This paper introduces a second-order type system, $ extbf{F}_2^$, for representing and deciding nontermination in rewriting systems, with a focus on productivity and a practical type checker implementation.
Contribution
The paper defines $ extbf{F}_2^$, proves decidability of productivity checking via a lambda-Y calculus mapping, and develops a type checker based on second-order matching.
Findings
01
Productivity checking in $ extbf{F}_2^$ is decidable.
02
A type checking algorithm for $ extbf{F}_2^$ is developed and implemented.
03
The system effectively represents nonterminating rewrite traces.
Abstract
We specify a second-order type system F2μ that is tailored for representing nonterminations. The nonterminating trace of a term t in a rewrite system R corresponds to a productive inhabitant e such that ΓR⊢e:t in F2μ, where ΓR is the environment representing the rewrite system. We prove that the productivity checking in F2μ is decidable via a mapping to the λ-Y calculus. We develop a type checking algorithm for F2μ based on second-order matching. We implement the type checking algorithm in a proof-of-concept type checker.
Equations2
T::=A∣∀x.T⇒...⇒T⇒A
T::=A∣∀x.T⇒...⇒T⇒A
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsLogic, programming, and type systems · Formal Methods in Verification · Logic, Reasoning, and Knowledge
Full text
\Copyright
Peng Fu\serieslogo\volumeinfoBilly Editor and Bill Editors2Conference title on which this volume is based on111\EventShortName
We specify a second-order type system F2μ that is tailored for representing nonterminations. The nonterminating trace of a term t in a rewrite system R corresponds to a productive inhabitant e such that ΓR⊢e:t in F2μ, where ΓR is the environment representing the rewrite system.
We prove that the productivity checking in F2μ is decidable via a mapping to the λ-Y calculus.
We develop a type checking algorithm for F2μ based on second-order matching. We implement the type checking algorithm in a proof-of-concept type checker.
keywords:
Nonterminating Rewriting, Typed Lambda Calculus, Hereditary Head Normalization, Corecursion, Second-order Type Checking
1 Introduction
Nontermination has been an active research area in the term rewriting community. Early studies
includes classifying nonterminations based on the concept of looping reduction [6], i.e.
a reduction of the shape t→+C[σt] for some substitution σ. More recently,
many nontermination detection techniques are proposed and implemented. Emmes et. al. [8] considered a generalized notion of looping reduction, e.g. σ2σ1nt→+C[σ3σ2σ1f(n)t] for some substitutions σ1,σ2,σ3 and some ascending linear function f. Endrullis and Zantema [9] used
a SAT solver to search for a non-empty regular language of terms such that it is closed under reduction and
does not contain normal forms.
The nonterminating reductions are usually described using
mathematical notations and abbreviations. In this paper, we consider a novel representation using a relatively simple type system.
In particular, a nonterminating reduction of a term will be encoded as a proof evidence in a type system called F2μ. Representing nonterminating reduction is closely related to proving nontermination, but they have some subtle differences. For proving nontermination, it is enough to exibit a nonterminating reduction for
a term, while a term can admit multiple nonterminating reduction traces, with each trace exibits
a different kind of reduction pattern.
Example 1.1**.**
Consider the following two string rewriting rules: A→aAB,B→bA. It is nonterminating by the observation that it contains the rule A→aAB, which means
there is a nonterminating reduction of the form A→aAB→aABB→aABBB→a....
We can also use a L-system111See https://en.wikipedia.org/wiki/L-system. like parallel reduction strategy to reduce A, this gives rise
to the nonterminating reduction:
A⟹AB⟹ABA⟹ABAAB⟹ABAABABA⟹ABAABABAABAAB⟹.... Note that
all the redexes at each step are reduced simultaneously and each word in the sequence is
a concatenation of the previous two. The aforementioned two reduction sequences are fundamentally different. The first one exibits a regular property, i.e. each string at each step can be described by the regular expression AB∗. In the second reduction sequence, each string is called a Fibonacci word, and the set of all such words is known to be context-free free, i.e. any infinite subset can not be described by a context-free language [25]. We will
show how to represent the second reduction sequence in Section 6.
The main contributions of the paper are the following ones.
•
Inspired by Leibniz equality, we represent a rewrite rule l→r
as a typing environment κ:∀p.∀x.pr⇒pl, where the type variable p of kind ∗⇒∗ represents a reduction context, κ
is a fresh constant evidence and x denotes the set of variables in l. A specialized kind system is used to ensure the type variable of kind ∗⇒∗ represents a reduction context. We call this representation of rewrite rule Leibniz representation in Section 3.
•
Nonterminating reductions would result in infinite proof evidence, we use
the fixed point typing rule to represent the reductions finitely.
Thus a nonterminating reduction of t in R can be represented
as ΓR⊢e:t, where e is an evidence containing a fixed point
and ΓR is the Leibniz representation of R.
We called the resulting type system F2μ (Section 3).
•
We prove that if ΓR⊢e:t and e is hereditary head normalizing(HHN), then we
can recover from the evidence e a nonterminating reduction of t (Section 4). We also prove that the hereditary head normalization is decidable in F2μ. The decidability result is obtained via a mapping from F2μ to λ-Y
calculus, for which HHN is decidable.
•
It is more convenient to write the unannotated proof evidence and let the type checker
fill in the annotations. For this purpose we develop a second-order
type checking algorithm in Section 5 and Section 6. It simplifies the process of representing nonterminations
in F2μ. We implement a prototype type checker222The prototype type checker is available at https://github.com/Fermat/FCR based on this algorithm and
give some nontrivial examples in the Appendix.
All the examples and the missing proofs in this paper may be found in the Appendix.
2 The Main Idea
First, let us consider how to represent a rewrite system in a type system.
We could model the rewrite rule l→r as a typing environment
κ:l⇒r, like many proof systems for rewriting ([22], [20]).
However, modeling the rewrite rule l→r as an implication type
l⇒r will make it difficult to observe the proof evidence.
For example, suppose we have
a set of ground rewrite rules Ai→Ai+1 modelled by κi:Ai⇒Ai+1 for 0≤i≤n for some n, where κi is a constant. Then the evidence for
the reduction A0→∗An would be λα.(κn...(κ0α)...):A0⇒An. Informally, we can see
that the evidence λα.(κn...(κ0α)...) grows outward as the number n gets larger.
When the reduction is nonterminating, it would be difficult to observe the very first step of the reduction (κ0). Fortunately, this difficulty can be overcome by representing l→r as r⇒l.
Thus we have the evidence λα.(κ0...(κnα)...):An⇒A0, with κi:Ai+1⇒Ai for all 0≤i≤n.
So we can easily observe the first step of the reduction κ0 at the outermost position.
Next, we need to model the reduction context in rewriting. Given a rewrite rule l→r,
we have a one-step reduction C[l]→C[r] for any first-order term context C.
Inspired by Leibniz equality,
we use the type ∀p.pr⇒pl to model the rewrite rule l→r.
The intended reading for this type is that l can be replaced by r under any
first-order term context p. Note that p is a second-order type variable of kind ∗⇒∗. So we can
obtain C[r]⇒C[l] by instantiating p with λx.C[x] in ∀p.pr⇒pl. This motivates our definition of Leibniz representation for the rewrite rules in Section 3 and the use of the type system F2μ, as its kind
system enforces that one can only instantiate type variable of kind ∗⇒∗ with a type that represents a term context.
Last but not least, we need a mechanism to handle the nonterminating reductions.
Consider the cycling rewrite rules: A→B and B→A,
which are represented as two axioms Γ=κA:B⇒A,κB:A⇒B.
There is a cyclic reduction for A: A→B→A→B→.... Using
the Leibniz representation, the corresponding proof evidence for this
reduction would be an infinite proof evidence κA(κB(κA(κB...))). But we want to use a finite evidence e to represent this nonterminating reduction. The solution here is to use a fixpoint operator. We can represent the infinite proof evidence
finitely as μα.κA(κBα), where the μ is a fixpoint binder
with the operational meaning of μα.e⇝[μα.e/α]e.
This motivates the following fixed point typing rule for F2μ.
[TABLE]
So Γ⊢μα.κA(κBα):A represents a nonterminating reduction of the shape A→B→A→B→..., since the
unfolding of the evidence μα.κA(κBα) gives the
sequence of rules that we are going to apply. Note that not all evidence of type A
are representing nonterminating reductions. For example, according
to the typing rule Mu, we have Γ⊢μα.α:A, but μα.α does not give any information to reconstruct a nonterminating reduction. We
show in Section 4 that only the hereditary head normalizing evidence are representing the nonterminating reductions.
We conclude this section by recasting our idea in the following example.
Example 2.1**.**
Consider the following rewrite rule.
Fx→G(F(Gx))**
The term Fx admits a reduction
sequence Fx→G(F(Gx))→G2(F(G2x))→G3(F(G3x))→...,
where Gix is a shorthand for iG(G...(Gx)...) for any i>1. Using the Leibniz representation, the rewrite system is represented by the following F2μ environments:
Δ=F:∗⇒∗,G:∗⇒∗**
Γ=κ:∀p.∀x.p(G(F(Gx)))⇒p(Fx)**
Note that κ:∀p.∀x.p(G(F(Gx)))⇒p(Fx) corresponds to
the rewrite rule Fx→G(F(Gx)), where p of kind ∗⇒∗ corresponds to a reduction context.
We will first construct a hereditary head normalizing (productive) evidence e such that Γ⊢e:Fx. Then we will show how to check whether such e is indeed representing the nonterminating reduction above. It is enough to derive Γ⊢e′:∀p.∀x.p(Fx) for some e′. Consider the following judgement.
In (1), we instantiate the type of α as follows: p is instantiated by λy.p(Gy) and x is instantiated by Gx. Since
we know that (λy.p(Gy))(F(Gx))=p(G(F(Gx))), thus
α(λy.p(Gy))(Gx) has the type
p(G(F(Gx))). The lambda-abstractions λp.λx. is used to quantify over p and x in the type of α(λy.p(Gy))(Gx).
From ∀p.∀x.p(G(F(Gx)))⇒p(Fx) and ∀p.∀x.p(G(F(Gx))), we can deduce the following.
Thus by instantiation we have Γ⊢e′(λy.y)x:Fx.
Observe the following unfolding of e′(λy.y)x (we use beta-reduction and μα.e⇝[μα.e/α]e to perform reduction):
As κ takes a reduction context and an instantiation as its first two arguments, the gray subterms κ(λy.y)x and κ(λy.Gy)(Gx) can be read as: the first step
of the reduction for Fx is under the empty context ∙ using κ with the instantation [x/x]. The second step is also using the κ rule, reducing the redex under the term context G∙, with the instantiation [Gx/x]. As e′(λy.y)x is
hereditary head normalizing (productive), the exact reduction information for Fx can be obtained from the unfolding.
With the help of the prototype type checker for F2μ, the construction of the fully annotated evidence e′(λy.y)x can be semi-automated. For this example, the user will need to provide the following.
K : forall p x . p (G (F (G x))) => p (F x)
h : forall p x . p (F x)
h = K h
e : F x
e = h
*
The corecursive equation h = K h can be viewed as a proof sketch for
forall p x . p (F x)**, it reflects the observation that the rule K is repeatedly applied in
the reduction for F x.
The declaration e : F x = h
means that in this case we are providing an evidence for the nonterminating reduction of the term
F x under the empty term context. The type checker will try to fill in the exact term contexts and instantiations using the type checking algorithm we developed. It gives the following output (no existing first-order type checking algorithm can type check the above code).
e : F x = h (\ x1’ . x1’) x
h : forall p x . p (F x) =
\ p0’ x1’. K (\ m1’ . p0’ m1’) x1’
(h (\ m1’ . p0’ (G m1’)) (G x1’))
*
3 Modeling First-order Term Rewriting System in F2μ
To model term rewriting, we define the type system F2μ, which restricts the type abstraction of
Fω [11] to second-order. We define Leibniz representation of rewrite rules (Definition 3.15) and show how
it can model rewriting via Theorem 3.16.
Definition 3.1** (Syntax of F2μ).**
[TABLE]
Note that κ denotes an evidence constant and is used to label rewrite rules (see Definition 3.15). The letters such as F,G is used to denote constant types.
We use letters such as α,β to denote evidence variables, and x,y to denote type
variables.
We use λx.e to denote type-abstraction on the evidence. Fixed point abstraction μ in μα.e binds the variable α in e. Operationally, μα.e behaves in the same was as the lambda term
Y(λα.e), where Y is a fixpoint combinator. In our paper μf.λα1....λαn.e
is also represented by the corecursive equation fα1...αn=e.
We use ∀x.T as a shorthand for ∀x1....∀xn.T, and ee′ for ee1′...en′, where the number n is not important.
We distinguish two notions of kinds: kind o is intended to classify types that are of formula nature, while kind K is intended to classify types that are of first-order term nature.
Observe that we only allow quantification over the variables of kind K for a type.
We use ∗n⇒∗ as a shorthand for n∗⇒...⇒∗⇒∗.
Comparing to Fω,
the following kinding rules of F2μ restrict the level of type abstraction
to second-order, and stratify the types into two kinds.
Definition 3.2** (Kinding Rules).**
Δ⊢T:k**
[TABLE]
We use (x∣F:K)∈Δ to abbreviate x:K∈Δ or F:K∈Δ.
And Δ⊢T:o∣∗ means Δ⊢T:o or Δ⊢T:∗.
The kinding rule for λx.T is relevant, i.e. the lambda bound variable x must
be used in T. We have this requirement is because we want types of kind ∗⇒∗ to represent a first-order term context with at least a hole, as the proof of Theorem 4.8 needs this.
Given an environment Δ, it is decidable whether a type T is well-kinded. Given
a type T, it is also decidable to check if there is a Δ such that Δ⊢T:k for some kind k. We use ∀x.T instead of ∀x:K.T in our examples.
The kind system allows us to separate two different kinds of types in F2μ: types that will be used to represent first-order
terms and types that allow variable instantiation and modus ponens.
Definition 3.3**.**
We define a reduction relation T→oT′ on types, it is the compatible closure of type level beta reduction
(λx.T)T′→o[T′/x]T.
Proposition 3.4**.**
If Δ⊢T:k, then T is strongly normalizing with respect to →o, and →o
is confluent.
Let FV(T) denote the set of free variables occuring in T. The following theorem shows that the kind system satisfies the subject reduction property and the set of free type variables is invariant
under the →o-reduction.
Theorem 3.5** (Subject Reduction for Kinding).**
If Δ⊢T:k and T→oT′, then FV(T)=FV(T′) and Δ⊢T′:k.
Definition 3.6** (Second-order Types).**
A type T is flat iff it is one of the following forms: (1) T≡x or T≡F. (2) T≡T1T2, where T1,T2 are flat. We say a type T is second-order if T is flat or T≡λx1....λxn.T′, where T′ is flat and xi∈FV(T′) forall xi∈{x1,...,xn}.
Note that types such as λx.Fxx, λx.λy.Fxy,λx.x are second-order, but λx.λy.Fx⇒Fy are not second-order. We use second-order types to model both first-order term contexts and terms. The following theorem shows that the kind system stratifies types into two kinds.
Theorem 3.7** (Properties of Kinding).**
If Δ⊢T:o, then T is of the form ∀x.T′ or T1⇒T2.
2. 2.
If Δ⊢T:∗n⇒∗, then the →o-normal form of T is second-order.
We define reduction rules for the evidence in the following.
C[μα.e]⇝μC[[μα.e/α]e]C[(λα.e)e′]⇝βC[[e′/α]e]*
C[T]⇝oC[T′] if T→oT′*
We call the one step reduction ⇝h∪⇝τ∪⇝o a one step head reduction333This definition is following Barendregt [3], Page 173., denoted by ⇝hτo. The head reduction is lazy, i.e., μα.κα is normalizing with head reduction. We call an
evidence a head normal form if it can not be one step reduced by ⇝hτo.
Theorem 3.9**.**
⇝βμτo* and
⇝hτo are confluent, and ⇝τ is strongly normalizing.*
We specify the typing rules for F2μ in the following.
Definition 3.10** (Typing of F2μ).**
[TABLE]
In the Abs rule, only the types of kind K are quantified. We use FV(Γ)
to denote the set of free type variables occurs in Γ.
We require that all the types are well-kinded. Since →o is strongly normalizing and confluent,
we will work with types in →o-normal form in this paper. The rule Conv is used implicitly.
The followings theorems shows that the type system F2μ has the usual inversion
and subject reduction properties.
Theorem 3.11** (Selected Inversion Theorems).**
If Γ⊢ee′:T, then Γ⊢e:T1⇒T2, Γ⊢e′:T1
and T2↔o∗T.
2. 2.
If Γ⊢eT1:T, then Γ⊢e:∀x:K.T′ and [T1/x]T′↔o∗T.
Theorem 3.12** (Subject Reduction).**
If Γ⊢e:T and e⇝hτoe′, then Γ⊢e′:T.
Due to Mu rule, F2μ allows diverging evidence with respect to ⇝βμ. We will focus on the hereditary head normalizing evidence (Definition 4.2),
which will be discussed in Section 4.
Definition 3.13** (Terms and Contexts).**
First-order term t,l,r::=x∣Fnt1...tn
Term context C::=∙∣x∣FnC1...Cn
Note that the term context can contains multiple ∙ and we use the
the notation C[t1,...,tn] to denote the result of replacing ∙ from left to
right in C by t1,...,tn. A special case is C[t], it means there is exactly one
∙ in C, which is replaced by t.
The function symbol F of arity n is denoted by Fn.
We work with applicative first-order terms in this paper, and we assume all function symbols are fully applied, thus we often write
Ft1...tn instead of Fnt1...tn.
We reuse FV(t) to mean the set of free variables in t.
Definition 3.14** (Rewrite Rules).**
Suppose l and r are first-order terms, where l is
not a variable and FV(r)⊆FV(l), then l→r is a first-order rewrite rule.
A rewriting system is a set R of rewrite rules.
We write C[t]→C[t′] if
there exists l→r∈R such that σl≡t and σr≡t′ for some substitution σ.
Important Notation Convention. We use
the notation t to
denote a first-order type in
F2μ that represents the first-order term t. The term context C containing
one ∙ can be represented as λx.C[x], a second-order type of kind ∗⇒∗
in F2μ. We use letters F,G,D,S,Z to denote type
constants as well as function symbols. Note that for any first-order term t, it is always a well-kinded first-order type, since for any function
symbol Fn in t, we can assign the kind ∗n⇒∗ for
F and first-order term variable is of kind ∗. The following definition illustrates our use of this notation convention.
Definition 3.15** (Leibniz representation).**
Given a set of rewrite rules R, we define the Leibniz representation of R as F2μ-environments ΓR,ΔR, as follows:
•
κ:∀p.∀x.pr⇒pl∈ΓR* whenever l→r∈R, and where κ is a fresh evidence constant and x are the free variables in l.*
•
F:∗n⇒∗∈ΔR* if Fn is a function symbol in R.*
Leibniz representation allows us to represent a first-order term rewriting system as a typing environment in F2μ, together with the typing rules, finite reductions can be represented by a typing judgement in F2μ.
Theorem 3.16**.**
Let R be a set of rewrite rules.
If C[t]→C[t′] by l→r∈R, then
ΓR⊢e:C[t′]⇒C[t] for some
e.
2. 2.
If t1→t2→t3 is a reduction using R, then ΓR⊢e:t3⇒t1 for some e.
Proof 3.17**.**
By Definition 3.15, we have κ:∀p.∀x.pr⇒pl∈ΓR. We instantiate p with
λy.C[y], by rule Conv, we get ΓR⊢κ(λy.C[y]):∀x.C[r]⇒C[l].
Since σl≡t,σr≡t′, let t be the codomain of σ, we have
ΓR⊢κ(λy.C[y])t:C[t′]⇒C[t].
2. 2.
By (1), we have ΓR⊢e1:t2⇒t1 and ΓR⊢e2:t3⇒t2, so ΓR⊢λα.e1(e2α):t3⇒t1.
4 Hereditary Head Normalization and Faithfulness
In this section we define the hereditary head normalization for an evidence (Definition 4.2). The role of hereditary head normalization is
similar to productivity, i.e. a hereditary head normalizing evidence can be associated with a computational tree (Böhm tree without bottom [3]). In F2μ, hereditary head normalization implies faithfulness. Informally, an evidence is faithful if we can recover a nonterminating reduction from it.
To define hereditary head normalization, we first define an erasure that maps F2μ-evidence to pure lambda term with fixed point operator.
We call the erased evidence ∣e∣Curry-style evidence.
The following definition follows the same formulation by Raffalli
[17] and Tatsuta [21].
Definition 4.2** (Hereditary Head Normalization).**
Let Λ be the set of Curry-style evidence. We say e is hereditary head normalizing (denoted by e∈HHN) iff ∣e∣∈HNn for all n≥0.
We define HNn as follows.
•
e∈HN0* iff e∈Λ.*
•
e∈HNn+1* iff e⇝βμ∗λα.e′e1...em, where e′ is a variable or a constant and ei∈HNn for all i.*
We are going to show in Theorem 4.8 that if ΓR⊢e:t in F2μ and e is hereditary head normalizing, then we can reconstruct a nonterminating reduction of t by following the unfolding of e.
First we define the notion of trace. The position of a trace is described as follows:
Let o denote the
origin of a trace and s⋅m denote the next position after m. For a trace T, we
use Tm to refer to the node at position m in the trace.
The following formalization of evidence trace is a degenerate case of Böhm tree ([4], [3, §10]).
Definition 4.3** (Evidence Trace).**
Suppose e⇝hτo∗κT1...Tne′, with T1,...,Tn in →o-normal form. The evidence trace of e, denoted by [e], is defined as:
•
[e]o=κT1...Tn.
•
[e]s⋅m=[e′]m.
In the above definition, since κT1...Tne′ is a head normal form, by the confluence of ⇝hτo (Theorem 3.9), we know that [e] is referring to at most one trace. When e⇝hτo∗κT1...Tne′, we say
[e] is undefined.
For an example of finite evidence trace, consider e≡κ(λy.y)(κ′(λy.y)), in this
case [e]o=κ(λy.y),[e]s⋅o=κ′(λy.y). For an example of an infinite evidence trace, consider
e≡μα.κ(λy.y)α, we have [e]m=κ(λy.y) for any position m.
Intuitively, an evidence trace can be viewed as a sequence of instructions (in the form of evidence constants) that we are going to follow in order to rewrite a term. The following definitions of action and faithful action on a first-order term reflects this intuition.
Suppose C[σl,...,σl]→∗C[σr,...,σr] by l→r∈R.
We record the term context and the instantiation information along the reduction, i.e. C[σl,...,σl]→(κ,C,σ)∗C[σr,...,σr].
Definition 4.4** (Action on First-Order Term).**
Suppose [e]m=κ(λx.C[x,...,x])t1...tn for some position m
and κ:∀p.∀x.pr⇒pl.
An action of [e]m on the first-order term t (denoted by [e]m(t)) is defined as follows.
•
[e]m(t)=t′* if t→(κ,C,σ)∗t′, where σ=[t1/x1,...,tn/xn].*
•
otherwise [e]m(t) is undefined.
Note that we write t→∗[e]m(t) when [e]m(t) is defined. The following definition of
faithful action shows how one follows a potentially infinite evidence trace to
reduce a term.
Definition 4.5** (Faithful Action).**
The evidence trace [e] acts on t faithfully, if we have a reduction sequence t→∗[e]o(t)→∗[e]s⋅o([e]o(t))→∗[e]s⋅s⋅o([e]s⋅o([e]o(t)))→∗...→∗[e]m(...[e]o(t)...) for any position m.
Example 4.6**.**
To illustrate the intuition behind Definitions 4.3, 4.4, 4.5, let us consider the one rule rewriting system: Fx→G(F(Gx)) in Example 2.1. The Leibniz representation is Δ=F:∗⇒∗,G:∗⇒∗,Γ=κ:∀p.∀x.p(G(F(Gx)))⇒p(Fx). Recall that we had the following judgement.
It gives rise to the following evidence trace: [e]o=κ(λy.y)x, [e]s⋅o=κ(λy.Gy)(Gx),
[e]s⋅s⋅o=κ(λy.G(Gy))(G(Gx)), etc.
Moreover [e] acts faithfully on Fx (by Theorem 4.8). For example, we observe that Fx→[e]o(Fx)→[e]s⋅o([e]o(Fx))→[e]s⋅s⋅o([e]s⋅o([e]o(Fx))), which is the following reduction trace.
Suppose ΓR⊢e:t for some first-order term t and e is head normalizing. We have e⇝hτo∗κ(λx.C[x,...,x])t1...tne′ for some κ:∀p.∀x.pr⇒pl∈ΓR.
Furthermore, we have ΓR⊢e′:C[σr,...,σr] and C[σl,...,σl]=t, where codom(σ)={t1,...,tn} and dom(σ)=FV(l).
Theorem 4.8** (Faithfulness of Corecursive Evidence).**
Suppose ΓR⊢e:t in F2μ and e∈HHN. We have t→∗[e]o(t)→∗...→∗[e]m(...[e]o(t)...) for any position m, i.e. e acts faithfully on t.
Proof 4.9**.**
By Lemma 4.7, we know that e⇝hτo∗κ(λx.C[x,...,x])t1...tne′ for some κ:∀p.∀x.pr⇒pl, ΓR⊢e′:C[σr,...,σr], C[σl,...,σl]=t, where codom(σ)={t1,...,tn} and dom(σ)=FV(l).
Thus t=C[σl,...,σl]→(κ,C,σ)∗C[σr,...,σr]. We prove the theorem by induction on m.
•
m=o. We have [e]o=κ(λx.C[x,...,x])t1...tn, since t→(κ,C,σ)∗C[σr,...,σr], so t→∗[e]o(t).
•
m=s⋅m′. We need to show t→∗[e]o(t)→∗...→∗[e]s⋅m′(...[e]o(t)...).
Since ΓR⊢e′:C[σr,...,σr] and e′∈HHN, by IH, we have C[σr,...,σr]→∗[e′]o(C[σr,...,σr])→∗...→∗[e′]m′(...[e′]o(C[σr])...). Thus t→∗[e]o(t)=C[σr,...,σr]→∗[e′]o([e]o(t))→∗...→∗[e′]m′(...[e′]o([e]o(t))...). Since [e′]a=[e]s⋅a for any position a, we have t→∗[e]o(t)→∗[e]s⋅o([e]o(t))→∗...→∗[e]s⋅m′(...[e]s⋅o([e]o(t))...).
Now we are going to show the hereditary head normalization for F2μ is decidable
by mapping a typable evidence in F2μ to a typable evidence in λ-Y caculus (simply typed lambda calculus with fixpoint typing rule [19])444Please see Appendix F for full details..
Definition 4.10**.**
We define a function θ that maps F2μ types to λ-Y types.
We write θ(Γ) to mean applying the function θ to all the types in Γ.
Type B is the based type in λ-Y.
Theorem 4.11**.**
If Γ⊢e:T and Δ⊢T:∗∣o in F2μ, then
θ(Γ)⊢∣e∣:θ(T) in λ-Y.
Theorem 4.11 implies that the hereditary head normalization for F2μ is
decidable, since it is well-known that hereditary head normalization for λ-Y is decidable ([5], [18], [13]).
5 Type Checking F2μ Based on Resolution with Second-order Matching
Modeling first-order term contexts is one of the reasons we use
second-order types. Quantification over second-order type variables also enables us to represent some nonlooping nonterminations in F2μ.
The rule sequence for this reduction exhibits the pattern: “ba,baa,baaa,...”, which can be represented
by the corecursive function fαβ=(β⋅α)(fα(β⋅α))(here ⋅ denotes functional composition), as fab would give rise to the following reduction (we omit the compositional symbols):
We would like to provide a type annotation for f such that
Γ⊢fκaκb:DZZ.
But it is not obvious as we cannot type check fκaκb with DZZ using any first-order type checking algorithm (e.g. the one in Haskell).
We will show how to type check f using the type checking algorithm we introduce in this section.
By type checking, we
mean the following problem: given an environment Γ, a Curry-style evidence e and a type T, construct a fully annotated evidence e′ such that Γ⊢e′:T and ∣e′∣=e. We use the terminology
proof checking to mean the following: given an environment Γ, a fully annotated evidence e and a type T,
check if Γ⊢e:T.
The type checking problem for Curry-style System F and Fω are well-known to be undecidable ([24], [23]).
The type system F2μ appears to be a much weaker system compared
to System F and Fω (HHN is decidable in F2μ), we will show a type checking algorithm for F2μ inspired by SLD-resolution [16]. We will work on types
that are kindable by our decidable kind system (Definition 3.2).
Moreover, we will consider the following reformulation of type
T from Definition 3.1:
[TABLE]
Here A is
of kind ∗. We use T1,...,Tn⇒A as a shorthand for T1⇒...⇒Tn⇒A and we call A the head of T1,...,Tn⇒A.
These types are a generalized version of Horn formulas, called hereditary Harrop formula in the literature [15].
In this section we use A,B to denote a type of kind ∗, and we use a,b to denote a type
variable or a type constant. The following definition of second-order matching
follows Dowek’s treatment [7] of Huet’s algorithm [14].
Definition 5.2** (Second-order Matching).**
Let E be a set of second-order matching problems {A1↦B1,...,An↦Bn}. The following
rules (intended to apply top-down) show how to transform E.
[TABLE]
Note that ⊥ denotes a failure in matching. In the Imi rule, the variables y1,...,ym are fresh type variables.
The Proj and Imi rules introduce
nondeterminism, so there may be multiple matchers for a matching problem A↦B. We
write A↦σB to mean there is a derivation from A↦B to ∅
using rules in the above definition with a second-order matcher σ. The second-order matching is decidable (all derivations are finite using Definition 5.2) and all the resulted matchers are finite, but second-order unification is not decidable [12].
The standard second-order matching algorithm usually generates
many vacuous substitutions, we can
exclude them by kinding, as we work with kindable types.
For example, when we match
dZZ against DZ(SZ), the second-order matching algorithm would
generate matchers such as [λx.λy.DZ(SZ)/d] and [λx.λy.Dy(Sy)/d], which are not kindable.
Let T=∀x1....∀xm.T1,...,Tn⇒A,
the set of variables {xi∣xi∈/FV(A),1≤i≤m}∪FV(T) are called existential variables. In this section, we work with types that do not have any existential variables, we will show how to handle existential variables in the next section.
We use Φ to
denote a set of tuples of the form (Γ,e,T). We define resolution by second-order matching as a transition system from
Φ to Φ′ as follows:
Definition 5.3** (Resolution by Second-order Matching (RSM)).**
Φ⟶Φ′**
{(Γ,(κ∣α)e1...en,A),Φ}⟶a{(Γ,e1,σT1),...,(Γ,en,σTn),Φ}*
if κ∣α:∀x.T1,...,Tn⇒B∈Γ with B↦σA.*
2. 2.
As before, κ∣α means “κ or α”.
The rule (1) allow the the size of {e1,...,en} to be zero. We require the sizes of {α1,...,αn} and {x1,...,xn} both to be nonzero for rules (2) and (3). Rule (3) also introduces fresh eigenvariables{x1,...,xn} for T, they behave the same as constants during RSM. In rule (1), when perform matching B↦σA, we rename the bound variables x in T1,...,Tn,B to fresh variables.
The T in the tuple (Γ,e,T) intuitively corresponds to the current goal for the
resolution and e is a Curry-style evidence that
can be understood as a list of instructions for the resolution algorithm.
The resolution is defined by case analysis on the Curry-style evidence and the current goal T and it is terminating. If it terminates with the empty
set, then we say the resolution succeeds, otherwise it fails. The following theorem shows that if the resolution succeeds, then the type checking succeeds, i.e. we can obtain the corresponding fully annotated evidence.
Theorem 5.4** (Soundness of RSM).**
If {(Γ,e,T)}⟶∗∅, then there exists an evidence e′ such that Γ⊢e′:T in F2μ and ∣e′∣=e.
The proof of Theorem 5.4 gives us an algorithm to compute the annotated
evidence e′. This algorithm is implemented in our prototype.
Example 5.5**.**
Continuing the Example 5.1, let us illustrate how to use RSM to type check the function f. Consider the long form of f, namely, f=μf.λα.λβ.β(α(f(λα′.αα′)(λα′.β(αα′))) and the Leibniz representation:
Note that Γ′′=Γ,f:T′,α:∀p.∀x.∀y.p(d1x(Sy))⇒p(d1(Sx)y),β:∀p.∀y.p(d1(Sy)Z)⇒p(d1Zy). At the third ⟶a-step, by second-order matching, we instantiate the d in the type of f to λx.λy.d1x(Sy). Now that f is typable with T′, we have Γ⊢fDκaκb:DZZ. Since the rewriting system is non-overlapping and f is hereditary head normalizing, by
Theorem 4.8 we know fDκaκb represents the nonterminating reduction of DZZ.
Representing nonterminations in general follows the same method as the above example:
one first writes down a corecursive function that
represents the rule sequence in a nonterminating reduction, and then provides the
proper type signature for such function. Once the function is type checked,
a finite representation can be obtained. We illustrate how the prototype works for
this example and some other challenging examples in the Appendix H, J.
6 RSM Algorithm with Existential Variables
The RSM algorithm in Definition 5.3 fails to type check some judgements in presence of existential variables.
In this section, we extend RSM to cope with existential variables.
As a result, the nontermination reduction in the Example 1.1 can also be type checked.
We consider the following sequential reduction that simulates the parallel reduction sequence in
the Example 1.1.
At each reduction step, we underline the chosen redex.
Observe that the length of the gray strings grows according to the Fibonacci sequence, and each gray string is a result of concatenation of the previous two.
The rule sequence in the above reduction is “a,ab,aba,abaab,abaababa” (each word in the rule sequence is a concatenation of the previous two).
We can use the corecursive function fαβ=α(f(α⋅β)α) to generate such sequences.
We can use a standard method [22] to represent string rewriting systems
as first-order term rewriting systems. In this case, the corresponding rules would be Ax→aA(Bx) and Bx→bAx. The reduction would begin with Ax.
The Leibniz representation for this rewrite system is the following:
Δ=A:∗⇒∗,B:∗⇒∗
Γ=κa:∀p.∀x.p(A(Bx))⇒p(Ax),κb:∀p.∀x.p(Ax)⇒p(Bx)
To represent the rewriting sequence above, we need to give a type to the function f
such that Γ⊢fκaκb:Ax.
The most intuitive type we can assign to the corecursive function fαβ=α(f(α⋅β)α) is the following:
Then we would have Γ⊢fxκaκb:Ax. Unfortunately this
will not be type checked by RSM (the resolution will fail). We need to perform abstraction on type (I), here we abstract the function symbol B to a functional variable b:∗⇒∗,
and A to a functional variable a:∗⇒∗, obtaining the following type for f.
Note that the quantified variable b in (II) is an existential variable. If f is typable with (II),
then we know that Γ⊢fABxκaκb:Ax, which encodes the nonterminating
reduction starting from Ax.
But RSM will fail again in this case, due to the appearance of the existential variable b.
Ideally, the best way to deal with existential variables is by unification, we would need to replace rule (1) in RSM with the following:
{(Γ,(κ∣α)e1...en,A),Φ}⟶a{(σΓ,e1,σT1),...,(σΓ,e1,σTn),σΦ} if κ∣α:∀x.T1,...,Tn⇒B∈Γ with B∼σA
Here B∼σA means A and B are second-orderly unifiable by σ. And σΓ,σΦ means applying the substitution σ to all the types in Γ,Φ. But second-order unification is not decidable and we need a finite set of unifiers.
Thus we replace B∼σA with B↦σA.
Definition 6.1** (Existential RSM (ERSM)).**
We replace (1) in Definition 5.3 to the following (Keeping rules (2), (3), (4) unchanged):
Note that the formula ∀x1....∀xm.T1,...,Tn⇒B in rule (1’) may contain existential variables.
The idea of this change is that by reordering the (Γ,e,T) pairs, we give priority to
resolve the pair (Γ,e,T) where the head of T does not contain any existential
variables. If the A in (1’) does not contain existential variables, we can use rule (1’) to eliminate the existential variables in ∀x1....∀xm.T1,...,Tn⇒B. This extension allows us to avoid using the undecidable second-order unification, and it is good enough to handle all of our examples involving existential variables555There is a well-known scope problem
[7, Section 5], we show how to solve it for ERSM and prove the soundness of ERSM in Appendix I..
With the Definition 6.1, we can obtain the following successful ERSM reduction,
where μf.λα.λβ.α(f(λα′.(α(βα′)))(λα′.αα′)) is the long form of fαβ=α(f(α⋅β)α).
Note that Γ′=Γ,f:T,α:∀p.∀y.p(a1(b1y))⇒p(a1y),β:∀p.∀y.p(a1y)⇒p(b1y). At the second ⟶a-step, by second-order
matching, variable a is instantiated with λy.a1(b1y) for the type of f and
the existential variable b is instantiated with fresh variable b2. At the fifth ⟶a-step, the existential variable b2 is
instantiated with λy.a1y, and there is a substitution for b2 applying to Φ. But RSM will not perform this substitution, as a result, RSM cannot resolve Φ to ∅.
7 Conclusion and Future Work
We present a novel method to represent nonterminating reductions in F2μ, where the rewrite rules and first-order terms are modeled by types, and
the nonterminations are modeled by the hereditary head normalizing evidence. We prove that the hereditary head normalizing evidence for a first-order term is faithful, i.e. it represents a nonterminating reduction. We also prove the hereditary head normalization property for F2μ is decidable. To ease the representation process, we develop a type checking algorithm based on second-order matching, where fully annotated evidence can be generated from Curry-style evidence with only top-level type annotations.
Future work. We would like to investigate the nonterminating reductions that are currently
outside the scope of F2μ and study the expressitivity of F2μ
in terms of representing nonterminations. The RSM/ERSM type checking algorithm is not very flexible. For example
the Curry style evidence currently has to be in long form. We plan to
relax this restriction.
Acknowledgement
I would like to thank Tom Schrijvers for coming up with Example 5.1 and showing me a solution in Haskell using type family (See Fu et. al. [10]), at a time when I thought this whole thing is impossible. I also like to thank Ekaterina Komendantskaya for many helpful
discussions, which leads me to consider the automation aspect, eventually I discover that quantification over higher-order variables leads to another solution for Example 5.1 without using type family, hence this paper. Reviewer 1 from FSCD 2016 discovered an error
in an ealier version of the paper, which leads to a more rigid formulation of F2μ.
Reviewer A from POPL 2017 suggests a possible simplification of productivity checking by mapping
F2μ to λ-Y, which I carried out in this paper, and it greatly simplifies and strengthens the paper. Leibniz representation in this paper is inspired by Stump and Schürmann [20]’s treatment on rewriting and
Girard’s recent criticism about Leibniz equality 666J.Y. Girard, Transcendental syntax III: equality. I would also like to thank the School of Computing at University of Dundee, and my mother Chen Xingzhen for generously providing a working space for me when I was in
transitions between Postdocs.
We have (λx.T2)T1→o[T1/x]T2. Since Δ⊢λx.T2:∗⇒K, by inversion we know that Δ,x:∗⊢T2:K and x∈FV(T2).
So FV((λx.T2)T1)=FV([T1/x]T2) and Δ⊢[T1/x]T2:K.
Case*.*
Δ⊢∀x.T:oΔ,x:K⊢T:o∣∗**
Suppose ∀x.T→o∀x.T′ by T→oT′. By IH, Δ,x:K⊢T′:o∣∗ and FV(T)=FV(T′). Thus Δ⊢∀x.T′:o and FV(∀x.T)=FV(∀x.T′).
If Δ⊢T:o, then T is of the form ∀x.T′ or T1⇒T2.
2. 2.
If Δ⊢T:∗n⇒∗, then the normal form of T is second-order.
Proof B.2**.**
(1) Obvious.
(2). By induction on the derivation of Δ⊢T:∗n⇒∗.
Case*.*
Δ⊢x∣F:K(x∣F:K)∈Δ**
Obvious.
Case*.*
Δ⊢T2T1:K\lx@proof@logical@andΔ⊢T1:∗Δ⊢T2:∗⇒K**
We need to show the normal form of T2T1 is second-order. By IH, we know
the normal form of T1,T2 are second-order, moreover, T1 is flat since Δ⊢T1:∗. Suppose T2≡F or T2≡x, then
by definition we know T2T1 is second-order. Suppose T2≡λx.T′, where
x∈FV(T′) and T′ is second-order. Then (λx.T′)T1→o[T1/x]T′ and [T1/x]T′
is second-order.
Case*.*
Δ⊢λx.T:∗⇒K\lx@proof@logical@andΔ,x:∗⊢T:Kx∈FV(T)**
Let [T] be the normal form of T. By IH, we know that [T] is second-order. By Theorem 3.5,
we know that x∈FV([T]). Thus λx.[T] is second-order.
⇝βμτo* and
⇝hτo are confluent, and ⇝τ is strongly normalizing.*
Proof C.2**.**
Note that ⇝τ commutes with ⇝o, ⇝h and ⇝βμ. Also ⇝o commutes with ⇝h and ⇝βμ.
Thus it is enough
to show that ⇝h and ⇝βμ are confluent. For ⇝h, we just need to check
H1[(λx.(H2[μα.e′]))e], as it is the only critical pair. We know that:
Thus ⇝h is confluent. For the confluence of ⇝βμ, we refer
to the existing literature (e.g. [1, §7.1]). Finally, ⇝τ
is strongly normalizing because the number of ⇝τ-redex is strictly decreasing.
Suppose (λα.e)e1⇝h[e1/α]e. By Theorem D.1 (4), we have
Γ,α:T1⊢e:T2 and T1⇒T2↔o∗T′⇒T. Since
→o is confluent, we have T1↔o∗T′ and T2↔o∗T. Thus
Γ⊢e1:T1. By Lemma D.3 (1), we know Γ⊢[e1/α]e:T2. Thus
Γ⊢[e1/α]e:T.
Case*.*
Γ⊢(λx.e)T′:[T′/x]TΓ⊢λx.e:∀x:K.T**
Suppose that (λx.e)T′⇝τ[T′/x]e. By Theorem D.1 (5), we have
Γ⊢e:T1, x∈/FV(Γ) and ∀x.T1↔o∗∀x.T. By Lemma D.3 (2), we have Γ⊢[T′/x]e:[T′/x]T1. Since ∀x.T1↔o∗∀x.T implies [T′/x]T1↔o∗[T′/x]T, we have Γ⊢[T′/x]e:[T′/x]T.
Suppose that (λx.e)T′⇝o(λx.e)T′′ with T′→oT′′.
So by App rule, we have Γ⊢(λx.e)T′′:[T′′/x]T. By Conv rule, we have Γ⊢(λx.e)T′′:[T′/x]T.
Suppose ΓR⊢e:t for some first-order term t and e is head normalizing. We have e⇝hτ∗κ(λx.C[x,...,x])t1...tne′ for some κ:∀p.∀x.pr⇒pl∈ΓR.
Furthermore, we have ΓR⊢e′:C[σr,...,σr] and C[σl,...,σl]=t, where codom(σ)={t1,...,tn} and dom(σ)=FV(l).
Proof E.2**.**
Since e is head normalizing and ΓR⊢e:t, its head normal form must be of the κTT1...Tne′ for some κ:∀p.∀x.pr⇒pl∈ΓR. By subject reduction (Theorem 3.5, Theorem 3.12), we have ΓR⊢κTT1...Tne′:t. By inversion Theorem 3.11 (1) on ΓR⊢κTT1...Tne′:t, we know that ΓR⊢κTT1...Tn:T1′⇒T2′, ΓR⊢e′:T1′ and T2′↔ot. By inversion Theorem 3.11 (2) on ΓR⊢κTT1...Tn:T1′⇒T2′,
we have σ(pr)⇒σ(pl)↔o∗T1′⇒T2′, where σ=[T/p,T1/x1,...,Tn/xn]. Since we are working with
well-kinded types, we know that
ΓR⊢T:∗⇒∗ and ΓR⊢Ti:∗ for all i. By Theorem 3.7, we know T=λx.C[x,...,x] and Ti is flat for all
i. By confluence of ↔o, we have σ(pr)↔o∗T1′ and σ(pl)↔o∗T2′↔o∗t. Thus σ(pl)≡[T/p,T1/x1,...,Tn/xn](pl)≡(λx.C[x,...,x])(σl)→o∗t. So C[σl,...,σl]=t. Since σ(pr)↔o∗T1′, we have ΓR⊢e′:C[σr,...,σr].
We define a function θ that maps F2μ types to λ-Y types.
θ(F)=B**
θ(x)=B**
θ(λx.T)=θ(T)**
θ(TT′)=θ(T)**
θ(T⇒T′)=θ(T)⇒θ(T′)**
θ(∀x.T)=θ(T)**
Lemma F.4**.**
If Δ⊢T:K in F2μ, then θ(T)=B.
Proof F.5**.**
By induction on the derivation of Δ⊢T:K.
Lemma F.6**.**
If Δ⊢T′:K in F2μ, then θ([T′/x]T)≡θ(T)
for any T in F2μ.
Proof F.7**.**
Using Lemma F.4 and induction on the structure of T.
Lemma F.8**.**
If T1↔o∗T2 and Δ⊢T1∣T2:k in F2μ, then θ(T1)≡θ(T2).
Proof F.9**.**
By induction on the derivation of T1↔o∗T2.
Definition F.10**.**
θ(.)=.**
θ(Γ,α:T)=θ(Γ),α:θ(T)**
θ(Γ,κ:T)=θ(Γ),κ:θ(T)**
Theorem F.11**.**
If Γ⊢e:T and Δ⊢T:∗∣o in F2μ, then
θ(Γ)⊢∣e∣:θ(T) in λ-Y.
Proof F.12**.**
By induction on derivaton of Γ⊢e:T in F2μ.
•
Case:
[TABLE]
We just need to show θ(Γ)⊢α∣κ:θ(T) in λ-Y, which we know
is the case by definition of θ(Γ).
•
Case:
[TABLE]
We need to show θ(Γ)⊢∣e2e1∣:θ(T) in λ-Y. By induction,
we know that θ(Γ)⊢∣e1∣:θ(T′) and θ(Γ)⊢∣e2∣:θ(T′)⇒θ(T) in λ-Y. Thus we have θ(Γ)⊢∣e2∣∣e1∣:θ(T).
•
Case:
[TABLE]
We need to show θ(Γ)⊢λα.∣e∣:θ(T′)⇒θ(T) in λ-Y. By induction, we know that θ(Γ),α:θ(T′)⊢∣e∣:θ(T) in λ-Y.
•
Case:
[TABLE]
We need to show θ(Γ)⊢μα.∣e∣:θ(T) in λ-Y. By induction, we know that θ(Γ),α:θ(T)⊢∣e∣:θ(T) in λ-Y.
•
Case:
[TABLE]
We need to show θ(Γ)⊢∣e∣:θ(T) in λ-Y, which is the
case by induction.
•
Case:
[TABLE]
We need to show θ(Γ)⊢∣e∣:θ([T′/x]T) in λ-Y.
By induction, we know that θ(Γ)⊢∣e∣:θ(T). By Lemma F.6,
we know that θ([T′/x]T)≡θ(T).
•
Case:
[TABLE]
We need to show θ(Γ)⊢∣e∣:θ(T′) in λ-Y.
By induction, we know that θ(Γ)⊢∣e∣:θ(T).
By Lemma F.8, we know that θ(T′)≡θ(T).
If {(Γ1,e1,T1),...,(Γn,en,Tn)}⟶∗∅, then there exists an evidence e1′,...,en′ such that Γi⊢ei′:Ti and ∣ei′∣=ei for all i.
Proof G.2**.**
By induction on the length of
{(Γ1,e1,T1),...,(Γn,en,Tn)}⟶∗∅.
•
Case {(Γ,α∣κ,A)}⟶a∅.
In this case α∣κ:∀x.B∈Γ and B↦σA. Since ∀x.B does not contain existential variables, by Inst, we have Γ⊢(α∣κ)T:A, where {T}=codom(σ) and ∣(α∣κ)T∣=α∣κ.
{(Γ,e1′′,σT1′),...,(Γ,em′′,σTm′),(Γ1,e1,T1),...,(Γn,en,Tn)}⟶∗∅, where κ∣α:∀x.T1′,...,Tn′⇒B∈Γ with B↦σA.
By IH, we know that Γ⊢e1′′′:σT1′,...,Γ⊢em′′:σTm′,Γ1⊢e1′:T1,...,Γn⊢en′:Tn and ∣e1′′′∣=e1′′,...,∣em′′′∣=em′′,∣e1′∣=e1,...,∣en′∣=en. Let codom(σ)=T, since ∀x.T1′,...,Tn′⇒B does not contain existential variables, we have Γ⊢(α∣κ)T:σT1′,...,σTn′⇒σB. Thus
Γ⊢(α∣κ)Te1′′′...em′′′:σB. By
Conv, we have Γ⊢(α∣κ)Te1′′′...em′′′:A. Moreover, ∣(α∣κ)Te1′′′...em′′′∣=(α∣κ)∣e1′′′∣...∣em′′′∣=(α∣κ)e1′′...em′′.
By IH, we have Γ,α1:T1,...,αn:Tn⊢e′:A,Γ1⊢e1′:T1,...,Γl⊢el′:Tl
with ∣e′∣=e,∣e1′∣=e1,...,∣el′∣=el. Thus by Lam rule, we have Γ⊢λα1....λαn.e′:T1,...,Tn⇒A and ∣λα1....λαn.e′∣=λα1....λαn.e.
By IH, we have Γ⊢e′:A,Γ1⊢e1′:T1,...,Γl⊢el′:Tl
with ∣e′∣=e,∣e1′∣=e1,...,∣el′∣=el. Since {x1,...,xm}∩FV(Γ)=∅, by Abs rules, we have Γ⊢λx1....λxm.e′:∀x1....∀xm.T and ∣λx1....λxm.e′∣=e.
•
Case {(Γ,μα.e,T),(Γ1,e1,T1),...,(Γn,en,Tn)}⟶c{([Γ,α:T],e,T),(Γ1,e1,T1),...,(Γn,en,Tn)}
⟶∗∅**
By IH, we know that Γ,α:T⊢e′:T,Γ1⊢e1′:T1,...,Γn⊢en′:Tn and ∣ei′∣=ei for all i. By Mu rule, we have Γ⊢μα.e′:T. Thus ∣μα.e′∣=μα.e.
Appendix H Examples in the Paper
In this section we show how to represent nonterminations for all the examples
in the paper using the prototype FCR (for Functional Certification of Rewriting), the
prototype is available at https://github.com/Fermat/FCR.
It tries to generate typable F2μ evidence from the corecursive equations
and the type declarations.
A : forall p x y . p (D x (S y)) => p (D (S x) y)
B : forall p y . p (D (S y) Z) => p (D Z y)
g : forall d .
(forall p x y . p (d x (S y)) => p (d (S x) y)) =>
(forall p y . p (d (S y) Z) => p (d Z y)) =>
d Z Z
g a1 a2 = a2 (a1 (g (\ v . a1 v) (\ v . a2 (a1 v))))
e : D Z Z
e = g (\ v . A v) (\ v . B v)
The capitalized words for FCR are intended to denote both type and evidence constant, uncapitalized words are intended to denote both type and evidence variables. In the definition of corecursive
function g, “\” denotes the λ binder, its type declaration
is discussed in the paper. FCR currently uses long normal form to make variable instantiation, so we
have to use (I) instead of (II).
Evidence such as μf.λa.e is
represented as equation f a = e, so there is no explicit μ binder in the input file. The corecursive evidence for D Z Z is e.
The following is the output by the type checker.
rewrite rules
kinds
D : * => * => *
S : * => *
Z : *
axioms
A : forall p x y . p (D x (S y)) => p (D (S x) y)
B : forall p y . p (D (S y) Z) => p (D Z y)
proof declarations
g : forall d .
(forall p x y . p (d x (S y)) => p (d (S x) y))
=>
(forall p y . p (d (S y) Z) => p (d Z y)) => d Z Z =
\ a1 a2 . a2 (a1 (g (\ v . a1 v) (\ v . a2 (a1 v))))
e : D Z Z =
g (\ v . A v) (\ v . B v)
lemmas
e : D Z Z =
g (\ m1’ m2’ . D m1’ m2’)
(\ p1’ x2’ y3’ (v : p1’ (D x2’ (S y3’))) .
A (\ m1’ . p1’ m1’) x2’ y3’ v)
(\ p7’ y8’ (v : p7’ (D (S y8’) Z)) . B (\ m1’ . p7’ m1’) y8’ v)
g : forall d .
(forall p x y . p (d x (S y)) => p (d (S x) y))
=>
(forall p y . p (d (S y) Z) => p (d Z y)) => d Z Z =
\ d0’
(a1 : forall p x y . p (d0’ x (S y)) => p (d0’ (S x) y))
(a2 : forall p y . p (d0’ (S y) Z) => p (d0’ Z y)) .
a2 (\ x1’ . x1’) Z
(a1 (\ x1’ . x1’) Z Z
(g (\ m1’ m2’ . d0’ m1’ (S m2’))
(\ p7’ x8’ y9’ (v : p7’ (d0’ x8’ (S (S y9’)))) .
a1 (\ m1’ . p7’ m1’) x8’ (S y9’) v)
(\ p13’ y14’ (v : p13’ (d0’ (S y14’) (S Z))) .
a2 (\ m1’ . p13’ m1’) (S y14’)
(a1 (\ m1’ . p13’ m1’) (S y14’) Z v))))
steps
automated proof reconstruction success!
The lemmas section contains the annotated evidence. All variables generated by FCR
are variables end with “ ’ ”. All lambda-bound evidence variables are annotated with the type information. This is needed for decidable proof checking, we do not need to annotate lambda-bound type variables. The annotated evidence generated by our type checker is checked by a separate F2μ proof checker.
We can translated the input file into the following Haskell code, but it will not pass Haskell’s
type checker.
data D :: * -> * -> *
data S :: * -> *
data Z :: *
a :: forall p x y . p (D x (S y)) -> p (D (S x) y)
a = undefined
b :: forall p y . p (D (S y) Z) -> p (D Z y)
b = undefined
g :: forall d .
(forall p x y . p (d x (S y)) -> p (d (S x) y)) ->
(forall p y . p (d (S y) Z) -> p (d Z y)) ->
d Z Z
g a1 a2 = a2 (a1 (g (\ v -> a1 v) (\ v -> a2 (a1 v))))
g : forall a b x .
(forall p y . p (a (b y)) => p (a y)) =>
(forall p y . p (a y) => p (b y)) => a x
g a b = a (g (\ v . a (b v)) (\ v . a v))
h : A x
h = g (\ v . Ka v) Kb
step h 20
We use the alternative notation A x <= A (B x) to represent the rewrite rule
from A x to A (B x), it will be translated to its Leibniz representation
by FCR. And step h 20 is a command telling FCR
to output the 20th first-order term in the reduction h began with term A x. The following is the output information.
rewrite rules
Ka : A x <= A (B x)
Kb : B x <= A x
kinds
A : * => *
B : * => *
axioms
Ka : forall p x . p (A (B x)) => p (A x)
Kb : forall p x . p (A x) => p (B x)
proof declarations
g : forall a b x .
(forall p y . p (a (b y)) => p (a y))
=>
(forall p y . p (a y) => p (b y)) => a x =
\ a b . a (g (\ v . a (b v)) (\ v . a v))
h : A x =
g (\ v . Ka v) Kb
lemmas
h : A x =
g (\ m1’ . A m1’) (\ m1’ . B m1’) x
(\ p3’ y4’ (v : p3’ (A (B y4’))) . Ka (\ m1’ . p3’ m1’) y4’ v)
Kb
g : forall a b x .
(forall p y . p (a (b y)) => p (a y))
=>
(forall p y . p (a y) => p (b y)) => a x =
\ a0’
b1’
x2’
(a : forall p y . p (a0’ (b1’ y)) => p (a0’ y))
(b : forall p y . p (a0’ y) => p (b1’ y)) .
a (\ x1’ . x1’) x2’
(g (\ m1’ . a0’ (b1’ m1’)) (\ m1’ . a0’ m1’) x2’
(\ p8’ y9’ (v : p8’ (a0’ (b1’ (a0’ y9’)))) .
a (\ m1’ . p8’ m1’) (b1’ y9’)
(b (\ m1’ . p8’ (a0’ (b1’ m1’))) y9’ v))
(\ p14’ y15’ (v : p14’ (a0’ (b1’ y15’))) .
a (\ m1’ . p14’ m1’) y15’ v))
steps
step h 20
automated proof reconstruction success!
steps results
A (B (A (A (B (A (B (A (A (B (A (A (B x))))))))))))
We can check that the term A (B (A (A (B (A (B (A (A (B (A (A (B x))))))))))))
represents the string we obtain in the very end of the string reduction trace in Section 6.
Note that this term is obtained directly from the unfolding of the reduction trace without invoking any term rewriting reduction.
Appendix I Solving the Scope Problem in ERSM and the Soundness of ERSM
Due to lack of space, we did not explain nor discuss the soundness of ERSM in Section 6. In fact, the ERSM is not sound in its current form due to a subtle scope problem. We will
show how to solve this soundness problem in this section. To explain the scope problem, let us consider the following two formulas.
(I) forall p x y . p (G (F Z x (S y)) (F x y (S (S Z)))) => p (F Z (S x) y)
(II) forall p x y . p (qa (F Z x (S y))) => p (F Z (S x) y)
It may appear that these two formulas are second-orderly unifiable if we instantiate qa in (II) to
\m . G m (F x y (S (S Z))).
But this instantiation assumes the variable x, y in \m . G m (F x y (S (S Z))) can be automatically captured by the forall binder in (II), this is
not a correct assumption.
In fact (I) and (II) are not unifiable, this kind of problem is called
scope problem by Dowek [7, Section 5].
The solution of the scope problem is conceptually simple, i.e. we just need to prevent the
instantiation of the existential variables when there is such a scope problem. However, to
implement this solution within the ERSM framework requires some efforts.
We works with idempotent substitution, i.e. for a substitution σ,
we require that σ⋅σ=σ. Idemptentness is easy to check, due to
the following property [2]: σ is idempotent iff dom(σ)∩FV(codom(σ))=∅. This requirement is needed in order to prove
the soundness theorem.
Definition I.1**.**
Let L denote a list of variables. We define y⊏Lx if L=L1,y,L2,x,L3
for some L1,L2,L3. We define scope(L,σ) to be the conjunction of the following two predicates: (1) ∀x∈dom(σ)∩L,∀y∈FV(σx),y⊏Lx. (2) ∀x∈dom(σ)−L,FV(σx)∩L=∅.
Let Φ denotes a set of tuple (L,Γ,e,T). We use σL to denote L−dom(σ) and we use L+L′ to mean appending L,L′.
Definition I.2**.**
σΓ,σΦ**
σ⋅=⋅**
σ[α:T,Γ]=α:σT,σΓ**
σ[κ:T,Γ]=κ:σT,σΓ**
σ{}={}**
σ{(L,Γ,e,T),Φ}={(σL,σΓ,e,σT),σΦ}, where scope(L,σ).
Let S be a set of variables, we write σ/S=[t/x∣x∈(dom(σ)−S)].
We can see if we eliminate L and scope(L,σ), we can obtain ERSM described in
the paper.
Lemma I.4**.**
If Γ⊢e:T, then σΓ⊢σe:σT.
If S is a set of variables, we define σS:={σx∣x∈S}. Moreover, we
extend FV function to obtain all the free variables of a set of terms. Note that
all the
substitutions are idempotent and disjoint , i.e.
FV(codom(σ))∩dom(σ)=∅ for any σ and dom(σ1)∩dom(σ2)=∅, for any σ1,σ2.
Lemma I.5** (Scope Check Composition).**
Suppose FV(codom(σ2))∩dom(σ1)=∅. If Scope(L,σ1) and Scope(σ1L+L′,σ2)
for some fresh L′, then Scope(L,σ2⋅σ1).
Proof I.6**.**
•
Case y∈dom(σ2⋅σ1)−L.
We need to show
FV(σ2σ1y)∩L=∅, i.e. FV(σ2(FV(σ1y)))∩L=∅. We know that dom(σ2⋅σ1)=dom(σ2)⊎dom(σ1). Suppose y∈dom(σ1),
we know that FV(σ1y)∩L=∅. For any z∈FV(σ1y)∩dom(σ2), we have FV(σ2z)∩(σ1L+L′)=∅, which implies FV(σ2z)∩L=∅. For any z∈FV(σ1y)−dom(σ2), we have FV(σ2z)={z},{z}∩L=∅. Suppose y∈dom(σ2), we need to show FV(σ2y)∩L=∅, this is the case since FV(σ2y)∩(σ1L+L′)=∅ and FV(codom(σ2))∩dom(σ1)=∅.
•
Case. y∈dom(σ2⋅σ1)∩L.
We need to show
for any z∈FV(σ2(FV(σ1y)))∩L, z⊏Ly.
Let x∈FV(σ1y), we just need to show for any z∈FV(σ2x)∩L, z⊏Ly. Suppose x∈/dom(σ2). Then FV(σ2x)={x}. So x⊏Ly if x∈L.
Suppose x∈dom(σ2)∩L, we know that (FV(σ2x)∩(σ1L+L′))⊏σ1L+L′x. Since z∈FV(σ2x)∩L implies z∈FV(σ2x)∩(σ1L+L′), we have
z⊏σ1L+L′x⊏Ly. Since x∈/L′ and
x∈/dom(σ1), we have z⊏Lx⊏Ly. Suppose x∈dom(σ2)−L, then x∈dom(σ2)−(σ1L+L′), thus FV(σ2x)∩(σ1L+L′)=∅, which implies FV(σ2x)∩L=∅.
Suppose y∈dom(σ2), we just need to show
for any z∈FV(σ2y)∩L, z⊏Ly. Since z∈/dom(σ1), we have z∈FV(σ2y)∩(σ1L+L′). Thus z⊏σ1L+L′y, which implies z⊏Ly.
Lemma I.7** (Scope Invariant).**
If ({(L1,Γ1,e1,T1),...,(Ln,Γn,en,Tn)},σ)⟶({(L1′,Γ1′,e1′,T1′),...,(Lm′,Γm′,em′,Tm′)},σ′⋅σ),
then Scope(Li,σ′) for all i.
2. 2.
If ({(L1,Γ1,e1,T1),...,(Ln,Γn,en,Tn)},σ)⟶∗({(L1′,Γ1′,e1′,T1′),...,(Lm′,Γm′,em′,Tm′)},σ′⋅σ),
then Scope(Li,σ′) for all i.
If ({(L1,Γ1,e1,T1),...,(Ln,Γn,en,Tn)},σ)⟶∗(∅,σ′⋅σ) for some σ′, then σ′Γi⊢ei′:σ′Ti and ∣ei′∣=ei for all i.
Proof I.10**.**
By induction on the length of
({(L1,Γ1,e1,T1),...,(Ln,Γn,en,Tn)},σ)⟶∗(σ′⋅σ,∅).
•
Case ({(L,Γ,α∣κ,A)},σ)⟶a(∅,σ′′⋅σ).
In this case α∣κ:∀x.B∈Γ, σ′′=σ′/{x}, scope(L,σ′′) and B↦σ′A. By Inst rule and the idempotentness of σ′, we have σ′′Γ⊢(α∣κ)(σ′x):σ′B≡σ′′σ′B=σ′′A, where ∣(α∣κ)(σ′x)∣=α∣κ.
•
Case
({(L,Γ,(α∣κ)e1′′...em′′,A),(L1,Γ1,e1,T1),...,(Ln,Γn,en,Tn)},σ)⟶a
where κ∣α:∀x.T1′,...,Tn′⇒B∈Γ with B↦σ1A, σ′=σ1/{x}, scope(L,σ′) and L′=σ′L+[xi∣xi∈/FV(B),1≤i≤m].
By IH, we know that σ′′σ′Γ′⊢e1′′′:σ′′σ1T1′,...,σ′′σ′Γ′⊢em′′′:σ′′σ1Tm′,σ′′σ′Γ1⊢e1′:σ′′σ′T1,...,σ′′σ′Γn⊢en′:σ′′σ′Tn and ∣e1′′′∣=e1′′,...,∣em′′′∣=em′′,∣e1′∣=e1,...,∣en′∣=en. We have σ′′σ′Γ⊢(α∣κ)(σ′′σ′x):σ′′σ1T1′,...,σ′′σ1Tn′⇒σ′′σ1B. By
Conv, App and idempotentness, we have σ′′σ′Γ⊢(α∣κ)(σ′′σ′x)e1′′′...em′′′:σ′′σ1B=σ′′σ′A. Moreover, ∣(α∣κ)(σ′′σ′x)e1′′′...em′′′∣=(α∣κ)∣e1′′′∣...∣em′′′∣=(α∣κ)e1′′...em′′.
By IH, we have σ′Γ,α1:σ′T1,...,αn:σ′Tn⊢e′:σ′A,σ′Γ1⊢e1′:σ′T1,...,σ′Γl⊢el′:σ′Tl
with ∣e′∣=e,∣e1′∣=e1,...,∣el′∣=el. Thus by Lam rule, we have σ′Γ⊢λα1....λαn.e′:σ′T1,...,σ′Tn⇒σ′A and ∣λα1....λαn.e′∣=λα1....λαn.e.
By IH, we have σ′Γ⊢e′:σ′T,σ′Γ1⊢e1′:σ′T1,...,σ′Γl⊢el′:σ′Tl
with ∣e′∣=e,∣e1′∣=e1,...,∣el′∣=el. By Lemma I.7 (2), scope([L,x1,...,xm],σ′). So FV(codom(σ′))∩{x1,...,xm}=∅. Thus by Abs rule, we have σ′Γ⊢λx1....λxm.e′:∀x1....∀xm.σ′T=σ′(∀x1....∀xm.T) and ∣λx1....λxm.e′∣=e.
•
Case ({(L,Γ,μα.e,T),(L1,Γ1,e1,T1),...,(Ln,Γn,en,Tn)},σ)⟶c
By IH, we know that σ′Γ,α:σ′T⊢e′:σ′T,σ′Γ1⊢e1′:σ′T1,...,σ′Γn⊢en′:σ′Tn and ∣ei′∣=ei for all i. By Mu rule, we have σ′Γ⊢μα.e′:σ′T. Thus ∣μα.e′∣=μα.e.
Theorem I.11** (Soundness of ERSM).**
If ({([],Γ,e,T)},id)⟶∗(∅,σ) and FV(Γ)=FV(T)=∅, then Γ⊢e′:T and ∣e′∣=e.
We now can understand the error message when we
try to type check the following declarations in FCR.
K : forall p x y . p (G (F Z x (S y)) (F x y (S (S Z)))) => p (F Z (S x) y)
K2 : forall qa . (forall p x y . p (qa (F Z x (S y))) => p (F Z (S x) y)) => B
h : B
h = K2 (\ c . K c)
Note that type checking h will give a scope problem as (I) and (II)
above does not unify. FCR will print out the following message.
scope error when matching [p1’] (qa0’ (F Z [x2’] (S [y3’])))
against [p1’] (G (F Z [x2’] (S [y3’])) (F [x2’] [y3’] (S (S Z))))
when applying c : [p1’] (qa0’ (F Z [x2’] (S [y3’])))
when applying substitution [ qa0’ : \ m1’ .
G m1’ (F [x2’] [y3’] (S (S Z))) ]
current variables list:
qa0’ p1’ x2’ y3’
the current mixed proof term:
K2 qa0’
(\ p1’ x2’ y3’ (c : [p1’] (qa0’ (F Z [x2’] (S [y3’])))) .
K (\ m1’ . [p1’] m1’) [x2’] [y3’]
([p1’] (G (F Z [x2’] (S [y3’])) (F [x2’] [y3’] (S (S Z))))))
The eigenvariables are the variables surrounded by brackets, and the substitution [t/x]
is represented as [x : t]. In this case the FCR will try to instantiate
the existential variable qa0’ with \m1’ . G m1’ (F [x2’] [y3’] (S (S Z))). The L is the current variables list for the scope function, we can see the substitution
will not pass the scope check. Moreover, we can inspect the mix proof term, we see that qa0’ is
not in the scope of [x2’], [y3’]. Thus the function h gives a typing error.
Appendix J Examples from Term Rewriting Literature
We demonstrate
how to use the prototype FCR to represent some nontrivial nonterminations in this section.
All of the examples in this section are from the existing term rewriting literature,
and we will focus on representing nonlooping nonterminating reductions.
The general idea of representing a nonterminating reduction trace is the following: we
need to see if the rule sequence can be generated by a corecursive function. Then
we will try to assign a type for the corecursive function. Most of the
efforts will be put on abstracting the right universal and existential type variables.
Obtaining the right type for the corecursive function usually requires interactions with
FCR and a good understanding of the type checking algorithm ERSM.
J.1
The following string rewriting system is from Endrullis and Zantema [9], Example 29.
AL→1LARA→2ARBL→3BRRB→4LAB
Observe the following nonlooping nonterminating reduction:
Observe that all the strings in the reduction can be described by the regular expression BA∗(L∣R)A∗B.
We focus on the
rule sequence: 343241322411..... The rule sequence can be generated
by the following corecursive function: fa1a2a3a4=a3⋅a4⋅(fa1a2(a3⋅a2)(a4⋅a1)), i.e. f1234 gives the rule sequence.
The term rewriting system corresponds to the above string rewriting system is the following.
The following is the type assignment for the function f, where the variable r
is an existential variable and will be instantiated by (\m1’ . A (r2’ m1’)) at the corecursive call of f.
K1 : A (L x) <= L (A x)
K2 : R (A x) <= A (R x)
K3 : B (L x) <= B (R x)
K4 : R (B x) <= L (A (B x))
f : forall p l r y .
(forall p x . p (l (A x)) => p (A (l x))) =>
(forall p x . p (A (r x)) => p (r (A x))) =>
(forall p x . p (B (r x)) => p (B (l x))) =>
(forall p x . p (l (A (B x))) => p (r (B x))) =>
p (B (l (B y)))
f a1 a2 a3 a4 = a3 (a4 (f (\ c . a1 c)
(\ c . a2 c)
(\ c . a3 (a2 c))
(\ c . a4 (a1 c))))
h : B (L (B y))
h = f K1 K2 (\ c . K3 c) K4
J.2
The following string rewriting system is from Endrullis and Zantema [9], Example 34.
ZL→1LZRZ→2ZRZLL→3ZLRRRZ→4LZRZ
Observe the following nonlooping nonterminating reduction:
Observe the rule sequence: 32241132224111..... This rule sequence can be generated
by the following corecursive function: fa1a2a3a4=a3⋅a2⋅a2⋅a4⋅a1⋅a1⋅(fa1a2(a3⋅a2)(a4⋅a1)), i.e. f1234 gives the rule sequence.
The term rewriting system corresponds to the above string rewriting system is the following.
The following is the type that we assign to f. The existential variable r
is instantiated by (\m1’ . Z (r2’ m1’)) at the corecursive call of f.
K1 : Z (L x) <= L (Z x)
K2 : R (Z x) <= Z (R x)
K3 : Z (L (L x)) <= Z (L (R x))
K4 : R (R (Z x)) <= L (Z (R (Z x)))
f : forall p l r y .
(forall p x . p (l (Z x)) => p (Z (l x))) =>
(forall p x . p (Z (r x)) => p (r (Z x))) =>
(forall p x . p (Z (L (r x))) => p (Z (L (l x)))) =>
(forall p x . p (l (Z (R (Z x)))) => p (r (R (Z x)))) =>
p (Z (L (l (Z (Z (R (Z y)))))))
f a1 a2 a3 a4 = a3 (a2 (a2 (a4 (a1 (a1 (f (\ c . a1 c)
(\ c . a2 c)
(\ c . a3 (a2 c))
(\ c . a4 (a1 c))))))))
h : (Z (L (L (Z (Z (R (Z y)))))))
h = f K1 K2 (\ c . K3 c) K4
J.3
The following string rewriting system is from Endrullis and Zantema [9], Example 33.
AAL→1LAARA→2ARBL→3BRRB→4LABRB→5ALB
Observe the following nonlooping nonterminating reduction:
Observe the rule sequence:
43251322,41322251132222,41132222251113222222....
This rule sequence can be generated
by the following corecursive function: fa1a2a3a4a5=a4⋅a3⋅a2⋅a5⋅a1⋅a3⋅a2⋅a2⋅(fa1a2(a3⋅a2⋅a2)(a4⋅a1)(a5⋅a1)), i.e. f12345 gives the rule sequence.
The term rewriting system corresponds to the above string rewriting system is the following.
We assign a type for f in the following. The existential variable l is
instantiated with (\m1’ . l1’ (A (A m1’))) at the corecursive call of f.
K1 : A (A (L x)) <= L (A (A x))
K2 : R (A x) <= A (R x)
K3 : B (L x) <= B (R x)
K4 : R (B x) <= L (A (B x))
K5 : R (B x) <= A (L (B x))
f : forall p l r y .
(forall p x . p (l (A (A x))) => p (A (A (l x)))) =>
(forall p x . p (A (r x)) => p (r (A x))) =>
(forall p x . p (B (r x)) => p (B (l x))) =>
(forall p x . p (l (A (B x))) => p (r (B x))) =>
(forall p x . p (A (l (B x))) => p (r (B x))) =>
p (B (r (B y)))
f a1 a2 a3 a4 a5 =
a4 (a3 (a2 (a5 (a1 (a3 (a2 (a2 (f (\ c . a1 c)
(\ c . a2 c)
(\ c . a3 (a2 (a2 c)))
(\ c . a4 (a1 c))
(\ c . a5 (a1 c))))))))))
h : B (R (B y))
h = f K1 K2 K3 (\ c . K4 c) K5
J.4
Consider the following rewriting system (from Zantema and Geser [26]) :
Note that the rule sequence for this reduction is: bbabaabaaab…..
The nontermination can only be observed via
the full reduction tree.
The following partial reduction tree produced by FCR is an infinite binary tree structure with each branch finite (by issuing command :full 6 (F Z (S Z) (S Z)) to FCR). Each node is a triple (e.g. [], B, F Z (S Z) (S (S Z))), the first element denotes the redex position of the parent (which is a list of number, but all of them are at root position, hence []), second element denotes the label of the rewrite rule applied, the third element denotes
the contractum.
[], _, F Z (S Z) (S Z)
|
+- [], B, F Z (S Z) (S (S Z))
| |
| +- [], B, F Z (S (S Z)) (S (S Z))
| | |
| | +- [], B, F (S Z) (S (S Z)) (S (S Z))
| | |
| | ‘- [], A, F Z (S Z) (S (S (S Z)))
| | |
| | +- [], B, F Z (S (S (S Z))) (S (S Z))
| | | |
| | | +- [], B, F (S (S Z)) (S (S Z)) (S (S Z))
| | | |
| | | ‘- [], A, F Z (S (S Z)) (S (S (S Z)))
| | | |
| | | +- [], B, F (S Z) (S (S (S Z))) (S (S Z))
| | | |
| | | ‘- [], A, F Z (S Z) (S (S (S (S Z))))
| | |
| | ‘- [], A, F Z Z (S (S (S (S Z))))
| |
| ‘- [], A, F Z Z (S (S (S Z)))
|
‘- [], A, F Z Z (S (S Z))
Note that the rule sequence can be described by the corecursive function
fa1a2=a2(f(λc.a1c)(λc.a2(a1c))).
We assign a type for f in the following. The universal type variable f is instantiated
by \m1’ m2’ m3’ . f1’ m1’ m2’ (S m3’) at the corecursive call of function f. We observe step h 7 gives F Z (S Z) (S (S (S (S Z)))), which is the reducible leaf at depth 6 in the reduction tree.
A : forall p x y . p (F Z x (S y)) => p (F Z (S x) y)
B : forall p x y . p (F x y (S (S Z))) => p (F Z (S x) y)
f : forall p f . (forall p x y . p (f Z x (S y)) => p (f Z (S x) y)) =>
(forall p y . p (f Z y (S (S Z))) => p (f Z (S Z) y)) =>
p (f Z (S Z) (S Z))
f a1 a2 = a2 (f (\ c . a1 c) (\ c . a2 (a1 c)))
h : F Z (S Z) (S Z)
h = f A (\ c . B c)
step h 7
J.5
\dbend
Consider the following one rule rewriting system (from Zantema and Geser [26]) :
FZ(Sx)y→KG(FZx(Sy))(Fxy(S(SZ)))
Note that the rewrite system in Section J.4 is the dummy eliminated version
of this rewriting system. Issuing command :inner 6 (F Z (S Z) (S Z)) to FCR, we obtain the following reduction trace.
the execution trace is:
F Z (S Z) (S Z)
-K-> G (F Z Z (S (S Z))) (F Z (S Z) (S (S Z)))
-K-> G (F Z Z (S (S Z)))
(G (F Z Z (S (S (S Z)))) (F Z (S (S Z)) (S (S Z))))
-K-> G (F Z Z (S (S Z)))
(G (F Z Z (S (S (S Z))))
(G (F Z (S Z) (S (S (S Z)))) (F (S Z) (S (S Z)) (S (S Z)))))
-K-> G (F Z Z (S (S Z)))
(G (F Z Z (S (S (S Z))))
(G (G (F Z Z (S (S (S (S Z))))) (F Z (S (S (S Z))) (S (S Z))))
(F (S Z) (S (S Z)) (S (S Z)))))
-K-> G (F Z Z (S (S Z)))
(G (F Z Z (S (S (S Z))))
(G (G (F Z Z (S (S (S (S Z)))))
(G (F Z (S (S Z)) (S (S (S Z))))
(F (S (S Z)) (S (S Z)) (S (S Z)))))
(F (S Z) (S (S Z)) (S (S Z)))))
-K-> G (F Z Z (S (S Z)))
(G (F Z Z (S (S (S Z))))
(G (G (F Z Z (S (S (S (S Z)))))
(G (G (F Z (S Z) (S (S (S (S Z)))))
(F (S Z) (S (S (S Z))) (S (S Z))))
(F (S (S Z)) (S (S Z)) (S (S Z)))))
(F (S Z) (S (S Z)) (S (S Z)))))
In this case the rule sequence is pretty simple, so we cannot learn much from
the rule sequence. But when we observe the redexes, the reduction appear to
have the same patterns as the one in Section J.4. The dummy elimination
technique makes the reduction pattern explicit in the rule sequence, it inspires
us to arrive at the following representation.
K : F Z (S x) y <= G (F Z x (S y)) (F x y (S (S Z)))
f : forall p qa qb f .
(forall p x y . p (qa (f Z x (S y)) x y) => p (f Z (S x) y)) =>
(forall p y . p (qb (f Z y (S (S Z))) y) => p (f Z (S Z) y)) =>
p (f Z (S Z) (S Z))
f a1 a2 = a2 (f (\ c . a1 c) (\ c . (a2 (a1 c))))
h : F Z (S Z) (S Z)
h = f (\ c . K c) (\ c . K c)
step h 7
The function f follows the exact same pattern as in Section J.4, but
its type reflect the two use case of the rule K, i.e. applying K to the left or right argument of G. For each case we use a existential variable
to capture the resulting contexts. Note that the existential variable qa has arity
3 and the existential variable qb has arity 2. Let us observe the following
fully annotated h and f from FCR. Notice that the third argument for
f in the definition of h is \m1’ m2’ . G (F Z Z (S m2’)) m1’ (the order of m1’ and m2’ is switched in the body). And the third
argument is \m1’ m2’ . qb2’ (qa1’ m1’ m2’ (S (S Z))) (S m2’) at the corecursive call of f in the definition of f (the variable m2’ is duplicated).
lemmas
h : F Z (S Z) (S Z) =
f (\ x1’ . x1’) (\ m1’ m2’ m3’ . G m1’ (F m2’ m3’ (S (S Z))))
(\ m1’ m2’ . G (F Z Z (S m2’)) m1’)
(\ m1’ m2’ m3’ . F m1’ m2’ m3’)
(\ p4’
x5’
y6’
(c : p4’ (G (F Z x5’ (S y6’)) (F x5’ y6’ (S (S Z))))) .
K (\ m1’ . p4’ m1’) x5’ y6’ c)
(\ p10’ y11’ (c : p10’ (G (F Z Z (S y11’)) (F Z y11’ (S (S Z))))) .
K (\ m1’ . p10’ m1’) Z y11’ c)
f : forall p qa qb f .
(forall p x y . p (qa (f Z x (S y)) x y) => p (f Z (S x) y))
=>
(forall p y . p (qb (f Z y (S (S Z))) y) => p (f Z (S Z) y))
=>
p (f Z (S Z) (S Z)) =
\ p0’
qa1’
qb2’
f3’
(a1 : forall p x y .
p (qa1’ (f3’ Z x (S y)) x y) => p (f3’ Z (S x) y))
(a2 : forall p y .
p (qb2’ (f3’ Z y (S (S Z))) y) => p (f3’ Z (S Z) y)) .
a2 (\ m1’ . p0’ m1’) (S Z)
(f (\ m1’ . p0’ (qb2’ m1’ (S Z)))
(\ m1’ m2’ m3’ . qa1’ m1’ m2’ (S m3’))
(\ m1’ m2’ . qb2’ (qa1’ m1’ m2’ (S (S Z))) (S m2’))
(\ m1’ m2’ m3’ . f3’ m1’ m2’ (S m3’))
(\ p10’
x11’
y12’
(c : p10’ (qa1’ (f3’ Z x11’ (S (S y12’))) x11’ (S y12’))) .
a1 (\ m1’ . p10’ m1’) x11’ (S y12’) c)
(\ p16’
y17’
(c : p16’
(qb2’ (qa1’ (f3’ Z y17’ (S (S (S Z)))) y17’ (S (S Z))) (S y17’))) .
a2 (\ m1’ . p16’ m1’) (S y17’)
(a1 (\ m1’ . p16’ (qb2’ m1’ (S y17’))) y17’ (S (S Z)) c)))
J.6
\dbend
The following term rewriting system is adapted from a string rewriting system in [9](Section 7), no current automated termination checker can detect the nontermination for this example.
Bl(Bx)→1B(Blx)
Bl(Cl(Dlx))→2B(Cl(Dx))
D(Dlx)→3Dl(Dx)
Al(Xx)→4Al(Bl(Blx))
B(Xx)→5X(Cl(Yx))
Bl(Cl(Dlx))→6X(Cl(Yx))
Y(Dx)→7Dl(Yx)
Y(Elx)→8Dl(Dl(Elx))
Observe the following nonlooping reduction trace (→a,b is a shorthand
for →a⋅→b):
The rewriting system admits reductions of the form:
Al(Bln(Cl(Dln(Elx))))))→∗Al(Bln+1(Cl(Dln+1(Elx)))))) for any for every n>1. The rule sequence of the above reduction is the following:
213,657,48,21313,213,65757,48,2131313,21313,213,6575757,48,.... We now
represent this rule sequence by the following corecursive function:
Note that f12345678(2⋅1⋅3) generates the rule sequence above. The following is the type we assign for f.
K1 : Bl (B x) <= B (Bl x)
K2 : Bl (Cl (Dl x)) <= B (Cl (D x))
K3 : D (Dl x) <= Dl (D x)
K4 : Al (X x) <= Al (Bl (Bl x))
K5 : B (X x) <= X (Bl x)
K6 : Bl (Cl (Dl x)) <= X (Cl (Y x))
K7 : Y (D x) <= Dl (Y x)
K8 : Y (El x) <= Dl (Dl (El x))
f : forall p0 c b d y .
(forall p x . p (B (Bl x)) => p (Bl (B x))) =>
(forall p x . p (B ( c (D x))) => p (Bl ( c (Dl x)))) =>
(forall p x . p (Dl (D x)) => p (D (Dl x))) =>
(forall p x . p (Al (Bl (Bl x))) => p (Al (X x))) =>
(forall p x . p (X (Bl x)) => p (B (X x))) =>
(forall p x . p (X ( c (Y x))) => p ( b (Cl ( d x)))) =>
(forall p x . p (Dl (Y x)) => p (Y (D x))) =>
(forall p x . p (Dl (Dl (El x))) => p (Y (El x))) =>
(forall p x . p (B ( b (Cl ( d (D x))))) => p (Bl (Bl ( c (Dl (Dl x)))))) =>
p0 (Al (Bl (Bl ( c (Dl (Dl (El y)))))))
h : (Al (Bl (Bl ( Cl (Dl (Dl (El y)))))))
h = f K1 K2 K3 K4 K5 K6 K7 K8 (\ c . K2 (K1 (K3 c)))
Note that the quantified variables b,d in the type of f are existential variables.
In the corecursive call
of f, the variable c will be instantiated with (\m1’ . Bl (c1’ (Dl m1’)))
, b will be instantiated with (\m1’ . B (b2’ m1’)) and d will be instantiated with (\m1’ . d3’ (D m1’)).
J.7
\dbend
The following rewriting system is from Emmes et. al. [8], which according to them is outside the scope of the their nontermination detection techniques.
GTTx(Sy)→1G(Nx)(Ny)(Sx)(D(Sy))
NZ→2T
N(Sx)→3Nx
DZ→4Z
D(Sx)→5S(S(Dx))
Observe the following nonlooping nonterminating reduction trace for GTTZ(SZ) (using left to right, inner-most reduction strategy).
Note that f1223345 gives rise to the rule sequence.
The following is the type that we assign to f.
K1 : forall p x y . p (G (N x) (N y) (S x) (D (S y))) => p (G T T x (S y))
K2 : forall p . p T => p (N Z)
K3 : forall p x . p (N x) => p (N (S x))
K4 : forall p . p Z => p (D Z)
K5 : forall p x . p (S (S (D x))) => p (D (S x))
f : forall p g n1 n2 s .
(forall p x y . p (g (n1 x) (n2 y) (S x) (D (s y))) => p (g T T x (s y))) =>
(forall p . p T => p (n1 Z)) =>
(forall p . p T => p (n2 Z)) =>
(forall p x . p (n1 x) => p (n1 (S x))) =>
(forall p x . p (n2 x) => p (n2 (s x))) =>
(forall p . p Z => p (D Z)) =>
(forall p x . p (s (s (D x))) => p (D (s x))) =>
p (g T T Z (s Z))
f a1 a2 b2 a3 b3 a4 a5 =
a1 (a2 (b2 (a5 (a4 (f (\ c . a1 c)
(\ c . a3 (a2 c))
(\ c . (b3 (b2 c)))
(\ c . a3 c)
(\ c . b3 (b3 c)))
a4
(\ c . a5 (a5 c))))))
h : G T T Z (S Z)
h = f (\ c . K1 c) K2 K2 K3 K3 K4 K5
Note that n1, n2 in the type of f are existential variables. At the corecursive call of f, variable g is instantiated by
(\m1’ m2’ m3’ m4’ . g1’ m1’ m2’ (S m3’) m4’), variable n1 is instantiated
by (\m1’ . n12’ (S m1’)), variable n2 is instantiated
by (\m1’ . n23’ (s4’ m1’)), variable s is instantiated by (\m1’ . s4’ (s4’ m1’)).
Bibliography26
The reference list from the paper itself. Each links out to its DOI / PubMed record.
1[1] Z. M. Ariola and J. W. Klop. Lambda calculus with explicit recursion. Information and computation , 139(2):154–233, 1997.
2[2] F. Baader and T. Nipkow. Term rewriting and all that . Cambridge University Press, 1999.
3[3] H. P. Barendregt. The Lambda Calculus: Its Syntax and Semantics . North-Holland, 1984.
4[4] C. Böhm. Alcune proprietà delle forme β 𝛽 \beta - η 𝜂 \eta -normali nel λ 𝜆 \lambda -K-calcolo. IAC Pubbl , 1968.
5[5] C. Broadbent, A. Carayol, L. Ong, and O. Serre. Recursion schemes and logical reflection. In Twenty-Fifth Annual IEEE Symposium on Logic in Computer Science (LICS 2010) , pages 120–129, 2010.
6[6] N. Dershowitz. Termination of rewriting. Journal of symbolic computation , 1987.
7[7] G. Dowek. Higher-order unification and matching. Handbook of automated reasoning , 2:1009–1062, 2001.
8[8] F. Emmes, T. Enger, and J. Giesl. Proving non-looping non-termination automatically. In Automated Reasoning , pages 225–240. Springer, 2012.