Refining Semantics for Multi-stageProgrammingbyRui GeB.Sc., Simon Fraser University, 2013B.Eng., Zhejiang University, 2013A THESIS SUBMITTED IN PARTIAL FULFILLMENT OFTHE REQUIREMENTS FOR THE DEGREE OFMASTER OF SCIENCEinThe Faculty of Graduate and Postdoctoral Studies(Computer Science)THE UNIVERSITY OF BRITISH COLUMBIA(Vancouver)October 2016c© Rui Ge 2016AbstractMulti-stage programming is a programming paradigm that supports runtime code generation and execution.Though researchers have extended several mainstream programming languages to support it, multi-stageprogramming has not been widely recognised or used. The popularisation of multi-stage programming hasbeen impeded by the lack of development aids such as code refactoring and optimisation, for which theculprit is the lack of static analysis support.Van Horn and Might proposed a general-purpose approach to systematically developing static analysesfor a programming language by applying transformations to its formal semantics, an approach we believe isapplicable to multi-stage programming. The approach requires that the initial semantics be specified as anenvironmental abstract machine that records the change of control strings, environments and continuationsas a program evaluates. Developing an environmental abstract machine for a multi-stage language is notstraightforward and has not been done so far in the literature.In the thesis, we study multi-stage programming through a functional language, MetaML. The mainresearch problem of the thesis is:Can we refine the pre-existing substitutional natural semantics of MetaML to a correspond-ing environmental abstract machine and demonstrate their equivalence?We first develop a substitutional structural operational semantics for MetaML. Then we simplify the re-search problem along two dimensions—each dimension leads to a less complicated semantics refinementproblem. The first dimension is to refine semantics for a single-stage language rather than a multi-stagelanguage: we stepwise develop an environmental abstract machine, the CEK machine, for a single-stagelanguage, ISWIM, based on its substitutional structural operational semantics. The second dimension isto derive a substitutional abstract machine rather than an environmental abstract machine: we stepwise de-velop a substitutional abstract machine, the MK machine, for the multi-stage language MetaML, based on itssubstitutional structural operational semantics. Finally, utilising the experience of refining semantics alongtwo dimensions, we stepwise develop an environmental abstract machine, the MEK machine, for MetaML,based on its substitutional structural operational semantics. Furthermore, we introduce three proof tech-niques which are used throughout the thesis to prove the equivalence of semantics.iiPrefaceThis thesis is original, unpublished, independent work by the author, Rui Ge, under the supervision of Dr.Ronald Garcia (Assistant Professor at UBC).iiiTable of ContentsAbstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiiTable of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ivList of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiList of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiAcknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixDedication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 General-purpose and Special-purpose Programming . . . . . . . . . . . . . . . . . . . . . 11.2 Specialising a General-purpose Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Multi-stage Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.4 Static Analysis of Multi-stage Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.5 Refining Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Formal Semantics of MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.1 Staging Annotations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.2 Formal Semantics of MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.3 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Refining Semantics for ISWIM: Developing the CEK Machine . . . . . . . . . . . . . . . . . 313.1 ISWIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313.2 Explicit ISWIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.3 Suspended ISWIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403.4 Environmental ISWIM - Structural Operational Semantics . . . . . . . . . . . . . . . . . . 453.5 Environmental ISWIM - Reduction Semantics . . . . . . . . . . . . . . . . . . . . . . . . 493.6 Environmental ISWIM - CEK Abstract Machine . . . . . . . . . . . . . . . . . . . . . . . 533.7 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57ivTable of Contents4 Refining Semantics for MetaML: Developing the MK Machine . . . . . . . . . . . . . . . . . 584.1 MetaML - Substitutional Reduction Semantics . . . . . . . . . . . . . . . . . . . . . . . . 584.2 MetaML - MK Abstract Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624.3 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665 Refining Semantics for MetaML: Developing the MEK Machine . . . . . . . . . . . . . . . . 675.1 MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685.2 Explicit MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695.3 Suspended MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765.4 Environmental MetaML - Structural Operational Semantics . . . . . . . . . . . . . . . . . 875.5 Environmental MetaML - Reduction Semantics . . . . . . . . . . . . . . . . . . . . . . . . 975.6 Environmental MetaML - Abstract Machine (MEK Machine) . . . . . . . . . . . . . . . . 1015.7 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1066 Proof Methodology and Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076.1 Proof Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076.2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1087 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1107.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1107.2 Limitations and Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113AppendicesA Proofs of Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115A.1 Equivalence of Substitutional Natural Semantics and Substitutional Structural OperationalSemantics of MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115B Proofs of Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123B.1 Equivalence of ISWIM and Explicit ISWIM . . . . . . . . . . . . . . . . . . . . . . . . . . 123B.2 Equivalence of ISWIM and Suspended ISWIM . . . . . . . . . . . . . . . . . . . . . . . . 136B.3 Equivalence of ISWIM and Environmental ISWIM . . . . . . . . . . . . . . . . . . . . . . 150B.4 Equivalence of Structural Operational Semantics and Reduction Semantics of EnvironmentalISWIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155B.5 Equivalence of Reduction Semantics and Abstract Machine (CEK Machine) of Environ-mental ISWIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158vTable of ContentsC Proofs of Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166C.1 Equivalence of Substitutional Structural Operational Semantics and Substitutional Reduc-tion Semantics of MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166C.2 Equivalence of Substitutional Reduction Semantics and Substitutional Abstract Machine(MK Machine) of MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169D Proofs of Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182D.1 Equivalence of MetaML and Explicit MetaML . . . . . . . . . . . . . . . . . . . . . . . . 182D.2 Equivalence of MetaML and Suspended MetaML . . . . . . . . . . . . . . . . . . . . . . . 201D.3 Equivalence of MetaML and Environmental MetaML . . . . . . . . . . . . . . . . . . . . . 223D.4 Equivalence of Structural Operational Semantics and Reduction Semantics of EnvironmentalMetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242D.5 Equivalence of Reduction Semantics and Abstract Machine (MEK Machine) of Environ-mental MetaML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246viList of Tables1.1 Summary of semantics used to refine ISWIM’s substitutional structural operational semanticsto the CEK abstract machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.2 Summary of semantics used to refine MetaML’s substitutional structural operational se-mantics to the MK abstract machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.3 Summary of semantics used to solve the main semantics refinement problem. . . . . . . . . 9viiList of Figures2.1 Evaluation of !〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5 in Substitutional Natural Semantics of MetaML.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.2 Evaluation of !〈λa. ∼ ((λx.〈x〉)(λx.〈a〉))0〉5 in Substitutional Structural Operational Se-mantics of MetaML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293.1 Evaluation of ((λx1.λx2.x1) 7) 4 in Reduction Semantics of Environmental ISWIM. . . . . 513.2 Evaluation of ((λx1.λx2.x1) 7) 4 in the CEK Machine. . . . . . . . . . . . . . . . . . . . . 564.1 Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in Substitutional Reduction Semantics of MetaML.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614.2 Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in the MK Machine. . . . . . . . . . . . . . . . 655.1 Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in Reduction Semantics of Environmental MetaML.1005.2 Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in the MEK Machine. . . . . . . . . . . . . . . 105viiiAcknowledgementsI am greatly indebted to my supervisor, Dr. Ronald Garcia (Assistant Professor), for his continued support,guidance and encouragement over the past two and a half years. In the spring of 2014, I was fortunatein talking his postgraduate-level programming language course in which I was led into the world of pro-gramming language theory (PLT) for the first time. Since then, he has been supervising me on the projectof refining semantics for multi-stage programming, which is presented by this thesis. I thank him for en-couraging me to attend academic conferences and to interact with the academia, especially for financiallysupporting my participation in POPL ’15 in Mumbai, India. I thank him for answering every single questionof me thoroughly, for being forbearing when I contradicted him, for arousing my enthusiasm when I feltlazy, for comforting me when I had negative results, and for backing me up when I had hard times. I thankhim for agreeing to review my thesis during his busiest time of the year, for patiently reviewing each sectionof my thesis in three to five iterations, and for providing numerous feedback on both the technical detailsand my writing style. I thank him for sharing the following quotation with me, which inspires me each andevery day.Nobody tells this to people who are beginners. I wish someone had told me. All of us who docreative work, we get into it because we have good taste. But there is this gap. For the firstcouple years you make stuff, it’s just not that good. It’s trying to be good, it has potential, butit’s not. But your taste, the thing that got you into the game, is still killer. And your taste is whyyour work disappoints you. A lot of people never get past this phase, they quit. Most people Iknow who do interesting, creative work went through years of this. We know our work doesn’thave this special thing that we want it to have. We all go through this. And if you are juststarting out or you are still in this phase, you gotta know its normal and the most importantthing you can do is do a lot of work. Put yourself on a deadline so that every week you finishone piece. It’s only by going through a volume of work that you will close that gap, and yourwork will be as good as your ambitions. And I took longer to figure out how to do this thananyone I’ve ever met. It’s gonna take awhile. It’s normal to take awhile. You just gotta fightyour way through.— Ira GlassI am grateful to the second reader, Dr. Ivan Beschastnikh (Assistant Professor), for reviewing my thesis andproviding helpful feedback when he had a busy schedule out of town.I thank Dr. Mark Greenstreet (Professor) and his students Ms. Jijie Wei and Ms. Yan Peng for helpingme settle into the department. I also thank my tentative advisor, Dr. David Poole (Professor), for assistingme in academic decision making in the first eight months of the master’s programme. Thanks to Dr. RonaldixAcknowledgementsGarcia (Assistant Professor), Dr. Alan Hu (Professor) and Dr. Steve Wolfman (Professor of Teaching) forrecommending me for admission to the PhD programme. Thanks to Ms. Joyce Poon and Ms. Hermie Lamfor their help in administrative affairs.I thank my colleagues in the programming language group, especially Dr. Ronald Garcia (Assist-ant Professor), Dr. Joshua Dunfield (Research Associate), Mr. Felipe Banados Schwerter, Mr. EvgenyRoubinchtein, Mr. Jonatan Milewski and Mr. Khurram Ali Jafery for the insightful discussions in ourweekly reading group meetings. I also thank my colleagues in the Software Practices Laboratory for motiv-ating me to work hard. Thanks to Mr. Felipe Banados Schwerter for being in charge of the coffee machineand Mr. C. Albert Thompson for organising activities in the laboratory.Employed as a teaching assistant for six terms, I thank the instructors and students for providing me theopportunities to strengthening my teaching skills.Thanks to Dr. Evgenia Ternovska (Associate Professor), Dr. Wo-Shun Luk (Professor), Dr. Greg Baker(Senior Lecturer), Dr. Zonghua Gu (Associate Professor), Ms. Lieping Peng, Dr. Gencai Chen (Professor),Dr. Shuhua Liu (Associate Professor) and Dr. Yangzheng Wang (Professor) for their various kinds ofsupport and encouragement when I studied at Simon Fraser University and Zhejiang University. Thanks tomy friend, Mr. Yuke Zhu, for setting a good example to me in academia, and for motivating and supportingme to pursue an academic career.Thanks to my friends and fellow students of the 2013 cohort at UBC, especially Mr. Zongxu Mu, Mr.Michael Ming-An Wu, Mr. Jonatan Milewski, Mr. Yifan Peng, Mr. Ben Zhu, Mr. Shuochen Su, Mr. YuzanYang, Ms. Yidan Liu, Ms. Kailun Zhang and Ms. Jianing Yu for the colourful times we have had.Thanks to Mr. Wei Wang, Mr. Shuhan Wang, Ms. Mengran Guo and Mr. Siyu Wang for our unfailingfriendship. Thanks to my dormitory roommates, including Mr. Yizhuo Hu, Mr. Zhenyu Xia, Mr. SifangLiu, Mr. Boyu Li and Mr. Zhu Li, for the unforgettable experience of collective life.Last but not least, I thank my family for their faith and love.xxiChapter 1IntroductionTo motivate the idea of multi-stage programming, we first demonstrate why general-purpose solutions toprogramming problems can be easier to implement and more reusable, but run more slowly than special-purpose solutions. We then discuss how a special-purpose program can be derived from a general-purposeprogram. Multi-stage programming exploits this possibility, allowing programmers to systematically trans-form a general-purpose program into a special-purpose program generator.1.1 General-purpose and Special-purpose ProgrammingConsider the problem of computing a positive integer raised to a non-negative integer. Here are two possiblesolutions.1Example 1. power n x returns the nth power of x.power n x| n == 0 = 1| otherwise = x * (power (n - 1) x)Example 2. power0 x returns the 0th power of x, power1 x returns the 1st power of x, power2 x returns2nd power of x, and so on.power0 x = 1power1 x = xpower2 x = x * xpower3 x = x * x * x......power2016 x = x ∗ x ∗ ...∗ x︸ ︷︷ ︸2016 x's......As illustrated above, one may abstract the problem into a general problem that computes a positiveinteger raised to any non-negative integer. We call the power function a general-purpose program (orsolution).In contrast, one may split the problem into multiple special problems each of which computes a posit-ive integer raised to a fixed non-negative integer. We call the functions power0, power1, power2, ...,power2016, ... special-purpose programs (or solutions).1The code is presented in a Haskell-like syntax style.11.2. Specialising a General-purpose ProgramFor example, to compute the 2016th power of natural numbers [1..100], we can utilise either thegeneral-purpose solution, the power function:map (power 2016) [1..100]or the special-purpose solution, the power2016 function:map power2016 [1..100]As expected, they both produce the same correct result.Now compare the performance of the general-purpose solution and the special purpose solution.• Provided that most programmers have knowledge of branching and recursion, the general-purposeprogram power is easier to be implemented than the special-purpose program power2016 becausethe former requires writing less code than the latter.• The general-purpose program power is more reusable than the special-purpose program power2016because the power function is much more adaptable to similar computational tasks than the power2016function.• The general-purpose program power runs more slowly than the special-purpose program power2016.For example, evaluating the power function with arguments 2016 and 100 involves 2016 recurs-ive calls of the power function before getting the multiplication 100∗100∗ ...∗100︸ ︷︷ ︸2016 100’s∗1. In contrast,executing the special-purpose program power2016 with argument 100 immediately computes themultiplication 100∗100∗ ...∗100︸ ︷︷ ︸2016 100’swithout having any recursive calls or branching on an argument.A special-purpose program does not always run faster than a corresponding general-purpose program.In an extreme case, if the special-purpose program has an extremely large amount of code, it consumesa significant amount of time and space to load the code, in which case code explosion may cause thespecial-purpose program to have a higher execution cost.The above presents a representative result of comparing a general-purpose program and a special-purposeprogram that solve the same problem. In most cases, a general-purpose program is easier to implement andmore reusable, but less efficient than its special-purpose counterpart.1.2 Specialising a General-purpose ProgramGiven a general-purpose program, we may predict the definite results of some of the ensuing computations.We can replace these computations with their anticipated values, which yields a special-purpose program.We call this process the specialisation of a general-purpose program. The program generated through spe-cialisation inherits the advantage of running fast from ordinary special-purpose programs and avoids codeexplosion whenever possible.21.3. Multi-stage ProgrammingSpecialisation is a well-known technique in high-performance programming. For example, populardomain-specific languages for graphics programming such as OpenGL allows writing a general-purposeprogram does not reply on a particular underlying GPU architecture. A compiler completes the job ofspecialising a general-purpose program to a special program that is tailored to a specific GPU.As an illustration, consider the problem of specialising the general-purpose power function, if there isa priori information that we will frequently compute the 2016th power of any given positive integer. We gothrough two steps:1. We define:power2016' = \x -> (power 2016 x)2. We unfold the body of the power2016' function so that the function \x -> (power 2016 x) be-comes\x -> x∗x∗ ...∗x︸ ︷︷ ︸2016 x’s∗1which eliminates the relatively high runtime overhead associated with the power function that ismainly caused by repeated recursive calls.We make two assumptions in order to be able to unfold the body of the power2016' function. The firstassumption is that we can evaluate the body of a function at our convenience. This allows us to go inside afunction and evaluate its body at the time that the function is defined. Under this assumption, when we definethe function power2016', we can evaluate the body power 2016 x of the function \x -> (power 2016x). The second assumption is that we can evaluate a function with partially known parameters, which isknown as partial evaluation [JGS93]. Although the second parameter x of the power function is unknown,we can evaluate the partial application power 2016 x based on its first argument 2016. Then power 2016x is unfolded to the expression x∗x∗ ...∗x︸ ︷︷ ︸2016 x’s∗1. As a result under these two assumptions, the function \x ->(power 2016 x) evaluates to \x -> x∗x∗ ...∗x︸ ︷︷ ︸2016 x’s∗1.As a matter of fact, the essence of these two assumptions is to let programmers customise the order inwhich the terms of a program are evaluated. This capability constitutes the foundation for the programmingparadigm of our interest, multi-stage programming (MSP) [TS97, Tah99a, She01, Tah04].1.3 Multi-stage ProgrammingMulti-stage programming is a programming paradigm that supports runtime code generation and execution[Tah04]. Multi-stage programming supports meta-programming in the sense that a multi-stage program canbe executed within a multi-stage program. A multi-stage language serves as both a meta-language and anobject language.31.4. Static Analysis of Multi-stage ProgramsMulti-stage programming also supports program specialisation [JGS93]. One can start programmingwith a general-purpose program and then specialise it based on the a priori information about partial inputsof the program. A well-written multi-stage solution to a programming problem is easier to implement andmaintain, more reusable and reliable than a special-purpose solution, and runs faster than a general-purposesolution.Multi-stage programming lets programmers control the order in which the terms of a program are eval-uated in order to optimise the time and space resources consumed by evaluating the program [She98]. Onecan start programming with a conventional single-stage program and then specify the evaluation order of itsterms with staging annotations to make the program multi-stage.There have been developed several multi-stage programming languages and language extensions suchas MetaML [TS97], MetaOCaml [Tah04], MetaHaskell [Mai12] and Mint [WRI+09]. We intensively studyMetaML, a functional multi-stage language that extends ML, in the thesis.To demonstrate what how a multi-stage program differs from its single-stage counterpart, we annotatethe single-stage power and powerN functions with three staging annotations supported by MetaML: code,splice and run. Code, denoted by 〈 and 〉, are for delaying a computation. Splice, denoted by ∼, is forcombining delayed computations. Run, denoted by !, is for running a delayed computation.Example 3. The multi-stage power' and powerN' functions are the single-stage power and powerN func-tions with staging annotations.power' n x| n == 0 = 〈1〉| otherwise = 〈∼x * ∼(power' (n - 1) x)〉powerN' n = 〈\x -> ∼(power' n 〈x〉)〉For example, to compute the 2016th power of 1, 2, ..., 100, we evaluate following two-stage program:map !(powerN' 2016) [1..100]At the first stage, !(powerN' 2016) evaluates to the function \x -> x∗x∗ ...∗x︸ ︷︷ ︸2016 x’s∗1. At the second stage,the program proceeds as:map (\x -> x∗x∗ ...∗x︸ ︷︷ ︸2016 x's∗1) [1..100]The recursive calls to the power' function all happen intensively at the first stage when the run operation!(powerN' 2016) evaluates. They never happen again at the second stage.We analyse this example in detail in the next chapter (Chapter 2).1.4 Static Analysis of Multi-stage ProgramsAlthough researchers have extended many mainstream programming languages to support multi-stage pro-gramming, multi-stage programming as a programming paradigm has not been widely recognised or used.41.5. Refining SemanticsThe popularisation of multi-stage programming has been impeded by the lack of development aids such ascode refactoring and optimisation, for which the culprit is the lack of static analysis support. Our ultimategoal is to design a sound and decidable static analysis for a multi-stage programming language.Recently, [VHM12] proposed a general-purpose approach to systematically developing static analysesfor a programming language by applying transformations to its formal semantics. The approach requiresthat the initial semantics be specified as an environmental abstract machine that records the change of con-trol strings, environments and continuations as a program evaluates. The transformations involve using atraditional store to collect execution information and associate it with the source program. After a num-ber of transformations, the machine can be abstracted through its address allocation strategy. With thisprimary point of abstraction, we get a sound and decidable control flow analysis, where the preciseness ofthe analysis is determined by the chosen structure of the addresses used by the address allocator.To apply the framework to multi-stage programming, we shall develop an environmental abstract ma-chine for a multi-stage programming language. The abstract machine must be environmental because it usesenvironments to archive variable bindings, allowing us to trace the function calls in its history.1.5 Refining SemanticsDeveloping an environmental abstract machine for a multi-stage programming language based on a pre-existing semantics is essentially a semantics refinement problem. A stepwise refinement process may pro-duce several intermediate semantics before deriving the destination semantics. We briefly introduce fouroperational semantics that are usually used in solving a refinement problem.1.5.1 Operational SemanticsTo model the runtime behaviour of programs in a language, we can build an operational semantics for thelanguage. Operational semantics include big-step semantics and small-step semantics.• Big-step semantics is also known as natural semantics [Kah87]. It describes how the overall compu-tation of a program takes place.For example, in a big-step semantics, the program power 2016 100 big-steps to 1002016.• Small-step semantics include structural operational semantics [Plo81], reduction semantics [FH92]and abstract machine semantics [Lan64], ordered from the least practical to the most practical imple-mentation strategies, all of which define how a single step of computation of a program takes place.– Structural operational semantics defines how a program computes with respect to the terms ofthe program in a syntax-oriented and inductive way.– Reduction semantics defines where a reduction may happen and what reduction may happen butdoes not provide a deterministic strategy for finding a place to perform reduction.– Abstract machine semantics refines reduction semantics in the sense that it provides a determin-istic strategy for finding a place to perform reduction.51.5. Refining SemanticsFor example, in a small-step semantics, the program power 2016 100 small-steps to 100 * (power2015 100).We differentiate a substitutional operational semantics from an environmental operational semantics.• An operational semantics is substitutional if a function call is performed by substituting the function’sparameters by arguments where substitutions may be modelled implicitly in the meta-language orexplicitly [Ros96] as several steps of computation.For example, calling the function \x -> x + 1 with the argument x = 1 results in 1 + 1. Then justlooking at 1 + 1 itself does not tell whether a function call has been performed.• An operational semantics is environmental if it uses an environment to keep track of variable bindingsso that a function call is performed by updating the function’s parameters in the environment to thefunction’s arguments.For example, calling the function \x -> x + 1 with the argument x = 1 results in x + 1 togetherwith a variable binding that x = 1. Then just looking at x + 1 together with the variable binding thatx = 1 implies that a function call with the argument x = 1 has been performed.1.5.2 Refining SemanticsHaving what an operational semantics is in mind, we now consider how to develop an environmental abstractmachine for a multi-stage programming language.Main Semantics Refinement Problem. The multi-stage programming language that we study in the thesisis MetaML. We take the pre-existing substitutional natural semantics defined in [Tah99a] as our reference se-mantics for MetaML. The main research problem of the thesis which we call the main semantics refinementproblem is:Can we refine the pre-existing substitutional natural semantics of MetaML to a correspondingenvironmental abstract machine and demonstrate their equivalence?As an environmental abstract machine is a small-step operational semantics, its development is more naturaland convenient to start from a structural operational semantics than a natural semantics. Thus the veryfirst step to take is to derive a substitutional structural operational semantics for MetaML and show itsequivalence with respect to the substitutional natural semantics. We illustrate this step in Table 1.1 anddiscuss it in detail in Chapter 2.Developing an environmental abstract machine for MetaML is not straightforward and has not been doneso far in the literature. We first attempt the main semantics refinement problem along two dimensions—eachdimension leads to a less complicated semantics refinement problem.61.5. Refining SemanticsStepwise Developing the CEK Machine for ISWIM. Following the first dimension of simplifying themain semantics refinement problem, we study how to stepwise develop an environmental abstract machinefor a single-stage language ISWIM [Lan66] rather than the multi-stage language MetaML. The problem isdescribed as follows.Can we refine the substitutional structural operational semantics of ISWIM to a correspondingenvironmental abstract machine, which is known as the CEK machine [FF86], and demonstratetheir equivalence?We solve the above problem step by step as follows (see Table 1.1 for a summary).1. ISWIM: Substitutions are defined in the meta-language level. Any instance of substitution in programimmediately replaces every relevant variable as part of a single step of computation. We call this"inexplicit" in contrast to explicit substitutions, which we discuss next.We take the (inexplicitly) substitutional structural operational semantics of ISWIM as the startingpoint of solving the refinement problem for ISWIM.2. Explicit ISWIM: Substitutions are defined as explicit object-language constructs. An instance ofsubstitution replaces every relevant variable step by step by percolating explicit substitutions as severalsteps of computation. This provides a manageable step on the way to developing an environmentalsemantics.3. Suspended ISWIM: Substitutions are modelled explicitly as in Explicit ISWIM and are suspendedoutside of a lambda abstraction until an application is performed. This step turns the semantics moreenvironmental and makes the proofs of semantics equivalence tractable.4. Environmental ISWIM: Environmental ISWIM turns explicit substitutions to environments.Environmental ISWIM is first derived as a structural operational semantics. We then systematicallytransform the semantics from structural operational semantics to reduction semantics and finally to anabstract machine. The abstract machine is also known as the CEK machine.The stepwise development of CEK machine for ISWIM is discussed in detail in Chapter 3.Stepwise Developing the MK Machine for MetaML. Following the second dimension of simplifyingthe main semantics refinement problem, we study how to stepwise develop a substitutional abstract ma-chine rather than an environmental abstract machine for the multi-stage language MetaML. The problem isdescribed as follows.Can we refine the substitutional structural operational semantics of MetaML to a correspondingsubstitutional abstract machine, which we call the MK machine, and demonstrate their equival-ence?71.5. Refining SemanticsAs summarised in Table 1.2, starting from the substitutional structural operational semantics of MetaML,we first derive a substitutional reduction semantics and then a substitutional abstract machine, which we callthe MK machine. The stepwise development of MK machine for MetaML is discussed in detail in Chapter4.Stepwise Developing the MEK Machine for MetaML. Utilising the experience of refining semanticsalong two dimensions, we eventually study how to stepwise develop an environmental abstract machine forthe multi-stage language MetaML. The problem is described as follows.Can we refine the substitutional structural operational semantics of MetaML to a correspond-ing environmental abstract machine, which we call the MEK machine, and demonstrate theirequivalence?We attempt the above problem step by step as follows (see Table 1.3 for a summary).1. MetaML: Substitutions are modelled inexplicitly, analogously to ISWIM.We take the (inexplicitly) substitutional structural operational semantics of MetaML as the startingpoint of refinement.2. Explicit MetaML: Substitutions are modelled explicitly, analogously to Explicit ISWIM. This providesa manageable step on the way to developing an environmental semantics.3. Suspended MetaML: Substitutions are modelled explicitly, analogously to Suspended ISWIM. Thisstep turns the semantics more environmental and makes the proofs of semantics equivalence tractable.4. Environmental MetaML: Environmental MetaML turns explicit substitutions to environments.Environmental MetaML is first derived as a structural operational semantics. We then systematicallytransform the semantics from structural operational semantics to reduction semantics and finally to anabstract machine. We call the abstract machine the MEK machine.The stepwise development of MEK machine for MetaML is discussed in detail in Chapter 5.Proving Equivalence of Semantics. We introduce and use throughout the thesis three proof techniquesto prove the equivalence of two structural operational semantics, the equivalence of a structural operationalsemantics and a reduction semantics, and the equivalence of a reduction semantics and an abstract machine.We summarise the proof methodology in detail in Chapter 6.81.5. Refining SemanticsNo. Language Semantics Substitutional or Environmental Section1 ISWIM Structural Operational Semantics (Inexplicitly) Substitutional 3.12 Explicit ISWIM Structural Operational Semantics Explicitly Substitutional 3.23 Suspended ISWIM Structural Operational Semantics Explicitly Substitutional 3.34 Environmental ISWIM Structural Operational Semantics Environmental 3.45 Environmental ISWIM Reduction Semantics Environmental 3.56 Environmental ISWIM CEK Abstract Machine Environmental 3.6Table 1.1: Summary of semantics used to refine ISWIM’s substitutional structural operational semantics tothe CEK abstract machine.No. Language Semantics Substitutional or Environmental Section1 MetaML Structural Operational Semantics (Inexplicitly) Substitutional 2.22 MetaML Reduction Semantics (Inexplicitly) Substitutional 4.13 MetaML MK Abstract Machine (Inexplicitly) Substitutional 4.2Table 1.2: Summary of semantics used to refine MetaML’s substitutional structural operational semantics tothe MK abstract machine.No. Language Semantics Substitutional or Environmental Section1 MetaML Natural Semantics (Inexplicitly) Substitutional 2.22 MetaML Structural Operational Semantics (Inexplicitly) Substitutional 2.2, 5.13 Explicit MetaML Structural Operational Semantics Explicitly Substitutional 5.24 Suspended MetaML Structural Operational Semantics Explicitly Substitutional 5.35 Environmental MetaML Structural Operational Semantics Environmental 5.46 Environmental MetaML Reduction Semantics Environmental 5.57 Environmental MetaML MEK Abstract Machine Environmental 5.6Table 1.3: Summary of semantics used to solve the main semantics refinement problem.9Chapter 2Formal Semantics of MetaMLThis chapter introduces multi-stage programming and the formal semantics of MetaML. We first introducethe three staging annotations of MetaML and informally discuss how a multi-stage program evaluates usingexamples. Then we study the pre-existing substitutional natural semantics of MetaML [Tah99a] and presentour newly developed substitutional structural operational semantics for MetaML. We finally demonstratethat the substitutional natural semantics and the substitutional structural operational semantics are equival-ent.The definitions in Section 2.1 are based on [She98, TS97]. The substitutional natural semantics ofMetaML in Section 2.2 is based on [Tah99a].2.1 Staging AnnotationsMetaML uses staging annotations to explicitly control the evaluation order of terms of a program. Stagingannotations include the code operator, the run operator and the splice operator.Code Operation. A code operation, consisting of (1) the code operator “〈” “〉” and (2) an operand,indicates delaying computing the operand. If a code operation evaluates to itself, it is a code value.Example 4. 3 + 7 evaluates to 10. The code operation 〈3 + 7〉 evaluates to itself because of delayingcomputing its operand 3 + 7. Hence the code operation 〈3 + 7〉 is is also a code value.Run Operation. A Run operation, consisting of (1) the run operator ! and (2) an operand, indicatesexecuting the delayed computation of the operand. A run operation expects its operand to reduce to a codeoperation. A run operation eliminates the code brackets from the result of evaluating its operand.Example 5. !〈3 + 7〉 evaluates to 10. Its step-by-step reduction is as follows.1 !〈3 + 7〉The run operator executes the delayed computation of the operand, 3 + 7.2 3 + 7The addition operation 3 + 7 evaluates to 10.3 10The natural number 10 is irreducible.102.1. Staging AnnotationsSplice Operation. An splice operation, consisting of (1) the splice operator “∼” and (2) an operand,indicates splicing the delayed computation produced by evaluating the operand into the current context. Asplice operation may only appear in a delayed computation, i.e., under code brackets. Only a splice operationcan be reduced under code brackets. A splice operation expects its operand to reduce to a code value. Asplice operation eliminates the code brackets from the result of evaluating its operand.Example 6. 〈 ∼〈3 + 7〉 * ∼〈3 + 7〉 〉 evaluates to 〈 (3 + 7) * (3 + 7) 〉. Its step-by-step reduc-tion is as follows.1 〈 ∼〈3 + 7〉 * ∼〈3 + 7〉 〉The first escape operator splices the delayed computation of the operand, 3 + 7, into the contextsurrounded by code brackets.2 〈 (3 + 7) * ∼〈3 + 7〉 〉The second escape operator splices the delayed computation of the operand, 3 + 7, into the contextsurrounded by code brackets.3 〈 (3 + 7) * (3 + 7) 〉The code operation 〈 (3 + 7) * (3 + 7) 〉 is irreducible.Level of a Term. To explicitly regulate under what circumstances the run operation eliminates code andthe splice operation combines code, we introduce the concept of levels. The level of a term is the differenceof the number of surrounding brackets and the number of surrounding escapes.Example 7. (1) 3 in 〈3 + 7〉 is at level 1.(2) The first 3 in 〈 ∼〈3 + 7〉 * ∼〈3 + 7〉 〉 is at level 2−1 = 1.(3) The first 3 in 〈 (3 + 7) * (3 + 7) 〉 is at level 1.(4) 3 in !〈3 + 7〉 is at level 1.(5) The function \x -> x in !〈 ∼〈3 + 7〉 * ∼((\x -> x) 〈3 + 7〉) 〉 is at level 1−1 = 0.Roughly speaking, a splice operation ...∼〈t〉... reduces to ...t... only if ∼〈t〉 is at level 1, and a runoperation ...!〈t〉... reduces to ...t... only if !〈t〉 is at level 0, where t is an arbitrarily legal term. Level 0corresponds to single-stage programming. An function call or an addition only reduces at level 0. Forexample, 3 + 7 reduces to 10 at level 0 and is irreducible at other levels.Example 8. !〈 ∼〈3 + 7〉 * ∼((\x -> x) 〈3 + 7〉) 〉 evaluates to 100. Its step-by-step reduction is asfollows. The reducible term of each step is underlined.1 !〈:::∼〈3:::+:::7〉 * ∼((\x -> x) 〈3 + 7〉) 〉In the splice operation∼〈3 + 7〉, the delayed computation of the operand 3 + 7 is spliced into thecontext.2 !〈 (3 + 7) * ∼(:::(\x::::->:::x):::〈3::+:::::7〉) 〉The application (\x -> x) 〈3 + 7〉 reduces to 〈3 + 7〉.3 !〈 (3 + 7) *::::∼〈3::+:::7〉 〉In the splice operation∼〈3 + 7〉, the delayed computation of the operand 3 + 7 is spliced into thecontext.112.1. Staging Annotations4::!〈:::(3::+::::7)::*:::(3:::+:::7)::〉:The run operator executes the delayed computation of the operand (3 + 7) * (3 + 7).5::(3::+::::7) * (3 + 7)The first operand of the multiplication operation 3 + 7 reduces to 10.6 10 *:::(3::+:::7)The second operand of the multiplication operation 3 + 7 reduces to 10.7::10::*::::10The multiplication operation 10 * 10 reduces to 100.8 100The natural number 100 irreducible.The code operation introduces a code value, the run operation eliminates a code value, and the spliceoperation combines code values. Taking the above evaluation as an example, in the first step, the outermostcode operation generates a code value in which two inner code operations introduce two smaller code values.In the third step, the splice operation combines code values. In the fourth step, the run operation executes acode value.Evaluating a Multi-stage Program. A multi-stage program can be constructed from a conventionalsingle-stage program by manually adding staging annotations [TS97]. We demonstrate how a multi-stageprogram evaluates through Example 3 from Chapter 1, which is re-described below as Example 9.Example 9. The multi-stage power' and powerN' functions are the single-stage power and powerN func-tions with staging annotations.power' n x| n == 0 = 〈1〉| otherwise = 〈∼x * ∼(power' (n - 1) x)〉powerN' n = 〈\x -> ∼(power' n 〈x〉)〉The power' function is a special-purpose program generator. When the parameter n of the powerN'function is known, !(powerN n) generates a special-purpose program that computes its parameter raised ton. For example, to compute the 4th power of an integer, !(powerN' 4) eventually reduces to \x -> (x *x * x * x * 1). Its step-by-step reduction is as follows. The reducible term of each step is underlined.1 !(::::::::powerN'::4)2 !〈 \x -> ∼(:::::::power'::4::::〈x〉) 〉3 !〈 \x -> ∼(〈:::::∼〈x〉 * ∼(power' 3 〈x〉) 〉) 〉4 !〈 \x -> ∼(〈 x * ∼(::::::power':::3::::〈x〉) 〉) 〉5 !〈 \x -> ∼(〈 x * ∼(〈::::∼〈x〉 * ∼(power' 2 〈x〉) 〉) 〉) 〉6 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(:::::::power'::2::::〈x〉) 〉) 〉) 〉7 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(〈::::∼〈x〉 * ∼(power' 1 〈x〉) 〉) 〉) 〉) 〉8 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(〈 x * ∼(:::::::power'::1::::〈x〉) 〉) 〉) 〉) 〉122.2. Formal Semantics of MetaML9 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(〈 x * ∼(〈:::::∼〈x〉 * ∼(power' 0 〈x〉) 〉) 〉) 〉) 〉) 〉10 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(〈 x * ∼(〈 x * ∼(::::::power':::0::::〈x〉) 〉) 〉) 〉) 〉) 〉11 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(〈 x * ∼(〈 x *:::::::∼(〈1〉) 〉) 〉) 〉) 〉) 〉12 !〈 \x -> ∼(〈 x * ∼(〈 x * ∼(〈 x *::::∼(〈::x:::*::::1〉) 〉) 〉) 〉) 〉13 !〈 \x -> ∼(〈 x * ∼(〈 x *::::∼(〈::x::*:::x::*::1:::〉) 〉) 〉) 〉14 !〈 \x -> ∼(〈 x *:::∼(〈:::x::*::x::*:::x::*::1:::〉) 〉) 〉15 !〈 \x ->::::∼(〈::x:::*::x::*::x:::*::x::*::1::::〉) 〉16::!〈::::\x:::->::::(x::*::x::*:::x::*::x::*::::1)::〉:17 \x -> (x * x * x * x * 1)We make a few observations from the example above. (1) A run operation expects its operand to reduce to acode operation, as illustrated by Steps 1 to 16. (2) A splice operation expects its operand to reduce to a codeoperation, as illustrated by Steps 2 to 15, Steps 4 to 14, Steps 6 to 13, Steps 8 to 12 and Steps 10 to 11. (3)A run operation eliminates the code brackets of its operand only if the operand is irreducible, as illustratedby Steps 1 to 16. (4) A splice operation eliminates the code brackets of its operand only if the operand isirreducible, as illustrated by Steps 2 to 15, Steps 4 to 14, Steps 6 to 13, Steps 8 to 12 and Steps 10 to 11.Informal Reasoning is Insufficient. Our explanation about how a multi-stage program evaluates isinformal. One may ask: what computation can be performed in the operand of a code operation, a spliceoperation or a run operation? When can the body of a function be evaluated? Is our evaluation strategydeterministic? How do we implement our evaluation strategy?Furthermore, it is tedious and error-prone to evaluate unintuitive programs such as!〈λy.∼ ((λx.〈x〉)(λx.〈y〉))0〉5, which was introduced in [Tah99a], through informal reasoning as Example9. To rigorously explain how a multi-stage program evaluates, we need to define a formal semantics.2.2 Formal Semantics of MetaMLPreviously, we have informally discussed how MetaML works as a multi-stage programming language. Inthis section, we explain the formal semantics of MetaML: its syntax, substitutional natural semantics andsubstitutional structural operational semantics. For the sake of simplicity and convenience, we make twominor modifications to the formal specifications of MetaML presented in [Tah99a]: we add natural numbersand addition to the language, and we discard the fixed point operator from the language as a fixed pointoperator can be implemented using the Y combinator.2.2.1 SyntaxWe first define the basic syntax of the language: terms, values and denotable terms. Then we presentsome properties implied by the definitions. Finally we define the free variable function and the substitutionfunction.132.2. Formal Semantics of MetaML2.2.1.1 TermsWe start with two sets: the set of variables, VAR, and the set of natural numbers, N.Definition 10 (Terms). Let TERM be the set of terms.x ∈ VAR, n ∈ N, i ∈ N, t ∈ TERMt ::= x | t t | λx.t | 〈t〉 | ∼t | !t | n | t+ tThe definition tells that a term can be (1) a variable, (2) an application in which both the operator andthe operand are terms, (3) a lambda abstraction whose body is a term, (4) a code operation whose operandis a term, (5) a splice operation whose operand is a term, (6) a run operation whose operand is a term, (7) anatural number, or (8) an addition operation whose two operands are terms.Recall that the level of a term is the difference of the number of surrounding brackets and the numberof surrounding escapes. A term cannot occur at the position of an arbitrary level. For example, a spliceoperation cannot occur at a level-0 position because it must be in some code operation. We use levels asindexes to finely distinguish subclasses of terms.Definition 11 (Level-indexed Terms). Let TERMi be the set of terms at level i.x ∈ TERMit1 ∈ TERMi t2 ∈ TERMit1 t2 ∈ TERMit ∈ TERMiλx.t ∈ TERMit ∈ TERMi+1〈t〉 ∈ TERMit ∈ TERMi∼ t ∈ TERMi+1t ∈ TERMi!t ∈ TERMi n ∈ TERMit1 ∈ TERMi t2 ∈ TERMit1+ t2 ∈ TERMiThe definition tells that (1) a variable can be at an arbitrary level, (2) an application can be at the anylevel that its operator and operand share, (3) a lambda abstraction can be at any level that its body can, (4)a code operation can be at any level that is one level lower than its operand, (5) a splice operation can be atany level that is one level higher than its operand, (6) a run operation is can be at any level that its operandcan, (7) a natural number can be at an arbitrary level, and (8) an addition can be at any level that its twooperands share.The definition ensures that a splice operation cannot be a term at level 0. A splice combines a delayedcomputation into the context surrounded by code brackets. Hence the context of a splice has to be at somelevel higher than 0.We use t i with or without any subscript or any other superscript as a metavariable to range over TERMi.We continue to use t with or without any subscript or superscript as a metavariable to range over TERM.We make two observations about terms and level-indexed terms. (1) The sets TERMi contain strictlymore terms as the level i increases. For example, the term ∼x can be at any level higher than 0 and theterm ∼∼x can be at any level higher than 1. Our syntax lets us write code generators that generates codegenerators. (2) Every term has at least one level. To make a conventional single-stage program multi-stage,we can experiment annotating the program with various combinations of staging annotations as long as theprogram is at level 0. We formalise our observations as the following propositions.Proposition 12. For any i ∈ N, TERMi ⊂ TERMi+1.142.2. Formal Semantics of MetaMLProposition 13. TERM =⋃i∈NTERMi.2.2.1.2 ValuesA value at level i is a term at level i that represents a result of computation at its indicated level. Thus thedefinition of values closely relates to the operational semantics of the language.Definition 14 (Level-indexed Values). Let VALUEi be the set of values at level i.x ∈ VALUEi+1t1 ∈ VALUEi+1 t2 ∈ VALUEi+1t1 t2 ∈ VALUEi+1 λx.t ∈ VALUE0 where t ∈ TERM0t ∈ VALUEi+1λx.t ∈ VALUEi+1t ∈ VALUEi+1〈t〉 ∈ VALUEit ∈ VALUEi+1∼ t ∈ VALUEi+2v ∈ VALUEi+1!v ∈ VALUEi+1 n ∈ VALUEit1 ∈ VALUEi+1 t2 ∈ VALUEi+1t1+ t2 ∈ VALUEi+1Recall that in the multi-stage language MetaML, level 0 corresponds to single-stage programming, andlevels higher than zero delay some computation. We briefly explain the intuition behind the above definition.(1) A variable is not a value at level 0, analogous to the fact that a variable is not a result of computation insingle-stage programming. At higher levels, we delay dereferencing a variable, making the variable a value.(2) As a lambda abstraction is a value in single-stage programming, it is a value at level 0. At higher levels,it is a value if its body is a value. (3) For an application or an addition, an interesting reduction may onlyhappen at level 0. At higher levels, it is a value if its immediate substructures are values. (4) For a codeoperation 〈t〉, it is a code value if its operand t is irreducible one level up. (5) For a splice operation and arun operation, an interesting reduction may only happen at level 1 and level 0 respectively. For any higherlevel, a splice/run operation is a value if its operand is a value. (6) A natural number is always a value.We use vi with or without any subscript or any other superscript as a metavariable to range over VALUEi.Definition 15 (Values). Let VALUE be the set of values.VALUE =⋃i VALUEi where i ∈ NWe use v with or without any subscript or superscript as a metavariable to range over VALUE.To demonstrate the relationship between terms and values, we make three observations. (1) There is aone-to-one correspondence between the subclasses of terms and the subclasses of values. One the one hand,a value at some level is a term at the next lower level. This justifies the semantics of run: if we have a level-ivalue 〈t〉, then t is a level-(i+1) value but not necessarily a level-i value. Removing the brackets makes t alevel-i term and allows us to reduce t at level i. Although running happens only at level 0, this uniformitymakes it clear that we can reason seamlessly about multi-stage programs at levels higher than 0 and 1 in thesame way that you reason about two-stage programs. One the other hand, a term at some level is a value atthe next higher level. We can always delay a computation by putting a pair of brackets around it. (2) A valueat some level represents a result of computation at that level. Hence a value at some level must be a term atthat level. This corresponds to our intuition and later formalisation of evaluating at a level. (3) Terms andvalues are represented by the exact same set of syntactic symbols. More importantly, every term is a value152.2. Formal Semantics of MetaMLat some level. It is always possible to turn a term to a value by putting a finite number of brackets around it.We list our observations as the following propositions.Proposition 16. For any i ∈ N, VALUEi+1 = TERMi.Proposition 17. For any i ∈ N, VALUEi ⊂ TERMi.Proposition 18. TERM = VALUE.2.2.1.3 Denotable TermsThe denotable terms are terms that are substituted for variables in the semantics.Definition 19 (Denotable Terms). Let DENOTABLE be the set of denotable terms.DENOTABLE = VAR∪VALUE0There are two circumstances that a variable is substituted. If a variable gets renamed, the variable issubstituted by a variable. If a lambda abstraction is applied to a value at level 0, then the lambda boundvariable is substituted by the value. Hence a variable may refer to a variable or a value at level 0. We use wwith or without any subscript or superscript as a metavariable to range over DENOTABLE.2.2.1.4 Free Variable FunctionWe define FV (t) to be the set of all variables that occur free in the term t.Definition 20 (Free Variable Function). Let the free variable function FV be a total function from the set ofterms to the power set of variables.FV : TERM→P(VAR)FV (x) = x (1)FV (t1 t2) = FV (t1)∪FV (t2) (2)FV (λx.t) = FV (t)\{x} (3)FV (〈t〉) = FV (t) (4)FV (!t) = FV (t) (5)FV (∼t) = FV (t) (6)FV (n) = /0 (7)FV (t1+ t2) = FV (t1)∪FV (t2) (8)Example 21. FV (λx.(x+y)) = FV (x+y)\{x}= (FV (x)∪FV (y))\{x}= ({x}∪{y})\{x}= {x,y}\{x}={y}.Example 22. FV ((λx.x) x) = FV (λx.x)∪FV (x) = (FV (x)\{x})∪{x}= ({x}\{x})∪{x}= /0∪{x}= {x}.Definition 23 (Closed Terms). A term t is closed if and only if FV (t) = /0.162.2. Formal Semantics of MetaML2.2.1.5 Substitution FunctionWe define t[w/x] to be the result of substituting the denotable term w for each free occurrence of the variablex in the term t.Definition 24 (Substitution Function). Let the substitution function ·[·/·] be a total function from the 3-tupleof the set of terms, the set of denotable terms and the set of variables, to the set of terms.·[·/·] : (TERM×DENOTABLE×VAR)→ TERMx[w/x] = w (1)x1[w/x2] = x1 where x1 6≡ x2 (2)(t1 t2)[w/x] = (t1[w/x]) (t2[w/x]) (3)(λx1.t0)[w/x2] = λx3.t0[x3/x1][w/x2]where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (4)〈t0〉[w/x] = 〈t0[w/x]〉 (5)(!t0)[w/x] = !t0[w/x] (6)(∼t0)[w/x] = ∼t0[w/x] (7)n[w/x] = n (8)(t1+ t2)[w/x] = (t1[w/x])+(t2[w/x]) (9)Equation (4) could be replaced by the following two rules:(λx1.t0)[w/x2] = λx1.t0 where x1 ≡ x2 (4-1)(λx1.t0)[w/x2] = λx3.t0[x3/x1][w/x2] where x1 6≡ x2 and x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (4-2)The above two rules do not rename a lambda bound variable when it does not have to. For example, by (4)we have:(λx1.x1)[x1/x1] = λx2.x1[x2/x1][x1/x1] = λx2.x2 where x1 6≡ x2In contrast, by (4-1), we have:(λx1.x1)[x1/x1] = λx1.x1For the sake of proof simplicity, we do not replace (4) by (4-1) and (4-2). It can be proved that these twoforms always produce alpha equivalent results. Definition 130 defines the alpha equivalence relation.Strictly speaking, the definition itself does not define a function. In (4), x3 can be an arbitrary variableas long as x3 /∈ FV (λx1.t0)∪FV (w)∪{x2}. The definition indeed defines a relation rather than a function.To make what we have defined become a real function, we can impose a total order on variables, i.e., VARis a total order. In (4), let x3 be the least element from VAR such that x3 /∈ FV (λx1.t0)∪FV (w)∪{x2}. Asa result, ·[·/·] truly becomes a function. However, this approach makes the later proofs overcomplicated.Alternatively, we can equate all terms that only differ in the names of their lambda bound variables,i.e., we equal all α-equivalent terms. Then, a term is a representative of its α-equivalent class. Recall thatthe destination semantics of the main semantics refinement problem is an abstract machine, which is close172.2. Formal Semantics of MetaMLto a practical implementation. We do not use this approach because meta-linguistic equivalence classes ofvariables do not map well to a concrete implementation.At this moment, we are not concerned with how a fresh variable is chosen so we call ·[·/·] the substitutionfunction.Example 25. Let x 6≡ y. Then (λx.x+ y)[x/y] = λ z.(x+ y)[z/x][x/y] = λ z.(x[z/x]+ y[z/x])[x/y] = λ z.(z+y)[x/y] = λ z.(z[x/y]+ y[x/y]) = λ z.z+ x where z 6≡ y.2.2.2 Substitutional Natural SemanticsWe lay out the substitutional natural semantics through a family of level-indexed big-step relations.Definition 26 (Level-indexed Big-step Relations). For any i ∈ N, define the level-indexed big-step relation⇓i be a binary relation between the set of terms at level i and the set of values at level i.⇓i⊆ TERMi×VALUEiλx.t0 ⇓0 λx.t0 (lambda-0)t i+11 ⇓i+1 vi+12λx.t i+11 ⇓i+1 λx.vi+12(lambda-(i+1))t01 ⇓0 λx.t011 t02 ⇓0 v02 t011[v02/x] ⇓0 v0t01 t02 ⇓0 v0(app-0)t i+11 ⇓i+1 vi+11 t i+12 ⇓i+1 vi+12t i+11 ti+12 ⇓i+1 vi+11 vi+12(app-(i+1))t01 ⇓0 〈v11〉 v11 ⇓0 v02!t01 ⇓0 v02(run-0)t i+1 ⇓i+1 vi+1!t i+1 ⇓i+1!vi+1 (run-(i+1))t i+1 ⇓i+1 vi+1〈t i+1〉 ⇓i 〈vi+1〉 (code-i)No (splice-0)t0 ⇓0 〈v1〉∼t0 ⇓1 v1 (splice-1)t i+1 ⇓i+1 vi+1∼t i+1 ⇓i+2 ∼vi+1 (splice-(i+2))No (ref-0) x ⇓i+1 x (ref-(i+1))n ⇓i n (num-i)t01 ⇓0 n1 t02 ⇓0 n2t01 + t02 ⇓0 nwhere n = n1+n2 (plus-0)t i+11 ⇓i+1 vi+11 t i+12 ⇓i+1 vi+12t i+11 + ti+12 ⇓i+1 vi+11 + vi+12(plus-(i+1))The big-step relation t i1 ⇓i vi2 reads as “t1 big-steps to v2 at level i”, meaning that the value v2 is the resultof computing the term t1 at level i.Recall that a term can be a variable x, an application t1 t2, a lambda abstraction λx.t, a code operation〈t〉, a splice operation∼t, a run operation !t, a natural number n and an addition operation t1+t2. We explainhow an arbitrary term gets evaluated by the above relation.182.2. Formal Semantics of MetaMLGiven a variable x, we may use the (ref-(i+1)) depending on its level. (1) If the variable x is at level 0,we get stuck because there is no (ref-0) rule. (2) If the variable is at level i+ 1, the variable evaluates toitself as it is a value at level i+1.Given an application t1 t2, we may evaluate it using the (app-0) rule or the (app-(i+1)) rule dependingon the current level. (1) If the application is at level 0, we first evaluate its operator t1 at level 0 to a lambdaabstraction λx.t11 and evaluate its operand t2 at level 0 to a value v2. Then we substitute every free occurrenceof the variable x in the term t11 by the value v2, denoted by t11[v2/x]. Finally we evaluate t11[v2/x] at level 0to a value v, which is the final result of evaluating the application t1 t2 at level 0. Evaluating an applicationat level 0 is the same as evaluating an application in a single-stage language. (2) If the application is at leveli+1, we evaluate its operator t1 at level i+1 to a value v1 and evaluate its operand t2 at level i+1 to a valuev2. The application v1 v2 is a value at level i+1, which is the result of evaluating the application t1 t2 at leveli+1. We do not perform any application at levels higher than 0.Given a lambda abstraction λx.t, we may evaluate it using the (lambda-0) rule or the (lambda-(i+1)) ruledepending on its level. (1) If the lambda abstraction is at level 0, then it evaluates to itself as it is a valueat level 0. (2) If the lambda abstraction is at level i+ 1, we evaluate its body t to at level i+ 1 a value v,corresponding to the intuition that we may evaluate the body of a function at levels higher than 0. Then thelambda abstraction λx.v is the result of evaluating the lambda abstraction λx.t at level i+1.Given a code operation 〈t〉 at level i, we may evaluate it using the (code-i) rule. We evaluate the bodyof the code operation at level i+1 to a value v. Then bracketing the value gives the result of evaluating thecode operation at level i.Given a splice operation ∼t, we may evaluate it using the (splice-1) rule or the (splice-(i+2)) rule de-pending on the current level. (1) If the splice operation is at level 0, we get stuck because there is no(splice-0) rule. (2) If the splice operation is at level 1, we evaluate its operand at level 0 to a bracketedvalue, corresponding to the intuition that a splice operation expects its operand to be a code operation. Thebracketed value is spliced into the context of the splice operation and its the result of evaluating the spliceoperation ∼t. (3) If the splice operation is at level i+2, we evaluate its operand t at level i+1 to a value v.Then the splice operation ∼v is the result of evaluating the splice operation ∼t at level i+2.Given a run operation !t, we may evaluate it using the (run-0) rule or the (run-(i+1)) rule depending onthe current level. (1) If the run operation is at level 0, we first evaluate its operand at level 0 to a bracketedvalue, corresponding to the intuition that a run operation expects its operand to be a code operation. Thenwe evaluate the bracketed value at level 0 (rather than level 1), corresponding to the intuition that a runoperation executes a code operation. What this step returns is the result of evaluating the run operation !t atlevel 0. (2) If the run operation is at level i+1, we evaluate its operand t at level i+1 to a value v. Then therun operation !v is the result of evaluating the run operation !t at level i+1.Given a natural number n, we may evaluate it using the (num-i). The natural number itself is a value andevaluates to itself regardless of its level.Given an addition operation t1 + t2, we may evaluate it using the (plus-0) rule or the (plus-(i+1)) ruledepending on the current level. (1) If the addition is at level 0, we first evaluate its first operand t1 at level 0to a natural number n1 and evaluate its second operand t2 at level 0 to a natural number n2. Then we compute192.2. Formal Semantics of MetaMLn1 plus n2 and get its result n. The natural number n is the result of evaluating the addition operation t1+ t2at level 0. Evaluating an addition at level 0 is the same as evaluating an addition in a single-stage language.(2) If the addition is at level i+1, we evaluate its first operand t1 at level i+1 to a value v1 and evaluate itssecond operand t2 at level i+1 to a value v2. The addition operation v1 + v2 is a value at level i+1, whichis the result of evaluating the addition t1+ t2 at level i+1. We do not perform any addition at levels higherthan 0.Observations. The rules of the big-step relations can be classified into three categories. (1) The rules(lambda-0), (ref-(i+1)) and (num-i) are value rules where the term being evaluated is a value at its indicatedlevel. (2) All the rules except the three axiomatic rules are structural rules which define how to evaluate aterm with respect to its sub-terms. (3) The rules (app-0), (run-0), (splice-1) and (plus-0) are reduction ruleswhich perform a real step of computation.The big-step relations tell that the language is call-by-value. In (app-0) the variable x is substituted bythe value v02 that t01 big-steps to.The rules of the big-step relations cooperate with each other in various ways. As an illustration, let iin (code-i) be 0. Given a code operation 〈t1〉 at level 0, we first evaluate its operand t1 at level 1. Whena splice operation is encountered, we invoke (splice-1). The operand of the splice operation evaluates to acode operation whose operand is a value. The value is then spliced to the context of t1 which is surroundedby code brackets.Not every term has a corresponding rule. (1) There is no (splice-0) because a splice operation is alwaysat some level higher than 0. (2) There is no (ref-0). Level 0 of multi-stage programming corresponds tosingle-stage programming in which solely evaluating a free variable is disallowed.Nontermination terms do not big-step. For example, to evaluate (λx.x x) (λx.x x) at level 0, we needto know what (λx.x x) (λx.x x) big-steps to at level 0. Since this circular reasoning never terminates,(λx.x x) (λx.x x) does not big-step at level 0.In (plus-0), the addition operator in the side condition is different from the addition operator in thebottom of the rule. The addition operation in the side condition happens in the metalanguage, i.e., thelanguage that defines MetaML. For the sake of simplicity, we do not make clear distinction between naturalnumbers in the language and in the metalanguage.Examples. To get familiar with the big-step relations, consider the following examples. We use the blacktriangle N to indicate where an evaluation gets stuck.Example 27. Evaluate 〈∼〈1〉〉 at level zero using the big-step relations.We have:1 ⇓1 1 (num-i)〈1〉 ⇓0 〈1〉 (code-i)∼〈1〉 ⇓1 1 (splice-1)〈∼〈1〉〉 ⇓0 〈1〉 (code-i)202.2. Formal Semantics of MetaMLA code operation big-steps to a code value. A splice operator splices code into its current context.Example 28. Evaluate 〈λx.x〉 at level zero using the big-step relations.We have:x ⇓1 x (ref-(i+1))λx.x ⇓1 λx.x (lambda-(i+1))〈λx.x〉 ⇓0 〈λx.x〉 (code-i)A code value big-steps to itself.Example 29. Evaluate 〈λx.∼〈x〉〉 at level zero using the big-step relations.We have:x ⇓1 x (ref-(i+1))〈x〉 ⇓0 〈x〉 (code-0)∼〈x〉 ⇓1 x (splice-1)λx.∼〈x〉 ⇓1 λx.x (lambda-(i+1))〈λx.∼〈x〉〉 ⇓0 〈λx.x〉 (code-i)At levels higher than 0, we can go inside a lambda abstraction to evaluate its body.Example 30. Evaluate 〈λx.∼x〉 at level zero using the big-step relations.Observe 〈λx.∼x〉 6⇓0 because:x ⇓0 N∼x ⇓1 (splice-1)λx.∼x ⇓1 (lambda-(i+1))〈λx.∼x〉 ⇓0 (code-i)〈λx.∼x〉 is a bad program. It is indeed a term, but is not meant to be written. The evaluation gets stuck atN because to evaluate x at level 0, no rule can apply. The splice operator ∼ expects the operand to evaluateto code, but x is stuck.Example 31. Evaluate 〈λx.∼(1+1)〉 at level zero using the big-step relations.Observe 〈λx.∼(1+1)〉 6⇓0 because1 ⇓0 1 (num-i) 1 ⇓0 1 (num-i)1+1 ⇓0 2 (plus-0)∼(1+1) ⇓1 N (splice-1)λx.∼(1+1) ⇓1 (lambda-(i+1))〈λx.∼(1+1)〉 ⇓0 (code-i)〈λx.∼(1+1)〉 is a bad program. The evaluation gets stuck at N because the rule (splice-1) expects 1+1to evaluate to code but 2 is not code. The splice operator ∼ expects the operand to evaluate to code. Unlikethe previous example, the operand 1+1 is not stuck but does not evaluate to code.212.2. Formal Semantics of MetaMLPrograms and Answers. We can define an evaluator that takes a program as its input and provides ananswer as its output. We first define the set of programs and the set of answers.Closed level-0 terms are programs in MetaMLDefinition 32 (Programs). Let the set of programs PRGMMetaML be the set of closed terms at level 0.PRGMMetaML = {t ∈ TERM0 | FV (t) = /0}.Answers are the observational results of evaluating programs. An answer can be the text function, thetext code or a natural number.Definition 33 (Answers). Let the set of answers ANSMetaML be the union of the set {function,code} andthe set of natural numbers.ANSMetaML = {function,code}∪N.The set of programs PRGMMetaML and answers ANSMetaML are defined for MetaML, not for any partic-ular semantics of MetaML.Evaluator. We now define an evaluator in terms of the substitutional natural semantics of MetaML. Givena program t, the evaluator applies the big-step relations on t at level 0. If the program big-steps to a naturalnumber, then the evaluator outputs the number. Otherwise, the evaluator indicates the class of value that theprogram big-steps to, i.e., either function or code. The evaluator is undefined for programs that get stuckand programs that do not terminate.Definition 34 (Evaluator based on Substitutional Natural Semantics). Let the evaluator evalMetaML:SubNat bea partial function from the set of programs PRGMMetaML to the set of answers ANSMetaML.evalMetaML:SubNat : PRGMMetaML ⇀ ANSMetaMLevalMetaML:SubNat(t) =function if t ⇓0 λx.t ′0code if t ⇓0 〈v1〉n if t ⇓0 nThis above evaluator is defined in terms of the substitutional natural semantics. The subscript “MetaML:SubNat”in evalMetaML:SubNat denotes the substitutional natural semantics of MetaML.We demonstrate how the evaluator works by evaluating the puzzle program below that was originallypresented in [Tah99a].!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5Example 35. We haveevalMetaML:SubNat(!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5) = code222.2.FormalSemanticsofMetaMLλx.〈x〉 ⇓0 λx.〈x〉 λx.〈a〉 ⇓0 λx.〈a〉a ⇓2 a〈a〉 ⇓1 〈a〉λx.〈a〉 ⇓1 λx.〈a〉〈λx.〈a〉〉 ⇓0 〈λx.〈a〉〉(λx.〈x〉)(λx.〈a〉) ⇓0 〈λx.〈a〉〉∼ ((λx.〈x〉)(λx.〈a〉)) ⇓1 λx.〈a〉 0 ⇓1 0∼ ((λx.〈x〉)(λx.〈a〉))0 ⇓1 (λx.〈a〉)0λa.∼ ((λx.〈x〉)(λx.〈a〉))0 ⇓1 λa.((λx.〈a〉)0)〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉 ⇓0 〈λa.((λx.〈a〉)0)〉 λa.((λx.〈a〉)0) ⇓0 λa.((λx.〈a〉)0)!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉 ⇓0 λa.((λx.〈a〉)0) 5 ⇓0 5λx.〈5〉 ⇓0 λx.〈5〉 0 ⇓0 05 ⇓1 5〈5〉 ⇓0 〈5〉(λx.〈5〉)0 ⇓0 〈5〉!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5 ⇓0 〈5〉Figure 2.1: Evaluation of !〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5 in Substitutional Natural Semantics of MetaML.232.2. Formal Semantics of MetaMLbecause!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5 ⇓0 〈5〉as shown in Figure 2.1 and 〈5〉 ∈ VALUE0.2.2.3 Substitutional Structural Operational SemanticsPreviously, we have studied the substitutional natural semantics of MetaML. The main semantics refinementproblem is to define an environmental abstract machine for MetaML, which we call the MEK machine. TheMEK machine is a small-step operational semantics. As the first step in the process of deriving the MEKmachine, we refine the substitutional natural semantics of MetaML to a substitutional structural operationalsemantics.Natural semantics relates a term to its final result of computation. Structural operational semanticsrelates a term to its next small step of computation on the way to its final result. One advantage of thestructural operational semantics is that it allows reasoning about programs that do not terminate such as anoperating system. In contrast, natural semantics is only defined for programs that can produce a final result.We lay out the substitutional structural operational semantics through a family of level-indexed single-step relations and a family of level-indexed multi-step relations.Definition 36 (Level-indexed Single-step Relations). For any i∈N, let the level-indexed single-step relation−→i be a binary relation between the set of terms at level i and the set of terms at level i.−→i⊆ TERMi×TERMiNo (lambda-0)t i+11 −→i+1 t i+12λx.t i+11 −→i+1 λx.t i+12(lambda-(i+1))t i11 −→i t i12t i11 ti2 −→i t i12 t i2(appL-i)t i21 −→i t i22vi1 ti21 −→i vi1 t i22(appR-i)(λx.t0) v0 −→0 t0[v0/x] (app-0)!〈v1〉 −→0 v1 (run-0)t i1 −→i t i2!t i1 −→i!t i2(run-i)t i+11 −→i+1 t i+12〈t i+11 〉 −→i 〈t i+12 〉(code-i)No (splice-0) ∼〈v1〉 −→1 v1 (splice-1)t i1 −→i t i2∼t i1 −→i+1 ∼t i2(splice-(i+1))No (ref-i)No (num-i)242.2. Formal Semantics of MetaMLt i11 −→i t i12t i11+ ti2 −→i t i12+ t i2(plusL-i)t i21 −→i t i22vi1+ ti21 −→i vi1+ t i22(plusR-i)n1+n2 −→0 nwhere n = n1+n2 (plus-0)The single-step relation t i1 −→i t i2 reads as “t1 single-steps to t2 at level i”.Recall that a term can be a variable x, an application t1 t2, a lambda abstraction λx.t, a code operation〈t〉, a splice operation∼t, a run operation !t, a natural number n and an addition operation t1+t2. We explainhow an arbitrary term gets evaluated by the above relations.Given a variable x, we get stuck because there is no (ref-i) rule.Given an application t1 t2, we may evaluate it using the (appL-i) rule, the (appR-i) rule or the (app-0)rule depending on the current level and whether its operator/operand is a value. We first repeatedly applythe (appL-i) rule to evaluate the operator t1 and finally get a value v1. Then we use repeatedly apply the(appR-i) rule to evaluate the operand t2 and finally get a value v2. If we have been evaluating at level 0, weexpect v1 to be a lambda abstraction and we then perform the application v1 v2 using the (app-0) rule. If wehave been evaluating at level i+1, the resulting application v1 v2 is a value at that level.Given a lambda abstraction λx.t, we may evaluate it using the (lambda-(i+1)) rule depending on its leveland whether the body t is a value. (1) If the lambda abstraction is at level 0, then we get stuck because thereis no (lambda-0) rule. (2) If the lambda abstraction is at level i+1, we repeatedly apply the (lambda-(i+1))rule to evaluate its body t at level i+1 and finally get a value v. The resulting application λx.v is a value atlevel i+1.Given a code operation 〈t〉, we may evaluate it using the (code-i) rule depending on whether its operandis a value. We repeatedly apply the (code-i) rule to evaluate its operand t and finally get a value v. Theresulting code operation 〈v〉 is a value .Given a splice operation ∼t, we may evaluate it using the (splice-1) rule or the (splice-(i+1)) rule de-pending on the current level and whether its operand is a value. (1) If the splice operation is at level 0, weget stuck because there is no (splice-0) rule. (2) If the splice operation is at level i+1, we repeatedly applythe (splice-(i+1)) rule to evaluate its operand t and finally get a value v. (2.1) If we have been evaluating atlevel 1, we expect v to be code operation and we apply (splice-1) to merge the code into the context. (2.2) Ifwe have been evaluating at level i+2, the resulting splice operation ∼v is a value at that level.Given a run operation !t, we may evaluate it using the (run-0) rule or the (run-i) rule depending onthe current level and whether its operand is a value. We first repeatedly apply the (run-i) rule to evaluate itsoperand t and finally get a value v. (1) If we have been evaluating at level 0, we expect v to be code operationand we apply (run-0) to execute the code. (2) If we have been evaluating at level i+ 1, the resulting codeoperation !v is a value at that level.Given a natural number n, we get stuck because there is no (num-i) rule.Given an addition operation t1 + t2, we may evaluate it using the (plusL-i) rule, the (plusR-i) rule orthe (plus-0) rule depending on the current level and whether its first or second operand is a value. We first252.2. Formal Semantics of MetaMLrepeatedly apply the (appL-i) rule to evaluate the first operand t1 and finally get a value v1. Then we userepeatedly apply the (plusR-i) rule to evaluate the second operand t2 and finally get a value v2. If we havebeen evaluating at level 0, we expect v1 and v2 to be two natural numbers and we perform the addition v1+v2using the (plus-0) rule. If we have been evaluating at level i+1, the resulting addition v1 + v2 is a value atthat level.Observations. The rules of the single-step relations can be classified into two categories. (1) The rules(app-0), (run-0), (splice-1) and (plus-0) are reduction rules which perform a real step of computation. (2)The other rules are structural rules which define how to evaluate a term with respect to its sub-terms. Thereare no value rules in the single-step relations as opposed to the big-step relations. This is because steppingalways does work and there is no work left to do for values.The single-step relations tell that the language is call-by-value. The (app-0) rule restricts the operand ofthe application to be a value.The big-step relations do not specify which argument to a two-argument operation, like function ap-plication or addition, must be evaluated first. The single-step relations, on the other hand, force evaluationto proceed from left to right, as indicated by (appL-i), (appR-i), (plusL-i) and (plusR-i). We say that thesingle-step relations are tailored to leftmost reduction.The single-step relations have fewer rules than the big-step relations. (1) There are no (lambda-0), (ref-(i+1)) and (num-i) because values do not reduce in the single-step relations but evaluate to themselves in thebig-step relations. (2) There is no (ref-0), analogous to the fact that evaluating a free variable in a single-stage programming language is disallowed. (3) There is no (splice-0) because a splice operation is alwaysat some level higher than 0.Intuitively, a level-indexed single-step relation −→i defines a single step of computation at level i. Torepresent multiple (zero or more) steps of computation at level i, we define the level-indexed multi-steprelation −→∗i.Definition 37 (Level-indexed Multi-step Relation). Define the level-indexed multi-step relation −→i∗ to bethe reflexive-transitive closure of the level-indexed single-step relation −→i.−→i∗⊆ TERMi×TERMit i1 −→i∗ t i2where t i1 −→i t i2 (step) t i −→i∗ t i (refl)t i1 −→i∗ t i2 t i2 −→i∗ t i3t i1 −→i∗ t i3(trans)The multi-step relation t i1 −→i∗ t2 reads as “t1 multi-steps to t2 at level i”. The (step) rule implies thatthe multi-step relation respects the single-step relation with the same level index. The (refl) rule implies thatthe multi-step relation is reflexive. The (trans) rule implies that the multi-step relation is transitive.Examples. To get familiar with the substitutional structural operational semantics, consider the followingexamples. These examples are the same as the ones in we presented for substitutional natural semantics.262.2. Formal Semantics of MetaMLExample 38. Evaluate 〈∼〈1〉〉 at level 0 using the substitutional structural operational semantics.We have:∼〈1〉 −→1 1 (splice-1)〈∼〈1〉〉 −→0 〈1〉 (code-i)Observe 〈1〉 6−→0 because:1−→1 N〈1〉 −→0 (code-i)The evaluation gets stuck at N because there is no (num-i) rule. Furthermore, we have 〈1〉 ∈ VALUE0.By the (step) rule of the multi-step relation, 〈∼〈1〉〉 −→0∗ 〈1〉.Example 39. Evaluate 〈λx.x〉 at level 0 using the substitutional structural operational semantics.Observe 〈λx.x〉 6−→0 becausex−→1 Nλx.x−→1 (lambda-(i+1))〈λx.x〉 −→0 (code-i)The evaluation gets stuck at N because there is no (ref-i) rule. Furthermore, we have 〈λx.x〉 ∈ VALUE0.By the (refl) rule of the multi-step relation, 〈λx.x〉 −→0 〈λx.x〉.Example 40. Evaluate 〈λx.∼〈x〉〉 at level 0 using the substitutional structural operational semantics.We have:∼〈x〉 −→1 x (splice-1)λx.∼〈x〉 −→1 λx.x (lambda-(i+1))〈λx.∼〈x〉〉 −→0 〈λx.x〉 (code-i)Observe 〈λx.x〉 6−→0 becausex−→1 Nλx.x−→1 (lambda-(i+1))〈λx.x〉 −→0 (code-i)The evaluation gets stuck at because there is no (ref-i) rule. Furthermore, we have 〈λx.x〉 ∈ VALUE0.By the (step) rule of the multi-step relation, 〈λx.∼〈x〉〉 −→0∗ 〈λx.x〉.Example 41. Evaluate 〈λx.∼x〉 at level 0 using the substitutional structural operational semantics.Observe 〈λx.∼x〉 6−→0 because:x−→0 N∼x−→1 (splice-1)λx.∼x−→1 (lambda-(i+1))〈λx.∼x〉 −→0 (code-i)272.2. Formal Semantics of MetaMLThe evaluation gets stuck at N because there is no (ref-i) rule. Furthermore, we have 〈λx.∼x〉 6∈ VALUE0and 〈λx.∼x〉 is a stuck term.By the (refl) rule of the multi-step relation, 〈λx.∼x〉 −→0∗ 〈λx.∼x〉.Example 42. Evaluate 〈λx.∼(1+1)〉 at level 0 using the substitutional structural operational semantics.We have:1+1−→0 2 (plus-0)∼(1+1)−→1 ∼2 (splice-1)λx.∼(1+1)−→1 λx.∼2 (lambda-(i+1))〈λx.∼(1+1)〉 −→0 〈λx.∼2〉 (code-i)Observe 〈λx.∼2〉 6−→0 because:2−→0 N∼2−→1 (splice-(i+1))λx.∼2−→1 (lambda-(i+1))〈λx.∼2〉 −→0 (code-i)The evaluation gets stuck at N because there is no (num-i) rule. Furthermore, we have 〈λx.∼2〉 6∈VALUE0 and 〈λx.∼2〉 is a stuck term.By the (step) rule of the multi-step relation, 〈λx.∼(1+1)〉 −→0∗ 〈λx.∼2〉.Evaluator. We now define an evaluator in terms of the substitutional natural semantics of MetaML. Givena program t, the evaluator applies the multi-step relations on t at level 0. If the program multi-steps to anatural number, then the evaluator outputs the number. Otherwise, the evaluator indicates the class of valuethat the program multi-steps to, i.e., either function or code. The evaluator is undefined if the programgets stuck or does not terminate.Definition 43 (Evaluator based on Substitutional Structural Operational Semantics). Define the evaluatorevalMetaML:SubSOS to be a partial function from the set of programs PRGMMetaML to the set of answersANSMetaML.evalMetaML:SubSOS : PRGMMetaML ⇀ ANSMetaMLevalMetaML:SubSOS(t) =function if t −→0∗ λx.t ′0code if t −→0∗ 〈v1〉n if t −→0∗ nThis evaluator is defined in terms of the substitutional structural operational semantics. The subscript“MetaML:SubSOS” in evalMetaML:SubSOS denotes the substitutional structural operational semantics of MetaML.We demonstrate how the evaluator works by evaluating the same puzzle program as Example 35.282.2.FormalSemanticsofMetaML(λx.〈x〉)(λx.〈a〉)−→0 〈λx.〈a〉〉 where 〈x〉 ∈ TERM0 and λx.〈a〉 ∈ VALUE0∼ ((λx.〈x〉)(λx.〈a〉))−→1∼ 〈λx.〈a〉〉∼ ((λx.〈x〉)(λx.〈a〉))0−→1∼ 〈λx.〈a〉〉 0λa.∼ ((λx.〈x〉)(λx.〈a〉))0−→1 λa.∼ 〈λx.〈a〉〉 0〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉 −→0 〈λa.∼ 〈λx.〈a〉〉 0〉!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉 −→0!〈λa.∼ 〈λx.〈a〉〉 0〉!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉 5−→0!〈λa.∼ 〈λx.〈a〉〉 0〉 5(a) Derivation of !〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5−→0!〈λa.∼ 〈λx.〈a〉〉0〉5.∼ 〈λx.〈a〉〉 −→1 λx.〈a〉 where λx.〈a〉 ∈ VALUE1∼ 〈λx.〈a〉〉 0−→1 (λx.〈a〉) 0λa.∼ 〈λx.〈a〉〉 0−→1 λa.(λx.〈a〉) 0〈λa.∼ 〈λx.〈a〉 0〉 −→0 〈λa.(λx.〈a〉) 0〉!〈λa.∼ 〈λx.〈a〉 0〉 −→0!〈λa.(λx.〈a〉) 0〉!〈λa.∼ 〈λx.〈a〉〉 0〉 5−→0!〈λa.(λx.〈a〉) 0〉 5(b) Derivation of !〈λa.∼ 〈λx.〈a〉〉0〉5−→0!〈λa.(λx.〈a〉)0〉5.!〈λa.(λx.〈a〉) 0〉 −→0 λa.(λx.〈a〉) 0 where λa.(λx.〈a〉) 0 ∈ VALUE1!〈λa.(λx.〈a〉) 0〉 5−→0 (λa.(λx.〈a〉) 0) 5(c) Derivation of !〈λa.(λx.〈a〉) 0〉 5−→0 (λa.(λx.〈a〉) 0) 5.(λx.〈a〉) 0−→0 〈a〉 where 〈a〉 ∈ TERM0 and 0 ∈ VALUE0λa.(λx.〈a〉) 0−→0 λa.〈a〉(λa.(λx.〈a〉) 0) 5−→0 (λa.〈a〉) 5(d) Derivation of (λa.(λx.〈a〉) 0) 5−→0 (λa.〈a〉) 5.(λa.〈a〉) 5−→0 〈5〉 where 〈a〉 ∈ TERM0 and 5 ∈ VALUE0(e) Derivation of (λa.〈a〉) 5−→0 〈5〉.Figure 2.2: Evaluation of !〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5 in Substitutional Structural Operational Semantics of MetaML.292.3. Chapter SummaryExample 44. We haveevalMetaML:SubSOS(!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5) = codebecause!〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5−→0∗ 〈5〉as shown in Figure 2.2 and 〈5〉 ∈ VALUE0.Examples 35 and 44 show that two evaluators we have defined so far agree on the evaluation of thepuzzle program !〈λa.∼ ((λx.〈x〉)(λx.〈a〉))0〉5. In fact, these two evaluators agree on all programs.Theorem 45 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubNat(t) is Kleene equalto evalMetaML:SubSOS(t).The above theorem uses Kleene Equality introduced in [Kle52]: for any expressions A and B, A is Kleeneequal to B if and only if (1) both A and B are defined and are equal or (2) both A and B are undefined. Weprove the theorem in the appendices.2.3 Chapter SummaryWe first introduced three staging annotations and informally discussed how a multi-stage program evaluates.Then we studied the pre-existing substitutional natural semantics of MetaML and derived a substitutionalstructural operational semantics for MetaML. We defined evaluators for both semantics and demonstratedtheir equivalence.30Chapter 3Refining Semantics for ISWIM: Developingthe CEK MachineFollowing the first dimension of simplifying the main semantics refinement problem, we study how tostepwise develop an environmental abstract machine for the single-stage language ISWIM rather than themulti-stage language MetaML. The problem is restated as follows.Can we refine the substitutional structural operational semantics of ISWIM to a correspondingenvironmental abstract machine, which is known as the CEK machine, and demonstrate theirequivalence?We tackle this problem progressively in several manageable steps through several intermediate semantics.3.1 ISWIMISWIM, whose acronym stands for “if you see what I mean”, was originally developed by [Lan66]. Itwas introduced to understand and design the whole landscape of programming languages [Lan64]. It hasinfluenced the development of functional programming languages such as ML and Haskell.We consider a variant of ISWIM that has natural numbers and addition. We sometimes call what ispresented in this section Substitutional ISWIM in order to differentiate it from the subsequent dialects, i.e.,Explicit ISWIM, Suspended ISWIM and Environmental ISWIM.3.1.1 SyntaxWe first define the basic syntax of the language: terms, values and denotable terms. Then we define thefree variable function, the substitution function and the alpha equivalence relation. We finally present thecommutativity of substitutions.3.1.1.1 Terms, Values and Denotable TermsWe start with two sets: the set of variables, VAR, and the set of natural numbers, N.Definition 46 (Terms, Values and Denotable Terms). Let (1) TERM be the set of terms, (2) VALUE be theset of values, and (3) DENOTABLE be the set of denotable terms.313.1. ISWIMx ∈ VAR, n ∈ N, t ∈ TERM, v ∈ VALUE, w ∈ DENOTABLEt ::= x | t t | λx.t | n | t+ tv ::= λx.t | nw ::= x | vISWIM can be viewed as a single-stage restricted form of MetaML. Given the syntax of MetaML, if weremove all terms that contain any staging annotation or is not at level 0, we get ISWIM.3.1.1.2 Free Variable FunctionWe define the free variable function as follows.Definition 47 (Free Variable Function). Define the free variable function FV to be a total function from theset of terms to the power set of variables.FV : TERM −→P(VAR)FV (x) = x (1)FV (t1 t2) = FV (t1)∪FV (t2) (2)FV (λx.t) = FV (t)\{x} (3)FV (n) = /0 (4)FV (t1+ t2) = FV (t1)∪FV (t2) (5)The free variable function for ISWIM is the same as for MetaML but restricted to the single-stage part.Definition 48 (Closed Terms). A term t is closed if and only if FV (t) = /0.3.1.1.3 Substitution FunctionWe define the substitution function as follows.Definition 49 (Substitution Function). Define the substitution function ·[·/·] to be a total function from the3-tuple of the set of terms, the set of denotable terms and the set of variables, to the set of terms.·[·/·] : (TERM×DENOTABLE×VAR)−→ TERMx1[w/x2] = w where x1 ≡ x2 (1)x1[w/x2] = x1 where x1 6≡ x2 (2)(t1 t2)[w/x] = (t1[w/x]) (t2[w/x]) (3)(λx1.t0)[w/x2] = λx3.t0[x3/x1][w/x2]where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (4)n[w/x] = n (5)(t1+ t2)[w/x] = (t1[w/x])+(t2[w/x]) (6)The substitution function for ISWIM is the same as for MetaML but restricted to the single-stage part.323.1. ISWIM3.1.1.4 Alpha Equivalence RelationAlpha equivalence reflects that the particular choice of the bound variable in a lambda abstraction does notmatter. Two terms are α-equivalent if and only if they are identical except for renaming bound variables.Definition 50 (Alpha Equivalence Relation). Define the alpha equivalence relation∼α to be a binary relationbetween the set of terms and the set of terms.∼α ⊆ TERM×TERMx∼α x (var)t11 ∼α t21 t12 ∼α t22(t11 t12)∼α (t21 t22) (app)t1[x3/x1]∼α t2[x3/x2](λx1.t1)∼α (λx2.t2) where x3 /∈ FV (t1)∪FV (t2) (lam)t11 ∼α t21 t12 ∼α t22(t11+ t12)∼α (t21+ t22) (plus) n∼α n (num)We did not introduce the alpha equivalence relation for MetaML in the previous chapter. This is becauseit is usually not difficult to demonstrate equivalence of two semantics of the exact same language. However,in this chapter and later chapters, we need to prove equivalence of semantics of different dialects of ISWIMor MetaML. It is not uncommon that two semantics evaluate the same term to two syntactically differentvalues that have the same meaning semantically. Since our evaluators only concern observational results,such values should be equated. For example, λx.x and λy.y represent the same lambda abstraction. Theyare related by the alpha equivalence relation. Furthermore, the alpha equivalence relation makes our proofseasier. In many cases, we may replace a term by its alpha equivalent term in our proof at our convenience.Example 51. We have ((λx.x x) (λx.x))∼α ((λy.y y) (λ z.z)). The left-hand side and right-hand side of therelation represent the lambda abstractions that only differ naming lambda bound variables.3.1.1.5 Commutativity of SubstitutionsWe make several observations with respect to the commutativity of substitutions, which are useful in justify-ing the design of the succeeding semantics. (1) After substituting a variable with a denotable term that doesnot contain it, further substitutions for the same variable have no meaningful effect, so they can be dropped.(2) Two non-clashing substitutions can commute with one another. (3) More generally, two substitutionsthat arise in practice during an evaluation commute which involves more work to ensure no clash happens.Proposition 52. If x /∈ FV (w1), then t[w1/x][w2/x]∼α t[w1/x].Proposition 53. If x1 6≡ x2, x1 /∈ FV (w2) and x2 /∈ FV (w1), then t[w1/x1][w2/x2]∼α t[w2/x2][w1/x1].Proposition 54. t[w1/x1][w2/x2]∼α t[x3/x1][w2/x2][w1[w2/x2]/x3] where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2}.333.1. ISWIM3.1.2 Substitutional Structural Operational SemanticsWe lay out the substitutional structural operational semantics through the single-step relation −→ and themulti-step relation −→∗.Definition 55 (Single-step Relation). Let the single-step relation −→ be a binary relation between the setof terms and the set of terms.−→⊆ TERM×TERMt11 −→ t12t11 t2 −→ t12 t2 (appL)t21 −→ t22v1 t21 −→ v1 t22 (appR) (λx.t) v−→ t[v/x] (app)t11 −→ t12t11+ t2 −→ t12+ t2 (plusL)t21 −→ t22v1+ t21 −→ v1+ t22 (plusR) n1+n2 −→ n where n = n1+n2 (plus)The single-step relation t1 −→ t2 reads as “t1 single-steps to t2”.Definition 56 (Multi-step Relation). Let the multi-step relation −→∗ be the reflexive-transitive closure ofthe single-step relation −→.−→∗ ⊆ TERM×TERMt1 −→∗ t2 where t1 −→ t2 (step) t −→∗ t (refl)t1 −→∗ t2 t2 −→∗ t3t1 −→∗ t3 (trans)The multi-step relation t1 −→∗ t2 reads as “t1 multi-steps to t2”.The single-step relation and multi-step relation for the substitutional structural operational semantics ofISWIM are the same as for the substitutional structural operational semantics of MetaML but restricted tothe single-stage part.Example 57. Consider ((λx1.λx2.x1) 7) 4 where x1 6≡ x2.By the substitutional structural operational semantics of ISWIM, we have:((λx1.λx2.x1) 7) 4 (1)−→ (λx2.x1)[7/x1] 4 (2)= (λx2.x1[x2/x2][7/x1]) 4 where x2 6≡ x1 (3)= (λx2.x1[7/x1]) 4 (4)= (λx2.7) 4 (5)−→ 7[4/x2] (6)= 7 (7)The first single-step is indeed from (1) to (5), including applying the substitution [7/x1] on the lambdaabstraction λx2.x1. The substitution is performed in the meta-language and does not count as any additionalreduction step.343.2. Explicit ISWIMProperties. We observe the following properties that are useful in proving semantics equivalence. (1) Thesingle-step relation preserves alpha equivalence. During an evaluation, we may conveniently replace a termby its alpha equivalent term without changing the observational result of the evaluation. (2) The multi-steprelation preserves the closedness of a term. Evaluating a program never produces the error of evaluating afree variable. This ensures that the behaviour of a program does not depend on the outside world.Proposition 58. If ta1 ∼α tb1 and ta1 −→ ta2 , then tb1 −→ tb2 and ta2 ∼α tb2 .Proposition 59. If FV (t1) = /0 and t1 −→∗ t2, then FV (t2) = /0.Programs and Answers. To define an evaluator for ISWIM, we first programs and answers.Closed terms are programs in ISWIM.Definition 60 (Programs). Let the set of programs PRGMIWSIM be the set of closed terms.PRGMISWIM = {t ∈ TERM | FV (t) = /0}.An answers is the text function or a natural number.Definition 61 (Answers). Let the set of answers ANSISWIM be the union of the set {function} and the setof natural numbers.ANSISWIM = {function}∪N.The set of programs PRGMISWIM and the set of answers ANSISWIM are defined for ISWIM, not for anyparticular dialect or semantics of ISWIM.Evaluator. We now define an evaluator in terms of the substitutional structural operational semantics ofISWIM.Definition 62 (Evaluator based on Substitutional ISWIM). Let the evaluator evalISWIM:SubSOS be a partialfunction from the set of programs PRGMISWIM to the set of answers ANSISWIM.evalISWIM:SubSOS : PRGMISWIM ⇀ ANSISWIMevalISWIM:SubSOS(t) =function if t −→∗ λx.t ′n if t −→∗ nThis evaluator is defined in terms of the substitutional structural operational semantics of ISWIM. Thesubscript “ISWIM:SubSOS” in evalISWIM:SubSOS denotes the substitutional structural operational semantics ofISWIM. The evaluator is essentially the same as the single-stage subset of the evaluator defined in terms ofthe substitutional structural operational semantics of MetaML.3.2 Explicit ISWIMConsider again the (app) rule of the substitutional structural operational semantics of ISWIM.(λx.t) v−→ t[v/x] (app)353.2. Explicit ISWIMBecause the substitution function ·[·/·] is defined as equations in the meta-language, the (app) rule says thatin the expression t[v/x] each free occurrence of the variable x is immediately replaced by the value v inthe term t. Evaluating a substitution does not take any additional step regardless of how complicated thesubstitution is. It is not evident how to attain our objective of this chapter, i.e., how to develop an environ-mental abstract machine for ISWIM, based directly on the substitutional structural operational semantics ofISWIM.We propose to turn the big gap of what is less clear into several small moves of what is more evident,each of which leads to an intermediate semantics. As the very first move, we integrate the percolation ofsubstitutions into the structural operational semantics, leading to explicit substitutions [Cur85, ACCL91].As a result, the (app) rule becomes(λx.t) v−→ t[x := v] (app)where [x := v] is an explicit substitution. Depending on how complex the term t is, it may take several stepsto percolate the substitution [x := v] through the term t.We call the resulting dialect Explicit ISWIM and present its structural operational semantics.3.2.1 SyntaxWe first define the basic syntax of Explicit ISWIM: terms, values and denotable terms. Then we define thefree variable function, the substitution function and the alpha equivalence relation.3.2.1.1 Terms, Values and Denotable TermsDefinition 63 (Terms, Values and Denotable Terms). Let (1) TERM be the set of terms, (2) VALUE be theset of values, and (3) DENOTABLE be the set of denotable terms.x ∈ VAR, n ∈ N, t ∈ TERM, v ∈ VALUE, w ∈ DENOTABLEt := x | t t | λx.t | n | t+ t | t[x := w]v := λx.t | nw := x | vThe language has been enhanced with a term surrounded by an explicit substitution t[x := w], whichmeans that each free occurrence of the variable x in the term t needs to be substituted by the denotableterm w. Evaluating an explicit substitution takes steps. In contrast, an implicit substitution t[w/x] used inSubstitutional ISWIM represents the result of substituting the denotable term w for each free occurrence ofthe variable x in the term t.3.2.1.2 Free Variable FunctionWe define the free variable function by extending Definition 47 to accommodate explicit substitutions.Definition 64 (Free Variable Function). Let the free variable function FV be a total function from the set ofterms to the power set of variables.363.2. Explicit ISWIMFV : TERM −→P(VAR)............FV (t[x := w]) = (FV (t)\{x})∪FV (w) (6)Equations (1)-(5) are the same as Definition 47 in Substitutional ISWIM. Recall that t[x := w] is intro-duced to represent what an application (λx.t)w evaluates to. Observe that there is no free variable introducedor eliminated during the evaluation. We have FV (t[x := w]) = FV ((λx.t) w) = (FV (t)\{x})∪FV (w).3.2.1.3 Substitution FunctionWe define the substitution function by extending Definition 49 to accommodate explicit substitutions.Definition 65 (Substitution Function). Let the substitution function ·[·/·] be a total function from the 3-tupleof the set of terms, the set of denotable terms and the set of variables, to the set of terms.·[·/·] : (TERM×DENOTABLE×VAR)−→ TERM............(t0[x1 := w1])[w2/x2] = t0[x3/x1][w2/x2][x3 := w1[w2/x2]]where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (7)Equations (1)-(6) are the same as Definition 49 in Substitutional ISWIM. Recall that Proposition 54 sayst[w1/x1][w2/x2] ∼α t[x3/x1][w2/x2][w1[w2/x2]/x3] where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2}, correspondingto Equation (7).3.2.1.4 Alpha Equivalence RelationWe define the alpha equivalence relation by extending Definition 50 to accommodate explicit substitutions.Definition 66 (Alpha Equivalence Relation). Define the alpha equivalence relation∼α to be a binary relationbetween the set of terms and the set of terms.∼α ⊆ TERM×TERM...w1 ∼α w2 t1[x3/x1]∼α t2[x3/x2](t1[x1 := w1])∼α (t2[x2 := w2]) where x3 /∈ FV (t1)∪FV (t2) (sub)All rules except the (sub) rule are the same as Definition 50 in Substitutional ISWIM. Recall thatt[x := w] is introduced to represent what an application (λx.t) w evaluates to. If we can show(λx1.t1) w1 ∼α (λx2.t2) w2, then we should be able to show (t1[x1 := w1]) ∼α (t2[x2 := w2]). The premiseof the (sub) rule indeed shows (λx1.t1) w1 ∼α (λx2.t2) w2.373.2. Explicit ISWIM3.2.2 Structural Operational SemanticsWe lay out the structural operational semantics through the single-step relation−→, the single-step substitu-tion reduction relation −→x, the multi-step substitution reduction relation −→x∗ and the multi-step relation−→∗.Definition 67 (Single-step Relation). Define the single-step relation−→ to be a binary relation between theset of terms and the set of terms.−→⊆ TERM×TERMt11 −→ t12t11 t2 −→ t12 t2 (appL)t21 −→ t22v1 t21 −→ v1 t22 (appR) (λx.t) v−→ t[x := v] (app)t11 −→ t12t11+ t2 −→ t12+ t2 (plusL)t21 −→ t22v1+ t21 −→ v1+ t22 (plusR) n1+n2 −→ n where n = n1+n2 (plus)...The only rule that is different from Substitutional ISWIM is (app) which replaces the meta-languagesubstitution [v/x] with the explicit substitution [x := v]. The definition of the single-step relation is currentlyincomplete because how explicit substitutions percolate has not been defined yet.To specify how explicit substitutions percolate, we define a new relation t[x := w]−→x t. This relationensures that explicit substitutions percolate deterministically.Definition 68 (Single-step Substitution Reduction Relation). Let the single-step substitution reduction rela-tion −→x be a binary relation between the set of terms and the set of terms.−→x ⊆ TERM×TERMx[x := w]−→x w (var-eq-subst) x1[x2 := w]−→x x1 where x1 6≡ x2 (var-df-subst)n[x := w]−→x n (num-subst)(t1 t2)[x := w]−→x (t1[x := w]) (t2[x := w]) (app-subst)(t1+ t2)[x := w]−→x (t1[x := w])+(t2[x := w]) (plus-subst)(λx1.t)[x2 := w]−→x λx3.t[x1 := x3][x2 := w] where x3 /∈ FV (λx1.t)∪FV (w)∪{x2} (lam-subst)t1[x1 := w1]−→x t2t1[x1 := w1][x2 := w2]−→x t2[x2 := w2] (subst-subst)Most of the rules describe how explicit substitutions behave when encountering other terms in the lan-guage. Rules (var-eq-subst), (var-df-subst), (app-subst), (lam-subst), (num-subst) and (plus-subst) corres-pond to Equations (1) to (5) of Substitutional ISWIM’s substitution function (Definition 49) respectively.The (subst-subst) rule implies that only a single-step of substitution reduction may happen underneath anexplicit substitution.383.2. Explicit ISWIMEvery single-step substitution reduction counts as a single step of computation. We add the followingrule to the definition of the single-step relation, Definition 67.t1[x := w]−→ t2 where t1[x := w]−→x t2 (subst)Definition 69 (Multi-step Substitution Reduction Relation). Define the multi-step substitution reductionrelation −→x∗ to be the reflexive-transitive closure relation on the single-step substitution reduction relation−→x.Definition 70 (Multi-step Relation). Define the multi-step relation−→∗ to be the reflexive-transitive closurerelation on the single-step relation −→.Example 71. Let x1 6≡ x2. We observe that((λx1.x2) 5)[x2 := 2] 6−→ (x2[x1 := 5])[x2 := 2].As (λx1.x2) 5 −→ x2[x1 := 5] is merely a single-step computation but not a substitution reduction, itcannot be performed underneath the explicit substitution [x2 := 2].The explicit substitution [x2 := 2] has to propagate first. Correctly, we have:((λx1.x2) 5)[x2 := 2]−→ (λx1.x2)[x2 := 2] 5[x2 := 2]−→ (λx1.x2[x1 := x1][x2 := 2]) 5[x2 := 2] where x1 6≡ x2−→ (λx1.x2[x1 := x1][x2 := 2]) 5−→ x2[x1 := x1][x2 := 2][x1 := 5]−→ x2[x2 := 2][x1 := 5]−→ 2[x1 := 5]−→ 2Example 72. Let x1 6≡ x2. By the structural operational semantics of Explicit ISWIM, we have:(λx1.λx2.x1) 7−→ (λx2.x1)[x1 := 7]−→ λx2.x1[x2 := x2][x1 := 7] where x2 6≡ x1In contrast, by the substitutional structural operational semantics of ISWIM, we have:(λx1.λx2.x1) 7−→ (λx2.x1)[7/x1]= λx2.x1[x2/x2][7/x1] where x2 6≡ x1= λx2.x1[7/x1]= λx2.7Explicit ISWIM takes two single-steps while Substitutional ISWIM completes the execution in onesingle-step. Explicit ISWIM terminates at a lambda abstraction where its body is a term surrounded byexplicit substitutions. Explicit ISWIM reduces substitutions in a lazy fashion in the sense that it only pushesexplicit substitutions to the body of a lambda abstraction but does not perform any substitution reduction onthe body of a lambda abstraction.393.3. Suspended ISWIMProperties. We observe the following properties that are useful in proving semantics equivalence. (1) Thesingle-step relation preserves alpha equivalence. (2) The multi-step relation preserves the closedness of aterm. These are the same properties that Substitutional ISWIM holds.Proposition 73. If ta1 ∼α tb1 and ta1 −→ ta2 , then tb1 −→ tb2 and ta2 ∼α tb2 .Proposition 74. If FV (t1) = /0 and t1 −→∗ t2, then FV (t2) = /0.Evaluator. We now define an evaluator in terms of the structural operational semantics of Explicit ISWIM.The evaluator is analogous to the one defined in terms of Substitutional ISWIM.Definition 75 (Evaluator based on Structural Operational Semantics of Explicit ISWIM). Define the eval-uator evalISWIM:ExpSOS to be a partial function from the set of programs PRGMISWIM to the set of answersANSISWIM.evalISWIM:ExpSOS : PRGMISWIM ⇀ ANSISWIMevalISWIM:ExpSOS(t) =function if t −→∗ λx.t ′n if t −→∗ nThis evaluator is defined in terms of the structural operational semantics of Explicit ISWIM. The sub-script “ISWIM:ExpSOS” in evalISWIM:ExpSOS denotes the structural operational semantics of Explicit ISWIM.We claim that the evaluators defined in terms of the Substitutional ISWIM and Explicit ISWIM areequivalent.Theorem 76 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:SubSOS(t) is Kleene equalto evalISWIM:ExpSOS(t).We prove the theorem in the appendices.3.3 Suspended ISWIMExplicit ISWIM models how substitutions percolate at the semantical level. However, the integration hasintroduced unnecessary or unconventional computation. Consider the (lam-subst) rule of the structural op-erational semantics of Explicit ISWIM.(λx1.t)[x2 := w]−→x λx3.t[x1 := x3][x2 := w] where x3 /∈ FV (λx1.t)∪FV (w)∪{x2} (lam-subst)Pushing an explicit substitution into a lambda abstraction requires rewriting the body of the lambda ab-straction. Furthermore, when an explicit substitution is pushed into a lambda abstraction, a new explicitsubstitution to rename the lambda bound variable is created, which may get pushed downward.We propose to delay explicit substitutions outside of any lambda abstraction until the lambda abstractionis called in an application. The resulting dialect is Suspended ISWIM.403.3. Suspended ISWIM3.3.1 SyntaxWe first define the basic syntax of the Suspended ISWIM: terms, values and denotable terms. Then wedefine the free variable function, the substitution function and the alpha equivalence relation.3.3.1.1 Terms, Values and Denotable TermsDefinition 77 (Terms, Values and Denotable Terms). Let (1) TERM be the set of terms, (2) VALUE be theset of values, and (3) DENOTABLE be the set of denotable terms.x ∈ VAR, n ∈ N, t ∈ TERM, v ∈ VALUE, w ∈ DENOTABLEt ::= x | t t | λx.t | n | t+ t | t[x := w]v ::= (λx.t)[x := w] | nw ::= x | vThe definition uses (λx.t)[x := w] to represent that the lambda abstraction λx.t is surrounded by zero ormore explicit substitutions [x := w].2 Since we delay explicit substitutions outside of lambda abstractions,(λx.t)[x := w] is a value in Suspended ISWIM.A term surrounded by explicit substitutions, t[x1 := w1][x2 := w2]...[xn := wn], truly represents a termsurrounded by explicit substitutions cascadedly, (...((t[x1 := w1])[x2 := w2])...)[xn := wn]. We usually omitthe parentheses for convenience.3.3.1.2 Free Variable Function, Substitution Function and Alpha Equivalence RelationThe free variable function, substitution function and alpha equivalence relation are the same as ExplicitISWIM (Section 3.2).3.3.2 Structural Operational SemanticsWe lay out the structural operational semantics through the single-step relation−→, the single-step substitu-tion reduction relation −→x, the multi-step substitution reduction relation −→x∗ and the multi-step relation−→∗.Definition 78 (Single-step Relation). Let the single-step relation −→ be a binary relation between the setof terms and the set of terms.2We state several syntactic conventions. (1) [xi := wi] denotes zero or more explicit substitutions. (2) [xi := wi]ni=1 denotes eitherzero explicit substitutions or n explicit substitutions of the form [x1 := w1][x2 := w2]...[xn := wn]. (3) [xi := wi]−ni=−1 denotes eitherzero explicit substitutions or n explicit substitutions of the form [x−1 := w−1][x−2 := w−2]...[x−n := w−n]. (4) [xi := wi]+denotesone or more explicit substitutions. [xi := wi]+−ni=−1 denotes n explicit substitutions of the form [x−1 := w−1][x−2 := w−2]...[x−n :=w−n].413.3. Suspended ISWIM−→⊆ TERM×TERMt11 −→ t12t11 t2 −→ t12 t2 (appL)t21 −→ t22v1 t21 −→ v1 t22 (appR) (λx.t)[xi := wi] v−→ t[x := v][xi := wi](app)t11 −→ t12t11+ t2 −→ t12+ t2 (plusL)t21 −→ t22v1+ t21 −→ v1+ t22 (plusR) n1+n2 −→ n where n = n1+n2 (plus)t1[x := w]−→ t2 where t1[x := w]−→x t2 (subst)The only rule that is different from Explicit ISWIM is the (app) rule.Someone may attempt to use the following one as the (app) rule.(λx.t)[xi := wi] v−→ t[xi := wi][x := v](app-incorrect)This rule is incorrect. For example, if (app-incorrect) is used, we have ((λx.x)[x := 9]) 7−→ x[x := 9][x :=7] −→ 9[x := 7] −→ 9. In contrast, Explicit ISWIM evaluates ((λx.x)[x := 9]) 7 to 7, and SubstitutionalISWIM evaluates ((λx.x)[9/x]) 7 to 7 as well.Someone may attempt to use the following one as the (app) rule.(λx.t)[xi := wi] v−→ t[x := x0][xi := wi][x0 := v]where x0 /∈ FV (λx.t)∪⋃i(FV (wi)∪{xi}) (app-optional)This rule is correct but not ideal. We want to eliminate all renamings in Suspended ISWIM, but (app-optional) still renames the lambda bound variable.Keep in mind that this chapter aims to develop an environmental operational semantics for ISWIM. The(app) rule promotes the substitution for the lambda bound variable to the front, overwriting any existingexplicit substitution for that variable, which is close to the operation of updating an environment. We shallkeep the (app) rule.To specify how explicit substitutions percolate, we define the single-step substitution reduction relation−→x.Definition 79 (Single-step Substitution Reduction Relation). Let the single-step substitution reduction rela-tion −→x be a binary relation between the set of terms and the set of terms.423.3. Suspended ISWIM−→x ⊆ TERM×TERMx[x := w]−→x w (var-eq-subst) x1[x2 := w]−→x x1 where x1 6≡ x2 (var-df-subst)n[x := w]−→x n (num-subst)(t1 t2)[x := w]−→x (t1[x := w]) (t2[x := w]) (app-subst)(t1+ t2)[x := w]−→x (t1[x := w])+(t2[x := w]) (plus-subst)no (lam-subst)t1[x1 := w1]−→x t2t1[x1 := w1][x2 := w2]−→x t2[x2 := w2] (subst-subst)All rules are the same as the single-step substitution reduction relation of Explicit ISWIM. The (lam-subst) rule no longer exists in Suspended ISWIM because a lambda abstraction surrounded by explicitsubstitutions is a value.The above two definitions have fully eliminated variable renamings. The denotable term w in an arbitrarysubstitution [x := w] must be a value. As a result, the definition of denotable terms in Definition 77w := x | vshall be replaced byw := vwhere w ∈ DENOTABLE, x ∈ VAR and v ∈ VALUE. For convenience, we may use [x := v] or keep using[x := w] to represent an explicit substitution in Suspended ISWIM.Definition 80 (Multi-step Substitution Reduction Relation). Define the multi-step substitution reductionrelation −→x∗ to be the reflexive-transitive closure relation on the single-step substitution reduction relation−→x.Definition 81 (Multi-step Relation). Define the multi-step relation−→∗ to be the reflexive-transitive closurerelation on the single-step relation −→.Example 82. Consider ((λx1.λx2.x1) 7) 4 where x1 6≡ x2. By the structural operational semantics of Sus-pended ISWIM, we have:((λx1.λx2.x1) 7) 4−→ ((λx2.x1)[x1 := 7]) 4−→ x1[x2 := 4][x1 := 7]−→ x1[x1 := 7]−→ 7.433.3. Suspended ISWIMIn contrast, by the structural operational semantics of Explicit ISWIM, we have:((λx1.λx2.x1) 7) 4−→ ((λx2.x1)[x1 := 7]) 4−→ (λx2.x1[x2 := x2][x1 := 7]) 4 where x2 6≡ x1−→ x1[x2 := x2][x1 := 7][x2 := 4]−→ x1[x1 := 7][x2 := 4]−→ 7[x2 := 4]−→ 7Suspended ISWIM takes two fewer steps than Explicit ISWIM. Given (λx2.x1)[x1 := 7], SuspendedISWIM does not push the substitution [x1 := 7] into the lambda abstraction λx2.x1. Instead, the substitutionis suspended until the lambda abstraction is called in an application. Given ((λx2.x1)[x1 := 7]) 4, SuspendedISWIM promotes the substitution for the lambda bound variable to the front, resulting in x1[x2 := 4][x1 := 7].Properties. We observe the following properties that are useful in proving semantics equivalence. (1)The single-step relation preserves alpha equivalence. (2) The multi-step relation preserves the closedness ofa term. These are the same properties that Substitutional ISWIM and Explicit ISWIM hold.Proposition 83. If ta1 ∼α tb1 and ta1 −→ ta2 , then tb1 −→ tb2 and ta2 ∼α tb2 .Proposition 84. If FV (t1) = /0 and t1 −→∗ t2, then FV (t2) = /0.Evaluator. We now define an evaluator in terms of the substitutional structural operational semantics ofSuspended ISWIM. The evaluator is analogous to be one defined for Explicit ISWIM.Definition 85 (Evaluator based on Structural Operational Semantics of Suspended ISWIM). Let the eval-uator evalISWIM:SusSOS be a partial function from the set of programs PRGMISWIM to the set of answersANSISWIM.evalISWIM:SusSOS : PRGMISWIM ⇀ ANSISWIMevalISWIM:SusSOS(t) =function if t −→∗ (λx.t ′)[xi := wi]n if t −→∗ nThis evaluator is defined in terms of the structural operational semantics of Suspended ISWIM. The sub-script “ISWIM:SusSOS” in evalISWIM:SusSOS denotes the structural operational semantics of Suspended ISWIM.We claim that the evaluators defined in terms of the Substitutional ISWIM and Suspended ISWIM areequivalent.Theorem 86 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:SubSOS(t) is Kleene equalto evalISWIM:SusSOS(t).We prove the theorem in the appendices.443.4. Environmental ISWIM - Structural Operational Semantics3.4 Environmental ISWIM - Structural Operational SemanticsSuspended ISWIM is peculiar in the sense that the top-level structure of a lambda abstraction surroundedby zero or more explicit substitutions is not immediately recognisable. Consider (λx.t)[xi := wi]ni=1 whichtruly represents (...(((λx.t)[x1 := w1])[x2 := w2])...)[xn := wn]. To ensure that its top-level structure is alambda abstraction, we have to dive down through the cascaded explicit substitutions to search for a lambdaabstraction.Furthermore, since our evaluator only concerns closed terms, we can safely claim that all denotable termssubstituting variables in cascaded explicit substitutions are closed. Then a cascade of explicit substitutionscan be viewed as a whole when operating on a term and its subterms. For example, consider a cascade ofexplicit substitutions operating on a variable, x[xi := wi]ni=1. We compare x against xi where i = 1,2, ...,n inorder. There are two possibilities. (1) If none of xi’s refers to x, the cascaded explicit substitutions disappear,i.e., x[xi := wi]ni=1 steps to x. (2) If we find the leftmost xp where 1≤ p≤ n such that xp refers to x, then x isreplaced by wp and the remaining cascaded substitutions [xi := wi]ni=p+1 disappear, i.e., x[xi := wi]ni=1 steps towp where xp is the leftmost xi such that x≡ xp. We make these two observations because the denotable termwp is closed and remains unchanged when encountering any explicit substitution. After further analysis, werealise that there will always be a cascade of explicit substitutions that reach a variable in Suspended ISWIM.It is a natural step to treat a cascade of explicit substitutions as a whole and replace it by an environment,leading to Environmental ISWIM.3.4.1 SyntaxWe first define the basic syntax of the Environmental ISWIM: terms, values, denotable terms, configurationsand environments. Then we define the free variable function.3.4.1.1 Terms, Values, Denotable Terms, Configurations and EnvironmentsDefinition 87 (Terms, Values, Denotable Terms and Configurations). Let (1) TERM be the set of terms,(2) VALUE be the set of values, (3) DENOTABLE be the set of denotable terms, (4) CONF be the set ofconfigurations, and (5) ENV be a finite partial function from the set of variables to the set of denotableterms.x ∈ VAR, n ∈N, t ∈ TERM, v ∈ VALUE, w ∈ DENOTABLE, c ∈ CONF, ρ ∈ ENV = VAR fin⇀ DENOTABLEt := x | t t | λx.t | n | t+ tv := n | /λx.t, ρ . where FV (λx.t)⊆ dom(ρ)w := vc := v | c c | c+ c | 〈t, ρ〉 where FV (t)⊆ dom(ρ)A pair of a term and an environment where the former is closed by the latter, i.e., 〈t, ρ〉 where FV (t)⊆dom(ρ) or /λx.t, ρ. where FV (λx.t)⊆ dom(ρ), is called a closure. A pair of a lambda abstraction and anenvironment where the former is closed by the latter, i.e., /λx.t, ρ. where FV (λx.t)⊆ dom(ρ), is called aclosure value.453.4. Environmental ISWIM - Structural Operational SemanticsA closure makes its top-level structure immediately evident. For example, given a closure 〈λx.t, ρ〉, it isimmediately recognisable that its top-level structure is a lambda abstraction λx.t without having to dive intothe environment ρ . In contrast, in Suspended ISWIM, to check the top-level structure of (λx.t)[x := w], wehave to dive down through the cascaded explicit substitutions [x := w] until reaching the lambda abstractionλx.t.Unlike the previous dialects of ISWIM, Environmental ISWIM deems the set of configurations ratherthan the set of terms to be the fundamental set on which the operational semantics is defined.Definition 88 (Environments). An environment ρ ∈ ENV is a finite partial function from the set of variablesto the set of denotable terms. Let dom(ρ) be the domain of the environment ρ and rng(ρ) be the range ofthe environment ρ . Let ρ[x 7→ w] be an environment update and ρ(x) be an environment lookup. We have:ρ[x 7→ w](y) =w if x≡ yρ(y) if x 6≡ ySuppose an environment ρ maps x1 to w1, x2 to w2, ..., xn to wn, where xi 6≡ x j for any i, j such that i 6= j,and ρ has no other mapping. The environment ρ can be represented as a finite set {(x1,w1),(x2,w2), ...,(xn,wn)}.The domain of the environment ρ is dom(ρ) = {x1,x2, ...,xn} and the range of the environment ρ isrng(ρ) = {w1,w2, ...,wn}.3.4.1.2 Free Variable FunctionWe define the free variable function by extending Definition 47 to accommodate configurations.Definition 89 (Free Variable Function). Let the free variable function FV be a total function from the set ofconfigurations to the power set of variables.FV : CONF −→P(VAR)FV (x) = x (1)FV (t1 t2) = FV (t1)∪FV (t2) (2)FV (λx.t) = FV (t)\{x} (3)FV (n) = /0 (4)FV (t1+ t2) = FV (t1)∪FV (t2) (5)FV (〈t, ρ〉) = /0 (6)FV (/λx.t, ρ.) = FV (〈λx.t, ρ〉) (7)FV (c1 c2) = FV (c1)∪FV (c2) (8)FV (c1+ c2) = FV (c1)∪FV (c2) (9)Equations (1)-(5) are the same as Definition 47 in Substitutional ISWIM. Equations (6) and (7) are basedon the definitions of closures and closure values. Equations (8) and (9) are analogous to Equations (2) and(5).463.4. Environmental ISWIM - Structural Operational SemanticsDefinition 90 (Closed Configurations). A configuration c is closed if and only if FV (c) = /0.3.4.2 Structural Operational SemanticsWe lay out the structural operational semantics of Environmental ISWIM through the single-step relation−→ and the multi-step relation −→∗.Definition 91 (Single-step Relation). Define the single-step relation−→ to be a binary relation between theset of configurations and the set of configurations.−→⊆ CONF×CONFc11 −→ c12c11 c2 −→ c12 c2 (appL)c21 −→ c22v1 c21 −→ v1 c22 (appR) /(λx.t), ρ . v−→ 〈t, ρ[x 7→ v]〉 (app)c11 −→ c12c11+ c2 −→ c12+ c2 (plusL)c21 −→ c22v1+ c21 −→ v1+ c22 (plusR)n1+n2 −→ n where n = n1+n2 (plus)〈(λx.t), ρ〉 −→ /(λx.t), ρ. (clos-env)〈x, ρ〉 −→ w where ρ(x) = w (var-env)〈n, ρ〉 −→ n (num-env)〈(t1 t2), ρ〉 −→ 〈t1, ρ〉 〈t2, ρ〉 (app-env)〈(t1+ t2), ρ〉 −→ 〈t1, ρ〉+ 〈t2, ρ〉 (plus-env)The single-step relation c1 −→ c2 reads as “c1 single-steps to c2”. (1) Rules (appL), (appR), (plusL),(plusR) and (plus) are analogous to the rules of the same names in Suspended ISWIM’s single-step relation.The only difference is that Suspended ISWIM defined the relation on terms but we now define the relationon configurations. (2) The (app) rule models performing an application by environment updating, whichcompletes the unfinished job of Suspended ISWIM’s (app) rule. (3) The other rules discuss how to evaluatea closure. The (clos-env) rule turns a closure to a closure value. Other (*-env) rules correspond to SuspendedISWIM’s single-step substitution reduction relation.Rules of the single-step relation can be categorised into reduction rules and structural rules. Structuralrules are (appL), (appR), (plusL) and (plusR). The others are reduction rules.Definition 92 (Multi-step Relation). Define the multi-step relation−→∗ to be the reflexive-transitive closureof the single-step relation −→.Example. To get familiar with the structural operational semantics, consider the following example.Example 93. Consider (λx1.λx2.x1) 7) 4 where x1 6≡ x2.473.4. Environmental ISWIM - Structural Operational SemanticsWe first construct a configuration that pairs the above term with an empty environment, i.e., 〈((λx1.λx2.x1) 7) 4, /0〉.By the structural operational semantics of Environmental ISWIM, we have:〈((λx1.λx2.x1) 7) 4, /0〉 (1)−→ 〈(λx1.λx2.x1) 7, /0〉 〈4, /0〉 (2)−→ (〈(λx1.λx2.x1), /0〉 〈7, /0〉) 〈4, /0〉 (3)−→ (/(λx1.λx2.x1), /0. 〈7, /0〉) 〈4, /0〉 (4)−→ (/(λx1.λx2.x1), /0. 7) 〈4, /0〉 (5)−→ 〈(λx2.x1), {(x1,7)}〉 〈4, /0〉 (6)−→ /(λx2.x1),{(x1,7)}. 〈4, /0〉 (7)−→ /(λx2.x1),{(x1,7)}. 4 (8)−→ 〈x1,{(x2,4),(x1,7)}〉 (9)−→ 7. (10)As shown in Line (1), we always evaluate a program with an empty environment.Property. We observe the following property that is useful in proving semantics equivalence. The multi-step relation preserves the closedness of a term. This is the same property that Substitutional ISWIM,Explicit ISWIM and Suspended ISWIM hold.Proposition 94. If FV (c1) = /0 and c1 −→∗ c2, then FV (c2) = /0.Evaluator. We now define an evaluator in terms of the structural operational semantics of EnvironmentalISWIM. Environmental ISWIM’s multi-step relation is defined on sets of configurations rather than sets ofterms. Given a program t, the evaluator applies the multi-step relation on the configuration 〈t, /0〉 in whichthe program is associated with an empty environment. The evalutor is otherwise analogous to the evaluatordefined for Suspended ISWIM.Definition 95 (Evaluator based on Structural Operational Semantics of Environmental ISWIM). Let theevaluator evalISWIM:EnvSOS to be a partial function from the set of programs PRGMISWIM to the set of answersANSISWIM.evalISWIM:EnvSOS : PRGMISWIM ⇀ ANSISWIMevalISWIM:EnvSOS(t) =function if 〈t, /0〉 −→∗ /(λx.t ′), ρ.n if 〈t, /0〉 −→∗ nThis evaluator is defined in terms of the structural operational semantics of Environmental ISWIM. Thesubscript “ISWIM:EnvSOS” in evalISWIM:EnvSOS denotes the structural operational semantics of EnvironmentalISWIM.We claim that the evaluators defined in terms of Substitutional ISWIM and Environmental ISWIM areequivalent.483.5. Environmental ISWIM - Reduction SemanticsTheorem 96 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:SubSOS(t) is Kleene equalto evalISWIM:EnvSOS(t).We prove the theorem in appendices.3.5 Environmental ISWIM - Reduction SemanticsThis chapter aims to develop an environmental abstract machine for ISWIM. Since a reduction semanticscan be viewed as a concise representation of an abstract machine, we develop a reduction semantics forEnvironmental ISWIM, based on which we develop an abstract machine in the next section.3.5.1 SyntaxThe definitions of terms, values, denotable terms, configurations and environments are the same as Section3.4.3.5.1.1 Evaluation ContextsWe now define evaluation contexts to regulate the only places where an arbitrary reduction may happen.Definition 97 (Evalutation Contexts: Inside-out). Let ECXT be the set of evaluation contexts.E ∈ ECXT, c ∈ CONF, v ∈ VALUE ∈ ECXT (ept)E ∈ ECXTE[ c] ∈ ECXT (appL)E ∈ ECXTE[v] ∈ ECXT (appR)E ∈ ECXTE[+ c] ∈ ECXT (plusL)E ∈ ECXTE[v+] ∈ ECXT (plusR)The sole hole in an evaluation context can be filled by a configuration. E[c] is a configuration con-structed by filling the sole hole of the evaluation context E by the configuration c.There is a correspondence between evaluation contexts and structural rule of the single-step relationdefined as Definition 91. (1) The evaluation context E[ c] allows reduction at the operator position of anapplication, corresponding to the (appL) rule of the semantics. (2) The evaluation context E[v ] allowsreduction at the operand position of an application, corresponding to the (appR) rule of the semantics. (3)The evaluation context E[+ c] allows reduction at the first operand position of an addition, correspondingto the (plusL) rule of the semantics. (4) The evaluation context E[v+] allows reduction at second operandposition of an addition, corresponding to the (plusR) rule of the semantics. (5) The evaluation context allows reduction immediately.This definition is called inside-out because it makes the innermost structure of an evaluation context themost evident. An alternative but equivalent definition of evaluation contexts is provided in Definition 106.493.5. Environmental ISWIM - Reduction Semantics3.5.2 Reduction SemanticsWe lay out the reduction semantics of Environmental ISWIM through the notions of reduction R, the re-duction relation 7−→ and the multi-reduction relation 7−→∗.Definition 98 (Notions of Reduction). Let the notions of reduction,R, be a binary relation between the setof configurations and the set of configurations.R ⊆ CONF×CONF/(λx.t), ρ . v R 〈t, ρ[x 7→ v]〉 (app)n1+n2 R n where n = n1+n2 (plus)〈(λx.t), ρ〉 R /(λx.t), ρ. (conf-lam)〈x, ρ〉 R w where ρ(x) = w (conf-var)〈n, ρ〉 R n (conf-num)〈(t1 t2), ρ〉 R 〈t1, ρ〉 〈t2, ρ〉 (conf-app)〈(t1+ t2), ρ〉 R 〈t1, ρ〉+ 〈t2, ρ〉 (conf-plus)The notion of reduction c1 R c2 reads as “c1 reduces to c2”. Each notion corresponds to one reductionrule of the single-step relation defined as Definition 91.Definition 99. If c1 R c2, then c1 is a redex and c2 is a contractum.Definition 100 (Reduction Relation). Let the reduction relation 7−→ be a binary relation between the set ofconfigurations and the set of configurations directly based on the notions of reductionR.7−→ ⊆ CONF×CONFc1 R c2E[c1] 7−→ E[c2]The reduction relation c1 7−→ c2 reads as “c1 single-reduces to c2”. The above definition states that thereduction relation respects performing any notion of reduction in an evaluation context.Intuitively, the reduction relation 7−→ defines a single step of computation. We define 7−→∗ to representmultiple (zero or more) steps of computation.Definition 101 (Multi-reduction Relation). Define the multi-reduction relation 7−→∗ to be the reflexive-transitive closure of the reduction relation 7−→.The multi-reduction relation c1 7−→∗ c2 reads as “c1 multi-reduces to c2”.Example 102. Consider (λx1.λx2.x1) 7) 4 where x1 6≡ x2.We first pair above term with an empty environment, constructing the configuration 〈((λx1.λx2.x1) 7) 4, /0〉.By the reduction semantics of Environmental ISWIM, we have:〈((λx1.λx2.x1) 7) 4, /0〉 7−→∗ 7as demonstrated in Figure 3.1.503.5. Environmental ISWIM - Reduction Semantics〈((λx1.λx2.x1) 7) 4, /0〉= [〈((λx1.λx2.x1) 7) 4, /0〉]7−→ [〈(λx1.λx2.x1) 7, /0〉 〈4, /0〉] where 〈((λx1.λx2.x1) 7) 4, /0〉R 〈(λx1.λx2.x1) 7, /0〉 〈4, /0〉= 〈(λx1.λx2.x1) 7, /0〉 〈4, /0〉= [ 〈4, /0〉][〈(λx1.λx2.x1) 7, /0〉]7−→ [ 〈4, /0〉][〈(λx1.λx2.x1), /0〉 〈7, /0〉] where 〈(λx1.λx2.x1) 7, /0〉R 〈(λx1.λx2.x1), /0〉 〈7, /0〉= (〈(λx1.λx2.x1), /0〉 〈7, /0〉) 〈4, /0〉= [ 〈4, /0〉][ 〈7, /0〉][〈(λx1.λx2.x1), /0〉]7−→ [ 〈4, /0〉][ 〈7, /0〉][/(λx1.λx2.x1), /0.] where 〈(λx1.λx2.x1), /0〉R / (λx1.λx2.x1), /0.= (/(λx1.λx2.x1), /0. 〈7, /0〉) 〈4, /0〉= [ 〈4, /0〉][/(λx1.λx2.x1), /0. ][〈7, /0〉]7−→ [ 〈4, /0〉][/(λx1.λx2.x1), /0. ][7] where 〈7, /0〉R 7= (/(λx1.λx2.x1), /0. 7) 〈4, /0〉= [ 〈4, /0〉][/(λx1.λx2.x1), /0. 7]7−→ [ 〈4, /0〉][〈(λx2.x1), {(x1,7)}〉] where / (λx1.λx2.x1), /0. 7R 〈(λx2.x1), /0[x1 7→ 7]〉= 〈(λx2.x1), {(x1,7)}〉 〈4, /0〉= [ 〈4, /0〉][〈(λx2.x1), {(x1,7)}〉]7−→ [ 〈4, /0〉][/(λx2.x1), {(x1,7)}.] where 〈(λx2.x1), {(x1,7)}〉R / (λx2.x1), {(x1,7)}.= /(λx2.x1),{(x1,7)}. 〈4, /0〉= [/(λx2.x1),{(x1,7)}. ][〈4, /0〉]7−→ [/(λx2.x1),{(x1,7)}. ][4] where 〈4, /0〉R 4= /(λx2.x1),{(x1,7)}. 4= [/(λx2.x1),{(x1,7)}. 4]7−→ [〈x1,{(x2,4),(x1,7)}〉] where / (λx2.x1),{(x1,7)}. 4R 〈x1,{(x1,7)}[x2 7→ 4]〉= 〈x1,{(x2,4),(x1,7)}〉= [〈x1,{(x2,4),(x1,7)}〉]7−→ [7] where 〈x1,{(x2,4),(x1,7)}〉R 7= 7.Figure 3.1: Evaluation of ((λx1.λx2.x1) 7) 4 in Reduction Semantics of Environmental ISWIM.513.5. Environmental ISWIM - Reduction SemanticsTo apply the reduction semantics on a term, follow the following pattern repeatedly until the resultingterm is a value.1. Break the term into an evaluation context and a redex.2. Apply a notion of reduction on the redex and get a contractum.3. Plug the contractum into the evaluation context and get a new term.However, the reduction semantics does not tell how to break a term into an evaluation context and a redex.In other words, the reduction semantics does not encode a systematic strategy to search for an evaluationcontext and a redex.Property. We observe the following property that is useful in proving semantics equivalence. The multi-step relation preserves the closedness of a term. This is the same property that the previos ISWIM dialectshold.Proposition 103. If FV (c1) = /0 and c1 7−→∗ c2, then FV (c2) = /0.Evaluator. We now define an evaluator in terms of the reduction semantics of Environmental ISWIM.The evalutor is analogous to the evaluator defined in terms of the structural operational semantics of Envir-onmental ISWIM.Definition 104 (Evaluator based on Reduction Semantics of Environmental ISWIM). Let the evaluatorevalISWIM:EnvRed be a partial function from the set of programs PRGMISWIM to the set of answers ANSISWIM.evalISWIM:EnvRed : PRGMISWIM ⇀ ANSISWIMevalISWIM:EnvRed(t) =function if 〈t, /0〉 7−→∗ /(λx.t ′), ρ.n if 〈t, /0〉 7−→∗ nThis evaluator is defined in terms of the reduction semantics of Environmental ISWIM. The subscript“ISWIM:EnvRed” in evalISWIM:EnvRed denotes the reduction semantics of Environmental ISWIM.We claim that the evaluators defined in terms of the structural operational semantics and the reductionsemantics of Environmental ISWIM are equivalent.Theorem 105 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:EnvSOS(t) is Kleene equalto evalISWIM:EnvRed(t).We prove the theorem in appendices.523.6. Environmental ISWIM - CEK Abstract Machine3.6 Environmental ISWIM - CEK Abstract MachineReduction semantics can be viewed as a concise representation of an abstract machine in the sense that itabstracts away the search for an evaluation context and a redex. In contrast, an abstract machine encodes asystematic strategy to search for an evaluation context and a redex. We finish refining semantics for ISWIMby developing an abstract machine for Environmental ISWIM. The environmental abstract machine is alsoknown as the CEK machine.3.6.1 SyntaxThe definitions of terms, values, denotable terms, configurations and environments are the same as Sections3.4 and 3.5.3.6.1.1 Evaluation ContextsWe provide two definitions of evaluation contexts. The first definition is the same as the one used in Section3.5. The second one is as follows. These two definitions are equivalent and are used interchangeably at ourconvenience.Definition 106 (Evaluation Contexts: Outside-in). Let ECXT be the set of evaluation contexts.E ∈ ECXT, c ∈ CONF, v ∈ VALUE ∈ ECXT (ept)E ∈ ECXT(E c) ∈ ECXT (appL)E ∈ ECXT(v E) ∈ ECXT (appR)E ∈ ECXT(E + c) ∈ ECXT (plusL)E ∈ ECXT(v+E) ∈ ECXT (plusR)This definition is called outside-in because it makes the outermost structure of an evaluation context themost evident.3.6.1.2 Machine ConfigurationsThe states of an abstract machine are represented by machine configurations.Definition 107 (Machine Configurations). Let CFG be the set of machine configurations.C ∈ CFG, c ∈ CONF, v ∈ VALUE, E ∈ ECXTC ::= v| 〈E, c〉r| 〈E, c〉f| 〈E, v〉bThe machine operates in four modes: the value mode v, the reduce mode 〈E, c〉r, the focus mode 〈E, c〉fand the build mode 〈E, v〉b.533.6. Environmental ISWIM - CEK Abstract MachineA machine configuration 〈E, c〉? where ? ∈ {r, f,b} unloads to the configuration E[c]. Precisely, theconfiguration c in the machine configuration 〈E, c〉r needs to be a redex.3.6.2 CEK Abstract MachineWe lay out an abstract machine of Environmental ISWIM, which is known as the CEK machine, throughthe reduction relation 7−→cek and the multi-reduction relation 7−→∗cek.Definition 108 (Reduction Relation). Let the reduction relation 7−→cek be a binary relation between the setof machine configurations and the set of machine configurations.7−→cek ⊆ CFG×CFGReduce rules:〈E, /(λx.t), ρ . v〉r 7−→cek 〈E, 〈t, ρ[x 7→ v]〉〉f (r-app)〈E, n1+n2〉r 7−→cek 〈E, n〉f where n = n1+n2 (r-plus)〈E, 〈(λx.t), ρ〉〉r 7−→cek 〈E, /(λx.t), ρ.〉f (r-conf-lam)〈E, 〈x, ρ〉〉r 7−→cek 〈E, w〉f where ρ(x) = w (r-conf-var)〈E, 〈n, ρ〉〉f 7−→cek 〈E, n〉f (r-conf-num)〈E, 〈(t1 t2), ρ〉〉r 7−→cek 〈E, 〈t1, ρ〉 〈t2, ρ〉〉f (r-conf-app)〈E, 〈(t1+ t2), ρ〉〉r 7−→cek 〈E, 〈t1, ρ〉+ 〈t2, ρ〉〉f (r-conf-plus)Focus rules:〈E, 〈t, ρ〉〉f 7−→cek 〈E, 〈t, ρ〉〉r (f-conf)〈E, c1 c2〉f 7−→cek 〈E[ c2], c1〉f (f-app)〈E, /(λx.t), ρ.〉f 7−→cek 〈E, /(λx.t), ρ.〉b (f-lam)〈E, n〉f 7−→cek 〈E, n〉b (f-num)〈E, c1+ c2〉f 7−→cek 〈E[+ c2], c1〉f (f-plus)Build rules:〈, v〉b 7−→cek v (b-val)〈E[ c2], v1〉b 7−→cek 〈E[v1 ], c2〉f (b-appL)〈E[v1 ], v2〉b 7−→cek 〈E, v1 v2〉r (b-appR)〈E[+ c2], v1〉b 7−→cek 〈E[v1+], c2〉f (b-plusL)〈E[v1+], v2〉b 7−→cek 〈E, v1+ v2〉r (b-plusR)The reduction relation C1 7−→cek C2 reads as “C1 single-reduces to C2”.A machine configuration at the reduce mode, 〈E, c〉r, signifies that a proper notion of reduction can beapplied on the redex c. A machine configuration at the focus mode, 〈E, c〉f, indicates searching downwardinto the configuration c for a redex to reduce. A machine configuration at the build mode, 〈E, v〉b, returnsthe value v to the current evaluation context E. A machine configuration at the value mode, v, representsthat the value v is the result of executing the machine.543.6. Environmental ISWIM - CEK Abstract MachineIntuitively, the reduction relation 7−→cek defines a single step of computation. We define 7−→∗cek torepresent multiple (zero or more) steps of computation.Definition 109 (Multi-reduction Relation). Let the multi-reduction relation 7−→∗cek be the reflexive-transitiveclosure of the reduction relation 7−→cek.The multi-reduction relation C1 −→∗cek C2 reads as “C1 multi-reduces to C2”.The abstract machine defined above is also known as the CEK machine. C stands for control, i.e., theconfiguration under evaluation, E stands for environment, and K stands for continuation, i.e., the evaluationcontext.Example 110. Consider (λx1.λx2.x1) 7) 4 where x1 6≡ x2.We first construct a machine configuration that contains the above term with an empty evaluation contextand an empty environment and start running the machine configuration at focus mode.By the CEK machine, we have〈, 〈((λx1.λx2.x1) 7) 4, /0〉〉f 7−→∗cek 7as demonstrated in Figure 3.2.Evaluator. We now define an evaluator in terms of the CEK machine. CEK machine’s multi-reductionrelation is defined on sets of machine configurations. Given a program t, the evaluator applies the multi-transformation relation on the machine configuration 〈, 〈t, /0〉〉f in which the program is associated withan empty environment and an empty evaluation context. The evaluator is otherwise analogous to the onedefined in terms of the reduction semantics of Environmental ISWIM.Definition 111 (Evaluator based on CEK Machine). Let the evaluator evalISWIM:CEK be a partial functionfrom the set of programs PRGMISWIM to the set of answers ANSISWIM.evalISWIM:CEK : PRGMISWIM ⇀ ANSISWIMevalISWIM:CEK(t) =function if 〈, 〈t, /0〉〉f 7−→∗cek /(λx.t ′), ρ.n if 〈, 〈t, /0〉〉f 7−→∗cek nThis evaluator is defined in terms of the CEK machine. The subscript “ISWIM:CEK” in evalISWIM:CEKdenotes the CEK machine of ISWIM.We claim that the evaluators defined in terms of the reduction semantics and based on the CEK abstractmachine of Environmental ISWIM are equivalent.Theorem 112 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:EnvRed(t) is Kleene equalto evalISWIM:CEK(t).553.6. Environmental ISWIM - CEK Abstract Machine〈, 〈((λx1.λx2.x1) 7) 4, /0〉 〉f7−→cek 〈, 〈((λx1.λx2.x1) 7) 4, /0〉 〉r7−→cek 〈, 〈(λx1.λx2.x1) 7, /0〉 〈4, /0〉 〉f7−→cek 〈[ 〈4, /0〉], 〈(λx1.λx2.x1) 7, /0〉 〉f7−→cek 〈[ 〈4, /0〉], 〈(λx1.λx2.x1) 7, /0〉 〉r7−→cek 〈[ 〈4, /0〉], 〈λx1.λx2.x1, /0〉 〈7, /0〉 〉f7−→cek 〈[ 〈4, /0〉][ 〈7, /0〉], 〈λx1.λx2.x1, /0〉 〉f7−→cek 〈[ 〈4, /0〉][ 〈7, /0〉], 〈λx1.λx2.x1, /0〉 〉r7−→cek 〈[ 〈4, /0〉][ 〈7, /0〉], /λx1.λx2.x1, /0. 〉f7−→cek 〈[ 〈4, /0〉][ 〈7, /0〉], /λx1.λx2.x1, /0. 〉b7−→cek 〈[ 〈4, /0〉][/λx1.λx2.x1, /0. ], 〈7, /0〉 〉f7−→cek 〈[ 〈4, /0〉][/λx1.λx2.x1, /0. ], 〈7, /0〉 〉r7−→cek 〈[ 〈4, /0〉][/λx1.λx2.x1, /0. ], 7 〉f7−→cek 〈[ 〈4, /0〉][/λx1.λx2.x1, /0. ], 7 〉b7−→cek 〈[ 〈4, /0〉], /λx1.λx2.x1, /0. 7 〉r7−→cek 〈[ 〈4, /0〉], 〈λx2.x1, {(x1,7)}〉 〉f7−→cek 〈[ 〈4, /0〉], 〈λx2.x1, {(x1,7)}〉 〉r7−→cek 〈[ 〈4, /0〉], /λx2.x1, {(x1,7)}. 〉f7−→cek 〈[ 〈4, /0〉], /λx2.x1, {(x1,7)}. 〉b7−→cek 〈[/λx2.x1, {(x1,7)}. ], 〈4, /0〉 〉f7−→cek 〈[/λx2.x1, {(x1,7)}. ], 〈4, /0〉 〉r7−→cek 〈[/λx2.x1, {(x1,7)}. ], 4 〉f7−→cek 〈[/λx2.x1, {(x1,7)}. ], 4 〉b7−→cek 〈, /λx2.x1, {(x1,7)}. 4 〉r7−→cek 〈, 〈x1, {(x1,7),(x2,4)}〉 〉f7−→cek 〈, 〈x1, {(x1,7),(x2,4)}〉 〉r7−→cek 〈, 7 〉f7−→cek 〈, 7 〉b7−→cek 7Figure 3.2: Evaluation of ((λx1.λx2.x1) 7) 4 in the CEK Machine.563.7. Chapter SummaryWe prove the above theorem in appendices.As a corollary, the evaluators defined in terms of the Substitutional ISWIM and the CEK machine areequivalent.Corollary 113 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:SubSOS(t) is Kleeneequal to evalISWIM:CEK(t).Proof. It immediately follows from Theorems 96, 105 and 112 by the transitivity of Kleene equality.3.7 Chapter SummaryFollowing the first dimension of the semantics refinement problem, this chapter solved the following prob-lem that is less complicated than the main semantics refinement problem.Can we refine the substitutional structural operational semantics of ISWIM to a correspondingsubstitutional abstract machine, which is known as the CEK machine, and demonstrate theirequivalence?We accomplished the development progressively in several manageable steps, each of which led to an in-termediate semantics. We first studied the substitutional structural operational semantics of ISWIM. Thenwe successively developed the structural operational semantics of Explicit ISWIM, the structural opera-tional semantics of Suspended ISWIM, the structural operational semantics of Environmental ISWIM, thereduction semantics of Environmental ISWIM, and finally derived the abstract machine of EnvironmentalISWIM. The abstract machine of Environmental ISWIM is also known as the CEK machine.We defined an evaluator based on each semantics. By proving the equivalence of every two adjacentsemantics, we finally showed that the CEK machine is equivalent to the substitutional structural operationalsemantics of ISWIM.57Chapter 4Refining Semantics for MetaML:Developing the MK MachineFollowing the second dimension of simplifying the main semantics refinement problem, we study how tostepwise develop an substitutional abstract machine rather than an environmental abstract machine for themulti-stage language MetaML. The problem is restated as follows.Can we refine the substitutional structural operational semantics of MetaML to a correspondingsubstitutional abstract machine, which we call the MK machine, and demonstrate their equival-ence?Recall that Sections 3.4, 3.5 and 3.6 have shown an approach to refining a structural operational semanticsto a reduction semantics and finally to an abstract machine. We adopt the same strategy in deriving the MKmachine.4.1 MetaML - Substitutional Reduction SemanticsMetaML’s substitutional structural operational semantics has been presented in Section 2.2. Following thepath of refining a structural operational semantics to a reduction semantics as shown in Section 3.5, wederive a substitutional reduction semantics for MetaML.4.1.1 SyntaxThe definitions of terms, values and denotable terms are the same as Section 2.2.1.4.1.1.1 Evaluation ContextsSection 3.5 defined evaluation contexts to regulate the only places where an arbitrary reduction may happenin a single-stage language. We now extend the definition to accommodate the multi-stage setting.Definition 114 (Level-indexed Evaluation Contexts: Inside-out). Let ECXTi( j be the set of evaluationcontexts with inner level i and outer level j.584.1. MetaML - Substitutional Reduction SemanticsE i( j ∈ ECXTi( j, t i ∈ TERMi, vi ∈ VALUEi ∈ ECXTi(i (ept-i)E ∈ ECXTi( jE[ t i2] ∈ ECXTi( j(appL-i) E ∈ ECXTi( jE[vi1 ] ∈ ECXTi( j(appR-i)E ∈ ECXT(i+1)( jE[λx.] ∈ ECXT(i+1)( j(lambda-(i+1))E ∈ ECXTi( jE[〈〉] ∈ ECXT(i+1)( j(code-i) E ∈ ECXT(i+1)( jE[∼] ∈ ECXTi( j (splice-(i+1))E ∈ ECXTi( jE[!] ∈ ECXTi( j (run-i)E ∈ ECXTi( jE[+ t i2] ∈ ECXTi( j(plusL-i) E ∈ ECXTi( jE[vi1+] ∈ ECXTi( j(plusR-i)An evaluation context E i( j comes with an inner level i and an outer level j. The inner level i is the levelof the hole of the context, indicating the level of terms that can fill the hole. The outer level j is the level ofthe term produced by the context when the hole of the context is filled.The sole hole i(i in an evaluation context can be filled by a level-i term. E i( j[t i] is a level- j termconstructed by filling the sole hole of the evaluation context E i( j by a level-i term t i. The levels i and jin an evaluation context E i( j can be related in any of the following three ways. (1) i > j. For example, alevel-0 term !〈λx.x〉 can be represented as ([!][〈〉][λx.])1(0[x]. (2) i= j. For example, a level-0 term(λx.x) ((λx.x) 7) can be represented as ([(λx.x)])0(0[(λx.x) 7]. (3) i < j. For example, a level-1 term∼((λx.x) 〈λx.x〉) can be represented as ([∼])0(1[(λx.x) 〈λx.x〉].The definition of evaluation contexts is motivated by the structural rules of the single-step relations(Definition 36). For example, the (code-i) rulet i+11 −→i+1 t i+12〈t i+11 〉 −→i 〈t i+12 〉(code-i)tells that a code operation at level i can be evaluated by reducing its operand at level i+1. Since an evaluationcontext defines where a reduction may happen, we may replace the (code-i) rule by an evaluation context([〈〉])(i+1)(i and allow any level-(i+ 1) reduction to happen at the hole of the context. We observethe following correspondences between evaluation contexts and structural rule of the single-step relations(Definition 36). (1) The evaluation context E[ t i2] corresponds to (appL-i). (2) The evaluation contextE[vi1 ] corresponds to (appR-i). (3) The evaluation context E[λx.] corresponds to (lambda-(i+1)). (4)The evaluation context E[!] corresponds to (run-i). (5) The evaluation context E[〈〉] corresponds to(code-i). (6) The evaluation context E[∼] corresponds to (splice-i). (7) The evaluation context E[+ t i2]corresponds to (plusL-i). (8) The evaluation context E[vi1+] corresponds to (plusR-i). To get familiar with594.1. MetaML - Substitutional Reduction Semanticsthe above correspondences, consider the following example:∼〈x〉 −→1 x (splice-1)λx.∼〈x〉 −→1 λx.x (lambda-(i+1))〈λx.∼〈x〉〉 −→0 〈λx.x〉 (code-i)The level-0 term 〈λx.∼〈x〉〉 can be represented as ([〈〉][λx.])1(0[∼〈x〉]. The evaluation context ([〈〉][λx.])1(0corresponds to the structural rules (code-i) and (lambda-(i+1)).We can get the evaluation contexts that are suitable for a single-stage language such as ISWIM if weremove the rules that involve any multi-stage annotation and repeatedly apply the rules that define evaluationcontexts with an inner level 0 and an outer level 0.This definition is inside-out. An outside-in definition is provided in Definition 121.4.1.2 Substitutional Reduction SemanticsWe lay out the substitutional reduction semantics through a family of level-indexed notions of reductionR i,a family of level-indexed reduction relations 7−→i and a family of level-indexed multi-reduction relations7−→i∗.Definition 115 (Level-indexed Notions of Reduction). For any i ∈ {0,1}, let the level-indexed notions ofreductionR i be a binary relation between the set of terms at level i and the set of terms at level i.R i ⊆ TERMi×TERMi(λx.t0) v0 R0 t0[v0/x] (app-0)!〈v1〉 R0 v1 (run-0)∼〈v1〉 R1 v1 (splice-1)n1+n2 R0 n where n = n1+n2 (plus-0)The notion of reduction t i1 Ri t i2 reads as “t1 reduces to t2 at level i”. Each notion corresponds to onereduction rule of the single-step relations presented in Definition 36.Definition 116 (Level-indexed Reduction Relations). For any i ∈N, let the level-indexed reduction relation7−→i be a binary relation between the set of terms and the set of terms directly based on the notions ofreductionR j.7−→i ⊆ TERMi×TERMit j1 Rj t j2E j(i[t j1] 7−→i E j(i[t j2]The reduction relation t i1 7−→i t i2 reads as “t1 single-reduces to t2 at level i”. The above definition statesthat the reduction relation respects performing any notion of reduction in an evaluation context.Intuitively, a level-indexed reduction relation 7−→i defines a single step of computation at level i. Wedefine the level-indexed multi-reduction relation 7−→i∗ to represent multiple (zero or more) steps of compu-tation at level i.604.1. MetaML - Substitutional Reduction Semantics!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉= ([!][〈〉][λy.][ 0][∼])0(0[(λx.〈x〉) (λx.y)]7−→0 ([!][〈〉][λy.][ 0][∼])0(0[〈λx.y〉] where (λx.〈x〉) (λx.y)R0 〈λx.y〉= !〈λy.(∼〈λx.y〉 0)〉= ([!][〈〉][λy.][ 0])1(0[∼〈λx.y〉]7−→0 ([!][〈〉][λy.][ 0])1(0[λx.y] where ∼〈λx.y〉R1 λx.y= !〈λy.((λx.y) 0)〉= 0(0[!〈λy.((λx.y) 0)〉]7−→0 0(0[λy.((λx.y) 0)] where !〈λy.((λx.y) 0)〉R0 λy.((λx.y) 0)= λy.((λx.y) 0)Figure 4.1: Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in Substitutional Reduction Semantics of MetaML.Definition 117 (Level-indexed Multi-reduction Relations). For any i∈N, let the level-indexed multi-reductionrelation 7−→i∗ be the reflexive-transitive closure of the reduction relation 7−→i.The multi-reduction relation t i1 7−→i∗ t i2 reads as “t1 multi-reduces to t2 at level i”.Example 118. Consider !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉.By the substitutional reduction semantics of MetaML, we have:!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 7−→0∗ λy.((λx.y) 0)as demonstrated in Figure 4.1.A comparison of Figures 4.1 and 3.1 tells that MetaML’s substitutional reduction semantics followsthe exact same three-step break-apply-plug pattern of evaluating a program as Environmental ISWIM’sreduction semantics.Evaluator We now define an evaluator in terms of the substitutional reduction semantics of MetaML. Theevaluator is analogous to the evaluator defined in terms of the substitutional structural operational semanticsof MetaML.Definition 119 (Evaluator based on Substitutional Reduction Semantics of MetaML). Let the evaluatorevalMetaML:SubRed be a partial function from the set of programs PRGMMetaML to the set of answers ANSMetaML.evalMetaML:SubRed : PRGMMetaML ⇀ ANSMetaMLevalMetaML:SubRed(t) =function if t 7−→0∗ λx.t ′0code if t 7−→0∗ 〈v1〉n if t 7−→0∗ nThis evaluator is defined in terms of the substitutional reduction semantics. The subscript “MetaML:SubRed”in evalMetaML:SubRed denotes the substitutional reduction semantics of MetaML.We claim that the evaluators defined in terms of the substitutional structural operational semantics andthe substitutional reduction semantics of MetaML are equivalent.614.2. MetaML - MK Abstract MachineTheorem 120 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubSOS(t) is Kleeneequal to evalMetaML:SubRed(t).We prove the theorem in appendices.4.2 MetaML - MK Abstract MachineWith a systematic strategy to search for an evaluation context and a redex, we can refine MetaML’s sub-stitutional reduction semantics to a corresponding substitutional abstract machine which we call the MKmachine. This section mostly follows the path of refining Environmental ISWIM’s reduction semantics tothe CEK abstract machine as presented in Section 3.6.4.2.1 SyntaxThe definitions of terms, values and denotable terms are the same as Sections 2.2.1 and 4.1.4.2.1.1 Evaluation ContextsEvaluation contexts have been defined in Section 4.1 as inside-out. We provide an outside-in definition asfollows. These two definitions are equivalent and are used interchangeably at our convenience.Definition 121 (Level-indexed Evaluation Contexts: Outside-in). Let i, j ∈ N. Define ECXTi( j to be theset of evaluation contexts with inner level i and outer level j. ∈ ECXT j( j (ept-j)E ∈ ECXTi( j(E t j2) ∈ ECXTi( j(appL-j) E ∈ ECXTi( j(v j1 E) ∈ ECXTi( j(appR-j)E ∈ ECXTi(( j+1)λx.E ∈ ECXTi(( j+1)(lambda-(j+1))E ∈ ECXTi(( j+1)〈E〉 ∈ ECXTi( j (code-j)E ∈ ECXTi( j∼E ∈ ECXTi(( j+1)(splice-(j+1)) E ∈ ECXTi( j!E ∈ ECXTi( j (run-j)E ∈ ECXTi( j(E + t j2) ∈ ECXTi( j(plusL-j) E ∈ ECXTi( j(v j1+E) ∈ ECXTi( j(plusR-j)4.2.1.2 Machine ConfigurationsSection 3.6 defined the states of the CEK machine through four modes of machine configurations. Weextend the four-mode definition to accommodate multiple stages.Definition 122 (Machine Configurations). Let CFG be the set of machine configurations624.2. MetaML - MK Abstract MachineC ∈ CFG, t i ∈ TERMi, vi ∈ VALUEi, E i( j ∈ ECXTi( jC ::= v0| 〈i, E i(0, t i〉r| 〈i, E i(0, t i〉f| 〈i, E i(0, vi〉bThe machine operates in four modes: the value mode v0, the reduce mode 〈i, E i(0, t i〉r, the focus mode〈i, E i(0, t i〉f, the build mode 〈i, E i(0, vi〉b.A machine configuration 〈i, E i(0, t i〉? where ? ∈ {r, f,b} unloads to the configuration E i(0[t i].4.2.2 MK Abstract MachineWe lay out the substitutional abstract machine, i.e., the MK machine, through the reduction relation 7−→mkand the multi-reduction relation 7−→∗mk.Definition 123 (Reduction Relation). Let the reduction relation 7−→mk be a binary relation between the setof machine configurations and the set of machine configurations.7−→mk ⊆ CFG×CFGReduce rules: 〈i, E i(0, t i〉r〈0, E, (λx.t0) v0〉r 7−→mk 〈0, E, t0[v0/x]〉f (r-app-0)〈0, E, !〈v1〉〉r 7−→mk 〈0, E, v1〉f (r-run-0)〈1, E, ∼〈v1〉〉r 7−→mk 〈1, E, v1〉f (r-splice-1)〈0, E, n1+n2〉r 7−→mk 〈0, E, n〉f where n = n1+n2 (r-plus-0)Focus rules: 〈i, E i(0, t i〉f〈i+1, E, x〉f 7−→mk 〈i+1, E, x〉b (f-var-(i+1))〈i, E, t1 t2〉f 7−→mk 〈i, E[ t2], t1〉f (f-appL-i)〈0, E, λx.t〉f 7−→mk 〈0, E, λx.t〉b (f-lambda-0)〈i+1, E, λx.t〉f 7−→mk 〈i+1, E[λx.], t〉f (f-lambda-(i+1))〈i, E, 〈t〉〉f 7−→mk 〈i+1, E[〈〉], t〉f (f-code-i)〈i+1, E, ∼t〉f 7−→mk 〈i, E[∼], t〉f (f-splice-(i+1))〈i, E, !t〉f 7−→mk 〈i, E[!], t〉f (f-run-i)〈i, E, n〉f 7−→mk 〈i, E, n〉b (f-num-i)〈i, E, t1+ t2〉f 7−→mk 〈i, E[+ t2], t1〉f (f-plusL-i)Build rules: 〈i, E i(0, vi〉b634.2. MetaML - MK Abstract Machine〈0, , v〉b 7−→mk v (b-value-0)〈i, E[ t2], v1〉b 7−→mk 〈i, E[v1 ], t2〉f (b-appL-i)〈0, E[v1 ], v2〉b 7−→mk 〈0, E, v1 v2〉r (b-appR-0)〈i+1, E[v1 ], v2〉b 7−→mk 〈i+1, E, v1 v2〉b (b-appR-(i+1))〈i+1, E[λx.], v〉b 7−→mk 〈i+1, E, λx.v〉b (b-lambda-(i+1))〈i+1, E[〈〉], v〉b 7−→mk 〈i, E, 〈v〉〉b (b-code-(i+1))〈0, E[∼], v〉b 7−→mk 〈1, E, ∼v〉r (b-splice-0)〈i+1, E[∼], v〉b 7−→mk 〈i+2, E, ∼v〉b (b-splice-(i+1))〈0, E[!], v〉b 7−→mk 〈0, E, !v〉r (b-run-0)〈i+1, E[!], v〉b 7−→mk 〈i+1, E, !v〉b (b-run-(i+1))〈i, E[+ t2], v1〉b 7−→mk 〈i, E[v1+], t2〉f (b-plusL-i)〈0, E[v1+], v2〉b 7−→mk 〈0, E, v1+ v2〉r (b-plusR-0)〈i+1, E[v1+], v2〉b 7−→mk 〈i+1, E, v1+ v2〉b (b-plusR-(i+1))The reduction relation C1 7−→mk C2 reads as “C1 single-reduces to C2”.The intuition behind the above relation is analogous to that of CEK machine’s reduction relation. Seecomments below Definition 108.Intuitively, the reduction relation 7−→mk defines a single step of computation. We define 7−→∗mk torepresent multiple (zero or more) steps of computation.Definition 124 (Multi-reduction Relation). Let the multi-reduction relation 7−→∗mk be the reflexive-transitiveclosure of the reduction relation 7−→mk.The multi-transformation relation C1 7−→∗mk C2 reads as “C1 multi-reduces to C2”.The abstract machine defined above is also known as the MK machine. M stands for multi-stage and Kstands for continuation, i.e., the evaluation context.Evaluator. We now define an evaluator in terms of the MK machine. The MK machine’s multi-reductionrelation is defined on machine configurations. Given a program t, the evaluator applies the multi-reductionrelation on the machine configuration 〈0, , t〉f in which the program is associated with an empty evaluationcontext and is evaluated at level 0. The evaluator is otherwise analogous to the one defined in terms of thesubstitution reduction semantics of MetaML.Definition 125 (Evaluator based on MK Machine). Let the evaluator evalMetaML:MK be a partial functionfrom the set of programs PRGMMetaML to the set of answers ANSMetaML.evalMetaML:MK : PRGMMetaML ⇀ ANSMetaMLevalMetaML:MK(t) =function if 〈0, , t〉f 7−→∗mk λx.t ′0code if 〈0, , t〉f 7−→∗mk 〈v1〉n if 〈0, , t〉f 7−→∗mk n644.2. MetaML - MK Abstract Machine〈0, , !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉〉f7−→mk 〈0, [!], 〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉〉f7−→mk 〈1, [!][〈〉], λy.(∼((λx.〈x〉) (λx.y)) 0)〉f7−→mk 〈1, [!][〈〉][λy.], ∼((λx.〈x〉) (λx.y)) 0〉f7−→mk 〈1, [!][〈〉][λy.][ 0], ∼((λx.〈x〉) (λx.y))〉f7−→mk 〈0, [!][〈〉][λy.][ 0][∼], (λx.〈x〉) (λx.y)〉f7−→mk 〈0, [!][〈〉][λy.][ 0][∼][ (λx.y)], λx.〈x〉〉f7−→mk 〈0, [!][〈〉][λy.][ 0][∼][ (λx.y)], λx.〈x〉〉b7−→mk 〈0, [!][〈〉][λy.][ 0][∼][(λx.〈x〉)], λx.y〉f7−→mk 〈0, [!][〈〉][λy.][ 0][∼][(λx.〈x〉)], λx.y〉b7−→mk 〈0, [!][〈〉][λy.][ 0][∼], (λx.〈x〉) (λx.y)〉r7−→mk 〈0, [!][〈〉][λy.][ 0][∼], 〈λx.y〉〉r7−→mk 〈0, [!][〈〉][λy.][ 0][∼], 〈λx.y〉〉f7−→mk 〈1, [!][〈〉][λy.][ 0][∼][〈〉], λx.y〉f7−→mk 〈1, [!][〈〉][λy.][ 0][∼][〈〉], λx.y〉b7−→mk 〈0, [!][〈〉][λy.][ 0][∼], 〈λx.y〉〉b7−→mk 〈1, [!][〈〉][λy.][ 0], ∼〈λx.y〉〉r7−→mk 〈1, [!][〈〉][λy.][ 0], λx.y〉f7−→mk 〈1, [!][〈〉][λy.][ 0], λx.y〉b7−→mk 〈1, [!][〈〉][λy.][(λx.y)], 0〉f7−→mk 〈1, [!][〈〉][λy.][(λx.y)], 0〉b7−→mk 〈1, [!][〈〉][λy.], (λx.y) 0〉b7−→mk 〈1, [!][〈〉], λy.((λx.y) 0)〉b7−→mk 〈0, [!], 〈λy.((λx.y) 0)〉〉b7−→mk 〈0, , !〈λy.((λx.y) 0)〉〉r7−→mk 〈0, , λy.((λx.y) 0)〉f7−→mk 〈0, , λy.((λx.y) 0)〉b7−→mk λy.((λx.y) 0)Figure 4.2: Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in the MK Machine.This evaluator is defined in terms of the MK machine. The subscript “MetaML:MK” in evalMetaML:MKdenotes the MK machine of MetaML.Example 126. Consider !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉.We have:evalMetaML:MK(!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉) = functionThis is because〈0, , !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉〉f 7−→∗mk λy.((λx.y) 0)as demonstrated in Figure 4.2.The above example has appeared as Example 118. By MetaML’s substitutional reduction semantics, wehave:evalMetaML:SubRed(!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉) = functionThe evaluators defined in terms of the substitutional reduction semantics of MetaML and the MK machine654.3. Chapter Summaryagree on evaluating the the evaluation of the puzzle program !〈λa. ∼ ((λx.〈x〉)(λx.〈a〉))0〉. In fact, thesetwo evaluators agree on all programs.Theorem 127 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubRed(t) is Kleeneequal to evalMetaML:MK(t).We prove the above theorem in appendices.As a corollary, the evaluators defined in terms of the substitutional structural operational semantics ofMetaML and based on the MK machine are equivalent.Corollary 128 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubSOS(t) is Kleeneequal to evalMetaML:MK(t).Proof. It immediately follows from Theorems 120 and 127 by the transitivity of Kleene equality.4.3 Chapter SummaryFollowing the second dimension of the semantics refinement problem, this chapter solved the followingproblem that is less complicated than the main semantics refinement problem.Can we refine the substitutional structural operational semantics of MetaML to a correspondingsubstitutional abstract machine, which we call the MK machine, and demonstrate their equival-ence?Given the substitutional structural operational semantics of MetaML, as a manageable step towards devel-oping the MK machine, we developed an equivalent substitutional reduction semantics. Then based onthe substitutional reduction semantics, we developed an equivalent substitutional abstract machine, the MKmachine.We defined an evaluator for each semantics. By proving the equivalence of every two adjacent semantics,we finally showed that the MK machine is equivalent to the substitutional structural operational semanticsof MetaML.66Chapter 5Refining Semantics for MetaML:Developing the MEK MachineDeveloping an environmental abstract machine for the multi-stage language MetaML is not straightforward.On the one hand, even for a single-stage language such as ISWIM, it is challenging to refine a substitutionalstructural operational semantics to a corresponding environmental abstract machine. On the other hand, it isuneasy to refine semantics for a multi-stage language such as MetaML even if substitutions are not replacedwith environments.Chapter 3 studies how to develop an environmental abstract machine for the single-stage languageISWIM. We split the problem into two subproblems. The first subproblem is to stepwise refine the knownsubstitutional structural operational semantics to a corresponding environmental structural operational se-mantics. The crucial points of our approach include replacing meta-language substitutions by explicit sub-stitutions, modelling how an explicit substitution percolates through a term at the semantical level, delayingexplicit substitutions outside lambda abstractions and replacing cascaded explicit substitutions by environ-ments. The second subproblem is to stepwise refine the environmental structural operational semantics toa corresponding environmental abstract machine. The key to our approach is relating these two semanticsby an environmental reduction semantics because a reduction semantics is a concise representation of anabstract machine. At this point, we are unclear whether our approach to refining semantics for ISWIM isapplicable to MetaML.To understand how refining semantics for MetaML is different from ISWIM and whether our approachto refining semantics for ISWIM is applicable to MetaML, Chapter 4 studies how to develop a substitutionalabstract machine for the multi-stage language MetaML. This problem is analogous to the second subproblemof refining semantics for ISWIM. Taking the same approach, we successfully derive a substitutional abstractmachine for MetaML. After Chapter 4, we are now familiar with refining semantics for MetaML and webelieve refining semantics for MetaML is analogous to refining semantics for ISWIM.Utilising the experience of solving two less complicated semantics refinement problems in Chapters 3and 4, we concentrate on the main semantics refinement problem in this chapter. We study how to stepwisedevelop an environmental abstract machine for the multi-stage language MetaML. The problem is restatedas follows.Can we refine the substitutional structural operational semantics of MetaML to a correspond-ing environmental abstract machine, which we call the MEK machine, and demonstrate theirequivalence?Taking the approach to refining semantics in Chapter 3, we propose to first stepwise derive an environmental675.1. MetaMLstructural operational semantics for MetaML and then refine the semantics to an environmental abstractmachine. We also draw lessons from Chapter 4 for refining a structural operational semantics to an abstractmachine for MetaML.5.1 MetaMLFor convenience, this section revisits the substitutional structural operational semantics of MetaML, whichhas been intensively studied in Section 2.2.Terms, Values and Denotable Terms. Terms, values and denotable terms have been defined in Section2.2 using inductive rules. We present an equivalent definition in Backus Naur Form (BNF) as follows.Definition 129 (Terms, Values and Denotable Terms). For any i ∈ N, let TERMi be the set of level-indexedterms at level i and VALUEi be the set of level-indexed values at level i. Let DENOTABLE be the set ofdenotable terms.x ∈ VAR, i,n ∈ N, t i ∈ TERMi, vi ∈ VALUEi, w ∈ DENOTABLEt0 ::= x | t0 t0 | λx.t0 | 〈t1〉 | !t0 | n | t0+ t0t i+1 ::= x | t i+1 t i+1 | λx.t i+1 | 〈t i+2〉 | ∼t i | !t i+1 | n | t i+1+ t i+1v0 ::= λx.t0 | 〈v1〉 | nv1 ::= x | v1 v1 | λx.v1 | 〈v2〉 | !v1 | n | v1+ v1vi+2 ::= x | vi+2 vi+2 | λx.vi+2 | 〈vi+3〉 | ∼vi+1 | !vi+2 | n | vi+2+ vi+2w ::= x | v0Given how concise the above BNF definition is, we can more clearly present the syntax changes betweendifferent dialects of MetaML.Alpha Equivalence Relation. Section 3.1.1.4 presents the alpha equivalence for the single-languageISWIM and justifies why such a relation is necessary for proving equivalence of semantics of differentdialects of ISWIM or MetaML. We extend the definition of alpha equivalence for ISWIM (Definition 50) toaccommodate the multi-stage setting.Definition 130 (Alpha Equivalence Relation). Let the alpha equivalence relation ∼α be a binary relation onterms.685.2. Explicit MetaML∼α ⊆ TERM×TERMx∼α x (var)t11 ∼α t21 t12 ∼α t22(t11 t12)∼α (t21 t22) (app)t1[x3/x1]∼α t2[x3/x2](λx1.t1)∼α (λx2.t2) where x3 /∈ FV (t1)∪FV (t2) (lam)t1 ∼α t2〈t1〉 ∼α 〈t2〉 (code)t1 ∼α t2∼t1 ∼α ∼t2 (splice)t1 ∼α t2!t1 ∼α !t2 (run)t11 ∼α t21 t12 ∼α t22(t11+ t12)∼α (t21+ t22) (plus) n∼α n (num)The alpha equivalence relation makes proving equivalence of semantics easier. In many cases, we mayreplace a term by its alpha equivalent term in a proof at our convenience.Properties. We observe the following properties that are useful in proving semantics equivalence. (1) Thesingle-step relation preserves alpha equivalence. (2) The multi-step relation preserves the closedness of aterm. They are the same properties that Substitutional ISWIM holds.Proposition 131. If t i1 ∼α t i2 and t i1 −→i t i11, then t i2 −→i t i21 and t i11 ∼α t i21.Proposition 132. If FV (t i1) = /0 and ti1 −→∗i t i2, then FV (t i2) = /0.5.2 Explicit MetaMLFollowing the path of refining Substitutional ISWIM to Explicit ISWIM in Section 3.2, we refine Substi-tutional MetaML to Explicit MetaML. Explicit MetaML replaces Substitutional MetaML’s meta-languagesubstitutions (e.g., t[w/x]) by explicit substitutions (e.g., t[x := w]) and models how an explicit substitutionpercolates through a term at the semantical level.5.2.1 SyntaxWe first define the basic syntax of Explicit MetaML: source terms, runtime terms, values and denotableterms. Then we define the free variable function, the substitution function and the alpha equivalence relation.5.2.1.1 Source Terms, Runtime Terms, Values and Denotable TermsDefinition 133 (Source Terms, Runtime Terms, Values and Denotable Terms). For any i ∈ N, let STERMibe the set of level-indexed source terms at level i, RTERMi be the set of level-indexed runtime terms at leveli and VALUEi be the set of level-indexed values at level i. Let DENOTABLE be the set of denotable terms.695.2. Explicit MetaMLx ∈ VAR, i,n ∈ N, t is ∈ STERMi, t i ∈ RTERMi, vi ∈ VALUEi, w ∈ DENOTABLEt0s := x | t0s t0s | λx.t0s | 〈t1s 〉 | !t0s | n | t0s + t0st i+1s := x | t i+1s t i+1s | λx.t i+1s | 〈t i+2s 〉 | ∼t is | !t i+1s | n | t i+1s + t i+1st0 := x | t0 t0 | λx.t0 | 〈t1〉 | !t0 | n | t0+ t0 | λx.t0 | t0[x := w]t i+1 := x | t i+1 t i+1 | λx.t i+1 | 〈t i+2〉 | ∼t i | !t i+1 | n | t i+1+ t i+1 | λx.t0 | t i[x := w]v0 := 〈v1〉 | n | λx.t0v1 := x | v1 v1 | λx.v1 | 〈v2〉 | !v1 | n | v1+ v1 | λx.t0vi+2 := x | vi+2 vi+2 | λx.vi+2 | 〈vi+3〉 | ∼vi+1 | !vi+2 | n | vi+2+ vi+2 | λx.t0w := x | v0The set of source terms of Explicit MetaML is the same as the set of terms of Substitutional MetaML.Explicit MetaML has been enhanced with an explicit substitution t i[x := w], which means that each freeoccurrence of the variable x in the term t i needs to be substituted by the denotable term w. Evaluating anexplicit substitution takes steps.To make Explicit MetaML be consistent with Substitutional MetaML, we must ensure that a value atone level must be a value at any higher level. To preserve this property in Explicit MetaML, we introducean underlined lambda abstraction, λx.t0. To understand the necessity of this change of syntax, consider theexample of substituting a lambda abstraction for a variable where the variable is at a level higher than 0.Since a lambda abstraction acts as a denotable term, it must be a level-0 value. When the substitution isperformed, the lambda abstraction is at a level higher than 0. We only perform substitution reduction for thebody of a lambda abstraction at a level higher than 0. Although the lambda abstraction is a level-0 value, itmay not be a value at a level higher than 0. We explain the reason in more detail through Example 142 afterpresenting the semantics.Explicit MetaML differs from Substitutional MetaML in what terms count as values. A (conventional)lambda abstraction λx.t0 is no longer a value at level 0. An underlined lambda abstraction λx.t0 is a valueat any level. We usually call λx.vi+1 a level-(i+1) lambda value and call λx.t0 a level-0 lambda value.5.2.1.2 Free Variable FunctionWe define the free variable function by extending Substitutional MetaML’s Definition 24 to accommodateunderlined lambda abstractions and explicit substitutions.Definition 134 (Free Variable Function). Let the free variable function FV be a total function from the setof runtime terms to the power set of variables.705.2. Explicit MetaMLFV : RTERM −→P(VAR)............FV (λx.t) = FV (λx.t) (10)FV (t[x := w]) = (FV (t)\{x})∪FV (w) (11)Equations (1)-(9) are the same as Definition 20 in Substitutional MetaML. Equation (10) is trivial.Equation (11) is analogous to Equation (6) of Explicit ISWIM’s free variable function (Definition 64).5.2.1.3 Substitution FunctionWe define the substitution function by extending Substitutional MetaML’s Definition 24 to accommodateunderlined lambda abstractions and explicit substitutions.Definition 135 (Substitution Function). Let the substitution function ·[·/·] be a partial function from the3-tuple of the set of runtime terms, the set of denotable terms and the set of variables, to the set of runtimeterms.·[·/·] : (RTERM×DENOTABLE×VAR)→ RTERM............(λx1.t0)[w/x2] = λx3.t0[x3/x1][w/x2]where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (10)(t0[x1 := w1])[w2/x2] = t0[x3/x1][w2/x2][x3 := w1[w2/x2]]where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (11)Equations (1)-(9) are the same as Definition 24 in Substitutional MetaML. Equation (10) is analogousto Equation (4). Equation (11) is analogous to Equation (6) of Explicit ISWIM’s Definition 65.5.2.1.4 Alpha Equivalence RelationWe define the alpha equivalence relation by extending Substitutional MetaML’s Definition 130 to accom-modate underlined lambda abstractions and explicit substitutions.Definition 136 (Alpha Equivalence Relation). Let the alpha equivalence relation ∼α be a binary relation onruntime terms.715.2. Explicit MetaML∼α ⊆ RTERM×RTERM...t1[x3/x1]∼α t2[x3/x2](λx1.t1)∼α (λx2.t2) where x3 /∈ FV (t1)∪FV (t2) (lamu)w1 ∼α w2 t1[x3/x1]∼α t2[x3/x2](t1[x1 := w1])∼α (t2[x2 := w2]) where x3 /∈ FV (t1)∪FV (t2) (sub)All rules except the (sub) rule are the same as Definition 130 in Substitutional MetaML. The (lamu) ruleis analogous to the (lam) rule. The (sub) rule is analogous to the (sub) rule of Explicit ISWIM’s Definition66.5.2.2 Structural Operational SemanticsWe lay out the structural operational semantics of Explicit MetaML through the level-indexed single-steprelations −→i, the level-indexed single-step substitution reduction relations −→xi, the level-indexed multi-step substitution reduction relations −→xi∗ and the level-indexed multi-step relations −→i∗.Definition 137 (Level-indexed Single-step Relations). For any i ∈ N, let the level-indexed single-step rela-tion −→i be a binary relation between the set of runtime terms at level i and the set of runtime terms at leveli.−→i⊆ RTERMi×RTERMiλx.t0 −→0 λx.t0 (lambda-0)t i+11 −→i+1 t i+12λx.t i+11 −→i+1 λx.t i+12(lambda-(i+1))t i11 −→i t i12t i11 ti2 −→i t i12 t i2(appL-i)t i21 −→i t i22vi1 ti21 −→i vi1 t i22(appR-i)(λx.t0) v0 −→0 t0[x := v0] (app-0)t i1 −→i t i2!t i1 −→i !t i2(run-i)!〈v1〉 −→0 v1 (run-0)t i+11 −→i+1 t i+12〈t i+11 〉 −→i 〈t i+12 〉(code-i)t i1 −→i t i2∼t i1 −→i+1 ∼t i2(splice-(i+1)) ∼〈v1〉 −→1 v1 (splice-1)725.2. Explicit MetaMLt i11 −→i t i12t i11+ ti2 −→i t i12+ t i2(plusL-i)t i21 −→i t i22vi1+ ti21 −→i vi1+ t i22(plusR-i)n1+n2 −→0 nwhere n = n1+n2 (plus-0)The (app-0) rule is different from Substitutional MetaML and is analogous to the (app) rule of ExplicitISWIM’s Definition 67. The (lambda-0) rule is new, corresponding to the definition of level-0 values. Thereis no equivalent of the (lambda-(i+1)) rule for underlined lambda abstractions because an underlined lambdaabstraction is a value at any level.The definition of the level-indexed single-step relations is currently incomplete because the percolationof explicit substitutions has not been defined yet.To show how explicit substitutions percolate, we define new relations t i[x := w]−→xi t i for substitutionreductions. The new relations ensure that explicit substitutions percolate deterministically.Definition 138 (Level-indexed Single-step Substitution Reduction Relations). For any i ∈ N, let the level-indexed single-step substitution reduction relation −→xi be a binary relation between the set of runtimeterms at level i and the set of runtime terms at level i.−→xi⊆ RTERMi×RTERMix[x := w]−→xi w (var-eq-subst) x1[x2 := w]−→xi x1where x1 6≡ x2 (var-df-subst)n[x := w]−→xi n (num-subst)(t i1 ti2)[x := w]−→xi (t i1[x := w]) (t i2[x := w])(app-subst)(t i1+ ti2)[x := w]−→xi (t i1[x := w])+(t i2[x := w])(plus-subst)(λx1.t i)[x2 := w]−→xi λx3.t i[x1 := x3][x2 := w]where x3 /∈ FV (λx1.t i)∪FV (w)∪{x2} (lam-subst)(λx1.t0)[x2 := w]−→xi λx3.t0[x1 := x3][x2 := w]where x3 /∈ FV (λx1.t0)∪FV (w)∪{x2} (lamu-subst)〈t i+1〉[x := w]−→xi 〈t i+1[x := w]〉 (code-subst)(!t i)[x := w]−→xi !t i[x := w] (run-subst)(∼t i)[x := w]−→x(i+1) ∼t i[x := w] (splice-subst)t i1[x1 := w1]−→xi t i2t i1[x1 := w1][x2 := w2]−→xi t i2[x2 := w2](subst-subst)735.2. Explicit MetaMLMost rules describe how explicit substitutions behave when encountering other terms in the language.Every rule except the (lamu-subst) rule and the (subst-subst) rule correspond to an equation of SubstitutionalMetaML’s substitution function (Definition 24). The (subst-subst) rule is analogous to the (subst-subst)rule of Explicit ISWIM’s single-step substitution reduction relation, implying that only a single-step ofsubstitution reduction may happen underneath an explicit substitution. The (lamu-subst) rule accommodatesthe newly invented underlined lambda abstraction and is analogous to the (lam-subst) rule.Every single-step substitution reduction counts as a single step of computation. Thus we add the follow-ing (inj-subst) rule to the definition of the level-indexed single-step relations, Definition 138.t i1 −→i t i2where t i1 −→xi t i2 (inj-subst)Definition 139 (Level-indexed Multi-step Substitution Reduction Relations). For any i ∈ N, let the level-indexed multi-step substitution reduction relation −→xi∗ be the reflexive-transitive closure of the level-indexed single-step substitution reduction relation −→xi.Definition 140 (Level-indexed Multi-step Relations). For any i∈N, let the level-indexed multi-step relation−→i∗ be the reflexive-transitive closureof the level-indexed single-step relation −→i.Example 141. Consider !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉.By the structural operational semantics of Explicit MetaML, we have:!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉−→0 !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉−→0 !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉−→0 !〈λy.(∼(〈x〉[x := (λx.y)]) 0)〉−→0 !〈λy.(∼(〈x[x := (λx.y)]〉) 0)〉−→0 !〈λy.(∼〈λx.y〉 0)〉−→0 !〈λy.((λx.y) 0)〉−→0 λy.((λx.y) 0)−→0 λy.((λx.y) 0)As a comparison, by the substitutional structural operational semantics of MetaML, we have:!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉−→0 !〈λy.(∼(〈x〉[(λx.y)/x]) 0)〉= !〈λy.(∼(〈x[(λx.y)/x]〉) 0)〉= !〈λy.(∼〈λx.y〉 0)〉−→0 !〈λy.((λx.y) 0)〉−→0 λy.((λx.y) 0)Explicit MetaML takes eight single-steps while Substitutional MetaML completes the execution in threesingle-steps. Some of these right steps are percolating an explicit substitution through a term and the restare turning a lambda abstraction to its underlined counterpart.745.2. Explicit MetaMLExample 142. Suppose x2 6≡ x3 and w ∈ DENOTABLE. Consider (λx1.〈x1〉) ((λx2.(λx3.x2)) w).By the structural operational semantics of Explicit MetaML, we have:(λx1.〈x1〉) ((λx2.(λx3.x2)) w)−→0 (λx1.〈x1〉) ((λx2.(λx3.x2)) w)−→0 (λx1.〈x1〉) ((λx3.x2)[x2 := w])−→0 (λx1.〈x1〉) (λx4.x2[x3 := x4][x2 := w]) where x4 /∈ FV (λx3.t)∪FV (w)∪{x3}−→0 (λx1.〈x1〉) (λx4.x2[x3 := x4][x2 := w])−→0 〈x1〉[x1 := (λx4.x2[x3 := x4][x2 := w])]−→0 〈x1[x1 := (λx4.x2[x3 := x4][x2 := w])]〉−→0 〈λx4.x2[x3 := x4][x2 := w]〉Suppose we had not introduced the underlined lambda abstraction to Explicit MetaML, the above ex-ample would become:(λx1.〈x1〉) ((λx2.(λx3.x2)) w)−→0 (λx1.〈x1〉) ((λx3.x2)[x2 := w])−→0 (λx1.〈x1〉) (λx4.x2[x3 := x4][x2 := w]) where x4 /∈ FV (λx3.t)∪FV (w)∪{x3}−→0 〈x1〉[x1 := (λx4.x2[x3 := x4][x2 := w])]−→0 〈x1[x1 := (λx4.x2[x3 := x4][x2 := w])]〉−→0 〈λx4.x2[x3 := x4][x2 := w]〉−→0 〈λx4.x2[x2 := w]〉−→0 〈λx4.w〉After two single-steps, the lambda abstraction λx4.x2[x3 := x4][x2 := w] is a level-0 value. Then it becomesa denotable term in the next step and shall be identified as a denotable term at all times ever since. However,after five single-steps, the lambda abstraction λx4.x2[x3 := x4][x2 := w] is put into the context of level 1. Wecan apply the (lambda-(i+1)) rule to evaluate the body of the lambda abstraction at level 1. This destroys theproperty that a value at one level must be a value at any higher level, making Explicit MetaML inconsist-ent with Substitutional MetaML. To avoid this awkward circumstance, we let a level-0 lambda abstractionsingle-step to its underlined counterpart and make it a value at any level to prevent it from being reduced athigher levels.In Explicit MetaML, explicit substitutions stop within the top of the body of a level-0 lambda value,even if it sits at higher level. This plays into the development of the analogous conception closures inEnvironmental MetaML.Properties. We observe the following properties, which are useful in proving semantics equivalence. (1)The single-step relation preserves alpha equivalence. (2) The multi-step relation preserves the closedness ofa runtime term. These are the same properties that Substitutional MetaML holds and are analogous to theones that Explicit ISWIM holds.755.3. Suspended MetaMLProposition 143. If t i1 ∼α t i2 and t i1 −→i t i11, then t i2 −→i t i21 and t i11 ∼α t i21.Proposition 144. If FV (t i1) = /0 and ti1 −→∗i t i2, then FV (t i2) = /0.Evaluator. We now define an evaluator in terms of the structural operational semantics of ExplicitMetaML. The evaluator is analogous to the one defined in terms of Substitutional MetaML.Definition 145 (Evaluator based on Structural Operational Semantics of Explicit MetaML). Define theevaluator evalMetaML:ExpSOS to be a partial function from the set of programs PRGMMetaML to the set ofanswers ANSMetaML.evalMetaML:ExpSOS : PRGMMetaML ⇀ ANSMetaMLevalMetaML:ExpSOS(t) =function if t −→0∗ λx.t ′0code if t −→0∗ 〈v1〉n if t −→0∗ nThis evaluator is defined based on the structural operational semantics of Explicit MetaML. The sub-script “MetaML:ExpSOS” in evalMetaML:ExpSOS denotes the structural operational semantics of Explicit MetaML.We claim that the evaluators defined based on Substitutional MetaML and Explicit MetaML are equi-valent.Theorem 146 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubSOS(t) is Kleeneequal to evalMetaML:ExpSOS(t).We prove the theorem in the appendices.5.3 Suspended MetaMLFollowing the path of refining Explicit ISWIM to Suspended ISWIM as presented in Section 3.3, we re-fine Explicit MetaML to Suspended MetaML. Suspended MetaML delays explicit substitutions outsideof a level-0 lambda value until the lambda abstraction is called in an application. When performing anapplication at level 0, Suspended MetaML promotes substitution for the lambda bound variable to thefront and overwrites any existing explicit substitution for that variable. That is, a level-0 application(λx.t0)[xi := wi] v0 single-steps to t0[x := v0][xi := wi] in Suspended MetaML. This transformation mo-tivates introducing additional complexity in the ensuing dialects of MetaML. Proving the correctness ofthis transformation for Suspended MetaML is substantially more complex than for Suspended ISWIM. Weintroduce a notion of well-boundness judgement to help justify this transformation.5.3.1 SyntaxWe first define the basic syntax of the language: source terms, runtime terms, values and denotable terms.Then we define the free variable function, the substitution function and the alpha equivalence relation.765.3. Suspended MetaML5.3.1.1 Source Terms, Runtime Terms, Values and Denotable TermsDefinition 147 (Source Terms, Runtime Terms, Values and Denotable Terms). For any i ∈ N, let STERMibe the set of level-indexed source terms at level i, RTERMi be the set of level-indexed runtime terms at leveli and VALUEi be the set of level-indexed values at level i. Let DENOTABLE be the set of denotable terms.x ∈ VAR, i,n ∈ N, t is ∈ STERMi, t i ∈ RTERMi, vi ∈ VALUEi, w ∈ DENOTABLEt0s := x | t0s t0s | λx.t0s | 〈t1s 〉 | !t0s | n | t0s + t0st i+1s := x | t i+1s t i+1s | λx.t i+1s | 〈t i+2s 〉 | ∼t is | !t i+1s | n | t i+1s + t i+1st0 := x | t0 t0 | λx.t0 | 〈t1〉 | !t0 | n | t0+ t0 | λx.t0 | t0[x := w]t i+1 := x | t i+1 t i+1 | λx.t i+1 | 〈t i+2〉 | ∼t i | !t i+1 | n | t i+1+ t i+1 | λx.t0 | t i[x := w] | λˆx.t i+1v0 := 〈v1〉 | n | (λx.t0)[x := w]v1 := x | v1 v1 | λx.v1 | 〈v2〉 | !v1 | n | v1+ v1 | (λx.t0)[x := w]vi+2 := x | vi+2 vi+2 | λx.vi+2 | 〈vi+3〉 | ∼vi+1 | !vi+2 | n | vi+2+ vi+2 | (λx.t0)[x := w]w := x | v0In Explicit MetaML, a level-0 lambda value λx.t0 is a value at any level. Since Suspended MetaML doesnot push explicit substitutions into an underlined lambda abstraction, a level-0 lambda value surrounded byexplicit substitutions, (λx.t0)[x := w], is a value at any level.Suspended MetaML evaluates the level-0 application (λx.t0)[xi := wi] v0 to t0[x := v0][xi := wi] ratherthan t0[x := xN ][xi := wi][xN := v0] (where xN is a fresh variable). To make it sound with respect to ExplicitMetaML, we need to ensure that FV (v0)∩ (⋃i{xi}) = /0. In Suspended MetaML, the only way that v0can have free variables is as a result of performing an evaluation under lambdas at levels higher than 0.It is sufficient to make sure that whenever we go under a lambda during an evaluation at a level higherthan 0, the lambda bound variable gets renamed to a fresh variable so that it is guaranteed not to clashwith other variables. That is, when evaluating a lambda abstraction λx.t i+1 where t i+1 /∈ VALUEi+1, werename the lambda bound variable x to a globally fresh variable xN , resulting in λxN .t i+1[x := xN ], whichis observationally equivalent to λx.t i+1. To avoid falling in a loop of renaming the lambda bound variable,we replace λ by its hatted counterpart λˆ to explicitly indicate that such a renaming has been done. Thisexplains why we need a hatted lambda abstraction in Suspended MetaML. We demonstrate this in detail inExample 157.5.3.1.2 Free Variable FunctionWe define the free variable function by extending Explicit MetaML’s Definition 134 to accommodate hattedlambda abstractions.Definition 148 (Free Variable Function). Let the free variable function FV be a total function from the set775.3. Suspended MetaMLof runtime terms to the power set of variables.FV : RTERM −→P(VAR)............FV (λˆx.t) = FV (λx.t) (11)Equations (1)-(10) are the same as Definition 134 in Explicit MetaML. Equation (11) tells that the freevariables of a hatted lambda abstraction is the same as its unhatted counterpart.5.3.1.3 Substitution FunctionWe define the substitution function by extending Explicit MetaML’s Definition 135 to accommodate hattedlambda abstractions.Definition 149 (Substitution Function). Let the substitution function ·[·/·] be a partial function from the3-tuple of the set of runtime terms, the set of denotable terms and the set of variables, to the set of runtimeterms.·[·/·] : (RTERM×DENOTABLE×VAR)→ RTERM............(λˆx1.t0)[w/x2] = λˆx3.t0[x3/x1][w/x2]where x3 /∈ FV (λˆx1.t0)∪FV (w)∪{x2} (12)Equations (1)-(11) are the same as Definition 135 in Explicit MetaML. Equation (12) is analogous toEquations (4) and (10).5.3.1.4 Alpha Equivalence RelationWe define the alpha equivalence relation by extending Explicit MetaML’s Definition 136 to accommodatehatted lambda abstractions.Definition 150 (Alpha Equivalence Relation). Let the alpha equivalence relation ∼α be a binary relation onruntime terms.∼α ⊆ RTERM×RTERM...t1[x3/x1]∼α t2[x3/x2](λˆx1.t1)∼α (λˆx2.t2)where x3 /∈ FV (t1)∪FV (t2) (lamh)All rules except (lamh) are the same as Definition 136 in Explicit MetaML. The (lamh) rule is analogousto the (lam) rule and the (lamu) rule.785.3. Suspended MetaML5.3.2 Structural Operational SemanticsWe lay out the structural operational semantics of Suspended MetaML through the level-indexed single-steprelations −→i, the level-indexed single-step substitution reduction relations −→xi, the global single-steprelation .−→ , the level-indexed multi-step substitution reduction relations −→xi∗, the level-indexed multi-step relations −→i∗ and the global multi-step relation .−→∗.Definition 151 (Level-indexed Single-step Relations). For any i ∈ N, let the level-indexed single-step re-lation −→i be a 5-ary relation on the power set of variables, the power set of variables, the power set ofvariables, the set of runtime terms at level i and the set of runtime terms at level i.−→i ⊆ P(VAR)×P(VAR)×P(VAR)×RTERMi×RTERMiU ;V ;X ` (λx.t0)[x j := w j]−→0 (λx.t0)[x j := w j](lambda-0)U ;V ;X ` λx.t i+1 −→i+1 λˆxN .t i+1[x := xN ]where t i+1 /∈ VALUEi+1 and xN /∈X (lambda-(i+1)-t)U ∪{x};V ∪{x};X ` t i+11 −→i+1 t i+12U ;V ;X ` λˆx.t i+11 −→i+1 λˆx.t i+12(lambda-(i+1)-r)U ;V ;X ` λˆx.vi+1 −→i+1 λx.vi+1(lambda-(i+1)-v)U ;V ;X ` t i11 −→i t i12U ;V ;X ` t i11 t i2 −→i t i12 t i2(appL-i)U ;V ;X ` t i21 −→i t i22U ;V ;X ` vi1 t i21 −→i vi1 t i22(appR-i)U ;V ;X ` (λx.t0)[xi := wi] v0 −→0 t0[x := v0][xi := wi](app-0)U ;V ;X ` t i1 −→i t i2U ;V ;X ` !t i1 −→i !t i2(run-i)U ;V ;X ` !〈v1〉 −→0 v1 (run-0)U ;V ;X ` t i+11 −→i+1 t i+12U ;V ;X ` 〈t i+11 〉 −→i 〈t i+12 〉(code-i)U ;V ;X ` t i1 −→i t i2U ;V ;X ` ∼t i1 −→i+1 ∼t i2(splice-(i+1))U ;V ;X ` ∼〈v1〉 −→1 v1 (splice-1)U ;V ;X ` t i11 −→i t i12U ;V ;X ` t i11+ t i2 −→i t i12+ t i2(plusL-i)U ;V ;X ` t i21 −→i t i22U ;V ;X ` vi1+ t i21 −→i vi1+ t i22(plusR-i)U ;V ;X ` n1+n2 −→0 nwhere n = n1+n2 (plus-0)U ;V ;X ` t i1 −→i t i2whereU ;V ;X ` t i1 −→xi t i2 (inj-subst)795.3. Suspended MetaMLDefinition 152 (Level-indexed Single-step Substitution Reduction Relations). For any i ∈ N, let the level-indexed single-step substitution reduction relation −→xi be a 5-ary relation on the power set of variables,the power set of variables, the power set of variables, the set of runtime terms at level i and the set of runtimeterms at level i.−→xi⊆P(VAR)×P(VAR)×P(VAR)×RTERMi×RTERMiU ;V ;X ` x[x := w]−→xi w (var-eq-subst)U ;V ;X ` x1[x2 := w]−→xi x1where x1 6≡ x2 (var-df-subst)U ;V ;X ` n[x := w]−→xi n (num-subst)U ;V ;X ` (t i1 t i2)[x := w]−→xi (t i1[x := w]) (t i2[x := w])(app-subst)U ;V ;X ` (t i1+ t i2)[x := w]−→xi (t i1[x := w])+(t i2[x := w])(plus-subst)U ;V ;X ` (λx1.t i+1)[x2 := w]−→x(i+1) λxN .t i+1[x1 := xN ][x2 := w]where xN /∈X (lam-subst)no (lamu-subst)U ;V ;X ` 〈t i+1〉[x := w]−→xi 〈t i+1[x := w]〉 (code-subst)U ;V ;X ` (!t i)[x := w]−→xi !t i[x := w] (run-subst)U ;V ;X ` (∼t i)[x := w]−→x(i+1) ∼t i[x := w] (splice-subst)U ∪{x2};V ;X ` t i1[x1 := w1]−→xi t i2U ;V ;X ` t i1[x1 := w1][x2 := w2]−→xi t i2[x2 := w2](subst-subst)The level-indexed single-step relationU ;V ;X ` t i1−→i t i2 reads as “t1 single-steps to t2 at level i boundby U , V andX ”.To make a small-step when evaluating a program, we need to repeatedly apply the structural rules untilwe find a subterm of the program on which a reduction rule can be applied. Suppose we have found sucha subterm t i1 that is reducible and we have U ;V ;X ` t i1 −→i t i2. As illustrated by the (subst-subst) ruleand the (lambda-(i+1)-r) rule, the free variables of the term t i1 must be bound by any means (i.e., explicitsubstitutions or hatted lambda bound variables) in the surrounding scope, which are tracked byU . The freevariables of the term t i1 that are bound by hatted lambda bound variables are also tracked by the variableset V because the well-boundness judgement introduced in Definition 159 needs to pay special attention tothese variables. Both of the variable sets U and V play important roles in justifying the (app-0) rule. Thevariable set X records all variables in the subterm t i1 and its surrounding scope. We need the variable setX to determine whether a variable is fresh in the sense that it has not appeared in the term being currentlyevaluated or in its surrounding scope. The variable sets U , V and X help specify the well-boundness805.3. Suspended MetaMLproperty of terms (Proposition 161).The (app-0) rule is refined from the following (app-0-naive) rule.U ;V ;X ` (λx.t0)[xi := wi] v0 −→0 t0[x := x0][xi := wi][x0 := v0]wherex0 /∈ FV (λx.t0)∪⋃i(FV (wi)∪{xi})(app-0-naive)The (app-0-naive) rule is semantically correct but not ideal. We want to eliminate renamings in any level-0application, but the (app-0-naive) rule still renames the lambda bound variable.Observe that if FV (v0)∩(⋃i{xi}) = /0, then we can promote the substitution [x0 := v0] to the front of theexplicit substitutions [xi := wi]. Then we can eliminate renaming the lambda bound variable x by combining[x := x0] and [x0 := v0] to [x := v0]. It is provable that when the (app-0) rule is applied to a subterm of anintermediate result of evaluating a program, we have FV (v0)∩(⋃i{xi}) = /0. We discuss the intuition behindthis after presenting the well-boundness judgement whose primary purpose is to help complete this proof.Since the ultimate goal of the main refinement problem is to develop an environmental operationalsemantics for MetaML, the (app-0) rule promotes the substitution for the underlined lambda bound variableto the front, superseding any existing explicit substitution for that variable, which is close to the operationof updating an environment in Environmental MetaML that is introduced in the next section.Explicit MetaML’s (lambda-(i+1)) rule is replaced with three (lambda-(i+1)-?) rules in SuspendedMetaML. To evaluate a level-(i+ 1) lambda abstraction, if its body is not a level-(i+ 1) value, we firstapply the (lambda-(i+1)-t) rule to rename the lambda bound variable to a fresh variable that has not oc-curred in the current term being evaluated and in the surrounding scope and replace λ by λˆ to indicatesuch a renaming is done. It is important to check whether the lambda abstraction is already a value beforerenaming the lambda bound variable, which ensures no unnecessary renaming can happen. Checking this isa deep syntactic operation in Suspended MetaML but becomes a shallow check in the MEK machine. Thenwe repeatedly apply the (lambda-(i+1)-r) rule to reduce its body until it is a value. Finally we apply the(lambda-(i+1)-v) rule to change λˆ back to λ . Suspended MetaML forces the renaming to make the (app-0) rule sound. Example 157 shows evaluations would behave unexpectedly if Suspended MetaML usedExplicit MetaML’s (lambda-(i+1)) rule instead.The (lam-subst) rule no longer concerns level 0 because a level-0 lambda abstraction surrounded byexplicit substitutions single-steps to its underlined counterpart which is a level-0 value. There is no (lamu-subst) rule because an underlined lambda abstraction surrounded by explicit substitutions is a value at anylevel.To apply the level-indexed single-step relation on a program, the variable sets U ;V ;X need to beproperly initialised. Moreover, from a user’s perspective, the only interface to the single-step relation shouldbe the program to be evaluated. We define the global single-step relation, which initialises the variable setsU ;V ;X by itself and only shows what an entire program single-steps to.Definition 153 (Global Single-step Relation). Let the global single-step relation .−→ be a binary relationbetween the set of level-0 runtime terms and the set of level-0 runtime terms.. t01 −→ t02 if and only if /0; /0; VAR(t01) ` t01 −→0 t02815.3. Suspended MetaMLThe global single-step relation . t01 −→ t02 reads as “t1 single-steps to t2”.Definition 154 (Level-indexed Multi-step Substitution Reduction Relations). For any i ∈ N, let the multi-step substitution reduction relation −→xi∗ be a 5-ary relation on the power set of variables, the power set ofvariables, the power set of variables, the set of runtime terms at level i and the set of runtime terms at level idirectly based on the level-indexed single-step substitution relation −→xi.−→xi∗⊆P(VAR)×P(VAR)×P(VAR)×RTERMi×RTERMiU ;V ;X ` t i1 −→xi∗ t i2where U ;V ;X `t i1 −→xi t i2 (step) U ;V ;X ` t i −→xi∗ t i (refl)U ;V ;X ` t i1 −→xi∗ t i2 U ;V ;X ∪VAR(t i2) ` t i2 −→xi∗ t i3U ;V ;X ` t i1 −→xi∗ t i3(trans)Definition 155 (Level-indexed Multi-step Relations). For any i∈N, let the level-indexed multi-step relation−→i∗ be a 5-ary relation on the power set of variables, the power set of variables, the power set of variables,the set of runtime terms at level i and the set of runtime terms at level i directly based on the level-indexedsingle-step relation −→i.−→i∗⊆P(VAR)×P(VAR)×P(VAR)×RTERMi×RTERMiU ;V ;X ` t i1 −→i∗ t i2where U ;V ;X `t i1 −→i t i2 (step) U ;V ;X ` t i −→i∗ t i (refl)U ;V ;X ` t i1 −→i∗ t i2 U ;V ;X ∪VAR(t i2) ` t i2 −→i∗ t i3U ;V ;X ` t i1 −→i∗ t i3(trans)Definition 156 (Global Multi-step Relation). Let the global multi-step relation . −→∗ be the reflexive-transitive closure of the global single-step relation .−→.Example 157. Consider !〈λy.∼(((λy.(λx.x)) n) 〈y〉)〉.825.3. Suspended MetaMLBy the structural operational semantics of Suspended MetaML, we have:!〈λy.∼(((λy.(λx.x)) n) 〈y〉)〉.−→ !〈λˆ z.(∼(((λy.(λx.x)) n) 〈y〉))[y := z]〉 where z /∈ {x,y}.−→ !〈λˆ z.(∼(((λy.(λx.x)) n) 〈y〉)[y := z])〉.−→ !〈λˆ z.∼(((λy.(λx.x)) n)[y := z] 〈y〉[y := z])〉.−→ !〈λˆ z.∼(((λy.(λx.x))[y := z] n[y := z]) 〈y〉[y := z])〉.−→ !〈λˆ z.∼(((λy.(λx.x))[y := z] n[y := z]) 〈y〉[y := z])〉.−→ !〈λˆ z.∼(((λy.(λx.x))[y := z] n) 〈y〉[y := z])〉.−→ !〈λˆ z.∼((λx.x)[y := n][y := z] 〈y〉[y := z])〉.−→ !〈λˆ z.∼((λx.x)[y := n][y := z] 〈y〉[y := z])〉.−→ !〈λˆ z.∼((λx.x)[y := n][y := z] 〈y[y := z]〉)〉.−→ !〈λˆ z.∼((λx.x)[y := n][y := z] 〈z〉)〉.−→ !〈λˆ z.∼(x[x := 〈z〉][y := n][y := z])〉.−→ !〈λˆ z.∼〈z〉[y := n][y := z]〉.−→ !〈λˆ z.∼〈z[y := n]〉[y := z]〉.−→ !〈λˆ z.∼〈z[y := n][y := z]〉〉.−→ !〈λˆ z.∼〈z[y := z]〉〉.−→ !〈λˆ z.∼〈z〉〉.−→ !〈λˆ z.z〉.−→ !〈λ z.z〉.−→ λ z.z.−→ λ z.zSuppose we had not introduced the hatted lambda abstraction to Suspended MetaML, the above evaluationwould become!〈λy.∼(((λy.(λx.x)) n) 〈y〉)〉.−→ !〈λy.∼(((λy.(λx.x)) n) 〈y〉)〉.−→ !〈λy.∼((λx.x)[y := n] 〈y〉)〉.−→ !〈λy.∼( (λx.x)[y := n] 〈y〉 )〉.−→ !〈λy.∼( x[x := 〈y〉][y := n] )〉.−→ !〈λy.∼(〈y〉[y := n])〉.−→ !〈λy.∼〈y[y := n]〉〉.−→ !〈λy.∼〈n〉〉.−→ !〈λy.n〉.−→ λy.nwhose result is incorrect. The boxes highlight a critical mistake of the evaluation.Since we did not rename the lambda bound variable at the first single-step before we dove into the bodyof the lambda abstraction, we have FV (〈y〉)∩{y} 6= /0 for the boxed application (λx.x)[y := n] 〈y〉. Hence835.3. Suspended MetaMLwe cannot apply the (app-0) rule to the application. We should apply the (app-0-naive) rule and we getx[x := x0][y := n][x0 := 〈y〉] where x0 /∈ FV (λx.x)∪FV (n)∪{y}.Example 158. Consider !〈λy.(∼((λx.〈x〉) (λ z.y)) 0)〉 5.By the structural operational semantics of Suspended MetaML, we have:!〈λy.(∼((λx.〈x〉) (λ z.〈y〉)) 0)〉 5.−→ !〈λˆu.(∼((λx.〈x〉) (λ z.〈y〉)) 0)[y := u]〉 5 where u /∈ {x,y,z}.−→ !〈λˆu.(∼((λx.〈x〉) (λ z.〈y〉))[y := u] 0[y := u])〉 5.−→ !〈λˆu.(∼(((λx.〈x〉) (λ z.〈y〉))[y := u]) 0[y := u])〉 5.−→ !〈λˆu.(∼((λx.〈x〉)[y := u] (λ z.〈y〉)[y := u]) 0[y := u])〉 5.−→ !〈λˆu.(∼((λx.〈x〉)[y := u] (λ z.〈y〉)[y := u]) 0[y := u])〉 5.−→ !〈λˆu.(∼((λx.〈x〉)[y := u] (λ z.〈y〉)[y := u]) 0[y := u])〉 5.−→ !〈λˆu.(∼〈x〉[x := (λ z.〈y〉)[y := u]][y := u] 0[y := u])〉 5.−→ !〈λˆu.(∼〈x[x := (λ z.〈y〉)[y := u]]〉[y := u] 0[y := u])〉 5.−→ !〈λˆu.(∼〈x[x := (λ z.〈y〉)[y := u]][y := u]〉 0[y := u])〉 5.−→ !〈λˆu.(∼〈(λ z.〈y〉)[y := u][y := u]〉 0[y := u])〉 5.−→ !〈λˆu.((λ z.〈y〉)[y := u][y := u] 0[y := u])〉 5.−→ !〈λˆu.((λ z.〈y〉)[y := u][y := u] 0)〉 5.−→ !〈λu.((λ z.〈y〉)[y := u][y := u] 0)〉 5.−→ (λu.((λ z.〈y〉)[y := u][y := u] 0)) 5.−→ (λu.((λ z.〈y〉)[y := u][y := u] 0)) 5.−→ ((λ z.〈y〉)[y := u][y := u] 0)[u := 5].−→ (λ z.〈y〉)[y := u][y := u][u := 5] 0[u := 5].−→ (λ z.〈y〉)[y := u][y := u][u := 5] 0.−→ 〈y〉[z := 0][y := u][y := u][u := 5].−→ 〈y[z := 0]〉[y := u][y := u][u := 5].−→ 〈y[z := 0][y := u]〉[y := u][u := 5].−→ 〈y[z := 0][y := u][y := u]〉[u := 5].−→ 〈 y[z := 0][y := u][y := u][u := 5] 〉.−→ 〈y[y := u][y := u][u := 5]〉.−→ 〈u[y := u][u := 5]〉.−→ 〈u[u := 5]〉.−→ 〈5〉Consider the boxed term, y[z := 0][y := u][y := u][u := 5]. The variable y is bound by the substitution[y := u] in which the denotable term u is bound by the substitution [u := 5]. By the (subst-subst) rule, Suspen-ded MetaML resolve the substitutions by performing one substitution at a time. If we represent substitutionsusing environments, a trivial approach will go wrong. This is discussed in detail at the beginning of the nextsection.845.3. Suspended MetaMLProperties. Our sole purpose of developing the structural operational semantics is to evaluate programswhich are closed level-0 source terms. To evaluate a program t0s at level 0, we expect that the program t0smulti-steps to a value v0 at level 0. Suppose the closed term t01 is an intermediate result of evaluating theprogram t0s . For any subterm t11 of the term t01 , we want to ensure that all its free variables are bound inits surrounding scope. In particular, we are interested in the free variables that are bound by hatted lambdabound variables in the surrounding scope. We define the following judgement to specify the well-boundnessof a term. We demonstrate how this judgement helps prove the correctness of the (app-0) rule.Definition 159 (Well-boundness Judgement). Let the well-boundness judgement ` wb be a ternary relationon the power set of variables, the power set of variables and the set of runtime terms.` wb ⊆ P(VAR)×P(VAR)×RTERMU ;V ` x wb where x ∈UU ;V ` t1 wb U ;V ` t2 wbU ;V ` t1 t2 wbU ∪{x};V ` t wbU ;V ` λx.t wb where x /∈ VU ∪{x};V ` t wbU ;V ` λx.t wb where x /∈ VU ∪{x};V ∪{x} ` t wbU ;V ` λˆx.t wb where x /∈ VU ;V ` t wbU ;V ` 〈t〉 wbU ;V ` t wbU ;V `∼ t wbU ;V ` t wbU ;V `!t wbU ;V ` n wbU ;V ` t1 wb U ;V ` t2 wbU ;V ` t1+ t2 wbU ;V ` w wb U ∪{x};V ` t wbU ;V ` t[x := w] wb where x /∈ VThe well-boundness judgement U ;V ` t wb reads as “t is well bound by U and V ”.We come back to our discussion on the well-boundness of the subterm t11 of the term t01 . By the abovedefinition, we have /0; /0 ` t01 wb. Observe that a sub-derivation of /0; /0 ` t1 wb must be the derivation ofU ;V ` t11 wb for some variable sets U and V . The variable set U tracks all free variables of the subterm855.3. Suspended MetaMLt11 that are bound in the surrounding scope. We observe the following property which shows if a term is wellbound, we can get an upper bound of the free variables of the term. We can use well-boundness judgementto estimate the free variables of a term.Proposition 160. If U ;V ` t wb, then FV (t)⊆U .The variable set V inU ;V ` t11 wb tracks the free variables of the subterm t11 that are bound by hattedlambdas in the surrounding scope. Consider a special case of the subterm t11 of the term t01 . Suppose t11is an application (λx.t0)[xi := wi] v0 that is reducible by the (app-0) rule. Since the (app-0) rule is nota substitution reduction, it cannot be applied under any explicit substitution. Thus the free variables ofv0 must be bound by hatted lambdas in its surrounding context, which are tracked by the variable set Vof the judgement U ;V ` (λx.t0)[xi := wi] v0 wb. By the definition of the well-boundness judgement, wehave xi /∈ V . Hence we have FV (v0)∩ (⋃i{xi}) = /0, which we call the well-boundness of the application(λx.t0)[xi := wi] v0. This guarantees the correctness of the (app-0) rule.The well-boundness judgement cooperates well with the multi-step relation. The second property saysthe former is preserved by the latter.Proposition 161. If U ;V ` t i1 wb, VAR(t i1)⊆X , V ⊆U ⊆X and U ;V ;X ` t i1 −→i∗ t i2, then U ;V `t i2 wb.As a corollary of the above properties, the multi-step relation preserves the closedness of runtime terms.Evaluator. We now define an evaluator in terms of the structural operational semantics of SuspendedMetaML. The evaluator is analogous to the one defined for Explicit MetaML.Definition 162 (Evaluator based on Structural Operational Semantics of Suspended MetaML). Define theevaluator evalMetaML:SusSOS to be a partial function from the set of programs PRGMMetaML to the set ofanswers ANSMetaML.evalMetaML:SusSOS : PRGMMetaML ⇀ ANSMetaMLevalMetaML:SusSOS(t) =function if . t −→∗ (λx.t ′0)[xi := wi]code if . t −→∗ 〈v1〉n if . t −→∗ nThis evaluator is defined based on the structural operational semantics of Suspended MetaML. Thesubscript “MetaML:SusSOS” in evalMetaML:SusSOS denotes the structural operational semantics of SuspendedMetaML.We claim that the evaluators defined in terms of Substitutional MetaML and Suspended MetaML areequivalent.Theorem 163 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubSOS(t) is Kleeneequal to evalMetaML:SusSOS(t).We prove the above theorem in appendices.865.4. Environmental MetaML - Structural Operational Semantics5.4 Environmental MetaML - Structural Operational SemanticsRefining Suspended ISWIM to Environmental ISWIM is discussed in Section 3.4. For a term surroundedby cascaded explicit substitutions, t[xi := wi], every denotable term wi is closed in Suspended ISWIM. It isa natural step to replace the explicit substitutions with a corresponding environment.However, MetaML allows replacing a variable by a open denotable term. In Suspended MetaML, thedenotable term of some early explicit substitution in a cascade may have free variables that are bound bysome later substitution. Example 158 shows. !〈λy.(∼((λx.〈x〉) (λ z.y)) 0)〉 5 −→∗ 〈y[z := 0][y := u][y := u][u := 5]〉where u /∈ {x,y,z}. The term y[z := 0][y := u][y := u][u := 5] has y bound by u that is bound by 5. If werepresent the explicit substitutions that surround a term by one environment, an environment lookup maylead to an unsound result. For example, we represent y[z := 0][y := u][y := u][u := 5] by pairing y with theenvironment ρ = {(z,0),(y,u),(u,5)}. Looking up y in the environment ρ returns u solely which is notpaired with an environment. Then we incorrectly output u as the final result of the evaluation. The correctresult is 5 because u is bound to 5.To refine Suspended MetaML to Environmental MetaML, we propose to replace cascaded explicit sub-stitutions with meta-environments instead of environments. A meta-environment is a finite sequence ofenvironments, among which the free variables of one environment are bound by the next environment inthe sequence. To evaluate a variable with a meta-environment, we look up the variable in the first environ-ment of the meta-environment and return the lookup result paired with the remaining environments of themeta-environment. For example, y[z := 0][y := u][y := u][u := 5] may be represented by pairing y with themeta-environment (ρ1;ρ2) where ρ1 = {(z,0),(y,u)} and ρ2 = {(u,5)}. After one small-step of evaluation,we have u paired with the meta-environment ρ2 because ρ1(y) = u. After another step, we get the final result5 because ρ2(u) = 5.5.4.1 SyntaxWe first define the basic syntax of the Environmental MetaML: source terms, runtime terms, values, denot-able terms, configurations, environments and meta-environments. Then we define the free variable function.5.4.1.1 Source Terms, Runtime Terms, Values, Denotable Terms, Configurations, Environmentsand Meta-environmentsDefinition 164 (Source Terms, Runtime Terms, Values, Denotable Terms and Configurations). For anyi ∈ N, let STERMi be the set of level-indexed source terms at level i, RTERMi be the set of level-indexedruntime terms at level i, VALUEi be the set of level-indexed values at level i, and CONFi be the set of level-indexed configurations at level i. Let DENOTABLE be the set of denotable terms and ENV be a finite partialfunction from the set of variables to the set of denotable terms.875.4. Environmental MetaML - Structural Operational Semanticsx ∈ VAR, i,n ∈ N, t is ∈ STERMi, t i ∈ RTERMi, vi ∈ VALUEi, w ∈ DENOTABLE, c ∈ CONF,ρ ∈ ENV = VAR fin⇀ DENOTABLEt0s := x | t0 t0 | λx.t0 | 〈t1〉 | !t0 | n | t0+ t0t i+1s := x | t i+1 t i+1 | λx.t i+1 | 〈t i+2〉 | ∼t i | !t i+1 | n | t i+1+ t i+1t0 := x | t0 t0 |Iλx.t0, ρ∗J | 〈t1〉 | !t0 | n | t0+ t0t i+1 := x | t i+1 t i+1 | λx.t i+1 | 〈t i+2〉 | ∼t i | !t i+1 | n | t i+1+ t i+1v0 := Iλx.t0, ρ∗J | 〈v1〉 | nv1 := x | v1 v1 | λx.v1 | 〈v2〉 | !v1 | n | v1+ v1vi+2 := x | vi+2 vi+2 | λx.vi+2 | 〈vi+3〉 | ∼vi+1 | !vi+2 | n | vi+2+ vi+2w := x | v0c0 := v0 | c0 c0 | λx.c0 |Gt0, ρ∗H | 〈c1〉 |!c0 | c0+ c0ci+1 := vi+1 | ci+1 ci+1 | λx.ci+1 |Gt i+1, ρ∗H | 〈ci+2〉 | ∼ci |!ci+1 | ci+1+ ci+1We usually call λx.ci+1 a level-(i+1) non-value lambda if c /∈ VALUEi+1 and a level-(i+1) lambda valueif c ∈ VALUEi+1.Definition 165 (Environments). An environment ρ ∈ ENV is a finite partial function from the set of variablesto the set of denotable terms. Let dom(ρ) be the domain of the environment ρ and rng(ρ) be the range ofthe environment ρ . Let ρ[x 7→ w] be an environment update and ρ(x) be an environment lookup. We have:ρ[x 7→ w](y) =w if x≡ yρ(y) if x 6≡ yDefinition 166 (Initial Environments). LetX ⊆ VAR. The initial environment ρXinit is the identity functionwhose domain isX .Definition 167 (Meta-environments). A meta-environment ρ∗ ∈ ENV∗ is a finite sequence of environments.An empty meta-environment is denoted by ε . A meta-environment containing an empty environment isdenoted by ( /0;ε).A term paired with a meta-environment, i.e., Gt i, ρ∗H or Iλx.t0, ρ∗J, is called a closure. A level-0lambda abstraction paired with a meta-environment, i.e., Iλx.t0, ρ∗J, is called a closure value. A clos-ure that is not a value, Gt i, ρ∗H, is called a non-value closure. A closure makes its top-level structureimmediately evident. For example, it is immediately recognisable that its top-level structure of the closureIλx.t0, ρ∗J is a level-0 lambda abstraction λx.t0 without having to dive into the meta-environment ρ∗.As a comparison, in Suspended MetaML, to check the top-level structure of (λx.t0)[xi := wi], we have to885.4. Environmental MetaML - Structural Operational Semanticsdive down through the cascaded explicit substitutions [xi := wi] until reaching the level-0 lambda abstractionλx.t0.A closure Gt, ρ∗H has the meta-environment ρ∗. The meta-environment of the closure Gt, ( /0;ε)H hasone environment /0. The meta-environment of the closure Gt, εH has no environments.Environmental MetaML’s closures are different from Environmental ISWIM’s closures. In Environ-mental ISWIM, for an arbitrary closure 〈t, ρ〉, the term t is closed by the environment ρ . In EnvironmentalMetaML, a closure Gt, ρ∗H is a pair of a term t and a meta-environment ρ∗. Suppose ρ∗ = ρ1;ρ2; ...;ρm.The free variables of the term t are bound by the first environment ρ1. If the first environment ρ1 does notclose the term t, the free variables of the closure Gt, ρ1H must be bound by the second environment ρ2 andthe free variables of the closure Gt, (ρ1;ρ2)H must be bound by the third environment ρ3, and so on. Theclosure Gt, ρ∗H may also have free variables, which are bound by its surrounding context.The design choice of closures and closure values are compatible with the original interpreter of MetaMLintroduced in [Tah99a]. To ensure that any variable that has been eliminated by some substitution or renam-ing does not escape from the scope of the substitution or renaming, they used a delayed environment called acover. A cover works like a normal environment on non-function terms. If a cover encounters a function, thesubstitutions of the cover are delayed and are only performed on the result of calling the function. Analog-ously, in Environmental MetaML, environments on a level-0 lambda abstraction are delayed, as modelledby closure values. These environments work like normal environments on the result of applying the level-0lambda abstraction.Unlike the previous dialects of MetaML, Environmental MetaML deems the set of configurations ratherthan the set of (runtime) terms to be the fundamental set on which the operational semantics is defined.Recall that programs are closed level-0 source terms. To evaluate a program t0s , we first pair it with theinitial meta-environment (ρVAR(t0s )init ;ε), resulting in the initial configuration c0s = Gt0s , (ρVAR(t0s )init ;ε)H. Wethen pass the initial configuration to the operational semantics. Someone may wonder why the initial meta-environment is (ρVAR(t0s )init ;ε) rather than ( /0;ε). In short, choosing (ρVAR(t0s )init ;ε) makes rules of the semanticsconsistent, eases proving equivalence of semantics and preserves the correctness of the semantics. Wediscuss its reasons in detail after introducing the evaluator for the semantics.5.4.1.2 Free Variable FunctionWe define the free variable function by extending Substitutional MetaML’s Definition 20 to accommodateconfigurations.Definition 168 (Free Variable Function). Let the free variable function FV be a total function from the setof configurations to the power set of variables.895.4. Environmental MetaML - Structural Operational SemanticsFV : CONF −→P(VAR)FV (x) = x (1)FV (n) = /0 (2)FV (c1 c2) = FV (c1)∪FV (c2) (3)FV (λx.c) = FV (c)\{x} (4)FV (〈c〉) = FV (c) (5)FV (!c) = FV (c) (6)FV (∼c) = FV (c) (7)FV (c1+ c2) = FV (c1)∪FV (c2) (8)FV (Gt, εH) = FV (t) (9)FV (Gt, ρ∗1 ;ρ2H) = ⋃i FV (ρ2(xi)) where xi ∈ FV (Gt, ρ∗1H) (10)FV (Iλx.t, ρ∗J) = FV (Gλx.t, ρ∗H) (11)Equations (1)-(2) are the same as Equations (1) and (7) of Definition 20 in Substitutional MetaML.Equations (3)-(8) are analogous to Equations (2)-(6) and (8) of Definition 20. Equations (9)-(11) are basedon the definitions of closures and closure values.5.4.2 Structural Operational SemanticsWe lay out the structural operational semantics of Environmental MetaML through the level-indexed single-step relations −→i, the global single-step relation . −→ , the level-indexed multi-step relations −→i∗ andthe global multi-step relation .−→∗.Definition 169 (Level-indexed Single-step Relations). For any i ∈ N, let the level-indexed single-step rela-tion−→i be a 4-ary relation on the power set of variables, the power set of variables, the set of configurationsat level i and the set of configurations at level i.905.4. Environmental MetaML - Structural Operational Semantics−→i ⊆ P(VAR)×P(VAR)×CONFi×CONFiV ∪{x};X ` ci+11 −→i+1 ci+12V ;X ` λx.ci+11 −→i+1 λx.ci+12(lambda-(i+1))V ;X ` ci11 −→i ci12V ;X ` ci11 ci2 −→i ci12 ci2(appL-i)V ;X ` ci21 −→i ci22V ;X ` vi1 ci21 −→i vi1 ci22(appR-i)V ;X `Iλx.t0, (ρ;ρ∗)J v0 −→0 Gt0, (ρ[x 7→ v0];ρ∗)H (app-0)V ;X ` ci1 −→i ci2V ;X `!ci1 −→i!ci2(run-i)V ;X `!〈v1〉 −→0 Gv1, (ρXinit;ε)H (run-0)V ;X ` ci+11 −→i+1 ci+12V ;X ` 〈ci+11 〉 −→i 〈ci+12 〉(code-i)V ;X ` ci1 −→i ci2V ;X ` ∼ci1 −→i+1 ∼ci2(splice-(i+1))V ;X ` ∼〈v1〉 −→1 v1 (splice-1)V ;X ` ci11 −→i ci12V ;X ` ci11+ ci2 −→i ci12+ ci2(plusL-i)V ;X ` ci21 −→i ci22V ;X ` vi1+ ci21 −→i vi1+ ci22(plusR-i)V ;X ` n1+n2 −→0 nwhere n = n1+n2 (plus-0)V ;X `Gλx.t0, ρ∗H−→0 Iλx.t0, ρ∗J (lam-0-env)V ;X `Gλx.t i+1, (ρ;ρ∗)H−→i+1 λxN .Gt i+1, (ρ[x 7→ xN ][xN 7→ xN ];(ρ[xN 7→ xN ])∗)Hwhere xN /∈X (lam-(i+1)-env)V ;X `GIλx.t, ρ∗1J, ρ∗2H−→i Iλx.t, (ρ∗1 ;ρ∗2 )J (clov-env)V ;X `Gw, εH−→i w (den-env)V ;X `Gx, (ρ;ρ∗)H−→i Gρ(x), ρ∗H (var-env)V ;X `Gn, ρ∗H−→i n (num-env)V ;X `Gt1 t2, ρ∗H−→i Gt1, ρ∗HGt2, ρ∗H (app-env)V ;X `G〈t i+1〉, ρ∗H−→i 〈Gt i+1, ρ∗H〉 (code-env)V ;X `G!t i, ρ∗H−→i!Gt i, ρ∗H (run-env)V ;X `G∼t i, ρ∗H−→i+1 ∼Gt i, ρ∗H (splice-env)V ;X `Gt1+ t2, ρ∗H−→i Gt1, ρ∗H+Gt2, ρ∗H (plus-env) 915.4. Environmental MetaML - Structural Operational SemanticsThe level-indexed single-step relation V ;X ` ci1 −→i ci2 reads as “c1 single-steps to c2 at level i boundby V andX ”.To make a small-step when evaluating a program, we need to repeatedly apply the structural rules untilwe find a configuration of the program on which a reduction rule can be applied. In the meanwhile, wekeep track of lambda bound variables when we dive into the body of a level-(i+1) non-value lambda usingthe (lambda-(i+1)) rule. Suppose we have found such a configuration ci1 that is reducible and we haveV ;X ` ci1 −→i ci2. The free variables of ci1 must be bound by lambda bound variables of level-(i+1)non-value lambdas in the surrounding scope, which are tracked by the variable set V . The variable setX records all variables in the configuration ci1 and its surrounding scope. We need the variable set X todetermine whether a variable is fresh in the sense that it has not appeared in the configuration being currentlyevaluated or in its surrounding scope. The variable sets V andX help specify the well-boundness propertyof configurations (Proposition 177).We briefly explain some rules of the single-step relation. (1) The (app-0) rule models an application byupdating the environment, which completes the unfinished job of Suspended MetaML’s (app-0) rule. (2)The (run-0) rule is about executing a code value at level 0. Someone may want to replace the configurationGv1, (ρXinit;ε)H with the value v1. This is incorrect. The single-step relation is defined on configurations.The value v1 must be paired with a meta-environment in order to be evaluated at level 0. (3) The (*-env)rules discuss how to evaluate a closure. (3.1) The (lam-0-env) rule turns a closure into a closure value.(3.2) The (lam-(i+1)-env) rule combines Suspended MetaML’s (lambda-(i+1)-t) rule and (lam-subst) rule.To evaluate a lambda abstraction at a level higher than 0, we must rename the lambda bound variable to afresh variable before diving into the body, where the fresh variable must have not occurred in the currentconfiguration being evaluated or in its surrounding scope. (3.3) The (clov-env) rule concatenates two meta-environments. (3.4) The (den-env) rule is trivial. (3.5) The other (*-env) rules correspond to SuspendedMetaML’s single-step substitution reduction relations.Definition 170 (Global Single-step Relation). Let the global single-step relation .−→ be a binary relationbetween the set of level-0 configurations and the set of level-0 configurations.. c01 −→ c02 if and only if /0; VAR(c01) ` c01 −→0 c02The global single-step relation . c01 −→ c02 reads as “c1 single-steps to c2”.Definition 171 (Level-indexed Multi-step Relations). For any i∈N, let the level-indexed multi-step relation−→i∗ be a 4-ary relation on the power set of variables, the power set of variables, the set of configurationsat level i and the set of configurations at level i directly based on the level-indexed single-step relation −→i.−→i∗⊆P(VAR)×P(VAR)×CONFi×CONFiV ;X ` ci1 −→i∗ ci2where V ;X `ci1 −→i ci2 (step) V ;X ` ci −→i∗ ci (refl)V ;X ` ci1 −→i∗ ci2 V ;X ∪VAR(ci2) ` ci2 −→i∗ ci3V ;X ` ci1 −→i∗ ci3(trans)Definition 172 (Global Multi-step Relation). Let the global multi-step relation . −→∗ be the reflexive-transitive closure of the global single-step relation .−→.925.4. Environmental MetaML - Structural Operational SemanticsExample 173. Consider !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉. We first construct a configuration that pairs theabove term with an initial meta-environment:G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)HBy the structural operational semantics of Environmental MetaML, we have:G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H.−→ !G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H.−→ !〈Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H〉.−→ !〈λ z.G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H〉 where z /∈ {x,y}.−→ !〈λ z.(G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)HG0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼G((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)HG0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼(G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)HG(λx.y), ({(x,x),(y,z),(z,z)};ε)H)G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼(I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)JG(λx.y), ({(x,x),(y,z),(z,z)};ε)H)G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼(I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)JI(λx.y), ({(x,x),(y,z),(z,z)};ε)J)G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼(G〈x〉, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H)G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼〈Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H〉G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼〈GI(λx.y), ({(x,x),(y,z),(z,z)};ε)J, (ε)H〉G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(∼〈I(λx.y), ({(x,x),(y,z),(z,z)};ε)J〉G0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)JG0, ({(x,x),(y,z),(z,z)};ε)H)〉.−→ !〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0)〉.−→ Gλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)H.−→ Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)JProperties. Our sole purpose of developing the structural operational semantics is to evaluate programswhich are closed level-0 source terms. To evaluate a program t0s at level 0, we construct the initial configur-ation c0s =Gt0s , (ρVAR(t0s )init ;ε)H and pass it to the structural operational semantics. We expect that the initialconfiguration multi-steps to a level-0 value v0. Suppose the closed configuration c01 is an intermediate resultof evaluating the initial configuration c0s . We then repeatedly apply the structural rules on c01 until we find itssubconfiguration c11 on which a reduction rule can apply. We want to ensure that all free variables of c11 arebound in its surrounding scope by lambda bound variables of level-(i+1) non-value lambdas. We define thefollowing judgement to specify the well-boundness of a configuration. We demonstrate how this judgementhelps prove the correctness of the (app-0) rule.Definition 174 (Well-boundness Judgement). Let the well-boundness judgement ` wb be a ternary relationon the power set of variables, the power set of variables and the set of configurations.935.4. Environmental MetaML - Structural Operational Semantics` wb ⊆ P(VAR)×P(VAR)×CONFU ;V ` x wb where x ∈UU ;V ` c1 wb U ;V ` c2 wbU ;V ` c1 c2 wbU ∪{x};V ` c wbU ;V ` λx.c0 wb where x /∈ VU ∪{x};V ` c wbU ;V ` λx.vi+1 wb where x /∈ VU ∪{x};V ∪{x} ` c wbU ;V ` λx.ci+1 wb where ci+1 /∈ VALUEi+1 and x /∈ VU ;V ` t wbU ;V ` 〈t〉 wbU ;V ` t wbU ;V `∼ t wbU ;V ` t wbU ;V `!t wbU ;V ` n wbU ;V ` t1 wb U ;V ` t2 wbU ;V ` t1+ t2 wbU ;V ` t wbU ;V `Gt, εH wbU ;V ` ρm(xmk) wb U ∪{xmk};V `Gt, (ρim−11 ;ε)H wbU ;V `Gt, (ρim1 ;ε)H wbwhere VAR(Gt, ρim1H)⊆ dom(ρi) for any ρi,ρi(y j) = y j for any ρi and y j ∈ V ,and xmk ∈ FV (Gt, (ρim−11 ;ε)H).U ;V `Gt, ρiH wbU ;V `It, ρiJ wbNotation 175. A sequence of environments, ρ1;ρ2; ...;ρm, can be abbreviated as ρim1 or ρi.The well-boundness judgement U ;V ` c wb reads as “c is well bound by U and V ”. The variable setU tracks all free variables of the configuration c that are bound any means in the surrounding scope. Weobserve the following property which is analogous to Suspended MetaML’s Proposition 160.Proposition 176. If U ;V ` c wb, then FV (c)⊆U .We come back to our discussion of the well-boundness of the subconfiguration c11 of the configurationc01. By the definition of well-boundness judgement, we have /0; /0 ` c01 wb. Observe that a sub-derivationof /0; /0 ` c01 wb must be the derivation of U ;V ` c11 wb for some variable sets U and V . The variable945.4. Environmental MetaML - Structural Operational Semanticsset V tracks all free variables of the configuration c11 that are bound in the surrounding scope by lambdabound variables of level-(i+ 1) non-value lambdas. Recall that other than level-(i+ 1) non-value lambdas,the structural rules do not allow evaluating under lambdas or closures. Thus the variable set U is the sameas V . We have V ;V ` c11 wb.Consider a special case of the configuration c11. Suppose c11 is an application Iλx.t0, (ρim1 ;ε)J v0that is reducible by the (app-0) rule. The free variables of v0 must be bound by lambda bound variables oflevel-(i+ 1) non-value lambdas in its surrounding context, which are tracked by the variable set V of thejudgement V ;V `Iλx.t0, (ρim1 ;ε)J v0 wb. By definition, ρi(y j) = y j for any y j ∈ V . By Proposition 176,FV (v0)⊆ V . Hence, ρi(yv) = yv for any yv ∈ FV (v0), which we call the well-boundness of the applicationIλx.t0, (ρim1 ;ε)J v0.We briefly explain how the correctness of the (app-0) rule is guaranteed by the well-boundness of theapplication Iλx.t0, (ρim1 ;ε)J v0. Let’s represent each environment as a set of variable-and-denotable-termpairs. We have:ρim1 = {(x1i,w1i)};{(x2i,w2i)}; ...;{(xmi,wmi)}Then the application Iλx.t0, (ρim1 ;ε)J v0 denotes(λx.t0){[w1i/x1i]}{[w2i/x2i]}...{[wmi/xmi]} v0where each braced set of substitutions works as an environment and substitutions in each braced set areunordered. We first rename the lambda bound variable x to a globally fresh variable xN and then push allbraced sets of substitutions under the new lambda. We get:λxN .(t0{[w1i/x1i][xN/x]}{[w2i/x2i][xN/xN ]}...{[wmi/xmi][xN/xN ]}) v0Then we perform the application and get:t0{[w1i/x1i][xN/x]}{[w2i/x2i][xN/xN ]}...{[wmi/xmi][xN/xN ]}{[v0/xN ]}By the well-boundness of the application Iλx.t0, (ρim1 ;ε)J v0, we know for any yv ∈ FV (v0), yv is substi-tuted by itself in the first m braced sets of substitutions. Then we can splice the last braced substitution intothe first braced set and eliminate renaming the lambda bound variable. We gett0{[w1i/x1i][v0/x]}{[w2i/x2i]}...{[wmi/xmi]}which corresponds toGt0, (ρ1[x 7→ v0];ρm2 ;ε)Hin the (app-0) rule of Environmental MetaML.The well-boundness judgement cooperates well with the multi-step relation. The following propertysays the former is preserved by the latter. It is analogous to Suspended MetaML’s Proposition 161.Proposition 177. If V ;V ` ci1 wb, VAR(ci1)⊆X , V ⊆X and V ;X ` ci1 −→i∗ ci2, then V ;V ` ci2 wb.955.4. Environmental MetaML - Structural Operational SemanticsAs a corollary of the above properties, the multi-step relation preserves the closedness of configurations.Evaluator. We now define an evaluator in terms of the structural operational semantics of EnvironmentalMetaML. Environmental MetaML’s multi-step relation is defined on sets of configurations rather than setsof runtime terms. Given a program t, the evaluator applies the multi-step relation on the initial configurationGt, (ρVAR(t)init ;ε)H which pairs the program with the initial environment of the program. The evaluator isotherwise analogous to the one defined for Suspended MetaML.Definition 178 (Evaluator based on Structural Operational Semantics of Environmental MetaML). Let theevaluator evalMetaML:EnvSOS be a partial function from the set of programs PRGMMetaML to the set of answersANSMetaML.evalMetaML:EnvSOS : PRGMMetaML ⇀ ANSMetaMLevalMetaML:EnvSOS(t) =function if . Gt, (ρVAR(t)init ;ε)H−→∗ Iλx.t ′0 , ρ∗Jcode if . Gt, (ρVAR(t)init ;ε)H−→∗ 〈v1〉n if . Gt, (ρVAR(t)init ;ε)H−→∗ nThis evaluator is defined in terms of the structural operational semantics of Environmental MetaML. Thesubscript “MetaML:EnvSOS” in evalMetaML:EnvSOS denotes the structural operational semantics of EnvironmentalMetaML.Someone may wonder why the initial configuration has the meta-environment (ρVAR(t0s )init ;ε) rather than( /0;ε). First of all, for any program t, the initial configuration Gt, ρ∗H is closed regardless of whetherρ∗ = (ρVAR(t0s )init ;ε) or ρ∗ = ( /0;ε). Choosing (ρVAR(t0s )init ;ε) still preserves the closedness of the initial config-uration. Secondly, as implied by the theorem at the end of this section, choosing (ρVAR(t0s )init ;ε) over ( /0;ε)does not destroy the soundness or completeness of the semantics. Thirdly, having the meta-environment(ρVAR(t0s )init ;ε) in the initial configuration is consistent with the (run-0) rule where the newly constructed con-figuration has the meta-environment (ρXinit;ε). Fourthly, by the well-boundness judgement, given a wellbound closure Gt, ρ∗H where ρ∗ = ρi, we must have VAR(Gt, ρiH) ⊆ dom(ρi) for any ρi. If we do notchoose (ρVAR(t0s )init ;ε) over ( /0;ε), we need a more complicated well-boundness judgement that may obscurethe fundamental concepts, making proving semantics equivalence more complicated. In Section 7.2, wepropose a novel way of modelling environments, which no long requires the ad-hoc step of collecting all thevariables that exist in the program for the initial configuration as (ρVAR(t0s )init ;ε).We claim that the evaluators defined in terms of Substitutional MetaML and Environmental MetaMLare equivalent.Theorem 179 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubSOS(t) is Kleeneequal to evalMetaML:EnvSOS(t).We prove the theorem in appendices.965.5. Environmental MetaML - Reduction Semantics5.5 Environmental MetaML - Reduction SemanticsFollowing the path of refining a structural operational semantics to its corresponding reduction semantics aspresented in Sections 3.5 and 4.1, we refine Environmental MetaML’s structural operational semantics to areduction semantics.5.5.1 SyntaxThe definitions of source terms, runtime terms, values, denotable terms, configurations and meta-environmentsare the same as Section 5.4.5.5.1.1 Evaluation ContextsSection 4.1 defined evaluation contexts for Substitutional MetaML. Unlike Substitutional MetaML, Envir-onmental MetaML defines its semantics on configurations rather than on terms. Taking this difference intoconsideration, we define evaluation contexts for Environmental MetaML, which is analogous to Substitu-tional MetaML’s Definition 114.Definition 180 (Evaluation Contexts: Inside-out). Let ECXTi( j be the set of evaluation contexts with innerlevel i and outer level j.E i( j ∈ ECXTi( j, ci ∈ CONFi, vi ∈ VALUEi ∈ EXCTi(i (ept-i)E ∈ EXCTi( jE[ ci2] ∈ EXCTi( j(appL-i) E ∈ EXCTi( jE[vi1 ] ∈ EXCTi( j(appR-i)E ∈ EXCT(i+1)( jE[λx.] ∈ EXCT(i+1)( j(lambda-(i+1))E ∈ EXCTi( jE[〈〉] ∈ EXCT(i+1)( j(code-i) E ∈ EXCT(i+1)( jE[∼] ∈ EXCTi( j (splice-(i+1))E ∈ EXCTi( jE[!] ∈ EXCTi( j (run-i)E ∈ EXCTi( jE[+ ci2] ∈ EXCTi( j(plusL-i) E ∈ EXCTi( jE[vi1+] ∈ EXCTi( j(plusR-i)5.5.2 Reduction SemanticsWe lay out the reduction semantics through the level-indexed notions of reduction R i, the level-indexedsingle-reduction relations 7−→i, the global single-reduction relation . 7−→, the level-indexed multi-reductionrelations 7−→i∗ and the global multi-reduction relation . 7−→∗.Definition 181 (Level-indexed Notions of Reduction). For any i ∈ N, let the notions of reduction R i be abinary relation between the set of configurations at level i and the set of configurations at level i.975.5. Environmental MetaML - Reduction SemanticsR i ⊆ P(VAR)×CONFi×CONFiX ` Iλx.t0, (ρ;ρ∗)J v0 R0 Gt0, (ρ[x 7→ v0];ρ∗)H (app-0)X ` !〈v1〉 R0 Gv1, (ρXinit;ε)H (run-0)X ` ∼〈v1〉 R1 v1 (splice-1)X ` n1+n2 R0 n where n = n1+n2 (plus-0)X ` Gλx.t0, ρ∗H R0 Iλx.t0, ρ∗J (conf-lam-0)X ` Gλx.t i+1, (ρ;ρ∗)H R i+1 λxN .Gt i+1, (ρ[x 7→ xN ];(ρ[xN 7→ xN ])∗H (conf-lam-(i+1))where xN /∈XX ` GIλx.t, ρ∗1J, ρ∗2H R i Iλx.t, (ρ∗1 ;ρ∗2 )J (conf-clov-i)X ` Gω, εH R i w (conf-den-i)X ` Gx, (ρ;ρ∗)H R i Gρ(x), ρ∗H (conf-var-i)X ` Gn, ρ∗H R i n (conf-num-i)X ` Gt1 t2, ρ∗H R i Gt1, ρ∗HGt2, ρ∗H (conf-app-i)X ` G〈t i+1〉, ρ∗H R i 〈Gt i+1, ρ∗H〉 (conf-code-i)X ` G!t i, ρ∗H R i !Gt i, ρ∗H (conf-run-i)X ` G∼t i, ρ∗H R i+1 ∼Gt i, ρ∗H (conf-splice-i)X ` Gt1+ t2, ρ∗H R i Gt1, ρ∗H+Gt2, ρ∗H (conf-plus-i)The notion of reduction X ` ci1 R i ci2 reads as “c1 reduces to c2 at level i bound by X ”. Each notioncorresponds to one reduction rule of the single-step relations presented in Definition 169. The variable setX records all variables in the configuration ci1 and in its surrounding context, which is used in the (conf-lam-(i+1)) rule to determine whether a variable is globally fresh.Definition 182 (Level-indexed Single-reduction Relation). For any i ∈ N, let the level-indexed single-reduction relation 7−→i be a binary relation between the set of configurations at level i and the set of config-urations at level i directly based on the notions of reductionR j.7−→i ⊆ CONFi×CONFiX ` t j1 R j t j2X ` E j(i[t j1] 7−→i E j(i[t j2]The level-indexed single-reduction relation X ` ci1 7−→i ci2 reads as “c1 single-reduces to c2 at level ibound byX ”. The above definition states that the single-reduction relation respects performing any notionof reduction in an evaluation context.Definition 183 (Global Single-reduction Relation). Let the global single-reduction relation . 7−→ be a binaryrelation between the set of level-0 configurations and the set of level-0 configurations.. c01 7−→ c02 if and only if VAR(c01) ` c01 7−→0 c02The global single-reduction relation . c01 −→ c02 reads as “c1 single-reduces to c2”. It is defined basedon the single-reduction relation with a particular initialisation of the variable setX .985.5. Environmental MetaML - Reduction SemanticsDefinition 184 (Level-indexed Multi-reduction Relations). For any i∈N, let the level-indexed multi-reductionrelation 7−→i∗ be the a binary relation between the set of configurations at level i and the set of configurationsat level i directly based on the level-indexed single-reduction relation 7−→i.7−→i∗⊆P(VAR)×CONFi×CONFiX ` ci1 7−→i∗ ci2whereX `ci1 7−→i ci2 (step) X ` ci 7−→i∗ ci (refl)X ` ci1 7−→i∗ ci2 X ∪VAR(ci2) ` ci2 7−→i∗ ci3X ` ci1 7−→i∗ ci3(trans)Definition 185 (Global Multi-reduction Relation). Let the global multi-reduction relation . −→∗ be thereflexive-transitive closure of the global single-reduction relation .−→.Example 186. Consider !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉.We first construct a configuration that pairs the above term with an initial meta-environment:G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)HBy the reduction semantics of Environmental MetaML, we have:. G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H7−→∗ Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)Jas demonstrated in Figure 5.1.A comparison of the Figure 5.1 with Figures 3.1 and 4.1 tells that Environmental MetaML’s reductionsemantics follows the exact same three-step break-apply-plug pattern of evaluating a program as Environ-mental ISWIM’s reduction semantics and Substitutional MetaML’s reduction semantics.Property. The global multi-reduction relation preserves the closedness of a configuration. This is the sameproperty that Environmental MetaML’s structural operational semantics holds.Proposition 187 (Closedness of Configurations). If . c01 7−→∗ c02 and FV (c01) = /0, then FV (c02) = /0.Evaluator. We now define an evaluator based on the reduction semantics of Environmental MetaML. Theevaluator is analogous to the evaluators defined based on the structural operational semantics of Environ-mental MetaML.Definition 188 (Evaluator based on Reduction Semantics of Environmental MetaML). Let the evaluatorevalMetaML:EnvRed be a partial function from the set of programs PRGMMetaML to the set of answers ANSMetaML.995.5. Environmental MetaML - Reduction SemanticsG!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H= 0(0[G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H]. 7−→ 0(0[!G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H]= !G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H= ([!])0(0[G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H]. 7−→ ([!])0(0[〈Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H〉]= !〈Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H〉= ([!][〈〉])1(0[Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H]. 7−→ ([!][〈〉])1(0[λ z.G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H] where z /∈ {x,y}= !〈λ z.G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H〉= ([!][〈〉][λ z.])1(0[G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.])1(0[G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)HG0, ({(x,x),(y,z),(z,z)};ε)H]= !〈λ z.(G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)HG0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H])1(0[G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H])1(0[∼G((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)H]= !〈λ z.(∼G((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)HG0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼])0(0[G((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼])0(0[G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)HG(λx.y), ({(x,x),(y,z),(z,z)};ε)H]= !〈λ z.(∼(G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)HG(λx.y), ({(x,x),(y,z),(z,z)};ε)H)G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][G(λx.y), ({(x,x),(y,z),(z,z)};ε)H])0(0[G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][G(λx.y), ({(x,x),(y,z),(z,z)};ε)H])0(0[I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J]= !〈λ z.(∼(I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)JG(λx.y), ({(x,x),(y,z),(z,z)};ε)H)G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J])0(0[G(λx.y), ({(x,x),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J])0(0[I(λx.y), ({(x,x),(y,z),(z,z)};ε)J]= !〈λ z.(∼(I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)JI(λx.y), ({(x,x),(y,z),(z,z)};ε)J)G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼])0(0[I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)JI(λx.y), ({(x,x),(y,z),(z,z)};ε)J]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼])0(0[G〈x〉, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H]= !〈λ z.(∼(G〈x〉, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H)G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼])0(0[G〈x〉, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼])0(0[〈Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H〉]= !〈λ z.(∼〈Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H〉G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉])1(0[Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉])1(0[GI(λx.y), ({(x,x),(y,z),(z,z)};ε)J, (ε)H]= !〈λ z.(∼〈GI(λx.y), ({(x,x),(y,z),(z,z)};ε)J, (ε)H〉G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉])1(0[GI(λx.y), ({(x,x),(y,z),(z,z)};ε)J, (ε)H]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉])1(0[I(λx.y), ({(x,x),(y,z),(z,z)};ε)J]= !〈λ z.(∼〈I(λx.y), ({(x,x),(y,z),(z,z)};ε)J〉G0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H])1(0[∼〈I(λx.y), ({(x,x),(y,z),(z,z)};ε)J〉]. 7−→ ([!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H])1(0[I(λx.y), ({(x,x),(y,z),(z,z)};ε)J]= !〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)JG0, ({(x,x),(y,z),(z,z)};ε)H)〉= ([!][〈〉][λ z.][I(λx.y), ({(x,x),(y,z),(z,z)};ε)J])1(0[G0, ({(x,x),(y,z),(z,z)};ε)H]. 7−→ ([!][〈〉][λ z.][I(λx.y), ({(x,x),(y,z),(z,z)};ε)J])1(0[0]= !〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0)〉= 0(0[!〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0)〉]. 7−→ 0(0[Gλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)H]= Gλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)H= 0(0[Gλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)H]. 7−→ 0(0[Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)J]= Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)JFigure 5.1: Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in Reduction Semantics of Environmental MetaML.1005.6. Environmental MetaML - Abstract Machine (MEK Machine)evalMetaML:EnvRed : PRGMMetaML ⇀ ANSMetaMLevalMetaML:EnvRed(t) =function if .Gt, (ρVAR(t)init ;ε)H 7−→∗ Iλx.t ′0 , ρ∗Jcode if .Gt, (ρVAR(t)init ;ε)H 7−→∗ 〈v1〉n if .Gt, (ρVAR(t)init ;ε)H 7−→∗ nThis evaluator is defined based on the reduction semantics of Environmental MetaML. The subscript“MetaML:EnvRed” in evalMetaML:EnvRed denotes the reduction semantics of Environmental MetaML.We claim that the evaluators defined in terms of the structural operational semantics and the reductionsemantics of Environmental MetaML are equivalent.Theorem 189 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:EnvSOS(t) is Kleeneequal to evalMetaML:EnvRed(t).We prove the theorem in appendices.5.6 Environmental MetaML - Abstract Machine (MEK Machine)Following the path of refining a reduction semantics to a corresponding abstract machine as presented inSections 3.6 and 4.2, we refine Environmental MetaML’s reduction semantics to an abstract machine. Wecall the abstract machine the MEK machine.5.6.1 SyntaxThe definitions of source terms, runtime terms, values, denotable terms, configurations and meta-environmentsare the same as Sections 5.4 and 5.5.5.6.1.1 Evaluation ContextsAnalogous to Substitutional MetaML’s Definition 121, we provide an alternative definition for evaluationcontexts.Definition 190 (Evaluation Contexts: Outside-in). Let i, j ∈ N. Define ECXTi( j to be the set of evaluationcontexts with inner level i and outer level j.1015.6. Environmental MetaML - Abstract Machine (MEK Machine)E i( j ∈ ECXTi( j, ci ∈ CONFi, vi ∈ VALUEi ∈ EXCT j( j (ept-j)E ∈ EXCTi( j(E c j2) ∈ EXCTi( j(appL-j) E ∈ EXCTi( j(v j1 E) ∈ EXCTi( j(appR-j)E ∈ EXCTi(( j+1)λx.E ∈ EXCTi(( j+1)(lambda-(j+1))E ∈ EXCTi(( j+1)〈E〉 ∈ EXCTi( j (code-j)E ∈ EXCTi( j∼E ∈ EXCTi(( j+1)(splice-(j+1)) E ∈ EXCTi( j!E ∈ EXCTi( j (run-j)E ∈ EXCTi( j(E + c j2) ∈ EXCTi( j(plusL-j) E ∈ EXCTi( j(v j1+E) ∈ EXCTi( j(plusR-j)5.6.1.2 Machine ConfigurationsSection 4.2 defines the states of the MK machine through four modes of machine configurations. We revisethe four-mode definition to accommodate an environmental semantics.Definition 191 (Machine Configurations). Define CFG to be the set of machine configurations.i, j ∈ N, C ∈ CFG, ci ∈ CONFi, vi ∈ VALUEi, E i( j ∈ ECTXi( jC := v0| 〈i, E i(0, ci〉r| 〈i, E i(0, ci〉f| 〈i, E i(0, vi〉bThe machine operates in four modes: the value mode v0, the reduce mode 〈i, E i(0, ci〉r, the focus mode〈i, E i(0, ci〉f, the build mode 〈i, E i(0, vi〉b.A machine configuration 〈i, E i(0, ci〉? where ? ∈ {r, f,b} unloads to the configuration E i(0[ci]. Pre-cisely, the configuration ci in a machine configuration at reduce mode 〈i, E i(0, ci〉r needs to be a redex.5.6.2 Abstract Machine (MEK Machine)We lay out the abstract machine of Environmental MetaML, i.e., the MEK machine, through the reductionrelation 7−→mek and the multi-reduction relation 7−→∗mek.Definition 192 (Reduction Relation). Let the reduction relation 7−→mek be a binary relation between the setof machine configurations and the set of machine configurations.7−→mek ⊆ CFG×CFG1025.6. Environmental MetaML - Abstract Machine (MEK Machine)Reduce rules: 〈i, E i(0, ci〉r〈0, E, Iλx.t0, (ρ;ρ∗)J v0〉r 7−→mek 〈0, E, Gt0, (ρ[x 7→ v0];ρ∗)H〉f (r-app-0)〈0, E, !〈v1〉〉r 7−→mek 〈0, E, Gv1, (ρVAR(E[!〈v1〉])init ;ε)H〉f (r-run-0)〈1, E, ∼〈v1〉〉r 7−→mek 〈1, E, v1〉f (r-splice-1)〈0, E, n1 +n2〉r 7−→mek 〈0, E, n〉f where n = n1 +n2 (r-plus-0)〈0, E, Gλx.t0, ρ∗H〉r 7−→mek 〈0, E, Iλx.t0, ρ∗J〉f (r-conf-lam-0)〈i+1, E, Gλx.t i+1, (ρ;ρ∗)H〉r 7−→mek 〈i+1, E, λxN .Gt i+1, (ρ[x 7→ xN ];ρ[xN 7→ xN ]∗)H〉fwhere xN /∈ VAR(E[Gλx.t i+1, (ρ;ρ∗)H]) (r-conf-lam-(i+1))〈i, E, GIλx.t, ρ∗1J, ρ∗2H〉r 7−→mek 〈i, E, Iλx.t, (ρ∗1 ;ρ∗2 )J〉f (r-conf-clov-i)〈i, E, Gw, εH〉r 7−→mek 〈i, E, w〉f (r-conf-den-i)〈i, E, Gx, (ρ;ρ∗)H〉r 7−→mek 〈i, E, Gρ(x), ρ∗H〉f (r-conf-var-i)〈i, E, Gn, ρ∗H〉r 7−→mek 〈i, E, n〉f (r-conf-num-i)〈i, E, Gt1 t2, ρ∗H〉r 7−→mek 〈i, E, Gt1, ρ∗HGt2, ρ∗H〉f (r-conf-app-i)〈i, E, G〈t i+1〉, ρ∗H〉r 7−→mek 〈i, E, 〈Gt i+1, ρ∗H〉〉f (r-conf-code-i)〈i, E, G!t i, ρ∗H〉r 7−→mek 〈i, E, !Gt i, ρ∗H〉f (r-conf-run-i)〈i, E, G∼t i, ρ∗H〉r 7−→mek 〈i, E, ∼Gt i, ρ∗H〉f (r-conf-splice-(i+1))〈i, E, Gt1 + t2, ρ∗H〉r 7−→mek 〈i, E, Gt1, ρ∗H+Gt2, ρ∗H〉f (r-conf-plus-i)Focus rules: 〈i, E i(0, ci〉f〈i, E, Gt, ρ∗H〉f 7−→mek 〈i, E, Gt, ρ∗H〉r (f-conf-i)〈i+1, E, x〉f 7−→mek 〈i+1, E, x〉b (f-var-(i+1))〈i, E, c1 c2〉f 7−→mek 〈i, E[ c2], c1〉f (f-appL-i)〈0, E, Iλx.t, ρ∗J〉f 7−→mek 〈0, E, Iλx.t, ρ∗J〉b (f-lambda-0)〈i+1, E, λx.c〉f 7−→mek 〈i+1, E[λx.], c〉f (f-lambda-(i+1))〈i, E, 〈c〉〉f 7−→mek 〈i+1, E[〈〉], c〉f (f-code-i)〈i+1, E, ∼c〉f 7−→mek 〈i, E[∼], c〉f (f-splice-(i+1))〈i, E, !c〉f 7−→mek 〈i, E[!], c〉f (f-run-i)〈i, E, n〉f 7−→mek 〈i, E, n〉b (f-num-i)〈i, E, c1 + c2〉f 7−→mek 〈i, E[+ c2], c1〉f (f-plusL-i)Build rules: 〈i, E i(0, vi〉b〈0, , v〉b 7−→mek v (b-value-0)〈i, E[ c2], v1〉b 7−→mek 〈i, E[v1 ], c2〉f (b-appL-i)〈0, E[v1 ], v2〉b 7−→mek 〈0, E, v1 v2〉r (b-appR-0)〈i+1, E[v1 ], v2〉b 7−→mek 〈i+1, E, v1 v2〉b (b-appR-(i+1))〈i+1, E[λx.], v〉b 7−→mek 〈i+1, E, λx.v〉b (b-lambda-(i+1))〈i+1, E[〈〉], v〉b 7−→mek 〈i, E, 〈v〉〉b (b-code-(i+1))〈0, E[∼], v〉b 7−→mek 〈1, E, ∼v〉r (b-splice-0)〈i+1, E[∼], v〉b 7−→mek 〈i+2, E, ∼v〉b (b-splice-(i+1))〈0, E[!], v〉b 7−→mek 〈0, E, !v〉r (b-run-0)〈i+1, E[!], v〉b 7−→mek 〈i+1, E, !v〉b (b-run-(i+1))〈i, E[+ c2], v1〉b 7−→mek 〈i, E[v1 +], c2〉f (b-plusL-i)〈0, E[v1 +], v2〉b 7−→mek 〈0, E, v1 + v2〉r (b-plusR-0)〈i+1, E[v1 +], v2〉b 7−→mek 〈i+1, E, v1 + v2〉b (b-plusR-(i+1))1035.6. Environmental MetaML - Abstract Machine (MEK Machine)The reduction relation C1 7−→mek C2 reads as “C1 reduces to C2” or “C1 single-reduces to C2”.The intuition behind the above relation is analogous to that of CEK machine’s reduction relation. Seecomments below Definition 108.Definition 193 (Multi-reduction Relation). Let the multi-reduction relation 7−→∗mek be the reflexive-transitiveclosure of the reduction relation 7−→mek.The abstract machine defined above is also known as the MEK machine. M stands for multi-stage, Estands for environment, and K stands for continuation, i.e., the evaluation context.Example 194. Consider !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉.We first construct a closure that pairs the above term with an initial meta-environment:G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)HThen we construct the initial machine configuration at focus mode:〈0, , G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H〉fBy the MEK machine, we have:〈0, , G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H〉f7−→∗mek Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)Jas demonstrated in Figure 5.2.Evaluator. We now define an evaluator in terms of the MEK machine. The MEK machine’s multi-reduction relation is defined on machine configurations. Given a program t, the evaluator applies themulti-reduction relation on the machine configuration 〈0, , Gt, (ρVAR(t)init ;ε)H〉f in which the program isassociated with an initial meta-environment and an empty evaluation context. The evaluator is otherwiseanalogous to the one defined in terms of the reduction semantics of Environmental MetaML.Definition 195 (Evaluator based on MEK Machine). Let the evaluator evalMetaML:MEK be a partial functionfrom the set of programs PRGMMetaML to the set of answers ANSMetaML.evalMetaML:MEK : PRGMMetaML ⇀ ANSMetaMLevalMetaML:MEK(t) =function if 〈0, , Gt, (ρVAR(t)init ;ε)H〉f 7−→∗mek Iλx.t ′0 , ρ∗Jcode if 〈0, , Gt, (ρVAR(t)init ;ε)H〉f 7−→∗mek 〈v1〉n if 〈0, , Gt, (ρVAR(t)init ;ε)H〉f 7−→∗mek nThis evaluator is defined based on the MEK machine. The subscript “MetaML:MEK” in evalMetaML:MEKdenotes the MEK machine of Environmental MetaML.1045.6.EnvironmentalMetaML-AbstractMachine(MEKMachine)〈0, , G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H 〉f7−→mek 〈0, , G!〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H 〉r7−→mek 〈0, , !G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H 〉f7−→mek 〈0, [!], G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H 〉f7−→mek 〈0, [!], G〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉, ({(x,x),(y,y)};ε)H 〉r7−→mek 〈0, [!], 〈Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H〉 〉f7−→mek 〈1, [!][〈〉], Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H 〉f7−→mek 〈1, [!][〈〉], Gλy.(∼((λx.〈x〉) (λx.y)) 0), ({(x,x),(y,y)};ε)H 〉r7−→mek 〈1, [!][〈〉], λ z.G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H 〉fwhere z /∈ {x,y}7−→mek 〈1, [!][〈〉][λ z.], G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈1, [!][〈〉][λ z.], G∼((λx.〈x〉) (λx.y)) 0, ({(x,x),(y,z),(z,z)};ε)H 〉r7−→mek 〈1, [!][〈〉][λ z.], G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)HG0, ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H], G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H], G∼((λx.〈x〉) (λx.y)), ({(x,x),(y,z),(z,z)};ε)H 〉r7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H], ∼G(λx.〈x〉) (λx.y), ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], G(λx.〈x〉) (λx.y), ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], G(λx.〈x〉) (λx.y), ({(x,x),(y,z),(z,z)};ε)H 〉r7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)HG(λx.y), ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][G(λx.y), ({(x,x),(y,z),(z,z)};ε)H], G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][G(λx.y), ({(x,x),(y,z),(z,z)};ε)H], G(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)H 〉r7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][G(λx.y), ({(x,x),(y,z),(z,z)};ε)H], I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][G(λx.y), ({(x,x),(y,z),(z,z)};ε)H], I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J 〉b7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J], G(λx.y), ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J], G(λx.y), ({(x,x),(y,z),(z,z)};ε)H 〉r7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)J], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉b7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], I(λx.〈x〉), ({(x,x),(y,z),(z,z)};ε)JI(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉r7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], G〈x〉, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H 〉f7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], G〈x〉, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H 〉r7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], 〈Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H〉 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉], Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉], Gx, ({(x,I(λx.y), ({(x,x),(y,z),(z,z)};ε)J),(y,z),(z,z)};ε)H 〉r7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉], GI(λx.y), ({(x,x),(y,z),(z,z)};ε)J, (ε)H 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉], GI(λx.y), ({(x,x),(y,z),(z,z)};ε)J, (ε)H 〉r7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼][〈〉], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉b7−→mek 〈0, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H][∼], 〈I(λx.y), ({(x,x),(y,z),(z,z)};ε)J〉 〉b7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H], ∼〈I(λx.y), ({(x,x),(y,z),(z,z)};ε)J〉 〉r7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉f7−→mek 〈1, [!][〈〉][λ z.][G0, ({(x,x),(y,z),(z,z)};ε)H], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 〉b7−→mek 〈1, [!][〈〉][λ z.][I(λx.y), ({(x,x),(y,z),(z,z)};ε)J], G0, ({(x,x),(y,z),(z,z)};ε)H 〉f7−→mek 〈1, [!][〈〉][λ z.][I(λx.y), ({(x,x),(y,z),(z,z)};ε)J], G0, ({(x,x),(y,z),(z,z)};ε)H 〉r7−→mek 〈1, [!][〈〉][λ z.][I(λx.y), ({(x,x),(y,z),(z,z)};ε)J], 0 〉f7−→mek 〈1, [!][〈〉][λ z.][I(λx.y), ({(x,x),(y,z),(z,z)};ε)J], 0 〉b7−→mek 〈1, [!][〈〉][λ z.], I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0 〉b7−→mek 〈1, [!][〈〉], λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0) 〉b7−→mek 〈0, [!], 〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0)〉 〉b7−→mek 〈0, , !〈λ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0)〉 〉r7−→mek 〈0, , Gλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)H 〉f7−→mek 〈0, , Gλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)H 〉r7−→mek 〈0, , Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)J 〉f7−→mek 〈0, , Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)J 〉b7−→mek Iλ z.(I(λx.y), ({(x,x),(y,z),(z,z)};ε)J 0), ({(x,x),(y,y),(z,z)};ε)JFigure 5.2: Evaluation of !〈λy.(∼((λx.〈x〉) (λx.y)) 0)〉 in the MEK Machine.1055.7. Chapter SummaryWe claim that the evaluators defined in terms of Environmental MetaML’s reduction semantics and theMEK machine are equivalent.Theorem 196 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:EnvRed(t) is Kleeneequal to evalMetaML:MEK(t).We prove the above theorem in appendices.As a corollary, the evaluators defined in terms of Substitutional MetaML and the MEK machine areequivalent.Corollary 197 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubSOS(t) is Kleeneequal to evalMetaML:MEK(t).Proof. It immediately follows from Theorems 179, 189 and 196 by the transitivity of Kleene equality.5.7 Chapter SummaryUtilising the experience of refining semantics along two dimensions, this chapter eventually solved thefollowing semantics refinement problem.Can we refine the substitutional structural operational semantics of MetaML to a correspond-ing environmental abstract machine, which we call the MEK machine, and demonstrate theirequivalence?We accomplished the development progressively in several manageable steps, each of which led to an inter-mediate semantics. We first reviewed the substitutional structural operational semantics of MetaML that wedeveloped in Section 2.2. Then we successively developed the structural operational semantics of ExplicitMetaML, the structural operational semantics of Suspended MetaML, the structural operational semanticsof Environmental MetaML, the reduction semantics of Environmental MetaML, and finally derived the ab-stract machine of Environmental MetaML. We call the abstract machine of Environmental MetaML theMEK machine.We defined an evaluator based on each semantics. By proving the equivalence of every two adjacentsemantics, we finally showed that the MEK machine is equivalent to the substitutional structural operationalsemantics of MetaML.By this chapter together with Chapter 2, we have successfully solved the main semantics refinementproblem.106Chapter 6Proof Methodology and Related WorkWe first summarise three proof techniques that were adopted throughout the thesis the prove semanticsequivalences. Then we compare our thesis with the related work.6.1 Proof MethodologyMost proofs of the thesis can be categorised as proving (1) the equivalence of two structural operationalsemantics, (2) the equivalence of a structural operational semantics and a reduction semantics, or (3) theequivalence of a reduction semantics and an abstract machine.Proving Equivalence of Two Structural Operational Semantics. To prove the equivalence of structuraloperational semantics of language A (defined by the single-step relation −→A and the multi-step relation−→∗A) and structural operational semantics of language B (defined by the single-step relation −→B and themulti-step relation −→∗B), we first define a bisimulation relation between their terms, i.e., ' ⊆ TERMA×TERMB. Then the key is to demonstrate that the bisimulation relation respects the following properties.1. ∀p ∈ PRGM, injA(p)' injB(p).That is, for any program, its injected initial terms in languages A and B shall be related.2. If vA ' vB, then obsA(vA) = obsB(vB).That is, two related values shall have the same observable results.3. Canonisation:(a) If vA ' tB, then tB −→∗B vB and vA ' vB.(b) If tA ' vB, then tA −→∗A vA and vA ' vB.4. Weak Bisimulation:(a) If tA1 ' tB1 and tA1 −→A tA2 , then tB1 −→∗B tB2 and tA2 ' tB2 .(b) If tA1 ' tB1 and tB1 −→B tB2 , then tA1 −→∗A tA2 and tA2 ' tB2 .The above-mentioned framework of proving the equivalence of structural operational semantics was motiv-ated by the bisimulation proof method [San11, PS12].1076.2. Related WorkProving Equivalence of a Structural Operational Semantics and a Reduction Semantics. To provethe equivalence of a structural operational semantics (defined by the single-step relation −→ and the multi-step relation−→∗) and a reduction semantics (defined by the reduction relation 7−→ and the multi-reductionrelation 7−→∗) of the same language, the key is to prove the following two lemmas.1. If t1 −→ t2, then t1 7−→ t2.We may need to prove: If t1 −→ t2 and E ∈ ECXT, then E[t1] 7−→ E[t2].2. If t1 7−→ t2, then t1 −→ t2.We may need to prove: If t1 −→ t2 and E ∈ ECXT, then E[t1]−→ E[t2].Proving Equivalence of a Reduction Semantics and an Abstract Machine. To prove the equivalence ofa reduction semantics (defined by the single-reduction relation 7−→ and the multi-reduction relation 7−→∗)and an abstract machine (defined by the reduction relation 7−→abs and the multi-reduction relation 7−→∗abs) ofthe same language, we first define a translatorT to translate any machine configuration to its correspondingterm. Then the key is to prove the following two lemmas.1. If E0[t0] = E1[t1] and E1[t1] 7−→ E1[t2] where t1 R t2, then 〈E0, t0〉f 7−→∗abs 〈E0, t0〉f.We may need to prove: If t = E1[t1] and t1 R t2, then 〈E, t〉f 7−→∗abs 〈EE1, t1〉f.2. If C1 7−→abs C2, then T (C1) 7−→∗ T (C2).The above-mentioned framework of proving the equivalence of a reduction semantics and an abstract ma-chine was motivated by the proof of the equivalence of the CC machine and the substitutional reductionsemantics of ISWIM in [FFF09].The above-mentioned three proof frameworks are adaptable to more complex languages. For example,the language of our interest may define its single-step relation (or the single-reduction relation) on config-urations rather than on terms. As a result, we need to replace all t’s by c’s in the frameworks. As anotherexample, in a multi-stage language, a machine configuration may have a level component. As a result, weneed to add one more component of levels to any machine configuration in the last framework.6.2 Related WorkMulti-stage Programming Languages. Several multi-stage programming languages and language ex-tensions have been developed. For example, there are MetaML [TS97, She98, Tah99a, Tah99b] extendsML, MetaOCaml [Tah04] extends OCaml, MetaHaskell [Mai12] extends Haskell, Mint [WRI+09] extendsJava and Metaphor [NR04] that extends C#. We intensively studied MetaML in the thesis.Operational Semantics of MetaML. Taha [Tah99a] modelled a minimal subset of MetaML through twoformulations that extend the lambda calculus, i.e., the λ -M language and the λ -U language. They presenteda call-by-value substitutional natural semantics and a call-by-name substitutional natural semantics for the1086.2. Related Workλ -M language. They developed a call-by-name substitutional reduction semantics for the λ -U language anddemonstrated its equivalence with respect to the call-by-name substitutional natural semantics of the λ -Mlanguage.Our thesis took the call-by-value substitutional natural semantics of λ -M language defined in [Tah99a]as the reference semantics of MetaML. The substitutional structural operational semantics of MetaML de-veloped in Chapter 2 can be deemed as a call-by-value substitutional structural operational semantics for theλ -M language.Refining Semantics for ISWIM. Felleisen et al. [FFF09] presented how to develop the CEK machinefrom the substitutional reduction semantics of ISWIM and demonstrated their equivalence. Given the sub-stitutional reduction semantics of ISWIM, they first derived a substitutional abstract machine called theCC machine in which a machine state is composed by a control string and an evaluation context. Theythen simplified the CC machine to the SCC machine to eliminate unnecessary state transition rules andside-conditions. Next they introduced a date structure called a continuation to make the evaluation contextaround the current control string the most evident and they refined the SCC machine to the CK machinein which a machine state is composed by a control string and a continuation. Finally they refined the CKmachine to an environmental abstract machine, the CEK machine, by introducing environments to representsubstitutions. Each CEK machine state has three components: a control string, an environment and a con-tinuation. Furthermore, they built an evaluator for each above-mentioned semantics and they demonstratedthe equivalence of the evaluators.Chapter 3 of our thesis developed the CEK machine from the substitutional structural operational se-mantics of ISWIM. Instead of deriving a series of abstract machines, we developed a series of structuraloperational semantics. We introduced explicit substitutions in the structural operational semantics of Ex-plicit ISWIM, suspended explicit substitutions in the structural operational semantics of Suspended ISWIMand environments in the structural operational semantics of Environmental ISWIM. We developed a reduc-tion semantics for Environmental ISWIM, based on which the CEK machine was formulated.Our thesis represents continuations by evaluation contexts. [FFF09] maintained a unique data structureto represent continuations but we did not.Explicit Substitutions. The idea of explicit substitutions was introduced in [Cur85, ACCL91]. The de-velopment of Explicit ISWIM was partially inspired and motivated by the definitions of λx-terms and thedefinitions of λxgc-reduction in the λxgc-calculus [Ros96].Proof Methodology. As mentioned in the previous section, the framework of proving the equivalenceof structural operational semantics was motivated by the bisimulation proof method [San11, PS12]. Theframework of proving the equivalence of a reduction semantics and an abstract machine was motivated bythe proof of the equivalence of the CC machine and the substitutional reduction semantics of ISWIM in[FFF09].109Chapter 7ConclusionWe conclude this thesis, summarise the limitations and list several directions for future work.7.1 ConclusionThis thesis studied the problem of refining operational semantics for MetaML. We took the pre-existingsubstitutional natural semantics presented in [Tah99a] as the reference semantics of MetaML. The mainresearch problem of our thesis, which was called the main semantics refinement problem, was stated as:Can we refine the pre-existing substitutional natural semantics of MetaML to a correspondingenvironmental abstract machine and demonstrate their equivalence?As an environmental abstract machine is a small-step operational semantics, its development is more naturaland convenient to start from a structural operational semantics than a natural semantics. In Chapter 2, wedeveloped a substitutional structural operational semantics for MetaML and demonstrated its equivalencewith respect to the substitutional natural semantics.We then simplified the main semantics refinement problem along two dimensions—each dimensionleads to a less complicated semantics refinement problem.Following the first dimension, Chapter 3 studied how to develop an environmental abstract machine for asingle-stage language, ISWIM, rather than the multi-stage language MetaML. We refined the substitutionalstructural operational semantics of ISWIM to its corresponding environmental abstract machine known asthe CEK machine.Following the second dimension, Chapter 4 studied how to develop a substitutional abstract machinerather than an environmental abstract machine for the multi-stage language MetaML. We refined the sub-stitutional structural operational semantics of MetaML to its corresponding substitutional abstract machine,which we called the MK machine.Utilising the experience of refining semantics along two dimensions, Chapter 5 finally studied the mainsemantics refinement problem, i.e., how to develop an environmental abstract machine for MetaML. Werefined the substitutional structural operational semantics of MetaML to its corresponding environmentalabstract machine, which we called the MEK machine.Furthermore, three proof techniques were adopted throughout the thesis to prove the equivalence oftwo structural operational semantics, the equivalence of a structural operational semantics and a reductionsemantics, and the equivalence of a reduction semantics and an abstract machine.1107.2. Limitations and Future Work7.2 Limitations and Future WorkWe briefly summarise the limitations of our thesis and point out several research ideas to be further exploredin future work.Simplifying Abstract Machines. We developed the CEK machine in Chapter 3, the MK machine inChapter 4 and the MEK machine in Chapter 5. These machines have several redundant transformations ofmachine configurations. Felleisen et al. [FFF09] simplified abstract machines by (1) letting the machineexploit information from both the control strings and the evaluation contexts, and (2) combining definitetransformations. Adopting the same approach, we can simplify our CEK machine, CK machine and MEKmachine analogously. For example, for the MEK machine, the (b-appR-0) rule〈0, E[v1 ], v2〉b 7−→mek 〈0, E, v1 v2〉rand the (r-app-0) rule〈0, E, Iλx.t0, (ρ;ρ∗)J v0〉r 7−→mek 〈0, E, Gt0, (ρ[x 7→ v0];ρ∗)H〉fcan be merged into one rule〈0, E[v1 ], v2〉b 7−→mek 〈0, E, Gt0, (ρ[x 7→ v0];ρ∗)H〉f.Modelling Fresh Variables. The (lambda-(i+1)-t) rule of the single-step relation of Suspended MetaML,the (lam-(i+1)-env) rule of the single-step relation of Environmental MetaML, the (conf-lam-(i+1)) rule ofthe notions of reduction of Environmental MetaML and the (r-conf-lam-(i+1)) rule of the single-transformationrelation of the MEK machine require that the variable xN is globally fresh in the sense that it has not ap-peared in the current term/configuration being evaluated or in its surrounding context. Being globally freshis a very strict restriction on xN .To loosen the restriction, we may maintain a set of variables W to keep track of the variables that havelost their freshness due to acting as a fresh variable before in the above-mentioned rules. Then we mayinterpret “xN is fresh” as that the variable xN is locally fresh and does not belong to W . We need formalproofs to support our conjecture.Modelling Environments by Finitary Functions. In Environmental MetaML, to evaluate a programt0s , we first construct the initial configuration Gt0s , (ρVAR(t0s )init ;ε)H and pass it to the semantics. Moreover,Environmental MetaML reduces !〈v1〉 to the initial configuration Gt0s , (ρXinit;ε)H where the variable setXcontains the variables in the current configuration being evaluated and in its surrounding context. Envir-onmental MetaML models environments as partial functions from variables to denotable terms and needscollecting all variables that exist in the program for the initial configurations.We propose to model environments as total functions from variables to denotable terms with the re-striction that only a finite number of variables do not map to themselves, which we call finitary functions.1117.2. Limitations and Future WorkThere are several reasons that finitary functions are suitable for modelling environments in EnvironmentalMetaML. First of all, this model eliminates the extra ad-hoc step of collecting all variables that exist in theprogram for the initial configurations. The initial meta-environment in an initial configuration is simply thesingleton list containing the identity environment. Secondly, this model captures the possibility of comput-ing with open terms while preserving the finitary character of any environment that may arise during realcomputation. Thirdly, this model still allows us to reason by induction on non-identical mappings of envir-onments. Fourthly, this model allows separating the computer representation (i.e., a finite list of mappings)from the mathematical model (i.e., a finitary function). We conjecture that changing how environments aremodelled in Environmental MetaML will not cause fundamental problems in developing the MEK machine.Machine-checked Proofs. All proofs of the thesis are handwritten, which we believe are error-prone. Wemay utilise the proof assistants [BC04, BDN09] to check our proofs mechanically.Abstract Interpretation of MEK Machine. The reason that we developed the MEK machine is to applya general-purpose framework of developing static analysis [VHM12] to it. With the help of the framework,it is expected that we are able to get a sound and decidable control flow analysis for MetaML.112Bibliography[ACCL91] Martin Abadi, Luca Cardelli, P-L Curien, and J-J Lévy, Explicit substitutions, Journal of func-tional programming 1 (1991), no. 04, 375–416.[BC04] Yves Bertot and Pierre Casteran, Interactive theorem proving and program development, Spring-erVerlag, 2004.[BDN09] Ana Bove, Peter Dybjer, and Ulf Norell, A brief overview of agda–a functional language with de-pendent types, International Conference on Theorem Proving in Higher Order Logics, Springer,2009, pp. 73–78.[Cur85] P. L. Curien, Categorical combinatory logic, pp. 130–139, Springer Berlin Heidelberg, Berlin,Heidelberg, 1985.[FF86] Matthias Felleisen and Daniel P Friedman, Control operators, the secd-machine, and the λ -calculus, Indiana University, Computer Science Department, 1986.[FFF09] Matthias Felleisen, Robert Bruce Findler, and Matthew Flatt, Semantics engineering with pltredex, The MIT Press, 2009.[FH92] Matthias Felleisen and Robert Hieb, The revised report on the syntactic theories of sequentialcontrol and state, Theoretical computer science 103 (1992), no. 2, 235–271.[JGS93] Neil D Jones, Carsten K Gomard, and Peter Sestoft, Partial evaluation and automatic programgeneration, Peter Sestoft, 1993.[Kah87] G. Kahn, Natural semantics, pp. 22–39, Springer Berlin Heidelberg, Berlin, Heidelberg, 1987.[Kle52] S.C. Kleene, Introduction to metamathematics, Bibliotheca Mathematica, Wolters-Noordhoff,1952.[Lan64] Peter J Landin, The mechanical evaluation of expressions, The Computer Journal 6 (1964), no. 4,308–320.[Lan66] , The next 700 programming languages, Communications of the ACM 9 (1966), no. 3,157–166.[Mai12] Geoffrey Mainland, Explicitly heterogeneous metaprogramming with metahaskell, ACM SIG-PLAN Notices, vol. 47, ACM, 2012, pp. 311–322.113[NR04] Gregory Neverov and Paul Roe, Metaphor: A multi-stage, object-oriented programming lan-guage, pp. 168–185, Springer Berlin Heidelberg, Berlin, Heidelberg, 2004.[Plo81] Gordon D Plotkin, A structural approach to operational semantics.[PS12] Damien Pous and Davide Sangiorgi, Enhancements of the bisimulation proof method, AdvancedTopics in Bisimulation and Coinduction (2012).[Ros96] Kristoffer Høgsbro Rose, Explicit substitution: tutorial & survey, Computer Science Depart-ment, 1996.[San11] Davide Sangiorgi, Introduction to bisimulation and coinduction, Cambridge University Press,New York, NY, USA, 2011.[She98] Tim Sheard, Using metaml: A staged programming language, Advanced Functional Program-ming, Springer, 1998, pp. 207–239.[She01] , Accomplishments and research challenges in meta-programming, pp. 2–44, SpringerBerlin Heidelberg, Berlin, Heidelberg, 2001.[Tah99a] Walid Taha, Multi-stage programming: Its theory and applications, Ph.D. thesis, Oregon Gradu-ate Institute of Science and Technology, 1999.[Tah99b] , A sound reduction semantics for untyped cbn mutli-stage computation. or, the theoryof metaml is non-trival, ACM SIGPLAN Notices 34 (1999), no. 11, 34–43.[Tah04] , A gentle introduction to multi-stage programming, Domain-Specific Program Genera-tion, Springer, 2004, pp. 30–50.[TS97] Walid Taha and Tim Sheard, Multi-stage programming with explicit annotations, ACM SIG-PLAN Notices, vol. 32, ACM, 1997, pp. 203–217.[VHM12] David Van Horn and Matthew Might, Systematic abstraction of abstract machines, Journal ofFunctional Programming 22 (2012), no. 4-5, 705–746.[WRI+09] Edwin Westbrook, Mathias Ricken, Jun Inoue, Yilong Yao, Tamer Abdelatif, and Walid Taha,Multi-stage programming for mainstream languages, Tech. report, Technical Report TR09-02,Rice University, 2009.114Appendix AProofs of Chapter 2A.1 Equivalence of Substitutional Natural Semantics and SubstitutionalStructural Operational Semantics of MetaMLWe demonstrate the equivalence of the substitutional natural semantics and the substitutional structuraloperational semantics of MetaML.Lemma 198.1. If t i+11 −→∗(i+1) t i+12 , then λx.t i+11 −→∗(i+1) λx.t i+12 .2. If t i11 −→∗i t i12, then t i11 t i2 −→∗i t i12 t i2.3. If t i21 −→∗i t i22, then vi1 t i21 −→∗i vi1 t i22.4. If t i1 −→∗i t i2, then !t i1 −→∗i!t i2.5. If t i+11 −→∗(i+1) t i+12 , then 〈t i+11 〉 −→∗i 〈t i+12 〉.6. If t i1 −→∗i t i2, then ∼t i1 −→∗(i+1) ∼t i2.7. If t i11 −→∗i t i12, then t i11+ t i2 −→∗i t i12+ t i2.8. If t i21 −→∗i t i22, then vi1+ t i21 −→∗i vi1+ t i22.Proof. We proceed by cases.1. Suppose the length of t i+11 −→∗(i+1) t i+12 is j ∈ N. By induction on j.(a) ( j = 0). Then t i+11 = ti+12 . By (refl), λx.ti+11 −→∗(i+1) λx.t i+12 .(b) Suppose t i+11 −→( j)(i+1) t i+111 −→(1)(i+1) t i+12 . By the induction hypothesis, λx.t i+11 −→∗(i+1)λx.t i+111 . Given ti+111 −→i+1 t i+12 , by (lambda-(i+1)), λx.t i+111 −→i+1 λx.t i+12 . By (step) and (trans),λx.t i+11 −→∗(i+1) λx.t i+12 .2. Suppose the length of t i11 −→∗i t i12 is j ∈ N. By induction on j.(a) ( j = 0). Then t i11 = ti12. By (refl), ti11 ti2 −→∗i t i12 t i2.(b) Suppose t i11 −→( j)(i) t i111 −→(1)(i) t i12. By the induction hypothesis, t i11 t i2 −→∗i t i111 t i2. Givent i111 −→i t i12, by (appL-i), t i111 t i2 −→i t i12 t i2. By (step) and (trans), t i11 t i2 −→∗i t i12 t i2.115A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaML3. Analogous to Case 2.4. Suppose the length of t i1 −→∗i t i2 is j ∈ N. By induction on j.(a) ( j = 0). Then t i1 = ti2. By (refl), !ti1 −→∗i!t i2.(b) Suppose t i1 −→( j)(i) t i11 −→(1)(i) t i2. By the induction hypothesis, !t i1 −→∗i!t i11. Given t i11 −→i t i2,by (run-i), !t i11 −→i!t i2. By (step) and (trans), !t i1 −→∗i!t i2.5. Analogous to Case 4.6. Analogous to Case 4.7. Analogous to Case 2.8. Analogous to Case 3.Theorem 199. −→∗i admits every rule from ⇓i.1. λx.t0 −→∗0 λx.t0.2. If t i+11 −→∗(i+1) vi+12 , then λx.t i+11 −→∗(i+1) λx.vi+12 .3. If t01 −→∗0 λx.t011, t02 −→∗0 v02, and t011[v02/x]−→∗0 v0, then t01 t02 −→∗0 v0.4. If t i1 −→∗i vi1 and t i2 −→∗i vi2, then t i1 t i2 −→∗i vi1 vi2.5. If t01 −→∗0 〈v11〉 and v11 −→∗0 v02, then !t01 −→∗0 v02.6. If t i −→∗i vi, then !t i −→∗i!vi.7. If t i+1 −→∗(i+1) vi+1, then 〈t i+1〉 −→∗i 〈vi+1〉.8. If t0 −→∗0 〈v1〉, then ∼t0 −→∗1 v1.9. If t i −→∗i vi, then ∼t i −→∗(i+1) ∼vi.10. x−→∗(i+1) x.11. n−→∗i n.12. If t01 −→∗0 n1, t02 −→∗0 n2, and n = n1+n2, then t01 + t02 −→∗0 n.13. If t i1 −→∗i vi1 and t i2 −→∗i vi2, then t i1+ t i2 −→∗i vi1+ vi2.Proof. We proceed by cases.1. By (refl), λx.t0 −→∗0 λx.t0.116A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaML2. By Lemma 198 Case 1.3. By Case 4, t01 t02 −→∗0 (λx.t011) v02. By (app-0), (λx.t011) v02 −→0 t011[v02/x]. By (step), (λx.t011) v02 −→∗0t011[v02/x]. Together with t011[v02/x]−→∗0 v0, by (trans), t01 t02 −→∗0 v0.4. By Lemma 198 Case 2, t i1 ti2−→∗i vi1 t i2. By Lemma 198 Case 3, vi1 t i2−→∗i vi1 vi2. By (trans), t i1 t i2−→∗ivi1 vi2.5. By Case 6, !t01 −→∗0!〈v11〉. By (run-0), !〈v11〉 −→0 v11. By (step), !〈v11〉 −→∗0 v11. Together withv11 −→∗0 v02, by (trans), !t01 −→∗0 v02.6. By Lemma 198 Case 4.7. By Lemma 198 Case 5.8. By Case 9, ∼t0 −→∗1 ∼〈v1〉. By (splice-1), ∼〈v1〉 −→1 v1. By (step) and (trans), ∼t0 −→∗1 v1.9. By Lemma 198 Case 6.10. By (refl), x−→∗(i+1) x.11. By (refl), n−→∗i n.12. By Case 13, t01 + t02 −→∗0 n1+n2. By (plus-0), n1+n2 −→0 n. By (step) and (trans), t01 + t02 −→∗0 n.13. By Lemma 198 Case 7, t i1+ ti2 −→∗i vi1+ t i2. By Lemma 198 Case 8, vi1+ t i2 −→∗i vi1+ vi2. By (trans),t i1+ ti2 −→∗i vi1+ vi2.We demonstrate the soundness of the substitutional structural operational semantics with respect to thesubstitutional natural semantics of MetaML.Corollary 200 (Soundness of Substitutional Structural Operational Semantics w.r.t Substitutional NaturalSemantics). If t i ⇓i vi then t i −→∗i vi.Proof. We proceed by induction on the derivation of t i ⇓i vi.Case 1. (lambda-0). By Theorem 199 Case 1.Case 2. (lambda-(i+1)). By Theorem 199 Case 2.Case 3. (app-0). By Theorem 199 Case 3.Case 4. (app-(i+1)). By Theorem 199 Case 4.Case 5. (run-0). By Theorem 199 Case 5.Case 6. (run-(i+1)). By Theorem 199 Case 6.117A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaMLCase 7. (code-i). By Theorem 199 Case 7.Case 8. (splice-1). By Theorem 199 Case 8.Case 9. (splice-(i+2)). By Theorem 199 Case 9.Case 10. (ref-(i+1)). By Theorem 199 Case 10.Case 11. (num-i). By Theorem 199 Case 11.Case 12. (plus-0). By Theorem 199 Case 12.Case 13. (plus-(i+1)). By Theorem 199 Case 13.Theorem 201.1. If λx.t1 −→∗i v2, then either(a) i = 0 and v2 = λx.t1 ; or(b) i = ( j+1)> 0, t1 −→∗( j+1) v j+121 , and v2 = λx.v j+121 .2. If t1 t2 −→∗i v, then t1 −→∗i vi1, t2 −→∗i vi2, and either(a) i = 0, v01 = λx.t011, and t011[v02/x]−→∗0 v; or(b) i = ( j+1)> 0, v = v j+11 vj+12 .3. If !t1 −→∗i v2, then t1 −→∗i vi1, and either(a) i = 0, v01 = 〈v111〉, and v111 −→∗0 v2; or(b) i = ( j+1)> 0, and v2 =!vj+11 .4. If 〈t1〉 −→∗i v2, then t1 −→∗(i+1) vi+11 , and v2 = 〈vi+11 〉.5. If ∼t1 −→∗i v2, then i = ( j+1)> 0, t1 −→∗ j v j1, and either(a) j = 0, v01 = 〈v111〉, and v2 = v111; or(b) j = (k+1)> 0, and v2 =∼vk+11 .6. If x−→∗i v, then i = ( j+1)> 0, and v = x.7. If n−→∗i v, then v = n.8. If t1+ t2 −→∗i v, then t1 −→∗i vi1, t2 −→∗i vi2, and either(a) i = 0, v01 = n1, v02 = n2, and v = n1+n2; or118A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaML(b) i = ( j+1)> 0, v = v j+11 + vj+12 .Proof. We proceed by cases.1. We proceed by cases on i.(a) (i = 0). Then, λx.t1 ∈ VALUE0, and λx.t1 6−→0. By (refl), v2 = λx.t01 .(b) (i = ( j+1)> 0). Suppose the length of λx.t1 −→∗( j+1) v2 is k ∈ N. By induction on k.i. (k = 0). Then, v2 = λx.t1, and t1 ∈ VALUEi+1. By (refl), t1 −→∗( j+1) t1.ii. Suppose λx.t1 −→(1)( j+1) t2 −→(k)( j+1) v2. Proceed by cases on λx.t1 −→ j+1 t2. The onlycase is (lambda-(i+1)). Then, t1 −→ j+1 t21, and t2 = λx.t21. Given λx.t21 −→(k)( j+1) v2,by the induction hypothesis, t21 −→∗( j+1) v j+121 , and v2 = λx.v j+121 . By (step) and (trans),t1 −→∗( j+1) v j+121 .2. Suppose t1 does not multi-step to a value. Then, (appL-i) is the only rule that is applicable, and itkeeps applying, in which case t1 t2 can never multi-step to v. Hence, t1 has to multi-step to a value,i.e., t1 −→∗i vi1. Analogously, t2 has to multi-step to a value, i.e., t2 −→∗i vi2. We have t1 t2 −→∗i vi1 vi2.We proceed by cases on i.(a) (i= 0). Assume v01 6= λx.t011. Then, v01 v02 6−→0 and v01 v02 6∈VALUE0. We get t1 t2−→∗0 v01 v02 6−→∗0v, which contradicts with t1 t2 −→∗0 v. Hence, v01 = λx.t011.Given v01 v02 = (λx.t011) v02, (app-0) is the only rule that is applicable. By (app-0), (λx.t011) v02 −→0t011[v02/x]. Given (λx.t011) v02 −→∗0 v, by the determinism of the language, t011[v02/x]−→∗0 v.(b) (i = ( j+1)> 0). Then v j+11 vj+12 ∈ VALUE j+1. v = v j+11 v j+12 .3. Suppose t1 does not multi-step to a value. Then, (run-i) is the only rule that is applicable, and it keepsapplying, in which case !t1 can never multi-step to v2. Hence, t1 has to multi-step to a value, i.e.,t1 −→∗i vi1. We proceed by cases on i.(a) (i = 0). Assume v01 6= 〈v111〉. Then, !v01 6−→0 and !v01 6∈ VALUE0. We get !t1 −→∗0!v01 6−→∗0 v2,which contradicts with !t1 −→∗i v2. Hence, v01 = 〈v111〉.Given !v01 =!〈v111〉, (run-0) is the only rule that is applicable. By (run-0), !〈v111〉 −→0 v111. Given!〈v111〉 −→∗0 v2, by the determinism of the language, v111 −→∗0 v2.(b) (i = ( j+1)> 0). Then, !v j+11 ∈ VALUE j+1. v2 =!v j+11 .4. Suppose t1 does not multi-step to a value. Then, (code-i) is the only rule that is applicable, and itkeeps applying, in which case 〈t1〉 can never multi-step to v2. Hence, t1 has to multi-step to a value,i.e., t1 −→∗(i+1) vi+11 . Then, 〈vi+11 〉 ∈ VALUEi. v2 = 〈vi+11 〉.5. Analogous to Case 3.6. By (refl), x−→∗( j+1) x. x ∈ VALUE j+1. v = x.119A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaML7. By (refl), n−→∗i n. n ∈ VALUEi. v = n.8. Analogous to Case 2.We demonstrate the completeness of the substitutional structural operational semantics with respect tothe substitutional natural semantics of MetaML.Corollary 202 (Completeness of Substitutional Structural Operational Semantics w.r.t Substitutional Nat-ural Semantics). If t i −→∗i vi then t i ⇓i vi.Proof. We proceed by the structure of t i ∈ TERMi and by induction on the size of derivation of t i −→∗i vi.Case 1. (t i = x). By Theorem 201, i = ( j+1)> 0, and v = x. By (ref-(i+1)), x ⇓ j+1 x.Case 2. (t i = t i1 ti2). By Theorem 201, ti1 −→∗i vi1, t i2 −→∗i vi2, and either• i = 0, v01 = λx.t011, and t011[v02/x]−→∗0 v0; or• i = ( j+1)> 0, v j+1 = v j+11 v j+12 .Given t i1 −→∗i vi1 and t i2 −→∗i vi2, by the induction hypothesis, t i1 ⇓i vi1 and t i2 ⇓i vi2. Proceed bycases on i.Case i. (i= 0). Obviously the derivation of t011[v02/x]−→∗0 v0 is smaller than that of t01 t02 −→∗0v0. By the induction hypothesis, t011[v02/x] ⇓∗0 v0. Together with t01 ⇓0 λx.t011 andt02 ⇓0 v02, by (app-0), t01 t02 ⇓0 v0.Case ii. (i=( j+1)> 0). Given t j+11 ⇓ j+1 v j+11 and t j+12 ⇓ j+1 v j+12 , by (app-(i+1)), t j+11 t j+12 ⇓ j+1v j+11 vj+12 .Case 3. (t i = λx.t i1). By Theorem 201, either• i = 0 and v0 = λx.t01 ; or• i = ( j+1)> 0, t j+11 −→∗( j+1) v j+12 , and v j+1 = λx.v j+12 .Proceed by cases on i.Case i. (i = 0). By (lambda-0), λx.t01 ⇓0 λx.t01 .Case ii. (i = ( j+ 1) > 0). By the induction hypothesis, t j+11 ⇓ j+1 v j+12 . By (lambda-(i+1)),λx.t j+11 ⇓ j+1 λx.v j+12 .Case 4. (t i = 〈t i+11 〉). By Theorem 201, t i+11 −→∗(i+1) vi+11 , and vi = 〈vi+11 〉. By the induction hypothesis,t i+11 ⇓i+1 vi+11 . By (code-i), 〈t i+11 〉 ⇓i+1 〈vi+11 〉.Case 5. (t i+1 =∼t i1). By Theorem 201, t i1 −→∗i vi1, and either120A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaML1. i = 0, v01 = 〈v111〉, and v1 = v111; or2. i = ( j+1)> 0, and v j+2 =∼v j+11 .Given t i1 −→∗i vi1, by the induction hypothesis, t i1 ⇓i vi1. Proceed by cases on i.Case i. (i = 0). Given t01 ⇓i 〈v111〉, by (splice-1), ∼t01 ⇓1 v111.Case ii. (i = ( j+1)> 0). By (splice-(i+2)), ∼t j+11 ⇓ j+2 ∼v j+11 .Case 6. (t i =!t i1). Analogous to Case 5.Case 7. (t i = n). By Theorem 201, vi = n. By (num-i), n ⇓i n.Case 8. (t i = t i1+ ti2). Analogous to Case 2.We demonstrate the soundness and completeness of the substitutional structural operational semanticswith respect to the substitutional natural semantics of MetaML.Theorem 203 (Soundness and Completeness of Substitutional Structural Operational Semantics w.r.t Sub-stitutional Natural Semantics). For any i ∈ N, t i ⇓i vi if and only if t i −→∗i vi.Proof. It directly follows Corollaries 200 and 202.We prove the Kleene equality of evaluators evalMetaML:SubNat(t) and evalMetaML:SubSOS(t).Theorem 204 (Kleene Equality of Evaluators). For any t ∈ PRGMMetaML, evalMetaML:SubNat(t) is Kleeneequal to evalMetaML:SubSOS(t).Proof. For any t ∈ PRGMMetaML, by Theorem 203, t0 ⇓0 v0 if and only if t0 −→∗0 v0.We first show if evalMetaML:SubNat(t) = a where a ∈ ANSMetaML, then evalMetaML:SubSOS(t) = a.Case 1. If evalMetaML:SubNat(t) = function, then t ⇓0 λx.t ′0 . Then t −→0∗ λx.t ′0 .We have evalMetaML:SubSOS(t) = function.Case 2. If evalMetaML:SubNat(t) = code, then t ⇓0 〈v1〉. Then t −→0∗ 〈v1〉.We have evalMetaML:SubSOS(t) = code.Case 3. If evalMetaML:SubNat(t) = n, then t ⇓0 n. Then t −→0∗ n.We have evalMetaML:SubSOS(t) = n.We then show if evalMetaML:SubSOS(t) = a where a ∈ ANSMetaML, then evalMetaML:SubNat(t) = a.Case 1. If evalMetaML:SubSOS(t) = function, then t −→0∗ λx.t ′0 . Then t ⇓0 λx.t ′0 .We have evalMetaML:SubNat(t) = function.121A.1. Equivalence of Substitutional Natural Semantics and Substitutional Structural Operational Semantics of MetaMLCase 2. If evalMetaML:SubSOS(t) = code, then t −→0∗ 〈v1〉. Then t ⇓0 〈v1〉.We have evalMetaML:SubNat(t) = code.Case 3. If evalMetaML:SubSOS(t) = n, then t −→0∗ n. Then t ⇓0 n.We have evalMetaML:SubNat(t) = n.We observe that evalMetaML:SubNat(t) is undefined if and only if evalMetaML:SubSOS(t) is undefined. Therefore,evalMetaML:SubNat(t) is Kleene equal to evalMetaML:SubSOS(t).122Appendix BProofs of Chapter 3B.1 Equivalence of ISWIM and Explicit ISWIMWe demonstrate the equivalence of the substitutional structural operational semantics of ISWIM and thestructural operational semantics of Explicit ISWIM. We use subscripts “sub” and “exp” to differentiate thesyntax of (Substitutional) ISWIM from the syntax of Explicit ISWIM.B.1.1 Bisimulation RelationWe first introduce a bisimulation relation that relates (Substitutional) ISWIM terms to Explicit ISWIMterms.Definition 205 (Bisimulation Relation). Define the bisimulation relation' to be a binary relation up to alphaequivalence between the set of terms in (Substitutional) ISWIM and the set of terms in Explicit ISWIM.'⊆ TERMsub×TERMexpx' x (var-sim)ta1 ' tb1 ta2 ' tb2ta1 ta2 ' tb1 tb2 (app-sim)ta ' tb(λx.ta)' (λx.tb) (lam-sim)n' n (num-sim)ta1 ' tb1 ta2 ' tb2ta1 + ta2 ' tb1 + tb2 (plus-sim)ta ' tb wa ' wbta[wa/x]' tb[x := wb] (subst-sim)Remark 206. We explain each rule of the relation as follows.(var-sim) A variable x from (Substitutional) ISWIM relates to the same variable x from Explicit ISWIM.(app-sim) An application ta1 ta2 from (Substitutional) ISWIM and an application tb1 tb2 from Explicit ISWIMare related, if their operators ta1 and tb1 are related, and their operands ta2 and tb2 are related.(lam-sim) A lambda abstraction λx.ta from (Substitutional) ISWIM and a lambda abstraction λx.tb fromExplicit ISWIM with the same bound variable are related, if their bodies ta and tb are related.(num-sim) A natural number n from (Substitutional) ISWIM relates to the same natural number n fromExplicit ISWIM.(plus-sim) An addition of terms ta1 +ta2 from (Substitutional) ISWIM and an addition of terms tb1 +tb2 fromExplicit ISWIM are related, if their first operands ta1 and tb1 are related, and their second operands ta2and tb2 are related.123B.1. Equivalence of ISWIM and Explicit ISWIM(subst-sim) A term surrounded by a substitution ta[wa/x] from (Substitutional) ISWIM and a term surroun-ded by an explicit substitution tb[x := wb] from Explicit ISWIM are related, if the terms ta and tb arerelated, and the denotable terms wa and wb are related.Remark 207. The bisimulation relation ∼ is up to alpha equivalence. We immediately have: (1) if ta1 ' tband ta1 ∼α ta2 then ta2 ' tb, and (2) if ta ' tb1 and tb1 ∼α tb2 then ta ' tb2 .B.1.2 Unload FunctionWe define U(t) to unload an Explicit ISWIM term t to (Substitutional) ISWIM.Definition 208 (Unload Function). Define the unloading function U to be a total function from the set ofterms in Explicit ISWIM to the set of terms in (Substitutional) ISWIM.U : TERMexp −→ TERMsubU(x) = xU(t1 t2) = U(t1)U(t2)U(λx.t) = λx.U(t)U(n) = nU(t1+ t2) = U(t1)+U(t2)U(t[x := w]) = U(t)[U(w)/x]Lemma 209 (Equality of Related Terms w.r.t. Unload Function). If ta ' tb, then ta =U(tb).Proof. We proceed by structural induction on ta ' tb.Case 1. (var-sim). Then, ta = tb = x. We immediately get x =U(x).Case 2. (app-sim). Then, ta = ta1 ta2 and tb = tb1 tb2 where ta1 ' tb1 and ta2 ' tb2 . By the inductionhypothesis, ta1 =U(tb1) and ta2 =U(tb2). Hence U(tb1 tb2) =U(tb1)U(tb2) = ta1 ta2 .Case 3. (lam-sim). Then, ta = λx.ta1 and tb = λx.tb1 where ta1 ' tb1 . By the induction hypothesis, ta1 =U(tb1). Hence U(λx.tb1) = λx.U(tb1) = λx.tb1 .Case 4. (num-sim). Then, ta = tb = n. We immediately get U(n) = n.Case 5. (plus-sim). Then, ta = ta1 + ta2 and tb = tb1 + tb2 where ta1 ' tb1 and ta2 ' tb2 . By the inductionhypothesis, ta1 =U(tb1) and ta2 =U(tb2). Hence U(tb1 + tb2) =U(tb1)+U(tb2) = ta1 + ta2 .Case 6. (subst-sim). Then, ta = ta1 [wa1/x] and tb = tb1 [x := wb1 ] where ta1 ' tb1 and wa1 ' wb1 . By the in-duction hypothesis, ta1 =U(tb1) and wa1 =U(wb1). Hence U(tb1 [x :=wb1 ]) =U(tb1)[U(wb1)/x] =ta1 [wa1/x]124B.1. Equivalence of ISWIM and Explicit ISWIMB.1.3 Substitution Normal FormIn Explicit ISWIM, the terms that cannot perform single-step substitution reduction are in substitution nor-mal form.Definition 210 (Substitution Normal Form). A term t ∈ TERMexp is in substitution normal form if and onlyif t 6−→x.Remark 211. We use s with or without any subscript or superscript as a metavariable to range over the setof terms of Explicit ISWIM in substitution normal form.Remark 212. An Explicit ISWIM term in substitution normal form is not necessarily in the normal formwith respect to the single-step relation −→. For example, (λx.t) v is in substitution normal form but is notin the normal form with respect to the single-step relation −→.Lemma 213. If ta ' tb1 [x := wb1 ], then tb1 −→x∗ sb1 , sb1 [x := wb1 ]−→x∗ sb2 , and ta ' sb2 .Proof. We proceed by structural induction on ta' tb1 [x :=wb1 ]. Only (subst-sim) applies. Let ta = ta1 [wa1/x]and we haveta1 ' tb1 wa1 ' wb1ta1 [wa1/x]' tb1 [x := wb1 ],We proceed by cases on ta1 ∈ TERMsub.Case 1. (ta1 = x) We havex' tb1 wa1 ' wb1x[wa1/x]' tb1 [x := wb1 ].Then, x[wa1/x] = wa1 . We proceed by cases on x' tb1 .Case i. (var-sim). Let tb1 = x. Then, x−→x∗ x, x[x := wb1 ]−→x wb1 , and wa1 ' wb1 .Case ii. (subst-sim). Let tb1 = tb11 [x1 := wb11 ]. Given x ' tb11 [x1 := wb11 ], by the inductionhypothesis, we have tb11 −→x∗ sb11 , sb11 [x1 :=wb11 ]−→x∗ sb12 , and x' sb12 . We proceedby cases on x ' sb12 . The only case is (var-sim), so let sb12 = x. Then, tb1 −→x∗ x,x[x := wb1 ]−→x wb1 , and wa1 ' wb1 .Case 2. (ta1 = x0 and x0 6≡ x). We havex0 ' tb1 wa1 ' wb1x0[wa1/x]' tb1 [x := wb1 ].Then, x0[wa1/x] = x0. We proceed by cases on x0 ' tb1 .Case i. (var-sim). Let tb1 = x0. Then, x0 −→x∗ x0, x0[x := wb1 ]−→x x0, and x0 ' x0.125B.1. Equivalence of ISWIM and Explicit ISWIMCase ii. (subst-sim). Let tb1 = tb11 [x1 := wb11 ]. Given x0 ' tb11 [x1 := wb11 ], by the induction hy-pothesis, we have tb11 −→x∗ sb11 , sb11 [x1 := wb11 ]−→x∗ sb12 , and x0 ' sb12 . We proceedby cases on x0 ' sb12 . The only case is (var-sim), so let sb12 = x0. Then, tb1 −→x∗ x0,x0[x := wb1 ]−→x∗ x0, and by (var-sim) x0 ' x0.Case 3. (ta1 = (ta11 ta12)). We have(ta11 ta12)' tb1 wa1 ' wb1(ta11 ta12)[wa1/x]' tb1 [x := wb1 ].Then, (ta11 ta12)[wa1/x] = (ta11 [wa1/x]) (ta12 [wa1/x]). We proceed by cases on (ta11 ta12)' tb1 .Case i. (app-sim). Let tb1 = (tb11 tb12) where ta11 ' tb11 and ta12 ' tb12 . We have (tb11 tb12)−→x∗(tb11 tb12) and (tb11 tb12)[x := wb1 ] −→x (tb11 [x := wb1 ]) (tb12 [x := wb1 ]). By (subst-sim)and (app-sim), we get (ta11 [wa1/x]) (ta12 [wa1/x])' (tb11 [x := wb1 ]) (tb12 [x := wb1 ]).Case ii. (subst-sim). Let tb1 = tb11 [x1 := wb11 ]. Given (ta11 ta12) ' tb11 [x1 := wb11 ], by the in-duction hypothesis, we have tb11 −→x∗ sb11 , sb11 [x1 := wb11 ]−→x∗ sb12 , and (ta11 ta12)'sb12 . We proceed by cases on (ta11 ta12) ' sb12 . The only case is (app-sim), so letsb12 = (tb121 tb122) where ta11 ' tb121 and ta12 ' tb122 . Then, tb1 −→x∗ (tb121 tb122) and(tb121 tb122)[x := wb1 ] −→x (tb121 [x := wb1 ]) (tb122 [x := wb1 ]). By (subst-sim) and (app-sim), we get (ta11 [wa1/x]) (ta12 [wa1/x])' (tb121 [x := wb1 ]) (tb122 [x := wb1 ]).Case 4. (ta1 = λx0.ta11). We have(λx0.ta11)' tb1 wa1 ' wb1(λx0.ta11)[wa1/x]' tb1 [x := wb1 ].Then, (λx0.ta11)[wa1/x] = λx1.ta11 [x1/x0][wa1/x] where x1 /∈ FV (λx0.ta11)∪FV (wa1)∪{x}. Weproceed by cases on (λx0.ta11)' tb1 .Case i. (lam-sim). Let tb1 = λx0.tb11 where ta11 ' tb11 . We have λx0.tb11 −→x∗ λx0.tb11 and(λx0.tb11)[x :=wb1 ]−→x λx2.tb11 [x0 := x2][x :=wb1 ]where x2 /∈FV (λx0.tb11)∪FV (wb1)∪{x}.Let x3 /∈ FV (λx0.ta11)∪FV (wa1)∪FV (λx0.tb11)∪FV (wb1)∪{x}, then by the defin-ition of α-equivalence, we get λx1.ta11 [x1/x0][wa1/x] ∼α λx3.ta11 [x3/x0][wa1/x] andλx2.tb11 [x0 := x2][x := wb1 ]∼α λx3.tb11 [x0 := x3][x := wb1 ].By (lam-sim) and (subst-sim), we get λx3.ta11 [x3/x0][wa1/x] ' λx3.tb11 [x0 := x3][x :=wb1 ]. Hence we have λx1.ta11 [x1/x0][wa1/x]' λx2.tb11 [x0 := x2][x := wb1 ].Case ii. (subst-sim). Let tb1 = tb11 [x1 := wb11 ]. Given λx0.ta11 ' tb11 [x1 := wb11 ], by the induc-tion hypothesis, we have tb11 −→x∗ sb11 , sb11 [x1 := wb11 ]−→x∗ sb12 , and λx0.ta11 ' sb12 .We proceed by cases on (λx0.ta11) ' sb12. The only case is (lam-sim), so let sb12 =126B.1. Equivalence of ISWIM and Explicit ISWIMλx0.tb121 where ta11 ' tb121 . We have tb1 −→x∗ λx0.tb121 and (λx0.tb121)[x := wb1 ] −→xλx2.tb121 [x0 := x2][x := wb1 ] where x2 /∈ FV (λx0.tb121)∪FV (wb1)∪{x}.Let x3 /∈ FV (λx0.ta11)∪FV (wa1)∪FV (λx0.tb121)∪FV (wb1)∪{x}, then by the defin-ition of α-equivalence, we get λx1.ta11 [x1/x0][wa1/x] ∼α λx3.ta11 [x3/x0][wa1/x] andλx2.tb121 [x0 := x2][x := wb1 ]∼α λx3.tb121 [x0 := x3][x := wb1 ].By (lam-sim) and (subst-sim), we get λx3.ta11 [x3/x0][wa1/x]' λx3.tb121 [x0 := x3][x :=wb1 ]. Hence we have λx1.ta11 [x1/x0][wa1/x]' λx2.tb121 [x0 := x2][x := wb1 ].Case 5. (ta1 = n). We haven' tb1 wa1 ' wb1n[wa1/x]' tb1 [x := wb1 ].Then, n[wa1/x] = n. We proceed by cases on n' tb1 .Case i. (num-sim). Let tb1 = n. We have n−→x∗ n, n[x := wb1]−→x n and n' n.Case ii. (subst-sim). Let tb1 = tb11 [x1 := wb11 ]. Given n' tb11 [x1 := wb11 ], by the induction hy-pothesis, we have tb11 −→x∗ sb11 , sb11 [x1 := wb11 ]−→x∗ sb12 , and n' sb12 . We proceedby cases on n' sb12 . The only case is (num-sim), so let sb12 = n. We have tb1 −→x∗ n,n[x := wb1 ]−→x∗ n and by (num-sim) n' n.Case 6. (ta1 = ta11 + ta12). We haveta11 + ta12 ' tb1 wa1 ' wb1(ta11 + ta12)[wa1/x]' tb1 [x := wb1 ].Then, (ta11 + ta12)[wa1/x] = ta11 [wa1/x]+ ta12 [wa1/x]. We proceed by cases on ta11 + ta12 ' tb1 .Case i. (plus-sim). Let tb1 = tb11 +tb12 where ta11 ' tb11 and ta12 ' tb12 . We have tb11 +tb12 −→x∗tb11 tb12 and (tb11 +tb12)[x :=wb1 ]−→x tb11 [x :=wb1 ]+tb12 [x :=wb1 ]. By (subst-sim) and(plus-sim), we get ta11 [wa1/x]+ ta12 [wa1/x]' tb11 [x := wb1 ]+ tb12 [x := wb1 ].Case ii. (subst-sim). Let tb1 = tb11 [x1 := wb11 ]. Given ta11 + ta12 ' tb11 [x1 := wb11 ], by the in-duction hypothesis, we have tb11 −→x∗ sb11 , sb11 [x1 := wb11 ]−→x∗ sb12 , and ta11 + ta12 'sb12 . We proceed by cases on ta11 + ta12 ' sb12 . The only case is (plus-sim), so letsb12 = tb121 + tb122 where ta11 ' tb121 and ta12 ' tb122 . Then, tb1 −→x∗ tb121 + tb122 and(tb121 + tb122)[x := wb1 ]−→x tb121 [x := wb1 ]+ tb122 [x := wb1 ]. By (subst-sim) and (plus-sim), we get ta11 [wa1/x]+ ta12 [wa1/x]' tb121 [x := wb1 ]+ tb122 [x := wb1 ].127B.1. Equivalence of ISWIM and Explicit ISWIMB.1.4 CanonisationGiven two related terms, if one term is a value, then the other term is a value or multi-steps to a value. Wehave the following two lemmas.Lemma 214 (Canonisation of (Substitutional) ISWIM). If ta1 ' vb1 , then ta1 ∈ VALUEsub.Proof. We proceed by structural induction on ta1 ' vb1 .Case 1. (var-sim). This case is vacuous.Case 2. (app-sim). This case is vacuous.Case 3. (lam-sim). Let ta1 = λx.ta11 and vb1 = λx.tb11 where ta11 ' tb11 . We have λx.ta11 ∈ VALUEsub.Case 4. (num-sim). Let ta1 = vb1 = n. We have n ∈ VALUEsub.Case 5. (plus-sim). This case is vacuous.Case 6. (subst-sim). This case is vacuous.Lemma 215 (Canonisation of Explicit ISWIM). If va1 ' tb1 , then tb1 −→∗ vb2 and va1 ' vb2 .Proof. We proceed by structural induction on va1 ' tb1 .Case 1. (var-sim). This case is vacuous.Case 2. (app-sim). This case is vacuous.Case 3. (lam-sim). Let va1 = λx.ta11 and tb1 = λx.tb11 where ta11 ' tb11 . We have λx.tb11 −→∗ λx.tb11 ,λx.tb11 ∈ VALUEexp and va1 ' λx.tb11 .Case 4. (num-sim). Let va1 = tb1 = n. We have n−→∗ n, n ∈ VALUEexp, and va1 ' n.Case 5. (plus-sim). This case is vacuous.Case 6. (subst-sim). Let va1 = ta11 [wa1/x] and tb1 = tb11 [x := wb1 ] where ta11 ' tb11 and wa1 ' wb1 . ByLemma 213, we get tb11 [x := wb1 ] −→∗ sb12 and ta11 [wa1/x] ' sb12 . We proceed by cases onta11 [wa1/x]' sb12 .Case i. (var-sim). This case is vacuous.Case ii. (app-sim). This case is vacuous.Case iii. (lam-sim). Let ta11 [wa1/x] = λx1.ta111 and sb12 = λx1.tb121 where ta111 ' tb121 . We havetb11 [x := wb1 ]−→∗ λx1.tb121 , λx1.tb121 ∈ VALUEexp and va1 ' λx1.tb121 .128B.1. Equivalence of ISWIM and Explicit ISWIMCase iv. (num-sim). Let ta11 [wa1/x] = sb12 = n. We have tb11 [x := wb1 ] −→∗ n, n ∈ VALUEexpand va1 ' n.Case v. (plus-sim). This case is vacuous.Case vi. (subst-sim). This case is vacuous.B.1.5 Explicit Substitution Descendant RelationWe define the explicit substitution descendant relation and show its well-foundedness. As a result, we cando induction on explicit substitution descendants.Definition 216 (Explicit Substitution Descendant Relation). For any t1, t2 ∈ TERMexp, t1 ≺x t2 if and only ift2 −→x t1. We call ≺x the explicit substitution descendant relation.Definition 217 (Weight Function). For any t ∈ TERMexp, its weight is W (t) where W is a function definedas follows.W : TERMexp −→ Z+W (x) = 1W (t1 t2) = W (t1)+W (t2)+1W (λx.t) = 1W (n) = 1W (t1+ t2) = W (t1)+W (t2)+1W (t[x := w]) = W (t) · (W (w)+1)Lemma 218 (Substitution reduction decreases weight.). For any t1, t2 ∈ TERMexp, if t1−→x t2, then W (t2)<W (t1).Proof. We proceed by structural induction on t1 −→x t2.Case 1. (var-eq-subst). Let t1 = x[x :=w] and t2 =w. Then, W (x[x :=w]) =W (x) ·(W (w)+1) =W (w)+1. We have W (w)<W (w)+1 =W (x[x := w]).Case 2. (var-dif-subst). Let t1 = x1[x2 := w] and t2 = x1 where x1 6≡ x2. Then, W (x1[x2 := w]) =W (x1) ·(W (w)+1) =W (w)+1. We have W (x1) = 1 <W (w)+1 =W (x1[x2 := w]).Case 3. (num-subst). Let t1 = n[x :=w] and t2 = n. Then, W (n[x :=w]) =W (n) ·(W (w)+1) =W (w)+1.We have W (n) = 1 <W (w)+1 =W (n[x := w]).Case 4. (app-subst). Let t1 = (t11 t12)[x := w] and t2 = (t11[x := w]) (t12[x := w]). Then, W (t11[x :=w] t12[x := w]) =W (t11[x := w])+W (t12[x := w])+1 =W (t11) · (W (w)+1)+W (t12) · (W (w)+1) + 1 = (W (t11) +W (t12)) · (W (w) + 1) + 1 and W ((t11 t12)[x := w]) = W (t11 t12) · (W (w) +129B.1. Equivalence of ISWIM and Explicit ISWIM1) = (W (t11) +W (t12) + 1) · (W (w) + 1) = (W (t11) +W (t12)) · (W (w) + 1) +W (w) + 1. Wehave W ((t11[x := w]) (t12[x := w])) = (W (t11)+W (t12)) · (W (w)+ 1)+ 1 < (W (t11)+W (t12)) ·(W (w)+1)+W (w)+1 =W ((t11 t12)[x := w]).Case 5. (plus-subst). Let t1 = (t11 + t12)[x := w] and t2 = t11[x := w] + t2[x := w]). Then, W (t11[x :=w]+t12[x :=w]) =W (t11[x :=w])+W (t12[x :=w])+1=W (t11) ·(W (w)+1)+W (t12) ·(W (w)+1)+1 = (W (t11)+W (t12)) · (W (w)+1)+1 and W ((t11+ t12)[x := w]) =W (t11+ t12) · (W (w)+1) = (W (t11)+W (t12)+1) · (W (w)+1) = (W (t11)+W (t12)) · (W (w)+1)+W (w)+1. We haveW (t11[x :=w]+ t12[x :=w]) = (W (t11)+W (t12)) ·(W (w)+1)+1 < (W (t11)+W (t12)) ·(W (w)+1)+W (w)+1 =W ((t11+ t12)[x := w]).Case 6. (lam-subst). Let t1 = (λx1.t)[x2 := w] and t2 = λx3.t[x1 := x3][x2 := w] where x3 /∈ FV (λx1.t)∪FV (w)∪{x2}. Then, W ((λx1.t11)[x2 := w]) =W (λx1.t11) · (W (w)+ 1) =W (w)+ 1. We haveW (λx3.t11[x1 := x3][x2 := w]) = 1 <W (w)+1 =W ((λx1.t11)[x2 := w]).Case 7. (subst-subst). Let t1 = t11[x1 := w1][x2 := w2] and t2 = t21[x2 := w2] where t11[x1 := w1]−→x t21.By the induction hypothesis, W (t21) < W (t11[x1 := w1]). Then, W (t21[x2 := w2]) = W (t21) ·(W (w2)+1) and W (t11[x1 :=w1][x2 :=w2])=W (t11[x1 :=w1])·(W (w2)+1). We have W (t21[x2 :=w2])=W (t21)·(W (w2)+1)=W (t21)·(W (w2)+1)<W (t11[x1 :=w1])·(W (w2)+1)=W (t11[x1 :=w1][x2 := w2]).Lemma 219 (Well-foundedness of Explicit Substitution Descendant Relation). The explicit substitutiondescendant relation ≺x is well-founded.Proof. Lemma 218 has proved that if t1 −→x t2, then W (t2) < W (t1), for any t1.t2 ∈ TERMexp. For anyt ∈ TERMexp, the length of the descending chain with respect to≺x starting from t is bound by W (t). Hence,the explicit substitution descendant relation ≺x is well-founded.B.1.6 BisimulationWe demonstrate (Substitutional) ISWIM bisimulates Explicit ISWIM. Intuitively, given two related terms,if one term single-steps, then the other term multi-steps, and the resulting two terms are related.Lemma 220 (Simulation: Explicit ISWIM simulates (Substitutional) ISWIM.). If ta1 ' tb1 and ta1 −→ ta2 ,then tb1 −→∗ tb2 and ta2 ' tb2 .Proof. We proceed by induction on the structure of ta1 ' tb1 and by induction on the explicit substitutiondescendants ≺x tb1 simultaneously.Case 1. (var-sim). This case is vacuous.Case 2. (app-sim). Let ta1 = ta11 ta12 and tb1 = tb11 tb12 where ta11 ' tb11 and ta12 ' tb12 . We proceed by caseson ta1 −→ ta2 .130B.1. Equivalence of ISWIM and Explicit ISWIMCase i. (appL). Let ta11 −→ ta21 and ta2 = ta21 ta12 . By the induction hypothesis, tb11 −→∗ tb21and ta21 ' tb21 . Then, tb11 tb12 −→∗ tb21 tb12 and by (app-sim) ta21 ta12 ' tb21 tb12 .Case ii. (appR). Let ta11 = va11 , ta12 −→ ta22 and ta2 = va11 ta22 . Given va11 ' tb11 , by Lemma 215,tb11 −→∗ vb11 and va11 ' vb11 . By the induction hypothesis, tb12 −→∗ tb22 and ta22 ' tb22 .Then, tb11 tb12 −→∗ vb11 tb12 −→∗ vb11 tb22 and by (app-sim) va11 ta22 ' vb11 tb22 .Case iii. (app). Let ta11 = λx.ta111 , ta12 = va12 , and ta2 = ta111 [va12/x]. Given λx.ta111 ' tb11 ,by Lemma 215, tb11 −→∗ vb11 and λx.ta111 ' vb11 . Given va12 ' tb12 , by Lemma 215,tb12 −→∗ vb12 and va12 ' vb12 . We proceed by cases on λx.ta111 ' vb11 . The only case is(lam-sim), so let vb11 = λx.tb111 and ta111 ' tb111 . Then, tb11 tb12 −→∗ (λx.tb111) tb12 −→∗(λx.tb111) vb12 −→ tb111 [x := vb12 ]. By (subst-sim), we get ta111 [va12/x]' tb111 [x := vb12 ].Case 3. (lam-sim). This case is vacuous.Case 4. (num-sim). This case is vacuous.Case 5. (plus-sim). Let ta1 = ta11 + ta12 and tb1 = tb11 + tb12 where ta11 ' tb11 and ta12 ' tb12 . We proceed bycases on ta1 −→ ta2 .Case i. (plusL). Let ta11 −→ ta21 and ta2 = ta21 + ta12 . By the induction hypothesis, tb11 −→∗ tb21and ta21 ' tb21 . Then, tb11 + tb12 −→∗ tb21 + tb12 and by (plus-sim) ta21 + ta12 ' tb21 + tb12 .Case ii. (plusR). Let ta11 = va11 , ta12 −→ ta22 and ta2 = va11 + ta22 . Given va11 ' tb11 , by Lemma215, tb11 −→∗ vb11 and va11 ' vb11 . By the induction hypothesis, tb12 −→∗ tb22 andta22 ' tb22 . Then, tb11 +tb12 −→∗ vb11 +tb12 −→∗ vb11 +tb22 and by (plus-sim) va11 +ta22 'vb11 + tb22 .Case iii. (plus). Let ta11 = n1, ta12 = n2, and ta2 = n where n = n1 + n2. Given n1 ' tb11 , byLemma 215, tb11 −→∗ vb11 and n1' vb11 . Given n2' tb12 , by Lemma 215, tb12 −→∗ vb12and n2 ' vb12 . We proceed by cases on n1 ' vb11 . The only case is (num-sim), so letvb11 = n1. We proceed by cases on n2 ' vb12 . The only case is (num-sim), so letvb12 = n2. Then, tb11 + tb12 −→∗ n1 + tb12 −→∗ n1 + n2 −→ n where n = n1 + n2. By(num-sim), we get n' n.Case 6. (subst-sim). Let ta1 = ta11 [wa11/x] and tb1 = tb11 [x :=wb11 ] where ta11 ' tb11 and wa11 'wb11 . Giventa1 ' tb11 [x := wb11 ], by Lemma 213, tb11 [x := wb11 ]−→x∗ sb21 and ta1 ' sb21 . Then, sb21 ≺x tb1 . Ifta1 −→ ta2 , by the induction hypothesis, sb21 −→∗ tb2 and ta2 ' tb2 . We have tb1 −→∗ sb21 −→∗ tb2 .Remark 221. In the last case of the proof, given ta1 ' tb1 , ta1 ' sb21 and sb21 ≺x tb1 , if ta1 −→ ta2 , by theinduction hypothesis, sb21 −→∗ tb2 and ta2 ' tb2 .Lemma 222 (Single-step explicit substitution reduction preserves simulation relation.). If ta1 ' tb1 andtb1 −→x tb2 , then ta1 ' tb2 .131B.1. Equivalence of ISWIM and Explicit ISWIMProof. We proceed by structural induction on ta1 ' tb1 . Since tb1 −→x tb2 , only (subst-sim) applies. Letta1 = ta11 [wa11/x1] and tb1 = tb11 [x1 := wb11 ] where ta11 ' tb11 and wa11 ' wb11 . We proceed by cases ontb1 −→x tb2 .Case 1. (var-eq-subst). Let tb11 = x1. We have x1[x1 := wb11 ]−→x wb11 . We proceed by cases on ta11 ' x1.The only case is (var-sim), thus we get ta11 = x1. Then, x1[wa11/x1] = wa11 and wa11 ' wb11 .Case 2. (var-dif-subst). Let tb11 = x2 and x2 6≡ x1. We have x2[x1 := wb11 ] −→x x2. We proceed by caseson ta11 ' x2. The only case is (var-sim), thus we get ta11 = x2. Then, x2[wa11/x1] = x2 and x2 ' x2.Case 3. (num-subst). Let tb11 = n. We have n[x1 := wb11 ] −→x n. We proceed by cases on ta11 ' n. Theonly case is (num-sim), thus we get ta11 = n. Then, n[wa11/x1] = n and n' n.Case 4. (app-subst). Let tb11 = tb111 tb112 . We have (tb111 tb112)[x1 :=wb11 ]−→x (tb111 [x1 :=wb11 ]) (tb112 [x1 :=wb11 ]). We proceed by cases on ta11 ' tb111 tb112 . The only case is (app-sim), thus we get ta11 =ta111 ta112 , ta111 ' tb111 and ta112 ' tb112 . Then, (ta111 ta112)[wa11/x1] = (ta111 [wa11/x1]) (ta112 [wa11/x1])and by (subst-sim) and (app-sim) (ta111 [wa11/x1]) (ta112 [wa11/x1]) ' (tb111 [x1 := wb11 ]) (tb112 [x1 :=wb11 ]).Case 5. (plus-subst). Let tb11 = tb111 + tb112 . We have (tb111 + tb112)[x1 := wb11 ] −→x tb111 [x1 := wb11 ] +tb112 [x1 := wb11 ]. We proceed by cases on ta11 ' tb111 + tb112 . The only case is (plus-sim), thus weget ta11 = ta111 + ta112 , ta111 ' tb111 and ta112 ' tb112 . Then, (ta111 + ta112)[wa11/x1] = ta111 [wa11/x1]+ta112 [wa11/x1] and by (subst-sim) and (plus-sim) ta111 [wa11/x1]+ ta112 [wa11/x1]' tb111 [x1 := wb11 ]+tb112 [x1 := wb11 ].Case 6. (lam-subst). Let tb11 = λx2.tb111 . We have (λx2.tb111)[x1 := wb11 ] −→x λx3.tb111 [x2 := x3][x1 :=wb11 ] where x3 6∈ FV (λx2.tb111)∪FV (wb11)∪{x1}. We proceed by cases on ta11 ' λx2.tb111 . Theonly case is (lam-sim), thus we get ta11 = λx2.ta111 where ta111 ' tb111 . Then, (λx2.ta111)[wa11/x1] =λx4.ta111 [x4/x2][wa11/x1] where x4 /∈ FV (λx2.ta111)∪FV (wa11)∪{x1}.Let x5 /∈ FV (λx2.tb111)∪FV (wb11)∪FV (λx2.ta111)∪FV (wa11)∪ {x1}, we have λx3.tb111 [x2 :=x3][x1 :=wb11 ]∼α λx5.tb111 [x2 := x5][x1 :=wb11 ] and λx4.ta111 [x4/x2][wa11/x1]∼α λx5.ta111 [x5/x2][wa11/x1].By (subst-sim) and (lam-sim), we get λx5.ta111 [x5/x2][wa11/x1] ' λx5.tb111 [x2 := x5][x1 := wb11 ].Hence λx4.ta111 [x4/x2][wa11/x1]' λx3.tb111 [x2 := x3][x1 := wb11 ].Case 7. (subst-subst). Let tb11 = tb111 [x2 := wb12 ]. We have (tb111 [x2 := wb12 ])[x1 := wb11 ] −→x tb121 [x1 :=wb11 ] where tb111 [x2 := wb12 ]−→x tb121 . By the induction hypothesis, ta11 ' tb121 . Then, by (subst-sim) ta11 [wa11/x1]' tb121 [x1 := wb11 ].Lemma 223 (Simulation: (Substitutional) ISWIM simulates Explicit ISWIM.). If ta1 ' tb1 and tb1 −→ tb2 ,then ta1 −→∗ ta2 and ta2 ' tb2 .Proof. We proceed by induction on the structure of ta1 ' tb1 .132B.1. Equivalence of ISWIM and Explicit ISWIMCase 1. (var-sim). This case is vacuous.Case 2. (app-sim). Let ta1 = ta11 ta12 and tb1 = tb11 tb12 where ta11 ' tb11 and ta12 ' tb12 . We proceed by caseson tb1 −→ tb2 .Case i. (appL). Let tb11 −→ tb21 and tb2 = tb21 tb12 . By the induction hypothesis, ta11 −→∗ ta21and ta21 ' tb21 . Then, ta11 ta12 −→∗ ta21 ta12 and by (app-sim) ta21 ta12 ' tb21 tb12 .Case ii. (appR). Let tb11 = vb11 , tb12 −→ tb22 and tb2 = vb11 tb22 . Given ta11 ' vb11 , by Lemma 214,ta11 −→∗ va11 and va11 ' vb11 . By the induction hypothesis, ta12 −→∗ ta22 and ta22 ' tb22 .Then, ta11 ta12 −→∗ va11 ta12 −→∗ va11 ta22 and by (app-sim) va11 ta22 ' vb11 tb22 .Case iii. (app). Let tb11 = λx.tb111 , tb12 = vb12 , and tb2 = tb111 [x := vb12 ]. Given ta11 ' λx.tb111 ,by Lemma 214, ta11 −→∗ va11 and va11 ' λx.tb111 . Given ta12 ' vb12 , by Lemma 214,ta12 −→∗ va12 and va12 ' vb12 . We proceed by cases on va11 ' λx.tb111 . The only case is(lam-sim), so let va11 = λx.ta111 and ta111 ' tb111 . Then, ta11 ta12 −→∗ (λx.ta111) ta12 −→∗(λx.ta111) va12 −→ ta111 [va12/x]. By (subst-sim), we get ta111 [va12/x]' tb111 [x := vb12 ].Case 3. (lam-sim). This case is vacuous.Case 4. (num-sim). This case is vacuous.Case 5. (plus-sim). Let ta1 = ta11 + ta12 and tb1 = tb11 + tb12 where ta11 ' tb11 and ta12 ' tb12 . We proceed bycases on tb1 −→ tb2 .Case i. (plusL). Let tb11 −→ tb21 and tb2 = tb21 + tb12 . By the induction hypothesis, ta11 −→∗ ta21and ta21 ' tb21 . Then, ta11 + ta12 −→∗ ta21 + ta12 and by (plus-sim) ta21 + ta12 ' tb21 + tb12 .Case ii. (plusR). Let tb11 = vb11 , tb12 −→ tb22 and tb2 = vb11 + tb22 . Given ta11 ' vb11 , by Lemma214, ta11 −→∗ va11 and va11 ' vb11 . By the induction hypothesis, ta12 −→∗ ta22 andta22 ' tb22 . Then, ta11 +ta12 −→∗ va11 +ta12 −→∗ va11 +ta22 and by (plus-sim) va11 +ta22 'vb11 + tb22 .Case iii. (plus). Let tb11 = n1, tb12 = n2, and tb2 = n where n = n1 + n2. Given ta11 ' n1, byLemma 214, ta11 −→∗ va11 and va11 ' n1. Given ta12 ' n2, by Lemma 214, ta12 −→∗ va12and va12 ' n2. We proceed by cases on va11 ' n1. The only case is (num-sim), so letva11 = n1. We proceed by cases on va12 ' n2. The only case is (num-sim), so letva12 = n2. Then, ta11 + ta12 −→∗ n1 + ta12 −→∗ n1 + n2 −→ n where n = n1 + n2. By(num-sim), we get n' n.Case 6. (subst-sim). Let ta1 = ta11 [wa11/x] and tb1 = tb11 [x :=wb11 ] where ta11 ' tb11 and wa11 'wb11 . Giventa1 ' tb11 [x := wb11 ], by Lemma 213, tb11 [x := wb11 ]−→x∗ sb21 and ta1 ' sb21 . Since tb11 [x := wb11 ]is not in the substitution normal form but sb21 is in substitution normal form, we have tb11 [x :=wb11 ]−→x tb21 −→x∗ sb21 . By Lemma 222, ta1 ' tb21 . We also have ta1 −→∗ ta1 .133B.1. Equivalence of ISWIM and Explicit ISWIMB.1.7 Soundness and CompletenessWe demonstrate the soundness and completeness of Explicit ISWIM with respect to (Substitutional) ISWIM.Theorem 224 (Soundness of Explicit ISWIM w.r.t. (Substitutional) ISWIM). If ta1 ' tb1 and ta1 −→∗ va2 in(Substitutional) ISWIM, then tb1 −→∗ vb2 in Explicit ISWIM and va2 ' vb2 .Proof. We proceed by induction on the length of ta1 −→∗ va2 .Case 1. (0). Let ta1 = va2 . By Lemma 215, tb1 −→∗ vb2 and va2 ' vb2 .Case 2. (n+1). Let ta1 −→ ta2 −→(n) va2 . Given ta1 ' tb1 and ta1 −→ ta2 , by Lemma 220, tb1 −→∗ tb2 andta2 ' tb2 . Given ta2 ' tb2 and ta2 −→(n) va2 , by the induction hypothesis, tb2 −→∗ vb2 and va2 ' vb2 .We have tb1 −→∗ tb2 −→∗ vb2 and va2 ' vb2 .Remark 225. The parenthesised superscripted number n in −→(n) denotes the number of single step is n.Theorem 226 (Completeness of Explicit ISWIM w.r.t. (Substitutional) ISWIM). If ta1 ' tb1 and tb1 −→∗ vb2in Explicit ISWIM, then ta1 −→∗ va2 in (Substitutional) ISWIM and va2 ' vb2 .Proof. We proceed by induction on the length of tb1 −→∗ vb2 .Case 1. (0). Let tb1 = vb2 . By Lemma 214, ta1 ∈ VALUEsub. Let va2 = ta1 . We have ta1 −→∗ va2 andva2 ' vb2 .Case 2. (n+1). Let tb1 −→ tb2 −→(n) vb2 . Given ta1 ' tb1 and tb1 −→ tb2 , by Lemma 223, ta1 −→∗ ta2 andta2 ' tb2 . Given ta2 ' tb2 and tb2 −→(n) vb2 , by the induction hypothesis, ta2 −→∗ va2 and va2 ' vb2 .We have ta1 −→∗ va2 and va2 ' vb2 .B.1.7.1 An alternative proof.We demonstrate a different proof of Theorem 226 which does not use Lemma 223. We start with twolemmas. Their proofs are omitted.Lemma 227. If ta1 ' tb1 , tb1 −→ tb2 and ta1 6' tb2 , then ta1 −→ ta2 .Remark 228. Lemma 227 does not imply whether or not ta2 ' tb2 .Lemma 229. If ta1 ' tb1 and ta1 −→ ta2 , then tb1 −→+ tb2 and ta2 ' tb2 .Remark 230. Lemma 229 is stronger than Lemma 220. In other words, Lemma 229 implies Lemma 220.We restate and prove Theorem 226 as follows.134B.1. Equivalence of ISWIM and Explicit ISWIMTheorem 231 (Completeness of Explicit ISWIM w.r.t. (Substitutional) ISWIM). If ta1 ' tb1 and tb1 −→∗ vb2in Explicit ISWIM, then ta1 −→∗ va2 in (Substitutional) ISWIM and va2 ' vb2 .Proof. We proceed by induction on the length of tb1 −→∗ vb2 .Case 1. (0). Let tb1 = vb2 . By Lemma 214, ta1 ∈ VALUEsub. Let va2 = ta1 . We have ta1 −→∗ va2 andva2 ' vb2 .Case 2. (n+1). Let tb1 −→ tb2 −→(n) vb2 . We proceed by cases on ta1 ' tb1 , in particular on whether it is(subst-sim) or not.Case i. (subst-sim). Let ta1 = ta11 [wa1/x] and tb1 = tb11 [x := wb1 ] where ta11 ' tb11 and wa1 'wb1 . By Lemma 213, tb1 −→x∗ sb2 . Observe that tb1 is not in substitution normalform but sb2 is in substitution normal form. By the determinism of the small-stepsemantics, tb1 −→x tb2 −→x(p) sb2 −→(q) vb2 and p+q= n where p,q≥ 0. By Lemma222, ta1 ' tb2 . By the induction hypothesis, ta1 −→∗ va2 and va2 ' vb2 .Case ii. (other cases). We proceed by cases on whether ta1 ' tb2 .Case a. (ta1 ' tb2). Then, by the induction hypothesis, ta1 −→∗ va2 and va2 ' vb2 .Case b. (ta1 6' tb2). By Lemma 227, ta1 −→ ta2 . By Lemma 229, tb1 −→+ tb3 andta2 ' tb3 . By the determinism of the small-step semantics, tb1 −→ tb2 −→(p)tb3 −→(q) vb2 and p+ q = n where p,q ≥ 0. By the induction hypothesis,ta2 −→∗ va2 and va2 ' vb2 .B.1.8 Kleene Equality of EvaluatorsWe prove the Kleene equality of evaluators evalISWIM:SubSOS(t) and evalISWIM:ExpSOS(t).Theorem 232 (Kleene Equality of Evaluators). For any t ∈ PRGMISWIM, evalISWIM:SubSOS(t) is Kleene equalto evalISWIM:ExpSOS(t).Proof. We first show if evalISWIM:SubSOS(t) = a where a ∈ ANSISWIM, then evalISWIM:ExpSOS(t) = a.Case 1. If evalISWIM:SubSOS(t) = function, then t −→∗ λx.t ′. By Theorem 224, t −→∗ v′ and λx.t ′ ∼ v′.Proceed by induction on λx.t ′ ∼ v′. The only case is (lam-sim). Then v′ = λx.t ′′ and t ′ ∼ t ′′. Wehave evalISWIM:ExpSOS(t) = function.Case 2. If evalISWIM:SubSOS(t) = n, then t −→∗ n. By Theorem 224, t −→∗ v′ and n ∼ v′. Proceed byinduction on n∼ v′. The only case is (num-sim). Then v′ = n. We have evalISWIM:ExpSOS(t) = n.We then show if evalISWIM:ExpSOS(t) = a where a ∈ ANSISWIM, then evalISWIM:SubSOS(t) = a.135B.2. Equivalence of ISWIM and Suspended ISWIMCase 1. If evalISWIM:ExpSOS(t) = function, then t −→∗ λx.t ′. By Theorem 226, t −→∗ v′ and v′ ∼ λx.t ′.Proceed by induction on v′ ∼ λx.t ′. The only case is (lam-sim). Then v′ = λx.t ′′ and t ′′ ∼ t ′. Wehave evalISWIM:SubSOS(t) = function.Case 2. If evalISWIM:ExpSOS(t) = n, then t −→∗ n. By Theorem 226, t −→∗ v′ and v′ ∼ n. Proceed byinduction on v′ ∼ n. The only case is (num-sim). Then v′ = n. We have evalISWIM:SubSOS(t) = n.We observe that evalISWIM:SubSOS(t) is undefined if and only if evalISWIM:ExpSOS(t) is undefined. Therefore,evalISWIM:SubSOS(t) is Kleene equal to evalISWIM:ExpSOS(t).B.2 Equivalence of ISWIM and Suspended ISWIMWe demonstrate the equivalence of the substitutional stru
- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Refining semantics for multi-stage programming
Open Collections
UBC Theses and Dissertations
Featured Collection
UBC Theses and Dissertations
Refining semantics for multi-stage programming Ge, Rui 2016
pdf
Page Metadata
Item Metadata
Title | Refining semantics for multi-stage programming |
Creator |
Ge, Rui |
Publisher | University of British Columbia |
Date Issued | 2016 |
Description | Multi-stage programming is a programming paradigm that supports runtime code generation and execution. Though researchers have extended several mainstream programming languages to support it, multi-stage programming has not been widely recognised or used. The popularisation of multi-stage programming has been impeded by the lack of development aids such as code refactoring and optimisation, for which the culprit is the lack of static analysis support. Van Horn and Might proposed a general-purpose approach to systematically developing static analyses for a programming language by applying transformations to its formal semantics, an approach we believe is applicable to multi-stage programming. The approach requires that the initial semantics be specified as an environmental abstract machine that records the change of control strings, environments and continuations as a program evaluates. Developing an environmental abstract machine for a multi-stage language is not straightforward and has not been done so far in the literature. In the thesis, we study multi-stage programming through a functional language, MetaML. The main research problem of the thesis is: Can we refine the pre-existing substitutional natural semantics of MetaML to a corresponding environmental abstract machine and demonstrate their equivalence? We first develop a substitutional structural operational semantics for MetaML. Then we simplify the research problem along two dimensions—each dimension leads to a less complicated semantics refinement problem. The first dimension is to refine semantics for a single-stage language rather than a multi-stage language: we stepwise develop an environmental abstract machine, the CEK machine, for a single-stage language, ISWIM, based on its substitutional structural operational semantics. The second dimension is to derive a substitutional abstract machine rather than an environmental abstract machine: we stepwise develop a substitutional abstract machine, the MK machine, for the multi-stage language MetaML, based on its substitutional structural operational semantics. Finally, utilising the experience of refining semantics along two dimensions, we stepwise develop an environmental abstract machine, the MEK machine, for MetaML, based on its substitutional structural operational semantics. Furthermore, we introduce three proof techniques which are used throughout the thesis to prove the equivalence of semantics. |
Genre |
Thesis/Dissertation |
Type |
Text |
Language | eng |
Date Available | 2016-10-25 |
Provider | Vancouver : University of British Columbia Library |
Rights | Attribution-NonCommercial-NoDerivatives 4.0 International |
DOI | 10.14288/1.0319338 |
URI | http://hdl.handle.net/2429/59552 |
Degree |
Master of Science - MSc |
Program |
Computer Science |
Affiliation |
Science, Faculty of Computer Science, Department of |
Degree Grantor | University of British Columbia |
GraduationDate | 2016-11 |
Campus |
UBCV |
Scholarly Level | Graduate |
Rights URI | http://creativecommons.org/licenses/by-nc-nd/4.0/ |
AggregatedSourceRepository | DSpace |
Download
- Media
- 24-ubc_2016_november_ge_rui.pdf [ 1.52MB ]
- Metadata
- JSON: 24-1.0319338.json
- JSON-LD: 24-1.0319338-ld.json
- RDF/XML (Pretty): 24-1.0319338-rdf.xml
- RDF/JSON: 24-1.0319338-rdf.json
- Turtle: 24-1.0319338-turtle.txt
- N-Triples: 24-1.0319338-rdf-ntriples.txt
- Original Record: 24-1.0319338-source.json
- Full Text
- 24-1.0319338-fulltext.txt
- Citation
- 24-1.0319338.ris