A Computation Model for Executable Higher-Order Algebraic Specificat ion Languages*

Jean-Pierre Jouannaud LRI, Bat. 490

CNRS / Universitk de Paris Sud 91405 Orsay FRANCE

jouannaud@lri.lri.fr

Abstract

The confluence of the union of two sets of rewrite rules which have no function symbols in common fol- lows from the confluence of each set [24], a prop- erty called modularity of confluence. The conflu- ence of the combination of the typed lambda calculus with first-order rewrite rules is also modular, although both systems share implicitely the application opera- tor [3]. In this case, the termination property is mod- ular as well [4,19]. These results extend to the com- bination of polymorphic lambda-calculus with (first- order) rewrite rules [4,19]. In this paper, we consider the combination of (polymorphically) typed lambda- calculi with first-order as well as higher-order rewrite rules. We show the need of such a combination for exploiting the benefits of algebraically defined data types within functional programming. We prove a general modularity result, which allows as particular cases primitive recursive functionals of higher types, transfinite recursion of higher types as well as inheri- tance for all types. The proof depends on the only as- sumption that the original typed functional language has a termination proof based on the use of a Girard and Tait’s computability predicate.

‘This work was partly supported by the ”Greco de program- mation du CNRS”, NSERC (Canada) and FCAR (QuCbec). I t was achieved thanks to several visits of the authors to the other’s institution under the France-Quebec Cooperation Program

Mitsuhiro Okada Department of Computer Science

Concordia University H3GlM8 Montreal CANADA

okada@concour . cs. concordia. ca and

Department of Philosophy Keio University

108 Tokyo JAPAN mitsu@icot.or.jp

1 Introduction Functional languages like ML or Haskel do not allow algebraic definitions of abstract data types and oper- ators although they may employ a very rich machin- ery for defining polymorphic recursive functions of a higher type. On the other hand, equational languages like OBJ allow arbitrary (first order) algebraic defi- nitions, but they do not have the full-power of para- metricity given by the ML polymorphism nor func- tional definitions. Under these circumstances it seems very attractive to combine those two different kinds of languages to host both features. Then the unified language would allow easy definitions of quite complex objects in a simple declarative style. For example, the following elementary program can be written in the unified language but cannot be written in one of the above two traditional languages alone:

append(ni1,l) = 1 a p p e n d ( c o n s ( z , I ) , 1’) = cons(z, a p p e n d ( / , I ’ ))

append(append( l , Y), I ” ) = append(I , append(I‘, I ” ) ) m a p ( X , n i l ) = nil

m a p ( X , cons(z, I ) ) = a p p e n d ( X ( z ) , m a p ( X , I ) )

The first two rules are the usual recursive rules for append on lists. The third rule is the associativity of a p p e n d , which makes its definition non-recursive. The last two rules are the definition of the higher-order functional map using a function variable X of arity one. Here, the first order function append is defined algebraically, while the higher-order functional m a p is defined recursively on the structure of lists. The data type list is defined from the two constructors

CH3025-4/91/0000/0350$01 .OO 0 1991 IEEE 350

ni l and append at the first order level and is treated as the base type of our type structure. Taking the algebraic data types as the base types, polymorphism in the usual sense can indeed be expressed a t the first order level: a first-order type variable a suffices to define the polymorphic lists as well as the types of the defined operators used above:

cons :

append :

m a p :

a x l i s t ( a ) ---t list(a)

list(a) x list(&) +. list(&) nil : list(a)

x : a + list(/3) (a + list(/3)) x list(&) + l i s t ( P )

Adding now functional terms with Curring, i.e., A- expressions captures the usual paradigms of functional languages. It allows to substitute a A-term of appro- priate type for the function variable F above. This suggests that the natural host for the combination of functional definitions with (possibly higher-order) equational definitions is the combined language of the first order algebraic equations (possibly including first order polymorphic variables) and the A-calculus en- riched by higher-order functional constants defined by higher-order equations. We call it an algebraac f u n c - iaonal language. One can of course extend this ba- sic framework by using order-sorted algebras for the first-order type structure, yielding subtypes and type- inheritance for the higher-order type structure, there- fore providing with a quite flexible although strongly typed programming environment. One can also ex- tend the framework by adding unification and narrow- ing mechanisms in order to provide a logic program- ming paradigm.

The paper is organized as follows: in section 2, we justify the framework introduced above in three re- spects: by sketching its operational semantics; by showing how it inherits the programming paradigms of both equational programming and functional pro- gramming; by relating the operational semantics to traditional proof-theoretic concepts. In section 3, we give a formal definition of the (class of) languages that we consider. In section 4, we first show how to reduce the Church-Rosser and termination (also called strong normalization in the A-calculus jargon) properties of an algebraic functional language to a so-called przn- czpal l e m m a whose proof depends on the property to be proved and on the language considered. The proof of the principal lemma is then sketched for various languages: in section 4.1 for the simply typed lambda calculus plus first-order rewrite rules, in section 4.2 for the polymorphic case, in section 4.4 when there are higher-order rules (of some form) and in section 4.3 when there are subsorts, hence subtypes and inheri- tance at the functional level. In particular, this allows higher-order rules defining the higher-order constants by a certain generalization of primitive recursion(see

section 4.4). A prototype of such primitive recursive definitions is provided by the definition of the m a p function for lists. Finally, we consider briefly exten- sions of our framework in conclusion.

2 Basic Properties of an Algebraic

2.1 Combining the Programming

Having the typed A-calculus and an equational lan- guage integrated in one language allows us to have both worlds in one. The question is whether they can really cooperate so as to provide both program- ming paradigms together rather than separately. We will actually show that we do not even need the full power of each language to have all the benefits we may want for practice. In particular, we do not need the second order polymorphism, as in a purely functional language.

Functional Language

Paradigms

e The data types originally defined as higher type objects in the purely functional language can in- deed become sorts of the first order algebraic lan- guage. In other words, the basic data types can be provided at the base type level because of the richer first-order structure of the language.

0 Polymorphic data types in the purely functional language need the machinery of second order logic, this is called second order polymorphism. This is because data type definitions need finite types, hence second order types are needed to quantify over those different finite types. Here, data types are sorts and polymorphic data types can be expressed by a first-order quantification over the sorts. For example, a first-order vari- able without sort assignment can be interpreted as a polymorphic variable over the universe of sorts. Note that we can also have subtype poly- morphism by using the framework of order-sorted algebras.

0 The role of the functional part of the language is to provide functionals of higher types, allowing to reuse a program with a different subprogram of the same functional type. In the purely func- tional setting, this kind of parametricity needs second order logic because parameterization in- volves second order polymorphism. In our com- bined language this kind of parametricity can also be pushed down to the level of finite types, since the basic polymorphism is expressed at the level of sorts.

e However, our results accomodate second-order polymorphism as well, hence it may be kept for

35 1

0

2.2

more expressiveness. But we want to stress that first-order polymorphism suffices for many prac- tical purposes because of the richer first-order structure of the language.

Although various basic features of the purely functional language have been pushed down to the first-order level, the combination of the typed A-calculus with first-order rules is not enough to write arbitrary functionals operating on the first- order structure. This is easily observed from the proof-theoretic point of view: the combination of a first-order rewrite system and the typed X- calculus is a conservative extension of the alge- braic theory [3], hence adding the A-calculus does not allow to perform new computations on the algebraic data types. In order to solve this prob- lem, higher-order equational definitions operating on the base type structure are needed.

Combining the Computational Mod- els

Breazu-Tannen was the first to investigate the combi- nation of functional definitions with first-order alge- braic definitions, introducing the above basic frame- work wiihoui polymorphic constants nor higher-order equational definitions [3]. His purpose was to come up with a computation model for the combined lan- guage. The most standard computation model for the typed A-calculus is given by /?-reduction, while convergent (Church-Rosser and terminating) sets of rewrite rules obtained from the algebraic equations serve as the usual model of computation for the equa- tions. Since both models are based on term reduc- tions, the most natural computational model for the combination is of course given by the combination of the two kinds of reductions. The question is whether the combined reduction relation inherits the two key properties shared by each reduction relation, namely the Church-Rosser property and the termination prop- erty. In other words, are Church-Rosser and termi- nation modular properties of this particular combi- nation? Bream-Tannen answered in the affirmative for the Church-Rosser property when the equations are first-order and the type discipline is monomor- phic [3], a result generalized to the polymorphic case in [4]. The modularity of termination was also an- swered in the affirmative by Bream-Tannen and Gal- lier 141 and Okada [19,20], independently. Both use the computability predicate method developped by Tait and Girard. Barbanera [l] extended these results to the calculus of constructions. Dougherty investigated under which conditions a combination with untyped X- terms has the modularity property[ll]. His method, however, is inherently restricted to monosorted rewrite rules as remarked in [13].

At this point, it must be noted that the choice of the above computation model is crucial for obtaining the modularity of both properties. Barendregt and Klop showed that the Church-Rosser property is not mod- ular for the combination of the untyped A-calculus with an arbitrary convergent set of (first-order) rewrite rules. Therefore, strong-typing is the key to the mod- ularity of the Church-Rosser property. These negative results must be linked to Toyama's well-known result: the Church-Rosser property is modular for the combi- nation of two sets of (first-order) rewrite rules having no function symbol in common [24], but the termina- tion property is not [23]. By appropriately sticking sorts in Toyama's example, however, termination may be restaured [13]. Hence, typing improves the termi- nation behaviour of first-order rewrite rules (and of the A-calculus) by eliminating (untypable) terms in- volved in non-terminating sequences. It is therefore crucial for termination as well. Our general computation model allowing for higher- order equations is however not modular with respect to termination, as shown by Okada [19]:

Here, f stands for a first-order function symbol, X for a higher-order variable symbol, z for a first-order variable symbol, and R for a rewrite system whose sin- gle higher-order rule is terminating since each rewrite eliminates a redex. However, instantiating X with a A-term expressing the identity function yields:

This shows that the interaction between the typed X- calculus and the higher-order algebraic rewriting is quite intricate in general, as one should expect. As a consequence, higher-order rewrite rules must be re- stricted to some particular schema for which there is less interaction. The problem above is very similar to Toyama's example [23]: an (algebraic) rule dupli- cates an argument of a function, while another rule (P-reduction) collapses a function application to its argument. There is a class of higher-order rewrite rules for which this cannot happen: definitions of higher-order con- stants by primitive recursion on the constructors of the type they operate on. The function map of our first example belongs to that class. In section 4, we give a general result which shows as a particular case that termination (and confluence) are modular properties of the combined language when the higher-order rules

352

are restricted to a so-called main schema, whose one instance is the above primitive recursive schema. This result accomodates various forms of rewriting and of polymorphic type systems.

2.3 Proof Theory and Computational Models

We give here a preliminary observation on the rela- tionship between proof theory in logic and some com- putational models for programming languages, which give the basic ideas underlying the proof of our main result. As well known, various notions of normal- ized proofs in proof theory are deeply related to the computational models of declarative and applicative programming languages. For example, a SLD-linear proof tree is considered the normal form for Prolog- type logic programming languages; a rewrite proof is considered the normal form for algebraic specifi- cation languages; a normal (cut-free) natural deduc- tion proof is considered the normal form for A-calculus based functional languages (under the Curry-Howard isomorphism), etc. On the other hand, the use of proof-normalization (and term-normalization) differs in different types of languages. In the functional case, the normalization is the execution process. In an equational language, the proof-normalization process is used to guarantee the completeness of the comple- tion procedure, resulting in an equivalent (possibly in- finite) program for which the rewrite strategy can be used. Once the completion has been performed, the rewrite strategy is used as the normalization process for algebraic terms. Since different computational models are based on dif- ferent notions of normalized proofs, it is natural to consider that combining different computational mod- els should be based on combining different notions of normalized proofs. This suggest that the combination problem for programming languages can be treated in the framework of proof theory, a thesis we adopt here by reducing our combination problem to the study of normalized proofs and proof normalizations. For the combination of the typed A-calculus and first order algebraic rewriting, a very natural normal form is ob- tained by combining the two original normal forms: the new notion of normal form is the form in which algebraic normal forms are sticked inside A-normal forms, the connections being made at base types. Un- der the Curry-Howard isomorphism, the algebraic part corresponds to a series of Post rules, i.e., inference rules made only of atomic formulas. This form be- haves as a normal form in the strong normalization process as shown in 14,191, and the strong normaliza- tion proof is actually very close to the original one for the typed A-calculus. It is therefore natural to extend the two languages so as to keep a similar notion of normal form and a similar proof of strong normaliza- tion.

In this paper we define extensions for which the strong normalization proof is based on similar techniques as the above proofs. These extensions satisfy two key properties:

The connections in the combined normal form as introduced above are made at the first-order level, that is at base types.

The strong normalization proof of the original functional language is performed by using Girard- Tait Is computability predicate met hod.

We then consider several particular cases where these properties are satisfied.

3 A-algebraic theories We refer to [8] for all notations and definitions used in term rewriting, and to [2] for the corresponding no- tions and notations used in A-calculus. In order to introduce the kind of combined languages we are in- terested in, we first define types, then terms. For sim- plicity, we consider only one type operator, namely A , although our results accomodate other type operators as well, e.g., product types and sum types. We also ruled out bounded quantification which may raise new difficulties that we have not considered yet.

3.1 Types There are two kinds of types, for algebraic terms, usu- ally called sorts, and for lambda-terms.

3.1.1 Sorts

We are first given a set of sort operators of a given ar- ity S = Vn=O S,, where S,, is the set of sort operators of arity n, and a set of (first-order) sort variables 41. The set of sorts is the term-algebra I ( S , *I), and we use s to denote an arbitrary sort. The set of sorts is equiped with a partial binary relation >S which we assume to be terminating but not necessarily conflu- ent. Hence, if s >s s', then s"[s] >s ~ " [ s ' ] . In OBJ [12], the subsort relationship is generated by declara- tions of the form s >S s', where s and s' are con- stant sorts. In this case, the set of sorts of a term can be computed by a non-deterministic finite bottom-up tree automaton as pointed out in [5] (and vice-versa). More generally, we may consider the subsort relation- ship to be defined as the rewrite relation generated by pairs s >S s ' , where s and s' are arbitary sort terms. Then, the question whether a sort term is bigger than another in the subsort relationship is the problem of reachability in the associated rewrite relation, which is undecidable. So, already at the level of sorts, we need to restrict the kind of declarations we may ac- cept. Practice suggests that it should be enough to

353

accept declarations of the form s >s SI, standing for ~ ( ( 1 , . . .,(,,,) >s SI(( ’ , . ..,(,), where s and SI

are sort functions such that m 5 n, and E l , . . . , E , are appropriate distinct sort variables. Such decla- rations allow “polymorphic subsorts” such as, e.g. List(&) >S NeLis t (a) , where List and NeList are the sorts denoting respectively the (possibly empty) lists and non-empty lists, and a is an arbitrary sort variable. If lnt is the sort of integers, we will for in- stance have List(List(1nt)) >s NeList( NeList(1nt)) by a sequence of two rewrites from List(List(1nt)) . Since reachability for such a rewrite system can easily be shown to be decidable’, this proposal seems ad- equate for a polymorphic version of OBJ. We want more, of course, since we have a richer type structure defined now.

3.1.2 Types

We now define more general types needed for mixed terms. Let 9 be a denumerable set of type variables containing Ql (recall that 9 = 91 suffices to have polymorphic data types). The set 7s of types is de- fined recursively by the following context-free gram- mar, where s, and Q are considered non-terminals generating the elements in their respective sets,

In the following, we use $ and ( to denote type vari- ables, and U and r to denote types. We may abbre- viate the type u1 t (UZ + . . .(cn-l ---$ U,) . . .) as U’ x 6 2 x . . . x U,-’ -+ U, or U I , U ~ , . . . , u,-1 + U,.

Type expressions which do not have an arrow nor a higher-order type variable are called basic types. Sorts are particular basic types. The expression V(.u is a quantified type if U is a type. Quantified types are used to express polymorphism.

3.2 Terms We now assume given a set of function symbol which are actually seen as higher-order constants by Cur- rying: 3 = Vu, ,,,,, u n , , 3u1+...-un+u, where FT de- notes the set of function symbols of type T . In case u1 , . . . , U, and U are all sorts, then Fsl _. . ._ 3 n - 9 is a set of first-order function symbols. We denote by F1 the set of all first-order function symbols and by f, g its elements. We use F, G to denote higher-order function symbols. Many algebraic specification languages, e.g. OBJ [12], tolerate overloading: a function symbol may have dif- ferent arities. This causes some difficulties in presence

We actually conjecture that declarations between ground sort terms can also be added.

of subtypes which can be resolved under the condi- tion that the two copies of the same symbol agree on the intersection of their respective types. We prefer however to rule out overloading in order to avoid such difficulties. The set of terms is now defined recursively by the fol- lowing context-free grammar, where X denotes the set of variable symbols, containing a subset X I of first- order variables:

7 := F I X I (77) I (AX : ‘5.7) I (77s) 1 ( A Q . 7 )

The application of a term to a type is called type ap- plication. The abstraction over a type variable in a term is called type abstraction. We denote by 7 ( F , X) the subset set of (higher-order) algebraic terms, and by 7 ( F l , X I ) its subset of first-order algebraic terms. We use 2, y , z to denote first-order variables, X, Y , 2 for higher-order ones and U , v , w, 1 , r as well as M , N for arbitrary terms. We may violate these conventions when there is no ambiguity.

3.3 Typing Rules Typing the terms in the previous type system can be done by giving a set of introduction rules. The tech- nique is standard. We assume given a type assignment C, that is a set of pairs of the form 1: : U associating the type U to the (free) variable z. We write C t M : U if the term M can be proved to have the type U under the hypothesis that a variable 1: has type T if z : T E C.

Variables : E Functions : e

Abstraction :

T y p e application :

CU{x o}kM T

Cl-(Xx U M) U--T

XI- M:V< .U

CI-(MT):U{C-T}

We say that the term M has type U in the environ- ment C if C t M : U is provable in the above inference system. We say that a term M is typable in the en- vironment C if there exist a type U such that M has type (T in the environment C. A term M is typable if it is typable in some environment C. Computing an environment C in which a given term M is typable is

354

called the type reconstruction problem. In practice, we are not interested in all possible environments in which M is typable, but in minimal ones with respect to the subsumption ordering, called principal types. Type reconstruction (also called type inference) is un- decidable in the previous type system, even when the subtype relationship is decidable, due to the combina- tion of higher-order types with subtypes. However, it becomes decida.ble for some fragments:

0

0

0

See

Simple type disciplines (no type variables). Prin- ciple types are then unique (up to renaming of variables), provided the subsort structure has good properties [16].

Polymorphic type disciplines with inheritance (but no overloading) for first-order algebraic ex- pressions.

Polymorphic type disciplines without inheritance (5s is the identity on types).

1221 for a survey of type inference problems. Whei ihe above resirictions are not satisfied, we therefore assume that the environment C is given, that is all variables in the terms come up with their types. The above inference system uses an auxiliary inference system for the subset relationship. This inference sys- tem is of course more complex than for the case of sorts, since we have a richer type structure, with in particular function types and explicit quantification on type variables. For lack of place, we do not give it in detail, but rather refer to Cardelli for a similar tentative with the QUEST language.

3.4 Equations and Rules We refer to [8] for all definitions and notations about first-order equations and rules. A higher-order equa- tion (rule) has at least one higher-order algebraic terms for its left and/or right hand side, that is a term in I ( F , X) -7 (FI , XI). We denote by R (respectively HOR) the set of first-order (higher-order) rules, and by + R ( - + H O R ) the associated first-order (higher-order) rewrite relation.

3.5 Combined Rewrite Relations We keep the notations above for rewriting the alge- braic part of an arbitrary term, and denote by -+mix

the rewrite relation in our algebraic functional lan- guage:

where classically: (Ax : U . M ) N + ~ M { x H N } , and (AF.M)T +TO M { € H T I

We also use =,,,io for the least congruence on terms generated by associated rewrite relation. A key prop- erty of -+mix is the following:

Lemma 1 Let M -‘miz N . T h e n C I- M : u iff C I- M : T for some T such tha t T 5s U.

In other words, under our assumptions, all rewrite re- lations are type decreasing. In case there are no sub- sorts, the relations are type preserving. These prop- erties are shown to be important in [15] and [18] . A general framework based on rewriting with member- ship constraints is described in [6] where they are not needed anymore. It is not clear, however, whether we can accomodate this technique within the present formalism.

4 Strong Normalization of an Alge- braic Functional Language

We first reduce the strong normalization proof for var- ious combinations between a typed lambda calculus and a terminating set of first-order rewrite rules to an abstract form. Suggested by Jean Yves Girard, this approach was started in [lo] in a restricted setting. We then reduce the polymorphic case to the monomorphic case, as indicated without an explicit proof in [19]. We finally show how to account for higher-order rewrite rules.

4.1 Reducing Strong Normalization to

In the literature, the proofs of modularity of the Church-Rosser and termination properties depend on the version of the algebraic functional language cho- sen [4,19,20,1,11]. When they are based on the com- putability predicate method of Tait and Girard, they also depend on the particular version chosen. In con- strast, our abstract proof has the following properties:

the Principal Case

0 It does not depend on a particular version of the typed lambda calculus, whose strong normaliza- tion proof, though, must be carried out by Tait- G irard’s computability predicate method.

0 It does not depend on a particular choice of the computability predicate.

0 The modularity problem for the strong normal- ization property of the algebraic functional lan- guage is reduced to a property called Principal Case which does not involve the computability predicate.

0 The addition of the second-order polymorphism or any impredicative higher-order type system to

355

the underlying functional language does not re- ally modify the strong normalization proof of the algebraic functional language: we again reduce the modularity problem of the polymorphic case to the monomorphic case, i.e., to the Principal Cas e.

Adding suitable higher-order rewrite rules simply needs a small modification of the Principal Case.

Other modurality properties of the algebraic func- tional language, e.g. confluence and weak normal- ization, could be proved within the same schema.

We first recall the familiar Tait-Girard’s computabil- ity predicate method as described in, e.g. [14]. In this method, one first inductively defines a computability predicate RT for each type r. We say that U is a com- putable term of type r if & ( U ) is true. Let P be the property associated to the computability predicate. A term U of type r is said to have property P (i.e., to be computable) if &(U) is true. We prove that the property P is true for any term of any type. This is usually done in two steps:

0 Step 1: If a term is computable then it has prop- erty P . This is normally proved by fixpoint in- duction on the inductive definition of the com- putability predicate.

0 Step 2: Every term is computable, i.e., P is true of all terms. This is normally proved by structural induction on terms.

As easily seen from this abstract structure of the proof, one need not to fix a specific property for P , such as strong normalizability, as usually done in the lit- erature. The properties that the computability predi- cate should satisfy are the following, which are usually called the computability properties: Computability Properties:

0 C1. If U is computable, then U has property P , i.e. Step 1 above.

0 C2. If U is computable and U +* w then w is computable.

0 C3. If U is neutral and Vu such that U -+ U , w is computable, then U is computable.

where a term is neutral if its outer-most operator is not a type operator. We count the (usually hidden) appli- cation operator explicitely, but does not count it for an algebraic function or higher order functional constant as introduced later. The only higher type construction we explicitely mention in this paper is A-abstraction,

in other words, the implication types. But there may be other higher type constructions, such as pairing, sums, etc. The addition of such types does not affect our abstract proof. In fact, our abstract proof shows that we do not have to consider the computability predicate argument for any higher types, by reducing the argument to the Principal Case.

There are many different computability predicates de- fined in the literature for the strong normalization property, some of which are collected in [13]. Some other definitions which can easily handle strong nor- malization with product and coproduct types with the uniqueness conditions may be found in [21]. These different definitions of computability predicates do all satisfy C1, C2, and C3, this is usually shown by induc- tion on the inductive definition of the computability predicate. The most important observation to con- struct our abstract proof of strong normalization is this: for any known definition of a computability pred- icate for the strong normalization property, one can easily show the following fact:

Fact 1 A term of a base t y p e is computable if and only if it is strongly normalizable.

This fact does not hold for the strong normalization property only. More generally, we could state that a term of a base type is computable if and only if it has property P . Given a computability predicate for a specific property P (strong normalization here), Fact 1 must hold true for Tait-Girard’s method to work. We normally take it for granted. As a simple example, we consider the following defini- tion of a computability predicate R for the strong nor- malization property P of the simply typed A-calculus:

1. Let U = Xx.v : R,,,(u) if VW E T , &(U) 3 & ( w ( w ] ) .

2. Let U be neutral, i.e., U is not of the form Ax.s

(a) R , ( u ) if U has the property P , or

(b) & ( U ) if Vu such that U - A w , & ( U ) .

I t is interesting to note that one could use the very same schema for the confluence property. Of course, in general one needs to give different definitions de- pending on the property P : for the weak normaliza- tion property, the universal quantifier in (b) becomes an existential quantifier. Even if we consider the same property P , we have various different choices for a pre- cise form of the definition. The above Fact 1 is easily proved for the computability predicate given above, since a base term cannot have a A-abstraction at the top, hence (a) or (b) applies. On the other hand, the

356

property C3 is given in the second part of the defini- tion above. Properties C l 2 and C2 are provable by induction on the construction of R,. We now start investigating the case of our algebraic functional language. First, the computability predi- cate must be modified, by replacing by -+mix, the rewrite relation in the new language. The above proofs of Fact 1 and properties (Cl) , (C2) and (C3) hold without any change in the arguments (non-neutral terms are A-headed in both cases). Let us give the precise statement for Step 2:

Lemma 2 (monomorphic case) For any term u[x1, . . . , x,] of type U, where x1 : 6 1 , ..., x , : U, are the free variables occurring in U , if R o l ( v l ) , ..., Ro,(v,), then R,(w), where w = u[v1, ..., U,].

Note that the above lemma implies that every term is computable by taking the identity substitution, i.e., by taking xi for vi. By the computability property C1, it follows that every term is strongly normalizable.

In Tait-Girard’s method, this lemma is proved by structural induction on U . We can follow the same argument, except when the root symbol of U is some f E 3;. Then w and any reduced form of w have a base type, as well as the alien subterms of w, as defined now:

Definition 1 The cap of a term U is the algebraic term u [ x ~ , . . . ,x,lPl ,..,, Pm such that

0 V i E [l..n], the root of ulp, is not in F1,

0 xi = xj i f f utp, and ulp, have the same type3

Let alien(u) be the multiset {ulp, : i E [I . .n]} of alien subterms of U . The estimated cap of a term U , written out as ec(u)is the cap of the P-normal form ofu .

Note that the estimated cap of a term is unique due to the convergence of the original functional language. By using the above Fact 1, the induction step for this case can now be restated as follows:

Principal Case: Any term U whose root is a function symbol f E F1 is strongly normalizable whenever its alien subterms are stronly normalizable.

21t is worth noting that in case P is the confluence property, the inductive step in the proof of C1 boils down to checking the local confluence of -+ .

u l p , may sometimes be easier to manipulate.

3The less constructive alternative zt = t3 iff ulp,

We therefore have reduced the whole proof process to the Princzpal Case above. As a consequence, check- ing the modularity property of strong normalization does not involve the definition of the computability predicate anymore. We are now left with the proof of the Principal Case for various algebraic functional languages. We briefly sketch the arguments for our language [4,19]: First note that any reduction sequence on a term t can be mimicked as n reduction sequences on its alien subterms yielding terms t i , . . . , t i , followed by one reduction sequence on its cap yielding a term U , followed by a reduction sequence from the term U [ X ~ I+ t i , . . . , x, H t i ] . Since the original algebraic rewrite system is terminating, any reduction sequence starting from the cap must be finite. Hence, the cap can be used for building a transfinite induction: for this, we consider the pair (ec(u) , alien(u)), with its as- sociated lexicographic ordering ( + R , (+mix)mul)ier, which will be well-founded for our purpose, since +*io is well-founded on alien subterms by assumption. We are therefore left with the proof that our complex- ity measure above decreases for any kind of reduction (since we are proving strong normalization) applied to a term U whose root is algebraic. Proof:

1 . If u U , then ec(v) = ec(u) and alien(u) + m i x a1 ien( v) .

2. If u + R v at a position in ec(u), then ec(u) + R ec( U ) .

3. Otherwise. U -‘R v is at a position in an alien subterm of U , hence alien(u) -+mix alien(v). On the other hand, ec(u) ec(v) or ec(u) = ec(v). The inequality happens when the A-normal form of the alien subterm of U reduced in the al- gebraic reduction performed on U is an algebraic term. The equality happens in all other cases. In both cases, the complexity has strictly decreased.

0

It is worth noting that the above reduction to the Principal Case does not depend on the property P itself. Of course, proving the Principal Case for differ- ent properties P , such as e.g., confluence, convergence, weak-normalizability, existence of a normal form re- quires a different kind of induction each time, and quite different arguments.

Adding new rules in the functional language requires looking a t new reduction cases in the above proof, and making sure that the arguments used in case 3 are still valid or can be tuned up (in particular, we have implicitely used the fact that a term in A-normal form is rewritten to another term in A-normal form

351

by an algebraic reduction. This may not always be the case, in particular with the 77-rule. However, all interesting cases, including the 7-rule, product-type, coproduct-type, uniqueness of product-type (surjec- tive pair), uniqueness of coproduct-type, can be easily obtained.

4.2 Reduction of the Polymorphic Case to the Monomorphic Case

We now extend the above proof to the case of poly- morphic type systems. In particular, we will see why the inclusion of second order, higher order or even much stronger impredicative types does not influence the basic framework given in the above proof. The ba- sic idea of Girard's method is to consider the domain of the "candidates" of computability (reducibility) predi- cate of each second order type, where a candidate p,, of type U is such a predicate on the terms of type U which satisfies the computability properties C1, C2, and C3 mentioned above. Then the inductive definition of the computability predicate R,,rd(n is given with respect

to the second order type urd (with free type variables 6 and with respect to the candidates @for < The previous definition is therefore relativized by the oc- currences of the type variables and of the candidates, except that one needs to add the following new cases:

Let U be a term of type u[d.

3. If u[d = V $ . r [ c $J] and U = A$.v[$], then, R,,[dcn(u) if for any type c and for any candidate

e of type C , '7[<,<](y,e,)(v[cI),

4. If 44 is a type variable $J, then R,,[$,fl(e,,p3("{?Ci ++ 7))

if e7(u{$ T } ) .

If we restrict ourselves to first-order polymorphism by having 9 = 91 (i.e., under the Curry-Howard iso- morphism, the propositional variables range over the atomic formulae), then c in 3. and r in 4. belong to the base types. Under these relativizations, Fact 1 still holds: for any U of a (ground) base type s, Rsrdcn(u ) iff U is strongly normalizable. In fact, if U is a (ground) base type, the computability predicate R,,[q(u) can be treated as in the monomorphic case.

Proof The proof is again carried out by induction on the structure of U , as usual. Since the other cases are not influenced by the addition of the first order alge- braic rules, we simply need to check the two cases for wich the base types are involved. When r is a ground base type, then we can simply use Fact 1 to reduce this case to the Principal Case of the monomorphic case. When r is a type variable (either a usual type variable or a base type variable) substituted by a base type bk, then the lemma trivially holds by the usual argument. 0

4.3 Subtypes and Inheritance at the Functional Level

Because this section owns a complete development, it will be treated in a forthcoming paper. We want to stress, however, the importance of lemma 1 in our framework.

4.4 Higher-Order Rewrite Rules In this subsection, we define a class of higher order rewrite rules for defining functionals that preserve the strong normalization and Church-Rosser properties of the algebraic functional language studied in the pre- vious subsections. This class is a slight generalization of the primitive recursive functionals of higher types. Assume that F is a new functional constant (not in F). Then we can give its definition by a finite set of (higher order) rewrite rules called general schema:

F ( U , q, 5, cl, q2G) - v[F(ri[z,F,q,Y,G), . . . , ~ ( r ~ [ x ' , F , q , ~ , ~ , F , ~ , y f yhere / , T i , ..., E ?- (F ,{z ,Z}) ,v[Zi , . . . , % I E 7 ( F , { Y , I , q) for new variables 2 1 , . . . , z , of the ap- propriate types, and V i E [l..m], 6 dmul I , where Q denotes the strict-subterm ordering. In the left hand side of the above rule, x' and 2 occur only in the terms of iwhile -I' and y'occur outside iand may occur in ias well. The form of the right hand side of the rule means that the higher order variables x' occuring only in cannot occur outside the occurrences of F in the right hand side while the first order (base type) variables Z of a such kind can.

+

Lemma 2, of course, needs to be relativized by the addition of polymorphism. Theorem 1 Let Fl, . , F, be new functzonal con-

stunts successzveley added to the szgnature 3, together

Then +p U + R U -+F, U . . . U -sF, 2s stronly normal- zzang for any verszon of the A-calculus that can be shown stronly normalzzzng by the computabzlaty preda- cute method, provzded that the set R offirst-order rules as termznatzng.

Lemma 2 (po/ymorphzc case) For any term u[<d Order Obeyzng the genera1 schema

of type r[d, where f (respectzveley ij) zs the last of free type varzables (free varzables Of z[d)~ zf Rak[&p;)(V') for each V' E v' then R,[qd~(P;)(w), where w = U[?, 4.

358

By introducing the application operator explicitely, the Church-Rosser property can be easily reduced to the first-order case (modulo the associativity of the application operator). This shows in particular that higher-order critical pairs need to consider overlaps on higher-order variables .

Proposition 1 Let F1, . . . , F,, be new functzonal con- stants successzveley added to the szgnature 3 together wzth higher order rules obeyzng the general schema. Then +-o U +-R U +-F1 U . . . U +Fn zs Church-Rosser for any versaon of the A-calculus provided that the set R of first-order rules zs confluent, and there are no crztacal pairs between the hzgher order rules, and be- tween the first order rules and the hzgher order rules.

Here is a subclass of the above schema, called weak schema, which is obtained from the general schema by restricting the terms r a n d to purely algebraic first order terms, i.e., rand r: are of base types and contain no higher order functional constants nor higher order variables. This weak schema is interesting for practical purposes. In particular, its critical pairs with the first order rules are easily computed:

where u [ ~ . i , . . . , ~ . m ] E T ( F , x ) , (Ti,. . . , rk E T ( F ~ , X I )

(hence Z E XI), V i E [l..m], Gam,,,< and J E XI,? E x - X I . In the left hand side of the weak schema, the only oc- currence of a higher order functional constant is at the root, and higher order variables are at the leaves. As a consequence, the only possible (non-variable) overlaps in the combined system are either overlaps between two rules defining the functional constant F, or over- laps of a first-order rule inside 1. A simple example of the weak schema is the introduction of functional constants by primitive recursion (structured recursion schema) of higher types on a first order data structure. In this schema, there is one higher-order rule for each constructor ci (including the constants):

The above primitive recursion schema has no over- lap between the higher-order rules, nor between the higher-order rules and the first-order ones. As a con- sequence, we have the corollary:

Corollary 1 Algebraic functional languages are Church-Rosser and stronly normalizing when the higher-order rules obey the structured recursion discipline.

In conclusion, the above algebraic functional language with first-order polymorphism and inheritance for all types is a very good candidate for a real program- ming language allowing to write executable higher- order specifications. Note that we can simply extend our schema by recursing on several arguments of F rather than a single one as above. We now sketch the proof of our main theorem. Proof: Unfortunately, the former argument for the Principal Case does not go through: when the new higher order rule is applied a t the root of a term, then its originally empty cap (whose definition is un- changed), becomes equal to the possibly non-empty cap of the right-hand side instance of the rule. We therefore need to modify the proof of the monomorphic version of lemma 2, whose notations we follow. We discuss the case where U has a base type

The proof uses a triple induction, the outermost one one on the maximalindex i of the functional constants appearing inside U , the middle one on the structure of U (and not w!) as previously, the innermost one on the alien subterms in w compared in the ordering ( -+R, ( +@ U iR U -tF1 U . . .U +-Fn U ~ ) ~ , , l ) l ~ ~ . Since -+@ U -iR U +-Fl U . . . U jFn is well-founded on alien subterms of w (as in the former proof), and because the well-foundedness is kept by first adding the sub- term relationship since -+@ U -'R U -iFl U . . . U dFn is a rewrite relation 181, and by then taking the multiset extension, then the ordering is well-founded on alien subterms of w. There are several cases depending on the root of w :

T.

If the root of w is an algebraic (first order) func- tion symbol, any reduction sequence whose terms are not headed by a functional constant must ter- minate by using the same arguments as before. For the remaining case, let G(C) be the first such term in the sequence. Then G(G) must actually be obtained by reductions from a subterm of an alien term w' in w. By the induction hypothe- sis, w' is computable, and by the computability property C1, strongly normalizable. Hence G(C) is strongly normalizable as a subterm of w'.

Let w = Fk(&?) , IC < i. By the induction hypoth- esis on U , the terms in 3 are all computable, as instances ofsubterms ofu (since U is not a higher- order variable). Hence, by the outermost induc- tion hypothesis, w is computable.

Let w be rooted by Fi. The only dificult case is when w is rewritten at the top, using a rule in -iF,. Then w = F(flA?, t ) , $), where A?, $, t' are terms of the appropriate type replacing the variables in the left hand side of the rule. (2

359

are of higher types, of base types and of higher and base types.) We now prove that the right hand side is computable. Since r: Q 1, r:[?,tf Q f l rv? , t f . Hence, by the innermost in- duction hypothesis, Fi[r:[?, t f , $] is computable (a). By the induction hypothesis on U, the in- stances of striEt subterms of U are computable, hence so are I[d,tf and i? (c). Now, by C1, (?,q is stronly normalizable, hence so are its subterms tf But since the terms in t‘ have a basic type, by Fact 1, they are computable (c). Putting now (a), (b) and (c) together and the outer induction hypothesis (by definition of the main schema v[z1, . . . , z,] does not contain func- tional symbols of index greater or equal to i), v[F(ri[n?, ill$), ..., ~ ( r ; [ n ; i , d, $1, Z, f l is com- pu table.

+

0

Now we give a simple example of our rewrite rule schema above using a non-constructor term, hence it is not a structural recursion.

All higher order rewrite rules above follow our main schema, hence the combined system of the first or- der rules, the higher order rules and the A-calculus is strongly normalizing. In particular, the last rule uses a non-constructor term, and indeed the system is not Church-Rosser: F ( X , s (2) + s(y)) has two normal forms X ( F ( X , s(z) + 9) ) and A z . X ( F ( x ) ) ( X ( F ( y ) ) ) . Note however that it is Church-Rosser for ground terms. We can also introduce the recursors of Godel’s system T and their polymorphic version. The recursors are defined in our system by any first order data struc- ture based on the constructor terms. For example, a recursor (of a certain type) on list is:

As easily seen, this type of introduction of the recur- sors also follows our higher rewriting schema, hence preserves modularity . It is very attractive to extend our higher order rewrit- ing schema by using orderings more general than

the subterm ordering, since there are many useful well founded orderings used in proof theory and term rewriting, such as the simplification orderings 171 and the ordinal notations. There are two difficulties: it is not easy to interpret a higher order term by a term to be compared with a simplification ordering or an ordinal notation; in the above proof of strong normal- ization, the ordering need to be compatible with the reduction ordering on alien(u). Although the sub- term ordering is always compatible with reductions, it is not easy to check the compatibility for other order- ings. The following version of the weak form of our theorem above solves both problem. Assume that the termination of algebraic (first order) rewriting system is proved by the usual embedding method with a well-founded ordering t. Consider the weak form of our schema:

where 1’ kmul 6 for each i. In addition, we allow the variables in the first order terms ri, ..., rk to be substituted by algebraic terms only.

Theorem 2 The main theorem holds wzth these higher order rewrite rules.

This schema provides, for example, a special case of transfinite recursion on the simplification orderings or the ordinal notations. (See [9,17] for the relations be- tween these concepts.)

5 Conclusion The theory of combining rule-based definitions with A-calculus has made enough progress so as to start im- plementing new languages encompassing both worlds. There are however many remaining questions to ad- dress. A few of them are: Can we expect to have parametric polymorphism with subtype polymor- phism working together although types become un- decidable here? Can we expect to extend the above schemas to the case where the basic data structures admit non-free constructors, e.g. associative and com- mutative ones? Can we accomodate ordered rewriting on terms without free variables? Can we extend the main schema (as well as the others) in order to acco- modate mutually recursive definitions? The answer to all these questions is basically positive, although we have not yet worked out the proofs in all details. Fi- nally, note that we do not have fulfilled all promisses, since we do not use the full power of equations when computations are restricted to rewriting: equations allow logical variables, by performing narrowing in- stead of rewriting. Our last guess is that extending this framework to narrowing should provide the ad- equate framework for mixing equality and functions.

360

This would be a key step in providing a unified frame- work for hosting both functional and logic program- ming styles.

References

[13] Jean Gallier. On Girard’s Candidats de RB ductibilitl. In P. Odifreddi editor, Logac and Com- puter Science. Academic Press, 1990.

[14] J.-Y. Girard, Y. Lafont, and P. Taylor. Proofs and Types. Cambridge Tracts in Theoretical Com-

F. Barbanera. Adding algebraic rewriting to the calculus of constructions: Strong normalization preserved. In Proc. of the 2nd Int. Workshop on Conditional and Typed Rewratang, 1990.

Henk Barendregt. Handbook of Theoretacal Com- puter Scaence, volume B, chapter Functional Pro- gramming and Lambda Calculus, pages 321-364. North-Holland, 1990. J . van Leeuwen ed.

Val Breazu-Tannen. Combining algebra and higher-order types. In Proc. 3rd IEEE Symp. Logzc an Computer Scaence, Edanburgh, July 1988.

Val Breazu-Tannen and Jean Gallier. Polymorphic rewriting conserves algebraic strong normalization. Theoretacal Computer Scaence, 1991. to appear.

Hubert Comon. Disunification: a survey. In Jean- Louis Lassez and Gordon Plotkin, editors, Compu- tataonal Logac: Essays an Honor of Alan Robanson. MIT Press, 1990. to appear.

Hubert Comon. Rewriting with membership con- straints. LRI Report.

Nachum Dershowitz. Orderings for term-rewriting systems. Theoretical Computer Science, 17:123- 131, 1982.

Nachum Dershowitz and Jean-Pierre Jouannaud. Handbook of Theoretical Computer Science, vol- ume B, chapter Rewrite Systems, pages 243-309. North-Holland, 1990. J . van Leeuwen ed.

Nachum Dershowitz and Mitsuhiro Okada. Proof- theoretic techniques for term rewriting. In Proc. 3rd IEEE Symp. Logic in Computer Science, Ed- inburgh, June 1988.

[lo] Nachum Dershowitz and Mitsuhiro Okada. A ra- tionale for conditional equationale programming. Theoretical Computer Sczence, 1991. to appear.

[ll] Daniel J . Dougherty. Adding algebraic rewrit- ing to the untyped lambda calculus. In Proc. 4th International Conference on Rewrating Technaques and Applacations, Como, 1991.

[la] Kokichi Futatsugi, Joseph Goguen, Jean-Pierre Jouannaud, and JosC Meseguer. Principles of OBJ2. In Proc. 12th ACM Symp. Prancaples of Programmang Languages, New Orleans, 1985.

puter Science. Cambridge University Press, 1989.

[15] Joseph Goguen, Jean-Pierre Jouannaud, and JosC Meseguer. Operational semantics for order-sorted algebra. In Proceedangs Internataonal Conference on Automata, Languages and Programang, Naf- phon. Lecture Notes in Computer Science 194, 1985.

[16] Jean-Pierre Jouannaud and Claude Kirchner. Solving equations in abstract algebras: A rule- based survey of unification. In Jean-Louis Lassez and Gordon Plotkin, editors, Computatzonal Logac: Essays an Honor of Alan Robanson. MIT-Press, 1991.

[17] Jean-Pierre Jouannaud and Mitsuhiro Okada. The quantifier-free fragment of the theory of a re- cursive path ordering is decidable. In Proceedangs Internataonal Conference on Automata, Languages and Programang, Madrad, 1991.

[18] Claude Kirchner and Hllkne Kirchner and Josl Meseguer. Operational semantics of (0BJ)-3. In Proceedangs Internataonal Conference on Au- tomata, Languages and Programang, Antwerpen. Lecture Notes in Computer Science 317, 1988.

[19] Mitsuhiro Okada. Strong normalizability for the combined system of the typed lambda calculus and an arbitrary convergent term rewrite system. In Proc. ISSAC 89, Portland, Oregon, 1989.

[20] Mitsuhiro Okada and Peter Grogono. Practical applications of conditional term rewriting theory. In Proc. 15th Latan Amencan Conf. on Informat- acs, 1989.

Rewriting theory for uniqueness conditions of higher type functionals. Research report, Concordia Univer- sitv. 1990

[21] Mitsuhiro Okada and Philip Scott.

-4 I -

[22] Jerzy Tiuryn. Type inference problems: a sur- vey In Proceedangs of Mathematical Foundations of Computer Scaence. Lecture Notes in Computer Science 452, 1990.

[23] Y. Toyama. Counterexamples to termination for the direct sum of term rewriting systems. Infor- mation Processing Letters, 25:141-143, April 1987.

[24] Y. Toyama. On the Church-Rosser property for the direct sum of term rewriting systems. Journal of the ACM, 34(1):128-143, April 1987.

36 1