Chapter 2The Language PCF2.1 Introdu tionThis hapter presents a language for Programming Computable Fun tions alled PCF, originallyformulated by Dana S ott in an in uential unpublished manus ript [S o69℄. It is a typed fun tionallanguage based on lambda al ulus. The language is designed to be easily analyzed, rather thanas a pra ti al language for writing large programs. However, with ertain extensions to the surfa esyntax, it is possible to write many fun tional programs in a omfortable style. The presentationof PCF here is informal in the sense that we will dis uss the onstru ts of the language, and theaxiomati , operational and denotational semanti s, without going into the proofs of basi theorems.The main topi s of the hapter are:� Introdu tion to syntax and semanti s of typed lambda al ulus and related languages byexample.� Treatment of re ursive de�nitions by �xed-point operators.� Dis ussion of axiomati , operational and denotational semanti s, with a summary of therelationships between them.� Demonstration that basi programming methods may be arried out in a simpli�ed fun tionallanguage.� Study of expressive power and limitations of the language using operational semanti s.The main goals are to develop a feel for the programming apabilities of lambda- al ulus-basedlanguages and summarize general properties and te hniques that apply to a variety of languages.Operational semanti s are onsidered in more depth than denotational semanti s, sin e later hap-ters fo us on the denotational and axiomati semanti s. We dis uss \programming te hniques" atsome length, to give some intuition for the way that familiar programming onstru ts may be rep-resented in lambda al ulus and prove both positive and negative results about the expressivenessof PCF. The hapter on ludes with a brief overview of extensions and variations of PCF that haveeither pra ti al or theoreti al signi� an e. The te hni al theorems about PCF that are not provedin this hapter are proved in Chapters 5 and 8, as spe ial ases of more general results.For those familiar with denotational semanti s, we point out several di�eren es between theuse of lambda al ulus in this book and the traditional use of lambda al ulus in denotationalsemanti s. One is typing. The meta-language in standard texts on denotational semanti s, su h50

Foundations for Programming Languages 51as [Gor79, MS76, S h86, Sto77℄, is not expli itly typed. In ontrast, we use only typed lambda al ulus. This lari�es the kind of value ea h expression de�nes, and simpli�es the te hni al analysisin several ways. Another di�eren e is that we regard PCF itself as a language for writing programs,rather than solely as a meta-language for giving semanti s to other languages. One reason for thisapproa h is to develop some intuition for the expressive power of typed lambda al ulus. Another isto suggest that lambda al ulus may be used not only for denotational semanti s, but for studyingoperational and pragmati issues in programming language analysis and design.The evaluation order used in PCF is lazy or left-most. This is the evaluation order used in thepure fun tional programming languages Haskell [HF92, H+92℄ and Miranda [Tur85℄. (See [Pey87℄for information on the implementation of lazy fun tional languages.) In ontrast, the languagesLisp [M C60, M C78, Ste84℄ and ML [Mil85b, MTH90, MT91, Ull94℄ use an eager form of evalu-ation. While most pra ti al languages use eager evaluation, there are some advantages (as well asdisadvantages) to developing a basi theory using lazy evaluation. To a �rst approximation, the hoi e between evaluation orders is a matter of taste. Sin e we an simulate eager redu tion ina lazy language, and onversely [Plo75℄, the redu tion systems are theoreti ally equivalent. Thedenotational semanti s are also interde�nable, although there are some simpli� ations in the eager ase. On the other hand, the axiomati semanti s of eager languages seem more ompli ated. Themain reasons we prefer to study lazy PCF in this book are that this gives the simplest orrespon-den e between axiomati , operational, and denotational semanti s, and also the most exibility inoperational semanti s sin e we have equivalent deterministi , nondeterministi and parallel formsof program exe ution. The theory is also older and more fully developed. Sin e similar te hniquesapply in both ases, the ideas des ribed in this book are useful for analyzing both forms of evalu-ation. A general setting for onsidering both evaluation orders is the extension of PCF with liftedtypes, des ribed in Se tion 2.6.4.2.2 Syntax of PCF2.2.1 OverviewEvery expression of PCF has a unique type. Therefore, we may summarize the onstru ts of PCFby listing the types of the language. The basi values are natural numbers and booleans (truthvalues true and false), whi h have types nat and bool , respe tively. PCF also has pairs, whi hbelong to artesian produ t types, and fun tions, belonging to fun tion types. The PCF notationfor the artesian produ t of types � and � is �� � . For example, the type of natural numberpairs is written nat �nat . The type of a fun tion with domain � and range � is written �! � .Some notational onventions regarding type expressions are that ! asso iates to the right, and �has higher pre eden e than ! . Thus �! �! � is parenthesized as �!(�! �), and �� �! � as(�� �)! � .One property of PCF is that only expressions that satisfy ertain typing onstraints are a tually onsidered part of the language. For example, although PCF has addition, the expression true +1is not onsidered well formed. (It does not make sense to add a truth value to a natural number.)With variables, the typing onditions depend on the ontext in whi h an expression is used. Forexample, x+5 only makes sense if the variable x is de lared to have type nat . A pre ise des riptionof PCF, using typing rules and assumptions about the types of variables, is given using typing rulesin Chapter 4. In the following informal presentation, we assume we have in�nitely many variablesof ea h type and that we an tell what type ea h variable has. When we write �x:� , it is impli itlyassumed that x is a variable of type � . When we need to refer to the types of a variable that are

Foundations for Programming Languages 52not lambda bound, we will simply write typing assumptions x1:�1; : : : ; xk:�k in parentheses or inthe text.A general synta ti issue that many readers will be familiar with is the distin tion betweenobje t notation and meta-notation. The syntax of PCF, like other languages we will onsider, isde�ned using some set Var of variables, some set Cst of onstant symbols, and other lasses ofsymbols. We do not need to be on erned with what the elements of the set Var a tually are, aslong as we have in�nitely many of them (so we don't run out) and we an tell whether two aredistin t or the same. We say that the symbols and expressions of PCF belong to the obje t languagesin e PCF is the obje t of study. In studying PCF, it is onvenient to use additional symbols tostand for arbitrary symbols and expressions of the obje t language. These are said to be symbolsof the meta-language, the language we use in our study of the obje t language.We use letters x; y; z; : : : , possibly with subs ripts, primes or supers ripts, as meta-variablesfor arbitrary variables of PCF (elements of Var) and letters M;N;P; : : : , again possibly withsubs ripts, primes or supers ripts, as meta-variables for expressions of PCF. It is possible for twometavariables, x and y , to stand for the same obje t variable. We use the symbol � for synta ti equality of obje t expressions, writing x � y if x and y stand for the same variable of PCF andx 6� y to indi ate that they are distin t variables. If we say, \let x and y be variables" or \let Mand N be terms," then these ould be distin t variables or expressions, or synta ti ally identi al.2.2.2 Booleans and natural numbersThe basi boolean expressions are the onstants true and false, and the boolean-valued onditionalexpressions if hbooleani then hbooleani else hbooleani:The basi natural number expressions in lude numerals0; 1; 2; 3; : : : ;the usual symbols for natural numbers, and addition, written +. Thus if M and N are naturalnumber expressions, so is M +N . We an also ompute natural numbers using onditional tests,if hbooleani then hnatural number i else hnatural numberiand ompare natural numbers for equality. The equality test Eq? on natural numbers returns aboolean value. For example, Eq? 3 0 has the boolean value false, sin e 3 is di�erent from 0, butEq? 5 5 = true .The typing rules of PCF prevent onditional expressions su h asif hbooleani then 3 else true;with one ase returning a boolean and the other a natural number. In general, PCF allows any onditional expression if hbooleani then M else N , provided alternatives M and N have thesame type. This allows us to hoose between numeri fun tions by writingif hbooleani then �x:nat :M else �x:nat :N;for example.

Foundations for Programming Languages 53To summarize the expressions we have onsidered so far, the basi natural number and booleanexpressions are given by the following produ tions. While we have not dis ussed arbitrary ex-pressions of type � , we in lude onditional expressions below sin e onditional is most naturally onsidered a boolean operation.hbool expi ::= hbool var i j true j false jEq? hnat expi hnat expi jif hbool expi then hbool expi else hbool expihnat expi ::= hnat var i j 0 j 1 j 2 j : : : j hnat expi+ hnat expi jif hbool expi then hnat expi else hnat expih� expi ::= : : : j if hbool expi then h� expi else h� expiSin e both natural numbers and booleans may also be omputed by fun tion alls, these are notall of the natural number and boolean expressions of PCF. The additional forms will presented insubsequent se tions dis ussing produ t types, fun tion types and re ursive de�nitions.The equational axioms for natural number and boolean expressions are straightforward. Wehave an in�nite olle tion of basi axioms0 + 0 = 0; 0 + 1 = 1; : : : ; 1 + 0 = 1; 1 + 1 = 2; : : :for addition, giving us all true equations of the form n +m = p , for numerals n , m and p , andtwo axiom s hemes for onditional expressions of ea h typeif true then M else N = M;if false then M else N = N:There are in�nitely many axioms for equality test, determined as followsEq?nn = true; ea h numeral n;Eq?mn = false ; m; n distin t numerals.The operational semanti s of natural number and boolean expressions are de�ned using a setof redu tion axioms, ea h obtained by reading one of the equational axioms from left to right.In lambda al ulus, these are usually alled redu tion rules, sin e they are \rules" telling youhow to redu e a term. However, when we axiomatize the redu tion relation, the axioms are thebasi redu tion \rules" obtained by reading an equational axiom from left to right. Some usefulterminology is that a term mat hing the left-hand side of a redu tion axiom is alled a redex.In the operational semanti s (redu tion system), we may evaluate an expression by applyingredu tion axioms to any subexpression. To see how this works, onsider the expressionif Eq? (6 + 5) 17 then (1 + 1) else 27We annot simplify the onditional without �rst produ ing a boolean onstant true or false. Thisin turn requires numerals for both arguments to Eq?, so we begin by applying the redu tion rule6 + 5! 11. This gives us the expressionif Eq? 11 17 then (1 + 1) else 27whi h is simpli�ed using a redu tion rule for Eq? toif false then (1 + 1) else 27

Foundations for Programming Languages 54Finally, one of the rules for onditional applies, and we produ e the numeral 27. In order to simplifythis expression, we needed to evaluate the test before simplifying the onditional. However, it wasnot ne essary to simplify the number expression 1 + 1 sin e this is dis arded by the onditional.Sin e we may hoose to redu e any subterm at any point, we ould have simpli�ed 1+1! 2 betweenany two of the redu tion steps given. With the ex eption of this \nondeterministi hoi e," the stepsinvolved mimi the a tion of any ordinary interpreter fairly losely. We will dis uss onne tionsbetween nondeterministi and deterministi redu tion in Se tion 2.3.4.The reader may have noti ed that we do not have the equational axiom Eq?MM = true ,for arbitrary natural-number expression M . One reason is that the redu tion axiom Eq?MM !true would lead to a non- on uent redu tion system for PCF (see Se tion 2.3.4). In redu ing anexpression Eq?M N , we must �rst simplify M and N to numerals. This orresponds to a tualimplementations, where a test for natural number equality involves evaluating both expressions.The denotational semanti s of the basi natural number and boolean expressions falls underthe general pattern of algebrai terms and their interpretation in a multi-sorted algebra, whi h is overed in detail in Chapter 3. To give a hint of things to ome, we will summarize some of themain ideas here. We assign a \mathemati al meaning," or denotation to every natural numberand boolean expression by �rst hoosing a set N of natural-number values and a set B of booleanvalues. In the standard semanti s of natural-number and boolean expressions alone, these would bethe usual set of natural numbers and the usual set of booleans. However, in the ontext of PCF, wewill also in lude an extra element in ea h set to a ount for the fa t that PCF has partial re ursivefun tions on natural numbers, in addition to total fun tions, and similarly for booleans. The extraelement arises from the fa t that we may treat a partial fun tion from N to N as a total fun tionfrom N to N [ f1g , as is sometimes done in re ursive fun tion theory.On e we have hosen a set of values for ea h type, we an give meaning to expressions by hoosing a value for ea h free variable. Then, using indu tion on expressions, we spe ify a uniquemathemati al value (element of the appropriate set) for ea h expression. In the standard inter-pretation of natural numbers and boolean expressions, 2 + 3 has its usual value, 5, and so on, sothere is nothing very surprising in this ase. Sin e the denotational semanti s of basi data typesare a spe ial ase of �rst-order semanti s (or model theory), the basi idea is probably familiarfrom logi . The main reason for mentioning the denotational semanti s at this point is to ontrastthis with the axiomati semanti s (equational proof system) and operational semanti s (redu tionrules), whi h are entirely synta ti .De�nable fun tionsEven without lambda abstra tion, we an think of basi PCF natural-number expressions as de�ningnumeri fun tions. To des ribe this pre isely, we need to distinguish between the natural numbersand the symbols ( alled numerals) used in PCF. If n 2 N is a natural number, then one of thesymbols 0; 1; 2; : : : of PCF is the numeral for n , i.e., the symbol we usually use to write n on apie e of paper. For any n 2 N , let us write dne for this numeral. Using this notation, we say anexpression M :nat with natural number variable x de�nes a numeri fun tion f :N ! N impli itlyif, for every natural number n 2 N , we have [dne=x℄M !! df(n)e . In words, we an simplify theexpression [dne=x℄M , with the numeral for n in pla e of x , to the numeral for the fun tion valuef(n).Example 2.2.1 The numeri fun tion f(n) = n+5 is de�ned impli itly by the expression x+5,where x ranges over natural numbers.

Foundations for Programming Languages 55The notion of impli it de�nition may be extended to other types. A boolean expression M : boolwith boolean variable x de�nes a boolean fun tion f impli itly if [true=x℄M !! df(true)e and[false=x℄M !! df(false)e . It is easy to see that negation is de�ned impli itly by the expressionif x then false else true . Binary fun tions may also be de�ned impli itly, as in Exer ises 2.2.2and 2.2.3.With re ursion, we will be able to de�ne all omputable numeri fun tions in PCF. However,using only the basi natural-number and boolean expressions given in this se tion, there are manyfun tions that annot be de�ned. One example is given in Exer ise 2.2.3.Exer ise 2.2.2 Write expressions with boolean variables x and y whi h impli itly de�ne the onjun tion (x ^ y ) and disjun tion (x _ y ) of x and y .Exer ise 2.2.3 Show that the exponentiation fun tion is not impli itly de�nable using PCF nat-ural number and boolean expressions. In other words, prove that there is no basi natural numberexpression M with numeri variables x and y su h that [ dne=x℄ ([ dme=y℄M) has value dnme .2.2.3 Pairing and fun tionsIn PCF, we an form ordered pairs and fun tions of any type. If M and N are any PCF expressions,then hM;Ni is the ordered pair whose �rst omponent has the same value as M and se ond omponent has the same value as N . Every PCF pair has a artesian produ t type whi h isdetermined by the following simple rule: if M has type � and N has type � , then the pair hM;Nihas type �� � . For example, h3; 5i is an ordered pair of natural numbers, with h3; 5i : nat �nat ,and the \nested pair" h3; h5; 7ii has type nat �(nat �nat).In addition to forming pairs, we an also \take pairs apart" using proje tion operations. Theproje tion operations Proj1 and Proj2 return the �rst and se ond omponents of a pair. This isformalized in the two equational axioms(proj ) Proj1hM;Ni =M; Proj2hM;Ni = N:The �nal axiom for pairing is based on the idea that two pairs with the same �rst and se ond omponents must be equal (i.e., the same pair). Sin e any P :�� � is a pair, we an form a pairh(Proj1P ); (Proj2P )i from the �rst and se ond omponents of P . This must be the same as P ,sin e it has the same omponents. This gives us the equational axiom(sp) h(Proj1P ); (Proj2P )i = P:One point about the (sp) axiom, alled surje tive pairing, is that this is redundant for expli itpair terms of the form hM;Ni . This is easily demonstrated by substituting hM;Ni for P andapplying equational axioms to subterms:h(Proj1hM;Ni); (Proj2hM;Ni)i= hM; (Proj2hM;Ni)i= hM;NiHowever, if x:�� � is a variable of produ t type, then we annot prove h(Proj1x); (Proj2x)i = xwithout the axiom that gives us this equation dire tly. This is demonstrated in Example 2.4.3,whi h appears in a later se tion sin e it depends on properties of on uent redu tion systems. Thereason the axiom is alled surje tive pairing is that it implies that the pairing fun tion is surje tive

Foundations for Programming Languages 56onto the set of elements of produ t type. A onsequen e of (sp) is given in part (a) of Exer ise2.2.7.As for natural number and boolean expressions, the redu tion rules for pairs are derived byreading the equational axioms from left to right. However, we only in lude redu tion rules orre-sponding to the (proj ) axioms. There is no (sp) redu tion rule in the operational semanti s ofPCF for two reasons. The �rst is that it is not ne essary, as demonstrated by the adequa y of theoperational semanti s without (sp), dis ussed in Se tions 2.3 and 5.4.1. The se ond is that the rule auses on uen e to fail, when ombined with re ursive de�nitions of fun tions (see Se tion 4.4.3).Fun tionsPCF fun tions are written using lambda abstra tion, and most of the examples given in Se tion 1.2are PCF expressions. For example, sin e we have numerals and addition in PCF, both �x:nat : x+1and �x:nat : 5 are a eptable PCF, with type nat! nat : In general, a PCF fun tion may have anyPCF type as domain or range. Sin e we an have fun tions that take fun tions as argumentsand return fun tions as results, PCF is more exible (in this dire tion) than many programminglanguages. A simple higher-order fun tion is omposition of numeri fun tions omp def= �f :nat! nat : �g:nat!nat : �x:nat : f(gx):To see how this works, suppose f and g are numeri fun tions. Then omp f g is the fun tion�x:nat : f(gx); the fun tion whi h, on argument x , returns f(gx). Thus omp f g de�nes f Æ g .As mentioned in Se tion 1.3, we have the equational axiom(�) �x:�:M = �y:�:[y=x℄M; y not free in Mfor renaming bound variables. This axiom is related only to the fa t that � is a binding operator,and does not have anything to do with the way that lambda abstra tion de�nes a fun tion. Sin erenaming of bound variables is so basi , it is useful to have a spe ial name for it: we may writeM =� N if terms M and N di�er only in the names of bound variables. It is often onvenient towrite FV (M) for the free variables of M , i.e., the variables appearing in M that are not boundby � .The se ond axiom,(�) (�x:�:M)N = [N=x℄M;gives us a way of omputing the result of fun tion appli ation by substitution. To avoid any onfu-sion about substitution and bound variables, we de�ne substitution on typed lambda expressionspre isely, by the following indu tion, with three sub ases for di�erent forms of lambda abstra tions:[N=x℄x = N[N=x℄a = a; for onstant of variable a 6= x[N=x℄(PQ) = ([N=x℄P )([N=x℄Q)[N=x℄�x:�:M = �x:�:M[N=x℄�y:�:M = �y:�:[N=x℄M; provided x 6= y and y 62 FV (N)[N=x℄�y:�:M = (�z:�:[N=x℄[z=y℄M); where z 62 FV (MN) and y; z 6= xWhile most of these lauses are easily understood, it may be worth saying a few more words aboutthe last three lines. The fourth line makes sense when we remember that a substitution [N=x℄

Foundations for Programming Languages 57only repla es free o urren es of x by N . Sin e x is bound in �x:�:M , the substitution [N=x℄has no e�e t on this term. The last two lauses tell how to substitute for a free variable insidethe binding operator � . If y is not free in the term N we are inserting into M , then we may goahead and perform the substitution. This is the intent of the �fth line of the de�nition. However,if y is free in N , then we have a on i t and we must rename y to some other variable z toavoid apturing the free y in N . The option is provided by the last line of the de�nition. Sin esubstitution may involve arbitrary renaming, substitution is only de�ned up to �-equivalen e. Inother words, if we ompute [N=x℄M by this de�nition, we may end up with any one of an in�nitenumber of possible terms. However, all of the possibilities are =� to ea h other. Sin e we onsider�-equivalent terms as essentially the same, and they are provably equal in the simplest possibleway, this \nondeterminism" in the de�nition of substitution is ompletely harmless. It is easyto see that substitution respe ts �-equivalen e, in the sense that [N=x℄M =� [N=x℄P wheneverM =� P .Substitution is extended to PCF by adding ases for addition, onditional, et . These are allstraightforward, and follow the pattern of the appli ation ase above: we substitute [N=x℄ in a ompound expression by applying this substitution to ea h of its parts, e.g., [N=x℄(P + Q) =([N=x℄P ) + ([N=x℄Q). Exer ise 2.2.6, whi h may be useful to remember, asks you to prove thefollowing identities involving substitution.[M=x℄([N=x℄P ) = [([M=x℄N)=x℄P;[M=x℄([N=y℄P ) = [([M=x℄N)=y℄([M=x℄P ) if y 6� x and y 62 FV (M)The ombination of �- onversion and renaming bound variables in substitution provide stati s opein PCF, as illustrated in Exer ise 2.2.13.The �nal equational axiom for fun tions is based on the idea that two fun tions are equal ifthey produ e equal values on all arguments. To see how this arises, suppose M :�! � is a fun tionexpression, and x:� is some variable not appearing in M . The ondition on x is to make sure thatwe do not use x in two di�erent ways. Then sin e (Mx): � , the expression �x:�:(Mx) also de�nesa fun tion from � to � . For any argument N :� , we an apply either fun tion to N . However, weget the same result in either ase, sin e(�x:�:Mx)N =MNby (�). (Noti e that we get ([N=x℄M)N , whi h is di�erent, if we drop the assumption that xis not free in M .) Sin e the two fun tions return the same result on all arguments, we have theequational axiom(�) �x:�:Mx =M; x not free in MJust as the �nal axiom for pairing is redundant for expli it pairs, the (�) axiom for fun tions isredundant for expli it fun tion expressions. Spe i� ally, if M has the form �y:�: P , and x is notfree in M , then we an prove �x:�:Mx =M using (�). However, we annot prove �x:�:Mx =Mif M is a variable of fun tion type without using (�). A onsequen e of (�) is given in part (b) ofExer ise 2.2.7.Both (�) and (�) ould be used as redu tion rules, read left to right. When it is important todistinguish between the equational axioms, we use (�)eq and (�)eq for the equational axioms and(�)red and (�)red for the redu tion rules. While � -redu tion is used in many versions of lambda al ulus, we will not use (�)red in PCF redu tion sin e it is not needed. As dis ussed in Se tion1.3, we keep (�) as the single equational axiom of the redu tion system for PCF. In other words,PCF redu tion is a relation on �-equivalen e lasses of expressions.

Foundations for Programming Languages 58For easy referen e, the syntax of PCF is summarized in Se tion 2.2.6. The equational proofsystem appears in Table 2.1 and the redu tion system in Table 2.2.CurryingA traditional topi in lambda al ulus is the relationship between multi-argument and higher-order fun tions. If we have a mathemati al fun tion of two arguments, su h as the additionfun tion add(x; y:nat ) = x + y , then we generally think of this as a fun tion on ordered pairsadd : (nat �nat)! nat . This type of addition fun tion may be written as the PCF expressionadd = �p:nat �nat : (Proj1p) + (Proj2p)In words, this add is the fun tion whi h takes a pair of natural numbers, and returns the sum ofits two omponents.A related fun tion is alled the \ urried" addition fun tionCurry(add ) = �x:nat : �y:nat : x+ yafter lambda al ulus pioneer Haskell Curry. The urried addition fun tion yields x+y when appliedto x and y , but the form of parameterization is di�erent. Like many other lambda expressions,it is easiest to read Curry(add ) from right to left. The �nal result of applying the fun tion isthe expression to the right of all of the � 's, whi h is x + y . The next smallest expression is�y: x + y . This fun tion adds x , whose value is not determined within this expression, to thefun tion argument. So we might all this the \add x" fun tion. Sin e this fun tion takes a singlenatural-number argument and returns a natural number result, we have�y: x+ y : nat!nat :Now let us look again at the whole fun tion Curry(add ). On argument x , the fun tion Curry(add )returns the \add x" fun tion. So Curry(add ) is a fun tion of a single natural-number argument,returning a numeri fun tion. This is re e ted in the type of the fun tionCurry(add ):nat!(nat! nat):Thus the urried addition fun tion yields x + y when applied to two natural numbers x and y ,but as the type indi ates, Curry(add ) takes two natural number arguments one at a time, ratherthan all at on e.As suggested by the notation Curry(add ), there is a higher-order transformation Curry whi hmaps any binary natural- number fun tion f to its urried form Curry(f). This map an a tuallybe written in PCF, as the lambda expressionCurry = �f : (nat �nat)! nat : �x:nat : �y:nat : fhx; yi:Using the axiom of � -equivalen e, it is easy to see that when applied to add , the fun tion Curryprodu es the lambda expression written above.Curry(add ) = (�f : (nat �nat)!nat :�x:nat :�y:nat : fhx; yi) add= �x:nat :�y:nat : add hx; yi= �x:nat :�y:nat : (�p:nat �nat : (Proj1p) + (Proj2p)) hx; yi= �x:nat :�y:nat :Proj1hx; yi+Proj2hx; yi= �x:nat :�y:nat : x+ ySome properties of urrying are given in Exer ise 2.2.8.

Foundations for Programming Languages 59Exer ise 2.2.4 Write a PCF expression to take any numeri fun tion f and return a numeri fun tion g su h that for any n , the value of g(n) is twi e f(n).Exer ise 2.2.5 Perform the following substitution. (Do not redu e the expression.)[(y + 3)=x℄ ((�f :nat! nat : �y:nat : f(x+ y))(�x:nat : x+ y))Exer ise 2.2.6 Prove the following substitution identities.(a) [M=x℄([N=x℄P ) = [([M=x℄N)=x℄P;(b) [M=x℄([N=y℄P ) = [([M=x℄N)=y℄([M=x℄P ) if y 6� x and y 62 FV (M):Exer ise 2.2.7 Show that the following two inferen e rules are derivable, i.e., the equation belowthe line is provable from the equation(s) above the line. For (a), you may assume that from x = uand y = v it is possible to prove hx; yi = hu; vi .(a) Proj1p = Proj1q; Proj2p = Proj2qp = q(b) Mx = NxM = N x 62 FV (M;N)Exer ise 2.2.8 Write a PCF expression Un urry whi h \un urries" natural number fun tions.More spe i� ally, if f is a urried fun tion f :nat!(nat!nat), then Un urry(f) should be anordinary binary fun tion Un urry(f): (nat �nat)! nat taking a pair of numbers and produ -ing a natural number result. Use the axioms for fun tions and pairing to prove the equationsUn urry(Curry g) = g and Curry(Un urry f) = f , for any ordinary binary g: (nat �nat)! natand any urried f :nat!(nat!nat).2.2.4 De larations and synta ti sugarOne of the appeals of lambda al ulus, as a model programming language, is the way that lambdaabstra tion orresponds to variable binding in ommon programming languages. This is immedi-ately lear for Lisp and its diale ts, whi h are based on lambda notation. It is also true for Algol-likelanguages, su h as Pas al. For example, onsider the following Algol-like program fragmentbegin fun tion f(x:nat) nat ;return x;end;hbodyiendwith a fun tion de laration at the beginning of a blo k. We an easily write the fun tion f as thelambda expression �x:nat : x . We will also see that the entire blo k may be translated into lambdanotation. The translation may be simpli�ed by adopting a general notational onvention.A reasonable typed syntax for de larations islet x:� =M in N;

Foundations for Programming Languages 60whi h binds x to M within the de laration body N . In other words, the value of let x:� =M in N is the value of N with x set to M . We onsider this well-typed only if M has type � .Using let, we an now write the Algol-like blo k above aslet f :nat!nat = �x:nat :x in hbodyi:Instead of adding let de larations to PCF dire tly, we will treat let as an abbreviation, orwhat is often alled \synta ti sugar" in omputer s ien e. This means that we will feel free touse let in writing PCF expressions, but we do not onsider let part of the a tual syntax of PCF.Instead, we will think of let as an abbreviation for a lambda expression, a ording to the rulelet x:� =M in N def= (�x:�:N)MThis treatment of let allows us to keep the size of PCF relatively small, whi h will pay o� whenwe ome to proving things about the language. In addition, we need not spe ify any additionalequational axioms or redu tion rules, as these are inherited dire tly from � . To distinguish abbrevi-ations from a tual PCF syntax, we will use the symbol def= , as above, when de�ning meta-notational onventions. In general, M def= N means that whenever we write a term of the form M , this isshorthand for a term of form N .Example 2.2.9 We will translate the following \sugared" PCF expression into pure PCF (withoutsynta ti sugar) let ompose = �f :nat!nat :�g:nat!nat :�x:nat :f(g x) inlet h = �x:nat : x+ x in ompose hh 3and simplify by applying the appropriate redu tion rules. The \de-sugared," pure PCF expression,written using the same names for bound variables, is:(� ompose : (nat!nat)!(nat!nat)! nat!nat :(�h:nat!nat : ompose h h 3) �x:nat : x+ x)�f :nat!nat : �g:nat!nat : �x:nat : f(g x):This redu es as follows:! (�h:nat!nat : (�f :nat!nat : �g:nat!nat : �x:nat : f(g x)) h h 3)(�x:nat : x+ x)! (�f :nat!nat : �g:nat!nat : �x:nat : f(g x)) (�x:nat : x+ x) (�x:nat : x+ x) 3!! (�x:nat : x+ x)((�x:nat : x+ x) 3)! ((�x:nat : x+ x) 3) + ((�x:nat : x+ x) 3)!! (3 + 3) + (3 + 3)!! 12:The notion of \synta ti sugar" is very useful in programming language analysis. By onsider-ing ertain onstru ts as synta ti sugar for others, we an write program examples in a familiarnotation, and analyze these programs as if they are written using simpler or less troubling prim-itives. However, this te hnique must be used with are. Sin e omputation may be modeled bysubstitution, as in the redu tion rules for PCF, we do not want to make too many transformationsunder the umbrella of synta ti sugar. Three indi ations that the de�nition of let does not addany omputational power to PCF are:

Foundations for Programming Languages 61(i) let x:� = M in N and the lambda expression (�x:�:N)M have approximately the samesize ( ounting symbols);(ii) both have the same typing onstraints;(iii) the two expressions have the same immediate subexpressions (synta ti onstituents).While these onditions are not absolute rules about synta ti sugar, they are a useful guide towardsgood use of synta ti sugar.Another synta ti extension allows us to write fun tion de laration in a more familiar form, asfollows let f(x: �):� =M in N def= let f : �! � = �x: �:M in NWe an also add multi-argument fun tion de�nitions, as in Exer ise 2.2.12 below.Example 2.2.10 The language ISWIM, des ribed in [Lan66℄, has an expression form M where x:� =N . Intuitively, the value of this expression is the value of M when the variable x is set to N . We an easily add where to PCF by the abbreviationM where x:� = N def= let x:� = N in M:Exer ise 2.2.11 Whi h PCF redu tion rule is appli able to any term of the form let x:� =M in N , and what is the result of a single appli ation of this rule?Exer ise 2.2.12(a) Show how to add two-argument fun tions to PCF by de�ning�hx:�; y: �i:Mas synta ti sugar. If �x:�: �y: �:M has type �! �! � , then �hx:�; y: �i:M has type �� �! � .You may want to use the results of Exer ise 2.2.8.(b) Introdu e a two-argument fun tion form of letlet fhx:�; y: �i: � =M in Nas synta ti sugar, using the result of part (a). Illustrate the indu ed redu tion rule for thisde�nition form by expanding let fhx:�; y: �i: � =M in N into pure PCF and redu ing.

Foundations for Programming Languages 62Exer ise 2.2.13 This exer ise is on erned with stati s ope and renaming of bound variables.Intuitively, stati s oping of variables means that the binding of a variable is always determined by�nding the losest en losing binding operator for that variable. Moreover, the binding of a variabledoes not hange during evaluation of expressions. With dynami s oping, the way a variable isbound may hange during evaluation. This distin tion will be intuitively familiar to omputers ientists who have studied programming languages.(a) Under stati s ope, the free x in the de laration of f is bound by the outer de laration. Asa result, the fun tion f always adds 3 to its argument, no matter where it is alled.let x:nat = 3 inlet f(y:nat):nat = x+ y inlet x:nat = 4 inf 5Use redu tion to simplify this PCF expression to 8. You may save yourself the trouble ofrewriting let's to � 's by using the derived rule let x:� =M in N ! [M=x℄N .(b) Suppose that in redu ing the expression in part (a), you begin by substituting �y:nat : x+ yfor f in the inner expression, let x:nat = 4 in f 5. (This a tually orresponds to the usualimplementations, sin e we begin evaluation of f 5 by passing 5 to the body of f .) Explainhow renaming bound variables provides stati s ope. In parti ular, say whi h variable above(x , f or y ) must be renamed, and how a spe i� o urren e of this variable is thereforeresolved stati ally.( ) Under dynami s ope, the binding for x in the body of f hanges when f is alled in thes ope of the inner binding of x . Therefore, under dynami s ope, the value of this expressionwill be 4 + 5 = 9. Show how you an redu e the expression to 9 by not renaming boundvariables when you perform substitution.(d) In the usual stati ally s oped lambda al ulus, �- onversion (renaming bound variables) doesnot hange the value of an expression. Use the example expression from part (a) to explainwhy �- onversion may hange the value of an expression if variables are dynami ally s oped.(e) Show that on uen e fails for dynami ally-s oped PCF.2.2.5 Re ursion and �xed-point operatorsThe �nal onstru t of PCF provides de�nition by re ursion. Rather than add a new de larationform, we will treat re ursive de larations as a ombination of let and one new basi fun tion,a �xed-point operator �x� for ea h type � . The reader should be warned that this onstru traises more subtle issues than the parts of the language we have already dis ussed. To begin with,re ursion makes it possible to write expressions with no normal form. This hanges our basi intuition about the way that an expression de�nes a mathemati al value. In addition, when thereare several possible redu tions that ould be applied to a term, the hoi e between these be omesimportant.We will see how �xed-point operators provide re ursion by beginning with the de laration formletre f :� =M in N:

Foundations for Programming Languages 63This has the intended meaning that within N , the variable f denotes a solution to the equationf = M . In general, f may o ur in M . The main typing onstraint for this de laration is thatM must have type � , sin e otherwise the equation f = M does not make sense. We will seethat letre may be treated as synta ti sugar for a ombination of ordinary let and a �xed-pointoperator.We an see how letre works by writing the fa torial fun tion. To simplify the notation, letus write x� 1 for the prede essor of x , and x � y for the produ t of x and y . (To stay within thenatural-numbers, we onsider 0� 1 = 0.) We will see later how to de�ne prede essor and naturalnumber multipli ation in PCF using re ursion. With these extra operations, we an de�ne thefa torial fun tion and ompute 5! by writingletre f :nat!nat = �y:nat : (if Eq? y 0 then 1 else y � f(y � 1)) in f 5Sin e the variable f o urs free in the expression on the right-hand side of the equals sign, we annot simply take f to refer to the expression on the right. Instead, we want f in the fun tionbody to refer \re ursively" to the fun tion being de�ned. We may summarize this by saying thatf must be a solution to the equationf = �y:nat : if Eq? y 0 then 1 else y � f(y � 1)with two o urren es of the fun tion variable f . From a mathemati al point of view, it is not learthat every equation f :� = M involving an arbitrary PCF expression M should have a solution,or whi h solution to hoose if several exist. We will onsider these questions more arefully whenwe investigate the denotational semanti s of PCF in Chapter 5. However, re ursive fun tion de -larations have a lear omputational interpretation. Therefore, we will assume that every de�ningequation has some solution and add syntax to PCF for expressing this. The asso iated equationalaxiom and rewrite rule will allow us to think operationally about re ursive de�nitions and providea useful guide in dis ussing denotational semanti s in Chapter 5.Using lambda abstra tion, we an represent any re ursive de�nition f :� = M by a fun tion�f :�:M . Rather than looking for a solution to a re ursive de�ning equation, we will produ e a�xed point of the asso iated fun tion. In general, if F :�!� is a fun tion from some type to itself,a �xed point of F is a value x:� su h that F (x) = x . For example, returning to the fa torialfun tion, we an see that fa torial is a �xed point of the operatorF def= �f :nat!nat : �y:nat : if Eq? y 0 then 1 else y � f(y � 1)on natural-number fun tions. We show how fa torial is de�ned and omputed in PCF by applyinga �xed-point operator to this fun tion.The last basi onstru t of PCF is a family of fun tions�x� : (�!�)!�;one for ea h type � . The fun tion �x � produ es a �xed point of any fun tion from � to � .Using lambda abstra tion and �x� , we an regard the re ursive letre de laration form as anabbreviation: letre f :� =M in N def= let f :� = (�x� �f :�:M) in N:Sin e we often use letre to de�ne fun tions, we also adopt the synta ti sugarletre f(x: �):� =M in N def= letre f : �!� = �x: �:M in N:

Foundations for Programming Languages 64The equational axiom for �x �: (�!�)!� is that it produ es a �xed point(�x ) �x� = �f :�!�:f (�x� f):Using (�), it is easy to derive the more intuitive equation�x�M =M (�x�M)for any M :�!� . The (�x ) redu tion rule is obtained by reading the equational axiom from leftto right. Some reasonable, non-equational properties of �x� are more subtle, and will be dis ussedin Se tions 5.2 and 5.3.To see how (�x ) redu tion works, we will ontinue the fa torial example. Using �xnat!nat ,the fa torial fun tion may be written fa t def= �xnat!nat F; where F is written out above. As atypographi al simpli� ation, we will drop the subs ript of �x in the al ulation below. To omputefa t n , we may expand the de�nition, and use redu tion to obtain the following.fa t n � (�x F ) n!! F (�x F ) n� (�f :nat!nat : �y:nat : if Eq? y 0 then 1 else y � f(y � 1)) (�x F ) n!! if Eq?n 0 then 1 else n � (�x F )(n� 1)Note that apart from (�x ) redu tion, we have used only ordinary � -redu tion. When n = 0, we an use the axiom for onditional to simplify fa t 0 to 1. For n > 0, we an simplify the test toobtain n � (�x F )(n � 1) and ontinue as above. For any natural number n , it is lear that wewill eventually ompute fa t n = n! . Put more formally, we may use ordinary natural- numberindu tion to prove the theorem about PCF that for every natural number n the appli ation of fa tto the PCF numeral for n may be redu ed to the numeral for n! .As mentioned above, �xed-point operators raise mathemati al problems. If we think of thefun tions from nat! nat to nat!nat as ordinary set-theoreti fun tions, then it does not makesense to postulate that every f : (nat!nat)!(nat!nat) has a �xed point x with the propertyx = f(x). However, as shown in Exer ise 2.2.16, we have �xed points of this type i� we allownumeri fun tions to be de�ned by re ursion. Sin e re ursion is fundamental to omputation, itis important to have �xed-point operators in PCF. The way to make mathemati al sense of �x isto realize that when we have re ursion, we may write algorithms that de�ne partial fun tions. Iff : (nat!nat)!(nat!nat), then its �xed point may be a partial fun tion, su h as the fun tionwhi h is unde�ned on all integer arguments. Thus, when we add re ursion to PCF, we mustunderstand that an expression of type � de�nes an algorithm for omputing an element of type� . In the ase that this algorithm does not terminate, the expression may not de�ne one of thestandard values of that type. (A note for re ursion theorists is that if we repla e �x by some other onstru t that does not allow us to write nonterminating fun tions, there would be total re ursivefun tions we ould not write in PCF. This follows from the fa t that the set of all total re ursivefun tions is not r.e.)Although �x takes the �xed point of a simple fun tion, we an a tually use �x to de�ne anynumber of mutually re ursive fun tions. This is most easily illustrated for the ase of two re ursivefun tions. Suppose we want to de�ne re ursive fun tions f and g satisfying the equationsf = F f gg = Gf g

Foundations for Programming Languages 65where we assume that neither f nor g appears free in F or G . Let us assume that F :�! �!�and G:�! �! � so that both equations are type orre t. We may then apply �x�� � to thefun tion on pairs �hf :�; g: �i: hF f g; G f gi:This gives us a re ursively-de�ned pair whose �rst and se ond omponents satisfy the originalde�ning equations. The details are left as Exer ise 2.2.15. An alternative approa h whi h does notuse pairing is given in Exer ise 5.3.5.Exer ise 2.2.14 Assuming we have subtra tion in PCF, write a letre expression of the formletre �b(x:nat):nat = : : : in �b(4)whi h de�nes the Fibona i fun tion and applies it to 4 to ompute the fourth Fibona i number.(Re all that the zero-th Fibona i number is 1, the �rst Fibona i number is 1, and after that ea hFibona i number is the sum of the pre eding two.) Show how your letre expression redu es tothe 4th Fibona i number. You should give approximately the same amount of detail as in thefa torial example of this se tion.Exer ise 2.2.15 Consider the pair of equationsf = F f gg = Gf gwhere F :�! �!� , G:�! �! � and neither f nor g appears free in F or G . Show that the�rst and se ond omponents of �x�� � (�hf :�; g: �i: hF f g; G f gi)satisfy these equations. (An alternative approa h to mutually-re ursive de�nitions is given inExer ise 5.3.5.)Exer ise 2.2.16 In this se tion, we de�ned letre as synta ti sugar using �x. The point of thisexer ise is to demonstrate that �x is also de�nable from letre .(a) Write an expression FIX using letre with the property that if we expand letre f :� =M in N to (�f :�:N)(�x� (�f :�:M)), we an redu e FIX to �x using only � -redu tionand � -redu tion.(b) Write a redu tion rule for letre of the formletre f :� =M in N ! P;where P is an expression ontaining M , N and letre , but not �x . As a he k that this isplausible, show that P is provably equal to[ [(FIX (�f :�:M))=f ℄M ℄ = f ℄N;whi h orresponds to the result of doing one �x redu tion and one � -redu tion to the term(�f :�:N)(�x � (�f :�:M)) mentioned in part (a).( ) Show that if we take letre as basi , and use the redu tion rule given in part (b), the termFIX you gave in answer to part (a) is a �xed-point operator. That is, show that for any termM of the orre t type, FIX M !! MF , where F is the result of applying one � -redu tionto (FIX M).

Foundations for Programming Languages 662.2.6 PCF syntax summary and olle ted examplesPure PCFThe syntax of pure PCF, without extension by synta ti sugar, is summarized below by a BNF-likegrammar. The �rst set of produ tions des ribe the expressions of an arbitrary type � . These in ludevariables, onditional expressions, and the results of fun tion appli ation, proje tion fun tions, and�xed-point appli ation.h� expi ::= h� vari j if hbool expi then h� expi else h� expi jh� appli ationi j h� proje tioni j h� �xed pointih� appli ationi ::= h�!� expih� expih� proje tioni ::= Proj1h�� � expi jProj2h� �� expih� �xed pointi ::= �x� h�! � expiFor fun tion and produ t types, we also have lambda abstra tion and expli it pairing.h�! � expi ::= �x:�:h� expih�� � expi ::= h h� expi; h� expi iThe onstants and fun tions for natural numbers and booleans are overed by the following pro-du tions. hbool expi ::= true j false jEq? hnat expi hnat expihnat expi ::= 0 j 1 j 2 j : : : j hnat expi+ hnat expiThis on ludes the de�nition of PCF. An alternate de�nition of the syntax of PCF may be givenusing the typing rule style of Chapter 4.Synta ti extensionsThe most ommonly used extensions of PCF by synta ti sugar are listed below, along with theirde�nitions. To distinguish abbreviations from a tual PCF syntax, we use the symbol def= to de�nemeta-notational onventions. The de�nition M def= N means that whenever we write a term of theform M , this is short-hand for the orresponding term of the form N .

Foundations for Programming Languages 67let x:� =M in N def= (�x:�:N)Mlet f(x:�): � =M in N def= let f :�! � = �x:�:M in Ndef= (�f :�! � :N)(�x:�:M)letre f :� =M in N def= let f :� = (�x� (�f :�:M)) in Ndef= (�f :�:N)(�x� (�f :�:M))letre f(x: �):� =M in N def= letre f : �!� = �x: � :M in Ndef= let f : �!� = (�x �!� (�f : �!�: �x: � :M)) in Ndef= (�f : �!�:N)(�x �!� (�f : �!�: �x: � :M))�hx:�; y: �i:M def= �p:�� � :(�x:�: �y: � :M)(Proj1 p)(Proj2 p)let hx:�; y: �i =M in N def= (�hx:�; y: �i: N)MA useful onvention is to write MnN for the term M (M : : : (M N) : : :) onstru ted by applying Mto N a total of n times. A more pre ise de�nition is that M0N def= N and Mn+1N def= M(MnN).ExamplesBoolean and natural-number expressions.if Eq? (4 + 5) 9 then 27 else 42if (if Eq? (4 + 5) 9 then false else true) then 42 else 27(if Eq? (x+ y) z then �x:nat : x+ 5 else �y:nat : y + 7)(if Eq? (x+ y) z then 7 else 5)Lambda abstra tion and appli ation.�x:nat : x�x:nat : x+ 1(�x:nat : x+ 1)((�y:nat : 5 + y) 3)(�f :nat!nat : �x:nat : f(f(fx))) (�y:nat : 5 + y) 3

Foundations for Programming Languages 68Pairing and fun tions.�x:nat �nat :hProj1 x+ 1;Proj2 x+ 1i : (nat �nat)!(nat �nat)�x:�� � :hProj2 x;Proj1 xi : (�� �)!(� ��)�x:nat �nat :if Eq? (Proj1 x) 0 then Proj2 x else 0 : nat �nat!nat�f :nat!nat : �g:nat!nat : �x:nat : f(g x) is omposition of numeri fun tions�f :nat!nat : �g:nat!nat : �x:nat :if Eq? (f x) 0 then g x else 0 : (nat!nat)!(nat!nat)!(nat!nat)�f : (nat �nat)! nat : �x:nat : �y:nat : fhx; yi is Curry for numeri fun tionsDe larations and re ursion.let omp : (�! �)!(�! �)!(�! �)= �f : �! �: �g:�! � : �x:�: f(g x)in omp f glet add : (nat �nat)!nat= �x:nat �nat :(Proj1 x) + (Proj2 x)in let urry : ((nat �nat)! nat)! nat!nat!nat= �f : (nat �nat)!nat : �x:nat : �y:nat : fhx; yiin urry add 5 7Assuming we have a prede essor fun tion pred whi h maps ea h n > 0 to n � 1 and zero tozero, we an write multipli ation as follows. A de�nition of pred is given in Se tion 2.5.2, using ageneral method des ribed there.letre mult : (nat �nat)! nat= �p:nat �nat :if Eq? (Proj1 p) 0 then 0 else (Proj2 p) +multhpred (Proj1 p);Proj2 piin multh6; 7iWe may rewrite this last example using more synta ti sugar to make it learer:letre multhx:nat ; y:nati:nat = if Eq?x 0 then 0 else y +multhpred x; yiin multh6; 7iFor further examples, see Se tion 2.5 and the exer ises.

Foundations for Programming Languages 692.3 PCF Programs and Their Semanti s2.3.1 Programs and resultsNow that we have seen all of the onstru ts of PCF, we will take a step ba k and dis uss the mean-ing, or semanti s, of PCF in a general way that is intended to apply to a variety of programminglanguages. This should put the equational axioms and redu tion rules that were presented alongwith the syntax of PCF in perspe tive. The three forms of semanti s we will onsider are axiomati semanti s, given by a proof system, operational semanti s arising from a set of redu tion rules, anddenotational semanti s (with details put o� to Chapter 4). Ea h form of semanti s has advantagesand disadvantages for understanding properties of programs. In addition, there are standard on-ne tions between the three forms of semanti s that should hold for any programming language. Wedis uss a few synta ti distin tions in this brief subse tion before stating the onne tions pre iselyin the next three subse tions.Most programming languages have several di�erent synta ti ategories, or \kinds of expres-sions." These may in lude expressions as used in assignments or fun tion alls, imperative state-ments, de larations or modules. However, not all well-formed synta ti entities an be exe uted orevaluated by themselves. Therefore, in any programming language, we distinguish programs fromother synta ti forms that may be used only as parts of programs. The two hara teristi s thatdistinguish a program from an arbitrary synta ti form are that a program should not refer to anyunde lared or unbound variables and a program should have the appropriate type or form to yielda printable value or observable e�e t.In PCF, the two synta ti ategories are types and terms (expressions that have types). If wethink of giving a losed natural number or boolean term to an interpreter, then we ould expe tthe interpreter to print its value. Therefore, we onsider losed boolean and numeri expressionsprograms. But if we give an open natural number term su h as x + 5 to an interpreter, there isno orre t value sin e the value of x is not given. In addition, we annot expe t the value of afun tion expression to be printed with the same degree of a ura y as a natural number or boolean.Although an interpreter ould ertainly print ba k the fun tion expression we give it, or perhapsprint some kind of \optimized" ode, no interpreter an print fun tion expressions in a way thatwould tell us exa tly whi h mathemati al fun tion is de�ned by the fun tion expression typed in.This is be ause equality for partial re ursive fun tions is unde idable and, as proved in Se tion2.5.5, every partial re ursive fun tion is de�nable in PCF. For this reason, we say that naturalnumber and boolean values are observable, but nat!nat values are not.We give a pre ise de�nition of PCF program by de�ning the types of observable values. Althougha pair of observable values ould be onsidered observable, sin e an interpreter an easily print apair of printable values, we will simplify several te hni al arguments by hoosing a simpler set ofobservable types. This will not have any signi� ant e�e t on our theory, as shown in Exer ise2.3.5. We say � is an observable type if � is either nat or bool . A PCF program is a well-formed, losed term of observable type. One potentially onfusing aspe t of this de�nition is that it doesnot onsider input or output; it might be more a urate to all these \programs that require noadditional input and produ e one output." The reason we fo us on programs whi h already havewhatever input they require is that we use these programs to ompare axiomati , operational anddenotational semanti s. For this purpose, it is suÆ ient for ea h program to yield a single \datapoint" about the semanti s.Another general term we use in omparing semanti s is result. Intuitively, a result is an ob-servable e�e t of evaluating or exe uting a program. In a fun tional setting, this generally meansa term giving an expe ted �nal result of program evaluation. For PCF, we make this pre ise by

Foundations for Programming Languages 70saying that a result is a losed normal form of observable type. In other words, the PCF resultsare the numerals, 0; 1; 2; : : : and boolean onstants true and false .With this terminology, we an give a general de�nition of semanti s, at least for programminglanguages: a semanti s of programs is a relation between programs and results. This is a minimal ondition; all of the semanti s we onsider give more information than the result of evaluatingea h program. Typi ally, axiomati and denotational semanti s give more useful information thanoperational semanti s when it omes to expressions that may o ur in programs but are not fullprograms themselves.2.3.2 Axiomati semanti sIn general, an axiomati semanti s onsists of a proof system for dedu ing properties of programsand their parts. These properties may be equations, as in the PCF proof system (reviewed below),assertions about the output of programs, given ertain inputs, or other properties. Sin e it isdiÆ ult to dis uss all forms of axiomati semanti s in general, we will fo us on equational axiomati semanti s. We may apply this dis ussion to axiomati semanti s that address other properties ofprograms by saying that two programs are equivalent in an axiomati semanti s whenever exa tlythe same assertions are derivable about ea h of them.There are three general properties of axiomati semanti s that hold for PCF. The �rst is thatthe axiomati semanti s de�nes program behavior in some way. The other two are relations betweenthe axiomati and operational or denotational semanti s.� The axiomati semanti s determine the result (or output or observable e�e t, in general) ofany program that has one.� When two expressions are equivalent, a ording to the axiomati semanti s, we may safelysubstitute one for the other in any program without hanging the operational semanti s ofthat program. This ould be alled \soundness of the axiomati semanti s with respe t tothe operational semanti s."� The axiomati semanti s are sound with respe t to the denotational semanti s. Spe i� ally, ifwe an prove any pair of PCF terms equal, then these terms must have the same denotation,regardless of whi h values we give to their free variables.The PCF axiomati semanti s satis�es the �rst requirement sin e, for any full program that ter-minates a ording to the operational semanti s, we may prove that this expression is equal to theappropriate numeral (0; 1; 2; : : : ) or boolean onstant (true or false ). This is a simple onsequen eof the fa t that the PCF redu tion axioms are a subset of the equational axioms. It follows from ei-ther of the last two onditions that, unless the operational or denotational semanti s is degenerate,the axiomati semanti s does not equate all expressions of ea h type.The axiomati semanti s of PCF is given by the proof system whose axioms are des ribed inSe tions 2.2.2 through 2.2.5 and listed again in Table 2.1. These axioms are ombined with inferen erules that make provable equality a ongruen e, also in luded in Table 2.1. Congruen e means thatprovable equality is an equivalen e relation (re exive, symmetri and transitive), and that equalityis preserved if we repla e any subexpression by an equivalent one. We do not need a proof systemfor types, sin e two types are equal i� they are synta ti ally identi al.All of the ongruen e rules in Table 2.1, ex ept the two on erned with lambda abstra tion andappli ation (the two at the bottom of the table) are in fa t redundant. The reason is that we anuse lambda abstra tion and appli ation to a hieve the same e�e t. For example, suppose we an

Foundations for Programming Languages 71AxiomsEquality(ref ) M = Mnat and bool(add) 0 + 0 = 0, 0 + 1 = 1, . . . , 3 + 5 = 8, . . .(Eq?) Eq?nn = true, Eq?nm = false (n;m distin t numerals)( ond) if true then M else N =M , if false then M else N = NPairs (�� �)(proj ) Proj1hM;Ni =M Proj2hM;Ni = N(sp) hProj1P;Proj2P i = PBinding(�) �x:�:M = �y:�:[y=x℄M , provided y not free in M .Fun tions (�! �)(�) (�x:�:M)N = [N=x℄M(�) �x:�:Mx =M , provided x not free in MRe ursion(�x ) �x� = �f :�!�:f(�x� f)Inferen e RulesEquivalen e(sym), (trans) M = NN =M M = N;N = PM = PCongruen enat and bool M = N;P = QM + P = N +Q M = N;P = QEq?M P = Eq?N QM1 =M2; N1 = N2; P1 = P2if M1 then N1 else P1 = if M2 then N2 else P2Pairs M = NProjiM = ProjiN M = N;P = QhM;P i = hN;QiFun tions M = N�x:�:M = �x:�:N M = N;P = QMP = NQTable 2.1: Equational proof system for PCF

Foundations for Programming Languages 72prove M = N and P = Q , for four natural-number expressions M , N , P , and Q . We an deriveM + P = N +Q as follows. By the re exivity axiom, we have the equation�x:nat :�y:nat: x+ y = �x:nat :�y:nat: x+ y:Therefore, by the ongruen e rule for appli ation, we an prove(�x:nat :�y:nat: x+ y)M = (�x:nat :�y:nat: x+ y)N:Then, by axiom s heme (�) and transitivity,�y:nat:M + y = �y:nat:N + y:Repeating appli ation, (�) and transitivity we may omplete the proof of M + P = N +Q . Thereason that the ongruen e rules are listed is that these are important properties of equality. Inaddition, if we were to develop a �rst-order theory of natural numbers and booleans, in the absen eof lambda abstra tion, we would need axioms expressing these properties.It is worth mentioning that although the axiomati semanti s is powerful enough to determinethe meaning of programs, this proof system is not as powerful as one might initially expe t. Forexample, we annot even prove that addition is ommutative. Nor an we prove many interestingequivalen es between re ursive fun tions. For these kinds of properties, the most natural approa hwould be to add indu tion rules. Indu tion on natural numbers would let us prove ommutativityquite easily, and a form of indu tion alled \�xed-point indu tion" would allow us to prove a greatmany more equations between re ursively-de�ned fun tions. For further information on natural-number indu tion, the reader may onsult Se tion 1.8 or almost any book on mathemati al logi ,su h as [End72℄. Sin e �xed-point indu tion is spe i� ally related to programs, and not a traditionaltopi in mathemati al logi , we onsider this in Se tion 5.3. A rudimentary form of �xed-pointindu tion is dis ussed in Exer ise 2.3.3 below.Exer ise 2.3.1 Use the equational proof system to prove that the following two terms are equal,for any M . You do not need any axioms about subtra tion to arry out the proof.letre f(x:nat):nat = if Eq?x 0 then 1 else f(x� 1) in Mlet f(x:nat):nat = if Eq?x 0 then 1else letre g(x:nat ):nat = if Eq?x 0 then 1 else g(x� 1) in g(x� 1)in MExer ise 2.3.2 A system for proving equations is in onsistent if every equation M = N betweenwell-formed expressions M and N of the same type is provable. Show that if true = false isprovable from the axioms and inferen e rules of PCF, then the proof system is in onsistent. Usethe same idea to show that if we an prove m = n for distin t numerals m and n , the proof systemis also in onsistent.Exer ise 2.3.3 While we an prove some simple equations involving re ursion, su h as the onegiven in Exer ise 2.3.1, many similar-looking equations annot be proved in the equational proofsystem given here. The reason is subtle but important. Consider two re ursive de�nitions offa torial, for example, f1 = �x F1 and f2 = �x F2 . The two fun tions f1 and f2 may give thesame result for any natural number argument, even though the fun tions F1 and F2 are quite

Foundations for Programming Languages 73di�erent. However, the proof system does not seem to provide any way to dedu e f1 = f2 withoutessentially showing that F1 and F2 are losely related.A proof rule that helps prove equations involving �xed points is the following.(�x ind) M !! NMM = �x N :The intuitive explanation of this rule, whi h is loosely based on M Carthy's rule of re ursionindu tion [M C61, M C63℄, is that when M behaves omputationally like a �xed point of N ,then we on lude that M and �x N have the same value. The omputational nature of redu tionis important here, sin e the rule be omes unsound if the hypothesis is repla ed by the equationM = NM , as may be seen by taking N to be the identity. For further dis ussion of this rule, seeExer ise 5.4.9.Prove the following equations using (�x ind) in ombination with the other equational proofrules.(a) �x (f Æ g) = f(�x (g Æ f)).(b) �x� = �x (�!�)!��f : (�!�)! �:�g:�!�:g(fg) where � � �1!�2 .2.3.3 Denotational semanti sThe PCF denotational semanti s assigns a natural number value (or a spe ial additional value orresponding to nontermination) to ea h expression of type nat , a boolean value (or spe ial valuefor nontermination) to ea h expression of type bool , and a mathemati al fun tion or pair of valuesto any fun tion expression or expression of artesian produ t type. The mathemati al value of anexpression is alled its denotation. If a term has free variables, its denotation will generally dependon the values assumed for the free variables. While we will not go into details in this hapter, wewill give a brief overview of the denotational semanti s of PCF so that we an ompare the threeforms of semanti s.We give denotations to terms by �rst hoosing a set of values for ea h type. In the standardsemanti s, the set of mathemati al vales for type nat will in lude all of the natural numbers, plusa spe ial element ?nat representing nontermination. This extra value is needed sin e we havePCF expressions of type nat su h as letre f(x:nat):nat = f(x + 1) in f(0) whi h do notterminate under the standard interpreter, and do not denote any standard natural number. Forsimilar reasons, the set of denotations of type bool in ludes true , false and an extra value ?bool .The mathemati al values of a produ t type �� � are ordered pairs, as you would expe t. Themathemati al values of type �! � are fun tions from � to � with the property that if � = � , thenea h fun tion has a �xed point. The pre ise way of obtaining su h a set of fun tions is dis ussed inChapter 5. We interpret addition and other PCF fun tions in the usual way, for arguments that areordinary natural numbers, and as the spe ial value ?nat when one of the arguments is ?nat . Thisis be ause we annot ompute an ordinary natural number by adding a number to an expressionthat does not de�ne a terminating omputation.On e we have hosen a set of values for ea h type, we assign meanings to terms by hoosingan environment, whi h is a mapping from variables to values. If x is a variable of type � , and� is an environment, then �(x) must be a mathemati al value from type � . We then de�ne themeaning [[M ℄℄� of term M in environment � by indu tion, in the manner that may be familiar from�rst-order logi . Spe i� ally, the meaning [[x℄℄� is the value given to variable x by the environment,namely �(x). The meaning of an appli ation [[MN ℄℄� is obtained by applying the fun tion [[M ℄℄�

Foundations for Programming Languages 74denoted by M to the argument [[N ℄℄� denoted by N . Other ases are handled in a similar way. Animportant property is that the meaning of a term of type � will always be one of the mathemati alvalues asso iated with this type. Therefore, in the ase of an appli ation MN , for example, thetyping rules of PCF guarantee that the denotation of M will be a fun tion and the denotationof N will be a value in its domain. In this way, the synta ti typing rules of PCF avoid possible ompli ations in the denotational semanti s of the language.There are several properties of denotational semanti s that generally hold. The �rst is anintrinsi property of denotational semanti s that distinguishes it from other forms of semanti s.� The denotational semanti s is ompositional, whi h means that the meaning of any expressionis determined from the meanings of its subexpressions. For example,[[if B then M else N ℄℄� = 8><>: [[M ℄℄� if [[B℄℄� is true,[[N ℄℄� if [[B℄℄� is false,? otherwise.where ? is used as the meaning of the expression in the ase that evaluation of the test Bdoes not terminate. An immediate onsequen e of the ompositional form of this de�nitionis that if B0 , M 0 and N 0 have the same denotations as B , M and N , respe tively, then[[if B then M else N ℄℄� = [[if B0 then M 0 else N 0℄℄�:The reason these two must be equivalent is that the meaning of the onditional expressionif B then M else N annot depend on fa tors su h as the synta ti form of B , M andN , only their semanti meaning.� If we an prove the same assertions about M and N in the axiomati semanti s, then Mand N must have the same meaning in the denotational semanti s. This is alled soundness,for an equational proof system. This is a minimal property in the sense that if soundnessfails, we would on lude that something was wrong with either the axiomati or denotationalsemanti s. It follows from soundness, by onne tions between the axiomati and operationalsemanti s of PCF, that if M !! N , then M and N must have the same meaning in thedenotational semanti s.Both of these properties hold for the standard denotational semanti s of PCF. Further onne tionsbetween operational, denotational and axiomati semanti s are summarized in Se tion 2.3.5.2.3.4 Operational semanti sAn operational semanti s may be given in several ways. The most ommon mathemati al presen-tations are proof systems for either dedu ing the �nal result of evaluation or for transforming anexpression through a sequen e of steps. An alternative that may provide more insight into pra ti alimplementation is to de�ne an abstra t ma hine, whi h is a theoreti al omputing ma hine thatevaluates programs by progressing through a series of ma hine states. The most ommon pra ti alpresentations of operational semanti s are interpreters and ompilers. In this book, we on entrateon the �rst forms of operational semanti s, proof systems de�ning either omplete or step-by-stepevaluation.The operational semanti s of PCF are given by the redu tion axioms mentioned in Se tions2.2.2 through 2.2.5, whi h are summarized in Table 2.2. The redu tion axioms are written with thesymbol ! instead of =, to emphasize the dire tion of redu tion. Intuitively, M ! N means that

Foundations for Programming Languages 75nat and bool(add) 0 + 0! 0, 0 + 1! 1, . . . , 3 + 5! 8, . . .(Eq?) Eq?nn! true, Eq?nm! false (n;m distin t numerals)( ond) if true then M else N !M , if false then M else N !MPairs (�� �)(proj ) Proj1hM;Ni !M Proj2hM;Ni ! NRename bound variables(�) �x:�:M = �y:�:[y=x℄M , provided y not free in M .Fun tions (�! �)(�) (�x:�:M)N ! [N=x℄MRe ursion(�x ) �x� ! �f :�!�:f(�x� f)Table 2.2: Redu tion axioms for PCFwith one evaluation step, the expression M may be transformed to the expression N . While Nmay not be shorter than M , most of the rules have the \feel" of program exe ution; it seems thatwe are making progress towards a simpler expression in some way. We may de�ne an evaluationpartial fun tion from the redu tion system by eval(M) = N i� M may be redu ed to normal formN in zero or more steps.This relatively abstra t operational semanti s, whi h la ks any spe i� evaluation order, maybe re�ned in several ways. We will dis uss three forms of \symboli interpreters" in Se tion 2.4, onedeterministi , one nondeterministi , and the third a form of parallel interpreter. While all of theinterpreters are de�ned from redu tion axioms, ea h applies redu tion axioms to subexpressions ofprograms in a di�erent way. The deterministi interpreter is de�ned by hoosing a spe i� \nextredu tion step" at ea h point in program evaluation, while the nondeterministi interpreter may hoose to redu e any subexpression, or hoose to halt. The parallel interpreter may apply severalredu tions simultaneously to disjoint subexpressions. All determine the same partial evaluationfun tion.With three ex eptions, the PCF redu tion axioms are exa tly the left-to-right readings of theequational axioms. The �rst ex eption is that we allow renaming of bound variables at any pointduring redu tion, without onsidering this as a redu tion step. From a te hni al standpoint, thereason is that we annot always do substitution without renaming. The other ex eptions are thatwe do not have redu tions orresponding to the surje tive pairing axioms (sp) for pairs or theextensionality axiom (�) for fun tions. The reason for these two omissions is largely te hni al anddis ussed brie y in Se tion 2.4.1.� In general, if M is a program ( losed expression of observable type) and eval(M) = N ,then N should be something that annot be further evaluated. In PCF in parti ular, ifeval(M) = N , then N is either a numeral 0; 1; 2; : : : or a boolean onstant, depending onthe type of M .� If eval(M) = N , then M and N are equivalent a ording to both the axiomati and denota-tional semanti s. This is true for PCF, sin e ea h term is provably equal to its normal form,and the proof rules are sound for the denotational semanti s.

Foundations for Programming Languages 76� If M is a program and M has the same denotation as a result N , then the result of exe utingprogram M in the operational semanti s is N . This is ommonly referred to as omputationaladequa y sin e, if we take the denotational semanti s as our guide, it says that we have enoughredu tion rules to properly determine the value of any program. If omputational adequa yfails, we generally look to see if we are missing some redu tion rules, or onsider whetherthe denotational semanti s gives too many expressions equal meaning. It generally followsfrom onne tions between the axiomati and denotational semanti s that if the operationalsemanti s are adequate with respe t to the denotational semanti s, they are also adequatewith respe t to the axiomati semanti s.2.3.5 Equivalen e relations de�ned by ea h form of semanti sWe may summarize the basi onne tions between axiomati , operational and denotational seman-ti s by omparing the equivalen e relations de�ned by ea h one. Sin e the axiomati semanti s ofPCF is a logi al system for deriving equations, the obvious equivalen e relation is provable equality.The denotational semanti s gives us the relation of denotational equivalen e: two terms are denota-tionally equivalent if they have the same denotation (for any asso iation of values to free variables).The natural equivalen e relation asso iated with the operational semanti s involves substitution ofterms into full programs, des ribed below.We say that two programs of PCF, or any similar language, are operationally equivalent if theyhave the same value under the operational semanti s. In symboli form, programs M and N areoperationally equivalent if eval(M) ' eval(N). The \Kleene equation" eval(M) ' eval(N) meansthat either M and N both evaluate to the same term, or neither evaluation is de�ned. However,this is only an equivalen e relation on programs, not arbitrary terms. We extend this relation toterms that may have free variables or non-observable types using an important synta ti notion alled a ontext.A ontext C[ ℄ is a term with a \hole" in it, written as a pair of empty square bra kets. Anexample is the ontext C0[ ℄ def= �x:nat : x+ [ ℄If we insert a term into a ontext, then this is done without renaming bound variables. For example,C0[x℄ is �x:nat : x + x . We an think of a ontext as an in omplete program, sitting in the bu�erof a text editor. Inserting a program into a ontext orresponds to using the text editor to �llin the rest of the program. A spe ial ase is the empty ontext [ ℄, whi h orresponds to a texteditor ontaining no program at all. In Exer ise 2.3.4 below, the empty ontext is used to showthat evaluation respe ts operational equivalen e for programs.Using ontexts, we de�ne operational equivalen e on arbitrary terms, as follows. Terms M andN of the same type are operationally equivalent if, for every ontext C[ ℄ su h that both C[M ℄ andC[N ℄ are programs, we have eval(C[M ℄) ' eval(C[N ℄). In the literature, operational equivalen e issometimes alled \observational equivalen e" or \observational ongruen e."If we write M =ax N for provable equality in the axiomati semanti s, M =den N for deno-tational equivalen e, and M =op N for operational equivalen e, then the minimal requirement onthe three semanti s, alled adequa y or omputational adequa y, is(8 programs M) (8 results N) M =ax N i� M =den N i� M =op N:We also expe t that for arbitrary terms, the axiomati semanti s are sound for the denotationalsemanti s, and that denotationally equivalent terms are operationally equivalent. These may be

Foundations for Programming Languages 77written as the following in lusions between relations on terms:=ax � =den � =op :In general, operational equivalen e is the oarsest of the three, i.e., more terms are operationallyequivalent than denotationally equivalent or provably equivalent. This is not an a idental fa tabout operational semanti s, but a onsequen e of the way that operational equivalen e is de�ned.For example, if two terms M and N are not operationally equivalent in PCF, then there is some ontext C[ ℄ with C[M ℄ and C[N ℄ di�erent numerals or boolean onstants. Consequently, if weequate M and N in the axiomati semanti s, we would have an in onsistent proof system; seeExer ise 2.3.2. Similar reasoning applies to the denotational semanti s, so in general =ax and=den annot be any oarser than =op . The reason why we usually have =ax � =den is that weusually justify our axiom system by showing it is sound for denotational semanti s (whi h is justwhat =ax � =den means). Sin e denotational equivalen e is usually not re ursively enumerable,we do not typi ally have omplete axiom systems (systems where =ax and =den are the same)for languages with re ursion (�xed-point operators). A related fa t for PCF is given as Corollary2.5.16 in Se tion 2.5.5. The relationship between =den and =op is dis ussed in the next paragraph.A denotational semanti s with M =den N i� M =op N , for arbitrary terms, is alled fullyabstra t. A fully abstra t denotational semanti s may be very useful, sin e reasoning about thedenotational semanti s therefore allows us to reason about =op . This is important sin e =opis generally diÆ ult to reason about dire tly, yet it is the most useful form of equivalen e forprogram optimization or transformation. However, it is generally a diÆ ult mathemati al problemto onstru t fully-abstra t denotational semanti s. The po semanti s of PCF in Chapter 5, forexample, is shown not to be fully abstra t in Se tion 5.4.2. On the other hand, it is also shownin Se tion 5.4.2 that this semanti s is fully abstra t for an extension of PCF. Some general andhistori al referen es on full abstra tion are [Cur86, Mil77, Plo77, Sto88℄.Exer ise 2.3.4 This exer ise demonstrates general properties of evaluation and operational equiv-alen e that hold for a variety of languages. For on reteness, however, the problem is stated forPCF. You may assume that the PCF redu tion rules are on uent and that eval is the partialfun tion from PCF terms to PCF terms su h that eval(M) = N i� N is the unique normal formof M . Show that if programs M and N are operationally equivalent, then eval(M) ' eval(N).Assuming that all programs with no normal form are operationally equivalent, whi h is justi�edfor PCF in Exer ise 2.5.27, show that if M and N are programs with eval(M) ' eval(N), thenM and N are operationally equivalent.Exer ise 2.3.5 In Se tion 2.3.1, we de�ned programs as losed terms of observable type, and hosenat and bool as observable. Show that the relation =op remains the same if we hange the set ofobservable types in the following ways.(a) Only nat is onsidered observable.(b) We say � is an observable type if � is either nat , bool , or the produ t �1� �2 of two observabletypes �1 and �2 .Exer ise 2.3.6 Show that if eval is a partial re ursive fun tion on a re ursively enumerable lan-guage, then operational equivalen e is �02 . (This assumes some familiarity with re ursive fun tiontheory.)

Foundations for Programming Languages 782.4 PCF Redu tion and Symboli Interpreters2.4.1 Nondeterministi redu tionThe operational semanti s given by redu tion may be regarded as a \nondeterministi symboli interpreter." However, only the order in whi h subterms are redu ed is nondeterministi , notthe �nal result of redu ing all possible subterms. Se tion 2.4.3 presents a deterministi form ofredu tion that gives the same �nal results for terminating PCF programs, and Se tion 2.4.4 givesa related \parallel" form of redu tion. An inequivalent but often used deterministi redu tion is onsidered in Se tion 2.4.5.In general, given any set of redu tion rules, we say M redu es to N in one step, and writeM ! N , if N may be obtained from M by applying one redu tion rule to one subexpression.For any notion ! of redu tion, the orresponding multi-step redu tion relation !! is de�nedindu tively by M !! N if M =� N; orM !M 0 and M 0 !! N:In other words, !! is the least re exive and transitive relation on �-equivalen e lasses of expres-sions that ontains one-step redu tion.Example 2.4.1 Some di�eren es between one-step redu tion (!), equality (=), and multi-stepredu tion (!!) are illustrated using PCF below.(a) (if M then 3 + 4 else 7) = (if M then 7 else 3 + 4) sin e we have 3 + 4 = 7 andequations an be used ineither dire tion(b) (if M then 3 + 4 else 7) 6! (if M then 7 else 3 + 4) sin e 7 6! 3 + 4( ) 5 + 2!! 5 + 2 but 5 + 2 6! 5 + 2 sin e one-step redu tionis not re exive(d) if (Eq? 3 4) then 5 + 2 else 9!! 9 by �rst redu ing (Eq? 3 4)It is easy to see from the de�nition of redu tion that if M !! N , then we an prove the equationM = N . It follows that if M !! N and P !! N , we an also prove M = P .For most notions of redu tion, a term may be redu ed in several ways. The reason is that aterm may have many di�erent subterms, ea h mat hing the left-hand side of a di�erent redu tionrule. We may think of redu tion as de�ning a nondeterministi symboli interpreter that evaluatesan expression M by repeatedly hoosing a redu tion to apply or hoosing to halt. At ea h step, the\state" of the interpreter is hara terized by the expression that is produ ed. We have a redu tionsequen e M !! N i� this nondeterministi interpreter, exe uting M , may hoose to halt in stateN . A ne essarily halting state, whi h is a term N with N 6! P for any P , is alled a normal form.Some example PCF normal forms are the truth values true and false , the numerals 0; 1; 2; : : : , atuple hM1; : : : ;Mki of distin t normal forms, and any fun tion expression �x:�:M with M innormal form. We onsider the result of nondeterministi evaluation to be the set of normal formsprodu ed. As we shall see below, there is at most one normal form of any PCF term, in spite ofthe nondeterministi hoi es involved.

Foundations for Programming Languages 79A useful property of many sets of redu tion rules, and PCF redu tion in parti ular, is alled on uen e, or the Chur h-Rosser property, also mentioned in Se tion 1.3. This property may besket hed graphi ally as follows. MPN1 N2���� ���� ����R����R����R����R ���� ����In this pi ture, the top two arrows are universally quanti�ed, and the bottom two are existentiallyquanti�ed. So the pi ture \says" that whenever M !! N1 and M !! N2 , there exists a term Pwith N1 !! P and N2 !! P . From Theorem 8.3.24 in Se tion 8.3.4, we have the following fa tabout PCF.Proposition 2.4.2 PCF redu tion is on uent.If ! is determined by dire ting a set of equational axioms, then on uen e implies that anequation is provable i� both terms redu e to a ommon form. A orollary is that if two distin tterms annot be redu ed at all, they annot be proved equal. This provides a useful synta ti te hnique for showing that an equational proof system does not prove all equations. Anothersimple orollary of on uen e is that no term has more than one normal form. These and othergeneral onsequen es of on uen e are proved in Se tion 3.7.2.To illustrate the value of on uen e in analyzing a proof system, we justify the statement inSe tion 2.2.3 that (sp) is not derivable from (proj ).Example 2.4.3 Consider the redu tion system with only two redu tion axioms, Proj1hM;Ni !M and Proj2hM;Ni ! N . This system may be proved on uent and therefore an equationis provable from the two equational axioms Proj1hM;Ni = M and Proj2hM;Ni = N usingre exivity and the PCF equational inferen e rules i� the two terms redu e to a ommon term. Itfollows that the equation x = hProj1x;Proj2xi annot be proved from Proj1hM;Ni = M andProj2hM;Ni = N , sin e x and hProj1x;Proj2xi are distin t normal forms.While most of us are used to deterministi exe ution, there are some reasons to onsider non-deterministi evaluation. A ommon reason for the designers of a programming language not tospe ify the order of evaluation ompletely is that this allows greater exibility in optimization.An example of optimization is ommon subexpression elimination, whi h e�e tively reorders theevaluation of parts of an expression. A related issue is parallelism. If we are allowed to evaluateparts of an expression in any order, then it would be possible to evaluate parts of the expressionin parallel, without on ern for the relative speeds of the pro essors involved. However, in manylanguages where the design does not fully determine the order of evaluation, the output of someprograms a epted by the ompiler may depend on evaluation order. In ontrast, on uen e ofPCF guarantees that the �nal result does not depend on the order in whi h subexpressions areevaluated.The reason we do not use redu tion axioms orresponding to equational axioms (�) and (sp) isthat these would destroy on uen e. It is a eptable to omit these two redu tions sin e these are

Foundations for Programming Languages 80not ne essary for redu ing programs; redu tion based on (�) and (sp) only a�e ts the normal formsof terms that either have free variables or are not of observable type. This is an easy onsequen eof omputational adequa y (Corollary 5.4.7). Intuitively, the reason that (�) is unne essary is thatif we have a redu tion of the formM !! ( : : : (�x:�:Mx) : : : ) ! ( : : : (M) : : : ) !! 5for example, then sin e the result 5 does not ontain any fun tion expressions, the fun tion expres-sion M must eventually be applied to an argument or dis arded in the redu tion ( : : : (M) : : : )!! 5. If M is applied, say in a subterm MN , then we would get the same result if we had notused (�) and had stu k with �x:�:Mx in pla e of M , sin e (�x:�:Mx)N redu es to MN by (�)alone. The situation for surje tive pairing is essentially similar.Example 2.4.4 Consider the expressionletre f(x:nat):nat = if Eq?x 0 then 0 else x+ f(x� 1) in f nwhi h we would expe t to produ e the natural number n(n+1)=2, under any ordinary interpreter.We an see how the nondeterministi PCF interpreter works by eliminating synta ti sugar andredu ing. LettingF def= �f :nat!nat :�x:nat :if Eq?x 0 then 0 else x+ f(x� 1)and taking n = 2, we have the following redu tion sequen e.(�x F ) 2 !! (�f :nat!nat :�x:nat :if Eq?x 0 then 0 else x+ f(x� 1)) (�x F ) 2!! if Eq? 2 0 then 0 else 2 + (�x F )(1)!! 2 + if Eq? 1 0 then 0 else 1 + (�x F )(0)!! 2 + 1 + (�x F )(0)!! 2 + 1 + 0!! 3Of ourse, other redu tion sequen es may be obtained by hoosing �x -redu tion in pla e of any ofthe redu tion steps used here. However, by the on uen e of PCF redu tion, any �nite interleavingof �x -redu tions would still yield an expression that redu es to 3.Example 2.4.5 Consider the expression letre f(x:nat):nat = f(x+ 1) in f 1. If we write asimilar fun tion de laration in another language like Lisp or Pas al, we would expe t f(n) not toterminate (ex ept with sta k over ow), regardless of the value of n . This is re e ted in the fa tthat the PCF expression has no normal form. LettingF def= �f :nat!nat :�x:nat :f(x+ 1);we an de{sugar the letre expression to (�f :nat!nat : f 1)(�x F ). Then we an redu e to(�x F )1! F (�x F )1. At this point, there are two possibilitiesF (�x F )1! 8<: F (F (�x F )) 1(�x:nat :(�x F )(x+ 1)) 1one using �x -redu tion, and the other � -redu tion. By on uen e, these two must redu e to some ommon form. This ommon form may be found by taking ea h term and applying the redu tion

Foundations for Programming Languages 81used to produ e the other. Applying � -redu tion to the �rst and �x -redu tion to the se ond, weobtain (�x:nat :(F (�x F ))(x+ 1)) 1From here, we ould either apply �x -redu tion or (�). In either ase, we obtain a term that redu esto (F 2(�x F ))2Continuing in this way, we an see that regardless of our hoi e of redu tion, we annot everprodu e an expression that does not ontain (�x F ) as a subterm. Thus letre f(x:nat):nat =f(x + 1) in f 1 has no normal form and the nondeterministi PCF interpreter need not halt.Although this brief argument is not a omplete proof that the term has no normal form, a rigorousproof an be developed along these lines. A simpler proof method is to use the deterministi evaluator des ribed in Se tion 2.4.3 (see Exer ise 2.4.18).Example 2.4.6 While PCF redu tion agrees with the axiomati semanti s of PCF, this formof program exe ution may be slightly di�erent from what most readers are familiar with. Thedi�eren e may be illustrated by onsidering the following program.let f(x:nat):nat = 3 inletre g(x:nat ):nat = g(x+ 1) in f(g 5)In most familiar programming languages, this program would not halt, sin e the all f(g 5) is ompiled or interpreted as ode that omputes g 5 before alling f . Sin e the all to g runsforever, the program does not halt. However, in PCF, we an redu e the fun tion all to f withoutredu ing g 5. Sin e f disregards its argument, we obtain the value 3. Although this explanationof termination uses the ability to redu e any subexpression, this is not essential. In parti ular, thedeterministi evaluator de�ned in Se tion 2.4.3 will also redu e the term above to the numeral 3.(See Exer ise 2.4.17.) Further omparison of evaluation orders appears in the next se tion.As mentioned earlier in Se tion 2.3.4, it is important that the axiomati semanti s respe tthe operational semanti s. Spe i� ally, if we an prove M = N , then these two terms shouldprodu e the same result when pla ed inside any PCF program. The reader may wonder about theextensionality axiom (�), whi h is �x:�:Mx = M for x not free in M . This equation seems veryreasonable when viewed as a statement about mathemati al fun tions, but it is not ompletelyobvious that �x:�:Mx and M are inter hangeable with respe t to the nondeterministi PCFinterpreter. Sin e PCF redu tion does not in lude � -redu tion, the nondeterministi interpreteris for ed to halt on �x:�:yx , for example, whi h is di�erent from y ; learly �x:�:yx and y donot have the same normal form if we omit (�). However, when pla ed inside a ontext C[ ℄ su hthat both C[�x:�:yx℄ and C[y℄ are programs, we have already observed that C[�x:�:yx℄ and C[y℄will have the same normal form, if any. (The situation for (sp), surje tive pairing, is similar.)Thus, the equational proof system of PCF is sound for reasoning about program modi� ation, orinter hangeability of program \parts."Exer ise 2.4.7 Show that (�x ) redu tion may be applied inde�nitely to any expression of theform letre f :� = M in N . Does this mean that re ursive fun tions never \terminate" inPCF?Exer ise 2.4.8 Compute normal forms for the following terms.

Foundations for Programming Languages 82(a) omp (�x:nat : x+1) (�x:nat : x+1) 5, where the de�nition of natural number fun tion om-position is given in Se tion 2.2.3.(b) let not = �x: bool : if x then false else true inletre f = �x: bool : if x then true else f(not x) inf falseExer ise 2.4.9 Show that taken together the following three redu tion rules for typed lambda al ulus with �xed points are not on uent.(�) (�x:�:M)N ! [N=x℄M(�) �x:�:Mx!M; x not free in M(�x )alt �x�M !M(�x�M)More spe i� ally, �nd a term M that may be redu ed in one step to N or P , where N and P annot be redu ed to a ommon term. Hint: It is possible to �nd su h an M whi h has no (�)redexes. Your ounterexample will not work if we use (�x ) redu tion, �x� ! �f :�!�: f(�x�f),as in the text.2.4.2 Redu tion strategiesWe will dis uss various deterministi interpreters using the notion of redu tion strategy. A redu tionstrategy is a partial fun tion F from terms to terms with the property that if F (M) = N , thenM ! N . This is alled a \strategy" sin e the fun tion may be used to hoose one out of manypossible redu tions. For any redu tion strategy F , we may de�ne a partial evaluation fun tionevalF :PCF ! PCF on PCF expressions byevalF (M) = ( M if F (M) is not de�nedN if F (M) =M 0 and evalF (M 0) = NThe evaluation fun tion evalF is the mathemati al equivalent of a deterministi interpreter thatrepeats single redu tion steps, following the strategy F , until this strategy annot be followed anyfurther (i.e., we rea h a term where the partial fun tion F is unde�ned). If the strategy an befollowed inde�nitely from M , then the fun tion evalF will be unde�ned on M , and an a tualinterpreter following F would run forever. (See Exer ise 2.4.10 below for further dis ussion of theway evalF is de�ned from F .) As a notational onvenien e, we will omit the subs ript F if theredu tion strategy is lear from ontext or irrelevant.In general, we will be interested in redu tion strategies that hoose a redu tion whenever pos-sible, at least if the term is a program. For su h redu tion strategies, the evaluation eval(M) of aprogram M will either be the normal form of M , or unde�ned. In the terminology of [Bar84℄, theredu tion strategies we onsider are one-step redu tion strategies, sin e they hoose a single redu -tion step based on the form of the term alone. For dis ussion of multi-step redu tion strategies,the reader may onsult [Bar84℄.It is possible to de�ne a \brute for e" redu tion strategy F with the property that for any termM , eval(M) is either the normal form of M or unde�ned. Given M , we an ompute F (M) byenumerating (in parallel) all redu tion paths from M and seeing if any produ es a normal form.If we �nd one redu tion path, say M ! M1 ! M2 ! : : : ! N , leading to a normal form, we letF (M) = M1 be the �rst term along this redu tion path. This is not a very satisfying redu tion

Foundations for Programming Languages 83strategy, however, sin e it may take a long time to ompute F (M); it is not even de idable whetherF (M) is de�ned. However, we will see below that there is an eÆ iently omputable redu tionstrategy whi h will always �nd the normal form of a term.An important property of PCF is that the idealized nondeterministi interpreter may be imple-mented deterministi ally in an eÆ ient manner. More spe i� ally, there is an eÆ iently omputableredu tion strategy F su h that whenever M redu es to a normal form N , we have evalF (M) = N .This redu tion strategy is alled left-most outer-most or, more simply, left-most redu tion. It isde�ned pre isely in the next se tion. Another name that is sometimes used is all-by-name redu -tion, but this is sometimes onfusing sin e all-by-name is also used to refer to a parameter-passingme hanism implemented by \thunks" (see [ASU86℄, for example). The di�eren e between left-mostredu tion and other alternatives may be illustrated by onsidering an expression (�x:�:M)N , whereM !M 0 and N ! N 0 . There are three possible ways to redu e this expression:(�x:�:M)N[N=x℄M(�x:�:M)N 0 (�x:�:M 0)N���� ����R?The �rst alternative is a form of what is alled eager redu tion, or all-by-value. (Like all-by-name, all-by-value has other meanings.) The se ond is alled lazy or left-most redu tion, and the thirdmay be regarded as an attempt to \optimize" the fun tion �x:�:M before supplying the argumentN . There is no guarantee that su h an \optimization" shortens the redu tion to normal form.An eager strategy, whi h may hoose to redu e a fun tion argument before doing � -redu tion,sometimes leads to shorter redu tions. The reason is that a fun tion body M may have severalo urren es of the formal parameter x . In this ase, substituting N for x dupli ates N , and soany later redu tion of N must be repeated for ea h of the resulting opies. On the other hand,if x does not o ur in M , then there is no point in redu ing N . An extreme but important aseo urs when N has no normal form. In this situation, an eager interpreter will not terminate on(�x:�:M)N , sin e it will redu e N inde�nitely. However, if N is not used in the �nal result (e.g.,x does not o ur in M ), a left-most interpreter may terminate without redu ing N . Some ommonoptimization te hniques, su h as \ ode motion" and \in-line substitution" fall into the ategory orresponding to the third alternative in the pi ture above.Sin e most of the PCF programming examples we onsider are aimed at produ ing a normalform as a �nal result, we an think of the PCF interpreter as either a nondeterministi redu tionma hine, or a deterministi evaluator following a left-most redu tion strategy. The latter alternativeis parti ularly useful if we wish to show that a PCF expression has no normal form. In doing hand al ulations, however, the nondeterministi exe ution model lets us hoose redu tion steps whi hlead more qui kly to normal form.Exer ise 2.4.10 The de�nition of evalF at the beginning of this se tion appears to be a de�nitionby indu tion. However, it is not lear that the de�nition is well-founded. Give an equivalentindu tive de�nition of the following form. For ea h natural number n , de�ne a partial fun tioneval [n℄ . Intuitively, eval [n℄(M) will be de�ned if M redu es to normal form in n (or fewer) steps,and unde�ned otherwise. Your de�nition of the eval [n℄ 's should use indu tion on n . Then de�ne

Foundations for Programming Languages 84evalF as the union of the eval [n℄ 's. (Re all that a partial fun tion is a set of ordered pairs, so itmakes sense to take the union of a set of partial fun tions.)2.4.3 The left-most and lazy redu tion strategiesWe will de�ne a deterministi interpreter by de�ning a spe ialized redu tion relation left! that isa subset of nondeterministi PCF redu tion. An optimization of left-most redu tion, alled lazyredu tion is also des ribed in this se tion. While lazy redu tion does not �nd a normal form forevery term that has one, lazy redu tion has the same e�e t as left-most redu tion for programs( losed terms of observable type) that redu e to results.Intuitively, left-most redu tion works by applying the redu tion step that involves the left-mostsymbol in the term. Another way to des ribe this is that we ompare two possible redu tionsby looking at the set of symbols in the term that mat h the left-hand side of the appropriateredu tion axiom. In left-most redu tion, we apply the redu tion that involves the left-most symbolpossible. The relation left! is de�ned in Table 2.3 by a set of inferen e rules, following a style thatis ommonly alled stru tured operational semanti s. The de�nition is stru tured in the sense thatea h rule applies to exa tly one form of term, so that we an see whi h rule applies by examiningthe stru ture of a term. The �rst rule in the table says that if M ! N is a redu tion axiom (theseare olle ted in Table 2.2), then this is a left-most redu tion step. In other words, if M is a redex,then the left-most redu tion of M is to redu e M . The remaining rules des ribe redu tions onsubterms. An intuitive way to read a rule su h asM left! M 0MN left! M 0Nis in a ounter- lo kwise dire tion, starting from the bottom left. If we want to redu e an appli ationMN , then we perform the left-most redu tion step in M . If this results in a term M 0 , then theleft-most redu tion step from MN is the one taking us from MN to M 0N . Multi-step left-mostredu tion, written left!! , is the re exive and transitive losure of left! , as usual.In order to simplify the table, some side onditions are omitted. The onvention to be usedin reading the rules in Table 2.3 is that the redu tions on subterms are to be applied only if aredu tion axiom does not apply to the entire term. Thus the left-most redu tion of (�x:�:M)Nyields [N=x℄M , as opposed to some redu tion of �x:�:M . An alternate presentation of left-mostredu tion may be given using what are alled \evaluation ontexts," whi h are dis ussed in Se tion2.5.6.For any M , there is at most one term N with M left! N . This means that left! is a redu tionstrategy, and we may write left! (M) = N in pla e of M left! N when desired. However, the notationM left! N generally seems more suggestive.Example 2.4.11 The left-most redu tion of the term ((�x:nat : �y:nat : x+ y) 7) 5 + (�x:nat : x) 3

Foundations for Programming Languages 85Axioms M ! NM left! N M ! N is a redu tion axiomSubterm Rulesnat and bool M left! M 0M +N left! M 0 +N M left! M 0N +M left! N +M 0 N a normal formM left! M 0Eq?MN left! Eq?M 0N M left! M 0Eq?NM left! Eq?NM 0 N a normal formM left! M 0if M then N else P left! if M 0 then N else PN left! N 0if M then N else P left! if M then N 0 else P M a normal formP left! P 0if M then N else P left! if M then N else P 0 M,N normal formsPairs M left! M 0hM;Ni left! hM 0; Ni N left! N 0hM;Ni left! hM;Ni M a normal formM left! M 0ProjiM left! ProjiM 0Fun tions M left! M 0MN left! M 0N N left! N 0MN left! MN 0 M a normal formM left! M 0�x:�:M left! �x:�:M 0Subterm rules apply only when no axiom applies to the entire term. For example, ProjiM left!ProjiM 0 only when M is not of the form hM1;M2i and MN redu es to M 0N only when M isnot of the form �x:�:M1 . Table 2.3: Left-most redu tion for PCF.

Foundations for Programming Languages 86is written below, with the left-most redex underlined in ea h step.((�x:nat : �y:nat : x+ y) 7) 5 + (�x:nat : x) 3left! (�y:nat : 7 + y) 5 + (�x:nat : x) 3left! (7 + 5) + (�x:nat : x) 3left! 12 + (�x:nat : x) 3left! 12 + 3left! 15A se ond example, not produ ing a numeral, follows.(�x:nat : �y:nat : x+ (x+ y)) ((�z:nat : z) 12)left! �y:nat :((�z:nat : z) 12) + (((�z:nat : z) 12) + y)left! �y:nat : 12 + (((�z:nat : z) 12) + y)left! �y:nat : 12 + (12 + y)The last term is a normal form. Neither sum an be redu ed sin e the parentheses asso iate thesums to the right. If we had (12 + 12) + y instead, the body of this lambda term ould be redu edto 24 + y .As stated in the following proposition, left-most redu tion will �nd the normal form of any termthat has one.Proposition 2.4.12 Let M be a PCF term of any type. Then for any normal form N , we haveM left!! N i� M !! N .This follows from Theorem 8.3.26 in Se tion 8.3.4, whi h gives a general ondition guaranteeing ompleteness of left-most redu tion for PCF-like languages.Sin e left! is a redu tion strategy, we may apply the general de�nition of evaluation fun tionfrom Se tion 2.4.2 to obtain an evaluation (partial) fun tion eval left! . For typographi al reasons, wewill write eval left instead of eval left! . A orollary of Proposition 2.4.12 is that this evaluator �ndsthe normal form of any term that has one.Proposition 2.4.13 Let M be a PCF term of any type. Then eval left(M) = N i� M !! N andN is a normal form.If we only want Propositions 2.4.12 and 2.4.13 to hold for PCF programs ( losed terms ofobservable type), then we may omit many of the redu tions on subterms. The result is lazyredu tion, whi h is far more ommonly implemented in pra ti e than left-most redu tion. Thisis given by axioms and inferen e rules in Table 2.4. As usual, we write lazy!! for the re exive andtransitive losure of lazy! . We say a term M is in lazy normal form if there is no N with M lazy! N .Note that the lazy normal forms of types nat and bool are exa tly the normal forms of these types.However, the lazy normal forms of fun tion or produ t types may have subterms that are not innormal form (lazy or otherwise), as illustrated in the following example.

Foundations for Programming Languages 87Axioms M ! NM lazy! N M ! N is a redu tion axiomSubterm Rulesnat and bool M lazy! M 0M +N lazy! M 0 +N M lazy! M 0n+M lazy! n+M 0 n a numeralM lazy! M 0Eq?MN lazy! Eq?M 0N M lazy! M 0Eq?nM lazy! Eq?nM 0 n a numeralM lazy! M 0if M then N else P lazy! if M 0 then N else PPairs M lazy! M 0ProjiM lazy! ProjiM 0Fun tions M lazy! M 0MN lazy! M 0NTable 2.4: Lazy redu tion for PCF.Example 2.4.14 The lazy redu tion of the term ((�x:nat : �y:nat : x + y) 7) 5 + (�x:nat : x) 3 isexa tly the left-most redu tion given in Example 2.4.11. For the se ond term given in Example2.4.11, lazy redu tion terminates sooner, sin e lazy redu tion does not hange any subexpressioninside the s ope of a � or inside a pair of the form h � ; � i .(�x:nat : �y:nat : x+ (x+ y)) ((�z:nat : z) 12)lazy! �y:nat :((�z:nat : z) 12) + (((�z:nat : z) 12) + y)The last term is a lazy normal form, sin e there is no lazy redu tion of this term.The main property of lazy redu tion, in omparison with left-most redu tion, follows from thefollowing proposition.Proposition 2.4.15 If M is a losed PCF term that does not have the form �x:�:M1 or hM1;M2i,then for any term N , we have M lazy! N i� M left! N .Proof It is easy to see that if M lazy! N then M left! N . We prove the onverse by indu tion onthe proof (using the rules that appear in Table 2.3) that M left! N . The base ase is that M ! Nis a redu tion axiom, in whi h ase M lazy! N .The indu tion step for ea h inferen e rule that appears in both in Table 2.3 and Table 2.4 isstraightforward. The only observation that is required, in the ase N +M left! N +M 0 with N anormal form, is that sin e N is losed, it must be a numeral. Therefore, N +M lazy! N +M 0 , andsimilarly for Eq?N M left! Eq?N M 0 .If the left-most redu tion is byif M then N else P left! if M then N 0 else P

Foundations for Programming Languages 88with M a normal form, then the assumption that the entire term is losed means that M mustbe true or false . Therefore, the left-most redu tion should have been to eliminate the onditionaland pro eed with N or P .The hypothesis that M is neither a �-abstra tion or pair rules out the ases for left-mostredu tion inside a �-abstra tion or pair.The �nal ase is the redu tion of a losed term MN left! MN 0 where M is a normal form. Butsin e M must be losed, it must have the form M � �x:�:M1 or M � �x M1 . In either ase, this ontradi ts the assumption that MN left! MN 0 , on luding the proof.Corollary 2.4.16 If P is a PCF program and R a result ( losed normal form of the same type),then P lazy!! R i� P left!! R .Exer ise 2.4.17 Show, by performing left-most redu tion, that the deterministi evaluator haltswith value 3 on the program given in Example 2.4.6.Exer ise 2.4.18 Show that the PCF expression letre f(x:nat):nat = f(x + 1) in f 1, de-s ribed in Example 2.4.5, has no normal form.2.4.4 Parallel redu tionThe general idea behind parallel evaluation of PCF is that whenever we an redu e either of twosubterms independently, we may redu e both simultaneously. We might rea h a normal form fasterthis way, although of ourse this is not guaranteed. However, there is no harm in doing so: sin ePCF redu tion is on uent, we will not rea h a di�erent normal form by doing extra redu tion inparallel.We will de�ne a parallel redu tion relation ) from nondeterministi redu tion using two in-feren e rules. The �rst rule below says that a single redu tion may be onsidered a spe ial ase ofparallel redu tion. M ! NM ) Nwhere we intend M ! N to indi ate that N results from a single redu tion to M itself or oneof its subterms. If C[ : : : ℄ is a ontext with pla es for k terms to be inserted, then a term of theform C[M1; : : : ;Mk℄ will have nonoverlapping subterms M1; : : : ;Mk . In this ase, it makes senseto redu e these subterms simultaneously, possibly in parallel. This is expressed by the followingrule. M1 ) N1; : : : ;Mk ) NkC[M1; : : : ;Mk℄ ) C[N1; : : : ; Nk℄As usual, multi-step parallel redu tion )) is the re exive and transitive losure of single-stepparallel redu tion.This parallel redu tion relation gives us a nondeterministi form of redu tion with the propertythat M !! N by ordinary PCF redu tion i� M )) N by parallel redu tion steps. It is also possibleto de�ne parallel redu tion strategies whi h give the same normal form as sequential redu tion. Thismay be done in a way that maximizes parallelism, optionally up to some bound whi h we may thinkof as the maximum feasible number of parallel pro esses for some parallel ar hite ture. However,we will not go into the details.

Foundations for Programming Languages 89Exer ise 2.4.19 This exer ise asks you to ompare parallel and sequential redu tion.(a) Prove that M )) N i� M !! N . You may use the fa t that for any ontext C[ ℄ , the termC[M1; : : : ;Mk℄ has independent subterms M1; : : : ;Mk whi h may be repla ed separately byN1; : : : ; Nk to yield C[N1; : : : ; Nk℄ .(b) Suppose M !! N and N is a normal form. Use on uen e of !! and part (a) to show thatif M )) P , then P )) N .( ) Show by ounterexample that part (b) fails if !! is not on uent. In other words, give asingle-step redu tion relation ! on some set of terms su h that there exist M , N and Pwith M !! N , term N not redu ible, and M )) P with P not redu ible to N by eitherparallel or sequential redu tion.2.4.5 Eager PCFLeft-most redu tion mat hes the axiomati semanti s of PCF and allows nondeterministi or parallelimplementations. However, most implementations of existing programming languages do not followthis evaluation order. (An ex eption is Algol 60, whose \ opy rule" pro edure- all semanti s mat hPCF redu tion; more modern examples are Haskell and Miranda, as noted in Se tion 2.1.) Themore ommon order is eager evaluation, whi h does not mat h the PCF axiomati semanti s, asillustrated in Example 2.4.6 (see also Example 2.4.21 below). In this se tion, we give a pre isede�nition of eager evaluation for PCF and onsider a few properties. Eager PCF is also dis ussedin Se tion 2.6.4 in onne tion with \expli it lifting."An important idea in eager redu tion is the notion of value, whi h is a term that is not furtherredu ed by eager redu tion. The terms that are not values are fun tion appli ations and pairs ofnon-values. The main di�eren e between eager redu tion and other redu tion strategies onsideredin this hapter is that under eager redu tion, we only apply � -redu tion and Proji -redu tionwhen a fun tion argument is a value. There is also a hange in �x redu tion to halt redu tion ofthe argument to �x , as explained below. The name \value" omes from the fa t that values are onsidered \fully evaluated." One-step eager or all-by-value redu tion is de�ned in Table 2.5. Likelazy redu tion, eager redu tion is only intended to produ e a numeral or boolean onstant from afull ( losed) program; it is not intended to produ e normal forms or fully redu e open terms thatmay have free variables. This an be seen in the rules for addition: there is no eager redu tionfrom a term of the form x+M , even though M ould be further redu ed.A signi� ant restri tion on eager PCF is that we only have �xed-point operator �x� for fun tiontypes � = �1!�2 . The intuitive reason is that sin e a re ursively-de�ned natural number, booleanor pair would be fully evaluated before any fun tion ould be applied to it, any su h expressionwould ause the program ontaining it to diverge. In more detail, redu tion of losed terms onlyhalts on lambda abstra tions, pairs of values and onstants. While lambda abstra tions and pairsof values ould ontain o urren es of �x , analysis of a pair hV1; V2i with V1 and V2 values showsthat any o urren e of �x must o ur inside a lambda abstra tion. Therefore, the only values that ould involve re ursion are fun tions. If we hanged the system so that a pair hM;Ni were a value,for any terms M and N , then it would make sense to have a �xed-point operator �x� for ea hprodu t type � = �1��2 .It is easy to verify, by examination of Table 2.5, that for any M , there is at most one N withM eager! N . Sin e no values are redu ed, eager! is a partial fun tion on terms whose domain ontainsonly non-values.

Foundations for Programming Languages 90Values V is a value if V is a onstant, variable,lambda abstra tion or pair of values.delay�! � [M ℄ def= �x:�:Mx x not free in M :�! �Axioms (�x:�:M)V eager! [V=x℄M V a valueProjihV1; V2i eager! Vi V1, V2 values�x�! � V eager! V (delay�! � [�x�! � V ℄) V a value0 + 0 eager! 0; 0 + 1 eager! 1; : : : ; 3 + 5 eager! 8; : : :Eq?nn eager! true; Eq?nm eager! false n,m distin t numeralsif true then M else N eager! M , if false then M else N eager! NSubterm Rulesnat M eager! M 0M +N eager! M 0 +N M eager! M 0n+M eager! n+M 0 n a numeralbool M eager! M 0Eq?MN eager! Eq?M 0N M eager! M 0Eq?nM eager! Eq?nM 0 n a numeralM eager! M 0if M then N else P eager! if M 0 then N else PPairs M eager! M 0hM;Ni eager! hM 0; Ni N eager! N 0hV;Ni eager! hV;Ni V a valueM eager! M 0ProjiM eager! ProjiM 0Fun tions M eager! M 0MN eager! M 0N N eager! N 0V N eager! V N 0 V a valueTable 2.5: Eager PCF redu tion.

Foundations for Programming Languages 91The use of delay and �x redu tion requires some explanation. Sin e eager redu tion does notredu e under a lambda abstra tion, a term of the form delay�! � [M ℄ � �x:�:Mx will not beredu ed. This explains why we all the mapping M 7! �x:�:Mx \delay." The reason that delayis used in �x redu tion is to halt redu tion of a re ursive fun tion de�nition until an argument issupplied. An example is given in Exer ise 2.4.24; see also Exer ise 2.4.25.Example 2.4.20 Some of the hara teristi s of eager redu tion are illustrated by redu ing theterm (�x (�x:nat!nat : �y:nat : y)) ((�z:nat : z + 1) 2)to a value. This is only a trivial �xed point, but the term does give us a han e to see the orderof evaluation. The �rst step in determining whi h redu tion to apply is to he k the entire term.This has the form of an appli ation MN , but neither the fun tion M nor the argument N is avalue. A ording to the rule at the bottom left of Table 2.5, we must eager-redu e the fun tionM � �x (�x:nat!nat : �y:nat : y). Sin e the argument to �x is a value, we apply the redu tionaxiom for �x . Followed by � -redu tion, sin e delay [: : :℄ is a value, this gives us a fun tion value(lambda abstra tion) as follows:�x (�x:nat! nat : �y:nat : y)eager! (�x:nat!nat : �y:nat : y) (delay [�x (�x:nat! nat : �y:nat : y)℄)eager! �y:nat : yNote that without delay [ ℄ , the eager strategy would have ontinued �x redu tion inde�nitely.We have now redu ed the original term MN to a term V N with fun tion V � �y:nat : y avalue but argument N � (�z:nat : z + 1) 2 not a value. A ording to the rule at the bottom rightof Table 2.5, we must eager-redu e the fun tion argument. Sin e �z:nat : z + 1 and 2 are bothvalues, we an apply � -redu tion, followed by redu tion of the sum of two numerals:(�z:nat : z + 1) 2 eager! 2 + 1 eager! 3This now gives us the appli ation (�y:nat : y) 3 of one value to another, whi h an be redu ed to3.Example 2.4.21 Divergen e of eager evaluation an be seen in the termlet f(x:nat):nat = 3 inletre g(x:nat ):nat = g(x+ 1) in f(g 5)from Example 2.4.6. Exer ise 2.4.22 asks you to redu e this term. Sin e we an easily prove thatthis term is equal to 3, this term shows that the equational proof system of PCF is not sound forproving equivalen e under eager evaluation. It is possible to develop an alternative proof systemfor eager equivalen e, restri ting � - onversion to the ase where the fun tion argument is a value,for example. However, due to restri tions on repla ing subexpressions, the resulting system is more ompli ated than the equational system for PCF.The deterministi all-by-value evaluator evalV is de�ned from eager! in the usual way. Sin ethe partial fun tion eager! sele ts a redu tion step i� the term is not a value, evalV may also bede�ned as follows. evalV (M) = ( M if M is a valueN if M eager! M 0 and evalV (M 0) = N

Foundations for Programming Languages 92There seem to be two main reasons for implementing eager rather than left-most (or lazy)evaluation in pra ti e. The �rst is that even for a purely fun tional language su h as PCF (i.e.,a language without assignment or other operations with side e�e ts), the usual implementation ofleft-most redu tion is less eÆ ient. The reason for the ineÆ ien y appears to be that when anargument su h as f x is passed to a fun tion g , it is ne essary to pass a pointer to the ode forf and to keep a re ord of the appropriate lexi al environment. As a result, there is signi� antlymore overhead to implementing fun tion alls. It would be simpler just to all f with argumentx immediately and then pass the resulting integer, for example, to g . The se ond reason thatleft-most redu tion is not usually implemented has to do with side e�e ts. As illustrated by themany tri ks used in Algol 60, the ombination of left-most evaluation and assignment is often onfusing. In addition, in the presen e of side e�e ts, left-most evaluation does not oin ide withnondeterministi or parallel evaluation. The reason is that the order in whi h assignments aremade to a variable will generally a�e t the program output. We annot expe t di�erent orders ofevaluation to produ e the same result. Sin e most languages in ommon use in lude assignment,many of the advantages of left-most or lazy evaluation are lost.Exer ise 2.4.22 Show, by performing eager redu tion, that the eager interpreter does not halt onthe program given in Example 2.4.21.Exer ise 2.4.23 Assuming appropriate redu tion rules for the fun tion symbols used in the fa -torial fun tion fa t of Se tion 2.2.5, show that fa t 3 eager!! 6.Exer ise 2.4.24 An alternate eager redu tion for �x might be�x � (�x:�:M) eager! [�x� (�x:�:M)=x℄MFind a term �x:�:M where eager redu tion as de�ned in Table 2.5 would terminate, but the alter-nate form given by this rule would not. Explain why, for programs of the form letre f(x:�) =M in N with �x not o urring in M or N , it does not seem possible to distinguish between thetwo possible eager redu tions for �x .Exer ise 2.4.25 Eager or all-by-value redu tion may also be applied to untyped lambda al ulus.With ordinary (left-most) redu tion, an untyped �xed-point operator, Y , may be written Y def=�f:(�x: f(xx))(�x: f(xx)). Under eager, or all-by-value redu tion, the standard untyped �xed-point operator is written Z def= �f:(�x: f(delay [xx℄))(�x: f(delay [xx℄)) where delay [U ℄ def= �z: Uxfor x not free in untyped term U . Show that for M def= �x: �y: y , the appli ation YM lazy orleft-most redu es to a term beginning with a lambda, and similarly for ZM using untyped eagerredu tion. What happens when we apply eager redu tion to YM ?

Foundations for Programming Languages 932.5 PCF Programming Examples, Expressive Power and Limita-tions2.5.1 Re ords and n-tuples.Re ords are a useful data type in Pas al and many other languages. We will see that re ordexpressions may be translated into PCF using pairing and proje tion. Essentially, a re ord is anaggregate of one or more omponents, ea h with a di�erent label. We an ombine any expressionsM1:�1; : : : ;Mk:�k and form a re ord f`1 =M1; : : : ; `k =Mkg whose `i omponent has the value ofMi . The type of this re ord may be written re ordf`1:�1; : : : ; `k:�kg . We sele t the `i omponentof any re ord r of this type (0 � i � k ) using the \dot" notation r `i . For example, the re ordfA = 3; B = trueg with omponents labeled A and B has type re ordfA:nat ; B: boolg . The A omponent is sele ted by writing fA = 3; B = trueg A . In general, we have the equational axiom(re ord ) f`1 =M1; : : : ; `k =Mkg `i =Mifor omponent sele tion, whi h may be used as a redu tion rule from left to right.One onvenient aspe t of re ords is that omponent order does not matter (in the syntax justintrodu ed and in most languages). We an a ess the A omponent of a re ord r without havingto remember whi h omponent we listed �rst in de�ning r . In addition, we may hoose mnemoni names for labels, as inlet person = re ordfname : string ; age :nat ;married : bool ; : : :gHowever, these are the only substantive di�eren es between re ords and artesian produ ts; by hoosing an ordering of omponents, we an translate re ords and re ord types into pairs andprodu t types of PCF. For re ords with two omponents, su h as re ordfA:nat ; B: boolg , we antranslate dire tly into pairs by hoosing one omponent to be �rst. However, for re ords with morethan two omponents, we must translate into \nested" pairs.To simplify the translation of n- omponent re ords into PCF, we will de�ne n-tuples as syn-ta ti sugar. For any sequen e of types �1; : : : ; �n , we introdu e the n-ary produ t notation�1� : : :��n def= �1�(�2� : : : (�n�1��n) : : :)by asso iating to the right. (This is an arbitrary de ision. We ould just as easily asso iate n-aryprodu ts to the left.) To de�ne elements of an n-ary produ t, we use the tupling notationhM1; : : : ;Mni def= hM1; hM2; : : : hMn�1;Mni : : :iias synta ti sugar for a nested pair. It is easy to he k that if Mi:�i , thenhM1; : : : ;Mni : �1� : : :��nTo retrieve the omponents of an n-tuple, we use the following notation for ombinations of binaryproje tion fun tions.Proj�1 �:::��ni def= �x:�1� : : :��n:Proj1(Proji�12 x) (i < n)Proj�1 �:::��nn def= �x:�1� : : :��n:(Projn�12 x)

Foundations for Programming Languages 94We leave it as an exer ise to he k thatProj�1 �:::��ni hM1; : : : ;Mni !!Mi;justifying the use of this notation. A useful pie e of meta-notation is to write �k for the produ t�� : : :�� of k � 's.Using n-tuples, we an now translate re ords with more than two omponents into PCF quiteeasily. If we want to eliminate re ords of some type re ordf`1:�1; : : : ; `k:�kg , we hoose someordering of the labels `1; : : : ; `k and write ea h type expression and re ord expression using thisorder. (Any ordering will do, as long as we are onsistent. For on reteness, we ould use alpha-numeri lexi ographi al order.) We then translate expressions with re ords into PCF as follows.re ordf`1:�1; : : : ; `k:�kg def= �1� : : :��kf`1 =M1; : : : ; `k =Mkg def= hM1; : : : ;MkiM `i def= Proj�1 �:::��ki MIf an expression ontains more than one type of re ords, we apply the same pro ess to ea h typeindependently.Example 2.5.1 We will translate the expressionlet r: fA: int ; B: boolg = fA = 3; B = trueg in if r B then r A else r A+ 1into PCF. The �rst step is to number the re ord labels. Using the number 1 for A and 2 forB , the type fA: int ; B: boolg be omes int � bool and a re ord fA = x; B = yg : fA: int ; B: boolgbe omes a pair hx; yi : int � bool . Following the general pro edure outlined above, we desugar theexpression with re ords to the following expression with produ t types and pairing:let r: int � bool = h3; truei in if Proj2r then Proj1r else (Proj1r) + 1Some slightly more ompli ated examples are given in the exer ise.Exer ise 2.5.2 Desugar the following expressions with re ords to expressions with produ t typesand pairing.(a) let r: fA: int ; B: bool ; C: int! intg = fA = 5; B = false ; C = �x: int : xgin if r B then r A else (r C)(r A)(b) let f(r: fA: int ; C: boolg): fA: int ; B: boolg = fA = r A;B = r Cgin ffA = 3; C = truegYou may wish to eliminate one type of re ords �rst and then the other. If you do this, theintermediate term should be a well-typed expression with only one type of re ords.

Foundations for Programming Languages 952.5.2 Sear hing the natural numbers.One useful programming te hnique in PCF is to \sear h" the natural numbers, starting from 0.In re ursive fun tion theory, this method is alled minimization, and written using the operator� . Spe i� ally, if p is a omputable predi ate on the natural numbers (whi h means a omputablefun tion from nat to bool ), then �x[p x℄ is the least natural number n su h that pn = true andpn0 = false for all n0 < n . If there is no su h n , then �x[p x℄ is \unde�ned," whi h means thatthere is no natural number n with �x[p x℄ = n .In PCF, given a natural number predi ate p:nat! bool , we an ompute �x[p x℄ using theexpression letre f(x:nat):nat = if p x then x else f(x+ 1) in f 0Intuitively, the re ursive fun tion f tests to see if its argument x is has the property p . If so, thenthis is the result of the fun tion all. Otherwise, the fun tion f is alled re ursively on x+1. Sin ethe �rst all is to f 0, we start with 0 and test all natural numbers in su ession. However, if pnmay be redu ed inde�nitely without produ ing either true or false, then it is possible to redu ethis expression inde�nitely without testing p(n+ 1).Sin e we will use minimization several times, we will adopt the abbreviationsear h def= �p:nat! bool : letre f(x:nat):nat = if (p x) then x else f(x+ 1) in f 0The main property of sear h is des ribed by the following proposition, whi h relies on the fa t thatno expression redu es to both true and false.Proposition 2.5.3 Let M :nat! bool be any PCF predi ate on the natural numbers. If M n!!true and M n0 !! false for all n0 < n, then sear h M !! n.The astute reader may noti e a onvenient pun in the statement of this proposition. Thestatement in ludes a ondition n0 < n on n and n0 of PCF, not natural numbers. To be pre ise, weshould distinguish between numerals, symbols used in expressions of PCF, and the \mathemati alobje ts" we usually refer to by these symbols. However, it is onvenient to order the numerals bythe usual ordering on natural numbers, use indu tion on numerals, and transfer other properties ofthe natural numbers to numerals. This makes many statements about PCF, su h as the indu tiveargument in the proof below, mu h easier to phrase.Proof We will prove the following statement by indu tion on n :(�) If M n0 !! false for all n0 < n; thensear h M !! if (Mn) then n else (�x F )(n+ 1);where F is �f :nat!nat :�x:nat : if (Mx) then x else f(x+ 1):The proposition follows from (�) by noti ing that if Mn !! true , the onditional expressionredu es to n .The indu tive proof begins with the base ase n = 0. By expanding de�nitions and redu ing,we have sear h M !! (�f :nat!nat : f 0)(�x F )!! (�x F ) 0!! F (�x F ) 0!! if (M0) then 0 else (�x F )(1)

Foundations for Programming Languages 96To prove the indu tive step, suppose the laim holds for n , and that M n0 !! false for all n0 < n+1.Starting with the indu tive hypothesis and ontinuing with the assumption that M n!! false , wehave sear h M !! if (Mn) then n else (�x F )(n+ 1)!! (�x F )(n+ 1)!! F (�x F )(n+ 1)!! if (M (n+ 1)) then n+ 1 else (�x F )((n+ 1) + 1):Sin e n is a meta-variable for some numeral 0; 1; 2; : : : of PCF, we an simplify n+1 to a numeral,obtaining an expression of the desired form. This proves (�), and hen e the proposition.Example 2.5.4 The de�nition of fa torial uses a prede essor fun tion �x:nat : x�1, whi h is not abasi operation of PCF. However, using sear h, it is easy to ompute the prede essor of any naturalnumber x . We simply sear h for the �rst y satisfying y + 1 = x . A ounting for the spe ial asex = 0, whose \prede essor" is 0 by onvention, we de�ne the prede essor fun tion on the naturalnumbers by the PCF expressionpred def= �x:nat : if Eq?x 0 then 0 else (sear h �y:nat :Eq? (y + 1)x)Using Proposition 2.5.3 and properties of Eq?, it is straightforward to show that pred omputesthe prede essor fun tion.Exer ise 2.5.5 Write a PCF fun tion half :nat!nat mapping any numeral n to the numeral forbn=2 , the greatest natural number not ex eeding n=2.Exer ise 2.5.6 Write a fun tion omp that maps any natural number n to the n-fold om-position fun tion �f :nat!nat :�x:nat : fnx , where fnx is an abbreviation for the appli ationf(f(: : : (fx) : : :)) of f to x a total of n times. Use this to de�ne multipli ation mult :nat �nat!natin PCF. (Hint: multiply m � n by repeatedly adding n to itself.)Exer ise 2.5.7 This question is about a restri ted form of re ursion alled primitive re ursion.One property of primitive re ursion is that if f is de�ned from g and h by primitive re ursion,and g and h are both total fun tions (i.e., yield natural-number results for all natural numberarguments), then f is also total.(a) A fun tion f :nat!� is de�ned from g:� and h: (��nat)!� by primitive re ursion iff 0 = gf(n+ 1) = h h(f n); niWrite a PCF fun tion prim�:�!(��nat!�)!(nat!�) su h that for any g and h of theappropriate types, the fun tion (prim� g h) satis�es the equations for f above. You will needto use the fa t that PCF allows onditional expressions of any type.(b) In PCF, both addition and equality test are basi operations. However, if we add primitivere ursion to PCF, we may remove + and Eq? from PCF and repla e them with the simplerfun tions of su essor and zero test, without hanging the set of de�nable fun tions. Thismay be proved by showing that addition and equality test are de�nable in a version of PCFwith addition and equality repla ed by primitive re ursion, su essor and zero test. This

Foundations for Programming Languages 97problem asks you to prove slightly more. Using fun tions su :nat!nat , zero?:nat! bool ,and prim :�!(��nat!�)! nat!� , satisfying the in�nite olle tion of equationssu 0 = 1su 1 = 2...zero? 0 = truezero? 1 = false...prim g h 0 = gprim g h (su n) = h hprim g hn; ni;along with the other basi operations of PCF (ex ept +, Eq? and �x ), show how to de�neprede essor, addition and equality test. Sin e letre is de�ned using �x , do not use letre .(Hint: Try prede essor �rst.)2.5.3 Iteration and tail re ursion.Many algorithms, when written in an imperative language like Pas al, use the following pattern ofinitialization and iteration. Initialize ;while :Done do Stmt endIf the se tions Initialize and Stmt only hange the values of a �xed, �nite set of variables, and Doneis a side-e�e t-free test depending on the values of these variables, then we may easily transform aprogram segment of this form into a fun tional program. Let us assume for simpli ity that thereis only one variable involved; there is no loss of generality in this sin e we an repla e a �nite setof variables by a re ord or n-tuple ontaining their values. To put this in the ontext of PCF,suppose we have PCF expressions init : �next : �!�done : �! boolso that the iteration ould be writtenx := init ;while :(done x) do x := (next x) endusing an assignable variable x of type � . We may ompute the �nal value of x produ ed bythis loop, using essentially the same sequen e of operations, with the expression loop init next donede�ned by.loop init next done def= letre f(x:�) = if (done x) then x else f (next x) in(f init)Sin e loop is a straightforward generalization of the fun tion sear h, the analysis given in Proposition2.5.3 applies. To be more spe i� , writing nextn x for the result next(next(: : : (next x) : : :)) ofapplying next to x a total of n times, we we have the following proposition.Proposition 2.5.8 If done (next i init)!! false for all i < n and done (nextn init)!! true , thenloop init next done !! nextn init

Foundations for Programming Languages 98The translation of iterative loops into re ursive fun tions always produ es a re ursive fun tionwith a parti ular form. A re ursive fun tion with a de�nition of the formf(x) = if B then M else f(N);where neither B , M nor N ontains f , is alled a tail-re ursive fun tion. In languages su h asLisp and S heme, where re ursive fun tions are used extensively, tail-re ursive fun tions are oftenre ognized by the ompiler. The reason for treating tail-re ursive fun tions separately is that thesemay be ompiled into eÆ ient iterative ode that does not require a new a tivation re ord (sta kframe) for ea h re ursive all in the sour e program.Example 2.5.9 Using pairing, we may translate the following iterative algorithm into PCF.x := 100;y := 0;while :(Eq?x y) do x := x� 1; y := y + 1 endThe initial value of the pair hx; yi is h100; 0i . Using the synta ti sugar introdu ed in Exer ise2.2.12, we may write the body of the while loop as the following \next" fun tionnext def= �hx:nat ; y:nati: hx� 1; x+ 1i:The test for loop termination may be written similarly as done def= �hx:nat ; y:nati: (Eq? x y).Putting these together, the while loop may be written asL def= loop h100; 0inext doneIf we let F be the termF def= �f :nat �nat!nat �nat : �p:nat �nat : if (done p) then p else f(next p):then we may redu e the PCF expression representing the while loop as follows:L � (�f :nat �nat!nat �nat : fh100; 0i)(�x F )! (�x F )h100; 0i! F (�x F )h100; 0i! (�p:nat �nat : if Eq?(Proj 1p)(Proj 2p) then pelse (�x F )h(Proj 1p)� 1; (Proj 2p) + 1i)h100; 0i! if Eq?(Proj 1h100; 0i)(Proj 2h100; 0i) then h100; 0ielse (�x F )h(Proj 1h100; 0i) � 1; (Proj 2h100; 0i) + 1iAt this point, we depart from left-most redu tion order and evaluate all the proje tions, additionsand subtra tions before ontinuing.!! if Eq? 100 0 then h100; 0i else (�x F )h99; 1i! if false then h100; 0i else (�x F )h99; 1i! (�x F )h99; 1iAt this point, we have ompleted \exe ution" of one iteration of the while loop. Continuing inthis manner, we an see that the fun tional expression omputes the �nal values of x and y byapproximately the same sequen e of additions, subtra tions and tests as the iterative while loop.

Foundations for Programming Languages 99We may ompare the sequen e of operations involved in a while loop and its PCF translationby giving a redu tion rule for while loops. A natural rule whi h orresponds to the way thatiteration is a tually implemented iswhile :B do S end ! if B then skip else(S;while :B do S end)where skip is a statement that does nothing. We may use this redu tion rule to argue informallythat an iterative algorithm x := init ;while :(done x) do x := (next x) endand its translation into PCF perform the same sequen e of evaluations of init,next and done. Thereader is en ouraged to work this out in Exer ise 2.5.10.Exer ise 2.5.10 Translate the imperative algorithmq := 0;r := m ;while r � n doq := q + 1;r := r � n ;odinto PCF by de�ning fun tions init next done. (You will have to use re ursion to implement thetest r � n .) Use the redu tion rule for while loops to argue informally that the loop and its PCFtranslation involve essentially the same arithmeti operations. You may assume left-most order ofPCF evaluation.Exer ise 2.5.11 Translate the following imperative algorithm to ompute the greatest ommondivisor into PCF by de�ning fun tions init next done.while n 6= 0 dor := m;while r � n dor := r � n;odm := n;n := r;odThink of this program as using m and n as input, and produ ing a new value of m as output.

Foundations for Programming Languages 1002.5.4 Total re ursive fun tionsIn this se tion and the next, we ompare the natural-number fun tions de�nable in PCF with the lasses of total and partial re ursive fun tions (de�ned below and in the next se tion). The mainresults are that all re ursive total and partial fun tions on the natural numbers are de�nable inPCF. Similar proofs using Turing ma hines are given in the exer ises.A ommonly a epted belief, alled Chur h's thesis, is that every numeri fun tion that is omputable by any pra ti al omputer is re ursive. This thesis was formulated in the 1930's,before ele troni omputers, during a period when mathemati ians were a tively investigating thepossibility and impossibility of solving problems by systemati algorithms. One reason for believingChur h's thesis is that all of the formalisms for de�ning omputable fun tions that were proposedin the 1930's, and sin e, give rise to the same set of fun tions on the natural numbers. The earlyformalisms in lude the re ursive fun tions, Turing ma hines, and lambda al ulus. It follows fromChur h's thesis (although this is no way to prove something rigorously), that every partial or totalfun tion de�nable in PCF is re ursive. The reason is that we have an algorithm for omputingany de�nable fun tion, namely redu tion. It is not hard to give a rigorous proof that every PCF-de�nable fun tion is re ursive, although we will not do so sin e this involves tri ks with re ursivefun tions and does not shed mu h light on PCF itself. One reason for proving that every re ursivetotal or partial fun tion is de�nable in PCF is that, via Chur h's thesis, this gives eviden e thatevery omputable fun tion on the natural numbers is de�nable in PCF. In other words, this is as lose as we an get to showing that, at least for natural-number fun tions, PCF is a \universal"programming language. The se ond reason is that, by appealing to unde idable properties ofre ursive fun tions, we obtain interesting unde idability properties of PCF.A subtle issue that is not often dis ussed in basi ourses on omputability or omplexity theoryis the limitation of Chur h's thesis for fun tions on types other than the natural numbers. For basi data su h as booleans, strings or arrays of su h data, it makes sense to think of the omputablefun tions as pre isely those fun tions we an ompute when we ode ea h boolean, string or arrayby a natural number. By this reasoning, we an see that any programming language that letsus asso iate natural numbers with its basi data types, and ompute all re ursive fun tions onthe natural numbers, is \universal" for de�ning omputable fun tions on all the basi data types.However, for \in�nite" values, su h as fun tions, the issue is not as lear ut. In parti ular,mathemati al logi ians have identi�ed several distin t lasses of \ omputable fun tions on thenatural-number fun tions" and have not been able to prove that these are identi al. A relatedphenomenon is dis ussed in Se tion 2.5.6, where we show that ertain \parallel" operations are notde�nable in PCF, in spite of the ability to de�ne all re ursive fun tions on the natural numbers.Sin e there are some subtle points about termination and fun tion omposition for partialfun tions, we begin with the simple ase of total fun tions. Sin e we have pairing in PCF, wewill onsider total re ursive fun tions of more than one argument. A fun tion f is numeri iff :N k ! N for some k > 0. If C is a lass of numeri fun tions, we say C is� Closed under omposition if, for every f1; : : : ; f`:N k ! N and g:N ` ! N from C , the lassC also ontains the fun tion h de�ned byh(n1; : : : ; nk) = g(f1(n1; : : : ; nk); : : : ; f`(n1; : : : ; nk));� Closed under primitive re ursion if, for every f :N k*N and g:N k+2*N from C , the lassC ontains the fun tion h de�ned byh(0; n1; : : : ; nk) = f(n1; : : : ; nk)h(m+ 1; n1; : : : ; nk) = g(h(m;n1; : : : ; nk);m; n1; : : : ; nk);

Foundations for Programming Languages 101� Closed under minimization if, for every f :N k+1 ! N from C su h that8n1; : : : ; nk:9m: f(m;n1; : : : ; nk) = 0, the lass C ontains the fun tion g de�ned byg(n1; : : : ; nk) = the least m su h that f(m;n1; : : : ; nk) = 0:The lass R of total re ursive fun tions is the least lass of numeri fun tions that ontains theproje tion fun tions Projki (n1; : : : ; nk) = ni , the su essor fun tion �x:nat : x+1, the onstant zerofun tion �x:nat : 0, and that is losed under omposition, primitive re ursion, and minimization.We an show that every total re ursive fun tion is de�nable in PCF, in the following pre isesense. For any natural number n 2 N , let us write dne for the orresponding numeral of PCF. Wesay a numeri fun tion f :N k ! N is PCF-de�nable, or simply de�nable, if there is a losed PCFexpression M :natk!nat , where natk is the k -ary produ t type nat � : : :�nat , su h that8n1; : : : ; nk 2 N : Mhdn1e; : : : ; dnkei = df(n1; : : : ; nk)e:Theorem 2.5.12 Every total re ursive fun tion is de�nable in PCF.Proof To show that every total re ursive fun tion is de�nable in PCF, we must give the proje tionfun tions Projki , the su essor fun tion, and the onstant zero fun tion, and show losure under omposition, primitive re ursion, and minimization. Some of the work has already been done inExer ise 2.5.7 and Proposition 2.5.3. Following the de�nitions in Se tion 2.5.1, we letProj11 def= �x:nat : xProjk1 def= �x:natk:Proj1 x (1 < k)Projki def= �x:natk:Projk�1i�1 (Proj2 x) (1 < i � k)As in the de�nition of the lass of total re ursive fun tions, we may de�ne su essor and the onstantfun tion returning zero by su def= �x:nat : x+ 1;zero def= �x:nat : 0:If f1 : : : f`:N k!N and g:N `!N are represented by the PCF terms M1 : : : M` and N , respe -tively, then the fun tion h de�ned by omposition is represented by the term�x:natk: NhM1x; : : : ;M`xi:If f :N k!N and g:N k+2!N are represented by M and N , then the fun tion h de�ned byprimitive re ursion is represented by�hx:nat ; y:natki: prim (M y) (�hm:nat ; n:nati: N hm; hn; yii)x;where prim is as in Exer ise 2.5.7. Finally, to establish losure under minimization, supposef :N k+1!N is represented by M , and for every n1 : : : nk there exists an m su h that f(m;n1 : : : nk) =0. By Proposition 2.5.3, the fun tion g de�ned by minimization is represented by�x:natk: sear h(�n:nat :M hn; xi):

Foundations for Programming Languages 102Exer ise 2.5.13 Although a Turing ma hine may ompute a partial fun tion, there is a naturaltotal fun tion asso iated with every Turing ma hine, namely, the fun tion giving the ontents ofthe tape after n steps. This exer ise asks you to show dire tly that this fun tion is de�nable inPCF and on lude that every fun tion omputed by a Turing ma hine that halts on all input isde�nable in PCF.There are a number of equivalent de�nitions of Turing ma hines. As a reminder, and to setnotation, we brie y review one standard de�nition (from [HU79℄) before stating the problem. ATuring ma hine is given by a tuple hQ;�;�; Æ; q1; 6b; F iwhere Q = fq1; :::; qng is a �nite set of states; � is the (�nite) input alphabet, not in luding 6 b ,the \blank" symbol; � is the (�nite) tape alphabet with � � �;Æ : Q��* Q���fL;Rgis a partial fun tion telling the next state, symbol to write on the tape, and dire tion to move thetape head; q1 is the start state; 6 b is the \blank" symbol; and F � Q is the set of �nal a eptingstates. Sin e Æ may be a partial fun tion, Æ(q; g) may be unde�ned for some state q 2 Q and tapesymbol g 2 �. In this ase, the ma hine halts and does not move. (The ma hine also halts if itmoves o� the left end of the tape.) The ma hine a epts its input if it halts in a �nal state q 2 F .Sin e Q , � and fL;Rg are all �nite, the transition fun tion Æ is a �nite set. There is no loss ofgenerality in assuming that there is exa tly one �nal state qf 2 F and that Æ(q; g) is de�ned i�q 6= qf . This makes Æ a total fun tion from (Q � fqfg)�� to Q���fL;Rg . We may assumethat � = f0; 1g and � = � [ f6 bg , sin e any symbol may be oded by a sequen e of bits (usingASCII, for example). In this problem, you may represent 6b by the number 2.(a) We will ode a Turing ma hine tape using a oding of pairs as natural numbers. Spe i� ally,a pair of natural numbers hn;mi may be oded by the natural numberpr (n;m) = (n+m)(n+m+ 1)=2 +m:This may be understood by arranging all the pairs of natural numbers in an in�nite table,with h0; 0i in the upper left orner and �rst and se ond oordinates in reasing as we movedown and right in the table (respe tively). If we \walk" through this table along the northeastdiagonals, moving to the next diagonal when we rea h the top border, then the pair hn;miis rea hed after pr(n;m) steps. Show that the pairing fun tion pr and the orrespondingproje tion fun tions p1 and p2 mapping pr (n;m) to n and m are de�nable in PCF.(b) We may ode a �nite sequen e of natural numbers as follows:seq() = pr (0; 0)seq(ns) = pr ((k + 1); pr (n; seq(s)))where in the seq(ns) ase we may follow the onvention that k is the length of sequen e s .Show that if m = seq(ns), we may ompute n from m in PCF. Show that if m = seq(s), wemay ompute seq(ns) from m and n in PCF.( ) Let M be a Turing ma hine, as des ribed above, with states numbered 1 through qM .Suppose q � qM is a natural number representing a state of M , natural number n` odes

Foundations for Programming Languages 103the sequen e of tape symbols to the left of the tape head, as in (b) above, and nr odes thesequen e of tape symbols under and to the right of the tape head. Show that the next stateand two numbers representing the ontents of the Turing ma hine tape are omputable fromthe q , n` and nr in PCF.(d) Show that for any Turing ma hine M , the fun tionfM(j; s; n) = the j th tape symbol after n omputation steps of M on initial tape sis representable in PCF, where the initial tape ontents are oded as a natural number.(e) A Turing ma hine M omputes a total numeri fun tion f :N ! N if, when started with thebinary representation of n on the tape, the ma hine halts with the binary representation off(n) on the tape. Show that every total fun tion omputed by a Turing ma hine is de�nablein PCF.2.5.5 Partial re ursive fun tionsIn this se tion, we show that every partial re ursive fun tion is de�nable in PCF. Sin e it is generallybelieved that all me hani ally omputable fun tions are partial re ursive fun tions, as dis ussed inSe tion 2.5.4, the main theorem of this se tion suggests that every fun tion on the natural numbersthat ould be omputed by any ordinary omputer is de�nable in PCF. Two orollaries are thatthere is no algorithm to determine whether a PCF expression has a normal form and no algorithmto determine whether two PCF expressions are provably equal.Although we may prove the main theorem of this se tion without repeating the indu tive argu-ment of Theorem 2.5.12, there are two reasons for giving a dire t indu tive proof. The �rst is toemphasize the di�eren e between representing a total fun tion and representing a partial one. These ond is to gain further intuition for the evaluation me hanism of PCF and its relation to stan-dard mathemati al onventions about partial fun tions. This intuition may be useful in onsidering\parallel" fun tions in the next se tion.We dis uss the representation of partial fun tions before de�ning the lass of partial re ursivefun tions.Suppose we have some partial fun tion f :N * N whi h we would like to represent by aPCF expression. We learly want a losed term M :nat!nat su h that Mdne gives the value off(n) when f(n) is de�ned. However, it is not as lear what property M should have if f(n) isnot de�ned. One possibility, of ourse, is to not to require any property of Mdne . However, ana urate representation of a partial fun tion is a term M with Mdne \de�ned" i� f(n) is de�ned.This requires some notion of \unde�ned term." A onvenient representation of unde�nedness, ornontermination, is that Mdne should have no normal form when f(n) is unde�ned. We will adoptthis below for terms that represent numeri fun tions.We say a partial fun tion f :N k * N is PCF-de�nable, or simply de�nable, if there is a losedPCF expression M :natk!nat su h that for all n1; : : : ; nk 2 N , we haveMhdn1e; : : : ; dnkei = ( df(n1; : : : ; nk)e if f(n1; : : : ; nk) is de�ned,has no normal form otherwiseThe reader familiar with untyped lambda al ulus may know that the onvention for partial fun -tions is to represent unde�nedness by la k of a head normal form. For PCF, a head normal form,is either a numeral, a boolean onstant (true or false ), or term of the form �x:�:M or hM;Ni ,

Foundations for Programming Languages 104a ording to its type. Sin e a term of type nat or bool has a normal form i� it has a head normalform, the type onstraints of PCF make the two possible de�nitions equivalent. Those interestedin untyped lambda al ulus may wish to onsult [Bar84, Se tion 8.4℄ for a dis ussion of partialre ursive fun tions in the pure, untyped lambda al ulus.To show that every partial re ursive fun tion is de�nable in PCF, we give a pre ise de�nitionof the lass of all partial re ursive fun tions. A partial fun tion f is numeri if f :N k * N forsome k > 0. If C is a lass of partial numeri fun tions, we say C is� Closed under omposition if, for all partial fun tions f1; : : : ; f`:N k * N and g:N ` * Nfrom C , the lass C also ontains the partial fun tion h de�ned byh(n1; : : : ; nk) = 8><>: g(m1; : : : ;m`) if mi = fi(n1; : : : ; nk) de�ned 1 � i � `and g(m1; : : : ;m`) is de�ned,unde�ned otherwise.� Closed under primitive re ursion if, for every f :N k*N and g:N k+2*N from C , the lassC ontains the partial fun tion h de�ned byh(0; n1; : : : ; nk) = ( f(n1; : : : ; nk) if f(n1; : : : ; nk) de�nedunde�ned otherwise.h(m+ 1; n1; : : : ; nk) = 8>><>>: g(p;m; n1; : : : ; nk); if p = h(m;n1; : : : ; nk) andg(p;m; n1; : : : ; nk) are de�ned,unde�ned otherwise.� Closed under minimization if, for every partial f :N k+1 * N from C , the lass C ontainsthe partial fun tion g de�ned byg(n1; : : : ; nk) = 8>><>>: the least m with f(m;n1; : : : ; nk) = 0;when su h an m exists,unde�ned otherwise.The lass PR of partial re ursive fun tions is the least lass of partial numeri fun tions ontainingthe proje tion fun tions Projki (n1; : : : ; nk) = ni , the su essor fun tion �x:nat : x+1, the onstantzero fun tion �x:nat : 0, and losed under omposition, primitive re ursion, and minimization.Theorem 2.5.14 Every partial re ursive fun tion is de�nable in PCFProof The proof is similar to the proof of Theorem 2.5.12, ex ept that the term representing a par-tial re ursive fun tion must not have a normal form when the partial re ursive fun tion is unde�ned.We an see that this requires some hanges by onsidering the omposition ase. If f; g:N *Nare unary partial re ursive fun tions, represented by PCF terms M and N , then in the proof ofTheorem 2.5.12, we represent the omposition h(n) = g(f(n)) by the term �x:nat : N (Mx). How-ever, this does not have the orre t termination behavior when f may be partial. For example, letg be the onstant fun tion g(x) = 3 and f a partial fun tion with f(5) unde�ned. The ordinarymathemati al onvention is to onsider h(5) = g(f(5)) unde�ned sin e f(5) is unde�ned. However,the appli ation (�x:nat : N (Mx)) 5 redu es to 3 in PCF.

Foundations for Programming Languages 105A simple tri k is to de�ne a fun tion nvg that may be used to for e nontermination in PCFwhen required. Due to typing restri tions, we will de�ne a separate fun tion nvgk for ea h naturalnumber k > 0. If f and g are numeri fun tions of k arguments, then nvgk f g will behave likeg , ex ept that an appli ation to k arguments will only have a normal form (or \halt") when theappli ation of f has a normal form. For any k > 0, the fun tion nvgk may be written as follows: nvgk f g def= �x:natk: if Eq? (fx) 0 then gx else gx:For any x , if fx an be redu ed to normal form then (whether this is equal to zero or not) theresult is gx . However, if fx annot be redu ed to a normal form, then the onditional an neverbe eliminated and nvgk f g will not have a normal form. The main reason why this works is thatwe annot redu e Eq? (fx) 0 to true or false without redu ing fx to normal form.Using nvg, we an de�ne a omposition f and g that is de�ned only when f is de�ned. Forexample, if f; g:N *N are unary partial re ursive fun tions represented by PCF terms M andN , we represent their omposition by the term nvgM (�x:nat :(N(Mx))). The generalization tothe omposition of partial fun tions f1; : : : ; f`:N k * N and g:N ` * N is straightforward andleft to the reader.The remaining ases of the proof are treated similarly, using nvgk for appropriate k . Thereader is en ouraged to write out the argument for primitive re ursion, and onvin e him- orherself that no modi� ation is needed for minimization.This theorem has some important orollaries. Both of the orollaries below follow from awell-known unde idability property of re ursive fun tions. Spe i� ally, there is no re ursive, oralgorithmi , method for de iding whether a re ursive partial fun tion is de�ned on some argument.This fa t is often referred to as the re ursive unsolvability of the Halting Problem. Exer ise 2.5.18des ribes a dire t proof that the PCF halting problem is not solvable in PCF.Corollary 2.5.15 There is no algorithm for de iding whether a given PCF expression has a normalform.Proof If there were su h an algorithm, then by Theorem 2.5.14, we ould de ide whether a givenpartial re ursive fun tion was de�ned on some argument, simply by writing the fun tion applied toits argument in PCF.Corollary 2.5.16 There is no algorithm for de iding equality between PCF expressions.Proof If there were su h an algorithm, then by Theorem 2.5.14, we ould de ide whether a givenpartial re ursive fun tion was de�ned on some argument. Spe i� ally, given a des ription of a partialfun tion f , we may produ e PCF term M representing the appli ation f(n) by the straightforwardalgorithm outlined in the proof of Theorem 2.5.14, for any n . Then, using the supposed algorithmto determine whether if Eq?MM then 0 else 0 = 0, we ould de ide whether f(n) is de�ned.Exer ise 2.5.17 A primitive re ursive fun tion is a total re ursive fun tion that is de�ned withoutusing minimization. The Kleene normal form theorem states that every partial re ursive fun tionf :N k * N may be written in the formf(n1; : : : ; nk) = p(the least n with tk(i; n1; : : : ; nk; n) = 1)where p and tk are primitive re ursive fun tions that are independent of f , and i depends on f .This is alled the Kleene normal form of f , after Stephen C. Kleene, and the number i is alled the

Foundations for Programming Languages 106index of partial re ursive fun tion f . The Kleene normal form theorem may be found in standardbooks on omputability or re ursion theory, su h as [Rog67℄.(a) Use the Kleene normal form theorem and Theorem 2.5.12 to show that every partial re ursivefun tion is de�nable in PCF.(b) Using the results of Exer ise 2.5.13, show that every partial fun tion omputed by a Turingma hine is de�nable in PCF.Exer ise 2.5.18 It is easy to show the halting problem for PCF is not solvable in PCF. Spe i� ally,the halting fun tion on type � , H� , is a fun tion whi h, when applied to any PCF term M� , returnstrue if M has a normal form (\halts"), and false otherwise. In this exer ise, you are asked to showthat there is no PCF term Hbool de�ning the halting fun tion on type bool , using a variant of thediagonalization argument from re ursive fun tion theory. Sin e the proof pro eeds by ontradi tion,assume there is a PCF term Hbool : bool! bool de�ning the halting fun tion.(a) Show that using Hbool , we may write a PCF term G: bool! bool with the property that forany PCF term M : bool , the appli ation GM has a normal form i� M does not.(b) Derive a ontradi tion by onsidering whether or not �x G has a normal form.

Foundations for Programming Languages 1072.5.6 Non-de�nability of parallel operationsWe have seen in Se tions 2.5.4 and 2.5.5 that the PCF-de�nable fun tions on numerals orrespondexa tly to the re ursive fun tions and (in the exer ises) the numeri fun tions omputable by Turingma hines. By Chur h's thesis, as dis ussed in Se tion 2.5.4, this suggests that all me hani ally omputable fun tions on the natural numbers are de�nable in PCF. However, as we shall see inthis se tion, there are operations that are omputable in a reasonable way, but not de�nable in PCF.The main theorem and the basi idea of Lemma 2.5.24 are due to Plotkin [Plo77℄. A semanti proofof Theorem 2.5.19 appears as Example 8.6.3, using logi al relations and the denotational semanti sof PCF.The main example we onsider in this se tion is alled parallel-or. Before dis ussing this fun -tion, it is worth remembering that for a PCF term to represent a k -ary fun tion on the naturalnumbers, we only onsider the result of applying the PCF term to a tuple of numerals. It is notimportant how the PCF term behaves when applied to expressions that are not in normal form.The di�eren e between the positive results on representing numeri fun tions in Se tions 2.5.4 and2.5.5 and the negative result in this se tion is that we now take into a ount the way a fun tionevaluates its arguments.It is easiest to des ribe the parallel-or fun tion algorithmi ally. Suppose we are given losedterms M;N : bool and wish to ompute the logi al disjun tion, M _ N . We know that eitherM !! true , M !! false , or M has no normal form, and similarly for N . One way to omputeM _ N is to �rst redu e both M and N to normal form, then return true if either is true andfalse otherwise. This algorithm omputes what is alled the sequential-or of M and N ; it will onlyterminate if both M and N have a normal form. For parallel-or, we wish to return true if eitherM or N redu es to true, regardless of whether the other term has a normal form. It is easy to seehow to ompute parallel-or in a omputational setting with expli it parallelism. We begin redu ingM and N in parallel. If either terminates with value true , we abort the other omputation andreturn true. Otherwise we ontinue to redu e both, hoping to produ e two normal forms. If bothredu e to false , then we return false . To summarize, the parallel-or of M and N is true if eitherM or N redu es to true , false if both redu e to false , and nonterminating otherwise.The rest of this se tion will be devoted to proving that parallel-or is not de�nable in PCF, asstated in the following theorem.Theorem 2.5.19 There is no PCF expression POR with the following behaviorPORM N !! 8><>: true if M !! true or N !! truefalse if M !! false and N !! falseno normal form otherwisefor all losed boolean expressions M and N .We will prove Theorem 2.5.19 by analyzing the operational semanti s of PCF. This gives us anopportunity to develop some general tools for operational reasoning. The �rst important de ision isto hoose a deterministi redu tion strategy instead of reasoning about arbitrary redu tion order.Sin e we will only be interested in redu tion on terms of type nat or bool , we an use lazy redu tion,de�ned in Se tion 2.4.3, instead of the more ompli ated left-most redu tion strategy. A onvenientway to analyze the redu tion of subterms is to work with ontexts. To identify a riti al subterm,we de�ne a spe ial form of ontext alled an evaluation ontext. While the analysis of parallel-oronly requires evaluation ontexts for boolean terms, we give the general de�nition for use in theexer ises and in Se tion 5.4.2. The evaluation ontexts of PCF are de�ned in Table 2.6.

Foundations for Programming Languages 108ev[ ℄ ::= [ ℄ j ev[ ℄ +M j n+ ev[ ℄ for numeral nj Eq?ev[ ℄M j Eq?nev[ ℄ for numeral nj if ev[ ℄ then N else Pj Projiev[ ℄ j ev[ ℄MTable 2.6: Evaluation ontexts for lazy PCF redu tion.An example appears below, after two basi lemmas. To make the outline of the proof of Theorem2.5.19 as lear as possible, we postpone the proofs of the lemmas to the end of the se tion.There are two main properties of evaluation ontexts. The �rst is that if M lazy! N , then Mmat hes the form of some evaluation ontext and N is obtained by redu ing the indi ated term.Lemma 2.5.20 If M lazy! N , then there is a unique evaluation ontext ev[ ℄ su h that M �ev[M 0℄, the redu tion M 0 ! N 0 is an instan e of one of the PCF redu tion axioms, and N �ev[N 0℄.Sin e we an determine the unique evaluation ontext mentioned in the lemma by pattern mat hing,evaluation ontexts provide a omplete hara terization of lazy redu tion.The se ond basi property of evaluation ontexts is that the lazy redu tion of ev[M ℄ is the lazyredu tion of M , when M has one. This is stated more pre isely in the following lemma.Lemma 2.5.21 If M lazy! M 0 then, for any evaluation ontext ev[ ℄, we have ev[M ℄ lazy! ev[M 0℄.A subtle point is that when M is a lazy normal form, the lazy redu tion of ev[M ℄ may be aredu tion that does not involve M .Example 2.5.22 The left-most redu tion of the term ((�x:nat : �y:nat : x+ y) 7) 5 + (�x:nat : x) 3is given in Example 2.4.11. As observed in Example 2.4.14 this is also the lazy redu tion of thisterm. We illustrate the use of evaluation ontexts by writing the evaluation ontext for ea h termin the redu tion sequen e. Sin e we underline the a tive redex, the evaluation ontext is exa tlythe part of the term that is not underlined.((�x:nat : �y:nat : x+ y) 7) 5 + (�x:nat : x) 3 ev[ ℄ � ([ ℄ 5) + (�x:nat : x) 3left! (�y:nat : 7 + y) 5 + (�x:nat : x) 3 ev[ ℄ � [ ℄ + (�x:nat : x) 3left! (7 + 5) + (�x:nat : x) 3 ev[ ℄ � [ ℄ + (�x:nat : x) 3left! 12 + (�x:nat : x) 3 ev[ ℄ � 12 + [ ℄left! 12 + 3 ev[ ℄ � [ ℄left! 15If we look at the se ond evaluation ontext, ev[ ℄ � [ ℄ + (�x:nat : x) 3, then it is easy to seethat when M lazy! M 0 the lazy redu tion of ev[M ℄ will be ev[M ℄ lazy! ev[M 0℄ , as guaranteed byLemma 2.5.21. However, if we insert a lazy normal form su h as 2 into the ontext, then theresulting term, ev[2℄ � 2+ (�x:nat : x) 3, will have its lazy redu tion ompletely to the right of theposition marked by the pla eholder [ ℄ in the ontext. Another ase arises with the �rst ontext,ev[ ℄ � ([ ℄ 5) + (�x:nat : x) 3. If we insert the lazy normal form M � �y:nat : 7 + y , we obtain aterm ev[M ℄ whose lazy redu tion involves a larger subterm than M .

Foundations for Programming Languages 109We note here that left-most redu tion an also be hara terized using evaluation ontexts. Todo so, we add six more forms to the de�nition of evaluation ontext, orresponding to the six rulesthat appear in Table 2.3 but not in Table 2.4. Lemma 2.5.20 extends easily to left-most redu tion,but Lemma 2.5.21 requires the additional hypothesis that M does not have the form �x:�:M1 orhM1;M2i .We use Lemma 2.5.21 in the analysis of parallel-or by showing that if the normal form of a ompound term depends on the subterms M1; : : : ;Mk , as we expe t the parallel-or of M1 and M2to depend on M1 and M2 , then we may redu e the term to the form ev[Mi℄ , for some i independentof the form of M1; : : : ;Mk . The intuition behind this is that some number of redu tion steps maybe independent of the hosen subterms. But if any of these subterms has any e�e t on the result,then eventually we must ome to some term ev[Mi℄ where the next redu tion depends on the formof Mi . The \sequential" nature of PCF is that when we rea h a term of the form ev[Mi℄ , it followsfrom Lemma 2.5.21 that if Mi is not a lazy normal form, we ontinue to redu e Mi until thissubterm term does not lazy-redu e further.Sin e we are interested in analyzing the redu tion steps applied to a fun tion of several argu-ments, we will use ontexts with more than one \hole" (pla e for inserting a term). A ontextC[ � ; : : : ; � ℄ with k holes is a synta ti expression with exa tly the same form as a term, but on-taining zero or more o urren es of the pla eholders [ ℄1; : : : ; [ ℄k , ea h assumed to have a �xed typewithin this expression. As for ontexts with a single hole, we write C[M1; : : : ;Mk℄ for the result ofrepla ing the ith pla eholder [ ℄i by Mi , without renaming bound variables.Our �rst lemma about redu tion in arbitrary ontexts is that the lazy redu tion of a term ofthe form C[M1; : : : ;Mk℄ is either a redu tion on C , independent of the terms M1; : : : ;Mk pla edin the ontext, or a redu tion that depends on the form of one of the terms M1; : : : ;Mk .Lemma 2.5.23 Let C[ � ; : : : ; � ℄ be a ontext with k holes. Suppose that there exist losed termsN1; : : : ; Nk of the appropriate types su h that C[N1; : : : ; Nk℄ is not in lazy normal form. Then Cmust have one of the following two properties:(i) There is a ontext C0[ � ; : : : ; � ℄ su h that for all losed terms M1; : : : ;Mk of the appropriatetypes C[M1; : : : ;Mk℄ lazy! C0[M1; : : : ;Mk℄.(ii) There is some i su h that for all losed terms M1; : : : ;Mk of the appropriate types there isan evaluation ontext ev[ ℄ with C[M1; : : : ;Mk℄ � ev[Mi℄.We use Lemma 2.5.23 to prove the following statement about sequen es of lazy redu tions.Lemma 2.5.24 Let C[ � ; : : : ; � ℄ be a ontext with k holes, let M1; : : : ;Mk be losed terms of theappropriate types for C and suppose C[M1; : : : ;Mk℄ is a program with normal form N . Then eitherC[M 01; : : : ;M 0k℄ redu es to N for all losed M 01; : : : ;M 0k of the appropriate types or there is someinteger i su h that for all losed M 01; : : : ;M 0k of the appropriate types there is an evaluation ontextev[ ℄ with C[M 01; : : : ;M 0k℄ lazy!! ev[M 0i ℄.An intuitive reading of this lemma is that some number of redu tion steps of a term C[M1; : : : ;Mk℄may be independent of all the Mi . If this does not produ e a normal form, then eventually theredu tion of C[M1; : : : ;Mk℄ will rea h a step that depends on the form of some Mi , with the numberi depending only on C .If we repla e lazy redu tion with left-most redu tion, then we may hange lazy normal form tonormal form in Lemma 2.5.23 and drop the assumption that C[M1; : : : ;Mk℄ is a program in Lemma2.5.24.

Foundations for Programming Languages 110Using Lemmas 2.5.21 and 2.5.24, we now prove Theorem 2.5.19.Proof of Theorem 2.5.19 Suppose we have a PCF expression POR de�ning parallel-or and onsider the ontext C[ � ; � ℄ def= POR [ ℄1 [ ℄2 . Sin e POR de�nes parallel-or, C[true ; true℄ !! trueand C[false ; false℄!! false . By Lemma 2.5.24, there are two possibilities for the lazy redu tion ofC[true; true ℄ to true . The �rst implies that C[M1;M2℄!! true for all losed boolean terms M1 andM2 . But this ontradi ts C[false; false ℄!! false . Therefore, there is an integer i 2 f1; 2g su h thatfor all losed boolean terms M1;M2 , there is an evaluation ontext ev[ ℄ with C[M1;M2℄ lazy!! ev[Mi℄ .But, by Lemma 2.5.21, this implies that if we apply POR to true and the term �x bool (�x: bool : x)with no normal form, making �x bool (�x: bool : x) the ith argument, we annot redu e the resultingterm to true . This ontradi ts the assumption that POR de�nes parallel-or.The reader may reasonably ask whether the non-de�nability of parallel-or is a pe uliarity ofPCF or a basi property shared by sequential programming languages su h as Pas al and Lisp.The main ompli ating fa tor in omparing PCF to these languages is the order of evaluation.Sin e a Pas al fun tion all P(M,N) is ompiled so that expressions M and N are evaluated beforeP is alled, it is lear that no boolean fun tion P ould ompute parallel-or. However, we an askwhether parallel-or is de�nable by a Pas al (or Lisp) ontext with two boolean positions. Morepre isely, onsider a Pas al program ontext P[ � ; � ℄ with two \holes" for boolean expressions (orbodies of fun tions that return boolean values). An important part of the exe ution of P[M; N℄ iswhat happens when M or N may run forever. Therefore, it is sensible and nontrivial to ask whetherparallel-or is de�nable by a Pas al or Lisp ontext. If we were to go to the e�ort of formalizing theexe ution of Pas al programs in the way that we have formalized PCF evaluation, it seems verylikely that we ould prove that parallel-or is not de�nable by any ontext. The reader may enjoytrying to demonstrate otherwise by onstru ting a Pas al ontext that de�nes parallel-or and seeingwhat obsta les are involved. In Lisp, it is possible to de�ne parallel-or by de�ning your own evalfun tion. However, the apparent need to de�ne a non-standard eval illustrates the sequentialityof standard Lisp evaluation.Proof of Lemma 2.5.20 We use indu tion on the proof, in the system of Table 2.4, that M lazy! N .The base ase is that M!N is one of the redu tion axioms (these are listed in Table 2.2). If thisis so, then the lemma holds with ev[ ℄ � [ ℄ . The indu tion steps for the inferen e rules in Table2.4 are all similar and essentially straightforward. For example, if we have P +R lazy! Q+R by therule P lazy! QP +R lazy! Q+R ;then by the indu tion hypothesis there is a unique evaluation ontext ev0[ ℄ su h that P � ev0[P 0℄ ,P 0 ! Q0 is a redu tion axioms, and Q � ev0[Q0℄ . The lemma follows by taking ev[ ℄ � ev0[ ℄ +R .Proof of Lemma 2.5.21 We prove the lemma by indu tion on the stru ture of evaluation ontexts.In the base ase, we have an evaluation ontext ev[ ℄ � [ ℄ . Sin e ev[M ℄ �M and ev[M 0℄ �M 0 ,it is easy to see that under the hypotheses of the lemma, ev[M ℄ lazy! ev[M 0℄ .There are a number of indu tion ases, orresponding to the possible synta ti forms of ev[ ℄ .Sin e the analysis of ea h of these is similar, we onsider three representative ases.The ase ev[ ℄ � ev0[ ℄ +M1 is similar to most of the ompound evaluation ontexts. In this ase, ev[M ℄ � ev0[M ℄ +M1 and, by the indu tion hypothesis, ev0[M ℄ lazy! ev0[M 0℄ . Sin e ev0[M ℄is not synta ti ally a numeral, no axiom an apply to the entire term ev0[M ℄ +M1 . Therefore the

Foundations for Programming Languages 111only rule in Table 2.4 that applies is ev0[M ℄ lazy! ev0[M 0℄ev0[M ℄ +M1 lazy! ev0[M 0℄ +M1 :This gives us ev[M ℄ lazy! ev[M 0℄ .The two other ases we will onsider are proje tion and fun tion appli ation. A ontextev[ ℄ � Projiev0[ ℄ is an evaluation ontext only if ev0[ ℄ does not have the synta ti formof a pair. Sin e M lazy! M 0 implies that M is not a pair, we know that ev[M ℄ and ev0[M ℄ do nothave the synta ti form of a pair. It follows that no redu tion axiom applies to the entire termProjiev0[M ℄ . Therefore, by the indu tion hypothesis that ev0[M ℄ lazy! ev0[M 0℄ , we on lude thatev[M ℄ � Projiev0[M ℄ lazy! Projiev0[M 0℄ � ev[M 0℄ .The last ase we onsider is ev[ ℄ � ev0[ ℄N . This is similar to the proje tion ase. The ontext ev0[ ℄ annot be a lambda abstra tion, by the de�nition of evaluation ontexts, and Mis not a lambda abstra tion sin e M lazy! M 0 . It follows that ev0[M ℄ does not have the synta ti form of a lambda abstra tion. Sin e the redu tion axiom (�) does not apply to the entire termev0[M ℄N , we use the indu tion hypothesis ev0[M ℄ lazy! ev0[M 0℄ and the de�nition of lazy redu tionin Table 2.4 to on lude that ev[M ℄ lazy! ev[M 0℄ .Proof of Lemma 2.5.23 We prove the lemma by indu tion on the stru ture of ontexts. If C isa single symbol, then it is either one of the pla eholders, [ ℄i , a variable or a onstant. It is easy tosee that C has property (ii) if it is a pla eholder and property (i) if it is some other symbol.For a ontext C1[ � ; : : : ; � ℄+C2[ � ; : : : ; � ℄ , we onsider two ases, ea h dividing into two sub aseswhen we apply the indu tion hypothesis. If there exist terms M1; : : : ;Mk with C1[M1; : : : ;Mk℄not in lazy normal form, then we apply the indu tion hypothesis to C1 . If C1[M1; : : : ;Mk℄ lazy!C01[M1; : : : ;Mk℄ for all M1; : : : ;Mk , then it is easy to see from the de�nition of lazy redu tion thatC1[M1; : : : ;Mk℄ + C2[M1; : : : ;Mk℄ lazy! C01[M1; : : : ;Mk℄ + C2[M1; : : : ;Mk℄for all M1; : : : ;Mk . On the other hand, if for every M1; : : : ;Mk we an write C1[M1; : : : ;Mk℄ �ev[Mi℄ , then C1[M1; : : : ;Mk℄ + C2[M1; : : : ;Mk℄ � ev[Mi℄ + C2[M1; : : : ;Mk℄and we have an evaluation ontext for Mi . The se ond ase is that C1[M1; : : : ;Mk℄ is a numeraland therefore M1; : : : ;Mk do not o ur in C1[M1; : : : ;Mk℄ . In this ase, we apply the indu tionhypothesis to C2 and reason as above.The indu tion steps for Eq? and if : : : then : : : else : : : are similar to the addition ase.The indu tion steps for pairing and lambda abstra tion are trivial, sin e these are lazy normalforms.For a ontext ProjiC[ � ; : : : ; � ℄ , we must onsider the form of C . If C[ � ; : : : ; � ℄ � [ ℄j ,then ProjiC[ � ; : : : ; � ℄ satis�es ondition (ii) of the lemma sin e this is an evaluation ontext.If C[ � ; : : : ; � ℄ � hC1[ � ; : : : ; � ℄; C2[ � ; : : : ; � ℄i , then ProjiC[ � ; : : : ; � ℄ satis�es ondition (i). IfC[ � ; : : : ; � ℄ has some other form, then ProjiC[M1; : : : ;Mk℄ annot be a (proj ) redex. Therefore,we apply the indu tion hypothesis to C and reason as in the earlier ases.The indu tion step for a ontext C1[ � ; : : : ; � ℄ C2[ � ; : : : ; � ℄ is similar to the Proji ase, ex eptthat we will need to use the assumption that all the terms we pla e in ontexts are losed. Spe i�- ally, if C1[ � ; : : : ; � ℄ � �x:�: C3[ � ; : : : ; � ℄ , then let C0 be the ontext C0[ � ; : : : ; � ℄ � [C2[ � ; : : : ; � ℄=x℄C1[ � ; : : : ; � ℄ .

Foundations for Programming Languages 112For all losed M1; : : : ;Mk we have(�x:�: C3[M1; : : : ;Mk℄)C2[M1; : : : ;Mk℄ lazy! C0[M1; : : : ;Mk℄and the ontext satis�es ondition (i) of the lemma. If C1[ � ; : : : ; � ℄ � [ ℄i , then as in the proje tion ase, the appli ation ontext satis�es ondition (ii) of the lemma. Finally, if C1[ � ; : : : ; � ℄ is some ontext that is not of one of these two forms, we reason as in the addition ase, applying theindu tion hypothesis to either C1 or, if C1[M1; : : : ;Mk℄ is a lazy a normal form for all M1; : : : ;Mk ,the ontext C2 . This ompletes the proof.Proof of Lemma 2.5.24 Let C[ � ; : : : ; � ℄ be a ontext with k holes and let M1; : : : ;Mk be losed terms of the appropriate types su h that C[M1; : : : ;Mk℄ has normal form N of observabletype. Then C[M1; : : : ;Mk℄ lazy!!n N , where n indi ates the number of redu tion steps. We provethe lemma by indu tion on n .In the base ase, C[M1; : : : ;Mk℄ � N is in normal form. There are two ases to onsider. Thedegenerate one is that C[M 01; : : : ;M 0k℄ is in normal form for all losed terms M 01; : : : ;M 0k of theappropriate types. But sin e the only results are numerals and boolean onstants, M 01; : : : ;M 0kmust not appear in N and the lemma easily follows. The se ond ase is that C[M 01; : : : ;M 0k℄ isnot in normal form for some M 01; : : : ;M 0k . Sin e C[M1; : : : ;Mk℄ is in normal form, ondition (i) ofLemma 2.5.23 annot hold. Therefore C[M 01; : : : ;M 0k℄ � ev[M 0i ℄ .In the indu tion step, with C[M1; : : : ;Mk℄ lazy!!m+1 N , Lemma 2.5.23 gives us two ases. Thesimpler is that there is some i su h that for all losed terms M 01; : : : ;M 0k of the appropriate typesC[M 01; : : : ;M 0k℄ has the form ev[M 0i ℄ . But then learly C[M 01; : : : ;M 0k℄ lazy!! ev[M 0i ℄ and the lemmaholds. The remaining ase is that there is some ontext C0[ � ; : : : ; � ℄ su h that for all M 01; : : : ;M 0kof appropriate types, we have a redu tion of the formC[M1; : : : ;Mk℄ lazy! C0[M1; : : : ;Mk℄ lazy!!m N:The lemma follows by the indu tion hypothesis for C0[ � : : : ; � ℄ . This on ludes the proof.Exer ise 2.5.25 Show that Lemma 2.5.24 fails if we drop the assumption that C[M1; : : : ;Mk℄ isa program.Exer ise 2.5.26 This exer ise asks you to prove that parallel- onditional is not de�nable in PCF.Use Lemmas 2.5.21 and 2.5.24 to show that there is no PCF expression PIF nat : bool!nat!nat!natsu h that for all losed boolean expressions M : bool and N;P;Q:nat with Q in normal form,PIFnat M N P !! Q i� 264 M !! true and N has normal form Q or,M !! false and P has normal form Q or,N;P both have normal form Q: 375(If we extend Lemmas 2.5.21 and 2.5.24 to left-most redu tion, the same proof shows that PIF �is not de�nable for any type � .)Exer ise 2.5.27 The operational equivalen e relation =op on terms is de�ned in Se tion 2.3.5.Show that if M and N are either losed terms of type nat or losed terms of type bool , neitherhaving a normal form, then M =op N .Exer ise 2.5.28 A plausible statement that is stronger than Lemma 2.5.24 is this:

Foundations for Programming Languages 113Let C[ � ; : : : ; � ℄ be a ontext with k holes, let M1; : : : ;Mk be losed terms of the appro-priate types for C and suppose C[M1; : : : ;Mk℄ lazy!! N , where N does not further redu eby lazy redu tion. Then either C[M 01; : : : ;M 0k℄ redu es to N for all losed M 01; : : : ;M 0k ofthe appropriate types or there is some integer i su h that for all losed M 01; : : : ;M 0k of theappropriate types there is an evaluation ontext ev[ ℄ with C[M 01; : : : ;M 0k℄ lazy!! ev[M 0i ℄ .The only di�eren e is that we do not require N to be in normal form. Show that this statement isfalse by giving a ounterexample. This may be done using a ontext C[ ℄ with only one pla eholder.Exer ise 2.5.29 [Sto91a℄ This problem asks you to show that parallel-or, boolean parallel- onditionaland natural-number parallel- onditional are all interde�nable. Parallel-or is de�ned in the state-ment of Theorem 2.5.19 and parallel- onditional is de�ned in Exer ise 2.5.26. An intermediate stepinvolves parallel-and, de�ned below.(a) Show how to de�ne POR from PIF bool by writing a PCF expression ontaining PIF bool .(b) Show how to de�ne PIF bool from PIFnat using an expression of the form�x: bool : �y: bool : �z: bool :Eq? 1 (PIF nat xM N):( ) Parallel-and, PAND, has the following behavior:PANDM N !! 8><>: true if M !! true and N !! true;false if M !! false or N !! false;no normal form otherwise.Show how to de�ne PAND from POR by writing a PCF expression ontaining POR .(d) Show how to de�ne PIF nat from POR using an expression of the form�x: bool : �y:nat : �z:nat : sear h Pwhere P :nat! bool has x; y; z free and ontains POR, PAND, and Eq?. The essentialproperties of sear h are summarized in Proposition 2.5.3 on page 95.

Foundations for Programming Languages 1142.6 Variations and Extensions of PCF2.6.1 Summary of extensionsThis se tion brie y summarizes several important extensions of PCF. All are obtained by addingnew types. The �rst extension is a very simple one, a type unit with only one element. The se ondextension is sum, or disjoint union, types. With unit and disjoint unions, we an de�ne bool asthe disjoint union of unit and unit . This makes the primitive type bool unne essary. The nextextension is re ursive type de�nitions. With re ursive type de�nitions, unit and sum types, we ande�ne nat and its operations, making the primitive type nat also unne essary. Other ommonly-used types that have straightforward re ursive de�nitions are sta ks, lists and trees. Another useof re ursive types is that we an de�ne the �xed-point operator �x on any type. Thus with unit ,sums and re ursive types, we may de�ne all of the type and term onstants of PCF.The �nal language is a variant of PCF with lifted types, whi h give us a di�erent view ofnontermination. With lifted types, written in the form �? , we an distinguish between natural-number expressions that ne essarily have a normal form and those that may not. Spe i� ally,natural-number terms that do not involve �x may have type nat , while terms that involve �x ,and therefore may not have a normal form, have the lifted type nat? . Thus the type nat of PCF orresponds to type nat? in this language. The syntax of many ommon programs be omes more ompli ated, sin e the distin tion between lifted and unlifted types for es us to in lude additionallifting operations in terms. However, the re�nement a hieved with lifted types has some theoreti aladvantages. One is that many more equational or redu tion axioms be ome onsistent with re ur-sion. Another is that we may study di�erent evaluation orders within a single framework. For thisreason, expli it lifting seems useful in meta-languages for studying other programming languages.All of the extensions summarized here may be ombined with polymorphism, treated in Chapter9 and other typing ideas in Chapters 10 and 11.2.6.2 Unit and sum typesWe add the one-element type unit to PCF, or any language based on typed lambda al ulus, byadding unit to the type expressions and adding the onstant �: unit to the syntax of terms. Theequational axiom for � is M = �: unitfor any term M : unit . Intuitively, this axiom says that every element of type unit is equal to � .This may be used as a redu tion rule, read left to right. While unit may not seem very interesting,it is surprisingly useful in ombination with sums and other forms of types.It should be mentioned that the redu tion rule for unit terms auses on uen e to fail, when ombined with � -redu tion [CD91, LS86℄. This does not have an immediate onsequen e for PCF,sin e we do not use � -redu tion.Intuitively, the sum type � + � is the disjoint union of types � and � . The di�eren e betweena disjoint union and an ordinary set union is that with a disjoint union, we an tell whi h type anyelement omes from. This is parti ularly noti eable when the two types overlap or are identi al.For example, if we take the set union of int and int , we just get int . In ontrast, the disjointunion of int and int has two \ opies" of int . Informally, we think of the sum type int+ int as the olle tion of \tagged" integers, with ea h tag indi ating whether the integer omes from the left orright int in the sum.

Foundations for Programming Languages 115The term forms asso iated with sums are inje tion and ase fun tions. For any types � and � ,the inje tion fun tions Inleft�;� and Inright�;� have typesInleft�;� : � ! � + �Inright�;� : � ! � + �Intuitively, the inje tion fun tions map � or � to �+ � by \tagging" elements. However, sin e theoperations on tags are en apsulated in the inje tion and ase fun tions, we never say exa tly whatthe tags a tually are.The Case fun tion applies one of two fun tions to an element of a sum type. The hoi ebetween fun tions depends on whi h type of the sum the element omes from. For all types �; �and � , the ase fun tion Case�;�;� has typeCase�;�;� : (� + �)! (�! �)! (�! �)! �Intuitively, Case�;�;� x f g inspe ts the tag on x and applies f if x is from � and g if x is from� . The main equational axioms areCase�;�;� (Inleft�;� x) f g = fxCase�;�;� (Inright�;� x) f g = gxBoth of these give us redu tion axioms, read left to right. There is also an extensionality axiom forsum types, Case�;�;� x (f Æ Inleft�;� ) (f Æ Inright�;� ) = f x;where f : (� + �)!(� + �). Some onsequen es of this axiom are given in Exer ise 2.6.3. Sin ethe extensionality axiom leads to in onsisten y, when ombined with �x, we do not in lude thisequational axiom in the extension of PCF with sum types (see Exer ise 2.6.4). We will drop thetype supers ripts from inje tion and ase fun tions when the type is either irrelevant or determinedby ontext.As an illustration of unit and sum types, we will show how bool may be eliminated if unit andsum types are added to PCF. We de�ne bool bybool def= unit + unitand boolean values true and false by true def= Inleft �false def= Inright �The remaining basi boolean expression is onditional, if : : : then : : : else : : : . We may on-sider this sugar for Case , as follows:if M then N else P def= Caseunit;unit;�M (K�;unitN) (K�;unitP );where N;P : � and K�;unit is the lambda term �x: �: �y: unit : x that produ es a onstant fun tion.To show that this works, we must he k the two equational axioms for onditional:if true then M else N = M;if false then M else N = N:

Foundations for Programming Languages 116The reader may easily verify that when we eliminate synta ti sugar, the �rst equational axiom forCase yields if true then M else N = K�;unitM � =M , and similarly for the se ond equation.Other uses of sum types in lude variants and enumeration types, onsidered in Exer ises 2.6.1and 2.6.2.Exer ise 2.6.1 A variant type is a form of labeled sum, bearing the same relationship to sumtypes as re ords do to produ t types. A variant type de�ning a sum of types �1; : : : ; �k is written[`1:�1; : : : ; `k:�k℄ , where `1; : : : ; `k are distin t synta ti labels. As for re ords, the order in whi hwe write the label/type pairs does not matter. For example, [A: int ; B: bool ℄ is the same type as[B: bool ; A: int ℄ .Intuitively, an element of the variant type [`1:�1; : : : ; `k:�k℄ is an element of one of the types �i ,for 1 � i � k , tagged with label `i . More pre isely, if M :�i , then the expression `[`1:�1;:::;`k:�k℄i (Mi)is an expression of type [`1:�1; : : : ; `k:�k℄ . The ase fun tion for [`1:�1; : : : ; `k:�k℄ has typeCase[`1:�1;:::;`k:�k℄; � : [`1:�1; : : : ; `k:�k℄!(�1! �)! : : :!(�k! �)! �and satis�es the equation Case[`1:�1;:::;`k:�k℄; � `i(Mi) f1 : : : fk = fiMi:(Although the label/type pairs are unordered in [`1:�1; : : : ; `k:�k℄ , the order of arguments learlymatters for Case[`1:�1;:::;`k:�k℄; � .) Following the pattern we use to treat re ords as sugar for produ ts(see Se tion 2.5.1), show how to treat variants as synta ti sugar for sums. Illustrate this bytranslating an expression ontaining o urren es of two di�erent variant types into PCF with sums.Exer ise 2.6.2 Enumeration types appear in Pas al and some subsequent programming languages.The elements of an enumeration type (`1; : : : ; `n) are the literals `1; : : : ; `n , whi h are onsidereddistin t values not equal to any values of any other type. (We do not onsider subranges orsubtypes of enumeration types here.) Show how to regard the enumeration type (`1; : : : ; `n) assynta ti sugar for the variant [`1: unit ; : : : ; `k: unit ℄ and illustrate your te hnique by showing howto translate an expression ontaining enumeration types and literals into a PCF expression withunit and variants.Exer ise 2.6.3 Prove the following onsequen es of the extensionality axiom for sum types, usingthe equational axioms and inferen e rules of PCF as needed.(a) Case x Inleft Inright = x .(b) f(Case x (g Æ Inleft) (g Æ Inright)) = Case x (f Æ g Æ Inleft) (f Æ g Æ Inright).( ) f(if M then N else P ) = if M then fN else fP , when desugared into sum opera-tions as des ribed in this se tion.(d) M = �z:� + � :Case z N P : (� + �)!(� + �) is provable whenever �x:�:M(Inleft x) =N : �!(� + �) and �y: � :M(Inright y) = P : �!(� + �) are both provable and z is notfree in N or P .Exer ise 2.6.4 This exer ise asks you to show that the extensionality axiom for sums is in onsis-tent with the equational axiom for �x, when ombined with the rest of the equational proof systemof PCF. The �rst observation of this phenomenon is generally redited to Lawvere [Law69℄.

Foundations for Programming Languages 117(a) De�ne fun tions not : bool! bool and eq?: bool! bool! bool and show that when we regardbool as sugar for unit+unit , we an prove the following three equations with boolean variablex : not (not x) = xeq?x (not x) = falseeq?xx = trueYou may use the results of Exer ise 2.6.3.(b) Re all from Exer ise 2.3.2 that every equation between well-formed terms of the same type isprovable from true = false by the axioms and inferen e rules of PCF. Use the three equationsproved in part (a) to prove true = false . You an do this by substituting a boolean expressionof the form �x B for x in two of the equations.2.6.3 Re ursive typesIn some programming languages, it is possible to de�ne types re ursively. An example is ML, whi hhas re ursive datatype de larations (see Exer ise 2.6.8). We may add re ursively-de�ned types toPCF, or any related language based on lambda al ulus, by adding type variables r; s; t; : : : to thesyntax of type expressions and a new form of type expression, �t:� . Intuitively, �t:� is the smallesttype ( olle tion of values) satisfying the equationt = �;where t will generally o ur in � . As with re ursive de�nitions in PCF, we ould introdu e a�xed-point operator and write �x (�t: �) for a solution to the equation t = � . The syntax �t:� ould be onsidered sugar for �x (�t: �). However, we will avoid lambda abstra tion in types bytaking � as primitive. We onsider the denotational semanti s of re ursive type de larations inSe tion 7.4.The operator � binds t in �t:� , so we have both free and bound type variables in type expres-sions. However, sin e no term onstru ts bind type variables, we only use losed types in terms.More spe i� ally, the type expressions of PCF with nat and bool eliminated but unit , sum andre ursive types added are the losed type expressions generated by the following grammar:� ::= t j unit j � + � j ��� j �!� j �t:�Sin e terms that ontain types with free type variables lead to polymorphism, these are dis ussedin Chapter 9. We onsider type expressions that di�er in the names of bound variables equivalent.With re ursive types, we must onsider the issue of type equality with some are. Althoughintuitively �t:� introdu es a solution to the equation t = � , there are two possible interpretations.One is that these are truly indistinguishable types. In this view, type equality be omes relatively ompli ated, sin e t = � implies that t = [�=t℄� . Written using the � syntax, this gives us theequation �t:� = [�t:�=t℄�Many other equations follow, in luding some that are not dire tly derivable from an axiom ofthis form [AC91℄. While the type equality view has some appeal, this makes it more diÆ ult todetermine whether terms are well typed. Spe i� ally, we must onsider type equality in terms,allowing a term of one type to be used wherever a term of equal but synta ti ally di�erent type isrequired. We may avoid this by taking the se ond view of type re ursion.

Foundations for Programming Languages 118The alternate view is to solve an equation t = � by �nding a type t that is isomorphi to � .Isomorphi , in this ontext, means that there is a fun tion from �t:� to [�t:� = t℄� , and one in theopposite dire tion, ea h the inverse of the other. We express this by writing�t:� �= [�t:�=t℄�where �= indi ates an isomorphism. In the isomorphism view, �t:� is not equal to [�t:�=t℄� , butthere are fun tions that allow us to \ onvert" a value of type �t:� to [�t:�=t℄� , and vi e versa.With re ursive types satisfying isomorphisms instead of equations, we may ontinue to use synta ti equality for type equality (ex ept for renaming of bound type variables). The pri e is that we mustwrite the onversion fun tions between �t:� and [�t:�=t℄� in terms so that we know the synta ti type of ea h term exa tly.The term forms asso iated with re ursive types allow us to onvert a term of type �t:� to type[�t:�=t℄� , and vi e versa. If M : [�t:�=t℄� then upM :�t:�:If M :�t:� then dnM : [�t:�=t℄�:These two fun tions are inverses, as stated by the following equational axioms.dn (upM) =M; up (dnM) =M:Only the �rst axiom is traditionally used as a redu tion rule (read left to right). While the opera-tions up and dn disambiguate the types of terms, these are often umbersome to write. In later hapters, we will o asionally omit up and dn from examples to improve readability.We will show that with re ursive type de�nitions, unit and sum types, we an de�ne nat ,numerals for 0; 1; 2; : : : , and the su essor, prede essor and zero-test fun tions. As shown in Exer ise2.5.7, we may repla e addition and equality test (Eq?) of PCF by su essor, prede essor and zero-test without hanging the set of de�nable fun tions. Therefore, we an translate any expression ofPCF into the language with re ursive type de�nitions, unit and sum types.A distinguishing feature of the natural numbers is that if we add one more element to the setof natural numbers, we obtain a set that is in one-to-one orresponden e, or isomorphi , to the setof natural numbers. Sin e the sum unit + � has one more element than � , we therefore expe t natto satisfy the isomorphism nat �= unit + natThis leads us to the following de�nition of nat as a re ursive typenat def= �t: unit + tIntuitively, this may be understood by onsidering the isomorphismsnat �= unit + nat�= unit + (unit + nat)�= unit + (unit + (unit + nat))�= : : :�= unit + (unit + (unit + (unit + (unit + : : : + nat : : :))))Sin e we an ontinue this expansion as long as we like, we an think intuitively of nat as thedisjoint union of in�nitely many one-element types. We an think of the natural number 0 as oming from the �rst unit in this sum, 1 from the se ond unit , and so on for ea h natural number.

Foundations for Programming Languages 119To avoid onfusion between natural numbers and the terms that we use to represent naturalnumbers, we will write dne for the numeral (term) for n . Following the intuitive pi ture above, welet the numeral d0e for natural number 0 be the termd0e def= up (Inleft�):For any natural number n > 0, we may similarly de�ne the numeral dne bydne def= up (Inright up (Inright : : : up (Inleft�) : : :))with n o urren es of Inright and n+ 1 appli ations of up . The su essor fun tion just appliesup and Inright : su def= �x:nat : up (Inright x)We an he k that this has the right type by noting that if x:nat , then Inright x belongs tounit + nat . Therefore, up (Inright x):nat . The reader may verify that Sdne = dn + 1e for anynatural number n .The zero-test operation works by taking x:nat and applying dn to obtain an element ofunit + nat , then using Case to see whether the result is an element of unit (i.e., equal to 0) ornot. zero? def= �x:nat :Caseunit;nat;bool (dn x) (�y: unit : true) (�z:nat : false)The reader may easily he k that zero? d0e = true and zero? dne = false for n > 0.The �nal operation we need is prede essor. Re all that although there is no prede essor of 0, itis onventional to take pred 0 = 0. The prede essor fun tion is similar to zero? sin e it works bytaking x:nat and applying dn , then using Case to see whether the result is an element of unit(i.e., equal to 0) or not. If so, then the prede essor is 0; otherwise, the element of nat alreadyobtained by applying dn is the prede essor.pred def= �x:nat :Caseunit;nat;bool (dn x) (�y: unit : 0) (�z:nat : z)The reader may verify that for any x:nat we have pred (su x) = x . (This is part of Exer ise 2.6.5below.)A se ond illustration of the use of re ursive types has a very di�erent avor. While most ommon uses of re ursive types involve data stru tures, we may also write re ursive de�nitionsover any type using re ursive types. More spe i� ally, we may de�ne a fun tion �x� with theredu tion property �x� !! �f :�!�: f(�x� f) using only typed lambda al ulus with re ursivetypes. The main idea is to use \self-appli ation," whi h is not possible without re ursive types.More spe i� ally, if M is any PCF term, the appli ation MM annot be well-typed. The reason issimply that if M : � , then � does not have enough symbols to have the form �! � 0 . However, withre ursive types, (dnM)M may be well-typed, sin e the type of M ould have the form �t:t! � .We will de�ne �x� using a term of the form dnMM . The main property we want for dnMMis that dnMM !! �f :�!�: f(dnMM f):This redu tion gives us a good lue about the form of M . Spe i� ally, we an let M have the formM def= up ( �x: � : �f :�!�: f(dn xx f) )

Foundations for Programming Languages 120if we an �nd an appropriate type � . Sin e we want dnMM : (�!�)! � , the expression dn xx fin the body of M must have type � . Therefore, � must satisfy the isomorphism� �= �!(�!�)! �:We an easily a hieve this by letting� def= �t: t!(�!�)! �:We leave it to the reader to verify that if we de�ne �x� def= dnMM , or more simply�x� def= (�x: � : �f :�!�: f(dn xx f)) (up (�x: � : �f :�!�: f(dn xx f)))we have a well-typed expression with �x� !! �f :�!�: f(�x� f).The �xed-point operator we have just derived is a typed version of the �xed-point operator �from untyped lambda al ulus [Bar84℄. As outlined in Exer ise 2.6.7 below, any untyped lambdaterm may be written in a typed way using re ursive types.Exer ise 2.6.5 Using the de�nitions given in this se tion, show that we have the following redu -tions on natural number terms.(a) For every natural number n , we have Sdne !! dn+ 1e .(b) zero? d0e !! true and zero? dne !! false for n > 0.( ) If x is a natural number variable, then pred (su x)!! x .Exer ise 2.6.6 We may de�ne the type of lists of natural numbers using the following re ursivetype: list def= �t: unit + (nat � t)The intuition behind this de�nition is that a list is either empty, whi h we represent using theelement �: unit , or may be regarded as a pair onsisting of a natural number and a list.(a) De�ne the empty list nil : list and the fun tion ons :nat � list! list that adds a naturalnumber to a list.(b) The fun tion ar returns the �rst element of a list and the fun tion dr returns the listfollowing the �rst element. We an de�ne versions of these fun tions that make sense whenapplied to the empty list by giving them types ar : list ! unit + nat dr : list ! unit + listand establishing the onvention that when applied to the empty list, ea h returns Inleft � .Write terms de�ning ar and dr fun tions so that the following equations are provable: ar nil = Inleft � ar ( ons x `) = x dr nil = Inleft � dr ( ons x `) = `for x:nat and `: list .

Foundations for Programming Languages 121( ) Using re ursion, it is possible to de�ne \in�nite" lists of type list . Show how to use �x tode�ne a list Ln , for any numeral n , su h that ar Ln = n and dr Ln = Ln .Exer ise 2.6.7 The terms of pure untyped lambda al ulus (without onstant symbols) are givenby the grammar U ::= x j UU j �x:UThe main equational properties of untyped lambda terms are untyped versions of (�), (�) and(�). We may de�ne untyped lambda terms in typed lambda al ulus with re ursive types usingthe type �t: t! t . Intuitively, the reason this type works is that terms of type �t: t! t may beused as fun tions on this type, and onversely. This is exa tly what we need to make sense of theuntyped lambda al ulus.(a) Show that if we give every free or bound variable type �t: t! t , we may translate any untypedterm into a typed lambda term of type �t: t! t by inserting up , dn , and type designationson lambda abstra tions. Verify that untyped (�) follows from typed (�), untyped (�) followsfrom dn (upM) =M and untyped (�) and, �nally, untyped (�) follows from typed (�) andup (dnM) =M .(b) Without re ursive types, every typed lambda term without onstants has a unique normalform. Show that by translating (�x: xx)�x: xx into typed lambda al ulus, we an usere ursive types to write terms with no normal form.( ) A well-known term in untyped lambda al ulus is the �xed-point operatorY def= �f:(�x: f(xx))(�x: f(xx)):Unlike �, this term is only an equational �xed-point operator, i.e., Y f = f(Y f) but Y f doesnot redu e to f(Y f). Use a variant of the translation given in part (a) to obtain a typedequational �xed point operator from Y . Your typed term should have type (�!�)! � .Show that although Y f does not redu e to f(Y f), Y f redu es to a term Mf su h thatMf !! f Mf .Exer ise 2.6.8 The programming language ML has a form of re ursive type de laration, alleddatatype, that ombines sums and type re ursion. In general, a datatype de laration has the formdatatype t = `1 of �1 j : : : j `k of �kwhere the synta ti labels `1; : : : ; `k are used in the same way as in variant types (labeled sums).Intuitively, this de laration de�nes a type t that is the sum of �1; : : : ; �k , with labels `1; : : : ; `kused as inje tion fun tions as in Exer ise 2.6.1. If the de lared type t o urs in �1; : : : ; �k , thenthis is a re ursive de laration of type t . Note that the verti al bar j is part of the syntax of ML, notthe meta-language we are using to des ribe ML. A similar exer ise on ML datatype de larations,using algebrai spe i� ations instead of re ursive types and sums, appears in Chapter 3 (Exer ise3.6.4).The type of binary trees, with natural numbers at the leaves, may be de lared using datatypeby datatype tree = leaf of nat j node of tree � tree :Using the notation for variants given in Exer ise 2.6.1, this de lares a type tree satisfyingtree �= [leaf :nat ; node : tree � tree℄

Foundations for Programming Languages 122(a) Explain how to regard a datatype de laration as a re ursive type expression of the form�t:[: : :℄ using variants as in Exer ise 2.6.1. Illustrate your general method on the type of treesabove.(b) A onvenient feature of ML is the way that pattern mat hing may be used to de�ne fun tionsover de lared datatypes. A fun tion over trees may be de lared using two \ lauses," one forea h form of tree. In our variant of ML syntax, a fun tion over tree's de�ned by patternmat hing will have the formletre fun f(leaf (x:nat)) = Mj f(node(t1: tree ; t2: tree)) = Nin Pwhere variables x:nat and f : tree!� are bound in M , t1; t2: tree and f are bound in Nand f is bound in the the de laration body P . The ompiler he ks to make sure there isone lause for ea h onstru tor of the datatype. For example, we may de lare a fun tion fthat sums up the values of all the leaves as follows.letre fun f(leaf (x:nat)) = xj f(node(t1: tree ; t2: tree)) = f(t1) + f(t2)Explain how to regard a fun tion de�nition with pattern mat hing as a fun tion with Caseand illustrate your general method on the fun tion that sums up the values of all the leavesof a tree.

Foundations for Programming Languages 1232.6.4 Lifted typesLifted types may be used to distinguish possibly nonterminating omputations from ones that areguaranteed to terminate. We an see how lifted types ould have been used in PCF by re allingthat every term that does not ontain �x has a normal form. If we ombine basi boolean andnatural number expressions, pairs and fun tions, we therefore have a language in whi h every termhas a normal form. Let us all this language PCF0 . In Se tion 2.2.5, we ompleted the de�nitionof PCF by adding �x to PCF0 . In the pro ess, we extended the set of terms of ea h type in anontrivial way. For example, while every PCF0 term of type nat redu es to one of the numerals0; 1; 2; : : : , PCF ontains terms su h as �x (�x:nat : x) of type nat that do not have any normalform and are not provably equal to any numeral. This means that if we want to asso iate amathemati al value with every PCF term, we annot think of the values of type nat as simplythe natural numbers. We must onsider some superset of the natural numbers that ontains valuesfor all the terms without normal form. (Sin e it is very reasonable to give all nat terms withoutnormal form the same value, we only need one new value, representing nontermination, in additionto the usual natural numbers.) An alternative way of extending PCF0 with a �xed-point operatoris to use lifted types. Although lifted types are sometimes synta ti ally umbersome, when it omesto writing ommon fun tions or programs, lifted types have some theoreti al advantages sin e theylet us learly identify the sour es of nontermination, or \unde�nedness," in expressions.One reason to use lifted types is that many equational axioms that are in onsistent with �xmay be safely ombined with lifted types. One example, whi h is related to the in onsisten y ofsum types and �x outlined in Exer ise 2.6.4, is the pair of equationsEq? x x = true;Eq? x (n+ x) = false numeral n di�erent from 0.While these equations make good sense for the ordinary natural numbers, it is in onsistent to addthem to PCF. To see this, the reader may substitute �x (�x:nat : 1 + x) for x in both equationsand derive true = false . In ontrast, it follows from the semanti onstru tion in Se tion 5.2that we may onsistently add these two equations to the variant of PCF with lifted types (seeExample 2.6.10).Another important reason to onsider lifted types is that this provides an interesting and in-sightful way to in orporate alternative redu tion orders into a single system. In parti ular, aswe shall see below, both ordinary (nondeterministi or leftmost) PCF and Eager PCF (de�ned inSe tion 2.4.5) an be expressed in PCF with lifted types. This has an interesting onsequen e forequational reasoning about eager redu tion. The equational theory of Eager PCF is not given inSe tion 2.4.5 sin e it is relatively subtle and has a di�erent form from the equational theory ofPCF. An advantage of lifted types is that we may essentially express eager redu tion, and at thesame time allow ordinary equational reasoning. In parti ular, equational axioms may be used to\optimize" a term without hanging its normal form. This follows from on uen e of PCF withlifted types [How92℄. These advantages notwithstanding, the use of lifted types in programminglanguage analysis is a relatively re ent development and some synta ti and semanti issues remainunresolved. Consequently, this se tion will be a high-level and somewhat informal overview.The types of the language PCF? , alled \PCF with lifted types," are given by the grammar� ::= bool j nat j ��� j �!� j �?These are the types of PCF, plus the form �? whi h is read \� lifted." Intuitively, the elementsof �? are the same as the elements of � , plus the possibility of \nontermination" or \divergen e".

Foundations for Programming Languages 124Mathemati ally, we an interpret �? as the union of � and one extra element, written ?� , whi hserves as the value of any \divergent" term that is not equal to an element of type � .The terms of PCF? in lude all of the general forms of PCF, extended to PCF? types. Spe i�- ally, we have pairing, proje tion, lambda abstra tion and appli ation for all produ t and fun tiontypes. Sin e we an use if : : : then : : : else : : : on all types in PCF, we extend this to allPCF? types. More spe i� ally, if M then N else P is well-formed whenever M : bool andN;P :� , for any � . However, the basi natural number and boolean fun tions of PCF (numerals,boolean onstants, addition and equality test) keep the same types as in PCF. For example, 5 + xis a nat expression of PCF? if x:nat ; it is not an expression of type nat? . The equational andredu tion axioms for all of these operations are the same as for PCF. The language PCF? alsohas two operations asso iated with lifted types and a restri ted �xed-point operator. Sin e bothinvolve a lass of types alled the \pointed" types, we dis uss these before giving the remainingbasi operations of the language.Intuitively, the pointed types of PCF? are the types that ontain terms whi h do not yield anymeaningful omputational value. More pre isely, we an say that a losed term M :� is noninfor-mative if, for every ontext C[ ℄ of observable type, if C[M ℄ has a normal form, then C[N ℄ hasthe same normal form for every losed N :� . (An example noninformative term is �x (�x:�: x);see Lemma 2.5.24.) Formally, we say a type � is pointed if either � � �? , � � �1��2 and both�1; �2 are pointed, or � � �1!�2 and �2 is pointed. The reason �? has noninformative termswill be ome apparent from the type of the �xed-point operator. For a produ t �1��2 , we anwrite a noninformative term by ombining noninformative terms of types �1 and �2 . If M :�2is noninformative, and x:�1 is not free in M , then �x:�1:M is a noninformative term of type�1!�2 . The name \pointed," whi h is not very des riptive, omes from the fa t that a pointedtype has a distinguished element (or \point") representing the value of any noninformative term.The language PCF? has a �xed-point onstant for ea h pointed type:�x�: (�!�)! � � pointedThe equational axiom and redu tion axiom for �x are as in PCF.The �rst term form asso iated with lifted types is that if M :� , thenbM :�?:Intuitively, sin e the elements of � are in luded in �? , the term bM de�nes an element of � , onsidered as an element of �? . The se ond term form asso iated with lifting allows us to evaluateexpressions of �? to obtain expressions of type � . Sin e some terms of type �? do not de�neelements of � , this is formalized in a areful way. If M :�? and N : � , with � pointed and Npossibly ontaining a variable x of type � , thenlet bx:� =M in Nis a term of type � . The reader familiar with ML may re ognize this syntax as a form of \pattern-mat hing" let. Intuitively, the intent of let bx:� =M in N is that we \hope" that M is equalto bM 0 for some M 0 . If so, then the value of this expression is the value of N when x has thevalue of M 0 .The main equational axiom for b and let is(let b ) let bx:� = bM in N = [M=x℄N

Foundations for Programming Languages 125This is also used as a redu tion axiom, read left to right. Intuitively, the value of M :�? is either? or an element of � . If M =? , then let bx:� =M in N will have value ?� . In operationalterms, if M annot be redu ed to the form bM 0 , then let bx:� = M in N not be redu ibleto a useful form of type � . If M is equal to some bM 0 , then the value of let bx:� =M in Nis equal to [M 0=x℄N .If we add a onstant ?� : � representing \unde�nedness" or nontermination at ea h pointedtype � , we an also state some other equational properties.(let bx =?�? in M) = ?�M ?�?= N ?�? Mbx = Nbx M = N x not free in M;N :�? ! �Intuitively, the �rst equation re e ts the fa t that if we annot redu e M to the form bM 0 , thenlet bx = M in N is \unde�ned." The inferen e rule is a form of reasoning by ases, based onthe intuitive idea that any element of a lifted type �? is either the result of lifting an elementof type � or the value ?�? representing \unde�nedness" or nontermination at type � . However,we will not use onstants of the form ?� or either of these properties in the remainder of thisse tion. In general, they are not espe ially useful for proving equations between expressions unlesswe have a more powerful proof system (su h as the one using �xed-point indu tion in Se tion 5.3)for proving that terms are equal to ? .We will illustrate the use of lifted types by translating both PCF and Eager PCF into PCF? .A number of interesting relationships between lifted types and sums and re ursive types are beyondthe s ope of this se tion but may be found in [How92℄, for example. Before pro eeding, we onsidersome simple examples.Example 2.6.9 While there is only one natural way to write fa torial in PCF, there are some hoi es with expli it lifting. This example shows two essentially equivalent ways of writing fa torial.For simpli ity, we assume we have natural number subtra tion and multipli ation operations so thatif M;N :nat , then M �N :nat and M �N :nat . Using these, we an write a fa torial fun tion asfa t1 def= �xnat!nat?F1 , whereF1 def= �f :nat!nat?: �x:nat :if Eq?x 0 then b1 else let by = f(x� 1) in bx � y In the de�nition here, the type of fa t is nat!nat? . This is a pointed type, whi h is importantsin e we only have �xed points at pointed types. This type for fa t1 is also the type of the lambda-bound variable f in F1 . Sin e f :nat!nat? , we an apply f to arguments of type nat . However,the result f(x � 1) of alling f will be an element of nat? , and therefore we must use let toextra t the natural number value from the re ursive all before multiplying by x . If we wish toapply fa t1 to an argument M of type nat? , we do so by writinglet bx =M in fa t1 xAn alternative de�nition of fa torial is fa t2 def= �xnat?!nat?F2 , whereF2 def= �f :nat?! nat?: �x:nat?: let bz = x inif Eq? z 0 then b1 else let by = fbz � 1 in bz � y

Foundations for Programming Languages 126Here, the type of fa torial is di�erent sin e the domain of the fun tion is nat? instead of nat .The onsequen e is that we ould apply fa t2 to a possibly nonterminating expression. However,sin e the �rst thing fa t2 does with an argument x:nat? is for e it to some value z:nat , there isnot mu h exibility gained in this de�nition of fa torial. In parti ular, as illustrated below, bothfun tions al ulate 3! in essentially the same way. The reason fa t2 immediately for es x:nat? tosome natural number z:nat is that equality test Eq? requires a nat argument, instead of a nat? .For the �rst de�nition of fa torial, we an ompute 3! by expanding out three re ursive allsand simplifying as follows:(�x F1) 3!! if Eq? 3 0 then b1 else let by = (�x F1)(3� 1) in b3 � y !! let by =let by0 = (�x F1)(1) in b2 � y0 in b3 � y !! let by =let by0 =let by00 = (�x F1)0 in b1 � y00 in b2 � y0 in b3 � y Then, on e we have redu ed (�x F1)0!! b1 , we an set y00 to 1, then y0 to 1, then y to 2, thenperform the �nal multipli ation and produ e the �nal value 6.For the alternative de�nition, we have essentially the same expansion, beginning with b3 instead of 3 for typing reasons:(�x F2) b3 !! let bz = b3 inif Eq? z 0 then b1 else let by = (�x F2)bz � 1 in bz � y !! : : :!! let by =let by0 =let by00 = (�x F2)b0 in b1 � y00 in b2 � y0 in b3 � y The only di�eren e here is that in ea h re ursive all, the argument is lifted to mat h the type ofthe fun tion. However, the body F2 immediately uses let to \unlift" the argument, so the nete�e t is the same as for fa t1 .Example 2.6.10 As mentioned above, the equationsEq? x x = true;Eq? x (n+ x) = false numeral n di�erent from 0.are onsistent with PCF? , when x:nat is a natural number variable, but in onsistent when addedto PCF. We will see how these equations ould be used in PCF? by onsidering the PCF expressionletre f(x:nat):nat = if Eq?x 0 then 1 elseif Eq? f(x� 1) f(x� 1) then 2 else 3in f3

Foundations for Programming Languages 127If we apply left-most redu tion to this expression, we end up with an expression of the formif Eq? ((�x F )(3 � 1)) ((�x F )(3 � 1)) then 2 else 3whi h requires us to simplify two appli ations of the re ursive fun tion in order to determine thatf(2) = f(2). We might like to apply some \optimization" whi h says that whenever we have asubexpression of the form Eq?MM we an simplify this to true . However, the in onsisten y ofthe two equations above shows that this optimization annot be ombined with other reasonableoptimizations of this form.We annot eliminate the need to ompute at least one re ursive all, but we an eliminate theequality test using lifted types. A natural and routine translation of this expression into PCF? isletre f(x:nat):nat? = if Eq?x 0 then b1 elselet by = f(x� 1) in if Eq? y y then b2 else b3 in f3In this form, we have a subexpression of the form Eq? y y where y:nat . With the equations above,we an repla e this PCF? expression by an equivalent one, obtaining the provably equivalentexpression letre f(x:nat):nat? = if Eq?x 0 then b1 elselet by = f(x� 1) in b2 in f3The reason we annot expe t to simplify let by = f(x� 1) in b2 to b2 by any lo al optimiza-tion that does not analyze the entire de laration of f is that when f(x � 1) does not terminate(i.e., annot be redu ed to the form bM ), the two are not equivalent.Translation of PCF into PCF?The translation of PCF into PCF? has two parts. The �rst is a translation of types. We willmap expressions of type � from PCF to expressions of type � in PCF? , where � is the result ofrepla ing nat by nat? and bool by bool? . More spe i� ally, we may de�ne � by indu tion ontypes: bool = bool?nat = nat?�1��2 = �1��2�1!�2 = �1!�2It is easy to he k that for any PCF type � , the type � is pointed. This gives us a �xed-pointoperator of ea h type � .The translation of ompound PCF terms into PCF? is essentially straightforward. The mostinteresting part of the translation lies in the basi natural number and boolean operations. If M :�in PCF, we must �nd some suitable term M of type � in PCF? . The translation n of a numeraln is bn and the translations of true and false are similarly btrue and bfalse . It is easy tosee these have the right types. For ea h of the operations Eq?;+ and onditional, we will write alambda term of the appropriate PCF? type. Sin e Eq? ompares two natural number terms andprodu es a boolean, we will write a PCF? term Eq? of type nat?!nat?! bool? . The term forequality test isEq? = �x:nat?: �y:nat?: let bx0 = x in let by0 = y in bEq?x0 y0

Foundations for Programming Languages 128An intuitive explanation of this fun tion is that Eq? takes two arguments of type nat? , evaluatesthem to obtain elements of type nat (if possible), and then ompares the results for equality. Ifeither argument does not redu e to the form bM for M :nat , then the orresponding let annotbe redu ed. But if both arguments do redu e to the form bM , then we are ertain to be able toredu e both to numerals, and hen e we will be able to obtain btrue or bfalse by the redu tionaxiom for Eq?. The reader is en ouraged to try a few examples in Exer ise 2.6.14.The terms + for addition and ond for if : : : then : : : else : : : are similar in spirit toEq?. + = �x:nat?: �y:nat?: let bx0 = x in let by0 = y in bx0 + y0 ond� = �x: bool?: �y:�: �z:�: let bx0 = x in if x0 then y else zIn the translation of onditional, it is important to noti e that � is pointed. As a result, thefun tion body let bx0 = x in if x0 then y else z is well-typed.For pairing and lambda abstra tion, we lethM;Ni = hM; Ni�x:�:M = �x:�:Mand similarly for appli ation, proje tions and �xed points. Some examples appear in Exer ises 2.6.14and 2.6.16.The main properties of this translation are(i) If M :� in PCF, then M :� in PCF? .(ii) If M;N are synta ti ally distin t terms of PCF, then M;N are synta ti ally distin tterms of PCF? .(iii) If M ! N in PCF, then M ! N in PCF? . Conversely, if M is a normal form inPCF, then M is a normal form in PCF? .(iv) If M = N is provable in PCF, then M = N is provable in PCF? .While there are a number of ases, it is essentially straightforward to verify these properties. Itfollows from properties (ii) and (iii) that if M;N are distin t normal forms of PCF, then M;Nare distin t normal forms of PCF? .Translation of Eager PCF into PCF?Like the translation of PCF into PCF? , the translation of Eager PCF into PCF? has two parts.We begin with the translation of types.For any type � of Eager PCF, we de�ne the asso iated type � . Intuitively, � is the type ofEager PCF values (in the te hni al sense of Se tion 2.4.5) of type � . Sin e any Eager PCF termwill either redu e to a value, or diverge under eager redu tion, an Eager PCF term of type � willbe translated to a PCF? term of type �? . After de�ning � by indu tion on the stru ture of typeexpressions, we give an informal explanation.nat = natbool = bool�! � = �! �?�� � = �� �

Foundations for Programming Languages 129The Eager PCF values of type nat or bool orrespond to PCF? terms of type nat or bool . AnEager PCF fun tion value of type �! � has the form �x:�:M , where for any argument V , thebody [V=x℄M may either redu e to a value of type � or diverge under eager redu tion. Therefore,in PCF? , the values of type �! � are fun tions from � to �? . Finally, the Eager PCF values oftype �� � are pairs of values, and therefore have type �� � in PCF? .We translate a term M :� of Eager PCF with free variables x1:�1; : : : ; xk:�k to a term M :�?of PCF? with free variables x1:�1; : : : ; xk:�k , as follows:x = bx n = bn true = btrue false = bfalse M +N = let bx =M in let by = N in bx+ y Eq?MN = let bx =M in let by = N in bEq?x y if M then N else P = let bx =M in if x then N else PMN = let bf =M in let bx = N in fx�x:�:M = b�x:�:M �x�! � = b�x (�f : ((�! �)!(�! �))!(�! �):�g: (�! �)!(�! �): g(�x:�: let bh = fg in hx)) The translation of the �xed-point operator needs some explanation. As dis ussed in Se tion 2.4.5,Eager PCF only has �xed-point operators on fun tion types. The translation of the �xed-pointoperator on type �! � is re ursively de�ned to satisfy�x �! � = �g: (�! �)!(�! �): g(�x:�: let bh = �x�! � g in hx)This is essentially the Eager PCF property \�x = �g: (: : :): g(delay [�x g℄)" from Se tion 2.4.5,where with delay [M ℄ � �x: (: : :):Mx , using the fa t thatMx � let bf =M in let by = bx in fy= let bf =M in fxby axiom (let b ).In the next two examples, we dis uss the way that eager redu tion is preserved by this transla-tion. A general di�eren e between the eager redu tion strategy given in Se tion 2.4.5 and redu tionin PCF? is that eager redu tion is deterministi . In parti ular, eager redu tion of an appli ationMN spe i�es redu tion of M to a value (e.g., �x: (: : :):M 0 ) before redu ing N to a value. How-ever, from the point of view of a urately representing the termination behavior and values of anyexpression, the order of evaluation between M and N is not signi� ant. When an appli ationMN of Eager PCF is translated into PCF? , it will be ne essary to redu e both to the form b: : : ,intuitively orresponding to the translation of an Eager PCF value, before performing � -redu tion.However, PCF? allows either the fun tion M or the argument N to be redu ed �rst.Example 2.6.11 We may apply this translation to the term onsidered in Example 2.4.20. Sin ethis will help preserve the stru ture of the expression, we use the synta ti sugarM � N def= let bf =M in let bx = N in fxfor eager appli ation. For readability, we will also use the simpli� ationu+ v = let bx = bu in (let by = bv in bx+ y ) = bu+ v

Foundations for Programming Languages 130for any variables or onstants u and v , sin e this onsequen e of our equational axioms does not hange the behavior of the resulting term. Applying the translation to the term(�x (�x:nat!nat : �y:nat : y)) ((�z:nat : z + 1) 2)gives us (�x � b �x:nat!nat?:b�y:nat :by ) � (b �z:nat :bz + 1 � b2 )A useful general observation is that bM � bN !! MNbut that we annot simplify a form M 0 �N 0 unless M 0 has the form bM and N 0 has the form bN .The need to produ e \lifted values" (or, more pre isely, the lifting of terms that redu e to values)is important in expressing eager redu tion with lifted types. We an see that there are two possibleredu tions of the term above, one involving �x and the other (b�z:nat :bz + 1 � b2 )!! b2 + 1 .The reader may enjoy leftmost redu ing the entire expression and seeing how the steps orrespondto the eager redu tion steps arried out in Example 2.4.20.Example 2.6.12 We an see how divergen e is preserved by onsidering the termlet f(x:nat):nat = 3 inletre g(x:nat ):nat = g(x+ 1) in f(g 5)from Example 2.4.21. After repla ing let's by lambda abstra tion and appli ation, the translationof this term is b �f :nat!nat?:b�g:nat!nat?:bf � (g 5) � b �x:nat :b3 � ( �x � b�g:nat!nat?:b�x:nat : g(x+ 1) )where for simpli ity we have used bg � b5 = g 5 and bg � (x+ 1) = bg � bx + 1 = g(x + 1).Re all from Examples 2.4.6 and 2.4.21 that if we apply leftmost redu tion to the original term, weobtain 3, while eager redu tion does not produ e a normal form. We an see how the translationof Eager PCF into PCF? preserves the absen e of normal forms by leftmost-redu ing the result ofthis translation.Sin e the �rst argument and the main fun tion have the form b: : : , we an apply � -redu tionas des ribed in Example 2.6.11. This gives usb�g:nat!nat?:b�x:nat :b3 � (g 5) � ( �x � bG )where G def= �g:nat!nat?:b�x:nat : g(x + 1) . Our task is to redu e the argument ( �x � bG )to the form b: : : before performing the leftmost � -redu tion. We do this using the that�xnat!nat = b �x nat!nat? F !!b �g: (nat!nat?)!(nat! nat?): g(�x:nat : let bh = �x F g in hx) where F def= (�f : ((nat! nat?)!(nat!nat?))!(nat! nat?):�g: (nat!nat?)!(nat!nat?): g(�x:nat : let bh = fg in hx))

Foundations for Programming Languages 131However, we will see in the pro ess that the appli ation to 5 resulting from � -redu tion annot beredu ed to the form b: : : , keeping us from every rea hing the normal form b3 for the entire term.The expansion of �x above gives us�x � bG !! �x F G!! G (�x:nat : let bh = �x F G in hx)!! b�x:nat :((�x:nat : let bh = �x F G in hx) (x+ 1)) !! b�x:nat : let bh = �x F G in h(x+ 1) When the fun tion inside the b is applied to 5, the result must be redu ed to a form b: : : to omplete the redu tion of the entire term. However, this leads us to again redu e �x F G to thisform and apply the result to 6. Sin e this pro ess may be ontinued inde�nitely, the entire termdoes not have a normal form.The main properties of the translation from Eager PCF into PCF? are:(i) If M :� in Eager PCF, with free variables x1:�1; : : : ; xk:�k , then M :�? in PCF?with free variables x1:�1; : : : ; xk:�k .(ii) If M eager! N in Eager PCF, then M !! N in PCF? .(iii) If M is a losed term of Eager PCF of type nat or bool and is a numeral or trueor false , then M eager!! in Eager PCF i� M !! b in PCF? .(iv) If we let =eager be operational equivalen e of Eager PCF term, de�ned in the samewas as =op in Se tion 2.3.5 but using eager evaluation, and let =PCF? be operationalequivalen e in PCF? , then for losed terms M , N we have M =eager N i� M =PCF?N .It is largely straightforward to verify properties (i){(iii). Property (iv), however, involves onstru -tion of fully abstra t models satisfying the properties des ribed in Se tion 5.4.2. A proof has beendeveloped by R. Viswanathan.Exer ise 2.6.13 Suppose that instead of having �x� for every pointed � , we only have �xed-pointoperators for types of the form �? . Show that it is still possible to write a term with no normalform of ea h pointed type.Exer ise 2.6.14 Redu e the appli ation of Eq? to the following pairs of terms. You should ontinue until you obtain btrue or bfalse or it is apparent that one of the let's an never beredu ed.(a) b3 + 2 and b5 .(b) (�x:nat?: x)b3 + 2 and b(�x:nat : x+ 1) 3 .( ) �x (�x:nat?: x) and b19 .Exer ise 2.6.15 Carry out the redu tion of the term �x � b �x:nat!nat?:b�y:nat :by fromExample 2.6.11.

Foundations for Programming Languages 132Exer ise 2.6.16 The �bona i fun tion may be written in PCF as �b def= �xnat! natF , whereF def= �f :nat!nat : �x:nat :if (Eq?x 0) or (Eq?x 1) then 1 else f(x� 1) + f(x� 2)We assume for simpli ity that we have natural number subtra tion and a boolean or fun tion.(a) Translate the de�nition from (ordinary) PCF into PCF? and des ribe the redu tion of �b 3in approximately the same detail as Example 2.6.9. (Subtra tion and or should be translatedinto PCF? following the pattern given for + and Eq?. You may simplify bM � bN tobM�N , or perform other simpli� ations that are similar to the ones used in Example 2.6.11.)(b) Same as part (a), but use the translation from Eager PCF into PCF? .