Tait in one big step

We present a Tait-style proof to show that a simple functional normaliser for a combinatory version of System T terminates. Using a technique pioneered by Bove and Capretta, we can implement the normaliser in total Type Theory. The main interest in our construction is methodological, it is an alternative to the usual small-step operational semantics on the one side and normalisation by evaluation on the other. The present work is motivated by our longer term goal to verify implementations of Type Theory such as Epigram.


INTRODUCTION
Traditionally, decidability of equality for typed λ-calculi is established by showing strong normalisation for a small-step reduction relation [21,15]. However, this is not the only way to establish this result. To show decidability it is sufficient to construct a normalisation function which, for any term, calculates a normal form that is unique for the term's equivalence class. Indeed, normalisation by evaluation (NBE) [8,2,3,1,6] uses a constructive denotational semantics to construct a normalisation function by inverting the evaluation functional. While NBE has a number of advantages -it is elegant and theoretically well understood -it is hard to tinker with the normalisation function and the decision procedure, e.g. if we want to exploit symbolic equalities to avoid having to normalise terms altogether.
In the present paper we investigate yet another alternative: we directly implement a partial normalisation function and use a Tait-style construction to establish that the function terminates for all typable terms. We use a very simple calculus to demonstrate the approach: a combinatory version of System T. Our goal here is not to establish a new result but to show how Tait's proof can be adapted to show normalisation of big-step reduction and how to implement the normaliser in Type Theory using the technique of Bove and Capretta [9]. Using Tait's method to prove normalisation isn't new either, [16] uses a Tait style proof to show normalisation for a more sophisticated system. The restriction to a combinatory calculus is appropriate since more extensional equalities like full βη can be decided using a combination of a structural equivalence and weak normalisation, using a variant of the big-step semantics presented here as one component.
This work here is motivated by our goal to verify important aspects of the implementation of Epigram [19,17,5], e.g. to show that Epigram's Type Theory ETT (when suitably stratified) [11] is decidable. While the current implementation of ETT uses NBE to implement weak reduction, it is likely that we will move to a big-step reduction similar to the one presented here to be able to optimize the equality test more easily. At the same time, we are using Epigram [18,5] as a metalanguage to formalise the development presented here.

COMBINATORY SYSTEM T
We start by introducing our calculus, using Epigram as our metalanguage. Its types are given by a simple inductive definition using natural deduction style declarations of constants: data Ty : where N : Ty σ : Ty τ : Ty σ→τ : Ty We will overload the symbol → to refer to both the object function arrow that we define here and also the metatheoretic function arrow. Which one mean will be clear from the context. The symbol is Epigram's type of types and we declare all new symbols as Epigram data or let definitions. Terms are defined as an inductive family indexed by types; data σ : Ty Tm σ : where K : Tm σ→τ →σ S : Tm (σ→τ →ρ)→(σ→τ )→σ→ρ t : Tm σ→τ u : Tm σ t u : Tm τ 0 : Tm N suc : Tm N→N prec : The conversion relation is inductively defined, we present it here as an inductively defined family of types -however, this family should be regarded as propositional since we are not interested in the choice of derivations.
Here we use Prop just as a different name for . However, the intention is that inhabitants of Prop are proof-irrelevant, i.e. have at most one inhabitant. In the case of the definition above, this means that we will not use the choice of derivation to construct an element of a type.

NORMALISATION
Having defined the conversion relation we have specified the system and the goal is to show that conversion is decidable. We are going to establish this by normalisation which has other applications by exploiting the structure of normal forms. Our normal forms are values and partial applications 1 of combinators: Note that it is an immediate consequence of our definition that the only normal forms of type N are the numerals.
Traditionally, normal forms are considered as a subset of terms -in our setting this is replaced by defining − to be a simple embedding from normal forms to terms. It should be noted that the normal forms as subset of terms approach breaks down for more sophisticated systems, e.g. [1].
Our goal is to define a normalisation function let nf : Tm σ → Nf σ which should have the following properties: 1. Normalisation takes convertible terms to identical normal forms a a nf a = nf a 2. Terms are convertible to their normal forms a nf a As a consequence we obtain that convertibility corresponds to having the same normal form: Since the equality of normal forms is obviously decidable, we have that conversion is decidable.
We also obtain that all terms of type N are convertible to a numeral.
As a first approximation we write nf and its helper function napp to apply normal functions to normal arguments as general recursive functions. The function napp uses general recursion, we will show below that it is terminating for all well typed terms -note that the Epigram datatype only contains well typed terms. This seems to be a natural approach: we first implement a recursive function and then show that it is total. We also note that nf 's type already shows that normalisation is type-preserving, i.e. that a form of subject reduction holds.

BIG-STEP REDUCTION
We cannot reason about the general recursive functions nf and napp directly within Type Theory. Instead we are going to specify the graph of these functions as an inductively defined relations a binary relation − ⇓ − corresponding to nf and a ternary relation − $ − ⇓ − coresponding to napp. These relations are precisely the big-step reduction relations. We will use the relations to define termination predicates and we are able to use a variant of [9] to implement terminating versions of the functions.
We obtain the termination predicates − ⇓ and − $ − ⇓ by existentially quantifying over the result: We observe that the relations are deterministic -not very surprising since they are derived from function definitions: We have to relate the big-step semantics to our equational theory to be able to show that our normalisation function satisfies the properties 1. and 2. stated above. Property 1 is straightforward and just reflects that our normalisation functions only exploit valid equations: However, property 2., corresponding to confluence, proves more elusive. We would like to have However, any proof attempt breaks down at the transitivity rule 2 . Indeed, if our system wouldn't be strongly normalising this property depends on the Church-Rosser property for the small-step semantics, or an equivalent principle. To avoid this complication we anticipate that our big-step semantics is terminating anyway and hence we only need a principle corresponding to the weak Church-Rosser property, which is much easier to show: Proof: By induction over the derivation of t u, using lemma 1 2

STRONG COMPUTABILITY
The essence of Tait's proof was to strengthen strong normalisation to strong computability which is, in particular, closed under application. We do the same for normalisation for our bigstep semantics but, slightly misleading, stick to the historic term Strong Computability.
We first define a Strong Computability predicate on normal forms SCN by induction over types, here we are using − $ − ⇓ − to express that a strongly computable normal form terminates for all strongly computable arguments and produces a strongly computable result: The case for N is so trivial because, as we remarked before, the numerals are exactly the normal forms of type N. In case of more sophisticated inductive types, such as the type of ordinal notations, SCN for that type has to be defined inductively.
A strongly computable term is a term which reduces to a strongly computable normal form -this is represented in Epigram by defining the predicate SC: Our main technical lemma is that all normal forms are strongly computable:

Proposition 1
∀n : : Nf σ . SCN σ n 2 It is interesting to note that transitivity works for call-by-name but then the rule for congruence of application, which is unproblematic for call-by-value, causes trouble.

Proof:
We verify the case for a normal forms of arrow type σ→τ by induction on the normal form n.
For each case we assume a normal form n that is strongly computable and we exhibit an inhabitant of the relation n $ n ⇓ n and show that there is a normal form n that is strongly computable.
Case for nK 1 x: rK 2 and x is strongly computable by inductive hypothesis.
Case for nK: rK 1 and nK 1 n is strongly computable by the previous case.
Case for nS 2 x y: We have inductive hypotheses that x and y are strongly computable. It follows that the result of applying each of them to n to produce normal forms f and a respectively are strongly computable. It then follows that the the application of f to a to the normal form n is also strong computable.
For the big-step relation we must project out the inhabitants of the relations from the strong computability of f , a and n respectively to supply as arguments to rS 3 .
Case for nS 1 x: rS 2 and nS 2 x n is strongly computable by the previous case.
Case for nS: rS 1 and nS 1 n is strongly computable by the previous case.
Case for nsuc: rsuc 1 and nsuc 1 n has type Nf N so is strongly computable.
Case for nprec 2 f z: For this case we must do a further induction on the argument n which is a natural number. For the n0 case: rprec0 and strong computability of z is by inductive hypothesis. For the nsuc 1 n case strong computability is as follows: f is strongly computable by inductive hypothesis, the application of f to n to normal form so f is strongly computable. nprec 2 f z is strongly computable by inductive hypothesis and the application of f to nprec 2 f z is therefore strongly computable. We exhibit the inhabitant of the reduction relation as follows: The first argument to rprecsuc is from the strong computability of f the second is from the inductive hypothesis that nprec 2 f z is strongly computable and the third from the application of f to the inductive hypothesis nprec 2 , f z.
Case for nprec 1 f : rprec 2 and nprec 2 f n is strongly computable by the previous case.
Case for nprec: rprec 1 and nprec n is strongly computable by the previous case. 2 The main theorem is now an easy consequence: Proposition 2 All terms are Strongly Computable.

MSFP 2006
Proof. by induction on t.
Cases for K, S, 0, suc and prec are immediate. Case for application (t u): By appeal to the inductive hypotheses we know that t and u have normal forms which are strongly computable. By the definition of SCN their application is strongly computable Normalisation is an obvious corollary: Corollary 1 All terms are normalising.

IMPLEMENTING NORMALISATION
We have shown our main result -what remains to be done? To implement nf and napp in Type Theory we define versions of the functions which take the termination predicates as additional arguments. Here we follow Bove and Capretta, however, the situation is a bit more complicated here because we have nested recursive calls. It has been suggested to use inductive-recursive definitions here [14,9] but an easier alternative is to use the graph of the function as we have done here. This approach has also been suggested independently by Setzer recently [20].
We first define more general versions of the functions which also return an equation -this is necessary to deal with nested recursion.
let t : Tm σ p : t ⇓ n nf t p : ∃n : prec rprec ⇒ (nprec; refl) nf (t u) (rapp p1 p2 p3) ⇒ napp n1 n2 p3[coe q1 q2 where (n1; q1) = nf t p1 (n2; q2) = nf t p2 let n : Nf σ→τ , n : Nf σ p : n $ n ⇓ n napp n n p : ∃n : Nf τ . n = n We use the utility function . The definition of napp is structurally recursive over the derivation of the big-step relation, if we take into account that coercions are size preserving. This causes some additional effort in the actual formalisation of the construction.
Using the normalisation theorem we can now implement terminating versions of our normalisation function: And as a consequence of our previous results we obtain: We note that, computationally, the type-theoretic implementation of nf behaves the same as the recursive implementation since we have only added propositional arguments which cannot affect the computation. This could be made precise by using a compiler based on [10], which eliminates arguments not relevant at run-time.

CONCLUSIONS AND FURTHER WORK
It may seem that the last section didn't add much to the result, because indeed proposition 1 already established constructively that for any term there exists a normal form which is the result of the big-step reduction. Hence using the first projection for ∃ (i.e. by the axiom of choice) we could have obtain a normalisation function directly. However, what is the computational behaviour of this function? As it has already been observed by Berger [7]: we obtain NBE this way -in this case we obtain the normalisation algorithm in [13]. Hence, a potential advantage of the construction proposed here is that we get an implementation of the naive recursive algorithm for normalisation but in a terminating framework. We started with a partial-recursive function and invested some work to obtain the a function with the same computational behaviour but with the guarantuee of termination.
Comparing the technique of normalisation by reduction (NBR) presented here with NBE, which has been applied to the same calculus in [13], we suggest that NBR has the following potential advantages: • NBR is first order and can be further translated into an abstract machine using standard techniques. NBE requires a higher order meta-language, which already implements functional abstraction. • NBE is less precise about the actual computational behaviour, i.e. it inherits the evaluation order (e.g. call-by-name vs call-by-value) from the meta-language. It may be useful to vary evaluation order within the same calculus. • It seems to be often easier to modify the recursively defined normalisation function directly to implement optimisation than to modify the NBE semantics. An example is the admissible equality of S K K x x, which can be easily added to the recursive normaliser by adding the line napp (nS 2 nK nK) z ⇒ z while the corresponding modification of the NBE semantics is less obvious. • The separation of proof and algorithm in NBR makes it possible to use a classical normalisation proof, using Markov's principle.
• NBR together with a structural congruence could help to simplify normalisation algorithms for sophisticated systems like λ-calculus with coproducts, for which a normalisation function can be constructed using NBE for a sheaf-theoretic semantics [1].
Having said this, we acknowledge that NBE has a dual collection of advantages, which follows from the fact that it exploits the meta-langauge and hence we don't have to reimplement the basic machinery. The fact that NBE is based on denotational semantics did help to construct normalisation functions, e.g. in the case of coproducts, however, when looking for a better implementation we may have to move to NBR.
We have only dealt with a combinatory calculus and haven't addressed the intricacies of λabstraction in the presence of ξ and η rules. However, we do not actually suggest that these extensional rules, should be captured by incorporating them into the big-step relation but by combining a big-step reduction with a structural congruence, which is structurally recursive on types. This approach was suggested in [12] and is indeed the core of the Epigram typechecker as discussed (but not verified) in detail in [11]. We hope that the methodology presented here will be useful when verifying the core of the Epigram system itself.