Lecture 5: Termination of proof reduction in Deduction modulo theories

Teacher: Gilles Dowek

Theories:

Arithmetic
Simple Type Theory (implemented in HOL Light (Amazon), Isabelle/HOL (Cambridge), HOL4 (Munich))
Dependent Type Theory (Coq, Agda, Lean, …)

Right now: termination of proof reduction in predicate logic

Oddly: termination of $λ$-calculus: similar technique here → because everything can be expressed in a unifying proof langugage (BHK interpretation, interpretation of proof: Curry-de Bruijn-Howard)

Derivation tree:

one way to check that a proof is well-formed: go through the derivation tree and check each node ⇒ at each step: “which rule may apply”? ⟶ so you have to check all of them
workaround: label the nodes of the derivation tree with the names of the rules, and check (only one rule to check at each step)
if you just write the name of the rules, and not the conclusions: you can reconstruct the full tree

\[\infer[∧ \text{-intro}]{⊢ ⊤ ∧ ⊤}{ \infer[⊤ \text{-intro}]{⊢ ⊤}{\phantom{⊢ ⊤}} & \infer[⊤ \text{-intro}]{⊢ ⊤}{\phantom{⊢ ⊤}}}\]

\[\infer{⊢ ⊤ ∧ ⊤}{ ⊢ ⊤ & ⊢ ⊤}\]

or you could just specify the names of the rules:

\[∧\text{-intro}(⊤\text{-intro}, ⊤\text{-intro})\]

this is a proof term

Shorthand for the one above:

\[⟨ \underbrace{I}_{⊤\text{-intro}}, I⟩\]

Problem: with the axiom sequents! The name of the rule is not enough anymore! So the relation associating a conclusion to premises must be a function (which is not the case for $axiom$) ⟶ replace axiom by functions $axiom_{P,Q ⊢ P}$ (disambiguation of the axiom rule so that we have a family of functions).

Example of proof term with axiom rules:

\[⟨ ax_{P,Q ⊢ P}, ax_{P,Q ⊢ Q} ⟩\]

But this is not the way we will represent proofs. We will forget about the contexts: in ND, contexts are almost always the same (except for bookkeeping with $⇒$-intro, etc…):

\[⟨ ax_{P,Q ⊢ P}, ax_{P,Q ⊢ Q} ⟩ \leadsto ⟨α, β⟩\]

where you know you’re in the context $α ≝ P, β ≝ Q$

But some rules, as $⇒$-intro, extend context ⟶ we add named hypotheses to our proof: $λβ:B \, π$

Cut-elimination for $⇒$ for example: from $π$ proof of $Γ, A ⊢ B$, remove the hypothesis $A$ in all sequents, replace the axiom rules on this proposition by $π’$ of $Γ ⊢ A$ ⟶ substitute $π’$ for $α$ (associated to $A$) in $π$

Rules

$∧$-intro: $⟨π, π’⟩$
$∧$-elim 1: $fst(π)$
$∧$-elim 2: $snd(π)$
$⇒$-intro: $λα:A \, π$
$⇒$-elim: $app(π, π’)$, also written $(π \, π’)$
etc…

Proof reduction rules

\[(λα: A\, π_1) π_2 ⟶ (π_2/α) π_1\]

Proof reduction is $β$-reduction! Actually, not really, you also have:

\[fst(⟨π_1, π_2⟩) ⟶ π_1\\ snd(⟨π_1, π_2⟩) ⟶ π_2\]

With implication only: it’s exactly ST $λ$-calculus (minimal intuitionistic logic).

Brouwer-Heyting-Kolmogorov (BHK) interpretation

Brouwer/Heyting: advisor/student
Kolmogorov: discovered it independently

BHK interpretation:

How do you build a proof of $A∧B$?
- build a proof of $A$ and a proof of $B$
How do you use a proof of $A∧B$?
- to build a proof of $A$ or a proof of $B$

Balance between intro/elim: cut-elimination: building and using amounts to do nothing. Same issue in social science: what’s a knife, primarily? (something which is built with a blade and a handler or something the purpose of which is to cut things?)

How do you build an ordered pair of a proof of $A$ and a proof of $B$?
- build a proof of $A$ and a proof of $B$
How do you use an ordered pair of a proof of $A$ and a proof of $B$?
- to build a proof of $A$ or a proof of $B$

A proof of $A ∧ B$ is built and used like an ordered pair ⟶ so you may as well say that they are the same (if building and using are done in the same way, you have the same objects)

Implication: trickier, but similarly: a proof of $A ⇒ B$ is an algorithm mapping proofs of $A$ to proofs of $B$

$A ⇒ B$ is an “idle” object that “waits” for a proof of $A$ to produce a proof of $B$ ⟶ it’s an algorithm

And analogously for other connectives.

Curry-de Bruijn-Howard correspondence

Types put on proof terms:

$Φ(A)$: type of proofs of $A$

\[Φ(A ⇒ B) = Φ(A) → Φ(B)\]

$Φ$ is an isomorphism between propositions and types (Curry-Howard isomorphism)

Enriched ND (with typing rules):

\[\cfrac{Γ ⊢ π: A ⇒ B \qquad Γ ⊢ π': A}{Γ ⊢ (π \, π'): B}\]

Big difference with ND: derivability of $Γ ⊢ π: A$ is decidable: just look at $π$! (it’s not proof search but proof checking, whereas in ND: $Γ ⊢ A$ requires proof finding). Actually, you have a “tiny” copy of the derivation in $π$.

Termination of proof reduction in predicate logic

Like for ST $λ$-calculus, we will prove: if $Γ ⊢ π$, then $π ∈ R_A$, and $π$ strongly terminates (ST).

$π ∈ R_{∀x.\, A}$ if $π$ ST and when it reduces to $λx \, π_1$, then for all term $t ∈ R_{A}$, $(π \, t) ∈ R_{(t/x)A}$. Not the same problem as in System F, as $t$ is just a term (it’s weight can be regarded as $0$).

Termination of proof-reduction in some theories

Cornerstone of the course

Main tool: the notion of model

\[\infer{⊢ Ω: Q}{ \infer{⊢ λα. (αα): P ⇒ Q}{ \infer{P ⊢ αα: Q}{ \infer{α: P ⊢ α: P ⇒ Q}{\phantom{α: P ⊢ α: P ⇒ Q}} & \infer{α: P ⊢ α: P}{\phantom{α: P ⊢ α: P}} } } & \infer{⊢ λα. (αα): P}{ \qquad // \qquad } }\]

$R_A ∈ 𝒞$, where $𝒞$ is the set of candidates

Define a function $R$ mapping every proposition $A$ to a candidate $R_A$ s.t.

$R_{A∧B} = R_A \tilde ∧ R_B, \; R_{A⇒B} = R_A \tilde ⇒ R_B$,etc.
if $A≡B$, then $R_A = R_B$

and prove that all proofs of $A$ are in $R_A$, hence strongly terminate.

Examples:

for $P ⟶ Q ⇒ Q$:
- $R$ maps $Q$ to $\tilde ⊤$, $P$ to $\tilde ⊤ \tilde ⇒ \tilde ⊤$
doesn’t work for $P ⟶ P ⇒ Q$, as $P$ appears in negative position

In a Heyting algebra:

\[\tilde ⊤ = \tilde ⊤ \tilde ⇒ \tilde ⊤\]

because:

$\tilde ⊤ ≥ \tilde ⊤ \tilde ⇒ \tilde ⊤$ (maximality)
$\tilde ⊤ ≤ \tilde ⊤ \tilde ⇒ \tilde ⊤ ⟺ \tilde ⊤ \tilde ∧ \tilde ⊤ ≤ \tilde ⊤$ (maximality again)

and we conclude by antisymmetry.

But this doesn’t hold for reductibility candidates: $\tilde ⊤ ≠ \tilde ⊤ \tilde ⇒ \tilde ⊤$, because $δ ≝ λα:A. (α \, α)$ is in $\tilde ⊤$ ($δ$ is ST) but not in $\tilde ⊤ \tilde ⇒ \tilde ⊤$! ($δ$ is ST but $(δ \, δ)$ is not)

So reductibility candidates form a pre-Heyting algebra.

Completeness property: to build models with fixpoints, as with

\[N(x) ⟶ ∀x, c. (0 ∈ c ⇒ ∀x (N(x) ⇒ x ∈ c ⇒ S(x) ∈ c)) ⇒ x ∈ c\]

In ST $λ$-calculus: all you have is constant functions and functions that add a constant number to its argument.
- $λx, y. SS(0)$
- $λx, y. SS(x)$
- but not $x ⟼ 2×x$, etc…
- lacking: induction. If you add it, you get Gödel System T.
Arithmetic: much more powerful programming language (you have induction in arithmetic!)
- $π: ∀x, ∃y. (x = 2 × y \; ∨ \; x = 2 × y + 1)$

\[N(y) ⟶ ∀c (0 ∈ c ⇒ ∀x (N(x) ⇒ x ∈ c ⇒ S(x) ∈ c) ⇒ y ∈ c)\]

\[α \, c \, π \, π': y ∈ c\\ λy, α. (α \, c \, π \, π'): ∀y(N(y) ⇒ y ∈ c)\]

In Arithmetic: we can encode every provably total computable function (example of non provably total computable function: an interpretor of arithmetic)

Proofs are programs and proof-reduction is an interpreter.

Share on

Twitter Facebook Google+ LinkedIn