A Deep Natural Deduction Calculus

Download PDF
0 downloads 0 Views 312KB Size Report
Comment
Abstract. This paper defines a (deep) natural deduction calculus NDd for the implicational fragment of intuitionistic logic. NDd extends the usual (shallow) natural ...
A Deep Natural Deduction Calculus Bruno Woltzenlogel Paleo INRIA, Nancy, France [email protected]

Abstract. This paper defines a (deep) natural deduction calculus NDd for the implicational fragment of intuitionistic logic. NDd extends the usual (shallow) natural deduction calculus ND by allowing the implication introduction and elimination rules to be applied deeply inside formulas. In analogy to the Curry-Howard isomorphism between ND and the simply-typed λ-calculus, an extension of the λ-calculus, here called λd -calculus, is defined in order to provide compact proof terms for NDd proofs. Soundness and completeness of NDd with respect to ND are proven.

1

Introduction

Natural Deduction was introduced by Gentzen in [7] and its distinguishing feature is that the meaning of a logical connective is determined by its elimination and introduction rules, and not by axioms. As a result, formal proofs in Natural Deduction style are often considered to be similar in structure to their informal counterparts and hence more natural. This rather subjective claim is corroborated by the observation that widely used proof assistants (e.g. Isabelle [1] and Coq [2]) follow a Natural Deduction style. However, the inference rules of the Natural Deduction calculi introduced by Gentzen and the variants or extensions used by modern proof assistants are shallow (in a sense that will be clarified in Section 2). Consequently, it can be inconvenient, bureaucratic and unnatural to formalize reasoning steps that modify a deeply located subformula of a formula (e.g. skolemization, double negation elimination, quantifier shifting, prenexification, . . . ). Such deep reasoning steps are commonly used by automated deduction tools during preprocessing of the theorem to be proved. This paper extends the usual shallow natural deduction calculus by allowing the introduction and elimination rules to be applied deeply inside formulas. For the sake of succintness, this paper focuses on a small fragment of intuitionistic logic whose only connective is implication. It is straightforward to extend the techniques described here to natural deduction calculi containing inference rules for other connectives as well. The idea of deep inference has been intensively investigated recently (e.g. [8, 5]), but the proof calculi developed there are usually for classical logic. A deep inference proof calculus for intuitionistic logic can be found in [4], but it has been obtained by adapting classical deep inference proof calculi, and hence it

differs substantially from Natural Deduction in style. The calculus defined in this paper, on the other hand, extends Natural Deduction in a minimal way, and might therefore find more immediate use in interactive theorem proving, where the Natural Deduction style is a well-established standard. Acknowledgements I would like to thank: Pascal Fontaine and David Deharbe, for our discussions about proof production for Skolemization as a pre-processing step in the SMTsolver VeriT [3]; Stephan Merz, for explaining me alternative ways of replaying deep inferences in a shallow proof assistant such as Isabelle; Alessio Guglielmi and Tom Gundersen, for discussions about deep inference.

2

Deep Natural Deduction

Figure 1 presents the inference rules of a standard natural deduction calculus ND for the implicational fragment of intuitionistic logic. An ND-derivation is a tree of inferences (instances of the inference rules) and a derivation ψ is an ND-proof of a theorem T if and only if its leaves are axiom inferences and it ends in ` t : T , for some term t of type T of the simply typed λ-calculus. This term t is called the proof-term of ψ and denoted I(ψ). As indicated in the figure, the implication introduction rule corresponds to abstraction while the implication elimination rule corresponds to application in the λ-calculus. I is thus an isomorphism (Curry-Howard [6]) between ND-proofs and simply typed λ-terms and between (implicational intuitionistic) theorems and types.

Γ, a : A ` a : A

axiom

Γ, a : A ` b : B →I Γ ` λa.b : A → B Γ `f :A→B Γ `a:A →E Γ ` (f a) : B

Fig. 1: The natural deduction calculus ND

Notice that, in the implication introduction rule, the introduced implication connective occupies the shallowest place in the tree structure of the conclusion formula A → B (i.e. if the formula is displayed, as usual, as an upside down tree, then the introduced connective → occupies the root on the top and A and B are its, respectively, left and right children located deeper just below the root). Similarly, the eliminated implication in the left premise of the elimination rule

is also shallow and the shallowest subformula of the right premise (i.e. the whole right premise itself) must match the antecedent of the left premise. In this sense, ND can be considered a shallow calculus. Figure 2 shows the inference rules of NDd , a deep natural deduction calculus that aims at extending ND in a simple, minimal, straightforward and yet general way by allowing the inference rules to operate on subformulas located deeply inside the premises. The notation Cπ [F ] indicates a formula that has the subformula F in position π. Cπ [ ] is called the context of F in the formula Cπ [F ]. Concretely in this paper, a position π is encoded as a binary string indicating the path from the root of Cπ [F ] to F in the tree structure of Cπ [F ]; thus, a subformula at position π of a formula P , denoted Atπ (P ), can be retrieved by traversing the formula according to the following inductive definition: . At (A) = A . At0π (A → B) = Atπ (B) . At1π (A → B) = Atπ (A) A position is said to be positive (negative) if and only if it contains an even (odd) number of digits 1. In other words, in the tree structure of a formula, a node and its left (right) child always occupy positions with opposite (same) polarities, and the root position is positive.

Γ, a : A ` a : A

axiom

Γ, a : A ` b : Cπ [B] →I (π) Γ ` λπ a.b : Cπ [A → B] Γ ` f : Cπ11 [A → B]

Γ ` a : Cπ22 [A]

1 2 Γ ` (f a)* (π1 ;π2 ) : Cπ1 [Cπ2 [B]]

Γ ` f : Cπ11 [A → B]

Γ ` a : Cπ22 [A]

2 1 Γ ` (f a)( (π1 ;π2 ) : Cπ2 [Cπ1 [B]]

→* E (π1 ; π2 )

→( E (π1 ; π2 )

Note: π, π1 and π2 must be positive positions.

Fig. 2: The deep natural deduction calculus NDd

The deep natural deduction calculus NDd has two deep implication eliminationt rules, because the implication elimination rule of ND is extendable in two different ways, depending on the order in which the contexts are combined. As shown in Figure 2, proof terms for NDd -proofs must be modified accordingly: the positions in which applications and abstractions are performed are

indicated as subscripts, and the superscript arrows on applications inform the order in which the contexts are combined. In case at least one of the contexts is empty, the order does not matter, and hence the superscript arrow can be omitted. These new proof-terms are here called λd -terms (deep λ-terms). The proofterm of an NDd -proof ψ is denoted Id (ψ).

3

Translating λ-terms into λd -terms

The translation of λ-terms into λd -terms of the same type is easy, since λ-terms can be regarded as λd -terms with empty positions. Definition 1. The translation function ζ, from λ-terms to λd -terms of the same type, is defined inductively on the structure of λ-terms: . – If t is a variable, then ζ[t] = t . – If t is an abstraction of the form λa.b, then ζ[t] = λ a.b . – If t is an application of the form (f a), then ζ[t] = (f a)(;)

4

Translating λd -terms into λ-terms

The translation of λd -terms into λ-terms of the same type, though not as easy, is also possible. In spite of its lengthy inductive definition, the translation function defined below is crucial for a concise proof of soundness of NDd in Theorem 4. Definition 2. The translation function ξ, from λd -terms to λ-terms of the same type, is defined inductively on the structure of λd -terms: . – If t is a variable, then ξ[t] = t – If t is an abstraction of the form λπ a.b, the translation is defined by induction on the position π, according to the cases below: • If π = 0π1 , it is the case that t matches λ0π1 a.bC→D , and then . ξ[t] = λcC .ξ[λπ1 a.(bc)] • If π = 1π1 , then there is at least one occurrence of the digit 1 in π1 , since π is positive and π1 is negative. Therefore, π is necessarily of the form 10 . . . 01π2 and t matches λ10...01π2 a.f (C1 →...Cn →(Tπ2 [B]→D1 ))→D2 . Then . C C →...Cn →(Tπ [A→B]→D1 ) C T [B] 2 ξ[t] = λk 1 .(f λc1 1 . . . cn n .λh π2 .(k c1 . . . cn ξ[λπ2 a.h])

• If π = , it is the case that t matches λ a.f , and then . ξ[t] = λa.ξ[f ] – If t is an (*)-application of the form (f a)* (π1 ;π2 ) , the translation is defined by two successive inductions, firstly on the position π1 and then (when π1 = ) on π2 , according to the cases below:

• If π1 = 0π, it is the case that t matches (f C→D a)* (0π;π2 ) , and then . ξ[t] = λcC .ξ[((f c) a))* (π;π2 ) ] • If π1 = 1π 0 , then there is at least one occurrence of the digit 1 in π 0 , since π1 is positive and π 0 is negative. Therefore, π1 is necessarily of the form 10 . . . 01π and t matches (f (C1 →...Cn →(Tπ [A→B]→D1 ))→D2 a)* (10...01π;π2 ) . Then . C C →...Cn →(Tπ [B]→D1 ) T [A→B] * C ξ[t] = λk 1 .(f λc1 1 . . . cn n .λh π .(k c1 . . . cn ξ[(h a)(π;π

2)

])

• If π1 =  and π2 = 0π, it is the case that t matches (f aC→D )* (;0π) , and then . ξ[t] = λcC .ξ[(f (a c))* (;π) ] • If π1 =  and π2 = 1π 0 , then there is at least one occurrence of the digit 1 in π 0 , since π2 is positive and π 0 is negative. Therefore, π2 is of the form 10 . . . 01π and t matches (f A→B a(C1 →...Cn →(Tπ [A]→D1 ))→D2 )* (;10...01π) . Then . C T [A] * C →...Cn →(Tπ [B]→D1 ) C ξ[t] = λk 1 .(a λc1 1 . . . cn n .λh π .(k cn . . . c1 ξ[(f h)(;π) ]))

• If π1 = π2 = , it is the case that t matches (f a)* (;) , and then . ξ[t] = (ξ[f ] ξ[a]) – If t is an (()-application of the form (f a)( (π1 ;π2 ) , the translation is analogous to the previous case for (f a)* , but the induction is made firstly on the (π1 ;π2 ) position π2 and only then (when π2 = ) on π1 . For the sake of clarity, all cases are shown below: • If π2 = 0π, it is the case that t matches (f aC→D )( (π1 ;0π) , and then . ξ[t] = λcC .ξ[(f (a c))( (π1 ;π) ] • If π2 = 1π 0 , then there is at least one occurrence of the digit 1 in π 0 , since π2 is positive and π 0 is negative. Therefore, π2 is necessarily of the form 10 . . . 01π and t matches (f a(C1 →...Cn →(Tπ [A]→D1 ))→D2 )( (π1 ;10...01π) . Then . C T [A] ( C →...Cn →(Tπ [B]→D1 ) C ξ[t] = λk 1 .(a λc1 1 . . . cn n .λh π .(k cn . . . c1 ξ[(f h)(π

1 ;π)

]))

• If π2 =  and π1 = 0π, it is the case that t matches (f C→D a)( (0π;) , and then . ξ[t] = λcC .ξ[((f c) a)( (π;) ] • If π2 =  and π1 = 1π 0 , then there is at least one occurrence of the digit 1 in π 0 , since π1 is positive and π 0 is negative. Consequently, π1 is of the form 10 . . . 01π and t matches (f (C1 →...Cn →(Tπ [A→B]→D1 ))→D2 a)( (10...01π;) . Then . C C →...Cn →(Tπ [B]→D1 ) C T [A→B] ( ξ[t] = λk 1 .(f λc1 1 . . . cn n .λh π .(k c1 . . . cn ξ[(h a)(π;) ])

• If π2 = π1 = , it is the case that t matches (f a)( (;) , and then . ξ[t] = (ξ[f ] ξ[a])

5

Soundness and Completeness

NDd is sound and complete with respect to ND. Completeness means that any theorem provable in ND can also be proved in NDd , and it is rather trivial, since NDd is an extension of ND. Soundness (i.e. that NDd does not prove anything that is not already provable in ND) is harder and would be quite lengthy to prove, were it not for the isomorphisms I and Id and for the translation function ξ. Theorem 3 (Completeness). If T is provable in ND, then T is provable in NDd . . Proof. Let ψ be an ND-proof of T , then ψ 0 = Id−1 (ζ[I(ψ)]) is an NDd -proof of the same theorem T . Theorem 4 (Soundness). If T is provable in NDd , then T is provable in ND. . Proof. Let ψ be an NDd -proof of T , then ψ 0 = I −1 (ξ[Id (ψ)]) is an ND-proof of the same theorem T .

6

An Example

Many preprocessing techniques change formulas deeply. In the following example, Skolemization1 is considered. Consider the following formula F : (A → B) → ∃x.P (x) Its Skolemization F 0 is: (A → B) → P (c) Skolemization replaced the subformula ∃x.P (x) at position 0 in F by P (c). It is therefore a deep inference. In NDd , this can be formalized with a single deep implication elimination inference deriving F 0 from F and an additional axiom stating that ∃x.P (x) → P (c): f : . . . ` f : ∃x.P (x) → P (c)

a : . . . ` a : (A → B) → ∃x.P (x)

f : ∃x.P (x) → P (c), a : (A → B) → ∃x.P (x) ` (f a)( (;0) : (A → B) → P (c)

→( E (; 0)

In ND, on the other hand, the proof becomes much more lengthy, bureaucratic and consequently less natural: c : ... ` c : A → B f : . . . ` f : ∃x.P (x) → P (c)

a : . . . ` a : (A → B) → ∃x.P (x)

a : (A → B) → ∃x.P (x), c : A → B ` (a c) : ∃x.P (x)

c : A → B, f : ∃x.P (x) → P (c), a : (A → B) → ∃x.P (x) ` (f (ac)) : P (c) f : ∃x.P (x) → P (c), a : (A → B) → ∃x.P (x) ` λc.(f (a c)) : (A → B) → P (c) 1

→E

→E

→I

Since Skolemization is in general unsound in intuitionistic logic, it is assumed in this example that NDd has been extended to classical logic in any of the usual ways.

7

Conclusions and Directions for Future Work

In this paper a sound and complete extension of Natural Deduction that allows deep inference, NDd , was succesfully developed. Deep inference allows a more convenient and more natural formalization of intrinsically deep reasoning steps, and the resulting proofs are less bureaucratic, shorter and smaller. Therefore, NDd might be useful in application scenarios where the size of proofs is important (e.g. proof-carrying code [9]). The translation function ξ can be used to simulate deep inferences in a systematic way in current shallow proof assistants. And NDd could be seen as a first step towards a theoretical foundation for intrinsically deep proof assistants. Subsequent steps should involve the extension of NDd with (higher-order) quantification. Another direction for future work involves the translation function ζ. The translation function defined here translates a λ-term into λd -term (and, by the Curry-Howard isomorphisms, an ND-proof into an NDd -proof) in the most naive way, and the resulting NDd -proof is as long as the ND-proof. It would be interesting to try to develop compressing translation functions that take advantage of the fact that sometimes shorter proofs are possible in NDd . Although NDd has only one implication introduction rule, it could also have two, as for the elimination rules, if the assumption A were also allowed to occur inside a context. However, this would result in a more complicated λd -calculus, with a less natural translation to the usual λ-calculus. Nevertheless, the consequences and applications of this additional extension also deserve to be investigated in the near future.

References 1. Isabelle proof assistant. http://www.cl.cam.ac.uk/research/hvg/Isabelle/. 2. Coq proof assistant. http://coq.inria.fr/, 01 2010. 3. Thomas Bouton, Diego Caminha B. de Oliveira, David Deharbe, and Pascal Fontaine. verit: an open, trustable and efficient smt-solver. In Renate A. Schmidt, editor, Automated Deduction - CADE-22 (22nd International Conference on Automated Deduction), 2009. 4. Kai Bruennler and Richard McKinley. An algorithmic interpretation of a deep inference system. 2008. 5. Paola Bruscoli and Alessio Guglielmi. On the proof complexity of deep inference. ACM Transactions on Computational Logic, 10:1–34, 2009. 6. Philippe De Groote, editor. The Curry-Howard Isomorphism. 1995. 7. G. Gentzen. Untersuchungen u ¨ber das logische Schließen. Mathematische Zeitschrift, 39:176–210,405–431, 1934–1935. 8. Alessio Guglielmi and Tom Gundersen. Normalisation control in deep inference via atomic flows. Logical Methods in Computer Science, 4(1:9):1–36, 2008. http: //www.lmcs-online.org/ojs/viewarticle.php?id=341. 9. George C. Necula. Proof-carrying code. In Proceedings of the 24th ACM SIGPLANSIGACT symposium on Principles of programming languages, POPL ’97, pages 106–119, New York, NY, USA, 1997. ACM.