A new coinductive confluence proof for infinitary lambda calculus
LLogical Methods in Computer ScienceVolume 16, Issue 1, 2020, pp. 31:1–31:31https://lmcs.episciences.org/ Submitted Aug. 17, 2018Published Mar. 11, 2020
A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARYLAMBDA CALCULUS (cid:32)LUKASZ CZAJKAUniversity of Copenhagen, Universitetsparken 5, 2100 Copenhagen, Denmark e-mail address : [email protected]
Abstract.
We present a new and formal coinductive proof of confluence and normalisationof B¨ohm reduction in infinitary lambda calculus. The proof is simpler than previous proofsof this result. The technique of the proof is new, i.e., it is not merely a coinductivereformulation of any earlier proofs. We formalised the proof in the Coq proof assistant. Introduction
Infinitary lambda calculus is a generalisation of lambda calculus that allows infinite lambdaterms and transfinite reductions. This enables the consideration of “limits” of terms underinfinite reduction sequences. For instance, for a term M ≡ ( λmx.mm )( λmx.mm ) we have M → β λx.M → β λx.λx.M → β λx.λx.λx.M → β . . . Intuitively, the “value” of M is an infinite term L satisfying L ≡ λx.L , where by ≡ wedenote identity of terms. In fact, L is the normal form of M in infinitary lambda calculus.In [19, 17] it is shown that infinitary reductions may be defined coinductively. Thestandard non-coinductive definition makes explicit mention of ordinals and limits in a certainmetric space [24, 22, 4]. A coinductive approach is better suited to formalisation in aproof-assistant. Indeed, with relatively little effort we have formalised our results in Coq(see Section 7).In this paper we show confluence of infinitary lambda calculus, modulo equivalence ofso-called meaningless terms [26]. We also show confluence and normalisation of infinitaryB¨ohm reduction over any set of strongly meaningless terms. All these results have alreadybeen obtained in [24, 26] by a different and more complex proof method.In a related conference paper [10] we have shown confluence of infinitary reductionmodulo equivalence of root-active subterms, and confluence of infinitary B¨ohm reduction overroot-active terms. The present paper is quite different from [10]. A new and simpler methodis used. The proof in [10] follows the general strategy of [24]. There first confluence moduloequivalence of root-active terms is shown, proving confluence of an auxiliary (cid:15) -calculus Key words and phrases: infinitary rewriting, confluence, normalisation, B¨ohm trees, coinduction.Supported by the European Union’s Horizon 2020 research and innovation programme under the MarieSk(cid:32)lodowska-Curie grant agreement number 704111.
LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.23638/LMCS-16(1:31)2020 c (cid:13)
Ł. Czajka CC (cid:13) Creative Commons (cid:32)L. Czajka
Vol. 16:1 as an intermediate step. Then confluence of B¨ohm reduction is derived from confluencemodulo equivalence of root-active terms. Here we first show that every term has a uniquenormal form reachable by a special standard infinitary N U -reduction. Then we use thisresult to derive confluence of B¨ohm reduction, and from that confluence modulo equivalenceof meaningless terms. We do not use any (cid:15) -calculus at all. See the beginning of Section 5for a more detailed discussion of our proof method.1.1. Related work.
Infinitary lambda calculus was introduced in [24, 23]. Meaninglessterms were defined in [26]. The confluence and normalisation results of this paper werealready obtained in [24, 26], by a different proof method. See also [22, 4, 18] for an overviewof various results in infinitary lambda calculus and infinitary rewriting.Joachimski in [21] gives a coinductive confluence proof for infinitary lambda calculus, butJoachimski’s notion of reduction does not correspond to the standard notion of a stronglyconvergent reduction. Essentially, it allows for infinitely many parallel contractions inone step, but only finitely many reduction steps. The coinductive definition of infinitaryreductions capturing strongly convergent reductions was introduced in [19]. Later [16, 17]generalised this to infinitary term rewriting systems. In [10] using the definition from [19],confluence of infinitary lambda calculus modulo equivalence of root-active subterms wasshown coinductively. The proof in [10] follows the general strategy of [24, 23]. The proof inthe present paper bears some similarity to the proof of the unique normal forms property oforthogonal iTRSs in [30]. It is also similar to the coinductive confluence proof for nearlyorthogonal infinitary term rewriting systems in [12], but there the “standard” reductionemployed is not unique and need not be normalising.Confluence and normalisation results in infinitary rewriting and infinitary lambdacalculus have been generalised to the framework of infinitary combinatory reduction sys-tems [27, 28, 29].There are three well-known variants of infinitary lambda calculus: the Λ , Λ and Λ calculi [4, 18, 24, 23]. The superscripts 111, 001, 101 indicate the depth measure used: abc means that we shall add a / b / c to the depth when going down/left/right in the tree of thelambda term [24, Definition 6]. In this paper we are concerned only with a coinductivepresentation of the Λ -calculus.In the Λ -calculus, after addition of appropriate ⊥ -rules, every finite term has itsB¨ohm tree [23] as the normal form. In Λ and Λ , the normal forms are, respectively,Berarducci trees and Levy-Longo trees [24, 23, 6, 35, 36]. With the addition of infinite η -or η !-reductions it is possible to also capture, respectively, η -B¨ohm or ∞ η -B¨ohm trees asnormal forms [40, 44].The addition of ⊥ -rules may be avoided by basing the definition of infinitary terms onideal completion. This line of work is pursued in [1, 2, 3]. Confluence of the resulting calculiis shown, but the proof depends on the confluence results of [24].2. Infinite terms and corecursion
In this section we define many-sorted infinitary terms. We also explain and justify guardedcorecursion using elementary notions. The results of this section are well-known.
Definition 2.1. A many-sorted algebraic signature Σ = (cid:104) Σ s , Σ c (cid:105) consists of a collection of sort symbols Σ s = { s i } i ∈ I and a collection of constructors Σ c = { c j } j ∈ J . Each constructor c ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:3 has an associated type τ ( c ) = ( s , . . . , s n ; s ) where s , . . . , s n , s ∈ Σ s . If τ ( c ) = (; s ) then c isa constant of sort s . In what follows we use Σ , Σ (cid:48) , etc., for many-sorted algebraic signatures, s, s (cid:48) , etc., for sort symbols, and f, g, c, d , etc., for constructors.The set T ∞ (Σ), or just T (Σ), of infinitary terms over Σ is the set of all finite andinfinite terms over Σ, i.e., all finite and infinite labelled trees with labels of nodes specifiedby the constructors of Σ such that the types of labels of nodes agree. More precisely, aterm t over Σ is a partial function from N ∗ to Σ c satisfying: • t ( (cid:15) ) ↓ , and • if t ( p ) = c ∈ Σ c with τ ( c ) = ( s , . . . , s n ; s ) then – t ( pi ) = d ∈ Σ c with τ ( d ) = ( s (cid:48) , . . . , s (cid:48) m i ; s i ) for i < n , – t ( pi ) ↑ for i ≥ n , • if t ( p ) ↑ then t ( pi ) ↑ for every i ∈ N ,where t ( p ) ↑ means that t ( p ) is undefined, t ( p ) ↓ means that t ( p ) is defined, and (cid:15) ∈ N ∗ isthe empty string. We use obvious notations for infinitary terms, e.g., f ( g ( t, s ) , c ) when c, f, g ∈ Σ c and t, s ∈ T (Σ), and the types agree. We say that a term t is of sort s if t ( (cid:15) ) isa constructor of type ( s , . . . , s n ; s ) for some s , . . . , s n ∈ Σ s . By T s (Σ) we denote the set ofall terms of sort s from T (Σ). Example 2.2.
Let A be a set. Let Σ consist of two sorts s and d , one constructor cons oftype ( d , s ; s ) and a distinct constant a ∈ A of sort d for each element of A . Then T s (Σ) isthe set of streams over A . We also write T s (Σ) = A ω and T d (Σ) = A . Instead of cons ( a, t )we usually write a : t , and we assume that : associates to the right, e.g., x : y : t is x : ( y : t ).We also use the notation x : t to denote the application of the constructor for cons to x and t . We define the functions hd : A ω → A and tl : A ω → A ω by hd ( a : t ) = a tl ( a : t ) = t Specifications of many-sorted signatures may be conveniently given by coinductively inter-preted grammars. For instance, the set A ω of streams over a set A could be specified bywriting A ω : : = cons ( A, A ω ) . A more interesting example is that of finite and infinite binary trees with nodes labelledeither with a or b , and leaves labelled with one of the elements of a set V : T : : = V (cid:107) a ( T, T ) (cid:107) b ( T, T ) . As such specifications are not intended to be formal entities but only convenient notationfor describing sets of infinitary terms, we will not define them precisely. It is always clearwhat many-sorted signature is meant.For the sake of brevity we often use T = T (Σ) and T s = T s (Σ), i.e., we omit thesignature Σ when clear from the context or irrelevant. Definition 2.3.
The class of constructor-guarded functions is defined inductively as theclass of all functions h : T ms → T s (cid:48) (for arbitrary m ∈ N , s, s (cid:48) ∈ Σ s ) such that there are aconstructor c of type ( s , . . . , s k ; s (cid:48) ) and functions u i : T ms → T s i ( i = 1 , . . . , k ) such that h ( y , . . . , y m ) = c ( u ( y , . . . , y m ) , . . . , u k ( y , . . . , y m ))for all y , . . . , y m ∈ T s , and for each i = 1 , . . . , k one of the following holds: • u i is constructor-guarded, or (cid:32)L. Czajka Vol. 16:1 • u i is a constant function, or • u i is a projection function, i.e., s i = s and there is 1 ≤ j ≤ m with u i ( y , . . . , y m ) = y j forall y , . . . , y m ∈ T s .Let S be a set. A function h : S × T ms → T s (cid:48) is constructor-guarded if for every x ∈ S thefunction h x : T ms → T s (cid:48) defined by h x ( y , . . . , y m ) = h ( x, y , . . . , y m ) is constructor-guarded.A function f : S → T s is defined by guarded corecursion from h : S × T ms → T s and g i : S → S ( i = 1 , . . . , m ) if h is constructor-guarded and f satisfies f ( x ) = h ( x, f ( g ( x )) , . . . , f ( g m ( x )))for all x ∈ S .The following theorem is folklore in the coalgebra community. We sketch an elementaryproof. In fact, each set of many-sorted infinitary terms is a final coalgebra of an appropriateset-functor. Then Theorem 2.4 follows from more general principles. We prefer to avoidcoalgebraic terminology, as it is simply not necessary for the purposes of the present paper.See e.g. [20, 38] for a more general coalgebraic explanation of corecursion. Theorem 2.4.
For any constructor-guarded function h : S × T ms → T s and any g i : S → S ( i = 1 , . . . , m ), there exists a unique function f : S → T s defined by guarded corecursionfrom h and g , . . . , g m .Proof. Let f : S → T s be an arbitrary function. Define f n +1 for n ∈ N by f n +1 ( x ) = h ( x, f n ( g ( x )) , . . . , f n ( g m ( x ))). Using the fact that h is constructor-guarded, one shows byinduction on n that: f n +1 ( x )( p ) = f n ( x )( p ) for x ∈ S and p ∈ N ∗ with | p | < n ( (cid:63) )where | p | denotes the length of p . Indeed, the base is obvious. We show the inductive step.Let x ∈ S . Because h is constructor-guarded, we have for instance f n +2 ( x ) = h ( x, f n +1 ( g ( x )) , . . . , f n +1 ( g m ( x ))) = c ( c , c ( w, f n +1 ( g ( x ))))Let p ∈ N ∗ with | p | ≤ n . The only interesting case is when p = 11 p (cid:48) , i.e., when p pointsinside f n +1 ( g ( x )). But then | p (cid:48) | < | p | ≤ n , so by the inductive hypothesis f n +1 ( g ( x ))( p (cid:48) ) = f n ( g ( x ))( p (cid:48) ). Thus f n +2 ( x )( p ) = f n +1 ( g ( x ))( p (cid:48) ) = f n ( g ( x ))( p (cid:48) ) = f n +1 ( x )( p ).Now we define f : S → T s by f ( x )( p ) = f | p | +1 ( x )( p )for x ∈ S , p ∈ N ∗ . Using ( (cid:63) ) it is routine to check that f ( x ) is a well-defined infinitaryterm for each x ∈ S . To show that f : S → T s is defined by guarded corecursion from h and g , . . . , g m , using ( (cid:63) ) one shows by induction on the length of p ∈ N ∗ that for any x ∈ S : f ( x )( p ) = h ( x, f ( g ( x )) , . . . , f ( g m ( x )))( p ) . To prove that f is unique it suffices to show that it does not depend on f . For this purpose,using ( (cid:63) ) one shows by induction on the length of p ∈ N ∗ that f ( x )( p ) does not dependon f for any x ∈ S .We shall often use the above theorem implicitly, just mentioning that some equationsdefine a function by guarded corecursion. ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:5 Example 2.5.
Consider the equation even ( x : y : t ) = x : even ( t )It may be rewritten as even ( t ) = hd ( t ) : even ( tl ( tl ( t )))So even : A ω → A ω is defined by guarded corecursion from h : A ω × A ω → A ω given by h ( t, t (cid:48) ) = hd ( t ) : t (cid:48) and g : A ω → A ω given by g ( t ) = tl ( tl ( t ))By Theorem 2.4 there is a unique function even : A ω → A ω satisfying the original equation.Another example of a function defined by guarded corecursion is zip : A ω × A ω → A ω : zip ( x : t, s ) = x : zip ( s, t )The following function merge : N ω × N ω → N ω is also defined by guarded corecursion: merge ( x : t , y : t ) = (cid:26) x : merge ( t , y : t ) if x ≤ yy : merge ( x : t , t ) otherwise3. Coinduction
In this section we give a brief explanation of coinduction as it is used in the present paper.Our presentation of coinductive proofs is similar to e.g. [19, 8, 37, 34, 31].There are many ways in which our coinductive proofs could be justified. Since weformalised our main results (see Section 7), the proofs may be understood as a paperpresentation of formal Coq proofs. They can also be justified by appealing to one of anumber of established coinduction principles. With enough patience one could, in principle,reformulate all proofs to directly employ the usual coinduction principle in set theory basedon the Knaster-Tarski fixpoint theorem [39]. One could probably also use the coinductionprinciple from [31]. Finally, one may justify our proofs by indicating how to interpret themin ordinary set theory, which is what we do in this section.The purpose of this section is to explain how to justify our proofs by reducing coinductionto transfinite induction. The present section does not provide a formal coinduction proofprinciple as such, but only indicates how one could elaborate the proofs so as to eliminatethe use of coinduction. Naturally, such an elaboration would introduce some tedious details.The point is that all these details are essentially the same for each coinductive proof. Theadvantage of using coinduction is that the details need not be provided each time. A similarelaboration could be done to directly employ any of a number of established coinductionprinciples, but as far as we know elaborating the proofs in the way explained here requires theleast amount of effort in comparison to reformulating them to directly employ an establishedcoinduction principle. In fact, we do not wish to explicitly commit to any single formalproof principle, because we do not think that choosing a specific principle has an essentialimpact on the content of our proofs, except by making it more or less straightforward totranslate the proofs into a form which uses the principle directly.A reader not satisfied with the level of rigour of the explanations of coinduction below isreferred to our formalisation (see Section 7). The present section provides one way in which This section is largely based on [12, Section 2]. (cid:32)L. Czajka
Vol. 16:1 our proofs can be understood and verified without resorting to a formalisation. To makethe observations of this section completely precise and general one would need to introduceformal notions of “proof” and “statement”. In other words, one would need to formulatea system of logic with a capacity for coinductive proofs. We do not want to do this here,because this paper is about a coinductive confluence proof for infinitary lambda calculus,not about foundations of coinduction. It would require some work, but should not be toodifficult, to create a formal system based on the present section in which our coinductiveproofs could be interpreted reasonably directly. We defer this to future work. The status ofthe present section is that of a “meta-explanation”, analogous to an explanation of how,e.g., the informal presentations of inductive constructions found in the literature may beencoded in ZFC set theory.
Example 3.1.
Let T be the set of all finite and infinite terms defined coinductively by T : : = V (cid:107) A ( T ) (cid:107) B ( T, T )where V is a countable set of variables, and A , B are constructors. By x, y, . . . we denotevariables, and by t, s, . . . we denote elements of T . Define a binary relation → on T coinductively by the following rules. x → x (1) t → t (cid:48) A ( t ) → A ( t (cid:48) ) (2) s → s (cid:48) t → t (cid:48) B ( s, t ) → B ( s (cid:48) , t (cid:48) ) (3) t → t (cid:48) A ( t ) → B ( t (cid:48) , t (cid:48) ) (4)Formally, the relation → is the greatest fixpoint of a monotone function F : P ( T × T ) → P ( T × T )defined by F ( R ) = (cid:8) (cid:104) t , t (cid:105) | ∃ x ∈ V ( t ≡ t ≡ x ) ∨ ∃ t,t (cid:48) ∈ T ( t ≡ A ( t ) ∧ t ≡ A ( t (cid:48) ) ∧ R ( t, t (cid:48) )) ∨ . . . (cid:9) . Alternatively, using the Knaster-Tarski fixpoint theorem, the relation → may be char-acterised as the greatest binary relation on T (i.e. the greatest subset of T × T w.r.t. setinclusion) such that → ⊆ F ( → ), i.e., such that for every t , t ∈ T with t → t one of thefollowing holds:(1) t ≡ t ≡ x for some variable x ∈ V ,(2) t ≡ A ( t ), t ≡ A ( t (cid:48) ) with t → t (cid:48) ,(3) t ≡ B ( s, t ), t ≡ B ( s (cid:48) , t (cid:48) ) with s → s (cid:48) and t → t (cid:48) ,(4) t ≡ A ( t ), t ≡ B ( t (cid:48) , t (cid:48) ) with t → t (cid:48) .Yet another way to think about → is that t → t holds if and only if there exists a potentially infinite derivation tree of t → t built using the rules (1) − (4).The rules (1) − (4) could also be interpreted inductively to yield the least fixpoint of F .This is the conventional interpretation, and it is indicated with a single line in each ruleseparating premises from the conclusion. A coinductive interpretation is indicated withdouble lines.The greatest fixpoint → of F may be obtained by transfinitely iterating F startingwith T × T . More precisely, define an ordinal-indexed sequence ( → γ ) γ by: • → = T × T , • → γ +1 = F ( → γ ), • → δ = (cid:84) γ<δ → γ for a limit ordinal δ . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:7 Then there exists an ordinal ζ such that → = → ζ . The least such ordinal is called the closureordinal . Note also that → γ ⊆ → δ for γ ≥ δ (we often use this fact implicitly). See e.g. [14,Chapter 8]. The relation → γ is called the γ -approximant . Note that the γ -approximantsdepend on a particular definition of → (i.e. on the function F ), not solely on the relation → itself. We use R γ for the γ -approximant of a relation R .It is instructive to note that the coinductive rules for → may also be interpreted asgiving rules for the γ + 1-approximants, for any ordinal γ . x → γ +1 x (1) t → γ t (cid:48) A ( t ) → γ +1 A ( t (cid:48) ) (2) s → γ s (cid:48) t → γ t (cid:48) B ( s, t ) → γ +1 B ( s (cid:48) , t (cid:48) ) (3) t → γ t (cid:48) A ( t ) → γ +1 B ( t (cid:48) , t (cid:48) ) (4)Usually, the closure ordinal for the definition of a coinductive relation is ω , as is thecase with all coinductive definitions appearing in this paper. In general, however, it is notdifficult to come up with a coinductive definition whose closure ordinal is greater than ω .For instance, consider the relation R ⊆ N ∪ {∞} defined coinductively by the following tworules. R ( n ) n ∈ N R ( n + 1) ∃ n ∈ N .R ( n ) R ( ∞ )We have R = ∅ , R n = { m ∈ N | m ≥ n } ∪ {∞} for n ∈ N , R ω = {∞} , and only R ω +1 = ∅ .Thus the closure ordinal of this definition is ω + 1.In this paper we are interested in proving by coinduction statements of the form ψ ( R , . . . , R m ) where ψ ( X , . . . , X m ) ≡ ∀ x . . . x n .ϕ ( (cid:126)x ) → X ( g ( (cid:126)x ) , . . . , g k ( (cid:126)x )) ∧ . . . ∧ X m ( g ( (cid:126)x ) , . . . , g k ( (cid:126)x )) . and R , . . . , R m are coinductive relations on T , i.e, relations defined as the greatest fixpointsof some monotone functions on the powerset of an appropriate cartesian product of T ,and ψ ( R , . . . , R m ) is ψ ( X , . . . , X m ) with R i substituted for X i . Statements with anexistential quantifier may be reduced to statements of this form by skolemising, as explainedin Example 3.3 below.Here X , . . . , X m are meta-variables for which relations on T may be substituted. In thestatement ϕ ( (cid:126)x ) only x , . . . , x n occur free. The meta-variables X , . . . , X m are not allowedto occur in ϕ ( (cid:126)x ). In general, we abbreviate x , . . . , x n with (cid:126)x . The symbols g , . . . , g k denotesome functions of (cid:126)x .To prove ψ ( R , . . . , R m ) it suffices to show by transfinite induction that ψ ( R γ , . . . , R γm )holds for each ordinal γ ≤ ζ , where R γi is the γ -approximant of R i . It is an easy ex-ercise to check that because of the special form of ψ (in particular because ϕ does notcontain X , . . . , X m ) and the fact that each R i is the full relation, the base case γ = 0 andthe case of γ a limit ordinal hold. They hold for any ψ of the above form, irrespective of ϕ, R , . . . , R m . Note that ϕ ( (cid:126)x ) is the same in all ψ ( R γ , . . . , R γm ) for any γ , i.e., it does notrefer to the γ -approximants or the ordinal γ . Hence it remains to show the inductive stepfor γ a successor ordinal. It turns out that a coinductive proof of ψ may be interpreted as aproof of this inductive step for a successor ordinal, with the ordinals left implicit and thephrase “coinductive hypothesis” used instead of “inductive hypothesis”. Example 3.2.
On terms from T (see Example 3.1) we define the operation of substitutionby guarded corecursion. y [ t/x ] = y if x (cid:54) = y ( A ( s ))[ t/x ] = A ( s [ t/x ]) x [ t/x ] = t ( B ( s , s ))[ t/x ] = B ( s [ t/x ] , s [ t/x ]) (cid:32)L. Czajka Vol. 16:1
We show by coinduction: if s → s (cid:48) and t → t (cid:48) then s [ t/x ] → s (cid:48) [ t (cid:48) /x ], where → is the relationfrom Example 3.1. Formally, the statement we show by transfinite induction on γ ≤ ζ is:for s, s (cid:48) , t, t (cid:48) ∈ T , if s → s (cid:48) and t → t (cid:48) then s [ t/x ] → γ s (cid:48) [ t (cid:48) /x ]. For illustrative purposes, weindicate the γ -approximants with appropriate ordinal superscripts, but it is customary toomit these superscripts.Let us proceed with the proof. The proof is by coinduction with case analysis on s → s (cid:48) . If s ≡ s (cid:48) ≡ y with y (cid:54) = x , then s [ t/x ] ≡ y ≡ s (cid:48) [ t (cid:48) /x ]. If s ≡ s (cid:48) ≡ x then s [ t/x ] ≡ t → γ +1 t (cid:48) ≡ s (cid:48) [ t (cid:48) /x ] (note that → ≡ → ζ ⊆ → γ +1 ). If s ≡ A ( s ), s (cid:48) ≡ A ( s (cid:48) )and s → s (cid:48) , then s [ t/x ] → γ s (cid:48) [ t (cid:48) /x ] by the coinductive hypothesis. Thus s [ t/x ] ≡ A ( s [ t/x ]) → γ +1 A ( s (cid:48) [ t (cid:48) /x ]) ≡ s (cid:48) [ t (cid:48) /x ] by rule (2). If s ≡ B ( s , s ), s (cid:48) ≡ B ( s (cid:48) , s (cid:48) ) thenthe proof is analogous. If s ≡ A ( s ), s (cid:48) ≡ B ( s (cid:48) , s (cid:48) ) and s → s (cid:48) , then the proof is alsosimilar. Indeed, by the coinductive hypothesis we have s [ t/x ] → γ s (cid:48) [ t (cid:48) /x ], so s [ t/x ] ≡ A ( s [ t/x ]) → γ +1 B ( s (cid:48) [ t (cid:48) /x ] , s (cid:48) [ t (cid:48) /x ]) ≡ s (cid:48) [ t (cid:48) /x ] by rule (4).With the following example we explain how our proofs of existential statements shouldbe interpreted. Example 3.3.
Let T and → be as in Example 3.1. We want to show: for all s, t, t (cid:48) ∈ T , if s → t and s → t (cid:48) then there exists s (cid:48) ∈ T with t → s (cid:48) and t (cid:48) → s (cid:48) . The idea is to skolemisethis statement. So we need to find a Skolem function f : T → T which will allow us toprove the Skolem normal form:if s → t and s → t (cid:48) then t → f ( s, t, t (cid:48) ) and t (cid:48) → f ( s, t, t (cid:48) ). ( (cid:63) )The rules for → suggest a definition of f : f ( x, x, x ) = xf ( A ( s ) , A ( t ) , A ( t (cid:48) )) = A ( f ( s, t, t (cid:48) )) f ( A ( s ) , A ( t ) , B ( t (cid:48) , t (cid:48) )) = B ( f ( s, t, t (cid:48) ) , f ( s, t, t (cid:48) )) f ( A ( s ) , B ( t, t ) , A ( t (cid:48) )) = B ( f ( s, t, t (cid:48) ) , f ( s, t, t (cid:48) )) f ( A ( s ) , B ( t, t ) , B ( t (cid:48) , t (cid:48) )) = B ( f ( s, t, t (cid:48) ) , f ( s, t, t (cid:48) )) f ( B ( s , s ) , B ( t , t ) , B ( t (cid:48) , t (cid:48) )) = B ( f ( s , t , t (cid:48) ) , f ( s , t , t (cid:48) )) f ( s, t, t (cid:48) ) = some fixed term if none of the above matchesThis is a definition by guarded corecursion, so there exists a unique function f : T → T satisfying the above equations. The last case in the above definition of f corresponds to thecase in Definition 2.3 where all u i are constant functions. Note that any fixed term has afixed constructor (in the sense of Definition 2.3) at the root. In the sense of Definition 2.3also the elements of V are nullary constructors.We now proceed with a coinductive proof of ( (cid:63) ). Assume s → t and s → t (cid:48) . If s ≡ t ≡ t (cid:48) ≡ x then f ( s, t, t (cid:48) ) ≡ x , and x → x by rule (1). If s ≡ A ( s ), t ≡ A ( t ) and t (cid:48) ≡ A ( t (cid:48) ) with s → t and s → t (cid:48) , then by the coinductive hypothesis t → f ( s , t , t (cid:48) )and t (cid:48) → f ( s , t , t (cid:48) ). We have f ( s, t, t (cid:48) ) ≡ A ( f ( s , t , t (cid:48) )). Hence t ≡ A ( t ) → f ( s, t, t (cid:48) )and t ≡ A ( t (cid:48) ) → f ( s, t, t (cid:48) ), by rule (2). If s ≡ B ( s , s ), t ≡ B ( t , t ) and t (cid:48) ≡ B ( t (cid:48) , t (cid:48) ),with s → t , s → t (cid:48) , s → t and s → t (cid:48) , then by the coinductive hypothesis we have t → f ( s , t , t (cid:48) ), t (cid:48) → f ( s , t , t (cid:48) ), t → f ( s , t , t (cid:48) ) and t (cid:48) → f ( s , t , t (cid:48) ). Hence t ≡ B ( t , t ) → B ( f ( s , t , t (cid:48) ) , f ( s , t , t (cid:48) )) ≡ f ( s, t, t (cid:48) ) by rule (3). Analogously, t (cid:48) → f ( s, t, t (cid:48) )by rule (3). Other cases are similar.Usually, it is inconvenient to invent the Skolem function beforehand, because thedefinition of the Skolem function and the coinductive proof of the Skolem normal form ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:9 are typically interdependent. Therefore, we adopt an informal style of doing a proof bycoinduction of a statement ψ ( R , . . . , R m ) = ∀ x ,...,x n ∈ T . ϕ ( (cid:126)x ) →∃ y ∈ T .R ( g ( (cid:126)x ) , . . . , g k ( (cid:126)x ) , y ) ∧ . . . ∧ R m ( g ( (cid:126)x ) , . . . , g k ( (cid:126)x ) , y )with an existential quantifier. We intertwine the corecursive definition of the Skolemfunction f with a coinductive proof of the Skolem normal form ∀ x ,...,x n ∈ T . ϕ ( (cid:126)x ) → R ( g ( (cid:126)x ) , . . . , g k ( (cid:126)x ) , f ( (cid:126)x )) ∧ . . . ∧ R m ( g ( (cid:126)x ) , . . . , g k ( (cid:126)x ) , f ( (cid:126)x ))We proceed as if the coinductive hypothesis was ψ ( R γ , . . . , R γm ) (it really is the Skolemnormal form). Each element obtained from the existential quantifier in the coinductivehypothesis is interpreted as a corecursive invocation of the Skolem function. When later weexhibit an element to show the existential subformula of ψ ( R γ +11 , . . . , R γ +1 m ), we interpretthis as the definition of the Skolem function in the case specified by the assumptions currentlyactive in the proof. Note that this exhibited element may (or may not) depend on someelements obtained from the existential quantifier in the coinductive hypothesis, i.e., thedefinition of the Skolem function may involve corecursive invocations.To illustrate our style of doing coinductive proofs of statements with an existentialquantifier, we redo the proof done above. For illustrative purposes, we indicate the argumentsof the Skolem function, i.e., we write s (cid:48) s,t,t (cid:48) in place of f ( s, t, t (cid:48) ). These subscripts s, t, t (cid:48) arenormally omitted.We show by coinduction that if s → t and s → t (cid:48) then there exists s (cid:48) ∈ T with t → s (cid:48) and t (cid:48) → s (cid:48) . Assume s → t and s → t (cid:48) . If s ≡ t ≡ t (cid:48) ≡ x then take s (cid:48) x,x,x ≡ x . If s ≡ A ( s ), t ≡ A ( t ) and t (cid:48) ≡ A ( t (cid:48) ) with s → t and s → t (cid:48) , then by the coinductive hypothesis weobtain s (cid:48) s ,t ,t (cid:48) with t → s (cid:48) s ,t ,t (cid:48) and t (cid:48) → s (cid:48) s ,t ,t (cid:48) . More precisely: by corecursively applyingthe Skolem function to s , t , t (cid:48) we obtain s (cid:48) s ,t ,t (cid:48) , and by the coinductive hypothesis we have t → s (cid:48) s ,t ,t (cid:48) and t (cid:48) → s (cid:48) s ,t ,t (cid:48) . Hence t ≡ A ( t ) → A ( s (cid:48) s ,t ,t (cid:48) ) and t ≡ A ( t (cid:48) ) → A ( s (cid:48) s ,t ,t (cid:48) ),by rule (2). Thus we may take s (cid:48) s,t,t (cid:48) ≡ A ( s (cid:48) s ,t ,t (cid:48) ). If s ≡ B ( s , s ), t ≡ B ( t , t ) and t (cid:48) ≡ B ( t (cid:48) , t (cid:48) ), with s → t , s → t (cid:48) , s → t and s → t (cid:48) , then by the coinductivehypothesis we obtain s (cid:48) s ,t ,t (cid:48) and s (cid:48) s ,t ,t (cid:48) with t → s (cid:48) s ,t ,t (cid:48) , t (cid:48) → s (cid:48) s ,t ,t (cid:48) , t → s (cid:48) s ,t ,t (cid:48) and t (cid:48) → s (cid:48) s ,t ,t (cid:48) . Hence t ≡ B ( t , t ) → B ( s (cid:48) s ,t ,t (cid:48) , s (cid:48) s ,t ,t (cid:48) ) by rule (3). Analogously, t (cid:48) → B ( s (cid:48) s ,t ,t (cid:48) , s (cid:48) s ,t ,t (cid:48) ) by rule (3). Thus we may take s (cid:48) s,t,t (cid:48) ≡ B ( s (cid:48) s ,t ,t (cid:48) , s (cid:48) s ,t ,t (cid:48) ). Othercases are similar.It is clear that the above informal proof, when interpreted in the way outlined before,implicitly defines the Skolem function f . It should be kept in mind that in every case thedefinition of the Skolem function needs to be guarded. We do not explicitly mention thiseach time, but verifying this is part of verifying the proof.When doing proofs by coinduction the following criteria need to be kept in mind inorder to be able to justify the proofs according to the above explanations. • When we conclude from the coinductive hypothesis that some relation R ( t , . . . , t n ) holds,this really means that only its approximant R γ ( t , . . . , t n ) holds. Usually, we need to inferthat the next approximant R γ +1 ( s , . . . , s n ) holds (for some other elements s , . . . , s n ) byusing R γ ( t , . . . , t n ) as a premise of an appropriate rule. But we cannot, e.g., inspect (docase reasoning on) R γ ( t , . . . , t n ), use it in any lemmas, or otherwise treat it as R ( t , . . . , t n ). (cid:32)L. Czajka Vol. 16:1 • An element e obtained from an existential quantifier in the coinductive hypothesis is notreally the element itself, but a corecursive invocation of the implicit Skolem function.Usually, we need to put it inside some constructor c , e.g. producing c ( e ), and thenexhibit c ( e ) in the proof of an existential statement. Applying at least one constructorto e is necessary to ensure guardedness of the implicit Skolem function. But we cannot,e.g., inspect e , apply some previously defined functions to it, or otherwise treat it as if itwas really given to us. • In the proofs of existential statements, the implicit Skolem function cannot depend on theordinal γ . However, this is the case as long as we do not violate the first point, because ifthe ordinals are never mentioned and we do not inspect the approximants obtained fromthe coinductive hypothesis, then there is no way in which we could possibly introduce adependency on γ .Equality on infinitary terms may be characterised coinductively. Definition 3.4.
Let Σ be a many-sorted algebraic signature, as in Definition 2.1. Let T = T (Σ). Define on T a binary relation = of bisimilarity by the coinductive rules t = s . . . t n = s n f ( t , . . . , t n ) = f ( s , . . . , s n )for each constructor f ∈ Σ c .It is intuitively obvious that on infinitary terms bisimilary is the same as identity. Thefollowing easy (and well-known) proposition makes this precise. Proposition 3.5.
For t, s ∈ T we have: t = s iff t ≡ s .Proof. Recall that each term is formally a partial function from N ∗ to Σ c . We write t ( p ) ≈ s ( p ) if either both t ( p ) , s ( p ) are defined and equal, or both are undefined.Assume t = s . It suffices to show by induction of the length of p ∈ N ∗ that t | p = s | p or t ( p ) ↑ , s ( p ) ↑ , where by t | p we denote the subterm of t at position p . For p = (cid:15) this is obvious.Assume p = p (cid:48) j . By the inductive hypothesis, t | p (cid:48) = s | p (cid:48) or t ( p (cid:48) ) ↑ , s ( p (cid:48) ) ↑ . If t | p (cid:48) = s | p (cid:48) then t | p (cid:48) ≡ f ( t , . . . , t n ) and s | p (cid:48) ≡ f ( s , . . . , s n ) for some f ∈ Σ c with t i = s i for i = 0 , . . . , n . If0 ≤ j ≤ n then t | p ≡ t j = s j = s | p . Otherwise, if j > n or if t ( p (cid:48) ) ↑ , s ( p (cid:48) ) ↑ , then t ( p ) ↑ , s ( p ) ↑ by the definition of infinitary terms.For the other direction, we show by coinduction that for any t ∈ T we have t = t . If t ∈ T then t ≡ f ( t , . . . , t n ) for some f ∈ Σ c . By the coinductive hypothesis we obtain t i = t i for i = 1 , . . . , n . Hence t = t by the rule for f .For infinitary terms t, s ∈ T , we shall therefore use the notations t = s and t ≡ s interchangeably, employing Proposition 3.5 implicitly. In particular, the above coinductivecharacterisation of term equality is used implicitly in the proof of Lemma 5.29. Example 3.6.
Recall the coinductive definitions of zip and even from Example 2.5. even ( x : y : t ) = x : even ( t ) zip ( x : t, s ) = x : zip ( s, t )By coinduction we show zip ( even ( t ) , even ( tl ( t ))) = t ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:11 for any stream t ∈ A ω . Let t ∈ A ω . Then t = x : y : s for some x, y ∈ A and s ∈ A ω . Wehave zip ( even ( t ) , even ( tl ( t ))) = zip ( even ( x : y : s ) , even ( y : s ))= zip ( x : even ( s ) , even ( y : s ))= x : zip ( even ( y : s ) , even ( s ))= x : y : s (by CH)= t In the equality marked with (by CH) we use the coinductive hypothesis, and implicitly abisimilarity rule from Definition 3.4.The above explanation of coinduction is generalised and elaborated in much more detailin [11]. Also [31] may be helpful as it gives many examples of coinductive proofs writtenin a style similar to the one used here. The book [39] is an elementary introduction tocoinduction and bisimulation (but the proofs there are presented in a different way than here,not referring to the coinductive hypothesis but explicitly constructing a backward-closedset). The chapters [7, 9] explain coinduction in Coq from a practical viewpoint. A readerinterested in foundational matters should also consult [20, 38] which deal with the coalgebraicapproach to coinduction.In the rest of this paper we shall freely use coinduction, giving routine coinductive proofsin as much (or as little) detail as it is customary with inductive proofs of analogous difficulty.4.
Definitions and basic properties
In this section we define infinitary lambda terms and the various notions of infinitaryreductions.
Definition 4.1.
The set of infinitary lambda terms is defined coinductively:Λ ∞ ::= C (cid:107) V (cid:107) Λ ∞ Λ ∞ (cid:107) λV. Λ ∞ where V is an infinite set of variables and C is a set of constants such that V ∩ C = ∅ . An atom is a variable or a constant. We use the symbols x, y, z, . . . for variables, and c, c (cid:48) , c , . . . for constants, and a, a (cid:48) , a , . . . for atoms, and t, s, . . . for terms. By FV( t ) we denote the setof variables occurring free in t . Formally, FV( t ) could be defined using coinduction.We define substitution by guarded corecursion. x [ t/x ] = ta [ t/x ] = a if a (cid:54) = x ( t t )[ t/x ] = ( t [ t/x ])( t [ t/x ])( λy.s )[ t/x ] = λy.s [ t/x ] if y / ∈ FV( t, x )In our formalisation we use a de Bruijn representation of infinitary lambda terms, definedanalogously to the de Bruijn representation of finite lambda terms [15]. Hence, infinitarylambda terms here may be understood as a human-readable presentation of infinitary lambdaterms based on de Bruijn indices. Strictly speaking, also the definition of substitution aboveis not completely precise, because it implicitly treats lambda terms up to renaming of boundvariables and we have not given a precise definition of free variables. The definition ofsubstitution can be understood as a human-readable presentation of substitution defined oninfinitary lambda terms based on de Bruijn indices.Infinitary lambda terms could be precisely defined as the α -equivalence classes of theterms given in Definition 4.1, with a coinductively defined α -equivalence relation = α . Such (cid:32)L. Czajka Vol. 16:1 a definition involves some technical issues. If the set of variables V is countable, then itmay be impossible to choose a “fresh” variable x / ∈ FV( t ) for a term t ∈ Λ ∞ , because t may contain all variables free. This presents a difficulty when trying to precisely definesubstitution. See also [32, 33]. There are two ways of resolving this situation:(1) assume that V is uncountable,(2) consider only terms with finitely many free variables.Assuming that a fresh variable may always be chosen, one may precisely define substitutionand use coinductive techniques to prove: if t = α t (cid:48) and s = α s (cid:48) then s [ t/x ] = α s (cid:48) [ t (cid:48) /x ]. Thisimplies that substitution lifts to a function on the α -equivalence classes, which is also triviallytrue for application and abstraction. Therefore, all functions defined by guarded corecursionusing only the operations of substitution, application and abstraction lift to functions on α -equivalence classes (provided the same defining equation is used for all terms within thesame α -equivalence class). This justifies the use of Barendregt’s variable convention [5,2.1.13] (under the assumption that we may always choose a fresh variable).Since our formalisation is based on de Bruijn indices, we omit explicit treatment of α -equivalence in this paper.We also mention that another principled and precise way of dealing with the renamingof bound variables is to define the set of infinitary lambda terms as the final coalgebra of anappropriate functor in the category of nominal sets [32, 33]. Definition 4.2.
Let R ⊆ Λ ∞ × Λ ∞ be a binary relation on infinitary lambda terms. The compatible closure of R , denoted → R , is defined inductively by the following rules. (cid:104) s, t (cid:105) ∈ Rs → R t s → R s (cid:48) st → R s (cid:48) t t → R t (cid:48) st → R st (cid:48) s → R s (cid:48) λx.s → R λx.s (cid:48) If (cid:104) t, s (cid:105) ∈ R then t is an R -redex . A term t ∈ Λ ∞ is in R -normal form if there is no s ∈ Λ ∞ with t → R s , or equivalently if it contains no R -redexes. The parallel closure of R , usuallydenoted ⇒ R , is defined coinductively by the following rules. (cid:104) s, t (cid:105) ∈ Rs ⇒ R t a ⇒ R a s ⇒ R t s ⇒ R t s s ⇒ R t t s ⇒ R s (cid:48) λx.s ⇒ R λx.s (cid:48) Let → ⊆ Λ ∞ × Λ ∞ . By → ∗ we denote the transitive-reflexive closure of → , and by → ≡ thereflexive closure of → . The infinitary closure of → , denoted → ∞ , is defined coinductivelyby the following rules. s → ∗ as → ∞ a s → ∗ t t t → ∞ t (cid:48) t → ∞ t (cid:48) s → ∞ t (cid:48) t (cid:48) s → ∗ λx.r r → ∞ r (cid:48) s → ∞ λx.r (cid:48) Let R β = {(cid:104) ( λx.s ) t, s [ t/x ] (cid:105) | t, s ∈ Λ ∞ } . The relation → β of one-step β -reduction isdefined as the compatible closure of R β . The relation → ∗ β of β -reduction is the transitive-reflexive closure of → β . The relation → ∞ β of infinitary β -reduction is defined as the infinitaryclosure of → β . This gives the same coinductive definition of infinitary β -reduction as in [19].The relation → w of one-step weak head reduction is defined inductively by the followingrules. ( λx.s ) t → w s [ t/x ] s → w s (cid:48) st → w s (cid:48) t The relations → ∗ w , → ≡ w and → ∞ w are defined accordingly. In a term ( λx.s ) tt . . . t m thesubterm ( λx.s ) t is the weak head redex . So → w may contract only the weak head redex. ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:13 Definition 4.3.
Let ⊥ be a distinguished constant. A Λ ∞ -term t is in root normal form (rnf) if: • t ≡ a with a (cid:54)≡ ⊥ , or • t ≡ λx.t (cid:48) , or • t ≡ t t and there is no s with t → ∞ β λx.s (equivalently, there is no s with t → ∗ β λx.s ).In other words, a term t is in rnf if t (cid:54)≡ ⊥ and t does not infinitarily β -reduce to a β -redex.We say that t has rnf if t → ∞ β t (cid:48) for some t (cid:48) in rnf. In particular, ⊥ has no rnf. A term withno rnf is also called root-active . By R we denote the set of all root-active terms. Definition 4.4.
A set
U ⊆ Λ ∞ is a set of meaningless terms (see [22]) if it satisfies thefollowing axioms. • Closure: if t ∈ U and t → ∞ β s then s ∈ U . • Substitution: if t ∈ U then t [ s/x ] ∈ U for any term s . • Overlap: if λx.s ∈ U then ( λx.s ) t ∈ U . • Root-activeness:
R ⊆ U . • Indiscernibility: if t ∈ U and t ∼ U s then s ∈ U , where ∼ U is the parallel closureof U × U .A set U of meaningless terms is a set of strongly meaningless terms if it additionally satisfiesthe following expansion axiom. • Expansion: if t ∈ U and s → ∞ β t then s ∈ U .Let U ⊆ Λ ∞ . Let R ⊥ U = {(cid:104) t, ⊥(cid:105) | t ∈ U and t (cid:54)≡ ⊥} . We define the relation → β ⊥ U of one-step β ⊥ U -reduction as the compatible closure of R β ⊥ U = R β ∪ R ⊥ U . A term t is in β ⊥ U -normal form if it is in R β ⊥ U -normal form. The relation → ∗ β ⊥ U of β ⊥ U -reduction isthe transitive-reflexive closure of → β ⊥ U . The relation → ∞ β ⊥ U of infinitary β ⊥ U -reduction , or B¨ohm reduction (over U ), is the infinitary closure of → β ⊥ U . The relation ⇒ ⊥ U of parallel ⊥ U -reduction is the parallel closure of R ⊥ U .In general, relations on infinitary terms need to be defined coinductively. However, ifthe relation depends only on finite initial parts of the terms then it may often be definedinductively. Because induction is generally better understood than coinduction, we preferto give inductive definitions whenever it is possible to give such a definition in a naturalway, like with the definition of compatible closure or one-step weak head reduction. This isin contrast to e.g. the definition of infinitary reduction → ∞ , which intuitively may containinfinitely many reduction steps, and thus must be defined by coinduction.The idea with the definition of the infinitary closure → ∞ of a one-step reductionrelation → is that the depth at which a redex is contracted should tend to infinity. Thisis achieved by defining → ∞ in such a way that always after finitely many reduction stepsthe subsequent contractions may be performed only under a constructor. So the depth ofthe contracted redex always ultimately increases. The idea for the definition of → ∞ comesfrom [19, 16, 17]. For infinitary β -reduction → ∞ β the definition is the same as in [19]. Toeach derivation of t → ∞ s corresponds a strongly convergent reduction sequence of length atmost ω obtained by concatenating the finite → ∗ -reductions in the prefixes. See the proof ofTheorem 6.4.Our definition of meaningless terms differs from [22] in that it treats terms with the ⊥ constant, but it is equivalent to the original definition, in the following sense. Let Λ ∞ be theset of infinitary-lambda terms without ⊥ . If U is a set of meaningless terms defined as in [22]on Λ ∞ , then U ⊥ (the set of terms from U with some subterms in U replaced by ⊥ ) is a set (cid:32)L. Czajka Vol. 16:1 of meaningless terms according to our definition. Conversely, if U is a set of meaninglessterms according to our definition, then U = U (cid:48)⊥ where U (cid:48) = U ∩ Λ ∞ ( U (cid:48) then satisfies theaxioms of [22]).To show confluence of B¨ohm reduction over U we also need the expansion axiom. Thereason is purely technical. In the present coinductive framework there is no way of talkingabout infinitary reductions of arbitrary ordinal length, only about reductions of length ω .We need the expansion axiom to show that t → ∞ β ⊥ U t (cid:48) ⇒ ⊥ U s implies t → ∞ β ⊥ U s .The expansion axiom is necessary for this implication. Let O be the ogre [41] satisfying O ≡ λx. O , i.e., O ≡ λx .λx .λx . . . . A term t is head-active [41] if t ≡ λx . . . x n .rt . . . t m with r ∈ R and n, m ≥
0. Define H = { t ∈ Λ ∞ | t → ∗ β t (cid:48) with t (cid:48) head-active } , O = { t ∈ Λ ∞ | t → ∗ β O } and U = H ∪ O . One can show that U is a set of meaningless terms (see theappendix). Consider Ω O = ( λxy.xx )( λxy.xx ). We have Ω O → ∞ β O ∈ O . But Ω O / ∈ U , so U does not satisfy the expansion axiom. Now, Ω O → ∞ β ⊥ U O ⇒ ⊥ U ⊥ , but Ω O (cid:54)→ ∞ β ⊥ U ⊥ , becauseno finite β -reduct of Ω O is in U .The expansion axiom could probably be weakened slightly, but the present formulationis simple and it already appeared in the literature [42, 41, 25]. Sets of meaningless termswhich do not satisfy the expansion axiom tend to be artificial. A notion of a set of stronglymeaningless terms equivalent to ours appears in [41]. In the presence of the expansion axiom,the indiscernibility axiom may be weakened [42, 41].In the setup of [16, 17] it is possible to talk about reductions of arbitrary ordinal length,but we have not investigated the possibility of adapting the framework of [16, 17] to theneeds of the present paper.The axioms of a set U of meaningless terms are sufficient for confluence and normalisationof B¨ohm reduction over U . However, they are not necessary. The paper [43] gives axiomsnecessary and sufficient for confluence and normalisation.The following two simple lemmas will often be used implicitly. Lemma 4.5.
Let → ∞ be the infinitary and → ∗ the transitive-reflexive closure of → . Thenthe following conditions hold for all t, s, s (cid:48) ∈ Λ ∞ : (1) t → ∞ t , (2) if t → ∗ s → ∞ s (cid:48) then t → ∞ s (cid:48) , (3) if t → ∗ s then t → ∞ s .Proof. The first point follows by coinduction. The second point follows by case analysis on s → ∞ s (cid:48) . The last point follows from the previous two.The proof of the first point is straightforward, but to illustrate the coinductive techniquewe give this proof in detail. A reader not familiar with coinduction is invited to study thisproof and insert the implicit ordinals as in Section 3.Let t ∈ Λ ∞ . There are three cases. If t ≡ a then a → ∗ a , so t → ∞ t by the definitionof → ∞ . If t ≡ t t then t → ∞ t and t → ∞ t by the coinductive hypothesis. Since also t → ∗ t t , we conclude t → ∞ t . If t ≡ λx.t (cid:48) then t (cid:48) → ∞ t (cid:48) by the coinductive hypothesis.Since also t → ∗ λx.t (cid:48) , we conclude t → ∞ t . Lemma 4.6. If R ⊆ S ⊆ Λ ∞ × Λ ∞ then → ∞ R ⊆ → ∞ S .Proof. By coinduction.The next three lemmas have essentially been shown in [19, Lemma 4.3–4.5].
Lemma 4.7. If s → ∞ β s (cid:48) and t → ∞ β t (cid:48) then s [ t/x ] → ∞ β s (cid:48) [ t (cid:48) /x ] . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:15 Proof.
By coinduction, with case analysis on s → ∞ β s (cid:48) , using that t → ∗ β t implies t [ t/x ] → ∗ β t [ t/x ]. Lemma 4.8. If t → ∞ β t → β t then t → ∞ β t .Proof. Induction on t → β t , using Lemma 4.7. Lemma 4.9. If t → ∞ β t → ∞ β t then t → ∞ β t .Proof. By coinduction, with case analysis on t → ∞ β t , using Lemma 4.8. Lemma 4.10. If t is in rnf and t → ∞ β s then s is in rnf.Proof. Suppose s is not in rnf, i.e., s ≡ ⊥ or s ≡ s s with s → ∗ β λx.u . If s ≡ ⊥ then t → ∗ β ⊥ , and thus either t ≡ ⊥ or it β -reduces to a redex. So t is not in rnf. If s ≡ s s with s → ∞ β λx.u (cid:48) , then t → ∗ β t t with t i → ∞ β s i . By Lemma 4.8 we have t → ∞ β λx.u . Thus t reduces to a redex ( λx.u ) t . Hence t is not in rnf.5. Confluence and normalisation of B¨ohm reductions
In this section we use coinductive techniques to prove confluence and normalisation ofB¨ohm reduction over an arbitrary set of strongly meaningless terms U . The infinitarylambda calculus we are concerned with, including the ⊥ U -reductions to ⊥ , shall be calledthe λ ∞ β ⊥ U -calculus.More precisely, our aim is to prove the following theorems. Theorem 5.33 (Confluence of the λ ∞ β ⊥ U -calculus) . If t → ∞ β ⊥ U t and t → ∞ β ⊥ U t then there exists t such that t → ∞ β ⊥ U t and t → ∞ β ⊥ U t . Theorem 5.34 (Normalisation of the λ ∞ β ⊥ U -calculus) . For every t ∈ Λ ∞ there exists a unique s ∈ Λ ∞ in β ⊥ U -normal form such that t → ∞ β ⊥ U s . In what follows we assume that U is an arbitrary fixed set of strongly meaninglessterms, unless specified otherwise. Actually, almost all lemmas are valid for U being a setof meaningless terms, without the expansion axiom. Unless explicitly mentioned beforethe statement of a lemma, the proofs do not use the expansion axiom. To show confluencemodulo ∼ U (Theorem 5.49), it suffices that U is a set of meaningless terms. Confluence andnormalisation of the λ β ⊥ U -calculus (Theorem 5.33 and Theorem 5.34), however, require theexpansion axiom. But this is only because in the present coinductive framework we are notable to talk about infinite reductions of arbitrary ordinal length. Essentially, we need theexpansion axiom to compress the B¨ohm reductions to length ω .The idea of the proof is to show that for every term there exists a certain standardinfinitary β ⊥ U -reduction to normal form. This reduction is called an infinitary N U -reduction(Definition 5.26 and Lemma 5.28). We show that the normal forms obtained throughinfinitary N U -reductions are unique (Lemma 5.29). Then we prove that prepending infinitary β ⊥ U -reduction to an N U -reduction results in an N U -reduction (Theorem 5.32). Since an N U -reduction is an infinitary β ⊥ U -reduction of a special form (Lemma 5.27), these resultsimmediately imply confluence (Theorem 5.33) and normalisation (Theorem 5.34) of infinitary β ⊥ U -reduction. Hence, in essence we derive confluence from a strengthened normalisationresult. See Figure 1. (cid:32)L. Czajka Vol. 16:1 t N U (cid:15) (cid:15) t ∞ β ⊥ U (cid:111) (cid:111) N U (cid:0) (cid:0) ∞ β ⊥ U (cid:47) (cid:47) N U (cid:30) (cid:30) t N U (cid:15) (cid:15) t (cid:48) ≡ t (cid:48) Figure 1: Confluence of infinitary B¨ohm reduction.In our proof we use a standardisation result for infinitary β -reductions from [19] (Theo-rem 5.20). In particular, this theorem is needed to show uniqueness of canonical root normalforms (Definition 5.24). Theorem 5.32 depends on this. Even when counting in the resultsof [19] only referenced here, our confluence proof may be considered simpler than previousproofs of related results. In particular, it is much easier for formalise.We also show that the set of root-active terms is strongly meaningless. Togetherwith the previous theorems this implies confluence and normalisation of the λ ∞ β ⊥ R -calculus.Confluence of the λ ∞ β ⊥ R -calculus in turn implies confluence of → ∞ β modulo equivalence ofmeaningless terms. The following theorem does not require the expansion axiom. Theorem 5.49 (Confluence modulo equivalence of meaningless terms) . If t ∼ U t (cid:48) , t → ∞ β s and t (cid:48) → ∞ β s (cid:48) then there exist r, r (cid:48) such that r ∼ U r (cid:48) , s → ∞ β r and s (cid:48) → ∞ β r (cid:48) . Note that our overall proof strategy is different from [10, 22, 24]. We first derivea strengthened normalisation result for B¨ohm reduction, from this we derive confluenceof B¨ohm reduction, then we show that root-active terms are strongly meaningless thusspecialising the confluence result, and only using that we show confluence modulo equivalenceof meaningless terms. In [10, 22, 24] first confluence modulo equivalence of meaninglessterms is shown, and from that confluence of B¨ohm reduction is derived. Of course, someintermediate lemmas we prove have analogons in [10, 22, 24], but we believe the generalproof strategy to be fundamentally different.5.1.
Properties of ∼ U . In this subsection U is an arbitrary fixed set of meaningless terms,and ∼ U is the parallel closure of U × U . The expansion axiom is not used in this subsection.
Lemma 5.1. If t ∼ U t (cid:48) and s ∼ U s (cid:48) then t [ s/x ] ∼ U t (cid:48) [ s (cid:48) /x ] .Proof. By coinduction, using the substitution axiom.
Lemma 5.2. If t → β s and t ∼ U t (cid:48) then there is s (cid:48) with t (cid:48) → ≡ β s (cid:48) and s ∼ U s (cid:48) .Proof. Induction on t → β s . If the case t, t (cid:48) ∈ U in the definition of t ∼ U t (cid:48) holds then s ∈ U by the closure axiom, so t (cid:48) ∼ U s and we may take s (cid:48) ≡ t (cid:48) . Thus assume otherwise.Then all cases follow directly from the inductive hypothesis, except when t is the contracted β -redex. Then t ≡ ( λx.t ) t and s ≡ t [ t /x ]. First assume t ∈ U . Then also t (cid:48) ∈ U by theindiscernibility axiom (note this does not imply that the first case in the definition of t ∼ U t (cid:48) holds). Also s ∈ U by the closure axiom, so t (cid:48) ∼ U s and we may take s (cid:48) ≡ t (cid:48) . So assume t / ∈ U . Then λx.t / ∈ U by the overlap axiom. Hence t (cid:48) ≡ ( λx.t (cid:48) ) t (cid:48) with t i ∼ U t (cid:48) i . Thus t [ t /x ] ∼ U t (cid:48) [ t (cid:48) /x ] by Lemma 5.1. So we may take s (cid:48) ≡ t (cid:48) [ t (cid:48) /x ]. Lemma 5.3. If t → ∞ β s and t ∼ U t (cid:48) then there is s (cid:48) with t (cid:48) → ∞ β s (cid:48) and s ∼ U s (cid:48) . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:17 Proof.
By coinduction. If s ≡ a then t → ∗ β s and the claim follows from Lemma 5.2. If s ≡ s s then t → ∗ β t t with t i → ∞ β s i . By Lemma 5.2 there is u with t t ∼ U u and t (cid:48) → ∗ β u .If t t , u ∈ U then s ∈ U by the closure axiom, and thus we may take s (cid:48) ≡ u . Otherwise u ≡ u u with t i ∼ U u i . By the coinductive hypothesis we obtain s (cid:48) , s (cid:48) with u i → ∞ β s (cid:48) i and s i ∼ U s (cid:48) i . Take s (cid:48) ≡ s (cid:48) s (cid:48) . Then t (cid:48) → ∞ β s (cid:48) and s ∼ U s (cid:48) . If s ≡ λx.s (cid:48) then the argument isanalogous to the previous case. Lemma 5.4. If t ∼ U s and s ∼ U u then t ∼ U s .Proof. By coinduction, using the indiscernibility axiom.
Lemma 5.5. If t ∼ U s then there is r with t ⇒ ⊥ U r and s ⇒ ⊥ U r .Proof. By coinduction.5.2.
Properties of parallel ⊥ U -reduction. Recall that U is an arbitrary fixed set ofstrongly meaningless terms. The expansion axiom is not used in this subsection except forCorollary 5.16, Lemma 5.17, Corollary 5.18 and Lemma 5.19. Lemma 5.6. If s ⇒ ⊥ U s (cid:48) and t ⇒ ⊥ U t (cid:48) then s [ t/x ] ⇒ ⊥ U s (cid:48) [ t (cid:48) /x ] .Proof. Coinduction with case analysis on s ⇒ ⊥ U s (cid:48) , using the substitution axiom. Lemma 5.7. If t ⇒ ⊥ U s then t → ∞ β ⊥ U s .Proof. By coinduction.
Lemma 5.8. If t ∈ U and t ⇒ ⊥ U s or s ⇒ ⊥ U t then s ∈ U .Proof. Using the root-activeness axiom and that ⊥ is root-active, show by coinduction that t ∼ U s . Then use the indiscernibility axiom. Lemma 5.9. If t ⇒ ⊥ U t ⇒ ⊥ U t then t ⇒ ⊥ U t .Proof. Coinduction with case analysis on t ⇒ ⊥ U t , using Lemma 5.8. Lemma 5.10. If t ⇒ ⊥ U t → β t then there exists t (cid:48) such that t → β t (cid:48) ⇒ ⊥ U t .Proof. Induction on t → β t . The only interesting case is when t ≡ ( λx.s ) s and t ≡ s [ s /x ]. Then t ≡ ( λx.u ) u with u i ⇒ ⊥ U s i . By Lemma 5.6, u [ u /x ] ⇒ ⊥ U s [ s /x ].Thus take t (cid:48) ≡ u [ u /x ]. Lemma 5.11. If s → ∗ β ⊥ U t then there exists r such that s → ∗ β r ⇒ ⊥ U t .Proof. Induction on the length of s → ∗ β ⊥ U t , using Lemma 5.10 and Lemma 5.9. Corollary 5.12. If t ⇒ ⊥ U t → ∗ β ⊥ U t then there is s with t → ∗ β s ⇒ ⊥ U t .Proof. Follows from Lemmas 5.11, 5.10, 5.9.
Lemma 5.13. If t ⇒ ⊥ U t → ∞ β ⊥ U t then t → ∞ β ⊥ U t .Proof. By coinduction. There are three cases. • t ≡ a . Then t ⇒ ⊥ U t → ∗ β ⊥ U a . By Corollary 5.12 there is s with t → ∗ β s ⇒ ⊥ U a . ByLemma 5.7 we have s → ∞ β ⊥ U a . Thus t → ∞ β ⊥ U a . (cid:32)L. Czajka Vol. 16:1 • t ≡ s s . Then t ⇒ ⊥ U t → ∗ β ⊥ U s (cid:48) s (cid:48) with s (cid:48) i → ∞ β ⊥ U s i . By Corollary 5.12 there is u with t → ∗ β u ⇒ ⊥ U s (cid:48) s (cid:48) . Then u ≡ u u with u i ⇒ ⊥ U s (cid:48) i → ∞ β ⊥ U s i . By the coinductivehypothesis u i → ∞ β ⊥ U s i . Thus t → ∞ β ⊥ U s s ≡ t . • t ≡ λx.r . The argument is analogous to the previous case.The following lemma is an analogon of [22, Lemma 12.9.22]. Lemma 5.14 (Postponement of parallel ⊥ U -reduction) . If t → ∞ β ⊥ U s then there exists r such that t → ∞ β r ⇒ ⊥ U s .Proof. By coinduction with case analysis on t → ∞ β ⊥ U s , using Lemmas 5.11, 5.13.Since this is the first of our coinductive proofs involving an implicit Skolem function(see Example 3.3), we give it in detail. The reader is invited to extract from this proof anexplicit corecursive definition of the Skolem function.Assume t → ∞ β ⊥ U s . There are three cases. • s ≡ a and t → ∗ β ⊥ U a . Then the claim follows from Lemma 5.11. • s ≡ s s and t → ∗ β ⊥ U t t and t i → ∞ β ⊥ U s i . By Lemma 5.11 there is t (cid:48) with t → ∗ β t (cid:48) ⇒ ⊥ U t t .Because t t (cid:54)≡ ⊥ , we must have t (cid:48) ≡ t (cid:48) t (cid:48) with t (cid:48) i ⇒ ⊥ U t i . By Lemma 5.13 we have t (cid:48) i → ∞ β ⊥ U s i . By the coinductive hypothesis we obtain s (cid:48) , s (cid:48) such that t (cid:48) i → ∞ β s (cid:48) i ⇒ ⊥ U s i .Hence t → ∞ β s (cid:48) s (cid:48) ⇒ ⊥ U s s ≡ s . • s ≡ λx.s (cid:48) and t → ∗ β ⊥ U λx.t (cid:48) and t (cid:48) → ∞ β ⊥ U s (cid:48) . By Lemma 5.11 there is u with t → ∗ β u ⇒ ⊥ U λx.t (cid:48) . Then u ≡ λx.u (cid:48) with u (cid:48) ⇒ ⊥ U t (cid:48) . By Lemma 5.13 we have u (cid:48) → ∞ β ⊥ U s (cid:48) . By thecoinductive hypothesis we obtain w such that u (cid:48) → ∞ β w ⇒ ⊥ U s (cid:48) . Hence t → ∞ β λx.w ⇒ ⊥ U λx.s (cid:48) ≡ s . Corollary 5.15. If t ∈ U and t → ∞ β ⊥ U s then s ∈ U .Proof. Follows from Lemma 5.14, the closure axiom and Lemma 5.8.The following depend on the expansion axiom.
Corollary 5.16. If s ∈ U and t → ∞ β ⊥ U s then t ∈ U .Proof. Follows from Lemma 5.14, Lemma 5.8 and the expansion axiom.
Lemma 5.17. If t → ∞ β ⊥ U t (cid:48) ⇒ ⊥ U s then t → ∞ β ⊥ U s .Proof. By coinduction, analysing t (cid:48) ⇒ ⊥ U s . All cases follow directly from the coinductivehypothesis, except when s ≡ ⊥ and t (cid:48) ∈ U . But then t ∈ U by Corollary 5.16, so t ⇒ ⊥ U s ,and thus t → ∞ β ⊥ U s by Lemma 5.7. Corollary 5.18. If t → ∞ β ⊥ U s → ∗ β r then t → ∞ β ⊥ U r .Proof. By Lemma 5.14 we have t → ∞ β t (cid:48) ⇒ ⊥ U s → ∗ β r . By Lemma 5.10 there is s (cid:48) with t (cid:48) → ∗ β s (cid:48) ⇒ ⊥ U r . By Lemma 4.8 we have t → ∞ β s (cid:48) , and thus t → ∞ β ⊥ U s (cid:48) . By Lemma 5.17 wefinally obtain t → ∞ β ⊥ U r . Lemma 5.19. If t / ∈ U and t ⇒ ⊥ U s and s is in rnf, then t is in rnf.Proof. We consider possible forms of s . • s ≡ a with a (cid:54)≡ ⊥ . Then t ≡ a and t is in rnf. • s ≡ λx.s (cid:48) . Then t ≡ λx.t (cid:48) with t (cid:48) ⇒ ⊥ U s (cid:48) , so t is in rnf. ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:19 • s ≡ s s and there is no r with s → ∞ β λx.r . Then t ≡ t t with t i ⇒ ⊥ U s i . Then also t ∼ U s . Suppose t → ∞ β λx.r . By Lemma 5.3 there is r (cid:48) with s → ∞ β r (cid:48) ∼ U λx.r . Thereare two cases. – r (cid:48) , λx.r ∈ U . Then ( λx.r ) t ∈ U by the overlap axiom, and thus t ∈ U by the expansionaxiom. Contradiction. – r (cid:48) ≡ λx.r (cid:48)(cid:48) with r ∼ U r (cid:48)(cid:48) . But then s → ∞ β λx.r (cid:48)(cid:48) . Contradiction.5.3. Weak head reduction.Theorem 5.20 (Endrullis, Polonsky [19]) . t → ∞ β s iff t → ∞ w s . Strictly speaking, in [19] the above theorem is shown for a different set of infinitarylambda terms which do not contain constants. However, it is clear that for the purposesof [19] constants may be treated as variables not occuring bound, and thus the proof of theabove theorem may be used in our setting. We omit the proof of this theorem here, but weincluded the proof in our formalisation.
Lemma 5.21. If t → ∞ w t and t → w t then there is t with t → ∞ w t and t → ≡ w t .Proof. If the weak head redex in t is contracted in t → ∞ w t then t → w t → ∞ w t andwe may take t ≡ t . Otherwise t ≡ ( λx.s ) uu . . . u m , t ≡ s [ u/x ] u . . . u m and t ≡ ( λx.s (cid:48) ) u (cid:48) u (cid:48) . . . u (cid:48) m with s → ∞ w s (cid:48) , u → ∞ w u (cid:48) and u i → ∞ w u (cid:48) i for i = 1 , . . . , m . By Theorem 5.20and Lemma 4.7 we obtain s [ u/x ] → ∞ w s (cid:48) [ u (cid:48) /x ]. Take t ≡ s (cid:48) [ u (cid:48) /x ] u (cid:48) . . . u (cid:48) m . Then t → ∞ w t and t → w t . Lemma 5.22. If t → ∞ β s with s in rnf, then there is s (cid:48) in rnf with t → ∗ w s (cid:48) → ∞ w s .Proof. By Theorem 5.20 we have t → ∞ w s . Because s is in rnf, there are three cases. • s ≡ a with a (cid:54)≡ ⊥ . Then t → ∗ w s and we may take s (cid:48) ≡ s . • s ≡ λx.s . Then t → ∗ w λx.t with t → ∞ w s . So take s (cid:48) ≡ λx.t . • s ≡ s s and there is no r with s → ∞ β λx.r . Then t → ∗ w t t with t i → ∞ w s i . Suppose t → ∞ β λx.u . Then t → ∗ w λx.u (cid:48) for some u (cid:48) , by Theorem 5.20. By Lemma 5.21 thereis r with λx.u (cid:48) → ∞ w r and s → ∗ w r . But then r ≡ λx.r (cid:48) , so s reduces to an abstraction.Contradiction. Hence t t is in rnf, so we may take s (cid:48) ≡ t t . Lemma 5.23. If t → ∗ w s , t → ∗ w s and these reductions have the same length, then s ≡ s .Proof. By induction on the length of the reduction, using the fact that weak head redexesare unique if they exist.
Definition 5.24.
The canonical root normal form (crnf) of a term t is an rnf s such that t → ∗ w s and this reduction is shortest among all finitary weak head reductions of t to rootnormal form.It follows from Lemma 5.22 and Lemma 5.23 that if t has a rnf then it has a uniquecrnf. We shall denote this crnf by crnf( t ). Lemma 5.25. If t → ∞ β s with s in rnf, then t → ∗ w crnf( t ) → ∞ w s .Proof. Follows from Lemma 5.22 and Lemma 5.23. (cid:32)L. Czajka
Vol. 16:1
Infinitary N U -reduction. In the λ ∞ β ⊥ U -calculus every term has a unique normal form.This normal form may be obtained through an infinitary N U -reduction, defined below. Definition 5.26.
The relation (cid:59) N U is defined coinductively. t / ∈ U crnf( t ) ≡ at (cid:59) N U a t / ∈ U crnf( t ) ≡ t t t (cid:59) N U s t (cid:59) N U s t (cid:59) N U s s t / ∈ U crnf( t ) ≡ λx.t (cid:48) t (cid:48) (cid:59) N U st (cid:59) N U λx.s t ∈ U t (cid:59) N U ⊥ Note that because
R ⊆ U , every term t / ∈ U has a rnf, so crnf( t ) is defined for t / ∈ U .Also note that (cid:59) N U is not closed under contexts, e.g., t (cid:59) N U t (cid:48) does not imply ts (cid:59) N U t (cid:48) s .The infinitary N U -reduction (cid:59) N U reduces a term to its normal form — its B¨ohm-liketree. It is a “standard” reduction with a specifically regular structure, which allows us toprove Theorem 5.32: if t → ∞ β ⊥ U t (cid:48) (cid:59) N U s then t (cid:59) N U s . This property allows us to deriveconfluence from the fact that every term has a unique normal form reachable by an infinitary N U -reduction. See Figure 1. It is crucial here that canonical root normal forms are unique,and that Lemma 5.25 holds. This depends on Theorem 5.20 — the standardisation resultshown by Endrullis and Polonsky. Lemma 5.27. If t (cid:59) N U s then t → ∞ β ⊥ U s .Proof. By coinduction.
Lemma 5.28.
For every term t ∈ Λ ∞ there is s with t (cid:59) N U s .Proof. By coinduction. If t ∈ U then t (cid:59) N U ⊥ and we may take s ≡ ⊥ . Otherwise there arethree cases depending on the form of crnf( t ). • crnf( t ) ≡ a . Then t (cid:59) N U a by the first rule, so we may take s ≡ a . • crnf( t ) ≡ t t . Then by the coinductive hypothesis we obtain s , s with t i (cid:59) N U s i . Take s ≡ s s . Then t (cid:59) N U s . • crnf( t ) ≡ λx.t (cid:48) . Analogous to the previous case. Lemma 5.29. If t (cid:59) N U s and t (cid:59) N U s then s ≡ s .Proof. By coinduction. If s ≡ ⊥ then t ∈ U , so we must also have s ≡ ⊥ . Otherwise thereare three cases, depending on the form of crnf( t ). Suppose crnf( t ) ≡ t t , other cases beingsimilar. Then s ≡ u u with t i (cid:59) N U u i and s ≡ w w with t i (cid:59) N U w i . By the coinductivehypothesis u i ≡ w i . Thus s ≡ u u ≡ w w ≡ s .The next two lemmas and the theorem depend on the expansion axiom. Lemma 5.30. If t (cid:59) N U s then s is in β ⊥ U -normal form.Proof. Suppose s contains a β ⊥ U -redex. Without loss of generality, assume the redex is atthe root. First assume that s is a ⊥ U -redex, i.e., s ∈ U and s (cid:54)≡ ⊥ . Using Lemma 5.27 weconclude t → ∞ β ⊥ U s . Then t ∈ U by Corollary 5.16. Thus s ≡ ⊥ , giving a contradiction. Soassume s is a β -redex, i.e., s ≡ ( λx.s ) s . But by inspecting the definition of t (cid:59) N U s onesees that this is only possible when crnf( t ) is a β -redex. Contradiction. Lemma 5.31.
Suppose t → ∞ β ⊥ U s and t, s are in rnf. • If s ≡ a then t ≡ s . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:21 • If s ≡ s s then t ≡ t t with t i → ∞ β ⊥ U s i . • If s ≡ λx.s (cid:48) then t ≡ λx.t (cid:48) with t (cid:48) → ∞ β ⊥ U s (cid:48) .Proof. First note that by Lemma 5.14 there is r with t → ∞ β r ⇒ ⊥ U s . • If s ≡ a then a (cid:54)≡ ⊥ and r ≡ a , and thus t → ∗ β a . But because t is in rnf it does not reduceto a β -redex, so in fact t ≡ a . • If s ≡ s s then r ≡ r r with r i ⇒ ⊥ U s i . Thus t → ∗ β t (cid:48) t (cid:48) where t (cid:48) i → ∞ β r i . Because t is inrnf, we must in fact have t ≡ t t with t i → ∗ β t (cid:48) i . Then t i → ∞ β r i ⇒ ⊥ U s i , so t i → ∞ β ⊥ U s i byLemma 5.17. • The case s ≡ λx.s (cid:48) is analogous to the previous one. Theorem 5.32. If t → ∞ β ⊥ U t (cid:48) (cid:59) N U s then t (cid:59) N U s .Proof. By coinduction. If s ≡ ⊥ then t (cid:48) ∈ U . By Corollary 5.16 also t ∈ U . Hence t (cid:59) N U ⊥ ≡ s . If s (cid:54)≡ ⊥ then t (cid:48) / ∈ U and t (cid:48) → ∗ w crnf( t (cid:48) ). By Corollary 5.18 we have t → ∞ β ⊥ U crnf( t (cid:48) ). By Lemma 5.14 there is r with t → ∞ β r ⇒ ⊥ U crnf( t (cid:48) ). We have t / ∈ U byCorollary 5.15. Then r is in rnf by Lemma 5.19. Hence t → ∗ w crnf( t ) → ∞ β ⊥ U crnf( t (cid:48) ) byLemma 5.25 and Lemma 5.17. Now there are three cases depending on the form of crnf( t (cid:48) ). • crnf( t (cid:48) ) ≡ a . Then s ≡ a , and crnf( t ) ≡ a by Lemma 5.31. Thus t (cid:59) N U a ≡ s . • crnf( t (cid:48) ) ≡ t (cid:48) t (cid:48) . Then s ≡ s s with t (cid:48) i (cid:59) N U s i . By Lemma 5.31 we have crnf( t ) ≡ t t with t i → ∞ β ⊥ U t (cid:48) i . By the coinductive hypothesis t i (cid:59) N U s i . Hence t (cid:59) N U s s ≡ s . • The case crnf( t (cid:48) ) ≡ λx.u is analogous to the previous one.5.5. Confluence and normalisation.
Recall that U is an arbitrary fixed set of stronglymeaningless terms. Theorem 5.33 (Confluence of the λ ∞ β ⊥ U -calculus) . If t → ∞ β ⊥ U t and t → ∞ β ⊥ U t then there exists t such that t → ∞ β ⊥ U t and t → ∞ β ⊥ U t .Proof. By Lemma 5.28 there are t (cid:48) , t (cid:48) with t i (cid:59) N U t (cid:48) i for i = 1 ,
2. By Theorem 5.32 wehave t (cid:59) N U t (cid:48) i for i = 1 ,
2. By Lemma 5.29 we have t (cid:48) ≡ t (cid:48) . Take t ≡ t (cid:48) ≡ t (cid:48) . We have t i (cid:59) N U t for i = 1 ,
2, so t → ∞ β ⊥ U t and t → ∞ β ⊥ U t by Lemma 5.27. Theorem 5.34 (Normalisation of the λ ∞ β ⊥ U -calculus) . For every t ∈ Λ ∞ there exists a unique s ∈ Λ ∞ in β ⊥ U -normal form such that t → ∞ β ⊥ U s .Proof. By Lemma 5.28 there is s with t (cid:59) N U s . By Lemma 5.30, s is in β ⊥ U -normal form.By Lemma 5.27 we have t → ∞ β ⊥ U s . The uniqueness of s follows from Theorem 5.33.5.6. Root-active terms are strongly meaningless.Definition 5.35.
We define the relation (cid:31) x coinductively u , . . . , u n ∈ Λ ∞ t (cid:31) x xu . . . u n a (cid:31) x a t (cid:31) x t (cid:48) s (cid:31) x s (cid:48) ts (cid:31) x t (cid:48) s (cid:48) t (cid:31) x t (cid:48) x (cid:54) = yλy.t (cid:31) x λy.t (cid:48) In other words, s (cid:31) x s (cid:48) iff s (cid:48) may be obtained from s by changing some arbitrary subtermsin s into some terms having the form xu . . . u n . Lemma 5.36. If t (cid:31) x t (cid:48) , s (cid:31) x s (cid:48) and x (cid:54) = y then t [ s/y ] (cid:31) x t (cid:48) [ s (cid:48) /y ] . (cid:32)L. Czajka Vol. 16:1
Proof.
By coinduction, analysing t (cid:31) x t (cid:48) . Lemma 5.37. If t (cid:31) x s and t → β t (cid:48) then there is s (cid:48) with t (cid:48) (cid:31) x s (cid:48) and s → ≡ β s (cid:48) .Proof. Induction on t → β t (cid:48) . The interesting case is when t ≡ ( λy.t ) t , t (cid:48) ≡ t [ t /y ], s ≡ s s , λy.t (cid:31) x s and t (cid:31) x s . If s ≡ xu . . . u m then t (cid:48) (cid:31) x xu . . . u m s and we maytake s (cid:48) ≡ s . Otherwise s ≡ λy.s (cid:48) with t (cid:31) x s (cid:48) (by the variable convention x (cid:54) = y ). Then t (cid:48) ≡ t [ t /y ] (cid:31) x s (cid:48) [ s /y ] by Lemma 5.36. We may thus take s (cid:48) ≡ s (cid:48) [ s /y ]. Lemma 5.38. If t (cid:31) x s and s → β s (cid:48) then there is t (cid:48) with t (cid:48) (cid:31) x s (cid:48) and t → ≡ β t (cid:48) .Proof. Induction on s → β s (cid:48) , using Lemma 5.36 for the redex case. Lemma 5.39. If t (cid:31) x t (cid:48) and t is in rnf, then so is t (cid:48) .Proof. Assume t (cid:48) is not in rnf. Then t (cid:48) ≡ ⊥ or t (cid:48) ≡ t (cid:48) t (cid:48) with t (cid:48) reducing to an abstraction.If t (cid:48) ≡ ⊥ then t ≡ ⊥ , so assume t (cid:48) ≡ t (cid:48) t (cid:48) and t (cid:48) → ∗ β λy.u (cid:48) with x (cid:54) = y . Then t ≡ t t with t i (cid:31) x t (cid:48) i . By Lemma 5.38 there is u with t → ∗ β λy.u and u (cid:31) x u (cid:48) . But this implies that t ≡ t t is not in rnf. Contradiction. Lemma 5.40. If t , t ∈ Λ ∞ and t has no rnf, then neither does t [ t /x ] .Proof. Assume t [ t /x ] has a rnf. Then t [ t /x ] → ∗ β s for some s in rnf, by Lemma 5.22. Bythe variable convention t [ t /x ] (cid:31) x t . Hence by Lemma 5.37 there is s (cid:48) such that t → ∗ β s (cid:48) and s (cid:31) x s (cid:48) . Since s is in rnf, so is s (cid:48) , by Lemma 5.39. Thus t has a rnf. Contradiction. Lemma 5.41. If t ∼ R t (cid:48) and s ∼ R s (cid:48) then t [ s/x ] ∼ R t (cid:48) [ s (cid:48) /x ] .Proof. By coinduction, using Lemma 5.40.
Lemma 5.42. If t → β t (cid:48) and t ∼ R s then there is s (cid:48) with s → ≡ β s (cid:48) and t (cid:48) ∼ R s (cid:48) .Proof. Induction on t → β t (cid:48) . There are two interesting cases. • t, s ∈ R , i.e., they have no rnf. Then also t (cid:48) ∈ R , so we may take s (cid:48) ≡ s . • t ≡ ( λx.t ) t , t (cid:48) ≡ t [ t /x ], s ≡ ( λx.s ) s and t i ∼ R s i . Then t (cid:48) ∼ R s [ s /x ] byLemma 5.41. Hence we may take s (cid:48) ≡ s [ s /x ]. Lemma 5.43. If t is in rnf and t ∼ R s , then so is s .Proof. Because t is in rnf, there are three cases. • t ≡ a with a (cid:54)≡ ⊥ . Then s ≡ t , so it is in rnf. • t ≡ λx.t (cid:48) . Then s ≡ λx.s (cid:48) , so s is in rnf. • t ≡ t t and t does not β -reduce to an abstraction. Then s ≡ s s with t i ∼ R s i . Assume s → ∗ β λx.s (cid:48) . Then by Lemma 5.42 there is t (cid:48) with t → ∗ β t (cid:48) ∼ R λx.s (cid:48) . But then t (cid:48) mustbe an abstraction. Contradiction. Corollary 5.44. If t has a rnf and t ∼ R s , then so does s .Proof. Follows from Lemma 5.42 and Lemma 5.43.
Lemma 5.45. If t → ∞ β s and t has a rnf, then so does s .Proof. Suppose t has a rnf. Then by Lemma 5.22 there is t (cid:48) in rnf with t → ∗ w t (cid:48) . ByTheorem 5.20 and Lemma 5.21 there is r with s → ∗ w r and t (cid:48) → ∞ β r . Since t (cid:48) is in rnf, byLemma 4.10 so is r . Hence s has a rnf r . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:23 Theorem 5.46.
The set R of root-active terms is a set of strongly meaningless terms.Proof. We check the axioms. The root-activeness axiom is obvious. The closure axiomfollows from Lemma 4.9. The substitution axiom follows from Lemma 5.40. The overlapaxiom follows from the fact that lambda abstractions are in rnf. The indiscernibility axiomfollows from Corollary 5.44. The expansion axiom follows from Lemma 5.45.
Corollary 5.47 (Confluence of the λ ∞ β ⊥ R -calculus) . If t → ∞ β ⊥ R t and t → ∞ β ⊥ R t then there exists t such that t → ∞ β ⊥ R t and t → ∞ β ⊥ R t . Corollary 5.48 (Normalisation of the λ ∞ β ⊥ R -calculus) . For every t ∈ Λ ∞ there exists a unique s ∈ Λ ∞ in β ⊥ R -normal form such that t → ∞ β ⊥ R s . Confluence modulo equivalence of meaningless terms.
From confluence of the λ ∞ β ⊥ R -calculus we may derive confluence of infinitary β -reduction → ∞ β modulo equivalenceof meaningless terms. The expansion axiom in not needed for the proof of the followingtheorem. Theorem 5.49 (Confluence modulo equivalence of meaningless terms) . If t ∼ U t (cid:48) , t → ∞ β s and t (cid:48) → ∞ β s (cid:48) then there exist r, r (cid:48) such that r ∼ U r (cid:48) , s → ∞ β r and s (cid:48) → ∞ β r (cid:48) .Proof. By Lemma 5.3 and Lemma 5.4 it suffices to consider the case t ≡ t (cid:48) . By Corollary 5.47there is u with s → ∞ β ⊥ R u and s (cid:48) → ∞ β ⊥ R u . By Theorem 5.46 and Lemma 5.14 there are r, r (cid:48) with s → ∞ β r ∼ R u and s (cid:48) → ∞ β r (cid:48) ∼ R u . Because R ⊆ U , by Lemma 5.4 we obtain r ∼ U r (cid:48) . 6. Strongly convergent reductions
In this section we prove that the existence of coinductive infinitary reductions is equivalentto the existence of strongly convergent reductions, under certain assumptions. As a corollary,this also yields ω -compression of strongly convergent reductions, under certain assumptions.The equivalence proof is virtually the same as in [19]. The notion of strongly convergentreductions is the standard notion of infinitary reductions used in non-coinductive treatmentsof infinitary lambda calculus. Definition 6.1.
On the set of infinitary lambda terms we define a metric d by d ( t, s ) = inf { − n | t (cid:22) n ≡ s (cid:22) n } where r (cid:22) n for r ∈ Λ ∞ is defined as the infinitary lambda term obtained by replacing allsubterms of r at depth n by ⊥ . This defines a metric topology on the set of infinitary lambdaterms. Let R ⊆ Λ ∞ × Λ ∞ and let ζ be an ordinal. A map f : { γ ≤ ζ } → Λ ∞ togetherwith reduction steps σ γ : f ( γ ) → R f ( γ + 1) for γ < ζ is a strongly convergent R -reductionsequence of length ζ from f (0) to f ( ζ ) if the following conditions hold:(1) if δ ≤ ζ is a limit ordinal then f ( δ ) is the limit in the metric topology on infinite termsof the ordinal-indexed sequence ( f ( γ )) γ<δ ,(2) if δ ≤ ζ is a limit ordinal then for every d ∈ N there exists γ < δ such that for all γ (cid:48) with γ ≤ γ (cid:48) < δ the redex contracted in the step σ γ (cid:48) occurs at depth greater than d . (cid:32)L. Czajka Vol. 16:1
We write s S,ζ −−→ R t if S is a strongly convergent R -reduction sequence of length ζ from s to t .A relation → ⊆ Λ ∞ × Λ ∞ is appendable if t → ∞ t → t implies t → ∞ t . Wedefine → ∞ as the infinitary closure of → ∞ . We write → ∞∗ for the transitive-reflexiveclosure of → ∞ . Lemma 6.2. If → is appendable then t → ∞ t → ∞ t implies t → ∞ t .Proof. By coinduction. This has essentially been shown in [19, Lemma 4.5].
Lemma 6.3. If → is appendable then s → ∞ t implies s → ∞ t .Proof. By coinduction. There are three cases. • t ≡ a . Then s → ∞∗ a , so s → ∞ a by Lemma 6.2. • t ≡ t t . Then there are t (cid:48) , t (cid:48) with s → ∞∗ t (cid:48) t (cid:48) and t (cid:48) i → ∞ t i . By Lemma 6.2 we have s → ∞ t (cid:48) t (cid:48) , so there are u , u with s → ∗ u u and u i → ∞ t (cid:48) i . Then u i → ∞ t i . By thecoinductive hypothesis u i → ∞ t i . Hence s → ∞ t t ≡ t . • t ≡ λx.r . Then by Lemma 6.2 there is s (cid:48) with s → ∞ λx.s (cid:48) and s (cid:48) → ∞ r . So there is s with s → ∗ λx.s and s → ∞ s (cid:48) . Then also s → ∞ r . By the coinductive hypothesis s → ∞ r . Thus s → ∞ λx.r ≡ t . Theorem 6.4.
For every R ⊆ Λ ∞ × Λ ∞ such that → R is appendable, and for all s, t ∈ Λ ∞ ,we have the equivalence: s → ∞ R t iff there exists a strongly convergent R -reduction sequencefrom s to t . Moreover, if s → ∞ R t then the sequence may be chosen to have length at most ω .Proof. The proof is a straightforward generalisation of the proof of Theorem 3 in [19].Suppose that s → ∞ R t . By traversing the infinite derivation tree of s → ∞ R t andaccumulating the finite prefixes by concatenation, we obtain a reduction sequence of lengthat most ω which satisfies the depth requirement by construction.For the other direction, by induction on ζ we show that if s S,ζ −−→ R t then s → ∞ R t , whichsuffices for s → ∞ R t by Lemma 6.3. There are three cases. • ζ = 0. If s S, −−→ R t then s ≡ t , so s → ∞ R t . • ζ = γ + 1. If s S,γ +1 −−−−→ R t then s S (cid:48) ,γ −−→ R s (cid:48) → R t . Hence s → ∞ R s (cid:48) by the inductivehypothesis. Then s → ∞ R s (cid:48) → R t by Lemma 6.3. So s → ∞ R t because → R is appendable. • ζ is a limit ordinal. By coinduction we show that if s S,ζ −−→ R t then s → ∞ R t . By the depthcondition there is γ < ζ such that for every δ ≥ γ the redex contracted in S at δ occursat depth greater than zero. Let t γ be the term at index γ in S . Then by the inductivehypothesis we have s → ∞ R t γ , and thus s → ∞ R t γ by Lemma 6.3. There are three cases. – t γ ≡ a . This is impossible because then there can be no reduction of t γ at depth greaterthan zero. – t γ ≡ λx.r . Then t ≡ λx.u and r S (cid:48) ,δ −−→ R u with δ ≤ ζ . Hence r → ∞ R u by the coinductivehypothesis if δ = ζ , or by the inductive hypothesis if δ < ζ . Since s → ∞ R λx.r we obtain s → ∞ R λx.u ≡ t . – t γ ≡ t t . Then t ≡ u u and the tail of the reduction S past γ may be split into twoparts: t i S i ,δ i −−−→ R u i with δ i ≤ ζ for i = 0 ,
1. Then t i → ∞ R u i by the inductive and/orthe coinductive hypothesis. Since s → ∞ R t t we obtain s → ∞ R u u ≡ t . Corollary 6.5 ( ω -compression) . If → R is appendable and there exists a strongly convergent R -reduction sequence from s to t then there exists such a sequence of length at most ω . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:25 Corollary 6.6.
Let U be a set of strongly meaningless terms. • s → ∞ β ⊥ U t iff there exists a strongly convergent β ⊥ U -reduction sequence from s to t . • s → ∞ β t iff there exists a strongly convergent β -reduction sequence from s to t .Proof. By Theorem 6.4 it suffices to show that → β ⊥ U and → β are appendable. For → β ⊥ U this follows from Lemma 5.17 and Corollary 5.18. For → β this follows from Lemma 4.8.7. The formalisation
The results of this paper have been formalised in the Coq proof assistant. The formalisationis available at: https://github.com/lukaszcz/infinitary-confluence
The formalisation contains all results of Section 5. We did not formalise the proof fromSection 6 of the equivalence between the coinductive definition of the infinitary reductionrelation and the standard notion of strongly convergent reductions.In our formalisation we use a representation of infinitary lambda terms with de Bruijnindices, and we do not allow constants except ⊥ . Hence, the results about α -conversionalluded to in Section 4 are not formalised either. Because the formalisation is based on deBruijn indices, many tedious lifting lemmas need to be proved. These lemmas are presentonly in the formalisation, but not in the paper.In general, the formalisation follows closely the text of the paper. Each lemma fromSection 5 has a corresponding statement in the formalisation (annotated with the lemmanumber from the paper). There are, however, some subtleties, described below.One difficulty with a Coq formalisation of our results is that in Coq the coinductivelydefined equality (bisimilarity) = on infinite terms (see Definition 3.4) is not identical withCoq’s definitional equality ≡ . In the paper we use ≡ and = interchangeably, followingProposition 3.5. In the formalisation we needed to formulate our definitions “modulo”bisimilarity. For instance, the inductive definition of the transitive-reflexive closure R ∗ of arelation R on infinite terms is as follows.(1) If t = t then R ∗ t t (where = denotes bisimilarity coinductively defined like inDefinition 3.4).(2) If Rt t and R ∗ t t then R ∗ t t .Changing the first point to(1) R ∗ tt for any term t would not work with our formalisation. Similarly, the formal definition of the compatibleclosure of a relation R follows the inductive rules (cid:104) s, t (cid:105) ∈ Rs → R t s → R s (cid:48) t = t (cid:48) st → R s (cid:48) t (cid:48) t → R t (cid:48) s = s (cid:48) st → R s (cid:48) t (cid:48) s → R s (cid:48) λx.s → R λx.s (cid:48) where = denotes the coinductively defined bisimilarity relation.Another limitation of Coq is that it is not possible to directly prove by coinductionstatements of the form ∀ (cid:126)x.ϕ ( (cid:126)x ) → R ( (cid:126)x ) ∧ R ( (cid:126)x ), i.e., statements with a conjuction of twocoinductive predicates. Instead, we show ∀ (cid:126)x.ϕ ( (cid:126)x ) → R ( (cid:126)x ) and ∀ (cid:126)x.ϕ ( (cid:126)x ) → R ( (cid:126)x ) separately.In all our coinductive proofs we use the coinductive hypothesis in a way that makes thisseparation possible.The formalisation assumes the following axioms. (cid:32)L. Czajka Vol. 16:1 (1) The constructive indefinite description axiom: ∀ A : Type . ∀ P : A → Prop . ( ∃ x : A.P x ) → { x : A | P x } . This axiom states that if there exists an object x of type A satisfying the predicate P ,then it is possible to choose a fixed such object. This is not provable in the standardlogic of Coq. We need this assumption to be able to define the implicit functions insome coinductive proofs which show the existence of an infinite object, when the form ofthis object depends on which case in the definition of some (co)inductive predicate holds.More precisely, the indefinite description axiom is needed in the proof of Lemma 5.14,in the definition of canonical root normal forms (Definition 5.24), and in the proofs ofLemma 5.3, Lemma 5.5 and Lemma 5.28.(2) Excluded middle for the property of being in root normal form: for every term t , either t is in root normal form or not.(3) Excluded middle for the property of having a root normal form: for every term t , either t has a root normal form or not.(4) Excluded middle for the property of belonging to a set of strongly meaningless terms:for any set of strongly meaningless terms U and any term t , either t ∈ U or t / ∈ U .Note that the last axiom does not constructively imply the third. We define being root-activeas not having a root normal form. In fact, we need the third axiom to show that if a termdoes not belong to a set of meaningless terms then it has a root normal form.The first axiom could probably be avoided by making the reduction relations Set-valuedinstead of Prop-valued. We do not use the impredicativity of Prop. The reason why wechose to define the relations as Prop-valued is that certain automated proof search tacticswork better with Prop-valued relations, which makes the formalisation easier to carry out.Because the ⊥ U -reduction rule, for any set of meaningless terms U , requires an oracle tocheck whether it is applicable, the present setup is inherently classical. It is an interestingresearch question to devise a constructive theory of meaningless terms.Aside of the axioms (1)–(4), everything else from Section 5 is formalised in the con-structive logic of Coq, including the proof of Theorem 5.20 only cited in this paper. Ourformalisation of Theorem 5.20 closely follows [19].In our formalisation we extensively used the CoqHammer tool [13].8. Conclusions
We presented new and formal coinductive proofs of the following results.(1) Confluence and normalisation of B¨ohm reduction over any set of strongly meaninglessterms.(2) Confluence and normalisation of B¨ohm reduction over root-active terms, by showingthat root-active terms are strongly meaningless.(3) Confluence of infinitary β -reduction modulo any set of meaningless terms (expansionaxiom not needed).We formalised these results in Coq. Our formalisation uses a definition of infinitary lambdaterms based on de Bruijn indices. Strictly speaking, the precise relation of this definition toother definitions of infinitary lambda terms in the literature has not been established. Weleave this for future work. The issue of the equivalence of various definitions of infinitarylambda terms is not necessarily trivial [32, 33]. ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:27 By a straightforward generalisation of a result in [19] we also proved equivalence, in thesense of existence, of the coinductive definitions of infinitary rewriting relations with thestandard definitions based on strong convergence. However, we did not formalise this result.In Section 3 we explained how to elaborate our coinductive proofs by reducing themto proofs by transfinite induction and thus eliminating coinduction. This provides one wayto understand and verify our proofs without resorting to a formalisation. After properlyunderstanding the observations of Section 3 it should be “clear” that coinduction may inprinciple be eliminated in the described manner. We use the word “clear” in the same sensethat it is “clear” that the more sophisticated inductive constructions commonly used in theliterature can be formalised in ZFC set theory. Of course, this notion of “clear” may alwaysbe debated. The only way to make this completely precise is to create a formal systembased on Section 3 in which our proofs could be interpreted reasonably directly. We donot consider the observations of Section 3 to be novel or particularly insightful. However,distilling them into a formal system could perhaps arise some interest. This is left for futurework.
References [1] Patrick Bahr. Partial order infinitary term rewriting and B¨ohm trees. In Christopher Lynch, editor,
Proceedings of the 21st International Conference on Rewriting Techniques and Applications, RTA 2010,July 11-13, 2010, Edinburgh, Scottland, UK , volume 6 of
LIPIcs , pages 67–84. Schloss Dagstuhl -Leibniz-Zentrum fuer Informatik, 2010.[2] Patrick Bahr. Partial order infinitary term rewriting.
Logical Methods in Computer Science , 10(2), 2014.[3] Patrick Bahr. Strict ideal completions of the lambda calculus. In H´el`ene Kirchner, editor, , volume 108 of
LIPIcs , pages 8:1–8:16. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2018.[4] Henk Barendregt and Jan Willem Klop. Applications of infinitary lambda calculus.
Information andComputation , 207(5):559–582, 2009.[5] Henk P. Barendregt.
The Lambda Calculus: Its Syntax and Semantics . North Holland, 2nd edition, 1984.[6] Alessandro Berarducci. Infinite lambda-calculus and non-sensible models. In Aldo Ursini and PaoloAglian`o, editors,
Logic and Algebra , volume 180 of
Lecture Notes in Pure and Applied Mathematics ,pages 339–378. CRC Press, 1996.[7] Yves Bertot and Pierre Cast´eran.
Interactive Theorem Proving and Program Development: Coq’Art: theCalculus of Inductive Constructions , chapter 13. Springer, 2004.[8] Marc Bezem, Keiko Nakata, and Tarmo Uustalu. On streams that are finitely red.
Logical Methods inComputer Science , 8:1–20, 2012.[9] Adam Chlipala.
Certified Programming with Dependent Types , chapter 5. The MIT Press, 2013.[10] (cid:32)Lukasz Czajka. A coinductive confluence proof for infinitary lambda-calculus. In
Rewriting and TypedLambda Calculi - Joint International Conference, RTA-TLCA 2014, Held as Part of the Vienna Summerof Logic, VSL 2014, Vienna, Austria, July 14-17, 2014. Proceedings , pages 164–178, 2014.[11] (cid:32)Lukasz Czajka. Coinduction: an elementary approach.
CoRR , abs/1501.04354, 2015.[12] (cid:32)Lukasz Czajka. Confluence of nearly orthogonal infinitary term rewriting systems. In
RTA 2015 , pages106–126, 2015.[13] (cid:32)Lukasz Czajka and Cezary Kaliszyk. Hammer for Coq: Automation for dependent type theory.
J. Autom.Reasoning , 61(1-4):423–453, 2018.[14] Brian A. Davey and Hilary A. Priestley.
Introduction to Lattices and Order . Cambridge University Press,2nd edition, 2002.[15] N. G. de Bruijn. Lambda-calculus notation with nameless dummies: a tool for automatic formulamanipulation with application to the Church-Rosser theorem.
Indagationes Mathematicae , 34(5):381–392,1972.[16] J¨org Endrullis, Helle Hvid Hansen, Dimitri Hendriks, Andrew Polonsky, and Alexandra Silva. Acoinductive framework for infinitary rewriting and equational reasoning. In
RTA 2015 , 2015. (cid:32)L. Czajka
Vol. 16:1 [17] J¨org Endrullis, Helle Hvid Hansen, Dimitri Hendriks, Andrew Polonsky, and Alexandra Silva. Coinductivefoundations of infinitary rewriting and infinitary equational logic.
Logical Methods in Computer Science ,14(1), 2018.[18] J¨org Endrullis, Dimitri Hendriks, and Jan Willem Klop. Highlights in infinitary rewriting and lambdacalculus.
Theoretical Computer Science , 464:48–71, 2012.[19] J¨org Endrullis and Andrew Polonsky. Infinitary rewriting coinductively. In Nils Anders Danielsson andBengt Nordstr¨om, editors,
TYPES , volume 19 of
LIPIcs , pages 16–27. Schloss Dagstuhl - Leibniz-Zentrumf¨ur Informatik, 2011.[20] Bart Jacobs and Jan J.M.M. Rutten. An introduction to (co)algebras and (co)induction. In
AdvancedTopics in Bisimulation and Coinduction , pages 38–99. Cambridge University Press, 2011.[21] Felix Joachimski. Confluence of the coinductive [lambda]-calculus.
Theoretical Computer Science , 311(1-3):105–119, 2004.[22] Richard Kennaway and Fer-Jan de Vries. Infinitary rewriting. In Terese, editor,
Term Rewriting Systems ,volume 55 of
Cambridge Tracts in Theoretical Computer Science , chapter 12, pages 668–711. CambridgeUniversity Press, 2003.[23] Richard Kennaway, Jan Willem Klop, M. Ronan Sleep, and Fer-Jan de Vries. Infinitary lambda calculiand B¨ohm models. In Jieh Hsiang, editor,
RTA , volume 914 of
Lecture Notes in Computer Science , pages257–270. Springer, 1995.[24] Richard Kennaway, Jan Willem Klop, M. Ronan Sleep, and Fer-Jan de Vries. Infinitary lambda calculus.
Theoretical Computer Science , 175(1):93–125, 1997.[25] Richard Kennaway, Paula Severi, M. Ronan Sleep, and Fer-Jan de Vries. Infinitary rewriting: Fromsyntax to semantics. In Aart Middeldorp, Vincent van Oostrom, Femke van Raamsdonk, and Roel C.de Vrijer, editors,
Processes, Terms and Cycles: Steps on the Road to Infinity, Essays Dedicated to JanWillem Klop, on the Occasion of His 60th Birthday , volume 3838 of
Lecture Notes in Computer Science ,pages 148–172. Springer, 2005.[26] Richard Kennaway, Vincent van Oostrom, and Fer-Jan de Vries. Meaningless terms in rewriting.
Journalof Functional and Logic Programming , 1:1–35, 1999.[27] Jeroen Ketema and Jakob Grue Simonsen. Infinitary combinatory reduction systems: Confluence.
LogicalMethods in Computer Science , 5(4), 2009.[28] Jeroen Ketema and Jakob Grue Simonsen. Infinitary combinatory reduction systems: Normalisingreduction strategies.
Logical Methods in Computer Science , 6(1), 2010.[29] Jeroen Ketema and Jakob Grue Simonsen. Infinitary combinatory reduction systems.
Information andComputation , 209(6):893–926, 2011.[30] Jan Willem Klop and Roel C. de Vrijer. Infinitary normalization. In Sergei N. Art¨emov, Howard Barringer,Artur S. d’Avila Garcez, Lu´ıs C. Lamb, and John Woods, editors,
We Will Show Them! Essays inHonour of Dov Gabbay, Volume Two , pages 169–192. College Publications, 2005.[31] Dexter Kozen and Alexandra Silva. Practical coinduction.
Mathematical Structures in Computer Science ,27(7):1132–1152, 2017.[32] Alexander Kurz, Daniela Petrisan, Paula Severi, and Fer-Jan de Vries. An alpha-corecursion principlefor the infinitary lambda-calculus. In
CMCS , pages 130–149, 2012.[33] Alexander Kurz, Daniela Petrisan, Paula Severi, and Fer-Jan de Vries. Nominal coalgebraic data typeswith applications to lambda calculus.
Logical Methods in Computer Science , 9:1–51, 2013.[34] Xavier Leroy and Herv´e Grall. Coinductive big-step operational semantics.
Information and Computation ,207(2):284–304, 2009.[35] Jean-Jacques L´evy. An algebraic interpretation of the lambda beta - calculus and a labeled lambda -calculus. In Corrado B¨ohm, editor,
Lambda-Calculus and Computer Science Theory, Proceedings of theSymposium Held in Rome, March 25-27, 1975 , volume 37 of
Lecture Notes in Computer Science , pages147–165. Springer, 1975.[36] Giuseppe Longo. Set-theoretical models of λ -calculus: theories, expansions, isomorphisms. Annals ofPure and Applied Logic , 24(2):153 – 188, 1983.[37] Keiko Nakata and Tarmo Uustalu. Resumptions, weak bisimilarity and big-step semantics for while withinteractive I/O: An exercise in mixed induction-coinduction. In L. Aceto and P. Soboci´nski, editors,
Seventh Workshop on Structural Operational Semantics (SOS ’10) , pages 57–75, 2010.[38] Jan J.M.M. Rutten. Universal coalgebra: a theory of systems.
Theoretical Computer Science , 249(1):3–80,2000. ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:29 [39] Davide Sangiorgi.
Introduction to Bisimulation and Coinduction . Cambridge University Press, 2012.[40] Paula Severi and Fer-Jan de Vries. An extensional B¨ohm model. In Sophie Tison, editor,
RTA , volume2378 of
Lecture Notes in Computer Science , pages 159–173. Springer, 2002.[41] Paula Severi and Fer-Jan de Vries. Order structures on B¨ohm-like models. In C.-H. Luke Ong, editor,
Computer Science Logic, 19th International Workshop, CSL 2005, 14th Annual Conference of the EACSL,Oxford, UK, August 22-25, 2005, Proceedings , volume 3634 of
Lecture Notes in Computer Science , pages103–118. Springer, 2005.[42] Paula Severi and Fer-Jan de Vries. Decomposing the lattice of meaningless sets in the infinitary lambdacalculus. In Lev D. Beklemishev and Ruy J. G. B. de Queiroz, editors,
Logic, Language, Informationand Computation - 18th International Workshop, WoLLIC 2011, Philadelphia, PA, USA, May 18-20,2011. Proceedings , volume 6642 of
Lecture Notes in Computer Science , pages 210–227. Springer, 2011.[43] Paula Severi and Fer-Jan de Vries. Weakening the axiom of overlap in infinitary lambda calculus.In Manfred Schmidt-Schauß, editor,
Proceedings of the 22nd International Conference on RewritingTechniques and Applications, RTA 2011, May 30 - June 1, 2011, Novi Sad, Serbia , volume 10 of
LIPIcs ,pages 313–328. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2011.[44] Paula Severi and Fer-Jan de Vries. The infinitary lambda calculus of the infinite eta B¨ohm trees.
Mathematical Structures in Computer Science , 27(5):681–733, 2017. (cid:32)L. Czajka
Vol. 16:1
Appendix A. A set of meaningless terms not satisfying the expansion axiom
We recall the definitions from page 14. Let O be the ogre satisfying O ≡ λx. O . A term t is head-active if t ≡ λx . . . x n .rt . . . t m with r ∈ R and n, m ≥
0. Define: • H = { t ∈ Λ ∞ | t → ∗ β t (cid:48) with t (cid:48) head-active } , • O = { t ∈ Λ ∞ | t → ∗ β O } , • U = H ∪ O .We will show that U is a set of meaningless terms. The proofs in this appendix rely on theresults established in the paper. In particular, we use that R is a set of strongly meaninglessterms and that → ∞ β is confluent modulo R . Lemma A.1. (1) If t ∈ U then ts ∈ U . (2) If t ∈ U then λx.t ∈ U . (3) If t ∈ U then t [ s/x ] ∈ U .Proof. Follows from definitions and the fact that R satisfies the substitution axiom. Lemma A.2. If t → ∞ β t (cid:48) and t ∈ H then t (cid:48) ∈ H .Proof. We have t → ∗ β u with u head-active. By confluence modulo R there are s, s (cid:48) with u → ∞ β s , t (cid:48) → ∞ β s (cid:48) and s ∼ R s (cid:48) . It follows from the closure and indiscernibility axioms for R that s (cid:48) is head-active. Now, using the expansion axiom for R one may show that there is ahead-active w such that t (cid:48) → ∗ β w → ∞ β s (cid:48) . Lemma A.3. If t → ∞ β t (cid:48) and t ∈ O then t (cid:48) ∈ O .Proof. We have t → ∗ β O . Because the reduction is finite, no β -contractions occur below afixed depth d . We can write O ≡ λ(cid:126)x. O where on the right side O occurs below depth d .Then there is u with exactly one occurrence of z (where z / ∈ (cid:126)x ) such that u → ∗ β λ(cid:126)x.z and t ≡ u [ O /z ].Write s (cid:31) O z s (cid:48) if s (cid:48) may be obtained from s by changing some O subterms in s into someterms having the form zu . . . u n , defined coinductively analogously to Definition 5.35. Oneshows:(1) if s (cid:31) O z s (cid:48) and s → ∗ β w then there is w (cid:48) with s (cid:48) → ∗ β w (cid:48) and w (cid:31) O z w (cid:48) ,(2) if s (cid:31) O z s (cid:48) and s (cid:48) → ∗ β w (cid:48) then there is w with s → ∗ β w and w (cid:31) O z w (cid:48) ,(3) if s (cid:31) O z s (cid:48) and s → ∞ β w then there is w (cid:48) with s (cid:48) → ∞ β w (cid:48) and w (cid:31) O z w (cid:48) ,The first two points are proved by induction. The third one follows from the first one usingcoinduction.Hence, there exists u (cid:48) such that u → ∞ β u (cid:48) , and t (cid:48) (cid:31) O z u (cid:48) . By confluence modulo R and the fact that λ(cid:126)x.z is a finite normal form, we have u (cid:48) → ∗ β λ(cid:126)x.z . Thus there is w with t (cid:48) → ∗ β w (cid:31) O z λ(cid:126)x.z . This is possible only when w ≡ O . Corollary A.4. If t → ∞ β t (cid:48) and t ∈ U then t (cid:48) ∈ U . Lemma A.5. If t ∼ U s and t ∼ U s then t [ t /x ] ∼ U s [ s /x ] .Proof. By coinduction, using Lemma A.1(3).
Lemma A.6. If t → β t (cid:48) and t ∼ U s then there is s (cid:48) with s → ≡ β s (cid:48) and t (cid:48) ∼ U s (cid:48) . ol. 16:1 A NEW COINDUCTIVE CONFLUENCE PROOF FOR INFINITARY LAMBDA CALCULUS 31:31 Proof.
Induction on t → β t (cid:48) . If the case t, s ∈ U in the definition of t ∼ U s holds, then t (cid:48) ∈ U by Corollary A.4, so t (cid:48) ∼ U s and we may take s (cid:48) ≡ s . So assume otherwise. Then allcases follow directly from the inductive hypothesis except when t is the contracted β -redex.Then t ≡ ( λx.t ) t and t (cid:48) ≡ t [ t /x ] and s = s s with λx.t ∼ U s and t ∼ U s . If λx.t , s ∈ U then t, s ∈ U by Lemma A.1, and thus t (cid:48) ∈ U by Corollary A.4, and thus t (cid:48) ∼ U s and we may take s (cid:48) ≡ s . Otherwise, s ≡ λx.s with t ∼ U s . By Lemma A.5 wehave s → β s [ s /x ] ∼ U t [ t /x ] ≡ t (cid:48) , so we take s (cid:48) ≡ s [ s /x ]. Lemma A.7. If t ∈ R and t ∼ U t (cid:48) then t (cid:48) ∈ U .Proof. Assume t (cid:48) → ∞ β s with s in rnf. Then by Lemma 5.22 there is s (cid:48) in rnf with t (cid:48) → ∗ β s (cid:48) .By Lemma A.6 there is s with t → ∗ β s and s ∼ U s (cid:48) . If s, s (cid:48) ∈ U then t (cid:48) ∈ U . Otherwise,because t ∈ R , we must have s ≡ s s , s (cid:48) ≡ s (cid:48) s (cid:48) with s i ∼ U s (cid:48) i . Because t ∈ R and t → ∗ β s s , there exists u such that s → ∗ β λx.u . Then by Lemma A.6 there is u with s (cid:48) → ∗ β u ∼ U λx.u . If u , λ.u ∈ U then s (cid:48) ∈ U , and thus s (cid:48) ∈ U , and thus t (cid:48) ∈ U . Otherwise u ≡ λx.u (cid:48) with u ∼ U u (cid:48) . But this contradicts that s (cid:48) is in rnf. Lemma A.8. If t ∈ U and t ∼ U t (cid:48) then t (cid:48) ∈ U .Proof. First assume t ∈ H , i.e., t → ∗ β u ≡ λx . . . x n .rt . . . t m with r ∈ R . By Lemma A.6there is u with t (cid:48) → ∗ β u (cid:48) ∼ U u . We may assume u (cid:48) ≡ λx . . . x n .r (cid:48) t (cid:48) . . . t (cid:48) m with r (cid:48) ∼ U r (otherwise u (cid:48) ∈ U , using Lemma A.1, so t (cid:48) ∈ U ). But then r (cid:48) ∈ R by Lemma A.7. Hence t (cid:48) ∈ H ⊆ U .Now assume t ∈ O , i.e., t → ∗ β O . By Lemma A.6 there is u (cid:48) with t (cid:48) → ∗ β u (cid:48) ∼ U O . UsingLemma A.1 one checks that u (cid:48) ∼ U O implies u (cid:48) ∈ U . Then also t (cid:48) ∈ U . Theorem A.9. U is a set of meaningless terms.Proof. The closure axiom follows from Corollary A.4. The substitution axiom follows fromLemma A.1(3). The overlap axiom follows from Lemma A.1(1). The root-activeness axiomfollows from
R ⊆ H ⊆ U . The indiscernibility axiom follows from Lemma A.8.
This work is licensed under the Creative Commons Attribution License. To view a copy of thislicense, visit https://creativecommons.org/licenses/by/4.0/https://creativecommons.org/licenses/by/4.0/