Term Evaluation Systems with Refinements: First-Order, Second-Order, and Contextual Improvement

Abstract

For a programming language, there are two kinds of term rewriting: run-time rewriting (“evaluation”) and compile-time rewriting (“refinement”). Whereas refinement resembles general term rewriting, evaluation is commonly constrained by Felleisen’s evaluation contexts. While evaluation specifies a programming language, refinement models optimisation and should be validated with respect to evaluation. Such validation can be given by Sands’ notion of contextual improvement. We formulate evaluation in a term-rewriting-theoretic manner for the first time, and introduce Term Evaluation and Refinement Systems (TERS). We then identify sufficient conditions for contextual improvement, and provide critical pair analysis for local coherence that is the key sufficient condition. As case studies, we prove contextual improvement for a computational lambda-calculus and its extension with effect handlers.

Appendices

A Omitted Proofs

1.1 A.1 Proofs for Sect. 3 and Sect. 4

Theorem 26

(Theorem 7: sufficient condition for improvement). If a TERS is deterministic, value-invariant and locally coherent, then it supports improvement.

Proof

Take arbitrary \(k \in \mathbb {N}\) and \(t,u \in \textrm{T}_\Sigma \) such that \(t \Rightarrow _\mathcal {R} u\) and \(t \overset{k}{\rightarrow }_\mathcal {E} v \in Val \). We first prove that \(t \Rightarrow _\mathcal {R} u\) and \(t \overset{k}{\rightarrow }_\mathcal {E} v\) imply \(u \overset{m}{\rightarrow }_\mathcal {E} v'\), \(v =_{ Val } v'\) and \(k \ge m\), for any \(k \in \mathbb {N}\), by induction on k.

Base Case. When \(k = 0\), we have \(t = v\). Because the TERS \((\mathcal {E},\mathcal {R})\) is value-invariant, we have \(u \in Val \) and \(v =_{ Val } u\). We can take \(m = 0\).

Inductive Case. When \(k > 0\), there exists \(t' \in \textrm{T}_\Sigma \) such that \(t \rightarrow _\mathcal {E}t' \overset{k-1}{\rightarrow }_\mathcal {E} v\). Because the TERS \((\mathcal {E},\mathcal {R})\) is locally coherent, the \((\mathcal {R},\mathcal {E})\)-peak \((u,t,t')\) is joinable up to \(\mathcal {R} \); namely there exist \(t'',u' \in \textrm{T}_\Sigma \) and \(l,m,n \in \mathbb {N}\) such that \(t' \overset{l}{\rightarrow }_\mathcal {E} t''\), \(u \overset{n}{\rightarrow }_\mathcal {E} u'\), \(t'' \overset{m}{\Rightarrow }_\mathcal {R} u'\) and \(1+l \ge n\). Because the TERS \((\mathcal {E},\mathcal {R})\) is deterministic, \(t''\) must appear in the sequence \(t' \overset{k-1}{\rightarrow }_\mathcal {E} v\), and hence \(t \rightarrow _\mathcal {E}t' \overset{l}{\rightarrow }_\mathcal {E} t'' \overset{k-l-1}{\rightarrow }_\mathcal {E} v\). We prove that we have the following situation:

namely that there exist \(n' \in \mathbb {N}\) and \(v' \in Val \) such that \(u' \overset{n'}{\rightarrow }_\mathcal {E} v'\) and \(v =_{ Val } v'\), by induction on \(m \in \mathbb {N}\).

• Base case. When \(m = 0\), \(t'' = u'\). We can take \(n' = k-l-1\) and \(v' = v\). Because \(1+l \ge n\), we have \(k \ge n+n'\).

• Inductive case. When \(m > 0\), we have \(t'' \overset{m-1}{\Rightarrow }_\mathcal {R} u'' \Rightarrow _\mathcal {R} u'\) for some \(u'' \in \textrm{T}_\Sigma \). By I.H. on \(m-1\), we have \(u'' \overset{n''}{\rightarrow }_\mathcal {E} v''\) such that \(v'' =_{ Val } v\) and \(k-l-1 \ge n''\). Furthermore, by I.H. of the outer induction on \(n''\), we have \(u' \overset{n'}{\rightarrow }_\mathcal {E} v'\) such that \(v'' =_{ Val } v'\) and \(n'' \ge n'\). We finally have \(k \ge n+n'\).

As a result, we have \(u \overset{n+n'}{\rightarrow }_\mathcal {E} v'\) such that \(v =_{ Val } v'\) and \(k \ge n+n'\). We can take \(m = n+n'\).

Secondly, because \(\Rightarrow _\mathcal {R} \) is closed under any contexts, \(t \Rightarrow _\mathcal {R} u\) implies \(C[t] \Rightarrow _\mathcal {R} C[u]\) for any \(C \in Ctx \). Therefore, \(t \Rightarrow _\mathcal {R} u\) and \(C[t] \overset{k}{\rightarrow }_\mathcal {E} v\) imply \(C[u] \overset{m}{\rightarrow }_\mathcal {E} v'\) such that \(k \ge m\) and \(v =_{ Val } v'\), for any \(v \in Val \).    \(\square \)

Lemma 27

(Lemma 11). If a critical pair \((t_1,s,t_2)\) is joinable, then for any substitution \(\theta \), \((t_1\theta ,s\theta ,t_2\theta )\) is a joinable \((\mathcal {R},\mathcal {E})\)-peak.

Proof

We have a joinable \((\mathcal {R},\mathcal {E})\)-peak \((t_1,s,t_2)\). Since refinement and evaluation are closed under substitution, \((t_1\theta ,s\theta ,t_2\theta )\) is also a joinable \((\mathcal {R},\mathcal {E})\)-peak.    \(\square \)

Theorem 28

(Theorem 13: Critical pair theorem). A well-behaved TERS is locally coherent if and only if every critical pair is joinable.

Proof

The “only if” part is straightforward. In the following, we prove the “if” part.

Take an arbitrary \((\mathcal {R},\mathcal {E})\)-peak \((t_1,s,t_2)\). Our goal is to prove that this \((\mathcal {R},\mathcal {E})\)-peak is joinable. Since \(s \Rightarrow _\mathcal {R}t_1\), there exist \(p \in Pos (s)\), \((l \Rightarrow r) \in \mathcal {R}\) and \(\mathop {\textsf{subst}}\theta \) such that \(s|_p = l\theta \), \(t_1 = s[r\theta ]_p\) and \(s[\square ]_p \in Ctx \). We prove that the \((\mathcal {R},\mathcal {E})\)-peak \((t_1,s,t_2)\) is joinable, by induction on the length of the position p.

Base Case. When \(|p| = 0\), i.e. \(p = \varepsilon \), we have \(s = l\theta \) and \(t_1 = r\theta \). Because \(l\theta \rightarrow _\mathcal {E}t_2\), there exist \(p' \in Pos (l\theta )\), \((l' \rightarrow r') \in \mathcal {E}\) and \(\mathop {\textsf{subst}}\theta '\) such that \((l\theta )|_{p'} = l'\theta '\), \(t_2 = (l\theta )[r'\theta ']_{p'}\) and \((l\theta )[\square ]_{p'} \in Ectx \). We have an \((\mathcal {R},\mathcal {E})\)-peak \(P = (r\theta , l\theta , (l\theta )[r'\theta ']_{p'})\).

• If \(p' = \varepsilon \), and \(l \Rightarrow r\) and \(l \rightarrow r\) are variants of each other, we have \(r\theta = r'\theta '\) and the \((\mathcal {R},\mathcal {E})\)-peak P is joinable.

• Otherwise, there are two possibilities.

  • If \(p'\) is a non-variable position of l, the \((\mathcal {R},\mathcal {E})\)-peak P is an instance of the critical pair generated by an \((\mathcal {R},\mathcal {E})\)-overlap.

  • Otherwise, there exist sequences \(q_1,q_2\) and a variable y such that: \(q_1 \in Pos (l)\), \(l|_{q_1} = y\), \(q_2 \in Pos (y\theta )\), and \(p' = q_1q_2\). Because of the condition (1) of Definition 12, \((l\theta )[\square ]_{p'} \in Ectx \) implies \(l[\square ]_{q_1}, y\theta [\square ]_{q_2} \in Ectx \). The variable y must appear at most once in both l and r, due to the condition (3a) of Definition 12. If y does not appear in r, the \((\mathcal {R},\mathcal {E})\)-peak P is joinable by applying the rule \(l \Rightarrow r\) to \(t_2\). Otherwise, i.e. if y appears once in r, the rule \(l' \rightarrow r'\) can be applied to \(t_1\) thanks to the condition (3b) of Definition 12, and the rule \(l \Rightarrow r\) can be applied to \(t_2\). These two applications yield the same result. Therefore, we can conclude that the \((\mathcal {R},\mathcal {E})\)-peak P is joinable.

Inductive Case. When \(|p| > 0\), we have \(p = ip_t\) for some positive number i and some sequence \(p_t\). We have \(s = f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i,\ldots ,\overline{x_k}.u_k)\), \(l\theta = u_i|_{p_t}\). We have an \((\mathcal {R},\mathcal {E})\)-peak

$$ P' = (f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots ,\overline{x_k}.u_k),\,f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i,\ldots ,\overline{x_l}.u_l),\,t_2). $$

By \(s \rightarrow _\mathcal {E}t_2\), there exist \(p' \in Pos (s)\), \((l' \rightarrow r') \in \mathcal {E}\) and \(\mathop {\textsf{subst}}\theta '\) such that \(s|_{p'} = l'\theta '\), \(t_2 = s[r'\theta ']_{p'}\) and \(s[\square ]_{p'} \in Ectx \). We proceed by case analysis on \(p' \in Pos (s)\).

• When \(p' = \varepsilon \) , we have \(s = l'\theta '\) and \(t_2 = r'\theta '\).

  • If p is a non-variable position of \(l'\), the \((\mathcal {R},\mathcal {E})\)-peak \(P'\) is an instance of the critical pair generated by an \((\mathcal {E},\mathcal {R})\)-overlap.

  • Otherwise, there exist sequences \(q_1,q_2\) and a variable y such that: \(q_1 \in Pos (l')\), \(l'|_{q_1} = y\), \(q_2 \in Pos (y\theta ')\), and \(p = q_1q_2\). The variable y appears at most once in \(l'\), due to the condition (4) of Definition 12. We can apply the rule \(l' \rightarrow r'\) to \(t_1\). We can also apply the rule \(l \Rightarrow r\) to \(t_2\), as many times as y appears in \(r'\). These applications of \(l' \rightarrow r'\) and \(l \Rightarrow r\) yield the same result. The \((\mathcal {R},\mathcal {E})\)-peak \(P'\) is therefore joinable.

• When \(p' \ne \varepsilon \), i.e. \(p' = i'p'_t\) for some positive number \(i'\) and some sequence \(p'_t\), there are two possibilities.

  • When \(i' = i\), by I.H., we have a joinable \((\mathcal {R},\mathcal {E})\)-peak

    $$ Q = (u_i[r\theta ]_{p_t}, u_i, u_i[r'\theta ']_{p'_t}). $$

    Because \(f(\ldots ,\overline{x_i}.u_i[\square ]_{p_t},\ldots ) \in Ectx \), we have \(f(\ldots ,\overline{x_i}.\square ,\ldots ) \in Ectx \) too, thanks to the condition (1) of Definition 12. Therefore, joinability of the \((\mathcal {R},\mathcal {E})\)-peak Q implies joinability of the \((\mathcal {R},\mathcal {E})\)-peak \(P'\).

  • When \(i' \ne i\), we can assume that \(i' < i\) without loss of generality. The \((\mathcal {R},\mathcal {E})\)-peak

    $$\begin{aligned} P' = (&f(\ldots ,\overline{x_{i'}}.u_{i'},\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots ), \\ &f(\ldots ,\overline{x_{i'}}.u_{i'},\ldots ,\overline{x_i}.u_i,\ldots ), \\ &f(\ldots ,\overline{x_{i'}}.u_{i'}[r'\theta ']_{p'_t},\ldots ,\overline{x_i}.u_i,\ldots )) \end{aligned}$$

    is joinable (to \(f(\ldots ,\overline{x_{i'}}.u_{i'}[r'\theta ']_{p'_t},\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots )\)), thanks to the condition (2) of Definition 12.

   \(\square \)

1.2 A.2 The TERS \({\textbf {Nats}} \)

Proposition 29

The TERS \({\textbf {Nats}} \) is deterministic, value-invariant and locally coherent.

Proof

The TERS \({\textbf {Nats}} \) is deterministic, because evaluation rules concern distinct symbols.

To prove value-invariance, we assume \(v \Rightarrow _\mathcal {R} u\) for some \(v \in Val \) and \(u \in \textrm{T}_\Sigma \). It must hold that \(v = \texttt{s}^n(0)\), and in this case, the refinement \(v \Rightarrow _\mathcal {R} u\) is impossible. The TERS \({\textbf {Nats}} \) is trivially value-invariant.

To prove local coherence, we use Theorem 13. We first show that the TERS \({\textbf {Nats}} \) is well-behaved. The condition (1) of Definition 24 is trivially satisfied. As for the condition (2), each evaluation context \(E \in Ectx \) never includes the constant \(\texttt{nats}\), and hence the refinement rule cannot be applied to E[t] to obtain \(C'[t]\). Therefore the condition (2) is trivially satisfied. The other conditions of well-behavedness are easy to check. We then show that any critical pair is joinable. There is only one critical pair, and it is indeed joinable as follows.

   \(\square \)

1.3 A.3 On Linearity Conditions

For a TERS to be well-behaved, its evaluation rules must be left-linear, and its refinement rules must be linear (see Definition 12). Here we observe that relaxing these linearity conditions, with a reasonable set of evaluation contexts and values, leads to non-joinable \((\mathcal {R},\mathcal {E})\)-peaks that are not instances of a critical pair.

Let a TERS \(\mathcal {E}_{\textsf{S}}\) be defined as follows.

We define \(=_{ Val } \) by the syntactic equality \(\equiv \). The operation \(\overset{?}{\equiv }\) checks syntactic equality.

The non-left-linear refinement rule \(x - x \Rightarrow 0\) induces the following non-joinable \((\mathcal {R},\mathcal {E})\)-peak.

In the term \(\texttt{s}(x + y) - (\texttt{s}(x) + y)\), the sub-term \(\texttt{s}(x) + y\) cannot be evaluated, because \(\texttt{s}(x + y)\) is not a value.

The non-right-linear refinement rule \(0 \Rightarrow x - x\) induces the following non-joinable \((\mathcal {R},\mathcal {E})\)-peak.

This \((\mathcal {R},\mathcal {E})\)-peak is not joinable with respect to our definition of joinability (see Definition 4). The bottom term \(0 - 0\) must not take more evaluation steps than the top term 0.

Finally, the non-left-linear evaluation rule \(x \overset{?}{\equiv }x \rightarrow 0\) induces the following non-joinable \((\mathcal {R},\mathcal {E})\)-peak.

In the term \(\texttt{s}(x + y) \overset{?}{\equiv }(\texttt{s}(x) + y)\), the sub-term \(\texttt{s}(x) + y\) cannot be evaluated, because \(\texttt{s}(x + y)\) is not a value.

1.4 A.4 Proofs for Sect. 5 and Sect. 6

Lemma 30

(Lemma 23). If a critical pair \((t_1,s,t_2)\) is joinable, then for any valid substitution \(\theta \), \((t_1\theta ,s\theta ,t_2\theta )\) is a joinable \((\mathcal {R},\mathcal {E})\)-peak.

Proof

We have a joinable \((\mathcal {R},\mathcal {E})\)-peak \((t_1,s,t_2)\). Because evaluation is closed under valid substitutions, and refinement satisfies \(t \Rightarrow _\mathcal {R} u \implies t\theta \overset{*}{\Rightarrow }_\mathcal {R} u\theta \), \((t_1\theta ,s\theta ,t_2\theta )\) is also a joinable \((\mathcal {R},\mathcal {E})\)-peak.    \(\square \)

Theorem 31

(Theorem 25: Critical pair theorem). A well-behaved TERS is locally coherent if and only if every critical pair is joinable.

Proof

The “only if” part is straightforward. In the following, we prove the “if” part.

Take an arbitrary \((\mathcal {R},\mathcal {E})\)-peak \((t_1,s,t_2)\). Our goal is to prove that this \((\mathcal {R},\mathcal {E})\)-peak is joinable. Since \(s \Rightarrow _\mathcal {R}t_1\), there exist \(p \in Pos (s)\), \((l \Rightarrow r) \in \mathcal {R}\) and \(\mathop {\textsf{valid}}\theta \) such that \(s|_p = l\theta \), \(t_1 = s[r\theta ]_p\) and \(s[\square ]_p \in Ctx \). We prove that the \((\mathcal {R},\mathcal {E})\)-peak \((t_1,s,t_2)\) is joinable, by induction on the length of the position p.

Base Case. When \(|p| = 0\), i.e. \(p = \varepsilon \), we have \(s = l\theta \) and \(t_1 = r\theta \). Because \(l\theta \rightarrow _\mathcal {E}t_2\), there exist \(p' \in Pos (l\theta )\), \((l' \rightarrow r') \in \mathcal {E}\) and \(\mathop {\textsf{valid}}\theta '\) such that \((l\theta )|_{p'} = l'\theta '\), \(t_2 = (l\theta )[r'\theta ']_{p'}\) and \((l\theta )[\square ]_{p'} \in Ectx \). We have an \((\mathcal {R},\mathcal {E})\)-peak \(P = (r\theta , l\theta , (l\theta )[r'\theta ']_{p'})\).

• If \(p' = \varepsilon \), and \(l \Rightarrow r\) and \(l \rightarrow r\) are variants of each other, we have \(r\theta = r'\theta '\) and the \((\mathcal {R},\mathcal {E})\)-peak P is joinable.

• Otherwise, because \((l\theta )[\square ]_{p'} \in Ectx \) is a flat context, every prefix of \(p'\) but \(p'\) itself is not a metavariable position in \(l\theta \).

  • If \(p'\) is a non-metavariable position of l, the \((\mathcal {R},\mathcal {E})\)-peak P is an instance of the critical pair generated by an \((\mathcal {R},\mathcal {E})\)-overlap.

  • Otherwise, There exist sequences \(q_1,q_2\), a metavariable N and a sequence \(\overline{y}\) such that: \(q_1 \in Pos (l)\), \(l|_{q_1} = N[\overline{y}]\), \(q_2 \in Pos ((N[\overline{y}])\theta )\), and \(p' = q_1q_2\). Because of the condition (1) of Definition 24, \((l\theta )[\square ]_{p'} \in Ectx \) implies \(l[\square ]_{q_1}, (N[\overline{y}])\theta [\square ]_{q_2} \in Ectx \). In particular, the latter means that \((N[\overline{y}])\theta \not \in \textsf {NF}(\rightarrow _\mathcal {E})\), and hence N is not a value metavariable. The metavariable N must appear at most once in both l and r, due to the condition (3a) of Definition 24. If N does not appear in r, the \((\mathcal {R},\mathcal {E})\)-peak P is joinable by applying the rule \(l \Rightarrow r\) to \(t_2\). Otherwise, i.e. if N appears once in r, the rule \(l' \rightarrow r'\) can be applied to \(t_1\) thanks to the condition (3b) of Definition 24, and the rule \(l \Rightarrow r\) can be applied to \(t_2\), thanks to the condition (6) of Definition 24. These two applications yield the same result. Therefore, we can conclude that the \((\mathcal {R},\mathcal {E})\)-peak P is joinable.

Inductive Case. When \(|p| > 0\), we have \(p = ip_t\) for some positive number i and some sequence \(p_t\). We have either \(s = f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i,\ldots ,\overline{x_k}.u_k)\) or \(s = M[u_1,\ldots ,u_i,\ldots ,u_k]\), such that \(l\theta = u_i|_{p_t}\).

Firstly, assume that we have an \((\mathcal {R},\mathcal {E})\)-peak

$$ P' = (f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots ,\overline{x_k}.u_k),\,f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i,\ldots ,\overline{x_l}.u_l),\,t_2). $$

By \(s \rightarrow _\mathcal {E}t_2\), there exist \(p' \in Pos (s)\), \((l' \rightarrow r') \in \mathcal {E}\) and \(\mathop {\textsf{valid}}\theta '\) such that \(s|_{p'} = l'\theta '\), \(t_2 = s[r'\theta ']_{p'}\) and \(s[\square ]_{p'} \in Ectx \). We proceed by case analysis on \(p' \in Pos (s)\).

• When \(p' = \varepsilon \), we have \(s = l'\theta '\) and \(t_2 = r'\theta '\).

  • If p is a non-metavariable position of \(l'\), the \((\mathcal {R},\mathcal {E})\)-peak \(P'\) is an instance of the critical pair generated by an \((\mathcal {E},\mathcal {R})\)-overlap.

  • Otherwise, there exist sequences \(q_1,q_2\) and a metavariable M such that: \(q_1 \in Pos (l')\), \(l'|_{q_1} = M[\overline{y}]\), \(q_2 \in Pos (M[\overline{y}]\theta ')\), and \(p = q_1q_2\). The metavariable M appears at most once in \(l'\), due to the condition (4) of Definition 24. We can apply the rule \(l' \rightarrow r'\) to \(t_1\). The substitution \(\theta '\) is valid, thanks to the condition (5) of Definition 24. We can also apply the rule \(l \Rightarrow r\) to \(t_2\) as many times as M appears in \(r'\). These applications of \(l' \rightarrow r'\) and \(l \Rightarrow r\) yield the same result. The \((\mathcal {R},\mathcal {E})\)-peak \(P'\) is therefore joinable.

• When \(p' \ne \varepsilon \), i.e. \(p' = i'p'_t\) for some positive number \(i'\) and some sequence \(p'_t\), there are two possibilities.

  • When \(i' = i\), by I.H., we have a joinable \((\mathcal {R},\mathcal {E})\)-peak \(Q = (u_i[r\theta ]_{p_t}, u_i, u_i[r'\theta ']_{p'_t})\). Because \(f(\ldots ,\overline{x_i}.u_i[\square ]_{p_t},\ldots ) \in Ectx \), we have \(f(\ldots ,\overline{x_i}.\square ,\ldots ) \in Ectx \) too, thanks to the condition (1) of Definition 24. Therefore, joinability of the \((\mathcal {R},\mathcal {E})\)-peak Q implies joinability of the \((\mathcal {R},\mathcal {E})\)-peak \(P'\).

  • When \(i' \ne i\), we can assume that \(i' < i\) without loss of generality. The \((\mathcal {R},\mathcal {E})\)-peak

    $$\begin{aligned} P' = &(f(\ldots ,\overline{x_{i'}}.u_{i'},\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots ),\,f(\ldots ,\overline{x_{i'}}.u_{i'},\ldots ,\overline{x_i}.u_i,\ldots ), \\ &\quad f(\ldots ,\overline{x_{i'}}.u_{i'}[r'\theta ']_{p'_t},\ldots ,\overline{x_i}.u_i,\ldots )) \end{aligned}$$

    is joinable (to \(f(\ldots ,\overline{x_{i'}}.u_{i'}[r'\theta ']_{p'_t},\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots )\)), thanks to the condition (2) of Definition 24.

Secondly, assume that we have an \((\mathcal {R},\mathcal {E})\)-peak

$$ P' = (M[u_1,\ldots ,u_i[r\theta ]_{p_t},\ldots ,u_k],\,M[u_1,\ldots ,u_i,\ldots ,u_l],\,t_2). $$

By \(s \rightarrow _\mathcal {E}t_2\), there exist \(p' \in Pos (s)\), \((l' \rightarrow r') \in \mathcal {E}\) and \(\mathop {\textsf{valid}}\theta '\) such that \(s|_{p'} = l'\theta '\), \(t_2 = s[r'\theta ']_{p'}\) and \(s[\square ]_{p'} \in Ectx \). We proceed by case analysis on \(p' \in Pos (s)\).

• When \(p' = \varepsilon \), \(M[u_1,\ldots ,u_k] = l'\theta '\). Because \(l'\) is a higher-order pattern, this is impossible.

• When \(p' \ne \varepsilon \), the proof is the same as the case for the \((\mathcal {R},\mathcal {E})\)-peak

  $$ P' = (f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i[r\theta ]_{p_t},\ldots ,\overline{x_k}.u_k),\,f(\overline{x_1}.u_1,\ldots ,\overline{x_i}.u_i,\ldots ,\overline{x_l}.u_l),\,t_2). $$

   \(\square \)

1.5 A.5 The TERS \({\textbf {CBV}}\lambda \) and \({\textbf {Hndl}} \)

We will use a sufficient condition for a TES to be deterministic, namely decisiveness.

Definition 32

(decisiveness). A TES \((\Sigma ,\mathcal {E}, Ectx , Val )\) is decisive if each \(t \in \textrm{T}_\Sigma \) satisfies either of the following:

1. 1.

   \(t \in Val \),

2. 2.

   there uniquely exist \((l \rightarrow r) \in \mathcal {E}\), \(\mathop {\textsf{subst}}\theta \) and \(E \in Ectx \) such that \(t = E[l\theta ]\),

3. 3.

   there uniquely exist a variable x and \(E \in Ectx \) such that \(t = E[x]\).

Proposition 33

(sufficient condition for determinism). If a TES is decisive, then it is deterministic.

Proof

Let \(t \rightarrow _\mathcal {E}s_1\) and \(t \rightarrow _\mathcal {E}s_2\). Because the TES is decisive, t satisfies either the three conditions in Definition 32. Since the left-hand side of each evaluation rule is not a variable, to make the evaluation \(t \rightarrow _\mathcal {E}s_1\) and \(t \rightarrow _\mathcal {E}s_2\) happen, only the case (2) is possible. In this case, both \(s_1\) and \(s_2\) must be \(E[r\theta ]\).    \(\square \)

Proposition 34

The TERS \({\textbf {CBV}}\lambda \) is deterministic, value-invariant and locally coherent.

Proof

The TERS \({\textbf {CBV}}\lambda \) is deterministic, because it is decisive.

To prove value-invariance, we assume \(\lambda x. t \Rightarrow _\mathcal {R} u\). There are two possible cases.

• When \(u = \lambda x. t'\) for some \(t'\) such that \(t \Rightarrow _\mathcal {R} t'\), we have \(\lambda x. t =_{ Val } \lambda x. t'\).

• When \(t = \lambda x. (\lambda y. t')\ x\), it must be that \(u = \lambda y. t'\), and we have \(\lambda x. (\lambda y. t')\ x =_{ Val } \lambda y. t'\).

Therefore the TERS \({\textbf {CBV}}\lambda \) is value-invariant.

To prove local coherence, we use Theorem 13.

Firstly, the TERS \({\textbf {CBV}}\lambda \) is well-behaved. The condition (1) of Definition 24 is trivially satisfied. We can show that the condition (2) is satisfied by straightforward induction on \(E \in Ectx \). The condition (6) is satisfied, because any instance of the lhs of the evaluation rule never belongs to a syntax class (i.e. the value class). The condition (5) is also satisfied; the second refinement rule always turns a value into a value. The other conditions of well-behavedness are easy to check.

We then show that any critical pair is joinable. There are two critical pairs, which are for the second refinement rule (the \(\eta \)-rule) and the evaluation rule. These critical pairs are joinable as follows.

   \(\square \)

Proposition 35

The TERS \({\textbf {Comp}}\lambda _{ ml* } \) is deterministic, value-invariant and locally coherent.

Proof

Firstly, the TERS \({\textbf {Comp}}\lambda _{ ml* } \) is deterministic, because the two evaluation rules consume different head symbols. Secondly, the TERS is value-invariant, thanks to the equivalence \(=_{ Val } \) being the total order.

To prove local coherence, we use Theorem 13.

The TERS \({\textbf {Comp}}\lambda _{ ml* } \) is well-behaved. The condition (1) of Definition 24 is trivially satisfied. We can show that the condition (2) is satisfied by induction on \(E \in Ectx \) as follows.

• When \(E = \square \), no refinement rule applies to x, so this case is impossible.

• When \(E = \texttt{let}(E',x.P)\), we have \(\texttt{let}(E'[t],x.P) \Rightarrow _\mathcal {R} C'[t]\). There are four possibilities.

  • If \(E'[z] \Rightarrow _\mathcal {R} C''[z]\) such that \(C' = \texttt{let}(C'',x.P)\), we have \(C'' \in Ectx \) by I.H., and hence \(C' \in Ectx \).

  • If \(P \Rightarrow _\mathcal {R} P'\) such that \(C' = \texttt{let}(E',x.P')\), we have \(C' \in Ectx \).

  • If the refinement rule (r4) is applied at the root position of E[z], we have \(\texttt{let}(E'[z], x.\texttt{return}(x)) \Rightarrow _\mathcal {R} E'[z]\). We have \(C' = E' \in Ectx \).

  • If the refinement rule (r5) is applied at the root position of E[z], we have \(\texttt{let}(\texttt{let}(E''[z],x.P[x]),y.P'[y]) \Rightarrow _\mathcal {R} \texttt{let}(E''[z],x.\texttt{let}(P[x],y.P'[y]))\). We have \(C' = \texttt{let}(E'',x.\texttt{let}(P[x],y.P'[y])) \in Ectx \).

The conditions (6) and (5) are also satisfied; note that instances of P[V] are all computations. The other conditions of well-behavedness are easy to check.

We finally show that any critical pair is joinable. There are the following three critical pairs, which are all joinable. In the following, arrows \(\rightarrow \), \(\Rightarrow \) are labelled by a number that indicates which evaluation/refinement rule is applied.

   \(\square \)

Proposition 36

The TERS \({\textbf {Hndl}} \) is deterministic, value-invariant and locally coherent.

Proof

Firstly, to establish that the TERS \({\textbf {Hndl}} \) is deterministic, we show that, for any \(t \in \textrm{M}_\Sigma \), if \(t = E[l\theta ] = E'[l'\theta ']\) for some \(E,E' \in Ectx \), \((l \rightarrow r), (l' \rightarrow r') \in \mathcal {E}\) and \(\mathop {\textsf{valid}}\theta , \theta '\), then the decomposition is unique, namely \(E = E'\) and the rules \(l \rightarrow r\), \(l' \rightarrow r'\) are variants of each other. This can be proved by induction on \(E \in Ectx \).

• When \(E = \square \), we have \(t = l\theta \). By definition of evaluation rules, \(E' = \square \) must hold, and \(l \rightarrow r\) and \(l' \rightarrow r'\) must be variants.

• When \(E = \texttt{do}(E',x.P)\), we have \(t = \texttt{do}(E'[l\theta ],P)\). By I.H., \(E'[l\theta ]\) is the only possible decomposition. The meta-term t itself cannot be an instance of any lhs of evaluation rules. Therefore, the decomposition \(E[l\theta ]\) is unique.

• When \(E = \mathtt {with\_handle}(H,E')\), we have \(t = \mathtt {with\_handle}(H,E'[l\theta ])\). The proof is the same as the previous case.

Consequently, the TERS \({\textbf {Hndl}} \) is deterministic.

Secondly, by definition of \(=_ Val \), the TERS \({\textbf {Hndl}} \) is value-invariant. In particular, the refinement rule (r9) turns a function into a variable or a function; the original function is identified with the resulting variable or function by \(=_{ Val } \).

To prove local coherence, we use Theorem 13.

The TERS \({\textbf {Hndl}} \) is well-behaved. The condition (1) of Definition 24 is trivially satisfied. We can show that the condition (2) is satisfied by induction on \(E \in Ectx \) as follows.

• When \(E = \square \), no refinement rule applies to x, so this case is impossible.

• When \(E = \texttt{do}(E',x.P)\), we have \(\texttt{do}(E'[z],x.P) \Rightarrow _\mathcal {R} C'[z]\). There are four possibilities.

  • If \(E'[z] \Rightarrow _\mathcal {R} C''[z]\) such that \(C' = \texttt{do}(C'',x.P)\), we have \(C'' \in Ectx \) by I.H., and hence \(C' \in Ectx \).

  • If \(P \Rightarrow _\mathcal {R} P'\) such that \(C' = \texttt{do}(E',x.P')\), we have \(C' \in Ectx \).

  • If the refinement rule (r3) is applied at the root position of E[z], we have \(\texttt{do}(E'[z], x.\texttt{return}(x)) \Rightarrow _\mathcal {R} E'[z]\). We have \(C' = E' \in Ectx \).

  • If the refinement rule (r4) is applied at the root position of E[z], we have \(\texttt{do}(\texttt{do}(E''[z],x.P[x]),y.P'[y]) \Rightarrow _\mathcal {R} \texttt{do}(E''[z],x.\texttt{do}(P[x],y.P'[y]))\). We have \(C' = \texttt{do}(E'',x.\texttt{do}(P[x],y.P'[y])) \in Ectx \).

• When \(E = \mathtt {with\_handle}(H,E')\), we have \(\mathtt {with\_handle}(H,E'[z]) \Rightarrow _\mathcal {R} C'[z]\). There are three possibilities.

  • If \(E'[z] \Rightarrow _\mathcal {R} C''[z]\) such that \(C' = \mathtt {with\_handle}(H,C'')\), we have \(C'' \in Ectx \) by I.H., and hence \(C' \in Ectx \).

  • If \(H \Rightarrow _\mathcal {R} H'\) such that \(C' = \mathtt {with\_handle}(H',E')\), we have \(C' \in Ectx \).

  • If the refinement rule (r13) is applied at the root position of E[z], we have \(\mathtt {with\_handle}(\texttt{handler}_0(x.P[x]),E'[z]) \Rightarrow _\mathcal {R} \texttt{do}(E'[z],x.P[x])\). We have \(C' = \texttt{do}(E',x.P[x]) \in Ectx \).

The conditions (6) and (5) are also satisfied; note that instances of P[V] are all computations. The other conditions of well-behavedness are easy to check.

We finally show that any critical pair is joinable. There are the following seven critical pairs, which are all joinable. In the following, arrows \(\rightarrow \), \(\Rightarrow \) are labelled by a number that indicates which evaluation/refinement rule is applied, and we set \(h_0 \equiv \texttt{handler}_0(x.P[x])\), and \(i \in [2]\).

   \(\square \)

B Critical Pair Analysis of \({\textbf {Hndl}} \) by Our Prototype Analyzer

1.1 B.1 Definition of TERS \({\textbf {Hndl}} \)

1.2 B.2 Local Coherence Check

In the proof of Proposition 36, \(\texttt{op}_1\) and \(\texttt{op}_2\) were summed in \(\texttt{op}_i\), so the number of critical pairs in the proof matches this output.