End Product

All in all, the formalization of our first framework provides a theory of syntax with bindings over an arbitrary many-sorted signature. The signature is formalized as an Isabelle locale [39] that fixes the types var, sort, varsort, index, bindex and opsym and the constants asSort, arOf and barOf and assumes the injectivity of asSort and the var properties (Assumptions6

and29). All end-product theorems are placed in this locale.

The whole formalization consists of 22700 lines of code (LOC). Of these, 3300 LOC are dedicated to quasiterms, their standard operators and alpha-equivalence. 3700 LOC are dedicated to the definition of terms and the lifting of results from quasiterms. Of the latter, the properties of substitution were the most extensive—2500 LOC out of the whole 3700— since substitution, unlike freshness and swapping, requires heavy variable renaming, which complicates the proofs.

The induction scheme presented in Section3.4 is not the only scheme we formalized (though it is the most useful). We also proved a variety of lower-level induction schemes based on the skeleton of the terms and schemes that are easier to instantiate—e.g., by pre- instantiating Theorem28with commonly used parameters such as variables, terms and envi- ronments. Induction and iteration/recursion principles constitute 8000 LOC altogether.

The remaining 7700 LOC of the formalization are dedicated to transiting from good terms to sorted terms. Of these, 3500 LOC are taken by the sheer statement of our many end- product theorems. Another fairly large part, 2000 LOC, is dedicated to transferring all the

variants of iteration and recursion (those from Sections3.3.1and3.3.2) and the interpretation Theorem27, which require conceptually straightforward but technically tedious moves back and forth between sorted terms and sorted elements of the target domain.

Chapter 4

A Formalization of the

Church-Rosser and Standardization

Theorems

In this chapter, we instantiate the general theory from Chapter 3to the syntax of lambda- calculus and formalize the development leading to two major λ-calculus results: the Church- Rosser and Standardization theorems for β-reduction. Our work1 covers both the call-by- name and call-by-value versions of the calculus, following a classic paper by Gordon Plotkin [60].

In our journey towards a better understanding of syntaxes and their binding mechanisms, we wanted some case study, that highlighted the role that a formalized general theory like ours can assume and the good it can do. Indeed, during the formalization, we were able to stay focused on the high-level ideas of the development—thanks to the arsenal provided by our framework: a wealth of basic facts about the substitution, swapping and freshness operators, as well as recursive-definition and reasoning principles.

The first step we take is instantiating the framework to the syntaxes of call-by-name and call-by-value λ-calculus, the latter differing from the former by the existence of an additional syntactic category of special terms called values. This instantiation provides us with a rich theory of the standard operators on terms, namely freshness, substitution and swapping, as well as a freshness-aware induction proof principle and operators-aware recursive definition principles (Section4.1; see also the previous Chapter3).

Then we proceed with the formal development of our specific target results. We show in detail the development for the call-by-name calculus (Section4.2). The similar development for the call-by-value calculus is only sketched by pointing out the differences, including the use of a two-sorted instantiation of our framework (Section4.3).

The theorems we want to prove require the definition of a range of β-reduction relations, including parallel and left, single-step and multi-step reductions. The Church-Rosser theorem (Section4.2.2) is proved by formalizing the parallel-reduction technique of Tait [8], enhanced with the complete parallel reduction operator trick due to Takahashi [69]. For Standardization (Section4.2.3), we follow closely Plotkin’s original paper [60].

1_{Our formalization is publicly available from the website [32] associated to our paper [31], currently under}

Our presentation emphasizes the use of the various principles provided by our general framework, as well as some difficulties arising from representing formally some informal definition and proof idioms—such as recursing over alpha-equated terms (or, equivalently, recursing in an alpha-equivalence preserving manner) and inversion rules obeying Baren- dregt’s variable convention. Some of the lessons learned during the formalization effort, as well as some statistics, are presented in Section4.4.

4.1

Instantiation of the General Framework

Our framework from the previous chapter is parametrized by an arbitrary binding signature, which is represented as an Isabelle locale [39] (Subsection3.5.1, Chapter3). The signature essentially specifies the following data: a collection of term sorts, a collection of variable sorts, an embedding relationship between variable sorts and term sorts, and a collection of (term) constructors, each with an assigned arity and an assigned result sorts. The arity con- sists of zero or more input sorts—where an input sort is either just a term sort (for free inputs) or a pair of a variable sort and a term sort (for bound inputs). The result sort refers to the output of the constructor. In this chapter we ignore standalone abstractions as presented in the previous chapter, since we have covered them in syntactic sugar, as one of the first steps of the instantiation process. To this aim the technique we used is the one described in Section

3.1.1, Chapter 3: we define Lm x X as Lam(Abs x X)and from now on all the definitions and results will be written using Lm2.

After fixing the signature, “quasi-terms” are defined as being freely generated by the con- structors, then terms are defined by quotienting quasi-terms to the notion of alpha-equivalence obtained standardly from the signature-specified bindings of the term constructors. Thus, what we call “terms” here are as usual alpha-equivalence classes. Several standard operators are defined on terms, including capture-avoiding substitution of terms for variables, freshness of a variable for a term, and swapping of two variables in a term. The theory provides many properties of these operators, as well as binding-aware and standard-operator-aware struc- tural recursion and induction principles and a principle for interpreting syntax in a semantic domain.

We have already given details about the general framework in the previous chapter 3; here we just give a self-contained description of two instances of the framework.