[Lecture Notes in Computer Science] Types for Proofs and Programs Volume 4941 || Algorithmic...

Algorithmic Equality in Heyting ArithmeticModulo

Lisa Allali

LogiCal - École polytechnique - Région Ile de Francewww.lix.polytechnique.fr/Labo/Lisa.Allali/

1 Introduction

Deduction Modulo is a formalism that aims at distinguish reasoning from com-putation in proofs. A theory modulo is formed with a set of axioms and a con-gruence defined by rewrite rules: the reasoning part of the theory is given bythe axioms, the computational part by the congruence. In deduction modulo, wecan in particular build theories without any axiom, called purely computationaltheories. What is interesting in building such theories - purely defined by a setof rewrite rules - is the possibility, in some cases to simplify the proofs (typicallyequality between two closed terms), and also the algorithmic aspect of theseproofs.

The motivation of building a purely computational presentation of HeytingArithmetic takes root in La science et l’hypothèse by Henri Poincaré [8] wherethe author asks: should the proposition 2 + 2 = 4 be proved or just verified ?

A good way to verify such propositions is to use the formalism of deduc-tion modulo and rewrite rules. In this perspective, Gilles Dowek and BenjaminWerner have built a purely computational presentation of Heyting Arithmetic[4].Yet, this presentation didn’t take advantage of the decidability of equality inArithmetic. In their system, equality was defined by rewrite rules that followedLeibniz’s principle. This is the essential aspect that is changed in the work wepresent in this paper.

The starting point of this work is a remark of Helmut Schwichtenberg, fol-lowing the development that have been done in minlog [6], about how a setof rewrite rules could be (or not) enough to decide equality in Heyting Arith-metic expressed as a purely computational theory. We answer positively to thatquestion with a new purely computational presentation of Heyting ArithmeticHA−→ such as:– HA−→ is an extension of the usual axiomatic presentation of Heyting Arith-

metic HA: Leibniz’s proposition is not defining equality anymore, but is aconsequence of the rewrite rules of the system

– this extension is conservative over HA– the congruence of HA−→ is decidable– HA−→ has cut elimination property.

This work opens new ways to consider equality of inductive types in general, notanymore with Leibniz’s axiom as it is the case in Coq for instance, but buildingspecific rewrite rules for each type we would be interested in.

M. Miculan, I. Scagnetto, and F. Honsell (Eds.): TYPES 2007, LNCS 4941, pp. 1–17, 2008.c© Springer-Verlag Berlin Heidelberg 2008

2 L. Allali

2 Definitions

2.1 Deduction Modulo

Modern type theories feature a rule said conversion rule which allows to identifypropositions which are equal modulo beta-equivalence. It is often presented asfollows:

Γ � t : T Γ � T : Type Γ � T ′ : TypeT ≡ T ′

Γ � t : T ′

where T ≡ T ′ is read T is convertible to T ′.This convertibility is not checked by logical rules but by computation with the

rule β. The idea of natural deduction modulo is to use this computation of con-vertibility inside natural deduction. For instance, the axiom and ⇒ eliminationrules are the following:

Ax if A ∈ Γ and A ≡ BΓ �≡ B

Γ �≡ C Γ �≡ A ⇒e if C ≡ A ⇒ BΓ �≡ B

The other rules of natural deduction modulo are build the same way upon naturaldeduction[3].

The convertibility ≡ is not fixed but depends on the theory. It can be anycongruence defined by the reflexive, symmetric and transitive closure of a rewritesystem.

2.2 Theories in Natural Deduction Modulo

Definition 1 (Axiomatic theory)An axiomatic theory is a set of axioms.

Definition 2 (Modulo theory)A modulo theory T is a set of axioms and a congruence defined as the reflex-ive, transitive and symmetric closure of a set of rewrite rules. The rewrite rulesare either from terms to terms either from atomic propositions to propositions.Quantifiers may bind variables, thus these rewrite systems are Combinatory Re-duction Systems [7].

Notation: Γ �T A means the proposition A is provable in the theory T underthe hypothesis Γ .

Definition 3 (Purely computational theory)A purely computational theory is a modulo theory where the set of axioms isempty.

Algorithmic Equality in Heyting Arithmetic Modulo 3

2.3 Relations between Theories

We want to go from Heyting Arithmetic theory, which is an axiomatic theory,to reach a purely computational theory, that has the same expressiveness. Weneed the following definitions to be able to compare, step by step, each theorywe build to the previous one.

Definition 4 (Equivalence between two theories)Let T and T ′ be two theories formed on the same language L. The theories Tand T ′ are equivalent if and only if for any proposition P of L, �T P if andonly if �T ′ P .

Definition 5 (Extension)Let T and T ′ be two theories formed respectively on the languages L and L′ withL ⊆ L′. Theory T ′ is an extension of T if and only if for all proposition P ofL, if �T P then �T ′ P .

Definition 6 (Conservative extension)Let T and T ′ be two theories respectively formed on languages L and L′ withL ⊆ L′. T ′ is a conservative extension of T if and only if for any proposition Pof L, �T P if and only if �T ′ P .

2.4 Models

In this section, we introduce the material we need to build models for intu-itionist deduction modulo. We give the necessary definitions and state the maintheorems. The interested reader can refer to [2] and [5] for further explanations.

Pseudo Heyting algebra as model for modulo intuitionist logic

Definition 7 (Pseudo Heyting algebra)Let B be a set and ≤ a relation on B. A structure 〈B, ≤, ∧̃, ∨̃, ⊥̃, �̃, ∀̃, ∃̃, ⇒̃〉 isa Pseudo Heyting algebra if

– ≤ is a reflexive and transitive relation (not necessarily antisymmetric)1

– ⊥̃ is a minimum of B for ≤– �̃ is a maximum of B for ≤– x∧̃y is a lower bound of x and y (where x and y are in B)

– x∨̃y is a upper bound of x and y (where x and y are in B)

– ∀̃ and ∃̃ ( infinite lower and upper bounds) are functions from ℘(B) to Bsuch that:

- x ∈ a ⇒ ∀̃a ≤ x (where x is in B and a is in ℘(B)),

- (∀x ∈ a c ≤ x) ⇒ c ≤ ∀̃a (where x and c are in B and a is in ℘(B)),1 When this relation is more over antisymmetric we get a Heyting Algebra.

4 L. Allali

- x ∈ a ⇒ x ≤ ∃̃a (where x is in B and a is in ℘(B)),

- (∀x ∈ a x ≤ c) ⇒ ∃̃a ≤ c (where x and c are in B and a is in ℘(B)).

– x ≤ y⇒̃z ⇔ x∧̃y ≤ z (where x, y and z are in B).

Definition 8 (Ordered pseudo Heyting algebra)An ordered pseudo Heyting algebra is a pseudo Heyting algebra together with arelation � on B such that

– � is an order relation,– �̃ ≤ b and b � b′ then �̃ ≤ b′,– �̃ is a maximal element for � and ⊥̃ is a minimal element for �,– ∧̃, ∨̃, ∀̃, ∃̃ are monotonous, ⇒̃ is left anti-monotonous and right monotonous.

Definition 9 (Complete ordered pseudo Heyting algebra)An ordered pseudo Heyting algebra is said to be complete if every subset of Bhas a greatest lower bound for �.

Definition 10 (Modulo intuitionistic model)Let L be a language. An Intuitionist model M of L is :

– a set M ,– an ordered and complete pseudo Heyting algebra B,– for each function symbol f of arity n a function f̂ from Mn to M ,– for each predicate symbol P of arity n a function P̂ from Mn to B.

Definition 11 (Denotation)Let M be a model, A be a proposition and φ be an assignment. We define �A�φ

as follows:

�x�φ = φ(x) �A ∧ B�φ = �A�φ∧̃�B�φ

�⊥�φ = ⊥̃ �A ∨ B�φ = �A�φ∨̃|B�φ

��φ = �̃ �A ⇒ B�φ = �A�φ⇒̃�B�φ

�f(t1, ..., tn)�φ = f̂(�t1�φ, ..., �tn�φ) �∀x A�φ = ∀̃{�A�φ,x:=v | v ∈ M}�P (t1, ..., tn)�φ = P̂ (�t1�φ, ..., �tn�φ) �∃x A�φ = ∃̃{�A�φ,x:=v | v ∈ M}

Definition 12 (Models for purely computational theory)A model of a purely computational theory whose rewrite rules are

R1 −→ R′1, . . ., Rn −→ R′

n

is such that for each assignment φ, �Ri�φ = �R′i�φ for i ∈ {1, . . . , n}.

The concept of model is useful when trying to find relations between theories asit is shown by the two following theorems:

Theorem 1 (Completeness Theorem)Let T be a theory. If for every model M such as M |= T we haveM |= A then �T A.2

2 M |= reads as M is a model for.


Theorem 2 (Correctness Theorem)If �T A then, for every model M, if M |= T then M |= A.

Definition 13 (Super-consistency)A theory T , ≡ in deduction modulo is super-consistent if, for each ordered andcomplete pseudo Heyting algebra B, there exists a B-model of this theory.

The main property of a super-consistent theory is to bear a model valuated inthe Candidates Algebra and thus to normalize [3].

Theorem 3 (Normalization)If a theory T , ≡ is super-consistent, then each proof in T , ≡ is stronglynormalizable.

3 Different Presentations of Heyting Arithmetic - FromAxioms to Rewrite Rules

3.1 The Axiomatic Presentation of Heyting Arithmetic

The language of arithmetic is formed with the constant 0, the unary functionalsymbol S, the binary functional symbols + and × and the binary predicatesymbol =. The axioms are structured in four groups.

Definition 14 (HA)

1. The axioms of equalityReflexivity Leibniz′ axiom scheme∀x (x = x) ∀x ∀y (x = y ⇒ (P (x) ⇔ P (y)))

a

2. The axioms 3 and 4 of Peano∀x ∀y (S(x) = S(y) ⇒ x = y) ∀x (0 = S(x) ⇒ ⊥)

3. The induction scheme(P{x := 0} ∧ ∀y (P{x := y} ⇒ P{x := S(y)})) ⇒ ∀n (P{x := n})

4. The axioms of addition and multiplication.∀y (0 + y = y) ∀x ∀y (S(x) + y = S(x + y))∀y (0 × y = 0) ∀x ∀y (S(x) × y = x × y + y)

a We chose to formulate here Leibniz’s axiom with an equivalence symbol.Note that ∀x ∀y (x = y ⇒ (P (x) ⇒ P (y))) would have been enoughbut the equivalence form simplifies the proof of Proposition 5 (equivalencebeetween this theory and HAR).

6 L. Allali

The steps to go from an axiomatic presentation of Heyting ArithmeticHA to a purely computational one HA−→We shall introduce four successive theories to reach the final purely computa-tional theory we aim at: HAR, HAN , HAK and HA−→. We will prove that eachof them is equivalent to or is a conservative extension of HA. The main noveltyis the step from HA to HAR with new rewrite rules to compute equality insteadof the Leibniz’s scheme. The three other theories are traced on the work donein [4], especially for the treatment of the induction scheme, but the rules aredifferent so that the proofs need to be adapted.

3.2 HAR, a Theory Equivalent to HA

The theory HAR keeps an axiom scheme for induction, but orients the axiomsof addition and multiplication as rewrite rules. It also introduces four rules forrewriting atomic propositions of the form t = u. As we shall see, these rulesreplace the axioms of equality (reflexivity and Leibniz’s scheme) and the axioms3 and 4 of Peano.

Definition 15 (HAR)

1. The induction scheme(P{x := 0} ∧ ∀y (P{x := y} ⇒ P{x := S(y)})) ⇒ ∀n P{x := n}

2. The rewrite rules0 = 0 −→ � 0 + y −→ y0 = S(x) −→ ⊥ S(x) + y −→ S(x + y)S(x) = 0 −→ ⊥ 0 × y −→ 0S(x) = S(y) −→ x = y S(x) × y −→ x × y + y

Proposition 1. The propositions ∀x (x = x), ∀x ∀y (x = y ⇒ y = x), and∀x ∀y ∀z (x = y ⇒ y = z ⇒ x = z) are provable in HAR.

Proof. Reflexivity is proved by induction on x. This requires to prove the propo-sition 0 = 0 and ∀y (y = y ⇒ S(y) = S(y)). The first proposition reduces to �and the second to ∀y (y = y ⇒ y = y) that is obviously provable. Symmetry isproved by two nested inductions, the first on x and the second on y. Transitivityis proved by three nested inductions on x, y and then z.

Notice that all these proofs can be written inside the system itself using theinduction axiom scheme. �

Proposition 2. The propositions ∀x ∀y ∀z (x = y ⇒ x + z = y + z) and∀x ∀y ∀z (x = y ⇒ z + x = z + y) are provable in HAR.

Proof. Both propositions are proved inside the system by two nested inductionson x and y. �

Proposition 3. The propositions ∀x ∀y ∀z (x = y ⇒ x × z = y × z) and∀x ∀y ∀z (x = y ⇒ z × x = z × y) are provable in HAR.


Proof. Both propositions are proved inside the system by two nested inductionson x and y. But this requires to prove first the propositions ∀x x × 0 = 0,∀y ∀x (y × S(x) = y × x + y) and ∀x ∀y (x × y = y × x) that are again provedwith the induction axiom scheme. �

Proposition 4. For each term t, the proposition ∀a ∀b (a = b ⇒ t{y := a} =t{y := b}) is provable in HAR.

Proof. By induction on the structure of t, using Proposition 1, 2, 3. �

Proposition 5. Each instance of Leibniz’ scheme ∀x ∀y (x = y ⇒ (P (x) ⇔P (y))) is provable in HAR.

Proof. By induction on the structure of P using Proposition 4 for the atomiccase. �

Proposition 6 (Equivalence between HA and HAR). The theory HAR isequivalent to HA, i.e. for any closed propositions A in the language of HA,A is provable in HA if and only if A is provable in HAR

Proof⇒We check that each axiom of HA is provable in HAR and we conclude with aninduction over the proof structure.

– the proposition ∀x (x = x) is provable in HAR by Proposition 1.– Leibniz’ scheme is provable in HAR by Proposition 5.– the axioms 3 and 4 of Peano rewrite to easily provable propositions x = y ⇒

x = y and ⊥ ⇒ ⊥.– The induction scheme is an axiom of HAR.– The axioms of addition and multiplication rewrite to propositions that are

consequences of the reflexivity of equality.

⇐The induction axiom scheme is the same in HAR than in HA.

The rest of HAR is a rewrite system defining a congruence ≡.We prove that for every propositions A and B, if A ≡ B, there exists a proof

of A ⇔ B in HA.To do so, we prove by induction on the structure of A that if A −→ B in HAR

then there exists an proof of A ⇔ B in HA.

3.3 HAN , a Conservative Extension of HAR

We add the predicate N to the language. We modify the induction scheme axiomadding this predicate and two axioms for the predicate N that are the axioms 1and 2 of Peano.

8 L. Allali

Definition 16 (HAN)

1. The induction scheme∀n (N(n) ⇒ (P{x := 0} ∧ ∀y (N(y) ⇒ P{x := y} ⇒ P{x := S(y)}))⇒ P{x := n})

2. The axioms 1 and 2 of PeanoN(0) ∀x (N(x) ⇒ N(S(x)))

3. The rewrite rules(1) 0 = 0 −→ � (5) 0 + y −→ y(2) 0 = S(x) −→ ⊥ (6) S(x) + y −→ S(x + y)(3) S(x) = 0 −→ ⊥ (7) 0 × y −→ 0(4) S(x) = S(y) −→ x = y (8) S(x) × y −→ x × y + y

Translation | . | from HAR to HAN

|(t = u)| = (t = u) |A ∨ B| = |A| ∨ |B||�| = � |A ⇒ B| = |A| ⇒ |B||⊥| = ⊥ |∀x A| = ∀x (N(x) ⇒ |A|)|A ∧ B| = |A| ∧ |B| |∃x A| = ∃x (N(x) ∧ |A|)We want to prove that HAN is an extension of HAR. The difficulty stands inthe N(t) added by the translation. We first prove a few properties on this Npredicate:

Proposition 7. �HAN ∀x ∀y (N(y) ⇒ N(x) ⇒ N(x + y))

Proof. We first introduce N(y) in the context, then we use the induction schemeaxiom on x. �

Proposition 8. �HAN ∀x ∀y (N(x) ⇒ N(y) ⇒ N(x × y))

Proof. We first introduce N(y) in the context, then we use the induction schemeaxiom on x. The proof uses Proposition 7. �

Proposition 9. N(−→z )3 �HAN N(t) for all t where FV (t) = −→z

Proof. By structural induction on t. �

Then we prove the following proposition which is the key lemma of our proof.

Proposition 10. For each proposition A and vector −→z where FV (A) is includedin −→z , if Γ �HAR A then |Γ |, N(−→z ) �HAN |A|.

Proof. By induction on the size of the proof tree. Most of the cases are trivial,except those concerning introduction and elimination of the quantifier. For thoseone, we use Proposition 9. �

3 N(−→z ) is the notation for N(z1), ..., N(zn) with −→z = {z1, ..., zn}.


Proposition 11 (HAN is an extension of HAR). Let A be a closed propo-sition of HAR. If A is provable in HAR then |A| is provable in HAN .

Proof. We use Proposition 10, and remove all the N(−→z ) appearing in the contextby using the ∃ elimination rule as follows:

Ax�HAN N(0)∃i�HAN ∃x N(x)

Π

N(z0), N(−→z′ ) �HAN |A|

∃eN(

−→z′ ) �HAN |A|

�

To prove that the extension is conservative with respect to the translation | . |,we introduce another translation ∗ from HAN to HAR where every occurrenceof the N predicate is replaced by �.

Then we prove some properties about this translation to finally be able toprove the conservativity.

Translation * from HAN to HAR

(t = u)∗ = (t = u) N(x)∗ = ��∗ = � ⊥∗ = ⊥(A ∧ B)∗ = A∗ ∧ B∗ (A ∨ B)∗ = A∗ ∨ B∗

(∀x A)∗ = ∀x (A∗) (A ⇒ B)∗ = A∗ ⇒ B∗

(∃x A)∗ = ∃x (A∗)

Proposition 12. Let A be a closed proposition of HAN . If A is provable inHAN then A∗ is provable in HAR.

Proof. By induction on the size of the proof, using the fact that the rewriterules are the same and that the induction scheme axiom of HAR is the exacttranslation by ∗ of the induction scheme axiom of HAN . �

Corollary 1. Let A be a closed proposition of HAR. If |A| is provable in HAN

then |A|∗ is provable in HAR.

Proposition 13. Let A be a closed proposition of HAR. A and |A|∗ are equiv-alent in HAR.

Proof. By structural induction on A. �

Proposition 14 (Conservativity with respect to the translation | . |).Let A be a closed proposition of HAR. If |A| is provable in HAN then A isprovable in HAR

Proof. By Corollary 1, we know that if |A| is provable in HAN then |A|∗ isprovable in HAR, and as A and |A|∗ are equivalent in HAR (Proposition 13), wecan conclude that if |A| is provable in HAN then A is provable in HAR. �

10 L. Allali

3.4 HAK , a Conservative Extension of HAN

We sort our theory with the two sorts ι and κ, as follows:0 : ι S : 〈ι, ι〉 + : 〈ι, ι, ι〉 × : 〈ι, ι, ι〉 = : 〈ι, ι〉 N : 〈ι〉.We add a symbol ∈ : 〈ι, κ〉.

For all propositions P of HAN , where FV (P ) = z, y1, ..., yn, we add a newfunction symbol fz,y1,...,yn,P : 〈ι, . . . , ι

︸︷︷︸

n times

, κ〉.

The elements of sort κ are classes of integers. We build these classes with acomprehension axiom scheme restricted to the propositions of HAN following anidea going back to Takeuti.

Finally we modify the induction axiom. We keep the previous rewrite rules.

Definition 17 (HAK)

1. The comprehension scheme∀x∀y1...∀yn (x ∈ fz,y1,...,yn,P (y1, . . . , yn) ⇔ P{z := x}) a

2. The induction scheme∀n(N(n) ⇔ ∀k(0 ∈ k ⇒ ∀y(N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k))

3. The rewrite rules(1) 0 = 0 −→ � (5) 0 + y −→ y(2) 0 = S(x) −→ ⊥ (6) S(x) + y −→ S(x + y)(3) S(x) = 0 −→ ⊥ (7) 0 × y −→ 0(4) S(x) = S(y) −→ x = y (8) S(x) × y −→ x × y + y

a Remark: by construction of the new function symbols of the formfz,y1,...,yn,P , there is no occurrence of the ∈ symbol in proposition P .

Proposition 15. Let A be a closed proposition of HAN . A is provable in HAN

if and only if A is provable in HAK .

Proof⇒The rewrite rules are the same. We check that each axiom of HAN is provablein HAK .

⇐We begin with an arbitrary model MN of HAN . We show we can extend thismodel to a model MK of HAK without changing the denotation for the propo-sition of HAK . As A is a theorem of HAK , MK validates A. As the denotationof a proposition of HAK is the same in MK than in MN , MN also validates A.As A is valid in all model of HAN , we conclude A is a theorem of HAN . Thusall the theorems of HAK are theorems of HAN .


We need the following definition to build such a model:

Definition 18 (Definable function in HAN)Let M be a model of HAN . A function γ from M to B is definable if thereexists a proposition P in HAN language with FV (P ) = {x, y1, ..., yn} and anassignment Φ from all b1, ..., bn of M to y1, ..., yn such as: γ(a) = �P �Φ,x:=a

Let us now show how we build a model MK from a model MN without changingthe denotation for the proposition of HAK . Let MN be a model of HAN . LetMN be the domain of MN and B its Heyting algebra.

Extension from MN to MK:Let Mι = MN . Let Mκ be the set of the definable functions from Mι to B. Thedomain MK of MK is made of the sets Mκ and Mι. The variables of class areinterpreted in Mκ, the other variables are interpreted in Mι. All the symbols ofHAN have the same denotation in MK and in MN .

Let us see how we interpret the symbols of HAK that do not appear in HAN :

– We interpret the function symbol fz,y1,...,yn,P as the function mappingb1, ..., bn (elements of Mι) to the element of Mκ: a �→ �P �x:=a,y1:=b1,...,yn:=bn

– We interpret the ∈ symbol by the following application: �x ∈ E� = �E��x�

Let us prove that MK is a model of HAK proving that the two axioms of HAK

are valid in MK.

• ∀x∀y1...∀yn (x ∈ fz,y1,...,yn,P (y1, . . . , yn) ⇔ P{z := x})We need to show

�∀x∀y1...∀yn (x ∈ fz,y1,...,yn,P (y1, . . . , yn) ⇔ P{z := x})� ≥ �̃

which lead to prove that for each a, b1, ..., bn of Mι

�x ∈ fz,y1,...,yn,P (y1, . . . , yn) ⇔ P{z := x}�x:=a,y1:=b1,...,yn:=bn ≥ �̃

Let Φ be the assignment {x := a, y1 := b1, ..., yn := bn}.We now must prove

�x ∈ fz,y1,...,yn,P (y1, . . . , yn)�Φ = �P{z := x}�Φ

Let us focus on the first part of this equality:

�x ∈ fz,y1,...,yn,P (y1, . . . , yn)�Φ = �fz,y1,...,yn,P (y1, . . . , yn)�Φ�x�Φ

We have:

�fz,y1,...,yn,P (y1, . . . , yn)�Φ = �fz,y1,...,yn,P �Φ(�y1�Φ, . . . , �yn�Φ)= �fz,y1,...,yn,P �Φ(b1, . . . , bn)

By the interpretation we have given to function symbols, we have:�fz,y1,...,yn,P �Φ(b1, . . . , bn) is the definable function γ of Mκ associated

to P with the assignment Φ′ that associates b1, ..., bn to y1, ..., yn.

12 L. Allali

Thus:(�fz,y1,...,yn,P �Φ(b1, . . . , bn))�x�Φ = γ a

And by definition of the definable functions:

γ a = �P �Φ′,z:=a

As x is not free in P , we can add x := a to Φ′: we get Φ, because the valuesassigned to y1, ..., yn by Φ and Φ′ are the same. We have

γ a = �P �Φ,z:=a

Let us now look at the second part of the equality: �P{z := x}�Φ

�P{z := x}�Φ = �P �Φ,z:=�x�Φ= �P �Φ,z:=a

We finally have: for each interpretation Φ

�x ∈ fz,y1,...,yn,P (y1, . . . , yn)�Φ = �P{z := x}�Φ

We can conclude

�∀x∀y1...∀yn (x ∈ fz,y1,...,yn,P (y1, . . . , yn) ⇔ P{z := x})� ≥ �̃• We proceed in the same way to prove that

∀n (N(n) ⇔ ∀f (0 ∈ f ⇒ ∀y (N(y) ⇒ y ∈ f ⇒ S(y) ∈ f) ⇒ n ∈ f))

��

4 HA−→, a Purely Computational Presentation ofHeyting Arithmetic

In the previous section, all the axioms of the theory HAK were in equivalentform (i.e in the form of A ⇔ B for some propositions A and B). Following[2] we can transform an axiom in equivalent form into a rewrite rule withoutchanging the expressiveness of the theory: the same theorems can be proved. Inthis section, we change the axioms of HAK into rewrite rules to obtain a purelycomputational theory.

Definition 19 (HA−→)

(1) x ∈ fz,y1,...,yn,P (y1, . . . , yn) −→ P{z := x}

(2) N(n) −→ ∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k)

(3) 0 = 0 −→ � (7) 0 + y −→ y(4) 0 = S(x) −→ ⊥ (8) S(x) + y −→ S(x + y)(5) S(x) = 0 −→ ⊥ (9) 0 × y −→ 0(6) S(x) = S(y) −→ x = y (10) S(x) × y −→ x × y + y


Proposition 16. Let A be a closed proposition of HAK . A is provable in HAK

if and only if A is provable in HA−→.

Proof. To go from HAK to HA−→, we have replaced two axioms in a form ofequivalence by two rewrite rules that make each part of these equivalences con-gruent. It is trivial to prove that any proposition proved in HAK by using thesetwo axioms can be proved in HA−→, using the new rewrite rules. Conversely,any proposition proved in HA−→ can be prove in HAK using the transitivityof ⇔. �

5 Properties of HA−→

5.1 HA−→ Is a Conservative Extension of HA

HA−→ is equivalent to HAK . HAK is a conservative extension of HAN . HAN

is a conservative extension of HAR with respect to the translation | . |. HAR isequivalent to HA.Thus, HA−→ is a conservative extension of HA.

5.2 Decidability of the Congruence Defined by the HA−→ RewriteSystem

The rewrite system of HA−→ is not terminating, due to the rule (2). We changethe orientation of this rule to obtain the rewrite system R. As the congruence isdefined by the reflexive, symmetric and transitive closure of the rewrite rules, thecongruence defined by R is the same as the congruence of HA−→. Thus in orderto prove the decidability of the congruence of HA−→, we prove the terminationand confluence of R.

(1) x ∈ fz,y1,...,yn,P (y1, . . . , yn) −→ P{z := x}

(2) ∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k) −→ N(n)

(3) 0 = 0 −→ � (7) 0 + y −→ y(4) 0 = S(x) −→ ⊥ (8) S(x) + y −→ S(x + y)(5) S(x) = 0 −→ ⊥ (9 0 × y −→ 0(6) S(x) = S(y) −→ x = y (10) S(x) × y −→ x × y + y

The R rewrite system

Remarks on the R rewrite system

– This system is not a first order rewrite system due to the second rule thatcontains binders. Notice that as k is bounded in rule (2), one can not rewriterule (1) in rule (2).

14 L. Allali

– The first rule is a rule scheme (it is also the case in HA−→): there is aninfinity of rewrite rules following this scheme, as many as propositions P wecan write in HAN .

Example: Let us take the proposition z = y. For this proposition the symbolfunction fz,y,z=y has been added to the language. The instance of the rule 1following the scheme for this proposition is:

x ∈ fz,y,z=y(y) −→ x = y.

The substitution P{z := x} only appear in the rule scheme but it doesn’tappear in any instance of it.

Proposition 17. The R rewrite system is terminating.

Proof. We establish the following well founded order on N × N × N .

The first component is the number of occurrences of the symbol ∈ appearingin a proposition. This component makes decrease rule 1: by construction of thecomprehension scheme, the symbol ∈ doesn’t appear in P . The value decreasesobviously in rule 2 also. The value does not change for the other rules where thesymbol ∈ doesn’t appear.

For the second component we define a measure function w on terms andpropositions: this function is first defined on terms using the following equations

w(x) = w(0) = 2 w(t + u) = 1 + w(t) + w(u)w(S(t)) = 2 + w(t) w(t × u) = 2 + (w(t) × w(u))

We can easily prove that for any term t, w(t) � 2.Then we propagate this measure on propositions as follows:

w(�) = 0 w(⊥) = 0w(t = u) = w(t) + w(u) w(t ∈ k) = w(t)

w(A ∨ B) = w(A) + w(B) w(A ⇒ B) = w(A) + w(B)w(A ∧ B) = w(A) + w(B) w(∀x A) = w(∃x A) = w(A)

This measure obviously decreases rule 3,4,5 and 6. Few simple calculi areenough to prove that the value is decreasing for rule (7), (9) and (10), knowingthat for any term t, w(t) � 2. Yet, the measure does not change for rule (8).

We introduce finally a last measure w′ for rule 8: The measure is defined onterms using the following equations:

w′(x) = w′(0) = 2 w′(t + u) = 1 + 2 × w′(t) + w′(u)w′(S(t)) = 2 + w′(t) w′(t × u) = 2 + (w′(t) × w′(u))

The propagation on propositions is the same as for w.This measure decreases for rule (8). �

Proposition 18. The R rewrite system is confluent.


Proof. There is no critical pair in the system, so the system is locally confluent[7].As it is terminating, we can conclude that the system is confluent. �

Proposition 19The congruence defined by the R rewrite system is decidable.

Proof. As the rewrite system is terminating and confluent, there exists a normalform for propositions and terms in our system. Two propositions or terms arecongruent if and only if they have the same normal form. As the system hasstrong normalization property, the congruence is decidable. �

5.3 Cut Elimination Property

Proposition 20. HA−→ has cut elimination property.

Using [5] we prove that HA−→ is super-consistent:>From an ordered and complete pseudo Heyting algebra B, we will build a B-model M of HA−→ such that for each interpretation Φ, if A −→ A′ is a ruledefining the congruence in our theory then �A�Φ = �A′�Φ.

Proof. Let B = 〈 B, ≤, ∧̃, ∨̃, ⊥̃, �̃, ∀̃, ∃̃, ⇒̃, � 〉We build M as follows:

– The domain of M is Mι = N and Mκ = BN.– The interpretation of the function symbol 0 is the 0N of the integers.

S, + and × are interpreted as expected as the successor function, theaddition and multiplication in N.

– ⊥ and � are interpreted respectively by ⊥̃ and �̃.– We interpret the membership and all the function symbols of sort κ as in

the previous proof of conservativity of HAK :the interpretation of ∈ that for each n and f associates f(n).The interpretation of a symbol of sort κ is a function receiving an assignmentfor the n free variables in the proposition associated to f , and returns afunction from N to B.

– The interpretation of equality , =̃, is defined by the infinite following array,witch is �̃ on the diagonal, ⊥̃ on the rest of the array.

=̃ 0 1 2 ...

0 �̃ ⊥̃ ⊥̃ ...

1 ⊥̃ �̃ ⊥̃ ...

2 ⊥̃ ⊥̃ �̃ ......

......

.... . .

– Interpretation of the predicate N :This is the most technical construction. Indeed, this predicate appears re-cursively in the rewrite rule:

N(n) −→ ∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k)

16 L. Allali

Let us keep in mind we are looking for a certain function F from N to B tointerpret N such as for all a in N:

�N(n)�n:=a = �∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k))�n:=a

i.e. F = a �→ �∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k))�n:=a

For each function f from N to B, we build a model Mf where N is interpretedby f , the other symbols are interpreted as defined previously.

Let Φ be the function form BN to BN, mapping f to the function

a �→ �∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k))�Mfn:=a

We are interested in the function F such as Φ(F ) = F . Does such a fixpointexists ?

The order on BN defined by f � g if for each x, f(x) � g(x) is a completeorder and the function Φ is monotonous as the occurrence of N is positive in

∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k))

Thus we can apply the Knaster-Tarski theorem and deduce there exists afixed point F of the function Φ.

Let us interpret the N predicate by this fixed point F (ie choosing themodel MF ). By construction,

�N(n)�MF = �∀k (0 ∈ k ⇒ ∀y (N(y) ⇒ y ∈ k ⇒ S(y) ∈ k) ⇒ n ∈ k))�MF

MF is a B-model of HA−→.We conclude by Definition 13 that HA−→ is super-consistent and thus, by

Proposition 3, all proofs in HA−→ strongly normalize. �

6 Discussion

One can ask if this system is really efficient in practice: in one hand, the proof ofx = y are shorter, in the other hand the proof of ∀x∀y (x = y ⇒ P (x) ⇒ P (y)) islonger. There is no theoretical answer to that question, it is only by making teststhat we would see how the size of proof terms would change. A good indicationis that the way we manage to “simulate” an application of Leibniz principle withour rewrite rules (the way it is shown in [1]) is linear in the size of the proposition.

7 Conclusion

We have reached a presentation of Heyting Arithmetic without any axiom, simplydefined by a rewrite rule system. A cornerstone of this presentation is that itmakes use of the decidability of the equality in Heyting Arithmetic, indeed theequality is defined as a decision procedure, rather than as Leibniz’s propositionwhich becomes a consequence of the congruence of the system.


Acknowledgments

I would like to thank Gilles Dowek for all his constructive advice, Arnaud Spi-wack for the help he gave me during the writing of this paper, and the anonymousreferees who provided useful comments that contributed to the correctness of thepaper.

References

1. Allali, L.: Memoire de DEA,http://www.lix.polytechnique.fr/Labo/Lisa.Allali/rapport_MPRI.pdf

2. Dowek, G., Hardin, T., Kirchner, C.: Theorem proving modulo. Journal of Auto-mated Reasoning 31, 32–72 (2003)

3. Dowek, G., Werner, B.: Proof normalization modulo. The Journal of SymbolicLogic 68(4), 1289–1316 (2003)

4. Dowek, G., Werner, B.: Arithmetic as a theory modulo. In: Giesl, J. (ed.) RTA2005. LNCS, vol. 3467, pp. 423–437. Springer, Heidelberg (2005)

5. Dowek, G.: Truth values algebras and normalization. In: Altenkirch, T., McBride,C. (eds.) TYPES 2006. LNCS, vol. 4502, Springer, Heidelberg (2007)

6. Schwichtenberg, H.: Proofs as programs. Proof theory: a selection of papers fromthe Leeds Proof Theory Programme 1990. Cambridge University Press, Cambridge(1992)

7. van Oostrom, V., van Raamsdonk, F.: Weak Orthogonality Implies Confluence:The High-Order Case. Technical Report: ISRL-94-5 (December 1994)

8. Poincarè, H.: La Science et l’hypothèse, 1902, Flammarion (1968)9. Dowek, G.: La part du calcul. Mèmoire d’Habilitation à Diriger des Recherches,

Universitè Paris 7 (1999)10. The Coq Development Team. Manuel de Rèfèrence de Coq V8.0. LogiCal Project

(2004-2006), http://coq.inria.fr/doc/main.html

http://www.lix.polytechnique.fr/Labo/Lisa.Allali/rapport_MPRI.pdf

http://coq.inria.fr/doc/main.html

[Lecture Notes in Computer Science] Types for Proofs and Programs Volume 4941 || Algorithmic...

Documents

Transcript of [Lecture Notes in Computer Science] Types for Proofs and Programs Volume 4941 || Algorithmic...