Download Enumerating Proofs of Positive Formulae

# The Author 2008. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved.
Advance Access publication on May 27, 2008
For Permissions, please email: [email protected]
doi:10.1093/comjnl/bxn029
Enumerating Proofs of Positive
Formulae
G ILLES DOWEK1
2
AND
YING JIANG 2,*
1
École polytechnique and INRIA, LIX, École polytechnique, 91128 Palaiseau Cedex, France
State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing
100190, P.R.China
*Corresponding author: [email protected]
We provide a semi-grammatical description of the set of normal proofs of positive formulae in
minimal predicate logic, i.e. a grammar that generates a set of schemes, from each of which we
can produce a finite number of normal proofs. This method is complete in the sense that each
normal proof-term of the formula is produced by some scheme generated by the grammar. As a
corollary, we get a similar description of the set of normal proofs of positive formulae for a large
class of theories including simple type theory and System F.
Keywords: positive formulae; enumerating proofs; minimal predicate logic
Received 21 September 2007; revised 19 February 2008
Guest editors: Mingsheng Ying and Ruqian Lu
1.
INTRODUCTION
A simple way to establish that provability in a logic is decidable
is to develop a proof-search method, enumerating all the
potential proofs of a given formula, and to prove that the
search tree of this method is finite. In this case, when a
formula is provable, we can even conclude that it has a finite
number of proofs. This is typically the situation in some
formulations of classical propositional sequent calculus [1].
In some other cases, typically in some formulations of
intuitionistic or minimal propositional sequent calculus, the
search tree is infinite but regular, i.e. it has only a finite
number of distinct sub-trees [1]. In such a situation, provability is still decidable, but the sets of proofs may be infinite.
Nevertheless, we can describe it with a context-free grammar.
In contrast to Kleene’s result, Zaionc has proved that the set
of normal proof-terms of a given formula in minimal propositional logic (i.e. the set of normal terms of a given type
in simply typed lambda-calculus) is not a context-free
language [2]. This result is a consequence of the undecidability of definability in simply typed lambda-calculus [3] (see
also [4] for a minimal example), and it explains why previous
grammatical descriptions of the set of normal terms of a given
type had required an infinite number of symbols [5 – 8].
The reason for this discrepancy between Kleene’s and
Zaionc’s results is that the former applies to a notion of a
sequent whose left-hand side is a set and the latter to that
whose left-hand side is a list. When using sets, there is no
way to distinguish proof-terms such as la : P lb : P a and
la : P lb : P b. These two proof-terms should be written in
the same way using the schematic notation la : P la : P a.
Using this idea, Takahashi et al. [5] as well as Broda and
Damas [9, 10] have shown that if we use such a schematic
language for proof-terms, where identical hypotheses are
referred to by the same name, the set of proof-terms of a
given formula in minimal propositional logic becomes a
context-free language. Moreover, each schematic proof-term
of this context-free language corresponds to a finite number
of genuine proof-terms. For instance, the schematic proofterm la : P la : P a corresponds to two proof-terms : la : P
lb : P a and la : P lb : P b. More generally, each variable
occurrence of a schematic proof-term may be replaced by a
variable chosen in a finite set, yielding a finite number of
proof-terms.
When such a grammar exists, we say that we have a semigrammatical description of the set of proof-terms of a given
formula. More precisely, a semi-grammatical description of
a set is formed with a context-free grammar and an algorithm
generating a finite number of elements of the set from each
element of the language defined by the grammar.
In [11], we have given a new decidability proof for the fragment of minimal predicate logic where all quantifiers are positive, and obtained, as a corollary, the decidability of type
inhabitation for positive types in System F. The motivation for
studying the positive fragment of minimal logic is twofold.
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
800
G. DOWEK
First, in the classical case, it is well known that the undecidability
comes from the negative quantifiers and that the positive fragment is decidable. The positive fragment, both for classical
and minimal predicate logics, appears to be a large natural
decidable fragment. Secondly, in System F, the datatypes are
expressed as positive types. For instance, the type of unary
natural numbers is encoded as 8X (X ! (X ! X) ! X) and
that of binary numbers as 8X (X ! (X ! X) ! (X ! X) !
X). However, some positive types, such as 8X (X ! ((X ! X)
! X) ! X), are not datatypes. Nevertheless, we may want to
describe the sets of normal terms of such types, because they
are used in higher-order abstract syntax or as the input type of
the algorithm, extracted from the constructive proof of the completeness theorem [12].
The algorithm defined in [11] consists in building a regular
search tree, based on a careful handling of variable names with
a system of brackets. In this paper, we extend the result and
give a semi-grammatical description for the set of b-normal
h-long proof-terms of a given formula in the positive fragment
of minimal predicate logic.
First, as the search-tree introduced in [11] is regular, we can
define a grammar enumerating the schematic proof-terms.
Then, we give an algorithm to generate a finite set of terms
corresponding to a given scheme. This algorithm is more
complex than that for the propositional case, because the
types may be modified when a variable is replaced by
another. The method obtained in this way is complete in the
sense that each normal proof-term of the formula is produced
from some scheme generated by the grammar. Finally, this
semi-grammatical description of normal proof-terms of positive formulae also applies to several theories such as simple
type theory and System F.
AND
Y. JIANG
DEFINITION 2.1 (POSITIVE
AND
NEGATIVE FORMULAE).
† An atomic formula is positive and negative.
† A formula of the form A ! B is positive (respectively
negative) if A is negative (respectively positive) and B
is positive (respectively negative).
† A formula of the form 8x A is positive if A is positive.
As pointed out in [11], a negative formula has the form A1
! . . . ! An ! P, where P is an atomic formula and A1,. . .,
An are positive formulae.
DEFINITION 2.2 (POSITIVE SEQUENTS). A sequent A1,. . ., An r
B is positive if A1,. . ., An are negative and B is positive.
2.2.
LJ1: a sequent calculus for positive sequents
We use a cut-free sequent calculus for positive sequents in
minimal predicate logic. This sequent calculus contains the
usual right rule for the universal quantifier, but no left rule
for this quantifier is needed because all sequents are positive.
It contains also the usual right rule for the implication. But the
left rule for implication
D; A ! B r A D; A ! B; B r C
D; A ! B r C
and the axiom rule
D; A r A
are replaced by a more restricted, but equivalent, rule
D; A1 ! ! An ! P r A1 D; A1 ! ! An ! P r An
D; A1 ! ! An ! P r P
2. THE SYSTEMS LJ1 AND LJB
Leaving a more complete description to [11], we briefly recall,
in this section, the notion of positive formula, the sequent
calculi LJþ and LJB. We also introduce a notion of proof-term
to represent derivations in each of these calculi. The proofterms of LJþ are usual lambda-terms and are just called proofterms, while the proof-terms of LJB are called schemes.
2.1.
Positive formulae
Minimal predicate logic is the fragment of predicate logic with
a single connector ! and a single quantifier 8. Terms and formulae are defined as usual. A context is a finite multiset of formulae and a sequent G r A is a pair formed with a context G
and a formula A.
A formula in minimal predicate logic is said to be positive if
all its universal quantifier occurrences are positive. More precisely, the set of positive and negative formulae and positive
sequents in minimal predicate logic are defined by induction
as follows.
where P is an atomic formula.
In order to associate lambda-terms to proofs, we must associate proof variables to formulae in contexts. A context with
named formulae is a finite multiset of pairs, each of them
formed with a proof variable and a formula in such a way
that each proof variable occurs at most once. A sequent with
named formulae D r A is a pair formed with a context D with
named formulae and a formula A. These proof variables are distinguished from the usual term variables of predicate logic.
The rules of the system LJþ, equipped with proof-terms,
are depicted in Fig. 1. Notice that all these proof-terms are
b-normal h-long. Ignoring these proof-terms, it yields the original presentation of LJþ given in [11]. When D r t : A is derivable, we also say that t is a proof-term of the sequent D r A.
2.3.
LJB: a sequent calculus with brackets
Search trees in LJþ are not always finite or even regular. For
instance, the search tree of the formula ((P ! Q) ! Q) !
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
ENUMERATING PROOFS
OF
POSITIVE FORMULAE
801
FIGURE 1. The system LJþ: a sequent calculus for positive sequents.
Q is infinite and that of the formula ((8x (P(x) ! Q)) ! Q)
! Q is not even regular. To prove the decidability of the positive fragment of minimal predicate logic, we have introduced
in [11] another sequent calculus called LJB.
In LJþ, to apply the R8 rule to the sequent G r 8x A, we
have to rename the variable x either in 8x A or in G so that
the variable released by the rule does not appear in the
context. In LJB, instead of renaming the variable x, we bind
it in the context G with brackets and obtain the sequent [G]x
r A. In fact, for technical reasons, we bind in G, not only the
variable x, but also all the bound variables of A.
DEFINITION 2.3 (LJB-CONTEXTS AND ITEMS). LJB-contexts
and items are mutually inductively defined as follows.
† An LJB-context G is a finite multiset of items fI1,. . .,Ing.
† An item I is either a formula or an expression of the form
[G]V, where V is a set of variables and G a LJB-context.
In the item [G]V, the variables of V are bound by the
symbol [ ].
An LJB-sequent G r A is a pair formed by an
LJB-context G and a formula A.
The system LJB is formed by two sets of rules: the
usual deduction rules and additional transformation
rules dealing with bracket manipulation. The transformation rules form a terminating rewrite system: the first
rule allows us to replace an item of the form [I, G]V by
the two items I and [G]V, provided no free variable of
I is in V; the second rule allows us to remove trivial
items; the third rule to replace two identical items by one.
DEFINITION 2.4 (CLEANING LJB-CONTEXTS). The cleaning
rules are
½I; GV ! I; ½GV
if FVðIÞ > V ¼ =0
½ V ! =0
II ! I
where I is an item and G an LJB-context.
Instead of proving the confluence of the rewrite system of
Definition 2.4, we fix an arbitrary strategy and define the
normal form G# of a context G as the normal form relative
to this strategy. We may, for instance, proceed as follows. If
G ¼ 0= then we let G # ¼=0. Otherwise, we choose an item
I in G and let G0 ¼ G\fIg. Then, we normalize the item I and
the LJB-context G0 recursively. We let G# ¼ G0# if I# is an
element of G0# , and G# ¼ I# , G0# otherwise. To normalize
an item I, we need to consider the two following cases. If I
is a formula, then we let I# ¼ I. If it has the form [D]V, we
first normalize recursively D, then we let D1 be the part of
D# formed with the elements that have a free variable in V
and let D2 ¼ D#\D1. Finally, we let I# ¼D2 if [D1]V is an
element of D2 and I# ¼ [D1]V, D2 otherwise.
The deduction rules apply to LJB-sequents with normalized
contexts with respect to the cleaning rules and where the
bound variables are named differently and are different from
the free variables. It is easy to check that these properties
are preserved by the rules. Moreover, in LJB we deal with formulae, not formulae modulo a-equivalence.
The rules of the system LJB are depicted in Fig. 2. In the L !
rule, brackets are moved from some items of the LJB-context to
others, bringing the formula A1 ! . . . ! An ! P inside
brackets to the surface, so that it can be used. For instance
the LJB-sequent Q(x), [Q(x) ! P]x r P is transformed
(bottom-up) into [Q(x)]x, Q(x) ! P r Q(x). The crucial point
is that the two occurrences of x in Q(x) and Q(x) ! P that are
separated in the first LJB-sequent remain separated.
The main interest of the system LJB is that, as illustrated in
Example 2.6, the search tree in LJB of any positive formula is
regular. This property is a consequence of the following proposition proved in [11, Proposition 4.5].
PROPOSITION 2.5. Let A be a positive formula. There exists a
finite set S of sequents such that all the sequents occurring in
an LJB-proof of the sequent r A are in S.
EXAMPLE 2.6. Let A ¼ (B ! Q) ! Q, where B ¼ 8y ((P(y)
! Q) ! (P(y)! Q)). The search tree of the sequent r A is
given in Fig. 3.
Notice that when trying to prove the sequent B ! Q, P(y)
! Q, P(y) r Q we may apply the L ! rule either with the
proposition B ! Q or with the proposition P(y) ! Q, yielding
two branches in the search tree. The same holds with the
sequent B ! Q, [P(y) ! Q, P(y)]y, P(y) ! Q, P(y) r Q.
Notice also that the search tree is infinite and regular. We
have cut the infinite branch when the sequent B ! Q, [P(y)
! Q, P(y)]y r (P(y) ! Q) ! P(y) ! Q appeared for the
second time.
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
802
G. DOWEK
AND
Y. JIANG
FIGURE 2. The system LJB: a sequent calculus with brackets.
FIGURE 3. An example of search tree in LJB.
FIGURE 4. The system LJB with schemes.
2.4.
Schemes
Now we introduce schemes that are the proof-terms for the
system LJB. Unlike what we did for LJþ, we do not assign
names to hypotheses in LJB. Instead, we choose a canonical
proof variable for each such formula. The rules of LJB with
schemes are depicted in Fig. 4.
3. A GRAMMAR TO ENUMERATE SCHEMES
In this section, we prove that, although it may be infinite, the
set of schemes of a given normalized LJB-sequent may be
described by a context-free grammar.
DEFINITION 3.1 (SCHEME GRAMMAR). Let G r A be a normalized LJB-sequent and S be the finite set of sequents that may
occur in a derivation of G r A. To each sequent S of S, we
associate a non-terminal symbol sS and set up the rules displayed in Fig. 5
The grammar generating the schemes of the type A given in
Example 2.6 and a scheme generated by this grammar are
detailed in the example below.
EXAMPLE 3.2. The grammar generating the schemes of the
type A ¼ (B ! Q) ! Q, where B ¼ 8y ((P(y) ! Q) !
(P(y) ! Q)) is
S ! la ða lylblg ðb gÞÞ
S ! la ða lylblg ða ly S1 ÞÞ
S1 ! lblg ðb gÞ
S1 ! lblg ða ly S1 Þ
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
ENUMERATING PROOFS
OF
POSITIVE FORMULAE
803
FIGURE 5. The scheme grammar.
where S is the non-terminal associated to the sequent r A, S1
that associated to B ! Q, [P(y) ! Q, P(y)]y r (P(y) ! Q)
! P(y) ! Q, a is the canonical variable of type B ! Q, b
that of type P(y) ! Q and g that of type P(y).
A scheme generated by the grammar is
la ða lylb lg ða lylb lg ðb gÞÞÞ:
PROPOSITION 3.3 (SOUNDNESS). Let G r A be a normalized
LJB-sequent. Then for any scheme p generated in sGr A, we
have G r p : A.
Proof. We prove the proposition by induction on the derivation of p in the grammar.
A
PROPOSITION 3.4 (COMPLETENESS). Let G r A be a normalized LJB-sequent. Then each scheme p such that G r p : A
is generated in sGr A.
Proof. The proof is by induction on the derivation of G r p : A
in the system LJB with schemes.
A
4.
GENERATING PROOF-TERMS
Now we are ready to provide a term enumeration algorithm
through the grammatical scheme enumeration algorithm
described in the previous section. In this endeavor, we will
define a function H which, roughly speaking, associates a
finite set of terms to a scheme, in such a way that t is a proofterm if and only if there exists a scheme p such that t [ H(p).
To define this function H, we need a function G handling
context cleaning. When defining the function G, the only nontrivial case is that of the rule II ! I, which is handled in turn
by another function F.
Definitions 4.1 and 4.2 below extend the usual notion of
a-equivalence for formulae to sequents of LJþ and LJB, and
will be useful in the rest of the section.
DEFINITION 4.1 (a-EQUIVALENCE OF SEQUENTS). Two sequents
G r A and G0 r A0 are said to be a-equivalent if there exists a
variable renaming s of term variables (i.e. an injective
substitution mapping variables to variables) such that G0 is
a-equivalent to sG and A0 is a-equivalent to sA.
For instance, the sequents P(x) r P(x) and P(y) r P(y) are
a-equivalent. The intuition is that the variables free in G and
A are considered as implicitly bound by the symbol r in
the sequent G r A.
We also extend the notion of a-equivalence to sequents of
LJþ with named formulae as follows.
DEFINITION 4.2 (a-EQUIVALENCE OF SEQUENTS WITH NAMED
FORMULAE). Two sequents G r A and G0 r A0 are said to be
a-equivalent if there exists a variable renaming s of term
and proof variables such that G0 is a-equivalent to sG and
A0 is a-equivalent to sA.
For instance, the sequents a : P(x) r P(x) and b : P(y) r P(y)
are a equivalent.
DEFINITION 4.3 (FRESH a-VARIANT AND FLATTENING). Let G r
A be a normalized LJB-sequent; a fresh a-variant G0 r A0 of G
r A is a LJB-sequent, which is a-equivalent to G r A and
where all bound variables are named differently.
An LJ þ-sequent D r B is said to be a flattening of a normalized LJB-sequent G r A, if it is obtained by erasing all the
brackets in a fresh a-variant of G r A and by naming all the
formulae in G with distinct proof variables.
EXAMPLE 4.4. A flattening of the LJB-sequent [P(x), P(x)
! Q]x, [P(x), P(x) ! Q]x r Q is the LJþ-sequent a1 : P(x1),
b1 : (P(x1) ! Q), a2 : P(x2), b2 : (P(x2) ! Q) r Q.
Note that two flattenings of the same LJB-sequent are
a-equivalent LJþ-sequents.
DEFINITION 4.5 (PARTIAL DUPLICATION) Let S r A be a
sequent of LJ þ. A sequent D r B of LJ þ is said to be a
partial duplication of S r A if there exist two substitutions
s1 and s2 of term-variables with the same domain, renaming
the variables of their domain with fresh and distinct variables
such that for each variable g : C of S, D contains either the
variable g1 : s1C or the variable g2 : s2C or both, and B is
either s1A or s2A.
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
804
G. DOWEK
AND
Y. JIANG
either s1A2 or s2A2; we take all terms of the form la0 u10
D, a0 : B1 r B2
with u10 an element of F S,
a : A1 r A2 (u1).
EXAMPLE 4.6. If the sequent S r A is
a : ðPx ! QÞ;
b : Px r Q:
EXAMPLE 4.8. If the sequent S r A is
and s1 ¼ s2 ¼ id, then one partial duplication is the
sequent
a1 : ðPx ! QÞ; b1 : Px; a2 : ðPx ! QÞ; b2 : Px r Q:
a : ðPx ! QÞ; b : Px r Q
s1 ¼ s2 ¼ id and one partial duplication is the sequent
a1 : ðPx ! QÞ; b1 : Px; a2 : ðPx ! QÞ; b2 : Px r Q
If the sequent S r A is
a : ðPx ! QÞ;
b : Px r Q
then
DrQ
ðða bÞÞ ¼ fða1 b1 Þ; ða1 b2 Þ; ða2 b1 Þ; ða2 b2 Þg:
F SrQ
but s1 ¼ x1/x and s2 ¼ x2/x, then one partial duplication is the
sequent
If the sequent S r A is
a1 : ðPx1 ! QÞ; b1 : Px1 ; a2 : ðPx2 ! QÞ; b2 : Px2 r Q:
a : ðPx ! QÞ; b : Px r Q
If the sequent S r A is
a : ðPx ! QÞ;
b : Px r Px
and s1 ¼ x1/x and s2 ¼ x2/x, then one partial duplication is the
sequent
a1 : ðPx1 ! QÞ; b1 : Px1 ; a2 : ðPx2 ! QÞ; b2 : Px2 r Px1 :
DEFINITION 4.7 (THE FUNCTION F). Let S r A be a sequent of
LJ þ and D r B a partial duplication of this sequent obtained
with the substitutions s1 and s2.
s1 ¼ x1/x and s2 ¼ x2/x and one partial duplication is the
sequent
a1 : ðPx1 ! QÞ; b1 : Px1 ; a2 : ðPx2 ! QÞ; b2 : Px2 r Q
then
DrQ
ðða bÞÞ ¼ fða1 b1 Þ; ða2 b2 Þg:
F SrQ
Notice that, after having chosen a1, in the first case, we obtain
DrPx
ðbÞ ¼ fb1 ; b2 g
F SrPx
while in the second, we obtain
1
F DrPx
SrPx ðbÞ ¼ fb1 g:
Let u be a proof-term of S r A. We define, by induction
B
on the structure of u, a finite set F Dr
Sr A (u) of proof-terms of
D r B.
† If u ¼ (a u1 . . . un), then A is atomic. Let C1 ! . . . ! Cn
! A be the type of a. For i [ f1,2g, if D contains a variable ai : siC1 ! . . . ! siCn ! siA and siA ¼ B, then
we take all terms of the form (ai u10 . . . un0 ), where u10 is
siC1
0
an element of F Dr
Sr C1 (u1), . . ., un is an element of
Dr siC
n
F Sr Cn (un); otherwise we take no term with head variable ai.
† If u ¼ lx u1, then A has the form 8x A1 and B has the form
8x B1, where B1 is either s1A1 or s2A1, we take all terms
B1
of the form lx u10 where u10 is an element of F Dr
Sr A1 (u1).
† If u ¼ la u1, then A has the form A1 ! A2 and B has the
form B1 ! B2, where B1 is either s1A1 or s2A1 and B2 is
Our relatively liberal notion of partial duplication allows the
B
‘pathological’ example where the set FDr
Sr A (u) is empty: If
the sequent S r A is
a : ðPx ! QÞ; b : Px r Q
and s1 ¼ x1/x and s2 ¼ x2/x, then one partial duplication is the
sequent
a1 : ðPx1 ! QÞ; b2 : Px2 ; r Q
B
and FDr
=.
Sr A ((ab)) ¼ 0
PROPOSITION 4.9 (SOUNDNESS). Let D r B be a partial dupliB
cation of S r A. If u is a proof of S r A, and te FDr
Sr A (u), then
t is a proof of D r B.
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
ENUMERATING PROOFS
Proof. We prove the proposition by induction on the
structure of u.
A
PROPOSITION 4.10 (COMPLETENESS). Let D r B be a partial
duplication of S r A. If t is a proof of D r B then there
exists a proof u, of the same height as t, of S r A such that t
B
FDr
Sr A(u).
Proof. We prove this by induction on the structure of t. The
term u is obtained by replacing each variable of the form
s1x or s2x by x.
A
DEFINITION 4.11 (THE FUNCTION G). Let G r A be a normalized LJB-sequent and G# r A its normal form. Let D r B be a
flattening of G r A and D0 r B0 a flattening of G# r A.
OF
POSITIVE FORMULAE
805
the context
a : PðxÞ; b : ðPðxÞ ! QÞ:
Then
ððabÞÞ ¼ fðb1 a1 Þ; ðb2 a2 Þg
GDDrQ
0
rQ
PROPOSITION 4.13 (SOUNDNESS). Let G r A be a normalized
LJB-sequent and G# r A its normal form. Let D r B be a flattening of G r A and D0 r B0 a flattening of G# r A. Let u be a
B
proof-term of D0 r B0 and t [ GDr
D0 r B0 (u). Then t is a proofterm of D r B.
Proof. By induction on the length of the reduction from G to
G# , using Proposition 4.9 for the case of the rule II ! I. A
B
For any proof-term u of D0 r B0 , we construct a set GDr
D0 r B0
(u) of proof-terms of D r B by induction on the length of the
reduction from G to G# .
† If G# ¼ G, then D0 r B0 and D r B are a-equivalent; thus
there exists a renaming s of the free variables of D and B
such that D is a-equivalent to sD0 and B is a-equivalent
B
to sB0 . We take GDr
D0 r B0 (u) ¼ fsug.
† If G rewrites to G1 in one cleaning step and then G1
rewrites to G# , then let D1 r B1 be a flattening of G1 r
rB1
0 (u). Now consider the rule used to
A and let S ¼ GDD10 rB
reduce G to G1. If this rule is [ ]V ! 0= or [G,I]V !
[G]V, I then D r B and D1 r B1 are a-equivalent, and
thus there exists a renaming s of the free variables of
D and B such that D is a-equivalent to sD1 and B is
B
a-equivalent to sB1. We take GDr
D0 r B0 (u) ¼ fst j t [ Sg.
If this rule is II ! I then D r B isSa partial duplication
B
DrB
of D1 r B1. We take GDr
D0 r B0 (u) ¼
t[S FD1rB1(t).
EXAMPLE 4.12. The sequent
½PðxÞ; PðxÞ ! Qx ; ½PðxÞ; PðxÞ ! Qx r Q
normalizes to
½PðxÞ; PðxÞ ! Qx r Q:
A flattening of the first sequent is D r Q, where D is the
context
a1 : Pðx1 Þ; b1 : ðPðx1 Þ ! QÞ; a2 : Pðx2 Þ; b2 : ðPðx2 Þ ! QÞ
and a flattening of the second is the sequent D0 r Q, where D0 is
PROPOSITION 4.14 (COMPLETENESS). Let G r A be a normalized LJB-sequent and G# r A its normal form. Let D r B be a
flattening of G r A and D0 r B0 a flattening of G# r A. If t is a
proof of D r B, then there exists a proof u, of the same height
B
as t, of D0 r B’ such that t [GDr
D0 r B0 (u).
Proof. The proof is by induction on the length of the reduction
from G to G# , using Proposition 4.10 for the case of the rule
II ! I.
A
DEFINITION 4.15 (THE FUNCTION H). Let G r A be a normalized LJB-sequent and D r B a flattening of G r A.
Let p be a scheme of the sequent G r A, we associate to p a
þ
B
set HDr
Gr A (p) of proof-terms of type D r B in LJ by induction
on the structure of p.
† If p ¼ (ap1 . . . pn), then let A1 ! . . . ! An ! A be the
type of a. Select the occurrences of the formula A1 ! . . .
! An ! A in G, such that the rule L! can be applied to
this occurrence, and for all i, the scheme pi has type G* #
r Ai where G*# is the context obtained by applying
L ! to this occurrence. For each selected occurrence,
let a0 : B1 ! . . . ! Bn ! B be the corresponding
declaration in D. The sequent D r B is also a flattening
of G*r A and the sequent D r Bi is one of G*r Ai.
Consider
a flattening D0 r Bi0 of G*# r Ai, set up Si ¼
D0 rB0i
DrB
i
0
HG #rAi ðpi Þ and Si0 ¼ < t[Si GDDrB
rBi0 (t). The set HGrA (p)
contains the terms of the form (a0 t1. . .tn) for some a0 :
B1 ! . . . ! Bn ! B in D corresponding to a selected
occurrence and ti [ Si0 .
† If p ¼ lx p1, then A ¼ 8x A1, B ¼ 8y B1 and p1 is a
scheme of [G]V # r A1. The sequent D r B1 is a flattening of [G]V r A1. Let D0 0 r0 B10 be a flattening of [G]V #
D rB1
1
r A1, set up S ¼ H½Gv #rA
ðpi Þ and S0 <t[S GDrB
ðtÞ.
D0 rB0
i
1
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
806
G. DOWEK
AND
B
The set HDr
Gr A (p) is the set of the terms of the form ly t
for t in S0 .
† If p ¼ la : A1 p1, then A ¼ A1 ! A2 and B ¼ B1 ! B2
and p1 is a scheme of (G, A1) # r A2. The sequent
D, a0 : B1 r B2 is a flattening of G, A1 r A2. Let D0 r B20
† If t ¼ ly t1, then B ¼ 8y B1, A ¼ 8x A1 and t1 is a proofterm of D r B1 that is a flattening of [G]V r A1. Let D0 r
B10 be a flattening of [G]V # r A1. By Proposition 4.14,
there exists a proof-term u1 of D0 r B10 of the same
1
height as t1 such that t1 [ GDrB
s ðu1 Þ. By induction
D0 rB01
p1 of [G]V # r A1
hypothesis, there exists
a
scheme
0
D rB01
such that u1 [ H½Gv #rA
ð
p
Þ.
This
implies ly t1 [
1
1
HDrB
GrA (l x p1).
† If t ¼ la0 : B1 t1, then B ¼ B1 ! B2, A ¼ A1 ! A2 and
t1 is a proof-term of D, B1 r B2 that is a flattening of
G, A1 r A2. Let D0 r B20 be a flattening of (G, A1)# r
A2. By Proposition 4.14, there exists a proof-term u1 of
D0 r B20 of the same height as t1 such that
Bi rB2
t ¼ GD;
ðui Þ. By induction hypothesis, there exists a
D0 rB02
r A2 such that
scheme 0 p0 1 of (G, A1)#
D rB
u1 [ HðG;A12Þ#rA2 ðp1 Þ. Let a be the canonical variable
of type A1; then we have la0 t1 [ HDrB
A
Gr A (la p1).
D0 rB0
be a flattening of (G, A1) # r A2, set up S ¼ HðG;Ai 2Þ#rA2
0
a :B1 rB2
(p1) and S0 ¼ <t[S GD;
ðtÞ. The set HDrB
GrA (p) is
D0 rB0
2
the set of the terms of the form la0 : B1 t for t in S0 .
EXAMPLE 4.16. Continuing Example 2.6, let
p ¼ la ða lyl b l g ða lyl b l g ð bgÞÞÞ:
The set H rr AA(p) contains the two terms
la ða ly1 lb1 lg1 ða ly2 lb2 lg2 ðb1 g1 ÞÞÞ
la ða ly1 lb1 lg1 ða ly2 lb2 lg2 ðb2 g2 ÞÞÞ
where a : B ! Q, b1 : P(y1) ! Q, g1 : P(y1), b2 : P(y2) !
Q, g2 : P(y2).
PROPOSITION 4.17 (SOUNDNESS). Let G r A be a normalized
LJB-sequent and D r B be a sequent of LJ þ that is a flattening
of G r A. Then for each scheme p of G r A, every proof-term
B
in HDr
Gr A (p) is a proof-term of D r B.
Proof. We prove the proposition by induction on the height of
p, using Proposition 4.13 for context cleaning.
A
PROPOSITION 4.18 (COMPLETENESS). Let G r A be a normalized LJB-sequent and D r B a sequent of LJ þ such that D r B
is a flattening of G r A. Then for each proof-term t of D r B,
B
there exists a scheme p of G r A such that t [ HDr
Gr A (p).
Proof. The proof is by induction on the structure of t.
† If t ¼ (a0 t1 . . . tn), then the variable a0 : B1 ! . . . ! Bn
! B is declared in D and ti is a proof-term of D r Bi. The
variable a0 corresponds to an occurrence of a formula A1
! . . . ! An ! A in G and G has the form G1, [G2, [. . .
Gi21, [Gi, A1 ! . . . ! An ! A]Vi21. . .]V2]V1. As D r B
is a flattening of G r A and this occurrence of A1 !
. . . ! An ! A corresponds to B1 ! . . . ! Bn ! B, A
has no free variable in V1 < V2 < . . . < Vi21. Thus,
the sequent D r B is also a flattening of G* r A, and
D r Bi is a flattening of G* r Ai.
Let D0 r Bi0 be a flattening of G*# r Ai. By Proposition
4.14, there exists a proof-term ui of D0 r Bi0 of the same
i
ðui Þ. By induction hypothheight as ti such that ti [ GDrB
D0 rB0
Y. JIANG
THEOREM 4.19 Let A be a formula. Then t is a proof-term
of r A in LJ þ if and only if there exists a scheme p generated
by the grammar given in Definition 3.1 such that t [ H rA
rA (p).
Proof. The proof follows from Propositions 3.3, 3.4, 4.17, and
4.18.
A
5.
ENUMERATING NORMAL TERMS OF A
POSITIVE TYPE IN SYSTEM F
As remarked in [11], to each positive type T of System F, we
can associate a formula F(T) in predicate logic with a single
unary predicate 1.
FðXÞ ¼ 1ðXÞ
FðT ! UÞ ¼ FðTÞ ! FðUÞ
Fð8X TÞ ¼ 8X FðTÞ
and the normal terms of type T in System F are exactly the
proof-terms of F(T) in predicate logic. Thus, the enumeration
algorithm described in the previous sections applies immediately to System F. The examples below (where we write X
for 1(X)) illustrate the algorithm.
EXAMPLE 5.1. Let A ¼ 8X ((8Y((Y ! X) ! (Y ! X)) ! X)
! X). Let a : 8Y((Y ! X) ! (Y ! X)) ! X, b : Y ! X and
g : Y. Let S ¼ S r A and S1 ¼ SB!X, [Y !X, Y]Y r (Y ! X) ! Y ! X.
The scheme grammar is given by
i
esis, for each i [ f1, . . ., ng, there exists scheme pi of G* #
0
0
r Ai such that ui [ HDGrB
#rAi ðpi Þ. So, if a is the canonical
variable of type A1 ! . . . ! An ! A, then (a p1 . . . pn)
B
is a scheme of G r A and (a0 t1 . . . tn) [ HDr
Gr A (a p1
. . . pn).
S ! lX la ða lY lb lg ðb gÞÞ
S ! lX la ða lY lb lg ða lY S1 ÞÞ
S1 ! lb lg ðb gÞ
S1 ! lb lg ða lYS1 Þ
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009
ENUMERATING PROOFS
OF
POSITIVE FORMULAE
807
CONCLUSION
FIGURE 6. A search tree in System F.
It is easy to check that the scheme below is generated by the
grammar
Once more, the complexity of predicate logic comes from the
negative quantifiers: when they are removed, not only the
logic becomes decidable, but also the proofs have a simple
structure.
The usual interpretations of proofs as terms are based on formulations of deduction where contexts are multisets or lists.
The schemes are the counterpart to these terms when contexts
are sets. Their structure is even simpler than that of terms and
their interest may go beyond the proof enumeration problem.
lX la ða lY lb lg ða lY lb lg ðb gÞÞÞ:
FUNDING
And this scheme generates in turn two proof-terms:
lX la ða lY1 lb1 lg1 ða lY2 lb2 lg2 ðb1 g1 ÞÞÞ
lX la ða lY1 lb1 lg1 ða lY2 lb2 lg2 ðb2 g2 ÞÞÞ
where a : B ! X, b1 : Y1 ! X, g1 : Y1, b2 : Y2 ! X, g2 : Y2.
More generally, one scheme of depth n generated by this
grammar, yields n 2 1 proof-terms of type A.
EXAMPLE 5.2. Consider now the prenex form of the formula
of the previous example. Let A ¼ 8X8Y ((B ! X) ! X),
where B ¼ (Y ! X) ! (Y ! X). The search tree of A is
given in Fig. 6.
Let a : ((Y ! X) ! (Y ! X)) ! X, b : Y ! X and g : Y.
Let S ¼ S r A and S1 ¼ SB!X, Y!X, Y r X. The corresponding
scheme grammar is given by
S ! lX lY la ða lb lg S1 Þ
S1 ! ðb gÞ
S1 ! ða lb lg S1 Þ:
It is easy to check that the scheme below is generated by the
grammar
lX lY la ða lb lg ða lb lg ðb gÞÞÞ:
And this scheme generates in turn four proof-terms
lX lY la ða lb1 lg1 ða lb2 lg2 ðb1 g1 ÞÞÞ
lX lY la ða lb1 lg1 ða lb2 lg2 ðb1 g2 ÞÞÞ
lX lY la ða lb1 lg1 ða lb2 lg2 ðb2 g1 ÞÞÞ
lX lY la ða lb1 lg1 ða lb2 lg2 ðb2 g2 ÞÞÞ
where a : B ! X, b1 : Y ! X, g1 : Y, b2 : Y ! X, g2 : Y.
More generally, one scheme of depth n generated by this
grammar yields (n 2 1)2 proof-terms.
This work is partially supported by NSFC 60673045, NSFC
major research program 60496321 and NSFC 60721061.
REFERENCES
[1] Kleene, S.C. (1952) Introduction to Metamathematics.
North-Holland.
[2] Zaionc, M. (2005) Probabilistic approach to the lambda
definability for fourth order types. Electron. Notes Theoret.
Comput. Sci., 140, 41–54.
[3] Loader, R. (2001) The undecidability of lambda-definability.
Logic, Meaning and Computation: Essays in Memory of
Alonzo Church. pp. 331–342, Kluwer.
[4] Joly, Th. (2005) On lambda-definability I: the fixed model
problem and generalizations of the matching problem.
Fundam. Inform., 65, 135–151.
[5] Takahashi, M., Akama, Y. and Hirokawa, S. (1996) Normal
proofs and their grammar. Inform. Comput., 125, 144–153.
[6] Ben-Yelles, C.B. (1979) Type-assignment in the Lambdacalculus; Syntax and Semantics. Doctoral Thesis.
[7] Hindley, J.R. (1997) Basic Simple Type Theory. Cambridge
University Press.
[8] Zaionc, M. (1988) Mechanical procedure for proof construction
via closed terms in typed lambda-calculus. J. Automat. Reason.,
4, 173– 190.
[9] Broda, S. and Damas, L. (2001) A Context-free Grammar
Representation for Normal Inhabitants of Types in TAlambda. EPIA’01, LNAI, Vol. 2258. Springer.
[10] Broda, S. and Damas, L. (2005) On long normal inhabitants of a
type. J. Logic Comput. 15, 353–390.
[11] Dowek, G. and Jiang, Y. (2006) Eigenvariables, bracketing and
the decidability of positive minimal predicate logic. Theoret.
Comput. Sci., 360, 193–208.
[12] Krivine, J.-L. (1996) Une preuve formelle et intuitionniste du
thoérème de complétude de la logique classique. Bull.
Symbolic Logic. 2, 405– 421.
THE COMPUTER JOURNAL, Vol. 52 No. 7, 2009