1 Γ 2 : σ 2 τ 2 Γ (λx:ι.m)@(λι:σ 1. 1 ) 2 : (σ 1 τ 1 ) (σ 2 τ 2 ) Γ (λx:ι.m)@ ((λι:σ 1. 1 ) 2 ) : σ 1 τ 1 ( E) ( I) Γ (λx:ι.m) ((λι:σ 1. 1 ) 2 ) : τ 1 Γ : σ 1 ( E) The derivation has a -redundancy, and reducing it we obtain: Γ, x@ι:σ 1 1 : τ 1 Γ (λx:ι.m)@(λι:σ 1. 1 ) : σ 1 τ 1 which is an -redundancy. Γ (λx:ι.m) 1. 1 ) : τ 1 Γ : σ 1 ( E) If the lenght of the path is greater than 2, then at least one -redundancy occurs, since the applications of rule ( E) cannot all preceed those of rule ( I). So, after reducing it, the lenght of the path is decreased by 2, and the induction applies. 5 The Isomorphism between Λ u and Λ t In this section we prove that the type system for Λ t is isomorphic to the classical system for Λ u of [Coppo and Dezani-Ciancaglini (1980)]. The isomorphism is given for a customization of the general definition of isomorphism given in [Giannini et al. (1993), Liquori (1996), van Bakel et al. (1997)], to the case of intersection-types and proof-trees. From the logical point of view, the existence of an isomorphism means that there is a one-to-one correspondence between the judgments that can be proved in the two systems, and the derivations correspond with each other rule by rule. In what follows, and with a little abuse of notation, marked-terms and untyped terms of the λ-calculus will be ranged over by M, N,..., the difference between marked-terms and untyped-terms being clear from the context (i.e. the judgment to be proved). Definition 5.1 (Church vs. Curry) 20

21 ( ) x:σ E x@ι:σ Γ F Γ x@ι : σ (Var) = E x : σ (Var) E(Γ) = E ( ) F(D) : E, x:σ 1 M Γ, x@ι:σ 1 : σ 2 : σ 2 F = E λx.m : σ 1 σ 2 Γ (λx:ι.m)@(λι:σ 1. ) : σ 1 σ 2 E(Γ, x@ι:σ 1 ) = E, x:σ 1 & ) = M F(D 1 ) : E M : σ 1 σ 2 D 1 : Γ 1 : σ 1 σ 2 F(D F D 2 : Γ 2 : σ 1 2 ) : E N : σ 1 = ( E) E M N ( E) : σ 2 Γ (M N)@( 1 2 ) : σ 2 E(Γ) = E & 1 ) = M & 2 ) = N F(D 1 ) : E M : σ 1 D 1 : Γ 1 : σ 1 F(D F D 2 : Γ 2 : σ 2 2 ) : E M : σ 2 = ( I) E M ( I) : σ 1 σ 2 Γ 1 2 ) : σ 1 σ 2 E(Γ) = E & 1 2 )) = M ( ) F(D) : E M D : Γ : σ 1 σ 2 : σ 1 σ 2 F ( E L ) = E M ( E L ) : σ 1 Γ ) : σ 1 E(Γ) = E & ) = M ( ) F(D) : E M D : Γ : σ 1 σ 2 : σ 1 σ 2 F ( E R ) = E M ( E R ) : σ 2 Γ ) : σ 2 E(Γ) = E & ) = M Figure 4. The Function F. (1) The type-erasing function E : Λ t Λ is inductively defined on terms as follows: E(x@_) = x E((λx:ι.M)@_) = E((M N)@_) = E can be extended to contexts in the following way: E(ɛ) = ɛ E(Γ, x@ι:σ) = E(Γ), x:σ (2) Let DerΛ u and DerΛ t be the sets of all (un)typed derivations in and, respectively. Let D, D 1,..., D n range over (un)typed derivations. Systems and are isomorphic, if and only if there exist F : DerΛ t DerΛ u and 21

22 ( ) x:σ E F inv E x : σ (Var) ( D : E, x:σ1 M ) : σ 2 F inv E λx.m : σ 1 σ 2 F inv F inv D 1 : E M : σ 1 σ 2 D 2 : E N : σ 1 E M N : σ 2 D 1 : E M : σ 1 D 2 : E M : σ 2 E M ( I) : σ 1 σ 2 ( E) ( D : E M ) : σ 1 σ 2 F inv E M ( E L ) : σ 1 ( D : E M ) : σ 1 σ 2 F inv E M ( E R ) : σ 2 x@ι:σ Γ = Γ x@ι : σ (Var) E(Γ) = E ι is fresh F inv (D) : Γ, x@ι:σ 1 : σ 2 = Γ (λx:ι.m)@(λι:σ 1. ) : σ 1 σ 2 E(Γ, x@ι:σ 1 ) = E, x:σ 1 & ) = M F inv (D 1 ) : Γ 1 : σ 1 σ 2 F inv (D 2 ) : Γ 2 : σ 1 = ( E) Γ (M N)@( 1 2 ) : σ 2 E(Γ) = E & 1 ) = M & 2 ) = N = F inv (D 1 ) : Γ 1 : σ 1 F inv (D 2 ) : Γ 2 : σ 2 ( I) Γ 1 2 ) : σ 1 σ 2 E(Γ) = E & 1 2 )) = M F inv (D) : Γ : σ 1 σ 2 ( E L ) = Γ ) : σ 1 E(Γ) = E & ) = M F inv (D) : Γ : σ 1 σ 2 ( E R ) = Γ ) : σ 2 E(Γ) = E & ) = M Figure 5. The Function F inv. F inv : DerΛ u DerΛ t, such that: (a) (Soundness) If D : Γ : σ, then F(D) : E(Γ) ) : σ; (b) (Completeness) If D : E M : σ, then there exists Γ and, such that F inv (D) : Γ : σ, and E(Γ) E, with ) M ; (c) (Inversion) F F inv is the identity in DerΛ u, and F inv F is the identity in DerΛ t, modulo uniform naming of marks. I.e., F inv (F(Γ : σ)) = ren(γ) ) : σ where ren is a is a simple function renaming the free occurrences of marks; (d) (Faithfulness) Both F and F inv preserve the structure of derivations, (i.e., the tree obtained from a derivation by erasing all judgments, but not the names of the rules). 22

23 Γ : σ F F inv E E 1 E(Γ) ) : σ Figure 6. Functions between Λ t s and Λ u s Judgments and Derivations. Function F and F inv are described in Figures 4 and 5. Notice that the definition of isomorphism expresses more than just soundness and completeness of E. Indeed, soundness and completeness imply an isomorphism between the judgments of the two systems, but they do not imply necessarily a one-one correspondence between derivations. Figure 6 shows the various functions between typed and untyped systems of λ- calculi that realize the above relations between typed and untyped judgments and derivations. Theorem 5.1 (Isomorphism) The systems and are isomorphic. Proof. Soundness can be proved by induction on the structure of the derivation in the Λ t. Completeness can be proved by induction on the structure of the derivation in Λ u, using soundness. Inversion can be proved by induction on the structure of both the derivations, using the soundness and completeness result. Faithfulness is immediate. We can also explore the relationship between Λ t and the proof calculus ΛP by defining an erasure function E : Λ t ΛP as follows: E (_@ ) = The function E can be extended naturally to a function from contexts to proofcontexts: E (ɛ) = ɛ E (Γ, x@ι:σ) = E (Γ), ι:σ Then it is easy to define a function F : DerΛ t DerΛP such that D : Γ : σ implies F (D) : E (Γ) P : σ. F consists in just applying E to all contexts and subjects of the derivation. Note that Λ t and ΛP are not isomorphic; for example, the statement ι 1 :σ P (λι 2 :τ.ι 2 ) ι 1 : (τ τ) σ in ΛP has no a corresponding counterpart in Λ t. F preserves proof-reductions, as proved in the next property. 23

24 Property 5.1 Let D 1 and D 2 be two derivations in Λ t such that D 1 = D 2. Then F (D 1 ) = F (D 2 ). Proof. D 1 = D 2 means that D 2 has been obtained from D 1 by either a or a -proof-reduction. In the first case, it is immediate to verify that F (D 1 ) reduces to F (D 2 ) by a -proof-reduction too. In the second case, remember that a - proof-reduction in Λ t corresponds to reduce in parallel all the -redundancies with respect to the given mark, so the number of -proof-reduction in F (D 1 ) can be greater than 1. 6 Examples in Λ t We show two notorious examples that justify how type derivations can be built for Λ t proof-terms starting for the corresponding untyped λ-terms à la Curry. Example 6.1 (Classical polymorphic identity) We show a polymorphic type-derivation for the classical polymorphic identity λx:0.x in the proof-tree x@0:σ 1 x@0 : σ 1 (Var) (λx:0.x)@(λ0:σ 1.0) : σ 1 σ 1 (λ0:σ 1.0) (λ0:σ 2.0) x@0:σ 2 x@0 : σ 2 (Var) (λx:0.x)@(λ0:σ 2.0) : σ 2 σ 2 (λx:0.x)@((λ0:σ 1.0) (λ0:σ 2.0)) : (σ 1 σ 1 ) (σ 2 σ 2 ) Example 6.2 (Polymorphic self-application) Let σ 2 = (σ 1 σ 1 ) σ 1. We show a polymorphic type-derivation for the classical self-application λx:0.x x in the proof-tree λ0:σ 2.( 0) (0 ) ( I) (Var) x@0:σ 2 x@0 : σ 2 (Var) x:0:σ 2 x@0 : σ 2 ( E L ) x@0:σ 2 x@( 0) : σ 1 σ 1 ( E R ) x:0:σ 2 x@(0 ) : σ 1 ( E) x@0:σ 2 (x x)@( 0) (0 ) : σ 1 (λx:0.x x)@(λ0:σ 2.( 0) (0 )) : σ 2 σ 1 Note how the proof-tree memorizes exactly the skeleton of the type-derivation. 24

25 7 Metatheory of Λ t In this section we will prove that the system Λ t satisfies all the requirements listed in the introduction. We already proved in Section 4 that the first two desiderata are satisfied. The third point is subject reduction and a form of typed subject expansion, with respect to the reduction βι, formally stated in the next theorem. Theorem 7.1 (Subject reduction and typed subject expansion of Λ t ) (1) If Γ 1 : σ and 1 βπ 2, then Γ 2 : σ. (2) Let Γ : σ and N βι M, by reducing a redex of the shape (λx:ι.p ) Q such that there is derivation in Λ t with subject Q@ 1, for some 1. Then there are Γ, such that Γ, Γ : σ. Proof. (1) By Definition 4.1 of proof-reduction, since the reduction βπ has been defined through proof-reduction in. (2) Let D : Γ : σ, N C[(λx : ι.p )Q] and M C[P [Q/x]], for some mark ι. The proof will be carried out by induction on C[.]. Let C[.] = [.], so N (λx : ι.p )Q and M P [Q/x]. If there are n 1 occurrences of Q in P, then there are p n subderivations of D of the shape D j : Γ j Q@ j : τ j (1 j p), which are maximal with respect to Q, i.e., such that every subderivation containing properly one of them has a subject of the shape j, where Q Q. Then modify D in the following way: replace P [Q/x] by P ; put in the context the new axiom x@ι : τ, where τ (...((τ 1 τ 2 ) τ 3 )...) τ p ; for every τ j, build the derivation D j : Γ j, x@ι : τ x@ j : τ j, by means of an application of the (V ar) rule with subject x@ι, followed by a suitable number of applications of rule ( E); replace each D j by D j. The result of such transformation is D : Γ, x@ι : τ : σ. Then, by applying rule, we obtain Γ λx : : τ. : τ σ. Starting from D j (1 j p), by modifying the context (observe that Γ Γ j, but the axioms needed to type Q are all in Γ) and by applying p 1 times the rule ( I), we can build a derivation of Γ Q@ : τ. So, by applying rule ( E), we obtain a derivation of Γ (λx : ι.p )Q@(λι : τ. ) : σ. Now let us consider the case when Q does not occur in P [Q/x]. Then P [Q/x] P and D : Γ : σ. By hypothesis, there is a derivation of Γ Q@ 1 : τ, for some τ, so Γ, Γ Q@ 1 : τ. Then Γ, Γ, x@ι : τ : σ for a fresh ι, and, by rule, Γ, Γ λx : : τ. : τ σ. Then the result follows from rule ( E). 25

26 The other cases follow easily by induction. The strong normalization of Λ t is proved from the strong proof-normalization of ΛP. Theorem 7.2 (Strong Normalization of Λ t ) Λ t is strongly normalizing. Proof. Let D : Γ : σ, and let us assume, by absurdum, that there is an infinite reduction sequence starting from i.e. βπ M 1 βπ... M i βπ M i+1 βπ... For every i (1 i), there are two cases: (1) M i M i+1, and either i π1 i+1, or i π2 i+1 ; (2) M i βι M i+1 and i ι i+1, for some mark ι; Note that, while in case (1) the marked-term remains unchanged, the proof-term is always modified by the reduction. Since every reduction step corresponds to a proof-reduction step, then there is an infinite sequence of derivations: D = D 1 = D 2 =... such that D i : Γ M i : σ. Using the function F, defined at the end of Section 5, we get F (D i ) : E (Γ i ) P i : σ, where F (D i ) = F (D i+1 ), by Property 5.1. But, since ΛP is strongly normalizing, such a sequence cannot exist. Note that a corollary of this theorem is the well known fact that terms typable in Λ u are strongly normalizing, with respect to the standard β -reduction. The further requirement we asked for is the unicity of typing. In general, for typed languages, typing is unique modulo α-conversion, i.e., modulo renaming of bound-variables. Here, the marks (occurring in the terms) being just names of store locations, they are not important for characterizing the typed terms. So the unicity of typing holds modulo renaming of free-marks too. Theorem 7.3 (Unicity of Typing of Λ t ) If D 1 : Γ 1 : σ 1, and D 2 : Γ 2 : σ 2, and 1 and 2 are equal modulo renaming of free marks, then σ 1 σ 2, and D 1 D 2. Proof. By easy induction on the structure of the derivation D 1. 26

27 Type (Γ, ) = match ) with (_@( 1 )) 1 σ 1 if Type (Γ, 1 ) = σ 1 σ 2 (_@( 1 )) 2 σ 2 if Type (Γ, 1 ) = σ 1 σ 2 (_@( 1 2 )) 3 σ 1 σ 2 if Type (Γ, 1 ) = σ 1 and Type (Γ, 2 ) = σ 2 (x@_) 4 σ if x@ι:σ Γ ((λx:ι.m 1 )@(λι:σ 1. 1 )) 5 σ 1 σ 2 if Type ((Γ, x@ι:σ 1 ), M 1 ) = σ 2 ((M 1 M 2 )@( 1 2 )) 6 σ 2 if Type (Γ, M 1 ) = σ 1 σ 2 and Type (Γ, M 1 ) = σ 1 (_@_) 7 false otherwise Typecheck (Γ, σ) = Type (Γ, ) =? σ Figure 7. The Type Reconstruction and Type Checking Algorithms for Λ t. We can finish this section by presenting the type reconstruction and the type checking algorithms for Λ t in Figure 7, and by proving that they are decidable. The soundness and completeness proofs follow. Theorem 7.4 (Type Reconstruction for Λ t ) (Soundness) If Type (Γ, ) = σ, then Γ : σ (Completeness) If Γ : σ, then Type (Γ, ) = σ. Proof. (Soundness) By induction on the structure of ). (_@( 1 )) Then 1 and σ σ 1. By induction, the judgment Γ 1 : σ 1 σ 2 is derivable. Apply rule ( E L ) to obtain a derivation for Γ 1 ) : σ 1. (_@( 1 )) Then 1 and σ σ 2. By induction, the judgment Γ 1 : σ 1 σ 2 is derivable. Apply rule ( E R ) to obtain a derivation for Γ 1 ) : σ 2. (_@( 1 2 )) Then σ σ 1 σ 2. By induction, the judgments Γ 1 : σ 1 and Γ 2 : σ 2 are derivable. Apply rule ( I) to obtain a derivation for 27

28 Γ 1 2 ) : σ 1 σ 2. (x@_) Then M x and ι, since the Type algorithm (that works via a classical ML-like match-case analysis) has already ruled out the cases of { 1, 1, 1 2 }, and since the case λι:σ 1. 1 does not apply. By hypothesis we get x@ι:σ Γ. Apply rule (Var) to obtain a derivation for Γ x@ι : σ. ((λx:ι.m 1 )@(λι:σ 1. 1 )) Then M λx:ι.m 1 and λι:σ 1. 1 and σ σ 1 σ 2. By induction, the judgment Γ, x@ι:σ 1 M 1 : σ 2 is derivable. Apply rule to obtain a derivation for Γ (λx:ι.m 1 )@(λι:σ 1. 1 ) : σ 1 σ 2. ((M 1 M 2 )@( 1 2 )) Then M M 1 M 2 and 1 2 and σ σ 2. By induction, the judgments Γ M 1 : σ 1 σ 2 and Γ M 2 : σ 1 are derivable. Apply rule ( E) to obtain a derivation for Γ (M 1 M 2 )@( 1 2 ) : σ 2. (_@_) This case does not apply since σ false. (Completeness) By induction on the derivation of Γ : σ. (Var) Then M x and ι. By match-case number 4 we get Type (x, ι@σ) = σ. Then M λx:ι.m 1 and λι:σ 1. 1 and σ σ 1 σ 2. By induction we get Type ((Γ, x@ι:σ 1 ), M 1 ) = σ 2, and by match-case 5 we get Type ((λx:ι.m 1 )@(λι:σ 1. 1 )) = σ 1 σ 2. ( E) Then M M 1 M 2 and 1 2 and σ σ 2. By induction we get Type (Γ, M 1 ) = σ 1 σ 2 and Type (Γ, M 2 ) = σ 1, and by match-case 6 we get Type ((M 1 M 2 )@( 1 2 )) = σ 2. ( I) Then 1 2 and σ σ 1 σ 2. By induction we get Type (M, 1 ) = σ 1 and Type (M, 2 ) = σ 2, and by match-case 3 we get Type (M, ( 1 2 )) = σ 1 σ 2. ( E L ) Then 1 and σ σ 1. By induction we get Type (Γ, 1 ) = σ 1 σ 2, and by match-case 1 we get Type (M, 1 ) = σ 1. ( E R ) Then 1 and σ σ 2. By induction we get Type (Γ, 1 ) = σ 1 σ 2, and by match-case 2 we get Type (M, 1 ) = σ 2. Theorem 7.5 (Type Checking for Λ t ) Γ : σ, if and only if Typecheck (Γ, σ) = true. Proof. The part can be proved using completeness of the type reconstruction algorithm (Theorem 7.4), while the part can be proved using soundness of the type reconstruction algorithm. Theorem 7.6 (Judgment Decidability) If is decidable whether the Λ t judgment Γ : σ is derivable. 28

29 Proof. Routine. 8 Conclusions We studied in this paper the problem of designing a λ-calculus à la Church corresponding to the intersection-type assignment system. In particular, we asked for a typed language such that its relationship with the intersection-type assignment system enjoys all the standard requirements we posed in [Giannini et al. (1993), Liquori (1996),van Bakel et al. (1997)]. Examples of such good correspondences are respectively the Church and Curry version of the simple typed λ-calculus (if written using the same symbols), and the typed and type assignment version of the second order λ-calculus [Girard (1986),Leivant (1983)]. We succeed in designing a calculus based essentially on two basic and simple ideas: an imperative-like notion of typing, when types are assigned to variables at a given mark, and a proofcalculus, describing intersection-type derivations, whose terms are used as prooftrees for the terms of the target calculus. A reader interested in particular in programming applications could object that the used language is far for being usable, since the user needs to specify not only the typed terms, but also their proof-trees, which are codings of type-derivations. The answer can be twofold. From a programming languages point of view, in every typed language the user, in order to write explicitly the type of a term, in some sense needs to guess the correct type-derivation assigning that type to the term itself. Here obviously the type-derivations are more difficult than in the simple typed case. But if we think, for example, to Girard s Second Order Typed λ-calculus [Girard (1986)], in order to write the term Λβ.Λγ.λx:( α.α). x (β γ) of type β. γ.( α.α) (β γ) one needs to know exactly how and the rules for introducing and eliminating the universal quantifier work. However, we think that the production of an usable language is not the only justification for the problem we studied, as it was for especially for [Reynolds (1996), Pierce and Turner (1994)]. The relationship between typed and type assignment systems is an important theoretical issue, that is interesting in itself. Acknowledgment. Simona was kindly supported by QSL: Qualité et Sûrété du Logiciel, CPER, Région Lorraine, Nancy, and by INRIA; Luigi was supported by the French CNRS grant ACI Modulogic. The paper was finalized when Luigi visited the Department of Informatics, University of Sussex, Brighton; he would 29