Uniform Schemata for Proof Rules Ulrich Berger and Tie Hou Department of omputer Science, Swansea University, UK {u.berger,cshou}@swansea.ac.uk Abstract. Motivated by the desire to facilitate the implementation of interactive proof systems with rich sets of proof rules, we present a uniform system of rule schemata to generate proof rules for different styles of logical calculi. The system requires only one schema for each logical operator to generate introduction and elimination rules in natural deduction and sequent calculus style. In addition, the system supports program extraction from proofs by generating realizers for the proof rules automatically. Keywords: Proof calculi, Semantics and logic of computation, Realizability 1 Introduction In mathematical logic, specifically in proof-theory, one usually tries to be minimalistic regarding the design of a logical calculus, that is, one tries to find a minimal number of complete proof rules. The reason is that when reasoning about a logical calculus one often argues by induction on the construction of proofs, which generates a proof case for each proof rule. However, if one reasons with a logical calculus, for example within an interactive theorem prover, one is interested in a calculus that provides a rich set of rules in order to allow convenient and fast proof development. In fact, in current interactive proof systems one usually finds proof rules that correspond to natural deduction style, sequent style, or combinations and variants thereof. The main motivation for this work is to provide a systematic approach to a concise and efficient implementation of logical calculi with such rich sets of proof rules. We introduce a uniform system of rule schemata, which directly express the meaning of logical operators and which, in a uniform way, allow to derive the rules of different styles of proof calculi, such as sequent calculus and natural deduction, but also further rules that are used in interactive proof assistants. Surprisingly, the approach requires only one schema for each logical operator. The introduction and elimination rules of natural deduction as well as left and right rules in sequent calculus are derived automatically. Moreover, our system is able to automatically derive realizers of intuitionistic proof rules, thus facilitating the implementation of proof systems that support program extraction from proofs, such as oq [4] and Minlog [7]. We are currently developing a prototype of such a proof system using rule schemata as a basis of the implementation.
2 U. Berger, T. Hou An additional advantage of rule schemata is the fact that they are built on a data structure of finitary sets, a generalization of finite sets. Finitary sets have the structure of a monad and can therefore be very conveniently implemented and manipulated in a programming language that supports monads and provides a special syntax for them. 2 Rule Schemata and their associated generating rules Briefly, the global strategy is as follows. First we introduce rule schemata, from which we derive generating rules. These generating rules are different rules that correspond to different styles of proving e.g. sequent calculus, or natural deduction or the mixture of these two. Then from generating rules we obtain the real rules in the proof system by instantiation and adding side formulas. 2.1 Finitary sets The premise and conclusion of a rule schema will be a set of sets of sequents. For propositional logic finite sets would suffice, but in order to deal with quantifiers the notion of finiteness needs to be slightly extended. Let us assume we are given a class of objects e, called expressions, for which the notions of free variable and substitution e[x/t] are defined, where t is a tuple of objects called terms. A finitary set of expressions, f-set for short, is of the form E x. where E is a finite set and x is finite tuple of variables called abstractions. The intended meaning of E x is the set {e[t/x] e E, t terms }. In E x all free occurrences of the variables x in E are bound. In fact, regarding free and bound variables E x is analogous to the lambda abstraction λx.e. Using this analogy, we can define a notion of substitution for f-sets, hence f-sets can be regarded as expressions again, and the notion of an f-set of f-sets makes sense. The passage from expressions to f-sets of expression gives rise to a functor which has the additional structure of a monad [8]. The monadic structure greatly facilitates the implementation of f-sets in functional languages, such as Haskell, that support monads and provide a concise and intuitive syntax [11] for them. We took advantage of this syntax in our prototype implementation, but will not use it here, because there is no space to explain it, and we wish to keep the paper accessible to readers unfamiliar with it. The union of two f-sets is defined as E x F y = (E F ) xy where w.l.o.g. it is assumed that the tuples x and y are disjoint and don t create undesired bindings. Note that any finite set of expressions can be viewed as an f-set of expression (with an empty tuple of abstractions).
Uniform Schemata for Proof Rules 3 2.2 Rule schemata We consider first-order formulas,, P (t), A B, A B, A B, x A, x A, where and are symbols for truth and falsity, P ranges of predicate symbols of fixed arities, and t ranges over finite vectors of first-order terms built from variables, constants and function symbols. An atomic proposition is a predicate symbol of arity 0. We identify an atomic proposition P with the formula P (). An instance of a formula is obtained by substituting each constant by a term, each function symbol f by a function abstraction λx. s (that is, replacing each occurrence of a subterm f(t) by s[t/x]), and each predicate symbol P by a comprehension term {x A} (that is, replacing each occurrence of a subformula P (t) by A[t/x]). A sequent, S = A, consists of a finite set of formulas called antecedent, and a formula A called succedent of S. We write a sequent {A 1,..., A n } B as A 1,..., A n B and identify a formula A with the sequent A. A sequent S = A 1,..., A n B represents the formula [S] = A 1... A n B. For an f-set of sequents X = {S 1,..., S n } x we define the formulas X = x([s1 ]... [S n ]), X = x([s1 ]... [S n ]). For an f-set of f-sets of sequents, X = {X 1,..., X n } x, we define the formulas X = x( X1... X n ), X = x( X1... X n ). The general form of a rule schema (schema for short) is X Y where X and Y are f-sets of f-sets of sequents. The schema (1) represents the formula X Y. (1) 2.3 Schemata for Intuitionistic Logic The rule schemata for intuitionistic logic consist of a defining schema for each logical operator plus a structural schema Ax that corresponds to an axiom or assumption rule, {{A, B}} {{A B}} {{A}, {B}} {{A B}} {{A B}} {{A B}} {{P (x)} x } {{ x P (x)}} {{P (x)}} x {{ x P (x)}} (2) {{}} {{ }} {} {{ }} Ax {{}} {} where A, B are different atomic propositions and P is a unary predicate symbol.
4 U. Berger, T. Hou Theorem 1 (Soundness of Rule Schemata for Intuitionistic Logic). The schemata for intuitionistic logic (2) are logically valid. The formulas represented by defining schemata are of the form where is the formula in the schema s conclusion. The schema Ax represents the formula. Remark. If we regard schemata as formulas in a meta-logic, the defining schemata in (2) can be viewed as definitions of the logical operators in a meta-logic (where in this paper we refrain from distinguishing between operators from the metalogic and the object-logic). This is similar to categorical logic [6, 5] where one defines the logical operators through appropriate adjunctions. In categorical logic one can use the categorical laws to derive logical proof rules. Similarly, we will use the laws of an intuitionistic meta-logic to derive (in Sect. 2.5 and 2.6) proof rules of the object-logic. What we gain is the fact that the meta-logic can be formalized with a minimal set of rules, but the resulting proof rules of the objectlogic will have a rich set of rules. 2.4 Invertible Rule Schemata We call an f-set of f-sets of sequents X dualizable and define its dual δx if one of the following two conditions holds: (1) X = {{S 1,..., S n } x }, with δx = {{S 1 },..., {S n }} x. (2) X = {{S 1 },..., {S n }} x, with δx = {{S 1,..., S n } x }. learly, if X is dualizable, then δx is dualizable, and δδx is the same as X. A rule schema X Y is invertible if the sets X and Y are both dualizable. In this case the inverse is defined as δy δx Theorem 2. If X is an invertible f-set of f-sets of sequents, then X is equivalent to δx, and X is equivalent to δx. Hence the inverse of an invertible scheme represents the converse implication represented by the original scheme. learly, the schemata for intuitionistic logic (2) are invertible, with inverses {{A B}} {{A}, {B}} {{A B}} {{A, B}} {{A B}} {{A B}} {{ x P (x)}} {{ xp (x)}} {{P (x)}} x {{P (x)} x } (3) {{ }} {} {{ }} {{}} Ax {{}} {} Note that the schema Ax is identical to its inverse Ax.
Uniform Schemata for Proof Rules 5 2.5 Generating rules We describe two ways (Rules 1, 2) of associating with a schema a generating rule. There will also be Rules v1, v2 which produce variants of generating rules. The general form of a generating rule is X S (4) where X is a f-set of sequents and S is a sequent. (4) represents the formula X S If X = {S 1,..., S n } x then we will display the generating rule (4) usually as S 1... S n x S Below, denotes an atomic proposition not occurring in X, Y. We associate with a schema E x F y where E and F are finite sets of f-sets of sequents, generating rules according to the following Rules 1, 2: Rule 1 associates with any f-set X E and f-sets (F 1 ) u1,..., (F n ) un F, where the F i are finite sets of formulas (i.e. sequents with empty antecedents), the generating rule X {A 1,..., A n A 1 F 1,..., A n F n } u1,...,u n. Note that the abstractions x and y are discarded. Rule 2 associates with X E and { A} F the generating rule X A Rules v1 allows to produce variants of a given generating rule by moving formulas from the premise to the antecedent of the conclusion. More precisely, let a generating rule of the form X A be given, where is a finite (not just finitary) set of formulas, i.e the elements of are sequents with empty antecedent. We transform this into X A
6 U. Berger, T. Hou Rule v2 transforms a generating rule X A into the variant X {A } From the construction of the generating rules associated with schemata one immediately sees: Theorem 3 (Soundness of the Rules 1, 2, v1, v2). The generating rule associated with a schema by rules 1 and 2 are intuitionistically implied by the schema. Rules v1, v2 produce equivalent generating rules in the sense that the sets of instances of formulas they represent are equivalent in intuitionistic logic. 2.6 Proof rules A proof rule is a set of rules of the form 1 A 1... n A n A A generating rule generates a proof rule by adding side formulas and instantiating predicate symbols. More precisely, a generating rule 1 A 1... n A n x A generates the proof rule consisting of the rules Γ 1 A 1... Γ n A n Γ A where Γ is a finite set of formulas (the side formulas) not containing x free, and the primed s and As are instances of the s and As leaving x unchanged.. 3 Deriving the rules of natural deduction and sequent calculus We now discuss the generating rules associated with the schemata (2) and their inverses (3) and show that all logical rules of intuitionistic natural deduction and sequent calculus are generated. We omit the defining schema for and its inverse since their generating rules are less interesting and are largely subsumed by the schema Ax. Note also that the defining schema for has no associated generating rule (but the inverse of this schema does have generating rules). {{A, B}} {{A B}}. By Rules 1, 2, v1, v2 we have the generating rules
and the variants 1.1 B A B A 2.1 B A A B 1 A B A B 1.2 2.2 Uniform Schemata for Proof Rules 7 2 A A B B A B A B A B A B 1.3 A B A, B 2.3 A, B A B 2 corresponds to the -introduction rule of natural deduction, which is the same as the -right rule of sequent calculus. 1.3 corresponds to the inverse of the -left rule in sequent calculus. 2.3 is the axiom of -introduction. To give an example of a generated proof rule, the proof rules corresponding to 2 consists of all rules of the form Γ A Γ B. Γ A B where Γ ranges over an arbitrary finite set of formulas and A, B range over arbitrary formulas. In the following we only show a selection of generating rules concentrating on those that correspond to proof rules in natural deduction and sequent calculus. {{A B}} {{A}, {B}}. We have the generating rules A, B A B A B A A B B which are the -left rule of sequent calculus and the -elimination rules of natural deduction. {{A}, {B}} {{A B}}. Only the generating rules derived from Rule 2 are of interest: A A B B A B These are the -introduction rules of natural deduction, which are the same as the -right rules of sequent calculus. {{A B}} {{A, B}}. We have the generating rules A B A B A B A B which are the -elimination rule in natural deduction and the -left rule in sequent calculus. {{A B}} {{A B}}. Only the generating rule from Rule 2, A B A B, is interesting. It corresponds to -introduction in natural deduction which is the same as the -right rule in the sequent calculus. {{A B}} {{A B}}. The generating rules of interest are
8 U. Berger, T. Hou A B B A A B A B A B A B which are -elimination in natural deduction a.k.a. modus ponens, the inverse of -introduction, and (obtained from the former generating rule by applying rules v2 and then v1) the -left rule of sequent calculus. {{P (x)} x } P (x). By Rule 2, we have x, which is the -introduction {{ x P (x)}} x P (x) rule of natural deduction and the -right rule of the sequent calculus. The corresponding proof rule is where A(x) is an arbitrary formula and Γ A(x) Γ x A(x) Γ is a finite set of formulas not containing x free. {{ x P (x)}} P (x). By Rules 1 and v1, we have x, which is {{P (x)}} x x P (x) x P (x) the -left rule of the sequent calculus. By Rule 2, we have, which is P (x) the -elimination rule of natural deduction. The corresponding proof rules are Γ, A(t) Γ, x A(x) Γ x A(x) Γ A(t) {{P (x)}} x x P (x). By Rules 1 and v1, we have. By Rule 2, {{ x P (x)}} P (x) P (x) we have, which is the -introduction rule of natural deduction and x P (x) the -right rule of the sequent calculus. The corresponding proof rules are Γ, x A(x) Γ, A(t) Γ A(t) Γ x A(x). {{ x P (x)}}. By Rule 1, we have x P (x) P (x) x, which is the {{P (x)} x } P (x) -elimination rule of natural deduction. By Rule v1, we have x x P (x) which is the -left rule of sequent calculus. The corresponding proof rules are Γ x A(x) Γ, A(x) where Γ and must not contain x free. Ax {{ }} {{}} {{}} {}. By Rule 1, we have. By Rules 1 and v1, we have assumption rule. By Rules 1 and v2, we have rule. Γ, A(x) Γ, x A(x),, which is the efq rule.., which is the axiom or, which is the cut
Uniform Schemata for Proof Rules 9 Theorem 4 (ompleteness of Schemata for Minimal Logic). The propositional rule schemata are complete for minimal Natural Deduction and Sequent alculus in the sense that every axiom or rule of these calculi is an instance of a generating rule derived from one of the schemata (2) or their inverses (3) by the Rule 1, 2, v1, v2. 4 Realizability In addition to the generation of proof rules, schemata allow to automatically generate realizers for proof rules. Regarding the notion of realizability we refer to [10] and [2]. From a programming perspective, the most interesting aspect of realizability is the Soundness Theorem stating that from an intuitionistic proof of a formula A one can extract a realizer of A which can be viewed as solution to the computational problem specified by A. The Soundness Theorem is based on the fact that the proof rules of intuitionistic logic, more precisely, the formulas they represent, are realizable. Therefore, the main building blocks of an implementation of program extraction based on realizability are (implementations of) realizers of proof rules. Since the proof rules of intuitionistic logic and their inverses all represent formulas of the form A A, they are trivially realized by the identity function. The Rules 1, 2, v1, v2 correspond to simple transformations of realizers (one can view them as the programs extracted from the proof of the Soundness Theorem for these rules (Thm 3)). Rule 1, which is based on the fact that distributes over is realized by a cascade of case analyses. The remaining rules are realized by simple combinations of projections, currying and uncurrying. Applying these transformations to the identity function one obtains realizers of the derived generating rules and hence realizers of the corresponding proof rules. 5 onclusion We presented a uniform system of rule schemata for intuitionistic first-order logic and showed how to derive generating rules corresponding to the usual proof rules of natural deduction and sequent calculus as well as realizers thereof. The main motivation for this work is to obtain a framework facilitating the implementation of logic and program extraction from proofs. Rule schemata are not restricted to first-order logic. In our prototype we apply them to an intuitionistic version of hurch s Simple Theory of Types [3] extended by inductive and coinductive definitions (to be detailed in a forthcoming publication). In hurch s Simple Theory of Types (which essentially is higher-order logic) one can view predicate constants as higher-type variables and write the collection of schemata 2 as a single f-set with A, B, P as abstracted variables. Something similar can be done for the derived generating rules and proof rules. This has the advantage that the process of instantiation of formulas and rules is covered by f-sets as well. One can also give a defining schema for
10 U. Berger, T. Hou Leibniz equality {{P (x) P (y)} P } {{x = y}} from which the expected proof rules can be derived. Our rule schemata have some resemblance with the hypersequent calculus [9, 1]. A hypersequent is a finite set of sequents, hence the premise of a rule in hypersequent calculus can be viewed as a set of sets of sequents. Note however, that a hypersequent is always interpreted disjunctively, while in the context of schemata the interpretation of an f-set of sequents depends on whether it appears in the premise or conclusion of a schema. Note also that the hypersequent calculus is a proof calculus where sequents are replaced by hypersequents while rule schemata are seeds for proof rules based on ordinary sequents. It is conceivable though that rule schemata based on hypersequents can be developed leading to a compact representation of the rules of the hypersequent calculus. References 1. Avron, A.: A constructive analysis of RM. Journal of Symbolic Logic, 52(4), 939-951 (1987) 2. Berger, U., Seisenberger, M.: Proofs, programs, processes. Theory of omputing Systems 51(3), 313-329 (2012) 3. hurch, A.: A Formulation of the Simple Theory of Types. The Journal of Symbolic Logic 5(2), 56 68 (1940) 4. The oq Proof Assistant. http://coq.inria.fr/. 5. Jacobs, B.: ategorical logic and type theory. Studies in Logic and the Foundations of Mathematics 141, North Holland, Elsevier (1999) 6. Lawvere, W.: Functorial semantics of algebraic theories and some algebraic problems in the context of functorial semantics of algebraic theories. Ph.D. thesis, olumbia University, 1963. Republished in: Reprints in Theory and Applications of ategories, 5, 1-121 (2004) 7. The Minlog System. http://www.minlog-system.de. 8. Moggi, E.: Notions of omputation and Monads. Information and omputation 93(1), 55 92 (1991) 9. Pottinger, G.: Uniform cut-free formulations of T, S4 and S5 (abstract). Journal of Symbolic Logic 48, 900 (1983) 10. Schwichtenberg, H., Wainer, S. S.: Proofs and omputations, ambridge University Press (2012) 11. Wadler, P.: omprehending monads. Mathematical Structures in omputer Science, 2, 461 493 (1992)