reasoning and the cut-elimination property in sequent or natural deduction calculi ...... In the formulation of classical sequent calculus chosen here, a Σ-sequent.
LaMI Laboratoire de M´ ethodes Informatiques
On Generalized Theorems for Normalization of Proofs Marc Aiguier, Cl´ement Boin and Delphine Longuet e-mails: {aiguier,cboin,dlonguet}@lami.univ-evry.fr
Rapport de Recherche D´ecembre 2005 ´ CNRS – Universit´e d’Evry Val d’Essonne 523 place des terrasses ´ F–91000 Evry France
On Generalized Theorems for Normalization of Proofs Marc Aiguier, Cl´ement Boin and Delphine Longuet
Abstract In this paper, we provide a general setting under which results of normalization of proof trees such as, for instance, the logicality result in equational reasoning and the cut-elimination property in sequent or natural deduction calculi, can be unified and generalized. This is achieved by giving simple conditions which are sufficient to ensure that such normalization results hold. These conditions are based on basic properties of elementary combinations of inference rules which assure that the induced “global” proof tree transformation processes do terminate. Keywords: formal systems, proof tree transformation, weak and strong normalization, Recursive Path Ordering (RPO), cut-elimination.
1
Introduction
In many situations in logic, to facilitate the use of a logical system, or to obtain consistency results for proof systems, or else to automatically prove theorems, one often uses search (construction) proof strategies. These strategies enable one to bound the search space for proofs to a given class of trees having a specific structure. One of the interests is to reduce proof search space (or even to make proof search feasible). This has been devised in various different contexts. Just a few examples: the so-called “logicality result”, which establishes a correspondence between derivability and convertibility in rewriting for many equational logics (sub-equational [29], mono-sorted [6], multi-sorted, conditional [20], partial [2], etc.); the cutelimination result which shows that the cut rule is redundant for sequent and natural deduction calculi of many logics (classical first order [16], intuitionistic first order [21], some modal logics [30], linear [17], deduction modulo [13], etc.); the confluence property of rewrite systems which establishes that derivability can be proven by “valleys” for many logics dealing with transitive relations (equational [11, 3], preorder [22, 26], special relations [25]),1 or by using the Curry-Howard’s isomorphism, normalization results in typed λ-calculi as initiated by D. Prawitz [24]. Recently, such a result of proof normalization has also been used in order to show the completeness of a procedure based on axiom unfolding which selects test data sets from conditional positive algebraic specifications [1]. In all these cases, the main difficulty is to show that the full derivability (i.e. without any specific proof strategy) coincides with the derivability restricted to a given class of proofs (i.e. with a specific proof strategy). Soundness of a given a strategy of proof search, which means that the restricted derivability is included into the full one, is obvious, because proofs resulting of such a strategy are particular instances of the general class of proofs. Completeness, which is expressed by the converse inclusion, is more problematic. Indeed, it requires that for any theorem proven by a tree in the general class, there exists some proofs in the restricted one (i.e. built according to the considered strategy). In most logical systems, completeness is the consequence of a weaker result which consists in defining basic transformations to rewrite elementary combinations of inference rules (possibly by duplicating a sub-derivation), and showing that the global proof tree transformation which is naturally induced by these basic transformations are normalizing.2 For instance, concerning the logicality result for the classical equational logic, the basic transformations consist in “distributing” substi1
Besides, in the equational setting, G. Dowek has shown that the confluence of a rewrite system can be defined as the cut elimination property of a proof system associated to this rewrite system: asymmetric deduction modulo [12]. 2 Our paper does not deal with normalization by evaluation approach, the main idea of which is to use the semantics for the purpose of normalization as in [5].
3
tution and context rules above transitivity, and removing all rules under reflexivity. In sequent calculus, the basic transformations consist, roughly speaking, in erasing the cut rule under axioms and moving it above all other rules, in order to eliminate it. These basic transformations are usually tedious but easy to define. The difficulty is to show that the induced global proof tree transformation is indeed normalizing. For instance, proving the result of cut elimination often requires complex nested inductions, because it is not obvious that the process to “move” the cut rule (in order to eliminate it) is terminating [15]. Each time, such results of normalization of proof trees are established for each underlying logical system in an ad-hoc way. In this report, we unify and generalize the method of normalization of proof trees used in sequent calculus, natural deduction, equational reasoning, or term rewriting into an abstract setting of arbitrary logical systems. Abstraction is obtained by studying proof tree normalization in the abstract framework of formal systems. This then enables one to be logical system independent. The interest is that, in computing science, many logics have been (will be) defined (in the future) to answer better, in a more suitable way, some specific aspect related to the activity of computing science. What is observed is that, most of the time, beside the original idea underlying a new logic, the authors have to develop a lot of inevitable formal results which generalize (to the new framework) some “well-known classical results”. Consequently, it is very useful to provide a general framework allowing one to generalize these results as this is done in this report for proof tree normalization results. Given a logic, such normalization results when they hold, may have shorter (but ad-hoc) proofs because for instance not rely on proof trees (such as Newman’s lemma – see Subsection 5.2). The interest of their unification and generalization is that these normalization results are proven once and for all. Hence, they become simpler to establish when assumptions to obtain them are easily checkable. The report is organized as follows. In Section 2, we recall standard definitions and notations about formal systems, deductions and proof trees. In Section 3, we introduce the class of (proof tree) transformation procedures for which we will express the crucial (shared) arguments of many different normalization results as generic conditions on allowed transitions. In Section 4, we will formalize a first set of conditions that will enable us to prove a strong normalization result. We will show then that the cut-elimination procedure for the sequent calculus LK with explicit structural rules does not satisfy this set of sufficient conditions. A thorough study of reasons for which such a strong normalization result failed will enable us to set off limits of standard rewriting techniques for proving termination such as RPO. Then, we will give a new set of sufficient conditions that enable us to prove a weak normalization result. Finally, Section 5 proposes three instances of our 4
approach: equational reasoning and its logicality result, Newman’s lemma that enables to transform any proof (written as series of peaks) into a valley, and (a version of 3 ) sequent calculus for classical first-order logic and its cut-elimination property. For each of them, we will establish a strong normalization result. A weak normalization result for the sequent calculus LK with explicit structural rules will be presented in Section 4 as a running example.
2
Preliminaries
A formal system (a so-called calculus) S = (F, R) consists of a set F elements of which are called formulæ,4 and a set R of n-ary relations on F , called inference rules. Thus, a rule with arity n (n ≥ 1) is a set of tuples (ϕ1 , . . . , ϕn ) of formulæ of F . Each sequence (ϕ1 , . . . , ϕn ) belonging to a rule r of R is called an instance of that rule with premises ϕ1 , . . . , ϕn−1 and conclusion ϕn . It is usually written ϕ1 ...ϕnϕn−1 . If n = 1, the instance is called an axiom and is written ϕ1 . A deduction in S is a finite sequence (ψ1 , . . . , ψm ) of formulæ such that m ≥ 1 and, for all i = 1, . . . , m, either ψi is an axiom or there is an instance ϕ1 ...ϕnϕn−1 of a rule in S such that ϕn = ψi and {ϕ1 , . . . , ϕn−1 } ⊆ {ψ1 , . . . , ψi−1 }. A theorem in S is a formula ϕ such that there exists a deduction in S with ϕ as last element. The existence of such a deduction is usually denoted by the meta-statement S ⊢ ϕ. Instances of rules can also be composed to build proof trees and proofs. Formally, a proof tree π in a formal system S is a finite tree whose nodes are labelled with formulæ of F in the following way: if a non-leaf node is labelled with ϕn and its predecessor nodes are labelled (from left to right) with ϕ1 , . . . , ϕn−1 , then ϕ1 ...ϕnϕn−1 is an instance of a rule of S. π is called a proof when its leaves are axioms. Thus, proofs are another way to denote deductions of theorems in formal systems. Given a proof tree π, note LM(π) (resp. LS(π)) the multiset 5 (resp. the set 6 ) of leaves of π. We will use the notation {{a1 , a2 , . . . , an }} to denote a finite multiset. A proof tree π with root ϕ is denoted by π : ϕ. We write π = (π1 , . . . , πn , ϕ)ι , n and such with n ∈ N, the proof tree whose last inference rule is ι = ϕ1 ,...,ϕ ϕ that, for every i, 1 ≤ i ≤ n, πi is the subtree of π leading to ϕi . Using a standard numbering of the tree nodes by natural number strings, we can refer to positions in a proof tree. Thus, given a proof tree π, a position of π is a string ω on N which represents the path from the root of π to the subtree whose conclusion occurs at that position. This subtree is denoted 3
It is a version where structural rules are implicit. Classicaly, F is a subset of A∗ the set of all finite words on the alphabet A. In this report, this condition will never be used. Therefore, it will not be considered. 5 In LM(π), all leaves of π are considered. We then have a multiset because several occurences of a same fomula can appear in π. 6 Here, when a formula ϕ of π has several occurences, only one is considered in LS(π). 4
5
by π|ω . Given a position ω ∈ N∗ in a proof tree π, π[π ′ ]ω is the proof tree obtained from π by replacing the subtree π|ω by π ′ . The trees π|ω and π ′ necessarily have the same root. If π and π ′ : ϕ are two proof trees and ω is a leaf position of π such that π|ω = ϕ, then we use the expression π ·ω π ′ rather than π[π ′ ]ω . This operation is called composition of π and π ′ on leaf position ω.
3
Proof transformation procedure
In all logical calculi where proof search strategies have been applied, the completeness of restricted derivability with respect to the full one is obtained by defining normalizing proof transformation procedures on the base of elementary proof tree transformations. When we study most of these procedures, we can observe that they consist in replacing in proofs, some basic patterns, that we will call basic proof trees, of the form (ι1 , . . . , ιn , ϕ)ι where each ιi (1 ≤ i ≤ n) is either an instance of rule in R or a formula in F , by proof trees in normal form (i.e. trees that are not reducible by other proof tree transformations). For instance, underlying the logicality result for the equational logic,7 we have the transformation rule: ′′
′′
′′
′
Trans. t=t t=tt ′ =t Sub. σ(t) = σ(t′ )
Trans.
′′
′
t=t t =t Sub. σ(t)=σ(t ′′ ) Sub. σ(t′′ )=σ(t′ )
σ(t) = σ(t′ )
As another example, we have in the cut-elimination result for sequent calculi:8 ′ ⇒∆′ ,ϕ,ϕ′ Γ,ϕ⇒∆ Γ,ϕ′ ⇒∆ ∨Left ΓΓ′ ⇒∆ ′ ,ϕ∨ϕ′ ∨Right Γ,ϕ∨ϕ′ ⇒∆ Cut ′ ′ Γ, Γ ⇒ ∆, ∆
Γ,ϕ⇒∆ Γ′ ⇒∆′ ,ϕ,ϕ′ Cut Γ, ϕ′ Γ,Γ′ ⇒∆,∆′ ,ϕ′ Γ, Γ′ ⇒ ∆, ∆′
⇒∆
Cut
And, in the cut-elimination result for natural deduction: ∧-elim
∧-intro
Γ⊢ϕ Γ⊢ψ Γ⊢ϕ∧ψ
Γ⊢ϕ
Γ⊢ϕ
Definition 3.1 (Basic proof tree) Let S = (F, R) be a formal system. A basic proof tree is a proof tree of the form (ι1 , . . . ιn , ϕ)ι such that for every i, 1 ≤ i ≤ n, either ιi ∈ F or there exists r ∈ R with ιi ∈ r. Definition 3.2 (Transformation procedure) Let S = (F, R) be a formal system. A (proof tree) transformation procedure for S is a binary relation on proof trees such that for every π π ′ , π is a basic proof tree, 7 8
A complete presentation of this result may be found in Subsection 5.1 and in [2]. See Subsection 5.3 and [18] for a complete presentation of this result.
6
π ′ is a proof tree in normal form, LS(π ′ ) ⊆ LS(π), and they have the same root. Note S , the closure of under proof tree context and composition on leaf position. By using the standard terminology available in rewriting, is strongly normalizing (or terminating) if every reduction sequence is finite, and weakly normalizing if every proof has a normal form. Normalization of the “global” transformation procedure obtained by repeated application of transformation rules cannot be ensured without supplementary conditions. Moreover, there are some well-known examples of transformation procedures that meet all the requirements of Definition 3.2 but are weakly normalizing (e.g. the cut-elimination procedure for sequent calculus with explicit structural rules), while some others are strongly normalizing (e.g. logicality or cut-elimination with implicit structural rules see Section 5). In order to take into account the larger family of transformation procedures, in the next section, we will study sufficient conditions on basic transformation rules which are easy to check, yet powerful enough to ensure normalization.
4
Abstract normalization theorems
This section is devoted to (strong and weak) proof trees normalization theorems. Their proofs are abstract in the sense that they proceed on the structure of proof trees of any formal system. A basic and powerful idea underlying most of termination methods such as recursive path ordering (RPO) consists in comparing terms of rewriting rules by first comparing their root symbols, and recursively comparing the collections of their immediate subterms. Therefore, start by assuming a well-founded ordering on atomic elements of proof trees (i.e. rule instances). Hence, given a transformation procedure , a well-founded ordering � on [ r is supplied. In the proof of the termination for the cut-elimination r∈R
result, this order is defined as follows:9
∀@ ∈ {∨, ¬, ∃}, Cut ≻ @Right, @Left, Axiom and Γ1 ⇒∆1 ,ϕ1 Γ′1 ,ϕ1 ⇒∆′1 Cut Γ1 ,Γ′1 ⇒∆1 ,∆′1
Γ ⇒∆ ,ϕ
Γ′ ,ϕ ⇒∆′2
≻ 2 Γ22,Γ′2⇒∆22 ,∆2′ 2 2 ⇔ |ϕ2 | < |ϕ1 |
9
Cut
A complete presentation of Gentzen’s calculus LK for classical first-order predicate logic can be found in Subsection 5.3.
7
where |ϕ| is the depth of formula defined to be supk (1 + |ϕk |) if the ϕi are the direct sub-formulæ of ϕ. In most examples of normalization results (see examples in Section 5), underlying transformation procedures satisfy the following condition: Condition 1 For each (ι1 , . . . , ιn , ϕ)ι subtree of π: [ 1. ι � ι′ if each πi′ ∈ F ∪ r
′ , ϕ′ ) ′ π and for each (π1′ , . . . , πm ι
r∈R
ι ≻ ι′ otherwise
2. If ι ∼ ι′ , then {{ι[ ≻ {{ι′1 , . . . , ι′m }} where ≻≻ extends ≻ to 1 , . . . , ιn }} ≻ multisets on F ∪ r. r∈R
Notice that Condition 1 is a particular case of RPO which generalizes distributivity 10 of some rules over others. Obviously, we then have the following result. Theorem 4.1 Every transformation procedure 1 is strongly normalizing.
that satisfies Condition
Proof Using proof terms for proofs, with a recursive path ordering >rpo to order proofs induced by the well-founded relation (precedence) � on rule instances, we show that ⊆ >rpo . Let (ι1 , . . . , ιn , ϕ)ι π be a transformation rule. By mathematical induction on π let us show that (ι1 , . . . , ιn , ϕ)ι >rpo π. Basic case. π is the formula ϕ. According to Definition 3.2, LS(π) ⊆ LS((ι1 , . . . , ιn , ϕ)ι ). Therefore, because reduction orderings have the subterm property, we conclude (ι1 , . . . , ιn , ϕ)ι >rpo π. General case. π is of the form (π1 , . . . , πn , ϕ)ι′ . Here two cases have to be considered: 1. ι ≻ ι′ . But, by the induction hypothesis, for every i, 1 ≤ i ≤ n, (ι1 , . . . , ιn , ϕ)ι >rpo πi , and then by RPO, (ι1 , . . . , ιn , ϕ)ι >rpo π. [ 2. ι ∼ ι′ . By Condition 1.1, each πi is in F ∪ r (1 ≤ i ≤ n). r∈R
By Condition 1.2, we have {{ι1 , . . . , ιn }} ≻≻ {{ι′1 , . . . , ι′m }}, and then {{ι1 , . . . , ιn }}≫rpo{{ι′1 , . . . , ι′m }}. By RPO, we then conclude (ι1 , . . . , ιn , ϕ)ι >rpo π.
10 Distributivity has been illustrated in the example of Section 3 with rules Sub. and Trans., where Sub. distributes over Trans.
8
� Problems may occur with transformation rules of the form (ι1 , . . . , ιn , ϕ)ι
π
such that there exists π ′ = (ι′1 , . . . , ι′m , ϕ′ )ι′ subtree of π with ι′j ∈ F ∪
[
r
r∈R
for every j, 1 ≤ j ≤ m, satisfying: • ι ∼ ι′ • LM(ι′j ) = LM((ι1 , . . . , ιn , ϕ)ι )
Indeed, such transformation rules may prevent from using the standard techniques to prove termination such as RPO, and then from obtaining a strong normalization result. An example of such a transformation rule is Rule R1 defined in the cutelimination procedure for the sequent calculus that considers contractions as explicit rules: R1
Γ,ϕ,ϕ⊢∆ ′ Γ,ϕ⊢∆ Contr. Γ ⊢ Γ, Γ′ ⊢ ∆, ∆′
ϕ, ∆′
Cut Γ,ϕ,ϕ⊢∆ Γ′ ⊢ϕ,∆′ ′ ′ Γ,Γ′ ,ϕ⊢∆,∆′ Cut Γ ⊢ ϕ, ∆ Cut Γ, Γ′ , Γ′ ⊢ ∆, ∆′ , ∆′
.. . Γ, Γ′ ⊢ ∆, ∆′ In this transformation rule, the problem comes from subtree π′ =
Contr. Contr.
Γ, ϕ, ϕ ⊢ ∆ Γ′ ⊢ ϕ, ∆′ Cut Γ, Γ′ , ϕ ⊢ ∆, ∆′
Indeed, we have Cut ∼ Cut and LM
Γ,ϕ,ϕ⊢∆ ′ Γ,ϕ⊢∆ Contr. Γ ⊢ Γ, Γ′ ⊢ ∆, ∆′
ϕ, ∆′
!
Cut =LM(π ′ )
It is well-known that this rule allows infinite reduction sequences when dealing with an unrestricted version of cut-elimination procedures by removing strategy. The reason is that the sequent Γ′ ⊢ ϕ, ∆′ and Cut are duplicated, and Contr. ≺ Cut. The only measure that decreases with such a rule is the number of occurrences of Contr. that occur above Cut in the right-hand side of the rule. Therefore by applying a strategy that eliminates, in proof trees, maximal proof trees (see the abstract definition of maximality just below) which are the nearest to leaves, this kind of measure will be sufficient to obtain a result of weak normalization, under the condition that the other rules do not introduce some occurrences of Contr. 9
Definition 4.2 (maximal proof tree) A proof tree π = (π1 , . . . , πn , ϕ)ι is said maximal if and only if for every i, 1 ≤ i ≤ n, each πi is a proof tree in normal form but π is not. We then divide the set of transformation rules into two disjoint sets. Definition 4.3 Let [ be a transformation procedure together with a wellfounded ordering � on r. We will call rule of sort 1 any (ι1 , . . . , ιn , ϕ)ι r∈R
π such that for each subtree π ′ = (ι′1 , . . . , ι′m , ϕ′ )ι′m+1 of π where for every j, [ 1 ≤ j ≤ m, ι′j ∈ F ∪ r, we have ι ≻ ι′m+1 . We will call rules of sort 2 all r∈R
other rules.
Now, we resume the above discussion by the following condition expressed in our abstract framework: Condition 2 For each transformation rule (ι1 , . . . , ιn , ϕ)ι π and for each ′ ′ ′ ′ ′ subtree π = (π1 , . . . , πm , ϕ )ι′m+1 of π such that, if LM(π ) = {{ϕ1 , . . . , ϕk }} and ωl is the position of ϕl in π ′ for each l, 1 ≤ l ≤ k, then there exists a sequence of proof trees in normal form (π1 : ϕ1 , . . . , πk : ϕk ) such that (. . . ((π ′ ·ω1 π1 ) ·ω2 π2 ) . . . ·ωk πk ) is maximal, we have: 1. LM(π ′ ) ⊆ LM((ι1 , . . . , ιn , ϕ)ι ) 2. ι � ι′m+1 .. .
.. .
ι′′ ... ϕ′′ ι′′ p ϕ′′ 1 p 1 ϕ′′
3. There does not exist a subtree π ′′ of π ′ of the form ι′′ such π of sort 2 that there exists a transformation rule (ι1 , . . . , ιq , ϕ)ι such that the sequence (ι1 , . . . , ιq ) is embedded in the sequence (ι′′1 , . . . , ι′′p ), i.e. (ι′′1 , . . . , ι′′p ) is of the form (. . . , ι1 , . . . , ι2 , . . . , ιq , . . .). Consider Rule R1 (which is the only one to be of sort 2 in the cutelimination procedure), the only subtree satisfying the premise of Condition Γ′ ⊢ϕ,∆′ 2 is π ′ = Γ,ϕ,ϕ⊢∆ Γ,Γ′ ,ϕ⊢∆,∆′ Cut. Indeed, whatever the proof trees in normal form π1 and π2 with conclusion Γ, ϕ, ϕ ⊢ ∆ and Γ′ ⊢ ϕ, ∆′ respectively, the π2 :Γ′ ⊢ϕ,∆′ Cut is a maximal proof tree, as the transforproof tree π1 :Γ,ϕ,ϕ⊢∆ Γ,Γ′ ,ϕ⊢∆,∆′ mation procedure is complete for Cut.11 Conditions 2.1 and 2.2 are then satisfied because ! Γ,ϕ,ϕ⊢∆ ′ ⊢ ϕ, ∆′ Contr. Γ Γ,ϕ⊢∆ Cut LM(π ′′ )=LM Γ, Γ′ ⊢ ∆, ∆′ 11
That is that the case of any rule over Cut is treated in the cut-elimination procedure.
10
and
Γ, ϕ ⊢ ∆ Γ′ ⊢ ϕ, ∆′ Γ, ϕ, ϕ ⊢ ∆ Γ′ ⊢ ϕ, ∆′ Cut ∼ Cut Γ, Γ′ ⊢ ∆, ∆′ Γ, Γ′ , ϕ ⊢ ∆, ∆′ Condition 2.3 is aimed at eliminating situations that may allow the application of a rule of sort 2 and then may lead to unterminating situations. For instance, in Rule R1, Condition 2.3 is satisfied because no instance of rule Contr. occurs in the right-hand side of R1 in such a place where a rule Cut would be allowed to appear under it by the application of another transformation rule of sort 2. If this was the case, it would then be possible to apply R1 again, and then the procedure would never terminate. The only case of subtree π ′′ of π ′ satisfying the form given in Condition 2.3 is π ′ itself. Condition 2.3 is then satisfied because Γ,ϕ,ϕ⊢∆ Γ,ϕ⊢∆ Contr. does not appear in π ′ . Now we arrive at the main theorem of this report. Theorem 4.4 Suppose that normalizing.
satisfies Condition 2. Then
is weakly
Proof The theorem is obtained by generalizations of Tait’s proof [27]. Note m(π) for π a maximal proof tree, the number of subtrees π ′ of .. .. . ′ ′ . ι1 ϕ′ ...ιm ϕ′
π of the form ι′ 1 ϕ′ m such that there exists a transformation rule (ι1 , . . . , ιn , ϕ)ι π ′′ of sort 2 and the sequence (ι1 , . . . , ιn ) is embedded ′ in the sequence (ι1 , . . . , ι′m ). If π is not maximal, m(π) = 0. The length |π| of a proof tree π is inductively defined to be supi (|πi | + 1) if the πi are the direct subtrees of π, where |ϕ| = 0 if ϕ is a leaf. It is well-known that all ! well-founded sets are isomorphic to a unique [ r, � → α where α is an ordinal, this isomorphism. ordinal. Note d : r∈R
Then, the rank of a maximal proof tree π, noted rk(π), is defined to be d(ι)+ |π| where ι is the last inference rule applied in π (i.e. π = (π1 , . . . , πo , ϕ)ι ).
Therefore, the measure of a proof tree π, noted meas(π), is defined to be sup((m(π ′ ), rk(π ′ ))) for the lexicographic ordering ≫ on N × α, where π ′ is covering all maximal subtrees of π . First, let us show that applying any transformation rule does not increase the measure of proof trees. Then, let π = (π1 , . . . , πn , ϕ)ι be a maximal proof tree such that each πi is of the form (πi1 , . . . , πini , ϕi )ιi (1 ≤ i ≤ n). Let (ι1 , . . . , ιn , ϕ)ι π ′ be a transformation rule. This rule transforms π into π = (π 1 , . . . , π o , ϕ)ι′ . By definition, π ′ can have two forms: 1. If π ′ is restricted to a m(π) < m(π).
ϕ,
then π is
11
ϕ
too. So m(π) = 0 and then
2. Otherwise, π ′ is of the form (π1′ , . . . , πo′ , ϕ)ι′ . Here two cases have to be considered: (a) Either π is maximal. Therefore, as π ′ is a proof tree in normal form, there exists i, 1 ≤ i ≤ o, such that πi ∈ F . The fact that π is maximal is then the result of the composition of π ′ with the tree πi : ιi . Consequently, the subtree of π ′ satisfying the premises of Condition 2 is π ′ itself. Therefore, by Condition 2.1, we have LM(π ′ ) ⊆ LM((ι1 , . . . , ιn , ϕ)ι ). By Condition 2.3, we then have m(π) ≤ m(π). The case where m(π) < m(π) is straightforward by definition. If m(π) = m(π), two cases have to be considered, but only one is relevant. • Suppose ι ≻ ι′ . Therefore, we have rk(π) > rk(π). • Suppose ι ∼ ι′ . This case is not possible actually. As a matter of fact, if ι ∼ ι′ , then the transformation rule (ι1 , . . . , ιn , ϕ)ι π ′ is of sort 2 by definition. Therefore, the number of rules of sort 2 that could be applied in π has decreased, hence m(π) < m(π), which contradicts the hypothesis. Hence, we have meas(π) ≪ meas(π). (b) Maximal proof trees in π are among π 1 , . . . , π o . Let π ′′ be a maximal proof tree of π, π ′′ = (π1′′ , . . . , πl′′ , ϕ′′ )ι′′ . By following the same arguments than previously, we have meas(π ′′ ) ≪ meas(π), and then meas(π) ≪ meas(π). We show that the set of basic transformation rules is terminating by structural induction of proof trees. Basic case. π is of the form form.
ϕ.
This is obvious because π is in normal
General case. π = (π1 , . . . , πn , ϕ)ι . This is obvious if π is in normal form. Otherwise, two cases have to be considered: 1. π is a maximal proof tree (i.e. each πi is in normal form with 1 ≤ i ≤ n). In this case, we have shown that basic transformation rules decrease the measure of proof trees at each step. 2. Some πi : ϕ are not in normal form. By induction hypothesis, ∗ there exists proof trees πi′ : ϕ in normal form such that πi S πi′ . Therefore, π ′ = (π1′ , . . . , πn′ , ϕ)ι is either in normal form or a maximal proof tree. For the latter, we have shown that transformation rules decrease the measure of proof trees at each step.
12
� In cut-elimination procedures for sequent calculus with explicit structural rules, some strongly normalizing cut-elimination procedures have been developed. The first proof of strong normalization has been given by Dragalin in 1979 [14]. More recently, other proofs of strong normalization of cut-elimination procedures have been given in [7, 8, 19, 28]. All of these strong results are obtained either by “camouflaging” contractions into introduction or cut rules, or by transforming the cut rule in order to prevent contractions on cut rules. For the latter, this is how E. Tahhan Bittar in [7] enters upon strong normalization proofs for cut-elimination. The cut rule in [7], called Mix rule, is defined as follows: Γ, ϕn ⊢ ∆ Γ′ ⊢ ϕm , ∆′ Mix Γ, Γ′ ⊢ ∆, δ′ where ϕn means ϕ, . . . , ϕ. For such a calculus, Rule R1 above is then | {z } n times
transformed as follows:
Γ,ϕ,ϕ⊢∆ ′ Γ,ϕ⊢∆ Contr. Γ ⊢ Γ, Γ′ ⊢ ∆, ∆′
ϕ, ∆′
Mix
Γ, ϕ, ϕ ⊢ ∆ Γ′ ⊢ ϕ, ∆′ Mix Γ, Γ′ ⊢ ∆, ∆′
By using the precedence order: ∀@ ∈ {∨, ¬, ∃, Contr., Weak}, Mix ≻ @Right,@Left, Axiom We easily show that this cut-elimination procedure satisfies above Condition 1. Such transformations of inference rules in sequent calculus for obtaining strong normalization result are intimately dependent on rule structure, and then are hardly generalizable in our abstract framework.
5
Applications
In this section, in order to illustrate our approach with some concrete examples, we will apply our general method to classical results, which are, respectively, the logicality result in equational logic, Newman’s lemma in rewriting theory and Gentzen cut-elimination result for a sequent calculus for classical first-order predicate logic where structural rules are implicit (which is a quite standard formulation of the calculus). For each of them, we will prove a strong normalization result. In the literature, each of them have been extended to many other logic calculi, but, each time the underlying (meta) proof methodology is pretty much the same and it can be seen as a particular instance of our general abstract approach. We do not give some weak normalization results fitting in our framework such as the cutelimination one with explicit structural rules because some hints on this last 13
result have already been given in the last section. Moreover, its complete presentation can easily be obtained by adding rules given in Section 5.3.
5.1
Logicality
Before stating the logicality result, let us first give the formal system for equational logic. Let Σ be a signature, that is, a set of function names, each one equipped with an arity in N. Let V be a set of variables. Note TΣ (V ) the set of terms with variables in V . Let Γ be a set of equations, that is, sentences of the form t = t′ with t, t′ ∈ TΣ (V ). Therefore, the formal system associated to Σ and Γ is given by the pair S = (F, R) where F is the set of all equations of the form t = t′ with t, t′ ∈ TΣ (V ), and R is the set of rule instances generated by the standard rule schemas recalled below. Let C be any term of TΣ (V ∪ {�}) with a unique occurrence of �.12 Let C[t] be the result of replacing in C the occurrence of � by t ∈ TΣ (V ), and let σ : V → TΣ (V ) be a substitution. The considered rule schemas are: t = t′ ∈ Γ t = t′
Ref.
t = t′ C[t] = C[t′ ]
Sub.
Axiom Cont.
Sym.
t=t t = t′ σ(t) = σ(t′ )
t = t′ t′ = t
Trans.
t = t′ t′ = t′′ t = t′′
S ⊢ t = t′ is usually written Γ ⊢ t = t′ . A classical result due to G. Birkhoff [6] ensures that equational reasoning (given by derivability according to the rules above) coincides with convertibility in rewriting for equational logic. This property, named logicality [31], is expressed by: ∗
Γ ⊢ t = t′ ⇐⇒ t ↔Γ t′
(Γ: set of equations)
where ↔Γ is the convertibility relation defined as the closure of equations of Γ under symmetry (Sym.), substitution (Sub.) and context (Cont.), and ∗ ↔Γ is the closure of ↔Γ under reflexivity (Ref.) and transitivity (Trans.). ∗ Hence, ↔Γ actually defines proof search (building) strategies which select proof trees π composed of instances in R such that no instance of Trans. occurs over instances of Sym., Sub., and Cont. Completeness of such strategies can be shown by using the following basic proof tree transformations: ′′
′′
′′
′
Trans. t=t t=tt ′ =t Sub. σ(t) = σ(t′ )
Trans.
′′
′
t=t t =t Sub. σ(t)=σ(t ′′ ) Sub. σ(t′′ )=σ(t′ )
12
σ(t) = σ(t′ )
Intuitively, the special variable � represents a “hole”, so that C can be seen as a context.
14
The cases of Sym. and Cont. correspond to a similar transformation, that is, a distribution of Sym. and Cont. over Trans. Sub.
Ref. t=t σ(t) = σ(t)
Sym.
Ref. t=t t=t
Cont.
Ref.
σ(t) = σ(t)
Trans.
... Ref. t=t t=t ′ ′ t=t ...
Ref.
t=t
Ref. t=t C(t) = C(t)
Ref.
′
Trans. t=t
Ref. t′ =t′ t = t′
... t = t′ ... t = t′
C(t) = C(t)
The transformation procedure defined by the above basic transformations satisfies Condition 1 for the well-founded ordering defined by: Sym. ∼ Sub. ∼ Cont. ≻ Trans. ≻ Ref. ∼ Axiom As we have already observed, the transformation rules consist in distributing instances of Sym., Sub. and Cont. over instances of Trans., and erasing all rule instances when they occur under Ref.’s ones. Hence, all transformation rules are: • either of the form ι
Trans. ϕ
Trans.
ι1 ι2 ϕ
with ι, ι1 , ι2 ∈ r and r ∈ { Sub., Cont., Sym. } • or of the form ι
Ref. ϕ
Ref.
ϕ
In the first case, ι ≻ Trans., ι ∼ ιj and LS(ιj ) ⊆ LS(Trans.) for j = 1, 2, while in the second case, ι ≻ Ref. Therefore, all transformation rules satisfy Condition 1, and then by Theorem 4.1 the logicality procedure is strongly normalizing.
5.2
Newman’s lemma
It is well-known that from any local-confluent and terminating rewrite system R, all proofs written as series of peaks can be transformed into valleys by removing and replacing, step by step, local peaks by equivalent valleys. This process can be formalized by a terminating transformation procedure that meets all the requirements given in section 4. First, introduce the underlying formal system. Let R be a rewrite system, that is a binary relation → ⊆ TΣ (V ) × TΣ (V ), which is terminating and locally confluent. The associated formal system S = (F, R) is then defined by: 15
∗
∗
• F is the set of all sentences of the form u →R v, u →R v and u ↔R v • R is the set of inference rules Axiom
u→v∈R u →R v
Rew.
∗
u →R v
Der/Pr.
∗
u →R v
Peak
u →R v
Sub.
∗
C[u] →R C[v]
u
∗
∗
σ(u) →R σ(v) ∗
Valley
∗
u ↔R v ∗
Proof
u →R v
∗
← w →R v
R
∗
u ↔R v ∗
∗
Cont.
u →R v
∗
u →R w
R
∗
u ↔R v ∗
u ↔R w ↔R v
Deriv.
∗
u ↔R v
∗
← v 13
∗
u →R w →R v ∗
u →R v
Basic transformation rules are then the following: ∗ ′ ∗ R ←u R ←w ∗ u R ←w
Deriv. u
Peak
∗
Proof
∗
u ↔R v u
R
∗
∗
′ ∗
w →R v
u ↔R v Rew. u u
Peak
R ←w→R v ∗ ∗ R ←w R →v
∗ ∗ ′ R ←w →R v ∗ u↔ R v ′
Valley
∗
∗ ∗ R ←w →R v ∗ ′ u ↔R v
′ ∗
Rv Der/Pr v′ → ∗
v ↔R v
∗
u ↔R v ∗
u ↔R v
′
∗
Proof
∗
Peak u
u ↔R v Peak u
← w Deriv. w→R∗v →R v
Peak
∗ ′ R ←u ∗ u↔R u′
Der/Pr u
w →R v
u →R x
R
∗
←v
∗
u ↔R v
14
∗
Valley u→R∗x
u↔R w
Proof
∗
∗
Rx Der/Pr u→ Peak x ∗
Rv Der/Pr w→ ∗
w ↔R v
u ↔R v ∗ ′ R ←u ∗ u↔ R u′
′ ∗
x Valley u →R ′ ∗
u↔ R x
Proof
∗
Der/Pr u
Proof
∗ R ←w
∗ R ←v
u ↔R v
u ↔R v
∗
u ↔R v Peak u
Proof
∗
∗ ∗ R ←w →R v ∗ x↔R v
∗ ′ ∗ R ←u →R x ∗ u↔R x
∗
Rv Der/Pr x← ∗
x↔R v
∗
u ↔R v
The transformation procedure defined by the above basic transformations satisfies Condition 1 for the well-founded ordering � defined by: 14
Such x exists because R is locally confluent. Moreover, it can be computed because R is terminating.
16
Peak,Proof ≻ Rew ∼ Cont. ∼ Der/Pr. ∼ Sub. ∼ Valley ∼ Deriv. ∗ ′ ∀i ∈ {1, 2, 3}, ui →R ui ′ @′ u′ @′ u′ u u1 @ u2 @ u 3 3 2 ∧ ≻ ι′ 1 ⇐⇒ ι ∗ ∗ + u1 ↔R u3 u′1 ↔R u′3 ∃j ∈ {1, 2, 3}, u → ′ j R uj ∗
∗
ι, ι′ ∈ Proof ∪ Peak and @, @′ ∈ {↔R , →R }.
Peak
u1
R
∗
∗
← u2 → R u3 ∗
u ↔R v
∗
+
∗
≻ u →R v ⇐⇒ u2 →R u ∧ (∃j ∈ {1, 2, 3}, uj →R v
All the transformation rules satisfy Condition 1 and then the procedure is strongly normalizing.
5.3
Gentzen’s Cut Elimination
First, let us introduce the formal system for (a version of) the sequent calculus LK for classical first order predicate logic. Here, we restrict ourselves to the logical connectives {¬, ∨} and the quantifier ∃. It is well-known that other classical connectives and quantifiers can be defined from this restricted set. First, we recall the basic notions and notations of first-order logic and sequent calculus. In the case of first-order logic, a signature Σ = (Op, P ) contains two sets of operation names and predicate names, and each operation and predicate name is equipped with an arity in N. Σ-atoms are formulæ p(t1 , . . . , tn ) where p ∈ P and every ti (1 ≤ i ≤ n) is a term in TΣ (V ). Well-formed Σ-formulæ are then either atoms or sentences of form ¬ϕ, ϕ ∨ ψ, and ∃x.ϕ where ϕ and ψ are well-formed Σ-formulæ and x is a variable in V . The notions of free and bound variable are defined as usual, and write ϕ[x/t] for clash of variables-avoiding substitution of t for x in ϕ. In the formulation of classical sequent calculus chosen here, a Σ-sequent is any pair Γ ⇒ ∆ where Γ and ∆ are two finite sets of well-formed Σformulæ. In the following, we will write Γ, ϕ and Γ, Γ′ to mean Γ ∪ {ϕ} and Γ ∪ Γ′ , respectively. Our choice to consider sets rather than multi-sets (or even lists) of formulæ in the definition of sequents eliminates contraction and exchange as explicit structural rules. Given a signature Σ = (Op, P ), the formal system S = (F, R) for Σ associated to Gentzen-style sequent calculi is defined as follows: • F is the set of Σ-sequents15 15
Note that this definition is independent of the chosen structure for sequents, so that can be generalized to other sequent calculi.
17
• R contains all the instances of the following rule schemas: Γ, ϕ ⇒ ∆, ϕ
Ax.16
Γ, ϕ ⇒ ∆ Γ, ϕ′ ⇒ ∆ ∨Left Γ, ϕ ∨ ϕ′ ⇒ ∆
Γ ⇒ ∆, ϕ, ϕ′ ∨Right Γ ⇒ ∆, ϕ ∨ ϕ′
Γ ⇒ ∆, ϕ ¬Left Γ, ¬ϕ ⇒ ∆
Γ, ϕ ⇒ ∆ ¬Right Γ ⇒ ∆, ¬ϕ
Γ, ϕ[x/y] ⇒ ∆ ∃Left Γ, ∃x.ϕ ⇒ ∆
Γ ⇒ ∆, ϕ[x/t] ∃Right Γ ⇒ ∆, ∃x.ϕ
Γ ⇒ ∆, ϕ Γ′ , ϕ ⇒ ∆′ Cut Γ, Γ′ ⇒ ∆, ∆′ where the ∃Left rule obeys to the usual eigenvariable condition, stating that x is not free in Γ, ∆. In the cut rule, ϕ is called the cut formula. Finally, we use the standard terminology of principal formula with respect to a rule r as follows: – ¬ϕ is principal with respect to ¬Left and ¬Right, – ϕ ∨ ϕ′ is principal with respect to ∨Left and ∨Right, and – ∃x.ϕ is principal with respect to ∃Left and ∃Right, In [16], Gentzen has shown that all cuts can be eliminated from proof trees for a version of classical sequent calculus where structural rules are explicit. To achieve this purpose, he has given a constructive proof of the cut-elimination result, by defining an effective procedure to eliminate cuts from a proof tree π whose conclusion is a tautology A and whose leaves are axioms so as to obtain a cut-free proof tree π ′ proving A from axioms. This procedure is based on basic proof transformations which can be modeled in our abstract framework. First, we need to add to the set R of inference rules the two following admissible rules: Γ⇒∆ Sub. σ(Γ) ⇒ σ(∆) where σ : V → TΣ (V ) is a substitution and σ(Γ) = σ(ϕ1 ), . . . , σ(ϕn ) when Γ = ϕ1 , . . . , ϕn . 16
It is well known that formulation of the axioms makes the structural rule Weakening admissible in the calculus.
18
Γ⇒∆ Weak. where either Γ′ = Γ, Φ Γ′ ⇒ ∆ ′ ∆′ = ∆, Ψ or Γ′ = Γ ∆′ = ∆, Ψ or Γ′ = Γ, Φ ∆′ = ∆ Let us call the resulting extended system of rules R′ . The intuitive reason of such an extension of R to R′ , is that, in usual cut elimination proofs for calculi with implicit structural rules given in the literature [15, 21], these two supplementary rules are replaced by obvious intermediary lemmas, which are situated at a meta-theoretical level. Since we aim to see the cut-elimination procedure as a rewriting procedure, we do need to shift them at the object level. Note that, because of admissibility of Sub. and Weak., there is a proof via R of a tautology A if and only if there is a proof of A via R′ . Moreover, our method will be such that cut-free proofs with respect to R′ are indeed cut-free proofs using only rules in R. Therefore, Gentzen’s result (and, in particular, the termination of the cut-elimination procedure, which is the difficult part) can be shown by using the basic transformation rules described below. Such a set of transformation rules can be organized in four cases: 1. Case where the cut formula is not principal with respect to at least one of the inferences leading immediately to the premises of the cut. Here, we give transformations for the case where right rules are applied so as to get the left premise of the cut rule, but one can generalize such transformations to the symmetric case in a standard way. Γ1 ⇒∆1 ,ϕ @Right Γ′1 ⇒∆2 ,ϕ Γ′1 , Γ2 ⇒
Γ2 , ϕ ⇒ ∆ 3 ∆2 , ∆3
Cut
Γ1 ⇒∆1 ,ϕ Γ2 ,ϕ⇒∆3 Cut Γ′1 ,Γ2 ⇒∆1 ,∆3 @Right Γ′1 , Γ2 ⇒ ∆2 , ∆2
where @ ∈ {∨, ¬, ∃} and Γ′1 = Γ1 except for the ¬Right rule, where Γ′1 = Γ1 , ¬ψ for some formula ψ. 2. Case where the cut formula is principal with respect to both the inferences leading immediately to the premises of the cut. In this case we have the following basic proof tree transformations: ′ ⇒∆′ ,ϕ,ϕ′ Γ,ϕ⇒∆ Γ,ϕ′ ⇒∆ ∨Left ΓΓ′ ⇒∆ ′ ,ϕ∨ϕ′ ∨Right Γ,ϕ∨ϕ′ ⇒∆ Cut ′ ′ Γ, Γ ⇒ ∆, ∆
Γ,ϕ⇒∆ Γ′ ⇒∆′ ,ϕ,ϕ′ Cut Γ, ϕ′ Γ,Γ′ ⇒∆,∆′ ,ϕ′ Γ, Γ′ ⇒ ∆, ∆′
19
⇒∆
Cut
Γ′ ,ϕ⇒∆′ Γ⇒∆,ϕ Γ,¬ϕ⇒∆ ¬Left Γ′ ⇒∆′ ,¬ϕ ¬Right Cut Γ, Γ′ ⇒ ∆, ∆′
Γ ⇒ ∆, ϕ Γ′ , ϕ ⇒ ∆′ Cut Γ, Γ′ ⇒ ∆, ∆′
Γ,ϕ[x/y]⇒∆ Γ′ ⇒∆′ ,ϕ[x/t] Γ,∃x.ϕ⇒∆ ∃Left Γ′ ⇒∆′ ,∃x.ϕ ∃Right Cut Γ, Γ′ ⇒ ∆, ∆′ Γ,ϕ[x/y]⇒∆ ′ Γ[y/t],ϕ[x/y][y/t]⇒∆[y/t] Sub. Γ Γ, Γ′ ⇒ ∆, ∆′
⇒ ∆′ , ϕ[x/t]
Cut
3. Case where at least one premise of the cut rule is an axiom. ′ Γ,ϕ⇒∆,ϕ Ax. Γ , ϕ ⇒ Γ, ϕ, Γ′ ⇒ ∆, ∆′
∆′
Cut
Γ′ , ϕ ⇒ ∆ ′ Weak. Γ, ϕ, Γ′ ⇒ ∆, ∆′
The dual case (i.e. the rule Ax. is applied on the right premise of the cut rule) is handled in the same way. 4. Finally, it remains the case where the rules Sub., Weak. lead to at least a premise of any inference except the cut rule. Here, we can easily show that Sub. and Weak. pass over rules in @Left and @Right rules where @ ∈ {∨, ∧, ∃}, and are canceled out when they are occurring under instances of Ax. The basic transformations are similar to the ones for logicality. Every basic transformation satisfies Condition 1 for the well-founded ordering � defined as follows: ∀@ ∈ {∨, ¬, ∃}, Cut ≻ Weak. ∼ Sub. ≻ @Left ∼ @Right ∼ Ax. Γ ⇒∆2 ,ϕ2 Γ′2 ,ϕ2 ⇒∆′2 Cut ′ Γ2 ,Γ2 ⇒∆2 ,∆′2
Γ1 ⇒∆1 ,ϕ1 Γ′1 ,ϕ1 ⇒∆′1 Cut ′ Γ1 ,Γ1 ⇒∆1 ,∆′1
≻ 2 ⇔ |ϕ2 | < |ϕ1 |
where |ϕ| is the depth of formula defined to be supk (1 + |ϕk |) if the ϕi are the direct sub-formulæ of ϕ. All the transformation rules are of the form ι′1 . . . ι′m ′ ι ϕ
ι1 . . . ιn ι ϕ with each ι′j ∈ F ∪
[
r and such that ι ≻ ι′ and for all 1 ≤ i ≤ m, ι ≻ ι′i .
r∈R
Hence, all of them satisfy Condition 1. Therefore, by Theorem 4.1, the cut-elimination procedure as presented here is strongly normalizing. 20
6
Conclusions and Perspectives
In this report, we have given a method to obtain results of normalization of proof trees independently of the underlying formal system. This has been achieved by generalizing the observation that some inference rules pass over or are canceled out when they occur under any other rules. This generalization is expressed by a set of basic proof tree transformations which, when the induced global proof transformation is terminating, ensures the completeness of the corresponding proof strategy. However, termination cannot be ensured in general. Therefore, two conditions on the structure of basic proof tree transformations have been given, which are sufficient to ensure such a result of termination. These two conditions allow us to obtain an abstract strong and an abstract weak normalization result, respectively. In order to validate our approach, we plan to continue to work in at least two directions: 1. Check “by hand” that we can indeed cover several already known normalization results, for instance: cut-elimination for “standard” modal propositional sequent calculi for the logics K, K4, T, S4; cutelimination for linear logic sequent calculus and/or proof-nets (when proof-nets are presented under the form of proof structure which are built according to the rules of linear sequent calculus as in [18]); cutelimination for display calculi [4, 10], etc. 2. Submit our “meta proofs” to a generic theorem proof assistant, as, for instance, Isabelle [23] or Coq [9], as it is done for a specific proof of strong normalization for the case of display calculi in [10]. This enables one to certify, as a result, all existing and future normalization results. Indeed, it would be only enough to check that the transformation rules of proof trees which underlie the normalization result meet the sufficient conditions of Section 4.
References [1] M. Aiguier, A. Arnould, C. Boin, P. Le Gall, and B. Marre. Testing from algebraic specifications: Test data set selection by unfolding axioms. In Formal Approche to Testing of Software, Lecture Notes in Computer Science. Springer Verlag, 2005. To appear. [2] M. Aiguier, D. Bahrami, and C. Dubois. On a generalised logicality theorem. In Artificial Intelligence, Automated Reasoning, and Symbolic Computation, volume 2385 of Lecture Notes in Artificial Intelligence, pages 51–64. Springer Verlag, 2002. [3] F. Baader and T. Nipkow. Term Rewriting and All That. C.U. Press, 1998. 21
[4] N. D. Belnap. Display logic. Journal of Philosophical Logic 11, pages 375–417, 1982. [5] U. Berger, M. Eberl, and H. Schwichtenberg. Term rewriting for normalization by evaluation. Information and Computation, 183:19–42, 2003. [6] G. Birkhoff. On the structure of abstract algebras. In Proceedings of The Cambridge Philosophical Society, volume 31, pages 433–454, 1935. [7] E. Tahhan Bittar. Strong normalization proofs for cut-elimination in Gentzen’s sequent calculi. In Proceedings of the Symposium on Algebra and Computer Science, Helena Rasiowa in Memoriam, volume 46, pages 179–225. Banach Center Publication, 1999. [8] E.-A. Cichon, M. Rusinowitch, and S. Selhab. Cut elimination and rewriting: termination proofs. Technical report, INRIA-Lorraine, Nancy, France, 1996. [9] C. Cornes, J. Courant, J.-C. Filliˆatre, G. Huet, P. Manoury, C. Munoz, C. Murthy, C. Parent, Ch. Paulin-Mohring, A. Sa¨ıbi, and B. Werner. The coq proof assistant reference manual, version 5.10. Technical Report 177, INRIA, July 1995. [10] J. Dawson and R. Gore. A new machine-checked proof of strong normalisation for display logic. In James Harland, editor, Electronic Notes in Theoretical Computer Science, volume 78. Elsevier, 2003. [11] N. Dershowitz and J.-P. Jouannaud. Rewrite systems. In J. van Leeuwen, editor, Handbook of TCS, volume B: Formal Models and Semantics, pages 243–320. Elsevier, 1990. [12] G. Dowek. Confluence as a cut-elimination property. In R. Nieuwenhuis, editor, Rewriting Techniques and Applications, volume 2706 of Lecture Notes in Computer Science, pages 2–14. Springer Verlag, 2003. [13] G. Dowek and B. Werner. Proof normalization modulo. In International Workshop on Types for Proofs and Programs, pages 62–77, London, UK, 1999. Springer Verlag. [14] A.-G Dragalin. Mathematical intuitionism, introduction to proof theory. Translations of Mathematical Monographs, 67:185–199, 1988. translation of the russian original from 1979. [15] J.-H. Gallier. Logic for Computer Science, volume Foundations of Automatic Theorem Proving. Harper & Row, 1986.
22
[16] G. Gentzen. Untersuchungen u ¨ber das logische schließen. Mathematische Zeitschrift, 39(176-210):405–431, 1935. English translation in M.-E. Szabo, editor, The collected Papers of Gerhard Gentzen, pages 68–131, North-Holland, 1969. [17] J.-Y. Girard. Linear logic. Theoretical Computer Science, 50:1–102, 1987. [18] J.-Y. Girard, Y. Lafont, and P. Taylor. Proofs and Types. Cambridge University Press, 1989. [19] H. Herbelin. A λ-calculus structure isomorphic to Gentzen-style sequent calculus structure. In L. Pacholski and J. Tiuryn, editors, Proceedings of the 8th International Workshop on Computer Science Logic, volume 933 of Lecture Notes in Computer Science, pages 61–75. Springer Verlag, 1995. [20] S. Kaplan. Conditional rewrite rules. Theoretical Computer Science, 33:175–193, 1984. [21] S.-C. Kleene. Introduction to Meta-mathematics. North-Holland, 1952. [22] J. Levy and J. Agust´ı. Bi-rewrite systems. Journal of Symbolic Computation, 22:279–314, 1996. [23] T. Nipkow, L. Paulson, and M. Wenzel. Isabelle’s logics: http://isabelle.in.tum.de/doc/logics-HOL.pdf.
Hol.
[24] D. Prawitz. Natural deduction: A proof-theoretical study. Almqvist and Wiksell, Stockholm, 1965. [25] W. Marco Schorlemmer. Term rewriting in a logic of special relations. In 7th International Conference on Algebraic Methodology and Software Technology, volume 1548 of Lecture Notes in Computer Science, pages 178–195. Springer, 1998. [26] G. Struth. Non-symmetric rewriting. Technical report, MPI f¨ ur Informatik, 1996. [27] W.-W. Tait. Normal derivability in classical logic. In J. Barwise, editor, The Syntax and Semantics of Infinitary Languages, pages 204–236. Springer Verlag, 1989. [28] C. Urban and G.-M. Bierman. Strong normalisation of cut-elimination in classical logic. Acta Informaticae, 45(1-2):123–155, 2001. [29] V. van Oostrom. Sub-birkhoff. In 7th International Symposium on Functional and Logic Programming, volume 2998 of Lecture Notes in Computer Science, pages 180–195. Springer, 2004. 23
[30] L.-A. Wallen. Automated Deduction for Non Classical Logics. The MIT Press, 1990. [31] T. Yamada, J. Avenhaus, C. Loria-Saenz, and A. Middeldorp. Logicality of conditional rewrite systems. Theoretical Computer Science, 236(1,2):209–232, 2000.
24
