MONOGRAFIES DE L’INSTITUT D’INVESTIGACIO´ EN INTEL LIG ...levy/papers/monografia.pdf · les...

MONOGRAFIES DE L’INSTITUT D’INVESTIGACIO

EN INTEL·LIGENCIA ARTIFICIAL

Number 2

Institut d’Investigacioen Intel·ligencia Artificial

Monografies de l’Institut d’Investigacio enIntel·ligencia Artificial

Num. 1 J. Puyol, MILORD II: A Language for Knowledge–Based Sys-tems

Num. 2 J. Levy, The Calculus of Refinements, a Formal SpecificationModel Based on Inclusions

Num. 3 Ll. Vila, On Temporal Representation and Reasoning inKnowledge–Based Systems

Num. 4 M. Domingo, An Expert System Architecture for Identificationin Biology

The Calculus of Refinements, a Formal

Specification Model Based on Inclusions

Jordi Levy Dıaz

Foreword by Jaume AgustıInstitut d’Investigacio en Intel·ligencia Artificial

Bellaterra, Catalonia, Spain.

Series EditorInstitut d’Investigacio en Intel·ligencia ArtificialConsell Superior d’Investigacions Cientıfiques

Foreword byJaume AgustıInstitut d’Investigacio en Intel·ligencia ArtificialConsell Superior d’Investigacions Cientıfiques

Volume AuthorJordi Levy DıazInstitut d’Investigacio en Intel·ligencia ArtificialConsell Superior d’Investigacions Cientıfiques

Institut d’Investigacioen Intel·ligencia Artificial

ISBN: 84–00–07500–5ISSN: 1135–4100Dep. Legal: B–34741–95c© 1995 by Jordi Levy Dıaz

All rights reserved. No part of this book may be reproduced in any form or byany electronic or mechanical means (including photocopying, recording, or infor-mation storage and retrieval) without permission in writing from the publisher.Ordering Information: Text orders should be addressed to the Library of theIIIA, Institut d’Investigacio en Intel·ligencia Artificial, Campus de la UniversitatAutonoma de Barcelona, 08193 Bellaterra, Barcelona, Spain.

Printed by Cardellach Copies, S.L. CBS, S.A.

Sant Pere, 40.

08221 Terrassa, Spain.

Als meus pares

Contents

Foreword ix

Preface xi

Abstract xiii

1 Introduction 11.1 A Specification Language Based on Inclusions . . . . . . . . . . . 21.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 Objectives and Contributions . . . . . . . . . . . . . . . . . . . . 51.4 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.5 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 7

2 The Class of Models 112.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.2 COR-syntax and COR-theories . . . . . . . . . . . . . . . . . . . 122.3 COR-models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142.4 Soundness and Completeness . . . . . . . . . . . . . . . . . . . . 162.5 Concrete COR-models . . . . . . . . . . . . . . . . . . . . . . . . 18

2.5.1 The Model Pω . . . . . . . . . . . . . . . . . . . . . . . . 192.5.2 The Model D∞ . . . . . . . . . . . . . . . . . . . . . . . . 19

2.6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3 An Ideal Model for COR 213.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.2 Value Domain Construction . . . . . . . . . . . . . . . . . . . . . 23

3.2.1 The Standard Technique . . . . . . . . . . . . . . . . . . . 243.2.2 The Functor I . . . . . . . . . . . . . . . . . . . . . . . . 283.2.3 The Category of Domains . . . . . . . . . . . . . . . . . . 303.2.4 The Functor J . . . . . . . . . . . . . . . . . . . . . . . . 313.2.5 The Contravariant Functor J C . . . . . . . . . . . . . . . 363.2.6 The Functor S . . . . . . . . . . . . . . . . . . . . . . . . 383.2.7 Well-Founded Domains . . . . . . . . . . . . . . . . . . . 42

3.3 Type Domain Construction . . . . . . . . . . . . . . . . . . . . . 44

vii

3.3.1 The Embedding Code× : S(D)× S(E)<S(D × E) . . . . 453.3.2 The Isomorphism Code+ : S(D)× S(E) =∼ S(D + E) . . 473.3.3 The Embedding Code→ : S(D)→ S(E)<S(D → E) . . . 483.3.4 The Embedding Code→ : S(D)→ S(E)<S(S(D)→ E) . 53

3.4 An Ideal Model for COR . . . . . . . . . . . . . . . . . . . . . . . 563.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

4 First-Order Bi-rewriting Systems 594.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594.2 Inclusions and Bi-rewriting Systems . . . . . . . . . . . . . . . . 614.3 Bi-rewriting Modulo a Set of Inclusions . . . . . . . . . . . . . . 68

4.3.1 From Church-Rosser to Local Bi-Confluence . . . . . . . . 684.3.2 From Local Bi-Confluence to (Extended) Critical Pairs . . 75

4.4 Three Examples: Towards a Completion Procedure . . . . . . . . 794.4.1 Inclusion Theory of the Union Operator . . . . . . . . . . 804.4.2 Inclusion Theory of Non-Distributive Lattices . . . . . . . 824.4.3 Inclusion Theory of Distributive Lattices . . . . . . . . . . 84

4.5 Why Inclusions and not Equations . . . . . . . . . . . . . . . . . 864.6 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 884.7 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

5 Second-Order Bi-Rewriting Systems 895.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895.2 Codifying Rule Schemes by means of Second-Order Rules . . . . 905.3 Some Problems of Second-Order Rewriting Systems . . . . . . . 925.4 Linear Second-Order Typed λ-Calculus . . . . . . . . . . . . . . . 925.5 A Second-Order Unification Procedure . . . . . . . . . . . . . . . 945.6 The Critical Pairs Lemma for Second-Order Bi-rewriting Systems 1065.7 An Example of Completion . . . . . . . . . . . . . . . . . . . . . 1085.8 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

6 Implementing Nondeterministic Specifications 1136.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1136.2 Using Bi-rewriting Systems to Verify Specifications . . . . . . . . 1146.3 Characterizing Terms by Sets of Normal Forms . . . . . . . . . . 1186.4 An Example of Nondeterministic Specification . . . . . . . . . . . 1226.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

7 Conclusions and Further Work 1257.1 Further Work and Open Problems . . . . . . . . . . . . . . . . . 126

References 129

Index 139

viii

Foreword

The research presented in this book started with a very practical aim: to in-vestigate methods of incremental description. One approach to this has beenthe design of specification languages with good structuring operations. Theapproach taken in this book comes from a simple idea: to consider types asapproximate values which can be specified by means of the order relation of itsinformation content, an inclusion relation. To investigate in depth this idea,a formal model is proposed. The model can be seen, on one hand, from thepoint of view of type theory where the value-type relation has been substitutedby an inclusion relation between types or approximate values. On the otherhand, it can be seen as a higher order specification language where conventionalequational specifications have been generalized to inclusion specifications.

The strength of the book lies in the creative use of existing techniques, ex-tending them when necessary. In the domain of denotational semantics, a newmodel of λ-calculus has been found and a new rewriting technique has been in-troduced to give operational semantics to inclusion specifications. The attentivereader of this book I am sure will enjoy and learn from this long and intensiveresearch effort, going from a simple idea to its accurate realization in a formalmodel.

Bellaterra, February 1996Jaume Agustı

Head of theFormal Methods Department

of the IIIA, CSIC

ix

x

Preface

Moltes persones han contribuit d’una o altre manera a la realitzacio d’aquestatesi, i de ben segur que m’en oblidare d’alguna. En primer lloc, vull agrair a enJaume Agustı, el director d’aquesta tesi, el recolzament que m’ha donat durantaquests cinc anys i l’haver-se volgut embarcar en aquesta dificultosa aventura.A en Pere Garcıa, en Lluıs Godo, en Ramon Lopez de Mantaras, n’EnricPlaza, en Josep Puyol, en Carles Sierra i a tots els meus companys del Institutd’Investigacio en Intel·ligencia Artificial la seva col·laboracio, suggeriments iajuda. I en especial, a en Francesc Esteva l’haver tingut la paciencia infinitade revisar moltes de les demostracions que aquı es presenten.

Tampoc voldria oblidar-me de donar gracies a en Gabriel Ciobano, n’HubertComon, en Harald Ganzinger, en Claudio Hermida, l’Helene Kirchner, en PierreLescanne, en Karl Meinke, en Jose Meseguer, en Peter Mosses, en RobertoNieuwenhuis, en Tobias Nipkow, en Fernando Orejas, en Mario RodrıguezArtalejo, en Klaus Schulz, en Gert Smolka, n’Andrzej Tarlecki i a totes lespersones amb les que he tingut l’oportunitat de discutir algun aspecte d’aquestatesi pels seus suggeriments i profitoses idees. Agraeixo especialment a la JaneHesketh, en Dave Robertson, en Don Sannella i a tots els investigadors delDepartment of Artificial Intelligence i del Department of Computer Science dela Universitat d’Edinburgh la calurosa acollida amb que em varen rebre durantles meves estades.

La CICYT, la Generalitat de Catalunya i el CSIC han subvencionat partd’aquesta investigacio mitjancant un contracte com a Titular Superior a carrecdel projecte SPES financiat per la CICYT (TIC 880j380), una Beca de Formaciod’Investigadors de la Generalitat de Catalunya (DOGC 1638 de 28-8-1992) i unaBeca para Ingenieros, Arquitectos y Licenciados en Informatica del CSIC (BOE14-11-1992). Esperem que ho continuin fent.

Tambe vull donar gracies a tots els meus amics del Centre d’Estudis Avancatsde Blanes i a la vila de Blanes per haver-me acollit durant la realitzacio d’aquestatesi. Molt especialment a en Felip Manya, en Gabriel Valiente i en Lluıs Vilaper la seva amistat i tots els bons moments i sopars que hem pogut compartir,i dels que espero continuem gaudint.

Resto en deute amb la Clara Barroso per tot el que m’ha ensenyat i per laseva ajuda en els moments mes difıcils i importants d’aquesta tesi.

xi

Tanmateix dono gracies a la Xus Grau per tot el que m’ha cuidat, mimat iajudat al llarg de la nostra prolongada amistat, especialment en els moments dedesesperacio i flaquesa.

Finalment, als meus pares els he d’agrair tot, ja que sense ells res de tot aixohauria estat possible.

Bellaterra, Febrer de 1996Jordi Levy Dıaz

IIIA, CSICemail: [email protected]

xii

Abstract

Programming in the large require the use of formal specification languages fordescribing program requirements and a method to test (automatically) suchrequirements. These methods can also be applied in other areas like complexsystem modeling. In this thesis we study the theoretical kernel of a formalspecification language, named Calculus of Refinements (COR), based on the useof monotonic inclusion relations. These relations are more general than equalityrelations, therefore inclusion specifications can be considered as a generalizationof equational specifications. Moreover, we propose the substitution of the typingrelation “:” by an inclusion relation, therefore, the Calculus of Refinements canalso be considered as a new typing discipline. The theoretical study of theCalculus of Refinements consists of the definition of a denotational semanticsand of an operational semantics for it. They are described on the two first partsof the thesis. In the third part we approach the specification of nondeterministicprograms by means of inclusions.

In the first part of the thesis we describe the Calculus of refinements as alogic, giving its syntax, a set of inference rules and defining a class of modelsbased on the class of environment models of the λ-calculus. We also study aconcrete model where expressions are interpreted as order ideals. Such idealdomains have been used to give semantics to polymorphic types. On it we basethe view of the Calculus of Refinements as a typing discipline.

In the second part we give an operational semantics based on rewrite tech-niques. We define a pair of rewriting systems, namely a bi-rewriting system,which implement the deduction on inclusion theories. The main idea is usingone of the relations to rewrite terms into smaller terms, and the other one torewrite terms into bigger terms. Using a bi-rewriting system is possible to im-plement an algorithm to test if an inclusion a ⊆ b is deducible in a theory. Werewrite a into bigger terms, and b into smaller terms till we obtain a commonterm. We have studied such technique for first-order theories and linear second-order theories (where bindings bind one and only one variable occurrence).

xiii

In the third part, we propose the use of bi-rewriting systems for the verifi-cation of nondeterministic program specifications. We model nondeterministiccomputation by means of a relation satisfying, among others, the inclusion ax-ioms. Therefore, the rewriting technique is sound (although not necessarily com-plete). We prove that adding more axioms to the specification such technique isalso complete.

xiv

Chapter 1

Introduction

Development of large-scale programs require the use of a formal language fordescribing program requirements and a method to test (automatically) such re-quirements. After some early attempts to specify requirements for imperativeprograms (based on state pre- and post-conditions) it became clear that spec-ification languages are closely related with programming languages, and bothmust have a clean and simple mathematical semantics. Nowadays, most of thespecification languages are developed following an algebraic approach. Basicprogramming techniques, like modularity and parametrization, have also beenapplied to specification methodologies.

One of the most successful specification methodologies is the stepwise refine-ment discipline. It proposes the incremental program construction by graduallytransforming an original specification till we obtain such a low-level specificationthat it can be considered as a program. We obtain in such way a sequence ofspecifications leading from the original specification to the final program. Thecorrectness of the resulting program is ensured provided that each transforma-tion step is correct. We say that a transformation step SP SP ′ is correct(namely, SP refines to SP ′, or SP ′ implements SP ) if every model of SP ′ isa model of SP . The development of a program consist of a sequence of refine-ment steps SP0 SP1 · · · SPn. The refinement relation must betransitive (vertical composition) and monotonic (horizontal composition). Ver-tical composability ensures the correctness of the final program SPn w.r.t. theoriginal specification SP0 if every refinement step SPi SPi+1 is correct. Hor-izontal composability guarantees that if we have a parameterized specificationP (SP ) then any refinement P ′ of P and any refinement SP ′ of SP results on arefinement P ′(SP ′) of P (SP ).

This thesis describes a formal model for the development of a specificationmethodology within the stepwise refinement and algebraic specification disci-plines. Algebraic specifications are mainly based on the use of equality relations.We generalize drastically such approach by introducing a more general kind ofrelations: inclusion relations. These relations share the same properties thanan equality relation with the exception of the symmetry property. Their use

1

2 Chapter 1. Introduction

is motivated by their expressiveness. Furthermore, we also propose the use ofinclusion relations as a new typing relation (substituting each typing declarationt : τ by an inclusion axiom t ⊆ τ). The practical consequences of these deci-sions are out of the scope of this thesis and are the matter of current and futureresearch work. However, the future practical use of the specification model hasguided us in all the technical decisions in its definition.

Our main objective, in the thesis, has been to develop the formal basis ofthis methodology. In order to achieve such objective we have defined the Cal-culus of Refinements (COR). We describe its denotational semantics, on whichit has to be based the future specification language, and its operational seman-tics, which sets the techniques for the automation of the deduction in COR.These constitute the two main parts of the thesis. The Calculus of Refine-ments can also be seen as a first approach to a computing with sets of val-ues model. In such computation model the user starts defining how functionswork for big sets of values (for instance product(int, int) ⊆ int for the prod-uct function), refines this specification defining how it works for smaller setsof values (product(even, odd) ⊆ even) and, finally, defines how it works forsingletons (product(2, 3) = 6). This methodology is closely related with thenon-deterministic computation and specification paradigm. In the third part ofthe thesis we present a first relation between both paradigms.

1.1 A Specification Language Based onInclusions

Our approach can be analyzed from the point of view of the following twoparadigms:

• Algebraic specifications

• Type theories

Algebraic specifications make an intensive use of equality relations, althoughthere have been proposed some extensions based on the use of other relations: in-clusion relations (Mosses, 1989b; Mosses, 1989c), membership relations (Manca et al.,1990; Comon, 1993), transitive relations (Bachmair and Ganzinger, 1993b),rewrite relations (Meseguer, 1990; Meseguer, 1992). Our approach is based onthe use of monotonic inclusion relations. Unlike Bachmair and Ganzinger, ourtransitive relations are monotonic, and in relation to Mosses we give an oper-ational semantics to these relations. In our case this is based on bi-rewritingsystems, a rewriting technique used to check when a term is included into an-other term.

Algebraic specifications also use to be based on many-sorted signatures, i.e.terms are built using a set F of function symbols and each symbol f ∈ F has anassigned type f : s1×· · ·×sn → s where s1, . . . , sn, s are sorts (basic types). If wewant terms to be higher-order then such types may be more complex including, atleast, all those type expressions generated by the grammar τ ::= b | τ → τ where

1.2. Motivation 3

b stands for any base type. Many extensions to this simple type theory there havealso been proposed, i.e. polymorphic types (Milner, 1978; Cardelli and Wegner,1985; MacQueen et al., 1986), Calculus of Constructions (Coquand and Huet,1988),. . . ). They consist mainly on enlarging the set of type expressions beingconsidered (and therefore, the set of typing rules). Most of them require anywell-formed term t to have a unique type τ and the existence of an algorithm tofind such type for any given term. On the contrary, we propose not to distinguishbetween types and values and substitute the typing relation “:” between valuesand types by an inclusion relation. Our approach can be seen as a language witha unique universe of types and a subtyping relation, where the typing relationt : τ is interpreted as a special case of subtyping relation {t} ⊆ τ . Thus, thebi-rewriting method, implementing the inclusion relation, is also a kind of typechecker.

1.2 Motivation

Our research work started five years ago with the practical study of some specifi-cations languages such as Nuprl (Constable et al., 1986), LCF (Paulson, 1987), Z(Spivey, 1988) and, specially, Standard ML (Sannella and Tarlecki, 1984; Harper,1986; Milner et al., 1990) and Extended ML (Sannella and Tarlecki, 1991a). Si-multaneously, we also begun to study the application of specification techniquesin areas other than program requirement specification, such as the specificationof ecological models.1 From this experience we concluded that all these lan-guages share a often unnecessarily complex higher-order type theory, specially ifwe use them in knowledge representation applications (Robertson et al., 1993).

The following pair of examples have been included to show how programrequirements can be captured with the use of inclusion relations. They are notdeveloped in detail and must be considered only as a justification for the useof such relations. Let us consider the following toy example in Standard ML,consisting of a signature specification and a program.

signature SIG TOY =

sig

type s

val x : s

end

structure STRUCT TOY : SIG TOY =

struct

type s = int

val x = 3

end

In COR we propose do not distinguish between types and values, and betweensignatures and programs. Thus, we can consider such example as a programrefinement. In the first version we declare s as a type, i.e. as something smallerthan top (⊤), and x as something smaller than s. In the second version be assignconcrete values to s and x. The same example in COR would be as follows.

1We started a collaboration with Dr. Sannella of the Laboratory for Foundation of ComputerScience and Prof. Robertson of the Department of Artificial Intelligence, both at the Universityof Edinburgh.


s ⊆ ⊤x ⊆ s

s = intx = 3

If we take into account that 3 : int, i.e. 3 ⊆ int expressed as an inclusion,then we can prove that the models of the second specification are also modelsof the first one. Notice that whereas in Standard ML we have type and valuedeclarations, in COR we have a unique kind of axioms (inclusions and equalities).

Let us consider another example in a more theoretical framework, the Cal-culus of Constructions (Coquand and Huet, 1988). This calculus uses threeuniverses of expressions: contexts (∆), types (P ) and terms (t), being contextsa kind of “types of types”. Judgments are built using a context (Γ), like in thesequent calculus, and may be of two forms: 1) typing judgments, built usinga typing relation “:” between terms and types (t : P ) or between types andcontexts (P : ∆); or 2) conversion judgments built using a conversion relation“∼=” between types (P1

∼= P2) or between terms (t1 ∼= t2). There are also twokinds of variable bindings: products [x : P1]P2 and λ-abstractions (λx : P )t.The following are the typing rule for λ-abstractions, assigning a product to eachabstraction, and the conversion rules for products and for abstractions.

Γ[x : P1] ⊢ t : P2

Γ ⊢ (λx : P1)t : [x : P1]P2

Γ ⊢ P1∼= P2

Γ[x : P1] ⊢ P3∼= P4

Γ ⊢ [x : P1]P3∼= [x : P2]P4

Γ ⊢ P1∼= P2

Γ[x : P1] ⊢ t1 ∼= t2Γ[x : P1] ⊢ t1 : P3

Γ ⊢ (λx : P1)t1 ∼= (λx : P2)t2

We can reformulate the Calculus of Constructions applying the principle ofno distinction between types and values (in this case between contexts, types anvalues). No distinction is made then between λ-abstractions and products, thetyping relation “:”is substituted by the inclusion relation ⊆, and the conversionrelation ∼= by the equality relation =. The later is interpreted as a pair ofinclusions, i.e. t = u ⇔ t ⊆ u ∧ u ⊆ t. With such reformulation, all the aboverules are subsumed by the following one:

Γ ⊢ t1 = t2Γ, x ⊆ t1 ⊢ t3 ⊆ t4

Γ ⊢ λx : t1 . t3 ⊆ λx : t2 . t4

that tells us when a λ-abstraction is included into another one. With this refor-mulation we obtain a higher-order type theory sharing some properties with theCalculus of Construction, in particular, if Γ ⊢CC t : P is provable in the Calculusof Constructions, then Γ′ ⊢COR t′ ⊆ P ′ is provable in the reformulated calculus,where Γ′, t′ and P ′ are respectively the reformulation of Γ, t and P . Similarly,Γ ⊢CC t1 ∼= t2 implies Γ′ ⊢COR t′1 = t′2. But as the three universes of terms aremixed, other properties of the Calculus of Constructions are lost, in particular,we lose the following unique type property:If Γ ⊢CC t : P1 and Γ ⊢CC t : P2 then Γ ⊢CC P1

∼= P2

(Coquand and Huet, 1988; lemma 5).

1.3. Objectives and Contributions 5

As the reader may assume, the many-sorted equational logic also admits atranslation into such inclusion formalism.

We are aware that many important problems have been obviated in theseexamples; however our aim has been showing the expressive power of inclusionrelations and the adequacy of using them in stepwise refinement disciplines.Another specification approach which also shares such conviction is the UnifiedAlgebras (Mosses, 1989b; Mosses, 1989c; Mosses, 1989a). Thus we think thatthe advantage of using inclusion relations in program specifications, as well asin other kind of system specification do not require further discussion, fromthe point of view of simplicity, expressiveness and orthogonality of the resultinglanguage.

1.3 Objectives and Contributions

Our main objective is to define and formalize a higher-order theory of monotonicinclusion relations. This objective has to consider the following three subobjec-tives:

1. define a syntax, a formal theory and a denotational semantics for thehigher-order inclusion logic.

2. study the proof theory and automate the deduction for such logic.

3. find and propose application areas for such logic.

Although in this thesis we focus our attention on the first two objectives,we have also worked on some applications of the formalism (see chapter 6 and(Levy et al., 1992c; Robertson et al., 1993)).

Our principal contributions can be summarized as an answer to the followingtwo questions:

1. To give denotational semantics to a higher-order logic of inclusions it seemssensible to interpret terms as sets of values and the inclusion relation asthe inclusion relation of the set theory (as is usually done in type theories).Then, since our approach is higher-order, how can we interpret a functionas a set of values?

2. The operational semantics of equational logic is usually based on rewritingtechniques, i.e. on replacing terms by equal terms. If our principal relationis an inclusion relation, then can similar techniques be applied?

To answer the first question we define an ideal domain J (U) —that is, asubset of the power set of U— and an interpretation function

Fun :(

J (U)→ J (U))

→ J (U)

(see subsections 3.3.3 and 3.3.4), which we used to map functions on such domainto elements of the domain, i.e. to interpret functions on sets as a sets of values.


To automate the deduction in the monotonic inclusion logic we use a pair ofrewriting relations −−→

R⊆and −−→

R⊇, one to replace subterms by bigger terms and

the other to replace subterms by smaller terms. A sound and complete proofprocedure is defined based on such pair of rewriting systems (named bi-rewritingsystem).

1.4 Related Work

This thesis makes use of very different techniques, therefore the related workcome from very different areas, and we have decided to introduce them separatelyin each chapter. In this section we will only present the principal references wehave used.

As usual, we use λ-calculus (i.e. the subject of (Barendregt, 1981) and(Hindley and Seldin, 1986)) as the skeleton of functional programming lan-guages (Landin, 1964). It has also been used as a higher order parameterizationmechanism in some specification languages (Sannella and Tarlecki, 1991b). Fur-thermore, we also view λ-calculus as a low-level specification formalism. Therefinement relation we define can be compared with the subtype relation in(Reynolds, 1985; Cardelli, 1988), with the containment relation between typesin (Mitchell, 1988) and in general with several typing systems (Martin-Lof, 1979;Constable et al., 1986; Coquand and Huet, 1988; Lampson and Burstall, 1988).In most of them (Martin-Lof, 1979; Coquand and Huet, 1988), however, valueexpressions and type expressions are rigorously distinguished and a type rela-tion between values and types is formalized. Less rigorous is this distinctionin Nuprl (Constable et al., 1986) and in Pebble (Lampson and Burstall, 1988).On the contrary, we drop such distinction from the very beginning and the typemembership relation is replaced by a particular case of subtype relation. UnifiedAlgebras (Mosses, 1989b; Mosses, 1989c), Type Logic (Manca et al., 1990) andRewrite Logic (Meseguer, 1990; Meseguer, 1992) share the same principle.

The definition of the class of models of COR, in chapter 2, is based on thecharacterization of λ-calculus environment models of (Meyer, 1982; Koymans,1982). There, we prove that the Pω model of the λ-calculus (Scott, 1976) is alsoa model of COR

The use of order ideals as a semantic domain for types, as we propose inchapter 3, is not new and is also motivated in (Milner, 1978; MacQueen et al.,1986; Mitchell, 1988). The solution of the value recursive domain equation, inthe definition of the ideal model, is based on the category-theoretic solution ofsuch kind of equation formalized in (Smyth and Plotkin, 1982), other worksalso summarize such results (Plotkin, 1983; Schmidt, 1988; Pierce, 1991). Thetechnique for constructing solutions of this kind of equations based on universaldomains was originally presented in (Scott, 1976), and is summarized in (Gunterand Scott, 1990). Other papers describing the inverse limit construction withoutusing category concepts are (Scott, 1972; Stoy, 1978).

The operational semantics of our language, described in chapters 4 and 5, isbased on rewriting techniques. There is a huge number of papers on rewriting

1.5. Overview of the Thesis 7

techniques. They can be found good introductions to the subject in (Knuth andBendix, 1970; Huet, 1980; Klop, 1987; Dershowitz and Jouannaud, 1990). Weextend our technique for rewriting on equivalence classes and for rewriting usinga higher-order language. The techniques for rewriting on equivalence classes aredescribed in (Huet, 1980; Peterson and Stickel, 1981; Kirchner, 1985a; Kirch-ner, 1985b; Jouannaud and Kirchner, 1986; Bachmair and Dershowitz, 1989a).Higher-order rewriting systems are defined in (Nipkow, 1991; Nipkow, 1992; Nip-kow, 1993) and are based on a higher-order unification algorithm described in(Miller, 1991a; Miller, 1991b). An introduction to unification theory can befound in (Siekmann, 1989; Gallier and Snyder, 1990). In chapter 5 we define anunification procedure for our higher-order language. Other higher-order unifica-tion procedures are described in (Huet, 1975; Jensen and Pietrzykowski, 1976).The decidability of the unification problem we present remains as an open ques-tion. Related unification problems are the undecidable (Goldfarb, 1981) second-order unification problem and the decidable (Makanin, 1977) string unificationproblem. Comon (Comon, 1993) defines a language based on expression schemesquite similar to ours.

The nondeterministic specification approach we use in chapter 6 is introducedin (Kaplan, 1986a; Kaplan, 1988; Hussmann, 1991; Hussmann, 1992).

1.5 Overview of the Thesis

The thesis is organized in three parts:

Part I (chapters 2 and 3) introduces the Calculus of Refinements as a logic anddefines its denotational semantics.

Part II (chapters 4 and 5) gives an operational semantics of the calculus.

Part III (chapter 6) shows a first application of the calculus.

The contents of each chapter are summarized in the following.

Chapter 2. We describe the Calculus of Refinements (COR) as a logic, givingits syntax and inference rules. The main contribution of the chapter isa characterization of COR-models. It is based on the characterization ofλ-calculus models done by Meyer (Meyer, 1982) in terms of environmentmodels and functional domains. We prove a soundness and complete-ness theorem for the COR-theories w.r.t. the COR-environment models.Finally, we show that two concrete classical λ-calculus models —the Pω

model of Scott (Scott, 1976) and the D∞ model— are also COR-models.Any COR-domain has a lattice structure which we use for giving seman-tics to the inclusion (subtyping) relation ⊆. The Pω and D∞ models havealso such lattice structure, however in such cases the lattice order relationis also used for modeling the computational ordering (Scott, 1972; Scott,1976). Therefore, in those models computational and refinement orderingsare identified. This could cause problems and leads us to define a newconcrete COR-model. This is the subject of chapter 3.


Chapter 3 Types are usually modeled by sets of values sharing a commonstructure, where structure represents notions like being a function or beinga pair. These notions are modeled by a partial order ≺ defined by a ≺ bif a is more structured than b. Then, types are ideals of such ordering(Milner, 1978; MacQueen et al., 1986). The structural ordering ≺ andthe computational ordering ⊑ are related. In this chapter we define therelation ≺ by a ≺ b iff b ⊑ a. An order ideal model may be defined usingsuch structural ordering. Then we interpret the refinement relation as theinclusion relation ⊆ between ideals. We proof that if built the ideal domainover a functional domain of values, then the resulting ideal domain is alsofunctional (a retract of its corresponding functional space). It means thatthe type domain is rich enough for modeling λ-calculus and the use of twodistinct universes (types and values) is no longer necessary.

Chapter 4 The use of an inclusion relation between terms makes necessary toextend rewriting techniques to deal with non-symmetric relations. In thischapter we propose how deduction in an inclusion theory I may be auto-mated using a pair of rewriting systems 〈R⊆, R⊇〉 (a bi-rewriting system).To prove that I ⊢ a ⊆ b we seek a common expression c such that a−−→∗

R⊆c

and b−−→∗R⊇

c. The decidability and completeness of the method is based on

the commutation and termination of both rewriting relations. We extendsuch result for bi-rewriting modulo a set of inclusions and we show someconcrete examples.

Chapter 5 The method proposed in chapter 4 is not free from problems. Theuse of the Knuth-Bendix completion process (Knuth and Bendix, 1970), inthe presence of non-left linear rules may introduce rule schemes (resultingfrom orienting schemes of critical pairs, named extended critical pairs). Inthis chapter we propose the use of linear second-order typed λ-calculus toincorporate those rule schemes into the language. We show the adequacy ofusing such restricted second-order language as a new higher-order rewritingparadigm. A complete unification procedure is described for such language.However, the decidability of this unification problem remains as an openquestion, for which we think we will be able to prove an affirmative answerin the future.

Chapter 6 This is the only chapter devoted to applications of the Calculusof Refinements. We view non-deterministic specifications (Kaplan, 1986a;Hussmann, 1992) as a special case of inclusion specifications. Therefore,the bi-rewriting technique is a sound although not always complete deduc-tion method for those specifications. We show how a non-deterministicspecification may be completed (without modifying the underlieing in-tended models) in order to have also a completeness result.

Although we have tried to write a basically self-contained document, thegreat variety of techniques used to present this formal model makes impossibleto be completely exhaustive in such purpose. Therefore, some previous basic

1.5. Overview of the Thesis 9

knowledge on category theory and rewrite techniques is supposed. Anyway,we cite some basic literature on such subjects. What we call examples in thefirst part of the thesis are really alternative definitions or unsuccessful lines ofargument. Examples shown in the second part have not been checked by acomputer, thus they may be not free from errors.

Even though we use different theoretical formalisms along the thesis, we havetried to use an uniform notation. This is always introduced at the beginning ofeach chapter and can also be found in the index at the end of the thesis.


Chapter 2

The Class of Models

Abstract: The Calculus of Refinements (COR) presented here takes the

idea of types as specifications and subtyping as refinement and pushes it

to an extreme. Types and values are no longer distinguished; in COR

we consider a unique hierarchy of objects. A good way to deal with this

hierarchy of objects is to structure it as a complete lattice. If functions

are to be considered as first class citizens in the hierarchy, then the lattice

must be reflexive: it must have the space of functions (some of them) as

a sublattice. To represent reflexive lattices, the most simple language is

an extension of the λ-calculus with lattice operators: this is the language

of COR. The aim of this chapter is to show that the results about the

soundness and the completeness of λ-calculus w.r.t. the model of terms

(Meyer, 1982; Koymans, 1982) can be extended without problems to COR.

We show also that two classical λ-models, the Pω and the D∞ models,

are also COR-models.

2.1 Introduction

Data and its classification into types are kept separated and used distinctivelyin most programming languages. Types are mainly used as a discipline thatcontributes to program correctness and computation is not done on types. Nev-ertheless types have also been considered as specifications in (Martin-Lof, 1979;Constable et al., 1986; Coquand and Huet, 1988; Lampson and Burstall, 1988;Cardelli and Longo, 1990). The subtyping can be seen as a kind of specificationrefinement defining a type hierarchy where programs are the leaves on whichcomputation is done. The Calculus of Refinements (COR) presented here takesthis idea of types as specifications and subtyping as refinement and pushes it toan extreme. Types and values are no longer distinguished; in COR we considera unique hierarchy of objects without distinctions between leaves and the restof nodes. The subtyping relation is the only relation between objects and it iscalled refinement: an object is a refinement of another if the latter is a morespecified version of the former. A good way to deal with the hierarchy of objects

11

12 Chapter 2. The Class of Models

is to structure it as a complete lattice. And if functions are to be consideredelements of the hierarchy then the lattice must be reflexive: there must be aninjection from a subset of the space of functions to the lattice. So completereflexive lattices are the intended semantic domains we want to use to modelspecifications or types (upper objects in the hierarchy) and programs or values(lower objects in the hierarchy).

To represent reflexive lattices, the most simple language is an extension ofthe λ-calculus with lattice operators, this is the language of COR. The resultsabout soundness and completeness of λ-calculus w.r.t. to the term model canbe extended without problems to COR. Moreover, we show that many concretemodels of the λ-calculus are also models of COR. Unfortunately, the partialorder defining the lattice structure of such models represents the computationalorder between λ-terms. This computational order (introduced by Scott (Scott,1972)) justifies, for instance, the use of continuous functions (w.r.t. the topologydefined by such order) and can be interpreted in terms of information: a ⊑ bif a is more undefined (contents less information) than b. On the contrary, thesubtyping order is usually interpreted in terms of containment: a ⊆ b if the setof values represented by a is included into the set of values represented by b.Therefore, the identification of both orderings may leads to problems. We definein chapter 3 a concrete COR-model where such problems are considered.

This chapter proceeds as follows. In section 2.2 the syntax of COR is in-troduced, COR-terms and COR-formulas are defined and then the axioms andinference rules defining COR-theories are given. Section 2.3 describes the class ofmodels of COR. The main result of the chapter is the extension of the soundnessand completeness results of λ-calculus to COR, proved in section 2.4. Section 2.5presents some concrete models of the λ-calculus, which are also models of COR.

2.2 COR-syntax and COR-theories

In the following we will be concerned with a denumerable signature F of con-stants and an infinity and denumerable set of variables X . The set of COR-terms is defined inductively by the following grammar

term ::= c | x | ⊥ | ⊤ | term ∩ term | term ∪ term| λx.term | term(term)

where x ∈ X stands for variables and c ∈ F for constants.

COR-formulas are defined by

formula ::= term ⊆ term | term = term

Definition 2.1 A COR-theory T over a set F of constants is a set of formulas

2.2. COR-syntax and COR-theories 13

closed under the following COR-inference rules.

⊥ ⊆ t(⊥)

t ⊆ ⊤(⊤)

t ⊆ t ∪ u u ⊆ t ∪ ut ⊆ v u ⊆ v

t ∪ u ⊆ v(∪)

t ∩ u ⊆ t t ∩ u ⊆ uv ⊆ t v ⊆ u

v ⊆ t ∩ u(∩)

t ⊆ t(Reflex)

t ⊆ u u ⊆ vt ⊆ v

(Trans)

t ⊆ u u ⊆ tt = u

t = ut ⊆ u

t = uu ⊆ t

(Antisym)

{y 6∈ FV(t)}λx.t = λy.t[y/x]

(α)(λx.t)(u) = t[u/x]

(β)

t ⊆ ut(v) ⊆ u(v)

(Apl monot)t = u

v(t) = v(u)(Apl congr)

t ⊆ uλx.t ⊆ λx.u

(λ monot)

It is quasi-extensional if in addition it is closed under:

(λx.t) ∩ (λx.u) ⊆ λx.t ∩ u(λ∩)

(t ∪ u)(v) ⊆ t(v) ∪ u(v)(Apl∪)

{x 6∈ FV(t)}t ⊆ λx.t(x)

(η∗)

and extensional if it is also closed under:

λx.t ∪ u ⊆ (λx.t) ∪ (λx.u)(λ∪)

t(v) ∩ u(v) ⊆ (t ∩ u)(v)(Apl∩)

{x 6∈ FV(t)}t = λx.t(x)

(η)

Given a finite set of COR-formulas I, the sets Th(I), Thq−e(I) and The(I)denote respectively the minimum COR-theory, quasi-extensional COR-theoryand extensional COR-theory containing I.

The notation I ⊢COR u ⊆ v means that the formula u ⊆ v belongs to thetheory Th(I), i.e. there exists a deduction of u ⊆ v from I. The same forI ⊢CORq−e u ⊆ v and Thq−e(I) and for I ⊢CORe u ⊆ v and The(I). We say thatu ⊆ v is a COR-theorem, noted ⊢COR u ⊆ v, if the formula u ⊆ v belongs to anyCOR-theory.

The relation between terms u and v, defined by u ∼ v if u = v belongs to agiven theory, is an equivalence relation. The set of equivalence classes will be akey point used to prove the completeness theorem.


Antisymmetry rules prove the equivalence u = v ⊣⊢ u ⊆ v ∧ v ⊆ u, therefore,from now on we will consider u = v as an abbreviation for u ⊆ v ∧ v ⊆ u.

It is not hard to prove from monotonicity rules that simultaneous substitutionpreserves formulas, i. e., if T ⊢ ui = vi for every i ∈ {1, . . . , n} and T ⊢ u0 ⊆ v0,then T ⊢ u0[u1/x1, . . . , un/xn] ⊆ v0[v1/x1, . . . , vn/xn].

2.3 COR-models

In this section we define the class of COR-models, like the one defined in (Meyer,1982; Koymans, 1982) for the λ-calculus. In section 2.4 we will prove the com-pleteness and correctness of this class of models in relation to COR-theories.

Definition 2.2 A value model of COR is a poset (D,≤) whose elements arenamed values, and a function [[ ]] from COR-terms and valuation functions ρto D such that if [[u1]]ρ ≤ [[v1]]ρ, . . . , [[un]]ρ ≤ [[vn]]ρ then [[u0]]ρ ≤ [[v0]]ρ for everyCOR-inference rule u1 ⊆ v1, . . . , un ⊆ vn ⊢ u0 ⊆ v0 and valuation ρ.

Value models are a mere reformulation of COR-theories, it is an essentiallysyntactic notion which don’t justify or explain the COR-inference rules. Tocapture the notion of COR-terms as descriptions of functions in a lattice, we needto introduce the notion of functional domain on which is based our definition ofCOR-models.

Definition 2.3 Let D be a nonempty set. Given two functions

Fun : D −→ (D → D)Graph : Fun(D) −→ D

the triplet E = (D,Fun,Graph) is said to be a functional domain if f =Fun(Graph(f)) for every f ∈ Fun(D) ⊆ D → D, that is, Fun(D) is a retract ofD via the retraction pair (Fun,Graph).It is extensional if u = Graph(Fun(u)) for every u ∈ D.

Notice that since Fun maps D onto D → D, it follows from cardinalityconsiderations that D → D 6⊆ Fun(D), the mapping Graph is not defined forany function. This characterization of D is enough for the λ-calculus, but in theCOR-calculus we need an additional condition to enable the definition of thelattice operators ⊤, ⊥, ∪ and ∩, and the inclusion relation ⊆.

Definition 2.4 The tuple E = (D,≤D,Fun,Graph) is said to be a COR-domainif

(i) (D,Fun,Graph) is a functional domain.

(ii) (D,≤D) is a complete lattice with maximum ⊤D and minimum ⊥D.

(iii) If we use ≤D to define a pointwise ordering1 in D → D then Fun and Graph

are monotonous functions.

1The pointwise ordering is defined by f ≤D→D g if ∀x ∈ D . f(x) ≤D g(x).

2.3. COR-models 15

It is quasi-extensional if in addition u ≤D Graph(Fun(u)) for every u ∈ D, andextensional if u = Graph(Fun(u)).

Notice that if we use ≤D to define a pointwise ordering ≤D→D in D → D,then (D → D,≤D→D) is also a complete lattice with

(f ⊓D→D g)(u) = f(u) ⊓D g(u)(f ⊔D→D g)(u) = f(u) ⊔D g(u)⊥D→D(u) = ⊥D

⊤D→D(u) = ⊤D

for any f, g ∈ D → D and u ∈ D.The same classification of models is given in (Sanchis, 1980), with little dif-

ferences, but completely different purposes.

Lemma 2.5 For any u, v ∈ D and f, g ∈ D → D we have

(i) If (D,Fun,Graph) is quasi-extensional then

Fun(u ⊔D v) = Fun(u) ⊔D→D Fun(v)Graph(u ⊓D→D v) = Graph(u) ⊓D Graph(v)

(ii) If (D,Fun,Graph) is extensional then

Fun(u ⊓D v) = Fun(u) ⊓D→D Fun(v)Graph(u ⊔D→D v) = Graph(u) ⊔D Graph(v)

Proof: Since Fun is monotonous we have Fun(u) ≤D Fun(u⊔D v) and Fun(v) ≤D

Fun(u ⊔D v), therefore Fun(u) ⊔D→D Fun(v) ≤D Fun(u ⊔D v).On the opposite direction, the monotonicity of Graph and the quasi-extensionality

allow to prove u ≤D Graph(Fun(u)) ≤D Graph(

Fun(u) ⊔D→D Fun(v))

, the same

for v and therefore u ⊔D v ≤D Graph(

Fun(u) ⊔D→D Fun(v))

. Now, the mono-tonicity of Fun and the condition of being a functional domain allow to proveFun(u ⊔D v) ≤D→D Fun

(

Graph(

Fun(u) ⊔D→D Fun(v)))

= Fun(u) ⊔D→D Fun(v).Concluding Fun(u⊔D v) = Fun(u)⊔D→D Fun(v). For the rest of equalities the

proof is quite similar.

This lemma concludes that if (η∗) is sound in a COR-domain, then (λ∩) and(Apl∪) are also sound; and if (η) is sound then (λ∪) and (Apl∩) are also sound.

In the context of λ-calculus, the assignment of values to free variables arereferred to as environments. Formally, an environment ρ over D is a map ofthe set of variables X into D. The set of environments over D will be notedby D Env. Given a COR-domain, the corresponding COR-model is defined asfollows.

Definition 2.6 Given a (quasi-extensional, extensional) COR-domain (D,≤D,Fun,Graph) and the valuation function

V : COR-terms×D Env → D

defined inductively as follows


(i) V[x]ρ = ρ(x) for all variables x ∈ X

(ii) V[⊤]ρ = ⊤D

(iii) V[⊥]ρ = ⊥D

(iv) V[u ∪ v]ρ = V[u]ρ ⊔D V[v]ρ(v) V[u ∩ v]ρ = V[u]ρ ⊓D V[v]ρ(vi) V[u(v)]ρ = Fun(V[u]ρ)(V[v]ρ)

(vii) V[λx.u]ρ = Graph(λd : D .V[u]ρ[d/x])

if the function λd : D .V[u]ρ[d/x] belongs to Fun(D) for any term u and en-vironment ρ, then the tuple M = (D,≤,Fun,Graph,V) is said to be a (quasi-extensional, extensional) COR-environment model.

The condition λd : D .V[u]ρ[d/x] ∈ Fun(D) in the previous definition is neces-sary to ensure that Graph(λd : D .V[u]ρ[d/x]) is defined (notice that the domainof Graph is the rang of Fun). This restriction defines some kind of closure con-dition on the set of functions Fun(D) used in functional domains. In concretemodels, presented in section 2.5, Fun(D) is the set of functions on D continuousw.r.t. the computational ordering, i.e. a subset of the computable functions(Scott, 1972).

The notions of satisfaction and validity are defined as usual. A formula u ⊆ vis said to be satisfied in a COR-model M , noted M |= u ⊆ v, if V[u]ρ ≤ V[v]ρfor every environment ρ ∈ D Env. A formula is said to be valid, noted |= u ⊆ vif it is satisfied for every COR-model.

2.4 Soundness and Completeness

In this section we prove a soundness and completeness theorem for the COR-theories w.r.t. the COR-environment models we have defined. We will provethat the inclusions valid in a COR-model form a COR-theory, and that for anyCOR-theory we can find a COR-environment model, namely the model of terms.

We can prove a substitution lemma, like in λ-calculus:

Lemma 2.7 V[u[v/x]]ρ = V[u]ρ[V[v]ρ/x].

Proof: By induction on the structure of COR-terms. A complete proof can befound for the λ-calculus in (Stoy, 1978), and ours is quite similar.

Theorem 2.8 soundness. The equations valid in a (quasi-extensional, exten-sional) COR-model form a (quasi-extensional, extensional) COR-theory. More-over, if u ⊆ v is a theorem (⊢ u ⊆ v) then u ⊆ v is valid (|= u ⊆ v).

Proof: The complete lattice structure of D corresponds to axioms and rules(⊥), (⊤), (∩), (∪), (Reflex), (Antisim) and (Trans). Axioms (β) and (α) canbe proved from the substitution lemma (for a complete proof see (Meyer, 1982)).

The Graph monotonicity and pointwise order in D → D can be used to prove(λ monot), and the Fun monotonicity and pointwise order to prove (Apl monot).

2.4. Soundness and Completeness 17

For a quasi-extensional model, using the definition of V it is easy to see

V[(u ∪ v)(w)]ρ = Fun(V[u]ρ ⊔D V[v]ρ)(V[w]ρ)V[(u(w) ∪ v(w)]ρ = Fun(V[u]ρ)(V[w]ρ) ⊔D Fun(V[v]ρ)(V[w]ρ)

Now, the properties Fun(a⊔D b) = Fun(a)⊔D→D Fun(b) of lemma 2.5 and (f⊔D→D

g)(a) = f(a)⊔D g(a) can be used to prove the equality between both values, thatis, the (Apl∪) axiom. Axiom (λ∩) can be proved from properties Graph(f ⊓D→D

g) = Graph(f) ⊓D Graph(g) (lemma 2.5) and (f ⊓D→D g)(a) = f(a) ⊓D g(a) in asimilar way.

Using the definition of V we can see also V[λx.u(x)]ρ = Graph(

λd : D .Fun(V[u]ρ)(d))

=Graph(Fun(V[u]ρ)) if x is not free in u. If the domain is quasi-extensional thenV[u]ρ ⊆ Fun(Graph(V[u]ρ)) holds, and (η∗) can be proved.

For an extensional model (Apl∩), (λ∪) and (η) can be proved similarly to(Apl∪), (λ∩) and (η∗).

Finally, if ⊢ u ⊆ v is a theorem, then for any COR-theory, T ⊢ u ⊆ v holds.In particular for the COR-theory formed by the satisfiable formulas of a COR-model M . Therefore M |= u ⊆ v for any COR-model M . Thus |= u ⊆ v is valid.

In the following we will prove the completeness theorem, showing that givena COR-theory T it can be constructed a COR-model MT which valid equationsare the ones deducible from the COR-theory. Such model is named term model.

Given a COR-theory T , we note the set of T -equivalence classes of termsby ℑ and the T -equivalence class of u by u. The relation ≤ℑ⊆ ℑ × ℑ and thefunctions Funℑ : ℑ → (ℑ → ℑ) and Graphℑ : (ℑ → ℑ)→ ℑ defined by

u ≤ℑ v iff T ⊢ u ⊆ v

Funℑ(u)def= λv : ℑ . u(v)

Graphℑ(Fun(u))def= λx.u(x) for x 6∈ FV(u)

can be used to define a COR-domain.

Lemma 2.9 The tuple (ℑ,≤ℑ,Funℑ,Graphℑ) is a COR-domain.

Proof: It is easy to prove that Funℑ and Graphℑ are well defined and thatFunℑ ◦ Graphℑ = Id holds. Therefore (ℑ,Funℑ,Graphℑ) is a functional domain.

From the lattice inference rules (⊥), (⊤), (∩) and (∪) it can be proved thelattice structure of ℑ, where

⊥ℑ = ⊥

⊤ℑ = ⊤

x ⊓ℑ y = x ⊓ y

x ⊔ℑ y = x ⊔ y

The monotonicity of Funℑ and Graphℑ can be proved from (Apl monot) and(λ monot).


Lemma 2.10 The valuation function V : COR-terms×ℑ Env → ℑ correspond-ing to the COR-domain (ℑ,≤ℑ,Funℑ,Graphℑ) is defined by

V[u]ρ = u[ρ(xi)/xi]

where {xi} is the set of free variables of u.Moreover, it satisfies λd : ℑ .V[u]ρ[d/x] ∈ Funℑ(ℑ) for any term u and valuation ρ.

From this lemma we can prove the following completeness theorem:

Theorem 2.11 completeness For every COR-theory T , there exists a COR-environment model MT such that

T ⊢ u ⊆ v iff MT |= u ⊆ v

Moreover, if u ⊆ v is valid (|= u ⊆ v), then u ⊆ v is a theorem (⊢ u ⊆ v).

Proof: Given a COR-theory T , let MT be the COR-model defined in lem-mas 2.9 and 2.10. Suppose T ⊢ u ⊆ v then T ⊢ uρ ⊆ vρ for every assign-ment function ρ since simultaneous substitutions preserves equation. ThereforeV[u]ρ ⊆ V[v]ρ for every ρ, thus MT |= u ⊆ v.

Suppose MT |= u ⊆ v, then V[u]ρ ⊆ V[v]ρ for every ρ. In particular for ρ0

such that ρ0(x) = x. Then u = V[u]ρ0⊆ V[v]ρ0

= v. That is T ⊢ u ⊆ v.Finally, if |= u ⊆ v is valid, then for all COR-model M, M |= u ⊆ v. In

particular for the COR-modelMT obtained from any COR-theory T , thereforeT ⊢ u ⊆ v for every theory. Thus ⊢ u ⊆ v.

These two theorems prove the equivalence between |= u ⊆ v and ⊢ u ⊆ v,that is the weak soundness and completeness properties. To prove the (strong)soundness and completeness properties, i.e. the equivalence between Γ |= u ⊆ vand Γ ⊢ u ⊆ v, we would need the initiality property for the term model.

2.5 Concrete COR-models

Some of the models proposed classically for the λ-calculus have a lattice struc-ture. The order relation ⊆ defining this structure is based on computationconsiderations, i.e. t ⊆ u if u is more defined than t, therefore ⊥ is the moreundefined term (that is, the program that never finishes). Such models takeFun(D) = [D → D], being [D → D] the set of continuous functions from D toD. (Continuous functions are defined using the topology generated by the orderrelation ⊆). These continuous functions include computable functions.

In this section we show how the Pω and the D∞ models of the λ-calculusare also models of the COR-calculus. However, we are interested in modeling akind of subtyping relation with ⊆, incompatible with the computation ordering.Because of that, we will develop a new model for COR (and therefore for the λ-calculus) in chapter 3. There we propose a relationship between both orderings.

2.5. Concrete COR-models 19

2.5.1 The Model Pω

In the Pω model of the λ-calculus Scott (Scott, 1976) takes the set Pω as func-tional domain and the functions Fun : Pω −→ [Pω → Pω] and Graph : [Pω →Pω] −→ Pω, named fun and graph respectively, defined as follows

Fun(u)def= λv : Pω.{m | ∃en ⊆ v.〈n,m〉 ∈ u}

Graph(f)def= {〈n,m〉 | m ∈ f(en)}

where 〈 , 〉 : IN×IN→ IN is a pair encoding function; {en}n∈IN is an enumerationof the finite subsets of Pω; and [Pω → Pω] is the set of continuous functions fromPω to Pω.

The lattice structure of Pω is evident, with ⊥, ⊤, ≤, ⊔ and ⊓ defined as ∅,IN, ⊆, ∪ and ∩ respectively. We have in addition, using the continuity of f

Fun(Graph(f)) = λu : Pω.{m | ∃en ⊆ u.〈n,m〉 ∈ f(en)} = λu : Pω.f(u) = f

and

Graph(Fun(u)) = {〈n,m〉 | m ∈ {m′ | ∃en′ ⊆ en.〈n′,m′〉 ∈ u}} == {〈n,m〉 | ∃en′ ⊆ en.〈n′,m〉 ∈ u} ⊇ u

The tuple (Pω,⊆,Fun,Graph) is a quasi-extensional COR-domain that allowsto define a quasi-extensional COR-model defining V in the usual way. It has to bechecked that f = λu : Pω .V[u]ρ[u/x] is a continuous function for any COR-termu. This proof can be done by induction in the structure of u.

If we restrict the domain to those elements u of Pω such that

〈n′,m〉 ∈ u ∧ en′ ⊆ en ⇒ 〈n,m〉 ∈ u

then Fun(Graph(u)) = u and Pω becomes an extensional COR-model.

2.5.2 The Model D∞

This model is built solving the recursive domain equation

D ∼= [D → D]

in the category of lattices and continuous morphisms between lattices.2 Thesolution is a lattice (D∞,≤D∞

) and an isomorphism function

Θ : D∞ → [D∞ → D∞]

The functions Fun and Graph are defined by Fun = Θ and Graph = Θ−1, andsatisfy Fun◦Graph = IdD∞→D∞

and Graph◦Fun = IdD∞. Therefore, the domain

(D∞,≤D∞,Θ,Θ−1) is an extensional model of COR.

2In section 3.2 we show how a similar equation can be solved in a given category.


2.6 Conclusions

A main point is worth noticing as a conclusion: the easiness with which envi-ronment models for λ-calculus have been extended to COR. COR-models are asubcategory of λ-calculus models keeping its main properties. Notice that, inprinciple, in these models functions need not to be continuous nor monotonousw.r.t. the subtyping order ≤. Nevertheless the concrete models presented takecontinuous functions as morphisms. This fact is related with the identificationof the computational order and the subtyping order. That will be treated indetail in subsection 3.2.6.

Chapter 3

An Ideal Model for COR

Abstract: Types are usually modeled by sets of values sharing a com-

mon structure, where structure represents notions like being a function or

being a pair. These structural notions are modeled using a partial order

relation ≺ between terms, defined intuitively by a ≺ b if a is more struc-

tured than b. Then, types are interpreted as order ideals of such ordering

(Milner, 1978; MacQueen et al., 1986). This structural ordering ≺ and the

computational ordering ⊑, introduced by Scott (Scott, 1972; Scott, 1976),

are related. In this chapter we identify the relation ≺ with the inverse

of the relation ⊑, and we define an ideal model based on such structural

ordering. We interpret the refinement relation between types as the set

inclusion relation ⊆ between ideals. We proof that if the ideal domain is

built over a functional domain of values, then the resulting ideal domain is

also functional (a retract of its corresponding functional space). It means

that the type domain is rich enough for modeling λ-calculus and the use

of two distinct universes of types and values is superfluous.

3.1 Introduction

We interpret λ-calculus as a typing formalism which admits a precise notionof refinement or inclusion between λ-expressions. By type we mean here anintensional description of a set of values sharing some structure, where structurerepresents notions like being a function or being a pair. These notions aremodeled by a structural order≺ defined intuitively by t ≺ t′ if t is more structuredthan t′. For instance, we say that completely undefined value ⊥ is less structuredthan any other value ∀x . x ≺ ⊥, or that 〈t1, t2〉 is more structured than 〈t′1, t

′2〉 if

t1 is more structured than t′1 and t2 more structured than t′2. Lambda expressionscan be considered types so far we make them denote not elements of a domain,as usual, but a particular set of them. Then an expression can be refined bygiving another expression whose denotation is included in the denotation ofthe former, i.e. we model the refinement relation between expressions as theinclusion relation between sets.

21

22 Chapter 3. An Ideal Model for COR

Having in mind the interpretation of λ-expressions as types, we have takenclosed ≺-order ideals (Milner, 1978; MacQueen et al., 1986) as denotations ofλ-expressions. There are different reasons that support this decision. Idealsestablish a coherent link between the ordering defined by the inclusion relationbetween ideals and the structural order of its elements. Milner (Milner, 1978)notes that any typing formalism must share the following two properties:

• If t : τ and t′ ≺ t then t′ : τ . Types are inherited from less structuredterms.

• If t1 ≺ t2 ≺ . . . ti ≺ . . . is a sequence of τ -typed terms (ti : τ for i ∈ IN)then ⊔i∈INti : τ . The least structured term of a sequence of terms sharingthe same type, also shares such type.

These properties are perfectly modeled by closed ≺-order ideals. These andother similar reasons have also been given in (MacQueen et al., 1986) to modelpolymorphic types as ideals.

Given that we want λ-expressions to denote ideals and that the set of idealsis closed under union, intersection and cartesian product (see lemma 3.25) itseems natural to extend pure λ-calculus with these set operators. We want togive semantics to these expressions in a domain of closed order ideals J (U) builtover a functional domain U , i.e. over the initial solution of a recursive domainequation like:

U =∼ C + U × U + U → U

where C is any initially given domain and U → U stands for the set of continuousfunctions w.r.t. the computational order relation⊑. The notion of computationalorder was introduced by Scott (Scott, 1972; Scott, 1976) and is defined intuitivelyby t ⊑ t′ if t contains less computational information than t′. Our principaldecision is to identify the structural order ≺ and the inverse of computationalorder ⊑, i.e. to define t ≺ t′ iff t′ ⊑ t. We prove that if the value domain U isfunctional (it can be defined a retract from a subset of U → U to U), then thedomain of ≺-order ideals J (U) is a semantic model of the extended λ-calculus(it can also be defined a retract from a subset of J (U)→ J (U) to J (U)).

This chapter proceeds as follows. We start summarizing the standard tech-nique formalized by Smyth and Plotkin (Smyth and Plotkin, 1982) for solvingrecursive domain equations in a given category. They use some categorical con-cepts that we introduce (not in detail) just to make the chapter self-contained.The rest of section 3.2 is devoted to the search of an “ideal” functor —a functormapping domains to domains of ≺-ideals. We study four candidates and we tryto justify each one of the decisions leading to the final choice (the functor S).These candidates are the following ones:

I(D) The structural and the computational orderings are identified (≺def=⊑),

the computational ordering between ideals is defined by I1 ⊑ I2 if I1 ⊆ I2,and the domain is built using (not necessarily closed) ≺-order ideals overa cpo structure.

3.2. Value Domain Construction 23

J (D) Like the previous one, but using closed order ideals and domains insteadof cpos.

J C(D) The relations ≺ and ⊑ are identified, but the computational orderingbetween ideals is defined by I1 ⊑ I2 iff I2 ⊆ I1.

S(D) Finally, we decide to identify the structural order and the inverse of the

computational order (≺def=⊒) and define the computational order between

ideals as I1 ⊑ I2 iff I1 ⊇ I2.

This is not the shortest way to introduce the functor S, but we think itreflects closely the way how we found it. We prove the local continuity propertyfor such functor. This ensures the existence of an initial solution for a widerange of domain equations, like U =∼ C + U × U + S(U) → U , which we willalso use. In section 3.3 we prove the main result of this chapter: the domainof ≺-order ideals S(U), built over a functional domain U ∼= . . . + U → U + . . .,is also a functional domain. It allows to interpret λ-expressions not as values(in U) but as types (in S(U)). Finally, we show in section 3.4 how a semanticinterpretation function can be defined for such ideal model.

3.2 Value Domain Construction

In this section we will prove in detail the existence of a least fixed point of therecursive domain equation:

D =∼ Fν(D) (3.1)

that is, the existence of an initial Fν-algebra (U,α), where U is the initial fixedpoint of the domain equation, and α is the isomorphism

α : Fν(U)→ U

Usually, the endofunctor Fν , used to give semantics to values in a functionallanguage, has the form Fν(D) = C +(D×D)+(D → D) where +, × and→ arewell-known continuous functors. Techniques to solve the domain equation (3.1)in this case have been studied and do no require a further analysis (we summarizesuch technique in subsection 3.2.1). Such recursive domain is enough for inter-preting constants (in C), pairs of values (in U × U), and computable functions(in U → U) as values (in U) by means of the isomorphism α : Fν(U)→ U .

Scott (Scott, 1972) was the first to face the solution of such kind of re-cursive domain equations using the inverse limit construction. This was thefirst statement of the limit-colimit coincidence. Later he showed (Scott, 1976)how this construction can be avoided using an universal domain and a leastfixed point construction. Wand (Wand, 1979) formalized the inverse limit con-struction in terms of enriched categories, the O-categories. Finally, Smyth andPlotkin (Smyth and Plotkin, 1982) studied the sufficient condition that a func-tor F and an O-category K have to satisfy in order to ensure the existence of


a solution of the domain equation D =∼ FE(D) in a category KE , where KE isthe subcategory of K resulting from restricting arrows to be embeddings, andFE : KE → KE is a covariant functor on KE defined from F . Such formulationis based on the coincidence of colimits (inverse limits) in KE and limits in K.This is the most general formulation of the limit-colimit coincidence that weknow. As Smyth and Plotkin says (Smyth and Plotkin, 1982), “the relation be-tween the category-theoretic treatment [based on the inverse-limit constructionor limit-colimit coincidence] and the universal domain method has, until now,remained rather obscure”. The relation between both methods still remainsobscure, and this chapter contributes to close the gap between them. We willuse the category-theoretic approach mainly to solve the valued domain equa-tion (3.1), obtaining a functional value domain U , which we use to build over anideal domain J (U). Such ideal domain is an universal domain used to found asolution to the type domain equation, using the universal domain method.

In the following we give some references describing the standard techniquethat we present in subsection 3.2.1. Pierce (Pierce, 1991) summarizes the Smithand Plotkin’s paper and also introduces the necessary basic categorical defini-tions. The Plotkin’s course notes on domains (Plotkin, 1983) and the Schmidt’sbook (Schmidt, 1988) are good introductions to denotational semantics and do-main theory. Stoy (Stoy, 1978) also makes a good introduction to the inverselimit construction, however he does not use the categorical formulation. Gunterand Scott (Gunter and Scott, 1990) summarize the main techniques for the se-mantic domain construction based on the universal domain method.

In some cases we will want to solve the domain equation (3.1) using theendofunctor Fν(D) = C + D × D + (S(D) → D), where S is a functor map-ping a domain D to a subset of its corresponding power set. Some kinds ofpowerdomains have already been studied, for instance, the Plotkin’s powerdo-main (Plotkin, 1976) and the Smyth’s powerdomain (Smyth, 1978), but none ofthem satisfies our requirements. The concrete definition of the functor S will bemotivated step by step in subsections from 3.2.2 to 3.2.6.

3.2.1 The Standard Technique

In this subsection we present some well-known definitions of category conceptsand we summarize the Smyth and Plotkin results of (Smyth and Plotkin, 1982).They have been included just to make the chapter self-contained.

Definition 3.1 A partial ordered set (poset) (D,⊑D

) is said to be a completepartial order, cpo for short, if

(i) D has a minimum (or bottom) element, noted by ⊥D, and

(ii) every increasing sequence {xi}i∈IN has a least upper bound (lub) in D,noted by

⊔

i∈INxi.

If it exists, the greatest lower bound (glb) of a decreasing sequence is noted by⊓i∈INxi.Given two cpos (D,⊑

D) and (E,⊑

E), a map f : D → E is said to be con-

tinuous if for every increasing sequence {xi}i∈IN of elements of D we have


⊔

i∈INf(xi) = f(

⊔

i∈INxi).

1

Definition 3.2 Let CPO be the category of cpos and continuous functionsbetween cpos, and let D, E, D′, E′ be objects and f : D → D′, g : E → E′ bearrows of such category, the functors + , × : CPO × CPO → CPO and→ : CPOop ×CPO→ CPO are defined as follows.

(i) coalesced sum

D + Edef= {〈d,⊥

E〉 | d ∈ D} ∪ {〈⊥

D, e〉 | e ∈ E}

where 〈d, e〉 ⊑D+E〈d′, e′〉 iff d ⊑

Dd′ and e ⊑

Ee′ for objects, and

f + g(〈x, y〉)def= 〈f(x), g(y)〉 for arrows

We also define in1(d) = 〈d,⊥D〉, is1(x) = true iff x = 〈d,⊥D〉, out1(〈d,⊥D〉 =d, and similarly in2, is2 and out2.We have ⊥D+E = 〈⊥

D,⊥

E〉 and

⊔

i∈IN〈ai, bi〉 = 〈

⊔

i∈INai,

⊔

i∈INbi〉

(ii) smash product

D × Edef= {〈d, e〉 | d ∈ D ∧ e ∈ E ∧ d = ⊥D ⇔ e = ⊥E}

〈d, e〉 ⊑D×E

〈d′, e′〉 iff d ⊑D

d′ and e ⊑E

e′

f × g(〈x, y〉)def= 〈f(x), g(y)〉

⊥D+E = 〈⊥D

,⊥E〉 and

⊔

i∈IN〈ai, bi〉 = 〈

⊔

i∈INai,

⊔

i∈INbi〉

(iii) continuous function space

D → Edef= {f : D → E | f is continuous}

f ⊑[D→E]

g if for any x ∈ D we have f(x) ⊑E

g(x)

[f → g](h)def= g◦h◦f

⊥[D→E]

= λx .⊥E

and⊔

i∈INfi = λx .

⊔

i∈INfi(x).

The same functors can be defined in the category Dom of domains (see defini-tion 3.16) and continuous functions between domains.

Definition 3.3 A fixed point of a recursive domain equation X =∼ F (X) in acategory K, where F : K → K is an endofunctor, is as a pair (D, θ) where D isan object of K and θ : F (D)→ D is an isomorphism of K.It is an initial fixed point if for any other fixed point (D′, θ′) there is a uniquearrow f : D → D′ such that θ′◦F (f) = f◦θ.

The initiality of such solutions is important in order to ensure the validity ofstructural induction principles.

To understand the Smith and Plotkin (Smyth and Plotkin, 1982) category-theoretic formulation, for the solution of such kind of equations, it is useful tohave in mind the well-known theorem that ensures that any continuous functionf in a cpo has a least fixed point, and this one is

⊔

n∈INfn(⊥). Using this analogy,

cpos would be equivalent to ω-categories, where the elements of the cpo areequivalent to the objects of the category and the a ⊑ b pairs are equivalentto the a → b arrows, a function would be equivalent to a functor, the bottomelement of the cpo to the initial object of the category, an increasing sequenceof elements to an ω-chain, the least upper bound of an increasing sequence to

1Note that f continuous implies f monotonic and, therefore, {f(Xi)}i∈IN is an increasingsequence.


the colimit of the corresponding ω-chain, and a continuous function to a ω-continuous functor. The formal definitions of the categoric concepts we haveintroduced are as follows.

Definition 3.4 Let K be a category, then

(i) ⊥K is an initial object of K if for any object A there exists a uniquearrow f : ⊥K → A,

(ii) ∆ = 〈An, fn〉n∈IN is a ω-chain if fn : An → An+1 for every n ∈ IN,

(iii) if F : K → K is an endofunctor, F (∆) is the ω-chain defined by the arrowsF (fn) : F (An)→ F (An+1),

(iv) µ : ∆ → A is a cone if there exists a sequence {ρn}n∈IN of arrows ρn :An → A such that ρn = ρn+1◦fn for any n ∈ IN,

(v) µ : ∆→ A is a colimiting cone if A is initial, that is, for any other coneµ′ : ∆ → A′ there exists a unique arrow θ : A → A′ such that ρ′n = θ◦ρn

for any n ∈ IN; here θ is named the mediating morphism,

(vi) terminal object, ωop-chain, cocone and limit are respectively, thedual2 definitions of initial object, ω-chain, cone and colimit.

(vii) K is a ω-category if it has an initial object ⊥K and any ω-chain hascolimit,

(viii) a functor F : K → K ′ is ω-continuous if whenever µ : ∆ → A is acolimiting cone, F (µ) : F (∆)→ F (A) is also a colimiting cone.

Notice that colimits of ω-chains are unique up to isomorphisms, that is, if Aand A′ are both colimits of the same ω-chain, then the (unique) arrow from A′

to A is an isomorphism.The following lemma is an adaptation of Smyth and Plotkin basic lemma 2.

Lemma 3.5 (Smyth and Plotkin, 1982; lemma 2). Let K be a ω-category andlet F : K → K be a ω-continuous functor, then there exists an initial fixed pointof X =∼ F (X). The initial fixed point is (A, θ), where A is the colimit of theω-chain defined by

⊥K

f−−−−→ F (⊥K)

F (f)−−−−→ · · ·Fn(⊥K)

F n(f)−−−−→ Fn+1(⊥K) · · ·

where ⊥K is an initial object of the category and f is the unique arrow from thisobject ⊥K to F (⊥K); and θ : F (A)→ A is the mediating morphism from F (A)to the colimit A.

Proof: Notice that ∆ and F (∆) are the same ω-chain shifted one position tothe right, therefore they have the same colimit up to isomorphism. Initiality isproved taking into account that we have built the ω-chain starting from an initialobject ⊥K . The complete proof can be found in (Smyth and Plotkin, 1982).

Unfortunately, the categories Dom and CPO, usually used to build suchchains, are not ω-categories. Intuitively, using the analogy with cpos, the prob-lem is that ω-chains are equivalent to sequences, and not every sequence has a

2Where all arrows have been oriented in the opposite direction.


lub. We have to restrict ω-chains to be increasing. The solution is to restrict thearrows we use to build a chain. It can be done defining a subcategory DomE

of Dom or CPOE of CPO. This is the main contribution of the Smyth andPlotkin’s paper (Smyth and Plotkin, 1982).

First, to define KE , the category K has to be an O-category. O-categories areenriched categories where a partial order between arrows with the same domainand codomain is defined.

Definition 3.6 A category K is said to be a O-category (Wand, 1979) if

(i) for any pair of objects A and B we can define a cpo structure in the set ofarrows K(A,B) from A to B, and

(ii) composition is monotonic w.r.t. this order between arrows, that is f ⊑f ′ ∧ g ⊑ g′ ⇒ f◦g ⊑ f ′

◦g′ and⊔

n∈IN(fn◦gn) = (

⊔

n∈INfn)◦(

⊔

n∈INgn).

If K is an O-category then we can consider a special kind of arrows namedembeddings and projections.

Definition 3.7 Let K be an O-category, then the K-arrow f : A → B is saidto be an embedding and fR : B → A to be a projection if

(i) fR◦f = idA, and

(ii) f◦fR ⊑ idB .

Given an embedding (or a projection) the corresponding projection (or em-bedding) is uniquely determined. We will note f : D<E when f is an embedding,f : D ⊲ E when it is a projection, and f : D ∼= E when it is an isomorphism.

The category KE has as objects the objects of K and as arrows those arrowsof K that are embeddings. It is easy to prove that if K is an O-category thenKE is a subcategory of K. Smith and Plotkin prove also the following result.

Theorem 3.8 (Smyth and Plotkin, 1982; theorems 1 and 2) Let K be an O-category, then

(i) if ⊥ is a terminal object in K, then it is also an initial object in KE ,

(ii) if every ωop-chain in K has limit, then every ω-chain in KE has colimit.

This lemma will be used to prove that DomE is a ω-category. The coinci-dence between limit and colimits stated by the previous theorem was alreadydiscovered by Scott (Scott, 1972).

Secondly, we have to translate any functor F : K → K into a functor FE :KE → KE , and study which conditions F has to satisfy in order to be FE ω-continuous. This translation is made in such way that contravariant, covariant,and mixed functors are all them translated into covariant functors.

Definition 3.9 Let F : K1 × K2 → K be a functor contravariant in its firstargument and covariant in the second, then we define FE : KE

1 ×KE2 → KE by

(i) FE(A,B) = F (A,B) for objects,

(ii) FE(f, g) = F (fR, g) for arrows.


This definition can be made completely general to functors with several co-variant or contravariant arguments.

Definition 3.10 Let F : K1 ×K2 → K be a functor contravariant in its firstargument and covariant in the second, then it is said to be locally continuousif for any increasing sequence {fn}n∈IN in Kop

1 and any increasing sequence{gn}n∈IN in K2 we have F (

⊔

n∈INfn,

⊔

n∈INgn) =

⊔

n∈INF (fn, gn).

Smith and Plotkin prove also the following result.

Theorem 3.11 (Smyth and Plotkin, 1982; theorem 3) Let K be an O-categorywhere any ωop-chain has a limit, and F : K × . . . ×K be a locally continuousfunctor, then FE is a ω-continuous functor.

Theorems 3.8 and 3.11 prove the premises of theorem 3.5, and this one provesthe existence of an initial fixed point of a recursive domain equation X =∼ F (X)in a given category K.

It is well-known (Smyth and Plotkin, 1982; Plotkin, 1983) that the categoriesCPO and Dom have terminal object (the domain with a unique point ⊥), andany ωop-chain has a limit. As far the category CPO has not categorical sums,we have to take CPO⊥, i.e. the category of cpos and continuous strict functionsbetween cpos (a function is strict if f(⊥) = ⊥). It makes no difference becauseembeddings and projections are strict functions, therefore CPOE = CPOE

⊥.Then it has been proved that the coalesced sum + (the disjoint union of twocpos where the bottom elements are identified), the smash product × (thecartesian product where pairs 〈a,⊥〉 and 〈⊥, a〉 with a 6= ⊥ are not considered),and the strict continuous function space [ → ] defined in 3.2 are all them locallycontinuous functors.

Therefore, the only point that remains to be proved —and this is our originalcontribution in this section— is the local continuity of any functor used in thedefinition of Fν apart from these three ones.

3.2.2 The Functor I

As we have said, in some cases we would need to solve the domain equation (3.1)using an endofunctor Fν(D) = . . .+S(D)→ D+ . . . where functions from typesto values are also considered. In such definition, if D is the domain of values,S(D) will be the domain of types of values. Given a domain of values thereis not a unique way of building its corresponding domain of types. One of theproposed constructions are order ideals (see (MacQueen et al., 1986)) defined asfollows.

Definition 3.12 Given a cpo (D,⊑D

), a subset I ⊆ D is said to be an orderideal, noted I ∈ I(D), if

(i) I 6= ∅ and

(ii) whenever y ⊑D

x and x ∈ I we have y ∈ I.

An order ideal I ⊆ D is said to be a closed ideal, noted I ∈ J (D), if in addition


(iii) for every increasing sequence {xi}i∈IN in I we have⊔

i∈INxi ∈ I.

It makes sense to use (not necessarily closed) order ideals and defining a Ifunctor as follows.

Definition 3.13 The functor I : CPO→ CPO is defined by

I(D) = {I ⊆ D | I is an order ideal}

with the order relation given by I ⊑I(D)

I ′ iff I ⊆ I ′, for any object D (cpo),and

I(f) = λI . {y ∈ E | ∃x ∈ I . y ⊑E

f(x)}

for any arrow f : D → E (continuous function between cpos).

Proof: We have to prove that I is really a functor.If D is a cpo, it is easy to prove that the set of order ideals of D with the set

inclusion order relation is a cpo with bottom element ⊥I(D) = {⊥D} and leastupper bound

⊔

n∈INIn =

⋃

n∈INIn.

We have to prove that if f : D → E is a continuous function between cpos,then I(f) : I(D)→ I(E) is also a continuous function between cpos. Trivially,for any set I, the set {y ∈ E | ∃x ∈ I . y ⊑

Ef(x)} is an order ideal of E. Let’s

prove now that I(f) is continuous.

I(f)(⊔

n∈INIn) = {y ∈ E | ∃x ∈

⋃

n∈INIn . y ⊑

Ef(x)}

=⋃

n∈IN{y ∈ E | ∃x ∈ In . y ⊑

Ef(x)}

=⋃

n∈INI(f)(In)

Finally, we have to prove the compositional properties:

I(idD)(I) = {y ∈ D | ∃x ∈ I . y ⊑E

x} = I

and

I(g)◦I(f) (I) = {z ∈ F | ∃y ∈ {y ∈ E | ∃x ∈ I . y ⊑E

f(x)} . z ⊑F

g(y)}= {z ∈ F | ∃x ∈ I .∃y ∈ E . y ⊑

Ef(x) ∧ z ⊑

Fg(y)}

we have f(x) ∈ E for any x ∈ I ⊆ D, thus we can take ydef= f(x) and then

. . . = {z ∈ F | ∃x ∈ I . z ⊑F

g(f(x))}= I(g◦f)(I)

We could define the cpo I(D) using the opposite order relation, that is,I ⊑

I(D)I ′ iff I ′ ⊆ I. In this case the bottom element would be D, and the lub of

an increasing sequence {In}n∈IN would be⋃

n∈INIn. We discuss this possibilityin subsection 3.2.5.

Lemma 3.14 The functor I is locally monotonic, but it is not locally continu-ous.


Proof: It is easy to prove that it is monotonic and therefore

⊔

n∈INI(fn) ⊑ I(

⊔

n∈INfn)

However the inclusion in the opposite direction does not hold. We have

I(⊔

n∈INfn)(I) = {y ∈ E | ∃x ∈ I . y ⊑

E

⊔

n∈INfn(x)}

⊔

n∈INI(fn)(I) =

⋃

n∈IN{y ∈ E | ∃x ∈ I . y ⊑

Efn(x)}

For any x ∈ I we can define the sequence {fn}n∈IN such that {fn(x)}n∈IN

is an increasing sequence with⊔

n∈INfn(x) 6= fm(x) for any m ∈ IN. Then,

⊔

n∈INfn(x) ∈ I(

⊔

n∈INfn)(I) but

⊔

n∈INfn(x) 6∈

⋃

n∈INI(fn)(I).

As we have said, to prove the existence of a solution of a recursive equationX =∼ F (X), based on an initial fix point theorem, it is essential the local continu-ity of the functor F (see theorem 3.11). The non-continuity of I impossibilitiessuch prove.

The problem is due to the non-closure of⋃

n∈INI(fn)(I). (The lub

⊔

n∈INfn(x)

belongs to I(⊔

n∈INfn)(I) but not to

⋃

n∈INI(fn)(I)). The solution to such prob-

lem comes from using closed order ideals. In subsection 3.2.4 we define the func-tor J mapping domains to the corresponding set of closed order ideals. Thisfunctor maps continuous functions between domains f : D → E to a functionJ (f) : J (D)→ J (E). The function J (f) has to map any closed ideal I ∈ J (D)to the minimum closed ideal containing J (f)(I). It requires to close J (f)(I)by smaller elements and by lub of increasing sequences. The first closure was al-ready studied for I. The second one requires the definition of a closure operatorfor lub of increasing sequences, that will be discussed in next subsection.

3.2.3 The Category of Domains

Solutions to isomorphism equations like (3.1) are usually found using cpos. How-ever, it is rather difficult to face the solution of this equation using only theproperties of cpos. For instance, the definition 3.20 of the functor J , the proofof its continuity (theorem 3.29), and the definition 3.46 of the encoding functionCode→ rely on having a constructive way to calculate the least upper bound(lub) of increasing sequences of ideals, and the minimum closed ideal that con-tains a given set. There is no a constructive way to find these ideals workingwith the set of closed ideals J (U) of a cpo U , even knowing that J (U) is acomplete lattice and, therefore, such ideals exist. As has been shown in (Mac-Queen et al., 1986) when ideals are involved the suitable structure to work withis the category Dom of domains and continuous functions between domains.

If we close a set A adding all the lub of increasing sequences of elements fromA, we obtain a set A with new elements which makes possible to define new

increasing sequences and makes necessary to close the set again A. The natural

property of cpo ensuring that A = A is the ω-algebraic property. However, thefunction space construction does not preserve ω-algebraic property (see (Plotkin,1983) for a counter-example). Fortunately, this problem can be avoided if we


require cpos to be also consistently complete. Consistently complete ω-algebraiccpos are usually named domains.

In this subsection we introduce the standard definitions of ω-algebraic andconsistent completeness, that is, of domains. Here domain has a precise meaning:is a cpo with some additional properties. Basically, it is a cpo with a denumerablebasis of elements, such that any other element is the lub of an increasing sequenceof elements from the base.

Definition 3.15 Let D be a cpo.

(i) We say that x ∈ D is ω-finite if for any increasing sequence {ai}i∈IN withx ⊑

⊔

i∈INai there exists k ∈ N such that x ⊑ ak.

(ii) A countable subset B of D is a ω-basis of D if for any x ∈ D the set

B(x)def= {y ∈ B | y is ω-finite ∧ y ⊑

Dx} is directed and ⊔B(x) = x.

Definition 3.16 Let D be a cpo.

(i) We say that D is consistently complete if every upper bound set X ⊆ Dhas least upper bound.

(ii) We say that D is ω-algebraic if D has a ω-basis of finite elements.

(iii) And, we say that D is a domain if D is consistently complete and D isω-algebraic.

From now on, Dom will be the category of domains and continuous functionsbetween domains.

The following lemma gives an alternative definition of ω-algebraic and justi-fies the intuition we have given: ω-algebraic elements of a domain are a countablebasis that generates all the domain elements using only the least upper boundoperator ⊔.

Lemma 3.17 Let D be a ω-algebraic cpo. For every x ∈ D there exists anincreasing sequence {xi}i∈IN of ω-finite elements of D with

⊔

i∈INxi = x.

Proof: The set of ω-finite elements less than x is countable and directed. Let{a1, . . . , an, . . .} be this set. Because it is directed, we can construct the increas-ing chain a1 ⊑ c1,2 ⊑ . . . ⊑ c1,2,...,n ⊑ . . . where c1,2,...,n is an upper boundof {c1,...,n−1, an} belonging to the set of ω-finite elements less than x, that is,belonging to {a1, . . . , an, . . .}. Thus, it’s easy to see that

⊔

i∈INc1,...,i = x.

3.2.4 The Functor J

In this section we define the functor J in the category Dom of domains andcontinuous functions between domains.

The set of closed ideals of a cpo, like the set of order ideals, with the orderrelation defined by the inclusion relation form a cpo. However, the calcula-tion of the lub of an increasing sequence of ideals is not straightforward (seelemma 3.25). The set of closed ideals of a domain, with the same order relation,form a domain (see lemma 3.26). In this case, the lub of increasing sequences


is easily calculable (see lemma 3.19) thanks to the existence of a closure opera-tor. As we have said, the definition of the J functor also relies on such closureoperator. This operator is defined as follows.

Definition 3.18 Let D be a domain, and let X ⊆ D be a subset. We define

I[X]def= {x ∈ D | ∃y ∈ X .x ⊑ y}

Xo def= {x ∈ X | x is ω-finite}

Xdef= {

⊔

i∈INai | {ai}i∈IN is an increasing sequence in X}

We can prove the following properties of these operators.

Lemma 3.19 Let D be a domain, and X ⊆ D a subset, then

(i) the set I[X] is an order ideal,

(ii) if X is finite then I[X] is also a closed order ideal,

(iii) the map C : I(D)→ J (D) defined by C(X) = X is a closure operator.

(iv) for any I ∈ J (D) we have Io = I.

(v) for any increasing sequence {Ii}i∈IN in J (D) we have

⊔

i∈INIi =

⋃

i∈INIoi

Many other properties, as ∀I1, I2 ∈ J (D) . I1 = I2 ⇔ Io1 = Io

2 or (⊔

i∈INI)o =

⋃

i∈INIo, of closed ideals of a domain are not mentioned. Some of them are used

in the proof of the following lemmas and theorems, and may be easily proved.We define the functor J as follows.

Definition 3.20 The functor J is defined in the category of domains and con-tinuous function between domains by:

J (D) = {I ⊆ D | I is a closed ideal}

for objects, and by

J (f) = λI . {y ∈ E | ∃x ∈ I . y ⊑E

f(x)}

for arrows (continuous function f : D → E between domains).

Notice that J (f)(I) is the minimum closed order ideal containing f(I).In the following we will prove that J is really a functor in the category of

domains.In order to prove that the set of closed order ideals of a domain is a domain,

we characterize the set of w-finite elements of J (D), that is, the set J (D)o. Weneed to introduce the following definition.

Definition 3.21 A set X is said to be maximal complete if for every elementx ∈ X, there exists a maximal element m ∈ X such that x ⊑ m. Here, m ∈ Xbeing maximal means that ∀y ∈ X .m 6⊑ y.


The following lemma relates the set of maximal elements of an ideal and theideals generated by a finite set of elements.

Lemma 3.22 Any ideal IM generated by a finite set M is maximal completeand the set of maximal elements of IM is a subset of M .Any maximal complete ideal I is generated by the set M of its maximal elementsI = IM .

These properties allow us to characterize the ω-finite ideals of J (D).

Lemma 3.23 If D is a ω-algebraic cpo, then a closed ideal I ∈ J (D) is ω-finite(I ∈ J (D)

o) if, and only if, it is maximal complete and the set of maximal

elements is finite and contains only ω-finite elements of D.

Proof:

⇐) We have to prove that if I ⊆⊔

i∈INAi then there exists a k such that I ⊆

Ak. Let {a1, . . . , an} be the finite set of maximal elements of I. We haveI ⊆

⊔

i∈INAi =

⋃

i∈INAo

i , therefore, for any maximal elements ar we can say

ar ∈⋃

i∈INAo

i . But, as far as ar is an ω-finite element there exists kr ∈ IN suchthat ar ∈ Ao

kr. There are a finite number of maximal elements, thus there exists

k = max{k1, . . . , kn} such that ar ∈ Ak for all r = 1, . . . , n. Using lemma 3.22it is easy to see that I ⊆ Ak.

⇒) As far as D is ω-algebraic, Io must be countable. Let Io = {ai | i ∈ N} be anenumeration of Io, and J[{a0}] ⊑ J[{a0,a1}] ⊑ . . . ⊑ J[{a0,...,an}] ⊑ . . . ⊑ I be theincreasing sequence of ideals generated by {a0}, {a0, a1},. . . , {a0, . . . , an},. . . Aneasy computation shows that I = Io =

⋃

i∈IN{a0, . . . , ai} =

⋃

i∈INJ o

[{a0,...,ai}]=

⊔

i∈INJ[{a0,...,ai}]. Now, if I is ω-algebraic then there exists k ∈ IN such that

I = J[{a0,...,ak}]. Lemma 3.22 ensures that J[{a0,...,ak}] is maximal complete,and the set of maximal elements is a subset of {a0, . . . , ak} (there are finitemany of them, and they are ω-finite).

Lemma 3.24 If D is ω-algebraic, J (D) is also ω-algebraic.

Proof: First, there are countably many ω-finite ideals because they are charac-terized by a finite number of ω-finite elements from D, and the ω-finite elementsof D are denumerable.

Second, the set of ω-finite ideals less than a given closed ideal I ∈ J (D) isdirected. The proof is an easy consequence of the equality

J[{a1,...,an}] ∪ J[{b1,...,bm}] = J[{a1,...,an,b1,...,bm}]

Third, the lub of such set is I. If D is ω-algebraic then

I = Io =⋃

i∈IN{a0, . . . , ai} =

⋃

i∈INJ o

[{a0,...,ai}]=

⊔

i∈INJ[{a0,...,ai}]

where Io = {ai}i∈IN. The ideals J[{a0,...,ai}] are ω-algebraic, which proves thatI is less than the lub of ω-algebraic ideals less that I.


To prove that the set J (D) is consistently complete we use the followinglemma.

Lemma 3.25 Let (J (D),⊑J (D)

) be the cpo of closed ideals of D. If X,Y ∈J (D) then X ∪Y , X ∩Y , X⊗Y ∈ J (D). Moreover (J (D),

⋃

,∨

) is a completelattice where the meet operator is the usual intersection and the joint operator

is defined by⊔

i∈RXi

def=

⋃

{I ∈ J (D) | ∀i ∈ R .Xi ⊆ I}.Consequently, any bound subset of J (D) has a least upper bound (given by thejoint operator).

Notice that in general, the infinite union of closed ideals is not a closedideal. This fact makes necessary the definition of the previous non-calculablejoint operator. However, if D is ω-algebraic then

⊔

i∈RXi =

⋃

i∈RXo

i which iscomputable.

Lemmas 3.24 and 3.25 may be summarized in the following lemma.

Lemma 3.26 If D is a domain, then J (D) is also a domain.

It can be proved easily that J (f) maps closed ideals over a domain to closedideals.

The following lemma gives an alternative definition for J (f). This lemma isused widely to prove the following theorems.

Lemma 3.27

J (f)(A) = {y ∈ E | ∃x ∈ A . y ⊑ f(x)} = {y ∈ Eo | ∃x ∈ Ao . y ⊑ f(x)}

Proof: Using I = Io, that we have proved in 3.19, we have

{y ∈ E | ∃x ∈ A . y ⊑ f(x)} = {y ∈ Eo | ∃x ∈ A . y ⊑ f(x)}

Now, if x is not ω-finite, there exists an increasing sequence {xi}i∈IN ofω-finite elements with x =

⊔

i∈INxi. Using the continuity of f , y ⊑ f(x) =

f(⊔

i∈INxi) =

⊔

i∈INf(xi), and using the ω-finiteness of y, there exists n ∈ N such

that y ⊑ f(xn), with xn ∈ Ao, because xn ⊑ x and A is an ideal set. Therefore,we can say that if there exists x ∈ A with y ⊑ f(x), then there exists x′ ∈ Ao

with y ⊑ f(x′) ⊑ f(x), which ensures:

{y ∈ Eo | ∃x ∈ A . y ⊑ f(x)} = {y ∈ Eo | ∃x ∈ Ao . y ⊑ f(x)}

Theorem 3.28 The mapping J is a functor in the category of domains.

Proof: We know that J maps domains to domains (lemma 3.26). It is easy toprove that if f : D → E is a function between domains then J (f) maps closedideals of D to closed ideals of E.


We have to prove now that if f : D → E is continuous then so it is J (f) :J (D)→ J (E).

J (f)(⊔

n∈INIn) = {y ∈ Eo | ∃x ∈ [

⊔

n∈INIn]o . y ⊑ f(x)}

= {y ∈ Eo | ∃x ∈⋃

n∈INIon . y ⊑ f(x)}

=⋃

n∈IN{y ∈ Eo | ∃x ∈ Io

n . y ⊑ f(x)}

=⋃

n∈INJ (f)(In) =

⊔

n∈INJ (f)(In)

Let’s proof now the compositional equalities.

J (IdD)(I) = {x ∈ D | ∃y ∈ I . x ⊑ y} = I

[J (g) ◦ J (f)](A) = {z ∈ F o | ∃y ∈ J (f)(A)o. z ⊑ g(y)}

= {z ∈ F o | ∃y ∈ {y′ ∈ Eo| ∃x ∈ Ao . y′ ⊑ f(x)} . z ⊑ g(y)}

= {z ∈ F o | ∃y ∈ Eo .∃x ∈ Ao . y ⊑ f(x) and . z ⊑ g(y)}= . . .

But, because z ⊑ g(y) and y ⊑ f(x), by the monotonicity of g we can ensurethat z ⊑ g(f(x)). Then

. . . ⊆ {z ∈ F o | ∃x ∈ Ao . z ⊑ g(f(x))} = J (g ◦ f)(A)

In the other direction, from z ⊑ g(f(x)) we have to find an ω-finite elementy such that z ⊑ g(y) and y ⊑ f(x). We already know that x and z are ω-finite.

If f(x) is ω-finite we can take ydef= f(x). If this is not the case, then there exists

an increasing sequence {ti}i∈IN of ω-finite elements such that f(x) =⊔

i∈INti.

Using the continuity of g we can say z ⊑ g(f(x)) ⊑ g(⊔

i∈INti) =

⊔

i∈INg(ti). And

using the ω-finiteness of z, there exists n ∈ N such that z ⊑ g(tn). We can take

then ydef= tn, which ensures y ⊑ f(x) and the ω-finite of y, therefore we can say

. . . ⊇ {z ∈ F o | ∃x ∈ Ao . z ⊑ g(f(x))} = J (g ◦ f)(A)

Theorem 3.29 The functor J is locally continuous.

Proof: For any increasing sequence {fi}i∈IN and any ideal I ∈ J (D) we haveto prove that J (

⊔

i∈INfi)(I) =

⊔

i∈INJ (fi)(I).

Using lemma 3.27 we have

J (⊔

i∈INfi)(I) = {y ∈ Eo | ∃x ∈ Io . y ⊑

⊔

i∈INfi(x)} = . . .

Using now that y is ω-finite, we can say that there exists n ∈ IN such thaty ⊑ fn(x). Then

{y ∈ Eo | ∃x ∈ Io .∃n ∈ N . y ⊑ fn(x)} =⋃

i∈INJ (fi)(I)

o=

⊔

i∈INJ (fi)(I)

Using domains and closed ideals we have got a locally continuous functorwhich makes possible the solution of (3.1).


Example. Alternatively, we could define the functor J for each arrow f : D → Eas follows

J (f) = λI : J (D) . {y | ∃x ∈ I . y ⊑E

f(x)}

Such definition does not make use of the closure operator. However, as we showin figure 3.1, such definition is not correct because in general the set {y | ∃x ∈I . y ⊑

Ef(x)} is non-closed. Notice that the set {⊥D, a0, a1, . . . , an, . . .} is a

closed ideal, whereas its image {⊥E, b0, b1, . . . , bn, . . .} is an open ideal. We haveto take its closure {⊥E, b0, b1, . . . , bn, . . . ,

⊔

i∈INbi} as image to obtain a closed

ideal.

f : D → E

an a1 a0

⊥D ⊥E

b0

b1

bn

⊔

i∈INbi

··· ···

...

...

��*

��:

-

-@@I 6�� 6

6

where ∀n ∈ IN . f(an) = bn

and ∀n ∈ IN .⊔

i∈INbi 6= bn

Figure 3.1: A counter-example to an alternative definition of the functor J .

3.2.5 The Contravariant Functor J C

The properties proved for the functor J allow to find an initial fix point of ourrecursive domain equation. However, the solution is not completely satisfactory.Since Scott (Scott, 1972) proposed the use of lattices to find solutions to suchkind of equations, the order relation ⊑ had an intended semantics in terms ofinformation containment. The inequality a ⊑ b is interpreted as b has more(computational) information than a or a is a computational approximation ofb. In the same way, if there exists an embedding f : D → E between twocpos, then it is said that elements of D are approximations of those elementsof E. Thus, the embedding f maps elements of D to elements of E with thesame information, and the corresponding projection fR maps elements of E totheir best approximation in D. The equality fR

◦f(x) = x is interpreted as “thebest approximation to any element containing the same information than x isx itself”; and f◦fR(x) ⊑ x is interpreted as “an element, containing the sameinformation than the best approximation of x, contains less information thanx”.

We interpret terms as sets of values (as closed order ideals), therefore, themost sensible thing would be to consider a smaller set as containing more infor-mation than a bigger set. (The term 1 ∪ 2 contains less information than theterm 1). The bottom element, the term not containing any information at all,is the term interpreted as the hole domain of values.


If we choose this interpretation, then the computational order between idealswe have proposed is not the correct one. We would have to define

I1 ⊑J (D)I2 ⇔ I2 ⊆ I1

Fortunately, the set of closed ideals with the relation ⊆ have a completelattice structure. Thus, if we take the inverse order we also obtain a cpo with

⊥J (D) = D⊔

n∈INIn =

⋃

n∈INIn

The infinite intersection of closed ideals is also a closed ideal, so by themoment, we do not need the ω-algebraic property.

Even if f is a continuous function J (f), as was defined in the previoussubsection, is not necessarily a continuous function w.r.t. the new order re-lation, and J is no longer a functor. Fortunately, it is possible to define anω-continuous functor J in CPOE . The idea is to define a contravariant func-tor J C : CPOop → CPO such that (J C)E : CPOE → CPOE would beω-continuous.

The functor J C may be introduced in a very natural fashion. We know thatany embedding of CPOE has a corresponding projection. The projection fittingthe embedding J (f) is given by:

J (f)R = J (fR)

= λI : J (E) . {x ∈ D | ∃y ∈ I . x ⊑D

fR(y)}

= λI : J (E) . {x ∈ D | ∃y ∈ I . f(x) ⊑E

y}

= λI : J (E) . {x ∈ D | f(x) ∈ I}= λI : J (E) . {x ∈ D | f(x) ∈ I}

where we use the implication {x ∈ D | f(x) ∈ I} is a closed ideal if f iscontinuous and I is a closed ideal, the equivalence x ⊑ fR(y) ⇔ f(x) ⊑ y, andthe property F (f)R = F (fR) for functors.

We have already said that with the order relation ⊇, the function J (f) is notcontinuous and J is not a functor. Conversely, with the opposite order relation⊆, the function J (f)R is not necessarily continuous. However, notice that if f

is an embedding, then J C(f)def= J (f)R is the projection corresponding to the

embedding J (f), and therefore it is continuous.The above equality suggests the definition of the following contravariant func-

tor.

Definition 3.30 The functor J C : CPOop → CPO is defined by

J C(D)def= {I | I is a closed ideal, w.r.t. the order relation defined by ⊑

JC (D)

def=⊇}

for any object D, and by

J C(f)def= λI : J (E) . {x ∈ D | f(x) ∈ I}

for any arrow f : D → E.


Theorem 3.31

(i) J C is a contravariant functor

(ii) J C is locally continuous.

Proof: It is a straightforward exercise.

We have J (D) 6= J C(D) for objects. Notice also that J E 6= (J C)E (!!)because although J (fR) = J C(f) by definition, we have J E(f) = J (f) ⊆J C(fR) = (J C)E(f) but in general J E(f) = J (f) 6⊃ J C(fR) = (J C)E(f).

We can concluded that a ω-continuous functor J E : CPOE → CPOE canbe defined without using the properties of domains, and considering the order

relation between closed ideals given by ⊑JC (D)

def=⊇.

3.2.6 The Functor S

In the previous subsection we have motivated the following definition of compu-tational ordering between types (sets of values): a type I2 is a better approxi-mation than other type I1, (written I1 ⊑ I2) if it contains less values (that is ifI2 ⊆ I1). However, there are two different orders involved which we have misled,the computational order ⊑ (used to define continuous functions, the only onesthat are computable), and the typing order ≺ (used to define the order ideals).Both orderings relate with the structure of the terms. For instance, the term(⊥,⊥) is a computational approximation of any other pair —(⊥,⊥) ⊑ (x, y)—,or the term (nat, nat) is the type of any pair of natural numbers —if 1 ≺ natand 2 ≺ nat then (1, 2) ≺ (nat, nat)—. It means that there is some kind ofrelationship between both orderings. However, if we do not want to distinguishbetween both orders,3 the most sensible thing would be defining

x ≺ y iff y ⊑ x

For instance, 1 has type nat, written 1 ≺ nat iff nat is an approximation to 1,written nat ⊑ 1. Then, ≺-order ideals, used to give semantics to types, become⊑-order filters. In other words, if a term t has type τ (that is, t ∈ τ where τ isa ≺-order ideal), then any term u more accurate than t has (at least) the sametype (also satisfies u ∈ τ). Therefore, τ is a ⊑-order filter, defined as follows.

Definition 3.32 Given a cpo (D,⊑D

), a subset S ⊆ D is said to be a filter if

(i) S 6= D and

(ii) whenever x ⊑D

y and x ∈ I we have y ∈ I.

A filter S ⊆ D is said to be a open filter if in addition

(iii) for every increasing sequence {xi}i∈IN if⊔

i∈INxi ∈ S, then there exists a

i ∈ IN such that xi ∈ S.

3Another possibility would be to define both order relations separately. However, —wethink– such option makes the theory unnecessarily complicate.


Notice that a set S ⊆ D is a (open) filter if, and only if, D \S is a (closed)ideal.

Given a pair of filters S, S′ ⊆ D, we define the computational order relationS ⊑

S(D)S′ by S ⊇ S′. Therefore,

S ⊑S(D)

S′ iff D \S ⊑J (D)

D \S′

The set of filters of a cpo is also a cpo where

⊥S(D) = D \ {⊥}⊔

i∈INSi =

⋃

i∈INSi

The set of open filters of a domain is also a domain where

⊥S(D) = D \ {⊥}⊔

i∈INSi =

⋃

i∈INSoi =

⋃

i∈IN(D \Si)o

This duality will allow to extend most of the properties of ideals to filters.In particular, it allows to define a filter functor in the category of domains.

Definition 3.33 The function S : Dom→ Dom is defined by

S(D)def= {S | S is a open filter, with the order ⊑

S(D)

def=⊇}

S(f)def= λS : S(D) . E \ J (f)(D \S)

for any object D and any arrow f : D → E is a functor in the category ofdomains and continuous functions between domains.

Proof: The prove for the correctness of this definition is based on the followingpoints.

(i) S is a ω-finite open filter iff D \S is a ω-finite closed ideal.Let’s prove the implication in one direction (in the opposite direction it is

completely equivalent). Let S be a ω-finite open filter, we define Idef= D \S.

For any increasing sequence I1 ⊑J (D)I2 ⊑J (D)

. . . Ii . . . we can construct anotherincreasing sequence D \ I1 ⊑S(D)

D \ I2 ⊑S(D). . . D \ Ii . . ., such that if I ⊑

J (D)⊔

i∈INIi, then S = D \ I ⊑

S(D)

⊔

i∈IND \ Ii. Notice that

⊔

i∈IND \ Ii = D \

⊔

i∈INIi,

where the left hand is a lub in S(D) and the right one a lub in J (D). As faras S is ω-finite, there exists a n ∈ IN such that S ⊑

S(D)D \ In, and therefore,

I ⊑J (D)

In. We can conclude that I is a ω-finite closed ideal.

(ii) (S(D),⊑S(D)

) is a domain.There are denumerable many ω-finite closed ideals of a domain, therefore,

there are also denumerable many ω-finite open filters.Now we have to prove that for any open filter S there exists an increasing

sequence S0 ⊑S(D)S1 ⊑S(D)

. . . Si . . . of ω-finite open filters such that S =⊔

i∈INSi. Using the equivalent result for closed ideals, we know that there exists

an increasing sequence I0 ⊑J (D)I1 ⊑J (D)

. . . Ii . . . of ω-finite closed ideals with

D \S =⊔

i∈INIi. The result can be extended to open filters if we take Si

def=

D \ Ii.


(iii) S(f) : S(D) → S(E) is a continuous function for any continuous functionf : D → E.

Notice that for any increasing sequence of filters S0 ⊑S(D)S1 ⊑S(D)

· · ·Si · · ·,we have

⊔S(D)

i∈INSi = D \

⊔J (D)

i∈IN(D \Si)

This equality and the continuity of J (f) allow to prove easily the continuityof S(f).

(iv) The compositional properties of S are easily derived from the compositionalproperties of J .

The local continuity of S also arises from the duality between J and S.

Theorem 3.34 The functor S : Dom→ Dom is locally continuous.

Proof: The proof is based on the equality

D \⊔J (D)

n∈INIn =

⊔S(D)

n∈IN(D \ In) (3.2)

which relates the least upper bound of both domains J (D) and S(D).

Another way to introduce this functor, independently from J , is defining:

S(f)R def= λS : S(E) . {x ∈ D | f(x) ∈ S}

for any arrow f : D → E. We know that each projection determines a uniqueembedding (and biceversa), which may be computed easily as

f(x) = ⊓{y ∈ E | fR(y) = x}

Let’s prove such result.

Lemma 3.35 Let D and E be cpos, and fR : E → D be a projection function.

(i) There exists a unique function f : D → E satisfying fR◦f = IdD and

f◦fR ⊑ IdE.

(ii) Moreover, such embedding is given by f(x) = ⊓{y ∈ E | fR(y) = x}.

Proof:

(i) Let f1 and f2 be two functions satisfying such equations. Then f2 = f2◦(fR◦f1) =

(f2◦fR)◦f1 ⊑ f1. Conversely f1 ⊑ f2.

(ii) Let f : D → E the projection corresponding to fR. First, fR◦f(x) = x there-

fore f(x) ∈ {y ∈ E | fR(y) = x}. Second, for any y ∈ E we have f◦fR(y) ⊑E

yand if y ∈ {y ∈ E | fR(y) = x} then f(x) = f(fR(y)) ⊑

Ey. Concluding, if f(x)

belongs to such set and it is smaller than any element of the set then it is thegreatest upper bound of the set.


Notice that previous lemma ensures that whenever fR is a projection, that is,when its corresponding embedding exists, then it is f(x) = ⊓{y ∈ E | fR(y) =x}. It does not mean that f(x) will be always an embedding for any continuousfunction fR, even when ⊓S exists for any set S.

We can use previous lemma to find a more practical definition of S(f).

Theorem 3.36 The S functor, defined in 3.33, satisfies

S(f) = λS : S(D) . {y ∈ Eo | ∀x ∈ D . y ⊑E

f(x)⇒ x ∈ S}S(f)R = λS : S(E) . {x ∈ D | f(x) ∈ S}

for any embedding f : D → E.

Proof: First, we prove that it satisfies the second equality.

S(f)R = S(fR) = λS : S(E) .D \J (fR)(E \S)= λS : S(E) .D \ {x ∈ D | f(x) ∈ E \S}= λS : S(E) . {x ∈ D | f(x) ∈ S}

Therefore, the function defined by such expression is a projection and we canapply lemma 3.35.

S(f) = λS : S(D) . ⊓ {Y ∈ S(E) | S(f)R(Y ) = X}= λS : S(D) .

⋃

{Y ∈ S(E) | ∀x ∈ D .x ∈ S ⇔ f(x) ∈ Y }

Such expression can be simplified. For that, we will compute the glb of suchset of filters.

First, we prove that Zdef= {y ∈ E | ∀x ∈ D . y ⊑

Ef(x) ⇒ x ∈ S} satisfies

∀x ∈ D .x ∈ S ⇔ f(x) ∈ Z. We have to prove

∀x ∈ D .x ∈ S ⇔ (∀x′ ∈ D . f(x) ⊑E

f(x′)⇒ x′ ∈ S)

There are to cases:

⇐ It is trivial if we take x′ def= x.

⇒ We have x ∈ S and f(x) ⊑E

f(x′). Now x = fR◦f(x) ⊑

DfR

◦f(x′) = x′,and therefore x′ ∈ S because S is a filter and x ∈ S.

Unfortunately, Z is a filter, but not an open filter. We have to take thenZo which is the bigger open filter contained in Z. However, Zo also satisfies∀x ∈ D .x ∈ S ⇔ f(x) ∈ Zo. If x ∈ D is ω-finite, it is trivial because Z and Zo

contains the same ω-finite elements and f(x) is also ω-finite. If x is not ω-finite,then x =

⊔

i∈INxi where xi are ω-finite. We can prove the result taking into

account that x ∈ S iff there exists an i ∈ IN such that xi ∈ S (because S is anopen filter) and f(

⊔

i∈INxi) =

⊔

i∈INf(xi) ∈ Zo iff there exists an i ∈ IN such that

f(xi) ∈ Zo (because Zo is also an open filter).Second, we prove that any open filter Y satisfying ∀x ∈ D .x ∈ S ⇔ f(x) ∈ Y

satisfies also Y ⊆ Z, and consequently Y ⊆ Zo. Let be y ∈ Y . Then, for anyx ∈ E if y ⊑

Ef(x) then f(x) ∈ Y (because Y is a filter) and x ∈ S (by definition

of Y ). Therefore y ∈ Z which proves the inclusion.


The domains J (D) and S(D) are in fact isomorphic. We can define anisomorphism CD : J (D)→ S(D) by CD(S) = D \S for any domain D. We haveC−1

D= CD, and the equation (3.2) proves the continuity of CD, therefore CD is an

embedding. The existence of such a isomorphism will be very helpful to provesome results in next section.

Example. Another possibility would be defining S(f)(S) for any arrow f :D → E and any open filter S ∈ S(D) as the minimum open filter contain-ing {f(x) | x ∈ S}. This set is not uniquely defined. If f(x) is not an ω-finitevalue of E then in order to be open, S(f)(S) has to contain an smaller ω-finitevalue, which is not determined. We can define then S(f)(S) as the minimumopen filter containing {f(x) | x ∈ S ∧ f(x) is ω-finite}, that is:

S ′(f) = λS : S(D) . {y ∈ Eo | ∃x ∈ S . f(x) ⊑E

y}

⊥D

x1

x2···

xi

···

6

��

��

��

��

⊥E

f(x1)

f(x2)···

f(xi)···

y

6

��

��

��

��

6

AA

AAK

ZZ

ZZ}

-

--

-

f :D→E

Figure 3.2: A counter-example for the alternative definition of S.

However, it does not works because S(f) is not a continuous function. LetD, E and f : D → E be the two domains and the morphism shown in figure 3.2.

If we take the increasing sequence of open filters Sidef= {xi, xi+1, . . .}, with the

previous S ′ definition we have S ′(f)(⊔

i∈INSi) = ∅ whereas

⊔

i∈INS ′(f)(Si) = {y}.

Using the correct definition we obtain S(f)(⊔

i∈INSi) =

⊔

i∈INS(f)(Si) = {y}.

3.2.7 Well-Founded Domains

In the previous section we have taken open filters over a domain as the semanticdomain. These open filters are 1) closed for bigger elements (w.r.t. the computa-tional order relation ⊑) and 2) open for increasing sequences (if

⊔

i∈INxi belongs

to the set then there exists an n ∈ IN such that xn also belongs to the set). Inthe introduction we have justified the use of closed ≺-order ideals as semanticdomain, i.e. sets which are 1) closed for smaller elements (w.r.t. the structuralorder relation ≺) and 2) closed for ≺-increasing sequences (if xi belongs to theset for any i ∈ IN then

⊔

i∈INxi also belongs to the set). We identify the struc-

tural order relation ≺ with the inverse of the computational order relation ⊑,therefore the first property of open ⊑-filters is equivalent to the first property


of closed ≺-ideals. However, the second properties of both definitions are notequivalent. The second condition of open ⊑-filters is necessary in order to ob-tain a domain; notice that the set of (not necessarily open) filters of a domain isnot, in general, a domain. Now, we introduce a new condition for domains thatwe will use to prove some of the following theorems, in particular lemma 3.46.This condition ensures that any element of an open filter has a minimal in thefilter (filters are minimal complete), however this condition is still not enoughfor ensuring that any decreasing sequence in a filter has its glb in the filter, i.e.the second property of closed ≺-order ideals.

Definition 3.37 A domain (D,⊑D

) is said to be well-founded if the relation⊑

Ddefines a well-founded order over the set of ω-finite elements of D; i.e. there

does not exist any infinite strictly decreasing sequence x1 ⊐ x2 ⊐ · · ·xn · · · ofω-finite elements.

Lemma 3.38 Every open filter over a well-founded domain is minimally com-plete.4 Moreover, any minimal element is ω-finite.

Proof: First, we proof for any element of the filter that either it is minimal orthere exists another strictly smaller ω-finite element in the filter. If an elementis not minimal then there exists another element strictly smaller than it in thefilter. Let x be such element. Using lemma 3.17 we can ensure that thereexists an increasing sequence {xi}i∈IN of ω-finite elements with x as least upperbound. Now, if the filter is open then at least one of the ω-finite elementsxn belongs to the filter, and xn ⊑ x. Second, if such strictly smaller ω-finiteelement is not minimal in the filter, then we can repeat the same reasoning.This process can not be repeated indefinitely, otherwise we would construct aninfinite strictly decreasing sequence of ω-finite elements. We conclude that anyelement of the filter has a minimal element below it. Finally, we prove thatany minimal element x of the filter is ω-finite. Otherwise, there would be anincreasing sequence {xi}i∈IN of ω-finite elements with

⊔

i∈INxi = x and xj 6= x

for any j ∈ IN (notice that xj is ω-finite and x is not). As far as the filter isopen, there exists an n ∈ IN such that xn belongs to the filter and x will be notminimal in the filter.

Notice that in the previous proof we need filters to be open. Otherwise, wewould need the finiteness of every strictly decreasing sequence, not only of everysequence of ω-finite elements.

From now on, we will work in the category of well-founded domains andcontinuous functions on them. This simplifies some proofs. For instance, toprove that a filter is included into another filter it is enough to prove that anyminimum ω-finite element of the first one belongs to the second one. However, wehave to prove that the functors used to construct the reflexive domain preservethe well-foundation property.

4See definition 3.21.


Lemma 3.39 The functors +, ×, → J and S map well-founded domains towell-founded domains.

Proof: For + and × the proof is rather simple. For the functors J and S it isbased on the well-foundation property of finite-multiset5 orderings. Let ≤D bean order relation on D. We define an order relation ≤P(D) on the finite subsetsof D by S1 ≤P(D) S2 if ∀x ∈ S1 .∃y ∈ S2 . x ≤D y. Then, as a consequence ofKonig’s lemma (Dershowitz and Manna, 1979) if ≤D is well-founded then so itis ≤P(D). Now, let I1 and I2 be two ω-finite ideals over a well-founded domain(D,⊑

D), and let M1 and M2 be their sets of maximal elements. As far as I1 and

I2 are ω-finite, M1 and M2 are finite and only contain ω-finite elements. It is notdifficult to prove that I1 ⊑J (D)

I2 iff M1 ⊑P(D)M2, being ⊑

P(D)the finite-set

ordering induced by ⊑D

. The well-foundation property for ⊑P(D)

proves thenthat J (D) is also a well-founded domain.

Any decreasing sequence S1 ⊒S(D) S2 ⊒S(D) · · ·Sn · · · in S(D) has associateda decreasing sequence D \S1 ⊒J (D) D \S2 ⊒S(D) · · ·D \Sn · · · in J (D). It allowsto conclude that if ⊑

J (D)is well-founded, then so it is ⊑

S(D).

Lemma 3.40 Every ordered6 set S of a maximal complete cpo has a greatestlower bound ⊓S.

Proof: We define the set Xdef= {x ∈ D | ∀y ∈ S . x ⊑

Dy}. This set is nonempty

(it contains ⊥D) and bounded (any element of S is an upper bound), therefore,if D is maximal complete then X has a least upper bound. Such least upperbound of X is a greater lower bound of S.

3.3 Type Domain Construction

We have motivated in the introduction the adequacy of using a semantic domain(type domain) consisting on the set of ≺-order ideals of another set of values(value domain). Considerations of subsection 3.2.6 about the computational (⊑)and the structural (≺) orderings suggest the use of ⊑-order filters instead oforder ideals, i.e. the identification of ≺ and ⊒. We define a value domain Uas the initial fixed point of a recursive domain equation Fν(D) ∼= D, wherethe endofunctor Fν may be defined by Fν(D) = C + D × D + [D → D]. Theexistence and uniqueness (up to isomorphism) of such domain U is proved usingstandard techniques described in subsection 3.2.1. The isomorphism mappingFν(U) to U will be noted by α : Fν(U)→ U . This is enough for giving semanticsto values. For types, we will use the semantic domain S(U). If we use valueconstructors (cartesian product and functional space) and lattice constructors(union, intersection, top and bottom) as type constructors, then it seem naturalto require S(U) to be also an Fν-algebra. That is, to prove the existence of an

5The following result was proved for finite multisets. However, for our purposes it is enoughto work with finite sets.

6A subset S of a cpo D is said to be ordered if for any pair of elements x, y ∈ S we haveeither x ⊑

Dy or y ⊑

Dx.

3.3. Type Domain Construction 45

embedding Fν(S(U))<S(U). Nevertheless, as we will see in this section, this isnot reasonable (even not possible) to use the same endofunctor F for types andfor values. Main reasons are:

1. The pairing constructor (for values) and the cartesian product (for types)are not equivalent. The product constructor only satisfies the inclusion S ⊆proj1(S)×proj2(S), but not the inclusion in the opposite direction, whichwould be needed to prove the universal property for such construction (seesubsection 3.3.1).

2. A value may be either a constant, a pair of values or a function, but nottwo of them simultaneously. This motivates the use of coalesced sum + inthe definition of Fν . However, a type may be composed by more than onetype of values, thus it has a component consisting on a set of constants,other consisting on a set of pairs of values and another of functions. Itmotivates the use of the × constructor, instead of +, in the definition ofFτ (see subsection 3.3.2).

The last reason motivates the following definition for the endofunctor Fτ .

Fτ (D)def= S(K)× [D ×D]× [D → D] (3.3)

In the following we prove that S(U) is a Fτ -algebra, i.e. the existence of anembedding

β : Fτ (S(U))<S(U)

The basic idea is defining an embedding CodeC : C(S(D))→ S(C(D)) for eachtype constructor C. It would allow to define an embedding CodeFτ

: Fτ (S(D))→S(F (D)), which composed with S(α) : S(F (D))→ S(D) results on the desiredembedding. As we will see such embedding is given by

β = S(α)◦Code+◦ (IdS(K) × Code× × Code→)

where α : F (U) → U is the mediating morphism of F (D) ∼= D, and Code×,Code+ and Code→ are defined in the following subsections.

This technique may be compared with Scott’s work (Scott, 1976; Gunterand Scott, 1990). Thus, S(U) may be considered as an universal domain, andCodeC functions would be the embeddings used to prove representativeness ofthe operator C.

3.3.1 The Embedding Code× : S(D)× S(E)<S(D × E)

We will use a pairing constructor × for types, together with its correspondingprojections proj1 and proj2. Such constructor is represented (in the sense ofScott) as a set of pairs of values. The codification embedding is the cartesianproduct defined as follows.


Definition-lemma 3.41 The function Code× : S(D) × S(E) → S(D × E)defined by

Code×〈S1, S2〉def= S1 × S2

for any S1 ∈ S(D), S2 ∈ S(E) is an embedding.

Its corresponding projection satisfies

CodeR×(S) = 〈S(proj1)(S),S(proj2)(S)〉

where S(proji)(S) = {proji(x) | x ∈ S}, for any S ∈ S(D × E).

Proof: It has to be proved that such equalities define an embedding betweendomains. Continuity of both functions is a straightforward exercise. Composi-tional properties are proved by

CodeR×◦Code×(〈S1, S2〉) = 〈{proj1(x) | x ∈ S1 × S2}, {proj2(x) | x ∈ S1 × S2}〉

= 〈S1, S2〉

Code×◦CodeR×(S) = {〈x, y〉 | ∃s ∈ S . x = proj1(s) ∧ ∃s

′ ∈ S . y = proj2(s′)}

⊇S

Notice that such embedding satisfies S(proji)◦Code×〈X1,X2〉 = Xi but onlythe inclusion Code×〈S(proj1)(S),S(proj2)(S)〉 ⊇ S holds in general. There-fore, Code× is not a proper pairing function because the universal property∀X . 〈proj1(X), proj2(X)〉 = X does not hold.

The codification function Code× and the embedding β : Fτ (S(U))<S(U)allow to define three interpretation functions which will be used to give semanticsto the pairing × and the projection proji constructors.

Definition 3.42 The interpretation functions for products and projectionsare defined as follows

Inter× : S(U)× S(U) → S(U)P 7→ β(〈∅, P, ∅〉) = S(α◦in2)◦Code×(P )

Interproji: S(U) → S(U)

S 7→ proji◦proj2◦βR(S) = S(proji)◦S(out2◦α)

They satisfy the following inequalities.

Lemma 3.43 Functions Inter× and Interprojisatisfy:

Interproji(Inter×〈S1, S2〉) = Si

Inter×〈Interproj1(S), Interproj2(S)〉 ⊑S(U)

S


3.3.2 The Isomorphism Code+ : S(D)× S(E) =∼ S(D + E)

Definition of an embedding Code+ : S(D) + S(E)<S(D + E) is not possible, asthe following example shows.

Example. The function Code+ : S(D) + S(E)→ S(D + E) defined by

Code+(X)def=

if X = ⊥S(D)+S(E) then D + E \ {⊥D+E}if is1(X) then {in1(y) | y ∈ out1(X)}if is2(X) then {in2(y) | y ∈ out2(X)}

for any X ∈ S(D)+S(E), is continuous and injective, but it is not an embedding.The only monotonic function CodeR

+ : S(D + E) → S(D) + S(E) satisfying

CodeR+◦Code+ = IdS(D)+S(E) is defined by

CodeR+(S) =

if ∀x ∈ S . is1(x) then in1({out1(x) | x ∈ S})if ∀x ∈ S . is2(x) then in2({out2(x) | x ∈ S})otherwise ⊥S(D)+S(E)

for any S ∈ S(D+E). However, such function is not continuous as the followingexample shows.

Consider an infinite sequence of values di ∈ D, a value e ∈ E and the increas-ing sequence of filters Si ∈ S(D+E) defined by Si = {in2(e), in1(di), in1(di+1), . . .}and satisfying ⊔Si = {in2(e)}. It is easy to prove that CodeR

+(Si) = ⊥S(D)+S(E)

for any i ∈ IN, whereas CodeR+(

⊔

i∈INSi) = in2({e}). Therefore CodeR

+(⊔

i∈INSi) 6=

⊔

i∈INCodeR

+(Si).

As we have mentioned, coalesced sum is not adequate to put together thedifferent kinds of types. A value has a unique kind, whereas a type may becomposed by different kinds of values. Thus, it is more sensible to decomposea type —an element of S(D + E)— into its different components —an elementof S(D)×S(E)—, instead of classifying it into two kinds of types —an elementof S(D) + S(E)—. We see then that a type is uniquely characterized by itscomponents. It means that we can define an isomorphism between the universeof mixed types S(D + E) and the product of pure types S(D)× S(E).

Definition-lemma 3.44 The continuous function Code+ : S(D) × S(E) →S(D + E) defined by

Code+〈S1, S2〉def= {in1(y) | y ∈ S1} ∪ {in2(y) | y ∈ S2}

is an isomorphism. Its inverse is defined by

Code−1+ (S) = 〈{out1(x) | x ∈ S ∧ is1(x)}, {out2(x) | x ∈ S ∧ is2(x)}〉

for any S1 ∈ S(D), S2 ∈ S(E) and S ∈ S(D + E).


3.3.3 The Embedding Code→ : S(D)→ S(E)<S(D → E)

Contrary to previous cases, definition of an embedding from S(D) → S(E) toS(D → E) is not so easy as it could seem. Thus, many simple definitionsfail when we try to prove their continuity or the inclusion relations definingan embedding. There is no room here to present all unsuccessful attempts, sowe have selected only a pair of them to show the complexity of the task. Thedefinition of such codification function is one of the most important contributionsof this thesis. The first one presents one of the more aesthetic solutions that canbe proposed. The second one is based on the first one. The final solution is aslight modification of this second example.

Example. Our experience suggests us to define an embedding-projection pairproposing a projection candidate first, and using lemma 3.35 to find the corre-sponding embedding later. Suppose we have a singleton open filter S = {f} ∈S(D → E). If we have to choose a function CodeR

→({f}) : S(D) → S(E) beingcodified by f , the more appropriate candidate would be S(f). Now, if S containsmore than one function then each element belonging to S contributes to “makeCodeR

→(S) more undefined”. In other words, if CodeR→ is a projection then it is

monotonic and as much bigger S is (smaller w.r.t. ⊑S(D→E)

), more undefined

CodeR→(S) is (smaller w.r.t. ⊑

S(D)→S(E)). We could define CodeR

→(S)def= S(⊓S).

But this is not a good choice, because it is equivalent to trying to codify afunction in S(D) → S(E) using a unique function in D → E, which is clearlyimpossible. It is better to define:

CodeR→(S)

def= ⊓f∈SS(f)

If such function is a projection, then its corresponding embedding will be:

Code→(F ) = {f ∈ (D → E)o | F ⊑S(D)→S(E)

S(f)}

Continuity of such functions may be easily proved, as well as the followinginequalities:

CodeR→◦Code→(F ) = ⊓F⊑S(f)S(f) ⊒ F

Code→◦CodeR→(S) = {f ∈ (D → E)o | ⊓f ′∈S S(f ′) ⊑ S(f)} ⊑ S

In fact, given a continuous function, like CodeR→, it is always possible to find

another function, like Code→, satisfying such inequalities. Problems arise whenwe try to prove CodeR

→◦Code→(F ) ⊑ F . This inequality only holds when forany X ∈ S(D) and any y ∈ F (X) we can find a function f : D → E such thatF ⊑ S(f) and y ∈ S(f)(X). Unfortunately, first example of figure 3.3 showsthat it is not possible to find such function for X = {d2} and y = e3.

Example. In previous example we have chosen CodeR→({f}) = S(f). This is the

smallest function satisfying x ∈ X ⇔ f(x) ∈ S(f)(X). We can take the biggest


⊥D

d1

d2

& %��

⊥E

e1 e2

e3

& %��

F : S(D)→ S(E)

--

AA

��

��

AA

⊥D

d1

d2

& %��

⊥E

e1

e2& %��

F : S(D)→ S(E)

--

CCCCC

��

Figure 3.3: Two counter-examples for two possible definitions of Code→.

one of such functions. In this case, we obtain:

Code→(F ) = {f ∈ (D → E)o | ∀X ∈ S(D) .∀x ∈ X . f(x) ∈ F (X)}

CodeR→(S) = λX : S(D) . {f(x) | x ∈ X ∧ f ∈ S}

Then, inequality CodeR→◦Code→(F ) ⊑ F only holds if for any X ∈ S(D) and

any y ∈ F (X) we can find an f : D → E such that ∀X ∈ S(D) .∀x ∈ X . f(x) ∈F (X) and ∃x ∈ X . y = f(x). Second example of figure 3.3 also shows that it isnot possible to find such function for X = {d1, d2} and y = e1.

A careful analysis shows that the function Code→ only codifies correctly ∪-additive function. If x ∈ X1 ∪ X2 and ∀X ∈ S(D) . x ∈ X . f(x) ∈ F (X) thenf(x) ∈ F (X1) or f(x) ∈ F (X2). Therefore,

CodeR→◦Code→(F )(X1 ∪X2) = CodeR

→◦Code→(F )(X1) ∪ CodeR→◦Code→(F )(X2)

Such problem always appears when we try to codify a function on sets usingthe set of functions mapping each element from a set of the domain to an elementof the corresponding image set (see (Sannella et al., 1990)). We already men-tion such problem in (Levy et al., 1990), where we propose the definition of anencoding function from S(D) → S(E) to S(S(D) → E) (see subsection 3.3.4).The set of functions used to codify a function on sets is then larger and weget the desired embedding. However, now we know that it is possible to definea codification function being an embedding without enlarging the codificationspace.

The only way to avoid CodeR→◦Code→(F ) be additive is using more functions

to codify F . We can do that introducing in Code(F ) functions satisfying ∀x ∈


X1 ∪ X2 . f(x) ∈ F (X1 ∪ X2) but neither ∀x ∈ X1 . f(x) ∈ F (X1) nor ∀x ∈X2 . f(x) ∈ F (X2). We define then

Code→(F )def= {f ∈ (D → E)o | ∃X ∈ S(D)o \ {∅} .∀x ∈ X . f(x) ∈ F (X)}

Then, f(x) ∈ CodeR→(S)(X) for any x ∈ X and any f ∈ S is no longer

true and we have to restrict the set of functions f used to define CodeR→. The

corresponding projection is, more or less

CodeR→ = λS : S(D) . λX : S(D) .

{

y ∈ D | ∃x ∈ X .∃f ∈ S .⊥E 6= f(x) ⊑E

y∧ f is minimal in S ∧ (∀x′ 6∈ X . f(x′) = ⊥E)

}

Here, more or less means that this function is not continuous and we haveto modify it slightly to obtain a continuous function. We define continuousextensions for such purpose.

Definition 3.45 Let D and E be domains, and f : Do → E be a monotonicfunction. Then, there exists a unique continuous function f ext : D → E, namedcontinuous extension, satisfying f ext(x) = f(x) for any ω-finite element x ∈Do.

Proof: Lemma 3.17 ensure that if D is a domain and x ∈ D, then either x ∈Do or there exists an increasing sequence of ω-finite elements {xi}i∈IN suchthat x =

⊔

i∈INxi. Evidently, such sequence is not unique. We define f ext by

f ext(x)def= f(x) if x ∈ Do and f ext(x) =

⊔

i∈INf(xi) for one of such sequences if

x is not ω-finite. However, we have to prove then the result is independent fromthe chosen sequence.

Let {xi}i∈IN and {x′j}j∈IN be two sequences satisfying x =

⊔

i∈INxi =

⊔

j∈INx′

i.For any i ∈ IN we have xi ⊑

⊔

j∈INx′

j and, as longer as xi is ω-finite we have also∀i ∈ IN .∃j ∈ IN . xi ⊑ x′

j . If f is monotonic, then ∀i ∈ IN .∃j ∈ IN . f(xi) ⊑ f(x′j)

and we conclude⊔

i∈INf(xi) ⊑

⊔

j∈INf(x′

j). Similarly we prove⊔

i∈INf(xi) =

⊔

j∈INf(x′

j).Now, we prove the continuity of the function defined in this way. (No-

tice that the function f : Do → E is continuous if, and only if, it is mono-tonic). Let {xi}i∈IN be an increasing sequence in D. For any i ∈ IN we canfind an increasing sequence {pi

j}j∈IN such that xi =⊔

j∈INpi

j . It is not diffi-

cult to prove that ∀i ∈ IN .∃k ∈ IN . xi ⊑ pi+1k using the ω-finiteness defini-

tion. Therefore, we can define a sequence of ki such that p1k1⊑ p2

k2⊑ . . .

is an increasing sequence satisfying⊔

i∈INxi =

⊔

i∈INpi

ki. Now, using the defi-

nition of f ext we have f ext(⊔

i∈INxi) = f ext(

⊔

i∈INpi

ki) =

⊔

i∈INf ext(pi

ki) and on

the other hand⊔

i∈INf ext(xi) =

⊔

i∈INf ext(

⊔

j∈INpi

j) =⊔

i∈IN

⊔

j∈INf ext(pi

j). Clearly,

f ext(⊔

i∈INxi) =

⊔

i∈INf ext(pi

ki) ⊑

⊔

i∈IN

⊔

j∈INf ext(pi

j) =⊔

i∈INf ext(xi). The inclu-

sion in the opposite direction is derived from the monotonicity of f ext. Thisconcludes the proof.

This lemma can be extended to functions with several arguments. Thus, if f :Do → Eo → F is monotonous, then its continuous extension is (λx : Do.(λy : Eo . f(x, y))

ext)

ext,


which is continuous in both arguments. We can conclude also that two contin-uous functions are equal (f = g) if, and only if, they are equal for any ω-finiteargument (∀x ∈ Do . f(x) = g(x)).

From now on, we will to take care of defining monotonic functions on ω-finitearguments, it does not mind if they are also continuous or not. Then, we willuse their continuous extensions to obtain a continuous function.

Definition-lemma 3.46 The function Code→ defined by

Code→(F )def= {f ∈ (D → E)o | ∃X ∈ S(D)o \ {∅} .∀x ∈ X . f(x) ∈ F (X)}

for any F : S(D)→ S(E) is an embedding. Its corresponding projection is

CodeR→ =

(

λS : S(D)o . λX : S(D)o .{

y ∈ D | ∃x ∈ X .∃f ∈ S .⊥E 6= f(x) ⊑E

y

∧ f is minimal in S ∧ (∀x′ 6∈ X . f(x′) = ⊥E)}

)ext

Proof: The proof of correctness of the previous definition is based on the fol-lowing points.

(i) Function Code→ is continuous.

We prove first that f ∈(⊔

i∈INCode→(Fi)

)oimplies f ∈

(

Code→(⊔

i∈INFi)

)o.

If f ∈(⊔

i∈INCode→(Fi)

)o, then for any i ∈ IN there exists an X ∈ S(D)o \ {∅}

such that ∀x ∈ X . f(x) ∈ Fi(X). Let Xi be the maximum7 filter satisfyingsuch proposition for each i ∈ IN, then it is easy to prove that the sequences{Xi}i∈IN and {Fi(Xi)}i∈IN are both increasing. Now, if f is ω-finite, then itsset of images is a finite set of ω-finite elements.Therefore, if each filter Fi(Xi)contains at least one of such images, then

⋃

i∈INFi(Xi)o will contain also at least

one of them. Let p be one of them. It is not difficult to prove that the set Xdef=

{x ∈ D | p ⊑ f(x)} is a nonempty open filter, and it satisfies ∀x ∈ X . f(x) ∈⋃

i∈INFi(Xi)o. As far as Fi are continuous functions we have

⋃

i∈IN(Fi(Xi))o =

⋃

i∈IN

⋃

j∈IN(Fi(Xj))o =

⋃

i∈IN(Fi(⋃

j∈INXoj ))o = (

⊔

i∈INFi(X))o. Therefore, we

conclude that f ∈(

Code→(⊔

i∈INFi)

)o. Implication in the other direction is

ensured by the monotonicity of Code→. We have then(⊔

i∈INCode→(Fi)

)o=

(

Code→(⊔

i∈INFi)

)owhich proves the continuity of Code→.

(ii) Continuity of CodeR→ is ensured by lemma 3.45.

(iii) CodeR→◦Code→ = Id.

First, we prove that if p ∈ CodeR→◦Code→(F )(X) then p ∈ F (X), where we

can suppose without loose of generality8 that X ∈ (S(D))o and p ∈ Eo are both

7Notice that the union of filters satisfying such proposition also satisfies it, therefore themaximum filter exists.

8Notice that two continuous functions are equal iff they are equal for any ω-finite elementand that two closed ideals are equal iff they contains the same minimal ω-finite elements.


ω-finite and p is minimal. Therefore, there exists a function f ∈ Code→(F ) anda x ∈ X such that

p = f(x) 6= ⊥E (3.4)

∀x′ 6∈ X . f(x′) = ⊥E (3.5)

f is minimal in Code→(F ) (3.6)

We can suppose without lose of generality that f ∈ Code→(F ) is ω-finite (becauseit is minimal) therefore there exists a nonempty set X ′ ∈ S(D)o such that

∀x′ ∈ X ′ . f(x′) ∈ F (X ′) (3.7)

It is easy to prove that the condition (3.6) ensures

∀x′ 6∈ X ′ . f(x′) = ⊥E (3.8)

otherwise, the function f ′ defined by f ′(x)def= f(x) if x ∈ X ′ and by f ′(x)

def= ⊥E

otherwise, belonging to Code→(F ), would be smaller than f . Now, as f(x) =p 6= ⊥E condition (3.8) ensures x ∈ X ′ and, using (3.7), p = f(x) ∈ F (X ′). Onthe other hand, for any x′ 6∈ X the condition (3.5) ensures f(x′) = ⊥E 6∈ F (X ′)and, using (3.7), x′ 6∈ X ′. From that we conclude X ′ ⊆ X and F (X ′) ⊆ F (X).Those two fact prove p = f(x) ∈ F (X ′) ⊆ F (X) which finishes the proof.

Second, we prove that if p ∈ F (X) then p ∈ CodeR→◦Code→(F )(X), where we

can also suppose without loose of generality that X ∈ S(D)o and p ∈ F (X)o areboth ω-finite and p is minimal. We define Xmin ⊆ X as being a filter such thatp ∈ F (Xmin) and and no other filter contained in Xmin satisfies such property.9

We use such filter to define the following function

f(x)def=

{

p if x ∈ Xmin

⊥E otherwise

This function satisfies evidently f ∈ Code→(F ) and f(x) = p for some x ∈ X.As Xmin ⊆ X we have also ∀x′ 6∈ X . f(x′) = ⊥E. Finally the minimallity of fis ensured by the fact that there is not any filter X ′ such that X ′ ⊂ Xmin andp ∈ F (X ′) and p is minimal in F (X) and therefore in F (Xmin).

(iv) Code→◦CodeR→(S) ⊇ S.

We prove that if f ∈ S then f ∈ Code→◦CodeR→(S), where we can suppose

without loose of generality10 that f ∈ So and f is minimum in S. First, we willthat the set

Dom(f)def= {x ∈ D | f(x) 6= ⊥E}

9The Kuratowski-Zorn theorem ensures the existence of at least one of such filters. We canconstruct a maximal ordered set (i.e. a set where any pair of elements are comparable and noother element can be added) of filters, containing the filter X and satisfying p ∈ F (X). Theleast upper bound Xmin of such maximal set exists and also satisfies p ∈ F (Xmin) (becauseF is continuous for lub of ordered sets). As the ordered set is maximal, there will not be anyset bigger than (contained in) Xmin and satisfying p ∈ F (X).

10Again, a filter is included into another one if the set of minimal elements of the first oneis included into the second one.


is a nonempty open filter. Suppose that x ∈ Dom(f) and x ⊑D

x′, then ⊥E 6=f(x) ⊑

Ef(x′) and therefore x′ ∈ Dom(f). Suppose now that

⊔

i∈INxi ∈ Dom(f),

then⊔

i∈INf(xi) = f(

⊔

i∈IN) 6= ⊥E and therefore f(xn) 6= ⊥E for some n ∈ IN.

We conclude that Dom(f) is an open filter. Moreover Dom(f) 6= ∅, otherwise wewould have f = ⊥D→E which contradicts ⊥D→E 6∈ S for any filter S. It can alsobeen easily proved that if f is ω-finite function then Dom(f) is also an ω-finiteopen filter.

Then, ∀x 6∈ Dom(f) . f(x) = ⊥E and, as far as f is minimal in S, we will havef(x) ∈ CodeR

→(S)(Dom(f)) for any x ∈ Dom(f). Now, as Dom(f) is a nonemptyopen filter we have f ∈ Code→◦CodeR

→(S).

In this case the interpretation functions are Fun and Graph. On such func-tions, relies the soundness of β and η-rules, as we have shown in chapter 2.

Definition 3.47 The interpretation functions for λ-abstractions and applica-tions are defined as follows

Graph : S(U)→ S(U) → S(U)F 7→ β(〈∅, ∅, F 〉) = S(α◦in3)◦Code→(F )

Fun : S(U) → S(U)→ S(U)

S 7→ proj3◦βR(S) = CodeR

→◦S(out3◦α)

They satisfy the following inequalities.

Lemma 3.48 Functions Fun and Graph satisfy:

Fun◦Graph(F ) = F

Graph◦Fun(S) ⊇ S

This lemma sets that our ideal model is a quasi-extensional COR-model.

3.3.4 The Embedding Code→ : S(D)→ S(E)<S(S(D)→ E)

The problems to define an embedding between S(D)→ S(E) and S(D → E) canbe avoided if we enlarge the codification space. The main problem in previoussubsection was that the pointwise extension of a set of functions in D → Ealways results in a ∪ additive function on S(D) → S(E) (see second examplein subsection 3.3.3). To avoid such problem we can enlarge the domain of thefunctions used to codify. One possible solution is defining an embedding betweenS(D) → S(E) and S(S(D) → E). For simplicity, we will do it in two steps.First, we will define an embedding between J (D)→ J (E) and J (J (D)→ E).Second, using the isomorphism J (D) ∼= S(D), we will define the embeddingbetween S(D)→ S(E) and S(S(D)→ E).

Definition-lemma 3.49 The pair of functions

Code→ : J (D)→ J (E) → J (J (D)→ E)

CodeR→ : J (J (D)→ E) → J (D)→ J (E)


defined by

Code→(F )def= {f : J (D)→ E | ∀X ∈ J (D) . f(X) ∈ F (X)}

CodeR→(I)

def= λX : J (D) . {f(X) | f ∈ I}

form an embedding-projection pair.

Proof: This proof is based on the following points.

(i) Code→(F ) ∈ J (J (D)→ E).If f ∈ Code→(F ) and g ⊑ f , then for any ideal X ∈ J (U) we have g(X) ⊑

f(X) ∈ F (X). Now, if F (X) is an ideal then g(X) ∈ F (X), and thereforeg ∈ Code→(F ).

If for any i ∈ IN, fi ∈ Code→(F ), then for any X ∈ J (U) we have fi(X) ∈F (X). Now, as F (X) is closed for increasing sequences [⊔i∈INfi](X) = ⊔i∈INfi(X) ∈F (X), and therefore ⊔i∈INfi ∈ Code→(F ).

(ii) CodeR→(I)(X) ∈ J (E).

Using the domain properties, it is enough to prove that CodeR→(I)(X)open def

={f(X) ∈ Eo | f ∈ I} is a (may be open) order ideal.

For any p ∈ E we have to prove that if p ⊑ Ef(X) and f ∈ I, then thereexist a function g : J (D) → E such that g(X) = p and g ∈ I. Using again thedomain properties, there exists a sequence {pi}i∈IN of ω-algebraic values with⊔i∈INpi = p. We define then

gdef= λX : J (D) .

⊔

{pi | pi ⊑Ef(X)}

which trivially satisfies g ⊑ f and g(X) = p. Consequently, g ∈ I.The continuity of f , and the ω-finiteness of yi prove the continuity of g:

g(⊔j∈INXj) =⊔

{yi | yi ⊑ f(⊔j∈INXj)} =⊔

{yi | yi ⊑ ⊔j∈INf(Xj)}=

⊔

{yi | ∃j ∈ IN . yi ⊑ f(Xj)} = ⊔j∈IN

⊔

{yi | yi ⊑ f(Xj)}= ⊔j∈INg(Xj)

(iii) CodeR→(I) : J (D)→ J (E) is continuous.

CodeR→(I) is obviously monotonic, let’s prove then CodeR

→(I)(⊔i∈INXi) ⊆⊔i∈INCodeR

→(I)(Xi).Suppose p ∈ CodeR

→(I)(⊔i∈INXi)open then there exists g ∈ I such that p =

g(∪i∈INXi). So, by the continuity of g we have p = ⊔i∈INg(Xi), where for any j ∈IN evidently g(Xj) ∈ Fun(I)(Xj) ⊆ ∪i∈INCodeR

→(I)(Xi). Therefore, by the def-

inition of closure, p = ⊔j∈INg(Xj) ∈ ∪i∈INCodeR→(I)(Xi) = ⊔i∈INCodeR

→(I)(Xi).

Concluding, CodeR→(I)(⊔i∈INXi) = CodeR

→(I)(⊔i∈INXi)open = ⊔i∈INCodeR→(I)(Xi) =

⊔i∈INCodeR→(I)(Xi).

(iv) CodeR→◦Code→ = Id.

The inclusion CodeR→◦Code→(F ) ⊆ F is easy to prove, let’s prove the inclu-

sion CodeR→◦Code→(F ) ⊇ F .


We have to prove that for every X ∈ J (D) the inclusion

F (X) ⊆ {f(X) | ∃f : J (D)→ E .∀Y ∈ J (U) . f(Y ) ∈ F (Y )}

holds. Let p ∈ F (X) be any element of the first set. By lemma 3.17, there existsan increasing sequence of ω-finite elements such that ⊔i∈INpi = p. We define

fdef= λX ′ : J (D) .

⊔

{pi | pi ∈ F (X ′)}

Following the same reasoning than in point (ii), the continuity of F and theω-finiteness of pi prove the continuity of f . On the other hand, it is evident thatfor any X ′ ∈ J (U) we have f(X ′) ∈ F (X ′). Therefore, f ∈ Code→(F ). It isalso evident that f(X) = p. We can conclude that p ∈ CodeR

→◦Code→(F )(X).

(v) Code→◦CodeR→ ⊑ Id is easily proved.

Now, if CD : J (D) → S(D) is the isomorphism defined by CD = λI :J (D) .D \ I for each domain D, we can define the embedding Code→ as fol-lows.

Definition-lemma 3.50 The function

Code→def= CS(D)→E◦J (C−1

D→ IdE)◦Code→◦(CD → C

−1E

)

defines an embedding between S(D)→ S(E) and S(S(D)→ E).

Proof: Notice that CD and C−1D

are both embeddings for any domain D. Takinginto account that IdD is evidently an embedding, the application of a continuousfunctor (like→ or J ) to an embedding is also an embedding, and the compositionof embeddings is also an embedding, then Code→ is an embedding, as far as wehave yet proved (see lemma 3.49) that Code→ is an embedding.

This alternative definition of the embedding Code→ also leads to a functionalideal model provided that we define the value domain U as the initial solutionof:

U ∼= C + U × U + S(U)→ U

instead of using equation (3.1).

We can also mix both solutions and define U as the initial solution of:

U ∼= C + U × U + U → U + S(U)→ U

Then, two kinds of λ-abstraction may be defined, one interpreted in S(U → U)using the first definition of Code→, and the other interpreted in S(S(U) → U)using the second Code→ definition.


3.4 An Ideal Model for COR

In this section we present the semantic rules used to map the language expres-sions over the semantic domain. As we have seen, we use S(U) as semanticdomain. As usual, the semantic function is parametric in a valuation function.These valuation functions map identifiers to domain values: ρ : Ident→ S(U).

Definition 3.51 The semantic interpretation function

τ : Expressions→ (Ident→ S(U))→ S(U)

is defined inductively by:

τ [[⊥]]ρ = ∅τ [[⊤]]ρ = U \ {⊥U}τ [[x]]ρ = ρ[[x]]τ [[t1 ∪ t2]]ρ = τ [[t1]]ρ ∪ τ [[t2]]ρτ [[t1 ∩ t2]]ρ = τ [[t1]]ρ ∩ τ [[t2]]ρτ [[t1 × t2]]ρ = Inter×〈τ [[t1]]ρ , τ [[t2]]ρ〉τ [[proji (t)]]ρ = Interproji

([[t]]ρ)τ [[λx.t]]ρ = Graph(λ ǫ . τ [[t]]ρ[ǫ/x])τ [[t1(t2)]]ρ = Fun(τ [[t1]]ρ)(τ [[t2]]ρ)

where ρ[ǫ/x] is the valuation ρ, except that it maps x to ǫ.

Lemmas 3.46 and 3.50 proves that (S(U),Fun,Graph) is, in both cases, aCOR-domain (see definition 2.4). The interpretation function τ [[·]] has beendefined following the definition 2.6, therefore to prove that (S(U),Fun,Graph, τ)is a COR-environment model we only need to prove the following lemma.

Lemma 3.52 For any COR-term t the function fdef= λS ∈ S(U) . τ [[t]]ρ[S/x] is

continuous.

Proof: The proof is done by induction on the structure of the term t.

(i) Suppose that t = λy . u.

We have the following sequence of equalities

τ [[t]]ρ[⊔

i∈INSi/x]

= τ [[λy . u]]ρ[⊔

i∈INSi/x]

=Graph(λS . τ [[u]]ρ[⊔

i∈INSi/x][S/y]

) definition of τ

=Graph(λS .⊔

i∈INτ [[u]]ρ[Si/x][S/y])induction hypothesis

=Graph(⊔

i∈INλS . τ [[u]]ρ[Si/x][S/y])

=⊔

i∈INGraph(λS . τ [[u]]ρ[Si/x][S/y]) continuity of Graph

=⊔

i∈INτ [[t]]ρ[Si/x])

which prove f(⊔

i∈INSi) =

⊔

i∈INf(Si).

3.5. Conclusions 57

(ii) Suppose that t = u(v).Then we have

τ [[t]]ρ[⊔

i∈INSi/x]

= τ [[u(v)]]ρ[⊔

i∈INSi/x]

= Fun(τ [[u]]ρ[⊔

i∈INSi/x]

)(τ [[v]]ρ[⊔

j∈INSj/x]

) definition of τ

= Fun(⊔

i∈INτ [[u]]ρ[Si/x])(

⊔

j∈INτ [[v]]ρ[Sj/x])induction hypothesis

=⊔

i∈IN

⊔

j∈INFun(τ [[u]]ρ[Si/x])(τ [[v]]ρ[Sj/x]) continuity of Fun

=⊔

i∈INFun(τ [[u]]ρ[Si/x])(τ [[v]]ρ[Si/x])

=⊔

i∈INτ [[t]]ρ[Si/x])

For the rest of cases the proof is very similar and is also based on the conti-nuity of the interpretation functions.

Theorem 3.53 The tuple (S(U),Fun,Graph, τ) is a COR-environment model.

Proof: The proof is based on the previous lemma and the equality Fun(S(U)) =S(U) → S(U). The former means that the image of any filter for Fun is acontinuous function, which has been already proved.

Our model, being a COR-model, is also a λ-model, and satisfies all provableequations of λ-calculus. Furthermore, our model allows to define a new type offormulas based on the refinement relation ⊆.

Definition 3.54 A term t1 is a refinement of another term t2 (noted t1 ⊆ t2)if for any valuation ρ the inclusion ξ[[t1]]ρ ⊆ ξ[[t2]]ρ holds.

3.5 Conclusions

We have proved that if we identify the structural order relation ≺ with theinverse of the computational ordering ⊑ in a functional domain U , then we canbuild over a COR ideal model S(U). It is also a λ-calculus model and allows tointerpret λ-expressions as types. The definition of a functor S spreads out thefamily of λ-models. The study of such kind of models has not finished. We planto prove some kind of initial property for them and to propose some other caseswhere both orderings would not be identified.


Chapter 4

First-Order Bi-rewritingSystems

Abstract: In this chapter we propose an extension of term rewriting

techniques to automate the deduction in monotone pre-order theories. To

prove an inclusion a ⊆ b from a given set I of them, we generate from

I, using a completion procedure, a bi-rewriting system 〈R⊆, R⊇〉, that is,

a pair of rewriting relations −−→R⊆

and −−→R⊇

, and seek a common term

c such that a−−→∗

R⊆c and b−−→

∗

R⊇c. Each component of the bi-rewriting

system −−→R⊆

and −−→R⊇

is allowed to be a subset of the corresponding

inclusion relation ⊆ or ⊇ defined by the theory of I. In order to assure

the decidability and completeness of such proof procedure we study the

termination and commutation of −−→R⊆

and −−→R⊇

. The proof of the com-

mutation property is based on a critical pairs lemma, using an extended

definition of critical pair. We also extend the existing techniques of rewrit-

ing modulo equalities to bi-rewriting modulo a set of inclusions. Although

we center our attention on the completion process a la Knuth-Bendix,

the same notion of extended critical pair is suitable of being applied to

the so called unfailing completion procedures. The completion process

is illustrated by means of three examples corresponding to the theory of

the union operator, non-distributive lattices and distributive lattices. We

show that confluence of extended critical pairs may be ensured adding rule

schemes. Such rule schemes contain variables denoting schemes of expres-

sions, instead of expressions. We compare the results with the classical

rewriting formulation.

4.1 Introduction

Rewriting systems are usually associated with rewriting on equivalence classesof terms, defined by a set of equations. However term rewriting techniques maybe used to compute other relations than congruence. Particularly interesting

59

60 Chapter 4. First-Order Bi-rewriting Systems

are non-symmetric relations like pre-orders. In this chapter we will show theapplicability of rewriting techniques to monotonic pre-order relations on terms,that is the deduction of inequalities —here we call them inclusions— from agiven set of them.

The idea of applying rewriting techniques to the deduction of inclusions be-tween terms, like a ⊆ b, is very simple. We compute by repeatedly replacingboth 1) subterms of a by “bigger” terms using the axioms and 2) subterms of bby “smaller” terms using the same axioms until a path is found between a and b.Evidently there are many paths starting from a in the direction −−→⊆ and fromb in the direction −−→⊇ (see figure 4.1). Many of them are blind alleys and oth-ers are not terminating. It is essential that the search procedure avoids infinitesequences of rewriting steps with infinitely many different terms (infinite pathsdue to cycles can be avoided if we control the introduction of repeated terms).Obviously infinitely many different rewriting steps would prevent the termina-tion of the procedure. The solution to non-termination is, like in term rewritingsystems, to orient the axioms using a well founded ordering on terms. Becausethe relation is non-symmetric, the orientation results in a pair of rewriting sys-tems 〈R⊆, R⊇〉, i.e. we get what we call a bi-rewriting system. We introduce thedefinitions of Church-Rosser and quasi-terminating bi-rewriting system in orderto assure the soundness, completeness and termination of the search procedure.That is, given a set of axioms, if we can orient and complete them obtaining aquasi-terminating and Church-Rosser bi-rewriting system, then we will have adecision algorithm to test a ⊆ b.

a∪(a∪b)

a∪(b∪a)

(a∪b)∪a

(b∪a)∪a b∪(a∪a)

b∪a

(a∪a)∪b

a∪b

b∪c

a∪c

a

a∪(b∪c)

b

c

@@R

�� @

@R -@

@R

�� @

@R⊆

⊆ ⊆

⊆

⊆

⊆ ⊆

�

�

�

��HHHYJ

JJ

JJ]

⊆

⊆⊆

⊆

⊆

⊆

R⊆ =

8

>

>

<

>

>

:

X ∪ Y −−−→⊆

Y ∪ X

(X ∪ Y ) ∪ Z −−−→⊆

X ∪ (Y ∪ Z)

X ∪ X −−−→⊆

X

R⊇ =

(

X ∪ Y −−−→⊇

X

X ∪ Y −−−→⊇

Y

Figure 4.1: A graphical representation of the bi-rewriting algorithm

Most of the notions of rewriting developed for the equational case can beextended to bi-rewriting and the development of the chapter follows the samepattern as equational rewriting: the Church-Rosser property is proved by meansof a critical pairs lemma, and we use a completion process to ensure the con-fluence of the critical pairs (Knuth and Bendix, 1970; Huet, 1980; Klop, 1987;Dershowitz and Jouannaud, 1990). However there are also some differences.Equational rewriting is in essence a theory of normal forms, while bi-rewriting

4.2. Inclusions and Bi-rewriting Systems 61

disregards this notion. Bi-rewriting can also be seen as a generalization of equa-tional rewriting: equations can be translated to pairs of inclusions and then wecan reproduce the equational case. One of the costs of this generalization isthat bi-rewriting is based on a search procedure, which is avoided in canonicalrewriting systems thanks to the existence of unique normal forms. Another costis that now critical pairs must be computed considering variable overlapping,producing possibly infinitely many of them, which are represented as criticalpair schemes.

This chapter proceeds as follows.

In section 4.2 we present a version of the critical pairs lemma for bi-rewritingsystems using an extended definition of critical pairs. We also give a counter-example that invalidates this lemma stated only in terms of standard criticalpairs.

In section 4.3 we generalize the results of section 4.2 to bi-rewriting systemsmodulo a set of (non-orientable) inclusions. We have divided this section in twosubsections, the first devoted to abstract bi-rewriting properties and the secondto term dependent properties.

In section 4.4 we present three examples of canonical bi-rewriting systemsfor the theories of union, non-distributive lattices and distributive lattices. Weshow that although in general extended critical pairs could be intractable, thereexist for this theory, and possibly for others, practical ways to handle them.

We also show in section 4.5 some of the disadvantages of using equations tomodel inclusions in lattice theories.

4.2 Inclusions and Bi-rewriting Systems

If nothing is said, we follow the notation and the standard definitions used in(Huet, 1980; Klop, 1987; Dershowitz and Jouannaud, 1990). We are concernedwith first-order terms T (F ,X ) over a nonempty signature F =

⋃

n∈INFn of func-

tion symbols, and a denumerable set X of variables.1 A position p is a sequenceof positive integers. Given two positions, p1 · p2 denotes their concatenation.We write p1 ≺ p2 when p1 is a prefix of p2 and p1|p2 when they are disjoint.2

The occurrence3 of a subexpression at a position p of a term t is denoted by t|p.The expression t[u]p denotes the result of replacing in t the occurrence of t|p byu.4 A context F [·]p is an expression with a hole [·] at a distinguished positionp. The set of (free) variables of a term t is denoted by FV(t). A substitution

1As we will see later, in most cases we also require the finiteness of F . We suppose thatFn are disjoint sets. The set T (F ,X ) is defined as the smallest set containing X such that iff ∈ Fn and ti ∈ T (F ,X ) for i = 1, . . . , n then f(t1, . . . , tn) ∈ T (F ,X ).

2We write p1 ≺ p2 when there exists a sequence q such that p2 = p1 · q, and p1|p2 whenp1 6≺ p2 and p2 6≺ p1.

3If p is an empty sequence then t|p is defined by t|<>def= t otherwise it is defined inductively

by f(t1, . . . , tn)|<i1,i2,...,ir>def= ti1 |<i2,...,ir>.

4If p is the empty sequence then t[u]<>def= u, otherwise f(t1, . . . , tn)[u]<i1,...,im>

def=

f(t1, . . . , ti1 [u]<i2,...,im>, . . . , tn).


σ = [X1 7→ t1, . . . ,Xn 7→ tn] is a mapping from a finite set {X1, . . . ,Xn} ⊆ X ofvariables to T (F ,X ), extended as a morphism5 to T (F ,X )→ T (F ,X ). The set

Dom(σ)def= {X1, . . . ,Xn} is called the domain of the substitution. We use the

relational logic6 notation (deKogel, 1992; Baumer, 1992) to present the abstractbi-rewriting properties. The inverse of the relation R is denoted by R−1, itsreflexive-transitive closure by R∗, the transitive composition by R1◦R2, and theunion by R1 ∪ R2. Notation R+ is a shorthand for R◦R∗. A relation R is saidto be terminating if R+ is a well-founded ordering, quasi-terminating if the set{u | t R∗ u} is finite for any value t; and finitely branching if {u | t R u} is finitefor any t. A binary relation R on terms is said to be closed under substitutionsif t R u implies σ(t) R σ(u), for any substitution σ and pair of terms t and u;monotonic if t R u implies F [t]p R F [u]p, for any context F [·]p; and a rewriterelation if it is closed under substitutions and monotonic. We denote by −−→

R

the rewrite relation defined by the set of rules R.7 Notation ←−−R

is a shorthand

for (−−→R

)−1

.An inclusion is a pair of terms s, t ∈ T (F ,X ) written s ⊆ t. Given a

finite set of inclusions Ax and a pair of terms s and t, we say that s ⊆Ax tiff Ax ⊢POL s ⊆ t, where POL stands for Partial Order Logic and ⊢POL is theentailment relation defined by the following inference rules

∆, s ⊆ t ⊢POL s ⊆ t ∆ ⊢POL s ⊆ s∆ ⊢POL s ⊆ t ∆ ⊢POL t ⊆ u

∆ ⊢POL s ⊆ u

∆ ⊢POL s ⊆ t∆ ⊢POL σ(s) ⊆ σ(t)

∆ ⊢POL s ⊆ t∆ ⊢POL u[s]p ⊆ u[t]p

where σ is a substitution, p a position in u, i.e. u[·]p is a context, and ∆ is afinite set of inclusions.

Meseguer (Meseguer, 1990; Meseguer, 1992) has studied widely the logic ofconditional inequalities, which he names rewriting logic, and its models.

The set of inclusions s ⊆ t that can be inferred from Ax using ⊢POL forms aninclusion theory, noted by Th(Ax). Notice that, in first-order logic, Th(Ax) is adenumerable set and the deduction problem Ax ⊢POL s ⊆ t is semi-decidable. Inthe following we will propose sufficient conditions to have a decision algorithmfor Ax ⊢POL s ⊆ t based on rewriting techniques.

Given an inclusion s ⊆ t of Ax, we can orient it obtaining a term rewritingrule s−−→⊆ t or a rule t−−→⊇ s. Thus, the orientation, for rewriting purposes,of a finite set of inclusions Ax results in two sets of rewriting rules, R⊆ withrules like s−−→⊆ t and R⊇ with rules like s−−→⊇ t. The pair 〈R⊆, R⊇〉 is called abi-rewriting system.

Definition 4.1 A (term) bi-rewriting system is a pair 〈R⊆, R⊇〉 of finite setsof (term) rewriting rules R⊆ = {s1 −−→

⊆t1, . . . , sn −−→

⊆tn} and R⊇ = {u1 −−→

⊇v1, . . . , um −−→

⊇vm}.

5That is, σ(f(t1, . . . , tn))def= f(σ(t1), . . . , σ(tn)).

6This is an extension of the Kleen algebra for regular expressions, i.e. those built up usingthe constructors ∪, ◦ and ∗.

7The minimal rewriting relation satisfying s −−−→R

t for any rule s→ t ∈ R.


Given a bi-rewriting system 〈R⊆, R⊇〉, its corresponding inclusion theory isdefined by the set of axioms Ax = {s ⊆ t | s−−→⊆ t ∈ R⊆ ∨ t−−→⊇ s ∈ R⊇}.

The orientation criteria is based, like in rewriting systems, on a well-foundedordering on terms (noted as ≻) (Dershowitz, 1987). In this section we supposethat each inclusion s ⊆ t in Ax may be oriented, putting s−−→⊆ t in R⊆ if s ≻ t,or t−−→⊇ s in R⊇ if t ≻ s. In the next section we will consider the case ofinclusions which can not be oriented because s 6≻ t and t 6≻ s. For example,inclusions defining the inclusion theory of the union may be oriented using asimplification ordering as it is shown in figure 4.2.

Ax =

X ∪X ⊆ XX ⊆ X ∪ YY ⊆ X ∪ Y

R⊆ ={

r1 : X ∪X −−→⊆ X

R⊇ =

{

r2 : X ∪ Y −−→⊇ Xr3 : X ∪ Y −−→⊇ Y

Figure 4.2: Orientation of the inclusion theory of the union.

Given a bi-rewriting system 〈R⊆, R⊇〉 the monotonic and substitution closureof each one of its components R⊆ and R⊇ results in a rewriting relation, notedby −−→

R⊆and −−→

R⊇respectively, defined as follows.

Definition 4.2 We say that s R-rewrites to t, written s−−→R

t, if there exista rule l−−→ r ∈ R, a position p in s, and a substitution σ, such that s|p = σ(l)and t = s[σ(r)]p.

If s|p = σ(l) then we say that s|p and l match. Notice that if FV(r) ⊆ FV(l)then the substitution σ in the previous definition, with its domain restricted toDom(σ) ⊆ FV(l), is unique.

A variant of the theorem of Birkhoff (Birkhoff, 1935) allows to prove thefollowing lemma.

Lemma 4.3 Given a bi-rewriting system 〈R⊆, R⊇〉 and its corresponding inclu-sion theory Ax, for any pair of terms s, t we have s (−−→

R⊆∪ ←−−

R⊇)∗ t if, and

only if, Ax ⊢POL s ⊆ t.

However, the relation (−−→R⊆∪ ←−−

R⊇)∗ is in general not computable, i.e. given

two terms s and t there does not exist a decision algorithm for s (−−→R⊆

∪

←−−R⊇

)∗ t. We are interested in reducing the previous relation into the subre-

lation −−→∗R⊆

◦←−−∗R⊇

, which we will show is computable.

Based on the bi-rewriting system 〈R⊆, R⊇〉 a deduction procedure for itscorresponding inclusion theory Th(Ax) can be easily defined (see figure 4.1). Toprove Ax ⊢POL s ⊆ t the procedure enumerates recursively the nodes of two treesT1 and T2, defined by rootT1

= s, rootT2= t, branchT1

(s1) = {s2 | s1 −−→R⊆s2}

and branchT2(t1) = {t2 | t1 −−→R⊇

t2}, avoiding repeated nodes. If the procedure


finds a common node in both trees then it stops and answers true, otherwise ifboth sets of nodes are finite then it stops and answers false or else it does notstop.

Notice that the nodes of both trees are always recursively enumerable, al-though the trees may be infinitely branching. We say that a tree is infinitelybranching if it contains a node with infinitely many branches.

The following definition states sufficient conditions for the soundness andcompleteness, and for the termination of this procedure. Notice that the sound-ness and completeness properties are based on the equivalence of the relation−−→∗

R⊆◦←−−∗

R⊇computed by the algorithm and the relation (−−→

R⊆∪ ←−−

R⊇)∗ imple-

menting the inclusion relation defined by the theory. The termination propertyis based on the finiteness of both search trees.

Definition 4.4 A bi-rewriting system 〈R⊆, R⊇〉 is said to be

(i) terminating iff (−−→R⊆∪ −−→

R⊇)∗ is a well-founded ordering;8

(ii) quasi-terminating or globally finite iff the sets {u | t−−→∗R⊆

u} and

{v | t−−→∗R⊇

v} are both finite for any term t; and

(iii) Church-Rosser iff (−−→R⊆∪ ←−−

R⊇)∗ ⊆ −−→∗

R⊆◦←−−∗

R⊇.

We can prove the following results for the decision procedure based on a bi-rewriting system, and the Ax ⊢POL t ⊆ u deduction problem of its correspondinginclusion theory.

Lemma 4.5 If the bi-rewriting system 〈R⊆, R⊇〉 is Church-Rosser then the de-cision procedure based on it is sound and complete, i.e. Ax ⊢POL t ⊆ u holds if,and only if, the procedure terminates and answers true.If the bi-rewriting system is Church-Rosser and quasi-terminating then the de-cision procedure is sound, complete and terminates, therefore the satisfiabilityproblem is decidable.

We only need to require the quasi-termination property of the bi-rewritingsystem —which is (strictly) weaker than the termination property— in orderto prove the termination of the procedure; whereas in the equational case, thetermination property of the rewriting system is needed to prove the terminationof a procedure based on the computation of the normal form.

Lemma 4.6 Any terminating term bi-rewriting system is quasi-terminating.

Proof: If (−−→R⊆∪ −−→

R⊇)∗ is terminating then both −−→∗

R⊆and −−→∗

R⊇are termi-

nating, and the problem is reduced to prove that any terminating term rewritingsystem is quasi-terminating.

8In a previous version of this work (Levy and Agustı, 1993c), a bi-rewriting system 〈R⊆, R⊇〉

is said to be terminating iff both −−−→∗

R⊆and −−−→

∗

R⊇are well-founded orderings. This is a weaker

condition and it is not enough to prove the equivalence between the Church-Rosser and thelocal bi-confluence properties. This error was communicated to the authors by Professor HaraldGanzinger.


First we prove that any terminating term rewriting relation is finitely branch-ing. If −−→

Ris terminating then any rewriting rule l−−→ r in R satisfies FV(r) ⊆

FV(l) (otherwise it would be easy to construct a non terminating sequence ofterms taking a convenient instantiation of one the variables of FV(r)\FV(l)).Now, to rewrite a term we have finitely many ways to choose a rule l−−→ r anda subterm t|p. Once we have fixed them, if it exists, there is a unique substitu-tion satisfying Dom(σ) ⊆ FV(l) and t|p = σ(l). Finally, if FV(r) ⊆ FV(l), suchsubstitution determines the result of the rewriting step.

Second we prove that any finitely branching and terminating relation is quasi-terminating. This is a straightforward application of the Koenig’s lemma, al-though it can also be proved directly by noetherian induction. Let P be the

predicate P (s)def= “the set {t | s−−→∗

Rt} is finite”. Evidently, it holds for the

base case, i.e. for the −−→R

-normal terms. For the induction case we have{x | t−−→∗

Rx} = {t} ∪

⋃

u∈{u | t−−→R

u}{y | u−−→∗R

y}. Now, as far as each one

of the sets {y | u−−→∗R

y} is finite by induction hypothesis, and there are finitelymany of this sets, because −−→

Ris finitely branching, we have that {x | t−−→∗

Rx}

is also finite. By induction we conclude that P (s) holds for any term s and −−→R

is quasi-terminating.

In order to test automatically the Church-Rosser property we extend thestandard procedure used in term rewriting to bi-rewriting. So we reduce theChurch-Rosser property to three simpler properties, namely bi-confluence (orcommutativity), local bi-confluence and critical pairs bi-confluence.

Definition 4.7 A bi-rewriting system 〈R⊆, R⊇〉 is said to be

(i) bi-confluent iff ←−−∗R⊇

◦−−→∗R⊆⊆ −−→∗

R⊆◦←−−∗

R⊇; and

(ii) locally bi-confluent iff ←−−R⊇

◦−−→R⊆⊆ −−→∗

R⊆◦←−−∗

R⊇.

A pair of terms 〈s, t〉 is said to be bi-confluent iff s−−→∗R⊆

◦←−−∗R⊇

t.

A variant of the Newman’s lemma (Newman, 1942; Huet, 1980) proves thefollowing result for bi-rewriting systems.

Lemma 4.8 A terminating bi-rewriting system is Church-Rosser iff it is locallybi-confluent.

Proof: The only if implication is trivially proved since ←−−R⊇

◦−−→R⊆

⊆ (−−→R⊆∪

←−−R⊇

)∗. The proof for the if implication is done by noetherian induction and is

quite similar to the standard proof for the confluence of terminating and locallyconfluent term rewriting systems (Huet, 1980). If fact the statement is impliedby lemma 1.2 in (Bachmair and Dershowitz, 1986a).


t

u′ v′

u t′ v

t′′

��

��∗ ∗ ∗��

��∗ �

��

��

∗

@@R

@@R @@R∗

@@R∗

@@R∗

localbi-conf.

induc.

induc.

@@R= −−→

R⊆

��= −−→

R⊇

We prove that property

P (t)def= ∀u, v . u←−−∗

R⊇t−−→∗

R⊆v ⇒ u−−→∗

R⊆◦←−−∗

R⊇v

holds for any term t by noetherian induction. Thebase case t = u or t = v is trivially satisfied. Theinduction case follows directly from the inductionhypothesis P (u′) and P (v′) using the diagram onthe left.

Notice that in the previous lemma we require the union of both rewritingrelations to be well-founded, and it is not sufficient if both relations are well-founded separately. For instance, the bi-rewriting system defined by R⊆ ={b−−→⊆ c, c−−→⊆ d} and R⊇ = {c−−→⊇ b, b−−→⊇ a} is locally bi-confluent and bothrewriting relations −−→

R⊆and −−→

R⊇are terminating, not their union. However,

the bi-rewriting system is not Church-Rosser.

A simple adaptation of the standard critical pairs definition (Knuth andBendix, 1970) can be given for bi-rewriting systems. However, as we will see,it is not sufficient to prove the critical pairs lemma. This simple definition ofcritical pair arises from the most general non-variable overlap between the lefthand side of a rule in R⊆ and a sub-expression of the left hand side of a rule inR⊇, (or viceversa). Given a pair of rules l−−→⊆ r and s−−→⊇ t, a position p of anon-variable subterm of s, and the most general unifier σ of l and s|p, the pairσ(t) ⊆ σ(s[r]p) is a (standard) critical pair between R⊆ and R⊇; and similarlyfor critical pairs between R⊇ and R⊆.

Unfortunately, in the presence of non-left-linear rules,9 the critical pair lemmastated in terms of such standard critical pairs can not be proved because theconfluence of variable overlaps is no longer possible. The same fact has alreadybeen discussed in (Bachmair, 1991). Here is a simple counter-example to thevalidity of this lemma.

Counter-example. The following bi-rewriting system

R⊆ ={

f(X,X)−−→⊆ X}

R⊇ ={

a−−→⊇ b}

is terminating and has no standard critical pairs, however the divergence f(a, b)←−−R⊇

f(a, a)−−→R⊆

a

does not satisfy the Church-Rosser property (the pair f(a, b) ⊆ a is not bi-confluent). This problem would be avoided if a−−→⊆ b ∈ R⊆, but then theinclusion theory corresponding to the bi-rewriting system would be different.

9A rule l −−−→ r is left- (right-) linear iff any variable in l (in r) occurs at most once in l(in r).


Non-left-linear rules also invalidate the bi-rewrite parallel of Toyama’s theo-rem (Toyama, 1987) as the following counter-example shows.

Counter-example. The following bi-rewriting system

R⊆ =

X ∪X −−→⊆ XX ∪ Y −−→⊆ Y ∪XX ∪ (Y ∪ Z)−−→⊆ (X ∪ Y ) ∪ Z

R⊇ =

{

X ∪ Y −−→⊇ XX ∪ Y −−→⊇ Y

is Church-Rosser and quasi-terminating, if we consider a signature containinguniquely constants and the binary union operator, i.e. F2 = {∪} and Fi = ∅ fori 6∈ {0, 2}. However, if we introduce a new 1-ary symbol in the signature f ∈ F1

then we have the following divergence which is not bi-confluent.

f(X) ∪ f(Y )←−−R⊇

f(X) ∪ f(X ∪ Y )←−−R⊇

f(X ∪ Y ) ∪ f(X ∪ Y )−−→R⊆

f(X ∪ Y )

This means that many properties of bi-rewriting systems depend not only onthe axioms of the theory but also on the signature.

Using the standard definition of critical pairs, the critical pairs lemma is onlytrue for left-linear systems: a terminating and left-linear bi-rewriting system isChurch-Rosser iff all standard critical pairs are bi-confluent. In order to keepthis lemma for non-left-linear bi-rewriting systems, we have to enlarge the set ofcritical pairs to be considered as follows.

Definition 4.9 If l−−→⊆ r ∈ R⊆ and s−−→⊇ t ∈ R⊇ are two rewriting rules (withvariables distinct) and p a position in s, then

(i) if s|p is a non-variable subterm and σ is the most general unifier of s|p andl then

σ(t) ⊆ σ(s[r]p) ∈ ECP (R⊆, R⊇)

is a (standard) critical pair,

(ii) if s|p = x is a repeated variable in s, F is a term containing only freshvariables, q is an occurrence in F , and l−−→∗

R⊇r does not hold,10 then

σ(t) ⊆ σ(s[F [r]q]p) ∈ ECP (R⊆, R⊇)

is an (extended) critical pair where σ = [x 7→ F [l]q].

Similarly for critical pairs between R⊇ and R⊆, ECP (R⊇, R⊆).

The set of (extended) critical pairs of the previous definition is in generalinfinite, σ(t) ⊆ σ(s[F [r]q]p) is really a critical pair scheme because we do notimpose any restriction on the context F [·]q. In section 4.4 we will see an examplewhere we use such kind of schemes. So the critical pairs lemma even if true withthis definition of critical pairs, will be of little practical help to test bi-confluence.Then the conditions of bi-confluence have to be studied in each case taking intoaccount the particular shape of the non-left-linear rules. In section 5.2 we facethe problem of testing bi-confluence automatically by codifying extended criticalpairs using the linear second-order typed λ-calculus.

10If this condition is satisfied then we can make the pair resulting from the variable overlap-ping confluent like in the equational case.


Theorem 4.10 extended critical pair lemma. A terminating bi-rewritingsystem 〈R⊆, R⊇〉 is Church-Rosser iff any (standard or extended) critical pair s ⊆t in ECP (R⊆, R⊇) or s ⊇ t in ECP (R⊇, R⊆) is bi-confluent, i.e. s−−→∗

R⊆◦←−−∗

R⊇t.

Proof: For the if part, see the proof of theorem 4.19, which states a more generalresult, taking I⊆ = ∅. For the only if part, extended critical pairs are sounddeductions, therefore if s ⊆ t is an extended critical pair, then s(−−→

R⊆∪ ←−−

R⊇)∗t

holds. Now, if the bi-rewriting system is Church-Rosser, then s−−→∗R⊆

◦←−−∗R⊇

t.

This theorem, lemma 4.17 and theorem 4.19 may be considered as instances ofthe general critical pair theorem proved by Geser in his thesis (?). Nevertheless,we have decided to include a sketch of their proof for completeness.

The extended critical pair theorem generalizes the critical pairs lemma (Knuthand Bendix, 1970) for bi-rewriting systems. However, we require the bi-confluenceof not only the standard critical pairs, but also of the extended critical pairs.Nevertheless, if all rules come from the translation of an equational theory E,then any equation a = b with a ≻ b results in two bi-rewriting rules a−−→⊆ b inR⊆ and a−−→⊇ b in R⊇ and both bi-rewriting relations −−→

R⊆= −−→

R⊇are equal.

Then we only obtain standard critical pairs because the condition l−−→∗R⊇

r in the

definition 4.9 of extended critical pair is always satisfied. So we recover the oldresults for the equational case.

4.3 Bi-rewriting Modulo a Set of Inclusions

Like in equational rewriting, in bi-rewriting it is not always possible to orientall inclusions of a theory presentation in two terminating rewrite relations, aswas assumed in the previous section. Frequently enough, we must handle threerewrite relations, the terminating relations −−→

R⊆and −−→

R⊇resulting from the

inclusions R⊆ and R⊇ oriented to the right and to the left respectively, andthe non-terminating relation ←−−−→

I⊆resulting from the non-oriented inclusions I.

Then we say to have a 〈R⊆, R⊇〉 bi-rewriting system modulo I.11 Figure 4.3in section 4.4 shows an example of these bi-rewriting systems. The inverseof the relation ←−−−→

I⊆is noted ←−−−→

I⊇. The Birkhoff theorem is stated then as

Ax ⊢POL t ⊆ u iff t (−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ u.

4.3.1 From Church-Rosser to Local Bi-Confluence

The simplest way to have a complete and decidable proof procedure based onthe 〈R⊆, R⊇〉 bi-rewriting system modulo I is reducing it to the bi-rewritingsystem 〈R⊆ ∪ I,R⊇ ∪ I〉 and, using the results of the previous section, requiringof it the following properties:

11Although we use the word “modulo”, it does not mean that ←−−−−−→∗

I⊆is a congruence, be

aware it is a non-symmetric relation (monotonic pre-order).

4.3. Bi-rewriting Modulo a Set of Inclusions 69

1. The relations −−→R⊆∪ ←−−−→

I⊆and −−→

R⊇∪ ←−−−→

I⊇are both quasi-terminating,

and

2. they satisfy the (weak) Church-Rosser property

(−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ ⊆ (−−→

R⊆∪ ←−−−→

I⊆)∗◦(←−−

R⊇∪ ←−−−→

I⊆)∗

However, as we have seen in the previous section the quasi-termination of−−→

R⊆∪ ←−−−→

I⊆and −−→

R⊇∪ ←−−−→

I⊇is not enough to reduce the (weak) Church-

Rosser property to the local bi-confluence property (←−−R⊇

∪ ←−−−→I⊆

)∗◦(−−→R⊆

∪

←−−−→I⊆

)∗ ⊆ (−−→R⊆∪ ←−−−→

I⊆)∗◦(←−−

R⊇∪ ←−−−→

I⊆)∗ using lemma 4.8. To do this we would

need the termination of −−→R⊆∪ ←−−−→

I⊆∪ −−→

R⊇∪ ←−−−→

I⊇, which, of course, never

holds.12 The solution to this problem comes from requiring the termination of←−−−→∗

I⊆◦−−→

R⊆∪ ←−−−→∗

I⊇◦−−→

R⊇. Using this termination property, the weak Church-

Rosser property can be reduced to a local bi-confluence property.

Lemma 4.11 If the relation ←−−−→∗I⊆

◦−−→R⊆∪ ←−−−→∗

I⊇◦−−→

R⊇is terminating, then the

following properties

(−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ ⊆ (−−→

R⊆∪ ←−−−→

I⊆)∗◦(←−−

R⊇∪ ←−−−→

I⊆)∗

(weak) Church-Rosser

←−−R⊇

◦←−−−→∗I⊆

◦−−→R⊆

⊆ (←−−−→∗I⊆

◦−−→R⊆

)∗◦←−−−→∗I⊆

◦(←−−R⊇

◦←−−−→∗I⊆

)∗

(weak) local bi-confluence

are equivalent.

Proof: Using the equalities (A ∪ B)∗ = (A∗◦B)∗◦A∗ = A∗

◦(B◦A∗)∗ we provethat right hand sides of both inclusions are equal. Now ←−−

R⊇◦←−−−→∗

I⊆◦−−→

R⊆⊆

(−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ shows that local bi-confluence implies Church-Rosser.

For the converse we use (A ∪B)∗ ⊆ A∗◦B∗ ⇔ B∗

◦A∗ ⊆ A∗◦B∗ to prove the

equivalence between the Church-Rosser property and the following one.

←−−−→∗I⊆

◦(←−−R⊇

◦←−−−→∗I⊆

)∗◦(←−−−→∗I⊆

◦−−→R⊆

)∗◦←−−−→∗I⊆⊆ (←−−−→∗

I⊆◦−−→

R⊆)∗◦←−−−→∗

I⊆◦(←−−

R⊇◦←−−−→∗

I⊆)∗

Now, if ←−−−→∗I⊆

◦−−→R⊆∪ ←−−−→∗

I⊇◦−−→

R⊇is terminating we can prove by noetherian

induction that this property is equivalent to the local bi-confluence property.The following diagram shows the scheme of the proof.

��

@@@R

��∗ A

AAU∗ �

��∗ @

@@R∗

@@@R∗ �

��∗ �

��

��

∗@

@@R∗

localbi-conf.

induc.

induc.

-� -� -�

-�

-�

@@@R

= ←−−−→∗I⊆

◦−−→R⊆

��

= ←−−−→∗I⊇

◦−−→R⊇

-� = ←−−−→∗I⊆

12The relation ←−−−−−→I⊆

∪ ←−−−−−→I⊇

is never terminating.


Where the proposition proved by noetherian induction is the following one.

P (t) = ∀u, v . u←−−−→∗I⊆

◦(←−−R⊇

◦←−−−→∗I⊆

)∗t ∧ t(←−−−→∗I⊆

◦−−→R⊆

)∗◦←−−−→∗I⊆

v ⇒

⇒ u(←−−−→∗I⊆

◦−−→R⊆

)∗◦←−−−→∗I⊆

◦(←−−R⊇

◦←−−−→∗I⊆

)∗v

If ←−−−→I⊆

is symmetric (←−−−→I⊆

= ←−−−→I⊇

) the above termination property be-

comes similar to the termination property required in rewriting modulo a set ofequations (Bachmair and Dershowitz, 1989a). That is, ←−−−→

I⊆symmetric means

we can define equivalence classes ([s]I−−→

R[t]

Iiff s←−−−→∗

I◦−−→

R◦←−−−→∗

It) and, the

termination of ←−−−→∗I⊆

◦−−→R⊆∪ ←−−−→∗

I⊇◦−−→

R⊇is ensured by the existence of a well-

founded I-compatible quasi-ordering13 � satisfying −−→R⊆

⊆≻, −−→R⊇

⊆≻ and

←−−−→I⊆⊆≈, where the equivalence relation ≈ is the intersection of � and � and

the strict ordering ≻ is the difference of � and ≈. The quasi-termination prop-erty of ←−−−→

I⊆is equivalent then to the finiteness of the equivalence classes.

However, like in the equational case, rewriting by ←−−−→∗I

◦−−→R

is inefficient,and the local commutativity of ←−−−→∗

I⊆◦−−→

R⊆and ←−−−→∗

I⊇◦−−→

R⊇can not be reduced

to the bi-confluence of a selected set of critical pairs. Therefore we will approxi-mate them by two weaker, but more practical rewriting relations, named I\R⊆

and I\R⊇ respectively by similarity to the corresponding equational definitions.In the following, we prove the abstract properties of these relations. We willsuppose that they satisfy:14

−−→R⊆⊆ −−−−→

I\R⊆⊆ ←−−−→∗

I⊆◦−−→

R⊆

−−→R⊇⊆ −−−−→

I\R⊇⊆ ←−−−→∗

I⊇◦−−→

R⊇

leaving their definition for the next subsection.We require these new rewriting relations to satisfy what we call a strong

Church-Rosser modulo I property, defined as follows.

Definition 4.12 The bi-rewriting system 〈R⊆, R⊇〉modulo I is (strong) Church-Rosser iff

(−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ ⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇

The following lemma states sufficient conditions to define a search decisionprocedure for Ax ⊢POL t ⊆ u based on the relations I\R⊆ and I\R⊇.

Lemma 4.13 If the relations −−−−→I\R⊆

and −−−−→I\R⊇

are both computable15 and

quasi-terminating, the relation ←−−−→∗I⊆

is decidable, and 〈R⊆, R⊇〉 is strong Church-

Rosser modulo I, then there exists a decision procedure for the inclusion relationdefined by these relations.

13A well-founded quasi-ordering is a well-founded, reflexive and transitive relation.14Notice that although we use the notation −−−→

I\R, it does not means that this relation is

the monotonic and substitution closure of a set of rules, I\R is just the name of the relation.15We say that a relation −−−→

Ris computable iff the set {u | t −−−→

Ru} is finite and com-

putable for any given term t.


Proof: Like in the simpler case of the previous section, given two terms s andt, the algorithm generates the sets {s′ | s−−−−→∗

I\R⊆s′} and {t′ | t−−−−→∗

I\R⊇t′} and

seek for a term s′ from the first set and a term t′ from the second one such thats′←−−−→∗

I⊆t′. If relations −−−−→∗

I\R⊆and −−−−→∗

I\R⊇satisfy the above inclusions and the

Church-Rosser property then (−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ = −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇.

Now, it is easy to prove that the algorithm is a decision procedure for the relation−−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇and Ax ⊢POL s ⊆ t is equivalent to s(−−→

R⊆∪ ←−−−→

I⊆∪

←−−R⊇

)∗t.

The solution we propose of reducing the strong Church-Rosser property toa local bi-confluence property is inspired mainly by the two solutions known forthe equational case. In the following we consider how they can be adapted tobi-rewriting.

Huet (Huet, 1980; Kirchner, 1985a; Jouannaud and Kirchner, 1986) provethat given a set of rules R and equations E such that ←−−−→∗

E◦−−→

Ris terminat-

ing, R is strong Church-Rosser modulo E iff all peaks and cliffs are confluent:←−−

R◦−−→

R⊆ −−→∗

R◦←−−−→∗

E◦←−−∗

Rand ←−−−→

E◦−−→

R⊆ −−→∗

R◦←−−−→∗

E◦←−−∗

R. Notice

that these are sufficient and, what is also important, necessary conditions. Be-sides, the finiteness of the E-equivalence classes is not required. However, theseconfluence properties are too strong and can not be reduced to the confluenceof critical pairs unless the rules are left-linear.

To overcome this limitation for non-left-linear systems Peterson and Stickel(Peterson and Stickel, 1981) propose the use of a new rewriting relation E\R sat-isfying −−→

R⊆ −−−−→

E\R⊆ ←−−−→∗

E◦−−→

R. They prove that when this relation is E-

compatible, that is when ←−−−→∗E◦ −−→

R⊆ −−−−→

E\R◦←−−−→∗

E◦(←−−

R◦←−−−→∗

E)∗, and ter-

minating, then the Church-Rosser property becomes equivalent to the confluenceof peaks of the form ←−−−−

E\R◦−−−−→

E\R⊆ −−−−→∗

E\R◦←−−−→∗

E◦←−−−−∗

E\R. They also study

how a rewriting relation R can be extended to obtain a E-compatible rewritingrelation E\R when E is an associative and commutative theory. However, in thiscase the problem is that the set of critical pairs of the form t←−−−−

E\Ru−−−−→

E\Rv

is in general infinite.Jouannaud and Kirchner (Jouannaud and Kirchner, 1986) (see also theo-

rem 4, chapter 2 of (Kirchner, 1985b)) prove that when ←−−−→∗E

◦−−→R

◦←−−−→∗E

isterminating then the following three conditions are equivalent

1. Church-Rosser modulo E

(−−→R∪ ←−−−→

E∪ ←−−

R)∗ ⊆ −−−−→∗

E\R◦←−−−→∗

E◦←−−−−∗

E\R

2. confluence of (global) peaks and (global) cliffs:

←−−E\R

◦−−−−→E\R

⊆ −−−−→∗

E\R◦←−−−→∗

E◦←−−−−∗

E\R

←−−−→E

◦−−→E\R

⊆ −−−−→∗

E\R◦←−−−→∗

E◦←−−−−∗

E\R

3. confluence of local peaks and local cliffs:

←−−R

◦−−−−→E\R

⊆ −−−−→∗

E\R◦←−−−→∗

E◦←−−−−∗

E\R

←−−−→∗E

◦−−→E\R

⊆ −−−−→∗

E\R◦←−−−→∗

E◦←−−−−∗

E\R


Then these local confluences can be reduced to critical pairs confluence andto extended rules respectively.

Jouannaud and Kirchner also notice that their theorem is false if we requiretermination of −−−−→

E\Rinstead of that for ←−−−→∗

E◦−−→

R◦←−−−→∗

E. As a counter-

example we can take the rewriting system R = E\R = {b−−→ a, a−−→ d} withE = {a = b, b = c}. It satisfies local confluence properties and terminationof −−−−→

E\R, but it is not Church-Rosser. However, termination of −−−−→

E\Ris

enough to prove the equivalence between Church-Rosser property and “global”confluence properties. (Evidently, it is not enough to prove equivalence betweenlocal and global confluence properties).

As we will see in next subsection, proving confluence of local or of globalpeaks and cliffs makes no difference, therefore we have chosen this second optionbecause imposes a weaker termination condition. If we would adopt the firstoption, then we will need a well-founded and E-compatible ordering on terms,i.e. a well-founded ordering on E-equivalence classes of terms. In our case, thisE-compatible ordering on terms would be equivalent to requiring termination of

(←−−−→I⊆∪ ←−−−→

I⊇)∗◦(−−−−→

I\R⊆∪ −−−−→

I\R⊇)

As we will see in the following subsection, after proving lemma 4.17, there is nogain choosing this first option.

The following lemma adapts to bi-rewriting this second version of the resultsof Jouannaud and Kirchner.

Lemma 4.14 Let −−−−→I\R⊆

and −−−−→I\R⊆

be two rewriting relations satisfying

−−→R⊆

⊆ −−−−→I\R⊆

⊆ ←−−−→∗I⊆

◦−−→R⊆

and −−→R⊇

⊆ −−−−→I\R⊇

⊆ ←−−−→∗I⊇

◦−−→R⊇

. If their

union −−−−→I\R⊆

∪ −−−−→I\R⊆

is terminating then the following three conditions

←−−−→∗I⊆

◦−−−−→I\R⊆

⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇

←−−−−I\R⊇

◦←−−−→∗I⊆⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇

cliffs

←−−−−I\R⊇

◦−−−−→I\R⊆

⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇peaks

and the strong Church-Rosser property

(−−→R⊆∪ ←−−−→

I⊆∪ ←−−

R⊇)∗ ⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇

are equivalent.

Proof: It is evident that the Church-Rosser property implies the three localbi-confluence properties, so we will prove the opposite implication. Such proofis based on the ideas of proof transformation and proof ordering proposed byBachmair in his thesis (Bachmair, 1991) and in (Bachmair et al., 1986b).

Given a sequence of terms 〈v1, . . . vn〉, we say that it is a proof of s ⊆ t iffv1 = s, vn = t, and for any i ∈ [1..n−1] we have vi −−−−→I\R⊆

vi+1 or vi←−−−−I\R⊇vi+1


or vi←−−−→+

I⊆vi+1. Notice that we allow to concentrate one or more ←−−−→

I⊆rewriting

steps in a single proof step. Evidently, t ⊆ u has a proof iff t(−−→R⊆∪ ←−−−→

I⊆∪

←−−R⊇

)∗u.

In the following we define a set of transformations on the proofs of an in-clusion. Given a proof transformation rule 〈s, t, u〉 ⇒ 〈s, v, u〉, we can use it totransform 〈w1, s, t, u, w2〉 ⇒ 〈w1, s, v, u, w2〉. To prove the termination of suchtransformation relation we associate a multiset S(〈v1, . . . , vn〉) of terms to eachproof 〈v1, . . . , vn〉 defined as follows.

S(〈v〉) = ∅

S(〈v1, . . . , vn〉) = S(〈v1, . . . , vn−1〉) ∪

{vn−1, vn} if vn−1 −−−−→I\R⊆vn

or vn −−−−→I\R⊇vn−1

{v2n−1, v

2n} if vn−1←−−−→

+

I⊆vn

where ∪ denotes the multiset union operator and superscripts denote the num-ber of occurrences of an element in a multiset. We define a well-founded or-dering ≻ on these term multisets as the multiset extension of the order re-lation −−−−→+

I\R⊆∪ −−−−→+

I\R⊇which we have supposed terminating. This order-

ing on associated multisets defines a well-founded ordering on proofs. No-tice that this ordering is monotonic, i.e. if S(〈s, t, u〉) ≻ S(〈s, v, u〉), thenS(〈w1, s, t, u, w2〉) ≻ S(〈w1, s, v, u, w2〉). This is a key point to prove that if anyproof transformation rule 〈s, t, u〉 ⇒ 〈s, v, u〉 satisfies S(〈s, t, u〉) ≻ S(〈s, v, u〉)then the proof transformation relation is terminating.

If cliffs are bi-confluent, then for any cliff s←−−−→+I⊆

t−−−−→I\R⊆

u we have

s−−−−→I\R⊆

v1 · · · vp−1 −−−−→I\R⊆vp←−−−→

∗

I⊆wq←−−−−I\R⊇

wq−1 · · ·w1←−−−−I\R⊇u

and we can apply one of the following proof transformations rules to eliminateit

〈s, t, u〉 ⇒ 〈s, v1, . . . , vp, wq, . . . , w1, u〉 if vp←−−−→+

I⊆wq

〈s, t, u〉 ⇒ 〈s, v1, . . . , vp−1, wq, . . . , w1, u〉 if s−−−−→+

I\R⊆vp = wq

〈s, t, u〉 ⇒ 〈s, wq−1, . . . , w1, u〉 if s = vp = wq←−−−−+

I\R⊇u

〈s, t, u〉 ⇒ 〈s〉 if s = vp = wq = u

where p, q ≥ 0, except in the second rule where p ≥ 1, and the third rule whereq ≥ 1. Now, taking into account that s ≻ v1 ≻ · · · ≻ vp and t ≻ u ≻ w1 ≻· · · ≻ wq, we can prove that the multiset associated to the left part of the rulesS(〈s, t, u〉) = {s2, t3, u} is strictly greater than the multisets associated to theright part of the rules, which are respectively:

S(〈s, v1, . . . , vp, wq, . . . , w1, u〉) = {s, v21 , . . . , v2

p, w2q , w2

2, . . . , w21, u} ∪

16{vp, wq}S(〈s, v1, . . . , vp−1, wq, . . . , w1, u〉) = {s, v2

1 , . . . , v2p−1, w

2q , . . . , w2

1, u}S(〈s, wq−1, . . . , w1, u〉) = {s, w2

q−1, . . . , w21, u}

S(〈s〉) = ∅


Similarly, if peaks are bi-confluent, then we can also apply the same proof trans-formations rule to any peak s←−−−−

I\R⊇t−−−−→

I\R⊆u. And, taking into account that

now t ≻ s ≻ v1 ≻ · · · ≻ vp and t ≻ u ≻ w1 ≻ · · · ≻ wq, we can also prove thatthe multiset associated to the left part of the rule, now S(〈s, t, u〉) = {s, t2, u}is also strictly greater than the multisets associated to the corresponding rightparts of the rules.

Evidently, if we iterate this process, the resulting canonical (normal) proofwill not contain any cliffs nor peaks. Therefore it will be of the form −−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇.

The process can not be applied infinitely, because the transformation relation isterminating. We conclude that if s ⊆ t has a proof, then it has a canonical proofof the form s−−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇t. Therefore, the Church-Rosser property

holds for these rewriting relations.

Now, the logical process would be to reduce the bi-confluence of peaks of theform ←−−−−

I\R⊇◦−−−−→

I\R⊆to the bi-confluence of peaks of the form ←−−−−

I\R⊇◦−−→

R⊆

or ←−−R⊇

◦−−−−→I\R⊆

, as Jouannaud and Kirchner suggested for the equational case.

However, as the following counter-example shows, not any definition of −−−−→I\R

satisfying −−→R⊆ −−−−→

I\R⊆ ←−−−→∗

I◦−−→

Rpermits such reduction, unless we

require termination of (←−−−→I⊆∪ ←−−−→

I⊇)∗◦(−−−−→

I\R⊆∪ −−−−→

I\R⊇).

Counter-example. Consider the rewriting relations defined by the following setsof rules.

I⊆ = {a1←−−−→⊆ b, b←−−−→⊆ a2}

R⊆ = {a1 −−→⊆

b, a2 −−→⊆

c2}R⊇ = {a2 −−→

⊆b, a1 −−→

⊆c1}

c1 a1 b a2 c2R⊇ I⊆ I⊆ R⊆

R⊆ R⊇

� --� � -

� I

If we define −−−−→I\R⊆

def= −−→

R⊆∪←−−−→

I⊆◦−−→

R⊆and −−−−→

I\R⊇

def= −−→

R⊇∪←−−−→

I⊇◦−−→

R⊇,

we will obtain two rewriting relations such that −−−−→I\R⊆

∪ −−−−→I\R⊇

is terminating

and the properties −−→R⊆ −−−−→

I\R⊆ ←−−−→∗

I◦−−→

Rhold, however, although any

peak of the form ←−−−−I\R⊇

◦−−→R⊆

or ←−−R⊇

◦−−−−→I\R⊆

and any cliff is bi-confluent,

there is a peak c1←−−−−I\R⊇b−−−−→

I\R⊆c2 which is not bi-confluent.

Fortunately, the method of rule extensions and the concrete definition ofthe relation −−−−→

I\Rensures that, if inclusions in I are linear, then ←−−−→∗

Iand

−−−−→I\R

commute, i.e. ←−−−→∗I

◦−−−−→I\R

⊆ −−−−→I\R

◦←−−−→∗I

. This property is strongerthan the confluence of cliffs, and permits the desired reduction. However, suchmethod takes into account the structure of terms, so we will describe it in thenext subsection.

16Notice that in this case we can have s = vp, u = wq or both together. With such unionwe capture four cases.


4.3.2 From Local Bi-Confluence to (Extended) CriticalPairs

Till now, we have studied Church-Rosser, termination and bi-confluence prop-erties in the framework of relational algebra (Baumer, 1992). All proofs aredone without any reference to the structure of terms. In the following, we willconsider the term structure in order to reduce the bi-confluence properties tothe bi-confluence of critical pairs and rule extensions.

We begin defining the rewrite relations I\R⊆ and I\R⊇ that were only ax-iomatically characterized by −−→

R⊆ −−−−→

I\R⊆ ←−−−→∗

I◦−−→

Rin the previous

subsection.

Definition 4.15 We say that s R⊆-rewrites to t modulo I⊆, written s−−−−→I\R⊆

t,

iff there exists a rule l−−→ r in R⊆, an occurrence p in s, and a substitution σsuch that s|p←−−−→

∗

I⊆σ(l) and t = s[σ(r)]p.

Similarly for s R⊇-rewrites to t modulo I⊇, written s−−−−→I\R⊇

t.

With this definition −−−−→I\R⊆

really verifies −−→R⊆

⊆ −−−−→I\R⊆

⊆ ←−−−→∗I⊆

◦−−→R⊆

although in general ←−−−→∗I⊆

◦−−→R⊆

6⊆ −−−−→I\R⊆

. The choice of such definition is

motivated, as in the equational case, by the fact that local bi-confluence ofpeaks ←−−

R⊇◦−−−−→

I\R⊆and ←−−−−

I\R⊇◦−−→

R⊆can be reduce to the bi-confluence of a

selected set of critical pairs.We will use the notions of E-matching and E-unification from (Peterson and

Stickel, 1981) but adapted to bi-rewriting. Given two terms s and t, we saythat s I-matches t iff there exists a substitution σ such that s←−−−→∗

I⊆σ(t), and

s I−1-matches t iff there exists a substitution σ such that s←−−−→∗I⊇

σ(t). We say

that s I-unifies with t iff there exists a substitution σ such that σ(s)←−−−→∗I⊆

σ(t).

This substitution is said to be a minimum unifier if for any other unifier σ′,if σ = ρ◦σ′, then ρ is a renaming of variables. Notice that, since ←−−−→

I⊆is not

necessarily symmetric, I-matching and I−1-matching are in general differentnon-symmetric relations, and I-unification is neither a symmetric relation. Wewill suppose in the following that I-unification and I and I−1-matching aredecidable.

As in the equational case (to prove bi-confluence of cliffs or E-compatibility),we will prove the commutativity properties by means of the rule extension andthe extensionally closed property defined as follows.

Definition 4.16 Given an inclusion l ⊆ r in I, and a rule s−−→⊆ t in R⊆, if r|pI-unify with s, being σ a minimum unifier, and r|p is neither a variable nor equalto r, then we say that σ(l)−−→⊆ σ(r[t]p) is a right-I-extended rule of R⊆.Given a set of rules R⊆ and inclusions I, R⊆ is said to be right-I-extensionallyclosed iff any right-I-extended rule l−−→⊆ r of R⊆ satisfies l−−−−→

I\R⊆◦←−−−→∗

I⊆r.

We define left-I-extended rule and left-I-extensionally closed similarly changing⊆ by ⊇ and “r|p I-unify with s” by “s I-unify with r|p”.


Notice that in the previous definition, to consider a rewriting system exten-sionally closed, we require any rule extension l−−→⊆ r to satisfy l−−−−→

I\R⊆◦←−−−→∗

I⊆r,

it is not enough to require the pair l ⊆ r to be bi-confluent.Since ←−−−→

Imay be non-symmetric, we have had to distinguish between right-

and left-extensionality in the previous definition. We will use a completionprocedure to ensure that the final bi-rewriting system satisfies that R⊆ is right-I-extensionally closed, and that R⊇ is left-I-extensionally closed.

The following lemma states that, if all inclusions in I are linear, then theextensionally closed property ensures the commutativity of ←−−−→∗

Iand −−−−→

I\R.

Notice that this property is stronger than the bi-confluence of cliffs required inthe previous subsection.

Lemma 4.17 Critical cliff lemma. If all inclusions in I are linear, and R⊆ isright-I-extensionally closed, then ←−−−→∗

I⊆and −−−−→

I\R⊆commute, i.e. ←−−−→∗

I⊆◦−−−−→

I\R⊆⊆

−−−−→I\R⊆

◦←−−−→∗I⊆

.

Similarly for ←−−−→∗I⊇

and −−−−→I\R⊇

if the later is left-I-extensionally closed.

Proof: The conclusion of the lemma is equivalent to ←−−−→I

◦−−−−→I\R

⊆ −−−−→I\R

◦←−−−→∗I

.Suppose a←−−−→

I⊆b−−−−→

I\Rc, then there exists a position p1 in a, a position p2 in

b, two substitutions σ1 and σ2, an inclusion s←−−−→I⊆

t in I and a rule l−−→R

r in R

such that:a|p1

= σ1(s) b|p2←−−−→∗

Iσ2(l)

b = a[σ1(t)]p1c = b[σ2(r)]p2

We have to consider the following three cases.

case p1|p2 Applying the definition of rewriting modulo we prove that a−−−−→I\R

a[σ2(r)]p2.

Now, if both redex do not overlap then a[σ2(t)]p2= b[σ1(l)]p1

[σ2(t)]p2=

b[σ2(t)]p2[σ1(l)]p1

= c[σ1(l)]p1. Finally, we have a−−−−→

I\Ra[σ2(r)]p2

=c[σ1(l)]p1

←−−−→I

c.

case p1 ≺ p2 Let v satisfy p2 = p1 · v. We have σ1(t)|v←−−−→∗

Iσ2(l). There are

two possibilities:

• If v is a position in t, and t|v is not a variable, we are in the conditionsof definition 4.16, i.e. t|v I-unify with l being σ a minimum unifier(smaller than σ1◦σ2, so σ1◦σ2 = ρ◦σ for some substitution ρ), and wecan generate an extensional rule with s ⊆ t and l−−→ r. Now, if R isI-extensionally closed, then this rule, or a generalization of this rule,will belong to R and we can rewrite a into c using it at position p1

with the substitution ρ.

• Otherwise, there exist two occurrences v1 and v2 satisfying p1 ·v1 ·v2 =p2 and being t|v1

= x a variable. If all inclusions in I are right-linearthen t|v1

is the only occurrence of x in t, moreover if all inclusions areleft-linear then x occurs once in s. Let v′

1 be this occurrence of x ins. We have a|p1·v′

1·v2←−−−→∗

Iσ2(l) and therefore a−−−−→

I\Ra[σ2(r)]p1·v′

1·v2.


Finally, we prove that a[σ2(r)]p1·v′1·v2←−−−→

Ic using the same equation

s ⊆ t, at the same position p1, but with a substitution σ′1 defined as

σ′1(y) = σ1(y) for any y 6= x, and σ′

1(x) = σ1(x)[σ2(r)]v2. Notice that

is in this case, with variable overlapping, when we have to requireboth left- and right-linearity of s ⊆ t.

case p1 � p2 Let v be the occurrence such that p2·v = p1. We prove a|p2←−−−→

Ib|p2

using the equation s ⊆ t at position v with the substitution σ1. Now, asfar as a|p2

←−−−→I

b|p2←−−−→∗

Iσ2(l), we have a−−−−→

I\Rc using the rule l−−→ r

and σ2 at position p2.

Notice that the conclusion of the previous lemma, not only ensures the bi-confluence of cliffs, but also allows to reduce the bi-confluence of peaks of theform ←−−−−

I\R⊇◦−−−−→

I\R⊆to the confluence of the peaks of the form ←−−

R⊇◦−−−−→

I\R⊆

or ←−−−−I\R⊇

◦−−→R⊆

using the following sequence of inclusions

←−−−−I\R⊇

◦−−−−→I\R⊆

⊆ ←−−R⊇

◦←−−−→∗I⊆

◦−−−−→I\R⊆

⊆ ←−−R⊇

◦−−−−→I\R⊆

◦←−−−→∗I⊆⊆ · · ·

−−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇◦←−−−→∗

I⊆⊆ · · · if peaks are bi-confluent

−−−−→∗

I\R⊆◦←−−−→∗

I⊆◦←−−−→∗

I⊆◦←−−−−∗

I\R⊇if cliffs commute

Notice also that like in (Peterson and Stickel, 1981), and differently from(Jouannaud and Kirchner, 1986), the inclusions in I are required to be (bothleft- and right-) linear.

There is a way to avoid left-linearity in the previous lemma. The reader maycheck that to prove local commutativity ←−−−→

I⊆◦−−−−→

I\R⊆⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆(where

several −−−−→I\R⊆

rewriting steps are allowed to eliminate the variable overlap-

ping cliff) we only would need right-linearity. If we use a well-founded and(←−−−→∗

I⊆∪ ←−−−→∗

I⊇) compatible ordering to prove the termination of the relation

−−−−→I\R⊆

∪ −−−−→I\R⊇

(like it is done in the equationa case), we can reduce the

(global) commutativity property ←−−−→∗I⊆

◦−−−−→∗

I\R⊆⊆ −−−−→∗

I\R⊆◦←−−−→∗

I⊆to the previ-

ous local commutativity. Unfortunately, it seems that we can not avoid right-linearity unless we use some kind of “extended critical cliff”. However, even notbeing necessary in this case, left-linearity will be necessary to prove commutativ-ity of ←−−−→∗

I⊇and −−−−→∗

I\R⊇. Therefore, there is no gain in choosing this alternative,

because linearity is always necessary unless we use some kind of extended criticalcliffs.

For the bi-confluence of peaks we use a definition of (extended) critical pairssimilar to the one introduced in the previous section.

Definition 4.18 If l−−→⊆ r ∈ R⊆ and s−−→⊇ t ∈ R⊇ are two rewriting rulesnormalized apart, and p is a position in s, then

(i) if s|p is not a variable and σ is a minimum I-unifier of s|p and l, then

σ(t) ⊆ σ(s[r]p) ∈ ECP (I\R⊆, R⊇)

is a (standard) critical pair,


(ii) if s|p = x is a repeated variable in s, F is a term containing only freshvariables, q is a position in F , and l−−−−→∗

I\R⊇◦←−−−→∗

I⊇r does not hold, then

σ(t) ⊆ σ(s[F [r]q]p) ∈ ECP (I\R⊆, R⊇)

is an (extended) critical pair where the domain of σ is {x} and σ(x) =F [l]q.

The set ECP (R⊆, I\R⊇) can be defined similarly.

Again we have had to introduce critical pair schemes which may generateinfinitely many critical pairs. Using this extended definition of critical pairsand the definition of extensionally closed bi-rewriting system we can prove thefollowing theorem which characterizes the strong Church-Rosser property of a〈R⊆, R⊇〉 bi-rewriting system modulo I.

Theorem 4.19 Critical pair lemma. Given two sets of rules R⊆ and R⊇

and a set of inclusions I, if −−−−→I\R⊆

∪ −−−−→I\R⊇

is terminating, −−−−→I\R⊆

is right-

I-extensionally closed, −−−−→I\R⊇

is left-I-extensionally closed, all inclusions in

I are linear, and all standard and extended critical pairs ECP (I\R⊆, R⊇) andECP (R⊆, I\R⊇) are bi-confluent, then 〈I\R⊆, I\R⊇〉 is (strongly) Church-Rossermodulo I.

Proof: We use lemma 4.14 to prove the Church-Rosser property. We are inthe conditions of lemma 4.17, therefore we can ensure the bi-confluence of cliffs.Furthermore, as we have already commented, we can reduce the confluence ofpeaks to the confluence of peaks of the form ←−−

R⊇◦−−−−→

I\R⊆. Let’s study then

this condition.Suppose we have a←−−

R⊇b−−−−→

I\R⊆c where reductions take place at two posi-

tions p1 and p2 of b, using two rules s−−→⊇ t and l−−→⊆ r respectively:

b|p1= σ1(s) b|p2

←−−−→∗I⊆

σ2(l)

a = b[σ1(t)]p1c = b[σ2(r)]p2

Three cases must be considered:

case p1|p2 As in the commutativity case, we prove that both reductions can bepermuted and we reduce a = b[σ1(t)]p1

−−−−→I\R⊆

c[σ1(t)]p1= b[σ2(r)]p2

[σ1(t)]p1

and c = b[σ2(r)]p2−−→

R⊇a[σ2(r)]p2

= b[σ1(t)]p1[σ2(r)]p2

to the same term.

case p1 ≺ p2 Let v be the occurrence such that p2 = p1·v. We have σ1(s)|v←−−−→∗

I⊆σ2(l).

There are three possibilities:

• Position v is a non-variable occurrence of s.

Then the divergence σ1(t)←−−R⊇σ1(s)−−−−→I\R⊆

σ1(s)[σ2(r)]v we are con-

sidering is an instance of the standard critical pair σ(t) ⊆ σ(s)[σ(r)]vgenerated by I-unifying s|v and l, and therefore it is bi-confluent asfar as any standard critical pair in ECP (I\R⊆, R⊇) is bi-confluent.

4.4. Three Examples: Towards a Completion Procedure 79

• Subterm s|v is a repeated variable x of s, or the occurrence of v inσ1(s)|v is bellow a repeated variable x of s, i.e. there exists a pair ofpositions v1 · v2 = v such that s|v1

is a repeated variable x of s.

In this case the divergence being studied is an instance of the extendedcritical pair t[x 7→ F [l]v2

] ⊆ (s[x 7→ F [l]v2])[F [r]v2

]v1, and therefore it

will be bi-confluent if any extended critical pair of ECP (I\R⊆, R⊇)is bi-confluent.

• Subterm s|v is a non-repeated variable or σ1(s)|v is bellow a non-repeated variable x of s, i.e. there exist two positions such that v =v1 · v2 and s|v1

= x is a non-repeated variable of s.

In this case we can rewrite a and c into a common term in the followingway. We apply the rewriting step σ1(x) = σ1(s)|v1

−−−−→I\R⊆

σ1(x)[σ2(r)]v1

to any occurrence of x in t, i.e. of σ1(x) in a = b[σ1(t)]p1. On the

other hand, we apply the rule s−−→⊇ t to the position p1 of c, butusing the substitution σ′

1 defined as σ′1(y) = σ1(y) for any y 6= x and

σ′1(x) = σ1(x)[σ2(r)]v2

instead of σ1. In both cases we obtain thesame result.

case p1 � p2 Here we can suppose that the ←−−−→I⊆

rewriting steps, between

the ←−−R⊇

and the −−→R⊆

rewriting steps, occur bellow p1 and p2, like

it is also argued in the equational case: if the divergence a ⊆ c be-ing studied is generated as a←−−−−

I\R⊇b←−−−→∗

I⊆b[σ2(l)]p2

−−→R⊆

c, we can use

lemma 4.17 to commute the step ←−−−−I\R⊇

and the steps ←−−−→∗I⊆

obtaining

a←−−−→∗I⊆

d←−−−−I\R⊇

b[σ2(l)]p2−−→

R⊆c for some term d. Now, we only need to

prove the bi-confluence of the peak d←−−−−I\R⊇

b[σ2(l)]p2−−→

R⊆c. However, this

situation is completely equivalent to the previous second case p1 ≺ p2 if wechange −−→

R⊇by −−→

R⊆and −−−−→

I\R⊆by −−−−→

I\R⊇, therefore all divergences

of this kind will be bi-confluent if all critical pairs in ECP (R⊆, I\R⊇) arebi-confluent.

Notice that at this point it becomes clear that if the commutativity of−−−−→

I\Rand ←−−−→∗

Idid not hold and we only had bi-confluence of cliffs,

then we could not suppose that the ←−−−→∗I

rewriting steps in the peak←−−

R⊇◦−−−−→

I\R⊆always occur bellow the innermost of the redexes, and we

would have to change the definition of critical pair.

4.4 Three Examples: Towards a CompletionProcedure

As we said in the previous sections, bi-rewriting compared with equationalrewriting, faces the extra difficulty of a possible infinite set of critical pairs.Non-left-linear rules may generate what we called critical pair schemes (see defi-nitions 4.9 and 4.18). In this section instead of giving the completion procedure


we sketch out the possibilities of completion a la Knuth-Bendix of three examplesof bi-rewriting systems by means of rule schemes. Other completion methods,like unfailing completion (Bachmair et al., 1989b) are also suitable of beingapplied to automate the deduction in theories with monotonic order relations,using the same notion of extended critical pair.

4.4.1 Inclusion Theory of the Union Operator

The inclusions defining the theory of the union operator can be oriented followinga simplification ordering as follows:

r1 X ∪X −−→⊆ Xr2 X ∪ Y −−→⊇ Xr3 X ∪ Y −−→⊇ Y

Although the standard critical pairs (scp) of this system are bi-confluent, thepresence of the non-left-linear rule X ∪X −−→⊆ X also makes necessary the con-sideration of the extended critical pairs (ecp). We will do this in two steps. First,we consider scp and the finite subset of ecp of the particular form 〈σ(t), σ(s[r]p)〉where s|p = x is a repeated variable in the non-left-linear rule 〈s−−→⊆ t〉 ∈ R⊆,〈l−−→⊇ r〉 ∈ R⊇ being the other rule, and σ substitutes x by l. It corresponds tothe general extended critical pair definition where the context F [·]p is a hole [·]itself. Using the standard Knuth-Bendix completion procedure and a reductionordering, we generate, among others, the following rules:

r4 Y ∪ (X ∪ Y )−−→⊆ X ∪ Y ecp from r1 and r3

r5 Y ∪X←−−−→⊆ X ∪ Y scp from r2 and r4

r6 (X ∪ Y ) ∪ Y −−→⊆ X ∪ Y ecp from r1 and r3

r7 (X ∪ Y ) ∪ (Y ∪ Z)−−→⊆ X ∪ (Y ∪ Z) ecp from r2 and r6

r8 (X ∪ Y ) ∪ Z←−−−→⊆ X ∪ (Y ∪ Z) scp from r3 and r7

Rules r5 and r8, corresponding to the commutativity and associativity (AC)properties of the union, make redundant any other rule generated by the subsetof ecp we are considering. It is well known that these rules can not be orientedin a reduction ordering. This fact makes necessary the use of 〈{r1}, {r2}〉 bi-rewriting modulo I = {r5, r8}. Notice that in this case the relation definedby non-orientable rules is symmetric, i.e. ←−−−→∗

I⊆= ←−−−→∗

I⊇, thus we can use the

standard algorithms of AC-matching and AC-unification, as well as the flatnotation for the infix operator ∪.

Let’s consider now the general form of ecp, i.e. 〈σ(t), σ(s[F [r]q]p)〉 whereF [·]p is a context and σ substitutes s|p = x by F [l]q. Using them we generatean extended critical pair which is made bi-confluent adding the following rulescheme:

r9 F [X] ∪ F [X ∪ Y ]−−→⊆ F [X ∪ Y ] ecp from r1 and r2


The orientation of this rule does not depend on the instance we take of thecritical pair scheme, and it will be the same for any simplification ordering. Thisrule scheme generates the following scp:

F [X] ∪ F [Y ] ⊆ F [X ∪ Y ] scp from r2 and r9

Now, the orientation of this critical pair depends on the reduction orderingbeing used. If we use a lexicographic path ordering where ∪ is greater than anyother symbol of the signature, then it will be oriented as follows for any instanceof the critical pair.

r10 F [X] ∪ F [Y ]−−→⊆ F [X ∪ Y ] from r2 and r9

Now r9 is subsumed by r1 and r10.Notice that we are dealing with rule schemes instead of ordinary rules, thus we

can not continue the completion process unless we have a critical pair definitionfor rule schemes.

The repeated context F [·] in the left hand side of the rule originates a problemsimilar to the one caused by non-left-linear rules. We can consider the followingparticular form of r10, where we suppose that F [·] is a context containing X ′∪Y ′

as a subexpression, i.e. F [·]def= G[X ′ ∪ Y ′, ·].

r11 G[X ′ ∪ Y ′,X] ∪G[X ′ ∪ Y ′, Y ]−−→⊆ G[X ′ ∪ Y ′,X ∪ Y ]

This instantiation of the rule scheme r10 generates new non-confluent criticalpairs with r1, which introduces the following rule schemes:

G[X ′,X] ∪G[X ′ ∪ Y ′, Y ]−−→⊆ G[X ′ ∪ Y ′,X ∪ Y ]G[X ′,X] ∪G[Y ′, Y ]−−→⊆ G[X ′ ∪ Y ′,X ∪ Y ]

It can be induced then that the completion process would introduce infinitelymany rule schemes with the form:

r12 G[X1, . . . ,Xn] ∪G[Y1, . . . , Yn]−−→⊆ G[X1 ∪ Y1, . . . ,Xn ∪ Yn]

for any n > 0.If we are interested in an unfailing completion procedure, the fact that this

set of rules would be infinite is not relevant, but we can not obtain a canonicalbi-rewriting system (in the sense of Knuth-Bendix completion) in this way. How-ever, in this case, if the signature F is finite, these (infinite) set of rule schemeswill be subsumed by the following (finite) set of rules:

r(f)13 f(X1, . . . ,Xn) ∪ f(X ′

1, . . . ,X′n)−−→⊆ f(X1 ∪X ′

1, . . . ,Xn ∪X ′n)

for any n > 0 and any f ∈ Fn.To prove this result we decompose an application of the rule scheme r12 into

simple applications of the rules r13 using the following compositional property:

F [G[X1 . . . Xn]] ∪ F [G[Y1 . . . Yn]] −−→⊆ F [G[X1 . . . Xn] ∪G[Y1 . . . Yn]]−−→⊆ F [G[X1 ∪ Y1 . . . Xn ∪ Yn]]


Finally, using this “manual” completion process we obtain the canonical〈R⊆, R⊇〉 bi-rewriting modulo I system shown in figure 4.3. Rules rext

1 and rext13

are the I-extensions of the rules r1 and r13.

R⊆ =

r1 X ∪X −−→⊆ Xrext1 X ∪X ∪ Y −−→⊆ X ∪ Y∀f ∈ Fn

r13 f(X1 . . . Xn) ∪ f(Y1 . . . Yn)−−→⊆ f(X1 ∪ Y1 . . . Xn ∪ Yn)rext13 f(X1 . . . Xn) ∪ f(Y1 . . . Yn) ∪ Z −−→⊆

−−→⊆ f(X1 ∪ Y1 . . . Xn ∪ Yn) ∪ Z

R⊇ ={

r2 X ∪ Y −−→⊇ X

I =

{

r5 Y ∪X←−−−→⊆ X ∪ Yr8 (X ∪ Y ) ∪ Z←−−−→⊆ X ∪ (Y ∪ Z)

Figure 4.3: A canonical bi-rewriting system for the inclusion theory of the union.

4.4.2 Inclusion Theory of Non-Distributive Lattices

The presentation of non-distributive lattices theory may be given by the followingset of inclusions:

X ∪X ⊆ X X ⊆ X ∩XX ⊆ X ∪ Y X ∩ Y ⊆ XY ⊆ X ∪ Y X ∩ Y ⊆ Y

Applying to them the completion process of the previous subsection we getthe canonical 〈R⊆, R⊇〉 bi-rewriting modulo I system shown in figure 4.4. Thisis basically a duplication of the bi-rewriting system of figure 4.3. Notice thatrule r4 for f = ∩ : (X1 ∩X2)∪ (Y1 ∩ Y2)−−→

⊆(X1 ∪ Y1)∩ (X2 ∪ Y2) is subsumed

by r3 , and r8 for f = ∪ is subsumed by r7.

We don’t know of any canonical rewriting system for non-distributive lat-tices, although it exists for distributive lattices (Hullot, 1980) and for booleanrings (Hsiang and Dershowitz, 1983). So its modeling by a bi-rewriting sys-tem represents a contribution to rewriting techniques. The lack of disjunctiveand conjunctive normal forms in non-distributive lattices is the cause of non-existence of a canonical rewriting system for them. On the contrary, the pro-posed bi-rewriting system has two normalizing rules. Rules r3 and r7 actingin opposite directions allow to get a disjunctive normal form the first, and theother a conjunctive normal form. In a non-distributive lattice these rules arestrict inclusions therefore they can not be used as equational rewrite rules. Fur-thermore, if they are put together in a unique rewriting system then we lose thetermination property.


R⊆ =

r1 X ∪X −−→⊆ Xrext1 X ∪X ∪ Y −−→⊆ X ∪ Y

r2 X ∩ Y −−→⊆ Xr3 X ∪ (Y ∩ Z)−−→⊆ (X ∪ Y ) ∩ (X ∪ Z)

rext3 X ∪ (Y ∩ Z) ∪ T −−→⊆

(

(X ∪ Y ) ∩ (X ∪ Z))

∪ T

∀f ∈ Fn

r4 f(X1 . . . Xn) ∪ f(Y1 . . . Yn)−−→⊆ f(X1 ∪ Y1 . . . Xn ∪ Yn)rext4 f(X1 . . . Xn) ∪ f(Y1 . . . Yn) ∪ Z −−→⊆

−−→⊆ f(X1 ∪ Y1 . . . Xn ∪ Yn) ∪ Z

R⊇ =

r5 X ∩X −−→⊇ Xrext5 X ∩X ∩ Y −−→⊇ X ∩ Y

r6 X ∪ Y −−→⊇ Xr7 X ∩ (Y ∪ Z)−−→⊇ (X ∩ Y ) ∪ (X ∩ Z)

rext7 X ∩ (Y ∪ Z) ∩ T −−→⊇

(

(X ∩ Y ) ∪ (X ∩ Z))

∩ T

∀f ∈ Fn

r8 f(X1 . . . Xn) ∩ f(Y1 . . . Yn)−−→⊇ f(X1 ∩ Y1 . . . Xn ∩ Yn)rext8 f(X1 . . . Xn) ∩ f(Y1 . . . Yn) ∩ Z −−→⊇

−−→⊇ f(X1 ∩ Y1 . . . Xn ∩ Yn) ∩ Z

I =

r9 Y ∪X←−−−→⊆ X ∪ Yr11 Y ∩X←−−−→⊆ X ∩ Yr10 (X ∪ Y ) ∪ Z←−−−→⊆ X ∪ (Y ∪ Z)r12 (X ∩ Y ) ∩ Z←−−−→⊆ X ∩ (Y ∩ Z)

Figure 4.4: A canonical bi-rewriting system for the inclusion theory of non-distributive lattices.


4.4.3 Inclusion Theory of Distributive Lattices

The example we present now is the inequality specification of distributive lat-tices. This specification is the base for many other specifications or specifica-tion languages like the Unified Algebras (Mosses, 1989b; Mosses, 1989c; Mosses,1989a). The presentation of the distributive lattice theory may be given by thefollowing set of inclusions:

X ∪X ⊆ X X ∩X ⊇ XX ∪ Y ⊇ X X ∩ Y ⊆ XX ∪ Y ⊇ Y X ∩ Y ⊆ YX ∩ (Y ∪ Z) ⊆ (X ∩ Y ) ∪ (X ∩ Z)

As we have seen in the previous examples, the orientation of all these inclu-sions to the right results in a terminating bi-rewriting system where all standardcritical pairs are confluent. However, the presence of the two non-left-linearrules X ∪X −−→⊆ X and X ∩X −−→⊇ X makes necessary the consideration of theextended critical pairs. If we only take into account, in a first step, all thoseextended critical pairs of the form 〈σ(α1[β2]p), σ(β1)〉, which correspond to theparticular case where the position q in F is the most external one q = λ, thenwe can generate the following sequence of new rules:

q1 Y ∪ (X ∪ Y )−−→⊆ X ∪ Yq2 Y ∪X←−−−→⊆ X ∪ Y

q3 (X ∪ Y ) ∪ Y −−→⊆ X ∪ Yq4 (X ∪ Y ) ∪ (Y ∪ Z)−−→⊆ X ∪ (Y ∪ Z)q5 (X ∪ Y ) ∪ Z←−−−→⊆ X ∪ (Y ∪ Z)

and the equivalent ones for ∩. The rules q2 and q5 are non-orientable andsubsume the rest of rules. They make necessary the use of the bi-rewritingmodulo a set of inclusions technique. These rules are symmetric –they are reallyequations–, therefore we can apply the standard commutative-associative closuredefinition (Peterson and Stickel, 1981). We obtain then the following set of rules.

R⊆

=

r1 X ∪X −−→⊆ Xrext1 X ∪X ∪ Y −−→⊆ X ∪ Y

r2 X ∩ Y −−→⊆ Xr3 X ∩ (Y ∪ Z)−−→⊆ (X ∩ Y ) ∪ (X ∩ Z)

rext3 X ∩ (Y ∪ Z) ∩ T −−→⊆

(

(X ∩ Y ) ∪ (X ∩ Z))

∩ T

R⊇

=

r4 X ∩X −−→⊇ Xrext4 X ∩X ∩ Y −−→⊇ X ∩ Y

r5 X ∪ Y −−→⊇ X

I =

r6 Y ∪X←−−−→⊆ X ∪ Yr7 (X ∪ Y ) ∪ Z←−−−→⊆ X ∪ (Y ∪ Z)r8 Y ∩X←−−−→⊆ X ∩ Yr9 (X ∩ Y ) ∩ Z←−−−→⊆ X ∩ (Y ∩ Z)


In a second step we have to consider also those rules needed to make confluentthe rest of extended critical pairs. They are the following ones:

F [X] ∪ F [X ∪ Y ] ⊆ F [X ∪ Y ]F [X ∩ Y ] ⊆ F [X] ∩ F [X ∩ Y ]

First, we will study the second extended critical pair. If we orient it to theleft, we obtain the rule scheme F [X]∩F [X∩Y ]−−→⊇ F [X∩Y ]. This rule schemegenerates a standard critical pair with the rule X ∩ Y −−→⊆ Y , which is madeconfluent adding the rule scheme F [X] ∩ F [Y ]−−→⊇ F [X ∩ Y ]. The overlappingof the context F [ ] of this rule scheme with the left part of the rule X ∩Y −−→⊆ Ygenerates infinitely many rule schemes F [X1, . . . ,Xn]∩F [Y1, . . . , Yn]−−→⊇ F [X1∩Y1, . . . ,Xn ∩ Yn] for n ≥ 1. The following (normal) rules subsume these ruleschemes.

r10 X ∩ (Y ∪ Z)−−→⊇ (X ∩ Y ) ∪ (X ∩ Z)∀f ∈ Σn .

r(f)11 f(X1, . . . ,Xn) ∩ f(Y1, . . . , Yn)−−→⊇ f(X1 ∩ Y1, . . . ,Xn ∩ Yn)

The rule r10 subsumes the instantiation of r(f)11 for the symbol ∪ ∈ Σ2.

The dual solution is not applicable to F [X] ∪ F [X ∪ Y ] ⊆ F [X ∪ Y ] becauseX ∪ (Y ∩ Z)−−→⊆ (X ∪ Y ) ∩ (X ∪ Z) and the distributive rule r3 would leadto the non-termination of the system. This problem can be avoided using thealternative set of rules:

r(f)12 f(X1, . . . ,Xn) ∪ f(Y1, . . . , Yn)−−→⊆ f(X1 ∪ Y1, . . . ,Xn ∪ Yn)

r(f)13

(

X ∩ f(Y1, . . . , Yn))

∪(

X ∩ f(Z1, . . . , Zn))

−−→⊆

−−→⊆ X ∩ f(Y1 ∪ Z1, . . . , Yn ∪ Zn)

They do not subsume F [X]∪F [Y ]−−→⊆ F [X∪Y ], but are particular instancesof this rule schema. The last rule r13 is non-left-linear and generates a newextended critical pair which becomes confluent if we add the following rule.

r(f)14

(

X ∩ f(Y1, . . . , Yn))

∪(

Z ∩ f(V1, . . . , Vn))

−−→⊆

−−→⊆ (X ∪ Z) ∩ f(Y1 ∪ V1, . . . , Yn ∪ Vn)

Rules r(f)14 and r1 subsume r

(f)13 .

Let us prove now that rules r12 and r14 makes confluent the extended crit-

ical pair F [X] ∪ F [X ∪ Y ] ⊆ F [X ∪ Y ]. Rules r(f)12 and r

(f)14 subsume F [X] ∪

F [Y ]−−→⊆ F [X ∪ Y ] when the schema17 F [·] can be expressed as a composi-tion F [·] = F1[. . . Fn[·] . . .] of schemas, where each one of this schemes satisfiesFi[·] = f(. . . , ·, . . .), or Fi[·] = E1 ∩ f(. . . , ·, . . .) ∩ E2 for any symbol f differentfrom ∩, and any expressions E1, E2. It can be proved that any scheme F [·] canbe expressed as F [·] = G[E1∩·∩E2] where the schema G[·] satisfies the previous

17As usual, an schema is an expression with a hole in it, a selected position, denoted byan dot “·”. The schema composition F [·]◦G[·] is defined by the substitution of this selectedposition by the other schema, noted F [G[·]].


condition and E1, E2 are two common expressions. This property allows to trans-late the inclusion schema (the extended critical pair) F [X]∪F [X∪Y ] ⊆ F [X∪Y ]into

G[X ∩H] ∪G[(X ∪ Y ) ∩H] ⊆ G[(X ∪ Y ) ∩H]

where G[·] can be rewritten using F [X] ∪ F [Y ]−−→⊆ F [X ∪ Y ]. We prove thenthat this extended critical pair is bi-confluent using the following proof.

G[X ∩H] ∪G[(X ∪ Y ) ∩H] −−→⊆ G[

(X ∩H) ∪(

(X ∪ Y ) ∩H)]

−−→⊆ G[(X ∩H) ∪ (X ∩H) ∪ (Y ∩H)]−−→⊆ G[(X ∩H) ∪ (Y ∩H)]←−−⊆ G[(X ∪ Y ) ∩H]

A commutative and terminating bi-rewriting system for the distributive lat-tice theory is given by rules r1 . . . r12, r14 and their corresponding ∪ and ∩associative-commutative extensions, as shown in figure 4.5.

4.5 Why Inclusions and not Equations

In section 4.4 we have seen the possibility of modeling the deduction in a non-distributive free lattice by a canonical bi-rewriting system. This representsan advantage of the inclusion theory over the equational theory of lattices be-cause there is not a canonical rewrite system for the equational theory of lat-tices (Freese et al., 1993). In general inclusions express weaker constraints be-tween terms than equations. Even in the case of lattices where inclusions maybe modeled by equations —the inclusion a ⊆ b is modeled by a ∪ b = b orby a ∩ b = a— inclusions are more natural and have some advantages. Thetransitivity and monotonicity of inclusions which are captured implicitly by bi-rewriting systems, must be “implemented” explicitly by equational rewrite rules.Let’s consider an example. The inclusions a ⊆ b and b ⊆ c can be oriented likea−−→⊆ b and b−−→⊆ c and we can prove a ⊆ c rewriting a into b and b into c.However, their translation into equations results in two rules a ∪ b−−→ b andb∪c−−→ c. These rules generate non-confluent critical pairs with the other rulesX ∩ (X ∪ Y )−−→X and X ∪ (X ∩ Y )−−→X defining the union and intersec-tion, and the completion process leads to add the following rules a ∩ b−−→ aand b ∩ c−−→ b. And, what is worse, it introduces the rules a ∪ c−−→ c anda ∩ c−−→ a. It means that in general the completion of a theory where thesequence a1 ⊆ . . . ⊆ an can be proved leads to add rules ai ∪ aj −−→ aj andai ∩ aj −−→ ai for any i < j, during the completion process.

The transitivity of inclusions is not captured by the transitivity of the equal-ity relation or by the transitivity of the rewriting relation −−→∗ , weakening inthis way the power of rewriting systems, and loosing in most cases the possibilityof having a canonical rewriting system for a theory.

Moreover, the stability (closure for congruence) of the rewriting relation cap-tures the congruence property for =, but not the monotonicity property for ⊆.This would make necessary to consider the inclusion f(X) ⊆ f(X ∪ Y ) and the

4.5. Why Inclusions and not Equations 87

R⊆ =

r1 X ∪X −−→⊆ Xrext1 X ∪X ∪ Y −−→⊆ X ∪ Y

r2 X ∩ Y −−→⊆ Xr3 X ∩ (Y ∪ Z)−−→⊆ (X ∩ Y ) ∪ (X ∩ Z)

rext3 X ∩ (Y ∪ Z) ∩ T −−→⊇

(

(X ∩ Y ) ∪ (X ∩ Z))

∩ T

∀f ∈ Fn

r12 f(X1, . . . ,Xn) ∪ f(Y1, . . . , Yn)−−→⊆ f(X1 ∪ Y1, . . . ,Xn ∪ Yn)rext12 f(X1, . . . ,Xn) ∪ f(Y1, . . . , Yn) ∪ Z −−→⊆

−−→⊆ f(X1 ∪ Y1, . . . ,Xn ∪ Yn) ∪ Zr14

(

X ∩ f(Y1, . . . , Yn))

∪(

Z ∩ f(V1, . . . , Vn))

−−→⊆

−−→⊆ (X ∪ Z) ∩ f(Y1 ∪ V1, . . . , Yn ∪ Vn)rext14

(

X ∩ f(Y1, . . . , Yn))

∪(

Z ∩ f(V1, . . . , Vn))

∪W −−→⊆

−−→⊆(

(X ∪ Z) ∩ f(Y1 ∪ V1, . . . , Yn ∪ Vn))

∪W

R⊇ =

r4 X ∩X −−→⊇ Xrext4 X ∩X ∩ Y −−→⊇ X ∩ Y

r5 X ∪ Y −−→⊇ Xr10 X ∩ (Y ∪ Z)−−→⊇ (X ∩ Y ) ∪ (X ∩ Z)

rext10 X ∩ (Y ∪ Z) ∩ T −−→⊇

(

(X ∩ Y ) ∪ (X ∩ Z))

∩ T

∀f ∈ Fn

r11 f(X1 . . . Xn) ∩ f(Y1 . . . Yn)−−→⊇ f(X1 ∩ Y1 . . . Xn ∩ Yn)rext11 f(X1 . . . Xn) ∩ f(Y1 . . . Yn) ∩ Z −−→⊇

−−→⊇ f(X1 ∩ Y1 . . . Xn ∩ Yn) ∩ Z

I =

r6 Y ∪X←−−−→⊆ X ∪ Yr7 Y ∩X←−−−→⊆ X ∩ Yr8 (X ∪ Y ) ∪ Z←−−−→⊆ X ∪ (Y ∪ Z)r9 (X ∩ Y ) ∩ Z←−−−→⊆ X ∩ (Y ∩ Z)

Figure 4.5: A canonical bi-rewriting system for the inclusion theory of distribu-tive lattices.


corresponding rule f(X) ∪ f(X ∪ Y )−−→ f(X ∪ Y ) for each symbol f in thesignature if we use the implementation described below.

4.6 Related Work

In the context of automated theorem proving, resolution is not very effective indealing with transitive relations. Special techniques have been devised for suchrelations, specially for equivalence relations which have attracted most of theattention. Slagle (Slagle, 1972) was the first to encode resolution with the tran-sitivity axiom in a chaining system with paramodulation (Robinson and Wos,1969) for theories with equality, orders and sets. Chaining into variables, whichis needed for completeness, is too prolific, like our extended critical pairs or likevariable instance pairs in (Bachmair et al., 1986b). For special order theoriesthis problem can be avoided. For dense total orderings without endpoints, Bled-soe and Hines (Bledsoe and Hines, 1980) proposed techniques for eliminatingcertain occurrences of variables from formulas. Bledsoe, Kunen and Shostak(Bledsoe et al., 1985) and Hines (Hines, 1992) gave completeness results forthese restricted chaining systems. Monotonicity or anti-monotonicity of func-tions with respect to special (transitive) relations led Manna and Waldinger(Manna and Waldinger, 1986) to propose subterm chaining methods for gen-eral clauses but the proposed calculus was shown to be incomplete (Manna andWaldinger, 1992). In (Levy and Agustı, 1993c) we were the first to apply rewritetechniques to non-symmetric and monotonic relations by means of bi-rewritingsystems. Bachmair and Ganzinger (Bachmair and Ganzinger, 1993c) used theidea of bi-rewriting to give a refutationally complete inference system of orderedchaining for general clauses and general transitive relations. They studied theparticular case of dense total orderings using this technique in (Bachmair andGanzinger, 1993a).

4.7 Conclusions

We have shown the adequacy of using a pair of rewriting systems and a bi-directional search procedure to automate the deduction with monotonic inclu-sions. Like in the equational case, a soundness and completeness theorem can bestated. However, in this case, they are based on an extended definition of criticalpair which include schemes of critical pairs. It means that, if we want to use akind of Knuth-Bendix completion algorithm, then we have to face the problemof working with schemes of rules. In chapter 5 we undertake this problem bymeans of second-order rules.

Chapter 5

Second-Order Bi-RewritingSystems

Abstract: In the previous chapter we proved a critical pairs lemma,

based on an extended definition of critical pair. This lemma is used

to prove the completeness of bi-rewriting systems as deduction methods.

However, the orientation of divergent extended critical pairs may give rise

to rule schemes which disallow to automate the Knuth-Bendix comple-

tion process. In this chapter we propose the use of the linear second-order

λ-calculus to codify these schemes. We provide a unification algorithm for

such language and we prove a new critical pairs lemma for second-order

bi-rewriting systems. Like in the previous chapter, the completion pro-

cess is described by means of an example. Linear second-order λ-calculus

can also be seen as another approach to the definition of Higher-Order

Rewriting Systems besides the one based on patterns (Nipkow, 1991).

5.1 Introduction

Term Rewriting Systems (Dershowitz and Jouannaud, 1990) have been usuallyassociated with the implementation of equational theories. Term Bi-rewritingSystems introduced in the previous chapter play the same role for inclusiontheories. The orientation of a set of inclusions I (axioms with the form a ⊆ b)may result then in two sets of rewriting rules R⊆ and R⊇ and, therefore, tworewriting relations −−→

R⊆and −−→

R⊇. A bi-rewriting system 〈R

⊆, R

⊇〉 is said to

be 1) quasi-terminating (or globally terminating) if the sets {u | t−−→∗R⊆

u} and

{u | t−−→∗R⊇

u} are both finite for any term t, 2) Church-Rosser if the property

(−−→R⊆

∪ ←−−R⊇

)∗ ⊆ −−→∗R⊆

◦←−−∗R⊇

holds and 3) canonical if both conditions are

satisfied. As we have shown, these conditions are sufficient to prove the existenceof a terminating and complete procedure for deriving inclusions a ⊆ b based onthe bi-directional search of a common reduct of a and b (an expression c such

89

90 Chapter 5. Second-Order Bi-Rewriting Systems

that a−−→∗R⊆

c and b−−→∗R⊇

c).

If a rewriting relation is finitely branching,1 as it is the case of first-orderrewriting when any rewriting rule l−→r satisfies V(r) ⊆ V(l), and terminating,then it is also quasi-terminating. This result is used to prove the first condition.

The second condition is proved by means of a critical pairs lemma (theo-rems 4.10 and 4.19). However, the bi-rewriting version of this lemma is based onan extended definition of critical pair (definition 4.9). This set of critical pairs isin general infinite (we are completely free to choose the context F [·]q appearingin the definition of extended critical pairs). Although there exists canonical bi-rewriting systems for many inclusion theories (see the examples in section 4.4),the standard Knuth-Bendix completion procedure is of little practical help toautomatically complete a bi-rewriting system. In this chapter we present anapproach to this problem by means of second-order bi-rewriting systems.

In section 5.2 we show how these infinitely many extended critical pairs canbe made confluent introducing rule schemes. These rule schemes can be im-plemented using second-order rules. However, the use of the full simple typedsecond-order λ-calculus for rewriting purposes introduces some problems, statedin section 5.3. Because of that, we define a restricted second-order languagecalled linear second-order λ-calculus, which is described in section 5.4. Sec-tion 5.5 defines an unification procedure for this language. The new critical pairslemma for second-order bi-rewriting systems is proved in section 5.6. Finally, weillustrate how the Knuth-Bendix completion procedure could be implementedthroughout an example in section 5.7.

5.2 Codifying Rule Schemes by means ofSecond-Order Rules

From now on we will be concerned with the simply typed second-order λ-calculus.Thus, we will deal with a set of types T =

⋃

n∈INT n built up over a set T 1 of

base (first-order) types; where, as usual, T n is the set of n-ordered types definedinductively as the minimum set containing T n−1 and such that if τ ∈ T n−1

and τ ′ ∈ T n then τ → τ ′ ∈ T n. Terms of the simply typed second-orderλ-calculus T (F ,X ) are defined over a signature of third-order typed constantsF =

⋃

τ∈T 2Fτ and second-order typed variables X =⋃

τ∈T 1Xτ . The typingrelation t : τ is defined by the following set of inference rules

{c ∈ Fτ}c : τ

{x ∈ Xτ}x : τ

x : τ t : τ ′

(λx : τ . t) : τ → τ ′

t : τ → τ ′ t′ : τt(t′) : τ ′

The term t is said to be a well-formed n-order typed term, noted t ∈ T n(F ,X ),if t : τ can be inferred from the set of rules below and τ ∈ T n. The set offree variables of a term (noted FV(t)), replacement (noted t[X 7→ u]), and otherconcepts commonly used in λ-calculus are defined as usual (Barendregt, 1981;Hindley and Seldin, 1986). We will note free variables with capital letters (by

1A relation −→ is finitely branching if the set {u | t−→u} is finite for any term t.

5.2. Codifying Rule Schemes by means of Second-Order Rules 91

X,Y,Z, . . . when they are first-order typed and by F,G,H, I, . . . when they aresecond-order typed), bound variables and constants are noted using lower caseletters.

Definition 5.1 A (second-order typed) substitution σ = [X1 7→ t1, · · · ,Xn 7→tn] is a mapping from a finite set of variables Dom(σ) = {X1, . . . ,Xn} ⊆ X toT (F ,X ) such that Xi and ti have the same type. This mapping is extended asa type-preserving mapping σ : T (F ,X )→ T (F ,X ) defined by2

σ(u)def= (λX1 . . . Xn . u)(t1, . . . , tn) =

(

u[X1 7→ t1] . . .)

[Xn 7→ tn]

The set of free variables of a substitution σ is defined as follows.

FV(σ) =⋃

X∈Dom(σ)

FV(σ(X))

Composition of two substitutions σ and τ is a substitution, noted τ◦σ, such

that Dom(τ◦σ)def= Dom(σ) and τ◦σ(X)

def= τ(σ(X)) for any X ∈ Dom(σ).3

A partial order between substitutions can be defined as usual, i.e. we saythat ρ ≺ σ if there exists a substitution π such that σ = π◦ρ.

The inclusion theory of the union operator is used throughout to motivate thedefinition of second-order bi-rewriting systems. In subsection 4.4.1 we proved theexistence of a canonical first-order bi-rewriting system for such a theory (shownin figure 4.2). The same example is completed in section 5.7 for the second-ordercase. Our intention is to replace the set of rules of such example

f(X1, . . . ,Xn) ∪ f(Y1, . . . , Yn)−−→⊆ f(X1 ∪ Y1, . . . ,Xn ∪ Yn)

by a second-order rule. If we take up again the completion process described insubsection 4.4.1, we have that this set of rules is generated by the rule schemaF [X] ∪ F [Y ]−−→⊆ F [X ∪ Y ], which results of making bi-confluent an extendedcritical pair, and where F [·] denotes a context. We will see now that we cantranslate this rule scheme into the second-order rule G(X)∪G(Y )−−→⊆ G(X∪Y ),where now G denotes a second-order typed variable. Then, it is easy to see thatthis second-order rule subsumes the previous rule schema because the functionvariable G can be instantiated by λx . F [x]. However, it does not subsume otherrules like f(X1, . . . ,Xn) ∪ f(Y1, . . . , Yn)−−→⊆ f(X1 ∪ Y1, . . . ,Xn ∪ Yn) for n ≥ 2.To obtain second-order rules subsuming them we must complete the system bygenerating all the critical pairs between G(X) ∪G(Y )−−→⊆ G(X ∪ Y ) and otherrules.

The simply typed second-order λ-calculus is enough to model an untypedfirst-order language with contexts variables, like the one described by Comon in(Comon, 1993). In such a model, we can suppose that there exists an unique

2Notice that“

u[X1 7→ t1]”

[X2 7→ t2] = u[X1 7→ t1, X2 7→ t2], but in general, u[X1 7→

t1, X2 7→ t2] 6= u[X2 7→ t2, X1 7→ t1].3Notice that τ◦σ(t) 6= τ(σ(t)) unless we have Dom(τ) ⊆ FV(σ).


first-order type Term ∈ T 1. Any n-ary symbol f of the signature is interpretedas a unary second-order typed constant f : Term → n. . .→ Term → Term, anyvariable X as a first-order typed variable X : Term and any context variableF [·] as a second-order typed variable F : Term→ Term.

5.3 Some Problems of Second-Order RewritingSystems

The use of full simple typed second-order typed λ-calculus in rewriting systemsis not free from problems. If we unify a term (pattern) with a ground term(a term without free variables), the resulting unifier(s) do not necessarily in-stantiate all the free variables of the pattern. For instance, if we unify thepattern F (X) with the ground expression f(a), a minimum unifier ρ may assignρ(F ) = λx . f(a) and leave X non instantiated. It means that, although all vari-ables appearing in the right part of a rule would also appear in its left part, notall the instantiations of such rule will satisfy that property. Therefore, the useof this rule can introduce new free variables during the rewriting process. Forinstance, the rule F (X)−−→X satisfies FV(X) = {X} ⊆ {X,F} = FV(F (X)),even so it introduces a fresh variable X when is used to rewrite a into X usingthe substitution ρ = [F 7→ λx.a]. That problem prevents the orientation ofthe rules to obtain a terminating rewriting system. In the previous example,we can rewrite a−−→ a−−→ a−−→ · · · using the rule F (X)−−→X and the sub-stitution ρ = [F 7→ λx . a][X 7→ a]. The first-order matching problem satisfiesthe following property: given a pair of terms t and u there exists finitely manysubstitutions ρ such that Dom(ρ) ⊆ FV(t) and ρ(t) = u. This result does nothold in general for second-order languages. It means that a second-order rewrit-ing relation can be infinitely branching and many properties of term rewritingsystem do not hold. In particular, a second-order terminating rewriting systemis not necessarily quasi-terminating.

In next section we define the linear second-order typed λ-calculus which avoidsthese problems (see lemma 5.4). The same kind of problems are studied byNipkow (Nipkow, 1991; Nipkow, 1992) to justify his definition of higher-orderrewriting systems based on patterns. A term t in βη-normal form is said to bea pattern if every occurrence of a free variable F is in a subterm F (un) suchthat un is a list of distinct bound variables (Nipkow, 1991; definition 3.1). Ourapproach can be seen as a new kind of higher-order rewriting systems based onthe linear second-order typed λ-calculus.

5.4 Linear Second-Order Typed λ-Calculus

In this section we present the linear second-order typed λ-calculus used to im-plement expression schemes. The main idea is to define a second-order calculuswhere λ-abstractions always bound one and only one occurrence of a variable.

5.4. Linear Second-Order Typed λ-Calculus 93

This language is more expressive than a language based on context variables, asthe one described by Comon (Comon, 1993), and can be more easily formalized.

The inference rules for defining well-typed linear second-order (LSO) typedterms t : τ are the following ones.

x ∈ Xτ

x : τc ∈ Fτ

c : τ

x : τ1 t : τ2

{x occurs once in t}λx . t : τ1 → τ2

t : τ1 → τ2 u : τ1

t(u) : τ2

Like in the simply second-order typed λ-calculus, we also consider the β andη equations:

(λx . t)(u) =β t[x 7→ u]λx . t(x) =η t

Notice that the side condition x 6∈ FV(t) is not necessary in the η-rule be-cause, if λx . t(x) is well-typed, then this condition is ensured. Notice also thatthese rules transform linear terms into linear terms with the same type. Theseequations, used as rewriting rules:

(λx . t)(u)→β t[x 7→ u]t→η λx . t(x) if it does not introduce new β-redex

constitute a normalizing rewriting system. The normal form of a term t isdenoted by t|βη and has the form λx1 . . . xn . a(t1, . . . , tm) where a can be eithera bound variable, a free variable or a constant, a(t1, . . . , tm) is a first-ordertyped term, and t1 . . . tm are also normal terms. We require linearity to provethe following lemma.

Lemma 5.2 For any pair of linear second-order terms t and u, if t =βη u thenFV(t) = FV(u).

Proof: For the η-equation it is trivial because FV(λx . t(x)) = FV(t) \ {x}, butsince x 6∈ FV(t) we have FV(λx . t(x)) = FV(t). For the β-equation it is necessaryto take linear terms. Thus, if (λx . t)(u) is a well-formed linear term then x ∈FV(t). Therefore FV(t[x 7→ u]) =

(

FV(t) \ {x})

∪ FV(u) = FV(

(λx . t)(u))

.

We consider any kind of second-order unification problem, and we only re-strict the set of possible unifiers.

Definition 5.3 A second-order unification (SOU) problem is a finite setof pairs {t1

?= u1, . . . , tn?= un}, where ti and ui are second-order typed terms

and have the same type, for any i ∈ [1..n].A linear second order (LSO) substitution σ is a second-order typed substi-tution such that σ(X) is a LSO-term for any X ∈ Dom(σ).A substitution σ is said to be an LSO-unifier of a SOU problem {t1

?= u1, . . . , tn?=

un} if σ(ti) =βη σ(ui) for any i ∈ [1..n] and σ is idempotent.4

4The relation =βη is the congruence defined by the β and η rules of the λ-calculus. Asufficient condition for the idempotence of σ is either X = σ(X) or Dom(σ) ∩ FV(σ(X)) = ∅.This restriction does not suppose a loss of generality.


Then we can prove the following lemmas.

Lemma 5.4 The composition of two LSO-substitutions is also a LSO-subs-titution.Given two terms t and u, there are finitely many (not necessarily minimal) LSO-substitutions σ such that t = σ(u) and Dom(σ) ⊆ FV(u).

Proof: Like in the non-linear case, the composition of two substitutions is alsotype preserving and idempotent. Let us prove that linearity is preserved bycomposition. It is not difficult to see that if t is a LSO-term and σ is a LSO-substitution, then σ(t) is also a linear term. Moreover, β-reduction and η-expansion are both linearity preserving, therefore even if we normalize the newterm after applying the substitution σ(t)|βη would be linear.

The proof of the second part of the lemma is based on the matching algorithmdescribed at the end of the section 5.5.

LSO-unification recovers some properties of first-order unification that welose when we pass to the second-order. In particular, we recover the finitenessof the (non-minimal) matching problem. This makes LSO-unification speciallyadequate for defining LSO rewriting systems because we avoid the infinitelybranching problem.

5.5 A Second-Order Unification Procedure

Like in the first-order case, to prove the completeness of a second-order bi-rewriting system we have to generate all the possible (extended) critical pairsbetween rules in R⊆ and rules in R⊇ and prove their bi-confluence. This processrequires the use of a unification procedure for the linear second-order λ-calculus.

The first sound and complete second-order unification procedure was de-scribed by Pietrzykowski (Pietrzykowski, 1973), and subsequently a modifiedversion of this algorithm was proposed to solve the unification problem for thesimply typed λ-calculus (Jensen and Pietrzykowski, 1976). Based on it, Huet(Huet, 1975) proposed the computation of the so called independent pre-unifiersusing a pre-unification procedure. This procedure does not try to solve theflexible-flexible pairs of a unification problem for which there always exist a uni-fier, thus a pre-unification procedure is enough if we only want to check if aunification problem is satisfiable. Unfortunately, the simply typed λ-calculusunification problem, and even the second-order unification problems are unde-cidable (Goldfarb, 1981).

Since then many decidable classes of higher-order unification problems havebeen described. Miller (Miller, 1991a; Miller, 1991b) in the context of logic pro-gramming and Nipkow (Nipkow, 1991; Nipkow, 1992) in the context of rewritingsystems, propose a restricted higher-order language –which expressions they callpatterns– preserving the good properties of the first-order logic. If there existsa minimum unifier of two patterns, then it is unique. They also define a unifi-cation algorithm (Nipkow, 1991; theorem 3.2) to find this most general pattern

5.5. A Second-Order Unification Procedure 95

unifier and prove its termination. However, in our case we need a more expres-sive language. If we consider the rule G(X)∪G(Y )−−→⊆ G(X ∪ Y ) for example,we realize that neither the left-part nor the right part of the rule is a pattern.In general, if we look at the particular form of extended critical pairs we will seethat they always contain a subexpression F (t) where F is a free variable and tis the right hand side of a rewriting rule, so we can not suppose that t is a listof distinct bounded variables, as the definition of patterns requires. RecentlyPrehofer has proved in his thesis (?) decidability results for some unificationproblems based on Nipkow’s patterns. He proves, for instance, that unificationof linear second-order systems is decidable (theorem 5.3.1). Unfortunately, lin-ear refers here to the system, not to terms: a linear second-order system of

equations is of the form λxk .Xn(tnm) ?= λxk . tn where Xn are distinct and not

occurring elsewhere second-order variables and λxk . tnmand λxk . tn are pat-

terns. This decidable case neither covers our needs. Comon (Comon, 1993),as we have said, describes a first-order language based on context variables (asecond-order language without λ-abstractions and where second-order variablesare restricted to be unary). He also proves the decidability of the unificationproblem for his language and provides a unification algorithm. However, a ratherstrong condition is imposed: any occurrence of a free variable F is always ap-plied to the same argument t. This restriction is also violated in our case: in therule G(X)∪G(Y )−−→⊆ G(X ∪ Y ), the second-order variable G is applied to twodifferent terms, X and Y . Finally, Schmidt-Schauβ proves that second-orderunification of stratified terms is decidable. Here stratified terms means that thestring of second-order variables on the path from the root of the term to everyoccurrence of a given variable is always the same.

Other cases are currently being proposed, but none of them is adequate forthe computation of extended critical pairs. The most specific unification prob-lem subsuming ours is the general second-order case studied by Pietrzykowski.However our particular case turns up to be attracting as long as it enjoys bet-ter properties, as we shall see at the end of this section. On the other hand,the linear second-order unification problem generalizes the associative unification(Makanin, 1977) and monadic second-order unification (Farmer, 1988) problems.These unification problems are known to be decidable, although such result isnot as easy to prove as one may suppose in a first approach. Thus, as far as weknow, the decidability of the linear second-order λ-calculus unification problemis still an open question, and the procedure we give in this section is in generalnon-terminating.

In the definition of the algorithm we use a compact notation based on setsof indexes and indexed sets of indexes. For any set of indexes P = {p1, . . . , pn},the expression a(bP ) denotes a(bp1

, . . . , bpn), and for any P -indexed set of in-

dexes QP = {Qp1, . . . , Qpn

} = {{q11 , . . . , qm1

1 }, . . . , {q1n, . . . , qmn

n }} the expression

a(bP (cQP)) denotes a(bp1

(cq11. . . cq

m11

), . . . , bpn(cq1

n. . . cqmn

n)). Notice that capital

letters denote set of indexes whereas lower case letters denote concrete indexes.

We use the notation on transformations introduced by Gallier and Snyder(Gallier and Snyder, 1990) for describing unification processes. Any state of the


process is represented by a pair 〈S, σ〉 where S = {t1?= u1, . . . , tn

?= un} is theset of unification problems still to be solved and σ is the substitution leadingfrom the initial problem to the actual one. The algorithm is described by meansof transformation rules on states 〈S, σ〉 ⇒ 〈S′, σ′〉. The initial state is 〈S0, Id〉.If it can be transformed into a state where the unification problem is empty〈S0, Id〉 ⇒∗ 〈∅, σ〉 then σ is a solution –unifier– of the unification problem S0.

The normal forms of a unification problem and of a substitution are definedas follows.

{t1?= u1, . . . , tn

?= un}|βηdef= {t1|βη

?= u1|βη, . . . , tn|βη?= un|βη}

[X1 7→ t1, . . . ,Xn 7→ tn]|βηdef=

[

X1 7→ t1[X2 7→ t2, . . . ,Xn 7→ tn]|βη,. . .

Xn−1 7→ tn−1[Xn 7→ tn]|βη,Xn 7→ tn|βη

]

The projection of a substitution σ over a set of variables V is a substitutionσ′ such that Dom(σ′) = V and for any x ∈ V we have σ(x) = σ′(x). Wesuppose that the initial state 〈S0, Id〉 is in normal form, and that after applyingany transformation rule the resulting unification problem is normalized and thesubstitution is also normalized and projected over FV(S0). Therefore, we cansuppose that any pair t ?= u ∈ S has the form λxN . a(tP ) ?= λxN . b(uQ) where a,b may be either a constant, a bound or a free variable; and if 〈S0, Id〉 ⇒∗ 〈S, σ〉then Dom(σ) ⊆ FV(S0).

Definition 5.5 The unification problem transformation rules have theform:

〈S ∪ {t ?= u}, σ〉 ⇒ 〈ρ(S ∪R), ρ◦σ〉

where the transformation t ?= u⇒ R and the LSO-substitution ρ are defined bythe following cases.

1. Rigid-rigid rule (or Simplification rule). If a is a constant, or a boundvariable then

λxN . a(tP ) ?= λxN . a(uP ) ⇒⋃

i∈P

{

λxN . ti?= λxN . ui

}

ρ = Id

2. Imitation rule. If a is a constant and F is a free variable, and {Ri}i∈P is aP -indexed family of disjoint lists of indexes satisfying5

⋃

i∈P Ri = Q, then

λxN . a(tP ) ?= λxN . F (uQ) ⇒⋃

i∈P

{

λxN . ti?= λxN . F ′

i (uRi)}

ρ =[

F 7→ λyQ . a(

F ′P (yRP

))]

where {F ′j}j∈Q are fresh free variables of the appropriate type that can be

inferred from the context.5Union and comparison of lists of indexes is computed without considering their order.


3. Projection rule. If a is a constant or a bound variable and F is a freevariable, and a(tP ) and u have the same type, then

λxN . a(tP ) ?= λxN . F (u) ⇒{

λxN . a(tP ) ?= λxN . u}

ρ = [F 7→ λy . y]

4. Flexible-flexible rule with equal heads (or Simplification rule). If F is afree variable, then

λxN . F (tP ) ?= λxN . F (uP ) ⇒⋃

i∈P

{


}

ρ = Id

5. Flexible-flexible rule with distinct heads (or Distinct-heads rule). If F andG are free different variables, P ′ ⊆ P and Q′ ⊆ Q are two lists of indexes,and {Rj}j∈Q′ is a Q′-indexed and {Si}i∈P ′ a P ′-indexed family of disjointlists of indexes satisfying

(

⋃

j∈Q′ Rj

)

∪ P ′ = P(

⋃

j∈Q′ Rj

)

∩ P ′ = ∅(

⋃

i∈P ′ Si

)

∪Q′ = Q(

⋃

i∈P ′ Si

)

∩Q′ = ∅

then

λxN . F (tP ) ?= λxN . G(uQ) ⇒⋃

j∈Q′

{

λxN . F ′j(tRj

) ?= λxN . uj

}

∪

⋃

i∈P ′

{

λxN . ti?= λxN . G′

i(uSi)}

ρ =[

F 7→ λyP .H ′(

F ′Q′(yRQ′ ) , yP ′

)]

[

G 7→ λzQ .H ′(

zQ′ , G′P ′(zSP ′ )

)]

where H ′, {G′i}i∈P ′ and {F ′

j}j∈Q′ are fresh free variables of the appropriatetypes.

Example. This procedure can be more easily understood if we compare if withthe following string unification procedure. Hence, an string is a sequence ofconstants or variables and S1 ·S2 denotes the concatenation of S1 and S2. Con-catenation operator satisfies the associative property S1 · (S2 ·S3) = (S1 ·S2) ·S3.

The transformations defining the procedure have also the following form

〈{t ?= u} ∪ S, σ〉 ⇒ 〈ρ(S′ ∪ S), ρ◦σ〉

where the transformation {t ?= u} ⇒ S′ and the substitution ρ are defined bythe same cases.

1. Rigid-rigid step. If a is a constant then

a · S1?= a · S2 ⇒ {S1

?= S2}ρ = Id


2. Imitation step. If a is a constant and F is a variable then

F · S1?= a · S2 ⇒ {H · S1

?= S2}ρ = [F 7→ a ·H]

where H is a fresh free variable.

3. Projection step. If a is a constant and F is a variable then

F · S1?= a · S2 ⇒ {S1

?= a · S2}ρ = [F 7→ 〈〉]

4. Flexible-flexible step with equal heads. If F is a variable then

F · S1?= F · S2 ⇒ {S1

?= S2}ρ = Id

5. Flexible-flexible step with distinct heads. If F and G are both variableswith F 6= G then either

F · S1?= G · S2 ⇒ {W · S2

?= S1}ρ = [F 7→ H][G 7→ H ·W ]

orF · S1

?= G · S2 ⇒ {V · S1?= S2}

ρ = [F 7→ H · V ][G 7→ H]

where H, W and V are fresh variables.

Notice that in the string case, as well as in the second-order case, we havethe following possibilities:

(i) Both expressions have a constant a and b in the head (rigid-rigid case).Then they have to be the same constant for both expressions a = b.

(ii) One expression has a constant a and the other a variable F in the head(rigid-flexible case). There are two possibilities: either the variable isinstantiated with the empty string [F 7→ 〈〉] (projection step) or it is in-stantiated with a string with the constant as head [F 7→ a ·H] (imitationstep). In the second case a fresh variable H is introduced.

(iii) Both expressions have a variable in the head (flexible-flexible case). Thereare two possibilities: either both expressions have the same variable in thehead or both variables are different.

In the following we will prove the soundness and completeness theorems forour unification procedure.

Theorem 5.6 soundness. If 〈S, Id〉 ⇒∗ 〈∅, σ〉, then σ is an unifier of theunification problem S.

Proof: To prove this theorem we will prove previously the following inductionlemma.


Lemma 5.7 For every transformation rule 〈{t ?= u} ∪ S, σ〉 ⇒ 〈ρ(S′ ∪ S), ρ◦σ〉,

(i) if {t ?= u}∪S is a SOU problem and σ is a LSO substitution, then ρ(S′∪S)also is a SOU problem and ρ◦σ is a LSO substitution.

(ii) if τ is a LSO unifier of ρ(S′ ∪ S) then τ◦ρ is a LSO unifier of {t ?= u} ∪ S.

Proof: Firstly, we prove that in all the cases ρ is a LSO substitution. It isa straightforward exercise to cheek that ρ always instantiate free second-ordervariables by linear second-order terms with the same type, and it only introducessecond-order typed fresh free variables. In order to ensure that, we add sideconditions on the lists of indexes RP of the imitation rule; conditions on thelists of indexes P ′, Q′, RQ′ and SP ′ of the flexible-flexible rule; and a sidecondition on the type of F : τ → τ of the projection rule.

To prove that {ti?= ui} is a SOU problem, we have to make sure that ti and

ui are well-typed terms, which only contains second-order free variables, and tiand ui have the same type. Given that S is a SOU problem, the union of twoSOU problems is also a SOU problem, and the instantiation of a SOU problem,using a LSO substitution, is also a SOU problem, it suffices to prove that S′ isa SOU problem. This is trivial for the simplification rules, provided that theydo not free bound variables. For the rest of rules it is also easy to prove, if wedecompose them as a LSO instantiation step followed by a simplification step.For instance, the imitation rule is decomposed as follows

λxN . a(tP ) ?= λxN . F (uQ) ⇒ λxN . a(tP ) ?= λxN . a(F ′P (uRP

))

⇒⋃

i∈P

{

ti?= F ′

i (uRi)}

Composition of LSO substitutions also is a LSO substitution, therefore ρ◦σwill be a LSO substitution.

For the second part of the lemma, if τ is a LSO of ρ(S′ ∪S), then it is also aLSO unifier of ρ(S), and τ◦ρ is a LSO unifier of S. Now, if we take into accountthat ρ(S′) is the simplification of ρ({t ?= u}), and simplification rules preserveunifiers, we can conclude that if τ is a LSO unifier of S′, then it is also a LSOunifier of ρ({t ?= u}). Therefore, τ◦ρ is a LSO unifier of {t ?= u}.

Once we have proved the induction lemma, we are in a position to prove thatthe predicate P defined as follows

P (〈S, σ〉)def= ∀τ . τ is an unifier of S ⇒ τ◦σ is an unifier of S0

holds for any state 〈S, σ〉 derived from the initial state. We prove it by inductionon the length of the sequence of transformations leading from 〈S0, Id〉 to 〈S, σ〉.

The initial case P (〈S0, Id〉) is clearly a tautology.For the induction case we use the induction lemma. Suppose that τ is a

unifier of ρ(S′ ∪ S), then τ◦ρ will be a unifier of {t ?= u} ∪ S. Using now theinduction hypothesis P (〈{t ?= u} ∪ S, σ〉, we have τ◦ρ◦σ is an unifier of S0 andtherefore P (〈ρ(S′ ∪ S), ρ◦σ〉).

We conclude that the property P holds for all accessible states. For the finalstate this property is written P (〈∅, σ〉) = ∀τ . τ is an unifier of ∅ ⇒ τ◦σ is an unifier of S0.


In particular given that τ = Id is an unifier of ∅, we have σ is an unifier of S0.The first part of the induction lemma ensures also that σ is a LSO-substitution.

Theorem 5.8 completeness. If σ is a unifier of the unification problem S,then there exists a transformation sequence 〈S, Id〉 ⇒∗ 〈∅, σ〉.

Proof: The proof of this theorem is organized in two parts. First we prove that,given a unification problem S0 and one of its minimum linear unifiers σ, we cangenerate a transformation sequence

〈S0, Id〉 ⇒ 〈S1, σ1〉 ⇒ · · · ⇒ 〈Sn, σn〉 ⇒ · · ·

satisfying σn � σ for any n ≥ 0, and either this sequence is infinite or itslast state is 〈∅, σ〉. Second, we prove that such transformation sequence alwaysterminates, if σn � σ for any n ≥ 0. The following lemma suffices to generatesuch transformation sequence.

Lemma 5.9 () If σ is a unifier of S then either S = ∅ or there exists an unifica-tion problem S′ and a substitution ρ such that σ = σ′

◦ρ, where σ′ is an unifierof S′, and 〈S, τ〉 ⇒ 〈S′, ρ◦τ〉 for any LSO substitution τ .

Proof: If S is nonempty, let us consider the first unification problem λxN . a(tP ) ?=λxN . b(uQ) of S. If the unification problem is satisfiable (there exists an unifierσ) then there are five possibilities. We present an sketch of the proof for eachcase.

(i) a and b are both constants or bound variables. Then, if the problem issatisfiable, they have to be the same constant or bound variable applied tothe same number of parameters. Moreover, these parameters have to beunificable one to one. Therefore, the rigid-rigid rule is applicable.

(ii) a is a bound variable and b is a free variable (or vice versa). The solutionσ has to assign an identity function λx . x to b and it can be proved thatthe projection rule is applicable. Notice that if we were looking for a non-second order unifier, other possibility would be F 7→ λyQ . yi(F ′

P (yRP))]

where ∃i ∈ Q .λxN . ui?= λXN . a. However, we have to discard such

possibility if we consider that F is second-order typed.

(iii) a is a constant and b a free variable (or vice versa). The substitutionσ assigns b either a function with a in the head (in this case it can beproved that the imitation rule is applicable) or the identity function (thenprojection rule would be applicable).

(iv) a and b are both the same free variable. Whatever the value that σ assignsto this variable, the number of parameters have to be the same, and theyare unificable one-to-one, therefore the simplification transformation is ap-plicable. If we were considering any kind of second-order unifier, then σcould instantiate a by a term which discards one of its arguments. Then,we would not have to unify one-to-one all the parameters of a, and theelimination rule would be necessary for completeness, to eliminate the pa-rameters discarded by σ(a).


(v) a and b are two distinct free variables. This is the most complex case.We prove that the flexible-flexible transformation is enough to treat thiscase, and the iteration and elimination rules of the general second-orderunification procedure (Jensen and Pietrzykowski, 1976) are not necessary.We have σ(λxN . a(tP )) = σ(λxN . b(uQ)), and since we only consider linear

substitutions, the instantiations of the parameters σ(tP ) and σ(uQ) willappear once, and only once, in σ(λxN . a(tP )). Then we reason aboutthe relative positions of such occurrences. So P ′ is the list of indexes ofthe terms σ(ti) which are not below any σ(uj), and Rj for j ∈ Q′ is thelist of indexes of such terms σ(ti) which are below σ(uj). (Notice thatif σ(ti) is bellow σ(uj), then σ(uj) can not be bellow any other σ(tk),therefore the list of indexes Rj is indexed by Q′, and not by Q). Wecan see that σ(H ′) is the comon part of σ(a) and σ(b), i.e. the partof σ(λxN . a(tP )) = σ(λxN . b(uQ)) which does not overlaps with any ofthe parameters of a nor b. The iteration and elimination rules of thegeneral case are avoided because we do not need to eliminate or duplicateoccurrences of the parameters.

Now we prove by induction that the predicate

P (〈Sn, σn〉)def= ∃τn . σ = τn◦σn ∧ τn is a unifier of Sn

holds for any state of a sequence 〈S0, Id〉 ⇒∗ 〈Sn, σn〉 ⇒ · · ·, generated from aSOU problem S0 with minimum unifier σ.

For the initial state 〈S0, Id〉 we have τ0 = σ and it is trivially true. Forthe other states, if P (〈Sn, σn〉 holds then, using the previous lemma, we havethat either Sn = ∅ or there exists a unification problem Sn+1 and a substitutionρ such that τn = τn+1◦ρ where σn+1 = ρ◦σn and τn+1 is a unifier of Sn+1.Therefore σ = τn◦σn = τn+1◦ρ◦σn = τn+1◦σn+1. This proves σn � σ for anyn ≥ 0.

Now, to prove the termination of the sequence 〈S0, Id〉 ⇒∗ 〈Sn, σn〉, we haveto define a well-founded ordering on the transformation states. However, weknow that the transformation relation is in general non terminating. Take ascounter-example the imitation step:

〈{F (a) ?= G(F (a))}, σ〉 ⇒ 〈{F ′(a) ?= G(F ′(a))}, [F 7→ λx .G(F ′(x))]◦σ〉

which generates an infinite transformation sequence. It becomes clear that wehave to use the fact that our particular transformation sequence 〈S0, Id〉 ⇒∗

〈Sn, σn〉 satisfies σn � σ for any n ≥ 0, where σ is a minimum unifier of S, toprove its termination. Therefore the well-founded ordering we define dependson the unifier of S0 we are considering.

Dealing with first-order terms, we can define the size of a term as the numberof applications it contains, and the size of a substitution as the sum of the sizesof σ(X) for all variables X of its domain. It is easy to prove that size(t) ≤size(ρ(t)) and size(σ) ≤ size(ρ◦σ), for any term t and substitutions σ and ρ.


Then the sequence Id � σ1 � · · · � σn � · · · � σ would be evidently finitebecause σn = ρ◦σn−1 and either ρ composed with σn−1 strictly increases its sizeor ρ = Id and Sn is strictly smaller than Sn−1. On the other hand, if σn � σ, thesize of the σn can not exceed the size of σ. However, this reasoning is not validfor second-order terms, because the substitution ρ = [F 7→ λx . x] decreases thesize of any term t if F ∈ FV(t), and of any substitution σ it is composed with,if F ∈ FV(σ). Therefore, we will have to consider projection rule separately.

The ordering we define is based on a function from substitutions to integersnamed free arity (which will be decreased by projection rules), and a functionto measure the size of terms and substitutions w.r.t. another substitution.

Definition 5.10 The free arity of a substitution σ is defined as follows,

arity(σ) =∑

X∈FV(σ)

arity(X)

where as usual the arity n of a variable X is the maximal number of parametersit admits.6

The size of a term and a substitution is defined like we would do it for first-order substitutions, but we use the unifier of the original unification problem asreference.

Definition 5.11 The size of a term t w.r.t. a substitution ρ satisfyingDom(ρ) ⊆FV(t) is defined as follows

size(λxP . a(tQ), ρ) =∑

q∈Q

size(tq, ρ) +

{

0 if ρ(a) = λx . x#Q otherwise

where #Q is the cardinality of Q, and for LSO substitutions is defined as follows

size(σ, ρ)def=

∑

X∈Dom(σ)

size(σ(X), ρ)

We can prove that any substitution increases the size of a term it is appliedto and of a substitution it is composed with. However, we have to consider achange in the substitution which we use as reference.

Lemma 5.12 For any LSO term t and LSO substitutions σ, ρ and τ we have

size( t , τ◦ρ ) ≤ size( ρ(t) , τ )size(σ , τ◦ρ ) ≤ size( ρ◦σ , τ )

Proof: For the first part of the lemma suppose that t = λxP . a(tQ). We provethe inequality by structural induction of the term t, therefore we will supposethat size(tq, τ◦ρ) ≤ size(ρ(tq), τ) for any q ∈ Q. Now, if a is a bound variable

6If X : τ1 → . . .→ τn → τ and τ is a first-order type, then arity(X) = n.


or a constant then induction hypothesis are enough to prove the result directly.If a is a free variable then

size(t, τ◦ρ) =∑

q∈Q size(tq, τ◦ρ) +

{

0 if τ◦ρ(a) = λx . x#Q otherwise

size(ρ(t), τ) =∑

q∈Q size(ρ(tq), τ) + size(ρ(a), τ)

Induction hypothesis prove that the first summary is smaller or equal thanthe second summary. Comparing second terms of both expressions we have toconsider three cases. If τ◦ρ(a) = λx . x then independently from the value ofρ(a) we can prove that size(ρ(a), τ) = 0. If τ◦ρ(a) is equal to a free variablethen size(ρ(a), τ) = #Q. Finally for any other value of τ◦ρ(a) there are severalpossibilities, but in all cases size(ρ(a), τ) ≥ #Q.

Second inequality of the lemma is easy to prove once we have proved the firstpart.

This lemma allows us to define a distance between LSO substitutions.

Definition 5.13 Given two LSO substitutions α and β satisfying α � β, thedistance between substitutions α and β is defined as follows

dist(α, β) = size(β, Id)− size(α, ρ)

where ρ a LSO substitution satisfying β = ρ◦α and Dom(ρ) = FV(α).

Corollary 5.14 () For any three LSO substitutions α � β � γ we have

dist(β, γ) ≤ dist(α, γ)

Now we can define the size of state 〈Sn, σn〉 as a triplet where first and secondcomponent are integers and the third component is a multiset of integers:

size(〈Sn, σn〉, τn) =

⟨

arity(σn) , dist(σn, σ) ,⋃

t ?=u∈Sn

{size(t, τn), size(u, τn)}

⟩

where τn is a LSO substitution satisfying σ = τn◦σn.This size may be used to compare states of our particular transformation

sequence:

〈Sn, σn〉 � 〈Sm, σm〉 iff size(〈Sn, σn〉) ≤ size(〈Sm, σm〉)

where ≤ is lexicographic extension of the usual ordering on integers and themultiset extension of the ordering on integers. As far as the usual orderingon integers is well-founded, as well as any lexicographic or multiset extensionof a well-founded ordering, this ordering based on the size of a state will bewell-founded.

To conclude the proof we have to prove that any transformation step inour sequence satisfies size(〈Sn, σn〉) > size(〈Sn+1, σn+1〉), where > is the strictordering resulting from the well-founded ordering we have defined.


The reader may check that any projection step reduces the arity of the sub-stitution, leaving its size and the size of the unification problem unchanged. Anyother transformation does not affect to the arity of the substitution. In imita-tion steps and flexible-flexible steps the result depends on the size of the variable(or variables) being instantiated. If it is zero, then the size of the substitutionremains unchanged but the size of the problem decreases. Otherwise, althoughthe size of the problem increases, the size of the substitution also increases (thedifference size(σ, Id)− size(σn, τn) decreases). In simplification steps, the sub-stitution does not change (neither its size) but the size of the problem decreases.

Notice that this result proves the completeness of the unification procedure,but not its termination and, therefore, not the decidability of the unificationproblem. The function size defined in the proof could be used to prove thetermination of the procedure if we would be able to fix an upper bound size(σ) ≤k for the size of a minimum unifier of an unification problem.

Compared with the general procedure (Jensen and Pietrzykowski, 1976), weavoid the use of the prolific elimination and iteration rules. These rules alwayscompromise the termination of Jensen and Pietrzykowski’s procedure. On thecontrary, our procedure always finishes for the practical cases where we haveused it. In particular, if no free variable occurs more than twice in an unificationproblem (as use to be the case), then the procedure always finishes. This factis related with the termination of the naive string unification procedure whenvariables occurs at most twice (Schulz, 1991).

Theorem 5.15 termination. If no free variable occurs more than twice in alinear second-order unification problem, then this problem is decidable.

Proof: We define the following size function, where we suppose that any termis normalized previously to compute its size.

size(a) = 0 For any constant, free or bound variablesize(λx1 . . . xn . a(t1, . . . , tp)) = p +

∑ni=1 size(ti)

size({t1?= u1, . . . , tn

?= un}) =∑n

i=1 size(ui) + size(ti)

We prove now that if 〈S, σ〉 ⇒ 〈S′, ρ◦σ〉 and any free variable appears atmost twice in S then size(S′) ≤ size(S) and any free variable also appears atmost twice in S′. There are five cases.

1. Rigid-rigid rule

λxN . a(tP ) ?= λxN . a(uP ) ⇒⋃

i∈P

{


}

The size of the problem decreases in 2 ·#P , where #P is the cardinalityof the list of indexes P , and no new variable occurrences are introduced.


2. Imitation rule

λxN . a(tP ) ?= λxN . F (uQ) ⇒⋃

i∈P

{

λxN . ti?= λxN . F ′

i (uRi)}

ρ =[

F 7→ λyQ . a(

F ′P (yRP

))]

The size of the problem decreases in #P and is increased in #P for anyother occurrence of the variable F . Thus as far as there is at most onemore occurrence, the net decrement will be zero or #P . We also introduce,at most, one occurrence of each one of the fresh variables {F ′

P }.

3. Projection rule

λxN . a(tp)?= λxN . F (u) ⇒

{

λxN . a(tp)?= λxN . u

}

ρ = [F 7→ λy . y]

The size of the problem decreases one unity if F occurs once or 2 if itoccurs twice. No new free-variable occurrences are introduced.

4. Flexible-flexible rule with equal heads

λxN . F (tP ) ?= λxN . F (uP ) ⇒⋃

i∈P

{


}

The problem decreases 2 ·#P and no new variables are introduced.

5. Flexible-flexible rule with different heads

λxN . F (tP ) ?= λxN . G(uQ) ⇒⋃

j∈Q′

{

λxN . F ′j(tRj

) ?= λxN . uj

}

∪

⋃

i∈P ′

{

λxN . ti?= λxN . G′

i(uSi)}

ρ =[

F 7→ λyP .H ′(

F ′Q′(yRQ′ ) , yP ′

)][

G 7→ λzQ .H ′(

zQ′ , G′P ′(zSP ′ )

)]

The size of the problem decreases in #P +#Q−∑

i∈P ′ #Si−∑

j∈Q′ #Rj =#P ′ + #Q′ and is increased in #Q′ for any instantiation of F and in #P ′

for any instantiation of G. Therefore, in the worst case, the size of theproblem remains equal. It is also easy to see that in the worst case weintroduce two occurrences of each one of the fresh variables H, {F ′

i} and{G′

j}.

Although the condition of this theorem may seem very restrictive, it is notso. Given an inclusion, or a critical pair, where a variable occurs more than


twice in one of its sides, we can find a set of refutationally equivalent inclusionssuch that no variable occurs more than twice. Let us see an example.

a(F (X), F (Y ), F (Z), F (T )) ⊆ b(X,Y,Z, T, λx . F (x)) , ∆ ⊢

iff

a(F (X), F (Y ), F ′(Z), F ′(T )) ⊆ equals(λx . F (x), λx . F ′(x)),equals(λx . F (x), λx . F ′(x)) ⊆ b(X,Y,Z, T, λx . F (x)) , ∆

⊢

Where equals is supposed to be a fresh function symbol. A similar processcan be applied for any number of occurrences of any free variable. The detailsof such kind of transformations are left for further work.

We can define a matching algorithm for this linear second-order languagebased on the unification procedure. In this case, we only use the first four rules(the flexible-flexible step with distinct heads rule is not necessary) and we musttake into account that ?= is not symmetric now and the substitution ρ appliedto a matching problem S = {t1

?= u1, . . . , tn?= un} only instantiates the left side

of the equalities ρ(S) = {ρ(t1)?= u1, . . . , ρ(tn) ?= un}. Both changes make the

procedure terminating apart from sound and complete. Proof of lemma 5.4 isbased on this matching algorithm.

5.6 The Critical Pairs Lemma forSecond-Order Bi-rewriting Systems

Second-order bi-rewriting rules are defined, as usual, as pairs of linear second-order terms. However we need to impose two restrictions to second-order bi-rewriting systems.

Definition 5.16 Given two sets of second-order bi-rewriting rules R⊆ and R⊇,we say that 〈R⊆, R⊇〉 is a second-order bi-rewriting system if any rulel−−→⊆ r in R⊆ and any rule l−−→⊇ r in R⊇ satisfy FV(r) ⊆ FV(l) and l and rhave (the same) base type.

The first restriction is imposed to avoid the infinitely branching problem.The second restriction is required to avoid the introduction of free variableswith type order higher than two during the completion process, as it will bemotivated later.

Rewriting relations are defined as usual.

Definition 5.17 We say that t rewrites to u using the set of bi-rewriting rulesR, noted t−−→

Ru, if there exists an occurrence p in t, a rule l−−→ r ∈ R, and a

substitution σ such that t|p = σ(l) and u = t[σ(r)]p.

We can prove then the following result.

Lemma 5.18 For any second-order bi-rewriting system we have:

5.6. The Critical Pairs Lemma for Second-Order Bi-rewriting Systems 107

(i) If the terms t and u are related by t−−→R

u, then FV(u) ⊆ FV(t).

(ii) For any term t there are finitely many terms u such that t−−→R

u.

Proof: (i) If s−−→R

t then there exists a context u[ ]p, a rule l−−→ r ∈ R anda substitution σ such that s =βη u[σ(l)]p and t = u[σ(r)]p|βη. Relation=βη preserves free variables in linear second-order λ-calculus (lemma 5.2),therefore we only need to prove FV(σ(r)) ⊆ FV(σ(l)). This may be con-cluded from FV(σ(s)) = (FV(s)\Dom(σ)) ∪ FV(σ) and FV(r) ⊆ FV(l)which holds for any rule l−−→ r.

(ii) We can apply finitely many rules l−−→ r on finitely many different po-sitions p of a term s to rewrite it. We only have to consider substitu-tions σ satisfying Dom(σ) ⊆ FV(r) in order to instantiate r. Now, ifFV(r) ⊆ FV(l), lemma 5.4 ensures that we only obtain finitely many substi-tutions σ satisfying s|p =βη σ(l) and Dom(σ) ⊆ FV(r) ⊆ FV(l). Any rule,position and substitution determine completely a term t = s[σ(r)]p|βη,thus we will obtain finitely many of them.

It means that no new variables are introduced during the rewriting processand it guarantees that the rewriting relation is finitely branching. We can prove,then, that any terminating bi-rewriting system is quasi-terminating (globallyterminating).

The use of second-order terms simplifies the definition of critical pairs.

Definition 5.19 Let α1 −−→⊆

β1 in R⊆

and α2 −−→⊇

β2 in R⊇

be two second-order bi-rewriting rules (with distinct free variables). If σ belongs to the set ofminimum unifiers of α1 and F (α2), being F a fresh free variable, then

σ(F (β2)) ⊆ σ(β1)

is a (second-order) critical pair. The same for critical pairs between R⊇

and R⊆.

Nipkow (Nipkow, 1991) cannot define critical pairs in this way because F (α2)violates his definition of pattern. In our case, we have to take into accountthat the variable F in α1

?= F (α2) has to be second-order typed, thereforewe have to require all rewriting rules to be first-order typed. If this conditionis satisfied, then ρ(β1) and ρ(F (β2)) will also be base typed, and if we haveto introduce ρ(F (β2))−−→

⊆ρ(β1) or ρ(β1)−−→

⊇ρ(F (β2)) as new rewriting rules

during the completion process, they will also be base typed.We can prove then the following critical pairs lemma.

Theorem 5.20 A terminating second-order bi-rewriting system 〈R⊆, R

⊇〉 is

Church-Rosser if all the second-order critical pairs are bi-confluent.

Proof: The most general way in which two expressions α1 and α2 (the leftpart of two rules) can overlap is given by σ(F (α2)) ⊆ σ(α1). All these pairsof captured by the definition of critical pair, and as far as when the two left


parts of the rules do not overlap the resulting pair is always commutative, wecan conclude that the system is locally commutative iff all second-order criticalpairs are commutative. The Church-Rosser property is proved by noetherianinduction in the usual way.

The conditions for the termination of second-order rewriting systems are notstudied in this thesis but will be considered in future works. The decidability ofthe linear second-order unification problem remains as an open question, and itseems not to have an easy answer, although we think it is a decidable problem.These two issues are left as further research work.

5.7 An Example of Completion

To conclude, we illustrate the use of the second-order completion method bymeans of the example in figure 4.2 (the same example is completed in subsec-tion 4.4.1 for the first-order case). We start with the rules r1, rext

1 , r3, r4 andr5. The commutativity and associativity properties of the union operator (rulesr4 and r5) make necessary to consider bi-rewriting modulo a set of inclusions.This theory was developed in section 4.3, and it will not be considered in detailin this example. We shall use a set of non-oriented rules I, and we shall supposethat the second-order unification algorithm can be extended to second-orderunification modulo commutativity and associativity.

The initial rules define the inclusion theory of the union, but they do notform a canonical bi-rewriting system. We can generate an extended critical pairunifying the left part of the rule r3 with a subexpression of the left part of therule r1. The solution ρ of this unification problem F (X ∪ Y ) ?= Z ∪ Z is usedto compute the critical pair ρ(F (X)) ⊆ ρ(Z). This unification problem has twominimum unifiers (up to ∪ associativity and commutativity):

ρ = [F 7→ λx . x][X 7→ Z][Y 7→ Z]ρ = [F 7→ λG(x) ∪G(X ∪ Y )][Z 7→ G(X ∪ Y )]

Let us see how they are computed using the unification procedure:

〈{F (X ∪ Y ) ?= Z ∪ Z} , Id〉

⇒projection 〈{X ∪ Y ?= Z ∪ Z} , [F 7→ λx . x]〉

⇒rigid−rigid 〈{X ?= Z, Y ?= Z} , [F 7→ λx . x]〉

⇒imitation 〈{Y ?= Z} , [F 7→ λx . x][X 7→ Z]〉⇒imitation 〈∅ , [F 7→ λx . x][X 7→ Z][Y 7→ Z]〉

〈{F (X ∪ Y ) ?= Z ∪ Z} , Id〉

⇒imitation 〈{H1(X ∪ Y ) ?= Z,H2?= Z} , [F 7→ λx .H1(x) ∪H2]〉

⇒imitation 〈{H2?= Z} , [F 7→ λx .H1(x) ∪H2][Z 7→ H1(X ∪ Y )]〉

⇒imitation 〈∅ , [F 7→ λx .H1(x) ∪H2][Z 7→ H1(X ∪ Y )][Z 7→ H2]〉

5.7. An Example of Completion 109

These two unifiers generate two critical pairs. The first one is confluent. Thesecond one makes necessary to introduce the following rule:

r5 : G(X) ∪G(X ∪ Y )−−→⊆ G(X ∪ Y )

This rule generates new critical pairs with r3 (the only rule belonging to R⊇),the following one among them:

r6 : G(X) ∪G(Y )−−→⊆ G(X ∪ Y )

This new rule r6 subsumes r5.Contrary to the previous cases, the orientation of the rule r6 is no so clear,

but we do not consider the problem of orienting second-order rules in this thesis.Nevertheless, r6 generates new critical pairs with r3. The unification problem ofthe left part of r6, G(X ′)∪G(Y ′), and the variable F applied to the left part ofr1, X ∪ Y , has the following unifiers (up to ∪ commutativity and associativity,and interchange of X ′ and Y ′):

ρ = [F 7→ λx . x][X 7→ G(X ′)][Y 7→ G(Y ′)]ρ = [F 7→ λx .H(x,X ′) ∪H(X ∪ Y, Y ′)][G 7→ λx .H(X ∪ Y, x)]ρ = [F 7→ λx .G(H(x)) ∪G(Y ′)][X ′ 7→ H(X ∪ Y )]ρ = [F 7→ λx .H(x) ∪H(I(Y ′) ∪ Y )][X 7→ I(X ′)][G 7→ λx .H(I(x) ∪ Y )]ρ = [F 7→ λx .H(x) ∪H(I(Y ′) ∪X)][X 7→ I(X ′)][G 7→ λx .H(I(x) ∪X)]ρ = [F 7→ λx .G(x) ∪G(Y ′)][X ′ 7→ X ∪ Y ]

They generate the following critical pairs:

G(X ′) ⊆ G(X ′ ∪ Y )H(X,X ′) ∪H(X ∪ Y, Y ′) ⊆ H(X ∪ Y,X ′ ∪ Y ′)G(H(X)) ∪G(Y ′) ⊆ G(H(X ∪ Y ) ∪ Y ′)H(I(X ′)) ∪H(I(Y ′) ∪ Y ) ⊆ H(I(X ′ ∪ Y ′) ∪ Y )H(Y ) ∪H(I(Y ′) ∪ Y ) ⊆ H(I(X ′ ∪ Y ′) ∪ Y )G(X) ∪G(Y ′) ⊆ G(X ∪ Y ∪ Y ′)

All of them, except the second one, are confluent. The second one makesnecessary to introduce the following rule:

r7 : H(X,X ′) ∪H(X ∪ Y, Y ′)−−→⊆ H(X ∪ Y,X ′ ∪ Y ′)

Again this rule generates a new critical pair with r3 and requires introducing:

r8 : H(X,X ′) ∪H(Y, Y ′)−−→⊆ H(X ∪ Y,X ′ ∪ Y ′)

which subsumes r7 (the rule r7 can be decomposed into one application of r8

followed by an application of r1).In this way we introduce, among others, the following infinitely many rules:

H(X1, . . . ,Xn) ∪H(Y1, . . . , Yn)−−→⊆ H(X1 ∪ Y1, . . . ,Xn ∪ Yn)


The bi-rewriting system can not be completed in this way. A solution toprevent the non-termination of this completion process is using β-reduction ex-plicitly. We use now three symbols in the signature:

∪ : τ → τ → τlambda : (τ → τ)→ τapply : τ → τ → τ

and the following initial set of rules:

r1 : X ∪X −−→⊆ Xrext1 : X ∪X ∪ Y −−→⊆ X ∪ Y

r2 : apply(lambda(F ),X)−−→⊆ F (X)r3 : X ∪ Y −−→⊇ Xr4 : apply(lambda(F ),X)−−→⊇ F (X)

All standard critical pairs of this system are bi-confluent, thus we have toconcentrate our attention on two cases, the critical pairs obtained by overlappingthe repeated variable of rule r1 (or of rule rext

1 ) with the left part of rule r3 in thefirst case and with r4 in the second case. In the second case, as far as the ruler4 also appears in the other rewriting system (as rule r2), all extended criticalpairs generated by it will be trivially bi-confluent. Therefore, we only have toconsider the extended critical pair generated by r1 and r3, i.e.:

r5 : F (X) ∪ F (X ∪ Y )−−→⊆ F (X ∪ Y )

As we know, this rule generates a new rule r6 which properly oriented sub-sumes r5.

r6 F (X) ∪ F (Y )−−→⊆ F (X ∪ Y )

This rule is non-left-linear and may initiate an infinite sequence of non-confluent critical pairs, as we have seen. However, it also generates a standardcritical pair with r4. It is interesting to see that, using second-order bi-rewritingsystems, we can generate standard critical pairs between rules not sharing anysymbol of the signature. The reader can figure out that the same happens dealingwith equational second-order rewriting systems.

Let’s concentrate our attention on this standard critical pair. It is obtainedunifying H(apply(lambda(F ),X)) and G(Y ) ∪G(Z) using:

σ = [H 7→ λx .H1(x) ∪H1(apply(Z,X))][G 7→ λx .H1(apply(x,X))][Y 7→ lambda(F )]

The resulting rule is:

r7 : H1(F (X)) ∪H1(apply(Z,X))−−→⊆ H1(apply(lambda(F ) ∪ Z,X))

This rule generates a new critical pair with r4 which introduces r8, and r8

a critical pair with r3 which introduces r9, and finally r9 a critical pair with r3

5.7. An Example of Completion 111

which introduces r10.

r8 : H1(F (X)) ∪H1(G(X))−−→⊆ H1(apply(lambda(F ) ∪ lambda(G),X))r9 : H1(F (H2(X))) ∪H1(G(H2(X ∪ Y ))−−→⊆

−−→⊆ H1(apply(lambda(F ) ∪ lambda(G),H2(X ∪ Y )))r10 : H1(F (H2(X))) ∪H1(G(H2(Y )))−−→⊆

−−→⊆ H1(apply(lambda(F ) ∪ lambda(G),H2(X ∪ Y )))

It is easy to see that we only need the instance of r10 obtained by [H1 7→λx . x][H2 7→ λx . x] to subsume rule r5 and to make bi-confluent all critical pairsobtained from it.

r′10 : F (X) ∪G(Y )−−→⊆ apply(lambda(F ) ∪ lambda(G),X ∪ Y )

However, this rule generates new critical pairs with r4 which introduce thefollowing rules.

r11 : F (G(X)) ∪H(Y )−−→⊆

−−→⊆ apply(lambda(λx . F (apply(x,X))) ∪ lambda(H), lambda(G) ∪ Y )r12 : F (G(X)) ∪H(I(Y ))−−→⊆

−−→⊆ apply(lambda(λx . F (apply(x,X))) ∪ lambda(λx .H(apply(x, Y ))),lambda(G) ∪ lambda(I))

Rule r12 concludes the completion process which results in a finite canonicalbi-rewriting system shown in figure 5.1.

R⊆ =

8

>

>

>

>

>

>

>

>

>

>

>

>

>

>

<

>

>

>

>

>

>

>

>

>

>

>

>

>

>

:

X ∪X −−→⊆

X

apply(lambda(λx . F (x)), X)−−→⊆

F (X)

F (X) ∪G(Y )−−→⊆

apply(lambda(λx . F (x)) ∪ lambda(λx . G(x)), X ∪ Y )

F (G(X)) ∪H(Y )−−→⊆

−−→⊆

apply(lambda(λx . F (apply(x, X))) ∪ lambda(H), lambda(G) ∪ Y )

F (G(X)) ∪H(I(Y ))−−→⊆

−−→⊆

apply(lambda(λx . F (apply(x, X))) ∪ lambda(λx . H(apply(x, Y ))),lambda(G) ∪ lambda(I))

R⊇ =

(

X ∪ Y −−→⊇

X

apply(lambda(λx . F (x)), X)−−→⊇

F (X)

I =

(

X ∪ Y ←−−−→⊆

Y ∪X

(X ∪ Y ) ∪ Z←−−−→⊆

X ∪ (Y ∪ Z)

Figure 5.1: A canonical higher-order bi-rewriting system for the inclusion theoryof the union with β-reduction.


5.8 Conclusions

The use of higher-order terms in rewriting systems introduces some problems.Some of them have been expounded in this chapter. Because of that, there is nota unique proposal of higher-order rewriting system in the literature. We havediscussed some of them and we have also proposed a definition of second-orderbi-rewriting systems based on the use of the linear second-order typed λ-calculus.This proposal can also be seen as a new kind of higher-order rewriting system.We have described a new sound and complete second-order unification proce-dure for such restricted second-order language. This procedure avoids the useof the iteration and elimination transformation rules of the general second-orderunification procedure defined in (Jensen and Pietrzykowski, 1976). These trans-formation rules, in the general case, always make the procedure non terminating.Unfortunately, the decidability of our unification problem is still an open ques-tion and the termination of the procedure we have described is not guaranteed.Anyway, in the examples we have completed, the procedure always finishes andis therefore usable.

Chapter 6

ImplementingNondeterministicSpecifications

Abstract: In this chapter we show the applicability of bi-rewriting sys-

tems to the verification of nondeterministic specifications. If nondetermin-

istic specifications are viewed as inclusion specifications, then bi-rewriting

systems are a sound and complete deduction method with respect to the

class of models based on preorders. However, the models usually proposed

for these specifications are multialgebras, and both classes of models are

not equivalent. We show how a nondeterministic specification can be com-

pleted in order to get the equivalence between both semantics. We see

also that these requirements prove the initiality of a model based on sets

of normal forms. Moreover, the completion process does not modify the

rewriting relation −−→R⊇

used to model the nondeterministic computation.

6.1 Introduction

It is well known that term rewriting techniques can be used to test the equiv-alence of terms in a equational logic specification E. The method consists infinding the normal form of both sides of the tested equality and checking if theyare equal. The method is sound and complete for ground terms if the set ofground normal forms is an initial model of the specification; and for terms withvariables if the set of normal forms is isomorphic to T (Σ,X )/E (Dershowitzand Jouannaud, 1990). It is also well known that the confluence and termina-tion of the rewriting system resulting from orienting the equations is a sufficientcondition for this completeness result.

Term rewriting techniques have also been proposed as the implementationlanguage of nondeterministic specifications (Kaplan, 1986a; Hussmann, 1992).

113

114 Chapter 6. Implementing Nondeterministic Specifications

In all these approaches the signature includes a nondeterministic choice opera-tor —noted by ↑ in (Kaplan, 1986a; Kaplan, 1988), by or( , ) in (Hussmann,1991; Hussmann, 1992), or by ∪ in our work— which makes nondeterministiccomputation loose the symmetry property. Otherwise, the rules X∪Y−→X andX ∪ Y−→Y proposed for the choice operator would allow to prove the equiv-alence of any two terms. Therefore, the confluence property makes no sense,and a nondeterministic specification is presented in general as a set of (non sym-metric) inclusions. This suggests the use of bi-rewriting systems to verify suchnondeterministic specifications. However, the models of inclusion specificationsare based on preorder algebras, whereas the models of nondeterministic specifi-cations are based on multialgebras, and both classes of models are not equivalent(as we show in a counter-example).

In section 6.2, we describe how a nondeterministic specification can be com-pleted in order to obtain the same semantics using the preorder or the multialge-bra class of models. In section 6.3 we prove that the set of normal forms (w.r.t.the rewriting relation −−→

R⊇) of a completed nondeterministic specifications forms

an initial model of the specification. Moreover, the method consisting on, givena pair of terms a and b, finding the set of normal forms of both terms and check-ing if one set is included into the other one is a sound and complete method totest a ⊆ b. Theorem 6.16 summarizes all these results. Finally, in section 6.4we show by means of an example how a nondeterministic specification can becompleted.

6.2 Using Bi-rewriting Systems to VerifySpecifications

The models usually proposed for nondeterministic specifications are based onΣ-multialgebras (Hesselink, 1988; Nipkow, 1986), which capture the essence ofnondeterminism better than the Σ-algebras used in equational specifications.

Definition 6.1 A Σ-multialgebra A is a tuple 〈SA,FA〉 where SA is a nonempty carrier set, and FA is a set of set-valued functions fA : SA× n. . . ×SA →P+(SA) for each f ∈ Σn function symbol of the signature.

Models are defined as follows.

Definition 6.2 Given a nondeterministic specification I over a signature Σ, aΣ-multialgebra A is said to be a model of I, noted A ∈ MAlg(I), if the inter-pretation function IA[ ] : (X → SA)→ T (Σ,X )→ P+(SA) defined inductivelyby1

IAρ [x] = {ρ(x)} for any x ∈ X

IAρ [f(t1, . . . , tn)] =

⋃

{fA(v1, . . . , vn) | vi ∈ IAρ [ti]} for any f ∈ Σn

1P+(S) denotes the set of nonempty subsets of S, andS

S, where S is a set of sets, denotesthe union of all the elements belonging to S, i.e.

S

x∈SX.

6.2. Using Bi-rewriting Systems to Verify Specifications 115

satisfies IAρ [t] ⊆ IA

ρ [u] for any axiom t ⊆ u in the specification I, and any

valuation function ρ : X → SA.An inclusion t ⊆ u is valid in a Σ-multialgebra model A, noted A |= t ⊆ u, if forany valuation ρ we have IA

ρ [t] ⊆ IAρ [u].

Bi-rewriting systems introduced in chapters 4 and 5 automate the deduc-tion in the Partial Order Logic POL (also for the rewriting logic of Meseguer(Meseguer, 1992)). The models of this logic are preorder algebras, defined asfollows.

Definition 6.3 A Σ-preorder algebra A is a triplet 〈SA,⊆A,FA〉 where SA

is a carrier set, ⊆A is a preorder relation and FA is a set of monotonic functionsfA : SA× n. . . ×SA → SA for each symbol f ∈ Σn.

Definition 6.4 Given a specification I over Σ a Σ-preorder algebra A is saidto be a model of I, noted A ∈ POAlg(I), if the interpretation function IA[ ] :(X → SA)→ T (Σ,X )→ SA defined inductively by

IAρ [x] = ρ(x) for any x ∈ X

IAρ [f(t1, . . . , tn)] = fA(IA

ρ [t1], . . . , IAρ [tn]) for any f ∈ Σn

satisfies Iρ[t] ⊆A Iρ[u] for any axiom t ⊆ u in the specification I and anyvaluation ρ : X → SA.

A soundness and completeness theorem, similar to the Birkhoff theorem, canbe stated for this logic.

Lemma 6.5 For any specification I and any pair of terms t and u we havePOAlg(I) |= t ⊆ u iff I ⊢

POLt ⊆ u.

Commutative and terminating bi-rewriting systems automate the deduc-tion in ⊢

POL. They are a sound and complete method w.r.t. the semantics

of specifications based on preorder algebras. However, POAlg(I) |= t ⊆ u andMAlg(I) |= t ⊆ u are not equivalent (the implication does not hold in none ofboth directions) as the following counter-example shows.

Example. A counter-example to MAlg(I) |= t ⊆ u ⇒ POAlg(I) |= t ⊆ u isgiven by the following additivity axiom which is sound in multialgebra models,but not in preorder algebra models.

f(X ∪ Y ) ⊆ f(X) ∪ f(Y )Aditivity

The counter-example to POAlg(I) |= t ⊆ u ⇒ MAlg(I) |= t ⊆ u is not soevident, and causes more problems. The following substitution rule is sound inpreorder models, but not in multialgebra models, in the presence of repeatedvariables.

t ⊆ uσ(t) ⊆ σ(u)

Substitution


For instance, the deduction

f(X,X) ⊆ g(X) , X ⊆ X ∪ Y , Y ⊆ X ∪ Y ⊢POL

f(X,Y ) ⊆ g(X ∪ Y )

is correct in POL. However, it is not sound in a multialgebra model. The mul-tialgebra A = 〈SA,FA〉 defined by:

SA = {a, b}fA(x, y) = if x = y then {a} else {b}gA(x, y) = {a}x ∪A y = {x, y}

is a model of I = {f(X,X) ⊆ g(X),X ⊆ X ∪ Y, Y ⊆ X ∪ Y }, howeverIAρ [f(X,Y )] 6⊆ IA

ρ [g(X ∪ Y )] for ρ = [a← X, b← Y ].

We understand variables in a specification denoting terms and being univer-sally quantified. Therefore, we think that the substitution rule has to be soundin any specification model. Multialgebra models may satisfy this requirement ifwe modify the definition of interpretation and model:

Definition 6.6 A Σ-multialgebra A is said to be a strong model of a spec-ification I, noted A ∈ MAlg(I), if the interpretation function IA[ ] : (X →P+(SA))→ T (Σ,X )→ P+(SA) defined inductively by

IAρ [x] = ρ(x) for any x ∈ X

IAρ [f(t1, . . . , tn)] =

⋃

{fA(v1, . . . , vn) | vi ∈ IAρ [ti]} for any f ∈ Σn

satisfies Iρ[t] ⊆ Iρ[u] for any axiom t ⊆ u in the specification I, and any valuationρ : X → P+(SA).

Notice that the valuation function ρ now ranges over sets and not over values.

Lemma 6.7 For any specification I we have MAlg(I) ⊆MAlg(I).

Using this smaller class of models the preorder logic entailment ⊢POL

becomessound in it.

Theorem 6.8 If POAlg(I) |= t ⊆ u holds, then MAlg(I) |= t ⊆ u also holds.Therefore, bi-rewriting is a sound deduction method.

Proof: It is sufficient to prove that

∀A ∈MAlg .∃B ∈ POAlg . (∀ρ . IAρ [t] ⊆ IA

ρ [u])⇔ (∀ρ′ . IBρ′ [t] ⊆B IB

ρ′ [u])

Notice that we use one implication direction to prove A ∈ MAlg(I) ⇒ B ∈POAlg(I), and the opposite direction to prove B |= t ⊆ u⇒ A |= t ⊆ u.

Any Σ-multialgebra A has a Σ-preorder algebra B naturally associated. Thispreorder algebra B is defined by

SB def= P+(SA)

fB(s1, . . . , sn)def=

⋃

{fA(v1, . . . , vn) | vi ∈ si} for any f ∈ Σn

6.2. Using Bi-rewriting Systems to Verify Specifications 117

The carrier SB is a power set, and the set inclusion relation ⊆ used in themultialgebra model A, and the partial order relation ⊆B used in the preordermodel B are equal. We can prove by structural induction on the term t thatIAρ [t] = IB

ρ [t].

IBρ [x] = ρ(x) = IA

ρ [x]IBρ [f(t1 . . . tn)] = fB(IB

ρ [t1] . . . IBρ [tn]) =

⋃

{fA(v1 . . . vn) | vi ∈ IBρ [ti]}

=⋃

{fA(v1 . . . vn) | vi ∈ IAρ [ti]} = IA

ρ [f(t1 . . . tn)]

Then the initial double implication becomes a tautology.

In the following we will study which conditions I has to satisfy in order tobe POAlg(I) |= t ⊆ u and MAlg(I) |= t ⊆ u equivalent.

Theorem 6.9 If the specification I satisfies:

(i) I contains the union theory as a subtheory:I ⊢

POLX ∪X ⊆ X, X ⊆ X ∪ Y, Y ⊆ X ∪ Y .

(ii) I ⊢POL

t = ∪{u ∈ Atomic(I) | I ⊢POL

u ⊆ t}, for any term t, where

Atomic(I)def= {u ∈ T (Σ,X ) | if I ⊢

POLv ⊆ u then v = u}.

(iii) I ⊢POL

f(. . . t ∪ u . . .) ⊆ f(. . . t . . .) ∪ f(. . . u . . .) for any n-ary symbolf ∈ Σn.

(iv) If t ∈ Atomic(I) and I ⊢POL

t ⊆ u ∪ u′ then either I ⊢POL

t ⊆ u orI ⊢

POLt ⊆ u′.

Then, whenever MAlg(I) |= t ⊆ u holds, then POAlg(I) |= t ⊆ u also holds.Therefore, bi-rewriting is a complete deduction method for these specifications.

Proof: It is sufficient to prove that

∀B ∈ POAlg .∃A ∈MAlg . (∀ρ . IAρ [t] ⊆ IA

ρ [u])⇔ (∀ρ′ . IBρ′ [t] ⊆B IB

ρ′ [u])

We can also associate a multialgebra A to each preorder algebra B as follows.

SA def= Atomic(SB)

fA(v1, . . . , vn)def= {s ∈ SA | s ⊆B fB(v1, . . . , vn)} for any f ∈ Σn

where for any preorder S, we define Atomic(S)def= {s ∈ S | s′ ⊆ s⇒ s = s′}.2

Notice that in this case ⊆ is the set inclusion in P+(SB), and ⊆B is a preorderrelation on SB, and they are different relations.

Case ∀ρ′ .∃ρ . IAρ [t] ⊆ IA

ρ [u]⇒ IBρ′ [t] ⊆B IB

ρ′ [u].

The conditions of the theorem can be translated directly to properties ofthe preorder algebra B:

v ∪B v ⊆B v v1 ⊆B v1 ∪B v2 v2 ⊆B v1 ∪

B v2

fB(. . . v1 ∪B v2 . . .) ⊆B fB(. . . v1 . . .) ∪B fB(. . . v2 . . .)

v = ∪B{v′ ∈ Atomic(SB) | v′ ⊆B v}v ∈ Atomic(SB) ∧ v ⊆ v1 ∪ v2 ⇒ v ⊆ v1 ∨ v ⊆ v2

2Notice that for the free algebra of terms T (Σ,X )/I this definition and the previous onebecomes equivalent.


If we define ρ(x)def= {s ∈ SA | s ⊆B ρ′(x)} then using the properties below

we can prove by structural induction on the term t that

IBρ′ [t] = ∪BIA

ρ [t]

where, as usual ∪B{v1, . . . , vn} = v1 ∪B · · · ∪B vn for any v1 . . . vn ∈ SB .

Then the monotonicity of ∪B proves that IAρ [t] ⊆ IA

ρ [u] implies IBρ′ [t] ⊆

IBρ′ [u].

Case ∀ρ .∃ρ′ . IBρ′ [t] ⊆B IB

ρ′ [u]⇒ IAρ [t] ⊆ IA

ρ [u].

The last two conditions of the theorem prove that if t ∈ Atomic(I) andI ⊢

POLt ⊆ f(u1, . . . , un) then there exist v1, . . . , vn ∈ Atomic(I) such that

I ⊢POL

t ⊆ f(v1, . . . , vn) for any f ∈ Σn.

If we define ρ′(x) = ∪Bρ(x) then we can prove

IAρ [t] = {s ∈ SA | s ⊆B IB

ρ′ [t]}

for any term t by structural induction.

Then IBρ′ [t] ⊆B IB

ρ′ [u] implies IAρ [t] ⊆ IA

ρ [u].

The conditions of the previous theorem are usually satisfied in any nondeter-ministic specification I. We will find the same conditions in the next subsectionwhere we try to prove the existence and initiality of a model based on sets ofnormal forms.

6.3 Characterizing Terms by Sets of NormalForms

In nondeterministic computations terms can not be characterized by a uniquenormal form, but we will try to characterize them by its set of normal forms. Inthis case, a method to test inclusions of terms in a nondeterministic specificationwould consist in searching the set of normal forms of each side of the inclusion,and checking if one set is included in the other one. We will prove that thesoundness and completeness of this nondeterministic computation method relieson the existence and initiality of a model of set of normal forms –like in theequational case with the normal form model–. The main goal of this sectionis to give the conditions for the existence and for the initially of this model –like it is characterized in the equational case by the confluence and terminationproperties–.

First we will present the formal definition of the set of normal forms model,SNF-model for short, and later we will study the nondeterministic computationmethod, NDC-method for short.

Nondeterministic computation is based on the computation of normal formsonly using the rewriting system R

⊇. As we will see, the other rewriting system

6.3. Characterizing Terms by Sets of Normal Forms 119

R⊆

does not play a computational role, but its rules may be understood assemantic constraints on the class of models of the specification. The example atthe end of the section shows this clearly. Adding new rules to R⊆ we can provea soundness and completeness result for the nondeterministic computation andthe bi-rewriting methods w.r.t. the models of the extended specification.

Given a rewriting system R⊇, we will denote the set of its R⊇-normal formsby NF⊇ and the set of R⊇-normal forms of a term t by NF⊇[t].

The set of normal forms multialgebra, SNF-multialgebra for short, is definedas follows.

Definition 6.10 Given a rewriting system R⊇, the SNF-multialgebra SNF =

〈SSNF ,FSNF 〉 is defined by the carrier set SSNF def= NF⊇, and the set of func-

tions fSNF : NF⊇× n. . . ×NF⊇ → P+(NF⊇) defined by fSNF (t1, . . . , tn) =NF⊇[f(t1, . . . , tn)] for each functional symbol f ∈ Σn of the signature.

Notice that the SNF-multialgebra is defined syntactically using R⊇, and in-dependently of I. The rewriting rules of R⊇ come from the orientation of theaxioms of I, as explained in previous chapters. However, this fact is not enoughto prove that the SNF-multialgebra is a multialgebra model of I.

Lemma 6.11 Given a specification I and a rewriting system R⊇, if the followingconditions hold.

(i) For any inclusion t ⊆ u in I, and any substitution ρ : X → NF⊇, we haveNF⊇[ρ(t)] ⊆ NF⊇[ρ(u)].

(ii) If t ∈ NF⊇[f(. . . , u, . . .)], then there exists u′ ∈ NF⊇[u] such that t ∈NF⊇[f(. . . , u′, . . .)].

then the SNF-multialgebra is a multialgebra model of I, SNF ∈ MAlg(I), andthe interpretation function is ISNF

ρ [t] = NF⊇[ρ(t)].Additionally, if the following condition also holds

(iii) NF⊇[t ∪ u] ⊆ NF⊇[t] ∪NF⊇[u],

then the SNF-multialgebra is a strong multialgebra model of I, SNF ∈MAlg(I),and ISNF

ρ [t] = NF⊇[ρ′(t)], where for any x ∈ X , ρ′(x) = ∪ρ(x).

Proof: First we prove that ISNFρ [t] = NF⊇[ρ(t)] are equal. That is, NF⊇[ρ(t)]

satisfies the inductive definition of multialgebra interpretation function: 1) ISNFρ [x] =

ρ(x) for any variable x ∈ X . As far as ρ maps variables to normal forms,NF⊇[ρ(x)] = {ρ(x)}. 2) ISNF

ρ [f(t1, . . . , tn)] =⋃

{fSNF (v1, . . . , vn) | vi ∈ ISNFρ [ti]},

which is equivalent to NF⊇[f(ρ(t1), . . . , ρ(tn))] =⋃

{NF⊇[f(v1, . . . , vn)] | vi ∈NF⊇[ρ(ti)]}. The inclusion ⊇ is always satisfied and it can be proved using themonotonicity of f . The inclusion ⊆ is proved by the second condition of thelemma.

Second the first condition of the lemma and ISNFρ [t] = NF⊇[ρ(t)] prove that

ISNFρ [t] ⊆ ISNF

ρ [u] for any inclusion t ⊆ u of I, and any substitution ρ.The proof of the second part of the lemma is quite similar. In this case we

need the third condition to prove ISNFρ [t] = ρ(x) = NF⊇[∪ρ(x)] = NF⊇[ρ′(x)].


As we have seen in the previous subsection we can associate a preorder alge-bra to the SNF-multialgebra, and this preorder algebra will be a preorder modelof I if the SNF-multialgebra is a strong multialgebra model of I.

Lemma 6.12 If the following conditions are satisfied:

(i) If I ⊢POL

t ⊆ u then NF⊇[t] ⊆ NF⊇[u].

(ii) If t ∈ NF⊇[f(. . . , u, . . .)], then there exists u′ ∈ NF⊇[u] such that t ∈NF⊇[f(. . . , u′, . . .)].

(iii) NF⊇[t ∪ u] ⊆ NF⊇[t] ∪NF⊇[u],

then, the SNF-preorder algebra defined by the carrier set SSNF def= P+(NF⊇)

and the set of functions fSNF (s1 . . . sn)def= ∪{NF⊇[f(v1 . . . vn)] | vi ∈ si} is a

preorder model of I.If in addition

(iv) If NF⊇[t] ⊆ NF⊇[u] then I ⊢POL

t ⊆ u.

then the SNF-preorder model is initial in POAlg(I), and the associated SNF-multialgebra is initial in MAlg(I).Moreover, MAlg(I) |= t ⊆ u and POAlg(I) |= t ⊆ u are equivalent.

Proof: The proof of the first part of the lemma is a consequence of the previouslemma. The proof for the initiality of the model relies on the completeness of⊢

POLw.r.t. the class of models POAlg. The initiality of the model SNF w.r.t.

the class POAlg(I), and the fact that its associated multialgebra is a strongmultialgebra model of I proves the last equivalence.

The conditions of this lemma reproduce the condition of theorem 6.9. Beforereducing the four conditions of this lemma to syntactic conditions more easilyprovable, we will discuss its meaning.

The first condition NF⊇[t1] ⊇ NF⊇[t2]⇒ I ⊢POL

t1 ⊇ t2 expresses the sound-ness of the NDC-method with respect to the specification. However, the userusually only gives the rewriting rules R⊇, leaving the specification incomplete–as we will see in the examples–. This specification must be completed in orderto verify this condition. Hence, we prefer to name this condition completenessof the specification with respect to the NDC-method.

The forth condition I ⊢POL

t1 ⊇ t2 ⇒ NF⊇[t1] ⊇ NF⊇[t2] expresses thecompleteness of the method with respect to the specification. This conditionis very easily satisfied. As it is noticed by Hussmann (Hussmann, 1992) themore difficult point working with nondeterministic specifications is the soundnessproperty of the method (or soundness of the Birkhoff theorem). Kaplan gives thetheorem (theorem 2.3 in (Kaplan, 1986a)) MODR |= M = N iff {NF (M)} ={NF (N)}, although he does not use multialgebra models, and the theorem isstated in terms of equality, instead of inclusions.

The second property t2 ∈ NF⊇[f(. . . , t1, . . .)] ⇒ ∃t3 ∈ NF⊇[t1] . t2 ∈NF⊇[f(. . . , t3, . . .)] is named additivity property. It is related with the use ofmultialgebra models. The functions in these models (from values to sets) can beextended point wise to set arguments (from sets to sets) by the additive propertyof the functions, obtaining a preorder model. It means that the interpretation

6.3. Characterizing Terms by Sets of Normal Forms 121

mapping I has to be defined inductively by additivity. As we will see, to ensurethis property we will require the additivity property for all the functions in thesignature. This condition is also required by Hussmann (Hussmann, 1992). Infact, it becomes his det-additive property by translating t2 ∈ NF⊇[f(t1)] intof(t1)−→t2 ∧ det(t2).

To reduce these four properties to syntactic ones, easier to prove, we needthe following lemma.

Lemma 6.13 Given a specification I containing at least the union axioms, if theorientation and completion of its axioms result in a commutative and terminatingbi-rewriting system 〈R

⊆, R

⊇〉, then

(i) If NF⊇ ⊆ NF⊆, then I ⊢POL

t1 ⊇ t2 implies NF⊇(t1) ⊇ NF⊇(t2).

(ii) If I ⊢POL

t ⊆⋃

{t′ | t−−→R⊇

t′} for any term t 6∈ NF⊇, then NF⊇(t1) ⊇

NF⊇(t2) implies I ⊢POL

t1 ⊇ t2.

(iii) If in addition the additive property f(. . . ,X ∪ Y, . . .) = f(. . . ,X, . . .) ∪f(. . . , Y, . . .) for any function symbol f ∈ Σ holds in the specification I, andthe bi-rewriting system satisfies NF⊇[t1 ∪ t2] = NF⊇[t1]∪NF⊇[t2] for anypair of terms t1 and t2, then t2 ∈ NF⊇[f(t1)] implies ∃t3 ∈ NF⊇[t1] . t2 ∈NF⊇[f(t3)].

Proof:

(i) Let I ⊢POL

t1 ⊇ t2 hold, the commutation and termination properties of〈R

⊆, R

⊇〉 prove t1 −−→

∗

⊇◦←−−∗

⊇t2. Let t ∈ NF⊇[t2] hold, we have then t2 −−→

∗

⊇t.

The commutation and termination properties prove again t1 −−→∗

⊇◦←−−∗

⊇t. How-

ever t ∈ NF⊇, thus, t ∈ NF⊆ by hypothesis, and we have t1 −−→∗

⊇t and therefore

t ∈ NF⊇[t1].

(ii) The termination property and I ⊢POL

t ⊆⋃

{t′ | t−−→⊇ t′} allow to prove by

noetherian induction I ⊢POL

t ⊆⋃

NF⊇[t]. The union axioms prove I ⊢POL

t ⊇⋃

NF⊇[t] and I ⊢POL

⋃

NF⊇[t1] ⊇⋃

NF⊇[t2] if NF⊇[t1] ⊇ NF⊇[t2]. Therefore,we have by transitivity I ⊢

POLt1 ⊇ t2.

(iii) Using the conditions of the previous point we proved t1 =⋃

NF⊇[t1]; and bythe additional conditions of this point we have f(

⋃

NF⊇[t1]) =⋃

t3∈NF⊇[t1]f(t3)

and NF⊇[⋃

t3∈NF⊇[t1]f(t3)] =

⋃

t3∈NF⊇[t1]NF⊇[f(t3)]. Therefore, if t2 belongs to

this union of sets, then it belongs to one of them, that is, there exists a termt3 ∈ NF⊇[t1] such that t2 ∈ NF⊇[f(t3)].

Inspired in this SNF-model we can define a new method for checking in-clusions. We name this method nondeterministic computation method, NDC-method for short, and we define it as follows.

Definition 6.14 Given a rewriting system R⊇ and two terms t and u, theNDC-method is defined by NDC(t, u) = true if, and only if, NF⊇[t] ⊆NF⊇[u].


Lemma 6.15 If the conditions I ⊢POL

t ⊆ u and NF⊇[t] ⊆ NF⊇[u] are equiv-alent, the the NDC-method is sound and complete w.r.t. the class of modelsPOAlg(I).

The following theorem is the main result of this section, and summarizes theresults of all the previous lemmas.

Theorem 6.16 Given a nondeterministic specification I, and a bi-rewritingsystem 〈R

⊆, R

⊇〉 resulting from the orientation of its axioms, if the following

conditions are satisfied

(i) the bi-rewriting system is commutative and terminating,

(ii) the axioms defining the union operator can be deduced from I,

(iii) NF⊇ ⊆ NF⊆,

(iv) I ⊢POL

t ⊆⋃

{t′ | t−−→⊇ t′} holds for any term t 6∈ NF⊇,

(v) I ⊢POL

f(. . . ,X ∪ Y, . . .) = f(. . . ,X, . . .) ∪ f(. . . , Y, . . .) for any symbolf ∈ Σ

(vi) NF⊇[t1 ∪ t2] = NF⊇[t1] ∪NF⊇[t2] for any terms t1 and t2,

then the following sentences are equivalent:

POAlg(I) |= t ⊆ u I ⊢POL

t ⊆ u t−−→∗R⊆

◦←−−∗R⊇

u

MAlg(I) |= t ⊆ u NF⊇[t] ⊆ NF⊇[u]

Although these conditions could seem very strange, they hold (or may hold)in most of the nondeterministic specifications. As we will see in the next example,when they do not hold is due to the incompleteness of the specification, the lack ofinclusions in R

⊆without computational meaning, and not to the incompleteness

of the rewriting rules R⊇

used to compute. In these cases it is necessary to addnew axioms to the specification, which of course, reduce the number of models,and make the NDC-method and the bi-rewriting method sound and complete.

The same kind of specification completion method has been studied by Huss-mann (Hussmann, 1992).

6.4 An Example of NondeterministicSpecification

To show this specification completion method we will use the classical nondeter-ministic specification of a nondeterministic automata, in this case an automatato recognize the patterns (0∪ 1)∗0(0∪ 1)∗ and (0∪ 1)∗1(0∪ 1)∗. A first attemptto get a specification is shown in figure 6.1 where all inclusions can be orientedto the right, obtaining a commutative bi-rewriting system (where R

⊆= ∅).

However, it it easy to see that trans(s1,X) can be reduced by −−→⊇ to s1

or to trans(s0,X), and I ⊢POL

trans(s1,X) ⊆ s1 ∪ trans(s0,X) does not hold.Therefore the condition I ⊢

POLt ⊆

⋃

{t′ | t−−→⊇ t′} does not hold for all re-ducible terms t. This problem can be avoided adding the axiom trans(s1,X) ⊆s1∪trans(s0,X) to the specification. The same happens with X∪X that can be

6.5. Conclusions 123

0, 1

0, 1

ǫ

ǫ

10

6

6��

QQ

QQk

��

��+Q

QQs

��3

s2

s1

s0X ∪ Y ⊇ X X ∪ Y ⊇ Y

trans(s0, 0) ⊇ s1 trans(s0, 1) ⊇ s2

trans(s1, X) ⊇ s1 trans(s1, X) ⊇ trans(s0, X)trans(s2, X) ⊇ s2 trans(s2, X) ⊇ trans(s0, X)prog(X, nill) ⊇ X

prog(X, cons(Y, Z)) ⊇ prog(trans(X, Y ), Z)

Figure 6.1: A nondeterministic automata and its nondeterministic specification.

reduced only to X but X∪X ⊆ X does not hold; and so on. The additivity con-dition makes necessary to introduce trans(X∪Y,Z) ⊆ trans(X,Z)∪trans(Y,Z)and the same for the second argument and for prog. If we complete the specifica-tion in this way we obtain the completed specification shown in figure 6.2. Thisspecification can be oriented and completed using the Knuth-Bendix completionprocess to obtain the bi-rewriting system of figure 6.3. This bi-rewriting systemsatisfies all the restrictions of the theorem 6.16.

X ∪ Y ⊇ XX ⊇ X ∪Xtrans(s0, 0) ⊇ s1

trans(s1,X) = s1 ∪ trans(s0,X)prog(X,nill) = Xprog(X, cons(Y,Z)) = prog(trans(X,Y ), Z)trans(X,Z) ∪ trans(Y,Z) ⊇ trans(X ∪ Y,Z)trans(Z,X) ∪ trans(Z, Y ) ⊇ trans(Z,X ∪ Y )prog(X,Z) ∪ prog(Y,Z) ⊇ prog(X ∪ Y,Z)prog(Z,X) ∪ prog(Z, Y ) ⊇ prog(Z,X ∪ Y )

X ∪ Y ⊇ Y

trans(s0, 1) ⊇ s2

trans(s2,X) = s2 ∪ trans(s0,X)

Figure 6.2: The completed specification of the automata.

The process described in this example, where a specification is completed–leaving the computational rewriting system −−→⊇ unchanged– corresponds tothe selection of a maximally deterministic model described by Hussmann in(Hussmann, 1992).

6.5 Conclusions

We have shown the usefulness of bi-rewriting systems to relate the mathematicaland the operational semantics of nondeterministic specifications. We have giventhe conditions for the soundness and completeness of a normal form computationprocedure and the bi-rewriting method, used to automate the deduction in non-deterministic specifications. We have also given the conditions for the existence


R⊇

=

X ∪ Y −−→⊇ XX ∪ Y −−→⊇ Ytrans(s0, 0)−−→⊇ s1

trans(s0, 1)−−→⊇ s2

trans(s1,X)−−→⊇ s1

trans(s1,X)−−→⊇ trans(s0,X)trans(s2,X)−−→⊇ s2

trans(s2,X)−−→⊇ trans(s0,X)prog(X,nill)−−→⊇ Xprog(X, cons(Y,Z))−−→⊇ prog(trans(X,Y ), Z)

R⊆

=

X ∪X −−→⊆ Xtrans(X ∪ Y,Z)−−→⊆ trans(X,Z) ∪ trans(Y,Z)trans(Z,X ∪ Y )−−→⊆ trans(Z,X) ∪ trans(Z, Y )prog(X ∪ Y,Z)−−→⊆ prog(X,Z) ∪ prog(Y,Z)prog(Z,X ∪ Y )−−→⊆ prog(Z,X) ∪ prog(Z, Y )trans(X1,X2) ∪ trans(Y1, Y2)−−→

⊆trans(X1 ∪ Y1,X2 ∪ Y2)

prog(X1,X2) ∪ prog(Y1, Y2)−−→⊆

prog(X1 ∪ Y1,X2 ∪ Y2)

(Modulo the associative and commutative axioms for the union)

Figure 6.3: The completed bi-rewriting system automating the deduction in theautomata specification.

and initiality of a model based on sets of normal forms.

Chapter 7

Conclusions and FurtherWork

The course of this thesis has been oriented by one main objective: the definitionof the formal basis for the development of a specification methodology based onmonotonic inclusion relations. This goal has leaded us to use a wide variety ofdifferent formal techniques1 with a common purpose. Thus, the contributionsof the thesis reach different research areas. We would like to distinguish thefollowing ones:

1. The definition of the Calculus of Refinements (COR), an extension of theλ-calculus with lattice operations and based on monotonic inclusions. Thiscalculus is proposed as an unified formalism. On the one hand inclusionrelations generalize equational relations, and the calculus is an extensionof the equational specification formalisms; on the other hand the inclusionrelation can be used instead of the typing relation “:”, and the calculuscan be seen as a typing calculus.

2. The definition of a class of models for the Calculus of Refinements as arestriction of the environment models used for the λ-calculus. This waspossible because the operationallity of COR, like the λ-calculus, is basedon the β-reduction rule, and the lattice operators are a natural extensionnot interfering with the semantics of the rest of operators (λ-abstractionand application).

3. Some standard models of the λ-calculus, the D∞ and the Pω models, arealso models of the Calculus of Refinements. However, in all these modelsthe computational ordering (the one providing the lattice structure of themodels) and the structural ordering (the one used to model the inclusionrelation) are identified. In order to distinguish them we have to define anew model.

1This, in principle, additional difficulty has allowed us to visit a wide spectrum of theoreticalissues and in this way to have now a broad picture of what is going on in computer science.

125

126 Chapter 7. Conclusions and Further Work

4. The definition of a new kind of COR-models, the ideal model, based onthe set of order ideals of a domain. Here, the structural ordering used todefine the order ideals, and the inverse of the computational ordering, usedto define continuous functions, are identified. This is the usual intendedsemantics of type theories. Thus, such model makes the proposal of CORto be a typing formalism. It is a means of interpreting functions as sets,i.e. of interpreting functions as types. We prove that the set of order idealsof a functional domain (where continuous functions can be interpreted aselements of the domain) is also a functional domain.

5. The proposal of a new rewriting technique, the bi-rewriting systems, in-tended to automate the deduction in inclusion theories. This methodol-ogy extends the result of term rewriting techniques to the case of non-symmetric relations. Main properties of rewriting systems are kept, andwe point where difficulties turn up.

6. The definition of a new concept of higher-order rewriting systems basedon a restricted second-order typed language, and the description of a uni-fication procedure for this language. This definition is an alternative tothe existing definitions of higher-order rewriting systems, and solves theextended critical pairs problem of first-order bi-rewriting systems.

7. A contribution to the automatic verification of non-deterministic specifi-cations, based on the use of bi-rewriting systems. Nondeterministic com-putation can be modeled by means of an inclusion relation as follows. Ifa can be evaluated nondeterministically to b then a ⊇ b. However, thenondeterministic computation relation fulfills more properties than the in-clusion relation. For instance if t only can be evaluated to a or b, thenf(t) only can be evaluated to f(a) or f(b). We prove that if we complete anondeterministic specifications with these additional properties not sharedby the inclusion relation, then the bi-rewriting technique is a sound andcomplete method to test the verification of these specifications.

7.1 Further Work and Open Problems

Some problems appeared during this research have a still pending solution. Wewant to emphasize the following ones:

1. The description of application areas and the practical use of this method-ology, as well as the creation (implementation) of a specification language.The examples we have studied (not described in this thesis) suggested usthe use of the Calculus of Refinements as a typing formalism where theinclusion relation substitutes the typing relation. The ideal model for-malizes this idea, however the utility of such bold proposal has still to bemotivated.

7.1. Further Work and Open Problems 127

2. The statement of an initiality property for the ideal model. The initialityproperty of a semantic domain is important in order to ensure the validityof induction principles. The category-theoretic solution of recursive do-main equations ensures that this property holds for the resulting solution.We use this category-theoretic technique to obtain a value domain, andwe prove that the set of order ideals of such domain satisfies a type re-cursive equation, however the initiality of this ideal domain is not proved.We think that the ideal domain is the initial solution of a pair of recur-sive equations, one is the type recursive equation, and the other is a stillnot determined equation ensuring that the domain has enough differentelements.

3. The decidability of the linear second-order typed λ-calculus unificationproblem. On the one hand, we know that the general second-order uni-fication problem is semi-decidable, on the other, we know that the stringunification problem is decidable. The linear second-order unification prob-lem is just between both of them, and it has still not been proved if it isdecidable or not. We have an unfinished proof of the decidability of suchproblem. However, the proof is not easy and has to be finished beforestating such important result.

4. The termination problem in second-order bi-rewriting systems. As far aswe know the termination of higher-order rewriting systems as never beenstudied. In our case, it is also left as a future research line.

128 Chapter 7. Conclusions and Further Work

References

Agustı, J., Esteva, F., Garcıa, P. and Levy, J. (1992). A Calculus of Refinements:its class of models. In 1o Congreso de Programacion Declarativa, ProDe’92, pages118–126, Madrid, Spain.

Aıt-Kaci, H., Podelski, A. and Goldstein, S. C. (1993). Order-sorted featuretheory unification. Technical report, Digital Paris Research Laboratory.

Allester, D. M., Givan, B. and Fatima, T. (1989). Taxonomic syntax for firstorder inference. In Proc. of the First Int. Conf. on Princ. of Knowledge Repre-sentation and Reasoning, pages 289–300.

Antimirov, V. (1992). Term rewriting in unified algebras: an order-sorted ap-proach. In 9th WADT - 4th Compass Workshop, Caldes de Malavella, Spain.

Bachmair, L. and Dershowitz, N. (1986a). Commutation, transformation andtermination. In Siekmann, J., editor, 8th Conference in Automated Deduction,CADE-8, volume 230 of Lecture Notes in Computer Science, pages 5–20.

Bachmair, L., Dershowitz, N. and Hsiang, J. (1986b). Orderings for equationalproofs. In Proc. Symp. on Logic in Computer Science, LICS’86, pages 346–357,Boston, Massachusetts.

Bachmair, L. and Dershowitz, N. (1989a). Completion for rewriting module acongruence. J. of Theoretical Computer Science, 67:173–201.

Bachmair, L., Dershowitz, N. and Plaisted, D. (1989b). Completion without fail-ure. In Aıt-Kaci, H. and Nivat, M., editors, Resolution of Equations in AlgebraicStructures, volume 2: Rewriting Techniques, chapter 1, pages 1–30. AcademicPress, New York.

Bachmair, L. (1991). Canonical Equational Proofs. Birkhauser, Boston, Mas-sachusetts.

Bachmair, L., Ganzinger, H., Lynch, C. and Snyder, W. (1992). Basic paramod-ulation and superposition. In Kapur, D., editor, Int. Conference on AutomatedDeduction CADE’11, volume 607 of Lecture Notes in Computer Science, pages462–476. Springer-Verlag.

129

130 References

Bachmair, L. and Ganzinger, H. (1993a). Ordered chaining for total or-derings. Technical Report MPI-I-93-250, Max-Planck-Institut fur Informatik,Saarbrucken, Germany. Short version in Proceedings of CADE’94.

Bachmair, L. and Ganzinger, H. (1993b). Rewrite techniques for transitive re-lations. Technical Report MPI-I-93-249, Max-Planck-Institut fur Informatik,Saarbrucken, Germany.

Bachmair, L. and Ganzinger, H. (1993c). Rewrite techniques for transitive re-lations. Technical Report MPI-I-93-249, Max-Planck-Institut fur Informatik,Saarbrucken, Germany. Short version in Proceedings of LICS’94.

Barendregt, H. (1981). The Lambda Calculus: its syntax and semantics. Studiesin Logic and the Foundations of Mathematics. Elsevier Science Publishers B. V.

Baumer, H. (1992). On the use of relation algebra in the theory of reductionsystems. Technical report, Dept. Informatica, Univ. of Twente, Enschede, TheNetherlands.

Bidoit, M., Kreowski, H.-J., Lescanne, P., Orejas, F. and Sannella, D. (1991).Algebraic System Specification and Development. A Survey and Annotated Bib-liography. Lecture Notes in Computer Science 501, Springer-Verlag, Berlin.

Birkhoff, G. (1935). On the structure of abstract algebras. Proc. CambridgePhilos. Soc., 31:433–454.

Bledsoe, W. and Hines, L. M. (1980). Variable elimination and chaining in aresolution-based prover for inequalities. In Bibel, W. and Kowalski, R., editors,5th Conference in Automated Deduction, CADE-5, volume 87 of Lecture Notesin Computer Science, pages 70–87, Les Arcs, France. Springer-Verlag.

Bledsoe, W., Kunen, K. and Shostak, R. (1985). Completeness results for in-equality provers. Artificial Intelligence, 27:255–288.

Cardelli, L. and Wegner, P. (1985). On understanding types, data abstractionand polymorphism. ACM Computing Surveys, 17(4):471–522.

Cardelli, L. (1988). A semantics of multiple inheritance. Information and Com-putation, 76:138–164.

Cardelli, L. and Longo, G. (1990). A semantic basis for quest. Technical Re-port 55, DIGITAL Systems Research Center, Palo Alto, California.

Comon, H. (1993). Completion of rewrite systems with membership constraints.Technical report, CNRS and LRI, Universite de Paris Sud.

Constable, R. L., Allen, S. F., Bromley, H. M. and Cleaveland, W. R. (1986).Implementing Mathematics with the Nuprl Proof Development System. Series inComputer Science. Prentice-Hall International.

References 131

Coquand, T. and Huet, G. (1988). The calculus of constructions. Informationand Computation, 76:95–120.

Darlington, J. L. (1971). A partial mechanization of second-order logic. MachineIntelligence, 6:91–100.

Darlington, J. L. (1973). Automatic program synthesis in second-order logic. InProc. of the 3rd Inter. Joint Conf. on Artificial Intelligence, pages 537–542.

de Kogel, E. (1992). Relational algebra and equational proofs. Technical report,Department of Philosophy, Tilburg University.

Dershowitz, N. and Manna, Z. (1979). Proving termination with multiset order-ings. Communications of the ACM, 22(8):465–476.

Dershowitz, N. (1987). Termination of rewriting. J. of Symbolic Computation,3:69–115.

Dershowitz, N. and Jouannaud, J.-P. (1990). Rewrite systems. In Leeuwen, J. V.,editor, Handbook of Theoretical Computer Science. Elsevier Science Publishers.

Ehrig, H., Jimenez, R. M. and Orejas, F. (1991). Compositionality results fordifferent types of parameterization and parameter passing in specification lan-guages. Technical report.

Farmer, W. M. (1988). A unification algorithm for second-order monadic terms.Annals of Pure and Applied Logic, 39:131–174.

Fisch, A. M. and Cohn, A. G. (1992). An abstract view of sorted unification. In11th International Conference on Automated Deduction. LNCS North-HollandP. C.

Freese, R., Jezek, J. and Nation, J. B. (1993). Term rewrite systems for latticetheory. J. of Symbolic Computation, 16:279–288.

Gallier, J. (1985). The semantics of recursive programs with function parametersof finite types: n-rational algebras and logic of inequalities. In Nivat, N. andReynolds, J., editors, Algebraic Methods in Semantics. Cambridge UniversityPress.

Gallier, J. H. and Snyder, W. (1990). Designing unification procedures usingtransformations: A survey. Bulletin of the EATCS, 40:273–326.

Geser, A. (1990). Relative Termination. PhD thesis, Universitat Passau.

Goguen, J. A. and Meseguer, J. (1992). Order-sorted algebra I: Equational de-duction for multiple inheritance, overloading, exceptions and partial operations.J. of Theoretical Computer Science.

Goldfarb, D. (1981). The undecidability of the second order unification problem.J. of Theoretical Computer Science, 13:225–230.

132 References

Guesarian, I. (1981). Algebraic Semantics, volume 99 of Lecture Notes in Com-puter Science. Springer-Verlag.

Gunter, C. A. and Scott, D. S. (1990). Semantic domains. In Leeuwen, J. V., ed-itor, Handbook of Theoretical Computer Science, pages 633–674. Elsevier SciencePublishers.

Harper, R. (1986). Introduction to Standard ML. Technical Report ECS-LFCS-86-14, LFCS Laboratory for Foundations of Computer Science, Edinburgh.

Hesselink, W. H. (1988). A mathematical approach to nondeterminism in datatypes. ACM Trans. Programming Languages and Systems, 10:87–117.

Hindley, J. R. and Seldin, J. P. (1986). Introduction to Combinators and λ-Calculus. London Mathematical Society Student Texts. Cambridge UniversityPress.

Hines, L. M. (1992). Completeness of a prover for dense linear logics. J. ofAutomated Reasoning, 8:45–75.

Hsiang, J. and Dershowitz, N. (1983). Rewrite methods for clausal and non-clausal theorem proving. In 10th Int. Colloquium on Automata, Languages andProgramming, Barcelona, Spain. Springer-Verlag.

Huet, G. (1975). A unification algorithm for typed λ-calculus. J. of TheoreticalComputer Science, 1:27–57.

Huet, G. (1980). Confluent reductions: Abstract properties and applications toterm rewriting systems. Journal of the ACM, 27(4):797–821.

Hullot, J.-M. (1980). A catalogue of canonical term rewriting systems. TechnicalReport CSL-113, Computer Science Laboratory, Menlo Park, California.

Hussmann, H. (1991). Nondeterministic Algebraic Specifications. PhD thesis,Institut fur Informatik, Technische Universitat Munchen, Munchen, Germany.

Hussmann, H. (1992). Nondeterministic algebraic specifications and nonconflu-ent term rewriting. Journal of Logic Programming, 12:237–255.

Jayaraman, B. (1992). Impplementation of subset-equational programs. J. ofLogic Programming, 12:229–324.

Jensen, D. C. and Pietrzykowski, T. (1976). Mechanizing ω-order type theorythrough unification. Theoretical Computer Science, 3:123–171.

Jouannaud, J.-P. and Kirchner, H. (1986). Completion on a set of rules moduloa set of equations. SIAM J. computing, 15(1):1155–1194.

Kaplan, S. (1986a). Rewriting with a nondeterministic choice operator: fromalgebra to proofs. In Proc. 1986 European Symp. on Programming, volume 213of Lecture Notes in Computer Science, pages 351–374. Springer.

References 133

Kaplan, S. (1986b). Simplifying conditional term rewriting systems: Unification,termination and confluence. Technical Report 316, Laboratoire de Recherche enInformatique, Universite de Paris-Sud, Orsay, France.

Kaplan, S. (1988). Rewriting with a nondeterministic choice operator. J. ofTheoretical Computer Science, 56:37–57.

Kirchner, C. (1985a). Methodes et Outils de Conception Systematiqued’Algorithmes d’Unification dans les Theories Equationnelles. PhD thesis, Uni-versite de Nancy I.

Kirchner, H. (1985b). Preuves par Completion dans les Varietes d’Algebres. PhDthesis, Universite de Nancy I.

Klop, J. W. (1987). Term rewriting systems: A tutorial. Bulletin of the EATCS,32:143–183.

Knuth, D. E. and Bendix, P. B. (1970). Simple word problems in universalalgebras. In Leech, J., editor, Computational Problems in Abstract Algebra,pages 263–297. Pergamon Press, Elmsford, N. Y.

Koymans, C. P. J. (1982). Models of tha lambda calculus. Information andControl, 52:306–332.

Lampson, B. and Burstall, R. M. (1988). Pebble, a kernel language for modulesand abstract data types. Information and Computation, 76:278–346.

Landin, P. (1964). The next 700 programming languages. Comm. ACM, 9:157–166.

Levy, J., Agustı, J., Esteva, F. and Garcıa, P. (1990). COR: A calculus of refine-ments. Technical Report GRIAL-90-19, Centre d’Estudis Avancats de Blanes,Blanes, Spain.

Levy, J., Agustı, J., Esteva, F. and Garcıa, P. (1991). An ideal model foran extended λ-calculus with refinements. Technical Report ECS-LFCS-91-188,Laboratory for Foundations of Computer Science, Edinburgh, Great Britain.

Levy, J. and Agustı, J. (1992a). Implementing inequality and nondeterministicspecifications with bi-rewriting systems. In Ehrig, H. and Orejas, F., editors,Recent Trends in Data Type Specification, volume 785 of Lecture Notes in Com-puter Science, pages 252–267, Caldes de Malavella, Spain. Springer-Verlag.

Levy, J. and Agustı, J. (1992b). Proving confluence without termination. Techni-cal Report IIIA-92-27, Institut d’Investigacio en Intel·ligencia Artificial, Blanes,Spain.

Levy, J., Agustı, J. and Mana, F. (1992c). Functional lattices for taxonomicreasoning. Technical report, Department of Artificial Intelligence, University ofEdinburgh, Edinburgh, Great Britain.

134 References

Levy, J. (1993a). A higher-order unification algorithm for bi-rewriting systems.In 2o Congreso de Programacion Declarativa, ProDe’93, Blanes, Spain. Also in2nd CCL workshop, L’Escala, Spain, 1993.

Levy, J. (1993b). Second-order bi-rewriting systems. Technical Report IIIA-93-11, Institut d’Investigacio en Intel·ligencia Artificial, Blanes, Spain.

Levy, J. and Agustı, J. (1993c). Bi-rewriting, a term rewriting technique formonotonic order relations. In Kirchner, C., editor, Rewriting Techniques andApplications, volume 690 of Lecture Notes in Computer Science, pages 17–31,Montreal, Canada. Springer-Verlag.

MacQueen, D., Plotkin, G. D. and Sethi, R. (1986). An ideal model for recursivepolymorphic types. Information and Control, 71:95–130.

Makanin, G. S. (1977). The problem of solvability of equations in a free semi-group. Math. USSR Sbornik, 32(2):129–198.

Mana, F., Agustı, J., Garcıa, P. and Levy, J. (1992). Tecnicas de reescritura enretıculos funcionales. In 1o Congreso de Programacion Declarativa, ProDe’92,pages 165–172, Madrid, Spain.

Manca, V., Salibra, A. and Scollo, G. (1990). Equational type logic. J. ofTheoretical Computer Science, 77:131–159.

Manna, Z. and Waldinger, R. (1986). Special relations in automated deduction.J. of the ACM, 33:1–60.

Manna, Z. and Waldinger, R. (1992). The special-relation rules are incomplete.In Kapur, D., editor, 11th Int. Conf. on Automated Deduction, CADE-11, vol-ume 607 of Lecture Notes in Artificial Intelligence, Saratoga Springs, New York.Springer-Verlag.

Martı-Oliet, N. and Meseguer, J. (1993). Rewriting logic as a logical and se-mantic framework. Technical Report SRI-CSL-93-05, SRI International, MenloPark, California.

Martin-Lof, P. (1979). Constructive mathematics and computer programming.In Proc. of the sixth International Congress for Logic, Methodology and Philos-ophy of Science. North Holland.

Meseguer, J. (1990). Rewriting as a unified model of concurrency. In Concur’90,Lecture Notes in Computer Science, Amsterdam, The Netherlands. Springer-Verlag.

Meseguer, J. (1992). Conditional rewriting logic as a unified model of concur-rency. J. of Theoretical Computer Science, 96:73–155.

Meseguer, J. (1993). A logical theory of concurrent objects and its realizationin the maude language. In Agha, G., Wegner, P. and Yoneyawa, A., editors, Re-

References 135

search Directions in Concurrent Object-Oriented Programming. The MIT Press.(Also as technical report SRI-CSL-92-08R).

Meyer, A. R. (1982). What is a model of the lambda calculus? Information andControl, 52:87–122.

Miller, D. (1990). Abstractions in logic programs. In Odifreddi, P., editor, Logicand Computer Science, volume 31 of APIC Studies in Data Processing, pages329–359. Academic Press.

Miller, D. (1991a). A logic programming language with lambda-abstraction,function variables, and simple unification. Technical Report ECS-LFCS-91-159,Laboratory for Foundations of Computer Science, Edinburgh, Great Britain.

Miller, D. (1991b). Unification of simply typed lambda-terms as logic program-ming. Technical Report ECS-LFCS-91-160, Laboratory for Foundations of Com-puter Science, Edinburgh, Great Britain.

Milner, R. (1978). A theory of type polymorphism in programming. J. ofComputer System Science, 17(3):348–375.

Milner, R., Tofte, M. and Harper, R. (1990). The definition of Standard ML.MIT Press.

Mitchell, J. C. (1988). Polymorphic type inference and containment. Informationand Control, 76:211–249.

Moreno-Navarro, J. J. and Rodrıguez-Artalejo, M. (1992). Logic programmingwith functions and predicates: The language BABEL. J. of Logic Programming,12:189–223.

Mosses, P. D. (1989a). Unified algebras and action semantics. In Proceedingsof the 6th Ann. Symp. on Theoretical Aspects of Computer Science, STACS’89,volume 349 of Lecture Notes in Computer Science, pages 17–35. Springer-Verlag.

Mosses, P. D. (1989b). Unified algebras and institutions. In Proceedings of the4th IEEE Symp. on Logic in Computer Science, LICS’89, pages 304–312.

Mosses, P. D. (1989c). Unified algebras and modules. In Proceedings of the16th ACM Symp. on Principles of Programming Languages, POPL’89, pages329–343.

Mosses, P. D. (1990). Denotational semantics. In Leeuwen, J. V., editor, Hand-book of Theoretical Computer Science, pages 575–632. Elsevier Science Publish-ers.

Mosses, P. D. (1992). Action Semantics, volume 26 of Cambridge Tracks inTheoretical Computer Science. Cambridge University Press.

Nebel, B. (1990). Reasoning and Revision in Hybrid Representation Systems.Lecture Notes in Artificial Intelligence. Springer-Verlag.

136 References

Newman, M. H. A. (1942). On theories with a combinatorial definition of “equiv-alence”. Annals of Math., 43(2):223–243.

Nieuwenhuis, R. and Rubio, A. (1992). Basic superposition is complete. InESOP’92, volume 582 of Lecture Notes in Computer Science, pages 371–389.Springer-Verlag.

Nipkow, T. (1986). Nondeterministic data types: Models and implementations.Acta Informatica, 22:629–661.

Nipkow, T. (1991). Higher-order critical pairs. In Proc. 6th IEEE Symp. Logicin Computer Science, pages 342–349.

Nipkow, T. (1992). Functional unification of higher-order patterns. Technicalreport, Institut fur Informatik, TU Munchen.

Nipkow, T. (1993). Orthogonal higher-order rewrite systems are confluent. InTyped Lambda Calculi and Applications.

O’Donnell, M. J. (1987). Term-rewriting implementation of equational logicprogramming. In Lescanne, P., editor, Proc. of Rewriting Techniques and Ap-plications, pages 1–12, Bordeaux, France. Springer-Verlag.

Orejas, F. (1987). A characterization of passing compatibility for parameterizedspecifications. J. of Theoretical Computer Science, 51:205–214.

Paulson, L. C. (1987). Logic and Computation: Interactive Proof with CambridgeLCF. Cambridge Tracts in Theoretical Computer Science. Cambridge UniversityPress, Cambridge, Great Britain.

Peterson, G. E. and Stickel, M. E. (1981). Complete sets of reductions for someequational theories. Journal of the ACM, 28(2):233–264.

Pierce, B. C. (1991). Basic Category Theory for Computer Scientists. The MITPress, Cambridge, Massachusetts.

Pietrzykowski, T. (1973). A complete mechanization of second-order type theory.J. of the ACM, 20:333–364.

Plotkin, G. D. (1976). A powerdomain construction. SIAM J. of Computing,5:452–487.

Plotkin, G. (1983). Domains. Department of Computer Science, University ofEdinburgh. (Course Notes edited by Y. Kashiwagi and H. Kondoh).

Prehofer, C. (1995). Solving Higher-Order Equations: From Logic to Program-ming. PhD thesis, Technische Universitat Munchen.

Reynolds, J. C. (1985). Three Approaches to Type Structure. Springer-Verlag.

References 137

Robertson, D., Agustı, J., Hesketh, J. and Levy, J. (1993). Expressing programrequirements using refinement lattices. In Komorowski, J. and Ras, Z. W.,editors, Metodologies for Intelligent Systems, volume 689 of Lecture Notes inArtificial Intelligence, pages 245–254, Trondheim, Norway. Springer-Verlag. (Tobe published in Fundamenta Informatica.).

Robinson, G. A. and Wos, L. T. (1969). Paramodulation and theorem provingin first order theories with equality. Machine Intelligence, 4:133–150.

Sanchis, L. E. (1980). Reflexive domains. In Seldin, J. P. and Hindley, J. R.,editors, To H. B. Curry: Essays on Combinatory Logic, Lambda Calculus andFormalism. Academic Press.

Sannella, D. and Tarlecki, A. (1984). Program specification and development inStandard ML. ACM, 4:67–77.

Sannella, D., Sokolowski, S. and Tarlecki, A. (1990). Toward formal developmentof programs from algebraic specifications: parameterisation revisited. (Draft).

Sannella, D. and Tarlecki, A. (1991a). Extended ML: Past, present and future.In Proc. 7 th Workshop on Specification of Abstract Data Types, Wusterhausen,GDR. Springer-Verlag.

Sannella, D. and Tarlecki, A. (1991b). A kernel specification formalism withhigher-order parameterisation. In Proc. 7 th Workshop on Specification of Ab-stract Data Types, Wusterhausen, GDR. Springer-Verlag.

Schmidt, D. A. (1988). Denotational Semantics: A Methodology for LanguageDevelopment. Wm. C. Brown Publishers, Dubuque, Iowa.

Schulz, K. U. (1991). Makanin’s algorithm, two improvements and a gener-alization. Technical Report CIS-Bericht-91-39, Centrum fur Informations undSprachverarbeitung, Universitat Munchen.

Scott, D. (1972). Continuous lattices. In Lawvere, F. W., editor, Toposes,Algebraic Geometry and Logic, volume 274 of Lecture Notes in Mathematics,pages 97–136. Springer-Verlag.

Scott, D. (1976). Data types as lattices. SIAM Journal on Computing, 5(3):522–587.

Siekmann, J. H. (1989). Unification theory. J. of Symbolic Computation, 7:207–274.

Slagle, J. R. (1972). Automatic theorem proving for theories with built-in the-ories including equality, partial orderings, and sets. J. of the ACM, 19:120–135.

Smolka, G. and Aıt-Kaci, H. (1989). Inheritance hierarchies: Semantics andunification. Journal of Symbolic Computation, 7:343–370.

138 References

Smyth, M. (1978). Power domains. J. of Computer System Science, 16:23–36.

Smyth, M. B. and Plotkin, G. D. (1982). Category-theoretic solution of recursivedomain equations. SIAM Journal on Computing, 11:761–783.

Spivey, J. M. (1988). Understanding Z: a specification language and its for-mal semantics. Cambridge Tracts in Theoretical Computer Science. CambridgeUniversity Press.

Stoy, J. E. (1978). Denotational Semantics: The Scott-Strachey Approach toProgramming Language Theory. MIT Press, Cambridge, Massachusetts.

Toyama, Y. (1987). On the Church-Roser property for the direct sum of termrewriting systems. J. of the ACM, 34(1):128–143.

von Wright, J. (1990). A Lattice-theoretical Basis for Program Refinement. PhDthesis, Abo Akademi.

Wand, M. (1979). Fixed-point constructions in order-enriched categories. J. ofTheoretical Computer Science, 8:13–30.

Index

+ (coalesced sum), 25F [·]p context, 61FE functor, 27KE category, 27Xo (set of ω-finite elements), 32CPO category, 25Dom category, 31Fun interpretation function, 14, 53FV(t) (free) variables, 61Graph interpretation function, 14, 53I[X] (ideal generator), 32⊥ (bottom element), 24T (F ,X ) first order terms, 61Code+ isomorphism, 47Code× embedding, 46Code→ embedding, 51, 55Dom(σ) domain, 62Inter× interpretation function, 46Interproji

interpretation function, 46ω-algebraic cpo, 31ω-basis, 31ω-category, 26ω-chain, 26ω-continuous functor, 26ω-finite element, 31X (closure operator), 32⊓ (greatest lower bound), 24⊔ (least upper bound), 24× (smash product), 25→ (continuous function space), 25t, p occurrence61t[u]p replacement, 61

algebraic cpo, 31

basis, 31bi-confluent bi-rewriting system, 65

bi-rewriting system, 62, 106bottom element, 24

category, 26category CPO, 25category Dom, 31category KE , 27chain, 26Church-Rosser, 64, 69, 70cliff, 72closed order ideal, 28closure operator, 32coalesced sum, 25cocone, 26colimit, 26colimiting cone, 26complete partial order, 24completeness theorem, 18, 100composition of substitutions, 91cone, 26consistently complete cpo, 31context, 61continuous extension, 50continuous function, 24continuous function space, 25continuous functor, 26COR-domain, 14COR-environment model, 15COR-formulas, 12COR-inference rules, 12COR-terms, 12COR-theory, 12cpo (complete partial order), 24critical pair, 67, 77, 107

distance between substitutions, 103domain, 31, 62

139

140 Index

embedding, 27embedding Code×, 46embedding Code→, 51, 55environment, 15environment model, 15extended critical pair, 67, 77extended rule, 75extensional COR-domain, 14extensional COR-theory, 12extensionally closed, 75

filter, 38finite element, 31finitely branching relation, 62, 90first-order bi-rewriting system, 62first-order term, 61fixed point, 25free arity, 102free variable, 61free variables of a substitution, 91functional domain, 14functor I, 29functor J , 32functor J C , 37functor S, 39functor FE , 27

glb (greatest lower bound), 24globally finite bi-rewriting system, 64greatest lower bound, 24

hole, 61

ideal, 28ideal generator, 32inclusion, 62inclusion theory, 62increasing sequence, 24indexed set of indexes, 95initial fixed point, 25initial object, 26interpretation function, 14, 46, 53isomorphism Code+, 47

least fixed point, 25least upper bound, 24left extended rule, 75

left extensionally closed, 75limit, 26limiting cocone, 26linear second-order λ-calculus, 92linear second-order substitution, 93linear second-order term, 93locally bi-confluent bi-rewriting system,

65locally continuous functor, 28LSO substitution, 93LSO term, 93lub (least upper bound), 24

maximal complete set, 32mediating morphism, 26minimum element, 24monotonic function, 24multialgebra, 114multialgebra model, 114

NDC-method, 121

O-category, 27occurrence, 61open order filter, 38order filter, 38order ideal, 28ordering on substitutions, 91

Partial Order Logic, 62partial ordered set, 24peak, 72pointwise ordering, 14POL, 62poset (partial ordered set), 24position, 61preorder algebra, 115preorder algebra model, 115projection, 27

quasi-extensional COR-domain, 14quasi-extensional COR-theory, 12quasi-terminating bi-rewriting system,

64quasi-terminating relation, 62

relational logic, 62

Index 141

replacement, 61rewrite, 63, 106rewrite modulo, 75rewriting logic, 62rewriting relation, 62right extended rule, 75right extensionally closed, 75

satisfactivility, 16second-order bi-rewriting system, 106second-order critical pair, 107second-order rewrite, 106second-order substitution, 91second-order unification problem, 93set of indexes, 95size of a substitution, 102size of a term, 102smash product, 25SNF-multialgebra, 119SOU problem, 93soundness theorem, 16, 98standard critical pair, 67, 77strong Church-Rosser, 70strong multialgebra model, 116substitution, 61, 91, 93

term bi-rewriting system, 62term model, 17terminal object, 26terminating bi-rewriting system, 64terminating relation, 62transformation rules, 96

unification problem, 93unification procedure, 96unifier, 93

validity, 16valuation function, 15value model, 14variable, 61

weak Church-Roser, 69well-founded domain, 43

Date post:	06-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

MONOGRAFIES DE L’INSTITUT D’INVESTIGACIO´ EN INTEL LIG ...levy/papers/monografia.pdf · les...

Documents