1 Introduction
Logical connectives, unlike algebraic operations, are never associative, commutative, distributive over another, etc. For instance, the propositions and are different: if has a proof, then so does , but if is a proof of , then it is not a proof of . Yet, the propositions and are isomorphic in the sense that there exist two proofs of and , whose composition, in both ways, is semantically equivalent to the identity. Such isomorphisms, for different systems, have been characterized in [RittriCADE90, BruceDiCosmoLongoMSCS92, DiCosmo95, DiCosmoMSCS05].
To go further, we attempt to make isomorphic propositions equal, just like definitionally equivalent propositions are made equal in MartinLöf’s type theory [MartinLof84], in the Calculus of Constructions [CoquandHuetIC88], and in Deduction modulo theory [DowekHardinKirchnerJAR03, DowekWernerJSL98]. This raises the question of the impact of this identification on proof languages. System I [DiazcaroDowekFSCD19] is a first proof language for the fragment of propositional logic: and , where isomorphic propositions are made equal.
The usual prooflanguage of this fragment is simply typed lambdacalculus with Cartesian product. So, System I is an extension of this calculus where, for example, of type can be applied to of type , yielding of type . With the usual reduction rules of lambda calculus with pairs, such a mixed cut (an introduction followed by the elimination of another connective) would be normal, but we also extended the reduction relation, with an equation so that this term can be betareduced.
To stress the associativity and commutativity of the notion of pair, we write instead of and thus write this equivalence as .
One of the difficulties in the design of System I was the design of the elimination rule for the conjunction. We cannot use a rule like “if then ”. Indeed, if and are two arbitrary types, a term of type and a term of type , then has both type and type , thus would have both type and type . The solution of System I is to consider explicitly typed (Church style) terms, and parametrise the projection by the type: if then and the reduction rule is then that reduces to if has type . Thus, reduction is type driven, and reduction as well.
This rule makes reduction nondeterministic. Indeed, in the particular case where is equal to , then both and have type and reduces both to and to . Unlike in the lambda calculus we cannot specify which term we get, but in any case, we get a normal term of type , that is a cutfree proof of . Therefore, System I is one of the many nondeterministic calculi in the sense, for instance, of [BoudolIC94, BucciarelliEhrhardManzonettoAPAL12, deLiguoroPipernoIC95, DezaniciancagliniDeliguoroPipernoSIAM98, PaganiRonchidellaroccaFI10] and our pairconstruction operator is also the parallel composition operator of a nondeterministic calculus. Finally, System I is also related to some quantum and algebraic calculi [ArrighiDiazcaroLMCS12, ArrighiDiazcaroValironIC17, ArrighiDowekRTA08, ArrighiDowekLMCS17, VauxMSCS09, DiazcaroPetitWoLLIC12, DiazcaroDowekTPNC17, DiazcaroGuillermoMiquelValironLICS19].
In [DiazcaroDowekFSCD19] the strong normalization and its consistency (that is, the existence of a proposition that has no closed proof) of System I is proved. However, System I still has some drawbacks.

As and are isomorphic, the term where has type is welltyped, but it cannot be reduced. In System I, this term is normal, so System I does not verifies the introduction property (a normal closed term is an introduction). Only when such a term is applied to a term of type , to make a closed term of atomic type, it can be reduced: , being equivalent to , can be reduced to , and then to . A solution has been explored in [DiazcaroMartinezlopezIFL15]: “delayed reduction” that reduces to and then to .

As the types and are isomorphic, the term where has type is welltyped (of type ), but it cannot be reduced as the term of type , cannot be substituted for the variable of type . In System I variables have so called “prime types”, that is, types that do not contain a conjunction at head position. Thus, the above term can only be written as , and it reduces to . Another possibility has been explored in [DiazcaroMartinezlopezIFL15]: “partial reduction” that reduces directly to .
In this paper we show these drawbacks are symptoms of the lack of extensionality in System I. This leads us to introduce a System I that extends System I with an expansion rule, and a surjective pairing expansion rule.
In System I, the term expands to , that is equivalent to , and reduces to . In the same way, the term expands to , that is equivalent to , and reduces to . This way, we do not need to constrain variables to have prime types.
Dropping this restriction, makes the mixed cut welltyped. However, using the rule this term expands to that is equivalent to , and reduces to that is an introduction.
In contrast, another type of mixed cut, , where is a term of type cannot be solved with extensionality, as we cannot expand the term that already is an abstraction, but not on a variable of the desired type. So we need to keep a rule transforming the elimination into the introduction .
Our main result is the normalization proof of System I, developing ideas from [DiazcaroDowekFSCD19, JayGhaniJFP95].
2 Type isomorphisms
We first define the types and their equivalence, and state properties on this relation. Some of these properties are proved in [DiazcaroDowekFSCD19], and others are new. The proofs are in Appendix A.
Types are defined by the following grammar, where is the only atomic type.
[Type equivalence [DiCosmo95]] The equivalence between types is the smallest congruence such that:
[Definition 2.8 and Lemmas 2.9, 2.10 of [DiazcaroDowekFSCD19]] There exists a measure on types such that , , , and if , . ∎
[Lemma 2.11 of [DiazcaroDowekFSCD19]] If , then and where . ∎
If then one of the following cases happens

and , with and .

, with .

, with .

, with .

, with .

and .

and . ∎
If , then either ( and ), or ( and ). ∎ If , then . ∎
3 The System I
3.1 Syntax
We associate to each type (up to equivalence) an infinite set of variables such that if then and if then . The set of preterms is defined by
These terms are called respectively, variables, abstractions, applications, products and projections. An introduction is either an abstraction or a product. An elimination is either an application or a projection. We recall the type on binding occurrences of variables and write for when . The set of free variables of is written . equivalence and substitution are defined as usual. The type system is given in Table 1. We use a presentation of typing rules without explicit context following [GeuversKrebbersMcKinnaWiedijkLFMTP10, ParkSeoParkLeeJAR13], hence the typing judgments have the form . The welltyped preterms are called terms.
3.2 Operational semantics
The operational semantics of the calculus is defined by two relations: an equivalence relation, and a reduction relation.
The symmetric relation is the smallest contextually closed relation defined by the rules given in Table 2.
Because of the associativity property of , the term is equivalent to the term , so we can just write it .
The size of a term , defined, as usual, by , , , is not invariant through the equivalence . Hence, we introduce a measure , , , , , where, , , and for the other terms . Note that, if then and . Note also, that . Finally, , , , , , and .
For any term , the set is finite (modulo equivalence).
Proof.
Let and . We have . Hence, it is finite. ∎
The reduction relation is given in Table 3. As in [JayGhaniJFP95], we define an ancillary relation that forbids expansions at head position.
Since, in System I, an abstraction can be equivalent to a product, a subterm can neither be expanded nor expanded, if it is either an abstraction or a product, or if it occurs at left of an application or in the body of a projection.
We write for the relation modulo (i.e. iff ), and for its transitive and reflexive closure. We write for the relation modulo (i.e. iff ).
By Lemma 3.2, a term has a finite number of onestep reducts and these reducts can be computed.
Finally, notice that unlike in System I, the rule transforming an elimination into an introduction is a reduction rule and not an equivalence rule. Hence, variables, applications, and projections are preserved by . In contrast, an abstraction can be equivalent to a product, but, globally, introductions are preserved.
()  
()  
()  
()  
() 
4 Subject Reduction
The set of types assigned to a term is preserved under and . Before proving this property, we prove the unicity of types (Lemma 4) and the generation lemma (Lemma 4). The proofs are given in Appendix B, as well as a substitution lemma (Lemma B).
[Unicity] If and , then . ∎
[Generation]

If and , then .

If , then and .

If , then and .

If , then with and .

If , then and . ∎
[Subject reduction] If and or then . ∎
5 Strong Normalization
We now prove the strong normalization of reduction .
Roadmap of the proof. We associate, as usual, a set of strongly normalizing terms to each type . We then prove an adequacy lemma stating that every term of type is in . Compared with the proof for simply typed lambda calculus with pairs our proof presents several novelties.

In simply typed lambda calculus, proving that if and strongly normalizing, then so is is easy. However, like in System I, in System I this property is harder to prove, as it requires a characterization of the terms equivalent to the product and of all its reducts. This will be the first part of our proof (Lemmas 5, 5 and Corollary 5).

The definition of reducibility has to take intro account the equivalence between types. For instance, , if and only if, , for all , , and, moreover, as (Definition 5).

In the strong normalization proof of simply typed lambda calculus the socalled properties CR1, CR2, and CR3, the adequacy of product, and the adequacy of abstraction are five independent lemmas. Like in [JayGhaniJFP95], we have to prove these properties in a huge single induction (Lemma 5).

Finally, the usual definition of neutral terms ( is neutral if and are not headreducible) implies that applications are not always neutral. For example, if , is not neutral. Indeed, if , . This leads to generalize the induction hypothesis in the proof of the adequacy of product and of abstraction.
The set of strongly normalizing terms is written . The size of the longest reduction issued from is written . Recall that each term has a finite number of onestep reducts (Remark 3.2). If then either

where either

and with and , or

with , or any of the three symmetric cases, or

and , or the symmetric case.


and with and .
Proof.
By a double induction, first on and then on the length of the derivation of . The detailed proof is given in Appendix C. ∎
If , there exists , such that and either ( and ), or ( and ).
Proof.
By induction on . The detailed proof is given in Appendix C. ∎
If and , then .
Proof.
By Lemma 5, from a reduction sequence starting from , we can extract one starting from , , or both. Hence, this reduction sequence is finite. ∎
If , then .
Proof.
By induction on the length of the derivation we prove that if , then , where . Thus, if , the reduction is in some , thus where . Therefore, . ∎
Let and be introductions, then if , then and .
Proof.
We proceed by induction on the length of the derivation . So, the possibilities for are:

If or , with and , the induction hypothesis applies.

If is obtained by (curry), then either , which is impossible since no elimination is equivalent to an introduction, or , and , then by the induction hypothesis, we have , which is impossible since no elimination is equivalent to an introduction. ∎
[Reducibility] The set of reductible terms of type is defined by induction on as follows: if and only if and

if , then ,

for all , , if , then for all , ,

for all , , if , then .
Note that, by construction, if , then .
[Neutral term] A term is neutral if no term of the form or , can be reduced at head position.
The variables and the projections are always neutral, but not necessarily the applications.
For all types , we have

(CR1) .

(CR2) If and , then .

(CR3’) If is neutral, and for all such that , , we have .

(Adequacy of product) If , then for all and , .

(Adequacy of abstraction) If , then for all , if for all , , then .
Proof.
By induction on .
Proof of (CR1). Let . We want to prove that .

If , then .

If , then, by the induction hypothesis (CR3’), we have . Hence, , then, by the induction hypothesis, . We prove by a second induction on that all the onestep reducts of are in .

If , then , so by the second induction hypothesis, .

If , where . Since , and, by the induction hypothesis (CR3’), , so , which, by the induction hypothesis is a subset of . Therefore, by Lemma 5, .

If , where . Since , we have , and by the induction hypothesis, . In the same way, , so by Corollary 5, .


If , then and . By the induction hypothesis, , and so we proceed by a second induction on to prove that all the onestep reducts of are in .
Proof of (CR2). Let and . We want to prove that . Cases:

. We want to prove that . That is, if , then , if , then for all , , and if , then .

If , then since , we have .

If , then let , we need to prove . Since , we have . Then, by the induction hypothesis in , and the fact that , we have .

If , then we need to prove . Since , we have . Then, by the induction hypothesis in , and the fact that , we have .


. Then, . Since , for any , , and, since , we have . Then, by induction hypothesis (Adequacy of abstraction), .

. Then, . Since , we have and . Then, by the induction hypothesis (Adequacy of product), .
Proof of (CR3’). Let be a neutral term whose onestep reducts are all in . We want to prove that . That is, if , then , if , then for all , , and if , then .

If , we need to prove that all the onestep reducts of are in . Since , these reducts are neither () reducts nor () reducts, but reducts, which are in .

If , we know that for all , we have . By the induction hypothesis (CR1) in , we know . So we proceed by induction on to prove that . By the induction hypothesis, it suffices to check that every term such that is in . Since the reduction is , and the term is neutral, there is no possible head reduction. So, the possible cases are

with , then the induction hypothesis applies.

, with . As cannot reduce to by () or (), we have , and by hypothesis.


If , then we know that . By the induction hypothesis, it suffices to check that every term such that is in . Since the reduction is , and the term is neutral, there is no possible head reduction. So, the only possible case is with . As cannot reduce to by () or (), we have , and by hypothesis.
Proof of (Adequacy of product). If , we want to prove that for all and , we have . We prove, more generally, by a simultaneous second induction on that for all types

if , then , and

if , then for all we have .
To prove that , we need to prove that if , then , if , then for all , , and if , then .

, since, in case 1, it is equivalent to a conjunction, and also in case 2, by Lemma 2.

If , in both cases we must prove that for all , .

In case 1, we want to prove that . Since , the second induction hypothesis applies.

In case 2, we want to prove that . As , by the induction hypothesis, , and so, since , by the second induction hypothesis, we have . Then, by the induction hypothesis (CR2), .


If , in both cases we must prove that .

In case 1, we want to prove that . By the induction hypothesis (CR3’) it suffices to prove that every onestep reduct of is in . By the induction hypothesis (CR1), , so we proceed with a third induction on .
A reduction issued from cannot be a reduction or reduction at head position, since a projection is not equivalent to an application (by rule inspection). Therefore, the possible reductions issued from are:

A reduction in , then, by Lemma 5, the reduction takes place either in or in , and the third induction hypothesis applies.

. Then, . We need to prove that . By Lemma 5, we have either:

, with and . In such a case, by Lemma 4, and , with , and . Since , we have . Then, by the induction hypothesis (CR2) in , we have , . Similarly . Then, by the induction hypothesis, the induction hypothesis (CR2), .

, with . Then, by Lemma 4, , with . Since , we have . Then, by the induction hypothesis (CR2) in , we have . Since, , by the induction hypothesis and the induction hypothesis (CR2), .

, with . This case is analogous to the previous one.

, in which case, by Lemma 4, . since , we have , so by the induction hypothesis (CR2) in , .

. This case is analogous to the previous case.

.

.



In case 2, we want to prove that . Since , by Lemma 2, , with and . Since a projection is always neutral, and , by induction hypothesis (CR3’), it suffices to prove that every onestep reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by a third induction on . The reduction cannot happen at head position since a projection is not equivalent to an application, to apply or , and an application is not equivalent to a product to apply . Hence, the reduction must happen in . Therefore, we must prove that the onestep reductions of are in , from which we conclude that .
A reduction in cannot be a reduction in head position, since an application is not equivalent to a projection. Then, the possible reductions issued from are:

A reduction in , in which case, by Lemma 5 it takes place either in or in , and then the third induction hypothesis applies.

A reduction in , then the third induction hypothesis also applies.

If the reduction is a reduction at head position, then we have . Hence, by Lemma 5, and . By Lemma 5, , , and . Therefore, . Since , by the induction hypothesis (CR2) in , it is enough to prove that . By the induction hypothesis (CR2), since and , we have, , and . Therefore, by definition, and . Since , by the induction hypothesis, we have .

If the reduction is a reduction at head position, then . By Lemma 5, and . By Lemma 5, the possibilities are:

, . Then, . By Lemmas 4 and 2, we have . So, since , we have , so, by the induction hypothesis (CR2), . Similarly, . Therefore, by the induction hypothesis, , so, by the induction hypothesis (CR2), . Therefore, . Similarly, . So, by the induction hypothesis again, . The other three cases are symmetric.

and or and , then the reduct of is . Hence, by the induction hypothesis (CR2) in , we have . Similarly, and . Therefore, by the induction hypothesis, .


Proof of (Adequacy of abstraction). If , we want to prove that for all , if for all , , we have . We prove, more generally, by a simultaneous second induction on that for all type

if , then , and

if , then for all we have .
To prove that , we need to prove that if , then , if , then for all , , and if , then .

If , in both cases we must prove that .

Case 1 is impossible, by Lemma 4.

In case 2, we have to prove that , so it suffices to prove that every onestep reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by third induction on . The possible reductions issued from are:

Reducing , or , then the third induction hypothesis applies.

, with . Then, by Lemmas 4 and 2, , and so, by definition of reducibility, and . Therefore, by the induction hypothesis (CR2), and .
So, since , we have .

Notice that the reduction cannot be a reduction in head position since, by and so, by Lemma 4, .



If , in both cases we must prove that for all , we have .

In case 1, we have to prove that , which is a consequence of the second induction hypothesis, since .

In case 2, we have to prove that . Since , by the induction hypothesis (Adequacy of product), , then by the second induction hypothesis, since , we have , so, by the induction hypothesis (CR2), .


If , in both cases we must prove that .

In case 1, we have to prove that . By the induction hypothesis (CR3’) it suffices to prove that every onestep reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by third induction on . The possible reductions issued from are:

A reduction in , in which case, the third induction hypothesis applies.


In case 2, we have to prove that . By the induction hypothesis (CR3’) it suffices to prove that every onestep reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by third induction on . The possible reductions issued from are:

A reduction in or in , in which case, the third induction hypothesis applies.


Comments
There are no comments yet.