View metadata, citation and similar papers at core.ac.uk brought to you by CORE

provided by Archive Ouverte en Sciences de l'Information et de la Communication

Realizability in the Unitary Sphere Alejandro Díaz-Caro, Mauricio Guillermo, Alexandre Miquel, Benoît Valiron

To cite this version:

Alejandro Díaz-Caro, Mauricio Guillermo, Alexandre Miquel, Benoît Valiron. Realizability in the Unitary Sphere. 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS 2019), Jun 2019, Vancouver, Canada. ￿hal-02175168￿

HAL Id: hal-02175168 https://hal.archives-ouvertes.fr/hal-02175168 Submitted on 5 Jul 2019

HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Realizability in the Unitary Sphere

Alejandro D´ıaz-Caro∗†, Mauricio Guillermo‡, Alexandre Miquel‡, and Benoˆıt Valiron§ ∗Universidad Nacional de Quilmes, Bernal, Buenos Aires, Argentina †Instituto de Ciencias de la Computacion´ (UBA-CONICET), Buenos Aires, Argentina Email: [email protected] ‡Facultad de Ingenier´ıa, Universidad de la Republica,´ Montevideo, Uruguay Email: {mguille,amiquel}@fing.edu.uy §LRI, CentraleSupelec,´ Universite´ Paris-Saclay, Orsay, France Email: [email protected]

Abstract—In this paper we present a semantics for a linear operations, akin to Boolean gates, are referred to as quantum algebraic lambda-calculus based on realizability. This semantics gates, and they can be combined into linear sequences called characterizes a notion of unitarity in the system, answering a long quantum circuits. Quantum algorithms make use of a quantum standing issue. We derive from the semantics a set of typing rules for a simply-typed linear algebraic lambda-calculus, and show memory to solve a particular classical problem. Such an how it extends both to classical and quantum lambda-calculi. algorithm therefore consists in particular in the description of a quantum circuit. I.INTRODUCTION Several existing languages for describing quantum algo- The linear-algebraic lambda calculus (Lineal) [1]–[3] is an rithms such as Quipper [5] and QWIRE [6] are purely func- extension of the lambda calculus where lambda terms are tional and based on the lambda calculus. However, they only closed under linear combinations over a semiring K. For provide classical control: the quantum memory and the al- instance, if t and r are two lambda terms, then so is α.t + β.r lowed operations are provided as black boxes. These languages with α, β ∈ K. The original motivation of [1] for such a are mainly circuit description languages using opaque high- calculus was to set the basis for a future quantum calculus, level operations on circuits. They do not feature quantum where α.t + β.r could be seen as the generalization of the control, in the sense that the operations on quantum data are notion of quantum superposition to the realm of programs (in not programmable. A lambda calculus with linear combinations of terms made which case K is the field C of complex numbers). In quantum computation, data is encoded in the state of a “quantum” would allow to program those “black boxes” set of particles governed by the laws of quantum mechanics. explicitly, and provide an operational meaning to quantum The mathematical formalization postulates that quantum data control. However, when trying to identify quantum data with is modeled as a unit vector in a Hilbert space. The quantum linear combinations of lambda terms, the problem arises analogue to a Boolean value is the quantum bit, that is a linear from the norm condition on quantum superpositions. To be combination of the form φ = α|0i + β|1i, where |0i and |1i quantum-compatible, one cannot have any linear combination respectively correspond to “true” and “false”, and where |α|2+ of programs. Indeed, programs should at the very least yield |β|2 = 1. In other words, the state φ is a linear combination valid quantum superpositions, that is: linear combinations whose l -norm equals 1—a property which turns out to be of the Boolean values “true” and “false”, of l2-norm equal to 2 2 very difficult to preserve along the reduction of programs. 1: it is a unit-vector in the Hilbert space C . A quantum memory consists in a list of registers holding So far, the several attempts at accommodating linear al- quantum bits. The canonical model for interacting with a gebraic lambda calculi with the l2-norm have failed. At one quantum memory is the QRAM model [4]. A fixed set of end of the spectrum, [7] stores lambda terms directly in the elementary operations are allowed on each quantum register. quantum memory, and encodes the reduction process as a Mathematically, these operations are modeled with unitary purely quantum process. Van Tonder shows that this forces maps on the corresponding Hilbert spaces, that is: linear all lambda terms in superposition to be mostly equivalent. At the other end of the spectrum, the linear algebraic approaches maps preserving the l2-norm and the orthogonality. These pioneered by Arrighi and Dowek consider a constraint-free A. D´ıaz-Caro and B. Valiron have been partially supported by PICT calculus and try to recover quantum-like behavior by adding 2015-1208, ECOS-Sud A17C03, and the French-Argentinian International ad-hoc term reductions [1] or type systems [8]–[10]. But if Laboratory SINFIN. B. Valiron has been partially supported by the French National Research Agency (ANR) under the research project SoftQPRO ANR- these approaches yield very expressive models of computa- 17-CE25-0009-02, and by the DGE of the French Ministry of Industry under tions, none of them is managing to precisely characterize linear the research project PIA-GDN/QuantEx P163746-484124. M. Guillermo and combinations of terms of unit l2-norm, or equivalently, the A. Miquel have been partially supported by the Uruguayan National Research & Innovation Agency (ANII) under the research project “Realizability, Forcing unitarity of the representable maps. and Quantum Computing”, FCE 1 2014 1 104800. This paper answers this question by presenting an algebraic lambda calculus together with a type system that enforces represent probabilistic distributions of terms. Also, a simpli- unitarity. For that, we use semantic techniques coming from fication of Lineal, without scalars, can serve as a model for realizability [11] to decide on the unitarity of terms. non-deterministic computations [13]. And, in general, if we Since its creation by Kleene as a semantics for Heyting consider the standard values of the lambda calculus as the arithmetic, realizability has evolved to become a versatile basis, then linear combinations of those form a vector space, toolbox, that can be used both in logic and in functional which can be characterized using types [9]. In [14] a similar programming. Roughly speaking, realizability can be seen as distinction between classical bits (B) and qbits (]B) has been a generalization of the notion of typing where the relation also studied. However, without unitarity, it is impossible to between a term and its type is not defined from a given set of obtain a calculus that could be compiled onto a quantum inference rules, but from the very operational semantics of the machine. Finally, a concrete categorical semantics for such calculus, via a computational interpretation of types seen as a calculus has been recently given in [15]. specifications. Types are first defined as sets of terms verifying An alternative approach for capturing unitarity (of data certain properties, and then, valid typing rules are derived from superpositions and functions) consists to change the language. these properties rather than set up as axioms. Instead of starting with a lambda calculus, [16] defines and The main feature of our realizability model is that types extends a reversible language to express quantum computation. are not interpreted as arbitrary sets of terms or values, but as Lambda calculi with vectorial structures are not specific to subsets of the unit sphere of a particular weak vector space [3], quantum computation. Vaux [17] independently developed the whose vectors are distributions (i.e. weak linear combinations) algebraic lambda calculus (where linear combinations of terms of “pure” values. So that by construction, all functions that are are also terms), initially to study a fragment of the differential correct w.r.t. this semantics preserve the `2-norm. As we shall lambda calculus of [18]. Unlike its quantum-inspired cousin see, this interpretation of types is not only compatible with the Lineal, the algebraic lambda calculus is morally call-by-name, constructions of the simply typed lambda calculus (with sums and [19] shows the formal connection with Lineal. and pairs), but it also allows us to distinguish pure data types Designing an (unconstrainted) algebraic lambda calculus (in (such as the type B of pure Booleans) from quantum data types call-by-name [17] or in call-by-value [1]) raises the problem (such as the type ]B of quantum Booleans). Thanks to these of how to enforce the confluence of reduction. Indeed, if the constraints, the type system we obtain naturally enforces that semi-ring K is a ring, since 0 · t = ~0, it is possible to design a the realizers of the type ]B → ]B are precisely the functions term Yt reducing both to t and the empty linear combination 2 ~ representing unitary operators of C . 0. A simple solution to recover consistency is to weaken the This realizability model is therefore answering a hard prob- vectorial structure and remove the equality 0 · t = ~0 [3]. lem [12]: it provides a unifying framework able to express not The vector space of terms becomes a weak vector space. This only classical control, with the presence of “pure” values, but approach is the one we shall follow in our construction. also quantum control, with the possibility to interpret quantum This paper is concerned with modeling quantum higher- data-types as (weak) linear combinations of classical ones. order programming languages. If the use of realizability techniques is novel, several other techniques have been used, A. Contributions based on positive matrices and categorical tools. For first-order quantum languages, [20] constructs a fully complete semantics (1) We propose a realizability semantics based on a linear based on superoperators. To model a strictly linear quantum algebraic lambda calculus capturing a notion of unitarity lambda-calculus, [21] shows that the compact closed category through the use of a l -norm. As far as we know, such a 2 CPM based on completely positive maps forms a fully abstract construction is novel. model. Another approach has been taken in [22], with the (2) The semantics provides a unified model for both classical use of a presheaf model on top of the category of super- and quantum control. Strictly containing the simply-typed operators. To accomodate duplicable data, [23] extends CPM lambda calculus, it does not only serve as a model for a using techniques developed for quantitative models of linear quantum circuit-description language, but it also provides a logic. Finally, a categorical semantics of circuit-description natural interpretation of quantum control. languages has been recently designed using linear-non-linear (3) In order to exemplify the expressiveness of the model, models by [24], [25]. we show how a circuit-description language in the style of QWIRE [6] can be naturally interpreted in the model. C. Outline Furthermore, we discuss how one can give within the model an Section II presents the linear algebraic calculus and its weak operational semantics to a high-level operation on circuits usu- vector space structure. Section III discusses the evaluation ally provided as a black box in circuit-description languages: of term distributions. Section IV introduces the realizability the control of a circuit. semantics and the algebra of types spawning from it. At the end of this section, Theorem IV.12 and Corollary IV.13 express B. Related Works that the type of maps from quantum bits to quantum bits only Despite its original motivations, [10] showed that Lineal contains unitary functions. Section V introduces a notion of can handle the l1-norm. This can be used for example to typing judgment and derives a set of valid typing rules from the semantics. Section V-B discusses the inclusion of the simply- Lemma II.1. For all α ∈ C, we have α · ~0 ≡ ~0. typed lambda calculus in this unitary semantics. Finally, Sec- Proof. From 0·~0 ≡ 0·~0+~0 ≡ 0·~0+1·~0 ≡ (0+1)·~0 = 1·~0 ≡ ~0, tion VI describes a small quantum circuit-description language we get α · ~0 ≡ α · (0 · ~0) ≡ (0α) · ~0 = 0 · ~0 ≡ ~0. and shows how it lives inside the unitary semantics. On the other hand, the relation 0 · ~t ≡ ~0 cannot be derived II.SYNTAX OF THE CALCULUS from the rules of Table II as we shall see below (Proposi- This section presents the calculus upon which our realizabil- tion II.6 and Example II.7). As a matter of fact, the congruence ity model will be designed. It is a lambda-calculus extended ≡ implements the equational theory of a restricted form of with linear combinations of lambda-terms, but with a subtelty: linear combinations—which we shall call distributions—that terms form a weak vector space. is intimately related to the notion of weak vector space [3]. A. Values, terms and distributions Definition II.2 (Weak vector space). A weak vector space ~ The language is made up of four syntactic categories: pure (over a given field K) is a commutative monoid (V, +, 0) values, pure terms, value distributions and term distributions equipped with a scalar multiplication (·): K × V → V (Table I). As usual, the expressions of the language are built such that for all u, v ∈ V , α, β ∈ K, we have 1 · u = u, from a fixed denumerable set of variables, written X . α · (β · u) = αβ · u, (α + β) · u = α · u + β · u, and In this language, a pure value is either a variable x, a λ- α · (u + v) = α · u + α · v. abstraction λx .~s (whose body is an arbitrary term distribu- Remark II.3. The notion of weak vector space differs from tion ~s), the void object ∗, a pair of pure values (v1, v2), or one the traditional notion of vector space in that the underlying the two variants inl(v) and inr(v) (where v is pure value). additive structure (V, +,~0) may be an arbitrary commutative A pure term is either a pure value v or a destructor, that is: an monoid, whose elements do not necessarily have an an addi- application s t, a sequence t;~s for destructing the void object tive inverse. So that in a weak vector space, the vector (−1)·u 1 in t , a let-construct let (x1, x2) = t in ~s for destructing is in general not the additive inverse of u, and the product 0·u a pair in t, or a match-construct match t {inl(x1) 7→ does not simplify to ~0. ~s1 | inr(x2) 7→ ~s2} (where ~s, ~s1 and ~s2 are arbitrary term Weak vector spaces naturally arise in functional analysis as distributions). A term distribution is simply a formal C-linear combination of pure terms, whereas a value distribution is the spaces of unbounded operators. Historically, the notion of a term distribution that is formed only from pure values. unbounded operator was introduced by von Neumann to give a We also define Booleans using the following abbreviations: rigorous mathematical definition to the operators that are used in quantum mechanics. Given two (usual) vector spaces E tt := inl(∗), ff := inr(∗), and, finally, if t {~s1 | ~s2} := and F (over the same field K), recall that an unbounded match t {inl(x1) 7→ x1;~s1 | inr(x2) 7→ x2;~s2}. The notions of free and bound (occurrences of) variables are operator from E to F is a linear map f : D(f) → F that is defined as expected, and in what follows, we shall consider defined on a sub-vector space D(f) ⊆ E , called the domain pure values, pure terms, value distributions and term distribu- of f. The sum of two unbounded operators f, g : E * F tions up to α-conversion, silently renaming bound variables is defined by: D(f + g) := D(f) ∩ D(g), (f + g)(x) := whenever needed. The set of all pure terms (resp. of all pure f(x) + g(x) (for all x ∈ D(f + g)), whereas the product of values) is written Λ(X ) (resp. V(X )), whereas the set of all an unbounded operator f : E * F by a scalar α ∈ K is term distributions (resp. of all value distributions) is written defined by: D(α · f) := D(f), (α · f)(x) := α · f(x) (for all Λ(~ X ) (resp. V(~ X )). So that we have the inclusions: x ∈ D(α · f)). Example II.4. The space Ł( , ) of all unbounded operators Λ(X ) ⊂ Λ(~ X ) E F from to is a weak vector space, whose null vector is the ∪ ∪ E F (totally defined) null function. V(X ) ⊂ V(~ X ) Indeed, we observe that an unbounded operator f ∈ B. Distributions as weak linear combinations Ł(E , F ) has an additive inverse if and only f is total, that Formally, the set Λ(~ X ) of term distributions is equipped is: if and only if D(f) = E —and in this case, the additive with a congruence ≡ that is generated from the 7 rules of inverse of f is the operator (−1) · f. In particular, it should be clear to the reader that 0 · f (= ~0 ) 6= ~0 as soon as Table II. We assume that the congruence ≡ is shallow, in D(f) the sense that it only goes through sums (+) and scalar D(f) 6= E . multiplications (·), and stops at the level of pure terms. So that We can now observe that, by construction: ~t+(~s +~s ) ≡ ~t+(~s +~s ) but λx .~s +~s 6≡ λx .~s +~s . 1 2 2 1 1 2 2 1 ~ (This important design choice will be justified in Section V-A, Proposition II.5. The space Λ(X )/≡ of all term distributions Remark V.5). We easily check that: (modulo the congruence ≡) is the free weak C-vector space generated by the set Λ(X ) of all pure terms2. 1Note the asymmetry: t is a pure term whereas ~s is a term distribution. As a matter of fact, the sequence t; ~s (that could also be written let ∗ = t in ~s) 2The same way as the space of linear combinations over a given set X is is the nullary version of the pair destructing let let (x1, x2) = t in ~s. the free vector space generated by X. Pure values v, w ::= x | λx . ~s | ∗ | (v1, v2) | inl(v) | inr(v)

Pure terms s, t ::= v | s t | t; ~s | let (x1, x2) = t in ~s | match t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2}

Value distributions ~v, ~w ::= ~0 | v | ~v + ~w | α · ~v (α ∈ C)

Term distributions ~s,~t ::= ~0 | t | ~s + ~t | α · ~t (α ∈ C) TABLE I SYNTAX OF THE CALCULUS

4 ~ ~t + ~0 ≡ ~t 1 · ~t ≡ ~t α · (β · ~t) ≡ αβ · ~t we have : dom(0) = ∅, dom(~t1 +~t2) = dom(~t1) ∪ dom(~t2), ~ ~ ~t + ~t ≡ ~t + ~t (~t + ~t ) + ~t ≡ ~t + (~t + ~t ) dom(t) = {t} and dom(α · t ) = dom(t ) for all t ∈ Λ(X ), 1 2 2 1 1 2 3 1 2 3 ~ ~t1,~t2 ∈ Λ(X ) and α ∈ C. (α + β) · ~t ≡ α · ~t + β · ~t α · (~t1 + ~t2) ≡ α · ~t1 + α · ~t2 TABLE II Remark II.9. In practice, one of the main difficulties of CONGRUENCERULESONTERMDISTRIBUTIONS working with distributions is that addition is not regular, in the sense that the relation ~t +~t1 ≡ ~t +~t2 does not necessarily imply that ~t1 ≡ ~t2. However, for example if ~t = α.s, we can deduce that ~t1 ≡ ~t2 or ~t1 ≡ ~t2 + 0 · s or ~t2 ≡ ~t1 + 0 · s. Again, the notion of distribution (or weak linear combina- tion) differs from the standard notion of linear combination To simplify the notation, we shall adopt the following: in that the summands of the form 0 · t cannot be erased, so Convention II.10. From now on, we consider term distri- that the distribution t1 + (−3) · t2 is not equivalent to the butions modulo the congruence ≡, and simply write ~t = ~t0 distribution t1 + (−3) · t2 + 0 · t3 (provided t3 6≡ t1, t2). In for ~t ≡ ~t0. This convention does not affect inner—or raw— particular, the distribution (−1) · t1 + 3 · t2 is not the additive
distributions (which occur within a pure term, for instance inverse of t1 + (−3) · t2, since t1 + (−3) · t2 + (−1) · t1 + in the body of an abstraction), that are still considered only
~ 3 · t2 ≡ 0 · t1 + 0 · t2 6≡ 0 . However, the equivalence of up to α-conversion5. The same convention holds for value term distributions can be simply characterized as follows: distributions.

Proposition II.6 (Canonical form of a distribution). Each To sum up, we now consider that ~s1 + ~s2 = ~s2 + ~s1 (as a ~ ~ Pn term distribution t can be written t ≡ i=1 αi · ti , top-level distribution), but: where α1, . . . , αn ∈ C are arbitrary scalars (possibly equal to 0), and where t1, . . . , tn (n ≥ 0) are pairwise distinct λx .~s1 + ~s2 6= λx .~s2 + ~s1 pure terms. This writing—which is called the canonical form t;(~s1 + ~s2) 6= t;(~s2 + ~s1) of ~t—is unique, up to a permutation of the summands αi · ti let (x, y) = t in ~s1 + ~s2 6= let (x, y) = t in ~s2 + ~s1 (i = 1..n). match t {inl(x) 7→ ~s1 + ~s2 | inr(y) 7→ ~s} 6= match t {inl(x) 7→ ~s2 + ~s1 | inr(y) 7→ ~s} Example II.7. Given distinct pure terms t1 and t2, we match t {inl(x) 7→ ~s | inr(y) 7→ ~s1 + ~s2} ~ ~0 consider the term distributions t := 3·t1 and t := 3·t1 +0·t2. 6= match t {inl(x) 7→ ~s | inr(y) 7→ ~s2 + ~s1} We observe that the distributions ~t and ~t0 (that are given in canonical form) do not have the same number of summands, C. Extending syntactic constructs by linearity hence they are not equivalent: ~t 6≡ ~t0. Pure terms and term distributions are intended to be evalu- Corollary II.8. The congruence ≡ is trivial on pure ated according to the call-by-basis strategy (Section III), that terms: t ≡ t0 iff t = t0, for all t, t0 ∈ Λ(X ). can be seen as the declination of the call-by-value strategy in a computing environment where all functions are linear Thanks to Proposition II.6, we can associate to each term by construction. Keeping this design choice in mind, it is ~ Pn distribution t ≡ i=1 αi · ti (written in canonical form) its natural to extend the syntactic constructs of the language by 3 domain dom(~t ) := {t1, . . . , tn} and its weight $(~t ) := linearity, proceeding as follows: for all value distributions Pn ~ Pn Pm i=1 αi. Note that the weight function $ : Λ(X )/≡ → C ~v = i=1 αi · vi and ~w = j=1 βj · wj, and for all term is a linear function from the weak C-vector space of term distributions to , whereas the domain function dom : C 4Actually, the function dom : Λ(~ X )/≡ → P (Λ(X )) is even linear, Λ(~ X )/≡ → P (Λ(X )) fin fin is a morphism of commutative since the commutative (and idempotent) monoid (Pfin(Λ(X )), ∪, ∅) has a ~ ~ monoids from (Λ(X )/≡, +, 0) to (Pfin(Λ(X )), ∪, ∅), since natural structure of weak C-vector space whose (trivial) scalar multiplication is defined by α · X = X for all α ∈ C and X ∈ Pfin(Λ(X )). 5Intuitively, a distribution that appears in the body of an abstraction (or in the body of a let-construct, or in a branch of a match-construct) does 3 ~ Pn Note that the domain of a distribution t ≡ i=1 αi · ti gathers all pure not represent a real superposition, but it only represents machine code that terms ti (i = 1..n), including those affected with a coefficient αi = 0. So will produce later a particular superposition, after some substitution has been that the domain of a distribution should not be mistaken with its support. performed. ~ Pp Pq ~ distributions ~s1, ~s2, t = k=1 γk · tk and ~s = `=1 δ` · s` we substitution is not (completely) canceled when x∈ / FV(t), have: in which case ~thx := ~wi = $(~w) · ~t 6= ~t. where Pm Pn Pk $(~w) := j=1 βj is the weight of ~w (cf Section II-B). (~v, ~w) := i=1 j=1 αiβj · (vi, wj) Pn III.EVALUATION inl(~v) := i=1 αi · inl(vi) Pn The set of term distributions is equipped with a relation of inr(~v) := αi · inr(vi) i=1 evaluation ~t ~t0 that is defined in three steps as follows. ~ Pp Pq t ~s := k=1 `=1 γkδ` · tks` Pp A. Atomic evaluation ~t;~s := γk · (tk;~s) k=1 First we define an asymmetric relation of atomic evaluation let ~ in Pp let in
(x, y) = t ~s := k=1 γk · (x, y) = tk ~s t . ~t0 (between a pure term t and a term distribution ~t0) from match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} := the inference rules of Table III. Pp
These rules basically implement a deterministic call-by- k=1 γk · match tk {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} value strategy, where function arguments are evaluated from The value distribution (~v, ~w) will be sometimes written ~v ⊗ ~w the right to the left. (The argument of an application is always as well. evaluated before the function6). Also notice that no reduction D. Substitutions is ever performed in the body of an abstraction, in the second argument of a sequence, in the body of a let-construct, or in Given a variable x and a pure value w, we define an a branch of a match-construct. Moreover, atomic evaluation is pure substitution operation of , written [x := w], that associates substitutive: If t . ~t0, then t[x := w] . ~t0[x := w] for all pure to each pure value v (resp. to each pure term t, to each raw values w. value distribution ~v, to each raw term distribution ~t) a pure value v[x := w] (resp. a pure term t[x := w], a raw value B. One step evaluation distribution ~v[x := w], a raw term distribution ~t[x := w]). The relation of one step evaluation ~t ~t0 is defined as The four operations v[x := w], t[x := w], ~v[x := w] and follows: ~t[x := w] are defined by mutual recursion as expected. Definition III.1 (One step evaluation). Given two term distri- Although the operation ~t[x := w] is primarily defined on butions ~t and ~t0, we say that ~t evaluates in one step to ~t0 and raw term distributions (i.e. by recursion on the tree structure write ~t ~t0 when there exist a scalar α ∈ , a pure term s of ~t, without taking into account the congruence ≡), it is C and two term distributions s~0 and ~r such that ~t = α · s + ~r, compatible with the congruence ≡, in the sense that if ~t ≡ ~t0, ~t0 = α · s~0 + ~r, and s . s~0. then ~t[x := w] ≡ ~t0[x := w] for all pure values w. In other words, the operation of pure substitution is compatible with Notice that the relation of one step evaluation is also Convention II.10. It is also clear that, by construction, the substitutive. In addition, the strict determinism of the relation operation ~t [x := w] is linear w.r.t. ~t, so that ~t [x := w] is of atomic evaluation t . ~t0 implies that the relation of one step Pn ~ Pn i=1 αi ·ti[x := w] for all term distributions t = i=1 αi ·ti. evaluation fulfills the following weak diamond property: (The same observations hold for the operation ~v[x := w]). ~ ~0 ~ ~0 Lemma III.2 (Weak diamond). If t t1 and t t2, then Moreover, the operation of pure substitution behaves well ~0 ~0 ~0 ~0 one of the following holds: either t1 = t2; either t1 t2 or with the linear extension of the syntactic constructs of the ~t0 ~t0 ; either ~t0 t~00 and ~t0 t~00 for some t~00. language (cf. Appendix D). And we have the expected sub- 2 1 1 2 stitution lemma: For all term distributions ~t and for all pure Remark III.3. In the decomposition ~t = α · s + ~r of values v and w, provided x 6= y and x∈ / FV(w)), we have Definition III.1, we allow that s ∈ dom(~r). So that for ~t [x := v][y := w] := ~t [y := w][x := v[y := w]]. We instance, we have the following. Let t := (λx . x) y. Then, extend the notation to parallel substitution in the usual manner t = 1 · (λx . x) y y (cf. Remark A.14 in Appendix D). 1 1 1 1 From the operation of pure substitution [x := w], we define t = · (λx . x) y + · (λx . x) y · y + · (λx . x) y 2 2 2 2 an operation of bilinear substitution hx := ~w i that is defined ~ Pn t = 7 · (λx . x) y + (−6) · (λx . x) y 7 · y + (−6) · (λx . x) y for all term distributions t = i=1 αi ·ti and for all value dis- Pm ~ Pm Remark III.4. Given a pure term t, we write Y := (λx . t + tributions ~w = j=1 βj ·wj, letting thx := ~w i := j=1 βj · t n m ~ P P xx)(λx . t+xx), so that we have Yt . t+Yt by construction. t [x := wj] = i=1 j=1 αiβj · ti[x := wj] . By construc- tion, the generalized operation of substitution ~thx := ~wi is Then we observe that for all α ∈ C, we have bilinear—which is consistent with the bilinearity of application 0·Yt = α·Yt+(−α)·Yt α·(t+Yt)+(−α)·Yt = α·t+0·Yt (Section II-C). But beware! The bilinearity of the operation This example does not jeopardize the confluence of evaluation, ~thx := ~wi also makes its use often counter-intuitive, so since we also have that this notation should always be used with the greatest caution. Indeed, while inl(~v)hx := ~wi = inl(~vhx := ~wi), α · t + 0 · Yt α · t + ((−α) · t + 0 · Yt) = 0 · t + 0 · Yt (v1, v2)hx := ~wi= 6 (v1hx := ~wi, v2hx := ~wi). Lemma A.10, 6This design choice is completely arbitrary, and we could have proceeded in Appendix C gives the valid identities. In addition, bilinear the other way around. (λx .~t ) v . ~t [x := v] ∗; ~s . ~s let (x, y) = (v, w) in ~s . ~s[x := v, y := w]

match inl(v) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} . ~s1[x1 := v] match inr(v) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} . ~s2[x2 := v] t . ~t0 t . ~t0 t . ~t0 t . ~t0 s t . s~t0 t v . ~t0 v t; ~s . ~t0; ~s let (x, y) = t in ~s . let (x, y) = ~t0 in ~s t . ~t0 0 match t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} . match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} TABLE III INFERENCE RULES OF THE RELATION OF ATOMIC EVALUATION t . ~t0

C. Evaluation IV. A SEMANTICTYPESYSTEM 0 Finally, the relation of evaluation ~t ~t is defined as In this section, we present the type system associated with the reflexive-transitive closure of the relation of one step the (untyped) language presented in Section II as well as the 0 ∗ evaluation ~t ~t , that is: ( ) := ( ) . corresponding realizability semantics. Proposition III.5 (Linearity of evaluation). The relation ~t ~t0 is linear, in the sense that: A. Structuring the space of value distributions 1) ~0 ~0 In what follows, we write: Λ the set of all closed pure terms; ~ 2) If ~t ~t0, then α · ~t α · ~t0 for all α ∈ C. Λ the space of all closed term distributions; V(⊆ Λ) the set ~ ~0 ~ ~0 ~ ~ ~0 ~0 basis vectors 3) If t1 t1 and t2 t2, then t1 +t2 t1 +t2. of all closed pure values, which we shall call ; and V(~ ⊆ Λ)~ the space of all closed value distributions, which Example III.6. In our calculus, the Hadamard operator H : we shall call vectors. 2 → 2, whose matrix is given by Mat(H) := √1 1 1
, C C 2 1 −1 The space V~ formed by all closed value distributions (i.e. is computed by the term vectors) is equipped with the inner product h~v | ~wi and the n o H := λx . if x √1 · tt + √1 · ff √1 · tt + (− √1 ) · ff . pseudo-`2-norm k~v k that are defined by 2 2 2 2 h~v | ~wi := Pn Pm α β δ Indeed, for all α, β ∈ C, we have i=1 j=1 i j vi,wj k~v k := ph~v | ~v i = pPn |α |2 H (α · tt + β · ff) = α · H tt + β · H ff i=1 i 1 1 1 1 n m α · if tt  √ · tt + √ · ff √ · tt + − √
· ff + P P 2 2 2 2 where ~v = i=1 αi · vi and ~w = j=1 βj · wj (both in  1 1 1 1
canonical form), and where δ is the Kronecker delta such β · if ff √ · tt + √ · ff √ · tt + − √ · ff vi,wj 2 2 2 2 that it is 1 if vi = wj and 0 otherwise. Let us observe that α · √1 · tt + √1 · ff
+ β · √1 · tt + − √1
· ff
2 2 2 2 the inner product behaves well with term constructors, so that = √1 (α + β) · tt + √1 (α − β) · ff e.g. hinl(~v1) | inl(~v2)i = h~v1 | ~v2i, and that values built 2 2 from distinct term constructors are orthogonal, so that e.g. ~ ~0 Theorem III.7 (Confluence of evaluation). If t t1 and hinl(~v1) | inr(~w2)i = 0. We can also infer that for all ~ ~0 ~00 ~0 ~00 ~ t t2, then there is a term distribution t such that t1 t ~v, ~w ∈ V, we have kinl(~v)k = kinr(~v)k = k~vk and ~0 ~00 and t2 t . k(~v, ~w)k = k~vk k~wk. Proof. Writing ( ?) the reflexive closure of ( ), it is clear Most of the constructions we shall perform hereafter will unit sphere S ⊆ V~ S := from Lemma III.2 that ( ?) fulfills the diamond property. take place in the 1 , that is defined by 1 {~v ∈ V:~ k~v k = 1} ~v, ~w ∈ S Therefore, ( ) = ( )∗ = ( ?)+ fulfills the diamond . It is clear that for all 1, we inl(~v) ∈ S inr(~w) ∈ S (~v, ~w) ∈ S property. have 1, 1 and 1. Given a set of vectors X ⊆ V~ , we also write span(X) the D. Normal forms nPn span of X, defined by i=1 αi · ~vi : n ≥ 0, α1, . . . , αn ∈ From what precedes, it is clear that the normal forms of o , ~v , . . . ,~v ∈ X ⊆ V~ , and [X the basis of X, defined by the relation of evaluation ~t ~t0 are the term distributions of C 1 n n S ~ P ~v∈X dom(~v ) ⊆ V. the form t = i=1 αi · ti where ti 6 . for each i = 1..n. In particular, all value distributions ~v are normal forms (but Note that by construction, span(X) is the smallest (weak) ~ they are far from being the only normal forms in the calculus). sub-vector space of V such that X ⊆ span(X), whereas [X From the property of confluence, it is also clear that when a is the smallest set of basis vectors such that X ⊆ span([X). term distribution ~t reaches a normal form ~t0, then this normal form is unique. B. The notion of unitary type In what follows, we shall be more particularly interested Definition IV.1 (Unitary types). A unitary type (or a type, for in the closed term distributions ~t that reach a (unique) closed short) is defined by a notation A, together with a set of unitary value distribution ~v through the process of evaluation. vectors A ⊆ S1, called the unitary semantics of A. J K Definition IV.2 (Realizability predicate). To each type A we A, B ::= U | [A | ]A | A + B | A × B | A → B | A ⇒ B associate a realizability predicate ~t A (where ~t ranges over TABLE IV ~ YNTAX OF UNITARY TYPES Λ) that is defined by ~t A if and only if ~t ~v for some ~v ∈ S A . The set or realizers of A, written { A}, is then defined J K ~ ~ by {~t ∈ Λ: ~t A}, that is, {~t ∈ Λ: ∃~v ∈ A , ~t ~v}. J K U := {∗} [A := [ A ]A := span( A ) ∩ S1 Lemma IV.3. For all types A, we have A = { A}∩V~ . J K J K J KJ K J K A + B := inl(~v): ~v ∈ A ∪ inr( ~w): ~w ∈ B J K J K J K J K C. Judgments, inference rules and derivations A × B := (~v, ~w): ~v ∈ A , ~w ∈ B J K  J K J K Definition IV.4 (Judgments). A judgment is a notation J A → B := λx .~t : ∀~v ∈ A , ~t hx := ~v i B J K Pn J ~K
expressing some assertion, together with a criterion of validity, A ⇒ B := i=1 αi · λx . ti ∈ S1 : ∀~v ∈ A , J K PnJ K ~
that defines whether the judgment J is valid or not. i=1 αi · tihx := ~v i B For instance, given any two types A and B, we can consider TABLE V UNITARY SEMANTICS OF TYPES the following two judgments: • The judgment A ≤ B (‘A is a subtype of B’), that is valid when A ⊆ B . generate all vectors of type A by (weak) linear combinations. J K J K • The judgment A ' B (‘A is equivalent to B’), that is Note that in general, [A is not a subtype of A. Then, ]A is valid when A = B . the unitary span of A, that is: the type of all unitary vectors J K J K (In Section V-A below, we shall also introduce a typing that can be formed as a (weak) linear combination of vectors judgment written Γ ` ~t : A). From the definition of both of type A. Note that A is always a subtype of ]A. judgments A ≤ B and A ' B, it is clear that the judgment The last non-trivial type is A ⇒ B: the space of all unitary A ' B is valid if and only if both judgments A ≤ B and function distributions mapping A to B. As lambda-terms are B ≤ A are valid. Moreover: not distributives over linear combinations, this type is distinct Lemma IV.5. Given any two types A and B: from ](A → B) (see next remark for a discussion). However, by construction, A → B is always a subtype of A ⇒ B. 1) A ≤ B is valid if and only if { A} ⊆ { B}. Finally, we provide some syntactic sugar: the type of 2) A ' B is valid if and only if { A} = { B}. Booleans, the direct sum and the tensor product are defined More generally, we call an inference rule any pair formed by B := U + U, A ⊕ B := ](A + B), and A ⊗ B := ](A × B). by a finite set of judgments J1,...,Jn, called the premises of The type ]B = ](U + U) = U ⊕ U will be called the type the rule, and a judgment J0, called the conclusion: of unitary Booleans. Notice that its semantics is given by the  definition ] = span({tt, ff}) ∩ S1, that is, the set α · tt : J1 ··· Jn B |α| = 1 ∪JβK·ff : |β| = 1 ∪α·tt+β·ff : |α|2 +|β|2 = 1 . J0 We say that an inference rule J1 ··· Jn is valid when the joint J0 Remarks IV.6. validity of the premises J1,...,Jn implies the validity of the conclusion J0. As usual, inference rules can be assembled into 1) The type constructors [ and ] are monotonic and idem- derivations, and we shall say that a derivation is valid when potent: [[A ' [A and ]]A ' ]A. all the inference rules that are used to build this derivation 2) We always have the inclusion A ≤ ]A, but the inclusion are valid. It is clear that when all the premises of a valid [A ≤ A does not hold in general. For instance, given 3 5
4 derivation are valid, then so is its conclusion. In particular, any type A, we easily check that 5 · λx . 6 · x + 5 · 5
5 5 when a judgment has a valid derivation without premises, then λx . 8 ·x ∈ A ⇒ A , so that (λx . 6 ·x), (λx . 8 ·x) ∈ this judgment is valid. [ A ⇒ A = J[(A ⇒ AK) . On the other hand, it is also clearJ thatK (λxJ . 5 · x), (λxK . 5 · x) ∈/ A ⇒ A (unless D. A simple algebra of types 6 8 A = ∅). Therefore, [(A ⇒ A) 6≤ AJ⇒ A. K In this section, we design a simple algebra of unitary types 3) WeJ K have the equivalence []A ' [A, but only the whose notations (i.e. the syntax) are given in Table IV and inclusion A ≤ ][A. More generally, the type constructor whose unitary semantics are given in Table V. [ commutes with + and ×: [(A + B) ' [A + [B and The choice we make in this paper follows from the structure [(A×B) ' [A×[B but the type constructor ] does not, of the calculus: each set of standard constructor/destructor since we only have the inclusions ]A + ]B ≤ ](A + B) canonically yields a type constructor: this gives : U, the unit and ]A × ]B ≤ ](A × B) type, that is inhabited by the sole vector ∗ ; A + B, the simple 4) The inclusions A ⇒ B ≤ ](A ⇒ B) and ](A → B) ≤ sum of A and B ; A × B, the simple product of A and B; ](A ⇒ B) are strict in general (unless the type A ⇒ B A → B, the space of all pure functions mapping A to B. is empty). As a matter of fact, the two types ](A → The next natural choice of type constructor is derived from B) and ](A ⇒ B) have no interesting properties—for the existence of linear combinations of terms. First, [A is instance, they are not subtypes of ]A ⇒ ]B. In practice, the basis of A, that is: the minimal set of basis vectors that the type constructor ] is only used on top of an algebraic type, constructed using one of U, +, or ×. preserves the inner product, in the sense that for all ~v, ~w ∈ span({tt, ff}), we have 1) Pure types and simple types: In what follows, we shall say that a type A is pure when its unitary semantics only 2 hπB(~v) | πB(~w)iC = h~v | ~wiV~ contains pure values, that is: when A ⊆ V. Equivalently, a J K Definition IV.9. We say that a closed term distribution ~t type A is pure when the type equivalence [A ' A is valid (or 2 2 when A ≤ [B for some type B). We easily check that: represents a function F : C → C when for all ~v ∈ span({tt, ff}), there exists ~w ∈ span({tt, ff}) such that Lemma IV.7. For all types A and B: ~t~v ~w and π (~w) = F (π (~v )) . 1) The types U, [A and A → B are pure. B B 2) If A and B are pure, then so are A + B and A × B. Remark IV.10. From the bilinearity of application, it is clear 3) ]A and A ⇒ B are not pure, unless they are empty. that each function F : C2 → C2 that is represented by a closed term distribution is necessarily linear. A particular case of pure types are the simple types, that are syntactically defined from the following sub-grammar of the Recall that an operator F : C2 → C2 is unitary when grammar of Table IV: it preserves the inner product of C2, in the sense that hF (u) | F (v)i = hu | vi for all u, v ∈ C2. Equivalently, an A, B ::= | A + B | A × B | A → B 2 2 U 2 operator F : C → C is unitary if and only if kF (1, 0)kC = 2 2 It is clear from Lemma IV.7 that all simple types are pure kF (0, 1)kC = 1 and hF (1, 0) | F (0, 1)iC = 0. The following propositions expresses that the types ] → ] and ] ⇒ ] types. The converse is false, since the type ]U → ]U is pure, B B B B although it is not generated from the above grammar. capture unitary operators: 2) Pure arrow vs unitary arrow: The pure arrow A → B Proposition IV.11. Given a closed λ-abstraction λx .~t, we and the unitary arrow A ⇒ B only differ in the shape of the have λx .~t ∈ ]B → ]B if and only if there are two value functions which they contain: the pure arrow A → B only J K distributions ~v1,~v2 ∈ ]B such that we have ~t [x := tt] contains pure abstractions whereas the unitary arrow A ⇒ B ~v1, ~t [x := ff] ~v2 andJ Kh~v1 | ~v2i = 0. contains arbitrary unitary distributions of abstractions mapping values of type A to realizers of type B. However, the functions Theorem IV.12 (Characterization of the values of type ~ that are captured by both sets A → B ⊆ V and A ⇒ B ⊆ ]B → ]B). A closed λ-abstraction λx . t is a value of type ] → ] if and only if it represents a unitary operator S1 are extensionally the same:J K J K B B F : C2 → C2. Proposition IV.8. For all unitary distributions of abstractions Pn ~
Corollary IV.13 (Characterization of the values of type i=1 αi · λx . ti ∈ S1, one has: Pn ]B ⇒ ]B). A unitary distribution of abstractions i=1 αi · Pn ~
~
i=1 αi · λx . ti ∈ A ⇒ B λx . ti ∈ S1 is a value of type ]B ⇒ ]B if and only if it Pn ~
J K represents a unitary operator F : C2 → C2. iff λx . i=1 αi · ti ∈ A → B . J K E. Representation of unitary operators V. TYPING JUDGEMENTS In Section IV, we introduced a simple type algebra (Ta- Recall that the type of unitary Booleans is defined as ] = B ble IV) together with the corresponding unitary semantics ]( + ) = ⊕ , so that for all closed term distributions ~t, U U U U (Table V). We also introduced the two judgments A ≤ B we have ~t ] iff B and A ' B. Now, it is time to introduce the typing judgment ~ ~t α · tt for some α ∈ C s.t. |α| = 1, or Γ ` t : A together with the corresponding notion of validity. ~ t β · ff for some β ∈ C s.t. |β| = 1, or A. Typing Rules ~t α · tt + β · ff for some α, β ∈ C s.t. |α|2 + |β|2 = 1 . As usual, we call a typing context (or a context) any finite We can observe that the unitary semantics of the type ]B function from the set of variables to the set of types. Contexts simultaneously contains the vectors α · tt and α · tt + 0 · ff, Γ are traditionally written Γ = x1 : A1, . . . , x` : A` where that can be considered as “morally” equivalent (although they {x1, . . . , x`} = dom(Γ) and where Ai = Γ(xi) for all i = are not according to the congruence ≡). To identify such 1..`. The empty context is written ∅, and the concatenation vectors, it is convenient to introduce the Boolean projection of two contexts Γ and ∆ such that dom(Γ) ∩ dom(∆) = ∅ 2 πB : span({tt, ff}) → C defined by is defined by Γ, ∆ := Γ ∪ ∆ (that is: as the union of the underlying functions). π (α · tt) = (α, 0), π (β · ff) = (0, β), B B Similarly, we call a substitution any finite function from and π (α · tt + β · ff) = (α, β) B the set of variables to the set V~ of closed value distributions. for all α, β ∈ C. By construction, the function πB : Substitutions σ are traditionally written σ = {x1 := 2 span({tt, ff}) → C is linear, surjective, and neglects the dif- ~v1, . . . , x` := ~v`} where {x1, . . . , x`} = dom(σ) and where ference between α·tt+0·ff and α·tt (and between 0·tt+β·ff ~vi = σ(xi) for all i = 1..`. The empty substitution is written ∅, 2 and β · ff). Moreover, the map πB : span({tt, ff}) → C and the concatenation of two substitutions σ and τ such that dom(σ) ∩ dom(τ) = ∅ is defined by σ, τ := σ ∪ τ (that is: C. Typing Church numerals as the union of the underlying functions). Given an open term Let us recall that Church numerals n¯ are defined for all distribution ~t and a substitution σ = {x := ~v , . . . , x := ~v }, 1 1 ` ` n ∈ by n¯ := λf . λx . f n x. From the typing rules of we write ~t hσi := ~t hx := ~v i · · · hx := ~v i . Note that N 1 1 ` ` Table VI, we easily derive that ` n¯ :( → ) → ( → ) since the value distributions ~v , . . . ,~v are closed, the order in B B B B 1 ` (by simple typing) and even that ` n¯ :(] → ] ) → (] → which the (closed) bilinear substitutions hx := ~v i (i = 1..`) B B B i i ] ), using the fact that ] → ] is a pure type, that is subject are applied to ~t is irrelevant. B B B to arbitrary weakenings and contractions. On the other hand, Definition V.1 (Unitary semantics of a typing context). Given since we cannot use weakening or contraction for the non pure a typing context Γ, we call the unitary semantics of Γ and type ]B ⇒ ]B, we cannot derive the judgments ` n¯ :(]B ⇒ write Γ the set of substitutions defined by ]B) → (]B ⇒ ]B) and ` n¯ :(]B ⇒ ]B) ⇒ (]B ⇒ ]B) but J K for n = 1. (cf. Fact A.11 in Appendix C). Γ := σ substitution : dom(σ) = dom(Γ) J K and ∀x ∈ dom(σ), σ(x) ∈ Γ(x) . J K D. Orthogonality as a Typing Rule Finally, we call the strict domain of a context Γ and write The typing rules of Table VI allow us to derive that the dom](Γ) the set terms I := λx . x, Ktt := λx . tt, Kff := λx . ff and N := ] dom (Γ) := {x ∈ dom(Γ) : Γ(x) 6= [ Γ(x) } . λx . if x {ff | tt} have type B → B; they even allow us J K J K to derive that I has type ] → ] , but they do not allow us Intuitively, the elements of the set dom](Γ) are the variables B B (yet) to derive that the Boolean negation N or the Hadamard of the context Γ whose type is not a type of pure values. As H have type ] → ] . For that, we need to introduce a new we shall see below, these variables are the variables that must B B form of judgment: orthogonality judgments. occur in all the term distributions that are well-typed in the context Γ. (This restriction is essential to ensure the validity Definition V.6 (Orthogonality judgments). An orthogonality of the rule (UnitLam), Table VI). judgment is a sextuple Definition V.2 (Typing judgments). A typing judgment is a Γ ` (∆ ` ~t ) ⊥ (∆ ` ~t ): A triple Γ ` ~t : A formed by a typing context Γ, a (possibly 1 1 2 2 open) term distribution ~t and a type A. This judgment is valid formed by three typing contexts Γ, ∆ and ∆ , two (possibly when: 1 2 open) term distributions ~t , ~t and a type A. This judgment is ] ~ 1 2 1) dom (Γ) ⊆ FV(t ) ⊆ dom(Γ); and valid when: 2) ~thσi A for all σ ∈ Γ . J K 1) both judgments Γ, ∆1 ` ~t1 : A and Γ, ∆2 ` ~t2 : A are Proposition V.3. The typing rules of Table VI are valid. valid; and Remark V.4. In the rule (PureLam), the notation [Γ ' Γ refers 2) for all σ ∈ Γ , σ1 ∈ ∆1 and σ2 ∈ ∆2 , if ~t1hσ, σ1i ~v1J andK ~t2hσ, σ2Ji K ~v2, J K to the conjunction of premises [A1 ' A1 & ··· & [A` ' A`, then h~v1 | ~v2i = 0. where A1,...,A` are the types occurring in the context Γ. When both contexts ∆1 and ∆2 are empty, the orthogonality Remark V.5. The proof of validity of the typing rule (UnitLam) judgment Γ ` (∆1 ` ~t1) ⊥ (∆2 ` ~t2): A is simply written crucially relies on the fact that the body ~t of the abstraction Γ ` ~t1 ⊥ ~t2 : A. λx .~t is a raw distribution (i.e. an expression that is considered only up to α-conversion, and not ≡). This is the reason why we With this definition, we can prove a new typing rule, which endowed term distributions (Section II-B) with the congruence can be used to type Hadamard: ≡ that is shallow, in the sense that it does not propagate in Proposition V.7. The rule (UnitaryMatch) given below is valid. the bodies of abstractions, in the bodies of let-constructs, or Γ ` ~t : A1 ⊕ A2 ∆ ` (x1 : ]A1 ` ~s1) ⊥ (x2 : ]A2 ` ~s2): ]C in the branches of match-constructs. Γ, ∆ ` match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} : ]C B. Simply-typed lambda-calculus Example V.8. We have ` tt ⊥ ff : B. Consider the terms Recall that simple types (Section IV-D1) are generated from |+i = √1 · tt + √1 · ff and |−i = √1 · tt + (− √1 ) · ff. Then 2 2 2 2 the following sub-grammar of the grammar of Table IV: we can prove that ` |+i ⊥ |−i : ]B. We can also prove that A, B ::= U | A + B | A × B | A → B By construction, all simple types A are pure types, in the sense ` (x : ]U ` x; |+i) ⊥ (y : ]U ` y; |−i): ]B that [A ' A. Since pure types allow the use of weakening and contraction, it is a straightforward exercise to check that any Using this fact, and the rule (UnitaryMatch) from Proposi- typing judgment Γ ` t : A that is derivable in the simply- tion V.7, we can derive the type ]B → ]B for the Hadamard typed λ-calculus with sums and products is also derivable from gate H defined in Example III.6. Recall that ]B = ](U+U) = the typing rules of Table VI. U ⊕ U. Γ ` ~t : AA ≤ A0 Γ, x : A ` ~t : B[Γ ' Γ Γ, x : A ` ~t : B (Axiom) (Sub) (PureLam) (UnitLam) x : A ` x : A Γ ` ~t : A0 Γ ` λx .~t : A → B Γ ` λx .~t : A ⇒ B ~ Γ ` ~s : A ⇒ B ∆ ` ~t : A Γ ` ~t : U ∆ ` ~s : A Γ ` t : ]U ∆ ` ~s : ]A (App) (Void) (Seq) (SeqSharp) Γ, ∆ ` ~s~t : B ` ∗ : U Γ, ∆ ` ~t; ~s : A Γ, ∆ ` ~t; ~s : ]A ~ ~ Γ ` ~v : A ∆ ` ~w : B Γ ` t : A × B ∆, x : A, y : B ` ~s : C Γ ` t : A ⊗ B ∆, x : ]A, y : ]B ` ~s : ]C (Pair) (LetPair) (LetTens) Γ, ∆ ` (~v, ~w): A × B Γ, ∆ ` let (x, y) = ~t in ~s : C Γ, ∆ ` let (x, y) = ~t in ~s : ]C ~ Γ ` ~v : A Γ ` ~w : B Γ ` t : A + B ∆, x1 : A ` ~s1 : C ∆, x2 : B ` ~s2 : C (InL) (InR) (PureMatch) Γ ` inl(~v): A + B Γ ` inr( ~w): A + B Γ, ∆ ` match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} : C

Γ ` ~t : B [A ' A Γ, x : A, y : A ` ~t : B [A ' A (Weak) (Contr) Γ, x : A ` ~t : B Γ, x : A ` ~t [y := x]: B TABLE VI SOME VALID TYPING RULES

VI.UNIFYING MODELOF CLASSICALAND QUANTUM tensor for dealing with systems of several quantum bits CONTROL (together with the corresponding destructor), an operator new We showed in Section V-B that the unitary linear algebraic to create a new quantum bit, and a family of operators U(t) to lambda calculus strictly contains the simply-typed lambda cal- apply a given unitary operator on t. We also provide a special Q culus. With Theorem IV.12 and Corollary IV.13 we expressed lambda abstraction λ to make a closure out of a quantum how the “only” valid functions were unitary maps, and in computation, as well as a special application to apply such Section V-D we hinted at how to type orthogonality with the a closure. Note that for simplicity, we only consider unary model. This section is devoted to showing how the model can quantum operators—that is: operators on the type qbit—, but this can be easily extended to quantum operators acting on be used as a model for quantum computation, with the model ⊗n providing an operational semantics to a high-level operation tensor products of the form qbit . Also note that we do not on circuits: the control of a circuit. consider measurements, for our realizability model does not natively support it. A. A Quantum Lambda-Calculus The language λQ features two kinds of typing judgments: a classical judgment ∆ ` t : A, where ∆ is a typing context of The language we consider, called λQ, is a circuit-description C language similar to QWIRE [6] or Proto-Quipper [26]. For- classical types and where A is a classical type, and a quantum judgment ∆|Γ ` t : A , where ∆ is a typing context of mally, the types of λQ are defined from the following gram- Q Q mar: classical types, Γ a typing context of quantum types, and where AQ is a quantum type. An empty typing context is always A, B ::= U | A → B | A × B | bit | AQ ( BQ denoted by ∅. As usual, we write Γ, ∆ for Γ ∪ ∆ (when Γ ∩ AQ,BQ ::= qbit | AQ ⊗ BQ ∆ = ∅), and we use the notation FV(t): qbit to represent the quantum context x1 : qbit, . . . , xn : qbit made up of the finite The types denoted by A, B are the usual simple types, which set FV(t) = {x1, . . . , xn}. we call classical types. (Note that they contain a type bit of The typing rules for classical judgements are standard and classical bits, that corresponds to the type U+U in our model.) are given in the Appendix D. Rules for quantum judgements The types denoted by AQ, BQ are the quantum types; they are given in the Table VII. The last three rules allows to basically consist in tensor products of the type qbit of quantum navigate between classical and quantum judgments. Note that bits. As the former types are duplicable while the latter are in the above rules, classical variables (declared in the ∆’s) non-duplicable, we define a special (classical) function-type can be freely duplicated whereas quantum variables (declared A B between quantum types. Q ( Q in the Γ’s) cannot. Also note that in λQ, pure quantum The term syntax for λQ is defined from the following computations are essentially first-order. grammar: The first of the last three rules makes a qbit out of a bit, the second rule makes a closure out of a quantum computation, t, r, s ::= x | ∗ | λx.t | t r | (t, r) | π1(t) | π2(t) while the third rule opens a closure containing a quantum | | | t {r | s} tt ff if computation. These last two operations give a hint of higher- | t ⊗ r | let x ⊗ y = t in r order to quantum computations in λQ. | new(t) | U(t) | λQx.t | t@r A value is a term belonging to the grammar: Q The first two lines of the definition describe the usual con- u, v ::= x | λx.t | λ x.t | (u, v) | ∗ | u ⊗ v . structions of the simply-typed lambda calculus with (ordinary) The language λQ is equipped with the standard operational pairs. The last two lines adds the quantum specificities: a semantics presented in [27]: the quantum environment is ∆|Γ1 `Q s : AQ ∆|Γ2 `Q t : BQ B. Modelling λQ ∆|x : AQ `Q x : AQ ∆|Γ1, Γ2 `Q s ⊗ t : AQ ⊗ BQ The realizability model based on the unitary linear-algebraic ∆|Γ `Q t : qbit lambda-calculus is a model for the quantum lambda-calculus ∆|Γ `Q U(t): qbit λQ. We write t for the translation of a term of λQ into its L M ∆|Γ1 `Q s : AQ ⊗ BQ ∆|Γ2, x : AQ, y : BQ `Q t : CQ model. The model can indeed not only accomodate classical features, using pure terms, but also quantum states, using linear ∆|Γ1, Γ2 `Q let x ⊗ y = s in t : CQ combinations of terms. ∆|x : A ` t : B ∆ `C t : bit Q Q Q We map qbit to ] and bit to . This makes bit a subtype Q B B ∆|∅ `Q new(t): qbit ∆ `C λ x.t : AQ ( BQ of qbit: the model captures the intuition that booleans are ∆ `C s : AQ ( BQ ∆|Γ `Q t : AQ “pure” quantum bits. Classical arrows → are mapped to → ∆|Γ `Q s@t : BQ and classical product × is mapped to the product of the model, TABLE VII in the spirit of the encoding of simply-typed lambda-calculus. TYPINGRULESFOR λQ Finally, the tensor of λQ is mapped to the tensor of the model. The interesting type is AQ ( BQ. We need this type to be both classical and capture the fact that a term of this type is a [Q, L, C{(λx.t)u}] → [Q, L, C{t[x := u]}] pure quantum computation from AQ to BQ, that is, a unitary [Q, L, C{(λQx.t)@u}] → [Q, L, C{t[x := u]}] map. The encoding we propose consists in using “thunk”,

[Q, L, C{π1(u, v)}] → [Q, L, C{u}] as proposed by [28]. Formally, the translation of types is as

[Q, L, C{π2(u, v)}] → [Q, L, C{v}] follows: bit = B, A × B = A × B , A → B = A → L M L M L M L M L M L M [Q, L, C{if tt {t | r}}] → [Q, L, C{t}] B , AQ ( BQ = U → ( AQ ⇒ BQ ), qbit = ]B, L M L M L M L M L M [Q, L, C{if ff {t | r}}] → [Q, L, C{r}] AQ ⊗ BQ = AQ ⊗ BQ = ]( AQ × BQ ), and U = U. L M L M L M L M L M L M [Q, L, C{let x ⊗ y = u ⊗ v in s}] → [Q, L, C{s[x := u, y := v]}] Lemma VI.2. For all classical types A, [ A ' A . [Q, L, C{new(tt)}] → [Q ⊗ |0i,L ∪ {x 7→ n+1},C{x}] L M L M [Q, L, C{new(ff)}] → [Q ⊗ |1i,L ∪ {x 7→ n+1},C{x}] Lemma VI.3. For all qbit types AQ, ] AQ ' AQ . [Q, L, C{U(x)}] → [Q0, L, C{x}] L M L M The classical structural term constructs of λQ are translated where Q’ is obtained by applying U to the quantum bit L(x) literally: x = x, ∗ = ∗, λx.t = λx. t , tr = t r , TABLE VIII (t, r) =L ( Mt , r ),L ifM t {r L| s} M= matchL M tL {inlM (Lz1ML) 7→M OPERATIONAL SEMATICS OF λQ Lz1; r M | inrL M(zL2)M7→L z2; s } withM z1 and z2LfreshM variables, ttL =M inl(∗), ff =LinrM (∗), πi(t) = let (x1, x2) = Lt Min xi. Finally,L theM term constructsL relatedM to quantum bits L M separated from the term, in the spirit of the QRAM model make use of the algebraic aspect of the language. First, new of [4]. Formally, a program is defined as a triplet [Q, L, t] is simply the identity, since booleans are subtypes of quantum where t is a term, L is a bijection from FV (t) to {1, . . . , n} bits: new(t) = t . Then, the translation of the unitary L M L M and Q is an n-quantum bit system: a normalized vector operators is done with the construction already encountered n 2 ⊗n in e.g. Example III.6: U(t) = U¯ t where U¯ is defined as in the 2 -dimensional vector space (C ) . We say that a follows. If U = ( a b ), thenL U¯M= λx.LmatchM x {inl(x ) 7→ a· program [Q, L, t] is well-typed of type AQ when the judgment c d 1 inl(x )+c·inr(x ) | inr(x ) 7→ b·inl(x )+d·inr(x )}. ∅|FV(t): qbit `Q t : AQ is derivable. In particular, well-typed 1 1 2 2 2 programs correspond to quantum typing judgements, closed Then, the tensor is defined with the pairing construct, which with respect to classically-typed term-variables. is distributive: t ⊗ r = ( t , r ) and let x ⊗ y = s in t = L M L M L M L M The operational semantics is call-by-value and relies on let (x, y) = s in t . Finally, the quantum closure and L M L M applicative contexts, that are defined as follows: applications are defined by remembering the use of the thunk: λQx.t = λzx. t , where z is a fresh variable, and C{·} ::= {·} | C{·}u | rC{·} | (C{·}, r) | (u, C{·}) t@r =L ( t ∗)M r : one firstL M “open” the thunk before applying L M L M L M | π1(C{·}) | π2(C{·}) | if C{·} {t | r} | C{·} ⊗ r the function. | u ⊗ C{·} | let x ⊗ y = C{·} in t | new(C{·}) We also define the translation of typing contexts as follows: if Γ = {x : A } , we write Γ for {x : A } , and we write | U(C{·}) | C{·}@u | r@C{·} i i i i i i ∆|Γ for ∆ , Γ . Finally,L a programM is translatedL M as follows: L PmM L iM L M i The operational semantics of the calculus is formally defined [ i=1 αi.|y1, . . . , yni, {x1 := p(1), . . . , xn := p(n)}, t] = LPm i i M from the rules given in Table VIII. The language λQ satisfies i=1 αi · t [x1 :=y ¯p(1), . . . , xn :=y ¯p(n)] where p is a the usual safety properties, proved as in [27]. permutationL ofM n and 0¯ = tt and 1¯ = ff.

Theorem VI.1 (Safety properties). If [Q, L, t]: AQ and Example VI.4. Let P be the program [α|00i + β|11i, {x := 0 0 0 0 [Q, L, t] → [Q ,L , r], then [Q ,L , r]: AQ. Moreover, 1, y := 2}, (x ⊗ y)]. It consists on a pair of the two quantum whenever a program [Q, L, t] is well-typed, either t is already bits given in the quantum context on the first component of the a value or it reduces to some other program. triple. The translation of this program is as follows. P = L M α · (x, y)[x := tt, y := tt] + β · (x, y)[x := ff, y := ff] = operations on circuits: this permits to extend the language λQ. α · (tt, tt) + β · (ff, ff). The fact that the model “preserves unitarity” (Theorem IV.12) ensuring the soundness of the added constructions. The translation is compatible with typing and rewriting. In what follows, by abuse of notation, we identify This is to be put in reflection with Theorem IV.12: not only Circ(A ,B ) and A B . the realizability model captures unitarity, but it is expressive Q Q Q ( Q enough to comprehend a higher-order quantum programming D. Control Operator language. Suppose that we are given a closed term t of λQ with type qbit ( qbit. This function corresponds to a unitary matrix Theorem VI.5. Translation preserves typeability: a b U = ( c d ), sending |0i to a|0i+c|1i and |1i to b|0i+d|1i. We 1) If Γ `Q t : AQ then Γ ` t : AQ . might want to write ctl(t) of type (qbit⊗qbit) (qbit⊗qbit) L M L M L M ( 2) If ∆|Γ `C t : A then ∆ , Γ ` t : A . behaving as the control of U, whose behavior is to send |0i⊗φ L M L M L M L M 3) If [Q, L, t]: A then ` [Q, L, t] : A . to |0i ⊗ φ and |1i ⊗ φ to |1i ⊗ (Uφ): if the first input quantum L M L M Theorem VI.6 (Adequacy). If [Q, L, t] → [Q0,L0, r], then bit is in state |0i, control-U acts as the identity. If the first [Q, L, t] [Q0,L0, r] . input quantum bit is in state |1i, control-U performs U on the L M L M second quantum bit. C. A Circuit-Description Language This is really a “quantum test” [29]. It has been formalized Quantum algorithms do not only manipulate quantum bits: in the context of linear algebraic lambda-calculi by [1]. It can they also manipulate circuits. A quantum circuit is a sequence be ported to the unitary linear algebraic lambda-calculus as of elementary operations that are buffered before being sent follows: to the quantum memory. If one can construct a quantum ctl := λf.λz.let((x, y)) = z in circuit by concatenating elementary operations, several high- match x {inl(z ) 7→ (inl(z ), fy) level operations on circuits are allowed for describing quantum 1 1 algorithms: repetition, control (discussed in Section VI-D), |inr(z2) 7→ (inr(z2), y)} inversion, etc. and ctl can be given the type In recent years, several quantum programming languages have been designed to allow the manipulation of circuits: (]A ⇒ ]B) → ((B ⊗ A) ⇒ (B ⊗ B)). Quipper [5] and its variant ProtoQuipper [26], QWIRE [6], Note how the definition is very semantical: the control oper- etc. These languages share a special function-type Circ(A, B) ation is literally defined as a test on the first quantum bit. standing for the type of circuits from wires of type A to wires We can then add an opaque term construct ctl(s) to λQ with of type B. Two built-in constructors are used to go back and typing rule forth between circuits and functions acting on quantum bits: ∆ `C t : AQ ( BQ • box :(A B ) → Circ(A ,B ). Its operational Q ( Q Q Q ∆ `C ctl(t):(qbit ⊗ AQ) ( (qbit ⊗ BQ). semantics is to evaluate the input function on a phantom element of type A, collect the list of elementary quantum The translation of this new term construct is then ctl(t) = L M operations to be performed and store them in the output λz.(ctl( t ∗)) with z a fresh variable, and Theorem VI.6 still L M circuit. holds. • unbox : Circ(AQ,BQ) → (AQ ( BQ). This operator VII.CONCLUSIONS is the dual: it takes a circuit — a list of elementary In this paper we have presented a language based on operations — and return a concrete function. Lineal [1], [2]. Then, we have given a set of unitary types The advantage of distinguishing between functions and circuits and proposed a realizability semantics associating terms and is that a circuit is a concrete object: it is literally a list of types. operations that can be acted upon. A function is a suspended The main result of this paper can be pinpointed to Theo- computation: it is a priori not possible to inspect its body. rem IV.12 and Corollary IV.13, which, together with normal- The language λQ does not technically possess a type ization, progress, and subject reduction of the calculus (which constructor for circuits: the typing construct ( is really a are axiomatic properties in realizability models), imply that lambda-abstraction. However, it is very close to being a circuit: every term of type ]B → ]B represent a unitary operator. one could easily add a typing construct Circ in the classical In addition, the Definition V.6 of orthogonal judgements led type fragment and implement operators box and unbox, taking to Proposition V.7 proving rule (UnitaryMatch). Indeed, one of inspiration for the operational semantics on what has been the main historic drawbacks for considering a calculus with done by [26] for PROTOQUIPPER. quantum control has been to define the notion of orthogonality How would this be reflected in the realizability model? We needed to encode unitary gates (cf., for example, [29]). claim that the translation of the type Circ(AQ,BQ) can be Finally, as an example to show the expressiveness of the taken to be the same as the translation of AQ ( BQ, the language, we have introduced λQ and showed that the calculus operator box and unbox simply being the identity. The realiz- presented in this paper can be considered as a denotational ability model is then rich enough to express several high-level semantics of it. REFERENCES [16] A. Sabry, B. Valiron, and J. K. Vizzotto, “From symmetric pattern- matching to quantum control,” in Foundations of Software Science [1] P. Arrighi and G. Dowek, “Linear-algebraic λ-calculus: higher-order, and Computation Structures - 21st International Conference, FOSSACS encodings, and confluence.” in Rewriting Techniques and Applications, 2018,, ser. LNCS, C. Baier and U. D. Lago, Eds., vol. 10803. Thes- A. Voronkov, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008, salonikis, Greece: Springer, 2018, pp. 348–364. pp. 17–31. [17] L. Vaux, “The algebraic lambda calculus,” Mathematical Structures in [2] ——, “Lineal: A linear-algebraic lambda-calculus,” Logical Methods in Computer Science, vol. 19, pp. 1029–1059, 2009. Computer Science, vol. 13, 2017. [18] T. Ehrhard and L. Regnier, “The differential lambda-calculus,” Theoret- [3] B. Valiron, “A typed, algebraic, computational lambda-calculus,” Math- ical Computer Science, vol. 309, no. 1, pp. 1–41, 2003. ematical Structures in Computer Science, vol. 23, no. 2, pp. 504–554, [19] A. Assaf, A. D´ıaz-Caro, S. Perdrix, C. Tasson, and B. Valiron, “Call- 2013. by-value, call-by-name and the vectorial behaviour of the algebraic λ- [4] E. H. Knill, “Conventions for quantum pseudocode,” Los Alamos calculus,” Logical Methods in Computer Science, vol. 10, 2014. National Laboratory, Tech. Rep. LA-UR-96-2724, 1996. [20] P. Selinger, “Towards a quantum programming language,” Mathematical [5] A. S. Green, P. L. Lumsdaine, N. J. Ross, P. Selinger, and B. Valiron, Structures in Computer Science, vol. 14, no. 4, pp. 527–586, 2004. “Quipper: a scalable quantum programming language,” ACM SIGPLAN [21] P. Selinger and B. Valiron, “On a fully abstract model for a quantum Notices (PLDI’13), vol. 48, no. 6, pp. 333–342, 2013. linear functional language,” in Proceedings of the Fourth International [6] J. Paykin, R. Rand, and S. Zdancewic, “Qwire: A core language Workshop on Quantum Programming Languages (QPL’06), ser. Elec- for quantum circuits,” in Proceedings of the 44th ACM SIGPLAN tronic Notes in Theoretical Computer Science, P. Selinger, Ed., vol. 210, Symposium on Principles of Programming Languages, ser. POPL 2017. Oxford, UK., July 2008, pp. 123–137. New York, NY, USA: ACM, 2017, pp. 846–858. [22] O. Malherbe, P. Scott, and P. Selinger, “Presheaf models of quantum [7] A. van Tonder, “A lambda calculus for quantum computation,” SIAM computation: An outline,” in Computation, Logic, Games, and Quantum Journal on Computing, vol. 33, pp. 1109–1135, 2004. Foundations. The Many Facets of Samson Abramsky - Essays Dedicated [8] A. D´ıaz-Caro, “Du typage vectoriel,” Ph.D. dissertation, Universite´ de to Samson Abramsky on the Occasion of His 60th Birthday, ser. Lecture Grenoble, France, Sep. 2011. Notes in Computer Science, B. Coecke, L. Ong, and P. Panangaden, [9] P. Arrighi, A. D´ıaz-Caro, and B. Valiron, “The vectorial lambda- Eds. Springer, 2013, vol. 7860, pp. 178–194. calculus,” Information and Computation, vol. 254, no. 1, pp. 105–139, [23] M. Pagani, P. Selinger, and B. Valiron, “Applying quantitative se- 2017. mantics to higher-order quantum computing,” ACM SIGPLAN Notices [10] P. Arrighi and A. D´ıaz-Caro, “A System F accounting for scalars,” (POPL’14), vol. 49, no. 1, pp. 647–658, 2014. Logical Methods in Computer Science, vol. 8, 2012. [24] F. Rios and P. Selinger, “A categorical model for a quantum circuit de- [11] S. C. Kleene, “On the interpretation of intuitionistic number theory,” scription language,” in Proceedings of the 14th International Conference Journal of Symbolic Logic, vol. 10, pp. 109–124, 1945. on Quantum Physics and Logic, QPL 2017, ser. EPTCS, B. Coecke and [12] C. Bdescu and P. Panangaden, “Quantum alternation: Prospects and A. Kissinger, Eds., vol. 266, 2017, pp. 164–178. problems,” in Proceedings of QPL-2015, ser. Electronic Proceedings in [25] B. Lindenhovius, M. Mislove, and V. Zamdzhiev, “Enriching a Theoretical Computer Science, C. Heunen, P. Selinger, and J. Vicary, linear/non-linear lambda calculus: A programming language for string Eds., vol. 195, 2015, pp. 33–42. diagrams,” in Proceedings of the 33rd Annual ACM/IEEE Symposium [13] A. D´ıaz-Caro and B. Petit, “Linearity in the non-deterministic call-by- on Logic in Computer Science (LICS 2018). ACM, 2018, pp. 659–668. value setting,” in Proceedings of WoLLIC 2012, ser. LNCS, L. Ong and [26] N. J. Ross, “Algebraic and logical methods in quantum computation,” R. de Queiroz, Eds., vol. 7456. Buenos Aires, Argentina: Springer, Ph.D. dissertation, Dalhousie University, 2015. 2012, pp. 216–231. [27] P. Selinger and B. Valiron, “A lambda calculus for quantum computation [14] A. D´ıaz-Caro and G. Dowek, “Typing quantum superpositions and mea- with classical control,” Mathematical Structures in Computer Science, surement,” in Theory and Practice of Natural Computing (TPNC 2017), vol. 16, no. 3, pp. 527–552, 2006. ser. Lecture Notes in Computer Science, C. Mart´ın-Vide, R. Neruda, [28] P. Z. Ingerman, “Thunks: A way of compiling procedure statements and M. A. Vega-Rodr´ıguez, Eds., vol. 10687. Prague, Czech Republic: with some comments on procedure declarations,” Communication of the Springer, Cham, 2017, pp. 281–293. ACM, vol. 4, no. 1, pp. 55–58, 1961. [15] A. D´ıaz-Caro and O. Malherbe, “A concrete categorical semantics for [29] T. Altenkirch and J. Grattage, “A functional quantum programming lambda-s,” in 13th Workshop on Logical and Semantic Frameworks with language,” in Proceedings of LICS 2005. Chicago, USA: IEEE, 2005, Applications (LSFA 2018), 2018, pp. 143–172, to appear in ENTCS. pp. 249–258. Available at arXiv:1806.09236. APPENDIX A. Proofs related to Section III

Lemma A.1 (Simplifying equalities). Let scalars α1, α2 ∈ C, pure terms t1, t2 and term distributions ~s1, ~s2 such that α1 · t1 + ~s1 ≡ α2 · t2 + ~s2.

1) If t1 = t2 = t and α1 = α2, then: ~s1 ≡ ~s2 or ~s1 ≡ ~s2 + 0 · t or ~s2 ≡ ~s1 + 0 · t. 2) If t1 = t2 = t but α1 6= α2, then: ~s1 ≡ ~s2 + (α2 − α1) · t or ~s2 ≡ ~s1 + (α1 − α2) · t. 3) If t1 6= t2, then: ~s1 ≡ ~s3 + α2 · t2 and ~s2 ≡ ~s3 + α1 · t1 for some distribution ~s3. (All the above disjunctions are inclusive). ~ ~0 ~ ~0 ~0 ~0 ~0 ~0 ~0 ~0 Lemma III.2 (Weak diamond). if t t1 and t t2, then one of the following holds: either t1 = t2; either t1 t2 or t2 t1; ~0 ~00 ~0 ~00 ~00 either t1 t and t2 t for some t . ~ ~0 ~ ~0 Proof of Lemma III.2. Since t t1 and t t2, there are decompositions ~ ~0 ~0 ~0 t = α1 · s1 + ~r1 t1 = α1 · s 1 + ~r1 where s1 . s 1 ~ ~0 ~0 ~0 t = α2 · s2 + ~r2 t2 = α2 · s 2 + ~r2 where s2 . s 2 We distinguish three cases: 0 0 0 • Case where s1 = s2 = s and α1 = α2 = α. In this case, we have s~ 1 = s~ 2 = s~ since atomic evaluation is deterministic. And by Lemma A.1 (1), we deduce that: ~0 ~0 ~0 ~0 – Either ~r1 = ~r2, so that: t1 = α · s + ~r1 = α · s + ~r2 = t2. – Either ~r1 = ~r2 + 0 · s, so that: ~0 ~0 ~0 t1 = α · s + ~r1 = α · s + ~r2 + 0 · s ~0 ~0 ~0 ~0 α · s + ~r2 + 0 · s = (α + 0) · s + ~r2 = t2 .

– Either ~r2 = ~r1 + 0 · s, so that: ~0 ~0 ~0 t2 = α · s + ~r2 = α · s + ~r1 + 0 · s ~0 ~0 ~0 ~0 α · s + ~r1 + 0 · s = (α + 0) · s + ~r1 = t1 .

0 0 0 • Case where s1 = s2 = s, but α1 6= α2. In this case, we have s~ 1 = s~ 2 = s~ since atomic evaluation is deterministic. And by Lemma A.1 (2), we deduce that:

– Either ~r1 = ~r2 + (α2 − α1) · s, so that: ~0 ~0 ~0 t1 = α1 · s + ~r1 = α1 · s + ~r2 + (α2 − α1) · s ~0 ~0 ~0 ~0 α1 · s + ~r2 + (α2 − α1) · s = α2 · s + ~r2 = t2 .

– Either ~r2 = ~r1 + (α1 − α2) · s, so that: ~0 ~0 ~0 t2 = α2 · s + ~r2 = α2 · s + ~r1 + (α1 − α2) · s ~0 ~0 ~0 ~0 α2 · s + ~r1 + (α1 − α2) · s = α1 · s + ~r1 = t1 .

• Case where s1 6= s2. In this case, we know by Lemma A.1 (3) that ~r1 = ~r3 + α2 · s2 and ~r2 = ~r3 + α1 · s1 for some 00 0 0 ~r3. Writing t~ = α1 · s~ 1 + α2 · s~ 2 + ~r3, we conclude that ~0 ~0 ~0 ~0 ~0 ~00 t1 = α1 · s 1 + ~r1 = α1 · s 1 + α2 · s2 + ~r3 α1 · s 1 + α2 · s 2 + ~r3 = t ~0 ~0 ~0 ~0 ~0 ~00 t2 = α2 · s 2 + ~r2 = α1 · s1 + α2 · s 2 + ~r3 α1 · s 1 + α2 · s 2 + ~r3 = t B. Proofs related to Section IV

Proposition A.2. For all value distributions ~v1,~v2, ~w1, ~w2, we have:

hinl(~v1) | inl(~v2)i = h~v1 | ~v2i

hinr(~w1) | inr(~w2)i = h~w1 | ~w2i

h(~v1, ~w1) | (~v2, ~w2)i = h~v1 | ~v2i h~w1 | ~w2i

hinl(~v1) | inr(~w2)i = 0

hinl(~v1) | (~v2, ~w2)i = 0

hinr(~w1) | (~v2, ~w2)i = 0 Proof. Let us write ~v = Pn1 α · v , ~v = Pn2 α · v , ~w = Pm1 β · w and ~w = Pm2 β · w 1 i1=1 1,i1 1,i1 2 i2=1 2,i2 2,i1 1 j1=1 1,j1 1,j1 2 j2=1 2,j2 2,j1 0 0 (all in canonical form). Writing δv,v0 = 1 when v = v and δv,v0 = 0 when v 6= v (Kronecker symbol), we observe that: hinl(v) | inl(v) i = Pn1 α · inl(v ) Pn2 α · inl(v ) 1 2 i1=1 1,i1 1,i1 i2=1 2,i2 2,i2 = Pn1 Pn2 α α hinl(v ) | inl(v )i i1=1 i2=1 1,i1 2,i2 1,i1 2,i2 = Pn1 Pn2 α α δ i1=1 i2=1 1,i1 2,i2 inl(v1,i1 ),inl(v2,i2 ) = Pn1 Pn2 α α δ i1=1 i2=1 1,i1 2,i2 v1,i1 ,v2,i2 = Pn1 Pn2 α α hv | v i = h~v | ~v i i1=1 i2=1 1,i1 2,i2 1,i1 2,i2 1 2 hinl(v) | inr(w) i = Pn1 α · inr(v ) Pm2 β · inl(w ) 1 2 i1=1 1,i1 1,i1 j2=1 2,j2 2,j2 = Pn1 Pm2 α β hinl(v ) | inr(w )i i1=1 j2=1 1,i1 2,j2 1,i1 2,j2 = Pn1 Pm2 α β δ i1=1 j2=1 1,i1 2,j2 inl(v1,i1 ),inr(w2,j2 ) = Pn1 Pm2 α β × 0 = 0 i1=1 j2=1 1,i1 2,j2 h(~v , ~w ) | (~v , ~w )i = Pn1 Pm1 α β · (v , w ) Pn2 Pm2 α β · (v , w ) 1 1 2 2 i1=1 j1=1 1,i1 1,j1 1,i1 1,j1 i2=1 j2=1 2,i2 2,j2 2,i2 2,j2 = Pn1 Pm1 Pn2 Pm2 α β α β h(v , w ) | (v , w )i i1=1 j1=1 i2=1 j2=1 1,i1 1,j1 2,i2 2,j2 1,i1 1,j1 2,i2 2,j2 = Pn1 Pm1 Pn2 Pm2 α β α β δ i1=1 j1=1 i2=1 j2=1 1,i1 1,j1 2,i2 2,j2 (v1,i1 ,w1,j1 ),(v2,i2 ,w2,j2 ) = Pn1 Pn2 Pm1 Pm2 α α β β δ δ i1=1 i2=1 j1=1 j2=1 1,i1 2,i2 1,j1 2,j2 v1,i1 ,v2,i2 w1,j1 ,w2,j2 = Pn1 Pn2 α α δ
Pm1 Pm2 β β δ
i1=1 i2=1 1,i1 2,i2 v1,i1 ,v2,i2 j1=1 j2=1 1,j1 2,j2 w1,j1 ,w2,j2 = Pn1 Pn2 α α hv | v i
Pm1 Pm2 β β hw | w i
i1=1 i2=1 1,i1 2,i2 1,i1 2,i2 j1=1 j2=1 1,j1 2,j2 1,j1 2,j2 = h~v1 | ~v2i h~w1 | ~w2i The other equalities are proved similarly. ~ Lemma IV.3. For all types A, we have A = { A} ∩ V. J K ~ ~ Proof. The inclusion A ⊆ { A} ∩ V is clear from the definition of { A}. Conversely, suppose that ~v ∈ { A} ∩ V. J K ~0 ~0 From the definition of the set { A}, we know that ~v v for some v ∈ A . But since ~v is a normal form, we deduce that ~v = v~0 ∈ A . J K J K Lemma IV.5. Given any two types A and B: 1) A ≤ B is valid if and only if { A} ⊆ { B}. 2) A ' B is valid if and only if { A} = { B}.

Proof. The direct implications are obvious from the definition of { A}, and the converse implications immediately follow from Lemma IV.3.

Proposition IV.11. Given a closed λ-abstraction λx .~t, we have λx .~t ∈ ]B → ]B if and only if there are two value J K distributions ~v1,~v2 ∈ ]B such that J K ~t [x := tt] ~v1, ~t [x := ff] ~v2, and h~v1 | ~v2i = 0 .

Proof. The condition is necessary. Suppose that λx .~t ∈ ]B → ]B . Since tt, ff ∈ ]B , there are ~v1,~v2 ∈ ]B such J K J K J K that ~t [x := tt] ~v1 and ~t [x := ff] ~v2. It remains to prove that h~v1 | ~v2i = 0. For that, consider α, β ∈ C such that |α|2 + |β|2 = 1. By linearity, we observe that

~t hx := α · tt + β · ffi = α · ~t [x := tt] + β · ~t [x := ff] α · ~v1 + β · ~v2 .

But since α · tt + β · ff ∈ ]B , we must have α · ~v1 + β · ~v2 ∈ ]B too, and in particular kα · ~v1 + β · ~v2k = 1. From this, we get J K J K 2 1 = kα · ~v1 + β · ~v2k = hα · ~v1 + β · ~v2 | α · ~v1 + β · ~v2i 2 ¯ 2 = |α| h~v1 | ~v1i +αβ ¯ h~v1 | ~v2i + αβ h~v2 | ~v1i + |β| h~v2 | ~v2i 2 2 ¯
= |α| + |β| +αβ ¯ h~v1 | ~v2i + αβ¯ h~v1 | ~v2i = 1 + 2Re αβ h~v1 | ~v2i and thus Re(¯αβ h~v | ~v i) = 0. Taking α = β = √1 , we deduce that Re(h~v | ~v i) = 0. And taking α = i √1 and β = √1 , 1 2 2 1 2 2 2 we deduce that Im(h~v1 | ~v2i) = 0. Therefore: h~v1 | ~v2i = 0. The condition is sufficient. Suppose that there are ~v1,~v2 ∈ ]B such that ~t [x := tt] ~v1, ~t [x := ff] ~v2 and h~v1 | ~v2i = 0. J K In particular, we have ~v1,~v2 ∈ span({tt, ff}) and k~v1k = k~v2k = 1. Now, given any ~v ∈ ]B , we distinguish three cases: J K • Either ~v = α · tt, where |α| = 1. In this case, we observe that

~t hx := ~v i = α · ~t [x := tt] α · ~v1 ∈ ]B , J K since α · ~v1 ∈ span({tt, ff}) and kα · ~v1k = |α| k~v1k = 1. • Either ~v = β · ff, where |β| = 1. In this case, we observe that

~t hx := ~v i = β · ~t [x := ff] β · ~v2 ∈ ]B , J K since β · ~v2 ∈ span({tt, ff}) and kβ · ~v2k = |β| k~v2k = 1. 2 2 • Either ~v = α · tt + β · ff, where |α| + |β| = 1. In this case, we observe that

~t hx := ~v i = α · ~t [x := tt] + β · ~t [x := ff] α · ~v1 + β · ~v2 ∈ ]B , J K since α · ~v1 + β · ~v2 ∈ span({tt, ff}) and 2 kα · ~v1 + β · ~v2k = hα · ~v1 + β · ~v2 | α · ~v1 + β · ~v2i 2 ¯ 2 = |α| h~v1 | ~v1i + αβ h~v1 | ~v2i +αβ ¯ h~v2 | ~v1i + |β| h~v2 | ~v2i 2 2 2 2 2 2 = |α| k~v1k + 0 + 0 + |β| k~v2k = |α| + |β| = 1 .

We have thus shown that ~t hx := ~vi ]B for all ~v ∈ ]B . Therefore λx .~t ∈ ]B → ]B . J K J K Theorem IV.12 (Characterization of the values of type ]B → ]B). A closed λ-abstraction λx .~t is a value of type ]B → ]B if and only if it represents a unitary operator F : C2 → C2.

Proof. The condition is necessary. Suppose that λx .~t ∈ ]B → ]B . From Prop. IV.11, there are ~v1,~v2 ∈ ]B such that ~ ~ J 2 K 2 J K t [x := tt] ~v1, t [x := ff] ~v2 and h~v1 | ~v2i = 0. Let F : C → C be the operator defined by F (1, 0) = πB(~v1) and ~ F (0, 1) = πB(~v2). From the properties of linearity of the calculus, it is clear that the abstraction λx . t represents the operator 2 2 2 2 2 F : C → C . Moreover, the operator F is unitary since kπB(~v1)kC = kπB(~v2)kC = 1 and hπB(~v1) | πB(~v2)iC = 0. The condition is sufficient. Let us assume that the abstraction λx .~t represents a unitary operator F : C2 → C2. From this, we deduce that: • ~ (λx . t ) tt ~v1 for some ~v1 ∈ span({tt, ff}) such that πB(~v1) = F (πB(tt)) = F (1, 0); • ~ (λx . t ) ff ~v2 for some ~v2 ∈ span({tt, ff}) such that πB(~v2) = F (πB(ff)) = F (0, 1). Using the property of confluence, we deduce that • ~t [x := tt] ~v1 ∈ ]B , since k~v1k = kF (1, 0)k 2 = 1; J K C • ~t [x := ff] ~v2 ∈ ]B , since k~v2k = kF (0, 1)k 2 = 1. J K C We deduce that λx .~t ∈ ]B → ]B by Prop. IV.11, since h~v1 | ~v2i = hF (1, 0) | F (0, 1)i 2 = 0. J K C Pn ~
Corollary IV.13 (Characterization of the values of type ]B ⇒ ]B). A unitary distribution of abstractions i=1 αi·λx . ti ∈ S1 is a value of type ]B ⇒ ]B if and only if it represents a unitary operator F : C2 → C2. Pn ~
Proof. Indeed, given i=1 αi · λx . ti ∈ S1, we have Pn ~
i=1 αi · λx . ti ∈ ]B ⇒ ]B Pn ~
J K iff λx . i=1 αi · ti ∈ ]B → ]B Pn ~
J K 2 2 iff λx . i=1 αi · ti represents a unitary operator F : C → C Pn ~
2 2 iff i=1 αi · λx . ti represents a unitary operator F : C → C Pn ~ Pn ~
since both functions i=1 αi · λx . ti and λx . i=1 αi · ti are extensionally equivalent. 0 Lemma A.3. For all term distributions ~t, ~t , ~s, ~s1, ~s2 and for all value distributions ~v and ~w: 1) (λx .~t )~v ~t hx := ~vi 2) let (x, y) = (~v, ~w) in ~s ~shx := ~vihy := ~wi (if y∈ / FV(~v)) 3) match inl(~v) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} ~s1hx1 := ~vi 4) match inr(~v) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} ~s2hx2 := ~vi 5) If ~t ~t0, then ~s~t ~s~t0 6) If ~t ~t0, then ~t~v ~t0 ~v 7) If ~t ~t0, then ~t;~s ~t0;~s 0 0 8) If ~t ~t , then let (x1, x2) = ~t in ~s let (x1, x2) = ~t in ~s 0 9) If ~t ~t , then match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} 0 match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} 10) If ~t ~t0, then ~t hx := ~v i ~t0 hx := ~v i. Pn Proof. (1) Assume that ~v = i=1 αi · vi. Then we observe that ~ Pn ~ Pn ~ ~ (λx . t )~v = i=1 αi · (λx . t) vi i=1 αi · t [x := vi] = t hx := ~v i . Pn Pm (2) Assume that ~v = i=1 αi · vi and ~w = j=1 βj · wj. Then we observe that Pn Pm
let (x, y) = (~v, ~w) in ~s = let (x, y) = i=1 j=1 αjβj · (vi, wj) in ~s Pn Pm = i=1 j=1 αiβj · let (x, y) = (vi, wj) in ~s Pn Pm i=1 j=1 αiβj · ~s[x := vi, y := wj] Pn Pm = i=1 j=1 αiβj · ~s[x := vi][y := wj](since y∈ / FV(~v)) = ~shx := ~vihy := ~wi Items (3) and (4) are proved similarly as item (2). Then, items (5), (6), (7), (8), (9) and (10) are all proved following the same pattern, first treating the case where ~t ~t0 (one step), and then deducing the general case by induction on the number of evaluation steps. Let us prove for instance (5), first assuming that ~t ~t0 (one step). This means that there exist a scalar ~0 α ∈ R, a pure term t0 and term distributions t0 and ~r such that ~ ~0 ~0 ~0 t = α · t0 + ~r, t = α · t0 + ~r and t0 . t0 . Pn So that for all term distributions ~s = i=1 βi · si, we have: ~ Pn
Pn ~s t = i=1 βi · si (α · t0 + ~r) = i=1(αβi · si t0 + βi · si ~r) Pn ~0 Pn
~0 ~0 i=1(αβi · si t0 + βi · si ~r) = i=1 βi · si (α · t0 + ~r) = ~s t ~0 ~0 observing that si t0 . si t0, hence αβi · si t0 + βi · si ~r αβi · si t0 + βi · si ~r for all i = 1..n. Hence we proved that ~t ~t0 implies ~s~t ~s~t0. By a straightforward induction on the number of evaluation steps, we deduce that ~t ~t0 implies ~s~t ~s~t0.

Lemma A.4 (Application of realizers). If ~s A ⇒ B and ~t A, then ~s~t B ~ ~ Pn Proof. Since t A, we have t ~v for some vector ~v ∈ A . And since ~s A ⇒ B, we have ~s i=1 αi · λx .~si for Pn J K some unitary distribution of abstractions i=1 αi · λx .~si ∈ A ⇒ B . Therefore, we get J K ~ Pn Pn Pn ~s t ~s~v ( i=1 αi · λx .~si)~v = i=1 αi · (λx .~si)~v i=1 αi · ~sihx := ~vi ∈ B J K from Lemma A.3 (5), (6), (1) and from the definition of A ⇒ B . J K C. Proofs related to Section V

Lemma A.5. Given a type A, two vectors ~u1, ~u2 ∈ ]A and a scalar α ∈ C, there exists a vector ~u0 ∈ ]A and a scalar J K J K λ ∈ C such that ~u1 + α · ~u2 = λ · ~u0. 1 Proof. Let λ := k~u1 + α · ~u2k. When λ 6= 0, we take ~u0 := λ · (~u1 + α · ~u2) ∈ ]A , and we are done. Let us now consider the (subtle) case where λ = 0. In this case, we first observe that α 6= 0, since α =J 0 wouldK imply that k~u1 + α · ~u2k = k~u1k = 0, which would be absurd, since k~u1k = 1. Moreover, since λ = k~u1 + α · ~u2k = 0, we observe that all the coefficients of the distribution ~u1 + α · ~u2 are zeros (when written in canonical form), which implies that

~u1 + α · ~u2 = 0 · (~u1 + α · ~u2) = 0 · ~u1 + 0 · ~u2 . Using the triangular inequality, we also observe that

0 < 2|α| = k2α · ~u2k ≤ k~u1 + α · ~u2k + k~u1 + (−α) · ~u2k = k~u1 + (−α) · ~u2k , 0 1 hence λ := k~u1 + (−α) · ~u2k= 6 0. Taking u0 := λ0 · (~u1 + (−α) · ~u2) ∈ ]A , we easily see that J K 1
~u1 + α · ~u2 = 0 · ~u1 + 0 · ~u2 = 0 · λ0 · (~u1 + (−α) · ~u2) = λ · ~u0 . Proposition A.6 (Polarisation identity). For all value distributions ~v and ~w, we have: 1 h~v | ~wi = (k~v + ~wk2 − k~v + (−1) · ~wk2 4 − ik~v + i · ~wk2 + ik~v + (−i) · ~wk2) . Lemma A.7. Given a valid typing judgment of the form ∆, x : ]A ` ~s : C, a substitution σ ∈ ∆ , and value distributions ~u1, ~u2 ∈ ]A , there are value distributions ~w1, ~w2 ∈ C such that J K J K J K ~shσ, x := ~u1i ~w1, ~shσ, x := ~u2i ~w2 and h~w1 | ~w2i = h~u1 | ~u2i .

Proof. From the validity of the judgment ∆, x : ]A ` ~s : C, we know that there are ~w1, ~w2 ∈ C such that ~shσ, x := ~u1i ~w1 and ~shσ, x := ~u2i ~w2. In particular, we have k~w1k = k~w2k = 1. Now applying LemmaJ A.5K four times, we know that there are vectors ~u0,1, ~u0,2, ~u0,3, ~u0,4 ∈ ]A and scalars λ1, λ2, λ3, λ4 ∈ C such that J K ~u1 + ~u2 = λ1 · ~u0,1 ~u1 + i · ~u2 = λ3 · ~u0,3 ~u1 + (−1) · ~u2 = λ2 · ~u0,2 ~u1 + (−i) · ~u2 = λ4 · ~u0,4

From the validity of the judgment ∆, x : ]A ` ~s : C, we also know that there are value distributions ~w0,1, ~w0,2, ~w0,3, ~w0,4 ∈ C such that ~shσ, x := ~u0,ji ~w0,j for all j = 1..4. Combining the linearity of evaluation with the uniqueness of normal forms,J K we deduce from what precedes that

~w1 + ~w2 = λ1 · ~w0,1 ~w1 + i · ~w2 = λ3 · ~w0,3 ~w1 + (−1) · ~w2 = λ2 · ~w0,2 ~w1 + (−i) · ~w2 = λ4 · ~w0,4 Using the polarization identity (Prop. A.6), we conclude that: 1 2 2 2 2
h~w1 | ~w2i = 4 k~w1 + ~w2k − k~w1 + (−1) · ~w2k − ik~w1 + i · ~w2k + ik~w1 + (−i) · ~w2k 1 2 2 2 2 2 2 2 2 1 2 2 2 2 = 4 (λ1k~w0,1k − λ2k~w0,2k − iλ3k~w0,3k + iλ4k~w0,4k ) = 4 (λ1 − λ2 − iλ3 + iλ4) 1 2 2 2 2 2 2 2 2 = 4 (λ1k~u0,1k − λ2k~u0,2k − iλ3k~u0,3k + iλ4k~u0,4k ) 1 2 2 2 2
= 4 k~u1 + ~u2k − k~u1 + (−1) · ~u2k − ik~u1 + i · ~u2k + ik~u1 + (−i) · ~u2k = h~u1 | ~u2i . Lemma A.8. Given a valid typing judgment of the form ∆, x : ]A, y : ]B ` ~s : C, a substitution σ ∈ ∆ , and value distributions ~u1, ~u2 ∈ ]A and ~v1,~v2 ∈ ]B such that h~u1 | ~u2i = h~v1 | ~v2i = 0, there are value distributionsJ ~wK1, ~w2 ∈ C such that J K J K J K ~shσ, x := ~uj, y := ~vji ~wj (j = 1..2) and h~w1 | ~w2i = 0 .

Proof. From Lemma A.5, we know that there are ~u0 ∈ ]A , ~v0 ∈ ]B and λ, µ ∈ C such that J K J K ~u2 + (−1) · ~u1 = λ · ~u0 and ~v2 + (−1) · ~v1 = µ · ~v0 .

For all j, k ∈ {0, 1, 2}, we have σ, x := ~uj, y := ~vk ∈ ∆, x : ]A, y : ]B , hence there is ~wj,k ∈ C such that ~shσ, x := ~uj, y := ~vki ~wj,k. In particular, we can take ~w1 := ~w1J,1 and ~w2 := ~w2,2K. Now, we observe that J K 1) ~u1 + λ · ~u0 = ~u1 + ~u2 + (−1) · ~u1 = ~u2 + 0 · ~u1, so that from the linearity of substitution, the linearity of evaluation and from the uniqueness of normal forms, we get

~w1,k + λ · ~w0,k = ~w2,k + 0 · ~w1,k as well as ~w2,k + (−λ) · ~w0,k = ~w1,k + 0 · ~w2,k (for all k ∈ {0, 1, 2})

2) ~v1 + µ · ~v0 = ~v1 + ~v2 + (−1) · ~v1 = ~v2 + 0 · ~v1, so that from the linearity of substitution, the linearity of evaluation and from the uniqueness of normal forms, we get

~wj,1 + µ · ~wj,0 = ~wj,2 + 0 · ~wj,1 as well as ~wj,2 + (−µ) · ~wj,0 = ~wj,1 + 0 · ~wj,2 (for all j ∈ {0, 1, 2})

3) h~u1 | ~u2i = 0, so that from Lemma A.7 we get h~w1,k | ~w2,ki = 0 (for all k ∈ {0, 1, 2}) 4) h~v1 | ~v2i = 0, so that from Lemma A.7 we get h~wj,1 | ~wj,2i = 0 (for all j ∈ {0, 1, 2}) From the above, we get:

h~w1 | ~w2i = h~w1,1 | ~w2,2i = h~w1,1 | ~w2,2 + 0 · ~w1,2i = h~w1,1 | ~w1,2 + λ · ~w0,2i (from (1), k = 2) = h~w1,1 | ~w1,2i + λh~w1,1 | ~w0,2i = 0 + λh~w1,1 | ~w0,2i (from (4), j = 1) = λh~w1,1 + 0 · ~w2,1 | ~w0,2i = λh~w2,1 + (−λ) · ~w0,1 | ~w0,2i (from (1), k = 1) 2 = λh~w2,1 | ~w0,2i − |λ| h~w0,1 | ~w0,2i = λh~w2,1 | ~w0,2i − 0 (from (4), j = 0) = h~w2,1 | ~w2,2 + (−1) · ~w1,2i = h~w2,1 | ~w2,2i − h~w2,1 | ~w1,2i = 0 − h~w2,1 | ~w1,2i (from (4), j = 2) Hence h~w1 | ~w2i = h~w1,1 | ~w2,2i = −h~w2,1 | ~w1,2i. Exchanging the indices j and k in the above reasoning, we also get h~w1 | ~w2i = h~w1,1 | ~w2,2i = −h~w1,2 | ~w2,1i, so that we have h~w1 | ~w2i = −h~w2,1 | ~w1,2i = −h~w2,1 | ~w1,2i ∈ R. If we now replace ~u2 ∈ ]A with i ~u2 ∈ ]A , the very same technique allows us to prove that ih~w1 | ~w2i = h~w1 | i~w2i ∈ R. Therefore h~w1 | ~w2i = 0J. K J K Lemma A.9. Given a valid typing judgment of the form ∆, x : ]A, y : ]B ` ~s : C, a substitution σ ∈ ∆ , and value distributions ~u1, ~u2 ∈ ]A and ~v1,~v2 ∈ ]B , there are value distributions ~w1, ~w2 ∈ C such that J K J K J K J K ~shσ, x := ~uj, y := ~vji ~wj (j = 1..2) and h~w1 | ~w2i = h~u1 | ~u2ih~v1 | ~v2i .

Proof. Let α = h~u1 | ~u2i and β = h~v1 | ~v2i. We observe that

h~u1 | ~u2 + (−α) · ~u1i = h~u1 | ~u2i − αh~u1 | ~u1i = α − α = 0 and, similarly, that h~v1 | ~v2 + (−β) · ~v1i = 0. From Lemma A.5, we know that there are ~u0 ∈ ]A , ~v0 ∈ ]B and λ, µ ∈ C such that J K J K ~u2 + (−α) · ~u1 = λ · ~u0 and ~v2 + (−β) · ~v1 = µ · ~v0 .

For all j, k ∈ {0, 1, 2}, we have σ, x := ~uj, y := ~vk ∈ ∆, x : ]A, y : ]B , hence there is ~wj,k ∈ C such that ~shσ, x := ~uj, y := ~vki ~wj,k. In particular, we can take ~w1 := ~w1J,1 and ~w2 := ~w2,2K. Now, we observe that J K 1) λ ·~u0 + α ·~u1 = ~u2 + (−α) ·~u1 + α ·~u1 = ~u2 + 0 ·~u1, so that from the linearity of substitution, the linearity of evaluation and from the uniqueness of normal forms, we get

λ · ~w0,k + α · ~w1,k = ~w2,k + 0 · ~w1,k (for all k ∈ {0, 1, 2})

2) µ ·~v0 + β ·~v1 = ~v2 + (−β) ·~v1 + β ·~v1 = ~v2 + 0 ·~v1, so that from the linearity of substitution, the linearity of evaluation and from the uniqueness of normal forms, we get

µ · ~wj,0 + β · ~wj,1 = ~wj,2 + 0 · ~wj,1 (for all j ∈ {0, 1, 2})

3) h~u1 | λ · ~u0i = h~u1 | ~u2 + (−α) · ~u1i = 0, so that from Lemma A.7 we get

h~w1,k | λ · ~w0,ki = 0 (for all k ∈ {0, 1, 2})

(The equality h~w1,k | λ · ~w0,ki = 0 is trivial when λ = 0, and when λ 6= 0, we deduce from the above that h~u1 | ~u0i = 0, from which we get h~w1,k | ~w0,ki = 0 by Lemma A.7.) 4) h~v1 | µ · ~v0i = h~v1 | ~v2 + (−β) · ~v1i = 0, so that from Lemma A.7 we get

h~wj,1 | µ · ~wj,0i = 0 (for all j ∈ {0, 1, 2})

5) h~u1 | λ · ~u0i = h~v1 | µ · ~v0i = 0, so that from Lemma A.8 we get

h~w1,1 | λµ · ~w0,0i = 0

(Again, the equality h~w1,1 | λµ · ~w0,0i = 0 is trivial when λ = 0 or µ = 0, and when λ, µ 6= 0, we deduce from the above that h~u1 | ~u0i = h~v1 | ~v0i = 0, from which we get h~w1,1 | ~w0,0i = 0 by Lemma A.8.) From the above, we get

~w2,2 + 0 · ~w1,2 + 0 · ~w0,1 + 0 · ~w1,1 = λ · ~w0,2 + α · ~w1,2 + 0 · ~w0,1 + 0 · ~w1,1 (from (1), k = 1) = λ · (~w0,2 + 0 · ~w0,1) + α · (~w1,2 + 0 · ~w1,1) = λ · (µ · ~w0,0 + β · ~w0,1) + α · (µ · ~w1,0 + β · ~w1,1)(from (2), j = 0, 1) = λµ · ~w0,0 + βλ · ~w0,1 + αµ · ~w1,0 + αβ · ~w1,1 Therefore:

h~w1 | ~w2i = h~w1,1 | ~w2,2 + 0 · ~w1,2 + 0 · ~w0,1 + 0 · ~w1,1i = h~w1,1 | λµ · ~w0,0 + βλ · ~w0,1 + αµ · ~w1,0 + αβ · ~w1,1i = h~w1,1 | λµ · ~w0,0i + βh~w1,1 | λ · ~w0,1i + αh~w1,1 | µ · ~w1,0i + αβh~w1,1 | ~w1,1i = 0 + 0 + 0 + αβ · 1 = h~u1 | ~u2i h~v1 | ~v2i from (5), (3) (with k = 1) and (4) (with j = 1), and concluding with the definition of α and β.

Lemma A.10. For all ~t, ~s,~s1, ~s2 ∈ Λ(~ X ) and ~v,~v1,~v2, ~w ∈ V(~ X ): 1) inl(~v)hx := ~wi = inl(~vhx := ~wi) 2) inr(~v)hx := ~wi = inr(~vhx := ~wi) 3) If x∈ / FV(~v1), then (~v1,~v2)hx := ~wi = (~v1,~v2hx := ~wi) 4) If x∈ / FV(~v2), then (~v1,~v2)hx := ~wi = (~v1hx := ~wi,~v2) 5) If x∈ / FV(~s), then (~s~t)hx := ~wi = ~s ~thx := ~wi 6) If x∈ / FV(~t), then (~s~t)hx := ~w i = ~shx := ~wi ~t 7) If x∈ / FV(~s), then (~t;~s)hx := ~wi = ~thx := ~wi;~s 8) If x∈ / FV(~s), then (let (x1, x2) = ~t in ~s)hx := ~wi = let (x1, x2) = ~thx := ~wi in ~s 9) If x∈ / FV(~s1, ~s2), then (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hx := ~wi = match ~thx := ~wi {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2} Proposition V.3. The typing rules of Table VI are valid. Proof. (Axiom) It is clear that dom](x : A) ⊆ {x} = dom(x : A). Moreover, given σ ∈ x : A , we have σ = {x := ~v} for J K some ~v ∈ A . Therefore xhσi = xhx := ~vi = ~v A. J K 0 (Sub) Obvious since { A} ⊆ { A }. (App) Suppose that both judgments Γ ` ~s : A ⇒ B and ∆ ` ~t : A are valid, that is: ] • dom (Γ) ⊆ FV(~s ) ⊆ dom(Γ) and ~s hσi A ⇒ B for all σ ∈ Γ . ] J K • dom (∆) ⊆ FV(~t ) ⊆ dom(∆) and ~t hσi A for all σ ∈ ∆ . ] J K From the above, it is clear that dom (Γ, ∆) ⊆ FV(~s ~t ) ⊆ dom(Γ, ∆). Now, given σ ∈ Γ, ∆ , we observe that σ = σΓ, σ∆ J K for some σΓ ∈ Γ and σ∆ ∈ ∆ . And since FV(~t ) ∩ dom(σΓ) = ∅ and FV(~s ) ∩ dom(σ∆) = ∅, we deduce from Lemma A.10 (5),J (6)K p. 19 that J K

(~s ~t )hσi = (~s ~t )hσΓihσ∆i = (~shσΓi ~t )hσ∆i = ~shσΓi ~thσ∆i . ~ ~ We conclude that (~s t )hσi = ~shσΓi thσ∆i B from Lemma A.4. (PureLam) Given a context Γ = x1 : A1, . . . , x` : A` such that [Ai ' Ai for all i = 1..`, we suppose that the judgment Γ, x : A ` ~t : B is valid, that is: ] • dom (Γ, x : A) ⊆ FV(~t ) ⊆ dom(Γ, x : A) and ~t hσi B for all σ ∈ Γ, x : A . ] J K From the above, it is clear that dom (Γ) ⊆ FV(λx .~t ) ⊆ dom(Γ). Now, given σ ∈ Γ , we want to prove that (λx .~t )hσi A → B. Due to our initial assumption on the context Γ, it is clear that σ = {x1 :=J vK1, . . . , x` := v`} for some closed pure values v1, . . . , v`. Hence

(λx .~t )hσi = (λx .~t )[x1 := v1] ··· [x` := v`] = λx .~t [x1 := v1] ··· [x` := v`]

(since the variables x1, . . . , x` are all distinct from x). For all ~v ∈ A , we observe that J K ~ ~ (t [x1 := v1] ··· [x` := v`])hx := ~v i = t hσ, {x := ~v }i B, since σ, {x := ~v } ∈ Γ, x : A . Therefore (λx .~t )hσi A → B. J K (UnitLam) Suppose that the judgment Γ, x : A ` ~t : B is valid, that is: ] • dom (Γ, x : A) ⊆ FV(~t ) ⊆ dom(Γ, x : A) and ~t hσi B for all σ ∈ Γ, x : A . ] J K From the above, it is clear that dom (Γ) ⊆ FV(λx .~t ) ⊆ dom(Γ). Now, given σ ∈ Γ , we want to prove that (λx .~t )hσi A ⇒ B. For that, we write: J K

• Γ = x1 : A1, . . . , x` : A` (where x1, . . . , x` are all distinct from x); • σ = {x1 := ~v1, . . . , x` := ~v`} (where ~vi ∈ Ai for all i = 1..`); Pni J K • ~vi = j=1 αi,j · vi,j (in canonical form) for all i = 1..`. Now we observe that (λx . t)hσi = Pn1 ··· Pn` α ··· α · (λx .~t )[x := v ] ··· [x := v ] i1=1 i`=1 1,i1 `,i` 1 1,i1 ` `,i` = Pn1 ··· Pn` α ··· α · λx .~t [x := v ] ··· [x := v ] i1=1 i`=1 1,i1 `,i` 1 1,i1 ` `,i` P ~ = i∈I αi · λx . ti writing

• I := [1..n1] × · · · × [1..n`] the (finite) set of all multi-indices i = (i1, . . . , i`); ~ ~ • αi := α1,i1 ··· α`,i` and ti := t [x1 := v1,i1 ] ··· [x` := v`,i` ] for each multi-index i = (i1, . . . , i`) ∈ I. P ~
We now want to prove that i∈I αi · λx . ti ∈ S1. For that, we first observe that P |α |2 = Pn1 ··· Pn` |α ··· α |2 = Pn1 |α |2
× · · · × Pn` |α |2
= 1 . i∈I i i1=1 i`=1 1,i1 `,i` i1=1 1,i1 i`=1 `,i` Then we need to check that the λ-abstractions λx .~ti (i ∈ I) are pairwise distinct. For that, consider two multi-indices 0 0 0 0 0 i = (i1, . . . , i`) and i = (i1, . . . , i`) such that i 6= i . This means that ik 6= ik for some k ∈ [1..`]. From the latter, we deduce Pnk ] that nk ≥ 2, hence ~vk = j=1 αk,j · vk,j is not a pure value, and thus Ak 6= [ Ak . Therefore xk ∈ dom (Γ), from which J K J K we deduce that xk ∈ FV(~t ) from our initial assumption. Let us now consider the first occurrence of the variable xk in the (raw) term distribution ~t. At this occurrence, the variable xk is replaced ~ ~ • by vk,ik in the multiple substitution t [x1 := v1,i1 ] ··· [x` := v`,i` ] (= ti), and • by v 0 in the multiple substitution ~t [x := v 0 ] ··· [x := v 0 ] (= ~t 0 ). k,ik 1 1,i1 ` `,i` i Pnk And since v 6= v 0 (recall that ~v = α · v is in canonical form), we deduce that ~t 6= ~t 0 . Which concludes the k,ik k,ik k j=1 k,j k,j i i P ~
P ~ proof that i∈I αi · λx . ti ∈ S1. Now, given ~v ∈ A , it remains to show that i∈I αi · tihx := ~vi B. For that, it suffices to observe that: J K P ~ P ~
i∈I αi · tihx := ~vi = i∈I αi · ti hx := ~v i = Pn1 ··· Pn` α ··· α · ~t [x := v ] ··· [x := v ]
hx := ~v i i1=1 i`=1 1,i1 `,i` 1 1,i1 ` `,i` = ~thσi)hx := ~v i = ~thσ, {x := ~v }i B ~ P ~ since σ, {x := ~v } ∈ Γ, x : A . Therefore (λx . t )hσi = i∈I αi · ti ∈ A ⇒ B ⊆ { A ⇒ B}. J K J K (Void) Obvious. (Seq) Suppose that the judgments Γ ` ~t : U and ∆ ` ~s : A are valid, that is: • dom](Γ) ⊆ FV(~t) ⊆ dom(Γ) and ~thσi ∗ for all σ ∈ Γ . ] J K • dom (∆) ⊆ FV(~s) ⊆ dom(∆) and ~shσi A for all σ ∈ ∆ . ] J K From the above, it is clear that dom (Γ, ∆) ⊆ FV(~t;~s) ⊆ dom(Γ, ∆). Now, given σ ∈ Γ, ∆ , we observe that σ = σΓ, σ∆ for some σΓ ∈ Γ and σ∆ ∈ ∆ . From our initial hypotheses, we get J K J K J K ~ ~ ~ (t;~s)hσi = (t;~s)hσΓihσ∆i = (thσΓi;~s)hσ∆i (∗;~s)hσ∆i ~shσ∆i A

(using Lemma A.10 (7) p. 19 and Lemma A.3 (7), (10) p. 16). (SeqSharp) Suppose that the judgments Γ ` ~t : ]U and ∆ ` ~s : ]A are valid, that is: ] • dom (Γ) ⊆ FV(~t) ⊆ dom(Γ) and ~thσi ]U for all σ ∈ Γ . ] J K • dom (∆) ⊆ FV(~s) ⊆ dom(∆) and ~shσi ]A for all σ ∈ ∆ . ] J K From the above, it is clear that dom (Γ, ∆) ⊆ FV(~t;~s) ⊆ dom(Γ, ∆). Now, given σ ∈ Γ, ∆ , we observe that σ = σΓ, σ∆ J K for some σΓ ∈ Γ and σ∆ ∈ ∆ . From our first hypothesis, we get ~thσΓi α · ∗ for some α ∈ C such that |α| = 1. And J K J K from the second hypothesis, we have ~shσ∆i ]A, and thus α · ~shσ∆i ]A (since |α| = 1). Therefore, we get ~ ~ ~ (t;~s)hσi = (t;~s)hσΓihσ∆i = (thσΓi;~s)hσ∆i (α · ∗;~s)hσ∆i = α · (∗;~s)hσ∆i α · ~shσ∆i A

(using Lemma A.10 (7) p. 19 and Lemma A.3 (7), (10) p. 16). (Pair) Suppose that the judgments Γ ` ~v : A and ∆ ` ~w : B are valid, that is: ] • dom (Γ) ⊆ FV(~v) ⊆ dom(Γ) and ~vhσi A for all σ ∈ Γ . ] J K • dom (∆) ⊆ FV(~w) ⊆ dom(∆) and ~whσi B for all σ ∈ ∆ . ] J K From the above, it is clear that dom (Γ, ∆) ⊆ FV((~v, ~w)) ⊆ dom(Γ, ∆). Now, given σ ∈ Γ, ∆ , we observe that σ = σΓ, σ∆ J K for some σΓ ∈ Γ and σ∆ ∈ ∆ . From our initial hypotheses, we deduce that ~vhσΓi A and ~whσ∆i B, which means that ~vhσΓiJ ∈K A and ~whσJ∆iK ∈ B (from Lemma IV.3), since ~vhσΓi and ~whσ∆i are value distributions. And since J K J K FV(~v) ∩ dom(σ∆) = ∅ and FV(~w) ∩ dom(σΓ) = ∅, we deduce from Lemma A.10 (3), (4) p. 19 that

(~v, ~w)hσi = (~v, ~w)hσΓihσ∆i = (~vhσΓi, ~w)hσ∆i = (~vhσΓi, ~whσ∆i) ∈ A × B J K from the definition of A × B . J K (LetPair) Suppose that the judgments Γ ` ~t : A × B and ∆, x : A, y : B ` ~s : C are valid, that is: ] • dom (Γ) ⊆ FV(~t) ⊆ dom(Γ) and ~thσi A × B for all σ ∈ Γ . • dom](∆, x : A, y : B) ⊆ FV(~s) ⊆ dom(∆, x : A, y : B) and J K ~shσi C for all σ ∈ ∆, x : A, y : B . J K From the above, it is clear that dom](Γ, ∆) ⊆ FV(let (x, y) = ~t in ~s) ⊆ dom(Γ, ∆). Now, given σ ∈ Γ, ∆ , we observe J ~ K that σ = σΓ, σ∆ for some σΓ ∈ Γ and σ∆ ∈ ∆ . Since σΓ ∈ Γ , we know from our first hypothesis that thσΓi A × B, which means that ~thσΓi (~v, ~wJ) Kfor some ~v ∈J AK and ~w ∈ BJ .K So that we get J K J K (let (x, y) = ~t in ~s)hσi = (let (x, y) = ~t in ~s)hσΓihσ∆i = (let (x, y) = ~thσΓi in ~s)hσ∆i (by Lemma A.10 (8)) (let (x, y) = (~v, ~w) in ~s)hσ∆i (by Lemma A.3 (8), (10)) (~shx := ~vihy := ~wi)hσ∆i (by Lemma A.3 (2), (10)) = ~shσ∆, x := ~v, y := ~wi C using our second hypothesis with the substitution σ∆, {x := ~v, y := ~w} ∈ ∆, x : A, y : B . J K (LetTens) Suppose that the judgments Γ ` ~t : A ⊗ B and ∆, x : ]A, y : ]B ` ~s : ]C are valid, that is: ] • dom (Γ) ⊆ FV(~t) ⊆ dom(Γ) and ~thσi A ⊗ B for all σ ∈ Γ . ] • dom (∆, x : ]A, y : ]B) ⊆ FV(~s) ⊆ dom(∆, x : ]A, y : ]B) andJ K ~shσi ]C for all σ ∈ ∆, x : ]A, y : ]B J ] K From the above, it is clear that dom (Γ, ∆) ⊆ FV(let (x, y) = ~t in ~s) ⊆ dom(Γ, ∆). Now, given σ ∈ Γ, ∆ , we observe J ~ K that σ = σΓ, σ∆ for some σΓ ∈ Γ and σ∆ ∈ ∆ . Since σΓ ∈ Γ , we know from our first hypothesis that thσΓi A ⊗ B, ~ PJn K J K J K which means that thσΓi i=1 αi · (~ui,~vi) for some α1, . . . , αn ∈ C, ~u1, . . . , ~un ∈ A and ~v1, . . . ,~vn ∈ B , with Pn J K J K i=1 αi · (~ui,~vi) = 1. For each i = 1..n, we also observe that σ∆, x := ~ui, y := ~vi ∈ ∆, x : ]A, y : ]B . From our J K second hypothesis, we get ~shσ∆, x := ~ui, y := ~vii ]C, hence there is ~wi ∈ ]C such that ~shσ∆, x := ~ui, y := ~vii ~wi. Therefore, we have: J K

(let (x, y) = ~t in ~s)hσi = (let (x, y) = ~t in ~s)hσΓihσ∆i = (let (x, y) = ~thσΓi in ~s)hσ∆i Pn
let (x, y) = i=1 αi · (~ui,~vi) in ~s hσ∆i Pn = i=1 αi · (let (x, y) = (~ui,~vi) in ~s)hσ∆i Pn i=1 αi · (~shx := ~ui, y := ~vii)hσ∆i Pn = i=1 αi · ~shσ∆, x := ~ui, y := ~vii Pn i=1 αi · ~wi ∈ span( C ) J K Pn To conclude, it remains to show that i=1 αi · ~wi = 1. For that, we observe that: Pn 2 Pn Pn i=1 αi · ~wi = i=1 αi · ~wi j=1 αj · ~wj Pn Pn = i=1 j=1 α¯iαj h~wi | ~wji Pn Pn = i=1 j=1 α¯iαj h~ui | ~ujih~vi | ~vji (by Lemma A.9) Pn Pn = i=1 j=1 α¯iαj h(~ui,~vi) | (~uj,~vj)i (by Prop. A.2) Pn Pn = i=1 αi · (~ui,~vi) j=1 αj · (~uj,~vj) Pn 2 = i=1 αi · (~ui,~vi) = 1 . (InL) Suppose that the judgment Γ ` ~v : A is valid, that is: ] • dom (Γ) ⊆ FV(~v) ⊆ dom(Γ) and ~vhσi A for all σ ∈ Γ . ] J K From the above, it is clear that dom (Γ) ⊆ FV(inl(~v)) ⊆ dom(Γ). Now, given σ ∈ Γ , we know that ~vhσi A, which means that ~vhσi ∈ A (by Lemma IV.3), since ~vhσi is a value distribution. So that byJ LemmaK A.10 (1), we conclude that inl(~v)hσi = inl(~vJhσKi) ∈ A + B . J K (InR) Analogous to (InL).

(PureMatch) Suppose that the judgments Γ ` ~t : A + B, ∆, x1 : A ` ~s1 : C and ∆, x2 : B ` ~s2 : C are valid, that is: ] • dom (Γ) ⊆ FV(~t ) ⊆ dom(Γ) and ~thσi A + B for all σ ∈ Γ . ] J K • dom (∆, x1 : A) ⊆ FV(~s1) ⊆ dom(∆, x1 : A) and ~s1hσi C for all σ ∈ ∆, x1 : A . ] J K • dom (∆, x2 : B) ⊆ FV(~s2) ⊆ dom(∆, x2 : B) and ~s2hσi C for all σ ∈ ∆, x2 : B . ] J K From the above, it is clear that dom (Γ, ∆) ⊆ FV(match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2}) ⊆ dom(Γ, ∆). Now, given a substitution σ ∈ Γ, ∆ , we observe that σ = σΓ, σ∆ for some σΓ ∈ Γ and σ∆ ∈ ∆ . And since FV(~s1, ~s2)∩dom(σΓ) = ∅, we deduce fromJ LemmaK A.10 (9) that J K J K

(match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσi = (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσΓihσ∆i = (match ~thσΓi {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i . ~ Moreover, since σΓ ∈ Γ , we have thσΓi A + B (from our first hypothesis), so that we distinguish the following two cases: J K • Either ~thσΓi inl(~v) for some ~v ∈ A , so that J K (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσi = (match ~thσΓi {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i (match inl(~v) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i ( ~s1hx1 := ~vi)hσ∆i = ~s1hσ∆, x1 := ~vi C

using our second hypothesis with the substitution σ∆, {x1 := ~v} ∈ ∆, x1 : A . • Either ~thσΓi inr(~w) for some ~w ∈ B , so that J K J K (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσi = (match ~thσΓi {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i (match inr(~w) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i ( ~s1hx2 := ~wi)hσ∆i = ~s1hσ∆, x2 := ~wi C

using our third hypothesis with the substitution σ∆, {x2 := ~w} ∈ ∆, x2 : B . J K (Weak) Suppose that the judgment Γ ` ~t : B is valid, that is ] • dom (Γ) ⊆ FV(~t ) ⊆ dom(Γ) and ~thσi B for all σ ∈ Γ . Given a type A such that [A ' A, it is clear from the above thatJ domK ](Γ, x : A) (= dom](Γ)) ⊆ FV(~t) ⊆ dom(Γ, x : A). Now, given σ ∈ Γ, x : A , we observe that σ = σ0, {x := v} for some substitution σ0 ∈ Γ and for some pure value v ∈ A (= [ A )J. Therefore,K we get J K J K J K ~ ~ ~ ~ ~ thσi = thσ0i[x := v] = t [x := v]hσ0i = thσ0i B (since x∈ / FV(t ) and σ0 ∈ Γ ) J K (Contr) Given a type A such that [A ' A, suppose that Γ, x : A, y : A ` ~t : B, that is: ] ] • dom (Γ, x : A, y : A) (= dom (Γ)) ⊆ FV(~t ) ⊆ dom(Γ, x : A, y : A) and ~thσi B for all σ ∈ Γ, x : A, y : A . From the above, it is clear that domJ ](Γ, x : A) (=K dom](Γ)) ⊆ FV(~t [y := x]) ⊆ dom(Γ, x : A). Now, given σ ∈ Γ, x : A , we observe that σ = σ0, {x := v} for some substitution σ0 ∈ Γ and for some pure value v ∈ A (= [ A ). Therefore,J weK have J K J K J K (~t[y := x])hσi = (~t [y := x])hσ0, {x := v}i = ~t [y := x][x := v]hσ0i ~ ~ = t [x := v][y := v]hσ0i = thσ0, {x := v, y := v}i B since σ0, {x := v, y := v} ∈ Γ, x : A, y : A . J K Fact A.11. For all n 6= 1, one has: n¯ 6 (]B ⇒ ]B) ⇒ (]B ⇒ ]B). 3 5
4 5
3 2 4 2 9+16 Proof. Let F := 5 · λx . 6 · x + 5 · λx . 8 · x . We observe that 5 + 5 = 25 = 1. Moreover, for all ~v ∈ B , we have J K 3 5
4 5
1 1 5 · 6 · x hx := ~vi + 5 · 8 · x hx := ~vi = 2 · ~v + 2 · ~v = ~v ]B , hence F ]B ⇒ ]B. Now, we observe that when n 6= 1, we have 3 5
4 5
n¯ F tt = 5 · n¯ λx . 6 · x tt + 5 · n¯ λx . 8 · x tt 3 5
n 4 5
n 3 5
n 4 5
n
5 6 · tt + 5 8 · tt = 5 6 + 5 8 · tt ∈/ ]B , J K 3 5
n 4 5
n 7 3 5
n 4 5
n 3 5 4 5 since 5 6 + 5 8 = 5 > 1 when n = 0 and 5 6 + 5 8 < 5 · 6 + 5 · 8 = 1 when n ≥ 2. Hence n¯ F tt 6 ]B, and therefore n¯ 6 (]B ⇒ ]B) ⇒ (]B ⇒ ]B). Proposition V.7. The rule (UnitaryMatch) is valid.

Proof. Suppose that the judgments Γ ` ~t : A1 ⊕ A2 and ∆ ` (x1 : ]A1 ` ~s1) ⊥ (x2 : ]A2 ` ~s2): ]C are valid, that is: ] ~ ~ • dom (Γ) ⊆ FV(t ) ⊆ dom(Γ) and thσi A1 ⊕ A2 for all σ ∈ Γ . ] J K • For i = 1, 2, dom (∆, xi : ]Ai) ⊆ FV(~si ) ⊆ dom(∆, xi : ]Ai) and ~sihσ, σii ]C for all σ ∈ ∆ and σi ∈ xi : ]Ai . • For i = 1, 2, ~sihσ, σii ~vi with h~v1|~v2i = 0. J K J K ] From the above, it is clear the dom (Γ, ∆) ⊆ FV(match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2}) ⊆ dom(Γ, ∆). Now, given a substitution σ ∈ Γ, ∆ , we observe that σ = σΓ, σ∆ for some σΓ ∈ Γ and σ∆ ∈ ∆ . And since FV (~s1, ~s2)∩dom(σΓ) = ∅, we deduce fromJ LemmaK A.10 (8) that J K J K

(match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσi = (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσΓihσ∆i

= (match ~thσΓi {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i . ~ ~ Moreover, since σΓ ∈ Γ , we have thσΓi A1 ⊕ A2 (from our first hypothesis), so that we have thσΓi α · inl(~v1) + β · inr(~v2) for some ~v1 ∈J KA1 and ~v2 ∈ A2 . Therefore J K J K (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσi = (match ~thσΓi {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i (match α · inl(~v1) + β · inr(~v2) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i = α · (match inl(~v1) {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i +β · (match inr(~v2) {inl(x2) 7→ ~s1 | inr(x2) 7→ ~s2})hσ∆i = α · ~s1hx1 := ~v1ihσ∆i + β · ~s2hx2 := ~v2ihσ∆i ]C using the last two hypotheses, with the substitution σ∆, hxi := ~vii ∈ ∆, xi : ]Ai . J K D. Proofs related to Section VI

Typing rules of the standard judgements for λQ

∆, x : A `C t : B ∆ `C t : A → B ∆ `C r : A ∆, x : A `C x : A ∆ `C ∗ : U ∆ `C λx.t : A → B ∆ `C tr : B

∆ `C t : A ∆ `C r : B ∆ `C t : A × B ∆ `C t : A × B ∆ `C (t, r): A × B ∆ `C π1t : A ∆ `C π2t : B ∆ `C tt : bit ∆ `C ff : bit

∆ `C t : bit ∆ `C r : A ∆ `C s : A ∆ `C if t {r | s} : A Lemma VI.2. For all classical types A, [ A ' A . L M L M Proof. We proceed by structural induction on A. • U = U = {∗} ' [{∗} = [U. • LAM→ B = A → B ' [( A → B ) by rule (FlatPureArrow). • LA × B M= LA M× BL 'M [ AL×M[ B L'M[( A × B ), using the induction hypothesis and rules (ProdMono) and (FlatProd). • Lbit = MB =LUM+ UL =M [U +L [MU =L[(UM + UL) =M [ bitL M using rules (SumMono) and (FlatSum). L M L M • AQ ( BQ = U → ( AQ ⇒ BQ ) ' [(U → ( AQ ⇒ BQ )) by rule (FlatPureArrow). L M L M L M L M L M Lemma VI.3. For all qbit types AQ, ] AQ ' AQ . L M L M Proof. First notice that for any A from the unitary linear algebraic lambda-calculs, we have ]A ' ]]A. Indeed, by rule (SharpIntro) ]A ≤ ]]A, and by rules (SubRefl) and (SharpLift), ]]A ≤ ]A. Now we proceed by structural induction on AQ. • qbit = ]B ' ]]B = ] qbit . • LAQ M⊗ BQ = ]( AQ L⊗ BMQ ) ' ]]( AQ ⊗ BQ ) = ] AQ ⊗ BQ . L M L M L M L M L M L M Theorem VI.5. Translation preserves typeability:

1) If Γ `Q t : AQ then Γ ` t : AQ . 2) If ∆|Γ `C t : A thenL ∆M , LΓM `L t M: A . 3) If [Q, L, t]: A then `L [Q,M L L,M t] :L MA L. M L M L M Proof. Since `Q depends on `C , we prove items (1) and (2) at the same time by induction on the typing derivation. • ∆, x : A `C x : A By Lemma VI.2, [ ∆ ' ∆ , hence, by rules (Axiom) and (Weak), we have ∆ , x : A ` x : A . L M L M L M L M L M • ∆ `C ∗ : U By Lemma VI.2, [ ∆ ' ∆ , hence, by rules (Void) and (Weak) we conclude ∆ ` ∗ : U. L M L M L M ∆, x : A `C t : B • ∆ `C λx.t : A → B By the induction hypothesis, ∆ , x : A ` t : B and by Lemma VI.2, [ ∆ ' ∆ , hence, by rule (PureLam), ∆ ` λx. t : A → B . L M L M L M L M L M L M L M L M L M L M ∆ `C t : A → B ∆ `C r : A • ∆ `C tr : B By the induction hypothesis, ∆ ` t : A → B and ∆ ` r : A . Hence, by rules (SubArrows) and (Sub), we have ∆ ` t : A ⇒ B , andL also,M weL M haveL M ∆ L[σ]M ` rL[σM]: LAM, whereL M σ is a substitution of every variable in ∆ by LfreshM variables.L M L M Then,L byM rule (App) we can derive,L M ∆ L, M∆ [σ]L` Mt r [σ]: B . By Lemma VI.2, we have [ ∆ ' ∆ , hence, by rule (Contr), we get ∆ ` t r : B . L M L M L ML M L M L M L M L M L ML M L M ∆ `C t : A ∆ `C r : B • ∆, ∆ `C (t, r): A × B By the induction hypothesis, ∆ ` t : A and ∆ ` r : B . Hence, by rule (Pair), ∆ , ∆ ` ( t , r ): A × B . L M L M L M L M L M L M L M L M L M L M L M L M ∆ `C t : A1 × A2 • ∆ `C πit : Ai By the induction hypothesis, ∆ ` t : A1 × A2 . By Lemma VI.2, Ai ' [ Ai for i = 1, 2, hence, by rules (Axiom) and (Weak), we have x1 : AL1 ,M x2 L: MA2L `Mxi L: AMi . Therefore, by ruleL M(LetPair)L ,M we can derive ∆ ` let (x1, x2) = t in xi : Ai . L M L M L M L M L M L M • ∆ `C tt : bit By Lemma VI.2, [ ∆ ' ∆ , so, by rules (Void), (InL), and (Weak), we can derive ∆ ` tt : B. L M L M L M • ∆ `C ff : bit By Lemma VI.2, [ ∆ ' ∆ , so, by rules (Void), (InR), and (Weak), we can derive ∆ ` ff : B. L M L M L M ∆ `C t : bit ∆ `C r1 : A ∆ `C r2 : A • ∆ `C if t {r1 | r2} : A By the induction hypothesis, ∆ ` t : B = U + U and for i = 1, 2, ∆ ` ri : A . By rules (Axiom) and (Seq), we L M L M L M L M L M can derive ∆ , xi : U ` xi; ri : A we also have ∆ [σ] ` t [σ]: U + U, where σ is a substitution of every variable in ∆ by freshL M variables. Then,L M byL ruleM (PureMatch),L ∆M , ∆ L[σM] ` match t [σ] {inl(x1) 7→ x1; r | inr(x2) 7→ x2; s } : A . By Lemma VI.2, we have [ ∆ ' ∆ ,L hence,M L byM rule (Cont), weL M conclude ∆ ` matchL Mt {inl(x1) 7→ x1; LrM | inrL M(x2) 7→ x2; s } : A L M L M L M L M L M L M L M • ∆|x : AQ ` x : AQ By Lemma VI.2, [ ∆ ' ∆ , hence, by rules (Axiom) and (Weak), we have ∆ , x : A ` x : A . L M L M L M L M L M ∆|Γ1 `Q s : AQ ∆|Γ2 `Q t : BQ • ∆|Γ1, Γ2 `Q s ⊗ t : AQ ⊗ BQ By the induction hypothesis, ∆ , Γ1 ` s : AQ and ∆ , Γ2 ` t : BQ . Then, we can derive ∆ [σ], Γ1 ` s [σ]: AQ , where σ is a substitutionL M L M onL everyM L variableM inL ∆M byL freshM variables.L M Hence, by rule (Pair),L weM canL deriveM L∆M [σ], LΓ1 ,M ∆ , Γ2 ` ( s [σ], t ): AQ × BQ . By Lemma VI.2, [ ∆ ' ∆ , hence, by rule (Contr), we have L∆M, Γ1L , MΓ2L `M (L s ,M t ):L MAQ L×M BQL . Finally,M L byM rules (SharpIntro) andL (Sub)M ,L weM have ∆ , Γ1 , Γ2 ` ( s , t ): LAQM L⊗ MBLQ .M L M L M L M L M L M L M L M L M L M L M L M ∆|Γ `Q t : qbit • ∆|Γ `Q U(t): qbit By the induction hypothesis, ∆ , Γ ` t : ]B. By Proposition IV.11, ` U¯ : ]B → ]B, hence, by rules (SubArrows) and (Sub), we have ` U¯ : ]B ⇒ ]BL. Therefore,M L M L M by rule (App), we can derive ∆ , Γ ` U¯ t : ]B. L M L M L M ∆|Γ1 `Q s : AQ ⊗ BQ ∆|Γ2, x : AQ, y : BQ `Q t : CQ • ∆|Γ1, Γ2 `Q let x ⊗ y = s in t : CQ By the induction hypothesis, ∆ , Γ1 ` s : AQ ⊗ BQ and ∆ , Γ2 , x : AQ , y : BQ ` t : CQ . Then, we also have ∆ [σ], Γ1 ` s [σL]:M AL Q M⊗ LBMQ ,L whereM σL isM a substitutionL M L onM everyL variableM L in M∆ byL M freshL variables.M By Lemma VI.3,L M AQL 'M] ALQM , BQL 'M] BLQ ,M and CQ ' ] CQ . Hence, ∆ , Γ2 , x : ] AQ , y : ] BQ ` t : ] CQ . Therefore, byL ruleM(LetTens)L ,M ∆L [σM], Γ1L , ∆M , Γ2 L ` letM (x,L y) =M s [σ] inL tM L: ] MCQ . ByL LemmaM L VI.2,M [L∆M 'L ∆M, hence, by rule (Contr), we getL ∆M , ΓL1 , MΓL2 M` Llet (Mx, y) = s in tL M: ] CQ L. Finally,M L usingM the fact that ] CLQ M' CL QM, we get ∆ , Γ1 , Γ2 ` let (x,L yM)L = Ms Lin Mt : CQ . L M L M L M L M L M Notice thatL M weL haveM L usedM the followingL M unprovedL M L rule:M If Γ, x : A ` t : B and A ' C, then Γ, x : C ` t : B. Hence, we prove that this rule is true. Assume Γ, x : A ` t : B, then, thσi B for every σ ∈ Γ, x : A = Γ, x : C , and so Γ, x : C ` t : B. J K J K J K

∆ `C t : bit • ∆|∅ `Q new(t): qbit By the induction hypothesis, ∆ ` t : B. We conclude by rules (SharpIntro) and (Sub) that ∆ ` t : ]B. L M L M L M L M ∆|x : AQ `Q t : BQ • Q ∆ `C λ x.t : AQ ( BQ By the induction hypothesis ∆ , x : AQ ` t : BQ . Since U ' [U, by rule (Weak), we have ∆ , z : U, x : AQ ` L M L M L M L M L M L M t : BQ Then, by rules (UnitLam) and (PureLam), we can derive ∆ ` λzx. t : U → ( AQ ⇒ BQ ). L M L M L M L M L M L M ∆ `C s : AQ ( BQ ∆|Γ `Q t : AQ • ∆|Γ `Q s@t : BQ By the induction hypothesis, ∆ ` s : U → ( AQ ⇒ BQ ) and ∆ , Γ ` t : AQ . Then, ∆ [σ], Γ ` t [σ]: AQ , where σ is a substitutionL M L M on everyL variableM inL ∆Mby freshL M variables.L M L ByM rulesL M(SubArrows)L Mand L(Sub)M , L M L M we have ∆ ` s : U ⇒ ( AQ ⇒ BQ ). In addition, by rule (Void), ` ∗ : U. Hence, by rule (App) twice, we get ∆ , Γ ,L∆M[σ] L` M( s ∗) t [σL]: MBQ .L By LemmaM VI.2, [ ∆ ' ∆ , hence, by rule (Contr), ∆ , Γ ` ( s ∗) t : BQ . L M L M L M L M L M L M L M L M L M L M L M L M L M Now we prove item (3). Let m X i i [ αi · |y1, . . . , yni, {x1 := p(1), . . . , xn := p(n)}, t]: AQ i=1 that means ∅|FV(t): qbit `Q t : AQ. We must show that m X i i ` [ αi · |y1, . . . , yni, {x1 := p(1), . . . , xn := p(n)}, t] : A L i=1 M L M that is m X i i ` αi · t [x1 :=y ¯p(1), . . . , xn :=y ¯p(n)]: AQ (1) i=1 L M L M

From item (1) we have FV(t): ]B ` t : AQ . Then, by definition, we have t hσi AQ for every σ ∈ FV (t): ]B . In i L M Li M L M L M J K particular, [σi] = [x1 :=y ¯p(1), . . . , xn :=y ¯p(n)] ∈ FV (t): ]B , so t hσii = t [σi] AQ . By Lemma VI.3, AQ ' ] AQ , Pm J K L M L M L M L M L M and so, we have i=1 αi · t [σi] AQ , which is, by definition, the same as (1) L M L M Lemma A.12. For any terms t and r, t[x := r] = t [x := r ]. L M L M L M Proof. By a straightforward structural induction on t.

Lemma A.13. For all value distributions ~v and ~v, for all term distributions ~t, ~s, ~s1, ~s2 and for all pure values w, we have the equalities: 0 0 • (~v,~v )[x := w] = (~v[x := w],~v [x := w]) • inl(~v)[x := w] = inl(~v[x := w]) • inr(~v)[x := w] = Inr~v[x := w] • (~s~t)[x := w] = ~s[x := w]~t[x := w] • (~t;~s)[x := w] = ~t[x := w];~s[x := w] • (let (x1, x2) = ~t in ~s)[x := w] = let (x1, x2) = ~t[x := w] in ~s[x := w] (if x1, x2 ∈/ FV(w) ∪ {x}) • (match ~t {inl(x1) 7→ ~s1 | inr(x2) 7→ ~s2})[x := w] = match ~t[x := w] {inl(x1) 7→ ~s1[x := w] | inr(x2) 7→ ~s2[x := w]} ~ Pn Proof. Let us treat the case of the pair destructing let-construct. Given term distributions t = i=1 αi · ti and ~s, and a pure value w such that x1, x2 ∈/ FV(w) ∪ {x}, we observe that

(let (x1, x2) = ~t in ~s)[x := w] Pn
= i=1 αi · let (x1, x2) = ti in ~s [x := w](def. of extended let) Pn = i=1 αi · (let (x1, x2) = ti in ~s)[x := w] (linearity of pure substitution) Pn = i=1 αi · let (x1, x2) = ti[x := w] in ~s[x := w] (pure substitution in a let-construct) Pn ~ = let (x1, x2) = ( i=1 αi · ti[x := w]) in ~s[x := w] (def. of extended let) = let (x1, x2) = ~t[x := w] in ~s[x := w] (linearity of pure substitution) The other cases are treated similarly. Remark A.14 (Parallel substitution). The operation of parallel substitution [x1 := w1, . . . , xn := wn] (where x1, . . . , xn are pairwise distinct variables) can be easily implemented as a sequence of pure substitutions, by temporarily replacing the xi’s with fresh names in order to avoid undesirable captures between successive pure substitutions. For instance, we can let

~t[x1 := w1, . . . , xn := wn] :=

~t[x1 := z1] ··· [xn := zn][z1 := w1] ··· [zn := wn] where z1, . . . , zn are fresh names w.r.t. ~t, x1, . . . , xn, w1, . . . , wn. Note that this precaution is useless when the substituands w1, . . . , wn are closed, since in this case, parallel substitution amounts to the following sequential substitution (whose order is irrelevant): ~t[x1 := w1, . . . , xn := wn] = ~t[x1 := w1] ··· [xn := wn] . Lemma A.15. For all term distributions ~t and for all closed value distributions ~v and ~w: ~t hx := ~v ihy := ~w i = ~t hy := ~w ihx := ~v i (provided x 6= y) Theorem VI.6 (Adequacy). If [Q, L, t] → [Q0,L0, r], then [Q, L, t] [Q0,L0, r] . L M L M Proof. We proceed by induction on the rewrite relation of λQ. We only give the cases where C(·) = {·}, as other cases are Pm i i simple calls to the induction hypothesis. In all the cases, we consider Q = i=1 αi|u1, . . . , yni, L = {x1 := p(1), . . . , xn := i i p(n)}, and [σi] = [x1 :=y ¯p(1), . . . , xn :=y ¯p(n)]. • [Q, L, (λx.t)u] → [Q, L, t[x := u]]. Pm [Q, L, (λx.t)u] = i=1 αi · ((λx. t ) u )[σi] L M Pm L M L M = i=1 αi · ((λx. t [σi]) u [σi]) (Lemma A.13) Pm L M L M i=1 αi · t [σi][x := u [σi]] Pm L M L M = i=1 αi · t [x := u ][σi] (Lemma A.15) Pm L M L M = i=1 αi · t[x := u] [σi] (Lemma A.12) L M = [Q, L, t[x := u]] L M Q • [Q, L, (λ x.t)@u] → [Q, L, t[x := u]]. Q Pm [Q, L, (λ x.t)@u] = i=1 αi · (((λzx. t )∗) u )[σi] L M Pm L M L M = i=1 αi · (((λzx. t [σi])∗) u [σi]) (Lemma A.13) Pm L M L M i=1 αi · ((λx. t [σi]) u [σi]) Pm L M L M i=1 αi · t [σi][x := u [σi]] Pm L M L M = i=1 αi · t [x := u ][σi] (Lemma A.15) Pm L M L M = i=1 αi · t[x := u] [σi] (Lemma A.12) L M = [Q, L, t[x := u]] L M • [Q, L, π1(u, v)] → [Q, L, u]. Pm [Q, L, π1(u, v)] = i=1 αi · (let (x, y) = ( u , v ) in x)[σi] L M Pm L M L M = i=1 αi · (let (x, y) = ( u [σi], v [σi]) in x) (Lemma A.13) Pm L M L M i=1 αi · u [σi] L M = [Q, L, u] L M • [Q, L, πs(u, v)] → [Q, L, v]. Pm [Q, L, π2(u, v)] = i=1 αi · (let (x, y) = ( u , v ) in y)[σi] L M Pm L M L M = i=1 αi · (let (x, y) = ( u [σi], v [σi]) in y) (Lemma A.13) Pm L M L M i=1 αi · v [σi] L M = [Q, L, v] L M • [Q, L, if tt {t | r}] → [Q, L, t] [Q, L, if tt {t | r}] L Pm M = i=1 αi · (match inl(∗) {inl(z1) 7→ z1; t | inr(z2) 7→ z2; r })[σi] L M L M Pm = i=1 αi · match inl(∗) {inl(z1) 7→ z1; t [σi] | inr(z2) 7→ z2; r [σi]} (Lemma A.13) Pm L M L M i=1 αi · ∗; t [σi] Pm L M i=1 αi · t [σi] L M = [Q, L, t] L M • [Q, L, if ff {t | r}] → [Q, L, r] [Q, L, if ff {t | r}] L Pm M = i=1 αi · (match inr(∗) {inl(z1) 7→ z1; t | inr(z2) 7→ z2; r })[σi] Pm L M L M = i=1 αi · match inr(∗) {inl(z1) 7→ z1; t [σi] | inr(z2) 7→ z2; r [σi]} (Lemma A.13) Pm L M L M i=1 αi · ∗; r [σi] Pm L M i=1 αi · r [σi] L M = [Q, L, r] L M • [Q, L, let x ⊗ y = t ⊗ r in s] → [Q, L, s[x := t, y := r]]. [Q, L, let x ⊗ y = t ⊗ r in s] L Pm M = i=1 αi · (let (x, y) = ( t , r ) in s )[σi] Pm L M L M L M = i=1 αi · (let (x, y) = ( t [σi], r [σi]) in s [σi]) (Lemma A.13) Pm L M L M L M i=1 αi · s [σi][x := t [σi]][y := r [σi]] Pm L M L M L M = i=1 αi · ( s [x := t ][y := r ])[σi] (Lemma A.15) Pm L M L M L M = i=1 αi · ( s[x := t, y := r] )[σi] (Lemmas A.12 and Remark A.14) L M = [Q, L, s[x := t, y := r]] L M • [∅, ∅, new(tt)] → [|1i, {x 7→ 1}, x] [∅, ∅, new(tt)] = new(tt)) = tt = x[x := tt] = [|1i, {x 7→ 1}, x] L M L M L M • [∅, ∅, new(ff)] → [|0i, {x 7→ 1}, x] [∅, ∅, new(ff)] = new(ff) = ff = x[x := ff] = [|0i, {x 7→ 1}, x] L M L M L M • [|ψi, {x 7→ 1},U(x)] → [U|ψi, {x 7→ 1}, x]. Let U|0i = γ0|0i + δ0|1i and U|1i = γ1|0i + δ1|1i. Then, [α|0i + β|1i, {x 7→ 1},U(x)] = α · U(x) [x := tt] + β · U(x) [x := ff] L M L M L M = α · U¯tt + β · U¯ff

α · (γ0 · tt + δ0 · ff) + β · (γ1 · tt + δ1 · ff)

= (αγ0 + βγ1) · tt + (αδ0 + βδ1) · ff

= (αγ0 + βγ1) · x[x := tt] + (αδ0 + βδ1) · x[x := ff]

= [(αγ0 + βγ1)|0i + (αδ0 + βδ1)|1i, {x 7→ 1}, x] L M