Proofs Tests and Continuation Passing Style

See discussions, stats, and author profiles for this publication at: https://www.researchgate.
net/publication/220613592
Proofs, Tests and Continuation Passing Style
Article in ACM Transactions on Computational Logic · February 2009

DOI: 10.1145/1462179.1462184 · Source: DBLP
CITATION READS
1 80
2 authors:
Stefano Guerrini Andrea Masini

Université Paris 13 Nord University of Verona
39 PUBLICATIONS 361 CITATIONS 51 PUBLICATIONS 431 CITATIONS
SEE PROFILE SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Calculi and Logics for Quantum Computing View project
Logic in Computer Science View project
All content following this page was uploaded by Stefano Guerrini on 27 January 2015.
The user has requested enhancement of the downloaded file.

Proofs, tests and continuation passing style
STEFANO GUERRINI
Sapienza Università di Roma
and
ANDREA MASINI
Università degli Studi di Verona
The concept of syntactical duality is central in logic. In particular, the duality defined by classical
negation, or more syntactically by left and right in sequents, has been widely used to relate logic
and computations.
We study the proof/test duality proposed by Girard in his 1999 paper on the meaning of logical
rules. In details, starting from the notion of “test” proposed by Girard, we develop a notion
of test for intuitionistic logic and we give a complete deductive system whose computational
interpretation is the target language of the call-by-value and call-by-name continuation passing
style translations.
Categories and Subject Descriptors: D.3.2 [Programming Languages]: Language Classifi-
cations—Applicative (functional) languages; F.4.1 [Mathematical Logic and Formal Lan-
guages]: Mathematical Logic—Lambda calculus and related systems
General Terms: Languages,Theory
Additional Key Words and Phrases: Minimal Logic, Intutionistic Logic, Linear Logic, Lambda
Calculus, Call-By-Value, Call-By-Name, Continuations Passing Style
1. INTRODUCTION
The concept of syntactical duality is central in logic. The most simple notion
of duality is given by means of the De Morgan laws. With the birth of modern
proof theory, and in particular after Gentzen’s sequent calculus, this notion has
been refined into a left/right duality: the left introduction rule of ∨ is dual to the
right introduction rule of ∧, and so on. Such a kind of duality has been deeply
investigated in the framework of Linear Logic (cut elimination in proof nets is
strongly based on the notion of duality between a formula A and its orthogonal
A⊥ ).
The correspondence between proofs and programs given by the Curry-Howard
Authors’ addresses: Stefano Guerrini, Dipartimento di Informatica, Sapienza Università di Roma,

Via Salaria, 113, 00198 Roma, Italy. email: guerrini@dsi.uniroma1.it. Partially supported by
the grant “Applicazione di Strumenti Logici alla Progettazione e Analisi di Strumenti Software”
from Sapienza Università di Roma, Facoltà di Scienze M.F.N.
Andrea Masini, Dipartimento di Informatica, Università degli studi di Verona, Ca’ Vignal 2, strada
le Grazie, 15, 37134 Verona, Italy. email: andrea.masini@univr.it.
Permission to make digital/hard copy of all or part of this material without fee for personal
or classroom use provided that the copies are not made or distributed for profit or commercial
advantage, the ACM copyright/server notice, the title of the publication, and its date appear, and
notice is given that copying is by permission of the ACM, Inc. To copy otherwise, to republish,
to post on servers, or to redistribute to lists requires prior specific permission and/or a fee.
c 2007 ACM 1529-3785/2007/0700-0001 $5.00
ACM Transactions on Computational Logic, Vol. V, No. N, December 2007, Pages 1–34.
2 · S. Guerrini and A. Masini
isomorphism maps the computational duality input/output into the logical duality
premise/conclusion in natural deduction, or left/right in sequent calculus. However,
since the Curry-Howard correspondence is straightforward for intuitionistic logic
only, at first, the computational relevance of the logical duality premise/conclusion,
or left/right, was not completely understood. Because of the restrictions on nega-
tion, in intuitionistic logic such dualities are broken: we may have many premises,
many formulas on the left, but we must have (at most) one conclusion, one formula
on the right. The first who showed that the duality given by classical negation—
that is by accepting the double negation rule—could lead to a full formulas-as-types
correspondence was Griffin [1990].
The deep analysis of cut elimination started by Linear Logic has pointed out other
possible interpretations of the above dualities, for instance, as opponent/player in
game theory, or negative/positive in polarized systems. On the other hand, the
studies on the sequential aspects of λ-calculus have pointed out the duality between
program and continuation, and have showed that this relates to the logical dualities
through classical negation.
Since Griffin’s seminal work [Griffin 1990], many papers have investigated the re-
lations between classical logic and computations, and between the logical dualities
described above and other computational dualities similar to that between programs
and continuations. In particular, we recall Herbelin [1995] that related the left/right
duality of sequents to the term/contexts duality of λ-calculus, Curien and Herbe-
lin [2000] that extended the above analysis to classical logic, and Wadler [2005] that
related the left/right duality of sequents to Call-By-Value and Call-By-Name.
This paper follows the above line of analysis but from a different perspective.
In a sequel of papers aimed to define a new interactive approach to logics, Girard
proposed a very simple notion of duality for classical proofs by means of the so called
tests [Girard 1999] (see later in section 1.3). Our work starts from the analysis of
the proof/test duality from a proof theoretical point of view in a genuine natural
deduction style (which is for instance one of the main differences between our work
and that of Curien and Herbelin, and that of Wadler). By assigning terms to
the natural deduction obtained in this way, and by restricting our analysis to the
intuitionistic case (actually, to the minimal case, for we do not treat negation),
we define the ptq-calculus and we use it to investigate Continuation Passing
Style translations; in particular, we show that the natural correspondence definable
between ptq-terms and λ-terms preserves Plotkin’s Call-by-Value and Call-by-Name
λ-calculi translations.
The above correspondence can be extended to classical logic. In particular, the
unrestricted version of the ptq-calculus leads to a computational calculus for clas-
sical logic. However, even if the extension to the classical case of the correspon-
dence between ptq-calculus and λ-calculus leads to associate a term of Parigot’s
λµ-calculus to every ptq-term, such a map is not an embedding, as it does not
preserve reductions (see the conclusions also). A careful analysis of the correspon-
dences between the classical extension of our ptq-calculus and λµ-calculus or Curien
and Herbelin’s λ̄µµ̃-calculus are not covered in this paper since they are still under
investigation.
The reader will not find in this paper the so called user control operators for
ACM Transactions on Computational Logic, Vol. V, No. N, December 2007.
Proofs, tests and continuation passing style · 3
continuations (such as abort or call-cc); it is not the aim of this paper to deal
with user-controlled continuations. We assume that continuations live at the source
language level and that the compiler translate them into our target language.
Finally, we want to remark that the readback map that associates a λ-term to
every ptq-term is the same for the Call-by-Name and for the Call-by-Value trans-
lations that we shall give in the paper; in other words, in our framework, both the
translations have the same inverse. Therefore, if we think at the ptq-calculus as
a target calculus, we can decompile every term into a λ-term without taking into
account whether it comes from a Call-by-Name or from a Call-by-Value compila-
tion. Such a uniform treatment of Call-By-Name and Call-by-Value is peculiar of
our calculus, at least in the direct and simple way in which it is achieved.
1.1 CPS
Since the seminal works of Fischer [1972] and Plotkin [1975] continuations have
become central in the study and implementation of functional languages. In par-
ticular, by defining the Call-by-Name and Call-by-Value translations of λ-calculus,
Plotkin posed the basis of CPS (Continuation Passing Style) transforms.
After these initial milestones, any overview of continuations and CPS, even if
very short, cannot avoid to mention the fundamental work that Felleisen, Fried-
man, Kohlbecker, Duba, and Sabry carried out for type free functional languages.
Felleisen et al. [1986] were the first to axiomatize the so called control operators—
call/cc and other similar operators of lisp-like languages. Some years later, Sabry
and Felleisen [1993] were the first to prove completeness results for CPS transforms
of type-free functional languages.
While Felleisen and his collaborators were developing the theory of CPS trans-
forms, several researchers began to investigate if it was possible to explain continu-
ations by means of some known logic, in the style of the well-known correspondence
between minimal logic and types and computations of functional languages.
Griffin [1990] was the first one to give an answer to this question by proposing
classical logic as a type system for a simplified version of Scheme. The main idea
of Griffin was to use Reduction ad Absurdum to explain the C control operator
introduced by Felleisen.
The work of Griffin opened new perspectives in the use of classical logic for the
study of programming languages. When Griffin published his proposal, “classical
logic seemed not to have a clear computational interpretation”; e.g., see the lack
of confluence of its “standard” natural deduction formulation or, equivalently, the
collapse of proofs in the standard categorical semantics (as observed by Joyal).
In general, the lack of confluence is not said to be a ”defect”. Griffin himself ex-
plained non-confluence as an application of control operators as Abort or Scheme’s
call/cc, and several other authors have proposed interesting non-deterministic
computational interpretations of classical logic based on non-confluence (e.g., see
the work of Barbanera and Berardi [1993; 1994]). Nevertheless, non-confluence
becomes a problem if one is interested in a full extension of the Curry-Howard
isomorphism—formulas as types and proofs as programs, with full subject reduction—
where the proof theoretical or denotational meaning of a terminating program is
given by its (unique) normal form.
1.2 Classical logic

Two years after the work of Griffin, classical logic achieved a new computational
interpretation. In [Parigot 1992; 1997], Parigot showed that a drastically different
formulation of classical logic, the so-called λµ-calculus, allows to give a compu-
tational meaning to the cut elimination procedure—λµ-calculus enjoys the nice
computational properties of λ-calculus: strong normalization and confluence.
After the introduction of the λµ-calculus, several researchers tried to show that it
might have been a foundational calculus for continuations (e.g., de Groote [1998]).
In particular, (an extension of) λµ-calculus has been successively used to deal with
control operators (see later).
In [Hofmann and Streicher 1997], Hofmann and Streicher proposed a categorical
continuation model for a Call-by-Name version of λµ-calculus. As already done by
Griffin, Hofmann and Streicher used classical logic, and in particular the Reduction
ad Absurdum principle, to define the meaning of continuations. Anyhow, while
Griffin used Reduction ad Absurdum to give a type assignments to CPS terms,
Hofmann and Streicher embedded Reduction ad Absurdum in the construction of
the semantic domains for the interpretation of continuations.
Subsequently, in [Streicher and Reus 1998], Streicher and Reus extended the ideas
in [Hofmann and Streicher 1997] giving a categorical semantics of a Call-by-Value
λ-calculus equipped with the control operator C of Felleisen.
Recently, a very interesting analysis of CPS in terms of proof/type theoretical
methods has been proposed by Curien and Herbelin: in [Curien and Herbelin 2000],
they have shown that the most known CPS translations may be obtained by means
of a suitable translation between λµ-calculus and a new formulation of λ-calculus
plus control operators. Another interesting proof-theoretical contribution is the
work of Ogata [Ogata 2002], who related a Call-by-Value normalization of the λµ-
calculus with the cut-elimination of one of the logical systems proposed by Danos,
Joinet and Schellinx for the analysis/embedding of classical logic trough/into linear
logic.
The results of Hoffman, Streicher and Reus [Hofmann and Streicher 1997; Stre-
icher and Reus 1998] were the natural background for the introduction of Selinger’s
Control Categories [Selinger 2001], perhaps, one of the most important steps to-
wards a semantic/logical explanation of continuations. In fact, Control Categories
were the first model of λµ-calculus in which Call-by-Value and Call-by-name have
a uniform interpretation.
Few years after the work of Selinger, Führmann and Thielecke [2004] presented a
quite different approach to the semantics of continuations—even if, restricted to the
case of an idealized Call-by-Value functional language. In particular, they proposed
both a type theoretical and a categorical semantics approach to continuations, and
studied in detail the CPS transforms.
1.3 Interaction
An interesting question is: in logic, is there any explicit notion of “interaction” that
could be used to deal with continuations? In our opinion, a good answer, is given
by the proposal of Girard for an “interactive approach to logic”.
The key point of Girard [1999] is the idea that the meaning of proofs does not
reside in some external world called the “semantics of the proofs”; the meaning of
proofs is described by the interaction between proofs and some dual objects that
Girard name tests.
The proof/test duality introduced by Girard can be understood in terms of a
game between a player and an opponent. A proof is a sequence of arguments
used by the player to assert that, moving from a given set of premises, the ending
formula (or sequent) holds. Then, what is the dual of a proof? A test is a sequence
of arguments used by the opponent to confute the provability of a formula (or
sequent).
What does it happen if the player asserts that a formula is provable while the
opponent says that such a formula is not provable? If the system is not trivial—and
by the way, we are interested in such a case only—someone is cheating and we need
a way to validate the arguments used in a proof/test. In this kind of game there
is no referee and we cannot resort to any external argument. So, the only way
that we have to discover who is cheating is by counterposing the proof proposed
by the player to the test proposed by the opponent. The interaction between the
two derivations (cut-elimination) will lead to discover where the arguments of the
player or of the opponent fail.
Another important issue is constructiveness: if we do not want to exit outside
our computational world, both proof and tests must be constructive.
The BHK interpretation asserts that:
A proof π of A → B is a (constructive) transformation from a proof of

A to a proof of B.
In particular, if there is no proof of A, the transformation π is the empty map,

and we do not have any argument to refute it. On the other hand, given a proof
of A, the transformation π leads to a proof of B that we can attempt to refute.
Therefore, it is quite natural to assert that:
a test t of A → B is a pair (π, τ ) such that:

(i) π is a proof of A and
(ii) τ is a test of B.
Asking at the same time that:
a proof is a “failure” of a test and a test is a “failure” of a proof.
However, in order to avoid misunderstandings, we have to be precise in using the

word “failure”. Even if the approach based on tests is reminiscent of the so-called
game semantics, our use of the notion of failure is internal to the syntax of the
calculus. With “failure” we do not mean the failure of an external game between
a player and an opponent, but rather the internal (w.r.t. the rules of the calculus)
reaching of a syntactical contradiction.
1.4 Our proposal

We propose a new calculus, the ptq-calculus, characterized by the relevant proper-
ties summarized below.
(1) The ptq-calculus bases on a general primitive notion of continuation/test. Such

a unique notion of continuation is suitable to deal with both Call-by-Value and
Call-by-Name languages.
(2) The ptq-calculus is equipped with a deterministic one step lazy reduction rela-
tion: the calculus is, per se, neither Call-by-Value nor Call-by-Name. A term
is either in normal form or a redex.
(3) Even if the ptq-calculus is neither Call-by-Value nor Call-by-Name, it can code
(in a sound and complete way) Call-by-Value and Call-by-Name λ-calculi.
2. PROOF THEORETICAL MOTIVATIONS

The technical details of the ptq-calculus will be presented in section 3. In this
section, we shall give a detailed and informal explanation of the proof theoretical
motivations that have led us to the calculus of continuations.
2.1 The starting point: classical logic

In the introduction, we have already seen that
(1) a test t of A → B is a pair (π, τ ), where
(a) π is a proof of A
and
(b) τ is a test of B;
(2) we have the following proof/test duality:
—a proof is a failure of a test;
—a test is a failure of a proof.
Starting from these basic properties, the definition of test can be extended in
order to obtain a sound and complete proof system. The system has two kind of
formulas:
—proof formulas, denoted by Ap ;
—test formulas, denoted by At .
The judgments of the calculus are sequents of the form Γ ` α, where Γ is a set
of proof and test formulas, and α is either empty, or a proof formula, or a test
formula.
The following are the rules of the proof system—let us call it KT.
Γ, Ap ` Ap Γ, At ` At
Γ, Ap , B t ` Γ ` Ap Γ ` Bt
Γ ` A → Bp Γ ` A → Bt
Γ, At ` Γ, Ap `
Γ ` Ap Γ ` At
Γ ` At Γ ` Ap
Γ`
2.2 Leaving the classical world . . .

It is immediate to observe that the proof-test duality is reminiscent of the well-
known de Morgan duality: if we translate each Ap as A and each At as ¬A in the
above proposed deductive system, we obtain a set of admissible rules for LK.
It is easy to prove the following proposition.
Proposition 2.1. The sequent Γ ` ∆ is derivable in LK iff the judgment Γp , ∆t `

is derivable in KT.
As a direct consequence, A is classically valid iff there exists a derivation of ` Ap

in KT.
Looking carefully at the proposed system, it is possible to observe that:
—a premise At morally corresponds to a conclusion A;

—a conclusion At morally corresponds to a premise A;
—a premise Ap directly corresponds to a premise A;
—a conclusion Ap directly corresponds to a conclusion A.
As a matter of fact, it is possible to translate each judgment G of KT in an

ordinary sequent S = (G)+ of LK:
—(Γp , ∆t `)+ = Γ ` ∆;
—(Γp , ∆t ` Ap )+ = Γ ` ∆, A;
—(Γp , ∆t ` At )+ = Γ, A ` ∆;
Such a translation, when applied to the rules of KT, produces the rules:
Γ, A ` ∆, B Γ ` ∆, A Γ, B ` ∆ Γ, A ` ∆ Γ ` ∆, A
Γ, A ` ∆, A
Γ ` ∆, A → B Γ, A → B ` ∆ Γ`∆
which are the standard LK rules of classical logic.
Now, let us consider minimal logic, i.e., the system of types for simply typed
λ-calculus. We know that minimal logic is obtained by means of a structural con-
straint: the sequents must have exactly one conclusion.
If we want that the ( )+ translation produces minimal logic sequents, we must
constrain the structure of derivable judgments in such a way that:
C1. for each judgment Γ ` Ap , the set Γ does not contain test formulas;
C2. for each judgment Γ `, the set Γ contains exactly one test formula;
C3. for each judgment Γ ` At , the set Γ contains exactly one test formula.
The simpler way to obtain a deductive system such that all the derivable judg-
ments obey to the constraints (C1), (C2) and (C3) is to impose a linear discipline
for test formulas, as in the deductive system below—let us call it mT.
Γp , Ap ` Ap Γp , At ` At
Γp , Ap , B t ` Γ p ` Ap Γp , C t ` B t
Γp ` A → B p Γp , C t ` A → B t
Γp , At ` Γp , Ap , B t `
Γ p ` Ap Γp , B t ` At
Γ p , B t ` At Γ p ` Ap
Γp , B t `
It is possible to prove that mT is a presentation of minimal logic.
Proposition 2.2. The sequent Γ ` A is derivable in minimal logic iff the judg-
ment Γp ` Ap is derivable in mT.
The above stated proposition might lead the reader to believe that the formulas
of kind At are useless. A naive way to “eliminate” the At formulas could be by
introducing the connective for negation and by replacing At with ¬Ap . But in so
doing we change the intended meaning of t-formulas. For example, the meaning of
a sequent B t ` At is not ¬B ` ¬A but A ` B, (remember that in minimal and
intuitionistic logic, the sequent ¬B ` ¬A is not equivalent to the sequent A ` B).
Moreover, even if the final sequent Γp ` Ap does not contain any t-formula, in
general, in order to derive it we have to use t-formulas. In fact, in some case the
syntactical conclusion of the proof, the formula on the right-hand side, is not the
intended conclusion of the proof—namely the type of the corresponding term—
which is instead a t-formula on the left-hand side. (A similar situation appears
in Curien and Herbelin λ̄µµ̃-calculus where even in the minimal case you need a
continuation of type ¬A, that is a formula A on the left-hand side that corresponds
to the type of the term assigned to the sequent).
2.2.1 ... and approaching to continuations.. In the perspective of the develop-

ment of a type theory for continuations, we think that the notion of test described
above is the right one. Therefore, let us propose an extension of the standard
Curry-Howard isomorphism, by providing a correspondence between:
—deductions of Ap and programs of type Ap ;
—deductions of At and continuations of type At .
As a first step, let us transform mT into a type system.

Γp , x : Ap ` x : Ap Γp , k : At ` k : At
Γ p , x : Ap , k : B t ` u p
Γ p ` p : Ap Γp , k : C t ` t : B t
p t → →t
Γp , ` λhxA , k B i.u : A → B p Γp , k : C t ` hp, ti : A → B t
Γ p , k : At ` u Γ p , x : Ap , k : B t ` u
t λp p λt
Γp ` λk A .u : Ap Γp , k : B t ` λxA .u : At
Γ p , k : B t ` t : At Γp ` p : Ap
@
Γp , k : B t ` t • p
The reduction rules for terms that naturally arise from the above syntax are:
hp, ti • λhx, ki.u → u[p/x, t/k]
λx.u • p → u[p/x]
t • λk.u → u[t/k]
Unfortunately, such a system has the main defect of any naive term system
associated to classical logic: it is non-confluent. In fact,
λx.u0 • λk.u00
OOO
ooooo OOO
ooo OOO
w o
o o OO'
u0 [λk.u00 /x] u00 [λx.u0 /k]
and there is no general way to close the diagram.

This non-confluence problem is well known and it has been deeply investigated in
the studies of calculi for continuations. A way to solve this kind of non-confluence
is by imposing a left/right priority (as done e.g. by Curien and Herbelin in [Curien
and Herbelin 2000], see section 3.3 for a comparison). In our setting, by assuming
that λx.u0 • λk.u00 always reduces to u0 [λk.u00 /x], we impose that continuation are
“functions”; on the other hand, by assuming that λx.u0 • λk.u00 always reduces to
u00 [λx.u0 /k], we impose that continuations are “arguments”. Both of these choices
are plausible, but they do not agree with our idea of developing a calculus that
is deterministic and that is able (without changing the reduction rules) to code
in a uniform way both Call-by-Value and Call-by-Name source languages (e.g.,
see [Plotkin 1975]). In particular, as we shall see in section 3.2.3, (in the proposed
calculus) “we cannot statically determine whether a continuation is an argument
or a function”, and therefore we will adopt a kind of dynamic strategy.
In order to solve the problem of composition between tests (continuations) and
proofs (programs) we propose:
(1) a “new class of types” Aq , where is any intuitionistic type, s.t. Aq is a subtype
of Ap ;
(2) two different ways for composing a program p and a continuation t:
—a standard composition pt, in which the continuation is an argument;
—a dynamic composition t; p, in which the term that plays the role of the
argument is not statically fixed (it could be either t or p), depending on the
shape of t and p.
3. THE PTQ-CALCULUS
The set of the type expressions is given by the following grammar:
X ::= X1 | . . . | Xk base types
A ::= X | A→A intuitionistic types
P ::= Ap proof types
T ::= At test types
Q ::= Aq q-proof types
W ::= P | T | Q types
The set of the ptq-term expressions, or ptq-terms for short, is defined by the
following grammar:
x ::= x0 , x1 , . . . p-variables
k ::= k0 , k1 , . . . t-variables
p ::= x | λhx, ki.u | λk.u p-terms
t ::= ∗ | k | hp, ti | λx.u t-terms
q ::= λk.u q-terms
u ::= t; p | qt e-terms
In order to simplify the treatment of substitution, we shall assume to work
modulo variable renaming, i.e., term-expressions are equivalence classes modulo
α-conversion. Substitution up to α-equivalence is defined in the usual way.
3.1 The type system

A type environment Ξ is either a set Γ or a pair of sets Γ δ, where Γ is a (possibly
empty) set x1 : P1 , . . . , xn : Pn of typed p-variables, such that all the variables xi
are distinct, and δ is either a singleton k : At (a typed t-variable) or a singleton
∗ : At (a typed constant).
A judgment is an expression Ξ ` ξ, where Ξ is a type environment, ξ is a typed
ptq-term expression, and all the free variables in ξ occur in Γ.
The set of the well-typed ptq-terms and the set of the well-typed judgments are
defined by the type system in Figure 1, where A and B are metavariables rang-
ing over intuitionistic types. (In the following, when not otherwise specified, the
metavariables A, B, C, ... will range over intuitionistic types.)
By inspection of the type system in Figure 1, we see that:
—in well-typed ptq-terms, t-variables are linear;

—in a well-typed p-term/q-term there are no free occurrences of t-variables and no
occurrences of the constant ∗;
—in a well-typed t-term/e-term there is one free occurrence of a t-variable or, al-
ternatively, one occurrence of the constant ∗, that in any case cannot be enclosed
by a t-variable binder.
Γ, x : Ap ` x : Ap Γ k : At ` k : At
Γ ∗ : At ` ∗ : At
Γ, x : Ap k : B t ` u Γ ` p : Ap Γ δ ` t : Bt
→p →t
Γ ` λhx, ki.u : A → B p Γ δ ` hp, ti : A → B t
Γ k : At ` u Γ, x : Ap δ ` u
λp λt
Γ ` λk.u : Ap Γ δ ` λx.u : At
Γ k : At ` u q
λ
Γ ` λk.u : Aq
Γ ` p : Ap Γ δ ` t : At Γ ` q : Aq Γ δ ` t : At
@p @q
Γ δ ` t; p Γ δ ` qt
Fig. 1. ptq-type system
Summing up, in order to construct well-typed terms, we need only one name for
t-variables. Therefore, in the following, we shall assume that all the occurrences of
t-variables have name k.
Fact 3.1. The ptq-type system has the substitution property.
(1 ) For any well-typed Γ ξ ` t0 : At , we have that
(a) for every well-typed Γ, ∆ k : At ` t : B t or Γ, ∆ ∗ : At ` t : B t ,
the corresponding Γ, ∆ ξ ` t[t0 /k] : B t or Γ, ∆ ξ ` t[t0 /∗] : B t is
well-typed;
(b) for every well-typed Γ, ∆ k : At ` u or Γ, ∆ ∗ : At ` u, the
corresponding Γ, ∆ ξ ` u[t0 /k] or Γ, ∆ ξ ` u[t0 /∗] : B t is well-typed.
(2 ) For any well-typed Γ ` p0 : Ap , we have that
(a) for every well-typed Γ, ∆, x : Ap ξ ` t : B t , then Γ, ∆ ξ ` t[p0 /x] : B t
is well-typed;
(b) for every well-typed Γ, ∆, x : Ap ` u or Γ, ∆, x : Ap ` p : B p or Γ, ∆, x :
Ap ` q : B q , the corresponding Γ, ∆ ` u[p0 /x] or Γ, ∆ ` p[p0 /x] : B p or
Γ, ∆ ` q[p0 /x] : B q is well-typed.
A term is t-closed when it does not contain free occurrences of t-variables. We
have already seen that every well-typed p-term/q-term is t-closed and that every
t-closed well-typed t-term/e-term contains either a free occurrence of the t-variable
k or an occurrence of the constant ∗ outside the scope of any t-binder. Thus, every
t-closed well-typed t-term t∗ or e-term u∗ can be obtained by replacing ∗ for the
free t-variable k in a well-typed t-term t or e-term u that does not contain any
occurrence of the constant ∗, namely
t∗ = t[∗/k] with t∗ [k/∗] = t
u∗ = u[∗/k] with u∗ [k/∗] = u
respectively.
In the following, we shall only consider well-typed ptq-terms and well-typed judg-
ments; therefore, we shall omit to specify that a term or judgment is well-typed.
When not otherwise specified, we shall always denote t-closed t-terms or e-terms
with a ∗ subscript; moreover, given a t-closed t-term t∗ and a t-closed e-term u∗ ,

the terms t and u are the terms such that t∗ = t[∗/k] and u∗ = u[∗/k].
The ∗-composition of t-closed t-terms is defined by
t∗ ◦ t0∗ = t0∗ [t∗ /∗] = t0 [t∗ /k]
It is readily seen that the ∗-composition is associative and that ∗ is its neutral
element. Such a composition is extended to
t∗ ◦ u∗ = u∗ [t∗ /∗] = u[t∗ /k]
which corresponds to t∗ ◦ (t0∗ ; p) = (t∗ ◦ t0∗ ); p and t∗ ◦ qt0∗ = q(t∗ ◦ t0∗ ).
3.2 Computations
First of all let us remark some of the peculiarities of the ptq-calculus that we shall
define in the rest of this subsection.
3.2.1 A necessary premise. The ptq-calculus does not have any kind of evalua-
tion context, nor any notion of reduction strategy. In particular, the ptq-calculus is
neither a Call-by-Value nor a Call-by-Name calculus. This assertion might confuse
the reader, since we are proposing a calculus to deal with Call-by-Value and Call-
by-Name. In order to clarify this point, we remark that we do not propose ptq as a
source calculus. Instead, we think at ptq as a target calculus, namely a calculus for
the result of the compilation of standard typable Call-by-Value and Call-by-Name
languages based on λ-calculus.
The reader will not find in this paper the so called user control operators for
continuations (such as abort or call-cc); it is not the aim of this paper to deal
with user-controlled continuations. We assume that continuations live at the source
language level and that the compiler translate them into our target language.
The rules of the ptq-calculus come out from a proof theoretical analysis of the
proof/test dichotomy. By analyzing how to embed the λ-calculus into the ptq-
calculus, we see that the two natural ways in which this can be done correspond to
Plotkin’s Call-by-Value and Call-by-Name translations. Then, let us take a term
M . The Call-by-Value and the Call-by-Name translations of M produce a term uv
and a term un , respectively. It is the compiler that (roughly speaking) produces
either a Call-by-Value or a Call-by-Name target code. The ptq-calculus, our target
language, has no particular treatment for uv or un , both of them are executed
following the same set of reduction rules which, in any case, must ensure that
the reductions of uv and un agree with the Call-by-Value and the Call-by-Name
reductions of M , respectively.
3.2.2 Toward the computational rules. Let us now gradually introduce the com-
putational rules of the ptq-calculus.
According to a standard lazy approach, the reduction rules that we shall define
do not reduce inside the scope of a λ or λ binder and inside a pair. Since
—a p-term is either a variable or begins with a λ,

—a t-term is either a variable or begins with a λ or it is a pair,
—a q-term begins with a λ,
t-terms, p-terms and q-terms are irreducible.

Now, let us observe that every e-term u is the composition of irreducible terms,
namely u = t; p or u = qt, where t, p, q are irreducible.
As previously sketched, we do not have any kind of evaluation context, nor any
notion of reduction strategy: a term (a e-term) contains at most one redex and
either it is in normal form or it is the redex to be reduced. This is a main difference
w.r.t. other proposal, where we may choose the order of evaluation by fixing a
reduction strategy, for instance, (lazy) call-by-value or call-by-name. Moreover,
even when we choose a reduction strategy, the β-redex R that we have to reduce
may be deeply nested into the term T , that is T = C[R], where C[] is the evaluation
context determined by the reduction strategy.
The fact that in the ptq-calculus e-terms only can be redexes corresponds to the
intended interpretation that proofs are programs and tests are continuations. In
particular, in order to start the execution of a program we need to pass a contin-
uation to it, that is we have to compose the p-term corresponding to the program
that we want to execute with the t-term corresponding to the continuation that we
want to pass to it.
3.2.3 Where is the argument? Please, find it dynamically. In a p-composition
u = t; p, the execution is controlled by the shape of the t-term t (the continuation),
namely
(1) when t is a constant or a pair, the control passes to the p-term p. In particular,
(a) if p = λk.u, then p corresponds to a suspended execution that is waiting for
a continuation to put in the place of the parameter k. When p is applied
to the t-term t, the variable k is replaced with t in the body of p and the
execution resumes;
(b) if p = λhx, ki.u, then p corresponds to a suspended execution that is waiting
for a program to put in the place of the parameter x and a continuation to
put in the place of the parameter k. Then the term t; p reduces only when
t = hp0 , t0 i is a pair; in that case, the variables x and k in u are replaced
by the program p0 and the continuation t0 , respectively, and the execution
resumes;
(2) when t is a λ-abstraction, the continuation corresponding to t = λx.u can be
interpreted as a suspended execution waiting for the actual value of a parameter
x. Therefore, after replacing the program p for x in u, the execution resumes.
Summing up, we have the reduction rules
∗; λk.u → u∗
hp, ti; λk.u → u[hp, ti/k]
hp, ti; λhx, ki.u → u[p/x, t/k]
λx.u; p → u[p/x]
Let us remark that, when t and p are both λ-abstraction, t = λx.u is a λ-

abstraction, if p = λk.u0 is a λ-abstraction too, we might try to reduce t; p =
λx.u; λk.u0 by replacing t for the variable k in u0 . Unfortunately, such a reduction
rule would lead to the critical pair

u0 [λk.u/x] ←[ λx.u0 ; λk.u → u[λx.u0 /k] (1)
This situation is reminiscent of the critical pair hµβ.c|µ̃x.ci of the λ̄µµ̃-calculus
of Curien and Herbelin [Curien and Herbelin 2000] that we shall analyze in subsec-
tion 3.3.
In order to avoid critical pairs, we assume that, when t is a λ-abstraction, t is the
function to be applied on the argument p, independently from the shape of p. In
other words, we have a dynamic reduction strategy, corresponding to a sequential
policy of the kind “first fit”, which summarizes in the following rule:
reducing a t-application t; p
(1) analyze first t and then p;
(2) contract the application by assuming that the first term that is “usable” as
a function receives the other term as an argument.
The previous reduction rule does not suffice for our purposes. In some cases,
namely for the encoding of call-by-value, we also need the rule that takes the t-
term t as an argument of some kind of function constructed by abstracting the only
free t-variable k in the e-term u, even when t = λx.u is a λ-abstraction at its turn.
For this reason, in the type system, we have an abstraction λk.u : Aq that, if k : At ,
construct a term q : Aq , whose type is not a test type, and another application qt,
for which we have the only reduction rule
λx.u; t → u[t/k]
Let us remark that, since any q-term is a λ-abstraction, a term qt is always a redex.
In the previous analysis we have omitted the case in which t is a variable. The rea-
son is that, if we take k; λk.u → u, we do not have (k; λk.u)[λx.u0 /k] → u[λx.u0 /k],
but (k; λk.u)[λx.u0 /k] → u0 [λk.u/x]. Because of this, we prefer to assume that the
term k; p is always irreducible. This also explains the role of the constant ∗. Since,
such a constant cannot be bound, it cannot be interpreted as a placeholder for
an arbitrary t-term and there is no problem in reducing the e-term ∗; λk.u to u∗ .
Anyhow, we remark that ∗; λhx, ki.u is irreducible.
In order to complete the explanation of the role of the constant ∗, let us recall
that we want to interpret a p-term p as the translation of a program. Since e-terms
only are reducible, in order to start the computation of p we have to composite it
with some t-term, that is to pass some continuation to the program. The simplest
choice is to compose p with the constant ∗. Correspondingly,
the constant ∗ plays the role of the initial continuation of the system:
the continuation that the “system” passes to the compiled code in order
to start the computation.
This assumption is fully justified by the fact that, following a Continuation Pass-
ing Style, we shall compile any λ-term into t-closed p-term. Because of this, we can
also
restrict the reduction rules to t-closed terms.

The constant ∗ is reminiscent of the continuation constant top introduced by

Ariola and Herbelin in [Ariola and Herbelin 2003], where it is used to extend the
λµ–calculus in order to get full classical logic.
The complete set of the rules of the calculus are given in Figure 2.
∗; λk.u → u∗
hp, t∗ i; λk.u → u[hp, t∗ i/k]
hp, t∗ i; λhx, ki.u → u[p/x, t∗ /k]
λx.u∗ ; p → u∗ [p/x]
(λk.u)t∗ → u[t∗ /k]
Fig. 2. The reduction rules of the ptq-calculus (restricted to t-closed terms)
∗
As usual, we shall denote by → the transitive and reflexive closure of →.
One of the standard interpretation of a continuation is as the rest of computation:
the continuation passed to a program specifies how the computation must continue
after the completion of the program. (For a comparison of this interpretation with
the interpretation that thinks at a continuation as an evaluation context, see [Danvy
2004].) Accordingly, we expect that the reduction of t; p starts by the reduction
that mimic the execution of the program corresponding to p and that, only after
the completion of that program, the execution is resumed by the continuation. In
∗ ∗
practice, we expect that t∗ ; p → t∗ ◦ u∗ = u[t/k], whenever ∗; p → u∗ . However, it
0 00
is readily seen that this cannot hold if t∗ = λx.u∗ and p = λk.u∗ .
Lemma 3.2 gives the exact condition under which we may get the expected re-
placement property: either t∗ is not a λ-abstraction or, when this is not the case,
during the reduction of ∗; p we never apply the rule that reduces a term with the
shape ∗; λk.u00∗ . Let us remark that this condition hold for the translations of λ-
terms that we shall give in the paper.
∗
Lemma 3.2. Let u∗ be an e-term s.t. u∗ → u0∗ . Given a t-term t∗ ,
(1 ) if t∗ is not an abstraction λx.u00∗ , or
∗
(2 ) u∗ → u0∗ without reducing any redex with the shape ∗; λk.u00∗ ,
∗
then t∗ ◦ u∗ → t∗ ◦ u0∗ , for every closed t-term t∗ .
Proof. By inspection of the reduction rules, we see that, since we cannot have
u∗ = λx.u00∗ ; λk.u0∗ , the statement holds for a one-step reduction. Then, by induction
on the length of the reduction, we conclude.
3.3 A comparison with the λ̄µµ̃-calculus

In [Curien and Herbelin 2000], Curien and Herbelin propose the λ̄µµ̃-calculus, “a
syntax for λ-calculus + control operators”.
This work starts from and supports the claim that the right logical system for
the analysis of computations is sequent calculus. Our ptq-calculus instead comes
from a natural deduction approach. Because of this, it is not easy to exhibit a
technical comparison between our calculus and the λ̄µµ̃-calculus—even in the case
of simpler and cleaner systems, such as the intuitionistic sequent calculus LJ and the
intuitionistic natural deduction NJ, the comparison between normalization and cut
elimination is extremely difficult, e.g., see the fundamental work of Zucker [Zucker
1974]. Moreover, the cut elimination of λ̄µµ̃-calculus is, in some sense, midway
between sequent calculus and natural deduction. For instance, let us take the
following piece of deduction:
Γ, x : A ` v1 : B | ∆ Γ ` v2 : A | ∆ Γ|E:B`∆
Γ ` λx.v1 : A → B | ∆ Γ | v2 · E : A → B ` ∆
hλx.v1 | (v2 · E)i : (Γ ` ∆)
If one tries to eliminate the cut, it is readily seen that this breaks the term
assignment. In order to preserve terms, the reduction rule between λx.v1 of type
A → B and (v2 · E) is defined as
hλx.v1 | (v2 · E)i → hv1 [x ← v2 ] | Ei
and it is readily seen that this corresponds to a standard cut elimination step
between main rules for the functional part, the B formula, while for the argument
part, the A formula, the rule corresponds to a sort of big reduction step that moves
the cut towards the axioms introducing x : A. This rule corresponds to the cut
elimination for the LKT system defined in [Danos et al. 1995; 1997]. Nevertheless,
the above analysis clearly shows that the rule contains a part that works at the
bottom of the proof—by replacing the cut in the final sequent with a cut on the
formula of the functional part—as in standard sequent calculus cut elimination,
and a part that works at the top of the proof—by plugging a new copy of the proof
corresponding to the argument of the function in the place of every occurrence of
the corresponding variable—in a way that clearly corresponds to a reduction step
of natural deduction.
By the way, this is not a drawback of λ̄µµ̃-calculus, neither we want to criticize
such a choice. We only want to point out that the approach of Curien and Herbelin
moves from a different starting point and leads to different choices for the logical
rules and for the reductions of the calculus. In particular, Curien and Herbelin start
from an analysis of computations and, as a consequence, the design of their logical
system derives from this computational point of view. In our work, we starts from a
proof theoretical analysis and, according to a genuine natural deduction approach,
we analyze the resulting calculus and its reduction figures by studying the terms
corresponding to every derivation of the logical system. Nevertheless, since the
framework is similar, in both the approaches the kind of problems that one has to
solve are similar. As for instance the non-determinism introduced by critical pairs
(see (1) on page 14). But, while in [Curien and Herbelin 2000] the authors decide to
give priority to one of the two directions according to the translation under analysis,
we internalize the choice of the direction of the reduction, showing that in any case,
via Plotkin’s translations, this keeps the correspondence with Call-By-Name and
Call-By-Value.
By the way, a completely different approach might be possible, and has been
presented in the literature: in spite of trying to avoid non-confluence, one might
decide to accept critical pairs and non-determinism as part of the calculus, as for
instance in [Barbanera and Berardi 1993; 1994].

Finally, we remark that the comparison with Curien and Herbelin may necessary
be incomplete, as in this paper we limit our analysis to the intuitionistic case, while
Curien and Herbelin analyzes calculi for classical logic. Nevertheless, we think
that the different philosophy followed in the design of the two calculi lead to some
differences also in the treatment of the classical part (see the conclusions in section 6
also).
3.4 Readback
The ptq-calculus can be translated into the λ-calculus by a map that associates to
each term of the ptq-calculus a typed λ-term. If we forget the types, every ptq-term
is mapped into a λ-term that contains the same p-variables of the ptq-term and one
special constant 2, named hole, that plays the role of the free t-variable in the
ptq-term.
A λ2 -term is a λ-term that may contain occurrences of the hole and whose
variables range over the set of the p-variables. If M and N are λ2 -terms, the hole
composition is defined by
M ◦ N = M [N/2]
The hole composition is associative and 2 is its neutral element, for M ◦ 2 = M =
2 ◦ M.
The (untyped) readback map J·K is defined in Figure 3. Every t-term is mapped
into a corresponding λ2 -term that may contain holes, while the other kind of terms
are mapped into λ2 -terms that does not contain holes.
J∗K = 2 JxK = x
Jhp, t∗ iK = Jt∗ K ◦ 2JpK Jλhx, ki.uK = λx.Ju∗ K
Jλx.u∗ K = Ju∗ K[2/x] Jλk.uK = Ju∗ K
Jλk.uK = Ju∗ K
Jt∗ ; pK = Jt∗ K ◦ JpK
Jqt∗ K = Jt∗ K ◦ JqK
Fig. 3. The readback map
The readback map naturally extends to judgments. The typed λ2 -terms obtained
by the translation are terms of a typed λ-calculus Λ2 in which:
—the set of the base types is the same of the ptq-calculus;
—the set of the variables is the set of the p-variables of the ptq-calculus;
—for each type A, there is a constant 2A : A, the hole of type A;
—the type assignment rules are those of the typed λ-calculus, with the restriction
that
—a term of Λ2 cannot contain occurrences of holes with different types (in any
case, a term of Λ2 may contain more than one hole of the same type);
—the reduction rule is the standard β-reduction.

Let Γ = x1 : A1 , . . . , xn : An be a set of type assignments for variables. We
shall denote by Γp = x1 : Ap1 , . . . , xn : Apn the corresponding type assignment for
p-variables. The readback of typing judgments is defined by:
JΓp k : At ` t : B t K = Γ, 2 : B ` Jt∗ K : A
JΓp ∗ : At ` t∗ : B t K = Γ, 2 : B ` Jt∗ K : A
JΓp ` p : Ap K = Γ ` JpK : A
JΓ ` q : A K
p q
= Γ ` JqK : A
JΓ k : A ` uK
p t
= Γ ` Ju∗ K : A
JΓ ∗ : A ` u∗ K
p t
= Γ ` Ju∗ K : A
Remark 3.3. Typed λ2 -terms with holes are a sort of typed contexts. But, dif-
ferently from the standard definition of contexts, Λ2 -terms are equivalence classes
modulo variable renaming (α-rule), for hole instantiation is not variable capturing.
In a standard context, if a hole is in the scope of a λ-abstraction binding the vari-
able x, the free occurrences of the variable x in a term M will be bound by the
λ-abstraction when M is put into the hole. In a Λ2 -term, the hole composition
N ◦ M = N [M/2] is defined by means of the standard variable substitution; there-
fore, the variable x bound in N must be renamed and the free occurrences of x in
M remain free in N ◦ M .
Proposition 3.4. Let the judgment Γp δ ` ξ be derivable in the ptq-calculus.
The judgment JΓp δ ` ξK is derivable in Λ2 .
Proof. By induction on the derivation of Γp δ ` ξ.
W.r.t. the readback, the ∗ plays the role of a neutral element, namely J∗; pK = JpK
and Jq∗K = JqK. Indeed, the readback transformation maps the ∗-composition into
the hole composition. (Let us recall that the ∗-composition on t-terms is defined
by t∗ ◦ t0∗ = t0 [t∗ /k].)
Lemma 3.5.
(1 ) Jt∗ ◦ t0∗ K = Jt∗ K ◦ Jt0∗ K
(2 ) Jt∗ ◦ u∗ K = Jt∗ K ◦ Ju∗ K
Proof. By structural induction on t0 and u.
(1) Let A = Jt∗ ◦ t0∗ K and B = Jt∗ K ◦ Jt0∗ K.
(a) If t0 = k, then B = Jt∗ K ◦ J∗K = Jt∗ K ◦ 2 = Jt∗ K = Jt∗ K∗◦ = A.
(b) If t0 = ht00 , pi, then A = Jht∗ ◦ t00∗ , piK = (by the definition of readback)
Jt∗ ◦ t00∗ K ◦ 2JpK = (by the induction hypothesis) (Jt∗ K ◦ Jt00∗ K) ◦ 2JpK =
Jt∗ K ◦ (Jt00∗ K ◦ 2JpK) = (by the definition of readback) Jt∗ K ◦ Jht00∗ , piK = B.
(c) If t0 = λx.u (with x 6∈ FV(t)), then A = Jt∗ ◦ λx.u∗ K = Jλx.(t∗ ◦ u∗ )K = (by
the definition of readback) Jt∗ ◦ u∗ K[2/x] = (by the induction hypothesis)
(Jt∗ K ◦ Ju∗ K)[2/x] = (by x 6∈ FV(t)) Jt∗ K ◦ (Ju∗ K[2/x]) = (by the definition
of readback) Jt∗ K ◦ Jλx.u∗ K = B.
(2) Let A = Jt∗ ◦ u∗ K and B = Jt∗ K ◦ Ju∗ K.

(a) If u = t0 ; p, then A = J(t ◦ t0∗ ); pK = (by the definition of readback) Jt∗ ◦ t0∗ K ◦
JpK = (by the induction hypothesis) (Jt∗ K ◦ Jt0∗ K) ◦ JpK = Jt∗ K ◦ (Jt0∗ K ◦ JpK) =
(by the definition of readback) Jt∗ K ◦ Jt0∗ ; pK = B.
(b) If u = qt0 , then A = Jq(t ◦ t0∗ )K = (by the definition of readback) Jt∗ ◦ t0∗ K ◦
JqK = (by the induction hypothesis) (Jt∗ K ◦ Jt0∗ K) ◦ JqK = Jt∗ K ◦ (Jt0∗ K ◦ JqK) =
(by the definition of readback) Jt∗ K ◦ Jqt0∗ K = B.
Let us define t∗ ◦ (t0∗ ; p) = (t∗ ◦ t0∗ ); p and t∗ ◦ (qt0∗ ) = q(t∗ ◦ t0∗ ).

Corollary 3.6. Jt∗ ◦ uK = Jt∗ K ◦ Ju∗ K
Proposition 3.8 proves that the readback is sound w.r.t. beta-reduction. In order
to prove that proposition, we have to show (Lemma 3.7) that the readback is sound
w.r.t. p-variable substitution.
Lemma 3.7. Let a be a t-closed t-term or a p-term or a q-term or a t-closed
e-term. Then
Ja[p/x]K = JaK[JpK/x]
Proof. By induction on the structure of a.
∗
Proposition 3.8. If u → u0 , then JuK → Ju0 K. Moreover,
(1 ) if u = hp, t∗ i; λhx, ki.u00 → u00 [p/x, t∗ /k] = u0 , then JuK =→ Ju0 K;
(2 ) otherwise, JuK = Ju0 K.
Proof. When u = hp, t∗ i; λhx, ki.u00 → u00 [p/x, t∗ /k], we have that
Jhp, t∗ i; λhx, ki.u00 K

= Jhp, t∗ iK ◦ Jλhx, ki.u00 K = Jhp, t∗ iK ◦ λx.Ju00∗ K = Jt∗ K ◦ (λx.Ju00∗ K)JpK
→ Jt∗ K ◦ Ju00∗ K[JpK/x] = (by Lemma 3.7) Jt∗ K ◦ Ju00∗ [p/x]K
= Jt∗ ◦ u00∗ [p/x]K = Ju00 [p/x, t∗ /k]K
For the other reduction rules, we have instead
—J∗; λk.u00 K = Ju00∗ K
—Jhp, t∗ i; λk.u00 K = Jhp, t∗ iK ◦ Ju00∗ K = Jhp, t∗ i ◦ u00∗ K = Ju00 [hp, t∗i/k]K
—Jλx.u00∗ ; pK = Ju00∗ K[JpK/x] = Ju00 [p/x]K
—J(λk.u00 )t∗ K = Jt∗ K ◦ Ju00∗ K = Jt∗ ◦ u00∗ K = Ju00 [t∗ /k]K
Concluding, we can state that:

—hp, t∗ i; λhx, ki.u is a β-redex and that hp, t∗ i; λhx, ki.u → u0 [p/x, t∗ /k] is the β-
rule of the ptq-calculus;
—all the other redexes of the calculus are control redexes and the corresponding
rules are the control rules of the ptq-calculus;
∗
—a reduction u∗ → u0∗ is a control reduction when it does not contract any β-redex.
3.5 Termination of the computations of the ptq-calculus

The reduction of any e-term u∗ is deterministic—let us recall that any e-term is in
normal form or is a redex (the only one in the term). Therefore, for every e-term
there is only one maximal reduction sequence that, as we are going to prove, ends
with a normal form.
By Proposition 3.8, any reduction of u∗ cannot contain a number of β-rules
greater than the length of the longest reduction of Ju∗ K (let us recall that such a term
is typable in the simply typed λ-calculus, thus it is strongly normalizing). Therefore,
if the e-term u∗ has an infinite reduction, such a reduction must eventually end in
an infinite sequence of control reductions.
In order to prove that the control reduction are terminating, we can associate
a measure to every (t-closed) ptq-term that, given a function from the set of the
p-variables into the set of the natural numbers N, maps
—every t-term into a function of type (N → N) → N → N;
—every p-term into a natural number;
—every q-term and every e-term into a function of type (N → N) → N.
Denoting by |a|σ the map that, given a function σ from the set of the p-variables
into N, associates to a ptq-term a its measure, the maps
|t∗ |σ : (N → N) → N → N |p|σ : N
|q|σ : (N → N) → N |u∗ |σ : (N → N) → N
are defined by
|∗|σ f n = fn |x|σ = σ(x)
|hp, t∗ i|σ f n = n |λhx, ki.u|σ = 0
|λx.u∗ |σ f n = |u∗ |σ[x7→n] (f ) |λk.u|σ = |u∗ |σ id
|λk.u|σ f = |u∗ |σ f
|t∗ ; p|σ f = (|t∗ |σ f |p|σ ) + 1
|qt∗ |σ f = (|q|σ (|t∗ |σ f )) + 1
The key properties that have inspired the definition of the above measure are
summarized by the following fact.
Fact 3.9. Let a be a t-closed t-term or a p-term or a q-term or a t-closed e-term.
(1 ) |a[p/x]|σ = |a|σ[x7→|p|σ ] , for every p-term p.
(2 ) |t∗ ◦ a|σ f = |a|σ (|t∗ |σ f ), for every t-closed t-term t∗ , when a is a t-closed
t-term or a t-closed e-term.
Proof. By induction on the structure of a.
(1) Straightforward.
(2) In the base case a = ∗, we have |t∗ ◦ ∗|σ f = |t∗ |σ f = |∗|σ (|t∗ |σ f ). The
induction steps are:
(a) if a = hp, t0∗ i, then |t∗ ◦ hp, t0∗ i|σ f = id = |hp, t0∗ i|σ (|t∗ |σ f );
(b) if a = λx.u∗ with x 6∈ FV(t∗ ), then |t∗ ◦ λx.u∗ |σ f = λn.|t∗ ◦ u∗ |σ[x7→n] f
= (by the induction hypothesis and x 6∈ FV(t∗ )) λn.|u∗ |σ[x7→n] (|t∗ |σ f )
= |λx.u∗ |σ (|t∗ |σ f );
(c) if a = t0∗ ; p, then |t∗ ◦ (t0∗ ; p)|σ f = |t∗ ◦ t0∗ |σ f |p∗ |σ + 1 = (by the induction
hypothesis) |t0∗ |σ (|t∗ |σ f ) |p∗ |σ + 1 = |t0∗ ; p|σ (|t∗ |σ f );
(d) if a = qt0∗ , then |t∗ ◦ (qt0∗ )|σ f = |q|σ (|t∗ ◦ t0∗ |σ f ) + 1 = (by the induction
hypothesis) |q|σ (|t0∗ |σ (|t∗ |σ f )) + 1 = |qt0∗ |σ (|t∗ |σ f ).
The measure of an e-term u∗ corresponds to the length of its longest control

reduction. Let us define
∗
`(u∗ ) = sup{l | l is the length of a control reduction u∗ → u0∗ }
.
Lemma 3.10. For every e-term, `(u∗ ) is finite. Moreover, `(u∗ ) = |u∗ |o id − 1,
where o is the map that associates 0 to every free variable of u∗ .
Proof. Let us prove by induction on `(u∗ ) that |u∗ |o id = `(u∗ ) + 1. We proceed
by case analysis.
(1) Let u∗ = t∗ ; p with t∗ = ∗ or t∗ = hp0 , t0∗ i. We have that |t∗ ; p|o id = |t∗ |o id |p|o +
1 = |p|o + 1. Therefore, we have to show that |p|o = `(t∗ ; p).
(a) if p = x, then |x|o = o(x) = 0 = `(t∗ ; x), since t∗ ; x is a normal form;
(b) if p = λhk, xi.u0∗ , then |λhk, xi.u0∗ |o = 0 = `(t∗ ; λhk, xi.u0∗ ) since t∗ ; λhk, xi.u0∗
is a normal form for the control rules;
(c) if p = λk.u0∗ , then t∗ ; λk.u0∗ → t∗ ◦ u0∗ and |λk.u0∗ |o = |u0∗ |o id = (since
|t∗ |o id = id, by the hypothesis on t∗ ) |u0∗ |o (|t∗ |o id) = (by Fact 3.9) |t∗ ◦ u0∗ |o id =
(by the induction hypothesis) `(t∗ ◦ u0∗ ) + 1 = `(t∗ ; λk.u0∗ ).
(2) Let u∗ = λx.u0∗ ; p. We have that λx.u0∗ ; p → u0∗ [p/x] and |λx.u0∗ ; p|o id =
|λx.u0∗ |o id |p|o + 1 = |u0∗ |o[x7→|p|o ] id + 1 = (by Fact 3.9) |u0∗ [p/x]|o id + 1 =
(by the induction hypothesis) `(u0∗ [p/x]) + 2 = `(λx.u0∗ ; p) + 1.
(3) Let u∗ = (λk.u0∗ )t∗ . We have that (λk.u0 )t∗ → t∗ ◦ u0∗ and |(λk.u0 )t∗ |o id =
|λk.u0 |o (|t∗ |o id) + 1 = |u0∗ |o (|t∗ |o id) + 1 = (by Fact 3.9) |t∗ ◦ u0∗ |o id + 1 = (by
the induction hypothesis) `(t∗ ◦ u0∗ ) + 2 = `((λk.u0∗ )t∗ ) + 1.
We can then conclude that the ptq-calculus is (strongly) normalizing.

Theorem 3.11. There is no infinite reduction of any e-term of the ptq-calculus.
Proof. By Proposition 3.8, the maximal reduction of an e-term u∗ cannot con-
tain an infinite number of β-rules. By Lemma 3.10, that reduction cannot contain
an infinite sequence of control rules neither.
The previous result ensures that the ptq-calculus may be used as a computational
tool for the implementation of β-reduction. In fact, Theorem 3.11 implies that,
when the t-closed e-term u∗ is a representation of a given simply typed λ-term M ,
the reduction of u∗ terminates with a representation of the normal form of M .
Theorem 3.12. Let N be the normal form of a simply typed λ-term M . If u∗ is

∗
an e-term s.t. Ju∗ K = M , there is u∗ → u0∗ s.t. Ju0∗ K = N . In particular, Ju0∗ K = N
when u0∗ is the normal form of u∗ .
Proof. By Proposition 3.8 and Theorem 3.11.
4. TRANSLATIONS
Theorem 3.12 shows that the ptq-calculus is a well-suited target language for the
“compilation” of λ-terms: given a suitable translation of λ-terms into ptq-terms, we
can compute the normal form of a λ-term by reducing its corresponding ptq-term;
where by suitable translation we mean a (total) map that inverts the readback.
Let us remind that, since in a ptq-term there is at most one redex, the reduction
of the ptq-term is deterministic and induces a particular reduction strategy of its
readback. As a consequence, any translation of λ-terms into ptq-terms defines a
reduction strategy for λ-terms. In particular, and this is the interesting compu-
tational property of the ptq-calculus, we can define translations that implement
Call-by-Value and Call-by-Name (see Plotkin [Plotkin 1975]).
4.1 Call-by-Value and Call-by-Name λ-calculus
In the Call-by-Value (CbV) and in the Call-by-Name (CbN) λ-calculus a λ-term is
a value if it is not an application. The main rule, in both cases, is the β-rule of
λ-calculus that, in CbV, is restricted to the case in which a λ-abstraction is applied
to a value.
In the paper we shall consider the lazy case only, that is we shall not reduce the
β-redexes that are in the scope of a λ-abstraction.
The reduction rules of CbN and CbV will be given by means of inference rules
that do not extend to contexts. In the case of CbN, we have two rules (small step
natural semantics of CbN):
M 7→n M1
βn
(λx.M )N 7→n M [N/x] M N 7→n M1 N
The βn -rule is the standard β-reduction of λ-calculus restricted to the case in which
the reducing term is a β-redex. The second rule, instead, allows to reduce a β-redex
when it is the left-most-outer-most head application of the term.
The CbN-normal form of any closed λ-term M is a value V , say M ⇓n V . The
relation ⇓n is defined by the following rules (big step natural semantics of CbN):
M ⇓n λx.M1 M1 [N/x] ⇓n V
V ⇓n V M N ⇓n V
where V denotes a value.
The main reduction rule of CbV is the usual β-rule restricted to the case in which
the reducing term is a β-redex whose argument is a value, namely
βv
(λx.M )V 7→v M [V /x]
As in the case of CbN, the small steps natural semantics of CbV is completed by
the inference rules that allow to reduce the head redexes of an application that, in
this case, can be in the argument part also. However, we have to fix an evaluation
order deciding which part of an application we want to reduce first. The rules that
reduce the function part first are
M 7→v M1 N 7→v N1
M N 7→v M1 N V N 7→v V N1
where V denotes a value. Otherwise, if one wants to reduce the argument first, the
rules are
N 7→v N1 M 7→v M1
M N 7→v M N1 M V 7→v M1 V
Both choices lead to the following big step natural semantics for CbV
M ⇓v λx.M1 M1 [W/x] ⇓v V N ⇓v W
V ⇓n V M N ⇓n V
where V and W denote values.
The typing rules of CbV and CbN are the usual ones of simply typed λ-calculus.
4.2 Plotkin’s translations

In his seminal paper [Plotkin 1975], Plotkin gave two translations that allow to
implement CbN by CbV and vice versa. Both the translations map an application
into a value, that is into a term that is in normal form—let us remind that we do
not reduce in the scope of an abstraction. In order to start the computation of the
translated term, we have to pass the identity I = λx.x to it—the term I plays the
role of the initial continuation.
4.2.1 CbN translation. The CbN translation is defined by the map
dxen = x
dλx.M en = λk.k(λx.dM en )
dM N en = λk.dM en (λm.mdN en k)
that translates a λ-term M into another λ-term dM en s.t. the CbV reduction of
dM en I corresponds to the CbN reduction of M .
The untyped CbN translation of terms given above corresponds to the following
translation of typed terms
CbN
Γ`M :A dΓen ` dM en : dAen
where, if Γ = x1 : A1 , . . . , xn : An , then dΓen = x1 : dA1 en , . . . , xn : dAn en , and the
translation of the types dAen is defined by
dAen = bAcn → o → o
bXcn = X bA → Bcn = dAen → dBen
where o is a new base type and X denotes a base type.
For the analysis of the correspondence between Plotkin’s translation and the ptq-
translation that we shall give in the following, let us observe that, by uncurryfying
the translation of A → B, we can assume
bA → Bcn = (dAen × (bBcn → o)) → o
Correspondingly, the CbN translation of terms becomes
dxen = x
dλx.M en = λk.k(λ(x, h).dM en h)
dM N en = λk.dM en (λm.m(dN en , k))
4.2.2 CbV translation. The CbV translation is defined by the map
dxev = λk.kx
dλx.M ev = λk.k(λx.dM ev )
dM N ev = λk.dM ev (λm.dN ev (λn.mnk))
that translates every λ-term M into another λ-term dM ev s.t. the CbN reduction
of dM ev I corresponds to the CbV reduction of M .
The map above ensures that, in an application M N , the function M is evaluated
first. Replacing the translation of M N with
dM N ev = λk.dN ev (λn.dM ev (λm.mnk))
we get the translation for the case in which, in an application M N , the argument
N is evaluated first.
The untyped CbV translation of terms given above corresponds to the following
translation of typed terms
CbV
Γ`M :A bΓcv ` dM ev : dAev
where, if Γ = x1 : A1 , . . . , xn : An , then bΓcv = x1 : bA1 cv , . . . , xn : bAn cv and the
translations of types bAcv and dAev are defined by
dAev = bAcv → o → o
bXcn = X bA → Bcn = bAcv → dBev
where o is a new base type and X denotes a base type.
As in the case of CbN translation, by uncurryfying the translation of A → B, we
get
bA → Bcn = (bAcv × (bBcv → o)) → o
Correspondingly, the CbV translation of terms becomes
dxev = λk.kx
dλx.M ev = λk.k(λ(x, h).dM ev h)
λk.dM ev (λm.dN ev (λn.m(n, k)))

eval M first
dM N ev =
λk.dN ev (λn.dM ev (λm.m(n, k))) eval N first

Call-by-Name Call-by-Value
xn = x xv = λk.k; x
n n v v
λx.M = λhx, ki.k; M λx.M = λk.k; (λhx, ki.M k)
n n n v v v
MN = λk.hN , ki; M MN = λk.N (λx.M hx, ki)
Fig. 4. ptq-translations
where, for M N , we have to choose the upper translation if we want to evaluate M

first or the lower translation if we want to evaluate N first.
4.3 Call-by-Name ptq-translation
The CbN ptq-translation derives from the translation that maps every sequent
derivable in minimal logic into the corresponding ptq-sequent, by translating every
formula of minimal logic into a p-formula, that is
CbN
Γ`A Γ p ` Ap
The simplest way to get the above correspondence is by the CbN-translation in
Figure 4.
Proposition 4.1. Let Γ ` M : A be derivable in the simply typed λ-calculus.
n
Then, Γp ` M : Ap is derivable in the ptq-calculus.
Proof. By induction on the structure of M .
4.3.1 Correspondence with Plotkin’s CbN translation. In order to relate the CbN
ptq-translation with Plotkin’s CBN translation, let us observe that we may map
the translated Plotkin’s types according to the following schema:
dAen = bAcn → o → o Ap
bAcn Ap bAcn → o At
that also implies, in the translation with pairs,
bA → Bcn → o = dAen × (bBcn → o) A → Bt
Correspondingly, the CbN Plotkin’s translation of terms becomes
dxen x
n n
dλx.M e λk.k; (λ(x, m).m; M )
n n
dM N en λk.(λm.hN , ki; m); M
Such a translation can be simplified to the ptq-translation in Figure 4 by observing
that, by η-equivalence λk.(λm.hdN en , ki; m); dM en = λk.hdN en , ki; dM en and that,
since in the translation we never use t-terms with the shape λx.u, we can also assume
that λk.k; (λhx, mi.m; dM en ) is equivalent to λhx, mi.m; dM en .
4.4 Call-by-Value ptq-translation
The CbV ptq-translation derives from the translation of minimal logic that maps the
premises of the ending sequent into p-formulas and its conclusion into a q-formula
Γ`A Γ p ` Aq
In order to get the above correspondence, one can easily find the CbV translation
in Figure 4.
Proposition 4.2. Let Γ ` M : A be derivable in the simply typed λ-calculus.
v
Then, Γp ` M : Aq is derivable in the ptq-calculus.
Proof. By induction on the structure of M .
4.4.1 Correspondence with Plotkin’s CbV translation. In order to relate the CbV
ptq-translation with Plotkin’s CbV translation, the translated Plotkin’s types can
be mapped to ptq-types according to the following schema:
dAen = bAcn → o → o Aq
bAcn Ap bAcn → o At
that also implies, in the translation with pairs,
bA → Bcn → o = bAcn × (bBcn → o) A → Bt
Correspondingly, the CbV Plotkin’s translation of terms becomes
dxev λk.k; x
v v
dλx.M e λk.k; (λhx, hi.h; M )
v v
λk.M (λm.(N (λn.hn, ki; m)))
dM N ev v v
λk.N (λn.(M (λm.hn, ki; m)))
The translation in which M is evaluated first cannot be simplified. The case in
which N is evaluated first, instead, can be reduced to the CbV ptq-translation in
Figure 4 because of the η-equivalence λm.hn, ki; m = hn, ki.
5. PROPERTIES OF THE PTQ-TRANSLATIONS

5.1 Precomputation
The ptq-translations map λ-terms into p-terms that, in the ptq-calculus, are irre-
ducible. In order to eval a translated term we have to combine it with a test. The
natural choice for such an initial test is the constant ∗ that, as already remarked,
in our framework plays the role of the initial continuation.
By reducing the ptq-translation u∗ of a λ-term M , we do not get the translation
u0∗ of some reduct N of M . We shall see instead that we can get some u00∗ s.t.
Ju00∗ K = N , which differs from u0∗ for the reduction of some control redexes, namely
∗
u0∗ → u00∗ by a sequence of control rules. Since we know that the readback M = Ju∗ K
of an e-term u∗ is not changed by the control rules (Proposition 3.8) and that the
control reductions are terminating (Lemma 3.10), we can take the normal form of
u∗ for the control rules as another standard representation of M . The computation
of such a normal form can be merged with the ptq-translations by defining two
variants of the ptq-translations that map λ-terms into e-terms.
The Call-by-Name translation from λ-terms to e-terms is defined by:
n
V = ∗; V n xn = x
n n n n
MN = hN , ∗i ◦ M λx.M n = λhx, ki.k; M
where V is a value. The Call-by-Value translation from λ-terms to e-terms is defined

by:
v
V = ∗; V v xv = x
v v v
MV = hV v , ∗i ◦ M λx.M v = λhx, ki.M k
v v v
MN = (λx.M hx, ∗i) ◦ N
where V is a value and N is not a value.
For every value V ,
n v
V = λk.k; V n V = λk.k; V v
Remark 5.1. Let us define
(
hp1 n , h. . . , hpk n , ∗i . . .ii for k > 0
[p1 , . . . , pk ] =
∗ for k = 0
n n n
(1) M M1 . . . Mk = [M1 , . . . , Mk ] ◦ M n . In particular, when M = V is a value
n n n
V M1 . . . Mk = [M1 , . . . , Mk ]; V n
v v v
(2) M V1 . . . Vk = [V1 , . . . , Vk ] ◦ M v where V1 , . . . , Vk are values. In particular,
when M = V is a value and when M = P Q where Q is not a value
v
V V1 . . . Vk = [V1 v , . . . , Vk v ]; V v
v v v
P QV1 . . . Vk = (λx.P [x, V1 v , . . . , Vk v ]) ◦ Q
Lemma 5.2. For every λ-term M ,
n v
(1 ) both M and M are in normal form for the control rules;
(2 ) by a sequence of control rules
n ∗ n
(a) ∗; M → M ,
v ∗ v
(b) M ∗ → M .
Proof. Let us separately prove the two items of the statement.
(1) Let us start by proving the following claim.
Claim . There are two values V n and V v and two t-closed terms tn∗ and tv∗
n v
s.t. M = tn∗ ; V n n and M = tv∗ ; V v v , and s.t.:
(a) when M is a value, tn∗ = tv∗ = ∗ and M = V n = V v ;
(b) when M is not a value, tn∗ and tv∗ are pairs, namely tn∗ = hp0 , t0∗ i for some
p0 and t0∗ and tv∗ = hp00 , t00∗ i for some p00 and t00∗ .
n
Proof of the claim. For M , the proof immediately follows by item 1 of Re-
v
mark 5.1: take M = V n M1 . . . Mk . For M , the proof exploits the inductive
v
definition of M in item 2 of Remark 5.1: the base case is immediate, just take
M = V v V1 . . . VK ; the induction step M = P QV1 . . . Vk holds by the induction
v
hypothesis on Q and by the fact that Q is not a value.
n v
Then, in order to conclude that M = tn∗ ; V n n and M = tv∗ ; V v v are in normal
form for the control rules, let us observe that, for any value V :
(a) if V = x, then V n = V v = x;
(b) if V = λx.N , then V n = λhx, ki.un and V v = λhx, ki.uv for some un and
uv .
(2) By structural induction on M . When M = V , where V is a value (base case),
n v
it is readily seen that ∗; V → ∗; V n and V ∗ → ∗; V v by a control reduction.
When M = P Q, by the induction hypothesis, we have three control reductions
∗ n v ∗ v v ∗ v
s.t.: ∗; P → P , for the CbN; P ∗ → P and Q ∗ → Q , for the CbV.
Therefore, by Lemma 3.2,
—for the CbN, we have the control reduction
n n n n ∗ n n n
∗; M = ∗; P Q → hQ , ∗i; P → hQ , ∗i ◦ P = M ;
—for the CbV,
(a) when Q = V is a value, we have the control reduction
v v v ∗ v v
∗; M = P V ∗ = hV v , ∗i ◦ P → hV v , ∗i ◦ P = M ;
(b) when Q is not a value, we have the control reduction
v v v v ∗ v v v
∗; M = P Q ∗ → (λx.P hx, ∗i) ◦ Q → (λx.P hx, ∗i) ◦ Q = M .
5.2 Readback
One of the key properties of the ptq-translations is that the readback of a translated
term is the term itself.
Proposition 5.3. For every λ-term M ,
n n n
(1 ) J∗; M K = JM K = JM K = M
v v v
(2 ) JM ∗K = JM K = JM K = M
n n
Proof. By the definition of readback, it is readily seen that J∗; M K = JM K
v v
and that JM ∗K = JM K.
n
(1) We shall prove JM K = M , by induction on the structure of M .
(a) Jxn K = x
n n n
(b) Jλx.P K = Jλhx, ki.k; P K = λx.J∗; P K = (by the induction hypothesis)
λx.P
n n n n n n n
(c) JP Q K = Jλk.hQ , ki; P K = JhQ , ∗iK ◦ JP K = JP KJQ K = (by the in-
duction hypothesis) P Q
v
(2) By induction on the structure of M , we shall prove that JM t∗ K = Jt∗ K ◦ M .
v
(a) Jx t∗ K = Jt∗ K ◦ Jλk.k; xK = Jt∗ K ◦ J∗; xK = Jt∗ K ◦ x
v v v
(b) JP Q t∗ K = Jt∗ K ◦ JQ (λx.P hx, ∗i)K = (by the induction hypothesis) Jt∗ K ◦
v v
Jλx.P hx, ∗iK ◦ Q = Jt∗ K ◦ JP hx, ∗iK[Q/x] = (by the induction hypothesis)
Jt∗ K ◦ (Jhx, ∗iK ◦ P )[Q/x] = Jt∗ K ◦ P x[Q/x] = Jt∗ K ◦ P Q
v v v
(c) Jλx.P t∗ K = Jt∗ K ◦ Jλhx, ki.P kK = Jt∗ K ◦ λx.JP ∗K = (by the induction
hypothesis) Jt∗ K ◦ λx.P
v
In particular, JM ∗K = J∗K ◦ M = M .
n ∗ n v ∗ v
By Lemma 5.2, ∗; M → M and M ∗ → M by control reductions. Therefore,
n n v v
by Proposition 3.8, JM K = J∗; M K = M and JM K = JM ∗K = M .
5.3 Soundness and Completeness

Lemma 5.4. For every pair of λ-terms M, N and every value V
n n n
(1 ) M [N/x] = M [N /x]
n n
(2 ) M [V /x] = M [V v /x]
Proof. By induction on M .
Proposition 5.5. For every λ-term M .
n ∗ n
(1 ) M → N in the CbN λ-calculus iff M → N .
v ∗ v
(2 ) M → N in the CbV λ-calculus iff M → N .
Proof. By induction on M . If M = V is a value (the base of the induction), it
n v
is readily seen that V = ∗; V n and V = ∗; V v are in normal form (see the proof
of item 2 of Lemma 5.2). Then, let us prove the inductive steps of the two items
in the statement.
(1) Let M = V M1 . . . Mk , where V is a value and k > 0. By Remark 5.1, we
n n n
know that M = [M1 , . . . , Mk ]; V v . If V = x is a variable, M is a CbN
n n
normal form and [M1 , . . . , Mk ]; x is a normal form too. If V = λx.P is a
λ-abstraction, then M → P [M1 /x]M2 . . . Mk = N in the CbN and
n n n n
M = [M1 , . . . , Mk ]; λhx, ki.k; P
n n n n
→ [M2 , . . . , Mk ]; P [M1 /x]
n n n
= [M2 , . . . , Mk ]; P [M1 /x] (by Lemma 5.4)
∗ n n n
→ [M2 , . . . , Mk ] ◦ P [M1 /x] (by Lemma 5.2 and Lemma 3.2)
n n
= P [M1 /x]M2 . . . Mk = N
(2) We have to analyze two cases.
(a) Let M = V V1 . . . Vk , where V, V1 , . . . , Vk are values and k > 0. By Re-
n
mark 5.1 we know that M = [V1 v , . . . , Vk v ]; V v . If V = x is a variable,
M is a CbN normal form and [V1 v , . . . , Vk v ]; x is a normal form too. If
V = λx.P is a λ-abstraction, in the CbV M → P [V1 /x]V2 . . . Vk and
v v
M = [V1 v , . . . , Vk v ]; λhx, ki.k; P
v
→ [V2 v , . . . , Vk v ]; P [V1 v /x]
v
= [V2 v , . . . , Vk v ]; P [V1 /x] (by Lemma 5.4)
∗ v
→ [V2 v , . . . , Vk v ] ◦ P [V1 /x] (by Lemma 5.2 and Lemma 3.2)
v v
= P [V1 /x]V2 . . . Vk = N
(b) Let M = P QV1 . . . Vk , where V1 , . . . , Vk are values and Q is not a value. By
v v v
Remark 5.1, M = (λx.P [x, V1 v , . . . , Vk v ]) ◦ Q . If Q is in normal form for
the CbV, then M is in normal form for the CbV. By the induction hypoth-
v
esis, Q is in normal form and (see the proof of Lemma 5.2) has not the
v
shape ∗; p for some p; therefore, M is in normal form. If Q → Q0 in the
CbV, then M → P Q0 V1 . . . Vk = N in the CbV. By the induction hypoth-
v v v v v
esis, Q → Q0 and M → (λx.P [x, V1 v , . . . , Vk v ]) ◦ Q0 , by Lemma 3.2.
v v v
Then, if Q0 is not a value, (λx.P [x, V1 v , . . . , Vk v ]) ◦ Q0 = N , otherwise,
if Q0 = V is a value, we have
v v
M → (λx.P [x, V1 v , . . . , Vk v ]); V v
v
→ P [V v , V1 v , . . . , Vk v ]
∗ v
→ [V v , V1 v , . . . , Vk v ]; P
v v
= P V V1 . . . Vk = N
Theorem 5.6. For every λ-term M .

∗ n ∗ n
(1 ) If M → N in the CbN λ-calculus, then M → N , namely
∗; M
n ∗ / n
N
O O
n n
(·) (·)
_ _
M
∗ / N
CbN
∗ v ∗ v
(2 ) If M → N in the CbV λ-calculus, then M → N , namely
M ∗
v ∗ / v
N
O O
v v
(·) (·)
_ _
M
∗ / N
CbV
Proof. By Lemma 5.2 and Proposition 5.5.
Theorem 5.7. For every λ-term M .

n ∗ ∗
(1 ) If ∗; M → u∗ , then M → Ju∗ K in the CbN λ-calculus, namely
∗; M
n ∗ / u∗
_ _
J·K J·K

M
∗ / Ju∗ K
CbN
v ∗ ∗
(2 ) If M ∗ → u∗ , then M → Ju∗ K in the CbV λ-calculus, namely
v
M ∗
∗ / u∗
_ _
J·K J·K

M
∗ / Ju∗ K
CbV
∗
Proof. By Lemma 5.2, M → M by a control reduction for CbN and CbV.
∗ ∗
Therefore, Ju∗ K = M , for every M → u∗ → M (by Proposition 3.8). By Lemma 5.2,
M is either a normal form or a β-redex. When M is a β-redex, there is a reduction
∗ ∗
M → u0∗ → u∗ → N s.t. all the rules but the first one are control rules (see the
proof of Proposition 5.5). By Proposition 3.8, we have then M → Ju0∗ K = Ju∗ K = N .
Proposition 5.5 ensures that M → Ju∗ K by CbN or CbV according to the case that
we are considering.
6. CONCLUSIONS AND FURTHER WORK

Starting from the notion of test introduced by Girard in [Girard 1999], we have
proposed a new calculus, the ptq-calculus, in which we reformulate in logical terms
the well-known duality programs/continuations, namely in terms of the proofs/tests
duality. In the core of the paper we have shown that the ptq-calculus has interesting
logical and computational properties and, by encoding λ-calculus Call-by-Value and
Call-by-Name into it, we have shown that it might be a fruitful framework for the
analysis of reduction strategies and of sequential features of functional programming
languages.
In spite of the classical flavor of ptq-calculus, in the paper we have restricted
our analysis to the intuitionistic case—mainly because our goal was to present the
ptq-calculus as a tool for the study of λ-calculus Call-by-Value and Call-by-Name.
The natural extension of the analysis pursued in the paper to classical logic leads
to relate our approach to Parigot’s λµ-calculus [Parigot 1992; 1997]. In particular,
there is a natural bijection between ptq-calculus and λµ-calculus that, however, does
not give a simulation, namely the reductions of the ptq-calculus are not sound w.r.t.
the reductions of the λµ-calculus proposed by Parigot. Such a mismatch reflects
the fact that the ptq-calculus is neither Call-by-Value nor Call-by-Name, while with
the reduction rules of Parigot the λµ-calculus is essentially Call-by-Name.
In fact, if we remove the restriction that a ptq-term must contain at most one
free test variable (i.e., we assign a ptq-term to every KT derivation), the system
becomes equivalent to classic logic. Then, by redefining the rules of the readback
map given in Figure 3, we can associate a λµ-term to every ptq-term. That is, the
readback of a proof/test interaction
Jt; pK = JtK ◦ JpK

does not change, while for the other rules we have

JkK = (k)2 JxK = x
Jhp, tiK = JtK ◦ 2JpK Jλhx, ki.uK = λx.µk.JuK
Jλx.uK = JuK[2/x] Jλk.uK = µk.JuK
(the only cases that change are those for the terms in which there are explicit
occurrences of test variables).
In accord with this step from λ-calculus to λµ-calculus, the translations in Fig-
ure 4 extend to λµ-terms by adding
µh.(k)M = λh.k; M
and by assuming the proviso that the variables k introduced by the other rules are
always fresh.
It is readily seen that for both CbN and CbV the readback preserves the key
property that
JM K = M
But the extension is no longer trivial when we try to compare the reductions. In
particular, the rule that contracts the redex λx.u; p is the only one with no corre-
spondence in the λµ-calculus. Then, since the CbN translation does not introduce
any λx.u subterm in the image of a term M , in this case case we can immediately
obtain that
n ∗ ∗
∗; M → u∗ implies M →N with N ∼ µk.Ju∗ [k/∗]K
where ∼ is a structural congruence on λµ-terms. On the contrary, since the use of
the λx abstraction is crucial in the CbV translation, it is not yet clear to us which
kind of simulation we can get for CbV, neither with respect to the CbV λµ-calculus
proposed by Ong and Stewart [1997].
Summing up, in extending the analysis presented in this paper to the classical
case, our main goal will be to understand in which way the ptq-calculus relates to
Ong and Stewart Call-by-Value λµ-calculus [Ong and Stewart 1997] and to Curien
and Herbelin’s λ̄µµ̃-calculus [Curien and Herbelin 2000].
REFERENCES
Ariola, Z. M. and Herbelin, H. 2003. Minimal classical logic and control operators. In Au-
tomata, languages and programming. Lecture Notes in Comput. Sci., vol. 2719. Springer, Berlin,
871–885.
Barbanera, F. and Berardi, S. 1993. Extracting constructive content from classical logic via
control-like reductions. In TLCA ’93: Proceedings of the International Conference on Typed
Lambda Calculi and Applications, M. Bezem and J. F. Groote, Eds. Lecture Notes in Computer
Science, vol. 664. Springer-Verlag, Utrecht, The Netherlands, 45–59.
Barbanera, F. and Berardi, S. 1994. A symmetric lambda-calculus for classical program
extraction. In Proceedings of TACS ’94. Lecture Notes in Computer Science, vol. 789. Springer-
Verlag.
Curien, P.-L. and Herbelin, H. 2000. The duality of computation. In ICFP ’00: Proceedings
of the fifth ACM SIGPLAN international conference on Functional programming. ACM Press,
New York, NY, USA, 233–243.
Danos, V., Joinet, J.-B., and Schellinx, H. 1995. LKT and LKQ: sequent calculi for second
order logic based upon dual linear decomposition of classical implication. In Advances in Linear
Logic, J.-Y. Girard, Y. Lafont, and L. Regnier, Eds. Cambridge University Press, 43–59.
Danos, V., Joinet, J.-B., and Schellinx, H. 1997. A new deconstructive logic: Linear logic.
Journal of Symbolic Logic 62, 3, 755–807.
Danvy, O. 2004. On evaluation contexts, continuations, and the rest of the computation. In
Proceedings of the Fourth ACM SIGPLAN Continuations Workshop (CW’04), H. Thielecke,
Ed. Number CSR-040-1 in Technical Report. Proceedings of the Fourth ACM SIGPLAN Con-
tinuations Workshop (CW’04), Birmingham, UK.
de Groote, P. 1998. An environment machine for the lambda-mu-calculus. Mathematical Struc-
tures in Computer Science 8, 6, 637–669.
Felleisen, M., Friedman, D. P., Kohlbecker, E. E., and Duba, B. F. 1986. Reasoning with
continuations. In Proceedings of the First Annual IEEE Symp. on Logic in Computer Science,
LICS 1986, A. Meyer, Ed. IEEE Computer Society Press, 131–141.
Fischer, M. J. 1972. Lambda calculus schemata. In Proceedings of ACM conference on Proving
assertions about programs. ACM Press, New York, NY, USA, 104–109.
Führmann, C. and Thielecke, H. 2004. On the call-by-value CPS transform and its semantics.
Inform. and Comput. 188, 2, 241–283.
Girard, J.-Y. 1999. On the meaning of logical rules I: syntax vs. semantics. In Computational
Logic, Proceedings of the NATO Advanced Study Institute on Computational Logic, held in
Marktoberdorf, Germany, July 29 - August 10, 1997, U. Berger and H. Schwichtenberg, Eds.
NATO ASI Series, Computer and Systems Sciences, vol. 165. Springer, 215–272.
Griffin, T. G. 1990. The formulae-as-types notion of control. In Conf. Record 17th Annual
ACM Symp. on Principles of Programming Languages, POPL’90, San Francisco, CA, USA,
17–19 Jan 1990. ACM Press, New York, 47–57.
Herbelin, H. 1995. Séquents qu’on calcule. Thèse de Doctorat, Université Paris 7.
Hofmann, M. and Streicher, T. 1997. Continuation models are universal for lambda-mu-
calculus. In LICS ’97: Proceedings of the 12th Annual IEEE Symposium on Logic in Computer
Science. IEEE Computer Society, Washington, DC, USA, 387.
Ogata, I. 2002. A proof theoretical account of continuation passing style. In CSL ’02: Proceedings
of the 16th International Workshop and 11th Annual Conference of the EACSL on Computer
Science Logic. Springer-Verlag, London, UK, 490–505.
Ong, C.-H. L. and Stewart, C. A. 1997. A Curry-Howard foundation for functional compu-
tation with control. In Conf. Record 24th ACM SIGPLAN-SIGACT Symp. on Principles of
Programming Languages, POPL’97, Paris, France, 15–17 Jan. 1997. ACM Press, New York,
215–227.
Parigot, M. 1992. λµ-calculus: an algorithmic interpretation of classical natural deduction. In
Logic programming and automated reasoning (St. Petersburg, 1992). Lecture Notes in Comput.
Sci., vol. 624. Springer, Berlin, 190–201.
Parigot, M. 1997. Proofs of strong normalisation for second order classical natural deduction.
J. Symbolic Logic 62, 4, 1461–1479.
Plotkin, G. D. 1975. Call-by-name, call-by-value and the lambda-calculus. Theor. Comput.
Sci. 1, 2, 125–159.
Sabry, A. and Felleisen, M. 1993. Reasoning about programs in continuation-passing style.
Lisp and Symbolic Computation 6, 289–360.
Selinger, P. 2001. Control categories and duality: on the categorical semantics of the lambda-mu
calculus. Math. Structures Comput. Sci. 11, 2, 207–260.
Streicher, T. and Reus, B. 1998. Classical logic, continuation semantics and abstract machines.
J. Funct. Programming 8, 6, 543–572.
Wadler, P. 2005. Call-by-value is dual to call-by-name reloaded. In Term rewriting and appli-
cations. Lecture Notes in Comput. Sci., vol. 3467. Springer, Berlin, 185–203.
Zucker, J. 1974. The correspondence between cut-elimination and normalization, Part I & II.
Annals of Mathematical Logic 7, 1–155.
Received May 2006; revised September 2007; accepted December 2007
View publication stats

Proofs Tests and Continuation Passing Style

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Proofs Tests and Continuation Passing Style

Uploaded by

Copyright:

Available Formats

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

Proofs, Tests and Continuation Passing Style

Article in ACM Transactions on Computational Logic · February 2009

Stefano Guerrini Andrea Masini

SEE PROFILE SEE PROFILE

Calculi and Logics for Quantum Computing View project

Logic in Computer Science View project

The user has requested enhancement of the downloaded file.

Authors’ addresses: Stefano Guerrini, Dipartimento di Informatica, Sapienza Università di Roma,

1.2 Classical logic

A proof π of A → B is a (constructive) transformation from a proof of

In particular, if there is no proof of A, the transformation π is the empty map,

a test t of A → B is a pair (π, τ ) such that:

Asking at the same time that:

a proof is a “failure” of a test and a test is a “failure” of a proof.

However, in order to avoid misunderstandings, we have to be precise in using the

1.4 Our proposal

(1) The ptq-calculus bases on a general primitive notion of continuation/test. Such

2. PROOF THEORETICAL MOTIVATIONS

2.1 The starting point: classical logic

2.2 Leaving the classical world . . .

Proposition 2.1. The sequent Γ ` ∆ is derivable in LK iff the judgment Γp , ∆t `

As a direct consequence, A is classically valid iff there exists a derivation of ` Ap

—a premise At morally corresponds to a conclusion A;

As a matter of fact, it is possible to translate each judgment G of KT in an

2.2.1 ... and approaching to continuations.. In the perspective of the develop-

—deductions of Ap and programs of type Ap ;

—deductions of At and continuations of type At .

As a first step, let us transform mT into a type system.

and there is no general way to close the diagram.

3.1 The type system

—in well-typed ptq-terms, t-variables are linear;

Fig. 1. ptq-type system

with a ∗ subscript; moreover, given a t-closed t-term t∗ and a t-closed e-term u∗ ,

—a p-term is either a variable or begins with a λ,

t-terms, p-terms and q-terms are irreducible.

Summing up, we have the reduction rules

Let us remark that, when t and p are both λ-abstraction, t = λx.u is a λ-

rule would lead to the critical pair

restrict the reduction rules to t-closed terms.

The constant ∗ is reminiscent of the continuation constant top introduced by

Fig. 2. The reduction rules of the ptq-calculus (restricted to t-closed terms)

3.3 A comparison with the λ̄µµ̃-calculus

instance in [Barbanera and Berardi 1993; 1994].

Fig. 3. The readback map

—the reduction rule is the standard β-reduction.

(2) Let A = Jt∗ ◦ u∗ K and B = Jt∗ K ◦ Ju∗ K.

Let us define t∗ ◦ (t0∗ ; p) = (t∗ ◦ t0∗ ); p and t∗ ◦ (qt0∗ ) = q(t∗ ◦ t0∗ ).

Jhp, t∗ i; λhx, ki.u00 K

Concluding, we can state that:

3.5 Termination of the computations of the ptq-calculus

The measure of an e-term u∗ corresponds to the length of its longest control

We can then conclude that the ptq-calculus is (strongly) normalizing.

Theorem 3.12. Let N be the normal form of a simply typed λ-term M . If u∗ is

4.2 Plotkin’s translations

ACM Transactions on Computational Logic, Vol. V, No. N, December 2007.

where, for M N , we have to choose the upper translation if we want to evaluate M

5. PROPERTIES OF THE PTQ-TRANSLATIONS

where V is a value. The Call-by-Value translation from λ-terms to e-terms is defined

5.3 Soundness and Completeness

Theorem 5.6. For every λ-term M .

Proof. By Lemma 5.2 and Proposition 5.5.

Theorem 5.7. For every λ-term M .