A Modular Lean 4 Framework for Confluence and Strong Normalization of Lambda Calculi with Products and Sums

We present Metatheory, a comprehensive library for programming language foundations in Lean 4. The library features a modular framework for proving confluence of abstract rewriting systems using three classical proof techniques: the diamond property, Newmans lemma, and the Hindley-Rosen lemma. These are instantiated across six case studies including untyped lambda calculus, combinatory logic, term rewriting, simply typed lambda calculus, and STLC with products and sums. All theorems are fully mechanized with zero axioms or sorry statements. We provide complete proofs of de Bruijn substitution infrastructure and demonstrate strong normalization via logical relations. To our knowledge, this is the first comprehensive confluence and normalization framework for Lean 4.

💡 Research Summary

The paper presents Metatheory, a comprehensive Lean 4 library that formalizes confluence and strong normalization for a variety of lambda calculi and rewriting systems. At its core, the library defines an abstract rewriting system (ARS) interface and implements three classic confluence proof techniques within a single, reusable framework: the diamond property via parallel reduction, Newman’s Lemma for terminating systems, and the Hindley‑Rosen Lemma for commuting relations. By abstracting these techniques, the authors can instantiate the same machinery across six case studies: untyped lambda calculus, combinatory logic, simple term rewriting, string rewriting, simply‑typed lambda calculus (STLC), and an extension of STLC with product (A × B) and sum (A + B) types.

The diamond‑property development follows Takahashi’s parallel reduction approach. The authors define a parallel reduction relation that contracts any subset of redexes, prove its diamond property, and then show that ordinary β‑reduction is the reflexive‑transitive closure of parallel reduction. This yields a confluence proof for the untyped λ‑calculus without any auxiliary axioms.

For systems where termination is easier to establish, the library leverages Newman’s Lemma. Termination is proved by well‑founded measures (size for arithmetic expressions, length for strings). Local confluence is obtained via critical‑pair analysis. The combination of these two facts gives a fully mechanized confluence proof for both term rewriting and string rewriting examples.

The Hindley‑Rosen Lemma is formalized to handle the union of two confluent, commuting relations. This is used, for instance, to combine β‑reduction with additional administrative reductions in the combinatory logic case study.

A substantial technical contribution is the complete de Bruijn infrastructure. The library defines shift and substitution operations on de Bruijn indices, proves the standard lemmas (identity, composition, commutation) and, crucially, a full substitution‑composition theorem. The substitution composition proof is about 90 lines of Lean code and is fully generic, handling nesting depth via a “level” parameter. This eliminates the need for any axiomatized substitution properties that are common in other formalizations.

Strong normalization is proved for STLC and its extension with products and sums using Girard’s reducibility candidates (logical relations). The reducibility predicate is defined inductively on types: base types are reducible iff they are strongly normalizing; arrow types require that the function maps reducible arguments to reducible results; product types require both projections to be reducible; sum types require the term to be strongly normalizing and that each injection reduces to a reducible component. The authors verify the three classic candidate conditions (CR1–CR3) for each type constructor. The fundamental lemma shows that well‑typed terms remain reducible under any reducible substitution, and from this the strong normalization theorem follows.

The sum‑type case is the most intricate part of the normalization proof. The case analysis construct has three subterms that can reduce independently, and its neutrality depends on the scrutinee not being an injection. The authors handle this by a triple nested induction on the strong‑normalization proofs of the scrutinee and both branches, carefully tracking how reductions propagate through the case construct.

Overall, the library consists of 10 367 lines of Lean 4 code, containing 497 theorems, with zero sorry placeholders or axioms. The largest module, STLCext (products and sums), comprises 3 828 lines and 155 theorems, reflecting the added complexity of the normalization proof.

In the related work discussion, the authors compare their effort to Coq, Isabelle, Agda, and Isabelle/HOL developments, emphasizing that Metatheory is the first to provide a unified, fully mechanized framework for both confluence (via three distinct techniques) and strong normalization (including products and sums) in Lean 4. They also note that their de Bruijn treatment is completely proved rather than axiomatized, addressing a common limitation in prior mechanizations.

The conclusion highlights the modularity of the approach, the feasibility of large‑scale metatheoretic development in Lean 4, and the lessons learned about technique selection (diamond property being broadly applicable, Newman’s Lemma simplifying terminating systems, and Hindley‑Rosen enabling combination of relations). The work demonstrates that Lean 4’s modern type theory and metaprogramming facilities are well‑suited for sophisticated programming‑language metatheory.