Continuation-Passing Style and Strong Normalisation for Intuitionistic Sequent Calculi

The intuitionistic fragment of the call-by-name version of Curien and Herbelin's \lambda\_mu\_{\~mu}-calculus is isolated and proved strongly normalising by means of an embedding into the simply-typed lambda-calculus. Our embedding is a continuation-and-garbage-passing style translation, the inspiring idea coming from Ikeda and Nakazawa's translation of Parigot's \lambda\_mu-calculus. The embedding strictly simulates reductions while usual continuation-passing-style transformations erase permutative reduction steps. For our intuitionistic sequent calculus, we even only need"units of garbage"to be passed. We apply the same method to other calculi, namely successive extensions of the simply-typedλ-calculus leading to our intuitionistic system, and already for the simplest extension we consider (λ-calculus with generalised application), this yields the first proof of strong normalisation through a reduction-preserving embedding. The results obtained extend to second and higher-order calculi.


Introduction
CPS (continuation-passing style) translations are a tool with several theoretical uses.One of them is an interpretation between languages with different type systems or logical infra-structure, possibly with corresponding differences at the level of program constructors and computational behavior.Examples are when the source language (but not the target language): (i) allows permutative conversions, possibly related to connectives like disjunction [6]; (ii) is a language for classical logic, usually with control operators [13,16,20]; (iii) is a language for type theory [1,2] (extending (ii) to variants of pure type systems that have dependent types and polymorphism).
This article is about CPS translations for intuitionistic sequent calculi.The source and the target languages will differ neither in the reduction strategy (they will be both call-byname) nor at the types/logic (they will be both based on intuitionistic implicational logic); instead, they will differ in the structural format of the type system: the source is in the sequent calculus format (with cut and left introduction) whereas the target is in the natural deduction format (with elimination/application).From a strictly logical point of view, this seems a new proof-theoretical use for double-negation translations.
Additionally, we insist that our translations strictly simulate reduction.This is a strong requirement, not present, for instance in the concept of reflection of [34].It seems to have been intended by [1], however does not show up in the journal version [2].But it is, nevertheless, an eminently useful requirement if one wants to infer strong normalisation of the source calculus from strong normalisation of the simply-typed λ-calculus, as we do.In order to achieve strict simulation, we define continuation-and-garbage passing style (CGPS) translations, following an idea due to Ikeda and Nakazawa [20].Garbage will provide room for observing reduction where continuation-passing alone would inevitably produce an identification, leading to failure of strict simulation in several published proofs for variants of operationalized classical logic, noted by [29] (the problem being β-reductions under vacuous µ-abstractions).As opposed to [20], in our intuitionistic setting garbage can be reduced to "units", and garbage reduction is simply erasing a garbage unit.
The main system we translate is the intuitionistic fragment of the call-by-name restriction of the λµμ-calculus [5], here named λJ mse .The elaboration of this system is interesting on its own.We provide a CPS and a CGPS translation for λJ mse .We also consider other intuitionistic calculi, whose treatment can be easily derived from the results for λJ mse .Among these is included, for instance, the λ-calculus with generalised application.For all these systems a proof of strong normalisation through a reduction-preserving embedding into the simply-typed λ-calculus is provided for the first time.
The article is an extended version of the conference contribution of the same authors [12].It is organized as follows: Section 2 presents λJ mse .Section 3 compares λJ mse with other systems, and obtains as a by-product confluence of λJ mse .Sections 4 deals with the C(G)PS translation of λJ mse and its subsystems.Section 5 extends the results to systems F , F ω and intuitionistic higher-order logic.Section 6 compares this work with related work and concludes.

An intuitionistic sequent calculus
In this section, we define and identify basic properties of the calculus λJ mse .A detailed explanation of the connection between λJ mse and λµμ is left to the next section.
There are three classes of expressions in λJ mse : Terms can be variables (of which we assume a denumerable set ranged over by letters x, y, w, z), lambda-abstractions λx.t or coercions {c} from commands to terms 1 .A value is a term which is either a variable or a lambda-abstraction.We use letter V to range over values.
Co-terms provide means of forming lists of arguments, generalised arguments [21], or explicit substitutions.A co-term of the form (x)c binds variable x in c and provides the generalised application facility.Operationally it can be thought of as "substitute for x in c".A co-term of the form [] or u :: l is called an evaluation context and is denoted by E. An evaluation context of the form u :: l allows for multiary applications, and when passed to a term it indicates that after consumption of argument u computation should carry on with arguments in l. [] marks the end of an evaluation context and compensates the impossibility of writing (x)x.
A command tl has a double role: if l is of the form (x)c, tl is an explicit substitution; otherwise, tl is a general form of application.
In writing expressions, sometimes we add parentheses to help their parsing.Also, we assume that the scope of binders λx and (x) extends as far as possible.Usually we write only one λ for multiple abstraction.
In what follows, we reserve letter T ("term in a large sense") for arbitrary expressions.We write x / ∈ T if x does not occur free in T .Substitution [t/x]T of a term t for all free occurrences of a variable x in T is defined as expected, where it is understood that bound variables are chosen so that no variable capture occurs.
Evidently, syntactic classes are respected by substitution, i. e., [t/x]u is a term, [t/x]l is a co-term and [t/x]c is a command.
The calculus λJ mse has a form of sequent for each class of expressions: Letters A, B, C are used to range over the set of types (=formulas), built from a base set of type variables (ranged over by X) using the function type (that we write A ⊃ B).In sequents, contexts Γ are viewed as finite sets of declarations x : A, where no variable x occurs twice.The context Γ, x : A is obtained from Γ by adding the declaration x : A, and will only be written if this yields again a valid context, i. e., if x is not declared in Γ.Similarly, Γ, ∆ is the union of Γ and ∆, and assumes that the sets of variables declared in Γ and ∆ are disjoint.We can think of a term (resp.co-term) as an annotation for a selected formula in the rhs (resp.lhs).Commands annotate sequents generated as a result of logical cuts, where there is no selected formula on the rhs or lhs; as such we write them on top of the sequent arrow.
The typing rules of λJ mse are presented in Figure 1, stressing the parallel between left and right rules.
The following other forms of cut are admissible as typing rules for substitution for each class of expressions: We also have the usual weakening rules: If a sequent with context Γ is derivable and Γ is replaced by a context Γ ′ that is a superset of Γ, then also this sequent is derivable.We consider the following base reduction rules on expressions: where, in general, l@l ′ is a co-term that represents an "eager" concatenation of l and l ′ , viewed as lists, and is defined as follows2 : []@l ′ = l ′ (u :: l)@l ′ = u :: (l@l ′ ) ((x)tl)@l ′ = (x)t (l@l ′ ) The one-step reduction relation → is inductively defined as the term closure of the reduction rules, by adding the following closure rules to the above initial cases of →: The reduction rules β, π and σ are relations on commands.The reduction rule µ (resp.ǫ) is a relation on co-terms (resp.terms).Rules β and σ generate and execute an explicit substitution, respectively.Rule π appends fragmented co-terms, bringing the term t of the π-redex {tl}E closer to root position.Also, notice here the restricted form of the outer co-term E. This restriction characterizes call-by-name reduction [5].A µ-reduction step that is not at the root has necessarily one of two forms: (i) t(x)xl → tl, which is the execution of a linear substitution; (ii) u :: (x)xl → u :: l, which is the simplification of a generalised argument.Rule µ undoes the sequence of inference steps consisting in unselecting a formula and giving it the name x, followed by immediate selection of the same formula.The proviso x / ∈ l guarantees that no contraction was involved.Finally, rule ǫ erases an empty list under { }.Notice that empty lists are important under (x).Another view of ǫ is as a way of undoing a sequence of two coercions: the "coercion" of a term t to a command t[], immediately followed by coercion to a term {t[]}.By the way, {c}[] → c is a π-reduction step.Most of these rules have genealogy: see Section 3.2.
The βπσ-normal forms are obtained by constraining commands to one of the two forms V [] or x(u :: l), where V, u, l are βπσ-normal values, terms and co-terms respectively.The βπσǫ-normal forms are obtained by requiring additionally that, in coercions {c}, c is of the form x(u :: l) (where u, l are βπσǫ-normal terms and co-terms respectively).βπσǫ-normal forms correspond to the multiary normal forms of [35].If we further impose µ-normality as in [35], then co-terms of the form (x)x(u :: l) obey to the additional restriction that x occurs either in u or l.
Subject reduction holds for →, i. e., the following rules are admissible: This fact is established with the help of the admissible rules for typing substitution and with the help of yet another admissible form of cut for typing the append operator: We offer now a brief analysis of critical pairs in λJ mse3 .
There is a self-overlap of π ({{tl}E ′ }E), there are overlaps between π and any of β ({(λx.t)(u:: l)}E), σ ({t(x)c}E) and ǫ (the latter in two different ways from {t[]}E and {{tl}[]}).Finally, µ overlaps with σ in two different ways from t(x)xl for x / ∈ l and (x)(x(y)c) for x / ∈ c.The last four critical pairs are trivial in the sense that both reducts are identical.Also the other critical pairs are joinable in the sense that both terms have a common → * -reduct.We only show this for the first case: {tl}E ′ → t(l@E ′ ) by π, hence also {{tl}E ′ }E → {t(l@E ′ )}E =: L. On the other hand, a direct application of π yields {{tl}E ′ }E → {tl}(E ′ @E) =: R.
Thus the critical pair consists of the terms L and R. L → t((l@E ′ )@E) and R → t(l@(E ′ @E)), hence L and R are joinable by associativity of @.
We remark that the first three critical pairs (like the one just shown) are of a particularly simple nature: The forking term is of the form {c}E with c any of the command redexes, i. e., a left-hand side of β, π or σ.The L term is obtained by reducing c to the respective right-hand side c ′ of that rule, and the R term comes from applying π at the root.Since c ′ is again a command, L = {c ′ }E can be reduced by π to a term L ′ .The decisive feature of @ is that R → L ′ by an instance of the rule c → c ′ where the co-term part l of c = tl is replaced by l@E.
Since the critical pairs are joinable, the relation → is locally confluent [27].Thus, from Corollary 4.5 below and Newman's Lemma, → is confluent on typable terms.Confluence on all terms is proved in the next section.

Comparison with other systems
In this section we show that λJ mse can be generated "from above" -being the intuitionistic fragment of the call-by-name restriction of Curien and Herbelin's λµμ-calculus; and "from below" -being the end-point of a spectrum of successively more general intuitionistic systems, starting from the ordinary λ-calculus.This latter result, by showing that the systems in the spectrum are subsystems of λJ mse , will allow us to adapt easily the result about λJ mse to (new) results about its subsystems.In addition, we will obtain, as a by-product, a proof of confluence for λJ mse even for the untypable terms.
3.1.λJ mse as the intuitionistic fragment of CBN λµμ.After a recapitulation of a call-by-name version of λµμ-calculus, we restrict it to the intuitionistic case and rediscover λJ mse .
3.1.1.The call-by-name λµμ-calculus.Here, we recall the Curien and Herbelin's λµμ-calculus [5].More precisely, we only consider implication (i.e., we do not include the subtraction connective) and we present the call-by-name restriction of the system.
Expressions are either terms, co-terms or commands and are defined by the following grammar: There is one kind of sequent per each syntactic class Γ ⊢ t : A|∆ Γ|e : A ⊢ ∆ c : (Γ ⊢ ∆) Typing rules are given in Figure 2.
There are 6 substitution operations altogether:  [33], with three provisos.First, the β-rule for the subtraction connective is not included.Second, in the π-rule, the co-term involved is an evaluation context E; this is exactly what characterizes the call-by-name restriction of λµμ [5].Third, the naming of the rules is non-standard.Curien and Herbelin (and Polonovski as well) name rules π and σ as µ, μ, respectively.The name µ has moved to the rule called se in [33].By symmetry, the rule called sv by Polonovski is now called μ.The reason for this change is explained below by the spectrum of systems in Section 3.2: the rule we now call π (resp.µ) is the most general form of the rule with the same name in the system λJ (resp.λJ m ), and therefore its name goes back to [21] (resp.[10], actually back to [35]).
3.1.2.The intuitionistic fragment of CBN λµμ.The following description is in the style of Section 2.13 of Herbelin's habilitation thesis [18].
Let * be a fixed co-variable.Finally, [E/ * ]l is written l@E.

3.2.
A spectrum of intuitionistic calculi.The calculus λJ mse can also be explained as the end product of successive extensions of the simply-typed λ-calculus through several intuitionistic calculi, as illustrated in Fig. 3 β, π, µ, σ, ǫ empty lists of arguments The scheme for naming systems and reduction rules intends to be systematic (and in particular explains the name λJ mse ).
The path between the two end-points of this spectrum visits and organizes systems known from the literature.λJ is a variant of the calculus ΛJ of [21].λJ m is a variant of the system in [10].λJ mse is studied in [9] under the name λ Gtz .This path is by no means unique.Other intermediate systems could have been visited (like the multiary λ-calculus λ m , named λP h in [10]), had the route been a different one, i. e., had the different new features been added in a different order.The reader is referred to the literature for the specific motivations underlying the introduction of the intermediate systems λJ, λJ m , and λJ ms .Here, their interest lies in being the successive systems obtained by the addition, in a specific order, of the features exhibited by λJ mse .Each system L ∈ {λJ, λJ m , λJ ms } embeds in the system immediately after it in this spectrum, in the sense of allowing a mapping that strictly simulates reduction.Hence, strong normalisation is inherited from λJ mse all the way down to λJ.Also, each L ∈ {λJ, λJ m , λJ ms } has, by composition, an embedding g L in λJ mse .Let us see all this with some detail.

λJ-calculus.
The terms of λJ are generated by the grammar: ) is called generalised application.Following [21], (u, x.v) is called a generalised argument; they will be denoted by the letters R and S. Typing rules for x and λx.t are as usual, and the new rule is that of generalised application, given in Figure 4.
Reduction rules are as in [21], except that π is defined in the "eager" way: where the generalised argument R@S is defined by recursion on R: for V a value, i. e., a variable or a λ-abstraction.The operation @ is associative, which allows to join the critical pair of π with itself as before for λJ mse .The other critical pair stems from the interaction of β and π and is joinable as well.
Strong normalisation of typable terms immediately follows from that of ΛJ in [22], but in the present article, we even get an embedding into λ.
Although we won't use it, we recall the embedding J : λ → λJ just for completeness: We offer now a new, lighter, presentation of the system in [10].The expressions of λJ m are given by the grammar: The application t(u, l) is both generalised and multiary.Multiarity is the ability of forming a chain of arguments, as in t(u 1 , u 2 :: u 3 :: (x)v).By the way, this term is written t(u 1 , u 2 :: ) in the syntax of [10].There are two kinds of sequents: Γ ⊢ t : A and Γ|l : Typing rules are given in Figure 5.
We re-define reduction rules of [10] in this new syntax.Rule µ can now be defined as a relation on co-terms.Rule π is changed to the "eager" version, using letters R and S for generalised arguments, i. e., elements of the form (u, l).
The generalised argument R@S is defined with the auxiliary notion of the co-term l@S that is defined by recursion on l by (u :: l)@S = u :: (l@S) ((x)V )@S = (x)V S, for V a value ((x)t(u, l))@S = (x)t(u, l@S) Then, define R@S by (u, l)@S = (u, l@S).Since the auxiliary operation @ can be proven associative, this also holds for the operation @ on generalised arguments.Apart from the usual self-overlapping of π that is joinable by associativity of @, there are critical pairs between β i and π that are joinable.The last critical pair is between β 1 and µ and needs a β 2 -step to be joined.
The embedding m : λJ → λJ m is given by The expressions of λJ ms are given by: The construction tl has a double role: either it is a generalised and multiary application t(u :: l) or it is an explicit substitution t(x)v.See Figure 6 for the typing rules.
The reduction rules are as follows: where the co-term l@l ′ is defined by Again, @ is associative and guarantees the joinability of the critical pair of π with itself.The critical pairs between β and π and between σ and µ are joinable as for λJ mse .The overlap between σ and π is bigger than in λJ mse since the divergence arises for t((x)v)(u :: l) with v an arbitrary term whereas in λJ mse , there is only a command at that place.Joinability is nevertheless easily established.
Comparing these reduction rules with those of λJ m , there is only one β-rule, whose effect is to generate a substitution.There is a separate rule σ for substitution execution.The embedding s : λJ m → λJ ms is defined by Finally, let us compare λJ ms and λJ mse .In the former, any term can be in the scope of a selection (x), whereas in the latter the scope of a selection is a command.But in the latter we have a new form of co-term [].Since in λJ mse we can coerce any term t to a command t[], we can translate λJ ms into λJ mse , by defining e((x)t) = (x)e(t)[].In fact, one has to refine this idea in order to get strict simulation of reduction.The embedding e : λJ ms → λJ mse is defined as Proof.Preservation of typability and types is immediate by induction on typing derivations.
For strict simulation, we prove by induction ) and e((x)t) → + e((x)t ′ ), for any t, t ′ ∈ λJ ms which for f ∈ {s, e} requires simultaneous proof of: l → l ′ =⇒ f (l) → + f (l ′ ).We show only some details of the proof of (iii).(The other statements have simpler proofs.)In the cases where t → R t ′ (resp.l → l ′ ), with R ∈ {β, π, µ}, in λJ ms , we have e(t) → R e(t ′ ) and e((x)t) → R e((x)t ′ ) (resp.e(l) → R e(l ′ )) in λJ mse .The proof relative to π-steps requires commutation of the embedding with the append operator, that is requires the identity: e(l@l ′ ) = e(l)@e(l ′ ), for any l, l ′ ∈ λJ ms .For σ-steps the situation is different: one σ-step in λJ ms gives rise to one σ-step in λJ mse but also, possibly, to π and ǫ steps.We consider below the base case of σ-reduction.The following two observations are needed: (1) (y)e(t)[] → * π e((y)t), for any t ∈ λJ ms and any variable y; (2) [e(t)/x]e(u) → * π e([t/x]u), for any t, u ∈ λJ ms and any variable x.In the first observation, one can say more specifically that no π-step is required if t is a value and otherwise, if t is a command, exactly one π-step of the form {c}[] → c is needed (with c a command).The second observation uses the first and is proved simultaneously with its analogue for co-terms.
Let us then consider the case where we have the reduction t(x)v → [t/x]v in λJ ms .We concentrate on the sub-case v = V .(The other sub-case, where v = t 0 l 0 , is similar.) above) Now we need to prove: e((y)t(x)v) → + e((y)[t/x]v).We consider the possible forms of V .Sub-sub-case Hence, thanks to Newman's lemma, all systems are confluent on typable terms since they are strongly normalizing, as shown in the later sections.We also believe that the usual methods that show the diamond property for properly defined notions of parallel reduction would yield confluence of all our systems.The aim of this section is to give indirect proofs for the systems of the spectrum, by inheriting confluence that is already known.Firstly, we argue about confluence of λJ and λJ m .Secondly, we define and study a mapping from λJ ms to λJ m .Thirdly, we apply the "interpretation method" to obtain confluence also of λJ ms .Finally, we do the same for λJ ms and λJ mse in order to infer confluence of λJ mse .
Confluence of λJ can be obtained from confluence of the original system λJ in [21] where π is lazy.Below we call π the original lazy version of π, which reduces t(u, x.v)Sonly to t(u, x.vS) (for v a value V , there is no difference between π and π).Confluence for → βπ is obtained from confluence of → βb π in the same way as in [11]  ), for all t ′ , t ′′ in λJ, where notation π(t ′ ) represents the π normal form of term t ′ (definable by recursion on t ′ , using a very eager form of generalised application [21]), allow to conclude that t 1 , t 2 both βπ-reduce to π(t 3 ).
Proof.The proof above holds if β is replaced by βµ.In particular, we have (1) ), for all t ′ , t ′′ in λJ m .Now consider confluence of λJ ms .In this case, we cannot rely on a previous result of confluence for some variant of the system.Instead, we will lift the confluence result of [11] to λJ ms .First, we define a mapping ( ) † : λJ ms → λJ m in Figure 7. (1) For all t ∈ λJ ms , t The claim is proved together with the similar claim for l ∈ λJ ms by simultaneous induction on t and l.
2. The claim is proved together with the similar claim for l → l ′ in λJ ms .The proof is by simultaneous induction on t → u and l → l ′ .The proof uses the following facts: i) and (iv) are proved by case analysis of l. (ii) is proved by induction on l 1 .(iii) is proved together with [t † /x]l † = ([t/x]l) † by simultaneous induction on v and l.Finally we consider confluence of λJ mse .We will lift confluence of λJ ms .First, we define a mapping ( ) • : λJ mse → λJ ms in Figure 8 whose intuitive idea is that, in some sense, λJ mse is a subsystem of λJ ms -precisely the subsystem where selection is restricted to the cases (x)x and (x)tl.Proposition 3.6.
(1) For all t ∈ λJ mse , e(t Proof.Claim 1 is proved together with the similar claim e(l • ) → * µ l, by simultaneous induction on t and l.
Claim 2 for µ and ǫ is a direct verification.Since there are no commands in λJ ms , one would have to study always two versions of β, π and σ: once inside braces {}, once bound by (y).However, since all three rules have the form t 1 l 1 → t 2 l 2 , it suffices to • for them.For σ, we also need the facts and for the non-nil case of π, the fact l • @(u 1 :: l 1 ) • → µ (l@u 1 :: l 1 ) • is proved by induction on l.
The first statement of the previous proposition is an obstacle to an immediate application of the "interpretation method", because the µ-reduction goes in the wrong direction.We overcome this by observing that, as a consequence of e(t • ) → * µ t, we have t → * µ µ(e(t • )).(Here µ is the function that assigns the µ-normal form of an expression.Clearly, reduction rule µ alone is terminating and locally confluent, hence confluent.)So, in the proof of confluence (Theorem 3.8 below) there will be an extra step relying on the properties of mapping µ, which is explicitly given in Figure 9.
Proof.The claim is proved together with the similar claim for l → l ′ by simultaneous induction on t → u and l → l ′ .The proof makes use of the following facts: (i) (x)µ(t)µ(l) → = µ µ((x)tl); (ii) commutation of mapping µ with substitution; (iii) commutation of mapping µ with append.Fact (i) is immediate from definition.Facts (ii) and (iii) are proved by easy inductions.Notice that we might have inferred confluence of λJ mse of that of the call-by-name λµμ-calculus, presented in Section 3.1.1:if this calculus is confluent, then its intuitionistic fragment is confluent as well since it has just the same rules on a subset of terms, co-terms and commands that is closed under reduction.Finally, its isomorphic copy λJ mse would be confluent as well.However, we are not aware of a proof of confluence of our version of call-by-name λµμ-calculus: the calculus considered in [25] does not have the rules µ and μ, has a more restrictive notion of evaluation contexts and imposes σ-reduction immediately following applications of β.As mentioned above, we would expect that the standard direct proof methods would be applicable to establish confluence of all of the systems considered in this section.

CGPS translations
In this section we define a CPS translation for λJ mse into the simply-typed λ-calculus and show how it fails to provide a strict simulation of reduction.Next we refine the CPS translation to a CGPS translation of λJ mse and show that strict simulation of reduction is obtained.Strong normalisation for λJ mse follows.Finally, we adapt the CGPS translation to the subsystems of λJ mse .4.1.CPS translation for λJ mse .We assume the reader is familiar with simply-typed lambda-calculus (we write A ⊃ B for the function type A → B and → β for the one-step reduction relation).Fix a ground type (some type variable) ⊥.Then, ¬A := A ⊃ ⊥, as usual in intuitionistic logic.While our calculus is strictly intuitionistic in nature, a double-negation translation nevertheless proves useful for the purposes of establishing strong normalisation, as has been shown by de Groote [6] for disjunction with its commuting conversions.A type A will be translated to A = ¬¬A * , with the type A * defined by recursion on A (where the definition of A is used as an abbreviation): The symmetrically-looking definition of (A ⊃ B) * is logically equivalent to A ⊃ ¬¬B.The additional double negation of B is needed even for weak simulation to hold.See Subsection 4.4 for a discussion of this issue.
The translation of all syntactic elements T will be presented in Plotkin's [32] colon notation (T : K) for some term K taken from simply-typed λ-calculus.A term t of λJ mse will then be translated into the simply-typed λ-term t = λk.(t: k) with a "fresh" variable k (one that is not free in t).The definition of (T : K) in Figure 10 uses the definition of t as an abbreviation (the variables m, w are supposed to be "fresh", in the obvious sense).The translation admits the typing rules of Figure 11. 6Only the first premise in these three rules refers to λJ mse , the other ones to simply-typed λ-calculus.Γ is derived from Γ by replacing every x : C in Γ by x : C. As a direct consequence (to be established during the proof of the above typings), type soundness of the CPS translation follows: Γ ⊢ λJ mse t : A =⇒ Γ ⊢ λ t : A This CPS translation is also sound for reduction, in the sense that each reduction step in λJ mse translates to zero or more β-steps in λ-calculus.Because of the collapsing of some reductions, this result does not guarantee yet strong normalisation of λJ mse .Proposition 4.1.If t → u in λJ mse , then t → * β u in the λ-calculus.Proof.Simultaneously we prove T → T ′ =⇒ (T : K) → * β (T ′ : K) for T, T ′ terms, co-terms or commands.More specifically, at the base cases, the CPS translation does the following: it identifies ǫ and π-steps, sends one µ-step into zero or more β-steps in λ-calculus and sends one β or σ-step into one or more β-steps in λ-calculus.Some comments on lemmata used in this proof can be found in the next section.4.2.CGPS translation for λJ mse .This is the central mathematical finding of the present article.It is very much inspired from a "continuation and garbage passing style" translation for Parigot's λµ-calculus, proposed by Ikeda and Nakazawa [20].While they use garbage to overcome the problems of earlier CPS translations that did not carry β-steps to at least one β-step if they were under a vacuous µ-binding, as reported in [29], we ensure strict simulation of ǫ, π and µ.Therefore, we can avoid the separate proof of strong normalisation of permutation steps alone that is used in addition to the CPS in [6] (there in order to treat disjunction and not for sequent calculi as we do).
Our CGPS translation passes "garbage", in addition to continuations.We mean by "garbage" λ-terms, denoted G, that are carried around for their operational properties, not for denotational purposes.They inhabit a type ⊤, of which we only require that there is a term s : ⊤ ⊃ ⊤ such that s G → + β G.This can of course be realized by any type, with s := λx.x, but it is useful, in view of a comparison with [20], to have in mind another realization, namely ⊤ :=⊥⊃⊥ and s := λx.[x; λz.z].Here we are using the abbreviation [t; u] := (λx.t)u for some x / ∈ t.Then, [t; u] → β t, and Γ ⊢ t : A and Γ ⊢ u : B together imply Γ ⊢ [t; u] : A (as a derived typing rule of simply-typed λ-calculus).This is a form of "deliberate garbage" that is used in [20].Instead of s G, we will write s(G).We will also speak about "units of garbage".This is so because, in our translation, garbage will always have one of the forms g (a variable), s(g), s(s(g)), etc.We say that s(G) has one more "unit of garbage" than G, or that, in s(G), G is "incremented".In the particular realization ⊤ :=⊥⊃⊥, s(G) = β [G; λz.z]; we may regard λz.z (which lives in ⊤) as the "unit" that is added to G.In [20], garbage is built by "adding" a continuation K to G, as in [G; K].
The only change w. r. t. the type translation in CPS is that, now, is used throughout, hence, again, X * = X and (A ⊃ B) * = ¬B ⊃ ¬A.
We define the simply-typed λ-term (T : G, K) for every syntactic construct T of λJ mse and simply-typed λ-terms G and K.Then, the translation of term t is defined to be t = λgk.(t: g, k) with "new" variables g, k, that is again used as an abbreviation inside the recursive definition of (T : G, K) in Figure 12 (the variables m, w are again "fresh"). 7 If one removes the garbage argument, one precisely obtains the CPS translation.The translation admits the typing rules of Figure 13.
For Γ see the previous section.Therefore (and to be proven simultaneously), the CGPS translation satisfies type soundness, i. e., Γ ⊢ t : A implies Γ ⊢ t : A. Lemma 4.2.In λJ mse the following holds: (1) for T any u, l or c, and, in particular, 7 There is a slight, but important, difference between the definition of the CGPS translation presented here and that presented in [12].In [12], several clauses in the definition of (l : G, K) or (c : G, K) contained garbage increment s(G), whereas in the present definition those increments are, so to speak, concentrated in the clause for ({c} : G, K).The importance of this re-definition is that it makes the purpose of those increments more perspicuous -see the discussion around the simulation theorem below.For the sake of a precise connection between the two definitions, let us write the translation of [12] as [T : G, K] and t.Then, by an easy induction, one obtains (t : β (l@(u :: l ′ ) : G, K) Proof.1./2./3.Each one by simultaneous induction on terms, co-terms and commands.Notice that the second statement has to be proven simultaneously, but that it follows immediately from the particular case T = u of the first statement. 4.
(by 2.) where ( * ) is justified by the fact that g occurs in (t : g, K), as guaranteed by 3.
5. Straightforward case analysis on l.
6. Case analysis on l.
({tl}(u :: The cases corresponding to the closure rule t → t ′ =⇒ tl → t ′ l (resp.l → l ′ =⇒ tl → tl ′ ) can be proved by case analysis on l (resp.l → l ′ ).The cases corresponding to the other closure rules follow by routine induction.Remark 4.4.Unlike the failed strict simulation by CPS reported in [29] that only occurred with the closure rules, the need for garbage in our translation is already clearly visible in the subcase E = [] for π and the case ǫ.But the garbage is also effective for the closure rules, where the most delicate rule is the translation of t(u :: l) that mentions l and u only in the continuation argument K to t's translation.Lemma 4.2.3 is responsible for propagation of strict simulation.The structure of our garbage -essentially just "units of garbage" -can thus be easier than in the CGPS in [20] for λµ-calculus since there, K cannot be guaranteed to be a subterm of (T : G, K), again because of the problem with void µ-abstractions.The solution of [20] for the most delicate case of application is to copy the K argument into the garbage.We do not need this in our intuitionistic calculi.However, since we need garbage for some base cases, we also had to make sure that reductions in garbage arguments are not lost during propagation through the closure rules.
Let us compare the CPS and CGPS translations in order to understand how garbagepassing ensures strict simulation.The analogue to Lemma 4.2 for the CPS translation is obtained by erasing garbage throughout, and replacing → + β by equality in items 4 and 7, and by → * β in item 6.So, the properties of the CGPS translation are as "good" as those of the CPS translation, and at least a weak simulation could be expected.
An inspection of the proofs of Lemma 4.2 and Theorem 4.3 shows that the CGPS translation generates reduction sequences which, so to speak, differ from those generated by CPS translation by the insertion of sequences of the form s(G) → + β G.The point is that the CGPS translation does such insertion at all points where the CPS does an undesired identification (although it also does at other points where such insertion is unnecessary).
The ultimate cause for the existence of such dynamic garbage decrement steps is the static garbage increment contained in the clauses defining (x : G, K) and ({c} : G, K).Moreover, it can be argued that the clause for (x : G, K) is responsible for strict simulation of µ-steps, whereas the clause for ({c} : G, K) is the cause for strict simulation of π-or ǫ-steps.
The key for strict simulation of µ-steps is Lemma 4.2.6.An inspection of the proof shows that garbage plays no role in the case l = (y)c (which already generated reduction steps through the CPS translation), and that, had (x : G, K) been defined as xGK, the same identifications obtained before with the CPS translation would have arisen again in the cases l = [] and l = u :: l ′ .The definition of (x : G, K) causes many garbage decrement steps, which are useless most of the time (typically adding to the administrative steps, already generated in the case of the CPS translations, that mediate between [t/x]u and [t/x]u), but not so in the particular situations described in the cases l = [] and l = u :: l ′ of Lemma 4.2.6.
The role of clause ({c} : G, K) is plain for ǫ and the case E = [] of π.As to the case E = u :: l ′ , it suffices to observe that (tl : G, λm.m(l ′ : G, K)u) = (t (l@(u :: l ′ )) : G, K) (as an inspection of the proof of Lemma 4.2.7 easily shows).So, again, had ({c} : G, K) been defined as (c : G, K), the same identifications of π-or ǫ-steps obtained before with the CPS translation would have arisen.The definition of ({c} : G, K) means that garbage-passing does, among other things, some form of counting braces.The braces decrement observed in π-or ǫ-steps in the source is reflected by garbage decrement steps in the target.
Recalling our discussion in Section 2, we already could have inferred strong normalisation of λJ mse from that of λµμ, which has been shown directly by Polonovski [33] using reducibility candidates and before by Lengrand's [23] embedding into a calculus by Urban that also has been proven strongly normalizing by the candidate method.Our proof is just by a syntactic transformation to simply-typed λ-calculus.
Since each of m, s and e preserves typability and strictly simulates reduction (Proposition 3.1), it follows from Corollary 4.5 that: Corollary 4.6.The typable terms of λJ ms , λJ m and λJ are strongly normalising.

4.3.
CGPS translations for subsystems.We define CGPS translations for λJ ms , λJ m and λJ.The translation of types is unchanged.In each translation, we just show the clauses that are new.
(3) Finally, for λJ: In the case of λJ ms , the distinction between (tl : G, K) and (tl; G, K) is consistent with the distinction, in λJ mse , between ({c} : G, K) and (c : G, K). 8  These translations are coherent with the CGPS translation for λJ mse : Proposition 4.7.Let L ∈ {λJ ms , λJ m , λJ}.Let f L be the embedding of L in the immediate extension of L in the spectrum of Fig. 3, and let g L be the embedding of L in λJ mse .Then, for all t ∈ L, t = f L (t).Hence, for all t ∈ L, t = g L (t).
Therefore, since each of m, s and e, as well as the CGPS translation of λJ mse , preserves typability, so does each CGPS translation of the subsystems.
Proof.By Propositions 3.1 and 4.7 and Theorem 4.3.
8 We take the opportunity to correct a mistake in the CGPS translations for the subsystems of λJ mse given in [12].The mistake was that some clauses in the definition of those translations lacked a needed case analysis.We repair the mistake now, using in this footnote the notations (T : G, K) and t with their meanings in [12].For λJ ms : ((x)v : G, K) = λx.(v: G ′ , K), where G ′ is either s(G), if v is a value; or G, otherwise.For λJ m , it should be understood that the clause for ((x)v : G, K) just given is inherited.For λJ: Since the various CGPS translations preserve typability, Corollary 4.6 follows also from the previous theorem (and strong normalisation of the simply-typed λ-calculus).
The CGPS translations defined above for the subsystems of λJ mse , being consistent with the CGPS translation of λJ mse , have the advantage of inheriting the simulation theorem, and the disadvantage of not being optimized for the particular system on which they are defined.In fact, such translations can be optimized by omitting garbage increments s(G) in one or more of their clauses.We give one example of this phenomenon.Theorem 4.9 (Simulation).Let t and (t : G, K) be given for t ∈ λJ by: β u in the λ-calculus.Proof.Similar to, but simpler than that of Theorem 4.3.This translation obeys to the typing rules of Figure 11, but already β steps at the root do not obey to Proposition 4.1: The problem is that there is no reduction step from (λx.t)uK to (λx.tK)u in λ-calculus.Similar remarks apply to the subsystem λJ ms .
The failed simulation just illustrated would have not occurred, had the β rule been defined with implicit substitution: K) This is consistent with another fact: weak simulation, through the simpler CPS, is recovered as soon as one moves down in the spectrum to λJ m or λJ (systems where β-reduction employs implicit substitution).For these systems, the combination of garbage passing with the simpler CPS delivers strict simulation.The theorem below exemplifies the situation with λJ (to be compared with Theorem 4.9).Theorem 4.10 (Simulation).For a type A, let A = ⊤ ⊃ ¬¬A * , X * = X and (A ⊃ B) * = A ⊃ B and for t ∈ λJ, let t = λgk.(t: g, k) and (t : G, K) be defined as β u in the λ-calculus.Proof.The proof of ( 1) is based on the fact that the first rule of Figure 13 is still admissible.Property (2) follows along the lines of theorems 4.9 and 4.3, requiring some properties analogous to those in Lemma 4.2.We illustrate below the base case for β (problematic for λJ mse and λJ ms , as explained above): Note that this translation of types, variables and λ-abstractions coincides with that of [20].Evidently, the case of generalized application is new since it was not considered there.Only here is the need for a garbage increment.
Finally, let us observe that the extra double negation in (A ⊃ B) * has to be integrated as ¬B ⊃ ¬A, and not as A ⊃ ¬¬B.Had the latter alternative been adopted, and again, already for CPS, we would lose weak simulation.The CPS would then be defined by: (λx.t : K) = K(λxw.wt)(u :: l : K) = λw.w(λm.mu(l: K)) (t(u :: l) : K) = (t : λm.mu(l : K)) With these definitions, one calculates: Again, the undirected = β -step cannot be dispensed with by reduction steps in λ-calculus.

Higher-Order Systems
In this section, we extend the CGPS translation to, and obtain strong normalisation for, the extensions of λJ mse described in the following table : intuitionistic logic sequent calculus natural deduction system propositional λJ mse λ second-order propositional λ2J mse λ2 higher-order propositional λωJ mse λω higher-order predicate λHJ mse λH Such extensions constitute several systems of intuitionistic logic formulated as sequent calculi, and have a corresponding natural deduction system.The latter are formulated as domain-free type theories [3], and all but one belong to the domain-free cube.The only exception is λH, which is a domain-free formulation of Geuvers' treatment of higher-order intuitionistic logic [14].
Each CGPS translation goes from a sequent calculus to the corresponding natural deduction system, where the latter is expected to satisfy strong normalisation.This is the case for the systems in the domain-free cube [3].As to λH, it is well known that it is a pure type system [14] which, in addition, has a functional specification [3].Now op.cit.
shows that in such cases, strong normalisation of the domain-full system implies the same property for the domain-free one.Therefore, we infer from the strong normalisation of Geuvers' system that of λH.
The formulation of the systems of higher order (unlike those at second order) require the introduction of an upper level of domains of quantification and their inhabitants.In order to avoid that these technicalities blur the simplicity by which the properties of the CGPS extend beyond the (zero-th order) propositional case, we decided to develop first the second-order case with the simplest formulation, even at the price of a little amount of redundancy.
5.1.Second Order.All the results of the previous sections readily extend to the second order which is one of the important advantages of double-negation translations w. r. t.Gödel's negative translation (employed for first-order λµ-calculus by Parigot [31]).In order to give an idea of how to proceed, we will sketch how to equip λJ mse by a second-order universal quantifier (yielding system λ2J mse ) and how to extend the CGPS translation of λJ mse into simply-typed λ-calculus to a translation of λ2J mse into a "domain-free" version λ2 [3] of second-order λ-calculus a. k. a. system F [15]. 5.1.1.System λ2.To recall, system F corresponds to second-order propositional logic and consequently also has the types of the form ∀X.A. Therefore, also on the type level, we need to allow silent renaming of bound variables.Just as it is done in [20], we stay with the Curry-style typing of our previous systems but nevertheless add ΛX.t and tA to the term syntax for λ, for universal introduction and universal elimination, respectively.These two constructions normally belong to the typing discipline à la Church, but in addition to λ, they give (a variant of) system λ2 of [3].The new typing rules are: with [B/X]A denoting type substitution, where RIntro2 is under the proviso that X is not free in any type in Γ.The new reduction rule is β2: with [B/X]T type substitution in term t.It is shown in [3] that strong normalisation of typable terms is inherited from the same property for system F , that has been established by Tait's refinement [37] of Girard's weak normalisation proof [15].5.1.2.System λ2J mse .For λ2J mse , we also extend the term syntax by ΛX.t and extend the co-term syntax by A :: l that count among the evaluation contexts.The cases u :: l and A :: l can be uniformly seen as U :: l, where U now stands for a term or type.Type substitution [B/X]T for T a term/co-term/command can be defined in the obvious way.λ2J mse extends λJ mse also by the rule RIntro2 above and by Γ|l : The notion l@l ′ is redefined with u replaced by U (and stays associative), and the admissible typing rules for substitution, weakening and @ carry over from λJ mse , as well as the obvious typing rules for type substitution.The only new reduction rule is So, term substitution is dealt with in an explicit way in λ2J mse , but type substitution is still left implicit.This gap would be annoying for dependently-typed systems, see [24] for a proposal that solves this problem.The one-step reduction relation takes into account the new syntactic constructions, and subject reduction follows.

CGPS translation.
The CGPS-translation of λJ mse into λ is now extended to a CGPS of λ2J mse into λ2.Unlike the case of implication, no further double negation w. r. t. [20] has to be added, since our sequent calculi do not provide an explicit type substitution; we set (∀X.A) * = ∀X.A .Evidently, ([B/X]A) * = [B * /X]A * , hence (but to be proven simultaneously) [B/X]A = [B * /X]A.We extend the definition of (T : G, K) for λJ mse , with G, K terms of λ2, by The clause for ΛX.t is taken from [20].This extended translation obeys to the same typing as for λJ mse (now always w. r. t. λ2), hence satisfies type soundness.
Now we prove the following theorem just as before Theorem 4.  A technically more involved CGPS for the Church-style version of λ2J mse into Churchstyle system F can be given along the lines of [26], where the colon translation has to be made relative to a context Γ. 5.2.F ω and Higher-Order Logic.In the second order systems, one assumes that X in the quantification ∀X.A ranges over the domain P ROP of all propositions (or types).In this subsection we study systems allowing the formation of other domains of quantification, usually denoted D, E. Quantification now has the form ∀X : D.A, but, at the proof-term level, abstraction ΛX.t remains domain-free.
In the following we formulate intuitionistic higher-order predicate logic, both in the natural deduction format λH, and the sequent calculus format λHJ mse .A minor restriction in each of these systems gives two formulations (λω and λωJ mse , respectively) of intuitionistic higher-order propositional logic, or system F ω .5.2.1.Domains of quantification.Domains (of quantification) are given by: D, E ::= P ROP | X | D → D X ranges over a set of domain variables.These play the role of "sorts" in multi-sorted first-order logic.The set of domains is very much like Church's structure of simple types, except that, besides P ROP (the type of propositions), Church only admitted one other base type ι of individuals.
Next come the propositional, or type, or individual, function(al)s: A These are the inhabitants of domains.X ranges over a set, whose elements may be seen as type variables, or propositional variables, or individual variables, etc.In the last case a meta-variable like x would be more expressive.Also, one may employ meta-variables ϕ and ψ instead of A, if one wants to emphasize that the inhabitant is a proposition, or t if one wants to emphasize that the inhabitant lives in some domain of individuals X. ⋋X.A and AB are the generic, and usual, mechanism for building inhabitants at all levels of the domain structure. 9he relationship between domains and their inhabitants is governed by domain assignment rules.Let ∆ range over consistent sets of declarations X : D. Such rules derive sequents of the form ∆ ⊢ A : D, as described in Figure 14.Besides the ordinary rules of the simply-typed λ-calculus, one has two formation rules.If ∆ ⊢ A : P ROP , then we say that A is a ∆-proposition, or just proposition.Alternative terminology is "formula" or "type".
Finally, the inhabitants of domains may reduce according to the following reduction rule: The given definition of domains, their inhabitants, and the derivable sequents ∆ ⊢ A : D remains fixed for the rest of this subsection (that is, in all the systems λω, λH, λωJ mse , and λHJ mse ), except for one thing: in λω and λωJ mse , domain variables X are not allowed.5.2.2.Systems λω and λH.We now define the natural deduction system λH and its minor variant λω.Specifically, we define proof expressions and their "typing" rules, that is, the rules governing what expressions inhabit what propositions.At this level, the systems λω and λH are indistinguishable; indeed, the single difference is the one already pointed out at the domains level.
In addition, at this level, also λH and λ2 would be indistinguishable, provided that (i) we had defined λ2 with a trivial domain level D = P ROP , and with formal "domain assignment rules" generating the types/ propositions; (ii) we wrote ∀X : D.A and not just ∀X.A; (iii) sequents Γ ⊢ t : A carried an outer set ∆ declaring necessary variables X with domain P ROP .So, what follows may be used as a recapitulation of λ2.
In λH one has the following proof terms:  Proof expressions are capable of β 0 -reduction, via the closure rule B → β 0 B ′ =⇒ B :: l → β 0 B ′ :: l.
5.2.4.CGPS translations.We will see that, when the CGPS translation is extended to λωJ mse and λHJ mse , its properties (type soundness and the simulation theorem) remain valid and are proved almost verbatim relative to the second-order case.Here is an explanation.The proofs of the properties of the CGPS translation have two components.The first component is a proof that the CGPS translation behaves well relative to domain inhabitants/assignment.This comprises (i) domain soundness (Lemma 5.4 below); (ii) commutation with substitution of type variables X; (iii) simulation of β 0 (Lemma 5.5).This component depends on the domain inhabitants/assignment and inhabitants reduction (β 0 ) of the system where the translation is defined.Very little variation exists between λ2J mse , λωJ mse , and λHJ mse regarding these aspects, the only singularity being that there is no β 0 at second order.The second component is the proper proofs of type soundness and strict simulation, which are all the same for λ2J mse , λωJ mse , and λHJ mse , except for one inductive case of the strict simulation theorem, absent in λ2J mse , and relative to β 0 reduction at proof-expression level.We define a CGPS translation from λHJ mse to λH.It can be seen as a CGPS translation from λωJ mse to λω as well, and generalises only slightly the previous CGPS translation from λ2J mse to λ2, by providing translations for ⋋X.A and AB.
Domains remain fixed, but their inhabitants are translated as in Figure 17.Recall that the relation of domain assignment of λHJ mse is the same as that of λH.Such relation is intended in the following result.

Further remarks
Contributions.This article provides reduction-preserving CGPS translations of λJ mse and other intuitionistic calculi, hence obtaining embeddings into the simply-typed λ-calculus and proving strong normalisation.As a by-product, the connections between systems like λJ and λJ m and the intuitionistic fragment of λµμ are detailed, and confluence for them obtained.It is shown that all the results smoothly extend to systems with quantification over propositions and even functionals over propositions and (many-sorted) individuals.In all cases, the sequent-calculus format is embedded into the natural-deduction style.
This article provides, in particular, a reduction-preserving CGPS translation for the lambda-calculus with generalised applications λJ.[30] covers full propositional classical logic with general elimination rules and its intuitionistic implicational fragment corresponds to λJ.However, [30] does not prove a strict simulation by CPS (permutative conversions are collapsed), so an auxiliary argument in the style of de Groote [6], involving a proof in isolation of SN for permutative conversions, is used.
In Curien and Herbelin's work [5,18] one finds a CPS translation ( ) n of the call-byname restriction of λµμ.We compare ( ) n with our ( ). (i) ( ) n generalises Hofmann-Streicher translation [19]; ( ) generalises Plotkin's call-by-name CPS translation [32].(ii) ( ) n does not employ the colon operator; ( ) does employ (we suspect that doing administrative reductions at compile time is necessary to achieve strict simulation of reduction); (iii) ( ) n is defined for expressions where every occurrence of u :: l is of the particular form u :: E; no such restriction is imposed in the definition of ( ). (iv) at some points it is unclear what the properties of ( ) n are, but no proof of strong normalisation is claimed; the CGPS ( ) strictly simulates reduction and thus achieves a proof of strong normalisation.
Higher-order sequent calculi.Our formulations of system F ω and higher-order logic in the sequent calculus format were helpful for showing the wide applicability of the CGPS technique.Nevertheless, they are another experience in the formulation of type theories as sequent calculi [24].We adopted the guideline that only proof-expression could suffer a change in the proof-theoretical format, but other, more "uniform", possibilities exist, where also the domain assignment relation is changed to the sequent calculus format.An improvement, in view of proof-search, is to restrict the conversion rule of the typing system to an expansion rule [36].Finally, in λHJ mse , λωJ mse , and λ2J mse we re-encounter explicit substitutions in higher-order type theories [4,28], but with a simpler treatment (no explicit execution) and in a simpler setting (no dependent types).
Future work.We plan to extend the technique of continuation-and-garbage passing to λµμ and to dependently-typed systems.We tried to extend the CGPS to CBN λµμ, but already for a CPS translation, we do not see how to profit from the continuation argument for the translation of co-terms and commands.Moreover, a special case of the rule we call π corresponds to the renaming rule a(µb.M ) → [a/b]M of λµ-calculus.This rule is evidently not respected by the CGPS translation by Ikeda and Nakazawa [20] (nor by the CPS they recall) since the continuation argument K is omitted in the interpretation of the left-hand side but not in the right-hand side.So, new ideas or new restrictions will be needed.

[
E/ * ] t|e = t|[E/ * ]e [E/ * ](u :: e) = u :: [E/ * ]e [E/ * ] * = E [E/ * ](μx.c)= μx.[E/* ]c If we define rule π as µ * .t|e |E → t|[E/ * ]e and [E/ * ](μx.t|e ) = μx.t|[E/ * ]e we can avoid using [E/ * ]c altogether.The λJ mse -calculus is obtained from the intuitionistic fragment as a mere notational variant.The co-variable * disappears from the syntax.The co-term * is written [].{c} is the coercion of a command to a term, corresponding to µ * .c.This coercion is what remains of the µ binder in the intuitionistic fragment.Since there is no µ, there is little sense for the notation μ.So we write (x)c instead of μx.c.Reduction rule μ now reads {t[]} → t and is renamed as ǫ.Sequents Γ|e : A ⊢ * : B and c : (Γ ⊢ * : B) are written Γ|e : A ⊢ B and Γ c −→ B. Co-terms are ranged over by l (instead of e) and thought of as generalised lists.

Figure 7 :
Figure 7: Translation of λJ ms into λJ m

Figure 13 :
Figure 13: Admissible typing rules for CGPS translation of λJ mse

4. 4 .
C(G)PS translations with less double negations.Our definition of (A ⊃ B) * produces a type logically equivalent to A ⊃ ¬¬B, which has an extra double negation of B when compared with traditional CPS's.One may wonder what happens if one sets (A ⊃ B) * = A ⊃ B. There is no problem in defining a CPS translation based on that, but we would even lose weak simulation in the form of Proposition 4.1.Let us take the simplified type translation, whose new clauses are: (λx.t : K) = K(λx.t)(u :: l : K) = λw.w(λm.(l: K)(mu)) (t(u :: l) : K) = (t : λm.(l : K)(mu))

Figure 14 :
Figure 14: Domain assignment rules for higher-order logic

t
, u, v ::= x | λx.t | tu | ΛX.t | tA Proof terms are assigned to propositions through proposition assignment rules, which generate sequents of the form ∆; Γ ⊢ t : A according to the rules of Figure 15.Here Γ is a consistent set of declarations x : A; in addition we expect ∆ ⊢ Γ : P ROP and

Figure 18 :Corollary 5 . 8 .
Figure 18: Admissible proposition assignment rules for CGPS translation of λHJ mse , which includes both natural deduction systems and sequent calculi other than λJ mse .
For many purposes, it should suffice to have local confluence, which we do have for all the systems of this article, since in all of them, the critical pairs are joinable.