Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

www.elsevier.com/locate/entcs

Normalization by Evaluation
for Martin-Löf Type Theory
with One Universe

Andreas Abel1 ,2
Institut für Informatik, Ludwig-Maximilians-Universität
Oettingenstr. 67, D-80538 München

Klaus Aehlig3 ,4
Department of Computer Science, University of Wales Swansea
Singleton Park, Swansea SA2 8PP

Peter Dybjer5 ,6
Department of Computer Science, Chalmers University of Technology
Rännvägen 6, S-41296 Göteborg

Abstract
We present an algorithm for computing normal terms and types in Martin-Löf type theory with one universe
and eta-conversion. We prove that two terms or types are equal in the theory iff the normal forms are
identical (as de Bruijn terms). It thus follows that our algorithm can be used for deciding equality in
Martin-Löf type theory. The algorithm uses the technique of normalization by evaluation; normal forms
are computed by first evaluating terms and types in a suitable model. The normal forms are then extracted
from the semantic elements. We prove its completeness by a PER model and its soundness by a Kripke
logical relation.

Keywords: Dependent Types, Domain Semantics, Normalization by Evaluation, Type Theory, Universe

1 Partially supported by the EU coordination action TYPES (510996).

2 Email: [email protected]
3 Partially supported by grant EP/D03809X/1 of the British Engineering and Physical Sciences Research
Council (EPSRC). Currently visiting University of Toronto, supported by grant Ae 102/1-1 of the Deutsche
Forschungsgemeinschaft (DFG).
4 Email: [email protected]
5 Partially supported by project TLCA, Vetenskapsrådet.
6 Email: [email protected]

1571-0661 © 2007 Elsevier B.V. Open access under CC BY-NC-ND license.

doi:10.1016/j.entcs.2007.02.025
18 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

1 Introduction
Normalization by Evaluation (NbE) is a method for computing normal forms of λ-
terms by first interpreting them in some semantic realm and then reifying them, i. e.,
bringing them “down” to the syntactic level, arriving at a normal form. We exploit
this method for Martin-Löf type theory with one universe [19], a theory where types
can depend on values. Such dependent types are not only restrictions of larger non-
dependent types (as the types of the logical framework or refinement types). In
Martin-Löf type theory with a universe a type can be defined by recursion on a
value of some other type. (This is sometimes called definition by large elimination.)
Such dependencies cannot be erased, so that values with such dependent types
cannot always be assigned simple types.
Large eliminations have repercussions on the design of a NbE algorithm. Firstly,
types need to be normalized as well as terms. Furthermore, in Martin-Löf type
theory well-typed terms denote “total” elements, such as total natural numbers,
total functions between natural numbers, etc. It is thus tempting to consider a
semantics of total elements for the interpretation of terms in NbE, as in the simply-
typed case. This, however, leads to great complications in the case of dependent
types, where typing derivations depend on proofs of equality, a scenario one could
call the “dependent types nightmare”. Instead we were able to prove the correctness
of our NbE algorithm by choosing a different approach: inspired by untyped NbE
[4,13] we evaluate terms in a reflexive domain and ignore their types. We then
define a PER model, to pick out (equal) total elements of this domain and show
that well-typed term denote such total elements and βη-convertible terms denote
equal total elements. The model construction is surprisingly painless, since it is
sufficient to recover raw terms from the domain and not typing derivations (Church
terms, resp.), i. e., we are not interested in whether the reified term is well-typed.
Our algorithm returns η-long forms, which can only be correctly produced when
the type of a term is normalized before the term. We use normal types to reflect
variables into the semantics and to reify semantic objects to η-long forms. During
reflection we η-expand variables semantically, and we maintain the invariant that
variables are always fully applied in the semantics.

Contributions.
We present a normalization algorithm for Martin-Löf type theory with one uni-
verse [19] and η-conversion. We prove that this algorithm returns unique representa-
tives from each convertibility class and hence can be used for deciding convertibility
of terms and of types. This is a new result; the decidability property for the theory
with β-conversion but without η follows from a standard reduction-based normal-
ization proof by Martin-Löf [19] (see also C. Coquand [8]).
A side-effect of our paper is that we provide the first account of NbE for the
typed lambda calculus with βη-conversion and inductive datatypes such as natural
numbers, where correctness is proved directly without relying on normalizability of
the reduction relation.
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 19

As pointed out to us by Thierry Coquand, our result is important for proof

assistants based on Martin-Löf type theory such as the Agda system [7]. The
reason is that the core of Agda is a version of Martin-Löf’s logical framework which
has η-conversion both on the level of types and on the level of the universe of sets.
Our result provides the key step in the proof of decidability of type-checking of this
theory including a set of natural numbers. It appears unproblematic to extend our
proof to other sets (data types) given by (generalized) inductive definitions such as
Brouwer ordinals and well-orderings used in applications of Martin-Löf type theory.

Related work.
Normalization by evaluation for Martin-Löf type theory has to our knowledge
only been considered once before in the literature, namely in the first published
paper on Martin-Löf type theory [15]. However, this version of the theory had a
weak notion of conversion (no conversion under λ) and was later abandoned.
Recently, Martin-Löf has in unpublished work adapted this normalization algo-
rithm to the present version of type theory [20]. The theory considered by Martin-
Löf [20] differs from ours since it has only η-conversion on the level of types and
not on the level of sets. [18,21]. (Note that the type of ”sets” in this theory plays
the rule of the universe in [19]. The reason for this change in terminology is that
conceptually, the logical framework in this theory is intended as a metalogic for
formalizing the rules of Martin-Löf type theory.) Another important difference is
that we use an approach to NbE which relies on evaluation of untyped terms in a
semantic domain with partial values. Martin-Löf’s instead uses an informal typed
intuitionistic metalanguage (see for example the discussion in [14]) which is pre-
sumably some strong version of Martin-Löf type theory with inductive-recursive
definitions. The third author has in vain tried to formalize a strongly typed version
of NbE for Martin-Löf type theory in a proof assistant for Martin-Löf type theory.
However, Danielsson [9] has recently made progress in this direction.
Berger, Eberl, and Schwichtenberg [6] describe how to construct an NbE algo-
rithm from a set of computation rules formulated as a term rewriting system (TRS),
thus, also covering primitive recursion for natural numbers. However, they assume
the TRS to be terminating and consider only simple types.
Filinski [12] has earlier used domain-theoretic models for NbE. In particular
Filinski and Rohde [13] gave a domain-theoretic treatment of untyped NbE.

2 Syntax and Inference Rules

We first present the syntax and inference rules of Martin-Löf type theory with one
universe. As already mentioned, an essential point is that we extend the theory as
presented by Martin-Löf [19] by the rule of η-conversion. In this paper we show only
the rules for dependent function types (“cartesian product of a family of types”),
the type of natural numbers, and the type of small types, but we believe that
our method can be extended to all type formers considered by Martin-Löf [19],
that is, also for dependent product types (“disjoint union of a family of types”),
20 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

binary disjoint unions, and finite types. It also appears unproblematic to include
generalized inductive definitions such as the type of Brouwer ordinals [17] and the
well-orderings [16].
As in Martin-Löf [19], we consider a formulation where conversion is a relation
between raw terms; we do not have equality judgements as in the later versions of
Martin-Löf type theory. Also like in Martin-Löf [19], our universe is formulated a
la Russell, where small types are types. (When universes are formulated a la Tarski
as in Aczel [3] and Martin-Löf [17], elements of universes are codes for small types
and each such code a denotes a small type T a. We have also written the algorithm
for the system a la Tarski, but the a la Russell version is shorter.)
We use de Bruijn’s nameless representation of lambda terms, whereas Martin-
Löf used ordinary named variables. Small types are called “sets” to conform with
the current usage in Agda. So the first universe which was called U by Martin-Löf
is now called Set.

Raw terms.
We begin by defining the set Tm of raw de Bruijn terms of the theory, see Fig. 1.
Since universes are formulated a la Russell, type expressions are just special kinds
of raw terms. We use the letters r, s, t, z, A, B, C as metavariables for raw terms,
where A, B, C are used when we expect that the raw terms are type expressions.
Syntactic equality of terms is denoted by t ≡ t . Binders are λ and Π; λt binds
index 0 in t and Π A B binds index 0 in B. Based on this binding convention we
define the set of free de Bruijn indices FV(t) for a term t in the obvious way; in
particular we have the following clauses.

i ∈ FV(vj ) ⇐⇒ i=j
i ∈ FV(λt) ⇐⇒ i + 1 ∈ FV(t)
i ∈ FV(Π A B) ⇐⇒ i ∈ FV(A) or i + 1 ∈ FV(B)
i ∈ FV(Rec A z s t) ⇐⇒ i ∈ FV(A) ∪ FV(z) ∪ FV(s) ∪ FV(t)

We denote the operation of lifting the free de Bruijn indices in a term t by

k ∈ N steps by ⇑k , where ⇑k = ⇑k0 , for an auxiliary operation ⇑kn t with n ∈ N that
is defined by induction on t and lifts the free variables from index n onwards by k;
in particular

vi if i < n
⇑n vi
k =
vi+k otherwise
⇑kn λt = λ(⇑kn+1 t)
⇑kn (Π A B) = Π(⇑kn A) (⇑kn+1 B)

We define the non-dependent function space A ⇒ B as an abbreviation for

Π A (⇑1 B).
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 21

Raw terms with de Bruijn indices.

Tm  r, s, t, z, A, B, C ::= vi de Bruijn index

| λt abstracting 0th variable
| rs application
| Zero natural number “0”
| Succ t successor
| Rec A z s t primitive recursion
| ΠAB dependent function type
| Nat natural number type
| Set universe

Well-formed contexts Γ .
Γ A
Γ, A

Well-formed types Γ A.

Γ A : Set Γ Γ A Γ, A B
Γ A Γ Set Γ ΠAB
Typing Γ t : A.

Γ
0 ≤ i < |Γ|
Γ vi : Γ(i)

Γ, A t : B Γ r : ΠAB Γ s:A Γ A : Set Γ, A B : Set

Γ λt : Π A B Γ r s : B[s] Γ Π A B : Set

Γ t : Nat
Γ Nat : Set Γ Zero : Nat Γ Succ t : Nat

Γ, Nat C
Γ z : C[Zero] Γ s : Π Nat (C ⇒ C[Succ v0 ]) Γ t : Nat
Γ Rec (λC) z s t : C[t]

Γ t:A Γ A
A =βη A
Γ t : A

Fig. 1. Terms and inference rules.

Let t[s/i] denote the collapsing substitution of s for index i in t, that is

⎧
⎨ vj j<i
vj [s/i] = s j=i
⎩
vj−1 j>i

and (λt)[s/i] = λ(t[⇑1 s/i + 1]), as usual. We write t[s] as a shorthand for t[s/0].
22 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

One-step βη-reduction t −→ t is given as the congruence-closure of the following

contractions.

(λt) s −→ t[s] (β-λ)

λ.(⇑1 t) v0 −→ t (η)
Rec A z s Zero −→ z (β-Rec-Zero)
Rec A z s (Succ r) −→ s r (Rec A z s r) (β-Rec-Succ)

Its reflexive-transitive closure −→∗ is confluent, so we can define t =βη t as ∃s.t −→∗
s ∗ ←− t .
Typing contexts are lists of types, inductively defined by Γ ::= | Γ, A. Context
lookup Γ(n) performs the necessary liftings:

(Γ, A)(0) = ⇑1 A
(Γ, A)(n + 1) = ⇑1 Γ(n)

Inference rules.
We define the inference rules for the following three forms of judgements.

Γ Γ is a well-formed context
Γ A A is a well-formed type in context Γ
Γ t:A t has type A in context Γ

The rules are listed in Fig. 1. The judgements enjoy standard properties like weak-
ening, strengthening and substitution, however, we require no syntactical properties
of these judgements in this work.

3 Domain Model
In this section, we present the NbE algorithm by defining a suitable semantic domain
D into which terms are evaluated, before they are brought back down onto the
syntactical level.
Let D be a set, and let environments ρ range over Env := N → D. We define
environment update ρ, d as the environment ρ such that ρ (0) = d and ρ (i + 1) =
ρ(i). Furthermore, let [[ ]] ∈ Tm → Env → D an evaluation function, · ∈ D →
D → D an application function, and rec ∈ D → D → D → D → D a primitive
recursion operator. Adopting Barendregt’s notion [5] to our setting, we say that
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 23

(D, [[ ]] , · , rec) is a weakly extensional λ-model, if the following holds.

[[vi ]]ρ = ρ(i)

[[r s]]ρ = [[r]]ρ · [[s]]ρ
[[Rec C z s t]]ρ = rec [[C]]ρ [[z]]ρ [[s]]ρ [[t]]ρ

[[λt]]ρ · d = [[t]]ρ,d
rec a dz ds [[Zero]]ρ = dz
rec a dz ds [[Succ t]]ρ = ds · [[t]]ρ · (rec a dz ds [[t]]ρ )

[[c]]ρ = [[c]]ρ for c ∈ {Zero, Nat , Set}

[[λt]]ρ = [[λt ]]ρ if [[t]]ρ,d = [[t ]]ρ ,d for all d ∈ D
[[ΠA B]]ρ = [[ΠA B  ]]ρ if [[A]]ρ = [[A ]]ρ
and [[B]]ρ,d = [[B  ]]ρ ,d for all d ∈ D
[[Succ t]]ρ = [[Succ t ]]ρ if [[t]]ρ = [[t ]]ρ

Lemma 3.1 (Properties of weakly extensional λ-models [5]) A weakly ex-

tensional λ-model (D, [[ ]] , · , rec) has the following properties.
(i) (Irrelevance) If ρ(i) = ρ (i) for all i ∈ FV(t), then [[t]]ρ = [[t]]ρ .
(ii) (Substitution) [[t[s]]]ρ = [[t]]ρ,[[s]] .
ρ

(iii) (β-Invariance) If t =β t then [[t]]ρ = [[t ]]ρ .

Liftable terms.
Following Aehlig and Joachimski [4] we delay the lifting operation, to avoid the
need of liftings in semantical objects. Morally, a liftable term is nothing but a
function that maps k to the way this term would look like under k binders; usually
this is just the term lifted by k. However, to allow for bound variables to occur
we have to accept partiality; a term containing a variable bound by the ’th binder
can only present itself under at least  binders — a bound variable can never occur
outside the scope of its binder.
Formally, we define Tm Z to be as our raw terms, but allowing also negative de
Bruijn indices and we define the set of liftable terms TM = N → Tm Z as the total
functions from the naturals to Tm Z . For t̂, t̂ ∈ TM we overload application by
setting (t̂ t̂ )(k) = t̂(k) t̂ (k); similarly for Rec. Equality t̂ ≡ t̂ is point-wise. We
denote the liftable term k → ⇑k t simply as ⇑t. The special liftable term

v̂−(k+1) (l) = vl−(k+1)

where k ∈ N, is sometimes denoted by ⇑v−(k+1) .

We define the semantic domain D with information order  as the least solution
of the domain equation

D = [D → D] ⊕ O ⊕ D ⊕ (D × [D → D]) ⊕ O ⊕ O ⊕ TM ⊥
24 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

We work in a suitable category of domains such as the category of Scott domains [22]
(consistently complete pointed cpos and continuous functions), where O means the
two point domain {⊥, } with ⊥   (the Sierpinski space), ⊕ means coalesced
sum, × means cartesian product, [ → ] means continuous function space, and
TM ⊥ is the flat domain obtained by adjoining a least element ⊥ to the set TM of
liftable terms. We also extend application on TM to TM ⊥ so that t̂ ⊥ = ⊥ t̂ =
⊥ ⊥ = ⊥. If we write t̂ ∈ TM ⊥ then t̂ = ⊥ always denotes a proper liftable term.
The role of the seven components of the RHS of the domain equation will be
clear by introducing the following names of the strict injections (constructors):

Lam : [D → D] → D Pi : D × [D → D] → D
Zero : O → D Nat : O→D
Succ : D → D Set : O→D
Ne : TM ⊥ → D

Although formally, Pi has type D × [D → D] → D, we write Pi a g instead of Pi (a, g).

Moreover, although Zero has type O → D we write Zero instead of Zero , and
similarly for Nat and Set.
Elements of D are denoted by a, b, c (for types) and d, e for objects. Functions
in [D → D] are denoted by f (object valued) and g (type valued). We overload the
notation a ⇒ b on D to mean Pi a ( → b).
The reason for having coalesced sums in the domain equation is that our proof
of semantical η-conversion (Lemma 2 below) relies on the strictness of Lam, i. e.,
Lam ⊥ = ⊥.
If we replace the coalesced sums in the definition of D by separated sums, and
replace TM ⊥ by the non-flat domain of lazy term families, we will get a domain
equation which gives the intended domain semantics of the type D in our Haskell
program (see the Appendix). However, there is an obvious embedding of the “stric-
tified” domain used in the proof into the lazy domain used in the program. Using
this embedding it follows that the normalization function in the proof must re-
turn an answer which is less defined than or equal to the normalization function
computed by the Haskell program. Since we prove that the normalization function
on the strictified domain returns correct total elements, it follows that the Haskell
program also returns correct total elements.
We define application on D as the function

app : [D → [D → D]]
app (Lam f ) = f
app e =⊥ if e is not a Lam

where in the following “default ⊥ clauses” like the last one are always tacitly as-
sumed. Observe that app (Lam f ) d = f (d). We write e · d for app e d.
Although we are working with a weakly extensional model D which only identifies
β-equal terms, we can show that η-reduction is mapped to the order  on D.
Lemma 3.2 (Semantical η-contraction) Lam (app e)  e.
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 25

Proof. By cases on e. If e = Lam f , then Lam (app e) = Lam f = e. Otherwise

Lam (app e) = Lam ⊥ = ⊥  e. 2
By mutual recursion, we define the reflection function ↑a from neutral term
families into D and the reification function ↓a from D into normal term families as
follows. Herein, we write ↓ak d for (↓a d)(k), and similarly ⇓k a for (⇓ a)(k). The
defining clauses are listed in Fig. 2, together with the semantical version of Rec and
the evaluation function [[t]]ρ .
Note that to justify the types of the reification functions ⇓ and ↓ we must show
that they return either ⊥ or a totally defined function in TM . This is so because
the argument k : N is only used in a parametric way, so definedness cannot depend
on it.
Lemma 3.3 (D, [[ ]] , · , rec) is a weakly extensional λ-model.
Also, note that [[⇑1 t]]ρ,d = [[t]]ρ .
Lemma 3.4 If t −→ t then [[t]]ρ  [[t ]]ρ for all ρ ∈ Env.
Proof. By induction on t −→ t . For the three rules (β-λ), (β-Rec-Zero), and
(β-Rec-Succ) it even follows from Lemma 3.3 that t −→ t implies [[t]]ρ = [[t ]]ρ .
Hence, it remains to check η-reduction and the congruence rules.
• Case
λ. (⇑1 t) v0 −→ t.
We have [[λ. (⇑1 t) v0 ]]ρ = Lam (d → [[⇑1 t]]ρ,d · [[v0 ]]ρ,d ) = Lam (d → [[t]]ρ · d) =
Lam (app [[t]]ρ )  [[t]]ρ by Lemma 3.2.
• Case
t −→ t
λt −→ λt
By induction hypothesis [[t]]ρ,d  [[t ]]ρ,d for all ρ, d. Hence, [[λt]]ρ = Lam (d →
[[t]]ρ,d )  Lam (d → [[t ]]ρ,d ) = [[λt ]]ρ .
• Case
A −→ A
Rec A z s t −→ Rec A z s t
By induction hypothesis [[A]]ρ  [[A ]]ρ . Since rec is continuous, [[Rec A z s t]]ρ =
rec [[A]]ρ [[z]]ρ [[s]]ρ [[t]]ρ  rec [[A ]]ρ [[z]]ρ [[s]]ρ [[t]]ρ = [[Rec A z s t]]ρ .
The other cases are analogous. 2

Identity valuation.
We define a special valuation ρΓ ∈ Env by induction on Γ:

ρ (i) = ⊥
[[A]]
ρΓ,A = ρΓ , (↑ ρΓ v̂−|Γ,A| )

The valuation ρΓ is the semantic equivalent of the syntactical identity substitution,

σ0 , defined by σ0 (i) = vi .
26 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

Reflection and reification.

↑ : [D → [TM ⊥ → D]]
↑Pi a g t̂ = Lam f where f (d) = ↑g(d) (t̂ ↓a d)
↑c t̂ = Ne t̂ if c = ⊥, c = Pi . . .

⇓ : [D → TM ⊥ ]
⇓k (Pi a g) = Π(⇓k a) (⇓k+1 g(d)) where d = ↑a v̂−(k+1)
⇓k Nat = Nat
⇓k Set = Set
⇓k (Ne t̂) = t̂(k)

↓ : [D → [D → TM ⊥ ]]
↓Set
k a = ⇓k a
↓Pi ag g(d)
k e = λ ↓k+1 (e · d) where d = ↑a v̂−(k+1)
↓Nat
k Zero = Zero
↓Nat Nat
k (Succ d) = Succ (↓k d)
↓ck (Ne t̂) = t̂(k) if c = ⊥, c = Pi . . .

Primitive recursion in D.

rec : [D → [D → [D → [D → D]]]]
rec a dz ds Zero = dz
rec a dz ds (Succ e) = ds · e · (rec a dz ds e)
rec a dz ds (Ne t̂) = ↑a·(Ne t̂) (k → Rec (↓Nat⇒Set
k a)
(↓a·Zero
k d z)
Π Nat (d→a·d⇒a·(Succ d))
(↓k ds ) t̂(k))

Denotation (evaluation) function [[ ]] : Tm → [Env → D].

[[vi ]]ρ = ρ(i)

[[λt]]ρ = Lam f where f (d) = [[t]]ρ,d
[[r s]]ρ = [[r]]ρ · [[s]]ρ
[[Zero]]ρ = Zero
[[Succ t]]ρ = Succ [[t]]ρ
[[Rec A z s t]]ρ = rec [[A]]ρ [[z]]ρ [[s]]ρ [[t]]ρ
[[ΠA B]]ρ = Pi [[A]]ρ g where g(d) = [[B]]ρ,d
[[Nat]]ρ = Nat
[[Set]]ρ = Set

Fig. 2. Key ingredients of NbE.

 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 27

[[Γ(i)]]ρ
Lemma 3.5 ρΓ (i) = ↑ Γ v̂i−|Γ| for 0 ≤ i < |Γ|.

Proof. By induction on Γ. In case Γ = , there is nothing to show.

[[A]]ρ
ρΓ,A (0) =↑ Γ v̂
−|Γ,A|
[[(Γ,A)(0)]]ρ
=↑ Γ,A v̂0−|Γ,A| since (Γ, A)(0) = ⇑1 A

ρΓ,A (i + 1) = ρΓ (i)
[[Γ(i)]]ρ
=↑ Γ v̂i−|Γ| by ind.hyp.
[[(Γ,A)(i+1)]]ρ
=↑ Γ,A v̂i+1−|Γ,A| since (Γ, A)(i + 1) = ⇑1 Γ(i).

Normalization by evaluation for terms and types is now implemented by these

two functions:
[[A]]ρ
Γ t := ↓|Γ|
nbeA Γ
[[t]]ρΓ
NbeΓ A := ⇓|Γ| [[A]]ρΓ

4 Completeness of NbE
In this section we establish the fact that well-typed βη-equal terms evaluate to the
same long normal form.

Γ t, t : A & t =βη t =⇒ nbeA A 

Γ t ≡ nbeΓ t ∈ Tm

We also establish the analogous fact for types:

Γ A, A & A =βη A =⇒ NbeΓ A ≡ NbeΓ A ∈ Tm

We proceed by constructing an extensional PER model of total elements in D (sim-

ilar to the one in [1]) and show that the denotation of βη-equal terms are related
in the PER assigned to their type. Finally we prove that such related objects are
reified (“brought down”) to syntactically identical terms.

PER model.
Let Rel denote the set of relations on D and Per ⊆ Rel the set of partial equiva-
lence relations on D. If A ∈ Rel, we write d = d ∈ A for (d, d ) ∈ A and d ∈ A for
d = d ∈ A. If A ∈ Rel and G(d) ∈ Rel for each d ∈ A we let

ΠA G = {(e, e ) | (e · d, e · d ) ∈ G(d) for all (d, d ) ∈ A}.

If A ∈ Per and G(d) ∈ Per for all d ∈ A, then ΠA G ∈ Per. Let Ne ∈ Per be
{(Ne ŝ, Ne ŝ) | ŝ ∈ TM }.
28 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

Semantical natural numbers.

We inductively define Nat ∈ Per by the following rules.

d = d ∈ Nat
Zero = Zero ∈ Nat Succ d = Succ d ∈ Nat Ne t̂ = Ne t̂ ∈ Nat

Semantical “sets”.
We shall now define a partial equivalence relation Set for “equal sets” together
with partial equivalence relations [c] for “equal elements” of a set c ∈ Set. One
naturally tries to generate Set inductively and [c] by structural recursion on Set.
However, the introduction rule for Π for Set will then refer negatively to [−], and
we therefore do not have a positive inductive definition in the usual sense. Instead
this is an example of a simultaneous inductive-recursive definition. Such definitions
are both constructively and classically meaningful [10,11] and are often needed in
the metatheory of dependent type theory. We shall now show how the inductive-
recursive definition of Set and [c] can be understood classically by first giving a
monotone inductive definition of [c] which is then used in the definition of Set.
Lemma 4.1 (Interpretation function) There is a partial function [ ] ∈ D 
Per satisfying the equations:

[Pi a g] = Π [a] (d → [g(d)])

[Nat] = Nat
[Ne t̂] = Ne.

Proof. We define the graph T ⊆ P(D×Per) of [ ] inductively by the following rules.

(a, A) ∈ T (g(d), G(d)) ∈ T for all d ∈ A

(Pi a g, ΠA G) ∈ T (Nat, Nat) ∈ T (Ne t̂, Ne) ∈ T

(This is a monotone inductive definition on sets, see for example Aczel [2].) By an
easy induction on the membership in T we prove that (a, A) ∈ T and (a, A ) ∈ T)
imply A = A , hence, [a] = A ⇐⇒ (a, A) ∈ T defines a partial function. 2

We inductively define Set ∈ Rel by the following rules.

a = a ∈ Set g(d) = g (d ) ∈ Set for all d = d ∈ [a]

Pi a g = Pi a g ∈ Set

Nat = Nat ∈ Set Ne t̂ = Ne t̂ ∈ Set

The following lemma shows that Set ∈ Per and [ ] ∈ Set → Per, thus, [ ] is a total
interpretation function for semantical sets.
Lemma 4.2 (Well-definedness of Set and interpretation)
(i) If c = c ∈ Set then [c], [c ] are defined and [c] = [c ].
(ii) If a = b ∈ Set and b = c ∈ Set then a = c ∈ Set.
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 29

(iii) If a = b ∈ Set then b = a ∈ Set.

Proof. Each by induction on the (first) derivation of = ∈ Set. Analogous proofs

can be found in [1, Appendix B]. 2

Note that ⊥ ∈ Set and that ⊥ ∈ [c] for all c ∈ Set.

Lemma 4.3 (Semantical sets are upward-closed)
(i) If c ∈ Set and c  c then c = c ∈ Set.
(ii) If c ∈ Set, e ∈ [c], and e  e , then e = e ∈ [c].

Proof. Each induction on c ∈ Set. For the first proposition, consider the case c =
Ne t̂  c . This implies c = Ne t̂. Next, consider the case c = Pi a g ∈ Set and assume
Pi a g  c . Then c must have the shape Pi a g with a  a and g(d )  g (d ) for
all d ∈ D. By induction hypothesis a = a ∈ Set and g(d) = g(d ) = g (d ) ∈ Set for
all d = d ∈ [a], so Pi a g = Pi a g ∈ Set.
For the second proposition, the only interesting case is e ∈ [Pi a g] and e  e . By
monotonicity of app, e·d  e ·d holds for all d ∈ D. Hence, by induction hypothesis,
e·d = e ·d ∈ [g(d )] for all d ∈ [a], For arbitrary d = d ∈ [a] we have by assumption
e · d = e · d ∈ [g(d)]; together, since [g(d )] = [g(d)], e · d = e · d ∈ [g(d)]. Thus,
e  e ∈ [Pi a g]. 2

Semantical types.
We extend the interpretation function by the clause [Set] = Set and define an
inductive judgement = ∈ Type as follows.

c = c ∈ Set
c = c ∈ Type Set = Set ∈ Type

a = a ∈ Type g(d) = g (d ) ∈ Type for all d = d ∈ [a]

Pi a g = Pi a g ∈ Type

As for semantical sets, c = c ∈ Type implies [c] = [c ] ∈ Per, and Type ∈ Per. Also,
⊥ ∈ Type.
Lemma 4.4 (Semantical types are upward-closed)
(i) If c ∈ Type and c  c then c = c ∈ Type.
(ii) If c ∈ Type, e ∈ [c], and e  e , then e = e ∈ [c].

Proof. Analogously to Lemma 4.3. 2

Lemma 4.5 (Up and down)

(i) If c = c ∈ Type then ↑c t̂ = ↑c t̂ ∈ [c].
(ii) If c = c ∈ Set then ⇓ c ≡ ⇓ c ∈ TM .
(iii) If c = c ∈ Type then ⇓ c ≡ ⇓ c ∈ TM .

(iv) If c = c ∈ Type and e = e ∈ [c] then ↓c e ≡ ↓c e ∈ TM .
30 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

Proof. Simultaneously by induction on c = c ∈ Type or Set, respectively. We

show the proof of the first proposition.

If c = Pi a g and c = Pi a g then ↑c t̂ = Lam (d → ↑g(d) (t̂ ↓a d)) and ↑c t̂ =
  
Lam (d → ↑g (d) (t̂ ↓a d)). By induction hypothesis, ↓a d and ↓a d are well-defined and
 
identical term families for d ∈ [a] = [a ], and hence, ↑g(d) (t̂ ↓a d) = ↑g (d) (t̂ ↓a d) ∈
[g(d)], again by induction hypothesis.

If c, c are not Pis, then ↑c t̂ = ↑c t̂ = Ne t̂ ∈ [c].
For the fourth proposition, consider the case c = Pi a g and c = Pi a g and
a g  
e = e ∈ [Pi a g]. We show ↓Pi k
ag
e ≡ ↓Pi
k e for arbitrary k ∈ N. Let d :=
 a 
↑ v̂−(k+1) and d := ↑ v̂−(k+1) . Since d = d ∈ [a] by induction hypothesis 1, we
a
g  (d )
have e · d = e · d ∈ [g(d)], and by induction hypothesis 4, ↓k+1 (e · d) ≡ ↓k+1 (e · d ).
g(d)

g  (d )
Hence, λ ↓k+1 (e · d) ≡ λ ↓k+1 (e · d ), which was to be shown.
g(d)
2
Lemma 4.6 (Soundness of recursion) Assume
(i) a · d = a · d ∈ Type for all d = d ∈ Nat,
(ii) dz = dz ∈ [a · Zero],
(iii) ds = ds ∈ [Pi Nat (dm → a · dm ⇒ a · (Succ dm ))],
(iv) and e = e ∈ Nat.
Then rec a dz ds e = rec a dz ds e ∈ [a · e].
Proof. By induction on e = e ∈ Nat. The interesting case is when e = e = Ne t̂.
By Lemma 4.5, the following are well-defined liftable terms:

Â(k) := ↓Nat⇒Set
k a
= λ. ⇓k+1 (a · (Ne v̂−(k+1) )) ≡ λ. ⇓k+1 (a · (Ne v̂−(k+1) ))

ẑ := ↓a·Zero dz ≡ ↓a ·Zero dz
 
ŝ := ↓Π Nat (d→a·d⇒a·(Succ d)) ds ≡ ↓Π Nat (d→a ·d⇒a ·(Succ d)) ds

Hence, r̂ := Rec  ẑ ŝ t̂ ∈ TM . Again by Lemma 4.5, we have ↑a·(Ne t̂) r̂ =


rec a dz ds (Ne t̂) = rec a dz ds (Ne t̂ ) = ↑a ·(Ne t̂) r̂ ∈ [a · (Ne t̂)]. 2

Semantical contexts.
Let
ρ = ρ ∈ [Γ] :⇐⇒ ρ(i) = ρ (i) ∈ [[[Γ(i)]]ρ ] for 0 ≤ i < |Γ|

Lemma 4.7 (Context extension) (ρ, d) = (ρ , d ) ∈ [Γ, A] iff ρ = ρ ∈ [Γ] and

d = d ∈ [[[A]]ρ ].
Proof. Let 0 ≤ i < |Γ, A|. We consider the proposition (ρ, d)(i) = (ρ , d )(i) ∈
[[[(Γ, A)(i)]]ρ,d ] for the principal values of i. If i = 0, this proposition reduces to
d = d ∈ [[[⇑1 A]]ρ,d ] = [[[A]]ρ ]. Otherwise, it reduces to ρ(i − 1) = ρ (i − 1) ∈
[[[⇑1 (Γ(i))]]ρ,d ] = [[[Γ(i)]]ρ ] where 0 ≤ i − 1 < |Γ|. 2
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 31

We define valid contexts Γ |= inductively by the following rules:

Γ |= [[A]]ρ = [[A]]ρ ∈ Type for all ρ = ρ ∈ [Γ]

|= Γ, A |=

Validity.
We let
Γ |= A :⇐⇒ Γ |= and ∀ρ = ρ ∈ [Γ]. [[A]]ρ = [[A]]ρ ∈ Type
Γ |= A = A :⇐⇒ Γ |= and ∀ρ = ρ ∈ [Γ]. [[A]]ρ = [[A ]]ρ ∈ Type
Γ |= t : A :⇐⇒ Γ |= A and ∀ρ = ρ ∈ [Γ]. [[t]]ρ = [[t]]ρ ∈ [[[A]]ρ ]
Γ |= t = t : A :⇐⇒ Γ |= A and ∀ρ = ρ ∈ [Γ]. [[t]]ρ = [[t ]]ρ ∈ [[[A]]ρ ]
Lemma 4.8 (Convertible terms are semantically related)
(i) If Γ |= A, A and A =βη A then Γ |= A = A .
(ii) If Γ |= t, t : A and t =βη t then Γ |= t = t : A.
Proof. Fix some ρ = ρ ∈ [Γ]. By assumption, a := [[A]]ρ = [[A]]ρ ∈ Type and
a = [[A ]]ρ ∈ Type. Further, A −→∗ B ∗ ←− A , which implies [[A]]ρ  [[B]]ρ =: b
and a  b. Since Type is upward-closed, a = [[A]]ρ = b = a ∈ Type. 2
The next theorem establishes the soundness of the inference rules w. r. t. our
PER model. A simple consequence is that NbE is complete, i. e., will answer “yes”
on βη-equal terms if used as an equality test.
Theorem 4.9 (Validity)
(i) If Γ then Γ |=.
(ii) If Γ A then Γ |= A.
(iii) If Γ t : A then Γ |= t : A.
Proof. Simultaneously by induction on the derivation.
• Case
Γ, A t : B
Γ λt : Π A B
Assume ρ = ρ ∈ [Γ]. Let a = [[A]]ρ , a = [[A]]ρ , g(d) = [[B]]ρ,d , g (d) =
[[B]]ρ ,d , f (d) = [[t]]ρ,d , and f  (d) = [[t]]ρ ,d . We have [[Π A B]]ρ = Pi a g =
Pi a g = [[ΠA B]]ρ ∈ Type, since by induction hypothesis, a = a ∈ Type
and g(d) = g (d ) ∈ Type for all d = d ∈ [a]. Furthermore, by induc-
tion hypothesis, f (d) = f  (d ) ∈ [g(d)] for all d = d ∈ [a], so we have
[[λt]]ρ = Lam f = Lam f  = [[λt]]ρ ∈ [Pi a g].
• Case
r : ΠABΓ Γ s:A
Γ r s : B[s]
By induction hypothesis and definition of [Pi [[A]]ρ (d → [[B]]ρ,d )], using the identity
[[B[s]]]ρ = [[B]]ρ,[[s]]ρ .
32 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

• Case

Γ, Nat C
Γ z : C[Zero] Γ s : Π Nat (C ⇒ C[Succ v0 ]) Γ t : Nat
Γ Rec (λC) z s t : C[t]

By Lemma 4.6.
• Case
t:A ΓΓ A
A =βη A
Γ t : A
By induction hypothesis, Γ |= A and Γ |= A . By Lemma 4.8, Γ |= A = A ,
meaning that for any ρ ∈ [Γ], [[A]]ρ = [[A ]]ρ ∈ Type. Hence [[[A]]ρ ] = [[[A ]]ρ ],
which entails the goal.
2

Corollary 4.10 (Completeness of NbE)

(i) If Γ t, t : A and t =βη t then nbeA A 
Γ t ≡ nbeΓ t ∈ Tm.
(ii) If Γ A, A and A =βη A then NbeΓ A ≡ NbeΓ A ∈ Tm.

As a consequence of the corollary, NbE is terminating on well-typed terms.

5 Term Model and Soundness of NbE

Soundness of NbE means that the algorithm returns a term which is βη-equal to the
input. To prove this property we use a term model where the denotation function is
just parallel substitution. Fortunately, we do not have to go all the way and give an
interpretation of syntactical types. For our purposes, it is sufficient to interpret each
semantical type by a Kripke logical relation between terms t and domain elements d
which expresses that the reification of the domain element d is βη-equal to the term
t it is related to. By then showing that for each well-typed term, its denotation
in the term model is logically related to its denotation in the domain model, we
establish soundness of NbE.

Substitutions.
For σ ∈ N → Tm we define an update operation σ, s as follows:

(σ, s)(0) =s
(σ, s)(i + 1) = σ(i)

Let ⇑1 σ be a shorthand for ⇑1 ◦ σ. Lifting shall bind stronger than update, thus,
⇑k σ, s is to be read as (⇑k σ), s.
We inductively define parallel substitution   ∈ Tm → (N → Tm) → Tm by
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 33

the following clauses:

vi σ = σ(i) Rec A z s tσ = Rec Aσ zσ sσ tσ

λtσ = λ. t⇑1 σ,v0 Π A Bσ = Π Aσ B⇑1 σ,v0
r sσ = rσ sσ Natσ = Nat
Zeroσ = Zero Setσ = Set
Succ tσ = Succ tσ

Lemma 5.1 Let v = vk−1 , . . . , v0 with |v| = k. Then t⇑k+1 σ,vk ,v [s/k] = t⇑k σ,s,v .
Proof. By induction on t. We spell out the proof for variables and for a binder.
• Case v .
If  ≥ k + 1, then v ⇑k+1 σ,vk ,v [s/k] = (⇑k+1 σ( − (k + 1)))[s/k] = ⇑k σ( − (k +
1)) = v ⇑k σ,s,v .
If  = k then vk ⇑k+1 σ,vk ,v [s/k] = vk [s/k] = s = vk ⇑k σ,s,v .
If  < k then vk ⇑k+1 σ,vk ,v [s/k] = v [s/k] = v = v ⇑k σ,s,v .
• Case λ.
λt⇑k+1 σ,vk ,v [s/k] = (λt⇑k+2 σ,vk+1 ,⇑1 v,v0 )[s/k]
= λ(t⇑k+2 σ,vk+1 ,⇑1 v,v0 [⇑1 s/(k + 1)])
= λt⇑k+1 σ,⇑1 s,⇑1 v,v0
= λt⇑k σ,s,v .
2
Corollary 5.2 t⇑1 σ,v0 [s] = tσ,s
Now we can construct the term model T := Tm/=βη by identifying βη-equal
terms. Let the notation t = t ∈ T mean that t, t are well-defined terms in Tm and
t =βη t . In particular, if t or t is an instance t̂(k) of a liftable term t̂, well-defined
means that there are no negative indices in t̂(k).
Lemma 5.3 (Term model) (T,   , , Rec) is a weakly extensional λ-model.
Proof. Most conditions are trivially satisfied, we show λtσ s = tσ,s in T:

λtσ s = (λt⇑1 σ,v0 ) s = t⇑1 σ,v0 [s] = tσ,s .

Kripke logical relations.

By induction on a ∈ Type we define the relation Rak ⊆ T × [a] for k ∈ N.

r RPi ag g(d)
k e ⇐⇒ (⇑ r) s Rk+ e · d for all  ∈ N and s Rak+ d

s Rck d ⇐⇒ ⇑ s = ↓ck+ d ∈ T for all  ∈ N where c = Pi . . .

34 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39


Lemma 5.4 (Equality) If c = c ∈ Type then Rck = Rck .

Proof. By induction on c = c ∈ Type. If c, c are not function types, then we have

already c = c , so the claim follows trivially. Otherwise, c = Pi a g and c = Pi a g
with a = a ∈ Type and g(d) = g (d ) ∈ Type for all d = d ∈ [a]. Assume r Rck e
 g(d)
and s Rak+ d. By induction hypothesis, s Rak+ d, hence, (⇑ r) s Rk+ e · d. Again,
g  (d) 
by induction hypothesis, (⇑ r) s Rk+ e · d, thus, r Rck e. 2

Lemma 5.5 (Monotonicity) If c ∈ Type and r Rck e then ⇑ r Rck+ e for all
 ∈ N.

Proof. By induction on c ∈ Type. 2

Lemma 5.6 (Up and down for Rck ) Let c ∈ Type.

(i) If ⇑ r = r̂(k + ) ∈ T for all  ∈ N, then r Rck ↑c r̂.
(ii) If r Rck e then ⇑ r = ↓ck+ e ∈ T for all  ∈ N.

Proof. Simultaneously by induction on c ∈ Type. First proposition:

• Case c = Pi . . . . Let  ∈ N. Then ⇑ r = r̂(k + ) = ↓ck+ Ne r̂ = ↓ck+ ↑c r̂ ∈ T,
hence, r Rck ↑c r̂ by definition.
• Case c = Pi a g. To show r RPi
k
ag
r̂, we assume  ∈ N and s Rak+ d and prove
(⇑ r) s Rk+ (↑Pi a g r̂) · d, where the r.h.s. simplifies to ↑g(d) (r̂ ↓a d). Applying the
g(d)

induction hypothesis, it remains to show for arbitrary  ∈ N that ⇑ ((⇑ r) s) =
 
(r̂ ↓a d)(k +  +  ) ∈ T, or equivalently, (⇑+ r) (⇑ s) = r̂(k +  +  ) ↓ak++ d ∈ T.

But this equation holds, since by induction hypothesis 2, ⇑ s = ↓ak++ d ∈ T.
Second proposition:
• Case c = Pi . . . . By definition.
• Case c = Pi a g. Fix some  ∈ N and let d = ↑a v̂−(k++1) . Given r RPi
k
ag
e,
Pi a g
we have to show ⇑ r = ↓k+ e ∈ T. By induction hypothesis 1, v0 Rk++1 d,
 a
g(d)
hence from the assumption, (⇑+1 r) v0 Rk++1 e · d. By induction hypothesis 2,
g(d) g(d)
(⇑+1 r) v0 = ↓k++1 (e · d) ∈ T, so we have ⇑ r =βη λ.(⇑+1 r) v0 =βη λ. ↓k++1 (e ·
d) = ↓Pi ag
k+ e ∈ T.
2

Logical Relations for Contexts.

We define
[[A]]
σ RΓk ρ :⇐⇒ ∀i. Γ(i) = A =⇒ σ(i) Rk ρ ρ(i)

Theorem 5.7 Let σ RΓk ρ.

[[A]]ρ
(i) If Γ t : A then tσ Rk [[t]]ρ .
(ii) If Γ A then Aσ = ⇓k [[A]]ρ ∈ T.
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 35

Proof. Each by induction on the typing derivation.

• Case
Γ
0 ≤ i < |Γ|
Γ vi : Γ(i)
Let a := [[Γ(i)]]ρ . By assumption, vi σ = σ(i) Rak ρ(i) = [[vi ]]ρ .
• Case
Γ, A t : B
Γ λt : Π A B
Let a := [[A]]ρ ∈ Type and g(d) := [[B]]ρ,d ∈ [a] → Type. We have to show
λtσ RPi
k
ag
[[λt]]ρ = Lam (d → [[t]]ρ,d ) which amounts to showing (⇑ λtσ ) s =
g(d)
λt⇑ σ s =βη t⇑ σ,s Rk+ [[t]]ρ,d for arbitrary  ∈ N and s Rak+ d. Since
(⇑ σ, s) RΓ,A
(ρ, d) by monotonicity of R (Lemma 5.5), this is just an instance of
k+
the induction hypothesis.
• Case
r : ΠAB Γ Γ s:A
Γ r s : B[s]
Let a := [[A]]ρ ∈ Type and g(d) := [[B]]ρ,d ∈ [a] → Type. Further, set d :=
[[s]]ρ ∈ [a]. Observe that [[B[s]]]ρ = [[B]]ρ,[[s]]ρ = g(d). We have to show that
r sσ Rk [[r s]]ρ which follows by the induction hypotheses rσ RPi
g(d) ag
k [[r]]ρ and
sσ Rk [[s]]ρ .
a

• Case
Γ t:A Γ A
A =βη A
Γ t : A
[[A]]ρ [[A ]]ρ
Since [[A]]ρ = [[A ]]ρ ∈ Type by Theorem 4.9, we have Rk =Rk by Lemma 5.4.
• Case
A : SetΓ Γ, A B : Set
Γ Π A B : Set
Set
Recall that ↓ = ⇓. Let a := [[A]]ρ ∈ Type and d := ↑a v̂−(k+1) . By monotonicity
of the logical relation ⇑1 σ RΓk+1 ρ and since v0 Rak+1 d by Lemma 5.6, we have
(⇑1 σ, v0 ) RΓ,A
k+1 (ρ, d). Hence, by induction hypothesis, B⇑1 σ,v0 = ⇓k+1 [[B]]ρ,d ∈
T. Also, by induction hypothesis, Aσ = ⇓k [[A]]ρ ∈ T. Together,

Π A Bσ = ΠAσ B⇑1 σ,v0

=βη Π(⇓k [[A]]ρ )(⇓k+1 [[B]]ρ,d )
= ⇓k (Pi [[A]]ρ (d → [[B]]ρ,d ))
= ⇓k [[Π A B]]ρ .

The same proof works for Γ Π A B.

2

Recall that σ0 (i) = vi and that ρΓ is the semantical counterpart of σ0 .

36 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

Lemma 5.8 (Context satisfiable)

(i) If Γ |= then ρΓ ∈ [Γ].
(ii) If Γ |= then σ0 RΓ|Γ| ρΓ .

Proof. Let 0 ≤ i < |Γ| and a := [[Γ(i)]]ρΓ ∈ Type. First, (ρΓ )(i) = ↑a v̂i−|Γ| ∈ [a] by
Lemma 4.5. Secondly, σ0 (i) = vi Ra|Γ| ↑a v̂i−|Γ| = (ρΓ )(i) by Lemma 5.6. 2

Corollary 5.9 (Soundness of NbE)

(i) If Γ t : A then t =βη nbeA
Γ t.
(ii) If Γ A then A =βη NbeΓ A.

Proof. Let a := [[A]]ρΓ which is in Type by validity. By the logical relations theorem,
t = tσ0 Ra|Γ| [[t]]ρΓ . Hence, by Lemma 5.6, t =βη ↓a|Γ| [[t]]ρΓ . Similarly, A = Aσ0 =βη
⇓|Γ| [[A]]ρΓ . 2

6 Conclusion
In this article, we have provided a normalization-by-evaluation algorithm for
lambda-terms and primitive recursion. By constructing a PER model and a Kripke
logical relation we have proven that it decides βη-equality of Martin-Löf Type The-
ory with an Universe a la Russell. With NbE sound and complete, we can replace
the side condition A =βη A in the conversion rule by the test NbeΓ A ≡ NbeΓ A .
This is the crucial step towards a (bidirectional) type checking algorithm for the
system presented.

Acknowledgement
We are grateful to Thierry Coquand for many discussions and much insight into
normalization for type theory in general and feedback on normalization by evalua-
tion in particular. For example, he pointed out to us that it is more elegant to write
the algorithm for lambda terms a la Curry than for the lambda terms a la Church
that we used in a preliminary version. We also thank the anonymous referees for
detailed comments on draft versions of this article.

References
[1] Abel, A. and T. Coquand, Untyped algorithmic equality for Martin-Löf ’s logical framework with
surjective pairs, Fundamenta Informaticæ(2007), TLCA’05 special issue. To appear.

[2] Aczel, P., An introduction to inductive definitions, in: J. Barwise, editor, Handbook of Mathematical
Logic, North-Holland, 1977 pp. 739–782.

[3] Aczel, P., The strength of Martin-Löf ’s type theory with one universe, in: S. Miettinen and J. Väänanen,
editors, Proceedings of the Symposium on Mathematical Logic (Oulu 1974), 1977, pp. 1–32, report No
2 of Dept. Philosophy, University of Helsinki.

[4] Aehlig, K. and F. Joachimski, Operational aspects of untyped normalization by evaluation,

Mathematical Structures in Computer Science 14 (2004), pp. 587–611.
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 37

[5] Barendregt, H., “The Lambda Calculus: Its Syntax and Semantics,” North Holland, Amsterdam, 1984.

[6] Berger, U., M. Eberl and H. Schwichtenberg, Term rewriting for normalization by evaluation,
Information and Computation 183 (2003), pp. 19–42.

[7] Coquand, C., Agda: An interactive proof editor, http://agda.sourceforge.net/.

[8] Coquand, C., A realizability interpretation of Martin-Löf ’s type theory, in: G. Sambin and J. Smith,
editors, Twenty-Five Years of Constructive Type Theory (1998).

[9] Danielsson, N. A., A partial formalisation of a dependently typed language as an inductive-recursive

family (2006), to appear in TYPES’06 proceedings.

[10] Dybjer, P., A general formulation of simultaneous inductive-recursive definitions in type theory, Journal
of Symbolic Logic (2000), pp. 525–549.

[11] Dybjer, P. and A. Setzer, Indexed induction-recursion, Journal of Logic and Algebraic Programming
(2006).

[12] Filinski, A., A semantic account of type-directed partial evaluation, in: G. Nadathur, editor,
International Conference on Principles and Practice of Declarative Programming, number 1702 in
LNCS, 1999, pp. 378–395.

[13] Filinski, A. and H. K. Rohde, A denotational account of untyped normalization by evaluation., in:
I. Walukiewicz, editor, Foundations of Software Science and Computation Structures, 7th International
Conference, FOSSACS 2004, Held as Part of the Joint European Conferences on Theory and Practice
of Software, ETAPS 2004, Barcelona, Spain, March 29 - April 2, 2004, Proceedings, Lecture Notes in
Computer Science 2987 (2004), pp. 167–181.

[14] Martin-Löf, P., About models for intuitionistic type theories and the notion of definitional equality, in:
S. Kanger, editor, Proceedings of the 3rd Scandinavian Logic Symposium, 1975, pp. 81–109.

[15] Martin-Löf, P., An intuitionistic theory of types: Predicative part, in: H. E. Rose and J. C. Shepherdson,
editors, Logic Colloquium ‘73 (1975), pp. 73–118.

[16] Martin-Löf, P., Constructive mathematics and computer programming, in: Logic, Methodology and
Philosophy of Science, VI, 1979 (1982), pp. 153–175.

[17] Martin-Löf, P., “Intuitionistic Type Theory,” Bibliopolis, 1984.

[18] Martin-Löf, P., Amendment to intuitionistic type theory (1986), notes from a lecture given in Göteborg.

[19] Martin-Löf, P., An intuitionistic theory of types, in: G. Sambin and J. Smith, editors, Twenty-Five
Years of Constructive Type Theory (1998), reprinted version of an unpublished report from 1972.

[20] Martin-Löf, P., Normalization by evaluation and by the method of computability (2004), talk at JAIST,
Japan Advanced Institute of Science and Technology, Kanazawa.

[21] Nordström, B., K. Petersson and J. Smith, “Programming in Martin-Löf’s Type Theory: an
Introduction,” Oxford University Press, 1990.

[22] Scott, D. S., Domains for denotational semantics, in: Automata, Languages and Programming,
Proceedings of the 9th International Colloquium (1982), pp. 577–613.

A Haskell program
This appendix contains a Haskell program implementing normalization by evalu-
ation as described in this article. The only difference between Haskell’s semantics
and the semantics developed in Section 3 is that the Haskell program may return a
partially defined value at certain places, whereas our argument assumes the totally
undefined value ⊥. This is due to the non-strictness of the constructors in Haskell.
However, being more defined than we need to does not do any harm. Since we
show that for Γ t : A the function nbeA Γ t yields a totally defined value, namely,
a member of Tm, the program nbe Γ A t has to produce the same result, as there
38 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39

are no values that are more defined than a total one—in the usual domain theoretic
order.
The discrepancy between the mathematical treatment and the Haskell program
could be overcome by adding strictness annotations in the datatypes Tm and D. In
this way we could model the construction of D exactly. However, as we have argued,
the Haskell program works correctly without these annotations. Alternatively, one
could switch to a strict language like ML to get a one-to-one correspondence with
the mathematical development.
Terms (including types).
data Tm = Var Int | App Tm Tm | Lam Tm
| Zero | Succ Tm | Rec Tm Tm Tm Tm
| Nat | Pi Tm Tm | Set
deriving (Show,Eq)
type TM = Int -> Tm

Domain Semantics.
data D = PiD D (D -> D) -- pi-type
| NatD -- code for Nat
| SetD -- universe
| LamD (D -> D) -- function
| ZeroD -- natural numbers
| SuccD D
| NeD TM -- neutral terms
arrD :: D -> D -> D
arrD a b = PiD a (\ _ -> b)
appD :: D -> D -> D
appD (LamD f) d = f d
varD :: D -> Int -> D
varD a k = up a (\ l -> Var (l+k))

Reflection (up) and reification (down).

up :: D -> TM -> D
up (PiD a g) t = LamD (\ d -> up (g d) (\ k -> App (t k) (down a d k)))
up _ t = NeD t
downT :: D -> TM
downT (PiD a g) k = Pi (downT a k) $ downT (g $ varD a $ (-(k+1))) (k+1)
downT NatD k = Nat
downT SetD k = Set
downT (NeD t) k = t k
down :: D -> D -> TM
down (PiD a g) e k = Lam $ down (g d) (appD e d) (k+1)
where d = varD a (-(k+1))
down SetD a k = downT a k
down NatD ZeroD k = Zero
down NatD (SuccD d) k = Succ (down NatD d k)
down _ (NeD t) k = t k

Primitive Recursion.
recD :: D -> D -> D -> D -> D
recD a z s ZeroD = z
recD a z s (SuccD d) = s ‘appD‘ d ‘appD‘ (recD a z s d)
recD a z s d = up (a ‘appD‘ d) (\ k ->
Rec (down (NatD ‘arrD‘ SetD) a k)
(down (a ‘appD‘ ZeroD) z k)
(down (PiD NatD (\ n -> (a ‘appD‘ n) ‘arrD‘ (a ‘appD‘ (SuccD n)))) s k)
(down NatD d k))

Environments.
type Env = Int -> D
emptyEnv k = error $ "unbound index " ++ show k
 A. Abel et al. / Electronic Notes in Theoretical Computer Science 173 (2007) 17–39 39

ext :: Env -> D -> Env

ext rho a k = if k==0 then a else rho (k-1)

Evaluation.
eval :: Tm -> Env -> D
eval (Var k) rho = rho k
eval (App r s) rho = appD (eval r rho) (eval s rho)
eval (Lam r) rho = LamD f
where f d = eval r (ext rho d)
eval (Zero) rho = ZeroD
eval (Succ r) rho = SuccD (eval r rho)
eval (Rec a z s n) rho = recD (eval a rho)
(eval z rho) (eval s rho) (eval n rho)
eval (Nat) rho = NatD
eval (Pi r s) rho = PiD (eval r rho) g
where g d = eval s (ext rho d)
eval (Set) rho = SetD

Identity valuation.
type Cxt = [Tm]
upG’ :: Int -> Cxt -> Env
upG’ n [] = emptyEnv
upG’ n (a:gamma) = ext rho (varD (eval a rho) (n - length (a:gamma)))
where rho = (upG’ n gamma)
upG :: Cxt -> Env
upG gamma = upG’ (length gamma) gamma

Normalization by evaluation.
nbe gamma c r = down (eval c (upG gamma)) (eval r (upG gamma)) 0
nbeT gamma a = downT (eval a (upG gamma)) 0