A Theory of Explicit Substitutions with Safe and Full Composition

Many different systems with explicit substitutions have been proposed to implement a large class of higher-order languages. Motivations and challenges that guided the development of such calculi in functional frameworks are surveyed in the first part of this paper. Then, very simple technology in named variable-style notation is used to establish a theory of explicit substitutions for the lambda-calculus which enjoys a whole set of useful properties such as full composition, simulation of one-step beta-reduction, preservation of beta-strong normalisation, strong normalisation of typed terms and confluence on metaterms. Normalisation of related calculi is also discussed.


Introduction
This paper is about explicit substitutions (ES), a formalism that -by decomposing the implicit substitution operation into more atomic steps -allows a better understanding of the execution models of higher-order languages.
Indeed, higher-order substitution is a meta-level operation used in higher-order languages (such as functional, logic, concurrent and object-oriented programming), while ES is an object-level notion internalised and handled by symbols and reduction rules belonging to their own worlds.However, the two formalisms are still very close, this can be easily seen for example in the case of the λ-calculus whose solely reduction rule is given by (λx.t) v → β t{x/v}, where the operation t{x/v} denotes the result of substituting all the free occurrences of x in t by v, a notion that can be formally defined modulo α-conversion 1 as follows: x{x/v} := v y{x/v} := y x = y (u 1 u 2 ){x/v} := u 1 {x/v}u 2 {x/v} (λy.u){x/v} := λy.u{x/v}The simplest way to specify a λ-calculus with ES is to incorporate substitution operators into the language, then to transform the equalities of the previous specification into a set of reduction rules (so that one still works modulo α-conversion).The following reduction system, known as λx [Lin86, Lin92, Ros92, BR95], is thus obtained.
The λx-calculus corresponds to the minimal behaviour2 that can be found among the calculi with ES appearing in the literature (equivalent minimal behaviours can be found, for example, in [Cur91,BBLRD96,KR98]).However, when using this simple operational semantics, outermost substitutions must be always delayed until the total execution of all the innermost substitutions appearing in the same environment.Thus for example, the propagation of the outermost substitution [x/v] in the term (zyx)[y/xx][x/v] must be delayed until [y/xx] is first executed on zyx.
This restriction can be recovered by the use of more sophisticated interactions, known as composition of substitutions, which allow in particular the propagation of substitutions through other substitutions.Thus for example, (zyx)[y/xx][x/v] can be reduced to (zyx)[x/v][y/(xx)[x/v]], which can be further reduced to (zyv)[y/vv], a term equal to (zyx)[y/xx]{x/v}, where {x/v} is the meta/implicit substitution that the explicit substitution [x/v] is supposed to implement.
In these twenty last years there has been a growing interest in λ-calculi with ES.They can be defined either with unary [Ros92,LRD94] or n-ary [ACCL91, HL89] substitutions, by using de Bruijn notation [dB72, dB78], or levels [LRD95], or nominal logic [GP99], or combinators [GL99], or director strings [SFM03], or ... simply by named variables as in the λx-calculus.Besides different notations, a calculus with ES can be also seen as a term notation for a logical system where the reduction rules behave like cut elimination transformations [Her94,DU01,KL08].
In any case, all these calculi were introduced as a bridge between formal higher-order calculi and their concrete implementations.However, implementing an atomic substitution operation by several elementary explicit steps comes at a price.Indeed, while λ-calculus is perfectly orthogonal (in particular does not have critical pairs), calculi with ES such as λx suffer at least from the following well-known diverging example: Different solutions were adopted in the literature to close this diagram.If no new rewriting rule is added to those of the minimal λx-calculus, then reduction turns out to be confluent on terms but not on metaterms (terms with metavariables used to represent incomplete programs and proofs).If liberal rules for composition are considered, as in λσ, λσ ⇑ , or λs e [KR97], then one recovers confluence on metaterms but loses preservation of β-strong normalisation (PSN) as not all the β-strongly normalising terms remain normalising in the corresponding ES version.This phenomenon, known as Melliès' counterexample [Mel95] (see also [BG99] for later counterexamples in named calculi), shows a flaw in the design of ES calculi since they are supposed to implement their underlying calculus (in our case the λ-calculus) without losing its good properties.
There are many ways to avoid Melliès' counter-example in order to recover the PSN property.One can forbid the substitution operators to cross λ-abstractions or avoid composition of substitutions.One can also impose a simple strategy on the calculus with ES to mimic exactly the calculus without ES.The first solution leads to weak lambda calculi [LM99,For02], not able to express strong beta-equality (used for example in implementations of proof-assistants).The second solution [BBLRD96] is drastic when composition of substitutions is needed for implementations of HO unification [DHK00] or functional abstract machines [LM99,HMP96].The last one does not take advantage of the notion of ES because they can be neither composed nor even delayed.
Fortunately, confluence on metaterms and preservation of β-strong normalisation can live together, this is for example the case of λ ws [DG99, DG01] and λlxr, which both introduce a controlled notion of composition for substitutions.Syntax of λ ws is based on terms with explicit weakening constructors.Its operational semantics reveals [DCKP00] a natural understanding of ES in terms of Linear Logic's proof-nets [Gir87], which are a geometrical representation of linear logic sequent proofs that incorporate a clear mechanism to control weakening and contraction.Weakening, viewed as erasure, and contraction, viewed as duplication, are precisely the starting points of the λlxr-calculus whose syntax is obtained by incorporating these new operators to the λ-terms.The reduction system of λlxr contains 6 equations and 19 rewriting rules, thus requiring a big number of cases when developing some combinatorial reasoning.This is notably discouraging when one needs to check properties by cases on the reduction step; a reason why confluence on metaterms for λlxr is just conjectured but not still proved.Also, whereas λlxr gives the evidence that explicit weakening and contraction are sufficient to verify all the properties expected from a calculus with ES, there is no justified reason to think that they are also necessary.
We choose here to use simple syntax in named variable notation style to define a formalism with full and safe composition that we call λex-calculus.Thus, we dissociate the operational semantics of the calculus from all the renaming details that are necessary to specify higher-order substitution on terms that are implemented by non-trivial technologies such as de Bruijn indices or nominal notation.Even if our choice implies the use of α-equivalence, we think that this presentation is more appropriate to focus on the fundamental (operational) properties of full and safe composition.It is now perfectly well-understood in the literature how to translate terms with named variables into other notations, so that we expect these translations to be able to preserve all the properties of the λex-calculus.
The λex-calculus is obtained by extending λx with one rewriting rule to specify composition of dependent substitutions and one equation to specify commutation of independent substitutions.This will turn out to be essential to obtain a safe notion of full composition which does not need anymore the complex manipulation of explicit operators for contraction and weakening used in λlxr to guarantee PSN.The substitutions of λex are defined by means of unary constructors but have the same expressive power as n-ary substitutions.Indeed, while simultaneous substitutions are specified by lists (given by n-ary substitutions) in λσ, they are modelled by sets (given by commutation of independent unary substitutions) in λex.
We thus achieve the definition of a concise language being easy to understand, and enjoying a useful set of properties: confluence on metaterms (and thus on terms), simulation of one-step β-reduction, full composition, preservation of β-strong normalisation and strong normalisation of typed terms (SN).
Most of the available SN proofs for calculi with composition are not really first-hand: either one simulates reduction by means of another well-founded relation, or SN is deduced from a sufficient property, as for example PSN.Proofs using the first technique are for example those for λ ws in [DCKP03] and λlxr [KL07], based on the well-foundedness of the reduction relation for multiplicative exponential linear logic (MELL) proof-nets [Gir87].An example of SN proof using the second technique is that for λes, where PSN is obtained by two consecutive translations, one from λes into a calculus with ES and weakening, the second one from this intermediate calculus into the Church-Klop's Λ I -calculus [Klo80].In both cases the resulting proofs are long, particularly because they make use of normalisation properties of other (related) calculi.
It is then desirable to provide more direct arguments to prove normalisation properties of full and safe composition, thus avoiding unnecessary detours through other complex theories.And this becomes even necessary when one realises that normalisation of a calculus which allows duplication of void substitutions, such as λex, cannot be understood in terms of calculi like MELL proof-nets where such behaviour is impossible.
The technical tools used in the paper to show PSN for λex are the following.We first define a perpetual reduction strategy for λex: if t can be reduced to t ′ by the strategy, and t ′ ∈ SN λex , then t ∈ SN λex .In particular, since the perpetual strategy reduces t[x/u] to t{x/u}, one has to show that normalisation of Implicit substitution implies normalisation of Explicit substitution.More precisely, In other words, explicit substitution implements implicit substitution but nothing more than that, otherwise one may get calculi such as λσ where t[x/u] does much more than t{x/u}.A consequence of the IE property is that standard techniques to show SN based on meta-substitution can also be applied to calculi with ES, thus simplifying the reasoning considerably.Indeed, the perpetual strategy is used to give an inductive characterisation of the set SN λex by means of just four inference rules.This inductive characterisation is then used to show that untyped terms preserve β-strong normalisation and that typed terms are in SN λex .At the end of the paper we also show how SN of other calculi with or without full composition can be obtained from SN of λex.
All our proofs are developed using simple logical tools: intuitionistic reasoning, induction, reasoning by cases on decidable predicates.All this gives a constructive (no use of classical logic) flavour to the whole development.
The proof technique used to show the IE property is mostly inspired from the PSN proofs used for the non equational systems λx and λ ws in [LLD + 04] and [ABR00].Current investigations carried out in [SvO07] show PSN for different calculi with (full or not) composition.The approach is based on the analysis of minimal non-terminating reduction sequences.The calculus proposed in [Sak] specifies commutation of independent substitutions by a non-terminating rewriting system (instead of an equation), thus leading to complicated notions and proofs.This paper extends some ideas summarised in [Kes07,Kes08], particularly by the use of intersection types to characterise the set SN λex as well as the use of the Z-property of van Oostrom [vO] to show confluence.It is organised as follows.Section 2 introduces syntax and reduction rules for the λex-calculus.The perpetual strategy for λex is introduced in Section 3 together with its corresponding Perpetuality Theorem.This fundamental theorem is proved thanks to a key property whose proof is left to Sections 4 and 5.The equivalence between intersection typed and β-strongly normalising terms is given in Section 6.In Section 7 we explain how to infer SN for other calculi with ES.In Section 8 we prove confluence for metaterms.Finally we conclude and give directions for further work in Section 9.

Syntax
The λex-calculus can be viewed as a simple extension of the λx-calculus.The set of terms (meta-variables s, t, u, v) is defined by the following grammar.
Free and bound variables of t, written respectively fv(t) and bv(t), are defined by induction as follows: fv(x) Thus, λx.t and t[x/u] bind the free occurrences of x in t.
The congruence generated by renaming of bound variables is called α-conversion.Thus for example (λy.x)[x/y] = α (λz.x ′ )[x ′ /y].Given a term of the form t[x/u][y/v], the two outermost substitutions are said to be independent iff y / ∈ fv(u), and dependent iff y ∈ fv(u).Notice that in both cases we can always assume x / ∈ fv(v) by α-conversion.We use the notation t n for a list of n (n ≥ 0) terms t 1 , . . ., t n and ut n for ut 1 . . .t n , which is in turn an abbreviation of (. . .((ut 1 )t 2 ) . . .t n ).
Meta-substitution on terms is defined modulo α-conversion in such a way that capture of variables is avoided.It is given by the following equations.Besides α-conversion, we consider the equations and rewriting rules in Figure 1.Notice that α-conversion allows to assume that there is no capture of variables in the previous equations and rules.Thus for example we can assume y = x and y / ∈ fv(v) in the rewriting rule Lamb.Same kind of assumptions are done for the rewriting rule Comp and the equation C.
The rewriting relation → Bx is generated by all the rewriting rules in Figure 1 and → x is only generated by the five last ones.The equivalence relation = e is generated by the conversions α and C. The reduction relations → ex and → λex are respectively generated by Figure 1: The λex-calculus the rewriting relations → x and → Bx modulo = e (thus specifying rewriting on e-equivalence classes): As an example, an inductive definition of N F λex can be given by: t Again for any reduction relation R, a term t is said to be R-strongly normalising, written t ∈ SN R , if there is no infinite R-reduction sequence starting at t, in which case the notation η R (t) means the maximal length of a R-reduction sequence starting at t.An inductive definition of SN R is usually given by: The notation → * R (resp.→ + R ) is used for the reflexive (resp.reflexive and transitive) closure of → R .Thus in particular, if t → * λex t ′ in 0 reduction steps, then t = e t ′ .The following basic properties can be shown by a straightforward induction on the reduction relation.
As explained in Section 1 the composition rule Comp and the equation C guarantee the following property: Lemma 2.2 (Full Composition for Terms).Let t, u be terms.Then t All the other cases are straightforward.
Simulation of one-step β-reduction is then a direct consequence of full composition.

Perpetuality and Preservation of Normalisation
A perpetual strategy gives an infinite reduction sequence for a term, if one exists, otherwise, it gives a finite reduction sequence leading to some normal form.Perpetual strategies, introduced in [BBKV76], can be seen as antonyms of normalising strategies, they are particularly used to obtain normalisation results.We refer the reader to [vRSSX99] for more details.
Perpetual strategies can be specified by one or many steps.In contrast to one-step strategies for ES given for example in [Bon01a], we now define a many-step strategy giving a reduct for any t / ∈ N F λex .This is done according to the following cases.
apply full composition to the head redex s[x/u] by using as many steps as necessary.Formally, Definition 3.1 (A Strategy for Terms).The strategy on terms is given by an inductive definition.
The strategy is deterministic so that t u and t v imply u = v.Moreover, the strategy is not necessarily leftmost-outermost or left-to-right because of the (p-subs1) rule: substitution propagation can be performed in any order.Notice that the syntactical details concerning the manipulation of substitutions are completely hidden in the definition of the strategy which is only based on the full composition property.This makes the results of this section to be abstract and modular.A basic property of the strategy is: By induction on the definition of the strategy using Lemma 2.2.
The strategy turns out to be perpetual, that is, terminating terms are stable by antireduction (also called expansion).The proof of this property is presented in a modular way, by leaving all the details concerning the particularities of the substitution calculus to one single statement, called the IE property (Lemma 5.9) and fully developed in the next section.
Proof.By induction on the definition of the strategy .
We show (λx.s)uu n ∈ SN λex by induction on η λex (s) + η λex (u) + Σ i∈1...n η λex (u i ).For that, it is sufficient to show that every λex-reduct of (λx.s)uu n is in SN λex .If the reduction takes place in a subterm of (λx.s)uu n , then the property holds by the i.h.Otherwise (λx.s)uu n → B s[x/u]u n which is in SN λex by hypothesis.We thus conclude (λx.s)uu n ∈ SN λex .
∈ SN ex and u ∈ SN λex we can get any proposition, so in particular t ∈ SN λex .
Then the IE property (Lemma 5.9 in Section 4) allows to conclude.All the other cases are straightforward.
An inductive syntactic characterisation of the set SN λex can be now given using the perpetual strategy.This kind of characterisation is usually useful when developing SN proofs.An inductive syntactic definition of SN terms for the λ-calculus is given for example in [vR96].It was then extended in [LLD + 04, Bon01b] for calculi with ES, but using many different inference rules to characterise SN terms of the form t[x/u].We just give here one inference rule for each possible syntactical form.Definition 3.4 (Inductive Characterisation of SN λex ).The inductive set ISN is defined as follows: Proof.If t ∈ SN λex , then t ∈ ISN is proved by induction on the lexicographic pair η λex (t), t .If t ∈ ISN , then t ∈ SN λex is proved by induction on t ∈ ISN using Theorem 3.3.
The PSN property received a lot of attention in calculi with explicit substitutions, starting from an unexpected result given by Melliès [Mel95] who has shown that there are βstrongly normalisable λ-terms that are not strongly normalisable in calculi with composition such as λσ [ACCL91].Since then, many formalisms with and without composition have been shown to enjoy PSN.The proof technique used in this paper to show PSN is based on the Perpetuality Theorem and is mostly inspired from [ABR00, LLD + 04, ABR00].However, the use of two quite abstract concepts, namely, full composition and the IE property, makes our proof much more modular than the existing ones.
For that, it is sufficient to show that every λex-reduct of t is in SN λex .Now, if the λex-reduct of t comes from an internal reduction, then conclude with the i.h.Otherwise, t → λex t ′ which is already in SN λex .

The Labelling Technique
This section develops the key technical tools used to guarantee that the strategy (Definition 3.1) is perpetual.More precisely, we want show that normalisation of Implicit substitution implies normalisation of Explicit substitution: For that we adapt the labelling technique [DG01, ABR00,Bon01b] to the equational case.The technique can be summarised by the following steps: (1) Use a labelling to mark some λex-strongly normalising terms used as substitutions.
Thus for example t[[x/u]] indicates that u ∈ T & u ∈ SN λex .(2) Enrich the original λex-reduction system with a relation ex used only to propagate terminating labelled substitutions.Let λex be the enriched calculus.
We now develop the first and second points, leaving the two last ones to Section 5.
Definition 4.1 (Labelled Terms).Given a finite set of variables S, the S-labelled terms (or simply labelled terms if S is clear from the context), are defined by the following grammar: Thus, labelled substitutions can only contain terms so in particular they cannot contain other labelled substitutions.Notice that all the terms (as defined in Section 2) are labelled terms, but some terms with arbitrary labels are not.Labelled terms need not be confused with the decent terms of [Blo97] which do not have labels at all and are not stable by reduction.
We can always assume that subterms λx.u, u[x/v] and u[[x/v]] inside t ∈ L S are s.t.x / ∈ S. Indeed, α-conversion allows to choose names outside S for the bound variables of labelled terms.As a consequence, no substitution (labelled or not) can be used to affect the bodies of other labelled substitutions (whose free variables are all in S).That means also that given a term t having a subterm u[[x/v]], no free occurrence of y in v can be bound in the path leading to the root of t.In other words, the bodies of labelled Figure 2: The ex-calculus substitutions are safe since they are already normalising and cannot loose normalisation after reduction/substitution.The idea behind the operational semantics of labelled terms, specified by the equations and reduction rules in Figure 2, is that labelled substitutions may commute/traverse ordinary substitutions but these last ones cannot traverse the labelled ones.
The rewriting relation → x is generated by the rewriting rules in Figure 2 and the equivalence relation = e is generated by the conversions α and C. The reduction relation → ex is generated by the rewriting relation → x modulo = e .In particular, both relations → x and → ex enjoy termination (see Lemma 4.7).An even richer reduction relation λex can be defined on labelled terms by adding to ex the old reduction relation λex but now on labelled terms.That is, → λex is defined as the union of the rewriting relations → Bx and → x on labelled terms modulo α ∪ C ∪ C-equivalence classes: In order to show that u ∈ SN λex & t{x/u}v n ∈ SN λex imply t[[x/u]]v n ∈ SN λex we first need to relate the λex-reduction relation to that of the λex-calculus.For that, the reduction relation λex, which is defined on labelled terms, is split in two relations λex i and λex e , on labelled terms as well, which will both be projected into λex-reduction sequences.More precisely, λex i can be weakly projected (eventually empty steps) into λex while λex e can be strongly projected (at least one step) into λex e (details in the forthcoming Lemma 5.2).Definition 4.2 (Internal and External Reductions).The internal reduction relation → λex i on labelled terms is given by adding to ex the λex-reduction relation in the bodies of labelled substitutions.Formally, → λex i is taken as the following reduction relation The external reduction relation → λex e on labelled terms is given by λex-reduction on labelled terms everywhere except inside bodies of labelled substitutions.Formally, → λex e is taken as the following reduction relation → λx e on α ∪ C ∪ C-equivalence classes: Since λex i -reduction will only be weakly projected into λex, we need to guarantee that there are no infinite λex i -reduction sequences starting at labelled term.This is exactly the goal of the final part of this section.We will then use this result in Section 5 to relate termination of λex to that of λex (Corollary 5.4).Definition 4.4 (A Decreasing Measure for Comp).For every variable x / ∈ S, the function af x ( ) counts the number of bodies of non-labelled substitutions having free occurrences of x.Formally, af x ( ) is defined on labelled terms as follows.
A second function dep( ) counts the total number of af x ( ) in a labelled term t, and this for all variables x which are bound by some labelled substitution of t.Definition 4.5 (A Decreasing Measure for x \ Comp).We consider the following function K( ) on terms: In order to extend K( ) on terms to K( ) on labelled terms we define a special measure for λex-strongly normalising terms.Thus, given u ∈ SN λex , let us consider φ(t) := 1 + η λex (t) + maxK λex (t), where maxK λex (t) := max{K(t ′ ) | t → * λex t ′ } Notice that φ is well-defined since λex-strongly normalising terms have only a finite set of reducts.Notice also that φ(t) ≥ 2 for every term t.Moreover, t → λex t ′ implies η λex (t) > η λex (t ′ ) and maxK λex (t) ≥ maxK λex (t ′ ) so that φ(t) > φ(t ′ ).
We can now consider the following function K( ) on labelled terms.
, then the property trivially holds by the i.h.

The IE Property
This section is devoted to show the IE Property, this is done by using the labelled terms introduced in Section 4 as an intermediate formalism between t{x/u}v n and t[x/u]v n .More precisely, we split the IE Property in two different steps: In order to relate reduction steps in λex to reduction steps in λex we use a function xc from labelled terms to terms which computes all the labelled substitutions as follows: Lemma 5.2 (Projecting λex).Let t, t ′ be labelled terms.Then, (1) By induction on the conversion relation.
(2) Internal reduction: Proof.We apply the Abstract Theorem A.2 in the Appendix A by taking A 1 = λex i , A 2 = λex e , A = λex and u R U iff xc(u) = U .Lemma 5.2 guarantees properties P1 and P2 and Lemma 4.8 guarantees property P3.We then get that xc(t) ∈ SN λex implies t ∈ SN λex i ∪λex e , which is exactly SN λex by Lemma 4.3.We thus conclude.
Proof.Take S = fv(u).The hypothesis u ∈ SN λex allows us to construct the S-labelled u}v n and we thus conclude by Lemma 5.3.Labelled terms can be unlabelled in such a way that λex-reduction on unlabelled labelled terms can be simulated by λex-reduction.
Definition 5.5 (Unlabelling).Unlabelling of labelled terms is defined by induction.

Intersection Types
The simply typed calculus is a typed lambda calculus whose only type connective is the function type.This makes it canonical, simple, and decidable [Tai67].The simply typed lambda calculus enjoys the β-strong normalisation property stating that every β-reduction sequence starting with a typed λ-term terminates.
However, some intersection type disciplines [CDC78,CDC80] are more expressive and flexible than simple type systems in the sense that not only are typed λ-terms β-strongly normalising, but the converse also holds, thus giving a characterisation of the set of βstrongly normalising λ-terms.
Intersection types for calculi with explicit substitutions have been studied in [LLD + 04, Kik07, KC].Here, we apply this technique to the λex-calculus, and obtain a characterisation of the set of λex-strongly normalising terms by means of an intersection type system.
Types are built over a countable set of atomic symbols as follows: An environment is a finite set of pairs of the form x : A. Typing judgements have the form Γ ⊢ t : A where t is a term, A is a type and Γ is an environment.The intersection type system, called System ∩, is defined by means of the set of typing rules in Figure 3.
Figure 3: System ∩: an intersection type discipline for terms A derivation of a typing judgement Γ ⊢ t : A, written Γ ⊢ ∩ t : A, is a tree obtained by successive applications of the typing rules of the system ∩.A term t is said to be ∩-typable, iff there is an environment Γ and a type A s.t.Γ ⊢ ∩ t : A. Notice that every λ-term is ∩-typable iff there is an environment Γ and a type A s.t.Γ ⊢ ∩ t : A holds in the system which only contains the typing rules {ax, abs, app, ∩ I, ∩ E} in Figure 3.
The well-known characterisation of the set of β-strongly normalising λ-terms reads now as follows: A subtyping relation on intersection types is now specified by means of a preorder.This will be used to establish a Generation Lemma transforming any type derivation into a specific derivation depending only on the form of the term (and not on the type).Thus, the Generation Lemma turns out to be extremely useful to reason by induction on type derivations.
• Suppose A = C 1 ∩ C 2 and the root of the derivation is

By transitivity B ≪ A which concludes the proof of this case.
• There is no other possible case.
• Suppose the root of the derivation is • Suppose the root of the derivation is The left to right implication of point 5 follows from point 4 and Lemma 6.4.
The rest of the section is now devoted to establish some connections between typable and strongly normalisable terms in the λex-calculus.Definition 6.6.The function V( ) from terms to λ-terms is defined by induction as follows: This function is compositional with respect to substitution: Lemma 6.7.Let t, u be terms.Then V(t){x/V(u)} = V(t{x/u}).
Proof.By induction on t.
• t = x.Then x{x/u} = u ∈ SN λex by the hypothesis.
• t = yv n with x = y and n ≥ 0. The i.h.gives v i {x/u} ∈ SN λex since η λex (v i ) decreases and v i is strictly smaller than t.Then we conclude by Definition 3.4 and Proposition 3.5.
For that, it is sufficient to show that all its reducts are in SN λex .If the reduction takes place in a subterm of u, V, V n , then we conclude by the i.h.Otherwise, suppose u = λy.U and (λy. We have type(U {y/V }) = type(U ) < type(u) so that again by the i.h.we get U {y/V }V n ∈ SN λex .We conclude U [y/V ]V n ∈ SN λex by Definition 3.4 and Proposition 3.5.• t = λy.v.Then v{x/u} ∈ SN λex by the i.h. and thus t{x/u} = λx.v{x/u}∈ SN λex follows from Definition 3.4 and Proposition 3.5.• t = (λy.s)vvn .The i.h.gives S = s{x/u}, V = v{x/u} and V i = v i {x/u} in SN λex .
To show t{x/u} = (λy.S)V V n ∈ SN λex we reason by induction on η λex (S) + η λex (V ) + Σ i∈1...n η λex (V i ).For that, it is sufficient to show that all its reducts are in SN λex .If the reduction takes place in a subterm of (λy.S), V, V n , we conclude by the i.h.Otherwise suppose (λy.S) They are also typed.We claim t{x/u} = S[y/V ]V n ∈ SN λex .The perpetual strategy gives t{x/u} = S[y/V ]V n S{y/V }V n This last term can be written as T {x/u} where T = s{y/v} v n .Since η λex (T ) < η λex (t), then the i.h.gives T {x/u} ∈ SN λex and thus Theorem 3.3 gives S[y/V ]V n in SN λex .Corollary 6.15 (Simply Typed Terms are SN -Second Proof).Simply typed λex-calculus is λex-strongly normalising.
Proof.Let t be a simply typed term.We reason by induction on the structure of t.The cases t = x and t = λx.uare straightforward.If t = uv, then u, v are typed so that u, v ∈ SN λex by the i.h.We write t = (zv){z/u}, where zv is SN λex by Definition 3.4.The term zv is also appropriately typed.Lemma 6.14 then gives t ∈ SN λex .If t = u[x/v], then u, v are typed and by the i.h.u, v ∈ SN λex so that Lemma 6.14 gives u{x/v} ∈ SN λex .Definition 3.4 and Proposition 3.5 allow us to conclude u[x/v] ∈ SN λex .

Deriving Strong Normalisation for Other Related Calculi
We now informally discuss how strong normalisation of other calculi with ES (having or not safe composition) can be derived from strong normalisation of λex.
• The λx-calculus [Lin86, Lin92, Ros92] is just a sub-calculus of λex, with no equation and no composition rule.Thus, the fact that t → λx t ′ implies t → + λex t ′ is straightforward.Since simply typed terms in both calculi are the same, we thus deduce that typed terms are λx-strongly normalising.
• The λes-calculus [Kes07] can be seen as a refinement of λex, where propagation of substitution with respect to application and substitution is done in a controlled way.We refer the reader to [Kes07] for details on the rules.The fact that t → λes t ′ implies t → + λex t ′ is straightforward.Simply typed terms in both calculi are the same, we thus deduce that typed terms are λes-strongly normalising.• Milner's calculus with explicit partial substitution [Mil06], called λ sub , is able to encode λ-calculus in terms of a bigraphical reactive system.The operational semantics of λ sub is given by reduction rules which only propagate a substitution of the form [x/u] on one occurrence of the variable x at a time (see for example [Mil06] for details).In [KC] it is shown that there exists a translation T from terms to terms such that t → λ sub t ′ implies T(t) → + λes T(t ′ ).Since simply typed terms in both calculi are the same, we conclude that typed terms are λ sub -strongly normalising from the previous point.
• A λ-calculus with implicit partial β-reduction, written here λ βp , appears in [dB87].Its syntax is the one of the pure λ-calculus (so that there is no explicit substitution operator) and its semantics is similar to that of λ sub since arguments are consumed on only one occurrence at a time.Similarly to [KC] one can define a translation T from λ-terms to terms such that one-step reduction in λ βp is projected into at least one-step reduction in λ sub .Since simply typed λ-terms translate to simply typed terms, then typed λ-terms are λ βp -strongly normalising from the previous point.• David and Guillaume [DG01] defined a calculus with labels, called λ ws , which allows controlled composition of ES without losing PSN.The calculus λ ws has a strong form of composition which is safe but not full.Its simply typed named notation can be translated into simply typed terms in such a way that one-step reduction in λ ws implies at least onestep reduction in λex.Thus, SN for typed terms in λ ws is a consequence of SN for typed λex.• A calculus with a safe notion of composition in director string notation is defined in [SFM03].
The named version of this calculus can be understood as the λx-calculus together with a composition rule of the form: This composition rule can be easily simulated by the rules Comp and Gc of the λexcalculus so that the whole calculus can be simulated by λex.As a consequence, simply typed terms turn out to be strongly normalising.
• The λesw-calculus [Kes07] was used as a technical tool to show that λes enjoys PSN.
The syntax extends terms with weakening constructors so that it is straightforward to define a translation T from λesw-terms to terms which forgets these weakening operators.The reduction relation λesw can be split into an equational system E and two rewriting relations L 1 and L 2 s.t. ( The reduction relation generated by the rules L 1 modulo the equations E can be easily shown to be terminating.Also, simply typed λesw-terms trivially translate via T to simply typed terms.Thus, the Abstract Theorem given in the Appendix A allows us to conclude that typed λesw-terms are λesw-strongly normalising.

Confluence
In this section we study confluence of the λex-calculus.More precisely, we show confluence of the relation → λex on metaterms, which are terms containing metavariables denoting incomplete programs/proofs in a higher-order framework [Hue76].Metavariables should come with a minimal amount of information to guarantee that some basic operations such as instantiation (replacement of metavariables by metaterms) are sound in a typing context.We thus specify metavariables as follows.We consider a countable set of raw metavariables, denoted X, Y, . ... To each raw metariable X, we associate a set of variables ∆, thus yielding a decorated metavariable denoted by X ∆ .Thus for example X x,y,z and Y x,z are decorated metavariables.This decoration says nothing about the structure of the incomplete proof itself but is sufficient to guarantee that different occurrences of the same metavariable are never instantiated by different metaterms.
The set of metaterms is defined by the following grammar.
Notice that terms are in particular metaterms.We extend the notion of free variables to metaterms by fv(X ∆ ) := ∆.Thus, αconversion turns out to be perfectly well-defined on metaterms by extending the renaming of bound variables to the decoration sets.Thus for example λx.Y x X x,y = α λz.Y z X z,y .
Meta-substitution on metaterms extends that on terms by adding two new cases: Proof.By induction on t.
The following property holds for metaterms.
Proof.By induction on metaterms using Lemma 8.1.Notice that = e is needed for the case where t is a metavariable.
Reduction on metaterms must be understood in the same way reduction on terms: the λex-relation is generated by the → Bx -reduction relation on e-equivalence classes of metaterms.
Reduction on terms and metaterms enjoys stability by substitution and full composition.Proof.The proof can be done by induction on t using Lemma 8.1.In contrast to full composition on terms (Lemma 2.2), the property holds with an equality for the base case It is well-known that confluence on metaterms fails for calculi without composition for ES as for example the following critical pair in the λx-calculus shows Indeed, while this diagram can be closed in λx for terms without metavariables [BR95], there is no way to find a common reduct between s and s ′ whenever t is (or contains) metavariables: no λx-reduction rule is able to mimic composition on raw/decorated metavariables.Fortunately, this diagram can be closed in the λex-calculus as follows.If y ∈ fv(u), We now develop a confluence proof for metaterms which is based on the existence of a mapping allowing to verify the Z-property as stated by van Oostrom [vO].
Definition 8.5 (Z-Property).A map • from terms to terms satisfies the Z-property for a reduction relation A reduction relation → R has the Z-property if there is a map which satisfies the Z-property for → R .
It turns out [vO] that → R is confluent if it has the Z-property (see Theorem A.1 in the Appendix A), so to show confluence of λex it is then sufficient to define a map on metaterms satisfaying the Z-property.Such a map can be defined in terms of the superdevelopment function for the λ-calculus [Acz78,vR93].Definition 8.6 (Superdevelopment Function).The function • on metaterms is defined by induction as follows: X Notice that fv(t  For the second part there are two cases.− If r • is not an abstraction, then Some remarks about the application of this modular method to other calculi with ES might be interesting.On one hand, the technology presented in this paper has been successfully applied to other calculi with explicit substitutions enjoying full composition [KR09,AG09].On the other hand, full composition alone is not sufficient to achieve the SN proof, otherwise the λσ-calculus [ACCL91], which is known to not being strongly normalising [Mel95], could be treated.Indeed, our strategy is not perpetual for λσ: Melliès' counter-example is based on an infinite λσ-reduction sequence starting from a simply typed term which is not reached by our perpetual strategy.In other words, is incomplete for λσ.The definition of a perpetual strategy for λσ remains open. We believe that a de Bruijn or nominal version of λex could be useful in real implementations.In the first case, this could be achieved by using for example λσ ⇑ technology (so that equation C can be eliminated) together with some control of composition needed to guarantee strong normalisation.
Another interesting issue is the extension of Pure Type Systems (PTS) with ES in order to improve the understanding of logical systems used in theorem-provers.Work done in this direction is based on sequent calculi [LDM06] or natural deduction [Muñ01].The main contribution of λex with respect to the formalisms previously mentioned would be the safe notion of full composition.

•
The other cases are similar since xc does not alter application, lambda and substitution.Bx t ′ using Lemma 2.1.• If tu → λx e t ′ u, ut → λx e ut ′ , λx.t → λx e λx.t ′ , t[x/u] → λx e t ′ [x/u] or u[x/t] → λx e u[x/t ′ ] comes from t → λx e t ′ , then xc(t) → + λex xc(t ′ ) by the i.h. and thus the property holds by definition of xc and the fact that xc does not alter application, lambda and substitution.• If t[[x/u]] → λx e t ′ [[x/u]] comes from t → λx e t Lemma 5.3.Let t be a labelled term.If xc(t) ∈ SN λex , then t ∈ SN λex .