A Coinductive Approach to Proof Search

A Coinductive Approach to Proof Search

Abstract

We propose to study proof search from a coinductive point of view. In this paper, we consider intuitionistic logic and a focused system based on Herbelin’s LJT for the implicational fragment. We introduce a variant of lambda calculus with potentially infinitely deep terms and a means of expressing alternatives for the description of the “solution spaces” (called Böhm forests), which are a representation of all (not necessarily well-founded but still locally well-formed) proofs of a given formula (more generally: of a given sequent).

As main result we obtain, for each given formula, the reduction of a coinductive definition of the solution space to a effective coinductive description in a finitary term calculus with a formal greatest fixed-point operator. This reduction works in a quite direct manner for the case of Horn formulas. For the general case, the naive extension would not even be true. We need to study “co-contraction” of contexts (contraction bottom-up) for dealing with the varying contexts needed beyond the Horn fragment, and we point out the appropriate finitary calculus, where fixed-point variables are typed with sequents. Co-contraction enters the interpretation of the formal greatest fixed points - curiously in the semantic interpretation of fixed-point variables and not of the fixed-point operator.

1 Introduction

Proof theory starts with the observation that a proof is more than just the truth value of a theorem. A valid theorem can have many proofs, and several of them can be interesting. In this paper, we somehow extend this to the limit and study all proofs of a given proposition. Of course, who studies proofs can also study any of them (or count them, if there are only finitely many possible proofs, or try to enumerate them in the countable case). But we do this study somehow simultaneously: we introduce a language to express the full “solution space” of proof search. And since we focus on the generative aspects of proof search, it would seem awkward to filter out failed proof attempts from the outset. This does not mean that we pursue impossible paths in the proof search (which would hardly make sense) but that we allow to follow infinite paths. An infinite path does not correspond to a successful proof, but it is a structure of locally correct proof steps. In other words, we use coinductive syntax to model all locally correct proof figures. This gives rise to a not necessarily wellfounded search tree. However, to keep the technical effort simpler, we have chosen a logic where this tree is finitely branching, namely the implicational fragment of intuitionistic propositional logic (with proof system given by the cut-free fragment of the system by Herbelin [4]).

Lambda terms or variants of them (expressions that may have bound variables) are a natural means to express proofs (an observation that is called the Curry-Howard isomorphism) in implicational logic. Proof alternatives (locally, there are only finitely many of them since our logic has no quantifier that ranges over infinitely many individuals) can be formally represented by a finite sum of such solution space expressions, and it is natural to consider those sums up to equivalence of the set of the alternatives. Since infinite lambda-terms are involved and since whole solution spaces are being modeled, we call these coinductive terms Böhm forests.

By their coinductive nature, Böhm forests are no proper syntactic objects: they can be defined by all mathematical (meta-theoretic) means and are thus not “concrete”, as would be expected from syntactic elements. This freedom of definition will be demonstrated and exploited in the canonical definition (Definition 6) of Böhm forests as solutions to the task of proving a sequent (a formula in a given context ). In a certain sense, nothing is gained by this representation: although one can calculate on a case-by-case basis the Böhm forest for a formula of interest and see that it is described as fixed point of a system of equations (involving auxiliary Böhm forests as solutions for the other meta-variables that appear in those equations), an arbitrary Böhm forest can only be observed to any finite depth, without ever knowing whether it is the expansion of a regular cyclic graph structure (the latter being a finite structure).

Our main result is that the Böhm forests that appear as solution spaces of sequents have such a finitary nature: more precisely, they can be interpreted as semantics of a finite term in a variant of lambda calculus with alternatives and formal greatest fixed-points. For the Horn fragment (where nesting of implications to the left is disallowed), this works very smoothly without surprises (Theorem 15). The full implicational case, however, needs some subtleties concerning the fixed-point variables over which the greatest fixed points are formed and about capturing redundancy that comes from the introduction of several hypotheses that suppose the same formula. The interpretation of the finite expressions in terms of Böhm forests needs a special operation that we call co-contraction (contraction bottom-up). However, this operation is already definable in terms of Böhm forests. Without this operation, certain repetitive patterns in the solution spaces due to the presence of negative occurrences of implications could not be identified. With it, we obtain the finitary representation (Theorem 24).

In the next section, we quickly recapitulate syntax and typing rules of the cut-free fragment of system and also carefully describe its restriction to Horn formulas.

Section 3 has the definition of the not necessarily well-founded proofs, corresponding to a coinductive reading of (including its typing system). This is system . Elimination alternatives are then added to this system (yielding the Böhm forests), which directly allow the definition of the solution spaces for the proof search for sequents. We give several examples and then show that the defined solution spaces adequately represent all the proofs of a sequent.

In Section 4, we present first the finitary system to capture the Horn fragment and then modify it to get the main result for full implicational logic.

The paper closes with discussions on related and future work in Section 5.

2 Background

We recall below the cut-free fragment of system (a.k.a. LJT), a sequent calculus for intuitionistic implication by Herbelin [4].

Letters are used to range over a base set of propositional variables (which we also call atoms). Letters are used to range over the set of formulas (= types) built from propositional variables using the implication connective (that we write ) that is parenthesized to the right. Often we will use the fact that any implicational formula can be uniquely decomposed as with , also written in vectorial notation as . For example, if the vector is empty the notation means simply , and if , the notation means .

The cut-free expressions of are separated into terms and lists, and are given by:

where a countably infinite set of variables ranged over by letters , , , is assumed. Note that in lambda-abstractions we adopt a domain-full presentation, annotating the bound variable with a formula. The term constructor is usually called application. Usually in the meta-level we prefer to write (with ) to range over application constructions, and avoid speaking about lists explicitly (where obviously, the notation means if and , if means ). In the meta-level, when we know , instead of , we simply write the variable .

We will view contexts as finite lists of declarations , where no variable occurs twice. The context is obtained from by adding the declaration , and will only be written if this yields again a valid context, i. e., if is not declared in . The system has a form of sequent for each class of expressions:

Note the restriction to atomic sequents (the RHS formula is an atom) in the case of list sequents.

The rules of for deriving sequents are in Figure 1.

Figure 1: Typing rules of

Note that, as list sequents are atomic, the conclusion of the application rule is also atomic. This is not the case in Herbelin’s original system [4], where list sequents can have a non-atomic formula on the RHS. In the variant of cut-free we adopted, the only rule available for deriving a term sequent whose RHS is an implication is RIntro. Still, our atomic restriction will not cause loss of completeness of the system for intuitionistic implication. This restriction is typically adopted in systems tailored for proof search, as for example systems of focused proofs. In fact, corresponds to a focused backward chaining system where all atoms are asynchronous (see e. g. Liang and Miller [8]).

We will need the following properties of .

Lemma 1 (Type uniqueness)
  1. Given and , there is at most one such that .

  2. Given , and , there is at most one such that .

  • Proof Simultaneous induction on derivability.

Since the empty list has no type index, we need to know in the second statement of the previous lemma.

Lemma 2 (Inversion of typing)

In :

  1. iff there exists s.t. and ;

  2. iff and there exists s.t. and , for any .

  • Proof 1. is immediate and 2. follows with the help of the fact that: iff there exist s.t. and, for any , (proved by induction on ).

Now we identify the Horn fragment of cut-free , that we denote by . The class of Horn formulas (also called Horn clauses) is given by the grammar:

where ranges over the set of propositional variables. Note that for Horn formulas, in the vectorial notation , the vector components are necessarily propositional variables, i. e., any Horn formula is of the form .

The Horn fragment is obtained by restricting sequents as follows:

  1. contexts are restricted to Horn contexts, i. e., contexts where all formulas are Horn formulas;

  2. term sequents are restricted to atomic sequents, i. e., term sequents are of the form .

As a consequence, the -abstraction construction and the rule , that types it, are no longer needed. The restricted typing rules are presented in Figure 2.

Figure 2: Typing rules of

3 Coinductive representation of proof search in lambda-bar

We want to represent the whole search space for cut-free proofs in . This is profitably done with coinductive structures. Of course, we only consider locally correct proofs. Since proof search may fail when infinite branches occur (depth-first search could be trapped there), we will consider such infinite proofs as proofs in an extended sense and represent them as well, thus we will introduce expressions that comprise all the possible well-founded and non-wellfounded proofs in cut-free .

The raw syntax of these possibly non-wellfounded proofs is presented as follows

yielding the (co)terms of system (read coinductively, as indicated by the index co). Note that instead of a formal class of lists as in the -system, we adopt here the more intuitive notation to represent finite lists.

Since the raw syntax is interpreted coinductively, also the typing rules have to be interpreted coinductively, which is symbolized by the double horizontal line in Figure 3, a notation that we learnt from Nakata, Uustalu and Bezem [10]. (Of course, the formulas/types stay inductive.) As expected, the restriction of the typing relation to the finite -terms coincides with the typing relation of the system:

Figure 3: Typing rules of
Lemma 3

For any , in iff in .

  • Proof By induction on , with the help of Lemma 2.

Example 4

Consider with of type . This infinite term is also denoted .

It is quite common to describe elements of coinductive syntax by (systems of) fixed point equations. As a notation on the meta-level for unique solutions of fixed-point equations, we will use the binder for the solution, writing , where typically occurs in the term . Intuitively, is the s. t. . (The letter indicates interpretation in coinductive syntax.)

Example 5

of Example 4 can be written as . is seen coinductively, so we get .

We now come to the representation of whole search spaces. The set of coinductive cut-free -terms with finite numbers of elimination alternatives is denoted by and is given by the following grammar:

where both are arbitrary. Note that summands cannot be lambda-abstractions.1 We will often use instead of if the dependency of on is clear, as well as the number of elements. Likewise, we write instead of . If , we write for . If , we write for (in particular this injects the category of elimination alternatives into the category of co-terms) and do as if was a binary operation on (co)terms. However, this will always have a unique reading in terms of our raw syntax of . In particular, this reading makes associative and its neutral element.

Co-terms of will also be called Böhm forests. Their coinductive typing rules are the ones of , together with the rule given in Figure 4, where the sequents for (co)terms and elimination alternatives are not distinguished notationally.

Figure 4: Extra typing rule of w. r. t. 

Notice that for all and .

Below we consider sequents with a context and an implicational formula (corresponding to term sequents of without proof terms – in fact, is nothing but the pair consisting of and , but which is viewed as a problem description: to prove formula in context ).

Definition 6

The function , which takes a sequent and produces a Böhm forest which is a coinductive representation of the sequent’s solution space, is given corecursively as follows: In the case of an implication,

since RIntro is the only way to prove the implication.

In the case of an atom , for the definition of , let be the -th variable in with of the form . Let . Define . Then, , and finally,

This is more sloppily written as

In this manner, we can even write the whole definition in one line:

This is a well-formed definition: for every and , is a Böhm forest and as such rather a semantic object.

Lemma 7

Given and , the typing holds in .

Let us illustrate the function at work with some examples.

Example 8

We consider first the formula and the empty context. We have:

Now, observe that . We identify as the solution for of the equation . Using as means to communicate solutions of fixed-point equations on the meta-level as for , we have

By unfolding of the fixpoint and by making a choice at each of the elimination alternatives, we can collect from this coterm as the finitary solutions of the sequent all the Church numerals ( with ), together with the infinitary solution , studied before as example for (corresponding to always making the -choice at the elimination alternatives).

Example 9

We consider now an example in the Horn fragment. Let (again with ). Note that the solution spaces of and relative to this sequent are mutually dependent and they give rise to the following system of equations:

and so we have

Whereas for we can collect one finite solution (), for we can only collect infinite solutions. Because in the Horn case the recursive calls of the function are all relative to the same (initial) context, in this fragment the solution space of a sequent can always be expressed as a finite system of equations (one for each atom occurring in the sequent), see Theorem 15.

Example 10

Let us consider one further example where (a formula that can be viewed as double negation of Pierce’s law, when is viewed as absurdity). We have the following (where in sequents we omit formulas on the LHS)

Now, in observe that both have type and both have type , and we are back at but with the duplicates of and of . Later, we will call this duplication phenomenon co-contraction, and we will give a finitary description of and, more generally, of all , see Theorem 24. Of course, by taking the middle alternative in , we obtain a finite proof, showing that is provable in .

We now define a membership semantics for co-terms and elimination alternatives of in terms of sets of (co)terms in .

The membership relations and are contained in and respectively (where stands for the set of elimination alternatives of ) and are given coinductively by the rules in Fig. 5.

Figure 5: Membership relations
Proposition 11

For any , iff in .

  • Proof “If”. Consider the relations

    It suffices to show that , but this cannot be proven alone since and are defined simultaneously. We also prove , and to prove both by coinduction on the membership relations, it suffices to show that the relations , are backwards closed, i. e.:

    1. implies ;

    2. implies for some , ;

    3. implies for all ,

    We illustrate one case. Consider , with . We must show that, for some , . From , we must have . Now, from , there must exist and s. t. . By definition of , there is s. t. .

    “Only if”. By coinduction on the typing relation of . This is conceptually easier than the other direction since is a single coinductively defined notion. We define a relation for which it is sufficient to prove :

    Proving by coinduction amounts to showing that is backwards closed – with respect to the typing relation of , i. e., we have to show:

    1. implies ;

    2. implies the existence of s. t. and, for all , .

    We show the second case (relative to rule LVecIntro). So, we have with and , and we need to show that, for some , we have, for all , . Since , . Hence, the second rule for was used to infer , i. e., there is a s. t. . Therefore, with terms , …, , and, for all , . By the definition of , this means that there are formulas , …, s. t. and, for all , .

Example 12

Let us consider the case of Pierce’s law that is not valid intuitionistically. We have (for ):

The fact that we arrived at and found no elimination alternatives on the way annihilates the co-term and implies there are no terms in the solution space of (hence no proofs, not even infinite ones).

Corollary 13 (Adequacy of the co-inductive representation of proof search in )

For any , we have iff (where the latter is the inductive typing relation of ).

  • Proof By the proposition above and Lemma 3.

4 Finitary representation of proof search in lambda-bar

In the first section we define a calculus of finitary representations. In the third section we obtain our main result (Theorem 24): given , there is a finitary representation of in the finitary calculus. To make the proof easier to understand, we first develop in the second section the particular case of the Horn fragment.

4.1 The finitary calculus

The set of inductive cut-free -terms with finite numbers of elimination alternatives, and a fixpoint operator is denoted by and is given by the following grammar (read inductively):

where is assumed to range over a countably infinite set of fixpoint variables (letters , will also be used to range over fixpoint variables that may also be thought of as meta-variables), and where both are arbitrary. Below, when we refer to finitary terms we have in mind the terms of . The fixed-point operator is called (“greatest fixed point”) to indicate that its semantics is (now) defined in terms of infinitary syntax, but there, fixed points are unique. Hence, the reader may just read this as “the fixed point”.

We now give a straightforward interpretation of the formal fixed points (built with ) of in terms of the coinductive syntax of (using the operation on the meta-level).

Definition 14

We call environment a function from the set of fixpoint variables into the set of (co)terms of . The interpretation of a finitary term (relative to an environment) is a (co)term of given via a family of functions indexed by environments, which is recursively defined as follows:

where the notation stands for the environment obtained from by setting to .

Remark that the recursive definition above has an embedded corecursive case (pertaining to the -operator). Its definition is well-formed since every elimination alternative starts with a head/application variable and the occurrences of are thus guarded.

When a finitary term has no free occurrences of fixpoint variables, all environments determine the same coterm, and in this case we simply write to denote that coterm.

4.2 Equivalence of the representations: Horn case

Theorem 15 (Equivalence for the Horn fragment)

Let be a Horn context. Then, for any atom , there exists with no free occurrences of fixpoint variables such that .

  • Proof

    Let us assume there are atoms occurring in . We define simultaneously functions (one for each atom occurring in ), parameterized by a vector of declarations of the form . The vector is written and is such that no fixpoint variable and no atom occurs twice. The simultaneous definition is by recursion on the number of atoms of not occurring in , and is as follows:

    where vector is obtained by adding the component to the vector . Observe that only fixpoint variables among the fixpoint variables declared in the vector have free occurrences in .

    By induction on the number of atoms of (the fixed sequent) not in (the variable) , we prove that:

    (1)

    Case , for some . Then,

    Otherwise,

    where is given as the unique solution of the following equation:

    (2)

    Now observe that, by I.H., the following equations (3) and (4) are equivalent.

    (3)
    (4)

    By definition of , (4) holds; hence – because of (3) – is the solution of (2), concluding the proof that .

    Finally, the theorem follows as the particular case of (1) where and the vector of fixpoint variable declarations is empty.

4.3 Equivalence of the representations: full implicational case

The main difference with exhaustive proof search in the case of Horn formulas is that the backwards application of RIntro brings new variables into the context that may have the same type as an already existing declaration, and so, for the purpose of proof search, they should be treated the same way.

We illustrate this phenomenon with the following definition and lemma and then generalize it to the form that will be needed for the main theorem (Theorem 24).

Definition 16

For and in , we define and by simultaneous corecursion as follows:

Lemma 17 (Co-contraction: invertibility of contraction)

If , then

  • Proof The proof is omitted since Lemma 20 below is essentially a generalization of this result.

We now capture when a context is an inessential extension of context :

Definition 18
  1. .

  2. if and .

  3. if and .

Let range over sequents of the form . Thus, the last definition clause defines in general when .

Definition 19
  1. Let . For and in , we define and by simultaneous corecursion as follows:

  2. Let . where and . Similarly for .

Lemma 20 (Co-contraction)

If then .

  • Proof Let . We prove that is backward closed relative to the canonical equivalence generated by the coinductive definition of terms of (but see the comments following the proof), whence .

    (5)

    and

    (6)

    where and .

    From we get , hence

    To conclude the proof, it suffices to show that (i) each head-variable that is a “capability” of the summation in (5) is matched by a head-variable that is a “capability” of the summation in (6); and (ii) vice-versa.

    (i) Let . We have to exhibit such that . First case: . By , . So we may take . Second and last case: . By , there is such that . But then .

    (ii) We have to show that, for all , and all , . But this is immediate.

Notice that we cannot expect that the summands appear in the same order in (5) and (6). Therefore, we have to be more careful with the notion of equality of Böhm forests. It is not just bisimilarity, but we assume that the sums of elimination alternatives are treated as if they were sets of alternatives, i. e., we further assume that is symmetric and idempotent. It has been shown by Picard and the second author [11] that bisimulation up to permutations in unbounded lists of children can be managed in a coinductive type even with the interactive proof assistant Coq. In analogy, this coarser notion of equality (even abstracting away from the number of occurrences of an alternative) should not present a major obstacle for a fully formal presentation.

In the rest of the paper – in particular in Theorem 24 – we assume that sums of alternatives are treated as if they were sets.

Example 21 (Example 10 continued)

Thanks to the preceding lemma, is obtained by co-contraction from :

where the type of has been omitted. Hence, , , and can be eliminated, and can be expressed as the (meta-level) fixed point:

now missing out all types in the context substitution. Finally, we obtain the closed Böhm forest

The question is now how to give a finitary meaning to terms like in the example above, which are defined by fixed points over variables subject to context substitution. We might expect to use the equation defining to obtain a finitary representation in , provided context substitution is defined on this system. But how to do that? Applying say to a plain fixed-point variable cannot make much sense.

The desired finitary representation in the full implicational case is obtained by adjusting the terms of used in the Horn case as follows:

Hence fixpoint variables are “typed” with sequents .

Different free occurrences of the same may be ”typed” with different ’s, as long as a lower bound of these ’s can be found w.r.t. (Definition 18).

Relatively to Definition 14, an environment now assigns (co)terms of to “typed” fixpoint variables , provided does not occur with two different “types” in the domain of , for all ; we also change the following clauses:

We will have to assign some default value to in case there is no such , but this will not play a role in the main result below.

Map