A proof of strong normalisation using domain theory

Logical Methods in Computer Science V ol. 3 (4:12) 2007, pp. 1–16 www .lmcs-online.org Submitted Mar . 4, 2007 Published Dec. 4, 2007 A PR OO F OF STRONG NORMALISA TION USING DOMAIN THEO R Y THIERR Y COQUAND a AND ARNAUD SPIW ACK b a Chalmers T eknisk a H¨ ogsk ola, Gothenburg e-mail addr ess : coq u and@cs.chaml ers.se b LIX, Ecole Polytec hnique e-mail addr ess : Arnaud.Spiwac k @lix.p olytec hnique.fr Abstra ct. Ulric h Berger presented a p o w erful proof of strong normalisation using do- mains, in particular it simplifies sig nificantly T ait’s pro of of strong normalis ation of Sp ec- tor’s bar recursion. T he main contribution of this pap er is to show that, using ideas from inters ection t yp es and Martin-L¨ of ’s d omain interpretation of typ e theory one can in turn simplify further U. Berge r’s argument. W e build a domain model for an unt y p ed program- ming language where U. Berger h as an interpretation only for typ ed terms or alternatively has a n in terpretation for unt y ped terms but need an extra condition to ded uce strong normalisation. As a main application, we show that Martin-L¨ of dep endent typ e th eory extended with a program for Sp ector double negation sh ift is strongly normalising. Introduction In 1961, Sp ector [23] p resen ted an extension of G¨ odel’s system T b y a new schema of definition call ed bar recursion. With this new sc hema, he w as able to giv e an interpreta- tion of Analysis, extend in g G¨ o del’s Dialectica interpretation of Arithmetic, and completing preliminary results of Kr eisel [15]. T ait pro ved a normalisa tion theorem for S p ector’s bar recursion, by em b eddin g it in a system with infinite terms [25]. In [9], an alternativ e form of bar recurs ion w as introdu ced. This allo w ed to giv e an int erpretation of Analysis by mo dified realisabilit y , instead of Dialec tica interpretatio n. T he paper [9] presen ted also a normali- sation pro of for this new sc hema, but this pro of, which used T ait’s metho d of in tro ducing infinite terms, was quite complex. It w as simplified significan tly b y U. Berger [11, 12], w ho used instea d a m o d ification of Plotkin’s computational adequacy th eorem [19], and co uld pro v e str ong normalisation. In a wa y , the idea is to replace infin ite terms by elemen ts of a domain inte rpretation. This domain has the prop erty that a term is strongly normalisable if its seman tics is 6 = ⊥ The main contribution of this pap er is to sho w that, using id eas from int ersection t yp es [3, 6, 7, 18] and Martin-L¨ of ’s domain in terpretation of typ e theory [16], one can in tu rn simplify further U. Berger’s argumen t. C on trary to [11], we build a domain model fo r a n 1998 ACM Subje ct Classific ation: F.4.1. Key wor ds and phr ases: strong normalisation, λ -calculus, d ouble-negation shift, Scott domain, λ -mo del, rewriting, denotational seman tics. LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.216 8/LMCS-3 (4:12) 2007 c  T . Coqua nd and A. Spiw ack CC  Creative Commons 2 T. COQUAND AND A. SPIW ACK untyp e d programming language. Compared to [12], there is no need of an extra h yp othesis to deduce strong normalisation from the domain inte rpretation. A notew orthy feature of this domain mo del is that it is in a natural wa y a c omplete lattice, and in particular it h as a top elemen t whic h can b e seen as the interpretatio n of a top-leve l exception in programming language s. W e think that this mo d el can b e th e basis of mo dular pro ofs of strong normalisation for v arious typ e systems. As a main application, we show that Martin- L¨ of d ep endent t yp e theory extended w ith a p r ogram f or Sp ector doub le n egatio n shift [23] 1 , similar to bar recurs ion, h as the strong normalisation pr op ert y . 1. An Untyped Programming Language Our programming language is unt yp ed λ -calculus extended with constants, and h as the follo wing syntax. M , N ::= x | λx.M | M N | c | f There are tw o kind s of constants: c onstructors c, c ′ , . . . and define d c onstants f , g , . . . . W e use h, h ′ , . . . to denote a constan t w hic h m ay b e a constru ctor or d efined. Eac h constan t has an arity , but can b e partially applied. W e write FV ( M ) for the set of free v ariables of M . W e write N ( x = M ) the r esult of sub stituting the free o ccur ences of x b y M in N and ma y write it N [ M ] if x is clear from the con text. W e consider terms up to α -con version. The compu tation rules of our p rogramming language are the usual β -reduction an d ι -reduction defin ed by a s et of rewrite rules of the form f p 1 . . . p k = M where k is the arit y of f and FV ( M ) ⊆ F V ( f p 1 . . . p k ). In this rewrite ru le, p 1 , . . . , p k are c onstructor p atterns i . e. terms of th e f orm p ::= x | c p 1 . . . p l where l is the arity of c . Lik e in [11], we assume our system of constan t redu ction rules to b e left line ar , i.e. a v ariable o ccurs at most once in the left hand side of a ru le, and mutual ly disjoint , i.e . the left hand sid es of tw o disjoin t r ules are non-unifi able. W e w rite M → M ′ if M redu ces in one ste p to M ′ b y β , ι -redu ction and M = β ,ι M ′ if M , M ′ are con vertible b y β , ι con v ers ion. It follo ws from our h yp othesis on o ur system of reduction rules that β , ι -redu ction is confluen t [14]. W e wr ite → ( M ) for the set of terms M ′ suc h that M → M ′ . W e w ork w ith a given set of constan ts, that are listed in section 3, but our arguments are general and make use only of the fact that the red uction system is left linear and m utually disjoin t. W e call UPL, for Un t yp ed Pr ogramming Language, th e system defin ed by this list of constants and ι -reduction ru les. Th e goal of the next section is to define a domain mo del for UPL that has the pr op ert y that M is strongly n orm alizing if [ [ M ] ] 6 = ⊥ . 1 This is the sc hema ( ∀ x. ¬¬ P ( x )) → ¬¬∀ x.P ( x ). Spector [23] remarked that it is enough t o add this sc hema to intuitionistic analysis in order to b e able to interpret classical analysis via negative t ran slation. A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 3 ∇ ∩ U = ∇ c U 1 . . . U k ∩ c ′ V 1 . . . V l = ∇ c U 1 . . . U k ∩ V → W = ∇ ( U → V 1 ) ∩ ( U → V 2 ) = U → ( V 1 ∩ V 2 ) c U 1 . . . U k ∩ c V 1 . . . V k = c ( U 1 ∩ V 1 ) . . . ( U k ∩ V k ) U 1 ⊆ U 2 U 2 ⊆ U 3 U 1 ⊆ U 3 U 1 ⊆ V 1 . . . U k ⊆ V k c U 1 . . . U k ⊆ c V 1 . . . V k U ⊆ U U ⊆ V 1 U ⊆ V 2 U ⊆ V 1 ∩ V 2 V 1 ∩ V 2 ⊆ V 1 V 1 ∩ V 2 ⊆ V 2 U 2 ⊆ U 1 V 1 ⊆ V 2 U 1 → V 1 ⊆ U 2 → V 2 Figure 1: F ormal inclus ion 2. A d omain for s trong nor maliza t ion 2.1. F ormal Neigh b ourho o ds. Definition 2.1 . The F ormal Ne i ghb ourho o ds are giv en by the f ollo wing grammar: U, V ::= ∇ | c U 1 . . . U k | U → V | U ∩ V On th ese neigh b ourho o ds we introdu ce a formal i nclusion ⊆ r elation defi n ed indu ctiv ely b y th e rules of Figure 1. In these rules w e use th e formal equalit y relation U = V d efined to b e U ⊆ V and V ⊆ U . W e let M b e the set of neighbour ho o ds qu otien ted b y the formal equalit y . Th e terminology “formal neigh b ourho o ds” comes from [15, 21, 16]. Lemma 2.2. Th e formal inclusion and equalit y are b oth de ci dable relations, and M is a p oset for the formal inclusion relation, an d ∩ defin es a binary meet op eratio n on M . W e h a ve c U 1 . . . U k 6 = c ′ V 1 . . . V l if c 6 = c ′ and c U 1 . . . U k = c V 1 . . . V k if and only if U 1 = V 1 , . . . , U k = V k . An elemen t in M is either ∇ or of the form c U 1 . . . U k or of the f orm ( U 1 → V 1 ) ∩ . . . ∩ ( U n → V n ) and this defines a partition of M . F urther m ore th e follo win g “con tinuit y condition” holds: if I is a (nonempt y) fi nite set and T i ∈ I ( U i → V i ) ⊆ U → V then the set J = { i ∈ I | U ⊆ U i } is not empt y and T i ∈ J V i ⊆ V . Note that there is no maxim um elemen t, where there usually is on e. This is lin ked to the fact that we are aiming to pro v e str ong normalisation, not w eak normalisation. Similar results are prov ed in [5, 3, 7, 6, 16]. Pr o of. W e int ro duce the set of neigh b ourho o d s in “normal form” by the grammar W , W ′ ::= ∇ | c W 1 . . . W k | I I ::= ( W 1 → W ′ 1 ) ∩ · · · ∩ ( W n → W ′ n ) and defin e directly the o p eration ∩ and th e relation ⊆ on th is set. An elemen t in normal form W is of the form ∇ or c W 1 . . . W k or is a fin ite formal int ersection ∩ X where X is a nonempt y fin ite set of elemen ts of the form W → W ′ . The d efi nition of ∩ and ⊆ will b e recursiv e, using the follo win g complexit y measure: |∇| = 0 , | c W 1 . . . W k | = 1 + max ( | W 1 | , . . . , | W k | ) and | ∩ i ( W i → W ′ i ) | = 1 + max i ( | W i | , | W ′ i | ). 4 T. COQUAND AND A. SPIW ACK W e define ∇ ∩ W = W ∩ ∇ = ∇ c W 1 . . . W k ∩ c W ′ 1 . . . W ′ k = c ( W 1 ∩ W ′ 1 ) . . . ( W k ∩ W ′ k ) c W 1 . . . W k ∩ c ′ W ′ 1 . . . W ′ l = ∇ c W 1 . . . W k ∩ ( ∩ X ) = ( ∩ X ) ∩ c W 1 . . . W k = ∇ ( ∩ X ) ∩ ( ∩ Y ) = ∩ ( X ∪ Y ). Notice that w e ha v e | W 1 ∩ W 2 | ≤ max ( | W 1 | , | W 2 | ) . W e ha v e fu rthermore ∇ ⊆ W and c W 1 . . . W k ∩ c W ′ 1 . . . W ′ k iff W i ⊆ W ′ i for all i and finally ∩ X ⊆ ∩ Y iff for all W → W ′ in Y there exists W 1 → W ′ 1 , . . . , W k → W ′ k in X suc h that W ⊆ W 1 , . . . , W ⊆ W k and W ′ 1 ∩ · · · ∩ W ′ k ⊆ W ′ . This definition is well founded since | W ′ 1 ∩ · · · ∩ W ′ k | < | ∩ X | and | W ′ | < | ∩ Y | . On e can th en prov e that relation ⊆ and the op eration ∩ satisfies all the la ws of Figure 1 on the set of neigh b ourho o d s of complexit y < n by indu ction on n . Since all the la w s of Figure 1 are v alid for this s tructure we get in this w a y a concrete represent ation of th e p oset M , and all the p r op erties of this p oset can b e directly chec ke d on this repr esen tation. W e asso ciate to M a t y p e system defined in Figure 2 (when u nsp ecified, k is the arit y of th e related constan t). It is a d irect extension of the t y p e systems considered in [3, 5, 6, 7, 16]. The t yping rules for the constructors and defined constants app ear to b e new ho w ever. Notice that the t yping of the function sym b ols is very cl ose to a recursive definition of the function itself. Also , we mak e use of th e fact that, as a consequence of Lemma 2.2, one can d efi ne wh en a constru ctor pattern matc hes an elemen t of M . Lemma 2.3. If Γ ⊢ M λx.N : U th en th ere exists a family U i , V i suc h that Γ , x : U i ⊢ M N : V i and ∩ i ( U i → V i ) ⊆ U . Pr o of. Direct by in duction on the deriv ation. Lemma 2.4. If Γ ⊢ M λx.N : U → V then Γ , x : U ⊢ M N : V . Pr o of. W e ha v e a f amily U i , V i suc h that Γ , x : U i ⊢ M N : V i and ∩ i ( U i → V i ) ⊆ U → V . By Lemma 2.2 there exists i 1 , . . . , i k suc h th at U ⊆ U i 1 , . . . , U ⊆ U i k and V i 1 ∩ · · · ∩ V i k ⊆ V . This together with Γ , x : U i ⊢ M N : V i imply Γ , x : U ⊢ M N : V . Lemma 2.5. If Γ ⊢ M N M : V then there exists U such that Γ ⊢ M N : U → V and Γ ⊢ M M : U . Pr o of. Direct by in duction on the deriv ation. 2.2. Reducibilit y candidates. Definition 2.6. S (the s et of simple terms) is the set of terms that are neither an abstrac- tion nor a constructor headed term, nor a partially applied destructor headed term ( i. e . f M 1 . . . M n is simple if n is greater or equ al to the arit y of f ). Definition 2.7 . A r e duci bility c andidate X is a set of terms w ith the follo wing p rop erties: (CR1): X ⊆ SN (CR2): → ( M ) ⊆ X if M ∈ X (CR3): M ∈ X if M ∈ S and → ( M ) ⊆ X A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 5 x : U ∈ Γ Γ ⊢ M x : U Γ ⊢ M c : U 1 → . . . → U k → c U 1 . . . U k Γ , x : U ⊢ M M : V Γ ⊢ M λx.M : U → V Γ ⊢ M N : U → V Γ ⊢ M M : U Γ ⊢ M N M : V Γ ⊢ M M : U Γ ⊢ M M : V Γ ⊢ M M : U ∩ V Γ ⊢ M M : V V ⊆ U Γ ⊢ M M : U f p 1 . . . p k = M p i ( W 1 , . . . , W n ) = U i Γ , x 1 : W 1 , . . . , x n : W n ⊢ M M : V Γ ⊢ M f : U 1 → . . . → U k → V for an y U 1 , . . . , U k suc h that no rewrite rule of f matc hes U 1 , . . . , U k Γ ⊢ M f : U 1 → . . . → U k → ∇ Figure 2: Typ es with in tersection in M It is clear that the reducibilit y candidates form a complete lattice w.r.t. the inclusion relation. In particular, th er e is a le ast redu cibilit y cand idate R 0 , wh ic h can b e inductiv ely defined as the set of terms M ∈ S suc h that → ( M ) ⊆ R 0 . F or in stance, if M is a v ariable x , then we ha v e M ∈ R 0 since M ∈ S and → ( M ) = ∅ . W e defi n e t w o op erations on sets of terms, w hic h p reserv e the status of candidates. If c is a constructor of arity k and X 1 , . . . , X k are sets of terms then the set c X 1 . . . X k is inductiv ely defin ed to b e the set of terms M of the form c M 1 . . . M k , with M 1 ∈ X 1 . . . M k ∈ X k or su c h th at M ∈ S and → ( M ) ⊆ c X 1 . . . X k . If X and Y are sets of terms, X → Y is the set of terms N suc h that N M ∈ Y if M ∈ X . Lemma 2.8. If X and Y are reducibilit y candidates then so are X ∩ Y and X → Y . If X 1 , . . . , X k are reducibilit y candidates th en s o is c X 1 . . . X k . Definition 2.9. T he fu nction [ − ] asso ciates a reducibilit y candidate to eac h formal neigh- b ourho o d . • [ ∇ ] , R 0 • [ c U 1 . . . U k ] , c [ U 1 ] . . . [ U k ] • [ U → V ] , [ U ] → [ V ] • [ U ∩ V ] , [ U ] ∩ [ V ] 6 T. COQUAND AND A. SPIW ACK Lemma 2.10 . If U ⊆ V for the formal inclusion relation then [ U ] ⊆ [ V ] as sets of terms. This follo ws from th e fact that all the rules of Figure 1 are v alid for reducilit y candid ates. Theorem 2.1 1. If ⊢ M M : U then M ∈ [ U ]. In particular M is strongly normalising. As u sual, w e prov e that if x 1 : U 1 , . . . , x n : U n ⊢ M M : U and M 1 ∈ [ U 1 ] , . . . , M n ∈ [ U n ] then M ( x 1 = M 1 , . . . , x n = M n ) ∈ [ U ]. This is a mild exten tion of the usu al indu ction on deriv ations. W e sketc h the extra cases: • Subt yping: direct fr om Lemma 2.10. • Constructor: direct fr om the d efinition of [ c U 1 . . . U k ]. • Defined constan t (case with a r ewrite rule): w e n eed a small remark: since c ′ M 1 . . . M l 6∈ S for any l , we ha ve that c ′ M 1 . . . M l ∈ c X 1 . . . X k implies c ′ = c and l = k by definition of c X 1 . . . X k . Knowing this we get that if N i ∈ p i ([ W 1 ] , . . . , [ W n ])), then f N 1 . . . N k can only int erract with one rewrite rule (remem b er that there is n o critical pair). The definition of c X 1 . . . X k also tells us that if the N i are equal to p i ( M 1 , . . . , M n ), then M j ∈ W j . F rom this the result follo ws easily . • Defined constan t (case with no rewrite rule): w e n eed the same remark as in the previous case: c ′ M 1 . . . M l ∈ c X 1 . . . X k implies that c ′ = c and l = k . Additionally , [ ∇ ] d o es not con tain an y constructor-headed term (since [ ∇ ] ⊆ S ). A consequence of these t w o remarks is that there cannot b e any fu lly applied constru ctor-headed term in [ U → V ], by simple indu ction. In particular there is no term m atc hed b y a pattern in [ U → V ]. Th us, since there is no rule matc h in g the U 1 , . . . , U k , w e kno w that for an y N 1 ∈ [ U 1 ] , . . . , N k ∈ [ U k ], f N 1 . . . N k is not matc h ed by an y rewrite rule; it is, how ev er, a simp le term. I t follo ws easily that f N 1 . . . N k ∈ [ ∇ ]. 2.3. Filter Domain. Definition 2.12. An I-filter 2 o ver M is a s ubset α ⊆ M w ith the follo wing closure prop- erties: • if U, V ∈ α then U ∩ V ∈ α • if U ∈ α and U ⊆ V then V ∈ α It is clear that the set D of all I-filters o v er M ordered by the set inclusion is a complete algebraic domain. Th e finite elemen ts of D are e xactly ∅ and th e principal I-fi lters ↑ U , { V | U ⊆ V } . The elemen t ⊤ = ↑ ∇ is the greatest element of D and the least el emen t is ⊥ = ∅ . W e can define on D a bin ary application op eration α β , { V | ∃ U, U → V ∈ α ∧ U ∈ β } W e ha v e alw a ys α ⊥ = ⊥ and ⊤ β = ⊤ if β 6 = ⊥ . W e w r ite α 1 . . . α n for ( . . . ( α 1 α 2 ) . . . ) α n . 2 This terminology , coming from [6], stresses th e fact that the emp t y set is also an I- filter. A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 7 2.4. Denotational seman tics of UPL. As usual, w e let ρ, ν , . . . range o v er envir onments , i.e. mapping fr om v ariables to D . Definition 2.13. If M is a term of UPL, [ [ M ] ] ρ is the I-filter of neighbour ho o ds U suc h that x 1 : V 1 , . . . , x n : V n ⊢ M M : U for some V i ∈ ρ ( x i ) with FV ( M ) = { x 1 , . . . , x n } . A direct consequence of this d efinition and of Theorem 2.11 is then Theorem 2.1 4. If there exists ρ su c h th at [ [ M ] ] ρ 6 = ⊥ then M is str ongly normalising. Notice also that w e ha v e [ [ M ] ] ρ = [ [ M ] ] ν as s o on as ρ ( x ) = ν ( x ) for all x ∈ F V ( M ). Because of this we can write [ [ M ] ] for [ [ M ] ] ρ if M is clo sed. If c is a c onstructor, w e wr ite simply c for [ [ c ] ] . Lemma 2.15. W e ha v e c α 1 . . . α k 6 = c ′ β 1 . . . β l if c 6 = c ′ and c α 1 . . . α k = c β 1 . . . β k if and only if α 1 = β 1 . . . α k = β k , whenev er α i 6 = ⊥ , β j 6 = ⊥ . An elemen t of D is either ⊥ , or ⊤ or of the form c α 1 . . . α k with c of arit y k and α i 6 = ⊥ or is a sup of elemen ts of th e form ↑ ( U → V ). Th is d efi nes a partition of D . Pr o of. F ollo ws from Lemma 2.2. As a c onsequence of Lemma 2.15, it is possib le to define wh en a constructor pattern matc hes an ele men t of D . The n ext result expresses the fact that w e ha ve defin ed in t his w a y a strict mo del of UPL. Theorem 2.1 6. [ [ x ] ] ρ = ρ ( x ) [ [ N M ] ] ρ = [ [ N ] ] ρ [ [ M ] ] ρ [ [ λx.M ] ] ρ α = [ [ M ] ] ( ρ,x := α ) if α 6 = ⊥ If f p 1 . . . p k = M and α i = [ [ p i ] ] ρ then [ [ f ] ] α 1 . . . α k = [ [ M ] ] ρ . If there is no rule for f whic h matc hes α 1 , . . . , α k and α 1 , . . . , α k are 6 = ⊥ then [ [ f ] ] α 1 . . . α k = ⊤ . Finally , if for all α 6 = ⊥ w e ha v e [ [ M ] ] ( ρ,x := α ) = [ [ N ] ] ( ν,y := α ) then [ [ λx.M ] ] ρ = [ [ λy .N ] ] ν . Pr o of. The second equalit y follo ws from Lemma 2.5 and the third equalit y follo w s from Lemma 2.4. Corollary 2.17. [ [ N ( x = M )] ] ρ = [ [ N ] ] ( ρ,x =[ [ M ] ] ρ ) 3. Applica tion to Spector ’s Double Nega tion Shift The goal of th is section is to pro v e strong norm alisation for d ep endent type theory extended with S p ector’s doub le negation shift [23]. The v ersion of t yp e theory we presen t is close to the one in [17]: we hav e a t y p e of natural num b ers Nat : U , wh ere U is an un iv ers e. It is s ho w n in [17], using the p rop ositions-as-t yp es prin ciple, h o w to r epresen t in tuitionistic higher-order arithmetic in t yp e theory . It is then p ossible to formulate Sp ecto r’s double negation shift as (Π n : Nat . ¬¬ B n ) → ¬¬ Π n : Nat .B n where ¬ A is an abreviation for A → N 0 and B : Nat → U . Sp ecto r show ed [2 3] that it is enough to add this schema (Axiom F in [2 3]) to i n tuitionistic analysis in order to b e able to interpret classical analysis via a n egati v e translation. W e sho w ho w to extend dep en d en t t y p e theory with a constan t of this t yp e in such a w a y that strong normalisation is p reserv ed. 8 T. COQUAND AND A. SPIW ACK It follo ws t hen from [23 ] that the pro of theoretic strength of t yp e theory is muc h stronger with this constan t and h as th e str ength of classical analysis. 3.1. General Rules of T yp e Theory. W e ha v e a constru ctor Fun of arit y 2 and w e write Π x : A.B instead of Fun A ( λx.B ), and A → B in s tead of F un A ( λx.B ) i f x is n ot free in B . W e hav e a s p ecial constan t U for universe. (W e recall that we consider terms up to α -c on v ersion.) A c ontext is a sequence x 1 : A 1 , . . . , x n : A n , where the x i are pairwise distinct. They are three forms of judgemen ts Γ ⊢ A Γ ⊢ M : A Γ ⊢ The last judgemen t Γ ⊢ expr esses that Γ is a well-t yp ed con text. W e ma y wr ite J [ x : A ] for x : A ⊢ J . The t yping rules are in figur e 3.1 ⊢ Γ ⊢ A Γ , x : A ⊢ Γ ⊢ Γ ⊢ U Γ ⊢ A : U Γ ⊢ A Γ , x : A ⊢ B Γ ⊢ Π x : A.B ( x : A ) ∈ Γ Γ ⊢ Γ ⊢ x : A Γ , x : A ⊢ M : B Γ ⊢ λx.M : Π x : A.B Γ ⊢ N : Π x : A.B Γ ⊢ M : A Γ ⊢ N M : B [ M ] Γ ⊢ M : A Γ ⊢ B A = β ,ι B Γ ⊢ M : B W e express fin ally that the univ erse U is closed under the p ro duct op eration. Γ ⊢ A : U Γ , x : A ⊢ B : U Γ ⊢ Π x : A.B : U Figure 3: Typing Rules of Type Theory The constan ts are the ones of ou r language UPL, describ ed in the n ext su bsection. 3.2. Sp ecific Rules. W e describ e here b oth the unt yp ed language UPL (which will define the ι reduction) and the fragmen t of t yp e theory that w e need in order to express a program for Sp ector double negation sh ift. The constan t of form ( op ) are used as infix op erators. The constru ctors are U , Nat , N 0 , N 1 , 0 (arit y 0), S , Inl , Inr (arit y 1) and (+) , ( × ) , Fu n , P a ir (arit y 2). T o define the domain D as in the pr evious sections, it is enough to know these constructors. The defined constan ts of the language UPL are vec , get , t rim , T , head , tail , ( ≤ ) , less , Rec , ¬ , exit , Φ , Ψ. Th e arities are clear from th e giv en ι -ru les. F r om these ι -rules it is then p ossible to in terpret eac h of these constants as an elemen t of the domain D . A t th e same time w e in tro duce th ese constan ts (constructors or defined constan ts) w e giv e their inte nded t yp es. A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 9 First we hav e the t yp e of natural n um b ers Nat with t w o constructors: Nat : U 0 : Nat S : Nat W e also add the natural n u m b er recursor Rec so that the la nguage con tains Heyting airthmetic: Rec : C 0 → (Π n : Nat .C n → C ( S n )) → Π n : Nat .C n [ C : Nat → U ] Rec P Q 0 = N Rec P Q ( S x ) = M x ( Rec N M x ) In add ition we add t yp e connectiv es. (+) stand s for the t yp e disj u nction, and ( × ) for the pair t yp e: (+) : U → U → U Inl : A → A + B [ A, B : U ] Inr : B → A + B [ A, B : U ] ( × ) : U → U → U P a ir : A → B → A × B [ A, B : U ] W e write ( x, y ) instead of P air x y , and ( x 1 , . . . , x n ) for ( . . . ( x 1 , x 2 ) , . . . , x n ). W e also need the empty type N 0 (with no constructor): N 0 : U with which we can define exit , its elimination rule, also known as e x falsum quo d lib et and the negation ¬ : exit : N 0 → A [ A : U ] ¬ : U → U ¬ A = A → N 0 Notice that the constant exit has no computation rule. The last t yp e w e need to d efine is N 1 , the un it t yp e ( i.e. with only one trivial construc- tor), in other word the t yp e “true”: N 1 : U 0 : N 1 Notice that 0 is p olymorph ic and is a constructor of b oth N 1 and Nat . W e can no w start defin ing the more sp ecific functions of our language. First comes ( ≤ ). It decides if its fi rst argum en t is less or equal to its second one. Note that it return s either N 1 or N 0 whic h are types. This is an example of strong elimination, i.e defining a p redicate using a recursive fun ction. ( ≤ ) : Nat → Nat → U 0 ≤ n = N 1 ( S x ) ≤ 0 = N 0 ( S x ) ≤ ( S n ) = x ≤ n Consequent ly w e ha v e the fun ction less whic h prov es essentia lly that ( ≤ ) is a total ordering: 10 T. COQUAND AND A. SPIW ACK less : Π x : Nat . Π n : Nat . ( S x ≤ n ) + ( n ≤ x ) less x 0 = Inr 0 less 0 ( S n ) = Inl 0 less ( S x ) ( S n ) = less x n In order to write the p ro of of the sh if tin g rule it is con venien t to ha v e a type of v ectors vec B n , which is in tu itiv ely ( . . . ( N 1 × B 0 ) . . . ) × B ( n − 1) and an access function of t yp e Π n : Nat . Π x : Nat . ( S x ≤ n ) → vec B n → B x Notice that this access fu n ction requires as an extra argumen t a proof th at the ind ex access is in the right range. T o h av e such an access f u nction is a nice exercise in programming with dep end en t t yp es. This has to b e seen as the typ e of fi n ite app r o ximations of pr o ofs of Π n : Nat .B n . And the access function is the resp ectiv e elimination rule ( i.e. a finite v ersion of th e forall elimination rule of natural d eduction). The t yp e of v ectors vec is defi ned r ecursiv ely vec : ( Nat → U ) → Nat → U vec B 0 = N 1 vec B ( S x ) = ( vec B x ) × B x With vec come tw o simple functions head and tail accessing resp ectiv ely the t wo comp o- nen t of the pair (any n on- 0 -indexed v ector is a pair of an “elemen t” and a shorter ve ctor): head : Π x : Nat . ( vec B ( S x )) → B x head x ( v , u ) = u tail : Π x : Nat . ( vec B ( S x )) → vec B x tail x ( v , u ) = v In order to build the access function f or t yp e vec (whic h is supp osed to extract the elemen t of t yp e B x from a v ector of a length longer th an x ) w e introdu ce a fun ction trim whic h sh ortens a v ecto r of t yp e vec B n in to a vect or of t yp e vec B x by r emo vin g the n − x first e lemen ts. The reason why su ch a function is u seful is b ecause w e are trying to read the v ector from the insid e to th e outside. T : ( Nat → U ) → U T P = Π k : Nat .P ( S k ) → P k trim : Π n : Nat . Π m : Nat . ( n ≤ m ) → Π P : Nat → U .T P → P m → P n trim 0 0 p P h v = v trim 0 ( S m ) p P h v = trim 0 m P h ( h m v ) trim ( S n ) 0 p P h v = exit p trim ( S n ) ( S m ) p P h v = trim n m p ( λx.P ( S x )) ( λx.h ( S x )) v As a consequence of the f u nction tri m we can d efine in a rather simple w a y the access function get : get : Π B : Nat → U . Π n : Nat . Π x : Nat . ( S x ≤ n ) → vec B n → B x get B n x p v = head x ( trim ( S x ) n p ( vec B ) ta il v ) W e need the follo wing resu lt on the domain in terp retation of this fun ction get . T o simplify the notations w e write h instead of [ [ h ] ] if h is a constan t of the language. W e also write l for S l 0. A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 11 Lemma 3.1. Let v 6 = ⊥ , y 6 = ⊥ and B suc h that for any l , B ( S l ⊤ ) 6 = ⊥ and B l 6 = ⊥ (in particular, B 6 = ⊥ ). If x = q with q < p then get p x 0 v = get p + 1 x 0 ( v , y ). If x = S q ⊤ with q < p th en get p x 0 v = ⊤ . Pr o of. Let u s prov e that if x = q with q < p then get p x 0 v = get p + 1 x 0 ( v , y ). The pro of of the second part of th e Lemm a is similar. It is pro v ed by the follo win g sequence of prop ositions • If h = [ [ λx.f ( S x )] ] ( f = h ) 6 = ⊥ and h m u = h ⊤ u f or any m , u , q ≤ p , t 6 = ⊥ , v 6 = ⊥ and P ( S l ⊤ ) 6 = ⊥ for an y l (in particular, P 6 = ⊥ ), then trim q p t P v = ( h ⊤ ) p − q v . This is p ro ved by simple induction on q and p . Using th e definition of trim together with Theorem 2.16 and the fact that P ( S l ⊤ ) 6 = ⊥ implies th at [ [ λf .f ( S x )] ] ( f = P ) ( S l ⊤ ) = P ( S l +1 ⊤ ) 6 = ⊥ f or any l . • tail = [ [ λx.f ( S x )] ] ( f = tail ) 6 = ⊥ and tail m u = tail ⊤ u . By T h eorem 2.16. • If B ( S l ⊤ ) 6 = ⊥ and B l 6 = ⊥ , then for all l v ec B ( S l ⊤ ) 6 = ⊥ . It is direct by induction on l using the defin ition of vec and Theorem 2.16. • Finally get p + 1 x 0 ( v , y ) = head x ( trim ( S x ) p + 1 0 ( vec B ) tail ( v , y )) = head x (( tail ⊤ ) p − q ( v , y )) = head x (( tail ⊤ ) p − q − 1 v ) = head x ( trim ( S x ) p 0 ( vec B ) tail v ) = get p x 0 v W e can n o w introd uce t w o functions Φ and Ψ, defined in a mutual recursive w a y . They define a sligh t generalisation of th e d ouble negation shift: Φ : Π B : Nat → U . (Π n : Nat . ¬¬ B n ) → ¬ (Π n : Nat .B n ) → Π n : Nat . ¬ vec B n Ψ : Π B : Nat → U . (Π n : Nat . ¬¬ B n ) → ¬ (Π n : Nat .B n ) → Π n : Nat . vec B n → Π x : Nat . ( S x ≤ n ) + ( n ≤ x ) → B x Φ B H K n v = K ( λx. Ψ B H K n v x ( less x n )) Ψ B H K n v x ( Inl p ) = get B n x p v Ψ B H K n v x ( Inr p ) = exit ( H n ( λy . Φ B H K ( S n ) ( v , y ))) The program that prov es S p ector’s double negation shift Π B : Nat → U . (Π n : Nat . ¬¬ B n ) → ¬¬ (Π n : Nat .B n ) is then λB .λH.λK . Φ B H K 0 0 . 4. Model of type t heor y and str ong norma lisa tion 4.1. Mo del. W e let Po w ( D ) b e the collec tion of all su bsets of D . I f X ∈ P o w ( D ) and F : X → Po w ( D ) we defi n e Π( X , F ) ∈ Po w ( D ) by v ∈ Π( X , F ) if and only if u ∈ X implies v u ∈ F ( u ). A totality pr e dic ate on D is a subs et X such that ⊥ / ∈ X and ⊤ ∈ X . W e let TP ( D ) b e the collection of all totalit y predicates. Lemma 4.1. If X ∈ TP ( D ) and F : X → TP ( D ) th en Π( X , F ) ∈ TP ( D ). 12 T. COQUAND AND A. SPIW ACK Pr o of. W e ha v e ⊤ ∈ X . If v ∈ Π( X, F ) then v ⊤ ∈ F ( ⊤ ) and so v ⊤ 6 = ⊥ and v 6 = ⊥ h old. If u ∈ X th en u 6 = ⊥ so that ⊤ u = ⊤ ∈ F ( u ). This sho ws ⊤ ∈ Π( X , F ). Definition 4.2. A mo del of t yp e theory is a pair T , E l with T ∈ TP ( D ) and E l : T → TP ( D ) satisfying th e p rop ert y: if A ∈ T and u ∈ E l ( A ) implies F u ∈ T then Fu n A F ∈ T . F ur thermore E l ( Fun A F ) = Π( E l ( A ) , λu.E l ( F u )). If we ha v e a collection of constant s w ith t yping ru les ⊢ h : A we require also [ [ A ] ] ∈ T and [ [ h ] ] ∈ E l ([ [ A ] ] ). Finally , for a mo d el of t y p e theory w ith un iv erse U we require also: U ∈ T , E l ( U ) ⊆ T and Fun A F ∈ E l ( U ) if A ∈ E l ( U ) and F u ∈ E l ( U ) for u ∈ E l ( A ). The intuition is the follo wing: T ⊆ D is th e collect ion of ele men ts represent ing t yp es and if A ∈ T the set E l A is the set of elemen ts of t yp e A . Th e fi rst cond ition expr esses that T is closed u nder the dep end en t pro d uct op eration. The last condition exp resses that U is a t yp e and that E l ( U ) i s a subset of T whic h is also closed un der the dep enden t pro du ct op eration. The next result states the soundness of the semant ics w.r.t. the t yp e system. Theorem 4.3. Let ∆ b e a context . Assume that [ [ A ] ] ρ ∈ T and ρ ( x ) ∈ E l ([ [ A ] ] ρ ) for x : A in ∆. If ∆ ⊢ A then [ [ A ] ] ρ ∈ T . If ∆ ⊢ M : A then [ [ A ] ] ρ ∈ T and [ [ M ] ] ρ ∈ E l ([ [ A ] ] ρ ). Pr o of. Direct by induction on deriv ations, usin g Theorem 2.16 and Corollary 2.17. F or in- stance, w e jus tify th e application rule. W e hav e by in duction [ [ N ] ] ρ ∈ El ( Fu n [ [ A ] ] ρ [ [ λx.B ] ] ρ ) and [ [ M ] ] ρ ∈ E l ([ [ A ] ] ρ ). It follo ws that w e ha v e [ [ N M ] ] ρ = [ [ N ] ] ρ [ [ M ] ] ρ ∈ E l ([ [ λx.B ] ] ρ [ [ M ] ] ρ ) Since E l ([ [ A ] ] ρ ) ∈ TP ( D ) we ha v e [ [ M ] ] ρ 6 = ⊥ . Hence b y Th eorem 2.16 and Corollary 2.17 w e ha v e [ [ λx.B ] ] ρ [ [ M ] ] ρ = [ [ B ] ] ρ,x =[ [ M ] ] ρ = [ [ B [ M ]] ] ρ and so [ [ N M ] ] ρ ∈ E l ([ [ B [ M ]] ] ρ ) as exp ected. 4.2. Construction of a mo del. Theorem 4.4. Th e filter model D of UPL can b e extended t o a mod el T ∈ TP ( D ) , E l : T → TP ( D ). Pr o of. The main id ea is to define the pair T , E l in t wo ind u ctiv e steps, usin g Lemma 2.15 to ensure the consistency of this definition. W e d efine first T 0 , E l . W e ha v e ⊤ ∈ T 0 and ⊤ ∈ E l ( A ) if A ∈ T 0 . F urth ermore, w e ha v e • N 0 ∈ T 0 • N 1 ∈ T 0 and 0 ∈ E l ( N 1 ) • Nat ∈ T 0 and 0 ∈ E l ( Nat ) and S x ∈ E l ( Nat ) if x ∈ E l ( Nat ) • A + B ∈ T 0 if A, B ∈ T 0 and Inl x ∈ E l ( A + B ) if x ∈ E l ( A ) and Inr y ∈ E l ( A + B ) if y ∈ E l ( B ) • A × B ∈ T 0 if A, B ∈ T 0 and ( x, y ) ∈ E l ( A × B ) if x ∈ E l ( A ) and y ∈ E l ( B ) • Fun A F ∈ T 0 if A ∈ T 0 and F x ∈ T 0 for x ∈ E l ( A ). F urtherm ore w ∈ E l ( Fun A F ) if w x ∈ E l ( F x ) wh enev er x ∈ E l ( A ) W e can then define T ⊇ T 0 and the extension E l : T → TP ( D ) by the same conditions extended b y one clause A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 13 • N 0 ∈ T • N 1 ∈ T and 0 ∈ E l ( N 1 ) • Nat ∈ T and 0 ∈ E l ( Nat ) and S x ∈ E l ( Nat ) if x ∈ E l ( Nat ) • A + B ∈ T if A, B ∈ T and In l x ∈ E l ( A + B ) if x ∈ E l ( A ) and Inr y ∈ E l ( A + B ) if y ∈ E l ( B ) • A × B ∈ T if A, B ∈ T and ( x, y ) ∈ E l ( A × B ) if x ∈ E l ( A ) and y ∈ E l ( B ) • Fun A F ∈ T if A ∈ T and F x ∈ T for x ∈ E l ( A ). F urtherm ore w ∈ E l ( Fun A F ) if w x ∈ E l ( F x ) wh enev er x ∈ E l ( A ) • U ∈ T and E l ( U ) = T 0 The d efi nition of the pair T , E l is a typica l example of an inductive-r e cursive defin ition: w e define sim ulatenously the sub set T and the fun ction E l on this subset. The justification of suc h a definition is subtle, but it is standard [2, 8, 22]. It can b e chec k ed b y induction th at T ∈ TP ( D ) and E l ( A ) ∈ TP ( D ) if A ∈ T . The next subsection pro v es that [ [ h ] ] ∈ E l ([ [ A ] ] ) if ⊢ h : A is a t yping ru le f or a constan t h . 4.3. Strong normalisation via totalit y. It is rather straigh tforw ard to chec k that we ha v e [ [ h ] ] ∈ E l ([ [ A ] ] ) for all the constant s h : A th at w e ha v e introdu ced except the last tw o constan ts Φ and Ψ. F or i nstance [ [ exit ] ] ∈ E l ( N 0 → A ) for any A ∈ T since E l ( N 0 ) = {⊤} and [ [ exit ] ] ⊤ = ⊤ is in E l ( A ). T o c hec k [ [ h ] ] ∈ E l ([ [ A ] ] ) is more complex for the last t wo functions. Theorem 4.5 . F or all constan ts h : A that w e ha ve in tro duced, we h av e [ [ h ] ] ∈ E l ([ [ A ] ] ). Pr o of. T o simp lify the n otatio ns we w rite h instead of [ [ h ] ] if h is a constan t of the language, and w e sa y simply that h is total instead of h ∈ E l ( A ). The only difficult cases are for the constan ts Φ and Ψ. It is the only place where w e use classical reasoning. W e only write the pro of for Φ, the case of Ψ is similar. Assume that Φ is not total. W e can then find total elemen ts B ∈ E l ( Nat → U ), H ∈ E l ( F un Nat ( λx. ¬¬ ( B x ))), K ∈ E l ( ¬ ( Fun Nat B )), n ∈ E l ( Nat ) and v ∈ E l ( B n ) suc h that Φ B H K n v d o es not b elong to E l ( N 0 ) = {⊤} . Since Φ B H K n v = K ( λx. Ψ B H K n v x ( less x n )) and K is total, there exists x ∈ E l ( Nat ) suc h that Ψ B H K n v x ( less x n ) is not total at t y p e B x . Giv en the definition of Ψ this imp lies that less x n is of the form Inr h . It f ollo ws from the definition of less that n is of the form p . F urtherm ore Ψ B H K n v x ( less x n ) = exit ( H p ( λy . Φ H K p + 1 ( v , y ))) is n ot total. Since H is total, there exists y p ∈ E l ( B p ) su c h th at Φ B H K p + 1 ( v , y p ) is n ot total. Reasoning in the s ame w a y , we see th at there exists y p +1 ∈ E l ( B p + 1) suc h that Φ B H K p + 2 ( v , y p , y p +1 ) is not total. Thus we build a sequence of e lemen ts y m ∈ E l ( B m ) for m ≥ p su c h that, for an y m Φ B H K m ( v , y p , . . . , y m − 1 ) 6 = ⊤ Consider no w an elemen t x = q . F or m > q w e hav e S x ≤ m = N 1 and w e tak e f x to b e get m x 0 ( v , y p , . . . , y m − 1 ). T his is well defi ned since we hav e for m 1 , m 2 > q by Lemma 3.1 get B m 1 x 0 ( v , y p , . . . , y m 1 − 1 ) = get B m 2 x 0 ( v , y p , . . . , y m 2 − 1 ) 14 T. COQUAND AND A. SPIW ACK W e take also f ( S q ⊤ ) = ⊤ . This defines a total element f in E l ( Fun Nat ( λx.E l ( B x ))). Since K is total, K f is total and b elongs to E l ( N 0 ) = {⊤} . Hence K f = ⊤ . Since ⊤ is a finite elemen t of D we h a ve b y con tin uit y K f 0 = ⊤ for some finite app ro ximation f 0 of f . In particular there exists m suc h that if g m ( S q 0) = f ( S q 0) and g m ( S q ⊤ ) = f ( S q ⊤ ), for all q < m , then K g m = ⊤ . If we define g m x = Ψ B H K m ( v , y p , . . . , y m − 1 ) x ( less x m ) w e do ha v e g m ( S q 0) = f ( S q 0) and g m ( S q ⊤ ) = f ( S q ⊤ ) for all q < m . Hence K g m = ⊤ . But then Φ B H K m ( v , y p , . . . , y m − 1 ) = K g m = ⊤ whic h con tradicts the fact that the elemen t Φ B H K m ( v , y p , . . . , y m − 1 ) is not total. Lik e in [11], it is crucial for this argument that w e are u s ing a domain mo del. Th ese constan ts mak e also the sys tem pr o of-theoretically strong, at least the s tr ength of second- order arithmetic. Corollary 4.6. If ⊢ A then [ [ A ] ] 6 = ⊥ . If ⊢ M : A then [ [ M ] ] 6 = ⊥ . Pr o of. If ⊢ A we hav e by Th eorem 4.3 that [ [ A ] ] ∈ T . By Theorem 4.4 we ha v e T ∈ TP ( D ). Hence [ [ A ] ] 6 = ⊥ . Similarly , if ⊢ M : A we hav e by T heorem 4 .3 that [ [ A ] ] ∈ T and [ [ M ] ] ∈ E l ([ [ A ] ] ). By Theorem 4.4 w e ha ve T ∈ TP ( D ) and E l ([ [ A ] ] ) ∈ TP ( D ). Hence [ [ A ] ] 6 = ⊥ a nd [ [ M ] ] 6 = ⊥ . By com bining Corollary 4.6 with T h eorem 2.14 w e get Theorem 4.7. If ⊢ A then A is strongly normalisable. If ⊢ M : A then M is strongly normalisable. Conclusion W e h a ve bu ilt a filter mo del D for an unt yp ed calculus ha ving the prop ert y th at a term is strongly n ormalisable wh enev er its seman tics is 6 = ⊥ , and then used this to giv e v arious mo dular pro ofs of strong normalization. While eac h part us es essen tially v ariation on standard materials, our use of filter mo dels seems to b e n ew and can b e seen as an application of compu ting science to pro of theory . It is in teresting that w e are naturally lead in this w a y to consider a domain with a top elemen t. W e ha v e sh o wn on some e xamples that this can b e u sed to p ro v e strong normalisation theorem in a m o d ular w a y , essen tially b y r educing this problem to s ho w the soundness of a semanti cs o v er t he domain D . Th er e should be no problem to use our mo del to give a simple normalisatio n pro of of system F extended with bar recursion. It is indeed direct that totalit y p redicates are close d under arbitrary non empty in tersectio ns. By w orking in the D -set mo del o ver D [24, 4], one should b e able to g et also strong normalisation theorems for v arious impr ed icativ e type theories extended with bar recursion. F or proving normalisation for pr e dic ative t yp e systems, the u se of the m o del D is p ro of- theoreticall y too strong: the totalit y predicates are sets of filters, that are thems elves sets of formal neighb ou r ho o ds, and so are essentiall y third-order ob jects. F or applications not in v olving str on g sc hemas lik e bar recursion, it is p ossib le h o wev er to w ork instead only with the d efi nable elemen ts of the set D , and the totalit y pr edicates b ecome second-order ob jects, as u s ual. It is then n atural to extend our pr ogramming language w ith an extra elemen t ⊤ A PR OOF OF STRONG NORMALISA TION USING DOMAIN THEOR Y 15 that pla ys the role of a top-lev el err or. As suggested also to u s by Andreas Ab el, it seems lik ely that Theorem 2.11 h as a pu rely combinatorial p ro of, similar in complexit y to the one for simply t yp ed λ -calculus. He ga ve suc h a pr o of for a reasonable subsystem in [1]. A n atural extension of this wo rk w ould b e also to state and prov e a density theorem for our denotational semantic s, follo wing [13]. The first step would b e to d efine w hen a formal neigh b ourho o d is of a giv en typ e. In [6, 18], for un t yp ed λ -calc ulus without constants, it is pro v ed th at a term M is strongly normalizing if and only if [ [ M ] ] 6 = ⊥ . This do es not h old here since we hav e for instance 0 Nat s trongly normalizing, b ut [ [ 0 Nat ] ] = ⊥ . Ho w ever, it ma y b e p ossible to fi nd a natur al sub s et of terms M for whic h the equiv alence b et w een M is strongly normalizing and [ [ M ] ] 6 = ⊥ holds. Add itionally , Colin Riba sho w ed this resu lt for a system where th e neigh b ourho o ds are closed by u nion b ut w ere the rewrite ru les are weak er [20]. Most of our results hold without the hyp otheses that the r ewrite r u les are mutually disjoin t. W e only ha ve to c h ange the t yp ing rules for a constant f in Figur e 2 b y th e uniform rule: Γ ⊢ M f : U 1 → . . . → U k → V i f for al l rules f p 1 . . . p k = M and for al l W 1 , . . . , W n suc h that p i ( W 1 , . . . , W n ) = U i w e ha v e Γ , x 1 : W 1 , . . . , x n : W n ⊢ M M : V . (This holds f or ins tance trivially in the sp ecia l case where no rules f or f matc hes U 1 , . . . , U n .) F or instance, w e can add a constan t + w ith rewrite rules + n 0 = n + 0 n = n + n ( S m ) = S (+ n m ) + ( S n ) m = S (+ n m ) and Theorem 2.14 is still v alid for this extension. A cknowledgement Thanks to Mariangiola Dezani-Ciancaglini for the reference to the pap er [6 ]. The fi r st author w an ts also to thank Thomas Ehrhard for reminding him ab out pro ofs of strong normalisation via int ersection t yp es. Referen ces [1] A. Ab el. Syntactical N ormalizatio n for Intersection Types with T erm Rewriting R ules. 4th International W orkshop on Higher-Order R ewriting, HOR’07, Paris, F rance, 2007. [2] P . Aczel. F rege structures and the notions of prop osition, t ruth and set. The Kle ene Symp osium , pp. 31–59, Stu d . Logic F ou n dations Math., 101, N orth-Holland, Amsterdam- N ew Y ork, 1980. [3] Y. Ak ama. SN Com binators and Pa rtial Combinatory Algebras. LNCS 1379, p. 302-317, 1998. [4] Th. Altenkirch. Constructions, Inductive T yp es and Str ong Normal i zation. PhD thesis, Universit y of Edinburgh, 1993. [5] R. Amadio and P .L. Curien. Domains and L amb da-Calculi. Cam bridge tracts in theoretical computer science, 46, (1997). [6] S. van Bakel. Complete restrictions of the Intersection T yp e Discipline. Theoretical Comput er Science, 102:135 -163, 1992. [7] H. Barendregt, M. Copp o and M. Dezani-Ciancaglini. A filter lambda mod el and th e completeness of type assignment. J. Symb olic L o gi c 48 (1983), no. 4, 931–940 (1984). [8] M. Beeson. F oundations of c onstruct ive m athematics. Metamathematic al studies. Ergebnisse d er Math- ematik und ihrer Grenzgebiete (3) [Results in Mathematics and Related Areas (3)], 6. Sprin ger-V erlag, Berlin, 1985. 16 T. COQUAND AND A. SPIW ACK [9] S. Berardi, M. Bezem and Th. Co quand. On the computational con tent of the axiom of choice. Journal of Sy m b olic Logic 63 (2), 600-622, 1998. [10] U . Berger and P . Oliv a. Mo dified Bar Recursion and Classi cal Dep end en t Choice. Logic Colloquiu m ’01, 89–107, Lect. Notes Log., 20, Asso c. Symb ol. Logic, Urbana, IL, 2005. [11] U . Berger. Contin u ou s Semantics for Strong Normalisation. LNCS 3526, 23-34, 2005. [12] U . Berger. Strong normalization for applied lambda calculi. Logical Meth ods in Computer Science, 1-14, 2005. [13] U . Berger. Con tinuous F unctionals of Dep end ent and T ransfinite Types. in Mo dels and Computability , London Mathematical Society , Lecture Note Series, p. 1–22, 1999. [14] J. W. Klop, V. van Oostrom and F. v an Raamsdonk. Com binatory reduction sy stems: introdu ction and survey . Theoretical Computer S cience, V olume 121, No. 1 & 2, pp. 279 - 308, December 1993. [15] G. Kreisel. Interpretation of analysis by means of constructive functionals of finite types. In Construc- tivity in Mathematics , N orth-Holland, 1958. [16] P . Martin-L¨ of. Lecture note on the domain interpretation of type theory . Workshop on Semantics of Pr o gr amming L anguages, Chalmers , (1983). [17] P .Martin-L¨ of. An intuitionistic theory of typ es. in T wenty-five ye ars of c onstructive typ e the ory (V enice, 1995), 127–172, Oxford Logic Guides, 36, Ox ford U niv. Press, New Y ork, 1998. [18] G. Pottinger. A typ e assignmen t for the strongly n ormalizable terms. in: J.P . Seldin and J.R. Hindley (eds.), T o H. B. Curry: essays on c ombinatory lo gic, lamb da c alcul us and formal ism , Academic Press, London, pp . 561-577, 1980. [19] G. Plotkin. LCF considered as a progra mming language. The or etic al Computer Scienc e , 5:223-255, 1977. [20] C. Riba. Strong Normalization as Safe Interaction. Logic In Computer Science 2007. [21] D . Scott. Lectures on a mathematical theory of computation. Theoretical foundations of programming metho d ology ( Munic h, 1981), 145–292, NA TO Adv. S tudy Inst. Ser. C: Math. Phys. Sci., 91, R eidel, Dordrech t, 1982. [22] D . Scott. Combinators and classes. λ -c alculus and c omputer scienc e the ory , pp. 1–26. Lecture Notes in Comput. Sci., V ol. 37, Springer, Berlin, 1975. [23] C. S p ector. Prov ably recursive functionals of analysis: a consistency pro of of analysis by an extension of principles in current intuitionistic mathematics. In F.D.E.Dekker, editor, Recursive F unction Theory , 1962 [24] Th. Streicher. Semantics of T yp e The ory. in the series Progress in Theoretical Comput er Science. Basel: Birkhaeuser. XI I , 1991. [25] W .W. T ait. Normal form theorem for b ar recursive functions of finite typ e. Pr o c e e dings of the Se c ond Sc andinavian L o gi c Symp osium , North-Holland, 1971. This wor k is licensed under the Cre ative Comm ons Attr ibution-NoDer ivs License. T o view a copy o f t his lice nse, visit htt p://c reati vecommons.org/licenses/by-nd/2.0/ or se nd a letter to Creative Commons , 559 Nathan Abbott Wa y , Stanford, California 94305, USA.