On stratified regions

On stratifi ed regions Rob erto M. Amadio Univ ersit ´ e Paris Diderot (P aris 7) ∗ No v em b er 12, 2018 Abstract Type and effect systems are a to ol to a nalyse statically the behaviour of progra ms with effects. W e present a proo f based on the so called reducibility candidates that a suitable stratification of the type and effect system en tails the termination of the typable pr ograms. The pro of tec hnique covers a simply typed, multi-threaded, call- b y-v alue lam b da-calculus, equipp e d with a v ariety of scheduling (preemptiv e, co op erative) and in teraction mecha- nisms (references, channels, signals). Keyw ords Types and effects. T ermination. Reducibilit y candidates. 1 In tro duction In the framew ork of fun ctio nal programs, the r elationship b et wee n type systems and term i- nation has b een extensivel y studied thr ough the Curry-Ho w ard corresp ond ence. It wo uld b e inte resting to extend th ese tec hniques to programs with effe c ts . By effect we m ean the p ossibilit y o f executing op erations that modify the state of a system such as r eadin g/writing a reference or sending/receiving a message. Usual type systems as a v ailable, e.g . , in v arious dialect s of the ML pr ogramming language, are too p o or to account for the b eha viour of programs with effects. A b etter appro ximation is p ossible if one abstracts the state of a system in a certain num b er of r e gions and if the t yp es accoun t f or th e wa y programs act on suc h r egi ons. So-ca lled typ e and effe ct systems [8] are an in teresting formalisa tion of this idea an d ha v e b een successfully used to a nalyse stati - cally the problem of heap-memory deallocation [10]. On the other hand, the pro of-theoretic foundations of su c h systems are large ly unexplored. Only recen tly , it has b een sh o wn [3] that a str atific ation of the regions entail s te rm in atio n in a certain higher-order language with co operative threads and references. Our pur p ose here is t o r evisit this r esult trying to clarify and extend b oth its sco p e and its pro of tec hnique (a more tec hnical c omparison is dela y ed to section 4). W e r efer to [3] for a ten tativ e list of pap ers referr ing to a not ion of stratificati on f or programs with s ide effects. P erhaps the closest w orks in spirit are those that ha ve adapted the r educibilit y candid ate s tec hniques to the π -calculus [11, 9]. Those wo rks exh ib it t yp e systems for the π -calculus that guarante e the termin atio n of the usu al con tin uation passing st yle translations o f t yp ed f unctional languages in to the π -calculus. Ho wev er, as p ointe d out b y one of t he authors of o p.cit in [5], they are not v ery successful in handling s tate sensitive programs. The appr oac h here is a b it differen t: one starts with a higher-order typ ed func- tional language whic h is kno wn to b e termin ating and then one d etermines to what exten t ∗ PPS, UMR-CNRS 7126. W ork partially supp orted b y ANR - 06-SETI-010-02. 1 side-effects can b e added while preservin g termination. Y e t in another direction, we n otice that a notion of region stratification has b een u s ed in [2] to guarantee th e p olynomial time reactivit y of a first-order timed/sync hronous languag e. W e outline the con ten ts of the pap er. In section 2, w e in tro duce a λ -calculus with r e gions . Regions are an abstracti on of dyn amically generated v alues suc h as references, c hannels, and signals, and the reduction r ules of the calculus are giv en in such a w a y that the reduction rules for r eferences, c hannels, and signals can b e sim ulated by those giv en for r egio ns. In section 3, w e d escribe a simple typ e and effe ct system al ong th e lines of [8]. In this d iscipline, t yp es carry information on the regions on wh ic h the ev aluated expressions ma y read or write. The discipline allo ws to write in a region r v alues th at ha v e an effect on the r egio n r itself. In tur n, this allo ws to simula te recursive definitions and thus to pr odu ce non terminating b eha viours. In section 4 , follo wing [3], w e describ e a str atification of th e regions. The id ea is that regions are order ed an d that a v alue written in a region ma y only pro du ce effects in smaller regions. W e th en prop ose a n ew reducibilit y candidates interpretatio n (see, e.g . , [6] for a go o d sur v ey) en tailing the termin ati on of t ypable p rograms. In section 5, we enric h the languag e with the p ossibilit y to generate new thr eads and to rea ct to the termination of the computation. Th e language we consider is then time d/synchr ono us in the sense that a computation is regarded as a p ossibly infin ite sequence of instan ts. An instant ends when the calculus cannot progress an ymore (cf. timed/sync hr on ou s languages su c h as Timed CCS [7] and Esterel [4]). W e e xtend th e stratified t yping r ules to this language and sh o w b y means of a translation into the core language that t ypable p rograms terminate. W e also sh o w that a fixed-p oin t combinator can b e define d a nd ty p e d so that recursiv e calls are allo w ed as long a s they arise at a later instan t. This differs from [3] wh ere a fixed-p oint com binator is a dde d to the language p oten tially compromising the termination prop ert y . App endix A con tains the main p ro ofs and a pp en dix B summarizes the t yp e and effect systems c onsidered . 2 A λ -calculus wi th regions W e consider a λ -calculus with r e gi ons . Regions are abstr actions of dynamically generated ‘p oin ters’ whic h, dep ending on the conte xt, are called references, channels, or signals. Given a program with op erators to generate dynamically v alues (suc h as ref in the ML language or ν in the π -cal culus ), one may simply introd uce a d istinct region for ev ery occur rence of suc h op erators. This a mounts t o collapse all the ‘p oin ters’ generated by the op erator at run time into one constan t. Th e resulting language sim ulates the original one as long as the v alues written in to r egions do not erase those already there. In p articular, termination for the languag e with reg ions en tails termination for the original language. W e n otic e that ordinary t yp e sys tem for programs with dynamic v alues p er f orm a similar abstraction: all the v alues that are generated b y an op erator are assigned the same t yp e. F or instance, typing ν x P in the π -calculus will reduce to typing the pro cess P in a con text where the name x is asso ciated with a suitable type A . In the corresp onding language with regions, one will replace the name x w ith a region r and t yp e [ r /x ] P ([ r /x ] is the subs titution) in a region co ntext w h ere r is associated with A . T o summarise, termination fo r the language with regions entails termination for th e orig - inal calc uli and moreo v er ordinary t yp e system implicitly abstract dynamically generated v alues in to regions. T herefore, w e argue that o ne can carry on the main t yp e theoretic argu- men ts at the lev el of regions rather than at the more detaile d lev el of dynamically generated 2 v alues. 1 2.1 Syn tax W e co nsid er the foll owing syn tactic ca tegories: x, y , . . . (v ariables) r , s, . . . (regions) e, e ′ , . . . (finite sets of regions) A ::= 1 | | Reg r A | | ( A e − → A ) (t yp es) Γ ::= x 1 : A 1 , . . . , x n : A n (con text) R ::= r 1 : A 1 , . . . , r n : A n (region con text) M ::= x | | r | | ∗ | | λx .M | | M M | | get ( M ) | | set ( M , M ) (terms) V ::= r | | ∗ | | λx.M (v alues) v , v ′ , . . . (sets o f v alue) S : := ( r ⇐ v ) | | S, S (stores) X ::= M | | S (stores o r terms) P ::= X | | X , P (programs) W e briefly comment the notation: 1 is the terminal (unit) type with v alue ∗ ; Reg r A is the t yp e of a region r con taining v alues of t yp e A ; A e − → B is the t yp e of fu nctions that when giv en a v alue of t yp e A ma y pro duce a v alue of t yp e B and an effect on the regions in e ; g et is the op erator to read some v alue in a r egio n and set is the op erator to insert a v alue in a region. W e write [ N/x ] M for the sub stitution of N for x in M . If R = r 1 : A 1 , . . . , r n : A n then dom ( R ) = { r 1 , . . . , r n } . If r ∈ dom ( R ) then we write R ( r ) for the t yp e A suc h that r : A o ccurs in R . W e also defi n e the term reg r M as an abb r eviat ion for ( λx.r )( set ( r, M )). Th us the difference b et w een set ( r , M ) and reg r M is that in the first case w e return ∗ while in the second we return r . When writing a program P = X 1 , . . . , X n w e r ega rd the symb ol ‘,’ as asso ciat ive and comm utativ e, or equiv alen tly we reg ard a program as a m ulti-set of terms and stores. W e write ( r ⇐ V ) f or ( r ⇐ { V } ). W e shall identify the store ( r ⇐ v 1 ) , ( r ⇐ v 2 ) with the store ( r ⇐ v 1 ∪ v 2 ). W e denote with dom ( S ) the set of r egio ns r suc h that ( r ⇐ v ) o ccurs in S and define S ( r ) as the set { V | ( r ⇐ V ) o ccurs in S } . 2.2 Reduction A call-b y v alue evalua tion c ontext E is d efined as: E ::= [ ] | | E M | | V E | | get ( E ) | | set ( E , M ) | | set ( V , E ) An elementa ry ev aluati on con text is defined as: El ::= [ ] M | | V [ ] | | get ([ ] ) | | set ([ ] , M ) | | set ( V , [ ]) 1 Incidentally , it seems much easier to prod uce denotational models of languages with regions than for the original languages with dynamic v alues so that one can hop e to find mo dels that d o provide insight in to the type systems. 3 An ev aluation conte xt can b e r ega rd ed as the finite comp osition (p ossibly emp t y) of el emen- tary ev aluation con texts. The r e duction on pr og rams is d efi ned as follo w s: E [( λx.M ) V ] → E [[ V /x ] M ] E [ get ( r )] , ( r ⇐ V ) → E [ V ] , ( r ⇐ V ) E [ set ( r, V )] → E [ ∗ ] , ( r ⇐ V ) P → P ′ P , P ′′ → P ′ , P ′′ Note that the seman tics of set amount s to add rather than to up date a bindin g b et w een a region an d a v alue. Hence a region can b e b ound at the s ame time to sev eral v alues (p ossibly infinitely man y) and the s emantics of get amoun ts to select non-deterministicall y one of them. As already mentioned, the notion of regio n is in tended to simulate some familiar pr o- gramming concepts suc h as references, c hannels, or signals. Sp ecifically: (i) when writing a reference, we replace the previously written v alue (if an y), (ii) when reading a (unordered, unboun ded) c hann el w e co nsu me (remo v e from the sto re) the v al ue read, and finally (iii) the v alues wr itte n in a signal p ersist within an instan t and d isapp ear at the en d of it. 2 One can easily formalise the reduction ru les for references, channels, and signals, and chec k that (within an instan t) ea ch r eduction step is simulat ed b y at l east one red uction step in the cal- culus with regio ns . Th us, t y p ing disciplines that guaran tee termination for the calculus with regions will guarante e the same prop erty when a dapted to references, c hannels, or signals. 3 T yp es and effe cts: unstratified case W e intro d uce a simple typ e and effe ct system along the lines of [8]. The f ollo w ing rules d efi ne when a region co ntext R is c omp atible with a t yp e A (judgemen t R ↓ A ): R ↓ 1 R ↓ A R ↓ B e ⊆ dom ( R ) R ↓ ( A e − → B ) r : A ∈ R R ↓ Reg r A The compatibilit y relation is just introd uced to define w hen a region con text is well formed (judgemen t R ⊢ ) and when a t yp e and effec t is w ell-formed with resp ect to a region con text (judgemen ts R ⊢ A a nd R ⊢ ( A, e )). ∀ r ∈ dom ( R ) R ↓ R ( r ) R ⊢ R ⊢ R ↓ A R ⊢ A R ⊢ A e ⊆ dom ( R ) R ⊢ ( A, e ) A more in formal w a y to expr ess the condition is to sa y that a judgement r 1 : A 1 , . . . , r n : A n ⊢ B is w ell formed p ro vided th at: (1) all the region n ames o ccurring in the t yp es A 1 , . . . , A n , B b elong to the set { r 1 , . . . , r n } and (2) all t yp es of the shap e Reg r i C with i ∈ { 1 , . . . , n } and o ccurring in the t yp es A 1 , . . . , A n , B are suc h that C = A i . F or instance, the reader m ay verify that r : 1 { r } − − → 1 ⊢ Reg r 1 { r } − − → 1 can b e derived while r 1 : Reg r 2 (1 { r 2 } − − → 1) , r 2 : 1 { r 1 } − − → 1 ⊢ cannot. Also it can b e easily c hec k ed that the follo wing prop erties hold: R ⊢ 1 iff R ⊢ R ⊢ Reg r A iff R ⊢ and R ( r ) = A R ⊢ A e − → B iff R ⊢ , R ⊢ A, R ⊢ B , and e ⊆ dom ( R ) R ⊢ iff ∀ r ∈ dom ( R ) R ⊢ R ( r ) 2 Signals arise in timed/synchronous mo dels where the computation is regulated by a notion of instant or phase (see section 5). 4 The s ubset relation on effects induces a subtyping r elat ion on typ es and on pairs of t yp es and effects whic h is defined as follo ws (judgements R ⊢ A ≤ A ′ , R ⊢ ( A, e ) ≤ ( A ′ , e ′ )): R ⊢ A R ⊢ A ≤ A R ⊢ A ′ ≤ A R ⊢ B ≤ B ′ e ⊆ e ′ ⊆ dom ( R ) R ⊢ ( A e − → B ) ≤ ( A ′ e ′ − → B ′ ) R ⊢ A ≤ A ′ e ⊆ e ′ ⊆ dom ( R ) R ⊢ ( A, e ) ≤ ( A ′ , e ′ ) W e notic e that th e transitivit y ru le: R ⊢ A ≤ B R ⊢ B ≤ C R ⊢ A ≤ C can b e deriv ed via a s im p le induction on the heigh t of the pr oofs. The subt yping rule trades flexibilit y aga inst precision of the typ e system. F or instance, supp ose A 1 = 1 e 1 − → 1 and A 2 = 1 e 2 − → 1 and we w ant to define the t yp e B of the functionals that tak e a v alue V 1 of t yp e A 1 and a v alue V 2 of t yp e A 2 and compu te eit her V 1 ∗ or V 2 ∗ . W e can d efine B = A 1 ∅ − → ( A 2 e 1 ∪ e 2 − − − → 1 ). The reader can c hec k that b oth λx.λy .x ∗ and λx.λy .y ∗ hav e t yp e B pr ovide d th e subtyping ru le is used. Incidenta lly , we note that [3] seems to ‘forget’ the subtyping rule. While there are is n o particular problems to pro vide a reducibilit y candidates in terpretation for this rule, w e n otic e that without it the follo wing div erging ML expression let l = ref ( λx.x ) in l := λx. ! lx ; ! l (), wh ic h is giv en in op.cit. to motiv ate the stratificati on of regions do es not t yp e already in th e ordinary unstr ati fied typ e a nd effect system b ecause ( λx.x ) has t yp e 1 ∅ − → 1 bu t not 1 { r } − − → 1 wher e r is the region asso ciated with the reference l . W e no w turn to the t yping ru les for the terms. W e sh all w rite R ⊢ x 1 : A 1 , . . . , x : A n if R ⊢ and R ⊢ A i for i = 1 , . . . , n . Note that in the foll o win g rules we alw ays refer to the same region co ntext R . R ⊢ Γ x : A ∈ Γ R ; Γ ⊢ x : ( A, ∅ ) R ⊢ Γ r : A ∈ R R ; Γ ⊢ r : ( Reg r A, ∅ ) R ⊢ Γ R ; Γ ⊢ ∗ : ( 1 , ∅ ) R ; Γ , x : A ⊢ M : ( B , e ) R ; Γ ⊢ λx.M : ( A e − → B , ∅ ) R ; Γ ⊢ M : ( A e 2 − → B , e 1 ) R ; Γ ⊢ N : ( A, e 3 ) R ; Γ ⊢ M N : ( B , e 1 ∪ e 2 ∪ e 3 ) R ; Γ ⊢ M : ( Reg r A, e ) R ; Γ ⊢ get ( M ) : ( A, e ∪ { r } ) R ; Γ ⊢ M : ( Reg r A, e 1 ) R ; Γ ⊢ N : ( A, e 2 ) R ; Γ ⊢ set ( M , N ) : ( 1 , e 1 ∪ e 2 ∪ { r } ) R ; Γ ⊢ M : ( A, e ) R ⊢ ( A, e ) ≤ ( A ′ , e ′ ) R ; Γ ⊢ M : ( A ′ , e ′ ) Finally , w e extend the typing ru les to stores and general multi-threaded p rograms. T o this end, it is con v enient to in tro duce a constan t b ehavio ur type B w h ic h is the t yp e we giv e to multi-sets of thr eads and/or stores whic h are not sup p osed to return a v alue bu t just to in teract via side-effects. W e will use α, α ′ , . . . to denote either an ordinary t yp e A or this new b eha viour t yp e B . r : A ∈ R ∀ V ∈ v R ; Γ ⊢ V : ( A, ∅ ) R ; Γ ⊢ ( r ⇐ v ) : ( B , ∅ ) R ; Γ ⊢ X i : ( α i , e i ) i = 1 , . . . , n ≥ 1 R ; Γ ⊢ X 1 , . . . , X n : ( B , e 1 ∪ · · · ∪ e n ) 5 Remark 1 The derive d typing rule for reg r M is as fol lows: r : A ∈ R R ; Γ ⊢ M : ( A, e ) R ; Γ ⊢ reg r M : ( Reg r A, e ∪ { r } ) One ca n derive a more traditio nal ‘effect-free’ t yp e system by er asing al l the eff e cts from the t yp es and the t yping ju dgemen ts. Note that in the resulting system the sub t yping rules are useless. W e shall write ⊢ ef for pro v abilit y in this system. T his ‘w eak er’ t yp e system suffices to state a d eco mp osition prop ert y of the terms w hic h is pr o v en by induction on the structure of the term. Prop osition 2 (decomp osition) If R ; ⊢ ef M : A is a wel l- typ e d close d term then exactly one of the fol lowing situations arises wher e E is an evaluation c ontext: 1. M is a value. 2. M = E [∆] and ∆ has the shap e ( λx.N ) V , set ( r , V ) , or get ( r ) . 3.1 Basic prop erties of typing and ev alu ation W e o bs er ve some basic prop erties: (i) one can weak en b oth the t yp e and region con texts, (ii) t yping is p r eserv ed when we replace a v ariable with an effect-free term of the same t yp e, and (iii) t yping is preserv ed b y reduction. If S is a store and e is a set of regions then S | e is the store S restricted to th e regions in e . Prop osition 3 (basic prop erties, unstratified) The fol lowing pr op erties hold: w eakening If R ; Γ ⊢ M : ( A, e ) and R , R ′ ⊢ Γ , Γ ′ then R, R ′ ; Γ , Γ ′ ⊢ M : ( A, e ) . substitution If R ; Γ , x : A ⊢ M : ( B , e ) and R ; Γ ⊢ N : ( A, ∅ ) then R ; Γ ⊢ [ N /x ] M : ( B , e ) . sub ject reduction L et M denote a se quenc e M 1 , . . . , M n . If R, R ′ ; ⊢ M , S : ( B , e ) , R ⊢ e , and M , S → M ′ , S ′ then R, R ′ ; ⊢ M ′ , S ′ : ( B , e ) , S | dom ( R ′ ) = S ′ | dom ( R ′ ) , and M , S | dom ( R ) → M ′ , S ′ | dom ( R ) . M or e over, if M = M and R, R ′ ⊢ M : ( A, e ) then M ′ = M ′ and R, R ′ ⊢ M ′ : ( A, e ) . The w eak ening an d substitution prop erties are sho wn directly by induction on th e pro of heigh t. Concerning sub j ect reduction, it is useful to notice that if a term M , of type and effect ( A, e ), is ready to read/write the region r then r ∈ e . This follo ws from an anal ysis of the ev aluat ion con text. Then we prov e the assertion b y case analysis on the r eduction rule applied, relyi ng on the sub stitutio n prop ert y . Remark 4 The subje ct r e duction pr op e rty is formulate d so as to make cle ar that the typ e and effe ct system i nde e d delimits the inter actions a term may have with the stor e. Note that a term may r efer to r e gions which ar e not e xplicitly mentione d in its typ e and eff e ct. F or instanc e, c onsid er M = ( λf . ∗ )( λx. get ( r ) x ) and let R = r : 1 ∅ − → 1 . Then R ; ∅ ⊢ M : ( 1 , ∅ ) , ∅ ⊢ ( 1 , ∅ ) but ∅ ; ∅ 6⊢ M : ( 1 , ∅ ) . The subje ct r e duction pr op erty guar ante es that such a term wil l only r e ad/ write r e gions include d in the r e gion c ont ext ne e de d to typ e its typ e and eff e ct. 6 3.2 Recursion In our (unstratified) calculus, w e can write in a r egio n r a fu nctional v alue λx.M w here M reads from the region r itself. F or instance, reg r ( λx. ( get ( r )) x ). This kind of circularit y leads to div erging computations su c h as: get ( reg r λx. get ( r ) x ) ∗ → get ( r ) ∗ , ( r ⇐ λx. get ( r ) x ) → ( λx. get ( r ) x ) ∗ , ( r ⇐ λx. get ( r ) x ) → get ( r ) ∗ , ( r ⇐ λx. get ( r ) x ) → · · · It is wel l kno wn th at this ph enomena can b e exploited to simulate r ecursiv e defin itions. Sp ecifically , w e define: fix r f .M = λx. ( get ( reg r ( λx. [ λx. get ( r ) x/f ] M x ))) x (1) By a direct applica tion of the t yp in g rules and prop ositi on 3(substitution), one can deriv e a rule to t yp e fix r f .M . Prop osition 5 (t yp e fixed-p oin t) The fol lowing typing rule for the fixe d p oint c ombinator is derive d: r : A e − → B ∈ R r ∈ e R ; Γ , f : A e − → B ⊢ M : ( A e − → B , ∅ ) R ; Γ ⊢ fix r f .M : ( A e − → B , ∅ ) (2) F or a concrete example, assume basic op erators on the inte ger t yp e and let M b e the factorial function: M = λx. if x = 0 then 1 else x ∗ f ( x − 1) . Then compu te ( fix r f .M )1. In this c ase w e ha v e e = { r } and r : int r − → int ∈ R . 4 T yp es and effe cts: stratified case As w e h a v e seen, an u nstratified simply t yp ed calculus with effect s may p rod uce d iv erging computations. T o a v oid this, a natural idea prop osed by G. Boudol in [3] is to str atify regions. In tuitive ly , w e fix a well-founded order on regions and we make sure that v alues stored in a region r can only pr od u ce effects on smaller regions. F or instance, supp ose V is a v alue with t yp e ( 1 { r } − − → 1 ). Intuitiv ely , this means that w h en applied to an a rgum ent U : 1 , V ma y pro duce a n effect on r egio n { r } . Then the v alue V ca n only b e s tored in regions larger than r . W e sh all see that th is stratification allo ws for an inductiv e d efinition of the v alues that can b e stored in a giv en region. The only c hange i n the type system concerns the judgement s R ⊢ , R ⊢ A , and R ⊢ ( A, e ) whose rules are redefined as follo ws: ∅ ⊢ R ⊢ A r / ∈ dom ( R ) R, r : A ⊢ R ⊢ R ⊢ 1 R ⊢ r : A ∈ R R ⊢ Reg r A R ⊢ A R ⊢ B e ⊆ dom ( R ) R ⊢ A e − → B R ⊢ A e ⊆ dom ( R ) R ⊢ ( A, e ) . 7 Pro viso Henceforth w e shall use ⊢ to refer to pro v abilit y in the stratified system and ⊢ u for prov abilit y in the unstr atifie d one. T he former implies the latter since R ⊢ implies R ⊢ u and R ⊢ A implies R ⊢ u A , while the other r ules are unc hanged. 4.1 Basic prop erties revisited The main p rop erties w e hav e pro ven for the uns tr ati fied system ca n b e sp ecialised to the stratified one. Prop osition 6 (basic prop erties, stratified) The fol lowing pr op erties hol d in the str ati- fie d system. w eakening If R ; Γ ⊢ M : ( A, e ) and R , R ′ ⊢ Γ , Γ ′ then R, R ′ ; Γ , Γ ′ ⊢ M : ( A, e ) . substitution If R ; Γ , x : A ⊢ M : ( B , e ) and R ; Γ ⊢ N : ( A, ∅ ) then R ; Γ ⊢ [ N /x ] M : ( B , e ) . sub ject reduction If R, R ′ ; ⊢ M , S : ( B , e ) , R ⊢ e , and M , S → M ′ , S ′ then R, R ′ ; ⊢ M ′ , S ′ : ( B , e ) , S | dom ( R ′ ) = S ′ | dom ( R ′ ) , and M , S | dom ( R ) → M ′ , S ′ | dom ( R ) . Mor e over, if M = M and R, R ′ ; ⊢ M : ( A, e ) then M ′ = M ′ and R, R ′ ; ⊢ M ′ : ( A, e ) . 4.2 In terpretation W e describ e a r e ducibility c andida tes interpretatio n that en tails th at t yp ed pr ograms t ermi- nate. W e denote with SN th e collectio n of strongly normalising single-threaded pr og rams, i.e. , the programs of the shap e M , S s uc h that all reduction sequences terminate. W e write ( M , S ) ⇓ ( N , S ′ ) if M , S ∗ − → N , S ′ and N , S ′ 6→ . W e write R ′ ≥ R , and sa y th at R ′ extends R , if R ′ ⊢ and R ′ = R, R ′′ for so me R ′′ . The s tarting idea is that th e interpretatio n of R ⊢ is a set of stores and the in terpretation of R ⊢ ( A, e ) is a set of terms. O n e difficulty is that the stores and the terms may d ep en d on a r egio n co ntext R ′ whic h extends R . W e get around this problem, b y making the con text R ′ explicit in the in terpretation. Then the int erpr etat ion can b e giv en directly by in duction o n the p ro v ability of the ju dgemen ts R ⊢ and R ⊢ ( A, e ). This is a notable sim p lificatio n with resp ect to the a pp roac h tak en in [3] wh ere a rather ad ho c w ell-founded order on j udgemen ts is introd uced to define t he in terpr etation. A second characte ristic of our approac h is that the p rop erties a thread m ust satisfy are sp ecified with resp ect to a ‘saturated’ store whic h intuitiv ely already conta ins all th e v alues the thread may write in to it. This app roac h simp lifi es the in terpretation and p ro vides a simple argumen t to extend the termination argum en t f r om single-threaded to m ulti-threaded programs. Indeed, if w e a ha v e a set of threads which are guarante ed to termin ate w ith resp ect to a s aturated store then their p aralle l comp ositi on will terminate to o. T o see this, one can reason by contradict ion: if the p arall el composition div erges then one th read must run infinitely often and, since th e threads cannot mo dify the satur ated s tore (wh at they wr ite is already th ere), this con tradicts the h yp othesis that all the threads tak en alone with the saturated store terminate. Finally , minor tec hnical differences with resp ect to [3] is that w e in terpret the subtyping rule (c f. discussion in section 3 ) and th at our notion of reducibilit y candidate follo ws Girard rather t han Stenlund-T ait (see [6] for a detailed co mp arison and references). 8 Region-con text Let R = r 1 : A 1 , . . . , r n : A n and R r i = r 1 : A 1 , . . . , r i − 1 : A i − 1 , for i = 1 , . . . , n . W e interpret a region-con text R as a set of pairs R ′ ⊢ S where R ′ is a region-con text which extend s R and S is a ‘saturated’ store wh ose domain coincides with R : R = { R ′ ⊢ S | R ′ ≥ R , dom ( S ) = dom ( R ) , and for i = 1 , . . . , n S ( r i ) = { V | R ′ ⊢ V ∈ R r i ⊢ ( A i , ∅ ) } } If R ′ ≥ R then R ( R ′ ) is defined as the store S such that R ′ ⊢ S ∈ R . No te th at, for r ∈ dom ( R ) and R = R 1 , r : A, R 2 , V ∈ R ( R ′ )( r ) means R ′ ⊢ V ∈ R 1 ⊢ ( A, ∅ ) . T yp e and effect W e in terpret a t yp e and effe ct R ⊢ ( A, e ) as the set o f pairs R ′ ⊢ M su c h that R ′ extends R , and M is a closed term t ypable with resp ect to R ′ and satisfying suitable prop erties (1-3 b elo w): R ⊢ ( A, e ) = { R ′ ⊢ M | (1) R ′ ≥ R , R ′ ; ∅ ⊢ M : ( A, e ) , (2) for all R ′′ ≥ R ′ M , R ( R ′′ ) ∈ SN , and (3) for all M ′ , S ′ , R ′′ ≥ R ′ ( M , R ( R ′′ )) ⇓ ( M ′ , S ′ ) implies S ′ = R ( R ′′ ) and C ( A, R , R ′′ , M ′ ) } where: C ( A, R , R ′′ , M ′ ) ≡ ( A = 1 ⊃ M ′ = ∗ ) ∧ ( A = R eg r B ⊃ M ′ = r ) ∧ ( A = A 1 e ′ − → A 2 ⊃ M ′ = λx.N ∧ for a ll R 1 ≥ R ′′ , R 1 ⊢ V ∈ R ⊢ ( A 1 , ∅ ) implies R 1 ⊢ M ′ V ∈ R ⊢ ( A 2 , e ′ ) ) . Supp ose R = r 1 : A 1 , . . . , r n : A n . W e note that the in terpretation of R dep ends on the in terpretation of r 1 : A 1 , . . . , r i − 1 : A i − 1 ⊢ A i for i = 1 , . . . , n and the int erpr eta tion of R ⊢ ( A, e ) d ep en ds on the inte rp retati on of R and, when A = A 1 e ′ − → A 2 , on th e inte rp retat ion of R ⊢ ( A 1 , ∅ ) and R ⊢ ( A 2 , e ′ ). It is e asily v erified that t he definition of the interpretatio n is w ell fo un ded by considering as mea su re the heigh t of th e p roof of the interpreted jud gemen t. W e also note th at suc h a well- foun ded definition w ould n ot b e p ossible in the unstratified system. F or instance, the in terpretation of r : A ⊢ ( A, ∅ ) w here A = 1 r − → 1 s h ould r efer to a store con taining v alues of typ e A . Finally , w e stress that the interpretations of R and R ⊢ ( A, e ) actually con tain terms typable in an extension R ′ of R b ut that their prop erties are stated with resp ect to a store whose domain is dom ( R ). This is p ossible b ecause the t yp e and effect system do es indeed delimit the effects a term ma y ha v e when it is executed (cf. remark 4). 4.3 Basic prop erties of t he interpretation W e say that a term M is neutr al if it is not a λ -abstracti on. The follo wing prop osition lists some basic prop erties of the int erp r etat ion. Similar p rop erties arise in the redu cibility candidates interpretatio ns us ed for ‘pu re’ functional languages, b u t th e main p oin t here is that w e ha v e to state them relativ ely to su ita ble stores. In particular, the extension/restrictio n prop ert y , which is p erhaps less familiar, is crucial to p r o v e the f ollo w in g soundn ess theorem 9. 9 Prop osition 7 (prop erties in terpretat ion) The fol lowing pr op erties hold. W eakening If R ′′ ≥ R ′ ≥ R , R ⊢ ( A, e ) , and R ′ ⊢ M ∈ R ⊢ ( A, e ) then R ′′ ⊢ M ∈ R ⊢ ( A, e ) . Extension/Restriction Supp ose R ′′ ≥ R ′ ≥ R and R ⊢ ( A, e ) . Th en R ′′ ⊢ M ∈ R ⊢ ( A, e ) if and only if R ′′ ⊢ M ∈ R ′ ⊢ ( A, e ) . Subt yping If R ⊢ ( A, e ) ≤ ( A ′ , e ′ ) then R ⊢ ( A, e ) ⊆ R ⊢ ( A ′ , e ′ ) . Strong normalisation If R ′ ⊢ M ∈ R ⊢ ( A, e ) and R ′′ ≥ R ′ then M , R ( R ′′ ) ∈ SN . Reduction closure If R ′ ⊢ M ∈ R ⊢ ( A, e ) , R ′′ ≥ R ′ , and M , R ( R ′′ ) → M ′ , S ′ then R ′′ ⊢ M ′ ∈ R ⊢ ( A, e ) and S ′ = R ( R ′′ ) . Non-emptiness If R ⊢ A then ther e is a va lue V suc h that f or al l R ′ ≥ R and e ⊆ dom ( R ) , R ′ ⊢ V ∈ R ⊢ ( A, e ) . Expansion closure Supp ose R ⊢ ( A, e ) , R ′ ≥ R , R ′ ; ∅ ⊢ M : ( A, e ) , and M is neu tr al. Then R ′ ⊢ M ∈ R ⊢ ( A, e ) pr ovide d that for al l R ′′ ≥ R ′ , M ′ , S ′ such that M , R ( R ′′ ) → M ′ , S ′ we have that R ′′ ⊢ M ′ ∈ R ⊢ ( A, e ) and S ′ = R ( R ′′ ) . Pr oo f hint . W eakening W e rely on prop osition 6((synta ctic) we ak ening) and the fact that, the prop erties the pairs R ′ ⊢ M must satisfy to b elong to R ⊢ ( A, e ) , m ust hold f or all the ext ensions R ′′ ≥ R ′ . Extension/Restriction By d efinition, R ( R ′′ ) coincides with R ′ ( R ′′ ) on dom ( R ). On the other h and, the pr op osition 6( su b j ect r eduction) guaran tees that the reduction of a term of type and effect ( A, e ) will not d ep end a nd will not affect the part of the store whose d omain is dom ( R ′ ) \ dom ( R ). W e then pr o v e the prop ert y b y ind uction on the structure of the t yp e A . Subt yping This is pro v en by induction on the the pro of of R ⊢ A ≤ A ′ . Strong normalisation This follo ws immediately from the definition of the in terpretation. Reduction closure W e kno w th at M , R ( R ′′ ) must normalise to a v alue satisfying s uitable prop erties and the same saturated store R ( R ′′ ). Moreo ve r, w e kno w that the store ca n only gro w during the reduction. W e conclude app lyin g the w eak ening prop ert y . Non-emptiness/Expansion closure These t wo prop erties are pro ven at once, by indu c- tion on the pro of heigh t o f R ⊢ ( A, e ). W e tak e as v alues: ∗ for the t yp e 1 , r for a t yp e of the sh ape Reg r B , and the ‘constan t function’ λx.V 2 for a t yp e of the shap e A 1 e 1 − → A 2 where V 2 is th e v alue inductiv ely b uilt for A 2 . T o p ro v e λx.V 2 ∈ R ⊢ ( A 1 e 1 − → A 2 , e ) , we use t he inductive hypothesis of expansion closure of R ⊢ ( A 2 , e 1 ) . ✷ 10 4.4 Soundness of the in terpretation By defin itio n, if R ⊢ M ∈ R ⊢ ( A, e ) then R ; ⊢ M : ( A, e ). W e are going to sho w that the con v erse holds too. First w e need to generalise the notion of red ucibilit y t o op en terms. Definition 8 (term interpretation) We write R ; x 1 : A 1 , . . . , x n : A n | = M : ( B , e ) if whenever R ′ ≥ R and R ′ ⊢ V i ∈ R ⊢ ( A i , ∅ ) for i = 1 , . . . , n we have that R ′ ⊢ [ V 1 /x 1 , . . . , V n /x n ] M ∈ R ⊢ ( B , e ) . As u s ual, the main result can b e stated as the sound ness of the interpretatio n with resp ect to the t ypin g r ules. Sin ce terms in the interpretatio n are strongly normalising relativ ely to a saturated store (cf. prop osition 7), it follo ws that t yp ab le (clo sed) terms are strongly normalising. Theorem 9 (soundness) If R ; Γ ⊢ M : ( B , e ) then R ; Γ | = M : ( B , e ) . Pr oo f hint . The pro of go es by in duction on the typing of the terms and exploits the prop erties of the interpretation stated in prop osition 7. As usual, the case of the abs tr act ion is prov en b y app ealing to expansion closure and the case of app lica tion follo w s from the v ery in terpretation of the functional t yp es and reduction closure. Th e cases where w e write or read from the store h a v e to b e handled with some care. W e discuss a simplified situation. Supp ose R ′ ≥ R = R 1 , r : A, R 2 . write Supp ose R ; ⊢ set ( r , V ) : ( 1 , { r } ) is deriv ed from R ; ⊢ V : ( A, ∅ ). Then, by induction h yp othesis, we kno w that R ′ ⊢ V ∈ R ⊢ ( A, ∅ ) . Ho w ev er, for main taining the in v ariant that the saturated store is un changed, we need to sho w th at R ′ ⊢ V ∈ R 1 ⊢ ( A, ∅ ) , and this is indeed the case thanks to prop osition 7 (restriction). read S u pp ose we ha ve R ′ ; ⊢ get ( r ) : ( A, { r } ). No w notice that prop osition 7 (non-emptiness) guaran tees that R ( R ′ )( r ) is not empt y . Thus get ( r ) , R ( R ′ ) will red uce to V , R ( R ′ ) for some v alue V suc h that R ′ ⊢ V ∈ R 1 ⊢ ( A, ∅ ) . Ho wev er, wh at we need t o sh o w is t hat R ′ ⊢ V ∈ R ⊢ ( A, ∅ ) and this is indeed the ca se thanks to pr op osition 7(ext ension). ✷ Corollary 10 (termination) (1) The judgement R ; ⊢ M : ( A, e ) is pr ova ble if and only if R ⊢ M ∈ R ⊢ ( A, e ) . (2) Every typ able multi-thr e ade d pr o gr am R ; ⊢ M 1 , . . . , M n : ( B , e ) terminates. Corollary 10(1), follo ws from theorem 9 taking the conte xt Γ to b e emp ty . C orolla ry 10(2) follo ws from the fact that ea c h thr ead strongly normalizes with r esp ect to a saturated store. Then its execution is not affected by the execution of other th reads in parallel: all these parallel th reads could do is to write in the saturated store v alues whic h are already there. 5 Extensions In this section we sketc h t w o extensions of our basic mo del. The first simp le one (section 5.1 ) concerns the p ossibilit y of generating d ynamically n ew threads while the second (sectio n 5.2) is a bit more inv olv ed and it concerns the notion of timed/sync hr onous computation. 11 5.1 Thread generation In the presen ted system, the n umb er of thr eads is constant . W e d escrib e a simple extension that allo ws to g enerate new thr eads during th e execution. Namely , (1 ) w e reg ard a multi-se t of terms M 1 , . . . , M n as a term of b eha viour t yp e B a nd (2) w e abstract terms of b eha viour t yp e B pro ducing terms of t yp e ( A e − → B ) for some t yp e A, e (this f ormalisat ion i s inspired by [1](c hpt. 16 )). It is straigh tforwa rd to extend the r ules for the form ation of region cont exts and t yp es and for subtyping to tak e into accoun t the b ehavio ur t yp e B . Sim ilarly , the t yping rules for abstraction and application are extended to tak e into accoun t the situation w here the co domain of th e functional s p ace is B . The full definition of th is system is giv en in app endix B . In this extended system, we can then type, e.g. , a term that after p erforming an inp ut will start t w o thr eads in parallel: ( λx. ( M , N )) get ( r ) which w ould b e w ritten in, sa y , the π -calculus as r ( x ) . ( M | N ). In order to sho w termination of this extended language, we ha ve to defin e the interpre- tation of the judgement R ⊢ ( B , e ). T o this end, it is enough to extend the definition in section 4.2 b y requiring that a term in R ⊢ ( B , e ) when run in the s atur ate d store will indeed terminate without mo difying the store and pro duce a m ulti-set of v alues. F ormally , w e add the co nd ition ‘ A = B ⊃ M ′ = V 1 , . . . , V n , n ≥ 1’ to the definition of the predicate C . W e can then li ft our results to this system lea ving the structure of the pr oofs unc hanged. 5.2 Sync hron y/Time W e consider a timed/sync hronous extension of ou r language. F ollo wing an established tra- dition, we consider that the computation is divided in to instants and that an instan t ends when the computation cannot pr og ress. Th en w e n eed at least an add itio nal op erator that allo ws to write p r ograms that r e act to the end of th e instan t by c hanging their state in the follo wing instant . W e shall see that the termination of the t yp ab le pr ograms can b e obtained b y mapping r eductions in the extended language in to redu ctio ns in t he core la ngu age. Syn tax and Reduction W e e xtend the collection of terms as follo ws: M ::= · · · | | M ⊲ M , where the oper ator else-next , w ritten M ⊲ N , tries to run M and , if it fails, r uns N in the follo wing instan t (cf. [7]). W e extend the ev aluation conte xts assuming: E ::= · · · | | E ⊲ M , and the elementary ev aluation con texts assuming: E l ::= · · · | | [ ] ⊲ M . W e define a simplificatio n op erator r e d that remo v es from a co ntext all p en ding b ranc hes else-next: r e d ( E ) =    [ ] if E = [ ] r e d ( E ′ ) if E = E ′ ⊲ N El [ r e d ( E ′ )] otherwise, if E = E l [ E ′ ] W e sa y that an ev aluation context E is time insensitiv e if r e d ( E ) = E . W e adapt the r eduction rules defined in secti on 2 as follo ws: E [( λx.M ) V ] → r e d ( E )[[ V /x ] M ] E [ get ( r )] , ( r ⇐ V ) → r e d ( E )[ V ] , ( r ⇐ V ) E [ set ( r , V )] → r e d ( E )[ ∗ ] , ( r ⇐ V ) . F u rther, we h a v e to describ e how a p r ogram reacts to the end of the compu tation. This is 12 sp ecified by the relatio n tick − − → b elo w: V tick − − → V S tick − − → S M = E [ get ( r )] E time insensitiv e M tick − − → M M = E [ E ′ [∆] ⊲ N ] ∆ ::= V | | get ( r ) E time insensitiv e M tick − − → E [ N ] P i tick − − → P ′ i i = 1 , 2 P 1 , P 2 6→ P 1 , P 2 tick − − → P ′ 1 , P ′ 2 . F or instance, w e ca n write ( λx.M ) get ( r ) ⊲ N f or a thread that tries t o read a v alue from the region r in the fir st instant and if it f ails it resumes the computation with N in the follo wing instan t. W e can also w rite ∗ ⊲ N for a thr ead that (uncond itio nally) stops its computation for t he current instan t and resumes it with N in the follo wing instant. Note that P tick − − → only if P 6→ . The con v erse is in general false, but it holds f or w ell-t yp ed closed p rograms (cf. pr oposition 13). Thus f or wel l-t yp ed closed programs the pr in ciple is that time p asses (a tick − − → transition is p ossible) exactly when the computation cannot pr ogress (a → trans itio n is imp ossible). Then termination is ob viously a very desirable prop erty of timed/sync hronous programs. T yping The t yping rules for the terms are e xtended as fol lo ws: R ; Γ ⊢ M : ( A, e ) R ; Γ ⊢ N : ( A, e ′ ) R ; Γ ⊢ M ⊲ N : ( A, e ) . Note that in typing M ⊲ N w e only record the effe ct of the term M , that is w e fo cus on the effects a term ma y pro duce in the first instan t while neglecting those that ma y b e prod uced at l ater instan ts. Reduction The decomp osition pr op osition 2 can b e lifted to the extended language. There is a third c ase to b e considered besides the t w o arising in prop osition 2 wh ic h corresp onds to the situation where the redex is un der th e scop e of an else-next. More precisely , in the third case a closed t erm M is decomp osed as E [ E ′ [∆] ⊲ N ] where E is a time insensitive ev aluation con text and ∆ has th e shap e V , ( λx.N ) V , set ( r , V ), or get ( r ). F o cusing on the s tr ati fied case, one can adapt the weak ening, substitution, and sub ject reduction prop erties whose pro ofs p ro ceed as in prop osition 6. Th e preserv ation of the t yp e information b y th e passage of time (tic k reduction) can b e stated as follo ws. If R ; ⊢ M , S : ( B , e ), and M , S tick − − → M ′ , S ′ then S = S ′ and there is an effect e ′ suc h that R ; ⊢ M ′ , S : ( B , e ′ ). Notice that the effect of the reduced term migh t b e incomparab le with the effe ct of the term to b e red uced. S till the follo wing c ont ext substitution pr oper ty allo ws to conclude th at the resulting t erm is w ell-t yp ed. If R ; Γ , x : A ⊢ E [ x ] : ( B , e ) where x is not fr ee in the ev aluation context E and R ; Γ ⊢ N : ( A, e ′ ) then R ; Γ ⊢ E [ N ] : ( B , e ∪ e ′ ). 13 T ranslation W e consider a translation that remo ve s the else-next op erator while preserving t yping and reduction. Namely , we define a function h i on terms suc h that h M ⊲ N i = h M i , h x i = x , h∗i = ∗ , h r i = r , and whic h comm utes with the other oper ators (abstraction, application, reading, and wr iting). Also the translation is extended to stores and p rograms in t he ob vious w a y: h ( r ⇐ V ) i = ( r ⇐ h V i ), h X 1 , . . . , X n i = h X 1 i , . . . , h X n i . Prop osition 11 (sim ulation) (1) If R ; Γ ⊢ M : ( A, e ) then R ; Γ ⊢ h M i : ( A, e ) . (2) If R ; Γ ⊢ P : ( B , e ) then R ; Γ ⊢ h P i : ( B , e ) . (3) If R ; ⊢ P : ( B , e ) and P → P ′ then h P i → h P ′ i . (4) A pr o gr am P terminates if h P i terminates. The pro of of th is pr oposition is direct. In particular, to pro v e (3) w e show that the translation comm utes with the substitution and that th e translation of an ev aluation conte xt is again an ev aluation con text. Fixed-p oin t, revisited The t yping rule (2) prop osed for th e fixed-p oin t com binator cannot b e applied in the stratified s y s tem as the condition r : A e − → B ∈ R and r ∈ e cannot b e satisfied. Ho we ver, w e can still t yp e recur siv e calls that happ en in a later instan t. Prop osition 12 (type fixed-p oin t, revisited) The fol lowing typing rule for the fixe d p oint c ombina tor is derive d in the str atifie d system R ; Γ , f : A e ∪{ r } − − − → B ⊢ M : ( A e − → B , ∅ ) r : A e − → B ∈ R R ; Γ ⊢ fix r f .M : ( A e ∪{ r } − − − → B , ∅ ) (3) W e pro v e this pr oposition by a direct application of the t yping rules and the su bstitution prop ert y (cf. prop osition 14). T o see a concrete example where the ru le can b e app lied, consider a th r ead that at eac h instan t writes an integer in a region r ′ (w e assu me a basic t yp e int of in tegers): M = λx. ( λz . ∗ ⊲f ( x + 1))( set ( r ′ , x )) Then, e.g . , ( fix r f .M )1 is the in fi nite b eha viour that at the i - th instant writes i in r egio n r ′ . One can c hec k the t ypabilit y of fix r f .M taking as (stratified) region conte xt R = r ′ : int , r : int { r ′ } − − → 1 . 6 Conclusion W e ha ve int ro duced a λ -calculus with regions as an a bs tr act ion of a v ariet y of concrete higher-order concurrent language s with sp ecific sc heduling and in teraction mechanisms. W e ha v e d escrib ed a stratified t yp e and effect system and provided a new reducibilit y candidates in terpretation for it which en tails that t ypable p rograms terminate. W e hav e highligh ted s ome relev an t prop erties of the in terpretation (prop ositio n 7) whic h could b e tak en as the basis for an abstract definition of reducibilit y candidate. The la tter is needed to interpret s econd-ord er (p olymorphic) t yp es (see, e . g. , [6]). W e b eliev e the prop osed pro of is b oth more general b ecause it applies to a v ariet y of interactio n mec hanisms and sc heduling p olicie s and simpler to understand b ecause the inte rp retatio n is giv en b y a direct 14 induction on the pr oof sy s tem and b ecause the inv ariant on th e s tore is easier to manage (the store is not affected by the reduction). This is of cours e a sub jectiv e opinion and the reader who maste rs [3] ma y well fin d our revised treatmen t sup erfl uous. W e ha v e also lifted our approac h to a timed/sync hr on ou s framework and d eriv ed a form of r ecur siv e defin itio n whic h i s useful to define b ehavi ours spanning infin itely man y instan ts. In ongoing w ork, we ha ve r efi ned th e t yp e and effect system to include line ar information (in th e s en se of linear logic) whic h is relev an t b oth to defi ne deterministic fragment s of th e calculus and to con trol b ett er the c omplexit y of the d efinable programs. Ac kno wledgemen ts Thanks to G´ erard Boudol for several discussions on [3]. References [1] R. Amadio and P .-L. Curien. Domains and Lambda Calculi. Cambridge University Pr ess . [2] R. Amadio and F. Dabrowski. F easible reactivity in a synchronous π -calculus. In Pro c. ACM Principles and Practice of Declarative Programming. pp 221-230, 2007. [3] G. Boudol. Typing termination in a higher-order concurren t imp erative language. In Proc. CONCUR, Springer LN CS 4703:272-286, 2007. [4] G. Berry and G. Gonthier. T he Esterel synchronous prog ramming language. Scienc e of c omputer pr o- gr amming , 19(2):87–152, 1992. [5] Y. Deng and D. Sangiorgi . Ensuring termination by typabilit y . I nf ormation and Computat ion , 204(7):104 5-1082, 2006. [6] J. Gallier. On Girard’s Candidats de R e ductibili t ´ e . In L o gic and Computer Scienc e , Odifreddi ( ed.), Academic Press, 123-203, 1990. [7] M. Hennessy , T. R egan. A pro cess algebra of timed systems. Inf ormation and C om puta tion , 117(2):221- 239, 1995. [8] J. Lucassen and D. Gifford. Pol ymorph ic effect systems. In Pro c. ACM-POPL, 1988. [9] D. Sangiorgi. T ermination of pro cesses. Math. Struct. in Comp. Sci. , 16:1-39, 2006. [10] M. T ofte and J. -P . T alpin. Region-based memory management. Information and Comput ation , 132(2): 109-176, 1997. [11] N . Y oshida, M. Berger, and K . Hond a. Strong normalisation in the π -calculus. Information and Compu- tation , 191(2):145-20 2, 2004. 15 A Pro ofs A.1 Pro of of prop osition 2 (decomp osition) By ind uction on the structure of M . By the typing hyp othesis, M cannot b e a v ariable. If M is a v alue w e are in case 1. Otherw ise, M can hav e exactly one of the follo wing sh ap es: M 1 M 2 , ge t ( M 1 ), set ( M 1 , M 2 ). W e consider in some d etail the c ase for applicat ion. The typing r ules force M 1 and M 2 to b e t ypable in an emp t y con text. Moreo v er M 1 m ust ha v e a functional type. Because of this, if M 1 is a v alue then it must b e of the sh ape λx.M ′ 1 . Moreo v er, w e can apply the in ductiv e hyp othesis to M 2 and su itably comp ose with the ev aluation con text M 1 [ ]. If M 1 is not a v alue then we app ly the inductiv e h yp othesis to M 1 and suitably comp ose with the e v aluation con text [ ] M 2 . ✷ A.2 Pro of of prop osition 3 (basic prop erties, unstratified) W eakening First prov e b y induction on the pr o of h eig ht that if R, R ′ ⊢ and R ⊢ A , ( R ⊢ ( A, e ), R ⊢ A ≤ B ) then R, R ′ ⊢ A ( R, R ′ ⊢ ( A, e ), R , R ′ ⊢ A ≤ B ). Next, by ind uction on the pro of heigh t, we show how to transform a pr oof R ; Γ ⊢ M : ( A, e ) into a pr oof of R, R ′ ; Γ , Γ ′ ⊢ M : ( A, e ). ✷ Substitution By induction on the pro of height of R ; Γ , x : A ⊢ M : ( B , e ). Sub ject reduction First w e n otic e that if a term M , of t yp e and effect ( A, e ), is r eady to in teract with th e store then the region on wh ic h the interact ion tak es place b elongs to e . More f ormally , if R ; ⊢ M : ( A, e ), M ≡ E [∆] and ∆ has the shap e get ( r ) or set ( r , V ) then r ∈ e . T o p r o v e these f acts we pro ceed b y indu ctio n on the structure of the ev aluation cont ext E . Then we pr o v e th e assertion by case analysis on the reduction rule a pp lied r elying on t he substitution prop ert y . ✷ A.3 Pro of of prop osition 5 (type fixed-p oin t) Supp ose r : A e − → B ∈ R and r ∈ e . Then R ; ⊢ λx. get ( r ) x : ( A e − → B , ∅ ). By prop osition 3(substitution), R ; Γ ⊢ M ′ : ( A e − → B , ∅ ) wh ere M ′ = [ λx. get ( r ) x/f ] M . F rom this w e deriv e: R ; Γ ⊢ M ′′ : ( A e − → B , { r } ) wh ere M ′′ = g et ( reg r λx.M ′ x ). T his judgement ca n b e weak ened to R ; Γ , x : A ⊢ M ′′ : ( A e − → B , { r } ) whic h com bined with R ; Γ , x : A ⊢ x : ( A, ∅ ) leads to R ; Γ ⊢ λx.M ′′ x : ( A e − → B , ∅ ) where λx.M ′′ x = fix r f .M , as r equired. ✷ A.4 Pro of of prop osition 7 (prop erties in ter pret ation) W eakening Sup p ose R ′′ ≥ R ′ ≥ R and R ′ ⊢ M ∈ R ⊢ ( A, e ) . Then R ′ ; ∅ ⊢ M : ( A, e ) and b y prop osition 6(wea ke nin g) w e kno w that R ′′ ; ∅ ⊢ M : ( A, e ). Moreo ver, an insp ectio n of the d efi nition of R ⊢ ( A, e ) rev eals that if w e tak e a R ′′′ ≥ R ′′ then the required prop erties are automaticall y satisfied b eca us e R ′′′ ≥ R ′ and R ′ ⊢ M ∈ R ⊢ ( A, e ) . Extension/Restriction Supp ose R ′′ ≥ R ′ ≥ R and R ⊢ ( A, e ). W e w an t to sho w that: R ′′ ⊢ M ∈ R ⊢ ( A, e ) iff R ′′ ⊢ M ∈ R ′ ⊢ ( A, e ) . Note that R ′ ( R ′′ ) coincides with R ( R ′′ ) on dom ( R ). On the other hand , the prop osition 6(sub ject reduction) guaran tees that the r eduction of a term of t yp e and effect ( A, e ) w ill not dep end and will not affect the p art of the store w hose domain is d om ( R ′ ) \ dom ( R ). 16 W e pr oceed b y ind uction on the stru cture of the t yp e A . Supp ose A = 1 . If R ′′ ⊢ M ∈ R ⊢ ( A, e ) then we kno w that for an y R 1 ≥ R ′′ w e ha v e that M , R ( R 1 ) strongly normalizes to ∗ , R ( R 1 ). By ap p lying sub ject red uction, w e can conclude that M , R ′ ( R 1 ) will a lso strongly normalize to ∗ , R ′ ( R 1 ). A simila r argument applies if w e start with R ′′ ⊢ M ∈ R ′ ⊢ ( A, e ) . Also, this pro of schema can b e r ep eated if A = Reg r B . Supp ose no w A = A 1 e 1 − → A 2 . If R ′′ ⊢ M ∈ R ⊢ ( A, e ) then w e kno w that for any R 1 ≥ R ′′ , M , R ( R 1 ) strongly normalizes to λx.N , R ( R 1 ), for some λx.N . Moreo v er for an y R 2 ≥ R 1 , w e hav e that R 2 ⊢ V ∈ R ⊢ ( A 1 , ∅ ) implies R 2 ⊢ ( λx.N ) V ∈ R ⊢ ( A 2 , e 1 ). By applying sub ject red u ctio n, w e can conclude that M , R ′ ( R 1 ) will also strongly n ormaliz e to ( λx.N ) , R ′ ( R 1 ), for s ome v alue λx.N . F ur ther, b y induction hypothesis on A , if R 2 ≥ R 1 and R 2 ⊢ V ∈ R ′ ⊢ ( A 1 , ∅ ) then R 2 ⊢ ( λx.N ) V ∈ R ′ ⊢ ( A 2 , e 1 ). Again, a similar argumen t applies if w e start with R ′′ ⊢ M ∈ R ′ ⊢ ( A, e ) . Subt yping Supp ose R ⊢ ( A, e ) ≤ ( A ′ , e ′ ). W e pro ceed by induction on the pro of of R ⊢ A ≤ A ′ . Supp ose we use the axiom R ⊢ A ≤ A and R ′ ⊢ M ∈ R ⊢ ( A, e ). Th en w e chec k that R ′ ⊢ M ∈ R ⊢ ( A, e ′ ) since R ′ ; ∅ ⊢ M : ( A, e ′ ) usin g th e s ubt yping rule, and the remaining conditions d o not d ep en d on e or e ′ . Supp ose w e ha v e A = A 1 e 1 − → A 2 , A ′ = A ′ 1 e ′ 1 − → A ′ 2 , and we derive R ⊢ A ≤ A ′ from R ⊢ A ′ 1 ≤ A 1 , R ⊢ A 2 ≤ A ′ 2 , and e 1 ⊆ e ′ 1 . Moreo v er, su pp ose R ′ ⊢ M ∈ R ⊢ ( A, e ) . Then R ′ ; ∅ ⊢ M : ( A ′ , e ′ ), by the su bt yping r ule. Moreo ve r, if R ′′ ≥ R ′ and M , R ( R ′ ) reduces to λx.N , R ( R ′′ ), w e can use the in duction h yp othesis to sho w that if R 1 ≥ R ′′ and R 1 ⊢ V ∈ R ⊢ ( A ′ 1 , ∅ ) then R 1 ⊢ ( λx.N ) V ∈ R ⊢ ( A ′ 2 , e ′ 1 ). Strong normalisation This follo ws immediately from the definition of R ⊢ ( A, e ) . Reduction closure Supp ose R ′ ⊢ M ∈ R ⊢ ( A, e ) and R ′′ ≥ R ′ . W e know that M , R ( R ′′ ) strongly normalizes to programs of the shap e M ′′ , R ( R ′′ ) where M ′′ has suitable prop- erties. T hen if M , R ( R ′′ ) redu ces to M ′ , S ′ it must b e that S ′ = R ( R ′′ ) since the store can only gro w. Moreo v er, by prop osition 6(su b ject reduction), w e kno w that R ′′ ; ∅ ⊢ M ′ : ( A, e ). It remains to c hec k co nd itions (2) and (3 ) o f the in terpr eta - tion on R ′′ ⊢ M ′ . Let R ′′′ ≥ R ′′ . W e cla im M , R ( R ′′′ ) redu ces to M ′ , R ( R ′′′ ) s o that M ′ inherits f rom M the conditions (2) and (3). T o c hec k the claim, recall that M , R ( R ′′ ) r educes to M ′ , R ( R ′′ ). Th en w e analyse the t yp e of reduction p erformed. The interesti ng case arises w h en M r eads a v alue V from the store R ( R ′′ ) wh ere, sa y , R ′′ ⊢ V ∈ R 1 ⊢ ( B , ∅ ) and R = R 1 , r : B , R 2 . But then w e can apply w eak ening to conclude that R ′′′ ⊢ V ∈ R 1 ⊢ ( B , ∅ ) . Non-emptiness/Expansion closure W e pr ov e the tw o prop erties at once, by induction on the pro of heig ht of R ⊢ ( A, e ). • S upp ose R ⊢ ( 1 , e ). W e tak e V = ∗ . Then for R ′ ≥ R we h a v e R ′ ; ∅ ⊢ ∗ : ( 1 , e ). Also, for an y R ′′ ≥ R ′ , ∗ , R ( R ′′ ) conv erges to itself and satisfies th e required prop erties. T herefore R ′ ⊢ ∗ ∈ R ⊢ ( 1 , e ) . 17 This settles n on-emptiness. T o c heck expansion closure, supp ose R ′ ≥ R , R ′ ; ∅ ⊢ M : ( 1 , e ), and R ′′ ≥ R ′ . By the decomp osition prop osition 2, M is either a v alue or a term of the shap e E [∆] where ∆ is a redex. If M , R ( R ′′ ) do es not redu ce then M must b e the v alue ∗ . Indeed, b y the typing h yp othesis it cannot b e a region or an abstraction. Also, it cannot b e of the shap e E [ get ( r )]. Indeed, supp ose R = R 1 , r : B , R 2 , then by induction hyp othesis on R 1 ⊢ ( B , ∅ ), we kn o w that the store R ( R ′′ ) con tains at least a v alue in the regi on r . If M , R ( R ′′ ) do es red u ce th en, by hyp othesis, for all M ′ , S ′ suc h that M , R ( R ′′ ) → M ′ , S ′ w e ha v e that R ′′ ⊢ M ′ b elongs to R ⊢ ( A, e ) and S ′ = R ( R ′′ ). This is enough to chec k the conditions (2) and (3) of the in terpr eta tion and conclude that R ′ ⊢ M b elongs to R ⊢ ( A, e ) . • T he other b asic case is R ⊢ ( Reg r B , e ). Then we tak e as v alue V = r and w e reason as in the pr evious case. • Finally , supp ose R ⊢ ( A 1 e 1 − → A 2 , e ). By indu ctio n hypothesis on R ⊢ ( A 2 , e 1 ), w e kn o w that there is a v alue V 2 suc h that for an y R ′ ≥ R w e hav e R ′ ⊢ V 2 ∈ R ⊢ ( A 2 , e 1 ) . T hen we claim that: R ′ ⊢ λx.V 2 ∈ R ⊢ ( A 1 e 1 − → A 2 , e ) . First, R ′ ; ⊢ λx.V 2 : ( A 1 e 1 − → A 2 , e ) is easily derived from the hyp othesis that R ′ ; ⊢ V 2 : ( A 2 , e 1 ). The second prop erty of the in terpretation is trivially f ulfilled since λx.V 2 cannot reduce. F or the third prop ert y , sup p ose R 1 ≥ R ′′ ≥ R ′ and R 1 ⊢ V ∈ R ⊢ ( A 1 , ∅ ) . W e hav e to chec k that R 1 ⊢ ( λx.V 2 ) V b elongs to R ⊢ ( A 2 , e 1 ). W e observ e that R 1 ; ⊢ ( λx.V 2 ) V : ( A 2 , e 1 ), and the term ( λx.V 2 ) V is neutral. Moreo v er, for R 2 ≥ R 1 , ( λx.V 2 ) V , R ( R 2 ) → V 2 , R ( R 2 ). Th us we are in the situation to a pp ly the inductiv e h yp othesis of expansion clo su r e on R ⊢ ( A 2 , e 1 ). This settles non-emptiness at h igher-order. T o c hec k expansion closure, supp ose R ′ ≥ R , R ′ ; ⊢ M : ( A 1 e 1 − → A 2 , e ), and M neu tral. Then M cannot b e a v alue and for an y R ′′ ≥ R ′ the program M , R ( R ′′ ) m ust r ed uce. Indeed, M ca nn ot b e stuc k on a r ead b ecause if r ∈ dom ( R ) th en w e know, by ind u ctiv e h yp othesis, that R ( R ′′ )( r ) is not-empt y . Then we conclude that R ′ ⊢ M satisfies p rop erties (2) and (3) of the in terpretation b ecause all the terms it r educes to satisfy them. ✷ A.5 Pro of of theorem 9 ( sound ness) W e pro ceed by induction on th e pro of of R ; Γ ⊢ M : ( B , e ). W e shall write [ V / x ] for [ V 1 /x 1 , . . . , V n /x n ]. Supp ose Γ = x 1 : A 1 , . . . , x n : A n , R ⊢ Γ and R ′ ≥ R . W e let R ′ ⊢ V ∈ R ⊢ Γ sta nd for R ′ ⊢ V i ∈ R ⊢ ( A i , ∅ ) for i = 1 , . . . , n , where V = V 1 , . . . , V n . • S upp ose Γ = x 1 : A 1 , . . . , x i : A i , . . . , x n : A n , R ; Γ ⊢ x i : ( A i , ∅ ), R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ . T hen [ V / x ] x i = V i and, b y hyp othesis, R ′ ⊢ V i ∈ R ⊢ ( A i , ∅ ) . • S upp ose R ; Γ ⊢ ∗ : ( 1 , ∅ ), R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ. Then [ V / x ] ∗ = ∗ and we kn o w that R ′ ⊢ ∗ ∈ R ⊢ ( 1 , ∅ ). 18 • S upp ose R ; Γ ⊢ r : ( Reg r B , ∅ ), R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ. Th en [ V / x ] r = r and w e kno w that R ′ ⊢ r ∈ R ⊢ ( Reg r B , ∅ ) . • S upp ose R ; Γ ⊢ M : ( A ′ , e ′ ) is deriv ed from R ; Γ ⊢ M : ( A, e ) and R ⊢ ( A, e ) ≤ ( A ′ , e ′ ). Moreo v er, su pp ose R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ. By induction h yp othesis, R ′ ⊢ [ V / x ] M ∈ R ⊢ ( A, e ) . By prop osition 7(subtyping), w e conclud e that R ′ ⊢ [ V / x ] M ∈ R ⊢ ( A ′ , e ′ ) . • S upp ose R ; Γ ⊢ λx.M : ( A e − → B , ∅ ) is derived from R ; Γ , x : A ⊢ M : ( B , e ). Moreo v er, supp ose R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ. W e need to c hec k th at R ′ ⊢ λx. [ V / x ] M b elongs to R ⊢ ( A e − → B , ∅ ) . Namely , assuming R ′′ ≥ R ′ ≥ R and R ′′ ⊢ V ∈ R ⊢ ( A, ∅ ), w e hav e to show that R ′′ ⊢ [ V / x ]( λx.M ) V ∈ R ⊢ ( B , e ) . W e observe that R ′′ ; ⊢ [ V / x ]( λx.M ) V : ( B , e ) and that, by w eak ening R ′ to R ′′ and induction hyp othesis, w e know that R ′′ ⊢ [ V / x , V /x ] M ∈ R ⊢ ( B , e ). Then w e conclud e by applying prop osition 7(expansion closure). • S upp ose R ; Γ ⊢ M N : ( B , e 1 ∪ e 2 ∪ e 3 ) is derived fr om R ; Γ ⊢ M : ( A e 1 − → B , e 2 ) and R ; Γ ⊢ N : ( A, e 3 ). Moreo v er, su p p ose R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ . By induction h yp othesis, w e kn o w that R ′ ⊢ [ V / x ] M ∈ R ⊢ ( A e 1 − → B , e 2 ) and R ′ ⊢ [ V / x ] N ∈ R ⊢ ( A, e 3 ). W e ha v e to sho w that: R ′ ⊢ [ V / x ]( M N ) ∈ R ⊢ ( B , e 1 ∪ e 2 ∪ e 3 ) . Supp ose R ′′ ≥ R ′ . Then [ V / x ] M , R ( R ′′ ) n orm aliz es to λx.M ′ , R ( R ′′ ) for some v alue λx.M ′ and [ V / x ] N , R ( R ′′ ) normalizes to V , R ( R ′′ ) for some v alue V . F urth er, b y reduction closur e, we know that R ′′ ⊢ λx.M ′ ∈ ( A e 1 − → B , e 2 ) and R ′′ ⊢ V ∈ ( A, e 3 ). It is ea sily c hec k ed that the latter implies R ′′ ⊢ V ∈ ( A, ∅ ) . By condition (3) of the interpretatio n, we derive that R ′′ ⊢ ( λx.M ′ ) V ∈ R ⊢ ( B , e 1 ) whic h suffices to conclude. • S upp ose R ; Γ ⊢ set ( M , N ) : ( 1 , e 1 ∪ e 2 ∪ { r } ) is deriv ed from R ; Γ ⊢ M : ( Reg r A, e 1 ) and R ; Γ ⊢ N : ( A, e 2 ). Moreo v er, sup p ose R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ . By induction h y- p othesis, we kno w that R ′ ⊢ [ V / x ] M ∈ R ⊢ ( Reg r A, e 1 ) and R ′ ⊢ [ V / x ] N ∈ R ⊢ ( A, e 2 ). Then for an y R ′′ ≥ R ′ , [ V / x ] M , R ( R ′′ ) normalizes to r, R ( R ′′ ) and [ V / x ] N , R ( R ′′ ) nor- malizes to V , R ( R ′′ ) where R ′′ ⊢ V ∈ R ⊢ ( A, ∅ ). S upp ose R = R 1 , r : A, R 2 . By definition, R ( R ′′ )( r ) = { V ′ | R ′′ ⊢ V ′ ∈ R 1 ⊢ ( A, ∅ ) } . By prop osition 7(restrictio n), we kno w that if R ′′ ⊢ V ∈ R ⊢ ( A, ∅ ) then R ′′ ⊢ V ∈ R 1 ⊢ ( A, ∅ ). Therefore, V ∈ R ( R ′′ )( r ), and the assignmen t normalizes to ∗ , R ( R ′′ )( r ). It follo ws that R ′′ ⊢ [ V / x ]( set ( M , N )) b elongs t o R ⊢ ( 1 , e 1 ∪ e 2 ∪ { r } ) . • S upp ose R ; Γ ⊢ get ( M ) : ( A, e ∪ { r } ) is derive d from R ; Γ ⊢ M : ( Reg r A, e ). More- o v er, su pp ose R ′ ≥ R , and R ′ ⊢ V ∈ R ⊢ Γ. By induction hyp othesis, we kno w that R ′ ⊢ [ V / x ] M ∈ R ⊢ ( Reg r A, e ) . Then for an y R ′′ ≥ R ′ , [ V / x ] M , R ( R ′′ ) n ormalize s to r , R ( R ′′ ). Th us get ([ V / x ] M ) , R ( R ′′ ) w ill r ed uce to V , R ( R ′′ ) where V ∈ R ( R ′′ )( r ) whic h is not empt y by p rop ositio n 7 (not-emptiness). Supp ose R = R 1 , r : A, R 2 . W e kno w that R ′′ ⊢ V ∈ R 1 ⊢ ( A, ∅ ) and by pr oposition 7(extension) w e conclude that R ′′ ⊢ V ∈ R ⊢ ( A, ∅ ) . ✷ A.6 Pro of of corollary 10 ( termination) (1) By definition, if R ⊢ M ∈ R ⊢ ( A, e ) then R ; ⊢ M : ( A, e ). On the other hand , as a sp ecial case of th eorem 9, if R ; ⊢ M : ( A, e ) is d eriv able then R ⊢ M ∈ R ⊢ ( A, e ). 19 (2) S upp ose we ha ve R ; ⊢ M 1 , . . . , M n : e . Th en we hav e R ; M i : ( A i , e i ) f or i = 1 , . . . , n . By theorem 9, the ev aluation of M i , R ( R ) is guarante ed to terminate in V i , R ( R ), for s ome v alue V i . No w an y redu ctio n starting from M 1 , . . . , M n can b e sim ulated step by s tep b y a reduction o f M 1 , . . . , M n , R ( R ) and therefore it must terminate. ✷ A.7 Decomp osition for the timed/sync hronous system Recall that ⊢ ef denotes pro v abilit y in the effect-free system. Prop osition 13 (decomp osition extended) If ⊢ ef M : A is a wel l-typ e d close d thr e ad then exactly one of the f ol lowing situations arises wher e E is a time insensitive evaluation c ontext: (1) M is a value; (2) M = E [∆] and ∆ ha s the shap e ( λx.N ) V , set ( r , V ) , or get ( r ) ; or (3) M = E [ E ′ [∆] ⊲ N ] and ∆ has the shap e V , ( λx.N ) V , s et ( r, V ) , or get ( r ) . Pr oo f . By ind uction on the stru cture of M . W e consider in some detail the case for the else-next (cf. pr oof A.1 for other cases). M 1 ⊲ M 2 W e apply the ind uctiv e hyp othesis to M 1 , and we hav e th r ee cases: (1) M 1 is a v alue, (2) M 1 = E 1 [∆ 1 ] w ith E 1 time insensitiv e, and (3) M 1 = E 1 [ E 2 [∆ 1 ] ⊲ N ] with E 1 time insensitiv e. W e note t hat in eac h case we fall in c ase 3 where the insensitiv e ev aluation con text is [ ]. ✷ A.8 Basic prop erties for the t imed/synch ronous ext ensions Prop osition 14 (basic prop erties, stratified extended) The fol lowing pr op erties hold in the str atifie d, time d/ synchr onous system. w eakening If R ; Γ ⊢ M : ( A, e ) and R , R ′ ⊢ Γ , Γ ′ then R, R ′ ; Γ , Γ ′ ⊢ M : ( A, e ) . substitution If R ; Γ , x : A ⊢ M : ( B , e ) and R ; Γ ⊢ N : ( A, ∅ ) then R ; Γ ⊢ [ N /x ] M : ( B , e ) . con text substitution If R ; Γ , x : A ⊢ E [ x ] : ( B , e ) wher e x is not fr e e in the evaluation c ontext E and R ; Γ ⊢ N : ( A, e ′ ) then R ; Γ ⊢ E [ N ] : ( B , e ∪ e ′ ) . sub ject reduction If R , R ′ ; Γ ⊢ M , S : ( B , e ) , R ⊢ e , and M , S → M ′ , S ′ then R, R ′ ; Γ ⊢ M ′ , S ′ : ( B , e ) , S | dom ( R ′ ) = S ′ | dom ( R ′ ) , and M , S | dom ( R ) → M ′ , S ′ | dom ( R ) . Mor e over, if M = M and R, R ′ ⊢ M : ( A, e ) then M ′ = M ′ and R, R ′ ; ⊢ M ′ : ( A, e ) . tic k reduction If R ; ⊢ M , S : ( B , e ) , and M , S tick − − → M ′ , S ′ then S = S ′ and ther e i s an effe ct e ′ such that R ; ⊢ M ′ , S : ( B , e ′ ) . Pr oo f . w eakening/ substitut ion The p roofs of w eak ening and sub stitution pro ceed as in the p roof A.2. con text substitution W e note that a pro of of R ; Γ ⊢ M : ( A, e ) consists of a pro of of R ; Γ ⊢ M : ( A ′ , e ′ ), where R ⊢ ( A ′ , e ′ ) ≤ ( A, e ), follo wed by a sequence of subt yping rules. T o pro v e con text substitution, w e p ro ceed by induction on the pro of R ; Γ , x : A ⊢ E [ x ] : ( B , e ) and by case analysis on the shape of E . 20 sub ject reduction T o prov e sub j ect r eduction, w e start b y noting that if R ; x : A ⊢ E [ x ] : ( B , e ) then R ; x : A ⊢ r e d ( E )[ x ] : ( B , e ). In other terms, the el imination of the pend ing else-next branches fr om the e v aluation con text pr eserv es the t yping. T hen w e pro cee d b y analysing the redexes as in pro of A.2. tic k reduction The interesting case is when M = E [ E ′ [∆] ⊲ N ], E is time insensitiv e, ∆ has the shap e V or get ( r ), and M tick − − → E [ N ]. Supp ose R ; ⊢ M : ( A, e ). Then the typing of the else-next guarante es t hat R ; ⊢ E ′ [∆] : ( B , e 1 ) and R ; ⊢ N : ( B , e 2 ) for some B , e 1 , e 2 where e 1 and e 2 ma y b e incomparable. Then we can conclude R ; ⊢ E [ N ] : ( A, e ′ ) where the effec t e ′ is conta ined in dom ( R ) but m a y b e incomparable with e . ✷ A.9 Pro of of prop osition 11 (simu lation) (1) A straigh tforw ard induction on the t yping. (2) Im mediate extension of step (1). (3) First w e c hec k that the translation comm utes with the subs titution. Also, we extend the translation to ev aluat ion con texts, assumin g h [ ] i = [ ], and c hec k that h E i is again an ev aluation con text. Then we pr oceed b y case analysis o n the reduction ru le. (4) Every redu ctio n in P corresp onds to a reduction in h P i . ✷ A.10 Pro of of prop osition 12 (type fixed-p oin t, revisited) The pro of i s a v ariation of the one for prop osition 5. Su p p ose r : A e − → B ∈ R (hence r / ∈ e ). Then R ; ⊢ λx. get ( r ) x : ( A e ∪{ r } − − − → B , ∅ ). By pr op osition 14(sub stitutio n), R ; Γ ⊢ M ′ : ( A e − → B , ∅ ) where M ′ = [ λx. get ( r ) x/f ] M . F r om this w e deriv e: R ; Γ ⊢ M ′′ : ( A e − → B , { r } ) where M ′′ = get ( reg r λx.M ′ x ). Th is judgement can b e weak ened to R ; Γ , x : A ⊢ M ′′ : ( A e − → B , { r } ) whic h com bin ed with R ; Γ , x : A ⊢ x : ( A, ∅ ) leads to R ; Γ ⊢ λx.M ′′ x : ( A e ∪{ r } − − − → B , ∅ ) where λx.M ′′ x = fix r f .M , as required . ✷ B Summary of syn tax, op erational seman tics, and t yping rules T able 1 summarizes the main syntact ic cat egories, the ev aluation ru les for the compu tati on within an in stan t (r ela tion → ), and the r u les for the passage of time (relation tick − − → ). T able 2 summarizes the t yping rules for the unstratified and stratified systems whic h differ just in the judgemen ts f or region con texts and t yp es. 21 Synt a ctic ca tegories x, y , . . . (v ariables) r, s, . . . (regions) e, e ′ , . . . (finite sets of regions) A ::= 1 | | Reg r A | | ( A e − → A ) | | ( A e − → B ) (types) α ::= A | | B (types or b eha viour) R ::= r 1 : A 1 , . . . , r n : A n (region context) Γ ::= x 1 : A 1 , . . . , x n : A n (context) M ::= x | | r | | ∗ | | λx.M | | M M | | get ( M ) | | set ( M , M ) | | M ⊲ M | | M , M (terms) V ::= r | | ∗ | | λx.M (v alues) v , v ′ , . . . (sets of v alue) S ::= ( r ⇐ v ) | | S, S (stores) X ::= M | | S (stores or terms) P ::= X | | X, P (programs) E ::= [ ] | | E M | | V E | | get ( E ) | | set ( E , M ) | | set ( r, E ) | | E ⊲ M (ev aluation contexts) Ev alua tion r ules within an inst ant E [( λx.M ) V ] → r e d ( E )[[ V /x ] M ] E [ get ( r )] , ( r ⇐ V ) → r e d ( E )[ V ] , ( r ⇐ V ) E [ set ( r, V )] → r e d ( E )[ ∗ ] , ( r ⇐ V ) P → P ′ P, P ′′ → P ′ , P ′′ Rules for the p assage of time V tick − − → V M = E [ get ( r )] E time insensitive M tick − − → M M = E [ E ′ [∆] ⊲ N ] E time insensitive ∆ ::= V | | get ( r ) M tick − − → E [ N ] S tick − − → S P 1 , P 2 6→ P i tick − − → P ′ i i = 1 , 2 P 1 , P 2 tick − − → P ′ 1 , P ′ 2 T able 1: Syn tactic ca tegories and oper ational seman tics 22 Unstra tified re gion contexts and typ es R ↓ 1 R ↓ B R ↓ A R ↓ α e ⊆ dom ( R ) R ↓ ( A e − → α ) r : A ∈ R R ↓ Reg r A ∀ r ∈ dom ( R ) R ↓ R ( r ) R ⊢ R ⊢ R ↓ α R ⊢ α R ⊢ α e ⊆ dom ( R ) R ⊢ ( α, e ) Stra tified re gion contexts and typ es ∅ ⊢ R ⊢ A r / ∈ dom ( R ) R, r : A ⊢ R ⊢ R ⊢ 1 R ⊢ R ⊢ B R ⊢ r : A ∈ R R ⊢ Reg r A R ⊢ A R ⊢ α e ⊆ dom ( R ) R ⊢ ( A e − → α ) n R ⊢ α e ⊆ dom ( R ) R ⊢ ( α, e ) Subtyping rules R ⊢ α R ⊢ α ≤ α R ⊢ A ′ ≤ A R ⊢ α ≤ α ′ e ⊆ e ′ ⊆ dom ( R ) R ⊢ ( A e − → α ) ≤ ( A ′ e ′ − → α ′ ) R ⊢ α ≤ α ′ e ⊆ e ′ ⊆ dom ( R ) R ⊢ ( α, e ) ≤ ( α ′ , e ′ ) Terms, stores, and programs R ⊢ Γ x : A ∈ Γ R ; Γ ⊢ x : ( A, ∅ ) R ⊢ Γ r : A ∈ R R ; Γ ⊢ r : ( Reg r A, ∅ ) R ⊢ Γ R ; Γ ⊢ ∗ : ( 1 , ∅ ) R ; Γ , x : A ⊢ M : ( α, e ) R ; Γ ⊢ λx.M : ( A e − → α, ∅ ) R ; Γ ⊢ M : ( A e 2 − → α, e 1 ) R ; Γ ⊢ N : ( A, e 3 ) R ; Γ ⊢ M N : ( α, e 1 ∪ e 2 ∪ e 3 ) R ; Γ ⊢ M : ( Reg r A, e ) R ; Γ ⊢ get ( M ) : ( A, e ∪ { r } ) R ; Γ ⊢ M : ( Reg r A, e 1 ) R ; Γ ⊢ N : ( A , e 2 ) R ; Γ ⊢ set ( M , N ) : ( 1 , e 1 ∪ e 2 ∪ { r } ) R ; Γ ⊢ M : ( A, e ) R ; Γ ⊢ N : ( A, e ′ ) R ; Γ ⊢ M ⊲ N : ( A, e ) R ; Γ ⊢ M : ( α, e ) R ⊢ ( α, e ) ≤ ( α ′ , e ′ ) R ; Γ ⊢ M : ( α ′ , e ′ ) r : A ∈ R ∀ V ∈ v R ; Γ ⊢ V : ( A, ∅ ) R ; Γ ⊢ ( r ⇐ v ) : ( B , ∅ ) R ; Γ ⊢ X i : ( α i , e i ) i = 1 , . . . , n ≥ 1 R ; Γ ⊢ X 1 , . . . , X n : ( B , e 1 ∪ · · · ∪ e n ) T able 2: T yping syste ms 23