Scholarly article on topic 'Nominal Equational Logic'

Nominal Equational Logic Academic research paper on "Computer and information sciences"

CC BY-NC-ND
0
0
Share paper
Keywords
{"Equational logic" / "nominal sets" / "permutation actions" / "universal algebra"}

Abstract of research paper on Computer and information sciences, author of scientific article — Ranald A. Clouston, Andrew M. Pitts

Abstract This paper studies the notion of “freshness” that often occurs in the meta-theory of computer science languages involving various kinds of names. Nominal Equational Logic is an extension of ordinary equational logic with assertions about the freshness of names. It is shown to be both sound and complete for the support interpretation of freshness and equality provided by the Gabbay-Pitts nominal sets model of names, binding and α-conversion.

Academic research paper on topic "Nominal Equational Logic"

Available online at www.sciencedirect.com

V ScienceDirect

Electronic Notes in Theoretical Computer Science 172 (2007) 223-257

www.elsevier.com/locate/entcs

Nominal Equational Logic

Ranald A. Clouston1 Andrew M. Pitts2

Computer Laboratory, University of Cambridge, Cambridge CB3 0DF, UK

Abstract

This paper studies the notion of "freshness" that often occurs in the meta-theory of computer science languages involving various kinds of names. Nominal Equational Logic is an extension of ordinary equational logic with assertions about the freshness of names. It is shown to be both sound and complete for the support interpretation of freshness and equality provided by the Gabbay-Pitts nominal sets model of names, binding and a-conversion.

Keywords: Equational logic, nominal sets, permutation actions, universal algebra.

This paper is dedicated to Gordon Plotkin, whose enormous contributions to the mathematical foundations of computer science are an inspiration.

1 Introduction

Language constructs involving names are a major concern in computer science— much more so than in related disciplines that also use formal languages, such as mathematics and logic. For example, witness the issues surrounding substitution of expressions for identifiers, the sharing of structures through aliasing, and local scoping of definitions—all of which involve properties of names. In this paper we focus on the property of "freshness" of names and present an extension of equational logic that takes it into account. Figure 1 gives three examples of increasing subtlety to illustrate what we mean by freshness.

The first example is drawn from the n-calculus [21]. The notion of freshness here is "a / fn(Q)", meaning that the channel name a does not occur free in the process expression Q. Since Q is just a particular kind of finite tree and its set of free names fn(Q) is defined by recursion over the tree's structure, this notion of freshness is very straightforward.

1 Email: Ranald.Clouston@cl.cam.ac.uk

2 Email: Andrew.Pitts@cl.cam.ac.uk

1571-0661/$ - see front matter © 2007 Elsevier B.V. All rights reserved. doi:10.1016/j.entcs.2007.02.009

Scope extrusion in the n-calculus [21]:

(vaP)|Q = va (P|Q)

if a / fn(Q).

Capture-avoiding simultaneous substitution [32]:

(Xa.M )[a] = Xa.M [a]

if a/{J {{b}U fv (ab) | ab = b}.

Normalisation-by-evaluation [3]:

iT —>T/ (f) = Xa. iTi (f (|T a)) if "a is fresh for the

function f e {t]^{t']." (??)

Fig. 1. Three Examples of Freshness in the Wild

The second example is a property of simultaneous substitution for A-terms (see [32], for example). The freshness condition "a / |J{{6} U fv(ab) | ab = b}" (where fv (—) returns the finite set of free variables of a A-term) ensures the binder Aa. (—) does not capture free variables in the substitution a. Here a is not a finite tree, but rather an infinite mathematical object—namely a function from the countably infinite set of variables {a, b,...} to the set of A-terms [2]. However, we impose a finiteness condition on substitutions, namely that ab = b only holds for finitely many variables b. Consequently |J{{b} Ufv(ab) | ab = b} is just a finite set of variables and the notion of freshness in this example is not much more complex than in the first example.

The third example is a property of the reification (jT) and reflection (jT) functions used to compute ^n-long normal forms of simply typed A-terms via a functional semantics [3]. Here the semantics [r] of a simple type is an infinite set of objects, defined by recursion on the structure of the type expression t. For example the semantics of a function type t ^ t' is a set [t]^[t'] of functions from [t] to [t']. Reification produces typed A-terms from elements of the semantics; whereas reflection maps typed A-terms back to semantic elements. The formula for jT —>T/ (f) given in the figure only makes sense if the variable a is chosen to be "fresh" for the mathematical function f. Since f may well involve all variables in its graph, it is not at all clear what this should mean. Several mechanisms have been proposed to explain precisely what is meant by this problematic freshness condition—see [7] and [25, Section 6].

In fact all three examples given in the figure are instances of the mathematical notion of freshness provided by the nominal sets model of names. This was introduced by Gabbay and Pitts [17] 3 and has subsequently been developed and

3 There it was called the "FM-sets" model because the presentation was phrased in terms of the classic

applied in a number of ways: see [30,24,13,14,1,34,6,5,8,29,10,22,33] for example. The effectiveness of nominal sets rests upon two observations. First, properties of names to do with freshness, binding and a-conversion can all be expressed in terms of the primitive operation of swapping names; and secondly, this operation of name-swapping makes sense (and has very convenient properties) not only for finite syntactic objects, but also for infinite mathematical objects, like sets and functions. In this setting the fundamental notion is support: One says that a finite set of names supports an object x if x is invariant under swapping any pair of names not in the set. If there is such a finite set of names, then it turns out that there is a smallest such, called the support of x. For such x, it makes good sense to say that a is fresh for x if a is not in its support. It does make good sense because this language-independent relation has useful properties and coincides with ad hoc notions of freshness in particular cases, such as those in Figure 1. For a recent account of nominal sets, see [25] (section 6 of which deals with the third, normalisation-by-evaluation example in Figure 1).

Writing a # x to indicate that a name a is not in the support of a finitely supported object x, note that all three of the examples in Figure 1 take the form of equations conditioned by freshness assumptions:

a # Q ^ (vaP)IQ = va (P|Q) a # a ^ (Aa.M)[a] = Aa.M [a] a # f ^It—t' (f ) = Aa. |t' (f (Tt a)) .

It seems that many properties of names can be axiomatised using such conditional equations: The work of Gabbay and Mathijssen gives several interesting examples [16,15]. However, as well as equations, assertions about freshness also arise naturally, sometimes with freshness conditions, such as

b # Q ^ b # vaQ and sometimes unconditionally, such as

^ a # vaQ .

So in this paper we study the properties of "equations and freshnesses conditioned by finitely many (possibly zero) freshness assumptions":

ai # xi A---A an # xn ^ t = t' (1)

ai # xi A ---A an # xn ^ a # t. (2)

We use a simple extension of the usual language of algebraic terms t that adds names and the kind of explicit name-permutations introduced in [34]. The language has a natural interpretation in nominal sets. The main contribution of this paper is to extend the usual (many-sorted) equational logic to a logic for deriving judgements

Fraenkel-Mostowski permutation model of set theory with atoms.

of the form (1) and (2). We call it nominal equational logic and we prove it is both sound and complete for the intended interpretation of the judgements in nominal sets, where freshness means "not in the support of".

Contents of the paper

In Section 2 we briefly recall the facts that we need about nominal sets. Sections 3-5 describe the algebraic language we use and its interpretation in nominal sets. Sections 6 and 7 introduce the notion of a theory in nominal equational logic (NEL) and its algebras in nominal sets; we give a sound axiomatisation of satisfaction of judgements in an algebra (Theorem 7.4). Section 8 develops some consequences of our formulation of NEL to do with invariance under permuting names. Section 9 describes a term-algebra construction using ground terms (that is, ones with no variables); and this is used in Section 10 to prove that NEL is complete for its intended interpretation in nominal sets (Theorem 10.10). This completeness result is harder to establish than is the case for ordinary equational logic, because the relationship between variables and indeterminates (new constants) is more subtle for NEL. Variables in our setting stand for elements of nominal sets that may depend, via the notion of support, on names; thus the dependency of a variable x on names is implicit. Whereas a constant in NEL stands for a fixed element of a nominal set and has an explicitly given support. To prove the completeness theorem we show that the validity of judgements involving variables can be reduced to the validity of ones involving ground terms, via the substitution for variables of constants with suitably fresh supports. Such a reduction was sketched by Gabbay in connection with his "fresh logic" [13, Theorem 9.3]. For NEL we found that the main technical result needed for the reduction (Proposition 10.4) depends quite delicately upon the formulation of the language of terms and the NEL rules for freshness; we prove it via a non-trivial operation on terms for replacing constants by variables (see Figure 6). Finally, Section 11 discusses related work and draws some conclusions.

Acknowledgements

We gratefully acknowledge the work of Murdoch Gabbay and Aad Mathijssen on nominal algebra [16,15], which has influenced the results presented here; we are also grateful for the comments of members of the CANS project in Cambridge and King's College, London. This research was supported by the Woolf Fisher Trust (Clouston) and UK EPSRC grant EP/D000459/1 (Pitts).

2 Atoms, Permutations and Nominal Sets

In the Introduction we discussed some aspects of computer science languages involving names. From now on, in keeping with the origins of nominal sets in models of Zermelo-Fraenkel set theory with atoms, we will use the elements of a fixed set Atom as our names and refer to them as atoms. We assume Atom is countably infinite and that it is partitioned into countably infinitely many different sorts of atom: There

is a countably infinite set AtomSort and a function sort : Atom —> Atom Sort with the property that for each sort of atom a e AtomSort, the following set is countably infinite.

Atoma = {a e Atom | sort (a) = a} . (3)

The set Perm of (finite, sort-respecting) permutations of atoms consists of all bijections n : Atom —> Atom such that

dom(n) = {a e Atom | n(a) = a} (4)

is finite and sort (n(a)) = sort (a) for all a e Atom. We give Perm the structure of a group by taking the group multiplication to be composition of bijections: If n,n' e Perm, then their composition n'n, mapping a e Atom to n'(n(a)), is again in Perm. The group unit is given by the identity function on Atom, written i; and the inverse of n e Perm is the bijection n-1 mapping a to a' if n(a') = a. We take for granted the fact that Perm is generated by transpositions (a a') (where a and a' are atoms of the same sort) mapping a to a', a' to a and leaving all other atoms fixed.

As usual, an action of Perm on a set X is a function (n,x) ^ n • x from Perm x X to X satisfying:

i • x = x (5)

n' • (n • x) = n'n • x . (6)

Given such an action and an element x £ X, we say that a finite subset a C Atom supports x if for all atoms a, a' of the same sort

a, a' a => (a a') ■ x = x . (7)

Then a nominal set is simply a set X equipped with an action of Perm such that for each x E X there exists some finite subset a C Atom supporting x.

Definition 2.1 (Freshness Relation) Given a nominal set X, if a e Atom and x e X, we write a # x and say a is fresh for x if there is some finite subset a C Atom supporting x with a a. More generally, if a is a finite set of atoms we write

a # x (8)

to mean that a # x holds for each a G a. In fact (8) is equivalent to saying that a is disjoint from some single finite set of atoms supporting x. This is because support sets are closed under intersection: see [25, Section 3.1]. For this reason we have the following fundamental property of the freshness relation.

Lemma 2.2 Suppose x is an element of a nominal set X. If a and a' are atoms (of the same sort) satisfying a # x and a' # x, then (a a') • x = x. □

We make nominal sets into a category, called Nom, by taking morphisms f : X —> Y to be equivariant functions, that is, functions f e YX satisfying

n • (f x) = f (n • x)

for all n £ Perm and x £ X. Composition and identities in Nom are as in the category of sets and functions. Properties of this category are developed in [11,17,4,25]. In the rest of this section we recall those that we need in this paper.

Definition 2.3 (Nominal Sets of Atoms) Each set Atoma of atoms of a particular sort a is a nominal set once we give it the action:

n ■ a = n(a) . (10)

The freshness relation for this nominal set turns out to be inequality: a # a' iff

a = a'.

Definition 2.4 (Nominal Set of Finite Sets of Atoms) The set Pfin (Atom) of finite

subsets a C Atom is a nominal set once we give it the action:

7r • a = (7r(a) | a £ a} . (11)

The freshness relation for this nominal set turns out to be: a # a iff a ^ a.

Definition 2.5 (Nominal Set of Permutations) In this paper we will need to consider two different actions of Perm on itself:

left multiplication: (n,n') ^ nn' (12)

conjugation: (n,n') ^ nn'n-1 . (13)

Note that for any pair of distinct atoms a and a' of the same sort it is the case that (a a') = i. Therefore (a a')n = n, for any n £ Perm. Consequently no permutation n has a finite support set with respect to the left multiplication action; so Perm is not a nominal set with respect to this action. However, it is a nominal set with respect to the conjugation action, since it is not hard to see that the finite set of atoms dom (n), defined in (4), supports n with respect to this action. Indeed dom (n) is the smallest support set for n and so in this nominal set we have a # n iff n(a) = a.

Lemma 2.6 (Finite Products of Nominal Sets) The terminal object in Nom is given by a one-element set, 1 = {()} say, with the unique permutation action. In this case a # () holds for all a. The categorical product of nominal sets X and Y is given by their Cartesian product X x Y = {(x,y) | x £ X Ay £ Y} with permutation action:

n ■ (x,y) = (n ■ x,n ■ y) . (14)

In this case one can calculate that a # (x,y) iff a # x and a # y.

Proof. See for example [25, Section 3.2]. □

Lemma 2.7 (Exponentials of Nominal Sets) The category Nom is Cartesian closed. Given nominal sets X and Y, the exponential X ^fs Y has underlying set given by the set of functions f from X to Y that are finitely supported with

respect to the permutation action given by

(n ■ f )(x) = n ■ (f (n-1 ■ x)) (n £ Perm, f £ YX, x £ X). (15) The evaluation morphism ev : (X ^fs Y) x X —> Y is given by function application

ev (f,x) = f (x) (16)

which is indeed equivariant

n ■ (f (x)) = (n ■ f )(n ■ x) (17)

because of (15). Given a morphism f : Z x X —> Y, the unique morphism f : Z —> (X —>fs Y) satisfying ev o (/ x id) = f is given by Currying:

f (z)(x) = f (z,x) (z £ Z, x £ X).

Proof. See for example [25, Section 3.2]. □

Remark 2.8 (Global Elements of Nominal Sets) It is worth remarking that although Nom is very rich in structure,4 unlike the category of sets it is not well-pointed. In other words, a pair of morphisms f,g : X —> Y may well be unequal even though they have equal compositions with all global elements of X, that is, with all morphisms 1 —> X. This is because morphisms 1 —> X in Nom correspond not to arbitrary elements x £ X, but to ones that are supported by the empty set of atoms. To see this, first note that equivariant functions f : 1 —> X correspond to elements x = f () £ X satisfying n ■ x = x for all n £ Perm. Since Perm is generated as a group by the transpositions, this is equivalent to requiring (a a') ■ x = x , for all atoms a, a' (of equal sort); and by definition of support sets, this is equivalent to saying that 0 supports x.

In particular, the elements of the exponential X ^fs Y with empty support correspond to global elements; and as for any Cartesian closed category, these in turn correspond to morphisms X —> Y in Nom. More concretely, this amounts to the easily verified fact that a function f £ YX is equivariant (9) if and only if it has empty support with respect to the permutation action given by (15).

Lemma 2.9 (Finite Coproducts of Nominal Sets) The initial object in Nom is given by the empty set, 0, with the unique permutation action. The coproduct of nominal sets X and Y is given by their disjoint union X + Y = {(0,x) | x £ X} U {(1,y) | y £ Y} with permutation action:

n ■ (0, x) = (0, n ■ x) n ■ (1,y) = (1,n ■ y) . (18)

In this case one can calculate that a # (0,x) iff a # x in X and that a # (1,y) iff a # y in Y. □

4 Nom is an atomic topos, being equivalent to a topos of continuous G-sets [19, III.9] for a suitable choice of topology on G = Perm.

3 Signatures and Structures

We are going to consider a simple generalisation of the usual notion of many-sorted algebraic signature [20, Sec. 3.1] in which the operation symbols are drawn from a nominal set rather than a set, and hence may have non-empty support. A NEL-signature £ is specified by

• a set Sorts, whose elements are called the sorts of £;

• a nominal set OpE, whose elements are called the operation symbols of £; and

• an equivariant function that assigns to each op e OpE a type consisting of a finite (possibly empty) list s of sorts of £ and a sort s of £. As usual, the list s = [s1,..., sn] indicates the number and sort of arguments that op accepts and s indicates the sort of result it returns. We write

op : s ^ s (19)

to indicate this typing information and say that op has arity n if s is a list of length n. Equivariance of the typing function means that for all n e Perm, if (19) holds, then so does n • op : s ^ s. Thus for all possible types s ^ s, we can split OpE into smaller nominal sets

OpE(s,s) = {op e OpE | op : s ^ s} (20)

of operation symbols with that type.

Example 3.1 (A-Calculus) Here is a NEL-signature for the untyped A-calculus [2]. Fixing a sort of atoms v e AtomSort to represent names of variables, the theory's signature has a single sort tm (representing A-terms) and nominal set of operation symbols

{ Va | a e Atomv} U {La | a e Atom^} U {A}

with Perm-action

n • Va = Vn(a) n • La = Ln(a)

n • A = A .

The type of these operation symbols is defined to be

Va : [] ^ tm, La : [tm] ^ tm, and A : [tm, tm] ^ tm .

In other words, the nominal set OpE is isomorphic to the coproduct Atomv +Atomv + 1, where Atomv is the nominal set of atoms of sort v (Definition 2.3) and 1 is the terminal nominal set (Lemma 2.6).

Remark 3.2 (Nominal Signatures) The reader familiar with the notion of nominal signature [34] should compare the above example with a nominal signature for A-calculus, for example that given in [25, Example 2.1]. Compared with nominal

signatures, NEL-signatures avoid the use of both sorts of atoms and atom-binding sorts in arities, at the expense of having more operation symbols (typically, whole families of operation symbols parameterised by atoms) and specification of binding properties at the level of axioms rather than syntax. This is discussed more fully at the end of the paper in Section 11.

Given a NEL-signature £, a £-structure M in the category Nom is specified by

• a nominal set M [s] for each sort s of £; and

• for each type s ^ s of £, an equivariant function

M[-] : OpE(s,s) (M[s] f M[s]) (21)

op ^ M[op]

where if s = [s1,...,sn], then M[s] = M[s1] x---x M[sn] is a finite product of nominal sets.

Note that because is the exponential in the category Nom (see Lemma 2.7), specifying an equivariant function as in (21) is equivalent to giving an equivariant function Ops(s, s) x M [s] —> M [s].

4 Terms and Values

The terms over a conventional algebraic signature are built up from variables by applying operation symbols. Given a structure in the category of sets for the signature and a valuation of the variables as elements of the structure, each term denotes an element of the structure. We wish to extend this to NEL-signatures and structures for them in the category Nom of nominal sets. Doing so involves an extension of the usual notion of algebraic term to take account of the atom-permutation action that is part of the notion of nominal set. Since operations in a NEL-signature denote finitely supported functions (21), the action of a permutation on a compound term can distribute through the term to act on the operator and on its arguments, as in (17). Thus the only trace of the permutation action on terms that it is really necessary to incorporate into their structure is in the case that a permutation acts on a variable. So as in [34], we use suspensions n x consisting of a permutation n waiting to be applied once more is known about the unknown element of a nominal set represented by the variable x. 5 Fixing a countably infinite set Var of variables, the grammar of terms over a NEL-signature £ is given in Figure 2.

Notation 4.1 Note that all occurrences of variables x in terms are preceded by a suspended permutation n. However, when n is the identity permutation i, we shall very often abbreviate the term ix just to x.

Definition 4.2 (Nominal Sets of Well-Sorted Terms) A sorting environment over a NEL-signature £ is a partial function r from a finite subset dom(r) C Var of

5 The term "moderated variable" is also used for what we call suspensions: see [8,16].

Variables x £ Var

Permutations n £ Perm

Operation symbols op £ OpE Terms t :: = n x | op t ■ ■■t

Fig. 2. Terms over a NEL-signature, E

variables to the set SortE of sorts of the signature. The sets Es(r) of terms of sort s £ SortE in a sorting environment r are inductively defined by:

• if n £ Perm, x £ dom(r) and r(x) = s, then nx £ Es(r);

• if op £ Ope has type [s1,...,sn] ^ s and ti £ Esi(r) for i = 1..n, then op t1 ■■■tn £ Xs(r). (In case n = 0, op : [] ^ s is usually called a constant of sort s, and we get op £ Es(r).)

We make each Es(r) into a nominal set as follows. The action (n, t) ^ n ■ t of atom-permutations on well-sorted terms is inherited from the given action on operators and the conjugation action on permutations (13):

' ' -1

n ■ (n x) = nn n 1 x

( ) (22) n ■ (op t1 ■■■tn) = (n ■ op )(n ■ t1) ■■■(n ■ tn) .

As noted in Definition 2.5, permutations are finitely supported with respect to the conjugation action; and operators are finitely supported because they are elements of the given nominal set Ope. It follows that with the above action, Es(r) is a nominal set and that its freshness relation a # t is given by:

a # nx o a dom (n) a # (op t\ ■■■tn) o a # op A a # t\ A ■■■ Aa # tn .

Example 4.3 (X-Calculus) For the NEL-signature in Example 3.1 it is not hard to see that when r = 0 is the empty sorting environment, the nominal set Etm(0) is isomorphic to the usual set of abstract syntax trees for X-terms (with variables ranging over Atomv) with Perm-action that applies a permutation to the atoms occurring in the leaves of a syntax tree. For example, the X-term Xa.Xb.ab corresponds to the element La(Lb(A Va Vb)) £ Etm(0). However, for non-empty sorting environments we get generalised X-terms, such as La(Lb(A ((a b)x) Vb)) £ Etm([x : tm]), with meta-level variables x standing for unknown X-terms and suspended permutations (a b) of object-level variables a and b (cf. [34]).

Next we describe the intended interpretation of terms as elements of nominal sets.

(op ti • ■■tn){a]

where (n,t) ^ n * t is defined by

n * (n' x) n * (op ti •••tn)

= op ti{a} • • • tn{^}

= n * a(x) '

= nn x

= (n • op) (n * ti) ••• (n * tn) .

Fig. 3. Term substitution

Definition 4.4 (Valuations) Given a NEL-signature £, let M be a £-structure in Nom as in Section 3 and let r be a sorting environment over £. The finite product in Nom of the nominal sets M[r(x)] as x ranges over dom(r) will be written M[r]. We call the elements of this nominal set r-valuations in M. They are functions p defined on the finite set of variables dom (r) and mapping each x e dom (r) to an element p(x) of the nominal set M[r(x)]. Since M[r] is given by a finite product of nominal sets, the action of a permutation n e Perm on p e M[r] is given by:

(n • p)(x) = n • p(x) (x e dom(r)) (24)

and (hence) a # p holds iff Vx e dom(p). a # p(x).

The value M [t]p of a well-sorted term t e £s(r) with respect to a valuation p e M [r] is an element of the nominal set M [s]. Values are defined by recursion on the structure of terms:

M[nx]p - n • p(x) . ,

M [op t1 •••tjp - M [op ](M [t1]p,...,M[tn ]p) .

Combining (22), (24) and (25) with the fact (21) that M[—] is an equivariant function, we get:

n • (M[t]p)= M[n • t](n • p) . (26)

So (t,p) ^ M[t]p is an equivariant function £s(r) x M[r] —> M[s].

5 Substitution

Given a NEL-signature £ and sorting environments r = [x1 : s1,... ,xn : sn] and r' over £, the set £(r, r') of substitutions from r to r' consists of functions a mapping each variable x^ in dom(r) to a term a(x^) e £si (r'). Given a term t e £s(r) and a substitution a e £(r, r'), we get a term t{a} e £s(r'), defined as in Figure 3. The following standard properties of a notion of substitution are easily verified for the definition in the figure (by induction on the structure of terms):

t{id} = t (27)

where id G E(r, r) is the identity substitution, x ^ ix; and

№>)K} = t{a; a'} (28)

where a; a' G E(r, r'') is the composition of a G E(r, r') and a' G E(r', r''), given by

(a; a')(x) ^ a(x){a'} . (29)

The proof of (28) involves first proving:

(n * t){a} = n * (t{a}) (30)

by induction on the structure of t.

In the case t = nx is a suspension, t{a} is the term n * a(x) obtained by distributing n through the structure of the term a(x) as in the second part of the Figure 3 (cf. [34, Fig. 1]). In forming n * t from n and t, when n meets a sub-term of t that is another suspension, n' x' say, the left multiplication action (12) is used and nn' x' is formed. This, rather than the conjugation action (13), is needed here in order to ensure that the function (t, p) ^ M[t]p is compositional, in the following sense.

Lemma 5.1 Given a NEL-signature E, sorting environments r, r' and a Estructure M, then for all t G Es (r), a G E(r, r') and p G M [r']

M [t{a}]p = M [t](M [a]p) (31)

where by definition M [a]p G M [r] is the valuation mapping each x G dom (r) to M [a(x)]p.

Proof. Using the definition of n * (—) from the second part of Figure 3, along with (24), (25) and the fact that op ^ M [op] is equivariant, it follows by induction on the structure of t that

M[n * t]p = n ■ (M[t]p) (32)

and from this we get (31), again by induction on the structure of t. □

Property (32) shows that the (n,t) ^ n * t action of permutations on terms denotes in nominal equational logic the built-in Perm-action of the nominal sets that interpret the sorts. Gabbay and Mathijssen [16] call this the "object-level" action of n on t. By contrast, the "meta-level" action (n,t) ^ n ■ t, defined in (22), is the one appropriate to terms as functions of their variables via substitution. Recalling from (15) the action of atom-permutations on functions, we have the following result expressing the (n,t) ^ n ■ t action in terms of the (n,t) ^ n * t action (cf. Gabbay and Mathijssen [16, Lemma 2.3]).

Lemma 5.2 Given a NEL-signature £, a substitution a e £(r, r') and a term t e £s(r), for any n e Perm

(n • t){a} = (n * t){n-1 * a} .

where by definition, n-1 * a e £(r, r') is the substitution mapping each x e dom(r) to n-1 * a(x).

Proof. This can be proved by induction on the structure of t. In the base case that t = n' x is a suspension, we have (n • t){a} = (n • (n' x)){a} — (nn'n-1 x){a} — nn'n-1 * a(x) and also

(n * t){n-1 * a} = (n * (n'x)){n-1 * a} — (nn' x){n-1 * a}

— nn' * (n-1 * a)(x)

— nn' * (n-1 * a(x)) = nn'n-1 * a(x)

where in the last step we use the easily verified fact that * is a Perm-action on terms. □

As a corollary of this we have that (t, a) ^ t{a} is equivariant:

Corollary 5.3 Given a NEL-signature £, a substitution a e £(r, r') and a term t e £s(r), for any n e Perm

n • (t{a}) = (n • t){n • a}

where by definition, n • a e £(r, r') is the substitution mapping each x e dom(r) to n • a(x).

Proof. By induction on the structure of t, using the special case of Lemma 5.2 when a = id in the base case that t is a suspension, along with (27) and Figure 3.^

Note that under the action (n,a) ^ n • a, each set of substitutions £(r, r') is a nominal set: a is supported by any finite set of atoms that supports all of the finitely many terms a(x) as x ranges over dom(r).

6 Theories and Algebras

Ordinary equational logic formalises reasoning about equations between algebraic terms. As explained in the Introduction, we wish to formalise reasoning both about equality and about the freshness relation of Definition 2.1. In the formal system we will use the symbols "«" and " for the equality and freshness relations, and continue to use "=" and "#" for their interpretation in nominal sets as the actual equality and "not-in-the-support-of" relations.

As also discussed in the Introduction, it is natural to allow assertions about equality and freshness to be conditioned by assumptions about which atoms are

fresh for particular elements. Rather than use separate judgements for equality and freshness, it is convenient to roll both into a single judgement form. So we define a NEL-theory T to consist of a NEL-signature E together with a collection of axioms of the form

V h a # t « t' : s (33)

• V is a freshness environment, which by definition is partial function defined on a finite subset dom (V) C Var of variables and mapping each xi £ dom (V) to a pair V(xi) = (si,a,i) £ Sorts x Pfin(Atom) of a sort and a finite set of atoms;

• 16 (Atom); and

• t,t' £ Es(V:) are terms of the same sort s £ SortE in the sorting environment V: obtained from V by composing with first projection.

If dom(V) consists of the distinct variables x\,... ,xn and V(xi) = (si,a>i) for i = 1..n, then we write V as

V = [ai # X\ : si,... , an # xn : s,J (34)

in which case the associated sorting environment is

V: = [x1 : s1,...,xn : sn] . (35)

We let Perm act on freshness environments (34) as follows, using the action of permutations on finite sets of atoms from Definition 2.4:

7r • V = [it ■ ai # x\ : si,... , 7r • an # xn : sra] . (36)

This action makes the collection of all freshness environments into a nominal set for which the freshness relation is:

a # V o a £ ai U • • • U an . (37)

Notation 6.1 Although the single form of judgement (33) combining equality and freshness is useful for stating the general rules of nominal equational logic, in particular cases it is clearer to use the following abbreviations.

• t ~ t' : s means 0 fy t ~ t' : s; similarly, x : s in a freshness environment means 0 f x : s.

• a $ t : s means a $ t « t : s.

• a fy t ttt' : s means {a} fy t « t' : s; similarly, a fy x : s in a freshness environment means {a} fy x : s.

Example 6.2 (X-Terms Modulo a^n-Equivalence) Figure 4 gives a NEL-theory over the signature from Example 3.1 for a^n-equivalence of untyped X-terms [2]. The theory has seven axioms, making use of variables x, x', xt,x2 £ Var and atoms

x : tm h a $ La x : tm a $ x : tm,x' : tm h A (La x) x' « x : tm

x' : tm h A (La Va) x' « x' : tm x : tm,a' $ x' : tm h A (La (La x)) x' « La> (A (La x) x') : tm xi : tm, x2 : tm,x' : tm h A (La (A xi x2)) x' «

A (A (La xi) x') (A (La x2) x') : tm a' $ x : t h A (La x) Va/ « (a a') x : tm a $ x : tm h x « La (A x Va) : tm

(a) (ß-1) (ß-2) (ß-3)

(ß-4)

(ß-5)

Fig. 4. A NEL-theory for aßn-equivalence

a, a' e Atomv.6 Although (a) is an axiom about freshness, we will see below (Example 7.5) that it gives the effect of a-equivalence modulo the rules of nominal equational logic. For ^-equivalence we adapt the Gabbay-Mathijssen nominal algebra for capture-avoiding substitution [16, Fig. 4]. Axioms ((5-1)-((5-4) unwind the capture-avoiding substitution in a conventional ^-conversion, according to the structure of t in a ^-redex A (La t) t'. The axiom (ren in [16, Fig. 4] connecting capture-avoiding substitution with name-permutation becomes (^-5). Finally, for ^-equivalence we use the axiom (n). The relationship between this NEL-theory and the classical notion of a^n-equivalence of syntax trees for A-terms (and the associated freshness relation "not a free variable of") will be explored in Example 9.5.

Turning to the interpretation of NEL-theories in Nom, first note that the intended meaning of the freshness environment (34) is to assert not only that each variable xi has sort sj, but also that it stands for an element of the corresponding nominal set whose support is disjoint from a^. Accordingly, we take the meaning of V in a £-structure M to be the subset M[V] C M[V:] of the nominal set of valuations (Definition 4.4) given by

where # is the freshness relation (Definition 2.1) for each nominal set M[si] and V: is the sorting environment associated with V as in (35).

Definition 6.3 (Satisfaction) Let £ be a NEL-signature. A £-structure M satisfies a judgement V b a $ t « t' : s if for all p G M[V] it is the case both that M[£]p and M [t']p are equal elements of the nominal set M [s] and that the freshness relation a # M[i]p holds in M[sJ.

Given a NEL-theory T, a T-algebra in Nom is a structure for the signature of T that satisfies all its axioms. Given a judgement Vha^i~i':s, the semantic

6 We make use of the abbreviations from Notation 4.1 and 6.1 to state the axioms; for example, (a) written out in full is: 0 $ x : tm h {a} $ La (ix) ^ La (ix) : tm.

M[V 1 = {p G M[V:] I äi # p(xi) A • • • A an # p(xn)}

(Refl) ——---t e ES(V:) (symm) .---

V b £ « £ : s V h a # i Ä i : s

V h äi #£«£': s Vhc2#i'«i":s

(trans)

V b (äi U ä2) # £ « t" : s

V b ä #£«£': s

(subst) ----f—j--a, a' € E(v:, (v'):)

V I~ ajp t{a\ « £{a } : s

V b ä #£«£': s V b ä # £ « £' : s

(weak) -;-;- V < V' (atm-intro) --37-;- a # (a,t,t')

{ ' V b ä #£«£': s " 1 ; V#a h ä U {a} #£«£': s 1 ;

V#a b ä #£«£': s

(atm-elim) -—----(V, a, i, t') (^-equivar)

V b a #£«£': s ' a $ .t : s b ir ■ a $ ir x : s

(susp)

{a | n(a) = n'(a)} fy x : s h n x ^ n' x : s

Fig. 5. The Rules of Nominal Equational Logic

consequence relation

V hT a # £ « £' : s (39)

is defined to hold if all T-algebras in Nom satisfy the judgement.

7 Nominal Equational Logic

Figure 5 gives a collection of rule schemes for inductively generating judgements of the form V b a $ £ « t' : s. The rules preserve the well-formedness condition we placed on judgements at the beginning of Section 6, namely that the equated terms both have the given sort in the sorting environment associated with the given freshness environment.

Notation 7.1 Figure 5 makes use of the following notation.

• Rules (refl), (^-equivar) and (susp) make use of the abbreviations for judgements introduced in Notation 6.1.

• In rule (refl), V: denotes the sorting environment associated with a freshness environment V as in (35).

• In rule (subst), a, a' £ E(V:, (V'):) are substitutions (Section 5) and

V' h a « a' : V (40)

stands for the finite number of hypotheses V' h «j | cr(xi) « a'(xi) : si for

i = 1 ..n, assuming V = [ai $ x\ : si,...,an $ xn : sra]. The operation of substitution, t{a}, used in the rule was defined in Figure 3.

• The relation

V < V' (41)

of weakening between freshness environments used as a side-condition in rule (weak) is defined to hold if dom (V) C dom (V') and for all x e dom (V), if

V(.r) = (s,a), then V'(x) = (s,af) for some a! 2 a.

• In rules (atm-intro) and (atm-elim), if V = [ai # xi : si, ... ,an $ xn : s,J, then

= [a,! U {a} # Xl : si,... , an U {a} # xn : sra] . (42)

• In rule (atm-intro) the side-condition "a # (a, t, t')n refers to the semantic freshness relation (Definition 2.1) in the product nominal set Pfin(Atom) x £s(V:) x £s(V:). In other words the condition is that a a holds and that the relations a # t and a # t' hold as defined in (23). Similarly the side-condition "a, # (V, a, £,£')" to rule (atm-elim) means that these properties hold, together with a # V, as in (37).

Definition 7.2 (Logical Consequence) The set of theorems of a NEL-theory T is the least set of judgements containing the axioms of T and closed under the rules in Figure 5. We write

V bT a # t « t' : s (43)

to indicate that the judgement is a theorem of T and call (43) the logical consequence relation.

We are going to show that the rules in Figure 5 are both sound and complete for the interpretation of judgements in Nom. In other words, we will show that the logical consequence relation coincides with the semantic consequence relation of Definition 6.3. Completeness will eventually be proved in Section 10. For the moment we concentrate on the simpler property of soundness.

The rules of nominal equational logic combine the usual properties of equality (that it is an equivalence relation and is preserved under substituting equal terms) with some properties of the nominal sets notion of freshness (Definition 2.1) that have been identified in the literature [24,14,34,13,16] and which are listed in the following lemma.

Lemma 7.3 Let x be an element of a nominal set X.

(i) For each sort of atoms a e AtomSort, there is some a e Atoma with a # x.

(ii) If f : X —> Y is a morphism in Nom and a # x, then a # f (x).

(iii) If n e Perm and a # x, then n(a) # n • x.

(iv) If n,n' e Perm and {a e Atom | n(a) = n'(a)} # x, then n • x = n' • x.

Proof. Part (i) holds because support sets are finite, whereas the set Atoma is infinite. For part (ii), just note that since / is equivariant, if a E Pfin(Atom) supports x in X, then a supports f(x) in Y. For the proof of part (iii), see [25, Lemma 3.7].

For part (iv), since {a | n(a) = n'(a)} = {a | n 1n'(a) = a} = dom(n 1n'), it suffices to prove a more general version of Lemma 2.2:

Vn e Perm. dom (n) # x ^ n • x = x . (44)

This can be done by induction on the size of the finite set dom (n) (for all n simultaneously). In the base case dom (n) = 0, n(a) = a for all a, so n = i and thus n • x 1 • x x by definition of action. For the induction step, suppose dom(n) is non-empty and dom(n) # x, that is, a # x holds for all a with n(a) = a. Picking some a e dom(n), we first show that that dom((n(a) a)n) C dom(n) — {a}. Take some b e dom((n(a) a)n), that is ((n(a) a)n)(b) = b. If n(b) = n(a) then a = ((n(a) a)n)(b) = b; but this contradicts the bijectivity of n, so n(b) = n(a), so b = a. Then

either n(b) = a

or n(b) = a, so n(b) = ((n(a) a)n)(b) = b.

In each case n(b) = b = a, that is, b e dom(n) — {a}.

Since dom (n) — {a} has strictly fewer elements than dom (n), so does dom((n(a) a)n) and so by the induction hypothesis (n(a) a)n • x = x. So n • x = (a n(a)) • x and we just have to see that (a n(a)) • x = x. Since a e dom(n) it is also the case that n(a) e dom (n); but dom (n) # x and thus a # x and n(a) # x; therefore by Lemma 2.2, (a n(a)) • x = x. □

Theorem 7.4 (Soundness) If a judgement :sisa theorem of a

NEL-theory T, then it is satisfied by any T-algebra in Nom:

VhTa#i»i':s V NT a # i « i' : s .

Proof. Let M be a T-algebra. We have to show that the collection of judgements satisfied by M (Definition 6.3) is closed under each of the rules in Figure 5.

Closure of satisfaction under rules (refl), (symm) and (trans) is immediate from Definition 6.3. Closure under rule (subst) follows from the compositionality property (31) of the function (t,p) ^ M[t]p. It is easy to see from the definition of that function in (25) that the value M [t]p of any term t only depends on the values of p at variables that actually occur in the term; closure of satisfaction under rule (weak) follows easily from this observation. Closure under rules ($-equivar) and (susp) follows directly from the corresponding properties (iii) and (iv) of freshness in Lemma 7.3. The only two remaining cases are for rules (atm-intro) and (atm-elim), and they are worth giving in detail.

For rule (atm-intro), if p e M[V$a], then Vx e dom(p). a # p(x) and hence as noted in Definition 4.4, a # p. If we also have a # (t,t'), then by Lemma 7.3(ii) applied to the function (t,p) ^ M[t]p (which we noted in (26) is equivariant), we have a # M[£]p. Hence if M satisfies V h a ^ i ~ i' : s, it also satisfies V*a l-aU{a}#i«i/:s for any a with a # (t, t'). 7

' Rule (atm-intro) also includes the inessential side-condition a £ a, since without it the rule becomes an

For the rule (atm-elim), suppose a # (V, a, £,£'). If p G M[V], then we can use Lemma 7.3(i) to find an atom a! (of the same sort as a) with a! # (p, V, a, £, t'). Note that since a # V and a' # V, we have (a a') • p £ M[V]. In fact (a a') • p £ M[V#a] since a # (a a') • p (by Lemma 7.3(iii) applied to a' # p). So if M satisfies V*a haU{fl,}#ti«i':s, then

a # M[t]((a a') • p) = M[t']((a a') • p) £ M[s] . (45)

Since the function (t,p) ^ M[t]p is equivariant, we can apply (a a') • (—) to (45) and use Lemma 7.3(iii) to get

(a a') ■ a # M{(a a') • £j((a a')(a a') ■ p) = M[(a a!) ■ t'J((a a!){a a') ■ p) £ M{sj .

But (a a')(a a') = l and since {a, a'} # (a,t,t'), by Lemma 2.2 we also have (a a') ■a = a, (a a') -t = t and (a a') ■ t' = t'; so a # M\t\p = M[i']p G M{s]. Therefore M also satisfies V h a ^ i « i' : s. □

We end this section with an example of nominal equational reasoning.

Example 7.5 (a-Equivalence) Let Ta be the NEL-theory with signature as in Example 3.1 and whose single axiom is the judgement (a) from Figure 4. To illustrate nominal equational reasoning, we show that a-equivalent X-abstractions are prov-ably equal, in the sense that if a = a' are unequal elements of Atomv, then

a' fy x : tm h La x « La> (a a')x : tm (46)

is a theorem of Ta. 8 To see this, first note that by (refl) and (atm-intro) we have

a' fy x : tm hTa a' fy La x : tm (47)

and by (weak) applied to (a) we also have

a' fy x : tm hTa a fy La x : tm . (48)

Applying (trans) to (47) and (48) yields

a' fy x : tm hTa {a, a'} fy La x : tm . (49)

Thus taking V = [{a, a'} fy x : tm], V' = [a' fy x : tm] and a £ E(V:, (V'):) to be the substitution x ^ La x, (49) gives us

V' hTa a^a : V . (50)

An instance of (susp) with n = i (the identity permutation) and n' = (a a') is

{a, a'} fy x : tm hfa ix « (a a')x : tm . (51)

instance of (WEAK) in the case that a G a.

8 Here we are using the formulation of a-equivalence in terms of swapping with a fresh name: cf. [17, Proposition 2.2].

Since ix{a} = i * a(x) = i * (La x) = La x and ((a a')x){a} = (a a') * a(x) = (a a') * (La x) = La/((a a')x), we can apply (subst) to (50) and (51) to get (46) as a theorem of Ta, as required.

8 Equivariance

In ordinary equational logic we are used to the idea that a single axiom involving variables stands for a whole family of facts, obtained by substituting particular terms for the variables. In nominal equational logic, axioms involve not just variables, but also names, represented by atoms. For example the axiom

x : tm b a $ Lax : tm (a)

from the NEL-theory in Figure 4 involves a particular atom a e Atomv as well as the variable x e Var. Just as for ordinary equational logic, we can use rule (subst) from Figure 5 to replace x by particular terms. But what about replacing a by a different atom a'? If a' = a, then the judgement x : tm b a' $ L a' x : tm is not an axiom of the theory in Figure 4, by definition. Nevertheless it is a theorem of that theory. This is because the logical consequence relation (43) for any NEL-theory T turns out to be invariant under permuting atoms, even though we make no assumption that the set of axioms of T is closed under the permutation action.

Theorem 8.1 (Equivariance of Logical Consequence) For any NEL-theory T, if V I~t a ^ i ~ i' : s, then for all ir G Perm, ir ■ V bf tt ■ a $ ir ■ t « n ■ t' : s.

The theorem is a corollary of Lemma 5.2 and the following result.

Lemma 8.2 For any NEL-theory T, if

VhT«#iKi':s (52)

then for all n e Perm

Vbi,7r-a$7r*£«7r*£/:s. (53)

Proof. If (52) holds, then we have V b a « a' : [a $ x : s], where a and a' are the substitutions mapping x to t and t' respectively. Applying (subst) to this and (#-equivar) gives (53). □

Proof of Theorem 8.1. Suppose that V = [ai $ x\ : si,... ,an$ xn : s,J. Given n e Perm, consider the substitution n-1 * id defined as in Lemma 5.2. It maps each xi to n-1xi (i = 1..n) and is an element of £((n • V):, V:). By (refl) (for t = xj), (atm-intro) (applied repeatedly for each of the atoms in ir ■ a>i), (weak) (with respect to \n ■ a>i $ Xi : si] <7r • V), and (#-equivar) (for the permutation 7r_1), we have

7T • V bf Hi $ 7T~XXi « 7T~XXi : Si (i = l..n)

and hence

n • V bf n-1 * id « n-1 * id : V . (54)

So if (52) holds, then by Lemma 8.2 so does (53) and we can apply (subst) to this and (54) to deduce 7r-V Hr tt-a $ (7r*i){7r_1 *id} « (7r*i/){7r—1 *id} : s. Lemma 5.2 gives us (n * t){n-1 * id} = (n • t){id}; and the latter is n • t, by (27). Similarly, (7r * i/){7r—1 * id} = 7r • t'. Therefore we have tt ■ V hf 7r • a $ tt ■ t « n ■ t' : s, as required. □

Remark 8.3 (Theorems of T form a Nominal Set) Note that the set of judgements of the form (33) over a NEL-signature E, once equipped with the atom-permutation action

7T • (V h a # t « t' : s) = (tt • V h tt • a # tt • t « tt • i' : s) (55)

forms a nominal set. The freshness relation in this nominal set is

fl#(Vhfl#i«i': s) O fl#VAfl^aAa,#iAfl#t' (56)

using the freshness relation for terms (23) and for freshness environments (37).

Given a NEL-theory T over E, Theorem 8.1 says that its set of theorems is closed under the permutation action (55). Therefore it too is a nominal set, with freshness relation as in (56).

9 Ground Term Algebras

In this section we show how to form a T-algebra in Nom from the terms of a NEL-theory T that do not involve any variables. The construction provides a stepping stone towards the completeness result of the next section.

Definition 9.1 (Ground Terms) Let E be a NEL-signature. The set of ground terms of sort s £ SortE over E is defined to be Es(0), that is, the set of terms that are well-sorted of sort s in the empty sorting environment, 0. Note from Definition 4.2 that if t is a ground term it cannot involve any sub-terms that are suspensions, nx.

Now let T be a NEL-theory with signature E. By virtue of the rules (refl), (symm) and (trans) in Figure 5, the logical consequence relation of Definition 7.2 gives rise to an equivalence relation on Es(0) that relates t and t' if 0 hj t « t' : s. Let Mj[s] denote the quotient of Es(0) by this equivalence relation. We write the equivalence class of t as [t].

Recall from Section 4 that each set of terms Es(r) is a nominal set once we endow it with the Perm-action (n,t) ^ n • t of (22). In the case of ground terms, when r = 0, Lemma 5.2 implies that this action coincides with the one associated with substitution in Figure 3:

Vt £ Es(0). n • t = n * t. (57)

Note that by Theorem 8.1, this Perm-action on Es(0) preserves the equivalence relation 0 hj t ~ t' : s. Hence we get a well-defined action on the quotient set Mj [s], defined by

n • [t] = [n • t] = [n * t] . (58)

It is a fact about quotients in Nom in general that with this action Mj [s] is a nominal set. For if a finite set a G Pfin(Atom) supports t in Ss(0), then it also supports [t] in Mt[s], because for any a, a' a (of the same sort) (a a') ■ [£] = [(a a') • t] = [t]. Thus

a # t ^ a # [t] . (59)

However, we can be more precise about the freshness relation for the nominal set Mj [s]. As the following lemma shows, the semantic notion of freshness (Definition 2.1) coincides with the logical one determined by the rules in Figure 5 when one restricts to ground terms.

Lemma 9.2 (Semantic Freshness = Ground Logical Freshness) For all t e £s(0) and a e Atom

a # [t] e Mf[s] o 0 bf a $ t: s . (60)

Proof. Given t e £s(0) and an atom a, of sort a say, by Lemma 7.3(i) applied to the nominal set Atoma x £s(0), there is some a' e Atoma with a' # (a,t). By (refl) and (atm-intro) we have

0 bf a' $ t : s (61)

and hence by (^-equivar) and (subst)

0 bf a $ (a a') * t: s . (62)

Note that since a' # t, by (59) we also have

a' # [t] . (63)

Suppose a # [t] holds. Then by Lemma 2.2, (a a') • [t] = [t]. Therefore by (57), [(a a') * t] = [(a a') • t] = (a a') • [t] = [t] and hence 0 bf (a a') * t « t : s. Applying (trans) and (symm) to this and (62) yields 0 bf a $ t: s.

Conversely, if 0 bf a $ t : s holds, then by (61) and (trans) we have 0 bf {a, a'} $ t : s; and hence by (susp) and (subst), 0 bf (a a') * t « t : s. In other words [(a a') * t] = [t] and thus as above, (a a') • [t] = [t]. Then by Lemma 7.3(iii) on (63) we get a # (a a') • [t] = [t]. □

To make Mj into a structure for the signature £ underlying T, we have to give for each type s ^ s of £ an equivariant function

MT[ ] : OpE(s,s) —^ (Mf[s] Mj[s]) . (64)

Let this be the function mapping each op e OpE(s, s) to

Mf[op] ^ ([t1],...,[tn]) ^ [opt1 •••tn] . (65)

The fact that the function in (65) is well-defined (that is, [op t1 ••• tn] only depends upon the equivalence classes of t1,...,tn) is an application of rule (subst); and by

virtue of (22), the function is supported by any finite set of atoms that supports op in Ope. Finally, the same property (22) entails that the function Mj[ ] in (64) is equivariant.

Lemma 9.3 Given a term t £ Es(r) and a valuation p £ Mj[r], let a £ E(r, 0) be a substitution that represents p in the sense that p(x) = [a(x)], for all x £ dom(r). Then

Mj[t]p =[t{a}] . (66)

Proof. By induction on the structure of t. In the base case, when t = nx is a suspension, using (57) we have Mj[t]p = Mj[nx]p = n • p(x) = n • [a(x)] = [n • a(x)] = [n * a(x)] = [(nx){a}] = [t{a}]. The induction step, when t is of the form op t1 • - tn follows from (65). □

Theorem 9.4 (Ground Completeness) Mj is a T-algebra, that is, it satisfies all the axioms of T (and hence by the Soundness Theorem 7.4, all the theorems of T). Furthermore, for ground terms, a judgement 0 a $ t ~ t' : s is satisfied by Mj only if it is a theorem of T.

Proof. Suppose V b a $ t « t' : s is an axiom of T with V = [ai $ x\ : si,... ,an $ xn : sra] say. Given any valuation p G Mt[V], for each % = 1 ..n we have a # p(xi) £ Mj[si]. Choosing a representative term ti for each equivalence class p(xi), by Lemma 9.2 we have 0 bf a>i $ ti : Sj. Therefore the function a mappingeach xi to ti (i = 1..n) is a substitution in E(0, V:) that satisfies 0 hj a « a : V. Applying (subst) to this and V bf a $ t « t' : s gives 0 bt a $ t{a} « t'{a} : s and hence a # [ij17}] = [^l17}] e ^t[s] by Lemma 9.2 again. Lemma 9.3 and the definition of a gives a # Mf[i]p = Mj{t'}p. Since this holds for any valuation p G Mj [V], we have that Mj satisfies V b a $ t « t' : s.

So Mj is a T-algebra and it just remains to check that it satisfies a ground judgement 0 h a ^ i ~ i': s only if that judgement is a theorem of T. If it satisfies the judgement 0 b a $ t « t' : s, then a # Mf[i]p = Mt^'Jp holds for the unique valuation p in Mf[0]. By Lemma 9.3 this means a # [i{c}] = [i'{cr}] G Mf[s] for a the unique substitution in E(0,0). Since this is necessarily the identity substitution for the empty sorting environment, from (27) we get a # [t] = [t'] G Mf[s]. Thus by Lemma 9.2, 0 bf a $ t « t' : s holds. □

Example 9.5 (X-Terms Modulo aft^-Equivalence) If T is the NEL-theory of Example 6.2, then Mj[tm] is the usual nominal set of untyped X-terms modulo a/3r)-equivalence, for which the freshness relation coincides with the "not a free variable of" relation. To see this, first recall from Example 4.3 that Etm(0) is the set of syntax trees for X-terms with variables Va corresponding to atoms a £ Atomv, with X-abstraction terms written La t and with application terms written A11'. By virtue of the rules in Figure 5, the equivalence relation 0 hj t « t' : tm, by which Etm(0) is quotiented to get Mj[tm], is a congruence for X-abstraction and application. It contains the relation of a-equivalence because (46) is a theorem of T; and it contains

^-equivalence because of axiom (n) in Figure 4. It also contains ^-equivalence

[A (La t) t'] = [t]([t']/a]) e Mj[tm] (67)

where ([t], [t']) ^ [t]([t']/a]) is the usual notion of capture-avoiding substitution for A-terms. Property (67) follows from axioms (^-1)-(^-4) 9 by examining the structure of t; this is most easily proved as an application of the a-structural induction principle given in [25, Sect. 5.1], using the a-structurally recursive definition of capture-avoiding substitution given there. Altogether we have that if t and t' are a^n-equivalent syntax trees, then [t] = [t'] e Mf[tm]. Furthermore, one can show by induction on the structure of t that if a is not free in it, then a # [t] in Mj [tm]—the key point being that by virtue of axiom (a) and Lemma 9.2, we have a # [La t].

Conversely, one can show by induction on the derivation of a theorem V bf a $ t ~ t' : s from the rules in Figure 5 that for any ground substitution 0 bf a « a : V it is the case that the ground terms t{a} and t'{a} are a^n-equivalent syntax trees not containing a in their set of free variables. The proof relies upon the fact that all ground instances of the axioms in Figure 4 have this property; we omit the details. In particular, if a # [t] = [£'] G Mr [tin], then (taking a to be the identity) we get that t and t' are indeed a^n-equivalent syntax trees whose free variables are disjoint from a.

10 Completeness

In this section we prove the main result of the paper, namely that for any NEL-theory the logical consequence relation (Definition 7.2) and the semantic consequence relation (Definition 6.3) coincide. For conventional algebra, completeness of equational logic for the usual interpretation of terms in algebras in the category of sets is a simple result: Given an equational theory, the collection of terms is quo-tiented by provable equality to get an algebra for which satisfaction coincides with theorem-hood. The role of variables in this term-algebra construction is to act as indeterminates—constants that do not occur in the signature of the original theory. Indeed, instead of working with all terms, it comes to the same thing if one extends the signature with countably many new constants and forms the term-algebra from ground-terms, as in the previous section. This interchangeability of variables and fresh constants in conventional equational logic is not so straightforward for nominal equational logic. In the interpretation of our language of terms in Nom, variables stand for indeterminate elements of nominal sets that therefore have indeterminate finite support; whereas constants (which, as usual, we identify with operation symbols of arity 0) have fixed finite supports. To prove the completeness theorem, we have to show that provability of a judgement involving variables can be recovered from provability of ground instantiations of the judgement, where the variables are

9 Axiom (/9-5) is not needed here since its ground instances are derivable from the other axioms.

replaced by constants with suitably fresh supports. To do so, first we introduce some notation for tuples of distinct atoms and their transpositions.

Definition 10.1 Given a tuple a = a1,..., am of sorts of atoms, define:

Atom« 4 )(ai,... , am) e AtomQ1 x---x Atomc

/\ ai = aj

1<i<j<m

Permutations act on this set as for products of nominal sets of atoms (since permutation preserves distinctness of atoms):

(a1,...,am) e Atomjj) ^ n • (a1 ,...,arn) = (n(a1 ),...,n(arn)) e Atom^T) .

With this Perm-action Atom-j) is a nominal set, since clearly each (a1,... ,am) e Atom-j) is supported by {a1,..., am}; indeed this is the smallest such set of atoms, so that

a # (a,i,..., am) o a\ <£ a A • • • A a,m <£ a .

Lemma 10.2 (Generalised Transposition) For each tuple a = a1,... ,am of sorts of atoms there is a morphism in Nom

t : Atoml*) x Atom(!) —> Perm

(a, a') ^ ts>S'

satisfying for each a = [a1,..., am] and a — [a1,..., a^m ] in Atom

(i) Taa (ai) = aj for i = 1..m;

(ii) Ta a (a) = a, if a e {a1,... ,am ,a1,... ,amm}.

(iii) If a and a' are disjoint lists, then Taa = T^i,.

Proof. Given that we want (i) and (ii) to hold, to define t^, we just have to say how it acts on atoms in a' that are not in a, ensuring that we get a permutation. For each sort of atoms a, there is a sub-list b1,... ,bk of members of a of sort a not in a' and a sub-list b[,..., b'k, of members of a' of the same sort that are not in a. Since a, a' e AtomO1'' it follows that k = k'. (Both equal the number of occurrences of a in a minus the number of common members of a and a' of sort a.) So we can define 7-5,5, to map each bj to the corresponding bi. In this way we get an element Ta, 3, e Perm satisfying (i)-(iii); and it is not hard to see that the assignment (a, a') ^ ta a satisfies

nra, 3/n 1 = rn.s,n-S' (n e Perm, a, a' e Atoml^).

Recall from Definition 2.5 that Perm regarded as a nominal set has Perm-action given by conjugation (13). Thus property (71) says that the function (a, a') ^ a is equivariant and hence is a morphism in Nom. □

Definition 10.3 (Atom-Parameterised Constants) Given a tuple a = a1;... ,am of sorts of atoms and a sort s £ SortE of a NEL-signature E, let E[ca : s] denote the NEL-signature obtained from E by adding new operation symbols ca : [] ^ s as a ranges over AtomO^. Thus E[ca : s] has the same set of sorts as E and has nominal set of operators given by the coproduct (Definition 2.9) Ope + AtomO^,

represented concretely as a union Ope U {ca | a £ AtomO^}, where we assume each operation symbol ca is not already an element of Ope. So the Perm-action on the new operation symbols satisfies n • cg = cna; and the type of each c3 is [] ^ s.

If T is a NEL-theory with underlying signature E, then T[ca : s] denotes the theory with signature E[ca : s] and the same axioms as T.10

We will use atom-parameterised constants cai,..,am as indeterminates in the proof of the completeness theorem given below. Of course cai ...,am is not as indeterminate as is a variable x: The former represents an element of a nominal set for which a support set is known, namely {a1,..., am}; whereas the latter represents an element whose support only has to avoid at most finitely many atoms a, supposing an assumption a $ x : s occurs in the current freshness context. Nevertheless, as the following proposition shows, one can recover a T-theorem involving a variable from an instance of it obtained by substituting a new atom-parameterised constant for the variable. The proposition makes use of single term substitution: The term t{t'/x'} is defined by recursion on the structure of t by:

(op t1 •••tn){t'/x'} = op t1{t'/x'}-^tn{t'/x'}

t \ (-L' I n A 1 n x if x = x (72)

(nx){t'/x'} = ^ '

In * t if x = x

where n * t' is as in Figure 3. This is a special case of the kind of simultaneous substitution t ^ t{a} considered in Section 5, in the sense that if t £ Es(r,x' : s') (with x' £ dom(r)) and t' £ Es/(r), then t{t'/x'} = t{a} £ Es(r) where a £ E((r,x' : s'), r) is the substitution mapping x' to t' and mapping each x £ dom(r) to itself.

Proposition 10.4 Suppose V,ai $ x\ : si b a ^ t « t' : s is a well-formed, judgement (with x1 £ dom(V)) over the signature E of a NEL-theory T. Given any finite set of atoms a' supporting the judgement, that is, supporting (V,ai,a, t,t'), let a! = a'1:..., a'm be a list of the distinct atoms in a' — a\ and suppose a' has sort oti for i = 1..m. Let T[ca : s1 ] be the NEL-theory obtained from T as in Definition 10.3. Then

V bT[Cc,:sl] a # t{cs>/x 1} « t'{cSi/x 1} : s V, ai # xi : si bT a # t « t' : s . (73)

To prove this proposition, we use an operation on terms that replaces atom-parametrised constants by variables: Given t £ E[ca : s1]s (V:), Figure 6 defines a

10 Strictly speaking, we are relying upon the easily verified fact that Es/ (r) C E[ca : s]s/ (r)—so that well-formed judgements over E are also well-formed judgements over E[ca : s].

(nx){cj/ := xi} = nx

(op tx ■■■t := Xl} = fTs' 's xi if °P = ca

n a \op (ti{cj/ : = xi}) ■ ■ ■ (tn{cj/ := xi}) otherwise

Fig. 6. Replacing Atom-Parameterised Constants by Variables

term t{cj/ := xi} G Es(V:,xi : si), obtained by replacing each cj by the suspension Tj/,jxi, where tj ,j is the generalised transposition from Lemma 10.2. The following lemmas give the properties of the operation in Figure 6 that we need.

Lemma 10.5 (i) If t does not contain any of the operation symbols in {cj | a G Atom^}, then t{cj/ := xi} = t.

(ii) If xi and xi do not occur in t and if a is the substitution that swaps xi and xi, then t{cj/ := xi}{a} = t{cj/ := xi}.

(iii) n ■ (t{cj/ := xi}) = (n ■ t){cn.j/ := xi}.

(iv) If a # (t,a'), then a # t{cj/ := xi}.

Proof. Parts (i) and (ii) follow easily by induction on the structure of t. The same is true for part (iii), using (71). Part (iv) follows from part (iii) by Lemma 7.3(ii).n

Lemma 10.6 Suppose T is a NEL-theory, with underlying signature £ say, and that T[ca : si] is the theory obtained from it as in Definition 10.3. If V is a

freshness environment, a is a finite set of atoms, t,t' G : si]s(V:) and a\

supports (V, a, £,£'), then

V.Ti G Var. Va' G Atoml^. xi dom(V) A ai # a! => V,ai # X! : s hr a # t{cs> := .Ti} « t'{cs> := .Ti} : s

3x\ G Var. 3a' G Atoml*^ xi dom(V) A ai # a' A V, a<\ $ x\ : s Hr a $ t{c^ := £1} « t'{c^ := £1} : s .

Proof. This is an example of a "some/any" property of freshness in nominal sets— see [25, Lemma A.4(2)]. It is clear that (74) implies (75). For the converse, first note that the variable xi can be changed to any other xi G dom (V) using (subst) and Lemma 10.5(ii). Similarly, a' G Atom^ ^ can be changed to any other a'' G Atom|j-1 by using part (iii) of that lemma together with the equivariance of logical consequence (Theorem 8.1) applied to the permutation tj/,j// from Lemma 10.2. □

Lemma 10.7 Let T[ca : si] be as in the previous lemma. (i) Given a freshness environment V, if xi G dom(V), n G Perm, t G £[ca :

si]s(V:,.Ti : Si), a\ supports (V,7r,t) and a' G Atom^ with a\ # a', then

V, ai # xt : si hT (tt * t){cs, := .n} « tt * (i{c3/ := Xi}) : s .

(ii) Given freshness environments Vi, V2, if o G S[ca : si]((Vi(V2x\ G dom(Vi) U dom(V2), t G : si]s((Vi):,.xi : si), ai supports (Vi, V2,cr,i) and a' G Atom^ with a\ # a', i/iera

V2,ai # .Ti : si hT i{cr}{c3/ := xi} « t{cs, := .Ti}{cr{c5/ := xi}} : s

where o{cg/ := xi} G E(((Vi):,xi : si), ((V2):,xi : si)) is the substitution mapping each x G dom(Vi) to o(x){ca' := xi} and mapping xi to itself.

Proof. Both parts are proved by induction on the structure of t. For (i) when

t = eg, one uses V,ai $ x\ : si hf t^'^.^x 1 « ttts\sxi : si. This holds by (susp) and (weak) using

Q'l 2 {a- | a} (since dom(7r_1) = dom(n) C ai)

= {a | nrs,jSn-i(a) = nrs/js(a)} = {a I Tn.s'n-a(a) = nrs<js(a)} (by (71)) = {a | rsi^.s(a) ^ 7TTS^s(a)} (since dom(tt) C ai # a')-

For (ii) when t is a suspension, one uses part (i). □

Lemma 10.8 Let : si] be as in Lemma 10.6. //V I~t[c(s:si] a $ t ~ t' : s

and a\ supports (V,a, t,t'), then for any x\ dom(V) and any a' G Atom^ with a>i # a', it is the case that V,ai $ X\ : s \~j a, fa t{c# := .Xi} « t'{c^ := £1} : s.

Proof. This is proved by induction on the derivation of V l~i[C(S:si] a $ t ~ t' : s. Let IH be the set of well-formed judgements

V h a # t « t' : s (76)

over the signature of : si] such that for all a\ supporting (V,a, t,t'), (74) holds. Note that if (76) is an axiom of T[ca : si], it is by definition an axiom of T and hence does not contain any occurrences of the operation symbols cg. So by Lemma 10.5(i), V,ai $ x\ : s bx a $ t{cs> := .xi} « t'{cs> := £1} : s is V,ai $ x\ : s ht a $ t ~ t' : s, which is a theorem of T by applying (weak) to the axiom (76). So IH contains the axioms of T[ca : si] and to prove the lemma we just have to show that it is closed under each of the rules in Figure 5. Closure under rules (refl), (symm), (weak), (atm-intro), (^-equivar) and (susp) is straightforward. Closure under (trans), (subst) and (atm-elim), where the support of the hypotheses of each rule is possibly bigger than that of its conclusion, requires some work. We give the argument for (trans). The proof for the other two rules is similar, using Lemma 10.7(ii) for the case of (subst).

To prove closure under (trans) , suppose

(V b a ft t « t' : s), (V b a' ft t' « t" : s) G IE . (77)

To see that (V b a U a! ft t « t" : s) G IH, for any a\ supporting (V, a U a!, t,t"), by Lemma 10.6 it suffices to find some xi G dom (V) and some a' G Atom« with a>i # a! and

V, a\ ft x\ isbaUa'^ t{cS/ := « t":= .xi} : s . (78)

Pick some x\ dom(V), some a2 G Pfin(Atom) supporting (ai,t') and some a! G Atom« disjoint from a2 and hence also satisfying ai # a'. From (77) we get V,a2 ft X\ : Si bja ft t{cg/ := « := £1} : s and V,a2 ft X\ : Si bja ft t{cff :=

zi} ~ ¿{ca> := xi} : s. Noting that (V,a2 ft : Si) < (V,ai # Xi : si)^"2-"1), by (trans) and (weak)

(V,ai ft xi : si)#(*2_Sl) bT a U a' # t{cs, := Xl} « i"{c5/ := xi} : s . (79)

But a U a' C ai, so (a2 — ai) # a U a'; and ai supports V, so (a2 — ai) # V. Also, since (a2 — ai) # (a',t,t"), by Lemma 10.5(iv) we have (a2 — ai) # (t{cff := xi},t''{cj/ := xi}). Therefore we can apply (atm-elim) to (79), obtaining (78), as required. □

Proof of Proposition 10.4. First note that since substitution is equivariant (Corollary 5.3), by Lemma 7.3(h) we have that a' supports t{cg>/xi} and t'{cs>/xi}. Therefore, picking any x^ G dom(V) U {.xi} and a" G Atom« with a' # a", by Lemma 10.8 if V bT[Cs.Sl] a ft t{cg>/xi} « t'{cs>/xi} : s holds, then so does

V, a' ft x[ : si bT a ft i{c3//.Ti}{c5// := xi} « t'{cs>/x\}{cs» := xi} : s .

From this, using Lemma 10.7(ii), Lemma 10.5(i) and the definition in Figure 6, we

V, a' ft x[ : si bT a ft t{rs»^ x'Jx^} « t'w x^/xx} : s . (80)

Note that from Lemma 10.2, fixes the atoms in a\ and maps a" onto a'.

Therefore, writing a" for the union of a\ with the atoms in a", by (#-equivar) and (weak) we have

V,a" ft xi : si bT a' ft TS",S' xi : si . (81)

Since a' and a'' are disjoint, by Lemma 10.2(iii) we have tj,j//tj/,j// = i. So by (subst), (80) and (81) we get

V, a" ft x[ : si bT a ft t « t' : s .

Since (V,a" ft x[ : si) < (V,ai ft x\ : si)^(a"~ai), we can apply (weak) to this to get

(V, ai ft xx : Slf{a"~ai) bT a ft t « t' : s . (82)

By definition of a", the set a" — a\ consists of the atoms in a"; and we chose these to be disjoint from the set a! supporting (V,ai,a,£,£'). So we can apply (atm-elim) to (82) to get V, a\ $ x\ : si hf a $ £ « t' : s, as required. □

Proposition 10.9 With the same assumptions as in the .statement of Proposition 10.4, it is the case that

V, ai # xi : si hr a # £ « t' : s V NT[Cc,:sl] a # t{cs>/x 1} « t'{cs>/x 1} : s . (83)

Proof. First note that for any two NEL-theories T and T', if the signature and axioms of T are contained in those of T', then the judgements over the signature of T that are theorems of T' contain the axioms of T and are closed under the rules in Figure 5. Therefore

VhTI#iKi':s Vhra#iKi': s . (84)

In particular, every T[ca : si]-algebra M is a T-algebra when we forget the finitely supported functions assigned by the structure M to the operation symbols c*. Now suppose

V, ai # Xi : si l=T a # £ « t' : s (85)

holds. To prove (83) we have to show for each T[ca : si]-algebra M and valuation p G M [V! that

a # M[t{cs,/xi}\p = M[t'{cs,/xi}\p G M[s! (86)

holds. As noted in (69), we have a,\ # a!, since a! is disjoint from a\. Hence by Lemma 7.3(ii) applied to the equivariant function M{—], we have a\ # M[c^/] G M[si]. Therefore the extended valuation p[x 1 1—» M[cs/]] lies in M[V, a<\ $ x\ : si]. So regarding M as a T-algebra as above, from (85) we get

ai # M[t!(p[xi ~ M[c*!]) = M[t'!(p[xi » M[cz!]) G M[s! .

Now we can apply the compositionality property (31) of substitutions to obtain (86), as required for property (83). □

Using Propositions 10.4 and 10.9, we can now prove the desired completeness result.

Theorem 10.10 (Completeness) A judgement V h a ^ i « t': s is a theorem of a NEL-theory T if it is satisfied by any T-algebra in Nom:

VNTa#i»i':s VhTa#i»i':s. (87)

Proof. We prove (87) by induction on the length of the freshness environment V, for all T, a, t, t' and s simultaneously. The base case when the length is zero is a consequence of the Ground Completeness Theorem 9.4. For the induction step, if V, a\ $ x\ : si I=t a $ t « t' : s (with x\ dom(V)), then by (83) we get

V l=T[ca:si] a # t{cs,/x 1} « t'{cs,/x 1} : s

and hence by induction hypothesis

v br[ca:si] a # t{cs>/xi} « t'{cs,/xi} : s . Now we can apply (73) to deduce V,äi ft x\ : si hf ä ft t « t' : s, as required. □

11 Related Work

The first logical analyses of the permutative treatment of names, binding and a-equivalence were in terms of set theory [17] and higher-order logic [12]. They concentrated upon the logical properties of "support" (see Section 2). The complimentary "not-in-the-support-of" relation that we call freshness, turns out to be more relevant for the intended applications of the theory—such as structurally recursive/inductive properties of syntactical data modulo a-equivalence [25]. Indeed a large part of the theory depends on some simple, first order properties of freshness that were identified in [24]. The "nominal logic" introduced in that paper treats atoms like any other sort of data in many-sorted first-order logic; and thus statements about atoms are phrased in terms of variables ranging over a sort of atoms. An alternative is to include concrete atoms in the syntax of the logic. Since atoms are indeed atomic, that is, there are no compound expressions of atom sort, there may seem to be little difference between a concrete atom and a variable of sort atom. But there is an important difference: Two different variables x and y may, upon substitution, get replaced by the same entity; whereas two different atoms a and b, upon permutation, always remain distinct relative to each other. The perspective of the presheaf models of names and binding introduced by Fiore, Plotkin and Turi [9] is helpful here: Variables obey a renaming discipline involving all functions between finite sets, whereas atoms obey one involving only injective functions. In any case, the use of concrete atoms enabled Cheney and Gabbay to develop a Gentzen-style version of nominal logic with much better proof-theoretic properties than the original version—see [13,14,5]. A careful use of concrete atoms is also an important feature of the work on nominal unification [34] and logic programming [4,6]. For example, restricting "swapping terms" (t t') ■ t'' to just be of the form (a a') ■ t'' where a and a' are concrete atoms, allows one to restrict the syntactic occurrence of swapping to just the variables-with-suspended-permutations, nx, that were first introduced in the work on nominal unification [34] and that play an important role here.

The work most closely related to the results presented here is that on nominal algebra by Gabbay and Mathijssen [16,15]. This takes the notion of nominal signature and the language of nominal terms from [34,8] and develops an extension of equational logic closely related to the one presented here. The main difference is that their theory of nominal algebra treats freshness as a subsidiary notion: Their nominal algebraic theories can contain equational axioms (conditioned by freshness assumptions about variables), but not freshness axioms. Thus in the system of [15] freshness respects only definitional equality, but not logical equality. In other words,

the rule

V h a f t : s V h t « t' :

V h a f t' : s

is not valid for Gabbay and Mathijssen's nominal algebra, whereas it is derivable in our nominal equational logic (from rule (trans) in Figure 5, bearing in mind that we regard "a f t : s" as an abbreviation for "{a} f t « t: s", and "t « t' : s" as an abbreviation for "0 f t « t' : s"). So, unlike here, nominal algebra does not provide a complete axiomatisation of the semantic notion of freshness within nominal sets. On the other hand, in the Gabbay-Mathijssen approach, their intentional notion of freshness remains a simple, decidable property that is used as a side condition on equations. This seems quite natural from the point of view of term-rewriting; and Gabbay and Mathijssen give several interesting examples to support the claim that, from the point of view of logical theories, giving equality priority over freshness in this way is sufficiently expressive. Partly this expressivity is due to the fact that they make use of the atom-abstraction arities ([a]s) and terms ([a]t) that are part of the notion of nominal signature [34, Definitions 2.1 and 2.3].

One consequence of our willingness to consider logical rather than just definitional freshness is that we are able to avoid the need for special syntax for atom-abstractions and can use arities and terms that are remarkably close to those of ordinary equational logic. For example, consider the NEL-theory for A-calculus from Example 6.2, where the fact that A-abstraction is a binder is axiomatised with a family of operation symbols La of type tm ^ tm (with a ranging over the set Atomv of atoms of sort v) together with the freshness axiom (a). Whereas in nominal algebra, this is accomplished with a single operation symbol L of type [v]tm ^ tm and no axiom is needed (because of the logical properties of the atom-abstraction arity [v]tm). Here, as well as wanting to completely axiomatise semantic freshness, we have striven for simplicity: The sorts, terms and rules of Nominal Equational Logic are as close to those of ordinary equational logic as we can make them. We believe this is a reasonable starting point for the study of "nominal universal algebra". However, atom-abstraction arities could be added to NEL and probably should be, since making binding information part of a signature rather than part of a theory's axioms is a good idea. Indeed, it would be interesting to try to add more complicated notions of binding specification, such as the one used by Pottier in his Caml system [26].

A second way in which the NEL-signatures introduced in this paper differ from the nominal signatures of [34,8] is that we have avoided the use of sorts of atom in arities. So for example in a nominal signature for A-calculus, object-level variables are introduced via a single operation symbol V : v ^ tm that is applied to nominal terms of atom sort v (which may be atoms or variable suspensions); whereas in the corresponding NEL-signature (Example 3.1) one has a family of operation symbols Va : [] ^ tm indexed by atoms a G Atomv. Not regarding sorts of atom to be "data" sorts simplifies the notion of arity at the expense of increasing the number of operation symbols. Thus the notion of finitely presented NEL-signature is more complicated than the corresponding notion for nominal signatures; we do

not study this notion here. NEL's simple notion of arity also means that we avoid the use of variables ranging over sorts of atoms; it remains to be seen whether this simplification really restricts expressive power.

Nominal equational logic is intended to capture the algebraic properties of freshness of names in general. From this perspective the running example of A-calculus that we have used in this paper is rather special, since it concerns the use of named object-level variables and axioms for properties of substitution of terms for variables. This particular use of names is much studied in the literature, including from an algebraic perspective. For example Pigozzi and Salibra have studied a notion of lambda abstraction algebra [23,28] that should be compared with the NEL-theory of Example 6.2.

This paper is a first step towards developing a "nominal" version of universal algebra. We believe that the results presented here, and the work of Gabbay and Mathijssen mentioned above, show that the equational properties of freshness are a potentially useful tool for studying computer science languages involving names. However, much remains to be understood. In particular, the category of nominal sets has a "freshness tensor product"

X g Y = {(x,y) G X x Y | x and y have disjoint support}

that is clearly relevant to the algebraic properties of freshness (cf. [29]). The form of generalised algebra that uses finitary enriched monads [18,27] has already been applied to presheaf categories [31] and nominal sets [10] to study algebraic properties of binding, name-restriction and renaming. The connection between our quite syntactic approach and this form of generalised algebra, and categorical algebra in general, needs to be addressed.

References

[1] Abramsky, S., D. R. Ghica, A. S. Murowski, C.-H. L. Ong and I. D. B. Stark, Nominal games and full abstraction for the nu-calculus, in: 19th Annual Symposium on Logic in Computer Science (2004), pp. i50-i59.

[2] Barendregt, H. P., "The Lambda Calculus: Its Syntax and Semantics," North-Holland, i984, revised edition.

[3] Berger, U. and H. Schwichtenberg, An inverse of the evaluation functional for typed \-calculus, in: 6th Annual Symposium on Logic in Computer Science (i99i), pp. 203-2ii.

[4] Cheney, J., "Nominal Logic Programming," Ph.D. thesis, Cornell University (2004).

[5] Cheney, J., Completeness and Herbrand theorems for nominal logic, Journal of Symbolic Logic 71 (2006), pp. 299-320.

[6] Cheney, J. and C. Urban, aProlog: A logic programming language with names, binding and a-equivalence, in: B. B. Demoen and V. Lifschitz, editors, Logic Programming, 20th International Conference, ICLP 2004, Saint-Malo, France, September 2004, Proceedings, Lecture Notes in Computer Science 3132 (2004), pp. 269-283.

[7] Dybjer, P. and A. Filinski, Normalization and partial evaluation, in: G. Barthe, P. Dybjer and J. Saraiva, editors, Applied Semantics, Advanced Lectures, Lecture Notes in Computer Science, Tutorial 2395, Springer-Verlag, 2002 pp. i37-i92, International Summer School, APPSEM 2000, Caminha, Portugal, September 9-i5, 2000.

[8] Fernandez, M., M. Gabbay and I. Mackie, Nominal rewriting systems, in: Proc. 6th ACM-SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP'04) (2004), pp. 108—119.

[9] Fiore, M. P., G. D. Plotkin and D. Turi, Abstract syntax and variable binding, in: 14th Annual Symposium on Logic in Computer Science (1999), pp. 193—202.

10] Fiore, M. P. and S. Staton, A congruence rule format for name-passing process calculi from mathematical operational semantics, in: 21st Annual Symposium on Logic in Computer Science, Seattle, USA (2006), pp. 49-58.

11] Gabbay, M. J., "A Theory of Inductive Definitions with a-Equivalence: Semantics, Implementation, Programming Language," Ph.D. thesis, University of Cambridge (2000).

12] Gabbay, M. J., FM-HOL, a higher-order theory of names, in: F. Kamareddine, editor, Workshop on Thirty Five years of Automath, Informal Proceedings, Heriot-Watt University, Edinburgh, Scotland, 2002.

13] Gabbay, M. J., Fresh logic, Journal of Logic and Computation (200X), to appear.

14] Gabbay, M. J. and J. Cheney, A sequent calculus for nominal logic, in: 19th IEEE Symposium on Logic in Computer Science (LICS'04) (2004), pp. 139-148.

15] Gabbay, M. J. and A. Mathijssen, Nominal algebra (2006), preprint.

16] Gabbay, M. J. and A. Mathijssen, One-and-a-halfth-order logic, in: 8th ACM-SIGPLAN International Symposium on Principles and Practice of Declarative Programming (PPDP'06), Venice, Italy (2006), pp. 189-200.

17] Gabbay, M. J. and A. M. Pitts, A new approach to abstract syntax with variable binding, Formal Aspects of Computing 13 (2002), pp. 341-363.

18] Kelly, G. M. and A. J. Power, Adjunctions whose counits are coequalizers, and presentations of finitary enriched monads, Journal of Pure and Applied Algebra 89 (1993), pp. 163-179.

19] MacLane, S. and I. Moerdijk, "Sheaves in Geometry and Logic. A First Introduction to Topos Theory," Springer-Verlag, New York, 1992.

20] Meinke, K. and J. V. Tucker, Universal algebra, in: S. Abramsky, D. M. Gabbay and T. S. E. Maibaum, editors, Handbook of Logic in Computer Science, Volume 1, Oxford University Press, 1992 pp. 189-411.

21] Milner, R., J. Parrow and D. Walker, A calculus of mobile processes (parts I and II), Information and Computation 100 (1992), pp. 1-77.

22] Norrish, M., Recursive function definition for types with binders, in: Theorem Proving in Higher Order Logics, 17th International Conference, Lecture Notes in Computer Science 3223 (2004), pp. 241-256.

23] Pigozzi, D. and A. Salibra, Lambda abstraction algebras: Representation theorems, Theoretical Computer Science 140 (1995), pp. 5-52.

24] Pitts, A. M., Nominal logic, a first order theory of names and binding, Information and Computation 186 (2003), pp. 165-193.

25] Pitts, A. M., Alpha-structural recursion and induction, Journal of the ACM 53 (2006), pp. 459-506.

26] Pottier, F., An overview of Caml, in: ACM SIGPLAN Workshop on ML (ML 2005), Tallinn, Estonia, Electronic Notes in Theoretical Computer Science (2005), pp. 27-52.

27] Robinson, E. P., Variations on algebra: monadicity and generalisations of equational theories, Formal Aspects of Computing 13 (2002), pp. 308-326.

28] Salibra, A., On the algebraic models of lambda calculus, Theoretical Computer Science 249 (2000), pp. 197-240.

29] Schopp, U. and I. D. B. Stark, A dependent type theory with names and binding, in: Computer Science Logic, CSL04, Karpacz, Poland, Lecture notes in Computer Science 3210 (2004), pp. 235-249.

30] Shinwell, M. R., A. M. Pitts and M. J. Gabbay, FreshML: Programming with binders made simple, in: Eighth ACM SIGPLAN International Conference on Functional Programming (ICFP 2003), Uppsala, Sweden (2003), pp. 263-274.

31] Stark, I. D. B., Free-algebra models for the n-calculus, in: Foundations of Software Science and Computation Structures: Proceedings of FOSSACS 2005, Lecture Notes in Computer Science 3441 (2005), pp. 155-169.

[32] Stoughton, A., Substitution revisited, Theoretical Computer Science 59 (1988), pp. 317-325.

[33] Urban, C. and S. Berghofer, A recursion combinator for nominal datatypes implemented in Isabelle/HOL, in: 3rd International Joint Conference on Automated Reasoning (IJCAR 2006), Seattle, USA, Lecture Notes in Computer Science 4130 (2006), pp. 498-512.

[34] Urban, C., A. M. Pitts and M. J. Gabbay, Nominal unification, Theoretical Computer Science 323 (2004), pp. 473-497.