A Correspondence Between Nuprl and the Ramified Theory of Types

A correspondence between Nuprl and the Ramified Theory of Types

Citation for published version (APA): Kamareddine, F., & Laan, T. D. L. (1996). A correspondence between Nuprl and the Ramified Theory of Types. (Computing science reports; Vol. 9612). Technische Universiteit Eindhoven.

Document status and date: Published: 01/01/1996

Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers)

Please check the document version of this publication:

• A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication

General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.

• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal.

If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement: www.tue.nl/taverne

Take down policy If you believe that this document breaches copyright please contact us at: [email protected] providing details and we will investigate your claim.

Download date: 01. Oct. 2021 Eindhoven University of Technology Department of Mathematics and Computing Science

A Correspondence between Nupd and the Ramified Theory of Types

by

Fairouz Kamareddine and Twan Laan

96/12

ISSN 0926-4515

All rights reserved editors: prof.dr. R.C. Backhouse prof.dr. J .C.M. Baeten

Reports are available at: http://www.win.tue.nl!winlcs

Computing Science Report 96112 Eindhoven, May 1996 A Correspondence between Nuprl and the Ramified Theory of Types*

Fairouz Kamareddinet Twan Laan+

April 23, 1996

Abstract

In RusselPs Ramified Theory of Types RTT, two hierarchical concepts dominate: orders and types. The use of orders has as a consequence that the logic part of RTT is predicative. The concept of order however, is almost dead since Ramsey eliminated it from RTT. This is why we find Church's simple theory of types (which uses the type concept without the order one) at the bottom of the Barendregt Cube rather than RTT. Despite the disappearence of orders which have a strong correlation with predicativity, predicative logic still plays an influential role in Computer Science. An important example is the proof checker Nuprl, which is based on Martin-LoPs Type Theory which uses type universes. Those type universes, and also degrees of expressions in AUTHOMATH, are closely related to orders. In this paper, we concentrate on Nuprl. We describe Nuprl as a Pure Type System and relate it to Russell's RTT. To be successful at so doing, we are forced to explicitly typing Nuprl (but this is not restrictive). We show also that Russell's orders playa crucial role in understanding the hierarchy of Nuprl.

1 Introduction

The Ramified Theory of Types (RTT) was developped by Bertrand Russell [21, 24] in order to solve the paradoxes that resulted from Frege's "Grundgesetze der Arithmetik" [6]. It has a double hierarchy: one of types (which can be seen as an elementary version of Church's well-known Simple Theory of Types [2]) and one of orders, which can be compared with Kripke's Hierarchy of Truths, see [13, 11]. The hierarchy of orders is less known, as it became irnpopular when Ramsey [19] and Hilbert and Ackermann [7J showed that one can avoid the paradoxes without this hierarchy. Nevertheless, orders can elegantly explain some useful hierarchies. In (11), for example, we showed that RTT's orders correspond to the hierarchy of truths where each level corresponds to Tarski's truth notion, but the limit corresponds to a level which can talk about its own truth. Orders moreover) are still present in Martin-Lof's philosophical conceptions of type theories and especially in his layers of universes [16], as we shall illustrate in this paper (via Nuprl [3]). Furthermore, orders are closely related to the degree of expression notion of AUTHOMATH [18]. Logic based on the double hierarchy of orders and types is usually called predicative. The difference between predicative and impredicative logic may seem small, nevertheless, this small difference can have some drastic consequences in fundamental mathematics. When constructing the real numbers out of the rationals (with Dedekind-cuts), the Theorem of the Lowest Upper Bound!, is not provable in predicative logic (see [23]). The Theorem of the Lowest Upper Bound is, however) one of the most fundamental theorems in real analysis.

"'This work is partially supported by EPSRC grant GRjK 25014. The authors are grateful for some useful discussions with Roel Bloo, Herman Geuvers and Jan Zwanenburg. tDepartment of Computing Science, University of Glasgow, 17 Lilybank Gardens, GLASGOW G 12 8QQ, SCOT­ LAND, e-mail f"airouzQdcs.gla.ac.uk- tel. +44 141 3306043 - fax +44 141 3304913. tDepartment of Mathematics and Computing Science, Eindhoven University of Technology, P.D.Box 513, 5600 MB EINDHOVEN, THE NETHERLANDS, e-maillaanQ'ilin. tue .nl- tel. +31 40 2475004 - fax +31 40 2463992. Laan is supported by the Co-operation Centre Tilburg and Eindhoven Universities. He is grateful to the Department of Computing Science, University of Glasgow, for their hospitality and financial support when preparing this article. 1 This Theorem states that any non-empty set of real numbers with an upper bound has a lowest upper bound.

I Many modern type systems are impredicative. For instance, the systems of the Barendregt cube [1] that have the rule "(0,*)" are all impredicative. Hence, a proof checker like Coq [5], based on the Calculus of Constructions [4L is itself founded on impredicative logic. Nevertheless, mathematics with predicative logic is possible, and from a constructive point of view it is even attractive. For instance, the proof checker Nuprl [3, 10] is based on predicative logic yet many mathematical theories can be developped using this proof checker (see [9]). Nuprl's type theory is related to type theories proposed by Martin-Lof [16J, used as a founda­ tion for constructive mathematics. Nuprl's logic is related to its type theory via the well-known propositions-as-types embedding, also known as the Curry-Howard-de Bruijn isomorphism (see [8]). It is constructive on two points: It is based on intuitionistic logic (as is the Curry-Howard-de Bruijn isomorphism) and it is based on predicative logic. In Section 2 we give a formal description of a part of the type system of Nuprl as a Pure Type System (PTS) [22]. The systems of the Barendregt cube are examples of PTSs. Nuprl in PTS style enables us to formalize the concept of order in Nuprl and to show its correctness. This order classifies types and terms of Nuprl into their relevant hierarchy. Before we can give any correspondence between RTT and Nuprl, we must give a formal presen­ tation of RTT itself. Such a formal presentation is not given in "Principia". In Section 3 we present a simplified formalization of RTT, which is based on a more extensive formalization given in [14]. In Section 4, we present an embedding of RTT in Nuprl's type system. As we present Nuprl within the framework of PTSs, we also obtain a description of RTT in PTS-style. We show that the orders in RTT correspond to orders in Nuprl.

2 The N uprl type system 2a A fragment of Nuprl in PTS-style We give a description of a part of the type system on which Nuprl is based (see [9, 3]). We don't give a full presentation of all of Nuprl's type constructors, as we will only need parts of it. The description of the typing rules is given in a natural deduction style similar to that used in the Barendregt Cube [1], and Pure Type Systems [22]. Below we assume V to be a set of variables, Z to be the set of integers, and §::::: {*1, *2, ... } a set of sorts. The intuition behind the sort *a is that it represents the propositions (and, more general, the types) of order::; a. *a corresponds to the Universe of Types I[]a in [9, 16].

Definition 2.1 (Terms) The set of terms '][' is defined by the following abstract syntax:

'][' ::= § 1V 11- 1;Z 1'][''][' 1W:']['. '][' 1rrV:']['.'][' 1'][' x '][' 1 ('][', 1lI1 11', ('][') 111',('][')

We let 0', (3, X, y, Z, ... range over V; m, n, ... over Z and A, B, M, N, u, b over T. When x does not occur free in B, we write A -t B for llx:A.B. Free and bound va,riables are defined as usual. Fv(A) and Bv(A) denote the set of free and bound variables of A. A[x:=BJ denotes the term in which all the free occurrences of x in A have been replaced by B. Syntactic equality of terms is taken modulo renaming of bound variables. This allows us to assume the following:

Convention 2.2 (Barendregt's Convention) Names of bound variables differ from the free ones in a term. Moreover, we use different bound names for different bound variables.

We take the axiom (--->~) : (Ax:T.A)B --->~ A[x:=B] and the axiom (--->q) : 11',((A, B)) --->q A and 11',( (A, B)) --->q B. We define the reduction relations --->~ and --->q generated by the above two axioms respectively (with the usual compatibility rules of course). -----*f3 and ~q are the reflexive transitive closures of -tf3 and -+(1. We define moreover -t{3u and ~j3(T in the obvious way and take :::::/3(1 to be the symmetric closure of ---*'f3a. We define contexts and some related properties:

Definition 2.3 (Contexts) A context is a finite list xl:A11 ... ,xn:An of declarations Xi:Ai. {Xl, ... , xn} is called the domain of the context. If f, ~ are contexts then we write r ~ .6. if all declarations in r are also in .6.. We let r,.6. range over contexts.

2 Definition 2.4 (Derivable statements) A statement r r A : B is derivable if it can be deduced by repeated application of the rules below:

1- : I- *n : *n+l (n E IN) (Axioms) r *, r 2: *, r n:2 (n E 2) r r A '*n (Start) (x is r-fresh) r,x:A r x:A rrM:N rrA'*n (Weak) (x is r-fresh) r,x:A r M: N r r A : *n r, x:A r B : *n (II-form) r r (IIx:A.B) : *n r, x:A r b : B r r (IIx:A.B) : *n (A) r r (,\x:A.b) : (IIx:A.B) r r M : (IIx:A.B) r r N : A (App) r r MN: B[x:=N] rrA'*n rrB'*n ( x-form) r r (A x B) : *n r r a : A r r b : B r r (A x B) : *m (Pairs) r r (a, b) : (A X B) r r M: (A x B) (Left) r r ",(M): A r r M: (A X B) (Right) r r ",(M) : B r r M : A r r B : *n A =~a B (Conv) rrM:B r r A: *n (<;;) r r A : *n+' Definition 2.5

• r is called legal if there are A, B such that r f-- A : B; • A is called legal if there are r, B such that r r A : B or r r B : A;

• A is called a r-term if there is B such that r r A: B or r r B: A;

• A is called a r -type if there is n such that r r A : *n.

We now show some PTS properties of the Nuprl type system 2 Omitted proofs are as in [I].

Theorem 2.6 (Church Rosser Theorem for --->~ and --->a)

1. If A -'ff~ B, and A -'ff~ B, then there is C such that B, -'ff~ C and B2 -'ff~ C.

2. If A -'ffa B, and A --*u B, then there is C such that B, --*u C and B2 --*u C.

PROOF: 2: any orthogonal term rewrite system (hence (1l',--->a» is Church Rosser (see [12]). 0

Theorem 2.7 (Church Rosser Theorem for --->~a)

1. If A --->~ B, and A --->q B, then 3C such that B, ..... a C, and either B2 --->~ C or B, '= C;

2. If A --->~ B, and A --*a B2 then 3C such that B, --*a C, and either B, --->~ C or B2 '= C;

3. If A -'ff~ B, and A -'ffq B, then 3C such that B, --*a C and B, ..... ~ C;

2We remark that we presented an explicitly typed (with terms of the form Ax:A.B) version of Nuprl, whilst Nuprl itself is implicitly typed (with terms of the form Ax.B).

3 4· --+~u has the Church Rosser property. PROOF: 1: induction on the structure of A. 2: use 1. 3: use 2. 4: use 3 and Theorem 2.6. 0

Lemma 2.8 (Transitivity Lemma) Let r, ~ be legal contexts such that r f- x : C for all x:C E~. Then ~ f- A : B ~ r f- A: B.

Lemma 2.9 (Substitution Lemma) If r, x:A, ~ f- B : C and r f- D : A then r, ~[x:=DJ f­ B[x:=DJ : C[x:=DJ.

Lemma 2.10 (Thinning Lemma) Let r, ~ be legal contexts, r ~~. r f- A : B ~ ~ f- A: B. Lemma 2.11 (Generation Lemma)

1. Ifr f- *n : C then C =~a *m for am> n, and ifC"t *m then r f- C: *p for some p::: 1.

2. If r f- .1 : C then C =~" *m for some m ::: 1, and if C "t *m then r f- C : *p for some p ::: 1.

3. If r f- Z : C then C =~a *m for some m ::: 1, and if C "t *m then r f- C : *p for some p ::: 1. 4· If r f- n : C then C =~a Z, and if C "t Z then r f- C : *p for some p ::: 1.

5. If r f- x : C then there is B such that x:B E r, and either B =~a C, or there are m, n with m < nand B =~a *m, C =~a *n· If C "t B then r f- C : *p for some p ::: 1.

6. If r f- (llx:A.B) : C then there is m such that r f- A : *m, r, x:A f- B : *m and C =~a *n for an::: m. IfC"t *n then r f- C: p for some p::: 1. 7. If r f- (.\x:A.b) : C then there are rn, B such that r f- (llx:A.B) : *m, r, x:A f- b : Band C =~u llx:A.B. IfC"t llx:A.B then r f- C: *p for some p::: 1. 8. If r f- AB : C then there are x, P, Q such that r f- A : (llx:P.Q), r f- B : P and either C =~u Q[x:=B], or there are m, n with m < nand Q[x:=BJ =pa *m and C =~" *n. If C"t Q[x:=BJ then r f- C: *p for some p ::: 1. 9. If r f- (A x B) : C then there is m such that r f- A : *m, r f- B : *m and C =pa *n for a n ::: m. If C "t *n then r f- C : *p for some p ::: 1.

10. If r f- (a, b) : C then there are rn, A, B such that r f- (A x B) : Om, r f- a : A, r f- b : Band C =~a A X B. If C "t A X B then r f- C : *p for some p ::: ]. 11. If r f- 7ri(M) : C then there are A" A2 such that r f- M : (A, x A,) and either C =pa Ai or there are m, n with m < n and Ai =f3q *m and C =(30 *n. PROOF: Tedious but straightforward induction on the derivation r I- M : C. o Corollary 2.12 (Correctness of Types) Ifr f- A : B then there is n ::: 1 such that r f- B : *n.

Theorem 2.13 (Subject Reduction) Ifr f- A: B and A --+~a A' then r f- A': B.

Due to (~), Unicity of Types doesn't hold for Nuprl. A weak version however, is possible: Definition 2.14 For each term A we define a term IAI as follows: I *m I = *, Illx:A.BI = llx:A·IBI Ixl = x IA x BI = IAI x IBI 1.11 = .1 I (A, B) I = (IAI, IBI) IZI = Z 17r,(M)1 = 7r,(IMI) 1M NI = IMIINI 17r,(M)1 = 7r,(IMI) l.\x:A.bl = .\x:A·lbl

Theorem 2.15 (Weak Unicity of Types) Ifr f- A: B, and r f- A: B2 then IB,I =~a IB21.

PROOF: Induction on the structure of A. We only treat A == (.\x:M.N). By Lemma 2.11, 3D"

D2 with B j =pu llx:M.Dj, and r, x:M f- N : Dj • By the induction hypothesis, IDd =fia ID21. Hence, IB,I =fiu Illx:M.D,1 == llx:M·ID,1 =~a llx:M·ID21 == Illx:M.D2 1 =pa IB21. 0

4 2b Orders in Nuprl Correctness of Types makes the following lemma and definition possible:

Lemma 2.16 If A is a r-term then 3 a r-term B, 3n::: 1 such that r I- A: B : *n.

PROOF: A is a r-term => 3 r-term B with r I- A : B or r I- B : A. If r I- A : B, then by Correctness of Types 3n ::: 1 where r I- A : B : *n. If r I- B : A then again by Correctness of Types 3n ::: 1 where r I- A : *n and hence by Start and Thinning, r I- A : *n : *n+l. 0

Note that if A is a r-term then for any A' where A ...... :J+f3a A', A' is a r-term. There are also A' =p" A where'A -FPa A' yet A' is a r-term. We define [A]r = {A'IA' is r-term and A =pa A'}. Now, we define the order of a term:

Definition 2.17 Assume A is a r-term. We define ordr(A), the order of A in r, as the smallest natural number a for which there are A' E [AJr and B such that r I- A' : B : *a+l. We prove some elementary properties of ordr{A):

Lemma 2.18 Let A be a r-term and ordr(A) = a. The following holds:

1. If A' E [A]r then ordr(A) = ordr(A').

2. There are A' ond B such that r I- A' : B : *a+l and A --"'pa A'.

PROOF: 1: easy. 2: by definition of ordr(A), 3A" =pa A and B where r I- A" : B : *.+1. By Church Rosser, A, A" have a common reduct) say A', By Subject Reduction, r /- A': B : *a+l. 0

Corollary 2.19 For a r -term (A, B), ordr(11'1 ((A, B))) = ordr(A) and ordr( 11'2 ( (A, B))) = ordr( B).

Corollary 2.20 For a r-term A in (Jer-normal form and ordr(A) = a, 3B where r I- A : B : *a+l'

The order of a term does not change if the context is expanded:

Lemma 2.21 If r I- A : Band r, x:C is legal, then ordr(A) = ordr,,,c(A).

PROOF: Let a = ordr,X'c(A). (:~) By Thinning, r I- A' : P => r, x:C I- A' : P for all A' =pa A and P, so ordr(A) ::: a. (:'0) 3A' =pa A and P with r,x:c I- A' : P : *a+l. By Lemma 2.18, assume A --"'pa A'. By Lemma 2.9, r I- A'[x:=C] : P[x:=C] : *a+l. As Fv(A') C; Fv(A) C; dom(r), x rt Fv(A'). Hence A' == A'[x:=C], so r I- A' : P[x:=C] : *a+l and ordr(A) :'Oordr,,,c(A). 0

Corollary 2.22 If A is a r-term and t>. 2 r is legal then ord",(A) = ordr(A).

The order of a term does not increase under substitution:

Lemma 2.23 Ifr, x:A, t>. I- B : C and r I- D : A then ordr,,,A,,,,(B) ::: ordr,"'[x:=DI(B[x:=D]).

PROOF: r' = r, x:A, t>.; r" = r, t>.[x:=D]; b = ordr,(B). 3P, B' =~a B s.t. r'l- B' : P : *1+1. By Lemma 2.9 r" I- B'[x:=D] : P[x:=D] : *1+1' B[x:=D] =pa B'[x:=D], so b::: ordr,,(B[x:=D]). 0 ordr,x:A,,,,(B) = ordr,"'[x:=D)(B[x:=D]) does not hold in general: take r == Y'*j. Then r,X"2 I­ X"2 and r I- Y'*2, and (by Lemma 2.28 below) ordr,x ... ,(x) = 2 and ordr(x[x:=y]) = ordr(y) = 1. The orders of constants and sorts are easy to calculate:

Lemma 2.24 (Orders of constants and sorts) Let r be a legal context. Then ordr( *a) = a+ 1, ordr{l_) = 1, ordr(Z) = 1, and ordr(n) = o.

PROOF: We only prove ordr{*a) = a + 1 (the other cases are similar). As r t-- *a : *a+l : *a+2, ordr(*a) ::; a + 1. Now assume r r A' : P : *b for an A' =f3u *a (hence A' -+I-{3O' *a). By repeated Subject Reduction, r f- *a : P : *b. By Generation, P =f3cr *c for a c > a (hence P -+I-{3q *c). By repeated Subject Reduction, r /- *c : *b, so again 'by Generation, 3d> c where *b =f3a *d. Hence d = b, so a < c < b, so b::: a + 2, so ordr(*a) ::: a + 1. 0

5 If B is a r -type then there is always B' of type *ordrCB ) such that B --"'~" B':

Lemma 2.25 Let B be a r -type and b = ordr( B). 3B' such that r I- B' : " and B --"'~q B'.

PROOF: Assume r I- B : 'p. By Lemma 2.18, 3B' and P such that r I- B' : P : *0+' and B --+~q B'. By Weak Unicity of Types 2.15, IFI =~q I *p I, say: P =~q *q. Hence P -;;~" *q.

• By repeated Subject Reduction, r I- *q : *0+' : *'+2' By Lemma 2.24, b + 1 2: q + 1, so b 2: q. • By the Conversion Rule, r f- B' : *q : *q+1, so by definition of b, q 2: b.

We find: q = b, so P =(317 *b, so by conversion r f- 8' : *b. o

This lemma confirms that *a can be seen as the type of types (propositions) of order:::; a:

Corollary 2.26 If P is a r-type in {3u-normal form, then r I- P: *a ¢} ordr(P) ~ a.

PROOF: Let p = ordr(P). "=c}" is by definition of ordr(P); for "{=", by Lemma 2.25, 3P' where r f- pI : *p and P ---'!+f3a P'. As P is in normal form, P' == P, so r r P: *p. Since p:S a, repeated use of (~) derives r I- P: *a. 0

Another result is that a term is always of a lower order than its type:

Corollary 2.27 If r I- A : B then orddA) < ordr(B).

PROOF: Let a = orddA), b = orddB). B is a type, so by Lemma 2.25, 3B' where r I- B' : *, and B --"'~" B'. r I- A : B, so by conversion, r I- A : B' : *b. By definition of a, b 2: a + 1, so b> a. 0

In the above corollary, orddA) = orddB) - 1 does not hold: take r = 0, A == *, and B == *3. In Lemma 2.24, we calculated the order of sorts and constants. Now, we present methods to calculate the order of almost all the other terms:

Lemma 2.28 Let G be a r -term. The following holds: 1. IfG == x where x:A E r then orddx) = orddA)-1. 2. IfG == llx:A.B then ordr(llx:A.B) = rnax(ordr(A),ordr,,,A(B)).

3. IfG == '\x:A.b then ordd.\x:A.b) = max(orddA) -1,ordr ,,,A(b)). 4. IfG == A x Bar G == (A, B) then ordr(G) = max(orddA),orddB)).

PROOF: 1: Let m = ordr(x). From Corollary 2.20, 3B with r I- x : B : *m+" As m + 1 is minimal, ordr(B) = m + 1. By the Generation Lemma, A =~q B. Hence, orddA) = m + 1. 2: Let a = orddA), b = ordr,xA(B), and p = orddllx:A.B). By Lemma 2.25, 3P with r I- P : *p and llx:A.B -;;~" P. P must be of the form llx·.A,.B" where A -;;~" A, and B -;;~" B,. By Lemmas 2.25 and 2.11, 3A2 and B2 such that r I- A, : *a, r, x:A I- B2 : *b, A -;;~a A2 and B ----'ft{3u B 2 . By Church Rosser, Al and A2 have a common reduct A 3 ; BI and B2 have a common reduct B3. By repeated Subject Reduction: r f- A 3"a; r, x:A I- B3,*,. As A -;;~a A3 and B -'~q B3, Subject Reduction gives r I- (llx:A3.B3) : *p. Now, p = max(a, b) as follows:

• By Generation 3m ~ p with r I- A3 : *m and r, X:A3 I- B3 : *m. By Transitivity, r, x:A I­ B3 : *m. Hence a, b:S; m ~ p. • As r I- A3 : *a and r, X:A3 I- B3 : *" so by repeated application of (~), r I- A3 : *m=(a,') and r, X:A3 I- B3 : *max(a,,). By ll-formation, r I- (llx:A3.B3) : *max(a,b), and so p ~ max(a, b). 3: Let a = ordr(A), m = ordd.\x:A.b), n = ordr,xoA(b). By Lemma 2.18, 3P, Q where r I- P : Q : *m+l and Ax:A.b ----"tf3q P. Observe that P;:: Ax:A'.b' for some A',b' with A ----""f3u A' and b --+~" b'. By the Generation Lemma, 3B such that r, x:A' I- b' : Band Q =~" llx:A'.B. Now m + 1 = orddQ) = ordr(llx:A'.B) = ordr(llx:A.B) = rnax(a,ordr,xoA(B)) by 2 above. Now m = max( a-I, n) because m + 1 = max( a, n + 1) as is seen by the two cases:

6 • rn + 1 = a. By the Transitivity Lemma, r, x:A I- b' : B. By Corollary 2.27: ordr,x:A(b') = n < ordr.xcA(B), so m + 1 = max(a, n + 1) . • m+ 1 = ordr,x:A(B) > a. 3B', b" with r, x:A' r b" : B' : *n+l and b' ----""f3o bl!. By Transitivity, r, x:A I- b" : B' : *n+l' With the II and A rule: r I- (Ax:A.b") : (I1x:A.B') : *max(a.n+l)' Hence, max(a, n+ 1) ~ m+ 1, and as a < m+ 1, n+ 1 ~ m+ 1 and n ~ m. As r, x:A I- b' : B, n < ordr,x:A(B) = m + 1. Hence n = m and m + 1 = max(a, n + 1). 4: Case C =' A x B is similar to 2. Case C =' (A, B) is similar to 3. o

As M N may be a redex, its order is harder to determine. We can, however, prove the following:

Lemma 2.29 Ifr I- M : I1x:P.Q and r I- N : P then ordr(N), ordr(M N) ::; ordr(M).

PROOF: Let m = ordr(M). 3M', R such that r I- M' : R : *m+l and M --"'~a M'. By Subject Reduction, r I- M' : I1x:P.Q, so by Weak Unicity of Types, IRI =~a IIIx:P.QI =' I1x:P.IQI. By Church Rosser 3R' such that R --"'~a R' and I1x:P.IQI --"'~a IR'I. Also, R' must be of the form I1x:P'.Q', where P --"'~a P' and IQI --"'~a IQ'I. By Subject Reduction and Conversion, r I- M' : (I1x:P'.Q') : *m+l. As m is minimal, ordr (I1x:P'.Q') = rn + 1. Now, m = ordr(M) = ordr(I1x:P'.Q')-1 = max(ordr (P')-I,ordr ,x:p,(Q')-I) ~ ordr(P')-1 = ordr(P)-1 ~ ordr(N). By conversion, r I- N : P', so r I- M' N : Q'[x:=NJ. As M N =~a M' N, we have ordr(M N) = ordr(M' N) < ordr(Q'[x:=N]) ::; ordr,xp'(Q') ::; ordr(I1x:P'.Q') = m + 1, so ordr(M N) ::; m. 0

This shows that a function can never take an argument of higher order) and that the order of a term can not increase when applying an argument to that term.

3 The Ramified Theory of Types RTT

In this section we give a short, formal description of Russell's Ramified Theory of Types (RTT). This formalisation is both faithful to RusselFs original informal presentation and compatible with the present formulations of type theories. The basic aim of RTT is to exclude the logical paradoxes from logic by eliminating all self-references. An extended philosophical motivation for this theory can be found in [24], pages 38-55. We will not go into the full details of the formalisation of RTT (these details can be found in (14), the presentation by Russell himself in "Principia" is informal). In Subsection 3a we introduce propositional functions. In Subsection 3b we assign types to some of these propositional functions. Paradoxical propositional functions are, of course, not typeable.

3a Propositional Functions In this section we shall describe the set of propositions and propositional functions which Whitehead and Russell use in ((Principia". We give a modernised, formal definition which corresponds to the description in "Principia". At the basis of the system of our formalization there is

• an infinite set A of individual-symbols and an infinite set V of variables;

• an infinite set 1<. of relation-symbols together with an arity map a : 1<. -; IN+.

O-ary relations are not explicitly used in ((Principia" but could be added without problems. Since functions are relations in Principia, we will not introduce a special set of function symbols. We assume that {al' a2, ...} 0;; A; {x, Xl, X2,···, Y, Yl,·· "Z,Zl,"'} 0;; V; {R, Rl , ... , S, Sl, ...} ~ n. We will use the letters x, y, z, Xl, ... as meta-variables over V, and R, R l1 ..• as meta-variables over n. Note that variables are written in typewriter style and that meta-variables are written in italics: x denotes one) fixed object in V whilst x denotes an arbitrary object of V. We assume that there is an order (e.g. alphabetical) on the collection V, and write x < y if the variable x is ordered before the variable y. In particular, we assume that

X < Xl < ... < Y < Yl < ... < Z < Zl < ...

7 We also have the logical symbols 1\, -, and V in our alphabet, and the non-logical symbols: paren­ theses and the comma. Note that Russell used classical logic (intuitionistic logic wasn't widespread when "Principia" appeared) and hence he didn't need to make symbols like V, ---+, :3 primitive.

Definition 3.1 (Propositional functions) We define a collection:F of propositional functions, and for each element f of F we simultaneously define the collection FV(J) of free variables of f:

1. If R E nand i j , ... , ia(R) E A U V then R( i j , ... , ia(R)) E :F.

Fv(R(i j , .. . ,ia(R))) ~f {ij , .. . ,ia(R)} nv;

2. If z E V, n E IN and k j , ... , kn E A U V U F, then z(k j , ••• , kn ) E :F. Fv(z(kj, ... ,kn)) def= { z,kj, ... ,kn } nV. If n = 0, we write z() so as to distinguish the propositional function z() from the variable Z;3

3. If f, 9 E F then f /I 9 E F and 'f E:F. FV(J /I g) ~f FV(J) U FV(g); FV(,f) ~f FV(f); 4. If f E F and x E FV(J) then \lx[J] E:F. FV(\lx[J]) = FV(J) \ {x}. 5. All propositional functions can be constructed by using the rules I, 2, 3 and 4 above.

We use the letters I, 9, h as meta-variables over :F and similar to Convention 2.2, we assume that bound variables differ from free ones and that different bound variables have different names. A propositional function f is a proposition in which some parts (the free variables) have been left undetermined. It will turn into a proposition as soon as we assign values to all its free variables. In this light, a proposition can be seen as a degenerated propositional function (with 0 free variables).

It will be clear now what the intuition behind propositional function of the form R(i j , • •• , ia(R))' f /I g, 'f and \lx[f] is. The intuition behind propositional functions of the second kind is not so obvious. z( kll ... , kn) is a propositional function of higher order: z is a variable for a propositional function with n free variables; the argument list kl' ... , kn indicates what should be substituted4 for these free variables as soon as one assigns such a propositional function to z. Notice that there are propositional functions of the form z(kj, ... , kn) (where z E V) but that expressions of the form f(k t , ... , kn ), where f E :F, are not propositional functions. Even substituting f for z in z(k j , ••• ,kn) does not lead to f(k j , •.• ,kn), as the notion of substitution in RTT is quite different from the usual notion of substitution in first order logic.

Example 3.2 Here are some higher-order propositional functions (pfs) from mathematics: 1. The pfs z(x) and z(y) in the definition of Leibniz-equality: \lz[z(x) +-+ z(y)]. 2. The pfs z(O), z(x) and z(y) in the formulation of complete induction: [z(O) -> (\lx\ly[z(x) -> (s(x, y) -> z(y))])]-> \lx[z(x)]. 3. The pf zO in the formulation of the law of the excluded middle: \lz[zO V ,zOJ.

3b Ramified Types Not all propositional functions should be allowed in our language. For instance, the expression -,x(x) is a perfectly legal element of F, nevertheless, it is the propositional function that makes it possible to derive the Russell Paradox. Therefore, types are introduced.

Definition 3.3 (Ramified Types) The ramified types T are defined inductively as follows:

1. ,0 is a ramified type (0 is called the order of this type);

2. If tl, ... , tn are ramified types of orders at) ... , an respectively, and a > max( at, ... , an), then (t j , ••• , tn)a is a ramified type of order a (if n = °then take a ~ 1); 3. All ramified types can be constructed using the rules 1 and 2.

3 A variable is not a propositional function. See [20], Chapter VIII: "The variable" , p.94 of the 7th impression. 4In Principia, it is not clear how such substitutions are carried out. One must depend on intuition and on how substitution is used in the Principia. It is quite hard and elaborate to give a proper definition of substitution.

8 LO is the type of individuals, and (tl, ... , tn)a is the type of the propositional functions with n free variables, say Xl, ... ) X n1 such that if we assign values kl of type tl to Xl 1 '" , k n of type tn to X n, then we obtain a proposition. The type 0" is the type of propositions of order a. Russell strictly divides his propositional functions in orders. For instance, both \lp[PO II 'pO] and R( a) are propositions, but of different level: The first presumes a full collection of propositions, hence it cannot belong to the same collection of propositions as the propositions p over which it quantifies (among which R( a)). This led Russell to make \lp[pO II 'pO] belong to a type of a higher order (level) than the order of R(a). This can already be seen in the definition of ramified types: (t1, ... , tn)" can only be a type if a is strictly greater than each of the orders of the tiS. Definition 3.4 Let Xl, ... , Xn be a list of distinct variables, and t l , ... , tn be a list of ramified types. We call Xl :tl) ... 1 Xn:tn a context and call {Xl, ... ) xn} its domain. We write r r I : t to express that I E :F has type t in context r, and extend the variable convention to contexts: If X is bound in I, then X does not occur in the domain of r.

We use r, Ll to range over contexts and t l , t2, ... to range over types. To avoid confusion we sometimes write rN for derivability in the Nuprl type system, and rR for derivability in RTT. We now present the typing rules for RTT. These rules are derived from and equivalent to the rules in [14], which are as close as possible to Russell's original ideas. We change our notation for propositional functions slightly: Instead of \lx[J] we write \lx:t[J], where t is some ramified type.

Definition 3.5 (Typing Rules for RTT)

• If c E A, then r I- c : ,0 for any context r;

• If I E :F, and Xl < ... < Xn are the free variables of I, and t l , ... , tn are types such that Xi:ti E r, then r I- I : (t 1, . .. , t n )" if and only if

If I == R(i1, ... , ia(R)) then ti = ,0 for all i, and a = 1; If 1== Z(k1, ... ,km) then there are U1"",Um such that Z:(U1, ... ,Um)"-1 E r, and r I- ki :Ui for all k, E A U:F, and k, :Ui E r for all ki E V; If f == It A h then there are U~I, U~2 such that r r Ii : U~i and a = max(al, az); if 1==.1' then rl- 1': (t 1, ... ,tn)". If 1==\lx:to[l'] then there isj such that r,x:to I- I': (t1, ... ,t;_I,to,t;, ... ,tn)". Example 3.6 .x(x) is not typeable in any context r. If r I- .x(x) : t then t must be of the form (u)", with x:u E r, as .x(x) has one free variable. Hence r I- x(x): (u)", and by Unicity of Types below, u == (u,)a-l, with x: u' E r. As r is a context, u == u', hence u == (u)a-l. Absurd. An important result (whose proof follows directly from the definition of r I- I : t) is the following:

Theorelll 3.7 (Unicity of Types) Ilr I- I: t and r I- I: U then t == u.

4 RTT in Nuprl

We present a straightforward embedding of RTT in the type theory of Nuprl. The embedding will consist of two parts: First we give a representation of the ramified types in Nuprl (Subsection 4a), then we represent the typable propositional functions in Nuprl (Subsection 4b).

4a Ramified Types in Nuprl The main clue to our embedding is the interpretation of *n as the sort containing all order-n­ propositions. There is a small difference in that Nuprl considers any term of type *n to be of type *n+l as well. This means that any proposition of order n can be interpreted as a proposition of order n + 1 as well. This inclusion is not a feature of RTT; yet it isn't a serious extension. Another small point is that Russell doesn't specify his underlying set of "individuals" and that we want to use Z as translation of this underlying set. Therefore, we will assume that the set A of RTT-individuals is equal to the set Z of integers.

9 Definition 4.1 Define a mapping T : T --; 'f as follows:

T( ,0) ~ Z and T((t~', ... , t~n)") ~ T(t~') --; ... T(t~n) --; *a

Note that T(oa) = *a and T does indeed interpret the type of order-a-propositions as *a. Moreover, translations of ramified types are typable in Nuprl:

Lemma 4.2 Ifta is a ramified type of order a then I-N T(ta): *a+1.

PROOF: Induction on the construction of ramified types. o

When we speak of a ramified type t a of order a, we actually mean that the terms that are of type t a have order a. T(ta) itself should, therefore, have order a + 1 in Nuprl. Indeed, we can prove: Lemma 4.3 If r is a legal context then ordr(T(ta)) = a + l.

PROOF: Induction on ramified types. T(,O) = Z and ordr(Z) = 1 by Lemma 2.24. Now assume ordr(T(t:')) = ai + 1 for i = 1, ... , n. Notice that ordr(T((t~', ... , t~n )a)) ordr(T(t~') --; ... --; T(t~n) --; tal 2.28 max( ordr(T(t~')), ... , ordr(T(t~n )), ordr( *a)) 2.2±.t IH a> ao maxal+( 1 , ... ,an +l,a+l ) = a+l o

4b Propositional Functions of RTT III Nuprl We extend the mapping T of Definition 4.1 so that a propositional function with free variables Xl < ... < Xn will be translated into a A-term of the form AXI:t} ... xn:tn.A, where A itself is not of the form "\x:t.A'. For notational convenience, T is extended to A and V as well.

Definition 4.4 Let r be a RTT-context. We extend T to the sets A, V and :F. If i E A u V then T(i) ~f i. Now let f E:F and assume f has free variables Xl < ... < X n , such that Xi:t, E r.

• If f = R.( i" ... ,ia(R») then T(J) ~f .AX1 :T(t,) ... xn:T(tn).Ri, ... ia(R)

• If f = g1 Ag2) and 9i has free variables Yil < ... < Yim;, then T(9i) == AYil :Ui1 ... Yimi :Uim •. Gi

for some term Gi . Let T(f) ~f .\X1:T(t,)·· ·xn :T(tn).G1 x G 2 . • If f = 'g, then T(g) == .\x1:T(t,) ... xn:T(tn).G for some term G. Let T(J) ~f .Ax1:T(t,)·· .xn:T(tn).G --; L • If f = 'Ix:t.g then T(g) == .\x,:T(t,)" ,xi:T(ti).x:T(t).Xi+1:T(ti+,)·· ,xn:T(tn).G for some term G. Let T(f) ~f .Ax1:T(t,)·· ·xn:T(tn).IIx:T(t).G.

The extension ofT as defined above also depends on the context f. Normally it will be clear which context r is meant. If confusion arises, we write Tr to indicate the context in question. It is important to notice that, for propositions f, T(f) is exactly the interpretation of f provided by the Curry-Howard-de Bruijn isomorphism. Finally, we define a special Nuprl-context ra which contains information on the relation and aiR) time' Z individual symbols of RTT by: ro ~f {R: ~ --; *1 IRE R}. We assume n to be finite for the moment, so that fa is finite as well, and therefore is a Nuprl-context. fa is legal, as we have I-N Z ---+ ... ---+ Z ---+ *1 : *2. The following theorem states that the embedding T respects the type structure of RTT. This means that we can see Nuprl as an extension of the Ramified Theory of Types.

10 Theorem 4.5 (Nuprl extends RTT) If r f-R f : t then r o f-N T(J) : T(t).

PROOF: Induction on the definition of f f-R f : t. If r f- c : ,0 because c E Z then c:Z E r o, so ra I- c: Z. Now assume J E:F, f has free variables Xl < ... < X n1 and t l , ... ,in where Xi:ti E r for i = 1, ... , n, and r f-R f : (t" ... , tn)a. By Lemma 4.2, f-N T(ti) : *a; for some ai. Hence, by the Start and Weakening rules, we add Xi:T(ti) one by one to the context r o, obtaining a legal context r, = r o, x,:T(td, ... , xn:T(tn). We only treat the case f = \lx:to[g]: If f = \lx:to[g] then:Jj such that r,x:to f-R g: (t" ... ,tj_"to,tj, ... ,tn)a. By the induction hypothesis, ro f- T(g) : T(td ~ ... --> T(tj_d --> T(to) --> T(tj) --> ... --> T(tn) ~ *a. By the Generation Lemma, fo, x, :T(td, . .. , Xj_,:T(tj_d, x:T(to), xj:T(tj), ... , xn:T(tn) f-N G : *a where 9 == AXI .. -Xj_lXXj" ,xn.G. As the types of the variables in the context are independent from each other, we also have r 11 x:T(to) r-N G: *a. As the order of type to is smaller than a, we have r, f-N T(to) : *a (Lemma 4.2), so by II-formation: r, f-N IIx:T(to).G: *a. By A-abstracting over all the variables in FV(J) we obtain ro f-N T(J) : T(t). 0

It would be nice if we could also prove a kind of opposite of Theorem 4.5. However, the statement If fa i-N T(J) : T(t) then there is a context f such that f i-R f : t is not true. We can derive ro f-N T(\lx:£O[R(x)]) : *n for any n ? 1. Nevertheless, we have r f-R \lx:£O[R(x)] : 0' for all RTT-contexts r, so by Unicity of Types 3.7 it is impossible that r f-R \lx"O[R(x)] : on for any n> 1. It is clear that this difference between RTT and Nuprl is caused by the type inclusion rule ~, which is only present in Nuprl, and not in RTT. We do have a partial result) however:

Lemma 4.6 If r f-R f : (t~', ... , t~n)a and x, < ... < Xn are the free variables of f, then ordro (T(\lx, :t~' . ... \lxn:t~n [f]) = a.

PROOF: Induction on the definition of r t-R f : (tfl) ... ) t~n)a. Note that xi:tf' E r for all i) and r f-R \lx,:t~' .. ·\lxn:t~n[J]: oa. Let ri '" ro,x,:T(t~'), ... ,Xi:T(t:;). We only treat the case f '" z(k" ... , km); the other cases are similar. z E FV(J), say: z'" xp. As xp:t;' E f, ap = a-I. Hence ordr.{z) = ordr.{T(t;'» -1 = a -1. By 2.29, ordrn(zT(k,)·· .T(km» ~ a -1. Hence ordro(T('Vx, :t~' ... \lxn :t~n [J])) ordro (IIx, :T(t~' ) .... IIxn :T(t~n ).zT(kll' .. T(km» max( ordr n(zT(kd ... T(km», m

Corollary 4.7 If f f-R f : oa then ordro (T(J) = a.

5 Conclusions

In this paper we gave a description in PTS format of a fragment of the type theory behind the proof checker Nuprl. We showed that the obtained system has some basic properties of PTSs (Church Rosser) Generation Lemma) Correctness of Types) Subject Reduction) and a weak) but not restrictive) form of Unicity of Types). Our formulation of Nuprl as a PTS is faithful to the idea behind universes in Martin-LoCs type theory as in [15, 16], where universes are built it la Russe1l 5 in that II, E, etc. are both set (or type) forming operations and operations to form canonical elements of universes. This is clear in our compact formulation of the Nuprl fragment where Martin-LoCs universes Ui are *i for us) Martin-LoCs II-formation) IT-introduction and II-elimination correspond to our (II-form)) (.:\) and (App) respectively. Of course in PTS style, there are no equality rules, but (Conv) plays some role of these equality rules. As for E, which we replaced by x, it is obvious that (Pairs), (Left) and (Right) play the role of E-introduction and elimination. Most important of all) is our definition of the concept of order on Nuprl terms which captures the notion of Type Universe of Martin-Lors formulation it la Russell and is related to Type Universe

SIn [17] Martin-Lor built universes a la Tarski where a distinction was made between sets and their codes.

11 in Nuprl [9] (and to Degree of Expression in AUTDMATH [18]). Orders in Nuprl are also shown to be related to orders in the Ramified Type Theory RTT of Principia Mathematica [24] in a precise way: If we translate a proposition f of order n in RTT into a Nuprl type T(J) by means of a propositions-as-types embedding, the order of T(J) in Nuprl is also n. As a bonus, the embedding T results in a description of RTT in a propositions-as-types style in which the notion of order is maintained. Moreover, a PTS description of RTT is obtained. There are more similarities between RTT and Nuprl. Both Nuprl and RTT have a kind of higher order substitution (see Chapter 5 of [10] and Section 3 of [14]). We are currently investigating the similarities between both notions of substitution.

References

[1] H.P. Barendregt. Lambda calculi with types. In S. Abramsky, Dov Gabbay, and T.S.E. Maibaum, editors, Handbook of Logic in Comp1tter Science 2: Backgro1l.nd: Computational Structures, 117-309. OUP, 1992.

[2] A. Church. A formulation of the simple theory of types. The Jo1trnal oj Symbolic Logic, 5:56-68,1940.

[3] R.L. Constable et al. Implementing Maths with the Nuprl Proof Development System. Prentice-Hall,1986.

[4] T. Coquand and G. Huet. The calculus of constructions. Information and Computation, 76:95-120,1988.

[5] G. Dowek et al. The Coq proof assistant version 5.6, Users guide. Rapport de recherche 134, INRIA, 1991.

[6] G. Frege. Grundgesetze der Arithmetik, begriffsschriftlich abgeleitet, I + II. Pohle, Jena, 1892 and 1903.

[7] D. Hilbert and W. Ackermann. Grundziige der Theoretischen Logik. Die Grundlehren der Mathematischen Wissenschaften in Einzeldarstellungen, Band XXVII. Springer Verlag, Berlin, first edition, 1928.

[8] W.A. Howard. The formulas-as-types notion of construction. In J.P. Seldin and J.R. Hindley, editors, To H.B. Curry: Essays on Combinatory Logic, A- Calcul1ts and Formalism, 479-490,1980. Academic Press.

[9] P.B. Jackson. Enhancing the Nuprl Proff Development System and Applying it to Computational Abstract Algebra. PhD thesis, Cornell University, Ithaca, New York, 1995.

[10] P.B. Jackson. The Nuprl proof development system, Version 4.1 reference manual and user's guide. Cornell University, Department of Computing Science, Ithaca, New York., 1995.

[11] F. Kamareddine and T. Laan. A reflection on Russell's ramified types and Kripke's hierarchy of truths. Journal of the Interest Group in Pure and Applied Logic 4-(2), 1996.

[12] J.W. Klop. Term rewriting systems. In S. Abramsky, Dov M. Gabbay, and T.S.E. Maibaum, editors, Handbook of Logic in Computer Science 2: Background: Computational Structures, pages 1-116. OUP, 1992.

[13] S. Kripke. Outline of a theory of truth. Journal of Philosophy, 72:690-716,1975.

[14] T .D.L. Laan. A modern elaboration of the Ramified Theory of Types. To appear in Studia Logica.

[15] P. Martin-Lof. An intuitionistic theory of types: predicative part. In H.E. Rose and J. Shepherdson, editors, logic Colloquium '7:1. North Holland, 1975.

[16] P. Martin-Lof. Constructive mathematics and computer programming. In Sixth International Congress for Logic, Methodology and Philosophy of Science, 153-175, Amsterdam, 1982. North-Holland.

[17] P. Martin-Lof. lntuitionistic Type Theory. Bibliopolis, 1984.

[18] R.P. Nederpelt, J.H. Geuvers, and R.C. de Vrijer, editors. Selected Papers on Automath. Studies in Logic and the Foundations of Mathematics 133. North-Holland, Amsterdam, 1994.

[19] F.P. Ramsey. The foundations of mathematics. Proc. of the London Mathematical Society, 338-384,1925.

[20] B. Russell. The Principles oj Mathematics. Allen & Unwin, London, 1903.

[21] B. Russell. Mathematical logic as based on the theory of types. American Journal oj Mathematics, 30, 1908.

[22] J. Terlouw. Een nadere bewijstheoretische analyse van GSTT's. Technical report, Department of Computer Science, University of Nijmegen, 1989.

[23] H. Weyl. Das }(ontinuum. Veit, Leipzig, 1918. German; also in: Das Kontinuum und andere Monographien, Chelsea Pub.Comp., New York, 1960.

[24] A.N. Whitehead and B. Russell. Principia Mathematica. Cambridge University Press, 19101, 19272 •

12 Computing Science Reports Department of Mathematics and Computing Science Eindhoven University of Technology In this series appeared:

93/01 R. van Geldrop Deriving the Aho-Corasick aIgorithms: a case study into the synergy of program­ ming methods, p. 36.

93/02 T. Verhoeff A continuous version of the Prisoner's Dilemma, p. 17

93/03 T. Verhoeff Quicksort for linked lists, p. 8.

93/04 E.H.L. Aarts Deterministic and randomized local search. p. 78. J.H.M. Karst P.l, Zwietering

93/05 J.C.M. Baeten A congruence theorem for structured operational C. Verhoef semantics with predicates, p. 18.

93/06 J.P. Veltkamp On the unavoidability of metastable behaviour, p. 29

93/07 P.O. Moerland Exercises in Multiprogramming, p. 97

93/08 J. Verhoosel A Formal Deterministic Scheduling Model for Hard Real-Time Executions in DEDOS. p. 32.

93/09 K.M. van Hee Systems Engineering: a Fonnal Approach Part I: System Concepts. p. 72.

93110 K.M. van Hee Systems Engineering: a Fonnal Approach Part II: Frameworks, p. 44.

93/11 K.M. van Hee Systems Engineering: a Fonnal Approach Part III: Modeling Methods, p. 101.

93/12 K.M. van Hee Systems Engineering: a Fonnal Approach Part IV: Analysis Methods, p. 63.

93/13 K.M. van Hee Systems Engineering: a Fonnal Approach Part V: Specification Language, p. 89.

93114 1.C.M. Baeten On Sequential Composition, Action Prefixes and 1.A. Bergstra Process Prefix, p. 21.

93115 1.C.M. Baeten A Real-Time Process Logic, p. 31. 1.A. Bergstra R.N. Bol

93116 H. Schepers A Trace-Based Compositional Proof Theory for 1. Hooman Fault Tolerant Distributed Systems. p. 27

93117 D. Alstein Hard Real-Time Reliable Multicast in the DEDOS system, P. van der Stok p. 19.

93/18 C. Verhoef A congruence theorem for structured operational semantics with predicates and negative premises, p. 22.

93119 G-l. Houben The Design of an Online Help Facility for ExSpect. poll.

93/20 F.S. de Boer A Process Algebra of Concurrent Constraint Programming, p. 15.

93/21 M. Codish Freeness Analysis for Logic Programs - And Correctness, p. 24 D. Dams G. File M. Bruynooghe

93122 E. Poll A Typechecker for Bijective Pure Type Systems. p. 28.

93/23 E. de Kogel Relational Algebra and Equational Proofs, p. 23.

93/24 E. Poll and Paula Severi Pure Type Systems with Definitions. p. 38.

93125 H. Schepers and R. Gerth A Compositional Proof Theory for Fault Tolerant Real-Time Distributed Systems, p. 31.

93/26 W .M.P. van der Aalst Multi-dimensional Petri nets. p. 25.

93/27 T. Kloks and D. Kratsch Finding all minimal separators of a graph, p. 11.

93/28 F. Kamareddine and A Semantics for a fine }.-calculus with de Bruijn indices, R. Nederpelt p.49.

93/29 R. Post and P. De Bra GOLD. a Graph Oriented Language for Databases. p. 42.

93/30 1. Deogun On Vertex Ranking for Pennutation and Other Graphs. T. KIoks p. 11. D. Kratsch H. MOiler 93/31 W. Korver Derivation of delay insensitive and speed independent CMOS circuits, using directed commands and production rule sets, p. 40.

93/32 H. ten Eikelder and On the Correctness of some Algorithms to generate Finite H. van Geldrop Automata for Regular Expressions, p. 17.

93/33 L. Layens and J. Moonen ILIAS, a sequential language for parallel matrix computations, p. 20.

93/34 J.C.M. Baeten and Real Time Process Algebra with Infinitesimals, p.39. J .A. Bergstra

93/35 W. Ferrer and Abstract Reduction and Topology, p. 28. P. Seven

93/36 J.C.M. Baeten and Non Interleaving Process Algebra, p. 17. l,A. Bergstea

93/37 J. Brunekreef Design and Analysis of J-P. Katoen Dynamic Leader Election Protocols R. Koymans in Broadcast Networks, p. 73. S. Mauw

93/38 C. Verhoef A general conservative extension theorem in process algebra. p. 17.

93/39 W.P.M. Nuijten Job Shop Scheduling by Constraint Satisfaction, p. 22. E.H.L. Aarts D.A.A. van Erp Taalman Kip K.M. van Hee

93/40 P.D.V. van dec Stok A Hierarchical Membership Protocol for Synchronous M.M.M.PJ. Claessen Distributed Systems, p. 43. D. Alstein

93/41 A. Bijlsma Temporal operators viewed as predicate transformers, p. 11.

93/42 P.M.P. Rambags Automatic Verification of Regular Protocols in Pff Nets, p. 23.

93/43 B.W. Watson A taxomomy of finite automata construction algorithms, p. 87.

93/44 B.W. Watson A taxonomy of finite automata minimization algorithms, p. 23.

93/45 E.l. Luit A precise clock synchronization protocol,p. 1.M.M. Martin

93/46 T. Kloks Treewidth and Patwidth of Cocomparability graphs of D. Kratsch Bounded Dimension, p. 14. 1. Spinrad

93/47 W. v.d. Aalst Browsing Semantics in the "Tower" Model, p. 19. P. De Bra G,1. Hauben Y. Komatzky

93/48 R. Gerth Verifying Sequentially Consistent Memory using Interface Refinement, p. 20.

94/01 P. America The object-oriented paradigm, p. 28. M. van def Kammen RP. Nederpelt 0.5. van Roosmalen H.C.M. de Swart

94/02 F. Kamareddine Canonical typing and II-conversion, p. 51. RP. NederpeU

94/03 L.B. Hartman Application of Marcov Decision Processe to Search K.M. van Hee Problems, p. 21.

94104 J .C.M. Baeten Graph Isomorphism Models for Non Interleaving Process J .A. Bergstra Algebra. p. 18.

94/05 P.Zhou Formal Specification and Compositional Verification of J. Haoman an Atomic Broadcast Protocol, p. 22.

94106 T. Basten Time and the Order of Abstract Events in Distributed T. Kunz Computations, p. 29. 1. Black M. Coffin D. Taylor

94/07 K.R. Apt Logic Programming and Negation: A Survey, p. 62. R.801

94/08 0.5. van Roosmalen A Hierarchical Diagrammatic Representation of Class Structure, p. 22.

94109 J.C.M. Baeten Process Algebra with Partial Choice. p. 16. J.A. Bergstra 94110 T. verhoeff The resting Paradigm Applied to Network Structure. p. 31.

94111 J. Peleska A Comparison of Ward & Mellor's Transformation C. Huizing Schema with State- & Activitycharts. p. 30. C. Petersohn

94112 T. Kloks Dominoes. p. 14. D. Kratsch H. Milller

94113 R. Seljee A New Method for Integrity Constraint checking in Deductive Databases. p. 34.

94114 W. Peremans Ups and Downs of Type Theory. p. 9.

94115 R.J.M. Vaessens Job Shop Scheduling by Local Search. p. 21. E.H.L. Aaru 1.K. Lenstra

94116 R.c. Backhouse Mathematical Induction Made Calculational, p. 36. H. Doornbos

94117 S. Mauw An Algebraic Semantics of Basic Message M.A. Reniers Sequence Charts, p. 9.

94118 F. Kamareddine Refining Reduction in the Lambda Calculus. p. 15. R. Nederpelt

94119 B.W. Watson The performance of single-keyword and multiple-keyword pattern matching algorithms, p. 46.

94120 R. Bloo Beyond p-Reduction in Church's A-+. p. 22. F. Kamareddine R. NederpeJt

94121 B.W. Watson An introduction to the Fire engine: A C++ toolkit for Finite automata and Regular Expressions.

94122 B.W. Watson The design and implementation of the FIRE engine: A C++ toolkit for Finite automata and regular Expressions.

94123 S. Mauw and M.A. Reniers An algebraic semantics of Message Sequence Charts, p. 43.

94124 D. Dams Abstract Interpretation of Reactive Systems: O. Grumberg Abstractions PreselVing V'CTL*. 3CTL* and CTL*, p. 28. R. Gerth

94125 T. Kloks K1.3-free and W4-free graphs, p. 10.

94126 R.R. Hoogerwoord On the foundations of functional programming: a programmer's point of view. p. 54.

94127 S. Mauw and H. Mulder Regularity of BPA-Systems is Decidable. p. 14.

94128 C.W.A.M. van Overveld Stars or Stripes: a comparative study of finite and M. Verhoeven transfinite techniques for surface modelling. p. 20.

94129 J. Haoman Correctness of Real Time Systems by Construction, p. 22.

94130 J.C.M. Baeten Process Algebra with Feedback. p. 22. J .A. Bergstra Gh . .$tefanescu

94131 B,W. Watson A Boyer-Moore type algorithm for regular expression R.E. Watson pattern matching. p. 22.

94/32 I.I. Vereijken Fischer's Protocol in Timed Process Algebra. p. 38.

94133 T. Laan A formalization of the Ramified Type Theory, p.40.

94134 R. Bloo The Barendregt Cube with Definitions and Generalised F. Kamareddine Reduction, p. 37. R. Nederpelt

94135 I.C.M. Baeten Delayed choice: an operator for joining Message S. Mauw Sequence Charts, p. 15.

94136 F. Kamareddine Canonical typing and II-conversion in the Barendregt R. Nederpelt Cube. p. 19.

94137 T. Basten Simulating and Analyzing Railway Interiockings in R.801 ExSpect, p. 30. M. Voorhoeve

94138 A. BijIsma Point-free substitution, p. 10. C.S. Scholten 94139 A. Blokhuis On the equivalence covering number of splitgraphs. p. 4. T. Kloks

94/40 D. Aistein Distributed Consensus and Hard Real-Time Systems, p. 34.

94/41 T. Kloks Computing a perfect edge without vertex elimination D. Kratsch ordering of a chordal bipartite graph, p. 6.

94142 I. Engelfriet Concatenation of Graphs, p. 7. J.J. Vereijken

94/43 R,C. Backhouse Category Theory as Coherently Constructive Lattice M. Bijsterveld Theory: An Illustration, p. 35.

94144 E. Brinksma J. Davies Verifying Sequentially Consistent Memory, p. 160 R. Gerth S. Graf W. Janssen B. Jonsson S. Katz a.Lowe M. Poel A. Pnueli C. Rump J. Zwiers

94/45 G.l. Hauben Tutorial voor de ExSpect-bibliotheek voor "Administratieve Logistiek", p. 43.

94/46 R. Bloo The A-cube with classes of tenns modulo conversion, F. Kamareddine p. 16. R. Nederpelt

94/47 R. Bloo On II-conversion in Type Theory, p. 12. F. Kamareddine R. NederpeJt

94/48 Mathematics of Program Fixed-Point Calculus, p. 11. Construction Group

94149 I.C.M. Baeten Process Algebra with Propositional Signals, p. 25. I.A. Bergstea

94150 H. Geuvers A short and flexible proof of Strong Normalazation for the Calculus of Constructions, p. 27.

94/51 T. Kloks Listing simplicial vertices and recognizing D. Kratsch diamond-free gmphs, p. 4. H. Muller

94152 W. Penczek Traces and Logic, p. 81 R. Kuiper

94/53 R. Gerth A Partial Order Approach to R. Kuiper Branching Time Logic Model Checking. p. 20. D. Peled W. Penczek

95/01 1.1. Lukkien The Construction of a small CommunicationLibrary, p.16.

95/02 M. Bezem Formalizing Process Algebraic Verifications in the Calculus R. Bol of Constructions, p.49. J.P. Groote

95/03 J.eM. Baeten Concrete process algebra, p. 134. C. Verhoef

95/04 J. Hidders An Isotopic Invariant for Planar Drawings of Connected Planar Graphs, p. 9.

95/05 P. Severi A Type Inference Algorithm for Pure Type Systems, p.20.

95/06 T.W.M. Vossen A Quantitative Analysis of Iterated Local Search, p.23. M.O.A. Verhoeven RM.M. ten Eikelder E.HL Aarts

95/07 GAM. de Bruyn Drawing Execution Graphs by Parsing, p. 10. O.S. van Roosmalen

95/08 R. Bloo Preservation of Strong Normalisation for Explicit Substitution, p. 12.

95/09 I.C.M. Baeten Discrete Time Process Algebra, p. 20 J.A. Bergstea

95/10 R.C. Backhouse MatWpad: A System for On-Line Prepararation of Mathematical R. Verhoeven Documents, p. 15 O. Weber 95/11 R. Seljee Deductive Database Systems and integrity constraint checking, p. 36.

95112 S. Mauw and M. Reniers Empty lnterworkings and Refinement Semantics of Interworkings Revised, p. 19.

95/13 B,W. Watson and G. Zwaan A taxonomy of sublinear multiple keyword pattern matching algorithms, p. 26.

95/14 A. Ponse, C. Verhoef, De proceedings: ACP'95, p. S.F.M. Vlijrnen (eds.)

95115 P. Niebert and W. Penczek On the Connection of Partial Order Logics and Partial Order Reduction Methods, p. 12.

95116 D. Dams, O. Grumberg, R. Gerth Abstract Interpretation of Reactive Systems: Preservation of CTL *, p. 27.

95117 S. Mauw and EA. van dec Meulen Specification of tools for Message Sequence Charts, p. 36.

95118 F. Kamareddine and T. Laan A Reflection On Russell's Ramified Types and Kripke's Hierarchy of Truths, p. 14.

95/19 J.C.M. Baeten and I.A. Bergstra Discrete Time Process Algebra with Abstraction, p. 15.

95/20 F. van Raamsdonk and P. Severi On Normalisation, p. 33.

95/21 A. van Deursen Axiomatizing Early and Late Input by Variable Elimination, p. 44.

95/22 B. Arnold, A. v. Deursen, M. Res An Algebraic Specification of a Language for Describing Financial Products, p. II.

95/23 W.M.P. van dec Aalst Petri net based scheduling, p. 20.

95/24 F.P.M. Dignum, W.P.M. Nuijten, Solving a Time Tabling Problem by Constraint Satisfaction, p. 14. L.M.A. Janssen

95/25 L. Feijs Synchronous Sequence Charts In Action, p. 36.

95/26 W.M.P. van dec Aalst A ClasS of Petri nets for modeling and analyzing business processes, p. 24.

95/27 P.D.V. van dec Stok, J. van dec WaJ Proceedings of the Real·Time Database Workshop, p. 106.

95/28 W. Fokkink, C. Verhoef A Conservative Look at term Deduction Systems with Variable Binding, p. 29.

95/29 H. Jurjus On Nesting of a Nonmonotonic Conditional, p. 14

95/30 J. Hidders, C. Haskens, J. Paredaens The Formal Model of a Pattern Browsing Technique, p.24.

95/31 P. Kelb, D. Dams and R. Gerth Practical Symbolic Model Checking of the full p·calculus using Compositional Abstractions, p. 17.

95/32 W.M.P. van der Aalst Handboek simulatie, p. 51.

95/33 J. Engelfriet and IJ. Vereijken Context·Free Graph Grammars and Concatenation of Graphs, p. 35.

95/34 1. Zwanenburg Record concatenation with intersection types, p. 46.

95/35 T. Basten and M. Voorhoeve An algebraic semantics for hierarchical Pff Nets, p. 32.

96/01 M. Voorhoeve and T. Basten Process Algebra with Autonomous Actions, p. 12.

96102 P. de Bra and A. Aerts Multi·User Publishing in the Web: DreSS, A Document Repository Service Station, p. 12

96/03 W .M.P. van dec Aalst Parallel Computation of Reachable Dead States in a Free·choice Petri Net, p. 26.

96/04 S. Mauw Example specifications in phi·SDL.

96/05 T. Basten and W.M.P. v.d. Aalst A Process-Algebraic Approach to Life-Cycle Inheritance Inheritance = Encapsulation + Abstraction, p. 15.

96/06 W.M.P. van dec Aalst and T. Basten Life-Cycle Inheritance A Petri-Net-Based Approach, p. 18.

96107 M. Voorhoeve Structural Petri Net Equivalence, p. 16.

96/08 AT.M. Aerts, P.M.E. De Bra, OODB Support for WWW Applications: Disclosing the internal structure of J.T. de Munk Hyperdocuments, p. 14.

96/09 F. Dignum, H. Weigand, E. Verharen A Formal Specification of Deadlines using Dynamic Deontic Logic, p. 18.

96/10 R. Bloo, H. Geuvers Explicit Substitution: on the Edge of Strong Normalisation. p. 13.

96/11 T.Laan AUTOMATH and Pure Type Systems, p. 30.