Modular Termination for Second-Order Computation Rules and Application to Algebraic Effect Handlers

We present a new modular proof method of termination for second-order computation, and report its implementation SOL. The proof method is useful for proving termination of higher-order foundational calculi. To establish the method, we use a variation of semantic labelling translation and Blanqui's General Schema: a syntactic criterion of strong normalisation. As an application, we apply this method to show termination of a variant of call-by-push-value calculus with algebraic effects and effect handlers. We also show that our tool SOL is effective to solve higher-order termination problems.


Introduction
Computation rules such as the β-reduction of the λ-calculus and arrangement of letexpressions are fundamental mechanisms of functional programming. Computation rules for modern functional programming are necessarily higher-order and are presented as a λ-calculus extended with extra rules such as rules of let-expressions or first-order algebraic rules like "0 + x → x".
The termination property is one of the most important properties of such a calculus because it is a key to ensuring the decidability of its properties. A powerful termination checking method is important in theory and in practice. For instance, Agda and Coq perform termination checking before type checking for decidable type checking. Haskell's type families [CKJM05,CKJ05] have several syntactic restrictions on the form of type instances to ensure termination, but a more flexible and powerful termination checking method is desirable. Although currently Haskell's rewrite rule pragma [JTH01] does not have any restriction on the rules, ideally some conditions or termination checking are necessary, because the compiler may go into an infinite loop without termination assurance.
In the situations listed above, termination is ideally checked modularly. Several reasons for it can be given. For a preorder , we write s t if s t and t s, and the transitive and irreflexive relation is called the strict part of .
2.2. Types. We assume that A is a set of atomic types (e.g. Bool, Nat, etc.). We also assume a set of type constructors together with arities n ∈ N, n ≥ 1. The sets of molecular types ( mol types, for short) T 0 and types T are generated by the following rules: b ∈ A b ∈ T 0 b 1 , . . . , b n ∈ T 0 T n-ary type constructor T (b 1 , . . . , b n ) ∈ T 0 a 1 , . . . , a n , b ∈ T 0 a 1 , . . . , a n → b ∈ T Remark 2.2. Molecular types work as "base types" in ordinary type theories. But in our usage, we need "base types" which are constructed from "more basic" types. Hence we first assume atomic types as the most atomic ones, and then generate molecular types from them. Molecular types exactly correspond to base types in [Bla00,Sta13b]. where all a i , b i , c are mol types (thus any function symbol is of up to second-order type). A sequence of types may be empty in the above definition. The empty sequence is denoted by (), which may be omitted, e.g., b 1 , . . . , b m → c , or () → c. The latter case is simply denoted by c. We assume two disjoint syntactic classes of letters, called metavariables (written as capital letters M, N, K, . . .) and variables (written usually x, y, . . .). The raw syntax is given as follows.
These forms are respectively variables, abstractions, and function terms, and the last form is called a meta-application. We may write x a 1 1 , . . . , x an n . t (or x a .t) for x a 1 1 . · · · .x an n . t, and we assume ordinary α-equivalence for bound variables. Hereafter, we often omit the superscript of variables x a i i . We also assume that all bound variables and free variables are mutually disjoint in computation steps to avoid α-renaming during computation. If computation rules do not satisfy this property, we consider suitable variants of the rules by renaming free/bound (meta)variables. A metavariable context Z is a sequence of (metavariable:type)-pairs, and a context Γ is a sequence of pairwise distinct (variable:mol type)-pairs. Thus writing a context Γ, Γ , we implicitly mean that Γ and Γ are disjoint. A judgment is of the form A meta-term t is called well-typed if Z Γ t : c is derived by the typing rules in Fig. 1 for some Z, Γ, c.  Γ , 2.4. Contextual sets of meta-terms. In the proofs of this paper, we will use the structure of type and context-indexed sets. A contextual set A is a family {A b (Γ) | b ∈ T , context Γ} of sets indexed by types and variable contexts. Set operations such as ∪, , ∩ are extended to contextual sets by index-wise constructions, such as A ∪ B by context Γ}. Throughout this paper, for a contextual set A, we simply write a ∈ A if there exist b, Γ such that a ∈ A b (Γ). The indices are usually easily inferred from context. A map f : A → B between contextual sets is given by indexed Examples of contextual sets are the contextual sets of meta-terms M Σ Z and of terms T Σ V defined by for a given signature Σ. We call a meta-term t Σ-meta-term if t is constructed from Σ and (meta)variables, i.e., t ∈ M Σ Z for some Z.
The notation t {x 1 → s 1 , . . . , x n → s n } denotes ordinary capture avoiding substitution that replaces the variables with terms s 1 , . . . , s n .
Remark 2.5. The map θ : M Σ Z → T Σ V is the substitution operation of terms for metavariables, and is a homomorphic extension of θ : Z → T Σ V, depicted as the diagram of Figure 3, where η Z embeds metavariables to meta-terms. It shows that θ is a unique . This formal language allowed him to consider a general framework of rewrite rules for calculi with variable binding. The structure of meta-terms has clean algebraic properties. The contextual set T Σ V forms an initial Σ-monoid [FPT99] and M Σ Z forms a free Σ-monoid over Z [Ham04,Fio08]. These algebraic characterisations have been applied to the complete algebraic charactersisation of termination of second-order rewrite systems [Ham05] and higher-order semantic labelling [Ham07]. The polymorphic and precise algebraic characterisation of abstract syntax with binding and substitution were given in [FH13].
2.5. Computation rules. First we need the notion of Miller's second-order pattern [Mil91]. A second-order pattern is a meta-term in which every occurrence of meta-application is of the form M [x 1 , . . . , x n ], where x 1 , . . . , x n are distinct bound variables. For meta-terms Z : b and Z r : b using a signature Σ, a computation rule is of the form Z ⇒ r : b satisfying: (i) is a function term and a second-order pattern.
(ii) all metavariables in r appear in .
Note that and r are meta-terms without free variables, but may have free metavariables.
A computation system (CS) is a pair (Σ, C) of a signature and a set C of computation rules consisting of Σ-meta-terms. We write s ⇒ C t to be one-step computation using C obtained by the inference system given in Fig. 2. We may omit some contexts and type information of a judgment, and simply write it as Z ⇒ r : b, ⇒ C r, or ⇒ r if they are clear from the context. From the viewpoint of pattern matching, (Rule) means that a computation system uses the decidable second-order pattern matching [Mil91] for one-step computation (cf. [Ham17, Sec.6.1]) not just syntactic matching. We regard ⇒ C to be a binary relation on terms. A function symbol f ∈ Σ is called defined if it occurs at the root of the lhs of a rule in C. Other function symbols in Σ are called constructors.
Example 2.6. The simply-typed λ-terms on the set LamTy of simple types generated by a set of base types BTy are modeled in our setting as follows. Let A = BTy. We suppose type constructors L, Arr. The set of LamTy of all simple types for the λ-calculus is the least set satisfying We use the mol type L(a) for encoding λ-terms of type a ∈ LamTy. The λ-terms are given by a signature The β-reduction law is presented as Note that L(Arr(a, b)) is a mol type, but a → b is not a mol type. We use the following notational convention throughout the paper. We will present a signature by omitting mol type subscripts a, b (see also more detailed account [Ham18]). For example, simply writing function symbols lam and app, we mean lam a,b and app a,b in Σ stl having appropriate mol type subscripts a, b.
2.6. The General Schema. The General Schema is a criterion for proving strong normalisation of higher-order rules developed by Blanqui, Jouannaud and Okada [BJO02] and refined by Blanqui [Bla00,Bla16]. We summarise the definitions and properties of GS in [Bla00,Bla16]. The General Schema has succeeded in proving SN of various rewrite rules such as Gödel's System T. The basic idea of GS is to check whether the arguments of recursive calls in the right-hand side of a rewrite rule are "smaller" than the left-hand sides' ones. It is similar to Coquand's notion of "structurally smaller" [Coq92], but more relaxed and extended. This section reviews the definitions and the property of GS criterion [Bla00,Bla16].
We give a summary of the General Schema (GS) criterion [Bla00,Bla16] of the secondorder case. Suppose that • a well-founded preorder ≤ T on the set T of types and • a well-founded preorder ≤ Σ on a signature Σ are given. Let < T be the strict part of ≤ T , and = T ≤ T ∩ ≥ T the associated equivalence relation. Similarly for ≤ Σ .
The stable sub-meta-term ordering s is defined by s s t if s is a sub-meta-term of t and all the free variables in s appear in t.
Definition 2.7. A metavariable M is accessible in a meta-term t if there are distinct bound variables x such that M [x] ∈ Acc(t), where Acc(t) is the least set satisfying the following clauses: (a1) t ∈ Acc(t).
Definition 2.8. Given f ∈ Σ, the computable closure CC f (t) of a meta-term f (t) is the least set CC satisfying the following clauses. All the meta-terms and abstractions below are assumed to be well-typed. 2. For any variable x, x ∈ CC.

(fun
is the lexicographic extension of the stable sub-meta-term ordering s . The labels (meta M ) etc. are used for references in a termination proof using GS.
Theorem 2.9 [Bla00,Bla16]. Let (Σ, C) be a computation system. Suppose that ≤ T and ≤ Σ are well-founded. If for all f (t) ⇒ r ∈ C, CC f (t) r, then C is strongly normalising.
Example 2.10. We consider a computation system recursor of a recursor on natural numbers. The signature Σ rec [Bla16] is given by where a ∈ LamTy, Nat ∈ BTy, and BTy and LamTy are the ones used in Example 2.6. We take preorders ≤ T , ≤ Σ to be the identities. The rules are • (meta V) is applicable. We check that V is accessible and Since succ(X) s X and U,x.y.V[x,y]∈ CC, which is easily checked, we are done.
We also check CC rec (zero,U,x.y.V[x,y]) U by (meta U). Hence the computation system is SN.

2.7.
Higher-Order Semantic Labelling. As we have seen in Example 2.10, GS checks syntactical decreasing (succ(X) s X) of an argument in each recursive call. But sometimes recursion happens with syntactically larger but semantically smaller arguments. For example, consider the following computation system of computing the prefix sum of a list ps(nil) ⇒ nil ps(cons(X,XS)) ⇒ cons(X,ps(map(y.X+y,XS))) In the final rule, ps in rhs is called with a shorter list than cons(X,XS) in lhs, but syntactically, map(y.X+y,XS) is not a sub-meta-term of cons(X,XS). Therefore, the rule does not satisfy GS. The higher-order semantic labelling method [Ham07] extending [Zan95] solves this problem, which is founded on the presheaf models of second-order syntax [FPT99,Fio08,Ham04] and computation [Ham05]. We will use a version of the method in the proof of the main theorem, hence we sketch the idea of it. The following notion is needed: a quasi-model (A, ≥) of a second-order computation system C is a second-order algebra equipped with a preorder (i.e. a weakly monotone Σ-monoid [Ham05,Ham07]) in which, for every rule ϕ is an interpretation of meta-terms using ϕ. It is called well-founded (or SN) if ≥ is well-founded. If one finds a quasi-model for a given C, then one attaches semantic elements in the quasi-model to the function symbols in the rules of C. For the case of the rules of the prefix sum, one chooses a quasi-model of natural numbers with the usual order (where ps is interpreted as counting the length of the argument list). Applying the higher-order semantic labelling method, one obtains labelled rules [Ham10]: ps n+1 (cons(X,XS)) ⇒ cons(X,ps n (map(y.X+y,XS))) for all n ∈ N, where n is a label. The labelling, in principle, does not change the computational behavior, but it is effective to prove SN because the call relation ps n+1 > ps n is well-founded, the rule can satisfy GS.
The main theorem [Ham07, Thm.3.7] of HO semantic labelling ensures that if the labelled second-order computation system combined with additional decreasing rules ps n+1 (X) ⇒ ps n (X) (which expresses compatibility of the computation relation ⇒ C with the order n + 1 > n of the quasi-model) is proved to be SN, then the original system is SN.

A Modular Termination Theorem for Second-Order Computation
In this section, we prove the main theorem of this paper. In the rest of this paper, we assume the following. Fun(−) denotes the set of all function symbols in its argument.   (iv) C is finitely branching.
(v) Both sides of each rule in C satisfy the Σ A -layer condition.
Definition 3.2. We say that a meta-term u satisfies the Σ A -layer condition if for  Note that it does not mean u is a pattern. The condition merely requires Σ A -headed sub-meta-terms of t to be patterns, and u may contain Σ B -symbols whose arguments need not to be patterns.
Note also that every sub-meta-term of a second-order pattern is again a second-order pattern. A bound variable (e.g. x) might become free in a sub-meta-term (e.g. M [x]) of a second-order pattern (e.g. f (x.M [x])), but x is "originally" a bound variable, therefore it is regarded as a bound variable in the condition of "distinct bound variables". So, M [x] is a second-order pattern. Precedence termination is a notion of termination: if C is accessible and a well-founded relation exists such that for every rule f (t) ⇒ r ∈ C, every function symbol g in r, f g holds, then C is called precedence terminating, which implies SN.
But to apply HO semantic labelling, one must first seek a well-founded quasi-model of the whole system C. A natural candidate of quasi-model for C is (T Σ V, ⇒ * A B ), i.e., all terms with the many-step computation relation using A and B, but proving that it is well-founded is difficult. In fact, it is nothing but the termination property (i.e. C is SN) we are seeking to prove. This means that the original HO semantic labelling is not quite appropriate. To overcome the difficulty, in this paper, we use a variation of the semantic labelling (Section B). Instead of requiring a quasi-model of the whole rules, we now require only a quasi-model of A. This gives a well-founded quasi-model ( Attaching a Σ A -headed term to each Σ A -function symbol as labels in C, we construct a labelled computation system A lab B lab . Then we try to prove SN of it by GS. To do so, we presuppose that B should be SN by GS. Then the A lab -part is precedence terminating by labelling, and the B lab -part is SN by GS by assumption. Finally, a variation of the HO semantic labelling theorem (Prop. 3.10) ensures that SN of the labelled computation system A lab B lab (with additional decreasing rules) implies SN of the original A B. This establishes a modular termination theorem (Thm. 3.11).

Labelled rules.
Definition 3.4 (Projection rules). We extend the computation system A with pairs and the "projection rules" on the pairs. For every mol type b ∈ T , we use pairing −, − b and a bottom element ⊥ b .
We construct a labelled C. We label function symbols in Σ A , and do not label other function symbols, where labels are taken from T Σ V. We define the labelled signature by Labelled terms are constructed by the typing rules in Fig. 1 using Σ lab , instead of Σ. The contextual set M Σ lab Z of labelled meta-terms is defined by collecting all labelled meta-terms.
Next we define a labelling map lab ϕ that attachs labels to plain meta-terms using a function ϕ to calculate the labels.
Let ϕ : Z → T Σ V be an assignment. The term labelling lab ϕ is defined using ϕ , i.e., We define labelled rules We only attach labels to Σ A -symbols.
Here is the strict subterm relation.

Traces and labelled systems.
Definition 3.6. We define a list-generating function list b taking a finite set {t 1 , . . . , t n } of terms of type b and returning a tuple using the pairing as where we pick a term t ∈ S by some fixed order on terms (such as lexicographic order of alphabetical order on symbols). This returns a tuple as list b ({t 1 , . . . , t n }) = t 1 , t 2 , . . . , t n , ⊥ . If S is an infinite set, list b (S) is undefined. Hereafter, we will omit writing the type subscripts of ⊥, −, − , list, which can be recovered from context.
Applying Proj rules, we have The reason why we need the pairs is to make a term constructed by a trace of reduction, i.e., by collecting terms appearing in a reduction. Projection rules are used to pick a term from such a trace.
We use another function tr(t) to calculate a label, which collects all the traces of reductions by C starting from a Σ B -headed term. The trace map tr : Remark 3.7. The Assumption 3.1 (iv) that C is finitely branching is necessary to ensure a finite term constructed by the second clause.
The notion of tr and the method of transforming a minimal non-terminating C-reduction sequence to a reduction sequence using the projection rules has been used in proving modularity of termination [Gra94, Def. 3] [Ohl94].
The labelled reduction on labelled terms s ⇒ C lab t is defined by the inference system given in Fig. 5.
We can also apply the GS defined in Section 2.6 to prove SN of labelled systems. Appendix A proves the validity.
Proposition 3.9. Let (Σ lab , C lab ) be a labelled computation system. Suppose that ≤ T and ≤ Σ lab are well-founded. If for all f (t) ⇒ r ∈ C lab , CC f (t) r, then C lab with ⇒ C lab is strongly normalising. Note that f may be labelled.
The following is a variation of the higher-order semantic labelling explained in Section 2.7 and proved in Appendix B.
Proposition 3.10. If C lab ∪ Decr(A) is SN, then C is SN.
3.4. Proving a modular termination theorem. Then we prove the main theorem. We say that A is accessible if for each f (x.t) ⇒ r ∈ A, every metavariable occurring in r is accessible in some of t.     Proof. We show SN of C = A B by using Prop. 3.10. Suppose that B is SN by the General Schema with a well-founded order > Σ B . We define an order on Σ by • ) w and f is the head of the lhs of a A-rule and g appears in the corresponding rhs (possibly g = f ), We show that for all r r, CC r by induction on the structure of r .
where the term ||t|| is obtained by deleting all labels in a labelled term t. Therefore, CC r.
2. B lab satisfies GS with > Σ . In B lab , any Σ B -symbol is not labelled and any labelled Σ A -symbol is smaller (w.r.t. < Σ ) than a Σ B -symbol. These facts and the assumptions (ii) and (iii) imply the desired result.
3. Decr(A) satisfies GS: We need to show that each rule • ) w satisfies GS. This holds because GS checks the root symbols by (fun f v > Σ g w ) for f, g ∈ Σ A , and each metavariable is accessible. Therefore, C lab Decr(A) satisfies GS, hence SN by Proposition 3.9. Finally, applying Prop. 3.10, we conclude that C is SN.

Variations.
3.5.1. GS with other term orders. In [Bla16], a general and comprehensive account of GS is presented, where a preorder on function symbols and a preorder to compare the arguments of equivalent function symbols are abstracted to the notion of valid (status) F-quasi-ordering [Bla16,Def.7,9]. GS reviewed in Section 2.6 is merely one instance of it. Importantly, Thm. 3.11 holds for any variation of GS because the proof does not depended Similarly, the General Schema might be changed to the computability path ordering (CPO) with accessible subterms [BJR15, Sec.7.2] because the proof of Thm. 3.11 only uses the features of GS on comparison of function symbols and accessible variables, and CPO with accessible subterms also has them. We will pursue these directions elsewhere and will clarify detailed conditions on these variations.
3.5.2. Polymorphic and dependently typed cases. Furthermore, changing the General Schema to GS defined in [Bla05], and generalising the computation systems to the polymorphic computation systems developed in [Ham18], we can obtain a polymorphic version of Thm. 3.11. This setting is more natural than the present molecular typed rules (see the discussion on difference between molecular types and polymorphic types in [Ham18]) in practical examples because we do not need to check parameterised instances of function symbols and rules as in Example 2.6. But since in the framework of [Bla05], the lhss of rules cannot involve binders or HO patterns, we need to restrict the form of lhss to apply this version of GS. For the dependently typed case, the recent development [BGH19] will also be useful.

Application 1: Algebraic Effect Handlers and Effect Theory
As an application, we demonstrate that our theorem is useful to prove the termination of a calculus with algebraic effects. The background of this section is as follows. Plotkin and Power introduced the algebraic theory of effects to axiomatise various computational effects [PP02] and they correspond to computational monads of Moggi [Mog88]. Plotkin and Pretnar formulated algebraic effects and handlers [PP13], which provided an alternative to monads as a basis for effectful programming across a variety of functional programming languages.
We prove termination of an effectful λ-calculus with effect handlers that respects an effect algebraic theory. First, we formulate the multi-adjunctive metalanguage (mam), for an effectful λ-calculus (Section 4.2). Secondly, we provide an effect theory (Section 4.3). Thirdly, we give an effect handler (Section 4.4). Two novelties arise in this section.
(i) We use a single framework to formalise mam, an effectful handler, and an effect theory: they form second-order computation systems.
(ii) We prove the termination of the combination of these by the modular termination theorem: Thm. 3.11. • atomic type Unit (for unit type ()) • binary Pair (for product type a 1 × a 2 ) • binary Sum (for sum type a 1 + a 2 ) • binary CPair (for product of computation types a 1 &a 2 ) • unary U (for thunked type U E a) • unary F (for computation type F a) • binary Arr (for arrow type a 1 → a 2 ) 4.2. A calculus for algebraic effects. We use the core calculus mam for effectful computation given in [FKLP19], which is an extension of Levy's call-by-push-value (CBPV) calculus [Lev06]. We formulate mam as a second- The set MAM of mam's computation rules is given by 2 Using this formulation, SN of MAM is immediate because it satisfies GS. More precisely, every rhs of MAM involves no function symbol and every metavariable in MAM is accessible. The original paper proposing mam [FKLP19, Thm. 2] described a sketch of proof of SN of mam, but the details were omitted. Our formulation by a computation system is generic and the system SOL automatically proves SN of 0Ex52_MAM.hs in arXiv 20 of the SOL web interface [Ham20]. Note that SOL merely checks SN of the finite number of function symbols and rules defined in the file 0Ex52_MAM.hs. To conclude actual SN of the computation system mam, we use meta-theoretic reasoning. Looking at the output of checking process of GS, we see that all the accessibility conditions are satisfied even if we replace the type letters a,a1,a2,c,c1,c2 used in the signature with concrete mol types generated by the type constructors defined in Section 4.1, because there are no constructors violating the positivity condition (written as "is positive" in SOL's output) (a3) of the accessibility predicate in Def. 2.7. Therefore, the infinite number of mam' computation rules obtained by instantiating the type letters a,a1,a2,c,c1,c2 with concrete types satisfy GS. 4.3. Effect theory. Next we extend MAM to have an effect handler with effect theory. To keep the discussion simple, we consider a particular theory, i.e. the theory of global state [PP02,Sta09] for a single location. We take the type N of natural numbers for the state. We define the signature Σ Gl by It consists of the operations get(v.t) (looking-up the state, binding the value to v, and continuing t) and put(v,t) (updating the state to v and continuing t), and the substitution operation sub(x.t,s) that replaces x in t with s. The theory of global state [PP02,FS14] can be stated as a computation system (Σ Gl {return}, gstate) defined by These axioms have intuitive reading. For example, the axiom (lu) says that looking-up the state, binding the value to v, then updating the state to v, is equivalent to doing nothing. The axiom (ul) says that updating the state to V, then looking-up and continuing X with the looked-up value, is equivalent to updating the state to V and continuing X with V.
Plotkin and Power showed that the monad corresponding to the theory of global state (of finitely many locations) is the state monad [PP02].
Crucially, (Σ Gl {return}, gstate) does not satisfy GS. The General Schema checks that a recursive call at the rhs must be with a strict sub-meta-term of an argument at the lhs. In case of (ll), the recursive call of get happens with v.X[v,v], which is not a sub-meta-term of w.get(v.X[v,w]) at the lhs. Moreover, (ul) requires a precedence put > sub while (sub4) requires sub > put, which violates well-foundedness.
Using a different method, the computation system (Σ Gl {return}, gstate) is shown to be SN. We count the number of symbols get,put,sub using the weights defined by In each rule, the weights are decreasing such as (ul) (2x + 2) + 1 > (2x + 1) + 1 (sub4) 2(x + 1) + 1 > (2x + 1) + 1 therefore it is SN. Note that since N = F(N) and there is no function symbol of type F(N) → N in Σ Gl , the function symbols get,put,sub cannot occur in the first argument of put and This interprets return,get,put in an effect term t as the corresponding arguments of handler, which are interpretation of global state in the state-passing style.
The computation system (Σ Gl Σ MAM Σ Handle , Handle) is immediately shown to be SN by GS. SOL automatically proves it (try 0Ex54_Handle.hs in arXiv 20 of the SOL web interface [Ham20]). From it, we can conclude actual SN of Handle by using meta-theoretic reasoning as mentioned in Section 4.2. 4.5. Proof of SN. An effect term expresses an effectful program. For example, tm get(x.put(inc(x),get(y.put(y,get(z.return(z)))))) expresses the imperative program [KLO13] x := get; put inc(x); y:= get; put y; z := get; return z where inc : N → N ∈ Σ Handle is intended to be the increment operation. If the initial store is set to 0, then clearly this program returns inc(0). Formally, it is computed using the term tm with the handler as runState(tm)@0 ⇒ handler(y.lam(z.y), k.lam(n.(k@n)@n), p.k.lam(n.k@p),tm)@0 ⇒ * lam(z.inc(z))@0 ⇒ inc(0) This can be computed using MAM Handle, or gstate MAM Handle. The latter is more efficient than the former, because gstate expresses program equivalences and the application of them to an effect term optimizes the program. Now, we consider the main problem of this section: SN of the whole computation system The General Schema does not work to show SN of it because gstate does not satisfy GS. Therefore, we divide it into The computation system (4.1) is not a disjoint union of A and B, and is actually a hierarchical combination (cf. Remark 3.3) that shares constructors Θ. The lhss of Handle (⊆ B) involve defined function symbols get,put in Σ A . We apply the modularity Thm. 3.11. Assumption 3.1 is satisfied because the computation system (4.1) is finitely branching and satisfies the the Σ A -layer condition. We check the assumptions. We define the well-founded order on types by T (a 1 , . . . , a, . . . , a n ) > T a for every n-ary type constructor T , and every type a, where the lhs's a is placed at the i-th argument of T for every i = 1, . . . , n.
(i) A = gstate is accessible. This is immediate because the crucial case (a3) in Def.
2.7 checks the type comparison for the arguments of get,put,return, which holds by N < T F(N). Hence we conclude that the computation system (4.1) is SN.
This termination result is general. Although in this section, we consider a particular handler for get and put, any effect handler is shown to be SN by GS along this way. mam is SN regardless of used effects. To the best of our knowledge, this is the first report on how to prove the termination of the combination of an effectful λ-calculus, an effect handler and effect theory.

Application 2: Splitting a System into FO and HO parts
If a computation system contains first-order computation rules, it is often useful to split the system into the higher-order part and the first-order part to which we can apply a powerful termination checker for first-order term rewriting systems, such as AProVE [GAB + 17]. The Modular Termination Theorem (Thm. 3.11) can be used for this purpose. A FO computation system (Σ, C) is a computation system if the type of every function symbol f ∈ C is of the form f : a 1 , . . . , a n → b, where a i 's and b are mol types. Suppose that a computation system C can be split as C = A B, where A is a set of FO rules without Σ B -symbols, B is a set of second-order rules and Assumption 3.1 is satisfied. For every FO computation system, the rhss of rules are second-order patterns because no meta-application Note that there is one conflict of judgement in the problem Hamana 17/restriction.xml (which swaps two new-binders and is a problem the present author submitted) due to different interpretations of the higher-order rule format among the tools. exists in the arguments of a function symbol. Hence if the FO computation system A is accessible, A with Proj is SN (using any method), and B is SN by GS, then we can conclude that A B is SN by Thm. 3.11. 5.1. Implementation. We have implemented this FO splitting method by extending the tool SOL [Ham17]. We will also refer to this extended version as SOL. The system SOL consists of about 8000 line Haskell codes. The web interface of SOL is available at the author's homepage.

5.2.
Benchmark. The Termination Problem Database (TPDB) 3 stores a collection of various rewrite systems for termination. In the TPDB, "Applicative_first_order" problems and some other problems in the higher-order category contain such examples, which are a mixture of difficult FO systems and HO systems. To show effectiveness of this method, we selected 62 problems from TPDB and did a benchmark to solve these problems by the previously proposed system SOL (2017) [Ham17] and the extended SOL (current version) for comparison. We conducted the benchmark on a machine with Intel(R) Xeon E7-4809, 2.00GHz 4CPU (8core each), 256GB memory, Red Hat Enterprise Linux 7.3, and set timeout 400 seconds. SOL (2017) solved 31 problems, and SOL (current version) solved 57 problems out of 62, which clearly improves SOL (2017). SOL (current version) could solve 26 more problems than SOL (2017). The output details are available 4 and shown in Table 7 in the Appendix, where the use of a modularity method is indicated at the final column. ⇒ W (4) minus(s(P),s(X1)) ⇒ minus(p(s(P)),p(s(X1))) (5) p(s(Y1)) ⇒ Y1 (6) div(0,s(U1)) ⇒ 0 (7) div(s(V1),s(W1)) ⇒ s(div(minus(V1,W1),s(W1))) This mapDivMinusHard does not satisfy GS because of (7), which is not structural recursive. SOL splits it into the FO part A = {(3)-(7)} and HO part B = {(1)-(2)}. Then A with Proj can be proved to be SN by an external FO termination checker and B satisfies GS. Then SOL concludes that mapDivMinusHard is SN by Thm. 3.11.
As a more comprehensive evaluation, SOL participated to the higher-order union beta category of the International Termination Competition 2018 held at the Federated Logic Conference (FLoC 2018) in Oxford, U.K. This event was a competition for the number of checked results of termination problems by automatic tools. In the higher-order category, 263 problems of higher-order rewrite systems taken from TPDB were given. Three tools participated in the higher-order category: WANDA [Kop12], SizeChangeTool [BGH19], and SOL. SOL judged the greatest number of problems among three tools as shown in Fig. 6. A main reason derives from the fact that SOL has a modular SN checking method based on Theorem 3.11. 6. Related Work and Summary 6.1. Related work. A rich body of work describes termination and modularity of first-order and higher-order rewrite systems including [Zan95, Ohl94, AG00, GAO02, Bla00, BJO02, JR07, Kus18, Kop12, BG18, Bla16, Toy81, Ohl94, GAO02, Gra94, BFG97]. The modular termination theorem of the form of Thm. 3.11, i.e., the combination of (restricted classes of) two second-order computation systems with shared constructors, has not been reported in the literature to date. [FK11] provides a dependency pair method to split a HO termination problem into FO and HO parts, which might be regarded as a modularity of SN for the combination of FO and HO rewrite systems. An important difference is that our result covers strictly more than the combination of FO and HO systems as described in Section 5.
Originally, our proof of modularity was inspired by a method of proving modularity of SN for a rewrite system R and a recursive program scheme P by semantic labelling ( [MOZ96] for the FO case, and [Ham07] for the second-order case). In this method, the normal forms computed by P are taken as the "semantics", and are used as labels to show termination of R P, where SN of P is crucially important to determine the semantics.
For the present work, we chose Σ A -terms computed by a Σ A -substitution ϕ as the "semantics". Also, they are used as labels to show termination of A B, where SN of A is crucially important to determine the semantics 5 .
The dependency pair (DP) method is a successful method of proving termination of various first-order [Art96, AG00] and higher-order rewrite systems [Kus18,Kop12,BGH19]. One may find that several similarities exist between the DP method and the present proof 5 It forms a quasi-model of A consisting of Σ-terms with a well-founded preorder (⇒ * A Proj • ).

M. Hamana
Vol. 18:2 strategy. A reason might be that the DP method is a general method to prove termination by conducting modular analysis of the corresponding dependency pairs [GAO02]. More fundamentally, a similarity between DP and the present work can be found at the foundational level. At the early stage [Art96,AG96], the DP technique was based on semantic labelling, where the normal forms by a ground-convergent rewrite system E 6 are taken as the "semantics", and are used as labels of rules to establish the DP method. The ground convergence of E is crucially important to determine the semantics. In the later refined DP method, the use of that semantic labelling was dropped [AG00]. But this fact illustrates that semantic labelling is a natural starting point to tackle the modularity problem of termination.
Our modularity result and its proof might be reformulated using the DP method, where the A Proj -part might be regarded as usable rules. However, the static DP method [Kus18] might be insufficient to simulate our theorem completely. A mismatch seems to exist between SN of higher-order rules and non-loopingness of the corresponding dependency pairs. For example, while the second-order computation rule f(0)⇒g(x.f(x)) is terminating (and accessible, the lhs is a pattern), the corresponding dependency pair f(0)→f(x) is looping. Therefore, one cannot replace our assumption of SN of A Proj completely with non-loopingness of the corresponding DPs. But employing some ideas of the DP method might increase the power of Thm. 3.11, which is left as a future work. 6.2. Summary. We have presented a new modular proof method of termination for secondorder computation. The proof method is useful for proving termination of higher-order foundational calculi. To establish the method, we have used a version of the semantic labelling translation and Blanqui's General Schema: a syntactic criterion of strong normalisation. As an application, we have applied this method to show termination of a variant of call-bypush-value calculus with algebraic effects, an effect handler and effect theory. We have also shown that our tool SOL is effective to solve higher-order termination problems.