Contextual Approximation and HigherOrder Procedures
 1 Citations
 429 Downloads
Abstract
We investigate the complexity of deciding contextual approximation (refinement) in finitary Idealized Algol, a prototypical language combining higherorder types with state. Earlier work in the area established the borderline between decidable and undecidable cases, and focussed on the complexity of deciding approximation between terms in normal form.
In contrast, in this paper we set out to quantify the impact of locally declared higherorder procedures on the complexity of establishing contextual approximation in the decidable cases. We show that the obvious decision procedure based on exhaustive \(\beta \)reduction can be beaten. Further, by classifying redexes by levels, we give tight bounds on the complexity of contextual approximation for terms that may contain redexes up to level k, namely, \((k1)\)EXPSPACEcompleteness. Interestingly, the bound is obtained by selective \(\beta \)reduction: redexes from level 3 onwards can be reduced without losing optimality, whereas redexes up to order 2 are handled by a dedicated decision procedure based on game semantics and a variant of pushdown automata.
Keywords
Base Type Turing Machine Game Semantic Pushdown Automaton Exponential Space1 Introduction
Contextual approximation (refinement) is a fundamental notion in programming language theory, facilitating arguments about program correctness [14] as well as supporting formal program development [5]. Intuitively, a term \(M_1\) is said to contextually approximate another term \(M_2\), if substituting \(M_1\) for \(M_2\) in any context will not lead to new observable behaviours. Being based on universal quantification over contexts, contextual approximation is difficult to establish directly. In this paper, we consider the problem of contextual approximation in a higherorder setting with state. Contextual reasoning at higherorder types is a recognised challenge and a variety of techniques have been proposed to address it, such as Kripke logical relations [3] or game models [2]. In this work, we aim to understand the impact of locally defined higherorder procedures on the complexity of establishing contextual approximation. Naturally, one would expect the complexity to grow in the presence of procedures and it should grow as the typetheoretic order increases. We shall quantify that impact by providing tight complexity bounds for contextual approximation in our higherorder framework. The results demonstrate that, from the complexitytheoretic point of view, it is safe to inline procedures only down to a certain level. Below that level, however, it is possible to exploit compositionality to arrive at better bounds than those implied by full inlining.
The vehicle for our study is Idealized Algol [1, 13], the protypical language for investigating the combination of local state with higherorder procedures. In order to avoid obviously undecidable cases, we restrict ourselves to its finitary variant \(\mathsf {IA}_\mathrm{f}\), featuring finite base types and no recursion (looping is allowed, though). Both semantic and syntactic methods were used to reason about Idealized Algol [1, 12] in the past. In particular, on the semantic front, there exists a game model that captures contextual approximation (in the sense of inequational full abstraction) via completeplay inclusion. Earlier work in the area [6, 9, 11] used this correspondence to map out the borderline between decidable and undecidable cases within \(\mathsf {IA}_\mathrm{f}\). The classification is based on typetheoretic order: a term is of order i if its type is of order at most i and all free variables have order less than i. We write \(\mathsf {IA}_{i}\) for the set of \(\mathsf {IA}_\mathrm{f}\)terms of order i. It turns out that contextual approximation is decidable for terms of all orders up to 3, but undecidable from order 4 onwards. The work on decidability has also established accurate complexity bounds for reasoning about contextual approximation between terms in \(\beta \)normal form as well as terms with the simplest possible \(\beta \)redexes, in which arguments can only be of base type. For order3 terms, the problem can be shown EXPTIMEcomplete [11], while at orders 0, 1, 2 it is PSPACEcomplete [10]. In this paper, we present a finer analysis of the decidable cases and consider arbitrary \(\beta \)redexes. In particular, functions can be used as arguments, which corresponds to the inlining of procedures.
We evaluate the impact of redexes by introducing a notion of their level: the level of a \(\beta \)redex \((\lambda x.M)N\) will be the order of the type of \(\lambda x.M\). Accordingly, we can split \(\mathsf {IA}_{i}\) into sublanguages \(\mathsf {IA}_{i}^k\), in which terms can contain redexes of level up to k. \(\mathsf {IA}_{i}^0\) is then the normalform case and \(\mathsf {IA}_{i}^1\) is the case of basetype arguments. Obviously, the problem of contextually approximating \(\mathsf {IA}_{i}^k\) (\(i\le 3, k\ge 2\)) terms can be solved by \(\beta \)reduction (and an appeal to the results for \(\mathsf {IA}_{i}^0\)), but this is known to result in a kfold exponential blowup, thus implying a \((k+1)\)EXPTIME upper bound for \(\mathsf {IA}_{3}^k\). This bound turns out to be suboptimal. One could lower it by reducing to \(\mathsf {IA}_{i}^1\) instead, which would shave off a single exponential, but this is still insufficient to arrive at the optimal bound. It turns out, however, that reducing \(\mathsf {IA}_{3}^k\) terms to \(\mathsf {IA}_{3}^2\) (all redexes up to order 3 are eliminated) does not lead to a loss of optimality. To work out the accurate bound for the \(\mathsf {IA}_{3}^2\) case, one cannot apply further \(\beta \)reductions, though. Instead we devise a dedicated procedure based on game semantics and pushdown automata. More specifically, we introduce a variant of visibly pushdown automata [4] with \(\epsilon \)transitions and show how to translate \(\mathsf {IA}_{3}^2\) into such automata so that the accepted languages are faithful representations of the term’s game semantics [1]. The translation can be performed in exponential time and, crucially, the automata correspoding to \(\mathsf {IA}_{3}^2\)terms satisfy a boundedness property: the stack symbols pushed on the stack during \(\epsilon \)moves can only form contiguous segments of exponential length with respect to the term size. This allows us to solve the corresponding inclusion problem in exponential space with respect to the original term size. Consequently, we can show that \(\mathsf {IA}_{3}^2\) contextual approximation is in EXPSPACE.
\(k=0\)  \(k=1\)  \(k\ge 2\)  

\(\mathsf {IA}_{1}^k\)  PSPACEcomplete [10]  PSPACEcomplete [10]  \((k1)\)EXPSPACEcomplete 
\(\mathsf {IA}_{2}^k\)  PSPACEcomplete [10]  PSPACEcomplete [10]  \((k1)\)EXPSPACEcomplete 
\(\mathsf {IA}_{3}^k\)  EXPTIMEcomplete [11]  EXPTIMEcomplete [11]  \((k1)\)EXPSPACEcomplete 
2 Idealized Algol
The operational semantics of \(\mathsf {IA}_\mathrm{f}\), based on callbyname evaluation, can be found in [1]; we will write \(M\!\Downarrow \) if M reduces to \(\mathbf {skip}\). We study the induced contextual approximation.
Definition 1
We say that \({\varGamma } \vdash {M_1:\theta }\)contextually approximates\({\varGamma } \vdash {M_2:\theta }\) if, for any context \(C[]\) such that \(C[M_1],C[M_2]\) are closed terms of type \(\mathsf {com}\), we have \(C[M_1]\!\Downarrow \) implies \(C[M_2]\!\Downarrow \). We then write Open image in new window .
Definition 2
Let \(i\ge 0\). The fragment \(\mathsf {IA}_{i}\) of \(\mathsf {IA}_\mathrm{f}\) consists of \(\mathsf {IA}_\mathrm{f}\)terms \(x_1:\)\(\theta _1,\cdots , x_n:\theta _n{M:\theta }\) such that \(\mathsf {ord}({\theta _j})<i\) for any \(j=1,\cdots ,n\) and \(\mathsf {ord}({\theta })\le i\).
Contextual approximation is known to be decidable for \(\mathsf {IA}_{1}\), \(\mathsf {IA}_{2}\) and \(\mathsf {IA}_{3}\) [11], but it is undecidable for \(\mathsf {IA}_{4}\) [9].
Definition 3

The level of a \(\beta \)redex \((\lambda x^\theta .M)N\) is the order of the type of \(\lambda x^\theta .M\).

A term has degreek if all redexes inside it have level at most k.

\(\mathsf {IA}_{i}^k\) is the subset of \(\mathsf {IA}_{i}\) consisting of terms whose degree is at most k.
\(\beta \)reduction can be used to reduce the degree of a term by one at an exponential cost.
Lemma 1
Let \(d\ge 1\). A \(\lambda \)term M of degree d can be reduced to a term \(M'\) of degree \(d1\) with a singlyexponential blowup in size.
3 Games
Game semantics views computation as an exchange of moves between two players, called O and P. It interprets terms as strategies for P in an abstract game derived from the underlying types. The moves available to players as well as the rules of the game are specified by an arena.
Definition 4

\(M_A\) is a set of moves;

\(\lambda _A: M_A\rightarrow \{\,O,P\,\}\times \{\,Q,A\,\}\) is a function indicating to which player (O or P) a move belongs and of what kind it is (question or answer);
 \(\vdash _A\subseteq (M_A+\{\,\star \,\})\times M_A\) is the socalled enabling relation, which must satisfy the following conditions:

If \(\star \) enables a move then it is an Oquestion without any other enabler. A move like this is called initial and we shall write \(I_A\) for the set containing all initial moves of A.

If one move enables another then the former must be a question and the two moves must belong to different players.

Definition 5
A justified sequence is a play iff O and Pmoves alternate and it satisfies bracketing and visibility. We write \(P_A\) for the set of plays in an arena A. A play is singlethreaded if it contains at most one occurrence of an initial move.
The next important definition is that of a strategy. Strategies determine unique responses for P (if any) and do not restrict Omoves.
Definition 6
 (i)
whenever \(s p_1,s p_2\in \sigma \) and \(p_1,p_2\) are Pmoves then \(p_1=p_2\);
 (ii)
whenever \(s\in \sigma \) and \(so\in P_A\) for some Omove o then \(so\in \sigma \).
We write \(\mathsf {comp}\,{(\sigma )}\) for the set of nonempty complete plays in \(\sigma \), i.e. plays in which all questions have been answered.
Theorem 1
[1]. Open image in new window if and only if \(\mathsf {comp}\,{[\![{\varGamma } \vdash {M_1} ]\!]}\subseteq \mathsf {comp}\,{[\![{\varGamma } \vdash {M_2} ]\!]}\).
Remark 1
\(\sigma ^\dagger \) is an interleaving of plays in \(\sigma \) that must itself be a play in \(P_{A\Rightarrow B}\). For instance, only O is able to switch between different copies of \(\sigma \) and this can only happen after P plays in B. We shall discuss two important cases in detail, namely, \(B=[\![\beta ]\!]\) and \(B=[\![\beta _k\rightarrow \cdots \rightarrow \beta _1\rightarrow \beta ]\!]\).

If \(B=[\![\beta ]\!]\) then a new copy of \(\sigma \) can be started only after the previous one is completed. Thus \(\sigma ^\dagger \) in this case consists of iterated copies of \(\sigma \).
 If \(B=[\![\beta _k\rightarrow \cdots \rightarrow \beta _1\rightarrow \beta ]\!]\) then, in addition to the above scenario, a new copy of \(\sigma \) can be started by O each time P plays \(q_i\) (question from \(\beta _i\)). An old copy of \(\sigma \) can be revisited with \(a_i\), which will then answer some unanswered occurrence of \(q_i\). However, due to the bracketing condition, this will be possible only after all questions played after that \(q_i\) have been answered, i.e. when all copies of \(\sigma \) opened after \(q_i\) are completed. Thus, in this particular case, \(\sigma ^\dagger \) contains “stacked” copies of \(\sigma \). Consequently, we can capture \(X=\{\,\epsilon \,\}\cup \mathsf {comp}\,{(\sigma ^\dagger )}\) in this case by equationwhere \(A_j\)’s stand for (possibly empty and possibly different) segments of moves from A. Note that, in a play of \(\sigma \), \(q_i\) will always be followed by \(a_i\).$$\begin{array}{l} X=\{\varepsilon \}\cup \bigcup \{\,q\, A_0\, q_{i_1}\, X\, a_{i_1}\, A_1\dots q_{i_m}\, X\, a_{i_m}\, A_m\, a\, X \,\,\\ \qquad q A_0 q_{i_1} a_{i_1} A_1 \dots q_{i_m} a_{i_m} A_m a\in \mathsf {comp}\,{(\sigma )}\} \end{array} $$
4 Upper Bounds
We shall prove that contextual approximation of \(\mathsf {IA}_{3}^2\) terms can be decided in exponential space. Thanks to Lemma 1, this will imply that approximation of \(\mathsf {IA}_{3}^k\) (\(k\ge 2\)) terms is in \((k1)\)EXPSPACE. In Sect. 5 we will show that these bounds are tight.
This shows that by firing redexes of level higher than 3 we do not lose optimal complexity. However, if redexes of order 2 were also executed (i.e. firstorder procedures were inlined), the problem would be reduced to \(\mathsf {IA}_{3}^1\) and the implied bound would be 2EXPTIME, which turns out suboptimal. In what follows, we show that contextual approximation of \(\mathsf {IA}_{3}^2\) terms is in EXPSPACE. To that end, we shall translate the terms to automata that represent their game semantics. The alphabet of the automata will consist of moves in the corresponding games. Recall that each occurrence of a base type in a type contributes distinct moves. In order to represent their origin faithfully, we introduce a labelling scheme based on subscripts.
First we discuss how to label occurrences of base types in types. Let \(\varTheta \) be a type of order at most 3. Then \(\varTheta \equiv \varTheta _m \rightarrow \cdots \rightarrow \varTheta _1\rightarrow \beta \) and \(\varTheta _i\)’s are of order at most 2. Consequently, for each \(1\le i\le m\), we have \(\varTheta _i\equiv \varTheta _{i,m_i}\rightarrow \cdots \rightarrow \varTheta _{i,1}\rightarrow \beta _i\) and \(\varTheta _{i,j}\)’s are of order at most 1. Thus, we have \(\varTheta _{i,j}\equiv \beta _{i,j,m_{i,j}}\rightarrow \cdots \rightarrow \beta _{i,j,1}\rightarrow \beta _{i,j}\). Note that the above decomposition assigns a sequence of subscripts to each occurrence of a base type in \(\varTheta \). Observe that \(\mathsf {ord}({\varTheta })=3\) if and only if some occurrence of a base type gets subscripted with a triple. Next we are going to employ the subscripts to distinguish base types in \(\mathsf {IA}_{3}\) typing judgments.
Definition 7
A thirdorder typing template\(\varPsi \) is a sequence \(x_1:\theta _1,\cdots , x_n:\theta _n, \theta \), where \(\mathsf {ord}({\theta _i})\le 2\) (\(1\le i\le n\)) and \(\mathsf {ord}({\theta })\le 3\).
To label \(\theta _1,\cdots , \theta _n, \theta \) we will use the same labelling scheme as discussed above but, to distinguish \(\theta _i\)’s from \(\theta \) and from one another, we will additionally use superscripts \(x_i\) for the former. The labelling scheme will also be used to identify moves in the corresponding game. Recall that the game corresponding to a thirdorder typing template will have moves from \(M_{[\![\theta _1 ]\!]}+\cdots +M_{[\![\theta _n ]\!]}+M_{[\![\theta ]\!]}\). The super and subscripts will identify their origin in a unique way.
Example 1
Let \(\varPsi \equiv x_1: (\mathsf {com}\rightarrow \mathsf {exp})\rightarrow \mathsf {var},\, x_2: \mathsf {com}\rightarrow \mathsf {exp}\rightarrow \mathsf {var}, ((\mathsf {com}\rightarrow \mathsf {exp})\rightarrow \mathsf {var})\rightarrow \mathsf {com}\). Here is the labelling scheme for \(\varPsi \): \(x_1: (\mathsf {com}^{x_1}_{1,1}\rightarrow \mathsf {exp}^{x_1}_1)\rightarrow \mathsf {var}^{x_1}\), \(x_2: \mathsf {com}^{x_2}_2\rightarrow \mathsf {exp}^{x_2}_1\rightarrow \mathsf {var}^{x_2}\), \(((\mathsf {com}_{1,1,1}\rightarrow \mathsf {exp}_{1,1})\rightarrow \mathsf {var}_1 )\rightarrow \mathsf {com}\). In the corresponding games, among others, we will thus have moves \( run ^{x_1}_{1,1}\), \( run ^{x_2}_2\), \(q^{x_2}_1\), \( read ^{x_2}\), \( run _{1,1,1}\) as well as \( run \).

whenever a targetmove of the kind discussed above is played, it may or may not be hatted in the representing sequences of moves,

if a targetmove is hatted, all sourcemoves pointing at the target move are also hatted,

if a targetmove is not hatted, no sourcemoves pointing at the move are hatted.
Note that this amounts to representing all pointers for a selection of possible targets, i.e. none, one or more (including all). Because the same \(\widehat{~}\)symbol is used to encode each pointer, in a single sequence there may still be ambiguities as to the real target of a pointer. However, among the representing plays we will also have plays representing pointers only to single targets, which suffice to recover pointerrelated information. This scheme works correctly because only pointers from Pmoves need to be represented and the strategies are deterministic (see the discussion at the end of Sect. 3 in [11]).
Example 2
The classic examples of terms that do need explicit pointers are the Kierstaad terms \({} \vdash {K_1, K_2: ((\mathsf {com}_{1,1,1}\rightarrow \mathsf {com}_{1,1})\rightarrow \mathsf {com}_1)\rightarrow \mathsf {com}}\) defined by Open image in new window . To represent the corresponding strategies the following sequences of moves will be used (among others).

\(K_1\): \(q\, q_1\, q_{1,1}\, q_1\, q_{1,1}\, q_{1,1,1}\) (zero targets), \(q\, q_1\, \widehat{q_{1,1}}\, q_1\, q_{1,1}\, \widehat{q_{1,1,1}}\) (one target), \(q\, q_1\, q_{1,1}\, q_1\, \widehat{q_{1,1}}\,{q_{1,1,1}}\) (one target), \(q\, q_1\, \widehat{q_{1,1}}\, q_1\, \widehat{q_{1,1}}\,\widehat{q_{1,1,1}}\) (two targets).

\(K_2\): \(q\, q_1\, q_{1,1}\, q_1\, q_{1,1} \,q_{1,1,1}\) (zero targets), \(q\, q_1\, \widehat{q_{1,1}}\, q_1\, q_{1,1} \,{q_{1,1,1}}\) (one target), \(q\, q_1\, q_{1,1}\, q_1\, \widehat{q_{1,1}} \,\widehat{q_{1,1,1}}\) (one target), \(q\, q_1\, \widehat{q_{1,1}}\, q_1\, \widehat{q_{1,1}} \,\widehat{q_{1,1,1}}\) (two targets).
To represent strategies corresponding to \(\mathsf {IA}_{3}^2\)terms we are going to define an extension of visibly pushdown automata [4]. The alphabet will be divided push, pop and noopletters corresponding to possibly hatted moves. Additionally, we will use \(\epsilon \)transitions that can modify stack content, albeit using a distinguished stack alphabet.
Definition 8
Let \(\varPsi =x_1:\theta _1,\cdots , x_m:\theta _m,\theta \) be a thirdorder typing template and let \(\mathcal {M}= M_{[\![\theta _1 ]\!]}+\cdots +M_{[\![\theta _n ]\!]}+M_{[\![\theta ]\!]}\). Below we shall refer to the various components of \(\mathcal {M}\) using subscripts and superscripts according to the labelling scheme introduced earlier, also using q and a for questions and answers respectively. We define the sets \(\varSigma _{\mathrm {push}}, \varSigma _{\mathrm {pop}}, \varSigma _{\mathrm {noop}}\) as follows.

\(\varSigma _{\mathrm {push}}=\{q_{i,j,k}, \widehat{q_{i,j,k}} \,\, q_{i,j,k}\in \mathcal {M}\}\cup \{q^{x_h}_{i,j}, \widehat{q^{x_h}_{i,j}}\,\, q^{x_h}_{i,j}\in \mathcal {M}\}\)

\(\varSigma _{\mathrm {pop}}=\{a_{i,j,k} \,\, a_{i,j,k}\in \mathcal {M}\}\cup \{a^{x_h}_{i,j}\,\, a^{x_h}_{i,j}\in \mathcal {M}\}\)

\(\varSigma _{\mathrm {noop}}= (\mathcal {M}\setminus (\varSigma _{\mathrm {push}}\cup \varSigma _{\mathrm {pop}}) )\cup \{\widehat{q_{i,j}}\,\, q_{i,j,k}\in \mathcal {M}\}\cup \{\widehat{q^{x_h}_{i}} \,\, q^{x_h}_{i,j}\in \mathcal {M}\}\)
\(\varSigma _{\mathrm {push}}\) and \(\varSigma _{\mathrm {pop}}\) contain exclusively P and Omoves respectively, while we can find both kinds of moves in \(\varSigma _{\mathrm {noop}}\). Let us write \(\varSigma _{\mathrm {noop}}^O, \varSigma _{\mathrm {noop}}^P\) for subsets of \(\varSigma _{\mathrm {noop}}\) consisting of O and Pmoves respectively. The states of our automata will be partitioned into states at which O is to move (Ostates) and whose at which P should reply (Pstates). Pushmoves and \(\epsilon \)transitions are only available at Pstates, while poptransitions belong to Ostates. Noop transitions may be available from any kind of state. Further, to reflect determinacy of strategies, Pstates allow for at most one executable outgoing transition, which may be labelled with an element of \(\varSigma ^P\) (push or noop) or be silent (noop, push or pop).
Definition 9

\(Q = Q^O + Q^P\) is a finite set of states partitioned into Ostates and Pstates,

\(\varSigma = \varSigma ^O + \varSigma ^P\) is the finite transition alphabet obtained from \(\varPsi \) as above, partitioned into O and Pletters, where \(\varSigma ^O = \varSigma _{\mathrm {pop}} + \varSigma ^O_{\mathrm {noop}}\) and \(\varSigma ^P = \varSigma _{\mathrm {push}} + \varSigma ^P_{\mathrm {noop}}\),

\(\varUpsilon = \varUpsilon ^\varSigma + \varUpsilon ^\epsilon \) is a finite stack alphabet partitioned into \(\varSigma \)symbols and \(\epsilon \)symbols,

\(\delta = \delta ^O_{\mathrm {pop}} + \delta ^O_{\mathrm {noop}} + \delta ^P\) is a transition function consisting of \(\delta ^O_{\mathrm {pop}} : Q^O \times \varSigma _{\mathrm {pop}} \times \varUpsilon _\varSigma \rightharpoonup Q^P\), \(\delta ^O_{\mathrm {noop}} : Q^O \times \varSigma ^O_{\mathrm {noop}} \rightharpoonup Q^P\) and \( \delta ^P : Q^P\rightharpoonup (\varSigma _{\mathrm {push}} \times Q^O\times \varUpsilon _\varSigma )+ (\varSigma ^P_{\mathrm {noop}}\times Q^O)+ Q^P + (Q^P\times \varUpsilon _\epsilon ) + (\varUpsilon _\epsilon \rightharpoonup Q^P)\),

\(i \in Q^O\) is an initial state, and

\(F \subseteq Q^O\) is a set of final states.
\(\varPsi \)automata are to be started in the initial state with empty stack. They will accept by final state, but whenever this happens the stack will be empty anyway. Clearly, they are deterministic. The set of words derived from runs will be referred to as the traceset of \(\mathcal {A}\), written \(\mathcal {T}(\mathcal {A})\). We write \(\mathcal {L}{(\mathcal {A})}\) for the subset of \(\mathcal {T}(\mathcal {A})\) consisting of accepted words only. The \(\varPsi \)automata to be constructed will satisfy an additional runtime property called Pliveness: whenever the automaton reaches a configuration \((q,\gamma )\in Q^P\times \varUpsilon \) from \((i,\epsilon )\), \(\delta ^P\) will provide a unique executable transition.
Remark 2
Lemma 2
Let \({x_1:\theta _1,\cdots , x_m:\theta _m} \vdash {M:\theta }\) be an \(\mathsf {IA}_{3}^2\)term and let \(\sigma =[\![x_1:\theta _1,\cdots , x_m:\theta _m\vdash M:\theta ]\!]\). There exists a Plive \((x_1:\theta _1,\cdots , x_m:\theta _m,\theta )\)automaton \(\mathcal {A}_M\), constructible from M in exponential time, such that Open image in new window and \(\mathcal {L}{(\mathcal {A}_M)}\) represent respectively \(\sigma \) and \(\mathsf {comp}\,{(\sigma )}\) (in the sense of our representation scheme).
Proof
Translation by structural induction in \(\mathsf {IA}_{3}^2\). The base cases corresponding to the special constants can be resolved by constructing finite automata, following the description of the plays in Fig. 3. For free identifiers, automata of a similar kind have already been constructed as part of the translation of normal forms in [11]. We revisit them below to show which moves must be marked to represent pointers.
 \(\mathcal {A}_M\)’s noninteracting transitions are copied over to \(\mathcal {A}_{M N}\).$$ \frac{s\xrightarrow {\widetilde{x}}_{\mathcal {A}_M} s'}{s\xrightarrow {\widetilde{x}}_{\mathcal {A}_{MN}} s'} \quad x\in (\varSigma _M\setminus \{q_k,a_k,q_{k,i},a_{k,i}\})+\{\epsilon \} $$
 M calls N (left) and N returns from the call (right).$$ \frac{s\xrightarrow {q_k}_{\mathcal {A}_M} s'\qquad i_N\xrightarrow {q}_{\mathcal {A}_N} t}{s\xrightarrow {\epsilon }_{\mathcal {A}_{MN}} (s',t)} \qquad \frac{s'\xrightarrow {a_k}_{\mathcal {A}_M} s''\qquad t\xrightarrow {a}_{\mathcal {A}_N} f\in F_N}{(s',t)\xrightarrow {\epsilon }_{\mathcal {A}_{MN}} s''} $$
 N’s noninteracting transitions are copied over while keeping track of \(\mathcal {A}_M\)’s state.$$ \frac{t\xrightarrow {\widetilde{x}}_{\mathcal {A}_N} t'}{(s,t)\xrightarrow {\widetilde{x}}_{\mathcal {A}_{MN}} (s,t')} \qquad s\in Q_M^O,\,\, x\in (\varSigma _N\setminus \{q_0,a_0,q_1,a_1\})\cup \{\epsilon \} $$
 N calls its argument (left) and the argument returns (right).$$ \frac{s\xrightarrow {q_{k,i}}_{\mathcal {A}_M} s'\qquad t\xrightarrow {q_i}_{\mathcal {A}_N} t'}{(s,t)\xrightarrow {\epsilon /t'}_{\mathcal {A}_{M N}} s'} \qquad \frac{s'\xrightarrow {a_{k,i}}_{\mathcal {A}_M} s''\qquad t'\xrightarrow {a_i}_{\mathcal {A}_N} t''}{s'\xrightarrow {\epsilon ,t'}_{\mathcal {A}_{M N}} (s'',t'')} $$
Note that the interaction involves moves that are not used to represent pointers, i.e. whenever pointers are represented they remain the same as they were in the original strategies, which is consistent with the definition of composition. The states in \(Q_{MN}\) are divided into O and Pstates as follows: \(Q_{MN}^O = Q_M^O + (Q_M^O\times Q_N^O)\) and \(Q_{MN}^P = Q_M^P + (Q_M^O\times Q_N^P)\). The correctness of the construction follows from the fact that it is a faithful implementation of legal interactions (see, e.g., [7]), as discussed in Remark 1. Pliveness follows from the fact the constituent strategies are Plive and that the construction simulates interaction sequences, including infinite chattering. \(\square \)
Our next step will be to analyse the shape of reachable configurations of \(\mathcal {A}_M\). We aim to understand how many elements of \(\varUpsilon _\epsilon \) can occur consecutively on the stack.
Definition 10
Suppose \((q,\gamma )\in Q\times (\varUpsilon _\varSigma \cup \varUpsilon _\epsilon )^*\). The \(\epsilon \)density of \(\gamma \) is defined to be the length of the longest segment in \(\gamma \) consisting solely of consecutive elements from \(\varUpsilon _\epsilon \).
Question  q  \(q_i, q^x\)  \(q_{i,j}, q^x_i\)  \(q_{i,j,k}, q^x_{i,j}\) 
Kind  0  1  2  3 
Definition 11
Let s be a play. We define \(\mathsf {pend}(s)\) to be the sequence from \(\{0,1,2,3\}^*\) obtained from s by restricting it to pending questions and replacing each question with the number corresponding to its kind.
Thus, any nonempty evenlength play s, \(\mathsf {pend}(s)\) will match the expression \(0 (1 2 + 3 2 )^*(1+3)\). We say that the (12)potential of s is equal to k if k is the largest k such that \(\mathsf {pend}(s) = \cdots (1 2)^k\cdots \). In other words, the (12)potential of a play is the length of the longest segment \((12)^k\) in \(\mathsf {pend}(s)\).
Lemma 3
Let \({\varGamma } \vdash {M:\theta }\) be an \(\mathsf {IA}_{3}^2\)term. Then the (12)potential of any play in \([\![{\varGamma } \vdash {M} ]\!]\) is bounded and the bound \(b_M\) is exponential in the size of M.
Lemma 3 is a key technical result needed to establish the following boundedness property that is satisfied by automata representing \(\mathsf {IA}_{3}^2\)terms.
Lemma 4
Let \({\varGamma } \vdash {M:\theta }\) be an \(\mathsf {IA}_{3}^2\)term and consider \(\mathcal {A}_M\) constructed in Lemma 2. There exists a bound \(d_M\), exponential in the size of M, such that the \(\epsilon \)density of configurations reachable by \(\mathcal {A}_M\) is bounded by \(d_M\).
Next we derive a bound on plays witnessing failure of contextual approximation in \(\mathsf {IA}_{3}^2\). Consider \(\mathsf {IA}_{3}^2\)terms \({\varGamma } \vdash {M_1,M_2:\theta }\) and let \(\sigma _i = [\![{\varGamma } \vdash {M_i:\theta } ]\!]\) for \(i=1,2\). Given a play, let its height be the maximum number of pending questions from \(\varSigma _{\mathrm {push}}\) occurring in any of its prefixes. Note that, for plays from \(\sigma _i\), this will be exactly the maximum number of symbols from \(\varUpsilon _\varSigma \) that will appear on the stack of \(\mathcal {A}_{M_i}\) at any point of its computation.
Lemma 5
There exists a polynomial p such that if \(\mathsf {comp}\,{\sigma _1}\setminus \mathsf {comp}\,{\sigma _2}\) is not empty then it contains a play of height \(p(n_1+ n_2)\), where \(n_1, n_2\) are the numbers of states in \(\mathcal {A}_{M_1}\) and \(\mathcal {A}_{M_2}\) respectively.
Theorem 2
For \(\mathsf {IA}_{3}^2\)terms \({\varGamma } \vdash {M_1,M_2:\theta }\), one can decide Open image in new window in exponential space.
Proof
Note that this boils down to testing emptiness of \(\mathsf {comp}\,{\sigma _1}\setminus \mathsf {comp}\,{\sigma _2}\). By Lemma 5, it suffices to guess a play whose height is polynomial in the size of \(\mathcal {A}_{M_1}\), \(\mathcal {A}_{M_2}\), i.e. exponential with respect to term size. Moreover, by Lemma 4, the \(\epsilon \)density of the corresponding configurations of \(\mathcal {A}_{M_1}\) and \(\mathcal {A}_{M_2}\) will also be exponential. Thus, in order to check whether a candidate s is accepted by \(\mathcal {A}_{M_1}\) and rejected by \(\mathcal {A}_{M_2}\), we will only need to consider stacks of exponential size wrt \(M_1, M_2\). Consequently, the guess can be performed on the fly and verified in exponential space. Because NEXPSPACE=EXPSPACE, the result follows.
Corollary 1
For \(k\ge 2\), contextual approximation of \(\mathsf {IA}_{3}^k\)terms is in \((k1)\)EXPSPACE.
5 Lower Bounds
Here we show that contextual approximation of \(\mathsf {IA}_{1}^k\)terms is \((k1)\)EXPSPACEhard for \(k\ge 2\). Note that this matches the upper bound shown for \(\mathsf {IA}_{3}^k\)terms and will allow us to conclude that contextual approximation in \(\mathsf {IA}_{1}^k, \mathsf {IA}_{2}^k\) and \(\mathsf {IA}_{3}^k\) is \((k1)\)EXPSPACEcomplete. Our hardness results will rely on nesting of function calls and iteration afforded by higherorder types. Below we introduce the special types and terms to be used.
Let \(k,n\in \mathbb {N}\). Define the type \(\overline{n}\) by \(\overline{0}=\mathsf {com}\) and \(\overline{n+1}=\overline{n}\rightarrow \overline{n}\). Note that \(\mathsf {ord}({\overline{n}})=n\). Also, let \(\mathsf {Exp}(k,n)\) be defined by \(\mathsf {Exp}(0,n)=n\) and Open image in new window . Given \(k\ge 2\), consider the term \(\mathsf {twice}_{k}=\lambda x^{\overline{k1}}.\lambda y^{\overline{k2}}. x(x y) : \overline{k}\).
Definition 12
Let \(k\ge 2\). Writing \(M^n N\) as shorthand for \(\underbrace{M(M\cdots (M}_n N)\cdots )\), let us define a family of terms \(\{\mathsf {nest}_{n,k}\}\) with \({f:\overline{1},x:\overline{0}} \vdash {\mathsf {nest}_{n,k}:\overline{0}}\) by taking \(\mathsf {nest}_{n,k}\equiv (\mathsf {twice}_{k}^n\, g_{k1}) g_{k2}\cdots g_1 g_0\), where \(g_0\equiv x\), \(g_1\equiv f\) and \(g_i\equiv \mathsf {twice}_{i}\) for \(i>1\).
The terms have several desirable properties, summarised below.
Lemma 6
Let \(k\ge 2\). \(\mathsf {nest}_{n,k}\) belongs to \(\mathsf {IA}_{2}^k\), has polynomial size in n and is \(\beta \)reducible to \(f^{\mathsf {Exp}(k1,n)} x\).
Note that the nested applications of f in \(f^{\mathsf {Exp}(k1,n)} x\) are akin to generating a stack of height \(\mathsf {Exp}(k1,n)\). We shall exploit this in our encodings. Note that, by substituting \(\lambda c^\mathsf {com}.c;c\) for f in \(f^{\mathsf {Exp}(k1,n)} x\), we obtain a term that iteratesx as many as \(\mathsf {Exp}(k,n)\) times, i.e. \(\mathsf {Exp}(k1,n)\)fold nesting is used to simulate \(\mathsf {Exp}(k,n)\)fold iteration.
Simulating Turing Machines. Let w be an input word. Let \(n=w\), \(l=\mathsf {Exp}(k1,n)\) and \(N=\mathsf {Exp}(k,n)\). We shall consider a deterministic Turing machine T running in \( SPACE (l)\) and \( TIME (N)\) and simulate T’s behaviour on w. This suffices to establish \( SPACE (l)\)hardness.
We start off with the description of an encoding scheme for configurations of T. We shall represent them as strings of length l over an alphabet \(\varSigma _T\), to be specified later. We shall write \(\mathsf {Config}_T\) for the subset of \((\varSigma _T)^l\) corresponding to configurations. The encoding of the initial configuration will be denoted by \(c_{ init }\) and we shall write \(\mathsf {Accept}_T\) for the set of representations of accepting configurations. Given \(c\in \mathsf {Config}_T\), we write Open image in new window for the representation of the successor of c according to T’s transition function. Let us introduce a number of auxiliary languages that will play an important role in the simulation. We write \(c^R\) for the reverse of c.
Definition 13
Lemma 7
There exists a representation scheme for configurations of T such that \(\varSigma _T\) is polynomial in the size of T, w and the following properties hold.
 1.
There exist deterministic finitestate automata \(\mathcal {A}_0, \mathcal {A}_1\), constructible from T, w in polynomial time, such that \(L(\mathcal {A}_0)\cap (\varSigma _T)^l = \mathcal {L}_0\) and \(L(\mathcal {A}_1)\cap (\varSigma _T)^l = \mathcal {L}_1\).
 2.
For any \(i=2,3,4\), there exists a deterministic pushdown automaton \(\mathcal {A}_i\), constructible from T, w in polynomial time, such that \(L(\mathcal {A}_i)\cap ((\varSigma _T)^l \# (\varSigma _T)^l) = \mathcal {L}_i\). Moreover, transitions of the automata are given by three transition functions \(\delta _{\mathrm {push}}:Q^{\mathrm {push}}\times \varSigma _T \rightarrow Q^{\mathrm {push}}\times \varUpsilon \), \(\delta _{\mathrm {noop}}: Q^{\mathrm {push}}\times \{\#\}\rightarrow Q^{\mathrm {pop}}\) and \(\delta _{\mathrm {pop}}:Q^{\mathrm {pop}} \times \varSigma _T\times \varUpsilon \rightarrow Q^{\mathrm {pop}}\), the initial state belongs to \(Q^{\mathrm {push}}\) and the automaton accepts by final state. I.e., the automata will process elements of \((\varSigma _T)^l \# (\varSigma _T)^l\) by performing pushmoves first, then a noop move for \(\#\) and, finally, popmoves.
Remark 3
Note that in the above lemma we had to use intersection with \((\varSigma _T)^l\) (resp. \((\varSigma _T)^l \# (\varSigma _T)^l\)) to state the correctness conditions with respect to \(\mathsf {Config}_T\), because the automata will not be able to count up to l. However, in our argument, we are going to use the nesting power of \(\mathsf {IA}_{1}^k\) to run their transition functions for suitably many steps (l and \(2l+1\) respectively).
The significance of the languages \(\mathcal {L}_0,\mathcal {L}_1,\mathcal {L}_2, \mathcal {L}_3, \mathcal {L}_4\) stems from the fact that they are building blocks of two other languages, \(\mathcal {L}_5\) and \(\mathcal {L}_6\), which are closely related to the acceptance of w by T.
Lemma 8
Consider the languages \(\mathcal {L}_5, \mathcal {L}_6\subseteq (\varSigma _T^\#)^*\) defined by Open image in new window and Open image in new window . Then T accepts w if and only if \(\mathcal {L}_5\not \subseteq \mathcal {L}_6\).
Proof
Note that if T accepts w then the sequence of (representations of the) configurations belonging to the accepting run, in which every other representation is reversed, gives rise to a word that belongs to \(\mathcal {L}_5\) but not to \(\mathcal {L}_6\).
Conversely, if a word \(c_{ init }\,\#\,c_1^R\,\#\, d_1\,\#\cdots \, c^R_N \,\#\,d_N \,\#\,f^R\in \mathcal {L}_5\) does not belong to \(\mathcal {L}_6\) then Open image in new window , Open image in new window (\(i=1,\cdots ,N1\)) and Open image in new window . Thus, the word actually represents an accepting run on w. \(\square \)
Our hardness argument consists in translating the above lemma inside \(\mathsf {IA}_{1}^k\). To that end, we shall show how to capture \(\mathcal {L}_2, \mathcal {L}_3, \mathcal {L}_4\) and, ultimately, \(\mathcal {L}_5\) and \(\mathcal {L}_6\), using \(\mathsf {IA}_{1}^k\) terms. We shall work under the assumption that \(\varSigma _T^\#=\{0,\cdots , max \}\). Note, though, that the results can be adapted to any \( max >0\) by encoding \(\varSigma _T^\#\) as sequences of \(\mathsf {exp}\)values. Similarly, using multiple \(\mathsf {exp}\)valued variables, \(\mathsf {IA}\)terms can store values that are bigger than \( max \). We shall take advantage of such storage implicitly (e.g. for state values or stack elements), but the number of extra variables needed for this purpose will remain polynomial.
Definition 14
We shall say that an \(\mathsf {IA}\)term \({z:\mathsf {exp}} \vdash {M:\mathsf {com}}\) captures \(L\subseteq (\varSigma _T^\#)^*\) if \(\mathsf {comp}\,{([\![{z} \vdash {M} ]\!])} = \{ run \, q^z\, (a_1)^z\, q^z \, (a_2)^z \,\cdots \, q^z\, (a_k)^z\, done \,\,\,\, a_1 a_2 \cdots a_k\in L\}\).
Example 3
The term \({z:\mathsf {exp}} \vdash {M_{\#}:\mathsf {com}}\), where \(M_{\#}\equiv \text { if } z=\# \text { then } \mathbf {skip} \text { else } \varOmega \), captures \(\{\#\}\). In our constructions we often write \([\mathsf {condition}]\) to stand in for the assertion \(\text { if } (\mathsf {condition}) \text { then } \mathbf {skip} \text { else } \varOmega \).
Lemma 9
There exist \(\mathsf {IA}_{1}^k\)terms \({z:\mathsf {exp}} \vdash {M_0, M_1:\mathsf {com}}\), constructible from T, w in polynomial time, capturing \(\mathcal {L}_0, \mathcal {L}_1\) respectively.
Lemma 10
There exists an \(\mathsf {IA}_{1}^k\)term \({z:\mathsf {exp}} \vdash {M_2:\mathsf {com}}\), constructible from T, w in polynomial time, which captures \(\mathcal {L}_2\).
Thanks to the last two lemmas we are now ready to capture \(\mathcal {L}_5\).
Lemma 11
There exists an \(\mathsf {IA}_{1}^k\)term \({z:\mathsf {exp}} \vdash {M_5:\mathsf {com}}\), constructible in polynomial time from T, w, which captures \(\mathcal {L}_5\).
Proof
To complete the hardness argument (by restating Lemma 8 using \(\mathsf {IA}_{1}^k\) terms), we also need to capture \(\mathcal {L}_6\). Because of the existential clause in its definition we need to use a slightly different capture scheme.
Lemma 12
There exists an \(\mathsf {IA}_{1}^k\)term \({z:\mathsf {exp}, FLAG :\mathsf {var}} \vdash {M_6':\mathsf {com}}\), constructible in polynomial time from T, w, such that Open image in new window Open image in new window .
Lemma 13
There exists an \(\mathsf {IA}_{1}^k\)term \({z:\mathsf {exp}} \vdash {M_6:\mathsf {com}}\), constructible in polynomial time from T, w, which captures \(\mathcal {L}_6\).
Proof
Theorem 3
Contextual approximation between \(\mathsf {IA}_{1}^k\) terms is \((k1)\)EXPSPACEhard.
Proof
By Lemmas 8, 11 and 13, for any Turing machine T running in \( SPACE (\mathsf {Exp}(k1,n))\) and \( TIME (\mathsf {Exp}(k,n))\) and an input word w, there exist \(\mathsf {IA}_{1}^k\)terms \({x:\mathsf {exp}} \vdash {M_5,M_6}\), constructible from T, w in polynomial time, such that T accepts w if and only if \(M_5\) does not approximate \(M_6\). This implies \((k1)\)EXPSPACEhardness. \(\square \)
6 Conclusion
We have shown that contextual approximation in \(\mathsf {IA}_{1}^k, \mathsf {IA}_{2}^k, \mathsf {IA}_{3}^k\) is \((k1)\)EXPSPACEcomplete. The algorithm that leads to these optimal bounds reduces terms to \(\mathsf {IA}_{3}^2\) (with possibly \((k2)\)fold exponential blowup) and we use a dedicated EXPSPACE procedure for \(\mathsf {IA}_{3}^2\) exploiting game semantics and decision procedures for a special kind of pushdown automata. In particular, the results show that untamed \(\beta \)reduction would yield suboptimal bounds, but selective \(\beta \)reduction of redexes up to level 3 does not jeopardise complexity. The bounds above apply to open higherorder terms, i.e. \(\mathsf {IA}_{i}\) (\(i>0\)) terms, for which the problem of contextual approximation is difficult to attack due to universal quantification over contexts.
Our work also implies bounds for contextual approximation of \(\mathsf {IA}_{0}^k\) terms, i.e. closed terms of base type. Conceptually, this case is much easier, because it boils down to testing termination. In this case our techniques can be employed to obtain better upper bounds for \(\mathsf {IA}_{0}^k\) than those for \(\mathsf {IA}_{1}^k\) (\((k1)\)EXPSPACE). For a start, like for \(\mathsf {IA}_{1}^k\), we can reduce \(\mathsf {IA}_{0}^k\) terms (at \((k2)\)fold exponential cost) to \(\mathsf {IA}_{0}^2\). Then termination in \(\mathsf {IA}_{0}^2\) can be checked in exponential time by constructing pushdown automata via Lemma 2 and testing them for emptiness (rather than inclusion). Since emptiness testing of pushdown automata can be performed in polynomial time and the automata construction in Lemma 2 costs a single exponential, this yields an EXPTIME upper bound for termination in \(\mathsf {IA}_{0}^2\). Consequently, termination in \(\mathsf {IA}_{0}^k\) (\(k\ge 2\)) can be placed in \((k1)\)EXPTIME, though it is not clear to us whether this bound is optimal. For completeness, let us just mention that termination in \(\mathsf {IA}_{0}^0\) and \(\mathsf {IA}_{0}^1\) is PSPACEcomplete due to presence of variables and looping (membership follows from the corresponding upper bounds for contextual equivalence).
Another avenue for future work is \(\mathsf {IA}_{1}^k, \mathsf {IA}_{2}^k, \mathsf {IA}_{3}^k\) contextual equivalence. Of course, our upper bounds for approximation also apply to contextual equivalence, which amounts to two approximation checks. However, one might expect better bounds in this case given that our hardness argument leans heavily on testing inclusion.
Finally, one should investigate how our results can be adapted to the callbyvalue setting. An educated guess would be that, in the analogous fragment of ML, the reduction of redexes up to order 3 (rather than 2) should be suppressed in order to obtain accurate complexity estimates.
References
 1.Abramsky, S., McCusker, G.: Linearity, sharing, state: a fully abstract game semantics for Idealized Algol with active expressions. In: O’Hearn, P.W., Tennent, R.D. (eds.) AlgolLike Languages, pp. 297–329. Birkhaüser, Boston (1997)CrossRefGoogle Scholar
 2.Abramsky, S., McCusker, G.: Game semantics. In: Schwichtenberg, H., Berger, U. (eds.) Logic and Computation, Proceedings of the 1997 Marktoberdorf Summer School. SpringerVerlag (1998)Google Scholar
 3.Ahmed, A., Dreyer, D., Rossberg, A.: Statedependent representation independence.In: Proceedings of POPL, pp. 340–353. ACM (2009)Google Scholar
 4.Alur, R., Madhusudan, P.: Visibly pushdown languages. In: Proceedings of STOC 2004, pp. 202–211 (2004)Google Scholar
 5.Colvin, R., Hayes, I.J., Strooper, P.A.: Calculating modules in contextual logic program refinement. Theory Pract. Logic Program. 8(01), 1–31 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
 6.Ghica, D.R., McCusker, G.: Reasoning about idealized ALGOL using regular languages. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, p. 103. Springer, Heidelberg (2000)CrossRefGoogle Scholar
 7.Harmer, R.: Games and full abstraction for nondeterministic languages. Ph.D. thesis, University of London (2000)Google Scholar
 8.Hopkins, D., Murawski, A.S., Ong, C.H.L.: A fragment of ML decidable by visibly pushdown automata. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 149–161. Springer, Heidelberg (2011)CrossRefGoogle Scholar
 9.Murawski, A.S.: On program equivalence in languages with groundtype references. In: Proceedings of IEEE Symposium on Logic in Computer Science, pp. 108–117. Computer Society Press (2003)Google Scholar
 10.Murawski, A.S.: Games for complexity of secondorder callbyname programs. Theor. Comput. Sci. 343(1/2), 207–236 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
 11.Murawski, A.S., Walukiewicz, I.: Thirdorder idealized algol with iteration is decidable. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 202–218. Springer, Heidelberg (2005)CrossRefGoogle Scholar
 12.Pitts, A.M.: Operational semantics and program equivalence. In: Barthe, G., Dybjer, P., Pinto, L., Saraiva, J. (eds.) APPSEM 2000. LNCS, vol. 2395, pp. 378–412. Springer, Heidelberg (2002)CrossRefGoogle Scholar
 13.Reynolds, J.C.: The essence of Algol. In: de Bakker, J.W., van Vliet, J.C. (eds.) Algorithmic Languages, pp. 345–372. North Holland, Amsterdam (1978)Google Scholar
 14.Turon, A., Dreyer, D., Birkedal, L.: Unifying refinement and hoarestyle reasoning in a logic for higherorder concurrency. In: Proceedings of ICFP 2013, pp. 377–390 (2013)Google Scholar