Proof theory for Boolean bunched logic James Brotherston - - PowerPoint PPT Presentation

Proof theory for Boolean bunched logic

James Brotherston

Programming Principles, Logic and Verification Group

• Dept. of Computer Science

University College London, UK J.Brotherston@ucl.ac.uk

Logic Summer School, ANU, 9 Dec 2015

1/ 19

Gentzen-style proof systems

Gentzen-style systems are built around proof rules manipulating judgements called sequents, of the form: Γ ⊢ ∆ where Γ, ∆ are sets, multisets or even more exotic structures.

2/ 19

Gentzen-style proof systems

Gentzen-style systems are built around proof rules manipulating judgements called sequents, of the form: Γ ⊢ ∆ where Γ, ∆ are sets, multisets or even more exotic structures. Characteristic feature: for any logical connective there should be proof rules explaining how to introduce that connective on the left and right of the conclusion of the rule.

2/ 19

Gentzen-style proof systems

Gentzen-style systems are built around proof rules manipulating judgements called sequents, of the form: Γ ⊢ ∆ where Γ, ∆ are sets, multisets or even more exotic structures. Characteristic feature: for any logical connective there should be proof rules explaining how to introduce that connective on the left and right of the conclusion of the rule. There are also structural rules that only involve sequent structure, not logical connectives.

2/ 19

Example: Gentzen’s LK

E.g., in Gentzen’s LK for classical propositional logic, the sequents are built from sets, interpreted as Γ ⊢ ∆ is valid ⇐ ⇒ Γ | = ∆

3/ 19

Example: Gentzen’s LK

E.g., in Gentzen’s LK for classical propositional logic, the sequents are built from sets, interpreted as Γ ⊢ ∆ is valid ⇐ ⇒ Γ | = ∆ and the rules for → are: Γ ⊢ A, ∆ Γ, B ⊢ ∆ (→L) Γ, A → B ⊢ ∆ Γ, A ⊢ B, ∆ (→R) Γ ⊢ A → B, ∆

3/ 19

Example: Gentzen’s LK

E.g., in Gentzen’s LK for classical propositional logic, the sequents are built from sets, interpreted as Γ ⊢ ∆ is valid ⇐ ⇒ Γ | = ∆ and the rules for → are: Γ ⊢ A, ∆ Γ, B ⊢ ∆ (→L) Γ, A → B ⊢ ∆ Γ, A ⊢ B, ∆ (→R) Γ ⊢ A → B, ∆ Structural rules include: Γ, Γ ⊢ ∆ (ContrL) Γ ⊢ ∆ Γ ⊢ ∆ (WkL) Γ ⊢ ∆, ∆′

3/ 19

Analyticity

The holy grail for Gentzen systems is analyticity, a.k.a. the subformula property:

4/ 19

Analyticity

The holy grail for Gentzen systems is analyticity, a.k.a. the subformula property: The premises of each rule only involve subformulas of the conclusion.

4/ 19

Analyticity

The holy grail for Gentzen systems is analyticity, a.k.a. the subformula property: The premises of each rule only involve subformulas of the conclusion. Hence in any derivation of Γ ⊢ ∆, the

• nly formulas that appear are subformulas of formulas

in Γ ∪ ∆.

4/ 19

Analyticity

The holy grail for Gentzen systems is analyticity, a.k.a. the subformula property: The premises of each rule only involve subformulas of the conclusion. Hence in any derivation of Γ ⊢ ∆, the

• nly formulas that appear are subformulas of formulas

in Γ ∪ ∆. This means getting rid of the dreaded cut rule, the sequent equivalent of modus ponens: Γ ⊢ A A ⊢ ∆ (Cut) Γ ⊢ ∆

4/ 19

Analyticity

The holy grail for Gentzen systems is analyticity, a.k.a. the subformula property: The premises of each rule only involve subformulas of the conclusion. Hence in any derivation of Γ ⊢ ∆, the

• nly formulas that appear are subformulas of formulas

in Γ ∪ ∆. This means getting rid of the dreaded cut rule, the sequent equivalent of modus ponens: Γ ⊢ A A ⊢ ∆ (Cut) Γ ⊢ ∆ Getting rid of this is called cut-elimination, and proof theorists are absolutely obsessed with it!

4/ 19

BBI, proof-theoretically

Recall: Provability in BBI is given by extending a Hilbert system for propositional classical logic by A ∗ B ⊢ B ∗ A A ∗ (B ∗ C) ⊢ (A ∗ B) ∗ C A ⊢ A ∗ I A ∗ I ⊢ A A1 ⊢ B1 A2 ⊢ B2 A1 ∗ A2 ⊢ B1 ∗ B2 A ∗ B ⊢ C A ⊢ B — ∗ C A ⊢ B — ∗ C A ∗ B ⊢ C

5/ 19

Motivation

• Can we give an analytic proof system for BBI?

6/ 19

Motivation

• Can we give an analytic proof system for BBI?
• For quite a long time in the 2000s, researchers tried to find

a nice sequent calculus for BBI, but cut-elimination typically failed.

6/ 19

Motivation

• Can we give an analytic proof system for BBI?
• For quite a long time in the 2000s, researchers tried to find

a nice sequent calculus for BBI, but cut-elimination typically failed.

• But we can give an analytic Gentzen system based on the

slightly more general notion of display calculus.

6/ 19

Display calculus: an overview

• Display calculi were first formulated by Belnap in the 1980s

(sequent calculi were invented by Gentzen in the 1930s).

7/ 19

Display calculus: an overview

• Display calculi were first formulated by Belnap in the 1980s

(sequent calculi were invented by Gentzen in the 1930s).

• Like sequent calculi, display calculi work with sequents of

the form X ⊢ Y , with left- and right-introduction rules for each logical connective.

7/ 19

Display calculus: an overview

• Display calculi were first formulated by Belnap in the 1980s

(sequent calculi were invented by Gentzen in the 1930s).

• Like sequent calculi, display calculi work with sequents of

the form X ⊢ Y , with left- and right-introduction rules for each logical connective.

• But, the structures X and Y can be structurally more

complex than simple sets or multisets.

7/ 19

Display calculus: an overview

• Display calculi were first formulated by Belnap in the 1980s

(sequent calculi were invented by Gentzen in the 1930s).

• Like sequent calculi, display calculi work with sequents of

the form X ⊢ Y , with left- and right-introduction rules for each logical connective.

• But, the structures X and Y can be structurally more

complex than simple sets or multisets.

• Most importantly, display calculi allow us to rearrange

sequents to focus on any individual part (like rearranging an equation in standard algebra).

7/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY ,

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY , where Ψ− and Υ− are defined by:

ΨA = A ΥA = A

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY , where Ψ− and Υ− are defined by:

ΨA = A ΥA = A Ψ∅ = I Υ∅ = undefined

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY , where Ψ− and Υ− are defined by:

ΨA = A ΥA = A Ψ∅ = I Υ∅ = undefined Ψ♯X = ¬ΥX Υ♯X = ¬ΨX

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY , where Ψ− and Υ− are defined by:

ΨA = A ΥA = A Ψ∅ = I Υ∅ = undefined Ψ♯X = ¬ΥX Υ♯X = ¬ΨX ΨX;Y = ΨX ∧ ΨY ΥX;Y = ΥX ∨ ΥY

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY , where Ψ− and Υ− are defined by:

ΨA = A ΥA = A Ψ∅ = I Υ∅ = undefined Ψ♯X = ¬ΥX Υ♯X = ¬ΨX ΨX;Y = ΨX ∧ ΨY ΥX;Y = ΥX ∨ ΥY ΨX,Y = ΨX ∗ ΨY ΥX,Y = ΨX — ∗ ΥY

8/ 19

Structures and interpretation

Structures X defined as follows: X ::= A | ∅ | ♯X | X; X | X, X A sequent X ⊢ Y is valid if ΨX | = ΥY , where Ψ− and Υ− are defined by:

ΨA = A ΥA = A Ψ∅ = I Υ∅ = undefined Ψ♯X = ¬ΥX Υ♯X = ¬ΨX ΨX;Y = ΨX ∧ ΨY ΥX;Y = ΥX ∨ ΥY ΨX,Y = ΨX ∗ ΨY ΥX,Y = ΨX — ∗ ΥY

(N.B. (1) we switch from one interpretation function to the

• ther when going inside ♯; (2) ∅ is not allowed to occur

“positively” in a sequent.)

8/ 19

Display property

We give the following display rules for our sequents: X ; Y ⊢ Z <>D X ⊢ ♯Y ; Z <>D Y ; X ⊢ Z

9/ 19

Display property

We give the following display rules for our sequents: X ; Y ⊢ Z <>D X ⊢ ♯Y ; Z <>D Y ; X ⊢ Z X ⊢ Y ; Z <>D X ; ♯Y ⊢ Z <>D X ⊢ Z ; Y

9/ 19

Display property

We give the following display rules for our sequents: X ; Y ⊢ Z <>D X ⊢ ♯Y ; Z <>D Y ; X ⊢ Z X ⊢ Y ; Z <>D X ; ♯Y ⊢ Z <>D X ⊢ Z ; Y X ⊢ Y <>D ♯Y ⊢ ♯X <>D ♯♯X ⊢ Y

9/ 19

Display property

We give the following display rules for our sequents: X ; Y ⊢ Z <>D X ⊢ ♯Y ; Z <>D Y ; X ⊢ Z X ⊢ Y ; Z <>D X ; ♯Y ⊢ Z <>D X ⊢ Z ; Y X ⊢ Y <>D ♯Y ⊢ ♯X <>D ♯♯X ⊢ Y X , Y ⊢ Z <>D X ⊢ Y , Z <>D Y , X ⊢ Z

9/ 19

Display property

We give the following display rules for our sequents: X ; Y ⊢ Z <>D X ⊢ ♯Y ; Z <>D Y ; X ⊢ Z X ⊢ Y ; Z <>D X ; ♯Y ⊢ Z <>D X ⊢ Z ; Y X ⊢ Y <>D ♯Y ⊢ ♯X <>D ♯♯X ⊢ Y X , Y ⊢ Z <>D X ⊢ Y , Z <>D Y , X ⊢ Z We call the reflexive-transitive closure of these rules display equivalence, ≡D.

9/ 19

Display property

We give the following display rules for our sequents: X ; Y ⊢ Z <>D X ⊢ ♯Y ; Z <>D Y ; X ⊢ Z X ⊢ Y ; Z <>D X ; ♯Y ⊢ Z <>D X ⊢ Z ; Y X ⊢ Y <>D ♯Y ⊢ ♯X <>D ♯♯X ⊢ Y X , Y ⊢ Z <>D X ⊢ Y , Z <>D Y , X ⊢ Z We call the reflexive-transitive closure of these rules display equivalence, ≡D. Then we get the crucial display property: Theorem For any “negative” part Z of X ⊢ Y we have X ⊢ Y ≡D Z ⊢ W, and for any “positive” part Z of X ⊢ Y we have X ⊢ Y ≡D W ⊢ Z.

9/ 19

Identity and logical rules

Identity rules: (Id) A ⊢ A W ⊢ Z W ⊢ Z ≡D X ⊢ Y (≡D) X ⊢ Y X ⊢ A A ⊢ Y (Cut) X ⊢ Y Logical rules: A ⊢ X B ⊢ X (∨L) A ∨ B ⊢ X X ⊢ A B ⊢ Y (→L) A → B ⊢ ♯X ; Y X ⊢ A B ⊢ Y (— ∗L) A — ∗ B ⊢ X , Y X ⊢ A1 ; A2 (∨R) X ⊢ A1 ∨ A2 X ; A ⊢ B (→R) X ⊢ A → B X ⊢ A , B (— ∗R) X ⊢ A — ∗ B (etc.)

10/ 19

Structural rules

X ; X ⊢ Z (Contr) X ⊢ Z X ⊢ Z (Weak) X ; Y ⊢ Z X ⊢ Y (∅1) ∅ , X ⊢ Y ∅ , X ⊢ Y (∅2) X ⊢ Y W , (X , Y ) ⊢ Z (Assoc) (W , X) , Y ⊢ Z

11/ 19

Soundness

Theorem (Soundness) If X ⊢ Y is provable in our display calculus then it is valid.

12/ 19

Soundness

Theorem (Soundness) If X ⊢ Y is provable in our display calculus then it is valid. Proof is easy: just check that each rule preserves validity from premises to conclusion.

12/ 19

Soundness

Theorem (Soundness) If X ⊢ Y is provable in our display calculus then it is valid. Proof is easy: just check that each rule preserves validity from premises to conclusion. E.g., for the rule X ⊢ A B ⊢ Y (— ∗L) A — ∗ B ⊢ X , Y

12/ 19

Soundness

Theorem (Soundness) If X ⊢ Y is provable in our display calculus then it is valid. Proof is easy: just check that each rule preserves validity from premises to conclusion. E.g., for the rule X ⊢ A B ⊢ Y (— ∗L) A — ∗ B ⊢ X , Y assume premises are valid, i.e. ΨX | = A and B | = ΥY ; we have to show A — ∗ B | = ΨX — ∗ ΥY .

12/ 19

Soundness

Theorem (Soundness) If X ⊢ Y is provable in our display calculus then it is valid. Proof is easy: just check that each rule preserves validity from premises to conclusion. E.g., for the rule X ⊢ A B ⊢ Y (— ∗L) A — ∗ B ⊢ X , Y assume premises are valid, i.e. ΨX | = A and B | = ΥY ; we have to show A — ∗ B | = ΨX — ∗ ΥY . This can be done by appealing to the semantics, or by deriving in the Hilbert system for BBI.

12/ 19

Completeness (1)

Theorem If X ⊢ Y is valid then it is provable in our display calculus.

13/ 19

Completeness (1)

Theorem If X ⊢ Y is valid then it is provable in our display calculus. First, we need a couple of lemmas:

13/ 19

Completeness (1)

Theorem If X ⊢ Y is valid then it is provable in our display calculus. First, we need a couple of lemmas: Lemma (1) For any structure X, both X ⊢ ΨX and ΥX ⊢ X are provable.

13/ 19

Completeness (1)

Theorem If X ⊢ Y is valid then it is provable in our display calculus. First, we need a couple of lemmas: Lemma (1) For any structure X, both X ⊢ ΨX and ΥX ⊢ X are provable. (Proof by structural induction on X. Note we only care about the case where ΥX is defined.)

13/ 19

Completeness (1)

Theorem If X ⊢ Y is valid then it is provable in our display calculus. First, we need a couple of lemmas: Lemma (1) For any structure X, both X ⊢ ΨX and ΥX ⊢ X are provable. (Proof by structural induction on X. Note we only care about the case where ΥX is defined.) Lemma (2) If F ⊢ G is provable in the Hilbert system for BBI then it is provable in the display calculus too.

13/ 19

Proof of completeness

Suppose X ⊢ Y is valid, i.e. ΨX | = ΥY .

14/ 19

Proof of completeness

Suppose X ⊢ Y is valid, i.e. ΨX | = ΥY . By completeness of Hilbert system, ΨX ⊢ ΥY is provable in BBI.

14/ 19

Proof of completeness

Suppose X ⊢ Y is valid, i.e. ΨX | = ΥY . By completeness of Hilbert system, ΨX ⊢ ΥY is provable in BBI. Then X ⊢ Y is provable in display calculus as follows:

14/ 19

Proof of completeness

Suppose X ⊢ Y is valid, i.e. ΨX | = ΥY . By completeness of Hilbert system, ΨX ⊢ ΥY is provable in BBI. Then X ⊢ Y is provable in display calculus as follows:

(Lemma 1) · · · X ⊢ ΨX (Lemma 2) · · · ΨX ⊢ ΥY (Lemma 1) · · · ΥY ⊢ Y (Cut) ΨX ⊢ Y (Cut) X ⊢ Y

14/ 19

Cut-elimination

All the rules except (Cut) have the subformula property.

15/ 19

Cut-elimination

All the rules except (Cut) have the subformula property. So to get analyticity, we need Theorem (Cut-elimination) Any proof of X ⊢ Y can be transformed into a proof of X ⊢ Y without (Cut): X ⊢ F F ⊢ Y (Cut) X ⊢ Y

15/ 19

Cut-elimination

All the rules except (Cut) have the subformula property. So to get analyticity, we need Theorem (Cut-elimination) Any proof of X ⊢ Y can be transformed into a proof of X ⊢ Y without (Cut): X ⊢ F F ⊢ Y (Cut) X ⊢ Y Belnap ’82 famously gave a set of syntactic conditions C1–C8

• n the proof rules of a display calculus which are sufficient to

guarantee this.

15/ 19

Cut-elimination

All the rules except (Cut) have the subformula property. So to get analyticity, we need Theorem (Cut-elimination) Any proof of X ⊢ Y can be transformed into a proof of X ⊢ Y without (Cut): X ⊢ F F ⊢ Y (Cut) X ⊢ Y Belnap ’82 famously gave a set of syntactic conditions C1–C8

• n the proof rules of a display calculus which are sufficient to

guarantee this. Most are boring and easy to check. The only non-trivial one is that so-called principal cuts can be reduced to cuts on smaller formulas.

15/ 19

Principal cuts

An instance of cut in a proof is called principal if the cut formula F has immediately been introduced in both premises by the right- and left-side logical rules for the main connective in F.

16/ 19

Principal cuts

An instance of cut in a proof is called principal if the cut formula F has immediately been introduced in both premises by the right- and left-side logical rules for the main connective in F. E.g., the following is a principal cut:

X ⊢ F , G (— ∗R) X ⊢ F — ∗ G Y ⊢ F G ⊢ Z (— ∗L) F — ∗ G ⊢ Y , Z (Cut) X ⊢ Y , Z

16/ 19

Principal cuts

An instance of cut in a proof is called principal if the cut formula F has immediately been introduced in both premises by the right- and left-side logical rules for the main connective in F. E.g., the following is a principal cut:

X ⊢ F , G (— ∗R) X ⊢ F — ∗ G Y ⊢ F G ⊢ Z (— ∗L) F — ∗ G ⊢ Y , Z (Cut) X ⊢ Y , Z

Belnap’s condition C8 requires us to show that we can transform this derivation into one where only cuts on the smaller subformulas, F and G, are used.

16/ 19

Cut elimination

Here’s the reduced principal cut:

Y ⊢ F X ⊢ F , G (D≡) X, F ⊢ G G ⊢ Z (Cut) X, F ⊢ Z (D≡) F ⊢ X , Z (Cut) Y ⊢ X , Z (D≡) X ⊢ Y , Z

Other types of principal cut can be treated similarly. This gives us cut-elimination by Belnap’s theorem.

17/ 19

Consequences

• Proof search in this system, even though it’s analytic, is

still very difficult (display rules, structural rules).

18/ 19

Consequences

• Proof search in this system, even though it’s analytic, is

still very difficult (display rules, structural rules).

• In general, for both display and sequent calculi:

cut-elimination ⇒ (semi)decidability

(cf. linear logic, relevant logic, arithmetic . . . )

18/ 19

Consequences

• Proof search in this system, even though it’s analytic, is

still very difficult (display rules, structural rules).

• In general, for both display and sequent calculi:

cut-elimination ⇒ (semi)decidability

(cf. linear logic, relevant logic, arithmetic . . . )

• Indeed, as we shall see in the next lecture, BBI is still in

fact undecidable.

18/ 19

Consequences

• Proof search in this system, even though it’s analytic, is

still very difficult (display rules, structural rules).

• In general, for both display and sequent calculi:

cut-elimination ⇒ (semi)decidability

(cf. linear logic, relevant logic, arithmetic . . . )

• Indeed, as we shall see in the next lecture, BBI is still in

fact undecidable.

• Cut-elimination provides structure and removes infinite

branching points from the proof search space.

18/ 19

Further reading

James Brotherston. Bunched logics displayed. In Studia Logica 100(6). Springer, 2012. Nuel D. Belnap, Jr. Display logic. In Journal of Philosophical Logic, vol. 11, 1982.

• D. Larchey-Wendling and D. Galmiche.

Exploring the relation between intuitionistic BI and Boolean BI: an unexpected embedding. In Math. Struct. in Comp. Sci., vol. 19. Cambridge Univ. Press, 2009.

• J. Park, J. Seo and S. Park.

A theorem prover for Boolean BI. In Proc. POPL-40. ACM, 2013.

• Z. H´
• u, A. Tiu and R. Gor´

e. A labelled sequent calculus for BBI: proof theory and proof search. In Journal of Logic and Computation. OUP, 2015.

19/ 19