module plfa.part2.Confluence where


## Introduction

In this chapter we prove that beta reduction is confluent, a property also known as Church-Rosser. That is, if there are reduction sequences from any term L to two different terms Mβ and Mβ, then there exist reduction sequences from those two terms to some common term N. In pictures:

    L
/ \
/   \
/     \
Mβ      Mβ
\     /
\   /
\ /
N


where downward lines are instances of ββ .

Confluence is studied in many other kinds of rewrite systems besides the lambda calculus, and it is well known how to prove confluence in rewrite systems that enjoy the diamond property, a single-step version of confluence. Let β be a relation. Then β has the diamond property if whenever L β Mβ and L β Mβ, then there exists an N such that Mβ β N and Mβ β N. This is just an instance of the same picture above, where downward lines are now instance of β. If we write β* for the reflexive and transitive closure of β, then confluence of β* follows immediately from the diamond property.

Unfortunately, reduction in the lambda calculus does not satisfy the diamond property. Here is a counter example.

(Ξ» x. x x)((Ξ» x. x) a) ββ (Ξ» x. x x) a
(Ξ» x. x x)((Ξ» x. x) a) ββ ((Ξ» x. x) a) ((Ξ» x. x) a)


Both terms can reduce to a a, but the second term requires two steps to get there, not one.

To side-step this problem, weβll define an auxilliary reduction relation, called parallel reduction, that can perform many reductions simultaneously and thereby satisfy the diamond property. Furthermore, we show that a parallel reduction sequence exists between any two terms if and only if a beta reduction sequence exists between them. Thus, we can reduce the proof of confluence for beta reduction to confluence for parallel reduction.

## Imports

open import Relation.Binary.PropositionalEquality using (_β‘_; refl)
open import Function using (_β_)
open import Data.Product using (_Γ_; Ξ£; Ξ£-syntax; β; β-syntax; projβ; projβ)
open import plfa.part2.Substitution using (Rename; Subst)
open import plfa.part2.Untyped
using (_ββ_; Ξ²; ΞΎβ; ΞΎβ; ΞΆ; _ββ _; begin_; _βββ¨_β©_; _ββ β¨_β©_; _β;
abs-cong; appL-cong; appR-cong; ββ -trans;
_β’_; _β_; _; #_; _,_; β; Ζ_; _Β·_; _[_];
rename; ext; exts; Z; S_; subst; subst-zero)


## Parallel Reduction

The parallel reduction relation is defined as follows.

infix 2 _β_

data _β_ : β {Ξ A} β (Ξ β’ A) β (Ξ β’ A) β Set where

pvar : β{Ξ A}{x : Ξ β A}
---------
β ( x) β ( x)

pabs : β{Ξ}{N Nβ² : Ξ , β β’ β}
β N β Nβ²
----------
β Ζ N β Ζ Nβ²

papp : β{Ξ}{L Lβ² M Mβ² : Ξ β’ β}
β L β Lβ²
β M β Mβ²
-----------------
β L Β· M β Lβ² Β· Mβ²

pbeta : β{Ξ}{N Nβ²  : Ξ , β β’ β}{M Mβ² : Ξ β’ β}
β N β Nβ²
β M β Mβ²
-----------------------
β (Ζ N) Β· M  β  Nβ² [ Mβ² ]


The first three rules are congruences that reduce each of their parts simultaneously. The last rule reduces a lambda term and term in parallel followed by a beta step.

We remark that the pabs, papp, and pbeta rules perform reduction on all their subexpressions simultaneously. Also, the pabs rule is akin to the ΞΆ rule and pbeta is akin to Ξ².

Parallel reduction is reflexive.

par-refl : β{Ξ A}{M : Ξ β’ A} β M β M
par-refl {Ξ} {A} { x} = pvar
par-refl {Ξ} {β} {Ζ N} = pabs par-refl
par-refl {Ξ} {β} {L Β· M} = papp par-refl par-refl


We define the sequences of parallel reduction as follows.

infix  2 _β*_
infix  3 _β

data _β*_ : β {Ξ A} β (Ξ β’ A) β (Ξ β’ A) β Set where

_β : β {Ξ A} (M : Ξ β’ A)
--------
β M β* M

_ββ¨_β©_ : β {Ξ A} (L : Ξ β’ A) {M N : Ξ β’ A}
β L β M
β M β* N
---------
β L β* N


#### Exercise par-diamond-eg (practice)

Revisit the counter example to the diamond property for reduction by showing that the diamond property holds for parallel reduction in that case.

-- Your code goes here


## Equivalence between parallel reduction and reduction

Here we prove that for any M and N, M β* N if and only if M ββ  N. The only-if direction is particularly easy. We start by showing that if M ββ N, then M β N. The proof is by induction on the reduction M ββ N.

beta-par : β{Ξ A}{M N : Ξ β’ A}
β M ββ N
------
β M β N
beta-par {Ξ} {β} {L Β· M} (ΞΎβ r) = papp (beta-par {M = L} r) par-refl
beta-par {Ξ} {β} {L Β· M} (ΞΎβ r) = papp par-refl (beta-par {M = M} r)
beta-par {Ξ} {β} {(Ζ N) Β· M} Ξ² = pbeta par-refl par-refl
beta-par {Ξ} {β} {Ζ N} (ΞΆ r) = pabs (beta-par r)


With this lemma in hand we complete the only-if direction, that M ββ  N implies M β* N. The proof is a straightforward induction on the reduction sequence M ββ  N.

betas-pars : β{Ξ A} {M N : Ξ β’ A}
β M ββ  N
------
β M β* N
betas-pars {Ξ} {A} {Mβ} {.Mβ} (Mβ β) = Mβ β
betas-pars {Ξ} {A} {.L} {N} (L βββ¨ b β© bs) =
L ββ¨ beta-par b β© betas-pars bs


Now for the other direction, that M β* N implies M ββ  N. The proof of this direction is a bit different because itβs not the case that M β N implies M ββ N. After all, M β N performs many reductions. So instead we shall prove that M β N implies M ββ  N.

par-betas : β{Ξ A}{M N : Ξ β’ A}
β M β N
------
β M ββ  N
par-betas {Ξ} {A} {.( _)} (pvar{x = x}) = ( x) β
par-betas {Ξ} {β} {Ζ N} (pabs p) = abs-cong (par-betas p)
par-betas {Ξ} {β} {L Β· M} (papp {L = L}{Lβ²}{M}{Mβ²} pβ pβ) =
begin
L Β· M   ββ β¨ appL-cong{M = M} (par-betas pβ) β©
Lβ² Β· M  ββ β¨ appR-cong (par-betas pβ) β©
Lβ² Β· Mβ²
β
par-betas {Ξ} {β} {(Ζ N) Β· M} (pbeta{Nβ² = Nβ²}{Mβ² = Mβ²} pβ pβ) =
begin
(Ζ N) Β· M                    ββ β¨ appL-cong{M = M} (abs-cong (par-betas pβ)) β©
(Ζ Nβ²) Β· M                   ββ β¨ appR-cong{L = Ζ Nβ²} (par-betas pβ)  β©
(Ζ Nβ²) Β· Mβ²                  βββ¨ Ξ² β©
Nβ² [ Mβ² ]
β


The proof is by induction on M β N.

• Suppose x β x. We immediately have x ββ  x.

• Suppose Ζ N β Ζ Nβ² because N β Nβ². By the induction hypothesis we have N ββ  Nβ². We conclude that Ζ N ββ  Ζ Nβ² because ββ  is a congruence.

• Suppose L Β· M β Lβ² Β· Mβ² because L β Lβ² and M β Mβ². By the induction hypothesis, we have L ββ  Lβ² and M ββ  Mβ². So L Β· M ββ  Lβ² Β· M and then Lβ² Β· M ββ  Lβ² Β· Mβ² because ββ  is a congruence.

• Suppose (Ζ N) Β· M β Nβ² [ Mβ² ] because N β Nβ² and M β Mβ². By similar reasoning, we have (Ζ N) Β· M ββ  (Ζ Nβ²) Β· Mβ² which we can following with the Ξ² reduction (Ζ Nβ²) Β· Mβ² ββ Nβ² [ Mβ² ].

With this lemma in hand, we complete the proof that M β* N implies M ββ  N with a simple induction on M β* N.

pars-betas : β{Ξ A} {M N : Ξ β’ A}
β M β* N
------
β M ββ  N
pars-betas (Mβ β) = Mβ β
pars-betas (L ββ¨ p β© ps) = ββ -trans (par-betas p) (pars-betas ps)


## Substitution lemma for parallel reduction

Our next goal is the prove the diamond property for parallel reduction. But to do that, we need to prove that substitution respects parallel reduction. That is, if N β Nβ² and M β Mβ², then N [ M ] β Nβ² [ Mβ² ]. We cannot prove this directly by induction, so we generalize it to: if N β Nβ² and the substitution Ο pointwise parallel reduces to Ο, then subst Ο N β subst Ο Nβ². We define the notion of pointwise parallel reduction as follows.

par-subst : β{Ξ Ξ} β Subst Ξ Ξ β Subst Ξ Ξ β Set
par-subst {Ξ}{Ξ} Ο Οβ² = β{A}{x : Ξ β A} β Ο x β Οβ² x


Because substitution depends on the extension function exts, which in turn relies on rename, we start with a version of the substitution lemma, called par-rename, that is specialized to renamings. The proof of par-rename relies on the fact that renaming and substitution commute with one another, which is a lemma that we import from Chapter Substitution and restate here.

rename-subst-commute : β{Ξ Ξ}{N : Ξ , β β’ β}{M : Ξ β’ β}{Ο : Rename Ξ Ξ }
β (rename (ext Ο) N) [ rename Ο M ] β‘ rename Ο (N [ M ])
rename-subst-commute {N = N} = plfa.part2.Substitution.rename-subst-commute {N = N}


Now for the par-rename lemma.

par-rename : β{Ξ Ξ A} {Ο : Rename Ξ Ξ} {M Mβ² : Ξ β’ A}
β M β Mβ²
------------------------
β rename Ο M β rename Ο Mβ²
par-rename pvar = pvar
par-rename (pabs p) = pabs (par-rename p)
par-rename (papp pβ pβ) = papp (par-rename pβ) (par-rename pβ)
par-rename {Ξ}{Ξ}{A}{Ο} (pbeta{Ξ}{N}{Nβ²}{M}{Mβ²} pβ pβ)
with pbeta (par-rename{Ο = ext Ο} pβ) (par-rename{Ο = Ο} pβ)
... | G rewrite rename-subst-commute{Ξ}{Ξ}{Nβ²}{Mβ²}{Ο} = G



The proof is by induction on M β Mβ². The first four cases are straightforward so we just consider the last one for pbeta.

• Suppose (Ζ N) Β· M β Nβ² [ Mβ² ] because N β Nβ² and M β Mβ². By the induction hypothesis, we have rename (ext Ο) N β rename (ext Ο) Nβ² and rename Ο M β rename Ο Mβ². So by pbeta we have (Ζ rename (ext Ο) N) Β· (rename Ο M) β (rename (ext Ο) N) [ rename Ο M ]. However, to conclude we instead need parallel reduction to rename Ο (N [ M ]). But thankfully, renaming and substitution commute with one another.

With the par-rename lemma in hand, it is straightforward to show that extending substitutions preserves the pointwise parallel reduction relation.

par-subst-exts : β{Ξ Ξ} {Ο Ο : Subst Ξ Ξ}
β par-subst Ο Ο
------------------------------------------
β β{B} β par-subst (exts Ο {B = B}) (exts Ο)
par-subst-exts s {x = Z} = pvar
par-subst-exts s {x = S x} = par-rename s


The next lemma that we need for proving that substitution respects parallel reduction is the following which states that simultaneoous substitution commutes with single substitution. We import this lemma from Chapter Substitution and restate it below.

subst-commute : β{Ξ Ξ}{N : Ξ , β β’ β}{M : Ξ β’ β}{Ο : Subst Ξ Ξ }
β subst (exts Ο) N [ subst Ο M ] β‘ subst Ο (N [ M ])
subst-commute {N = N} = plfa.part2.Substitution.subst-commute {N = N}


We are ready to prove that substitution respects parallel reduction.

subst-par : β{Ξ Ξ A} {Ο Ο : Subst Ξ Ξ} {M Mβ² : Ξ β’ A}
β par-subst Ο Ο  β  M β Mβ²
--------------------------
β subst Ο M β subst Ο Mβ²
subst-par {Ξ} {Ξ} {A} {Ο} {Ο} { x} s pvar = s
subst-par {Ξ} {Ξ} {A} {Ο} {Ο} {Ζ N} s (pabs p) =
pabs (subst-par {Ο = exts Ο} {Ο = exts Ο}
(Ξ» {A}{x} β par-subst-exts s {x = x}) p)
subst-par {Ξ} {Ξ} {β} {Ο} {Ο} {L Β· M} s (papp pβ pβ) =
papp (subst-par s pβ) (subst-par s pβ)
subst-par {Ξ} {Ξ} {β} {Ο} {Ο} {(Ζ N) Β· M} s (pbeta{Nβ² = Nβ²}{Mβ² = Mβ²} pβ pβ)
with pbeta (subst-par{Ο = exts Ο}{Ο = exts Ο}{M = N}
(Ξ»{A}{x} β par-subst-exts s {x = x}) pβ)
(subst-par {Ο = Ο} s pβ)
... | G rewrite subst-commute{N = Nβ²}{M = Mβ²}{Ο = Ο} = G


We proceed by induction on M β Mβ².

• Suppose x β x. We conclude that Ο x β Ο x using the premise par-subst Ο Ο.

• Suppose Ζ N β Ζ Nβ² because N β Nβ². To use the induction hypothesis, we need par-subst (exts Ο) (exts Ο), which we obtain by par-subst-exts. So we have subst (exts Ο) N β subst (exts Ο) Nβ² and conclude by rule pabs.

• Suppose L Β· M β Lβ² Β· Mβ² because L β Lβ² and M β Mβ². By the induction hypothesis we have subst Ο L β subst Ο Lβ² and subst Ο M β subst Ο Mβ², so we conclude by rule papp.

• Suppose (Ζ N) Β· M β Nβ² [ Mβ² ] because N β Nβ² and M β Mβ². Again we obtain par-subst (exts Ο) (exts Ο) by par-subst-exts. So by the induction hypothesis, we have subst (exts Ο) N β subst (exts Ο) Nβ² and subst Ο M β subst Ο Mβ². Then by rule pbeta, we have parallel reduction to subst (exts Ο) Nβ² [ subst Ο Mβ² ]. Substitution commutes with itself in the following sense. For any Ο, N, and M, we have

  (subst (exts Ο) N) [ subst Ο M ] β‘ subst Ο (N [ M ])


So we have parallel reduction to subst Ο (Nβ² [ Mβ² ]).

Of course, if M β Mβ², then subst-zero M pointwise parallel reduces to subst-zero Mβ².

par-subst-zero : β{Ξ}{A}{M Mβ² : Ξ β’ A}
β M β Mβ²
β par-subst (subst-zero M) (subst-zero Mβ²)
par-subst-zero {M} {Mβ²} p {A} {Z} = p
par-subst-zero {M} {Mβ²} p {A} {S x} = pvar


We conclude this section with the desired corollary, that substitution respects parallel reduction.

sub-par : β{Ξ A B} {N Nβ² : Ξ , A β’ B} {M Mβ² : Ξ β’ A}
β N β Nβ²
β M β Mβ²
--------------------------
β N [ M ] β Nβ² [ Mβ² ]
sub-par pn pm = subst-par (par-subst-zero pm) pn


## Parallel reduction satisfies the diamond property

The heart of the confluence proof is made of stone, or rather, of diamond! We show that parallel reduction satisfies the diamond property: that if M β N and M β Nβ², then N β L and Nβ² β L for some L. The proof is relatively easy; it is parallel reductionβs raison dβetre.

par-diamond : β{Ξ A} {M N Nβ² : Ξ β’ A}
β M β N
β M β Nβ²
---------------------------------
β Ξ£[ L β Ξ β’ A ] (N β L) Γ (Nβ² β L)
par-diamond (pvar{x = x}) pvar = β¨  x , β¨ pvar , pvar β© β©
par-diamond (pabs p1) (pabs p2)
with par-diamond p1 p2
... | β¨ Lβ² , β¨ p3 , p4 β© β© =
β¨ Ζ Lβ² , β¨ pabs p3 , pabs p4 β© β©
par-diamond{Ξ}{A}{L Β· M}{N}{Nβ²} (papp{Ξ}{L}{Lβ}{M}{Mβ} p1 p3)
(papp{Ξ}{L}{Lβ}{M}{Mβ} p2 p4)
with par-diamond p1 p2
with par-diamond p3 p4
...   | β¨ Mβ , β¨ p7 , p8 β© β© =
β¨ (Lβ Β· Mβ) , β¨ (papp p5 p7) , (papp p6 p8) β© β©
par-diamond (papp (pabs p1) p3) (pbeta p2 p4)
with par-diamond p1 p2
with par-diamond p3 p4
...   | β¨ Mβ , β¨ p7 , p8 β© β© =
β¨ Nβ [ Mβ ] , β¨ pbeta p5 p7 , sub-par p6 p8 β© β©
par-diamond (pbeta p1 p3) (papp (pabs p2) p4)
with par-diamond p1 p2
with par-diamond p3 p4
...   | β¨ Mβ , β¨ p7 , p8 β© β© =
β¨ (Nβ [ Mβ ]) , β¨ sub-par p5  p7 , pbeta p6 p8 β© β©
par-diamond {Ξ}{A} (pbeta p1 p3) (pbeta p2 p4)
with par-diamond p1 p2
with par-diamond p3 p4
...   | β¨ Mβ , β¨ p7 , p8 β© β© =
β¨ Nβ [ Mβ ] , β¨ sub-par p5 p7 , sub-par p6 p8 β© β©


The proof is by induction on both premises.

• Suppose x β x and x β x. We choose L = x and immediately have x β x and x β x.

• Suppose Ζ N β Ζ Nβ and Ζ N β Ζ Nβ. By the induction hypothesis, there exists Lβ² such that Nβ β Lβ² and Nβ β Lβ². We choose L = Ζ Lβ² and by pabs conclude that Ζ Nβ β Ζ Lβ² and Ζ Nβ β Ζ Lβ².

• Suppose that L Β· M β Lβ Β· Mβ and L Β· M β Lβ Β· Mβ. By the induction hypothesis we have Lβ β Lβ and Lβ β Lβ for some Lβ. Likewise, we have Mβ β Mβ and Mβ β Mβ for some Mβ. We choose L = Lβ Β· Mβ and conclude with two uses of papp.

• Suppose that (Ζ N) Β· M β (Ζ Nβ) Β· Mβ and (Ζ N) Β· M β Nβ [ Mβ ] By the induction hypothesis we have Nβ β Nβ and Nβ β Nβ for some Nβ. Likewise, we have Mβ β Mβ and Mβ β Mβ for some Mβ. We choose L = Nβ [ Mβ ]. We have (Ζ Nβ) Β· Mβ β Nβ [ Mβ ] by rule pbeta and conclude that Nβ [ Mβ ] β Nβ [ Mβ ] because substitution respects parallel reduction.

• Suppose that (Ζ N) Β· M β Nβ [ Mβ ] and (Ζ N) Β· M β (Ζ Nβ) Β· Mβ. The proof of this case is the mirror image of the last one.

• Suppose that (Ζ N) Β· M β Nβ [ Mβ ] and (Ζ N) Β· M β Nβ [ Mβ ]. By the induction hypothesis we have Nβ β Nβ and Nβ β Nβ for some Nβ. Likewise, we have Mβ β Mβ and Mβ β Mβ for some Mβ. We choose L = Nβ [ Mβ ]. We have both (Ζ Nβ) Β· Mβ β Nβ [ Mβ ] and (Ζ Nβ) Β· Mβ β Nβ [ Mβ ] by rule pbeta

#### Exercise (practice)

Draw pictures that represent the proofs of each of the six cases in the above proof of par-diamond. The pictures should consist of nodes and directed edges, where each node is labeled with a term and each edge represents parallel reduction.

## Proof of confluence for parallel reduction

As promised at the beginning, the proof that parallel reduction is confluent is easy now that we know it satisfies the diamond property. We just need to prove the strip lemma, which states that if M β N and M β* Nβ², then N β* L and Nβ² β L for some L. The following diagram illustrates the strip lemma

    M
/ \
1   *
/     \
N       Nβ²
\     /
*   1
\ /
L


where downward lines are instances of β or β*, depending on how they are marked.

The proof of the strip lemma is a straightforward induction on M β* Nβ², using the diamond property in the induction step.

strip : β{Ξ A} {M N Nβ² : Ξ β’ A}
β M β N
β M β* Nβ²
------------------------------------
β Ξ£[ L β Ξ β’ A ] (N β* L)  Γ  (Nβ² β L)
strip{Ξ}{A}{M}{N}{Nβ²} mn (M β) = β¨ N , β¨ N β , mn β© β©
strip{Ξ}{A}{M}{N}{Nβ²} mn (M ββ¨ mm' β© m'n')
with par-diamond mn mm'
with strip m'l m'n'
...   | β¨ Lβ² , β¨ ll' , n'l' β© β© =


The proof of confluence for parallel reduction is now proved by induction on the sequence M β* N, using the above lemma in the induction step.

par-confluence : β{Ξ A} {L Mβ Mβ : Ξ β’ A}
β L β* Mβ
β L β* Mβ
------------------------------------
β Ξ£[ N β Ξ β’ A ] (Mβ β* N) Γ (Mβ β* N)
par-confluence {Ξ}{A}{L}{.L}{N} (L β) Lβ*N = β¨ N , β¨ Lβ*N , N β β© β©
par-confluence {Ξ}{A}{L}{Mββ²}{Mβ} (L ββ¨ LβMβ β© Mββ*Mββ²) Lβ*Mβ
with strip LβMβ Lβ*Mβ
with par-confluence Mββ*Mββ² Mββ*N
...   | β¨ Nβ² , β¨ Mββ²β*Nβ² , Nβ*Nβ² β© β© =


The step case may be illustrated as follows:

        L
/ \
1   *
/     \
Mβ (a)  Mβ
/ \     /
*   *   1
/     \ /
Mββ²(b)  N
\     /
*   *
\ /
Nβ²


where downward lines are instances of β or β*, depending on how they are marked. Here (a) holds by strip and (b) holds by induction.

## Proof of confluence for reduction

Confluence of reduction is a corollary of confluence for parallel reduction. From L ββ  Mβ and L ββ  Mβ we have L β* Mβ and L β* Mβ by betas-pars. Then by confluence we obtain some L such that Mβ β* N and Mβ β* N, from which we conclude that Mβ ββ  N and Mβ ββ  N by pars-betas.

confluence : β{Ξ A} {L Mβ Mβ : Ξ β’ A}
β L ββ  Mβ
β L ββ  Mβ
-----------------------------------
β Ξ£[ N β Ξ β’ A ] (Mβ ββ  N) Γ (Mβ ββ  N)
confluence Lβ Mβ Lβ Mβ
with par-confluence (betas-pars Lβ Mβ) (betas-pars Lβ Mβ)
... | β¨ N , β¨ MββN , MββN β© β© =

Broadly speaking, this proof of confluence, based on parallel reduction, is due to W. Tait and P. Martin-Lof (see Barendredgt 1984, Section 3.2). Details of the mechanization come from several sources. The subst-par lemma is the βstrong substitutivityβ lemma of Shafer, Tebbi, and Smolka (ITP 2015). The proofs of par-diamond, strip, and par-confluence are based on Pfenningβs 1992 technical report about the Church-Rosser theorem. In addition, we consulted Nipkow and Berghoferβs mechanization in Isabelle, which is based on an earlier article by Nipkow (JAR 1996). We opted not to use the βcomplete developmentsβ approach of Takahashi (1995) because we felt that the proof was simple enough based solely on parallel reduction. There are many more mechanizations of the Church-Rosser theorem that we have not yet had the time to read, including Shankarβs (J. ACM 1988) and Homeierβs (TPHOLs 2001).
β  U+3015  RIGHTWARDS TRIPLE ARROW (\r== or \Rrightarrow)
`