Extensional proofs in a propositional logic modulo isomorphisms

02/10/2020 ∙ by Alejandro Díaz-Caro, et al. ∙ ENS Paris-Saclay University of Buenos Aires 0

System I is a proof language for a fragment of propositional logic where isomorphic propositions, such as A∧ B and B∧ A, or A(B∧ C) and (A B)∧(A C) are made equal. System I enjoys the strong normalization property. This is sufficient to prove the existence of empty types, but not to prove the introduction property (every normal closed term is an introduction). Moreover, a severe restriction had to be made on the types of the variables in order to obtain the existence of empty types. We show here that adding η-expansion rules to System I permit to drop this restriction and to retrieve full introduction property.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Logical connectives, unlike algebraic operations, are never associative, commutative, distributive over another, etc. For instance, the propositions and are different: if has a proof, then so does , but if is a proof of , then it is not a proof of . Yet, the propositions and are isomorphic in the sense that there exist two proofs of and , whose composition, in both ways, is semantically equivalent to the identity. Such isomorphisms, for different systems, have been characterized in [RittriCADE90, BruceDiCosmoLongoMSCS92, DiCosmo95, DiCosmoMSCS05].

To go further, we attempt to make isomorphic propositions equal, just like definitionally equivalent propositions are made equal in Martin-Löf’s type theory [MartinLof84], in the Calculus of Constructions [CoquandHuetIC88], and in Deduction modulo theory [DowekHardinKirchnerJAR03, DowekWernerJSL98]. This raises the question of the impact of this identification on proof languages. System I [DiazcaroDowekFSCD19] is a first proof language for the fragment of propositional logic: and , where isomorphic propositions are made equal.

The usual proof-language of this fragment is simply typed lambda-calculus with Cartesian product. So, System I is an extension of this calculus where, for example, of type can be applied to of type , yielding of type . With the usual reduction rules of lambda calculus with pairs, such a mixed cut (an introduction followed by the elimination of another connective) would be normal, but we also extended the reduction relation, with an equation so that this term can be beta-reduced.

To stress the associativity and commutativity of the notion of pair, we write instead of and thus write this equivalence as .

One of the difficulties in the design of System I was the design of the elimination rule for the conjunction. We cannot use a rule like “if then ”. Indeed, if and are two arbitrary types, a term of type and a term of type , then has both type and type , thus would have both type and type . The solution of System I is to consider explicitly typed (Church style) terms, and parametrise the projection by the type: if then and the reduction rule is then that reduces to if has type . Thus, -reduction is type driven, and -reduction as well.

This rule makes reduction non-deterministic. Indeed, in the particular case where is equal to , then both and have type and reduces both to and to . Unlike in the lambda calculus we cannot specify which term we get, but in any case, we get a normal term of type , that is a cut-free proof of . Therefore, System I is one of the many non-deterministic calculi in the sense, for instance, of [BoudolIC94, BucciarelliEhrhardManzonettoAPAL12, deLiguoroPipernoIC95, DezaniciancagliniDeliguoroPipernoSIAM98, PaganiRonchidellaroccaFI10] and our pair-construction operator is also the parallel composition operator of a non-deterministic calculus. Finally, System I is also related to some quantum and algebraic calculi [ArrighiDiazcaroLMCS12, ArrighiDiazcaroValironIC17, ArrighiDowekRTA08, ArrighiDowekLMCS17, VauxMSCS09, DiazcaroPetitWoLLIC12, DiazcaroDowekTPNC17, DiazcaroGuillermoMiquelValironLICS19].

In [DiazcaroDowekFSCD19] the strong normalization and its consistency (that is, the existence of a proposition that has no closed proof) of System I is proved. However, System I still has some drawbacks.

  • As and are isomorphic, the term where has type is well-typed, but it cannot be -reduced. In System I, this term is normal, so System I does not verifies the introduction property (a normal closed term is an introduction). Only when such a term is applied to a term of type , to make a closed term of atomic type, it can be reduced: , being equivalent to , can be reduced to , and then to . A solution has been explored in [DiazcaroMartinezlopezIFL15]: “delayed -reduction” that reduces to and then to .

  • As the types and are isomorphic, the term where has type is well-typed (of type ), but it cannot be -reduced as the term of type , cannot be substituted for the variable of type . In System I variables have so called “prime types”, that is, types that do not contain a conjunction at head position. Thus, the above term can only be written as , and it reduces to . Another possibility has been explored in [DiazcaroMartinezlopezIFL15]: “partial -reduction” that reduces directly to .

In this paper we show these drawbacks are symptoms of the lack of extensionality in System I. This leads us to introduce a System I that extends System I with an -expansion rule, and a surjective pairing -expansion rule.

In System I, the term -expands to , that is equivalent to , and reduces to . In the same way, the term -expands to , that is equivalent to , and reduces to . This way, we do not need to constrain variables to have prime types.

Dropping this restriction, makes the mixed cut well-typed. However, using the -rule this term expands to that is equivalent to , and reduces to that is an introduction.

In contrast, another type of mixed cut, , where is a term of type cannot be solved with extensionality, as we cannot -expand the term that already is an abstraction, but not on a variable of the desired type. So we need to keep a rule transforming the elimination into the introduction .

Our main result is the normalization proof of System I, developing ideas from [DiazcaroDowekFSCD19, JayGhaniJFP95].

2 Type isomorphisms

We first define the types and their equivalence, and state properties on this relation. Some of these properties are proved in [DiazcaroDowekFSCD19], and others are new. The proofs are in Appendix A.

Types are defined by the following grammar, where is the only atomic type.

[Type equivalence [DiCosmo95]] The equivalence between types is the smallest congruence such that:

[Definition 2.8 and Lemmas 2.9, 2.10 of [DiazcaroDowekFSCD19]]   There exists a measure on types such that , , , and if , . ∎

[Lemma 2.11 of [DiazcaroDowekFSCD19]] If , then and where . ∎

If then one of the following cases happens

  1. and , with and .

  2. , with .

  3. , with .

  4. , with .

  5. , with .

  6. and .

  7. and . ∎

If , then either ( and ), or ( and ). ∎ If , then . ∎

3 The System I

3.1 Syntax

We associate to each type (up to equivalence) an infinite set of variables such that if then and if then . The set of preterms is defined by

These terms are called respectively, variables, abstractions, applications, products and projections. An introduction is either an abstraction or a product. An elimination is either an application or a projection. We recall the type on binding occurrences of variables and write for when . The set of free variables of is written . -equivalence and substitution are defined as usual. The type system is given in Table 1. We use a presentation of typing rules without explicit context following [GeuversKrebbersMcKinnaWiedijkLFMTP10, ParkSeoParkLeeJAR13], hence the typing judgments have the form . The well-typed preterms are called terms.

Table 1: The type system.

3.2 Operational semantics

The operational semantics of the calculus is defined by two relations: an equivalence relation, and a reduction relation.

The symmetric relation is the smallest contextually closed relation defined by the rules given in Table 2.

Table 2: Symmetric relation.

Because of the associativity property of , the term is equivalent to the term , so we can just write it .

The size of a term , defined, as usual, by , , , is not invariant through the equivalence . Hence, we introduce a measure , , , , , where, , , and for the other terms . Note that, if then and . Note also, that . Finally, , , , , , and .

For any term , the set is finite (modulo -equivalence).

Proof.

Let and . We have . Hence, it is finite. ∎

The reduction relation is given in Table 3. As in [JayGhaniJFP95], we define an ancillary relation that forbids expansions at head position.

Since, in System I, an abstraction can be equivalent to a product, a subterm can neither be -expanded nor -expanded, if it is either an abstraction or a product, or if it occurs at left of an application or in the body of a projection.

We write for the relation modulo (i.e. iff ), and for its transitive and reflexive closure. We write for the relation modulo (i.e. iff ).

By Lemma 3.2, a term has a finite number of one-step reducts and these reducts can be computed.

Finally, notice that unlike in System I, the -rule transforming an elimination into an introduction is a reduction rule and not an equivalence rule. Hence, variables, applications, and projections are preserved by . In contrast, an abstraction can be equivalent to a product, but, globally, introductions are preserved.

()
()
()
()
()
Table 3: Reduction relation.

4 Subject Reduction

The set of types assigned to a term is preserved under and . Before proving this property, we prove the unicity of types (Lemma 4) and the generation lemma (Lemma 4). The proofs are given in Appendix B, as well as a substitution lemma (Lemma B).

[Unicity] If and , then . ∎

[Generation]

  1. If and , then .

  2. If , then and .

  3. If , then and .

  4. If , then with and .

  5. If , then and . ∎

[Subject reduction] If and or then . ∎

5 Strong Normalization

We now prove the strong normalization of reduction .

Road-map of the proof. We associate, as usual, a set of strongly normalizing terms to each type . We then prove an adequacy lemma stating that every term of type is in . Compared with the proof for simply typed lambda calculus with pairs our proof presents several novelties.

  • In simply typed lambda calculus, proving that if and strongly normalizing, then so is is easy. However, like in System I, in System I this property is harder to prove, as it requires a characterization of the terms equivalent to the product and of all its reducts. This will be the first part of our proof (Lemmas 5, 5 and Corollary 5).

  • The definition of reducibility has to take intro account the equivalence between types. For instance, , if and only if, , for all , , and, moreover, as (Definition 5).

  • In the strong normalization proof of simply typed lambda calculus the so-called properties CR1, CR2, and CR3, the adequacy of product, and the adequacy of abstraction are five independent lemmas. Like in [JayGhaniJFP95], we have to prove these properties in a huge single induction (Lemma 5).

  • Finally, the usual definition of neutral terms ( is neutral if and are not head-reducible) implies that applications are not always neutral. For example, if , is not neutral. Indeed, if , . This leads to generalize the induction hypothesis in the proof of the adequacy of product and of abstraction.

The set of strongly normalizing terms is written . The size of the longest reduction issued from is written . Recall that each term has a finite number of one-step reducts (Remark 3.2). If then either

  1. where either

    1. and with and , or

    2. with , or any of the three symmetric cases, or

    3. and , or the symmetric case.

  2. and with and .

Proof.

By a double induction, first on and then on the length of the derivation of . The detailed proof is given in Appendix C. ∎

If , there exists , such that and either ( and ), or ( and ).

Proof.

By induction on . The detailed proof is given in Appendix C. ∎

If and , then .

Proof.

By Lemma 5, from a reduction sequence starting from , we can extract one starting from , , or both. Hence, this reduction sequence is finite. ∎

If , then .

Proof.

By induction on the length of the derivation we prove that if , then , where . Thus, if , the reduction is in some , thus where . Therefore, . ∎

Let and be introductions, then if , then and .

Proof.

We proceed by induction on the length of the derivation . So, the possibilities for are:

  1. If or , with and , the induction hypothesis applies.

  2. If is obtained by (curry), then either , which is impossible since no elimination is equivalent to an introduction, or , and , then by the induction hypothesis, we have , which is impossible since no elimination is equivalent to an introduction. ∎

[Reducibility] The set of reductible terms of type is defined by induction on as follows: if and only if and

  • if , then ,

  • for all , , if , then for all , ,

  • for all , , if , then .

Note that, by construction, if , then .

[Neutral term] A term is neutral if no term of the form or , can be -reduced at head position.

The variables and the projections are always neutral, but not necessarily the applications.

For all types , we have

  • (CR1) .

  • (CR2) If and , then .

  • (CR3’) If is neutral, and for all such that , , we have .

  • (Adequacy of product) If , then for all and , .

  • (Adequacy of abstraction) If , then for all , if for all , , then .

Proof.

By induction on .

Proof of (CR1). Let . We want to prove that .

  • If , then .

  • If , then, by the induction hypothesis (CR3’), we have . Hence, , then, by the induction hypothesis, . We prove by a second induction on that all the one-step -reducts of are in .

    • If , then , so by the second induction hypothesis, .

    • If , where . Since , and, by the induction hypothesis (CR3’), , so , which, by the induction hypothesis is a subset of . Therefore, by Lemma 5, .

    • If , where . Since , we have , and by the induction hypothesis, . In the same way, , so by Corollary 5, .

  • If , then and . By the induction hypothesis, , and so we proceed by a second induction on to prove that all the one-step -reducts of are in .

    • If , , so by the second induction hypothesis, .

    • If , where . Since , and, by the induction hypothesis (CR3’), , so , which, by the induction hypothesis is a subset of . Therefore, by Lemma 5, .

    • If , where . Since , we have , and by the induction hypothesis, . In the same way, , so by Corollary 5, .

Proof of (CR2). Let and . We want to prove that . Cases:

  • . We want to prove that . That is, if , then , if , then for all , , and if , then .

    • If , then since , we have .

    • If , then let , we need to prove . Since , we have . Then, by the induction hypothesis in , and the fact that , we have .

    • If , then we need to prove . Since , we have . Then, by the induction hypothesis in , and the fact that , we have .

  • . Then, . Since , for any , , and, since , we have . Then, by induction hypothesis (Adequacy of abstraction), .

  • . Then, . Since , we have and . Then, by the induction hypothesis (Adequacy of product), .

Proof of (CR3’). Let be a neutral term whose -one-step reducts are all in . We want to prove that . That is, if , then , if , then for all , , and if , then .

  • If , we need to prove that all the one-step reducts of are in . Since , these reducts are neither () reducts nor () reducts, but -reducts, which are in .

  • If , we know that for all , we have . By the induction hypothesis (CR1) in , we know . So we proceed by induction on to prove that . By the induction hypothesis, it suffices to check that every term such that is in . Since the reduction is , and the term is neutral, there is no possible head reduction. So, the possible cases are

    • with , then the induction hypothesis applies.

    • , with . As cannot reduce to by () or (), we have , and by hypothesis.

  • If , then we know that . By the induction hypothesis, it suffices to check that every term such that is in . Since the reduction is , and the term is neutral, there is no possible head reduction. So, the only possible case is with . As cannot reduce to by () or (), we have , and by hypothesis.

Proof of (Adequacy of product). If , we want to prove that for all and , we have . We prove, more generally, by a simultaneous second induction on that for all types

  1. if , then , and

  2. if , then for all we have .

To prove that , we need to prove that if , then , if , then for all , , and if , then .

  • , since, in case 1, it is equivalent to a conjunction, and also in case 2, by Lemma 2.

  • If , in both cases we must prove that for all , .

    1. In case 1, we want to prove that . Since , the second induction hypothesis applies.

    2. In case 2, we want to prove that . As , by the induction hypothesis, , and so, since , by the second induction hypothesis, we have . Then, by the induction hypothesis (CR2), .

  • If , in both cases we must prove that .

    • In case 1, we want to prove that . By the induction hypothesis (CR3’) it suffices to prove that every one-step reduct of is in . By the induction hypothesis (CR1), , so we proceed with a third induction on .

      A -reduction issued from cannot be a -reduction or -reduction at head position, since a projection is not equivalent to an application (by rule inspection). Therefore, the possible -reductions issued from are:

      • A reduction in , then, by Lemma 5, the reduction takes place either in or in , and the third induction hypothesis applies.

      • . Then, . We need to prove that . By Lemma 5, we have either:

        • , with and . In such a case, by Lemma 4, and , with , and . Since , we have . Then, by the induction hypothesis (CR2) in , we have , . Similarly . Then, by the induction hypothesis, the induction hypothesis (CR2), .

        • , with . Then, by Lemma 4, , with . Since , we have . Then, by the induction hypothesis (CR2) in , we have . Since, , by the induction hypothesis and the induction hypothesis (CR2), .

        • , with . This case is analogous to the previous one.

        • , in which case, by Lemma 4, . since , we have , so by the induction hypothesis (CR2) in , .

        • . This case is analogous to the previous case.

        • .

        • .

    • In case 2, we want to prove that . Since , by Lemma 2, , with and . Since a projection is always neutral, and , by induction hypothesis (CR3’), it suffices to prove that every one-step reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by a third induction on . The reduction cannot happen at head position since a projection is not equivalent to an application, to apply or , and an application is not equivalent to a product to apply . Hence, the reduction must happen in . Therefore, we must prove that the one-step -reductions of are in , from which we conclude that .

      A -reduction in cannot be a -reduction in head position, since an application is not equivalent to a projection. Then, the possible reductions issued from are:

      • A reduction in , in which case, by Lemma 5 it takes place either in or in , and then the third induction hypothesis applies.

      • A reduction in , then the third induction hypothesis also applies.

      • If the reduction is a -reduction at head position, then we have . Hence, by Lemma 5, and . By Lemma 5, , , and . Therefore, . Since , by the induction hypothesis (CR2) in , it is enough to prove that . By the induction hypothesis (CR2), since and , we have, , and . Therefore, by definition, and . Since , by the induction hypothesis, we have .

      • If the reduction is a -reduction at head position, then . By Lemma 5, and . By Lemma 5, the possibilities are:

        • , , and . Then, . By Lemmas 4 and 2, we have and . So, since , we have , so, by the induction hypothesis (CR2), . Similarly, , and . Therefore, by the induction hypothesis, , so, by the induction hypothesis (CR2), . Therefore, . Similarly, . So, by the induction hypothesis again, .

        • , . Then, . By Lemmas 4 and 2, we have . So, since , we have , so, by the induction hypothesis (CR2), . Similarly, . Therefore, by the induction hypothesis, , so, by the induction hypothesis (CR2), . Therefore, . Similarly, . So, by the induction hypothesis again, . The other three cases are symmetric.

        • and or and , then the -reduct of is . Hence, by the induction hypothesis (CR2) in , we have . Similarly, and . Therefore, by the induction hypothesis, .

Proof of (Adequacy of abstraction). If , we want to prove that for all , if for all , , we have . We prove, more generally, by a simultaneous second induction on that for all type

  1. if , then , and

  2. if , then for all we have .

To prove that , we need to prove that if , then , if , then for all , , and if , then .

  • If , in both cases we must prove that .

    1. Case 1 is impossible, by Lemma 4.

    2. In case 2, we have to prove that , so it suffices to prove that every one-step reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by third induction on . The possible reductions issued from are:

      • Reducing , or , then the third induction hypothesis applies.

      • , then, by Lemma 4, , and by Lemma 2, . Then, since by hypothesis , we have .

      • , with . Then, by Lemmas 4 and 2, , and so, by definition of reducibility, and . Therefore, by the induction hypothesis (CR2), and .

        So, since , we have .

      • Notice that the reduction cannot be a -reduction in head position since, by and so, by Lemma 4, .

  • If , in both cases we must prove that for all , we have .

    1. In case 1, we have to prove that , which is a consequence of the second induction hypothesis, since .

    2. In case 2, we have to prove that . Since , by the induction hypothesis (Adequacy of product), , then by the second induction hypothesis, since , we have , so, by the induction hypothesis (CR2), .

  • If , in both cases we must prove that .

    1. In case 1, we have to prove that . By the induction hypothesis (CR3’) it suffices to prove that every one-step reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by third induction on . The possible reductions issued from are:

      • A reduction in , in which case, the third induction hypothesis applies.

      • . By Lemmas 4 and 2, and , with and . In addition, since , by Lemma 2, we have . Therefore, since , , by the induction hypothesis (CR2), . We have , hence by the induction hypothesis, .

    2. In case 2, we have to prove that . By the induction hypothesis (CR3’) it suffices to prove that every one-step reduction issued from is in . By the induction hypothesis (CR1), . Therefore, we can proceed by third induction on . The possible reductions issued from are:

      • A reduction in or in , in which case, the third induction hypothesis applies.

      • , hence by Lemmas 4 and 4, , and so, by Lemma 2, . Since , we have .

      • , with , hence by Lemmas 4 and 4, , with and . Therefore, by Lemma 2, . Since , we have and . Then, by the induction hypothesis (CR2), and . Then, , so , so .

      • , with . Hence, by Lemmas 4 and 4,