Subject Reduction vs Intersection / Union Types in λµ µ

Transcription

1 Subject Reduction vs Intersection / Union Types in λµ µ Extended abstract Steffen van Bakel Department of Computing, Imperial College London, 180 Queen s Gate, London SW7 2BZ, UK, svb@doc.ic.ac.uk Abstract. This paper defines intersection and union type assignment for the calculus λµ µ [9], a proof-term syntax for Gentzen s classical sequent calculus. We show that this notion is closed for subject-expansion, and show that it needs to be restricted to satisfy subject-reduction as well, even when limiting reduction to (confluent) call-by-name or call-by-value reduction, making it unsuitable to define a semantics. Introduction One of the main contributions of intersection types [8] for the λ-calculus [7] is the characterisation of strong normalisation [1], which states that, in a system without the type constant 1 the typeable terms are exactly the strongly normalisable ones. This result has since then been achieved in many ways for different calculi. In order to come to a similar characterisation for the (untyped) sequent calculus λµ µ [9], [11] presented a notion of intersection and union type assignment for that calculus. Another main contribution of intersection types is that of the construction of filter semantics [8], i.e. to build a λ-model using assignable types. With this goal in mind, in this paper we revisit the system of [11], adding as the maximal and as the minimal type. It will be shown to be the natural system, in that intersection,, union, and play their expected roles for subject expansion (also called completeness), the first step towards the filter model. However, we show that subject reduction (also called soundness, the converse of completeness) no longer holds, and will argue that this is caused by the non-logical foundation (i.e. terms no longer correspond to proofs [18]) of both intersection and union. We will show that we can partially recover from this failure by restricting to either call-by-name or call-by-value reduction, but that we also need to restrict the applicability of either union or intersection. This then demolishes the subject-expansion result, making the system not suitable to define semantics. Intersection and union types for sequent calculi have been studied in the past [11, 3, 12, 17, 13], but these papers either do not deal correctly with the loss of subject reduction, or do not observe the problem at all. In this paper we will show that the at the time surprising loss of soundness for the system with intersection and union types in [6] is, in fact, natural and inevitable. Also, working with intersection and union in the context of these highly symmetric sequent 1 Normally, ω is used; here we reserve Greek characters for context variables.

2 calculi makes clear that these are truly dual; we will show that it is not union alone that causes problems, but that the problem is much more profound. Although the idea behind both intersection and union might be (the logical) and and or, the fact that they are both not logical destroys the soundness, both for a system based on intersection, as for a system based on union. This also explains why, for ML with side-effects [16, 22, 20], quantification is no longer sound: also the ( I) and ( E) rules of ML are not logical. This problem also appears when using intersection and union types in an operational setting [10, 14]. The sequent calculus, introduced by Gentzen in [15], is a logical system in which the rules only introduce connectives (but on both sides of a sequent), in contrast to natural deduction which uses introduction and elimination rules. The only way to eliminate a connective is to eliminate the whole formula in which it appears, via an application of the (cut)-rule. The variant of LK that lies at the basis of the calculus λµ µ is the calculus known as G 3 [19], which is defined by: Γ A, Γ, A (Ax) : Γ, A A, (cut) : Γ ( L) : Γ A, Γ, B Γ, A B, ( R) : Γ, A B Γ A B, It allows sequents of the form A 1,..., A n B 1,..., B m, where A 1,..., A n is to be understood as A 1... A n and B 1,..., B m is to be understood as B 1... B m, and has implicit weakening and contraction. In this paper we will treat λµ µ as a pure, untyped calculus, and define a notion of sequent-style intersection-union type assignment on λµ µthe system is set up to be a conservative extension of the intersection system for the λ-calculus (see also [8, 1, 2]), in that lambda terms typeable in that system translate to λµ µ-terms, while preserving the type. It is also a natural extension of the system considered in [9], i.e. the basic implicative system for Classical Logic, but extended with intersection and union types and the type constants and. The main results of this paper are that this notion is closed for expansion and that (for the system without and ) strong normalisability and typeability coincide, but that it needs to be restricted to become closed for reduction. 1 The calculus λµ µ In its typed version, λµ µ [9] is a proof-term syntax for a classical sequent calculus. For the λµ µ-calculus there are two sets of variables: x, y, z, etc., label the types of the hypotheses and α, β, γ, etc., label the types of the conclusions. Moreover, the syntax of λµ µ has three different categories: commands, terms, and contexts or co-terms. Correspondingly, they are typed by three kinds of sequents: the usual sequents Γ type commands, while the sequents typing terms (resp. contexts) are of the form Γ A (resp. Γ A ), marking the conclusion (resp. hypothesis) A as active. Definition 1 (Commands, Terms and Contexts [9]). c ::= v e v ::= x λx.v µβ.c e ::= α v e µx.c commands terms contexts

3 Here µα.c, µx.c and λy.v respectively bind α in c, x in c and y in v; as usual, we will consider terms, contexts and commands up to α-conversion. Definition 2 (Typing for λµ µ [9]). (RI) : (Ax-t) : Γ, x:a λµ µ x : A Γ, x:a λµ µ v : B Γ λµ µ λx.v : A B (µ) : c : Γ λµ µ α:a, Γ λµ µ µα.c : A (cut) : Γ λµ µ v : A Γ e : A λµ µ v e : Γ λµ µ (Ax-c) : Γ α : A λµ µ α:a, (LI) : Γ λµ µ v : A Γ e : B λµ µ Γ v e : A B λµ µ ( µ) : c : Γ, x:a λµ µ Γ µx.c : A λµ µ Commands can be computed (thus eliminating the cut in the corresponding proof): Definition 3 (Reduction in λµ µ [9, 17]). The reduction rules are defined by: logical rules ( ) : λx.v 1 v 2 e v 2 µx. v 1 e (µ) : µβ.c e c[e/β] ( µ) : v µx.c c[v/x] existential rules (η) : λxµβ. v x β v x, β fv(v) (ηµ) : µα. v α v α fv(v) (η µ) : µx. x e e x fv(e) We have a critical pair in the command µα.c 1 µx.c 2 ; since cut-elimination of the classical sequent calculus is not confluent, neither is reduction in λµ µ. Herbelin s λµ µ-calculus expresses the duality of LK s left- and right introduction in a very symmetrical syntax. But the duality goes beyond that: for instance, the symmetry of the reduction rules display syntactically the duality between the call-by-value (CBV) and call-by-name (CBN) evaluations (see also [21]). Indeed, the CBV reduction V is obtained by forbidding a µ-reduction when the redex is also a µ-redex, whereas the CBN reduction N forbids a µ-reduction when the redex is also a µ-redex. Definition 4 (CBV and CBN [9, 17]). Values V are defined by V ::= x λ.v, and slots are defined by E ::= α v e (in [17] these are called linear evaluation contexts). CBV-reduction is defined by replacing rule ( µ) by: ( µ V ) : V µx.c c[v/x] ; CBN-reduction is defined by replacing rule (µ) by: (µ N ) : µβ.c E c[e/β]. We add the notion of pseudo-values, defined by pv ::= x λ.v µα. pv α, and that of pseudo-slots, defined by pe ::= α v e µx. x pe. 2 The relation with the Lambda Calculus The remainder of this paper will be dedicated to the definition of a notion of intersection type assignment on λµ µ. This will be defined as a natural extension of a system with intersection types for the λ-calculus; we will start by briefly summarising the latter. We assume the reader to be familiar with the λ-calculus [7]. Essentially following [9], we define the an encoding of the λ-calculus into λµ µ:

4 Definition 5. The interpretation of the λ-calculus into λµ µ is defined as follows: x = x (λx.m) = λx. M (MN) = µα. M N α Correctness of this encoding is easy to prove; ηµ-reduction is needed to achieve this: Lemma 6. (λx.m)n M [ N /x]. Using this lemma, we can prove the following relation between the λ-calculus and λµ µ: Theorem If M β N, then M N. 2. If M V N, then M V N. Proof. Both parts follow by induction on the definition of β, using Lemma 6. For part 2, we also need to check that (λx.m)n V M [ N /x] only if N is a value. Well, then either N x or N λy.n, and for both cases N is a value. Then the µ-reduction in the proof of Lemma 6 is permitted, making the reduction CBV. 3 Intersection Type Assignment for the λ-calculus The notion of intersection type assignment for λµ µ as defined in the next section is a conservative extension of the Intersection Type Assignment System of [8], in that we can translate lambda terms typeable in that system to λµ µ terms whilst preserving types. The type assignment system presented here is based on the BCD-system defined in [8]. The BCD-system treats the two type constructors and the same, allowing, in particular, intersection to occur at the right of arrow types; although this general treatment is not necessary within the context of the λ-calculus (see [2]), as we will see in Example 20, to type all normal forms it is essential to be able to have an intersection type occur on the right-hand side of an arrow type. We will not consider a relation on types that is contra-variant on the arrow, since we are not interested in modelling extensionality. Definition T, the set of intersection types, ranged over by A, B,..., is defined by: A, B ::= ϕ (A B) (A B), where ϕ is a type variable (of which there are infinitely many), and (top) a type constant. 2. A context Γ is a partial mapping from term variables to intersection types, and we write x:a Γ if Γ x = A. We will write x Γ if Γ is not defined on x, and Γ\x when we remove x from the domain of Γ. We will consider a pre-order on types which takes into account the idem-potence, commutativity and associativity of the intersection type constructor, and defines to be the maximal element. Definition 9. On T, the type inclusion relation is defined as the smallest pre-order such that: A B A, A B B, A, A C & A B A B C, and A B & B C A C and the relation is defined by: A B A A B A C & B D A B C D

5 Notice that the -relation is not contra-variant over the arrow; this was needed in [8, 2] to achieve a notion of type assignment closed for η-reduction, a property that is not considered here. Definition 10. Type assignment and derivations are defined by the following natural deduction system. (Ax) : Γ, x:a x : A ( I) : Γ, x:a M : B Γ λx.m : A B ( ) : Γ M : ( E) : Γ M : A B Γ N : A Γ MN : B ( I) : Γ M : A Γ M : B Γ M : A B ( E) : Γ M : A B Γ M : A Γ M : A B Γ M : B 4 Intersection and union type assignment for λµ µ Intersection and union type assignment for λµ µ was defined and studied first in [11 13]; the system presented in Definition 14 comes closest to their system M [11], but for the fact that their rules ( R) and ( L) are defined on unactivated variables, whereas here we implicitly join contexts via intersection or union. That paper also claims that the system is closed for subject reduction: we will see, by giving counterexamples in the next section, that this is not the case. A later version by that authors, in an attempt to deal with the subject reduction problem, restricted the system to one that uses just intersection types, and only uses strict types in the left-hand context [13]; as we will show below, also this system is not closed for subject reduction. Another approach, in spirit close to ours, is that mentioned in [17]; as we will see, the differences between that approach and the one chosen here are subtle, but important. In particular, in [17], intersection and union types do not bring the expected properties: not all normal forms can be typed in that system and it is not closed for subjectexpansion, so it does not type exactly the strongly normalisable terms. Definition 11 (Intersection and Union Types, Contexts). 1. The set T of intersection-union types (we will write T for short), ranged over by A, B,... is inductively defined by: A, B ::= ϕ (A B) (A B) (A B). The set T s is the set of strict types, defined by: T s ::= ϕ (T T ) ; the set T is the set of intersection types, defined by: T ::= T s (T T ). and T is the set of union types, defined by: T ::= T s (T T ). 2. A context Γ of term-variables ( of context-variables) is a partial mapping from term-variables (context-variables) to types in T (to T ), represented as a set of statements with only distinct variables as subjects. We will consider a pre-order on types which takes into account the idem-potence, commutativity and associativity of the intersection and union type constructors, and defines to be the maximal element, and to be the minimal.

6 Definition 12. The relation is defined as the least pre-order on T such that: A B A, A B B, A, A C & A B A B C A A B, B A B, A, A C & B C A B C A B & B C A C We will write n A i for A 1 A n (with each A i in T s ), and (top) for the empty intersection type, as well as n A i for A 1 A n (idem), and (bottom) for the empty union type. The set T will be considered modulo ; then becomes a partial order. Remark, as mentioned above, that the relation is not defined over arrow types, as in the system of [8]. More pointedly, we do not consider the type A C (C D) smaller than (A C) (A C D). Definition 13. For contexts of term-variables Γ 1,..., Γ n, the context Γ 1 Γ n is defined by: x:a 1 A m Γ 1 Γ n if and only if {x:a 1,..., x:a m } is the set of all statements about x that occur in n Γ i, where is set-union. We write Γ x:a for the context of term-variables Γ {x:a}, and will write Γ, x:a for Γ x:a when x Γ, and write n Γ i for Γ 1 Γ n. 1 n is defined similarly, using union rather than intersection. Notice that, in particular, Γ 1 Γ 2 if Γ 2 Γ 1, and that 1 2 if 1 2. We will now define a notion of intersection-union type assignment for λµ µ. Definition 14 (Intersection and union typing for λµ µ). (cut) : Γ 1 v : A 1 Γ 2 e : A 2 v e : Γ 1 Γ (Ax-t) : (A T s ) Γ x:a x : A (Ax-c) : (A T s ) Γ α : A α:a (RI) : Γ, x:a v : B Γ λx.v : A B (µ) : c : Γ α:a, Γ µα.c : A (LI) : Γ 1 v : A 1 Γ 2 e : B 2 Γ 1 Γ 2 v e : A B 1 2 ( µ) : c : Γ, x:a Γ µx.c : A ( R) : Γ 1 v : A Γ n v : A n n (n 1) n Γ i v : n A i n i ( L) : Γ 1 e : A Γ n e : A n n (n 1) n Γ i e : n A i n i ( ) : Γ v : ( ) : Γ e : Notice that the rules ( ) and ( ) are almost special cases of rules ( L) and ( R), but for the fact that the intersection (or union) over zero sets would give the empty set; since weakening should be an admissible rule, we need to state the zero cases as separate rules. However, without loss of generality, we will treat the rules ( ) and ( ) as empty cases of ( L) and ( R), respectively, and will use a short-hand notation for ( R) and ( L) (see Definition 23).

7 Property 15. There is a number of important observations to make with respect to this notion of type assignment: the rules join contexts, which avoids additional weakening rules, like ( L) and ( R) - notice that this does not prohibit the contexts to be identical; all rules preserve purity of contexts (intersection in Γ, unions in ); the only type that could be considered impure is that associated to the active component, which is not part of the context; rules (Ax-t) (or (Ax-c)) can construct an intersection (union) type in the left-hand (right-hand) context, so the rules ( L) and ( R) are implicit; at no point is a union type constructed for a value, nor an intersection for a slot: we can only derive a union type for µα.c, or an intersection type for µx.c; as a consequence, type assignment is not closed for ηµ or η µ expansion: for example, we can derive o λx.x : ((A A) A A) (A A) o, but cannot derive the same for µα. λx.x α ; for the same reason, it is impossible to derive Γ λx.v : (A B) C. Type assignment is preserved by the interpretation of the λ-calculus in λµ µ: Theorem 16. If Γ M : A then Γ M : A o. As for the existential rules, we can show: Proposition If Γ µα. v α : A, with α not in v, then Γ v : A. 2. If Γ µx. x e : A, with x not in e, then Γ e : A. Proof. Easy. Notice that type assignment is not preserved for the other rule, (η): for example, we can derive y:a B λxµβ. y x β : (A C) B o, but not y:a B y : (A C) B o. The following expansion properties are easy to show: Theorem 18 (Subject expansion). Let c 1 c 2 : if c 2 : Γ then c 1 : Γ. [11] has shown the standard termination result for this system: Theorem 19 (Strong Normalisation [11]). Let SN stand for the system obtained by eliminating and. 1. c : Γ SN if and only if c is strongly normalising. 2. Γ e : A SN if and only if e is strongly normalising. 3. Γ SN v : A if and only if v is strongly normalising. This result depends on closure of type assignment under expansion, not under reduction. As for the system suggested in [17] (there only the intersection and union rules for a CBN and CBV restriction are given), the added rules are: Γ e : A ( L) : i (i = 1, 2) Γ e : A 1 A 2 ( L) : Γ e : A 1 Γ e : A 2 Γ e : A 1 A 2 ( R) : Γ v : A 1 Γ v : A 2 Γ v : A 1 A 2 Γ v : A ( L) : i (i = 1, 2) Γ v : A 1 A 2

8 With these rules, none of the above result can be achieved; for example, there we cannot derive o λx.xx : ((A B) A) B o, so cannot type all normal forms. Notice the role of intersection on term variables and union on context variables in Theorem 18; we cannot prove such a property for the system of [17]. 5 Sound restrictions of As suggested above (and noted in [17], and observed by others), subject reduction is not achievable for this notion of type assignment. To show the crucial defects, we present two counterexamples (presented in full in the appendix). Example 20. Let c 1 = µα. x x α µy. y y β, c 2 = x x µy. y y β, then c 1 µ c 2. We can derive c 1 : x:a (A C) (A C D) β:d, but cannot derive c 2 : x:a (A C) (A C D) β:d; for the latter command, we can at most derive: c 2 : x:a (A (C (C D))) β:d. Notice that the last statement shows the usefulness of allowing intersection types on the right of an arrow. This example constitutes also a counterexample against the claimed subject-reduction property of [13]. As for µ-reduction: Example 21. Let c 1 = µδ. λxµβ. x δ δ µz. λvµα. z α γ, c 2 = λvµα. µδ. λxµβ. x δ δ α γ then c 1 µ c 2. For the first we can derive c 1 : o γ:(c A) (C A B), but we cannot derive c 2 : o γ:(c A) (C A B); we can only derive c 2 : o γ:c A (A B). So we cannot achieve soundness (or subject reduction) in this system for λµ µ. As already noted in [17], the problem lies in the fact that, although both intersection and union might be similar to the the (logical) and and or, they are both not logical [18]. In fact, when deriving c 1 : Γ α:a, Γ µα.c 1 : A Γ µα.c 1 : A B c 1 : Γ α:b, Γ µα.c 1 : B ( R) c 2 : Γ, x:a B Γ µx.c 2 : A B µα.c 1 µx.c 2 : Γ in the derivation for c 2 : Γ, x:a B, there will be two leaves for x, one deriving x:a x : A o, and the other for x:b x : B o (the intersection for x is formed by joining contexts). Then, as shown in Lemma??, performing the µ reduction poses no problems, since the two derivations for Γ µα.c 1 : A and Γ µα.c 1 : B will be safely inserted yielding a derivation for c 2 [µα.c 1 /x] : Γ. Contracting the µ redex, on the other hand, poses a problem. Although there will be two leaves for α, o α : A α:a and o α : B α:b, unless the type for x has been weakened (from

9 either x:a of x:b), we cannot insert the derivation for Γ µx.c 2 : A B for the leaves for α: this derivation does not distribute. A similar argument holds regarding union types. This lets us conclude the following: Property 22. We have two causes for the loss of subject reduction: 1. Problem 1: Performing a µ-reduction towards an intersection, and 2. Problem 2: Performing a µ-reduction towards a union. Any solution for subject reduction for a system with intersection and union types for λµ µ will need to solve both problems. In [17], the subject reduction problem is recognised, and two systems are proposed that solve the problem, one for CBV, and one for CBN reduction, as we will do below. The CBV restriction is defined by limiting rule ( R) to values, and the CBN restriction by limiting rule ( L) to slots. How this will achieve subject-reduction is not made clear; it is remarkable that the suggested solution is almost orthogonal to what we define below (where for CBV we limit ( R) to values, and for CBN limit ( L) to slots). However, this does not seem to affect the validity of the subject reduction claim in [17]; in fact, we conjecture that, given the applicability of rule ( L) only to contexts and rule ( R) only to terms, subject reduction even holds for the unrestricted system of that paper. For our system, the problem is real. To address it, we will now focus on two subsytems, V and N, that will successfully tackle the problem; these solutions are crucially different from any other published in the past, in that we do not limit the syntax of types at all (as in [12, 13]), and pose completely different side-conditions on rules (wrt [17]), in fact generalising the there claimed result. As far as we know, these are the first correct presentations of sound restrictions of a fully expressive system with intersection and union types or λµ µ. In fact, we will show that 1. V will solve Problem 1 by limiting the use of rule ( R) to pseudo values, and solve Problem 2 by limiting to CBV reduction; 2. N will solve Problem 1 by limiting to CBN, and solve Problem 2 by limiting the use of rule ( L) to pseudo slots. Definition 23 (CBV intersection and union type assignment for λµ µ). The notion of type assignment V is defined as, by changing rule ( R) into: ( R) : Γ i V v : A i i (i n) (n 0, v a pseudo value) n Γ i V v : n A i n i We can then show: Theorem 24 (Soundness for V in V ). If c 1 : Γ V and c 1 V c 2, then c 2 : Γ V. Proof. Problem 1 is solved by the restriction on rule ( R); assume an intersection type has been used to type the cut c 1 = v e. As remarked above, an intersection type can only be assigned to a context of the shape µx.c, so e = µx.c; also, the restriction on the rule ( R) implies that then v is a pseudo-value, so either v = x, v = λy.v, or

10 v = µα. V α, with V a pseudo-value. The first two cases yield that only a µ reduction can be performed, which is not deemed problematic. So we now have only to consider µα. V α µx.c µ V µx.c, with α not in V; we have then derived: Γ V V : A o α : A V α:a Γ V V : B o α : B V α:b V α : Γ V α:a, V α : Γ V α:b, Γ V µα. V α : A Γ V µα. V α : B ( R) Γ V µα. V α : A B Γ µx.c : A B V µα. V α µx.c : Γ V (Notice that α does not occur in V.) We can now derive: Γ V V : A Γ V V : B ( R) Γ V V : A B Γ µx.c : A B V V µx.c : Γ V Notice that, since V is a pseudo-value, rule ( R) is applied correctly here. Problem 2 is solved by the restriction to CBV reduction: then a µ-contraction only takes place on commands of the shape V µx.c, with V a value; notice that it is impossible to derive a union type for V. Definition 25 (CBN intersection and union typing for λµ µ). The notion of type assignment N is defined as, by changing rule ( L) into: and we show: ( L) : Γ i e : A i N i i n (n 1, e a pseudo-slot) n Γ i e : n A i N n i Theorem 26 (Soundness for N in N ). If c 1 : Γ N and c 1 N c 2, then c 2 : Γ N. Proof. Problem 1 is solved by the restriction to CBN reduction: a µ-contraction only takes place on commands of the shape µα.c E, with E a slot; notice that then the type used for the command cannot be an intersection. Problem 2 on the other hand is solved by the restriction on rule ( L). Assume c 1 = v e is typed using a union type; since that can only be assigned to a pseudo-slot e = α, e = v e, or e = µx.c. The first two cases yield that only a µ-reduction can take place, which is not problematic. For the last case, then c = x E, with E a pseudoslot, and x not in E. We now only need to consider µα.c µx. x E µ µα.c E ; assume we have derived: x:b V x : B o x E : Γ, x:b V Γ µx. x E : B V Γ V µα. V α : A B µα.c µx. x E : Γ V Γ E : B V x:a V x : A o Γ E : A V x E : Γ, x:a V Γ µx. x E : A V ( L) Γ µx. x E : A B V

11 then we can derive: Γ E : B V Γ E : A V ( L) Γ V µα. V α : A B Γ E : A B V µα.c E : Γ V Again, notice that rule ( L) is applied correctly here. It might seem that the restriction flattens the system too much; however, as intersection is not problematic for CBN-reduction, we can still embed the -system for the λ-calculus whilst preserving the types, so our system N is as least as expressive; also, union types are still useful for µ-reductions. Moreover, union types are not problematic for CBV-reduction, and intersection can be used for µ-reductions. However, limiting the applicability of either rule ( R) or ( L) disrupts the proof of subject-expansion: this implies that it is impossible to define a notion of type assignment that is closed for conversion, even when restricting to CBV of CBN. So we cannot construct a filter model using types for λµ µ using this system. 6 Concluding remarks It is worthwhile to observe that the system presented above is just one of the possible ways of dealing with intersection and union in the context of λµ µ. In fact, allowing intersection and union for activated formulae only, actually leans strongly on the similarity between those type constructs and the logical & and. An alternative would be to allow union and intersection to be assigned also to inactive statements, by adding a variant of ( L) for c : Γ and Γ v : A, and of ( R) for c : Γ and Γ e : A, effectively removing some of the limitations mentioned in Property 15. Notice that this would not solve the subject reduction problem at all (and very likely make it worse). The approach followed (essentially, since it deals with a different calculus) in [4], is to not depend on the logical foundation at all any more, and to allow ( L) and ( R) only for commands: ( R) : c : Γ i α:a i, i (i n) (n 0) c : n Γ i α: n A i, n i ( L) : c : Γ i, x:a i i (i n) (n 0) c : n Γ i, x: n A i n i It is still possible then to preserve the types assignable in the -system, but we would need a different interpretation function; space restrictions do not permit a full treatment of these alternative approaches here. We have seen that it is straightforward to define a natural notion of type assignment to the sequent calculus λµ µ that uses intersection and union types. This system was shown natural in that we were able to show that subject expansion - the main reason to use either intersection or union - follows easily, and that both intersection and union play their natural and crucial role in that proof. However, this ease is not paired with soundness with respect to subject reduction. As in similar notions for the λ-calculus, combining union and intersection types breaks the soundness of the system. We have isolated the problem cases, and seen that it is

12 exactly the non-logical behaviour of both type constructors that causes the problem. We have looked at restrictions for either CBN or CBV reduction that overcome this defect, but all with the loss of the subject expansion result. Although this does not affect the characterisation of strong normalisation, it does have negative implications with the respect to the obtainable results. For example, it is now impossible to define a filter-style semantics [8] using intersection and union types for λµ µ, even for the two confluent sub-reduction systems CBV and CBN. References 1. S. van Bakel. Complete restrictions of the Intersection Type Discipline. TCS, 102(1): , S. van Bakel. Intersection Type Assignment Systems. TCS, 151(2): , S. van Bakel. Intersection and Union Types for X. In ITRS 04, ENTCS, S. van Bakel. Reduction in X does not agree with Intersection and Union Types. Manuscript, S. van Bakel, S. Lengrand, and P. Lescanne. The language X : circuits, computations and classical logic. In ICTCS 05, LNCS 3701, pp 81 96, F. Barbanera, M. Dezani-Ciancaglini, and U. de Liguoro. Intersection and Union Types: Syntax and Semantics. I&C, 119(2): , H. Barendregt. The Lambda Calculus: its Syntax and Semantics. North-Holland, H. Barendregt, M. Coppo, and M. Dezani-Ciancaglini. A filter lambda model and the completeness of type assignment. JSL, 48(4): , P.-L. Curien and H. Herbelin. The Duality of Computation. In ICFP 00, pp , R. Davies and F. Pfenning. A judgmental reconstruction of modal logic. MSCS, 11(4): , D. Dougherty, S. Ghilezan, and P. Lescanne. Intersection and Union Types in the λµ µcalculus. In ITRS 04, ENTCS, D. Dougherty, S. Ghilezan, and P. Lescanne. Strong Normalization of the Dual Classical Sequent Calculus. In LPAR 05, LNCS, pp , D. Dougherty, S. Ghilezan, and P. Lescanne. Characterizing strong normalization in the Curien-Herbelin symmetric lambda calculus: extending the Coppo-Dezani heritage. TCS, J. Dunfield and F. Pfenning. Tridirectional typechecking. In POPL 00, pp , G. Gentzen. Investigations into logical deduction. In The Collected Papers of Gerhard Gentzen. Ed M. E. Szabo, North Holland, 68ff (1969), B. Harper and M. Lillibridge. ML with callcc is unsound. Post to TYPES mailing list, July 8, H. Herbelin. C est maintenant qu on calcule: au cœur de la dualité. Mémoire de habilitation, Université Paris 11, Décembre J.R. Hindley. Coppo-Dezani Types do not Correspond to Propositional Logic. TCS, 28: , S.C. Kleene. Introduction to Metamathematics. Études et Recherches en Informatique. North Holland, R. Milner, M. Tofte, R. Harper, and D. MacQueen. The Definition of Standard ML. MIT Press, Philip Wadler. Call-by-Value is Dual to Call-by-Name. In ICFP 03, pages , A. K. Wright. Simple imperative polymorphism. Lisp and Symbolic Computation, 8(4): , 1995.

13 A Full counter examples Example 20. Let c 1 = µα. x x α µy. y y β, c 2 = x x µy. y y β, then c 1 µ c 2. Let the derivation D be constructed as follows: y:c D y : C D o then a derivation for the first term is: x:a C x : A C o y:c y : C o o β : D β:d y:c y β : C D β:d y y β : y:c (C D) β:d y y β : y:c (C D) β:d o µy. y y β : C (C D) β:d x:a x : A o o α : C α:c x:a x α : A C α:c x x. α : x:a (A C) α:c x:a x : A o o α : C D α:c D x:a C D x : A C D o x:a x α : A C D α:c D x x α : x:a (A C) D α:c D ( R) x x α : x:a (A C) (A C D) α:c (C D) x:a (A C) (A C D) µα. x x α : C (C D) o. D o µy. y y β : C (C D) β:d µα. x x α µy. y y β : x:a (A C) (A C D) β:d Now we expect the derivation D to be inserted for α in the derivation for x α. However, we cannot derive We can at most derive: x x µy. y y β : x:a (A C) (A C D) β:d x:a x : A o D o µy. y y β : C (C D) β:d x:a x µy. y y β : A C (C D) β:d x:a C (C D) x : A C (C D) o. x x µy. y y β : x:a (A C (C D)) β:d

14 Example 21. Take the µ-reduction µδ. λxµβ. x δ δ µz. λv.z γ λv.µδ. λxµβ. x δ δ γ Let D be the derivation x:a x : A o o δ : A β:b, δ:a x δ : x:a β:b, δ:a x:a µβ. x δ : B δ:a o λxµβ. x δ : A B δ:a o δ : A B δ:a B λxµβ. x δ δ : o δ:a (A B) o µδ. λxµβ. x δ δ : A (A B) o We can type the left-hand side as follows: v:c, z:a B z : A B o z:a B λv.z : C A B o o γ : C A B γ:c A B λv.z γ : z:a B γ:c A B o µz. λv.z γ : A B γ:c A B v:c, z:a z : A o z:a λv.z : C A o o γ : C A γ:c A λv.z γ : z:a γ:c A o µz. λv.z γ : A γ:c A. o µz. λv.z γ : A (A B) γ:(c A) (C A B) D o µδ. λxµβ. x δ δ : A (A B) o. µδ. λxµβ. x δ δ µz. λv.z γ : o γ:(c A) (C A B) ( L) We now expect the derivation D to be inserted for z in the derivation for λv.z γ. But we cannot derive λv.µδ. λxµβ. x δ δ γ : o γ:(c A) (C A B) We can at most derive (notice that we have weakened the left context in D with v:c): D λxµβ. x δ δ : v:c δ:a (A B) v:c µδ. λxµβ. x δ δ : A (A B) o λv.µδ. λxµβ. x δ δ : C A (A B) o. o γ : C A (A B) γ:c A (A B) λvµδ. λxµβ. x δ δ γ : o γ:c A (A B)