La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

Hierarchical contextual reasoning [Elektronische Ressource] / Serge Autexier

245 pages
Hierarchical Contextual ReasoningSerge AutexierDissertation zur Erlangung des GradesDoktor der Ingenieurwissenschaften (Dr.-Ing.)der Naturwissenschaftlich-Technischen Fakultat¤ Ider Universitat¤ des SaarlandesSaarbruck¤ en, 2003Dekan Prof. Dr. Philipp SlusallekVorsitzender Prof. Dr. Reinhard WilhelmGutachter Prof. Dr. (PhD) Jor¤ g Siekmann, Universitat¤ des SaarlandesProf. Dr. (PhD) Frank Pfenning, Carnegie Mellon University, Pittsburgh, USAProf. Dr. Gert Smolka, Universitat¤ des SaarlandesKolloquium 19. Dezember 2003ContentsKurzzusammenfassung VAbstract VIIZusammenfassung IXExtended Abstract XIAcknowledgements XIIII Introduction 11 Introduction 31.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.1.1 Communication of Proof Knowledge . . . . . . . . . . . . . . . . . . . . . 31.1.2 Proof Construction Steps and Proof History . . . . . . . . . . . . . . . . . . 41.1.3 Status of Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.2 The CORE System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.3 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Historical Overview and State of the Art 112.1 Foundations of Mechanised Reasoning . . . . . . . . . . . . . . . . . . . . . . . . . 122.2 Development of Programs for Mechanised Reasoning . . . . . . . . . . . . . . . . . 132.3 Application of for . . . . . . . . . . . . .
Voir plus Voir moins

chicalHierar

Contextual

geSer

Dissertation

zur

utexierA

Erlangung

des

Reasoning

Grades

.-Ing.)(DrIngenieurwissenschaftenderDoktor

der

Naturwissenschaftlich-TechnischenFakult¨at

der

at¨ersitvUni

des

en,uck¨Saarbr

Saarlandes

2003

I

Dekan

orsitzenderV

Gutachter

olloquiumK

Prof.

Prof.

Prof.

Prof.

Prof.

Dr.

.Dr

.Dr

.Dr

.Dr

Philipp

Slusallek

ilhelmWReinhard

Siekmann,gor¨J(PhD)

Uniat¨ersitv

des

Saarlandes

(PhD)FrankPfenning,CarnegieMellonUniversity,

GertSmolka,Universit¨atdesSaarlandes

2003Dezember19.

gh,urPittsb

USA

Contents

urzzusammenfassungKAbstractZusammenfassungAbstractExtendedwledgementsAckno

VVIIIXXIXIII

1oductionIntrI3oductionIntr11.1Motivation........................................3
1.1.1CommunicationofProofKnowledge.....................3
1.1.2ProofConstructionStepsandProofHistory..................4
1.1.3StatusofProofs.................................7
1.2TheCORESystem...................................7
1.3OverviewoftheThesis.................................9
2HistoricalOverviewandStateoftheArt11
2.1FoundationsofMechanisedReasoning.........................12
2.2DevelopmentofProgramsforMechanisedReasoning.................13
2.3ApplicationofProgramsforMechanisedReasoning..................14

17ReasoningContextualII3Syntax,SemanticsandUniformNotation19
3.1TermsandSubtermOccurrences............................19
3.2Syntax..........................................22
3.3Semantics........................................23
3.3.1SemanticsforClassicalFirstOrderModalLogic...............23
3.3.2SemanticsforClassicalHigherOrderLogic..................24
3.3.3UnifyingNotations...............................25
3.4UniformNotation....................................26
3.5PreliminaryRemarks..................................29
3.5.1SketchoftheCOREProof-Theory.......................30
I

II

CONTENTS

4IndexedFormulaTrees
4.1InitialIndexedFormulaTrees..............................
4.2Leibniz’Equality....................................
4.3Extensionality......................................
4.4Booleanζ-Expansion..................................
4.5Substitutions......................................
4.6BindingGeneratedVariables..............................
4.7Cut............................................
4.8ConnectionsandL-UnsatisfiablePaths.........................
4.9CutRuleApplications..................................
4.10SoundnessandCompleteness..............................
4.11IncreaseofMultiplicities................................
4.12SoundnessandCompletenessRevisited........................
4.13Summary........................................
5FreeVariableIndexedFormulaTrees
5.1InitialFreeVariableIndexedFormulaTrees......................
5.1.1PathsinFreeVariableIndexedFormulaTrees.................
5.2LogicalContextandReplacementRules........................
5.3CORECalculusRules..................................
5.3.1Contraction...................................
5.3.2Weakening...................................
5.3.3StructuralModalPermutation.........................
5.3.4ReplacementRuleApplication.........................
5.3.5Simplification..................................
5.3.6Leibniz’Equality................................
5.3.7Extensionality.................................
5.3.8Booleanζ-Expansion..............................
5.3.9Instantiation..................................
5.3.10IncreaseofMultiplicities............................
5.3.11ApplicationofRewritingReplacementRules.................
5.3.12Cut.......................................
5.4Completeness......................................
5.5ANoteonCutElimination...............................
5.6Summary........................................

31314042464749505252555559596161666770727373747880828385858689919192

93ReasoningchicalHierarIII6WindowInferencing95
6.1Motivation........................................96
6.2Windows,WindowStructuresandWindowProofStates................98
6.3COREWindowInferenceRules............................101
6.3.1WindowInferenceRulesforWindowStructures...............101
6.3.2CORECalculusWindowInferenceRules...................103
6.4Summary........................................114

CONTENTS

III

7ChangeofRepresentation115
7.1ExamplesforRepresentationalChanges........................115
7.2ConceptsandRulesforRepresentationalChange...................118
7.2.1ReasoningDomains..............................119
7.2.2RepresentationalAbstractions.........................119
7.2.3RepresentationalRefinements.........................120
7.3Summary........................................121
8HierarchicalProofDatastructure123
8.1MotivationoftheHierarchicalProofDatastructure..................123
8.1.1COREWindowInferenceRules........................124
8.1.2RolesofWindowProofNodes.........................131
8.1.3HierarchiesinProofs..............................132
8.2HierarchicalProofDatastructure............................137
8.3ProofPathsandDependencies.............................140
8.4CategoriesofJustifications...............................141
8.5Backtracking......................................142
8.6Summary........................................142

143pplicationsAIV9InterfaceforReasoningProcedures145
9.1TheTacticLanguage..................................145
9.2Backtracking......................................146
9.3ReplacementRules...................................147
9.4Filters..........................................147
9.5TacticExecution&HierarchicalProofDatastructure.................149
9.6Summary........................................150
10SequentCalculusStyleInterface151
10.1Sch¨utte’sβ-DecompositionRule............................151
10.2SequentsandSequentStyleInferenceRules......................154
10.2.1SKStyleAxiomRule.............................156
10.2.2SKStyleWeakeningRule...........................157
10.2.3SKStyleContractionRule...........................158
10.2.4SKStyleα-DecompositionRule........................158
10.2.5SKStyleβ-DecompositionRule........................159
10.2.6SKStyleν-andπ-DecompositionRules....................160
10.2.7SKStyleInstantiation.............................160
10.2.8SKStyleIncreaseofMultiplicities.......................161
10.2.9SKStyleLeibniz’EqualityIntroduction....................162
10.2.10SKStyleExtensionalityIntroduction.....................162
10.2.11SKStyleζ-ExpansionRule..........................162
10.2.12SKStyleCutrule................................163
10.3ANoteonDeductionModulo.............................163
10.4Summary........................................165

CONTENTSIV11SampleProofsinCORE167
11.1Higher-OrderLogicProofs...............................167
ooo→o11.1.1Proofofp(a∧b)⇒p(b∧a).......................167
o→o11.1.2Proofof∀p.λx.p(p(p(x)))=λx.p(x).................169
11.2IrrationalityofSquareRootof2............................170
11.3First-OrderModalLogics................................174
11.3.1Proofof∃x.(ϕ(x)∨ψ(y))⇔∃x.(ϕ(x)∨ψ(y))...........174
177ConclusionV179orkwRelated1212.1ContextualReasoning..................................179
12.1.1WindowInferenceReasoning.........................180
12.2HierarchicalReasoning.................................180
12.2.1HierarchiesofSubproblems..........................180
12.2.2DerivationalHierarchies............................180
12.2.3RepresentationalHierarchies..........................181
12.2.4ProofDatastructureinΩMEGA.........................181
12.3ReplacementRules...................................182
12.3.1ModifiersinINKA...............................182
12.3.2AssertionLevelforProofPresentation.....................183
12.3.3Higher-OrderRewriting............................183
12.3.4DeductionModulo...............................183
12.3.5FocusingProofConstruction..........................184
12.4Calculi..........................................184
12.4.1Sch¨utte’sProofTheory.............................184
12.4.2MatrixCalculi.................................185
12.4.3SequentCalculus................................186
12.4.4ResolutionandParamodulationbasedCalculi.................187
189Conclusion1313.1FutureWork.......................................191
193encesRefer207ppendixA209oofPrCompletenessABSampleCOREWindowProofs213
ooo→oB.1Proofofp(a∧b)⇒p(b∧a)...........................213
B.2Proofof∀po→o.λx.p(p(p(x)))=λx.p(x).....................215
B.3ProofoftheIrrationalityofSquareRootof2......................219
B.4Proofof∃x.(ϕ(x)∨ψ(y))⇔∃x.(ϕ(x)∨ψ(y))...............222
225Index

urzzusammenfassungK

Dascomputergest¨utzteBeweisenvonTheoremenerfordertdenEingriffdesmenschlichenBenut-

zersselbstf¨urnachmenschlichenMaßst¨abeneinfacheTheoreme.DieseArbeitdefinierteineKom-

munikationsplattform,dieeinesynergetischeKooperationdesBenutzersmitdenBeweisverfahren

erm¨oglicht.AufderGrundlageeinerneuenBeweistheorief¨urkontextbasiertesBeweisenwerdenfast

alleAspektederKommunikationabgedeckt,angefangenbeiderPr¨asentationdesBeweiszustandes

¨uberdieBereitstellungkontextabh¨angigerInformationenzurFortf¨uhrungdesBeweises,bishinzur

Unterst¨utzungeinerhierarchischenBeweisentwicklung.Dief¨ureineganzeKlassevonLogikenein-

heitlicheBeweistheorieberuhtaufbeweistheoretischenAnnotationeninFormeln.Sieunterst¨utztei-

nekontextabh¨angigeBeweisf¨uhrung,diem¨oglichstintuitivf¨urdenBenutzerundgleichzeitignoch

ad¨aquatf¨urautomatischeBeweisverfahrenist.

hierarchischer

Beenweismethodik

elt.entwick

Daruberhinaus¨

V

werden

onzepteK

zur

utzung¨Unterst

Abstract

Computersupporteddevelopmentofproofsrequiresuserinteractionevenfortheoremsthataresimple
byhumanstandards.Inthisthesiswedefineacommunicationinfrastructureasamediatorbetween
theuserandtheautomaticreasoningprocedures.Itisbasedonanewuniformmetaprooftheoryfor
contextualreasoningandencompassesmostaspectsofcommunicationfromthepresentationofthe
proofstate,viathesupplyofrelevantcontextualinformationaboutpossibleproofcontinuations,to
thesupportforahierarchicalproofdevelopment.Theprooftheoryisuniformforavarietyoflogics.
Itexploitsprooftheoreticannotationsinformulasforacontextualreasoningstylethatisasfaras
possibleintuitivefortheuserwhileatthesametimestilladequateforautomaticreasoningproce-
dures.Furthermore,conceptsaredefinedtoaccomodateboththeuseandtheexplicitrepresentation
ofhierarchiesthatareinherentinproblemsolvingingeneral.

VII

Zusammenfassung

Dascomputergest¨utzteBeweisenvonTheoremenerfordertdengezieltenEingriffdesmenschlichen
Benutzersselbstf¨urnachmenschlichenMaßst¨abeneinfacheTheoreme.DieseArbeitdefinierteine
Kommunikationsplattform,dieeinesynergetischeKooperationdesBenutzersmitdenBeweisverfah-
renerm¨oglicht.DieanhandeinesidealenBeweissystemserstellteAnforderungsspezifikationordnet
allgemeineBeweisschritteinzweiinformelleKategorienein.DieersteKategoriebeinhaltetdieBe-
weischritte,dieeinenBeweisinnerhalbeinerAbstraktionsebenefortf¨uhrenundunterscheidetwei-
terhinzwischennachweisbarkorrektenBeweisschrittenundspekulativenBeweisschritten.Diezwei-
teKategorieumfaßtdahingegenhierarchischeBeweisschritte.HierarchischeStrukturensindallge-
genw¨artiginjederArtvonBeweismethodikundresultierenausderStrukturderFormeln,derVer-
wendungvonAbstraktionensowiederStrukturierungderBeweisverfahrenuntereinander.DieAnfor-
derungsspezifikationunddieKategorienmotivierendieEntwicklungderKommunikationsplattform
COREaufderGrundlageeinesneuenBeweiskalk¨ulsf¨urkontextbasiertesBeweisen.DieKommuni-
kationsplattformumfaßtdabeifastalleAspektederKommunikation,angefangenmitderPr¨asentation
desBeweiszustandes¨uberdieBereitstellungrelevanterundkontextabh¨angigerInformationenf¨ur
m¨oglicheFortf¨uhrungendesBeweises,bishinzurUnterst¨utzungeinerhierarchischenBeweisent-
wicklung.ImerstenTeilderArbeitwirddieBeweistheoriedefiniert.DieHauptanforderungdabeiwar,dass
derZustandeinesBeweisesineinerFormrepr¨asentiertwird,diesowohlad¨aquatf¨urautomatische
Beweisverfahrenistalsauchintuitivf¨ureinenmenschlichenBenutzer.DieserforderteinedirekteUn-
terst¨utzungf¨urkontextbasiertesBeweisenaufbeliebigenTeilformelnsowiezumBeispieldieunmit-
telbareEntwicklungeinesBeweisesaufderFakten-Ebene,welchealsad¨aquateBeweisrepr¨asentation
zurPr¨asentationvonBeweiseninnat¨urlicherSprachevorgeschlagenwurde.DieBeweistheorieberuht
aufzweiS¨aulen:ImerstenTeilwirdeinkorrekterundvollst¨andigerMatrix-Beweiskalk¨ulf¨urinde-
xierteFormelb¨aumeeinheitlichf¨ureineKlassevonLogikendefiniert.IndexierteFormelb¨aumesowie
dieverwandtenExpansionsb¨aumef¨urLogikh¨ohererStuferepr¨asentierenQuantoren-Abh¨angigkeiten
aufeinheitlicheundeffizienteArtundWeise.DieindexiertenFormelb¨aumewerdendurchZerlegung
derzubeweisendeFormelnentlangihrerStrukturgewonnen,wobeidieeinzelnenTeilederFormel
mitPolarit¨atenundeinheitlichenTypenannotiertwerden.JedefreiinstantiierbarequantifizierteTeil-
formelwirddabeiineinebeliebigeaberfesteAnzahlvonInstanzenzerlegt,welchealsMultiplizit¨aten
derTeilformelnbezeichnetwerden.ZurVermeidungdieserstatischenFestlegungderMultiplizit¨aten
wirdderBeweiskalk¨ulumeineeffizienteBeweisregelerweitert,dieeserlaubtzujedemZeitpunkt
imBeweisdieMultiplizit¨atendynamischanzupassen.DerresultierendeBeweiskalk¨ulistkorrektund
vollst¨andigundbildetdasR¨uckgradderBeweistheorief¨urdie¨Uberpr¨ufungderZul¨assigkeitvonSub-
stitutionen.DerzweiteTeilderBeweistheorieerweitertdenMatrix-Beweiskalk¨ulumintuitiveund
kontextbasierteBeweisregeln.DabeiwirdderMatrix-Kalk¨ulerg¨anztumeineFormelmitfreienVa-
riablen,dieausdemindexiertenFormelbaumresultiert.DieFormelwirdvollst¨andigmitPolarit¨aten
undeinheitlichenTypenannotiertunddiesebeweistheoretischenAnnotationenbildendieGrundlage
f¨urdieDefinitiondeslogischenKontextesvonTeilformelnsowiederdarinenthaltenenErsetzungs-
regeln.DiedefiniertenErsetzungsregelnk¨onnensowohlalsRealisierungvonBeweisschrittenaufder
Fakten-Ebeneangesehenwerden,alsauchalsverallgemeinerteResolutions-undParamodulations-

IX

X

Regeln.Diejanusk¨opfigenErsetzungsregelnunterst¨utzensomitzumeinendieBeweisf¨uhrungauf
derFakten-Ebene,dieidealeGrundlagef¨urBenutzerinteraktionundabstraktesBeweisplanen,und
zumanderendieImplementierungautomatischerBeweisverfahren,wiezumBeispielTaktikenund
ordnungsbasierteBeweisverfahren.ImentwickeltenBeweiskalk¨ulbestehteinBeweiszustandausei-
nemindexiertenFormelbaumundeinerFormelmitfreienVariablen.EinBeweisistabgeschlossen,
wenndieseFormelzudertrivialerweiseg¨utligenFormelTruereduziertwurde.DerKalk¨ulbestehtaus
zw¨olfBeweisregeln,diejedeeinenBeweiszustandzugenaueinemneuenBeweiszustandreduziert.
Somitistgew¨ahrleistet,dassderZustandeinesBeweiseszujedemZeitpunktineinereinzigenFormel
repr¨asentiertwerdenkann,einef¨urdenBenutzerintuitiveArtderRepr¨asentation.
DerzweiteTeilderArbeitbesch¨aftigtsichmitdenhierarchischenAspekteneinerBeweisf¨uhrung.
HierarchieninBeweisenentstehenaufdreiArten:DurchdieStrukturderFormeleinesBeweiszustan-
des,dieVerwendungvonAbstraktionen,unddieStrukturderBeweisverfahrenuntereinander,wie
zumBeispielinderBeweisplanungoderrekursivdefiniertenTaktiken.DieAusnutzungderFormel-
strukturresultiertineinerhierarchischenBeweisf¨uhrung,dieunterdemBegriff“windowinference”
formalisiertwurde.DabeiwirddasFokussierenaufunddielogischeTransformationvonTeilformeln
erm¨oglicht.AufbauendaufdemBeweiskalk¨ulf¨urkontextbasiertesBeweisenerweitertderCOREwin-
dowBeweiskalk¨uldasbekanntewindowinferenceumeineeinheitlicheBestimmungvonErsetzungs-
regelnauseinemlogischenKontextsowieeineeinheitlicheVererbungderFokusstrukturenw¨ahrend
derAnwendungeinerBeweisregel.UmdieVerwendungvonAbstraktionenzuunterst¨utzen,wer-
dennotwendigeKonzeptezurDefinitionundVerwendungvonAbstraktionendefiniert.DerAnwend-
barkeitstesteinerAbstraktionwirdmittelsBeweisdom¨anenexplizitrepr¨asentiert,diedieAusgangs-
undZielbeweisdom¨aneeinerAbstraktionapproximieren.ZurRepr¨asentationvonBeweisenaufun-
terschiedlichenHierarchie-EbenenwirdeinehierarchischeBeweisrepr¨asentationf¨urCOREdefiniert,
dieCOREwindowBeweisregeln,dieVerwendungvonAbstraktionenundHierarchienindenBeweis-
verfahreneinheitlichrepr¨asentiert.
DerdritteundletzteTeilderArbeitbesch¨aftigtsichmitderAnwendungderKommunikations-
plattform.DieImplementierungvonautomatischenBeweisverfahrenf¨urdenCOREKalk¨ulwirder-
schwertdurchdieVielzahlm¨oglicherErsetzungsregelnf¨urdieTeilformeln–einansonstenklarer
Hinweisf¨urdasdurchdenKalk¨ulbereitgestelltehoheMaßanFlexibilit¨atinderinteraktivenBe-
weisf¨uhrung.DieserProblematikwirdmitdemKonzeptvonFilternbegegnet,dieeinezielgerich-
teteAuswahlgeeigneterErsetzungsregelnerm¨oglichen.VorderPr¨asentationvonBeispielbeweisen
inCORE,wirdvorallemdieImplementierungeinesKalk¨uls¨ahnlichdemSequenzenkalk¨ulaufder
GrundlagedesCOREwindowKalk¨ulsdargestellt.NebendenCOREwindowKalk¨ulregelnwirddabei
eineRegelzurinternenZerlegungvonFormelnverwendet,dieeineVerallgemeinerungeinerentspre-
chendenRegelausSch¨utte’sBeweistheorieist.DiedefiniertenKalk¨ulezeichnensichdadurchaus,
dasssiebesondersf¨urdieinteraktiveundautomatischeBeweissuchegeeignetsind.Nebenanderen
VorteilensindvorallemeffizienteBeweistransformationenzunennen,dieausderdynamischenAn-
passungvonMultiplizit¨atenresultieren,sowiedieTechnikdesTheorembeweisenModulo,diedurch
diekontextabh¨angigeAuswahlundAnwendungvonErsetzungsregelnsubsumiertwird.

AbstractExtended

Computersupporteddevelopmentofproofsrequiresuserinteractionevenfortheoremsthataresim-
plebyhumanstandards.Inordertoenableasynergeticcooperationoftheuserwiththeautomatic
reasoningproceduresthisthesisdefinesacommunicationinfrastructuretomediatebetweentheuser
andthereasoningprocedures.Arequirementanalysisconductedalongthesketchofanidealproof
developmentenvironmentresultsinaclassificationofproofconstructionstepsintotwoinformalcat-
egories.Thefirstcategoryconsistsofthecontinuationofproofswithinonelevelofabstractionand
isfurtherrefinedintoverifiablysoundproofcontinuationsandspeculativeproofcontinuations.The
secondcategoryofproofstepsarethosethatintroduceverticalhierarchiesinproofs.Theuseofhi-
erarchiesisinherentinproblemsolvingingeneralandduetothestructureoftheformula,theuse
ofrepresentationalabstractions,aswellasthestructuringofreasoningprocedures.Therequirement
analysisandtheresultingclassificationmotivatethedefinitionofthecommunicationinfrastructure
CORE,whichisbasedonanewuniformmetaprooftheoryforcontextualreasoningandencompasses
mostaspectsofthecommunicationthatrangefromthepresentationoftheproofstate,viathesupply
ofrelevantcontextualinformationaboutpossibleproofcontinuations,tothesupportforahierarchical
elopment.vdeproofThefirstmajorpartofthethesisisconcernedwiththedefinitionoftheprooftheory.Itsdevelop-
mentisconductedundertherequirementthatitshallallowforarepresentationoftheproofstatethat
isbothintuitivefortheuserandadequateforautomaticreasoningprocedures.Furthermoreitshall
supportreasoninginsideformulasbyexploitingthelogicalcontextofsubformulas.Finally,itshall
equallysupporttheintegrationofautomaticreasoningproceduresaswellasallowforanintuitiverea-
soningstylefortheuser,suchasdirectlyreasoningontheassertionlevel,whichhasbeenproposed
asanadequaterepresentationtosupportnaturallanguagepresentationsofproofs.Theprooftheory
restsontwopillars:inafirstpartasoundandcompletematrixcalculusonindexedformulatreesis
defineduniformlyforavarietyoflogics.Indexedformulatreesaswellastheirhigher-orderlogicpen-
dantexpansiontreeproofsprovideauniformandconciserepresentationofthedependenciesbetween
variableandmodalquantifiers.Theformulaisdecomposedalongitstreestructureandannotatedby
polaritiesanduniformtypes.Therebytheinstantiablevariableandmodalquantifiersareassignedan
arbitrarybutfixednumberofinstances,so-calledmultiplicities.Inordertoovercomethelimitation
toassignmultiplicitiesbeforehand,thecalculusisextendedbyaruletodynamicallyandefficiently
increasethemultiplicitiesofquantifiersatanystageoftheproofdevelopment.Theresultingsound
andcompletecalculusservesasthesoundnessbackboneoftheprooftheorywithrespecttochecking
substitutions.ofadmissibilitytheThesecondpartoftheprooftheoryaddsintuitiveandcontextualreasoningcapabilitiestothe
matrixcalculus.Intuitively,itextendsitbyafreevariablerepresentationofthecompleteformula
containedintheindexedformulatree.Theentirefreevariableformulaisannotatedwithpolarities
anduniformtypesandthisprooftheoreticinformationisthebasisforauniformnotionoflogical
contextforsubformulasaswellasreplacementrulescontainedinlogicalcontexts.Thereplacement
rulesareJanus-facedbynature:ontheonehandtheycanbeviewedastheoperationalisationof
assertionlevelproofsteps.Theythereforeenablethedevelopmentofproofsdirectlyattheassertion
levelandaretheidealbasisforuserinteractionandhigh-levelproofplanning.Ontheotherhand

XI

XII

fromalogicalpointofviewtheyaregeneralisedresolutionandparamodulationrules,whichisa
suitablerepresentationforautomaticreasoningproceduressuchastacticsororderingbasedreasoning
procedures.Aproofstateinthedevelopedcalculusconsistsofanindexedformulatreetorepresent
quantifierdependenciesandafreevariableformulathatrepresentsthestatusoftheproof.Theproof
iscompletedwhenthatformulahasbeenreducedtothetriviallyvalidformulaTrue.Thecomplete
calculusconsistsoftwelvecalculusrules,eachreducingaproofstatetoexactlyonenewproofstate.
Thisensuresthatthewholestatusoftheproofisalwayscontainedinsideasingleformula,whichis
anintuitiverepresentationfortheuserasitovercomestheuseofnormalformsandskolemization.
Thesecondmajorpartofthethesisisconcernedwiththehierarchicalaspectsofproblemsolving.
Weidentifythreesourcesthatleadtohierarchiesinproofs:thestructureoftheformularepresenting
theproofstate,theuseofrepresentationalabstractionsduringproofdevelopment,andthehierarchical
structureinducedbytheinvolvedreasoningprocedures,suchasproofplanningorrecursivedefini-
tionsoftactics.Exploitingthestructureofformulasgivesrisetoahierarchicalreasoningstylethat
hasbeenformalisedbywindowinference.Windowinferencesupportsthefocusingonarbitraryparts
oftheformulaandsupportstheirmanipulation.Duetothecontextualreasoningcapabilitiesofthe
underlyingcalculus,theCOREwindowcalculusextendsstandardwindowinferencebyauniform
determinationofreplacementrulesfromalogicalcontextandauniformprincipletoinheritwindow
structuresduringruleapplication.Theuseofrepresentationalabstractionsisaddressedbythefor-
malisationofthebasicconceptsthatsupporttheirdefinitionaswellastheiruseatanystageofa
proofdevelopment.Theapplicabilityconditionsofabstractionfunctionsarecapturedbythenotion
ofreasoningdomains,whichapproximatethesourceandtargetdomainsofrepresentationalabstrac-
tions.Finally,wedefineahierarchicalproofdatastructurethataccomodatestheapplicationofCORE
windowcalculusrules,theuseofrepresentationalabstractions,andtherepresentationofderivational
refinements.andabstractionsThethirdandfinalmajorpartofthethesispresentsapplicationsofthedevelopedcommunication
infrastructure.ThedefinitionofautomatedreasoningproceduresontopofCOREishamperedby
theexponentialamountofpossiblereplacementrulesforeachsubformula–aclearindicationofthe
highflexibilityprovidedbyCOREduringproofdevelopment.Toremedythisproblem,weintroduce
filterstobeusedforagoaldirectedselectionofappropriatereplacementrules.Beforethepresentation
ofsomeexampleproofsintheCOREwindowcalculus,wepresentanimplementationofacalculus
thatresemblesasequentcalculususingCORE.ItisbasedontheCOREwindowcalculusrules
andanadmissiblesubformuladecompositionrulewhichgeneralisesarespectiverulefromSch¨utte’s
sententialcalculus.DuetothecapabilitiesoftheunderlyingCOREcalculus,theadequacyofthe
resultingsequentstylecalculustosupportinteractiveandautomatedproofsearchsurpassesstandard
implementationsofthiscalculus.Beyondotherbenefits,themoststrikingadvantagesarecomplex
prooftransformationsthatresultfromthedynamicandefficientincreaseofmultiplicitiesandthe
subsumptionoftheoremprovingmodulobythesupportofcontextualreasoninginsidesubformulas.

wledgementsAckno

FirstofallIwouldliketothankmysupervisorJ¨orgSiekmannforallhissupportduringtheseyears.
Hisenthusiasmpairedwithcriticaladvisewereveryvaluableformyresearchandforwritingthis
thesis.Moreover,Iwouldliketothankhimforlettingmeworkinthishugegroupofhighquality
researchersinSaarbr¨uckenwhichwassobeneficialtomeandmywork.
mittee.Second,InIwparticularould,IlikwetoouldlikthanketoFrankthankPfenningFrankandPfenningGertforSmolkamanyforinterestingservingonmydiscussionsthesisandcom-his
enlighteningcommentsonearlierversionsofthiswork.
Third,myspecialthanksgoestoDieterHutterforhiscriticaladviseanddiscreetguidanceover
manyyears,hisopennesstodiscussnewideasandforalwaysencouragingme.Moreover,Iwouldlike
tologicthankaspectsChristophofthewBenzmork¨ullerpresentedandinChadthisBrothesis.wnforThanksstimulatingalsotodiscussionsClaus-PeterWaboutirththeforhigherstimulating-order
discussions,whoseenthusiasmalsohelpedmethroughoutthedifficultstagesofthisthesis.Forproof
reading(partsof)thisthesisIamindebtedtoChristophBenzm¨uller,AlexanderCaviedes,Dieter
Nonnengart.Andreasand,HuttertothisAsidethesisfromandmyIwthesisouldalikloteoftoefthankfortmyduringtheco-authorslastyearsforthesewentintoproductiresearchveonlycooperations:sometimesChristophrelated
Benzm¨uller,ArminFiedler,HelmutHoracek,MalteH¨ubner,DieterHutter,BrunoLangenstein,Heiko
Mantel,AndreasMeier,TillMossakowski,GeorgRock,AxelSchairer,CarstenSch¨urmann,Werner
Stephan,QuocBaoVo,RolandVogt,andAndreasWolpers.
Fcolleaguesormanatythediscussions,formalvmethodsaluableandfeedbackActivemathandpleasantgroupsatcoffeeDFKIbreaksandIthewΩouldMEGlikAetogroupthankatallofSaarlandmy
University.Inparticular,IthankArminFiedler,HeikoMantel,AndreasMeier,MartinPollet,Axel
Schairer,andWernerStephanforstimulatingdiscussions.ThankstoChrisforhavingbeensucha
CarnepleasantgieofficeMellonmate.UnivMyersityw,orkandalsoYaleUniprofitedvaersitylot.fromThankstoresearchAlanvisitsBundyat,theFrankUnivPfenning,ersityofandEdinburCarstengh,
Sch¨urmannforprovidingmewiththeseopportunities.
Lastbutnotleast,Iwouldliketothankallofmyfriendsandespeciallymyfamilyfortheir
supportunconditionalduringlotheseyalityyearsandandmoralforsupport.beingaAbopartnerveall,inIthethankroughSandraandVineecktheforgoodhertimes.moralandemotional

Ilnousfautpeudemotspourexprimerl’essentiel;
ilnousfauttouslesmotspourlerendrer´eel.
EluardEug`eneGrindel,ditPaul

XIII

oductionIntr

artP

I

1Chapter

oductionIntr

Cequiestlemeilleurdanslenouveauestcequir´eponda`und´esirancien.
PaulVal´ery

Inspiteofalmostfourdecadesofresearchonautomatedtheoremproving,mainlytheoremscon-
sideredeasybyhumanstandardscanbeprovedfullyautomaticallywithouthumanassistance.For
instancehumansmustprovideguidanceinformationabouthowtoexplorethesearchspaceorspecify
intermediatelemmata.Thecomputer-supporteddevelopmentofproofsformoredifficulttheorems
requiresuserinteractionandwillrequireitfortheforeseeablefuture.Themainapplicationdomains
ofcomputer-basedtheoremprovingsystemsaremathematicalassistants,mathematicalteachingas-
sistants,andhardwareaswellassoftwareverification.Forthesedomains,atightintertwiningofuser
interactionwiththetheoremprovingsystemisnecessary,toobtainproofsinformallogic–evenfor
theoremswhicharerelativelysimplefromahumanpointofview.Inthisthesisweproposeacom-
municationinfrastructureasmediatorbetweentheuserandthetheoremprovingsystemthatprovides
thebasisforatightintegrationoftheuserandthetheoremprovingsystem.

ationvMoti1.11.1.1CommunicationofProofKnowledge
Insynerangeticidealprmanneroofde.Suchvelopmentatheoremenvirproonmentvingthesystemuserandconsiststheoftheoremoneorpromorevingsystemreasoningcanengines,cooperatewhereina
by“reasoningabstractingengine”fromistheageneralimplementationtermthatparadigmencompassesandandenotesykindofspecialisedautomatedautomaticproofsearchtheoremproprocedurevers,
istotactics,developproof-planners,formalproofsorforcomputertheoremsalgebrawheresystemstheandpartnersconstraintarethesolvinguserandsystems.thetheoremTheproobjectivingve
systemwithitsreasoningengines.Weenvisionthedevelopmentofproofsasasynergeticcooperation
ofequalpartners,incontrasttothecurrentsituationofamaster/slaverelationshipbetweentheuser
andthetheoremprovingsystem.Eachpartnercontributes(implicit)knowledgeonhowtoapproach
andsolveproofobligations.Itisthepartner’sdecisionwhentobringinitsspecificknowledgeabout
ofproofsknoandwledgehowtoconcommunicationveytheareknowledge.understandableThistorequiresallpartners,thattheevenstatusiftheoftheuserisproofaandthemathematician,means
scholarorsoftwareengineerwithnoexpertiseinformallogic.

3

4

INTR1.CHAPTERODUCTION

Inordertoefficientlysupporttheuser,communicationbetweentheuserandthetheoremproving
systemiscrucial.Inprincipleeachpartnercancommunicatetheproofknowledgeheincorporates.
Hopartners.wever,theThisisspecifictheproofbottleneckknoforwledgethemustbecommunicationexpressedofinainformation.mannerAthatisuserlikeintelligibleatomathematiciantheother
orsoftwareengineerusuallyhasasemanticrepresentationoftheproblemdomainandexploitsitto
approachandsolveproofobligations.Theyusuallyhavelittleornoknowledgeaboutformallogic.
Stateoftheartautomatedtheoremprovers,however,onlyincorporatedeepknowledgeaboutthe
aresearchusedspacetoincorporatestructurebasedmoreonhigh-lethevelsyntaxproofandcalculusprocedures,rules.butIntheseinteractistillvesticktotheoremtheprosyntaxversandtacticsthe
basiccalculusrules.Proofplanninghasbeendesignedtoovercometheselimitations.However,
incompletelypracticeitovalsoercomerequirestheanlimitationsunderstandingimposedofbythethelackunderlyingofabstractioncalculusfromimposedthebyusertheanddoesunderlyingnot
calculus.includesComingboththebacktodefinitiontheidealofnewproofproofdevelopmenttechniquesenandhovironment,wandthewhenprooftouseknotheawledgevailableoftheproofpartnerstech-
niqueswithinanactualproof.Examplesofbasicprooftechniquesarecalculusrules,computations
tosomesimplifyformula.oradaptExamplessentences,forhighersmallproofmathematicaltechniquesarecomputationsabstractions,ofvaluessuchorassymbolicdiagramsevforaluationconjec-of
turesaboutnaturalnumbers,thediagonalisationmethod,proofsbyinduction,apigeonholeargument
andsimilarmathematicaltechniques.Thus,thestateofanidealproofdevelopmentenvironment
consistsofboththeavailableprooftechniquesandanactual(partial)proof.
betweenTothecommunicateuserandthistheknotheoremwledge,prowevingproposesystem.touseItsaroleiscommunicationontheonehandinfrastructuretorepresentthatallmediatesthe
informationabouttheproofandespeciallytointelligiblycommunicatethisinformationtoboththe
theuseruserandandthethereasoningreasoningengines.engines,Onthewhichotherrequireshanditanmustinteractionsupportinterftheacethatcontinuationis,again,oftheproofintelligibleby
foruserbothonthetheoneuserhandandtheandthereasoningreasoningengines.enginesThisonthetensionotherbetweenstronglyintelligibleinfluencestheinformationdesignforofthethe
communicationinfrastructure.Resolvingthisinsidethecommunicationinfrastructurethatisusedfor
ofproofthepartnersconstructioninvolvbyed.boththeuserandthereasoningenginescouldleadtoasynergeticcooperation
whatThehasbeencommunicationdonesofar,aboutinfrastructurethestatusmustofprothevideproof,andinformationabouttheaboutthepossiblehistorynextofstepsthetoproofcontinue,i.e.
theproof.Themannerinwhichtheproofhistoryisrepresenteddependsonthekindsofpossible
ofproofsteps,informationwhichaboutarethediscussedstatusofinthetheprooffolloiswingrequiredSectionforthe1.1.2.idealInSectionproofdev1.1.3weelopmentdiscussenwhatvironment.kind

1.1.2ProofConstructionStepsandProofHistory
Theidealproofdevelopmentenvironmentrequiresaclarificationofwhataproofisinthiscontext.
Informallogicaproofisasequenceoraprooftreebuiltfromthecalculusrulesoftheunderlying
logic.Inproofplanningitisaproofplan,i.e.asequenceofmethods,thatcanberefinedtoacalculus
proof.Inmathematicaltextbooksaproofcanbeanynaturallanguagejustificationindicatinghowa
sentenceisinferredfromsomeothersentences.Inordertoconductarequirementanalysisweneed
anotionofproofthatencompassesallthesedifferenttypesofproofs.Inthefollowingweintroduce
differentinformalcategoriesofproofconstructionstepstorefinethenotionofaprooffortheideal
proofdevelopmentenvironment.

TIONATIVMO1.1.

5

Theproofconstructionstepsarethemajormeanstocommunicateproofknowledgebetweenthe
partners.Anykindofcommunicationofproofknowledgeaddsinformationtotheproof.Weview
aproofasathreedimensionalobjectthatconsistsofhorizontalandverticalstructures.Ahorizontal
structureisa(partial)proofonaspecificlevelofabstraction,whileaverticalstructurelinksproofsat
differentlevelsofabstraction.Eachproofwithinsomelevelconsistsofasequenceofjustifications
relatingagoalsentencetosubgoals.Proofstepsthatextendaproofwithinalevelofabstraction
aredenotedbyintra-levelproofconstructionsteps.Theseproofstepsarehorizontalandeachproof
steprelatessentencesandisannotatedbysomejustification,likethenameofthecalculusruleused,
thenameofatactic,alemmabeingapplied,orsimplythedescriptionoftheprooftechniqueused.
Amongthosesteps,weneedtodifferentiatebetweenthosestepsthatsoundlyextendaproof,likesome
verifiablyvalidderivation,andthosethatarespeculative,liketheformulationofproofintentionsas
forexampleinproofplanning.Wedenotetheformerby(local)lemmaapplicationstepsandthelatter
steps.speculationlemma(local)byEachsubproofwithinsomelevelofabstractioncanberelatedtoasubproofatadifferentlevel
ofabstraction.Anexampleforthisistoabbreviateasequenceofproof-stepsbyasingleproof-step
describingthatsequenceofproofsteps.Anotherexampleistheapplicationofalemmaoftheform
H1...Hn⇒H,wherethis“macro-step”canbeexpandedbyitsproof.Similarly,thevalidationof
aspeculativeproofstepbyasequenceofconcreteproofstepscanbeseeasarefinement,asitalso
introducesalowerlevelofabstractionintotheproof.Wedenotethoseinter-levelproofconstruction
stepsbyverticalproofsteps.Theactivityofrelatingasubproofatsomelevelofabstractiontosome
subproofatahigherlevelofabstractioniscalledverticalabstraction,andthedualactivityisvertical
.efinementr

1.1.2.1Intra-LevelProofSteps
LocalLemmaApplication.Thelocallemmaapplicationproofstepsarethosethatreduceanopen
goaltoapossibleemptylistofnewsubgoals.Thecommunicationinfrastructurehastoprovidethe
userandthereasoningengineswithinformationaboutpossiblecontinuationsandtosubsequently
easetheirapplication.Theinformationaboutthepossiblecontinuationsmustbeintelligibletoboth
theuserandthereasoningengines.Theinformationmustbeprovidedfortheuserinawaythatallows
forasemanticalinterpretationoftheinformation.Forexample,theusermaybetoldthatthegroup-
propertyofthesetGwithoperationoccurringintheactualgoalcanbeexpanded.Thisinformation
mustbeprovidedtothereasoningengineinawaythatallowsforanoperationalreading,forexample
asaninferencerulethatreducestheconclusiontocertainpremises.Morespecifically,itshouldtell
thereasoningenginestheruleorthenameoftherulethatreducestheactualgoalthatcontains“G
withisagroup”intoasubgoalthatcontainstheexpandedgroup-definition.
Furthermore,thisinformationshouldbederivedfromthecontextoftheactualgoal,suchthatif
thelogicalcontextischangedthenthisisimmediatelyreflectedinthesetofchoicespresentedtothe
engines.reasoninganduserThisrequiresfromthecommunicationinfrastructurethatitincorporatesamechanismforcon-
textualreasoning,whichsupportsagoal-dependentpresentationandapplicationoftheinformation
containedinthelogicalcontext.Ideallythecontextshouldberepresentedinauniformmannerand
thewaythisinformationisprovidedtotheuserandthereasoningenginesareonlydifferentviewson
information.samethe

orLocalunverifiedLemmaproofSpeculation.steps.ForeThexample,localthelemmastepmayspeculationbethatprooftheuserstepsormustthealloreasoningwforenginespeculaticanve

6

CHAPTERODUCTIONINTR1.

kindreduceofastepsgoaloftoferssomeameanssubgoalstoeofxpresstheirchoice,intentionsonwithouthowhathevingtoproofprovcouldethatorstepshouldimmediatelyproceed.andThisto
communicatetheseintentionstotheotherpartners.Furthermore,locallemmaspeculationproofsteps
servetointegratemathematicalcomputationsintotheprooftree,withouthavingtoprovideanactual
proofthatestablishesthesoundnessofthiscomputation.Thecommunicationinfrastructuremust
supporttheseunverifiedproofstepsanditmustkeeptrackofthemuntillaterwhentheyareactually
erified.v

1.1.2.2Inter-LevelProofSteps
Foranidealproofdevelopmentenvironmentweidentifytwokindsofverticalabstractionandvertical
refinement:thosethatoperateontheproofstructureandthosethatoperateontherepresentationof
objects.Theformeraredenotedbyproofabstractionsrespectivelyproofrefinements,andthelatteras
representationalabstractionsrespectivelyrepresentationalrefinements.

VerticalAbstractions.Proofabstractionsabbreviatesequencesofproofstepsintoasingleproof
step.Thenewproofstepisalocallemmaspeculationproofstepatsomehigherlevelofabstraction.
Havingthesestepsexplicitlyrepresentedeasesthecommunicationasitshortenstheprooftoitses-
sentialsteps.Takeasanexampleaproofprocedureperforminganinductionproof.Abbreviatingthe
inductionproofintoasingleproofstepwithanexplicitdescriptionoftheabbreviatedproofsequence
capturestheimplicitknowledgecontainedintheproofprocedure.Furthermore,theabstractandex-
plicitdescriptioniscertainlymorecomprehensiblethanthewholeproofsequence.Forinstance,the
assertionlevelintroducedbyHuang[Huang,1996]isanabstractproofrepresentationwhichpresents
aproofasasequenceofaxiom,lemmaandhypothesisapplicationsandisthebasisforthenatural
languagepresentationofformalproofs[Huang,1996,Fiedler,2001].
Representationalabstractionisanimportantfeaturenotonlyinmathematicalproblemsolving,
butinproblemsolvingingeneral.Examplesaretheuseofdiagramstoreasonaboutsumsandprod-
uctsofnaturalnumbers(cf.[Jamniketal,1997]),orthelabelledfragmentabstraction[Hutter,1994]
usedininductivetheoremprovingwhichabstractsfromthespecificdifferencesbetweentheinduc-
tionconclusionandtheinductionhypothesis.Thosechangesoftherepresentationintomoreadequate
representationsareoftencrucialproofstepsandtheirexplicitrepresentationprovidesimportantin-
formationabouttheproof.Theymustbeannotatedwithspecificinformationaboutthetypeofthe
representationalchange.Anecessaryprerequisiteforrepresentationalabstractionsisthattheideal
proofdevelopmentenvironmentsupportsthedefinitionofvariousrepresentationlanguages,andespe-
cially,thatitsupportsmultipleproofstateswithrespecttodifferentrepresentationlanguagesandhas
themeanstoswitchbetweentherepresentationatanystageoftheproofsearchprocess.

VerticalRefinements.Proofrefinementsvalidatespeculativeproofs.Thesecanbelocallemma
tionalspeculationabstractionproofproofstepsorstep.proofsTheyeperformedxplicitlyonarepresentdifferenthowarepresentation,formulatedproofinitiatedbyintentionahasrepresenta-been
aneactuallyxamplearealisedbydiagonalisationrelatingarthegumentproofonusedsometohigherabstractlylevelfinishofaproof.abstractionThetoitsactualdiagonalisationproof.arTakgumenteas
isrepresentedbyalocallemmaspeculationproofstep.However,theproofisnotformallyclosedby
thisargument,andonlytheactualexecutionoftheintendeddiagonalisationargumentcompletesthe
proof.Theresultingproofsequenceisavalidationofthediagonalisationargument,ofwhichitisa
refinement.erticalv

1.2.THECORESYSTEM

7

Representationalrefinementistheinverseofrepresentationalabstraction.Itisrequiredinorder
tomapbackfromanabstractrepresentationtotheinitialsourcerepresentationoftheproblem.How-
ever,althoughrepresentationalabstractionisusuallycomputable,representationalrefinementusually
isnot.Thereasonisthatrepresentationalabstractionabstractsdetailsinordertoobtainasimpler
representationoftheproblem,whichismoreconcisewithrespecttotheproblemdomain.Thus,
representationalabstractionisusuallya“many-to-one”relationship,whichhampersitsinversion,i.e.
representationalrefinement.Representationalrefinementisusuallyachievedincombinationwitha
verticalrefinementoftheproofattheabstractrepresentation.Indicatingwhichabstractproofstate
correspondstowhichproofstateinthesourcerepresentationprovidesimportantinformationabout
theproof,andrepresentationalrefinementrelationsservetorepresentthisinformationexplicitly.

oofsProfStatus1.1.3Thestatusoftheproofisanimportantinformationtobeprovidedtothepartners.Traditionallyin
interactivetheoremprovingitisaprooftreewheretheleavesareeithergoalsclosedbyanaxiom
ruleoropengoalsthatmuststillbesolved.Theopengoalsareconjunctivelyrelatedbytheproof
treestructureandmaysharecommonvariableswhoseinstantiationaffectsseveralopengoals,which
usuallycausesproblemsforthedesignofautomatedproofprocedures,sincetheinstantiationofa
globalvariableinoneconjunctaffectstheproofoftheotherconjunct.Althoughthisrepresentation
oftheproofstatusisconcise,wearguethatitlacksimportantinformation:first,alternativesarenot
explicitlyrepresentedintheproofstructure,exceptforalternativesinsidetheopengoalsthemselves.
Amathematicianhasthealternativestotheactualproofgoalstructureinmindandanidealproof
developmentenvironmentshouldsupportthismoreadequate,thoughmoreredundant,representation
oftheproofstatus.Secondly,thelistofopengoalscangrowrapidlyevenforproblemsthataresimple
fromahumanpointofview.Amathematicianusuallytakesa“birdseyeview”onlargeproofs,which
givesabetterassessmentoftheoverallproofstatus.Thisglobalviewoftheproofcontainsboth
allopengoalsanditsalternatives.Wearguethatagoodapproximationofthisbirdseyeviewisto
representtheproofstatusasasingleformulaatanystageoftheproofsearchprocess.Thecompact
representationoftheproofstatusasasingleformulaisausefulinformationcomplementarytothe
usuallistsofopengoals.Standardformalcalculidonotsupportthiscompactrepresentationofa
proofstatus,sincetheyusuallyrelyonnormalformsorformuladecomposition,whichbothhamper
thereconstructionoftheproofstatusasasingleformulawhichresemblestheoriginalconjecture.
Anidealproofdevelopmentenvironmentshouldsupporttheviewofanyproofstatusasalistof
opengoalsandalsoprovideinformationaboutdiscardedorignoredalternatives,andfinallyallowthe
partnerstohaveaglobalviewoftheproofstate.

1.2TheCORESystem
ThemaincontributionofthisthesisistheengineeringoftheCOREsystemandthedevelopmentof
itslogicalfoundations.COREtriestobridgethegapbetweentheintuitivedevelopmentofproofs
andsupportsasynergeticcooperationbetweenreasoningenginesandtheuser.Thekeyideaofthe
CORE-systemisthatthewholeproofstateisalwaysaformula.Proofconstructionproceedsbyusing
informationcontainedintheformulatosuccessivelytransform(partsof)theformulauntiltheproof
stateisatriviallyvalidformula.Possiblecasesplitsarealsorepresentedintheformulabymeansof
logicalconnectives.Thus,theproofstructureisrepresentedintheformulawhichallowsustoview
theproofstateontheonehandasstructuredproofrepresentationwithopengoalsandontheother

8

1.CHAPTERODUCTIONINTR

handasasingleformulawhichisthebirdseyeview.Takeasanexamplethefollowingformulaabout
numbers:naturalofsumsnnmmnn
(∀nn=0⇒∑i3=(∑i)2)∧(∀n,m(n>m∧∑i3=(∑i)2)⇒∑i3=(∑i)2)
i=1i=1i=1i=1i=1i=1
Theformulaaswholerepresentsthewholeproofstate.However,byfixingthepartswewantto
considerasopengoals,forinstancetheoccurrencesof∑in=1i3=(∑in=1i)2,thestructureoftheformula
abovetheseoccurrencesallowstopresenttheproofstateasthefollowingstructuredproof:
Case1:Assumen=0,prove∑in=1i3=(∑in=1i)2.
Case2:Assumen>mand∑im=1i3=(∑im=1i)2,prove∑in=1i3=(∑in=1i)2.
Logicalcontextsaretreatedasfirst-classcitizensandcanbestaticallydeterminedforanypart
oftheformula.Theyareprovidedasreplacementrules,whichareaformalisationofthenotionof
assertionlevelrules.TheassertionlevelhasbeenintroducedXiarongHuangin[Huang,1996]as
anabstractionfromthepurenaturaldeductioncalculusanditisthebasisforthegenerationofthe
proofpresentationinnaturallanguage[Huang,1996,Horacek,1999,Fiedler,2001].Theideaisto
subsumeaxioms,definitions,lemmas,andtheoremsasassertions,andtheuseofasingleassertion
intheproofsearchcorrespondstoawholeproofsegmentintheunderlyingcalculus.Considerthe
exampleassertiontakenfrom[Huang,1996]:
∀S1,S2:SetS1S2⇔∀x:Elementx∈S1⇒x∈S2
Thisassertionallowsustoderive
--a∈S2froma∈S1andS1S2;
--S1S2froma∈S1anda∈S2;
--∀x:Elementx∈S1⇒x∈S2fromS1S2.
XiarongHuangstatesin[Huang,1996]“althoughintrospectionseemsimpossibletorevealtheinter-
nalstructureoftheinterpreterapplyingassertions,everyapplicationofanassertioncanbeassociated
withaproofsegment[...]”,andaproceduretogeneratetheassociatedproofsegmentsisgivenin
1996].[Huang,of6ChapterReplacementrulesareageneralisationofassertionlevelrulesthatcaptureconciselytheinternal
structureoftheapplicationofanassertion.Theyprovidethe“necessaryintrospection”andover-
cometheneedtoverifyassertionapplicationsbyconstructinganassociatedproofsegment.Thus,
replacementrulesallowforthedirectandverifieduseofassertionsalreadyintheproofsearch.Fur-
thermore,wedefineauniformcharacterisationofreplacementrulesthatareinthelogicalcontextof
subformula.someDuringtheproofsearch,replacementrulesareusedtomanipulatepartsoftheformulaprovided
theyareinthelogicalcontextofthispart.Theytransformtheproof-stateformulaintoanewformula
whichrepresentsthenewproofstate.Inthisthesiswedevelopthetheoreticalfoundationsforsuch
acalculus,whicharebasedonthenotionofanindexedformulatreeandexploitthetreestructureof
formulastoannotateeachnodeofthetreewithsomelogicalinformation.Thelogicalinformation
isanencodingoftheproof-theoreticsemanticsofaformulaatsomenode,whichcanbestatically
determined.

1.3.OVERVIEWOFTHETHESIS

9

Thelogicalannotationsarethebasisfortheformaldefinitionofthelogicalcontextofasubfor-
mulaandtheformaldefinitionofreplacementrules.Theoverallreasoningstylesupportedbythe
finalcalculusisbasedonthisinformationanditenablesustoproveuniformlythesoundnessand
completenessofthecalculusforavarietyoflogics.
Thekernelproofsystemsupportstheintra-levelproofstepsofSection1.1.2.1.Themainlocal
lemmaapplicationproofstepsareinstantiation,contraction,andreplacementruleapplication.Since
thereplacementrulesaredesignedtosupportanintuitiveinterpretationbytheuseraswellasan
operationalinterpretationbythereasoningengines,theyexactlymatchtherequirementsforlocal
lemmaapplication.Furthermore,theproofsystemsupportslocallemmaspeculationproofstepsby
encodingthespeculatedintermediategoalsaslogicalcutinsidetheproofstate,i.e.thelogicalcutis
usedasameanstokeeptrackofpendingopengoals.
Asafurtherfeaturetosupportintuitivereasoningweaddamechanisminspiredbythewindow
inferencetechnique[Robinson&Staples,1993,Staples,1995]whichfocusesthereasoningprocess
ontospecificsubformulas.Thesubformulaswithinthefocusarethenopentomanipulationbyre-
placementrulesfromthelogicalcontextofthefocus.
Tosupporttheinter-levelproofstepsandespeciallyrepresentationalabstraction,COREsupports
theexplicitdefinitionofdomainspecificrepresentationlanguages,calledreasoningdomains.Itsup-
portsalsotheabstractionfunctionsthatformalizeswitchingbetweendifferentreasoningdomains.
Intuitivelyareasoningdomainconsistsofalogicandasetofpredefinedsymbols.Thekernelproof
systemisparametricinthelogic,wherealogiccanbeselectedfromagivensetoflogics.Theselogics
arebuiltintothesystemandcanbeusedforthedefinitionofreasoningdomains.Additionally,pre-
definedsymbolscanbedefinedforareasoningdomain,whichgiverisetotherespectiveobject-level
typeandconstantdeclarations,i.e.thesignature.
Achangeintherepresentationofagivenconjectureisaverticalabstractionthatmapsaformula
withrespecttoasourcereasoningdomaintoaformulawithrespecttoatargetreasoningdomain.
Theyaresimilarinnaturetothelocallemmaspeculationproofsteps.Theusercanselectatarget
reasoningdomainandprovideaformulawithrespecttothetargetreasoningdomainwhichisconsid-
eredanabstractionofthesourceformula.Typicallytheuserexploitsitssemanticunderstandingof
theprobleminordertocomeupwiththerightabstraction,i.e.thespecifiedtargetreasoningdomain
andformula.Inordertomimicthisproblemsolvingbehaviourandmakeitavailabletothereasoning
engines,abstractionfunctionsthatmapasourceformulafromsomereasoningdomaintoaformula
inthetargetdomaincanbedefinedinCORE.Theycanbeusedtoencodeaspecificabstraction
methodology,whichoperationalisesthebehaviouroftheuserandatthesametimeareavailabletothe
engines.reasoningTheremaininginter-levelproofstepsrequireanexplicitproofobjectthatrepresentsallthemore
abstractaswellasthemorerefinedproofsteps.Tothisendweintroduceahierarchicalproofrepre-
sentationwhichrepresentstheinter-levelproofstepsthathavebeenintroducedsofar.Additionally,
weintroduceproofstepstorepresentverticalabstractionandverticalrefinement.

1.3OverviewoftheThesis
Thethesisisorganizedintofiveparts:thefirstandintroductorypartendswithChapter2byrecapitu-
latingthestateoftheart.ThemaincontributionsofthethesisarepresentedinPartIIandPartIII.
PartIIpresentstheproof-theoryforcontextualreasoningwithsomepreliminarynotionsandthe
definitionoftheprooftheoryunderlyingtheCOREreasoningsystem.Following[Wallen,1990,
Miller,1983,Pfenning,1987]weintroduceindexedformulatreesbasedonuniformnotationandpo-

10

ODUCTIONINTR1.CHAPTER

laritiesforavarietyofclassicalandmodallogics,withanemphasisonfirst-andhigher-orderlogics
(Chapter4).Thesecanbeextendedtodynamicallyincreasethemultiplicitiesofformulasandprovide
asoundandcompletebutunintuitivecalculusforthewholeclassofthelogicsconsidered.Intuitive-
nessisaddedinChapter5whichdefinestheactualCOREprooftheory.Theindexedformulatrees
oftheprecedingchapterareextendedbyworkingcopies,whicharedenotedbyfreevariableindexed
formulatrees.Thebasiccalculusrulesprovidedbytheframeworksupportanintuitivereasoning
stylethattriestoovercometheneedfortheusertoreasoninthespecificcalculusofsomespecial
logicinordertoproveatheorem(Section5.3).Thesoundnessoftherulesisprovedalongwiththe
descriptionoftherules,whilethecompletenesswithrespecttotheclassofconsideredlogicsisproved
inSection5.4,whichcompletesthedefinitionofthekernelreasoningsystems.
PartIIIisdevotedtohierarchicalreasoningandaddressestherequirementssketchedoutinSec-
tion1.1.2.InChapter6windowinferencereasoningisaddedontothecontextualreasoningsystemin
ordertosupportahierarchicalreasoningstyle.Thekernelreasoningsystemalreadyprovidesallnec-
essaryfeaturestosupportwindowinference.Thewindowinferencereasoningrulesrelyentirelyon
thereasoningrulesofthekernelsystem.InChapter7wepresentthenotionsunderlyingthesupport
forchangingrepresentationlanguagesbyabstractionduringproofsearch.Finally,theCOREproof
datastructureisdefinedinChapter8
InPartIVwepresentdifferentapplicationsofCORE.Chapter9definestheinterfaceprovidedby
COREforthedevelopmentofautomaticreasoningproceduresontopofCORE.Inordertoeasethe
comparisonbetweenastandardsequentcalculusandtheCOREcalculuswedefineinChapter10how
asimilarcalculusisimplementedintheCOREcalculusandexamplesarepresentedinChapter11.
InPartV,Chapter12quotesrelatedworkand,finally,inChapter13wesummarisethecontri-
butionsofthisworkandpresentanoutlookforfutureresearchbasedonthefoundationslaidinthis
thesis.

2Chapter

HistoricalOverviewandStateoftheArt

TheareaofresearchonautomatedandinteractivetheoremprovingmayhavebeeninspiredbyLeib-
niz’dreamofdevelopinga“linguacharacteristicauniversalis”inwhicheveryproblemshouldbe
expressibletogetherwitha“calculusratiocinator”tomechanisesubsequentlogicalreasoning.The
dreamwastoprovideabasistosolveeverylogicaldisputebyencodingitinthe“linguacharacteris-
ticauniversalis”andthenresolvingthedisputebycalculation:“CALCULEMUS!”–Letuscalculate
dispute.theofoutcometheRiskingoversimplification,theresearchdevotedtotherealisationofLeibniz’dreamcanbedi-
videdintothreeparts:first,thefoundationalresearchonmechanisedreasoningwasandiscon-
cernedwiththedevelopmentofformallogic,i.e.theachievementtoseparatesyntaxandseman-
ticsdomaininthespecificdefinitionlogicsofalonglogicswith[Freinge,v1879,estigationsTarski,oftheir1936],theconsistencdefinitionyof[Zermelo,various1908,generalWhiteheadbutalso&
Russell,(un-)decidability1910,Fraenkresultsel,1922,[Church,Von1936,TNeumann,uring,1928,1937],theBernays,(non-)e1937,Gxistence¨odel,of1940,completeBernays,calculi1941],for
these1969,logicsRobinson,[G¨odel,1965,1930,AndreG¨ws,odel,1989,1931]Millerand,the1983,devBachmairelopmentofetal,such1992].calculiDespite[Church,many1940,throGentzen,wbacks,
smoothedHerbrand’sthew[Herbrand,ayforthe1930]secondandpartGentzen’ofswresearchork[Gentzen,concerned1969]withandthetheactualdevdevelopmentelopmentofofcomputersmecha-
nisedreasoningsystems.Thefirstsuchsystemwasthelogicaltheorist[Newelletal,1957].These
firstdefiningattemptsacalculusatfullywerefarautomaticfrom“logicsufficienttocalculators”buildanmadeefitficientquicklyautomaticapparenttheoremthattheprover.inferenceTherulescen-
tralthemeofthissecondpartwas–andstillis–thedevelopmentoftechniquestoguidetheproof
search.Theresearchinthatarealedtotheidentificationofdifferentparadigmsoftherepresentation
ofguidanceinformation.Theseproofsearchparadigmsarereflectedbytheterminologygiventothe
differenttheoremprovingstyles,namely:automatictheoremproving,tacticaltheoremproving,and
.planningoofprFinally,thethirdandmostrecentpartisconcernedwiththeactualapplicationofthedeveloped
techniquesandsystemstomathematics.ThisemphasisonmathematicsisnottheleastduetoHilbert’s
ideaofformalisingmathematicsasarticulatedinHilbert’sprogram[Hilbert,1930].Themainobjec-
tiveswithrespecttomathematicsareitsformalrepresentation,thediscoveryofnewtheorems,andto
formallymathematicsprovtoescholars.mathematicalFinally,properties.thetriumphalHowever,processionrecentactiofthevitiesarecomputeralsodeandvitsotedunitovtheersalteachingpresenceof
inallimportantdomainsoneofbeingourformalreallifesoftwarhasedecreatedvelopmentfurther.applicationdomainsformechanisedreasoning,an

11

12

CHAPTER2.HISTORICALOVERVIEWANDSTATEOFTHEART

theInreasoningordertoenginesupportbecamecomplexmoretasksandinmorealltheseimportant.applicationForteachingdomainsthepurposesinteractionuserofinteractiontheuserisatwiththe
theheartofcomplethexityofapplicationtheproblemsscenarioandandtheforsizetheofothertheproofsapplicationstillrequirescenariosanditwillbecamerequireapparentuserthatinteractionboth
forsystemsthethatforeseeableallowforfuture.theuseOnofthetheseothersystemshand,bythereusersisathatneedaretodenotvfelopamiliarinterfwithacestheforthefoundationsreasoningof
formallogic.Althoughtherehasbeensomeresearchinthatdirection,thiswholeareaofresearchis
stillinitsinfancy.

2.1FoundationsofMechanisedReasoning
ImportantmilestoneswerethecalculusforpropositionallogicofBoole[Boole,1847]andthecalcu-
lusforfirst-orderlogicofFregeinhisfamous“Begriffsschrift”[Frege,1879].Fregewasthefirstto
clearlyseparatesyntaxandsemanticsofformulas,andistodayoneoftheprecursorstothedevelop-
mentofmechanisedreasoningsystemsonacomputer.
Inthemiddleofthe19thcentury,researchwasalsobeguntousesettheoryasafoundation
formathematics.Cantordefinednaivesettheory,whichturnedouttoallowforantinomiesthat
werefoundbyRussellatthebeginningofthe20thcentury.Inordertoremedytheseantinomies
WhiteheadandRusselldevelopedtheramifiedtheoryoftypesanduseditintheirfoundationof
mathematicsinthe“PrincipiaMathematica”[Whitehead&Russell,1910].Otherapproachesto
remedyRussell’santinomiesweretheaxiomaticfoundationsofsettheorybyZermelo[Zermelo,
1908]andFraenkel[Fraenkel,1922],VonNeumann[VonNeumann,1928],G¨odel[G¨odel,1940],
andBernays[Bernays,1937,Bernays,1941].Analternativetotheaxiomaticapproachtomathemat-
icsisconstructivemathematicspropagatedbyBrouwer[Brouwer,1914,Brouwer,1925]andHeyt-
ing[Heyting,1956].Theconstructiveorintuitionisticpositionstrictlyrejectstheaxiomaticapproach
andthemaindifferenceistherejectionofthelawoftheexcludedmiddle.
Thefirstformulationofhigher-orderlogicbyChurch[Church,1940]wasbasedonhistheory
oftypesandtheλ-calculus.Henkinintroducedtheconceptofgeneralmodels[Henkin,1950]asa
semanticnotionforhigher-orderlogic.ThiswasanextensionofTarski’ssemanticnotionbywhich
Henkincoulddefineacompletecalculusforhigher-orderlogic.
Thedefinitionoftheselogicsandthelogicalformalisationofmathematicswasaccompanied
byresearchontheirdecidabilityand,ifundecidabilitywasestablished,ontheirsemi-decidability
andtheexistenceofcompletecalculi.Hilbertwasconfidentthathisprogram[Hilbert,1930]was
achievableandG¨odel’scompletenesstheoremforfirst-orderlogic[G¨odel,1930]seemedtoconfirm
thisexpectation.However,Hilbert’sprogramseemedjeopardisedbyG¨odel’s,Church’sandTuring’s
incompletenessresults.G¨odelshowedthateverysystemthatsupportstheformalisationofarithmetic
[G¨odel,1931]isincomplete,whileChurch[Church,1936]andTuring[Turing,1937]provedthe
undecidabilityoffirst-orderlogic.Herbrand’sworkprovingthesemi-decidabilityoffirst-orderlogic
relativisedthesenegativeresults[Herbrand,1930].Furthermore,Herbrandintegratedpartsofthe
syntaxintothesemanticsofquantifiedformulas.Thisso-called“Herbranduniverse”togetherwithits
propertieswithrespecttoanyothersemanticinterpretationoftheseformulassmoothedthewayfor
theimplementationofcomputerprogramswiththecapacityformechanisedreasoning.
AsimilarresulttoHerbrandwasobtainedbyGentzen[Gentzen,1969]inthesharpenedversion
ofhisHauptsatz.GentzenovercomestheratherunintuitiveformulationsoflogicgivenbyFrege,
Russell,andHilbertbydefiningnaturaldeductionandsequentcalculiforpredicatelogic.Thenatural

2.2.DEVELOPMENTOFPROGRAMSFORMECHANISEDREASONING

13

deductioncalculuswasreformulatedbyBeth[Beth,1965]toobtainthesemantictableaucalculus,
asuitablebasisforautomatedreasoningsystems.AtaboutthesametimeRobinsonintroducedthe
resolutioncalculus[Robinson,1965],whichreliedonanormalisationprocess,theeliminationof
quantifiersby“Skolemisation”,andageneralisationofmodusponens.Theresolutioncalculusalso
provedtobeverysuitableforautomationandhasbeenextendedtotreatprimitiveequalitybyadding
rule.paramodulationtheGentzen’snaturaldeductionandsequentcalculiproceedbydecompositionoftheconjecturetak-
ingthestructureoftheformulaintoaccountandinstantiatingthequantifiedvariables.Theresolution
calculusrequiresthetransformationoftheconjectureintoanormalform.Beth’stableaucalculusre-
sidessomewherein-betweenthesetwoapproaches.AslightlydifferentapproachistakenbySch¨utte
[Sch¨utte,1977]bydefiningacalculusthatallowsforthedecompositionofformulasthatarewrapped
insidethewholeformula,withoutactuallyrequiringthedecompositionofthewholeformula,which
isanapproachverymuchattheheartofwhatisbeingproposedinthisthesisaswell.

2.2DevelopmentofProgramsforMechanisedReasoning

Thedevelopmentofthefirstcomputerstogetherwith,forinstance,theworkofGentzenandHerbrand
ingmadeitcapabilities.conceivableThelothatgicalitshouldtheoristbe[Nepossiblewellettobal,uild1957]wcomputerasthefirstprogramsthatimplementationhavenon-triofthisvialideareason-and
isononetheofdevtheelopmentancestorsofofprogramsmechanisedthatwerereasoningabletoproprograms.veIntheoremsafirstphaseautomaticallyresearch.Thesewasthusimplementa-focused
tionswereessentiallybasedontheresolutioncalculusandunification[Siekmann,1987].Intheearly
seventiesadifferentapproachwastakenintheAUTOMATHproject[DeBruijn,1973b,DeBruijn,
1973a,DeBruijn,1980]:theobjectiveherewastobuildasystemwherehumanscandevelopproofs
prointeractiving.velyHowewhilever,etheveninsysteminteractiguaranteesvetheoremsoundness.provingThisthereisfoundedacleartheneedtraditiontoofsupportinteractitheveautomationtheorem
ofpartsofproofs,forinstanceinordertotacklespecificandsimplesubproblemsautomatically.
Bothinautomatedandinteractivetheoremprovingitbecameapparentthattheimplementation
ofthecalculusrulesaloneisnotsufficienttobuildautomaticproofprocedures.Subsequently,re-
searchconcentratedonstrategicandheuristicorganisationoftheproofsearch,thefinegraining
andspecialisationofcalculi,andtheanalysisofthepropertiesofthesesystems.Researchersin
proofautomatedprocedurestheoremwereprovingrequiredweretobeinterestedcomplete.intheExamplesdesignforofthisgeneralkindofproblemsystemssolvareers,OandTTERthus[Mc-the
Cune,1990],SPASS[Weidenbach,1999],SETHEO[Letz&Stenz,1999],VAMPIRE[Riazanov&
Voronkov,2001],MKRP[Eisinger&Ohlbach,1986],TPS[Andrewsetal,1990,Andrewsetal,
2000],orTwelf[Pfenning&Sch¨urmann,1999].Proofproceduresininteractivetheoremproving
systemswereexpectedtobeefficientforspecificproblems,butnotnecessarilycomplete.Thesesys-
temsNuPrlare[Constabletypicallyetalbased,on1986],anaturalOyster[Bundydeductionetoral,sequent1990a],orcalculusKIVsuch[HeiselasetalIsabelle,1991].[Paulson,1989],
emerDifged:ferentontheoneparadigmshand,ofhoguidancewtointegrateinformationwguidanceasintegratedinformationintotheintothesearchtheoremprocedures.provingProminentsystems
representativesofsuchproceduresaretheset-of-supportorunit-preferencestrategiesinautomated
theoremproving,aswellasspecificprogramminglanguagessuchasintheNQTHM-system[Boyer
&Moore,1979]orthe“LogicforComputableFunctions(LCF)”tacticlanguageusedinthemeta-
intocomponentthecalculusofNuPrlrules[Constablethemselves.etalThis,w1986].asmainlyOnthemotiothervatedhandbytheguidanceworkofinformationKnuthandisinteBendixgratedfor

14

CHAPTER2.HISTORICALOVERVIEWANDSTATEOFTHEART

pureequationaltheoremproving,andresultedinthesuperpositioncalculus[Bachmairetal,1992].
Researchwasalsodevotedtointegratedomainspecificknowledgeintothetheoremprovingsys-
tems,whichledtotheuseofsorts[Walther,1987],thedesignofdecisionproceduresa`laNelson-
Oppen[Nelson&Oppen,1977],Rippling[Bundyetal,1990b,Hutter,1990]forproofsbyinduction,
superpositioncalculiforgroups[Stuber,1996]andmonoids[Ganzinger&Waldmann,1996],and
more.ymanAllproofproceduresmentionedsofar,nomatterwhichparadigmdominatedtheirdesign,stick
tothebasicrulesofthecalculus.Incontrasttothis,Bundyintroducedthenotionofproofplanning
[Bundyetal,1990b]asaparadigmadvocatingtop-downproofconstruction.Proofplanningconsists
offirstfindingaproofsketchbyusingAIplanningtechniques.Proofplans(orproofsketches)arebuilt
frommethods,whichareplanningoperatorswrappedaroundatactic[Gordonetal,1979].Thepre-
andpostconditionsofamethodaredeclarativedescriptionsoftheproofsituationinwhichthetactic
containedinthemethodshouldbeappliedtogetherwithanestimationofthenewproofsituation
withoutactuallyhavingtoexecutethetactic.Acompletedproofplanisthenrefinedtoacalculus
proofbyexecutingthetacticscontainedinthemethodsintheorderindicatedbytheproofplan.The
proofplanningtechniqueisthemostrecentnewparadigmtodesignandmanageproofsearch,aline
ofresearchextensivelyexploredinthecontextoftheΩMEGAproofplanningsystem[Siekmannet
al,2002a].Inproofplanninghigh-leveldomainspecificknowledgeisencodedasmethods,such
asknowledgeabouthowtoguideinductiveproofs[Bundy,1988],knowledgeabouthowtodoε-δ-
proofs,orprovingtheirrationalityofsquareroots[Siekmannetal,2002b].Furthermore,theproof
planningtechniqueprovedtobeverysuitablefortheintegrationofexternalreasoningsystemssuch
asotherautomatedtheoremproversorcomputeralgebrasystems.Therebythese“external”proofs
andcomputationsareintegratedbyencodingtheseproofsasproofplanningsteps,possiblyafter
translation[Meier,2000,Kerberetal,1998].

2.3ApplicationofProgramsforMechanisedReasoning
Themainmotivationforthedevelopmentoftheoremprovingsystems,nomatterwhichkind,was
andstillistocontributetotherealisationofLeibniz’dream,i.e.tomechaniseformalreasoningby
acomputerprogram.Atpresentthemostprominentapplicationdomainsaremathematics,formal
softwaredevelopment,(logical)programmingdevelopments,programsynthesis,deductivedatabases,
andteachingmathematics.Butlogicsfor“practicalreasoning”areabundantandmechanized.Just
asacalculusalonedoesnotprovideatheoremprovingsystem,thesuccessfulimplementationofa
theoremprovingsystemisnotsufficienttousethesesystemsforallofthesepurposes.Inorderto
providetheoremprovingenvironmentsthataresuitableforpracticalapplications,manyadditional
techniquesneedtobedevelopedandintegratedintothesesystems.Forexample,thetheoremproving
systemneedstobeintegratedwiththespecificationofdomainsandproblems,suchasmathematical
theories,lemmataandtheorems,orspecificationsofsoftwareandtheirsafetyandsecurityproperties.
Researchinthatdirectionhasbeenexecutedmainlyinthecontextofformalsoftwaredevelopment
systems[Heiseletal,1991,Autexieretal,1998,Hutter,2000b,Autexieretal,2002]andthemigration
ofthesetechniquesintotheapplicationdomainofmathematicshasbeenrealisedinteraliain[Franke
&Kohlhase,1999,Kohlhase,2000].
Anothershortcomingoftheoremprovingsystemsisthattheiruserequiresspecialistknowledge
aboutthesystems,forinstancehowparametersettingsinfluencethebehaviourofthesearchproce-
duresforthecaseofautomatedtheoremprovers,orhowtoforcetheproofstepsofthesysteminto
theseauserwouldliketoperforminthecaseofinteractivetheoremprovers.Althoughtherehas

2.3.APPLICATIONOFPROGRAMSFORMECHANISEDREASONING

15

beensomeworkonthedevelopmentofsuchuser-interfacestheresearchonthattopicisstillinits
infancXBarnacley.Examples[Duncanof&Louserwe,-interf1997],acesforIsaWintheorem[L¨uthproetalving,1999],systemsandaretheyLΩcanUIalsobe[Siekmannfoundetinal,systems1999],
likemathematicsVSE[Auteteachingxieretal,systems1998],ACTKIVIVEMA[HeiselTHetal[Melis,et1991],al,INKA2001].[HutterMechanisms&Senglerthat,support1996],theanduserthe
bySorge,1999,automaticallyBenzm¨ullergenerating&Sorge,suggestions2000].asHothewever,possiblethenextusabilitystepsofcanthesebeinterffoundacesinstill[Benzmfalls¨fullerarbe-&
yondthatofcomputerprogramsinotherdomains.Researchinthatdirectionisneverthelessessential,
asgreatitisdealeofvidentuserthatinteraction.theoremproTherevingisfornowaproblemsspecialarisingseriesinofrealworkshopsapplicationdevoteddomainstothisstilltopicrequires(Usera
InterfacesforTheoremProvers).
formatFinally,imposedthebyproofstheobtainedcalculusbothunderlyinginautomatedtheseandsystems.interactiThisvestyleoftheoremproofproisfvingararefromtheusuallystyleintheby
ofwhichtheseproofsproofs,arelikeperformedproofsinbyamathematicalmathematician.textbooks,Workoncanbehigh-lefoundvel,innatural[Fiedler,language2001,Dahnpresentationetal,
1997].

Contextual

Reasoning

artP

II

Chapter3

Syntax,SemanticsandUniformNotation

WewillnowpresentthebasicnotionsuponwhichtheCOREprooftheoryisbuilt.Section3.1is
concernedwiththedefinitionofthemany-sorted,simplytypedlambda-calculusastheunderlying
representationlanguagefortermsandformulasofthelogics.Thesyntaxandsemanticsofalllogics
consideredinthisthesisispresentedinSections3.2and3.3.Inordertoeasethepresentationof
theprooftheory(Chapter4and5)weunifythenotationofthesyntaxandsemanticsintoauniform
terminology.TheuniformterminologyisfurtherextendedinSection3.4byrecallingtheuniform
notationforformulasfrom[Wallen,1990,Fitting,1972,Smullyan,1968]andextendingitforour
purposes.Theresultisthenotionofsyntaxandsemanticsofsignedformulas,whichisthekey
techniquethatsmoothsthewayforauniformandsimplepresentationoftheprooftheory.Wewill
endwithanobservationwhyfunctionalandbooleanextensionalityneedstobehandledintheproof
3.5).(Sectiontheory

3.1TermsandSubtermOccurrences
Weuseamany-sorted,simplytypedλ-calculusasourbasicrepresentationlanguage,asadequacy
andconcisenessofrepresentationisanimportantaspectwithrespecttotheareaofapplicationofthe
CORE-system.Sortsareasimpletooltosupportaconsiserepresentation,andweallowforarbitrary
manybasetypes(i.e.sorts)ofindividuals,insteadofusingonlytwotypesιforindividualsandofor
truth-values.Werefrainfromusingasubtypingconceptinordertokeepthetypeinferencesimple,
avoidingtheintrinsicproblemswithsubtyping.
Definition3.1.1(ManySortedHigherordertypes)LetCbeasetoftypeconstantsandonotin
C.ThesetTofmanysortedhigherordertypesinducedbyCis:
--CTthebasetypes,
--o∈Tthetypefortruthvalues,
--Ifτ1,τ2∈T,thenτ1→τ2∈Tisafunctiontype.
Asusual,weassumethatthefunctionaltypeconstructor→associatestotheright,e.g.τ1→τ2→τ3
denotesτ1→(τ2→τ3).Furthermore,weuseτ1...τn→τ0asanabbreviationforτ1→(...→
(τn→τ0)),whereτ0∈C˙∪{o}.
Wesaythatatypeτisafirst-ordertypeif,andonlyif,eitherτ∈C˙∪{o}orifitisoftheform
τ1→τ2whereτ1∈Candτ2isafirst-ordertype.
19

20

CHAPTER3.SYNTAX,SEMANTICSANDUNIFORMNOTATION

orderWesignatureannotateΣ=(Tconstants,F,fVτ)andvconsistsariablesofxtypesτTwith,typesconstantsτFfromandTvtoariablesindicateV,theirbothtype.typedAoverhigherT.-
Thetypedλ-calculusisstandardandisdefinedoveragivenhigher-ordersignatureoftypesT,typed
constantsF,andtyped-variablesV.
Definition3.1.2(λ-Terms)LetΣ=(T,F,V)beahigher-ordersignature.Thenthetypedλ-terms
TΣ,VoverΣandVare:
--Forallxτ∈V,x∈TΣ,Visatermoftypeτ(alsodenotedbyx:τ).Wesaythatthistermxisa
variabletermoftypeτ.
--Forallcτ∈C,c∈TΣ,Visatermoftypeτ(alsodenotedbyc:τ).Wesaycisaconstantterm
.τtypeof--Ift:τ,t:τ→τ∈TΣ,Varetypedterms,then(tt)∈TΣ,Visanapplicationtermoftypeτ,
--ifx:τ∈Vandt:τ∈TΣ,V,thenλxτt∈TΣ,Visanabstractiontermoftypeτ→τ.Wesayt
isabstractedoverx.
Inthefollowingweassumethattermsarealwayswell-typedandtermsoftypeoarealsocalled
.formulasDefinition3.1.3(Substitutions)LetΣ=(T,F,V)beahigher-ordersignature.Asubstitutionisa
typepreservingfunction1σ:V→TF,VthatistheidentityfunctiononVexceptforfinitelymany
elementsfromV.Thisallowsforafiniterepresentationofasubstitutionasasetofpairs:
σ:={t1/x1,...,tn/xn}
whereσ(y)=yif∀1in,y=xi.Thehomomorphicextensionofσtoterms,i.e.theapplicationof
σtoaterm,isdefinedby
σ(x)ift∈V
λxτσ[x/x](t)ift=λxτt
σ(t):=(σ(t0)σ(t1))ift=(t0t1)
whereσ[x/t]denotesthefunctionthatbehaveslikeσexceptforxonwhichityieldst.

Remark3.1.4Asubstitutionσisidempotentif,andonlyif,itshomomorphicextensiontotermsis
idempotent,i.e.σ(σ(t))=σ(t)forallt∈TΣ,V.
Givenasubstitutionσwedenotebydom(σ)thesetofallvariablesforwhichσ(x)=x,i.e.the
.σofdomainThroughouttherestofthisthesisweassumethateverysubstitutionisidempotent,asthiscan
alwaysbeachieved.Higher-orderλ-termsusuallycomewithacertainsetofreductionrules.Weuse
theso-calledβandηreductionrules(cf.[Barendregt,1984]),whichgiverisetotheβηlongnormal
form,whichisuniqueuptorenamingofboundvariables.Throughouttherestofthisthesisweassume
thatalltermsareinβηlongnormalform.Applicationtermsinthisnormalformarealwaysofthe
form(ct1...tn)whereciseitheraconstantfromForavariablefromV.
1i.e.forallvariablesx:τ,σ(x)alsohastypeτ.

OCCURRENCESSUBTERMANDTERMS3.1.

21

Lemma3.1.5(PropertiesofTermsinβηLongNormalForm)Lettbeaterminβηlongnormal
form.Thentisofoneofthefollowingforms:
--eithertisatypedvariableoratypedconstant,
--oritisoftheform(ct1...tn),wherecisavariableorconstantoftypeτ1...τn→τ0,and
alltiareinβηlongnormalform,
--oritisoftheformλxτtandtisinβηlongnormalform.
Proof.Assumetisasubterminβηlongnormalformandfailstohaveanyofthepropertiesstated
intheLemma.Thecriticalcasetoconsideraretheapplicationterms.Thus,assumethereissucha
subtermsint.Therearetwocasestoconsider:
1.sisoftheform(t0t1...tm),thetypeoft0isτ1...τn→τ0andn>m.Inthiscasethe
η-expansionrulecouldbeappliedtoobtainthetermλxτnn...λxτmm++11(t0t1...tmxm+1...xn)
thatisinnormalform,whichcontradictstheassumptionthattwasinβηlongnormalform.
2.sisoftheform(t0t1...tn),thetypeoft0isτ1...τn→τ0,butt0isanabstractionterm.In
thiscasetheβ-reductionrulecouldbeapplied,whichcontradictstheassumptionthattwasin
βηlongnormalform.
Imposingtheβηnormalformhastheadvantagethatitallowsforastraightforwarddefinitionof
subtermoccurrencesforλ-terms.
Definition3.1.6(SubtermOccurrences)Asubtermoccurrenceisapossiblyemptylistofnatural
numbers[i0,...,in],(ij>0forall0jn).Foranytermtinβηlongnormalformthesetofvalid
subtermoccurrencesfortisthesmallestsetfullfillingthefollowingproperties:
--Iftisatypedvariableorconstant,then[]istheonlyvalidsubtermoccurrencefort.
--Ift=(ct1...tn)andρisavalidsubtermoccurrencefortithenρ=[i,ρ]isavalidsubterm
occurrencefort,1in.
--Ift=λxτtandρisavalidsubtermoccurrencefort,thenρ=[1,ρ]isavalidsubterm
.tforoccurrenceIfρisasubtermoccurrencefort,wedenotebyt|ρthesubtermdenotedbyρ,i.e.
--s|[]:=s,
--(t0t1...tn)|[i,ρ]:=ti|ρ,and
--(λxt)|[1,ρ]:=t|ρ.
Forthetermsinβηlongnormalformwedefinethefollowingnotionofsubterms.
Definition3.1.7(Subtermsofβη-NormalTerms)Lettbeaterminβηlongnormalform.The
subtermsoft,Subtermst,isthesmallestsetthatcontainstandthatisclosedunderthefollowingrules:
--if(ct1,...,tn)∈Subtermst,thent1,...,tn∈Subtermst,
--ifλxτt∈Subtermst,thent∈Subtermst

22

CHAPTER3.SYNTAX,SEMANTICSANDUNIFORMNOTATION

Fdisjunction,orthe∧forrepresentationconjunction,of⇒formulasforwewillimplicationusetheand⇔constantsforequi¬:vo→alence,oforallneofgation,typeoando∨→foro.
Equalityoverarbitrarytypes,includingo,isdenotedby=:ττ→o.Weusehigher-orderabstract
syntax(cf.[Pfenning&Elliott,1988])toencodequantificationoverobjectvariablesandintroduce
∀,∃:(τ→o)→oforuniversalandexistentialquantificationforalltypesτ.Toeasereadabilitywe
mayuse∀x0,...,xnϕasanabbreviationfor∀(λx0...∀(λxnϕ)).Additionally,weuse,:o→o
forthemodaloperators“necessarily”and“possibly”.

Syntax3.2TheCORE-systempresentedinthisthesisisauniformproofsystemforafixedsetoflogics,namely
classicalpropositional,first-orderandhigher-orderlogicsaswellasclassicalpropositionalandfirst-
ordermodallogicsK,K4,D,D4,T,andS4withconstantdomains.Thereasonforrestrictingour-
selvestotheselogicscomesfromthecontextofthisthesis,namelytheoremprovingformathemat-
icsandformalsoftwareengineering.Fortheseapplicationareas,especiallyhigher-orderlogicas
wellasfirst-orderclassicalandmodallogicsareofinterest.Aspiringatauniformframeworkfor
contextualreasoningforalltheselogicsledtothematrixcharacterisationsforclassicalandmodal
logicsbyWallen[Wallen,1990]andforclassicalhigher-orderlogicsbyAndrews[Andrews,1981],
Miller[Miller,1983]andPfenning[Pfenning,1987].Althoughtheclassofmodallogicsconsidered
byWallenisslightlylarger,werestrictourselvestotheaforementionedinordertokeepthedefinition
simple.theoryprooftheofInthissectionweintroducethesyntaxoftheformulasforthoselogics.Sincetheunderlyingterm
languageisthemany-sortedλ-calculuswithβη-equalitythedefinitionofthelogicspecificsyntax
consistsofthedefinitionoftheadmissiblesignaturesandterms.
Definition3.2.1(Syntax)ForeachofthelogicLwedefinethesignaturesΣL=(TL,FL,VL)con-
sistingofthebasetypesTL,thepredefinedconstantsFL,andthesetVLoftypedvariablesforL.
CPL-ClassicalPropositionalLogic:ACPLsignatureisΣCPL:=({o},{True,False:o,¬:o→
o,∨,∧,⇒,⇔:oo→o}∪˙C},0/),whereCcontainsonlyconstantsoftheformA:o.TheCPL
termsarethesubsetoftheλ-termsoverΣCPLforwhichallsubterms(cf.Definition3.1.7)are
o.typebaseofCPML-ClassicalPropositionalModalLogic:ACPMLsignatureisthepairwisedisjointunionof
ΣCPLwith(0/,{,:o→o},0/),i.e.ΣCPML:=ΣCPL∪˙(/0,{,:o→o},0/).TheCPMLterms
arethesubsetoftheλ-termsoverΣCPMLforwhichallsubterms(cf.Definition3.1.7)areofbase
o.typeCFOL-ClassicalFirstOrderLogic:ACFOLsignatureisΣCFOL:=({o}∪˙S,{¬:o→o,∨,∧,⇒
,⇔:oo→o,∀,∃:(τ→o)→oand=:ττ→oforallτ∈S}∪˙C},V)wheretheconstants
inChaveonlyfirst-ordertypesandthevariablesinVhaveonlybasetypesfromS.TheCFOL
termsarethesubsetoftheλ-termsoverΣCFOLforwhichallsubterms(cf.Definition3.1.7)are
ofsomebasetypefrom{o}∪˙S,exceptthedirectsubtermstof∀(t)and∃(t)whichareoftype
τ→owhereτisfromS.
CFOML-ClassicalFirstOrderModalLogic:ACFOMListhepairwisedisjointunionofΣCFOL
with(0/,{,:o→o},0/),i.e.ΣCPML:=ΣCFOL∪˙(0/,{,:o→o},0/).TheCFOMLtermsare
thesubsetoftheλ-termsoverΣCFOMLforwhichallsubterms(cf.Definition3.1.7)areofsome

SEMANTICS3.3.

RonConditionLconditionsnoKevtransitiK4serialityDD4seriality,transitive
TS4reflereflexixivvee,transitive
Table3.1:Conditionsonaccessibilityrelations.

23

basetypefrom{o}∪˙S,exceptthedirectsubtermstof∀(t)and∃(t)whichareoftypeτ→o
whereτisfromS.
CHOL-ClassicalHigher-OrderLogic:AssumeTisthesetofhigher-ordertypesoveranarbi-
trarysetofbasetypesSandadditionalbasetypeo(cf.Definition3.1.1).ThenaCHOLsigna-
tureisΣCHOL:=(T,{True,False:o,¬:o→o,∨,∧,⇒,⇔:oo→o,∀,∃:(τ→o)→oand=:
ττ→oforallτ∈T},V).TheCHOLtermsaretheλ-termsoverΣCHOL.
Semantics3.3Thissectiondefinesthemodel-theoreticsemanticsforthelogicsunderconsiderationasfollows:on
theonehandwedefinethesemanticsforfirst-ordermodallogicswithconstantdomains(CFOML),
logicwhichwithencompassprimitivetheequalitysemantics,asforwellCPL,asbooleanCPML,andandCFOL.functionalOnetheotherxtensionalityhand.wedefinehigher-order

3.3.1SemanticsforClassicalFirstOrderModalLogic
Wefollow[Wallen,1990]forthedefinitionofthesemanticsofclassicalfirstordermodallogics.Let
Gbeanon-emptysetandRabinaryrelationonG.WedenotetheelementsofGasthepossible
worldsandRastheaccessibilityrelation.IfRsatisfiestheconditionsoutlinedintable3.1,thenthe
pairG,RisanL-frame.Therebythereflexivityandtransitivitypropertiesarestandard,i.e.Ris2
reflexiveif,andonlyif,forallv∈GitholdsvRvandthetransitivityisanalogous.Theseriality
propertyholdsforabinaryrelationRoverGif,andonlyif,foreachw∈Gthereissomev∈Gsuch
thatwRvholds.Notethatreflexivityimpliesseriality.
AssumenowthatS,F,VisaCFOML-signature.Amanysortedfirst-orderframeforthis
signatureisa4-tupleG,R,D,DwhereG,RisanL-frame,Disasortindexedfamilyofnon-
emptysets(Ds)s∈SandDamappingfromGtoasortindexedfamilyofnon-emptysubsetsofthe
respectiveDs.D(w)isthefamilyofsetsofindividualsoverwhichrangequantifiersofvariableswith
therespectivetypes.FurthermorewerequireforeverybasetypesthatDs=∪w∈GD(w)s.Intherest
ofthisthesiswesticktotheconstantdomainvariantsofthemodallogicsunderconsideration,i.e.we
consideronlyfirst-orderframesforwhichD(w)=D(v)holdsforallw,v∈G.
Definition3.3.1(FirstOrderKripkeModels)AconstantdomainL-frameM=G,R,D,Dis
afirst-orderKripkemodelif,andonlyif,forallw∈G,allassignmentsρofvariablesoftypesto
2Notethatin[Wallen,1990]serialityiscalledidealisation.

24

CHAPTER3.SYNTAX,SEMANTICSANDUNIFORMNOTATION

elementsofD(w)sthefollowingholds:
1.D(w)oisabinaryset{,⊥},fortruthand⊥forfalsehood,
2.Mwρ(True)=,Mwρ(False)=⊥,andthelogicalfunctions¬,∧,∨,⇒,⇔,and=havetheclas-
interpretation,sical3.Mwρ(λxsto)isthefunctionfromD(w)stoD(w)othatmapselementse∈D(w)stoMwρ[x/e](t),
ρ4.Mwρ(∀(ts→o))=⊥ifforotherwisealle∈D(w)sMw(t)(e)=
5.Mwρ(∃(ts→o))=ifthereexistsane∈D(w)sMwρ(t)(e)=
otherwise⊥6.Mwρ((t))=ifforallvsuchthatwRvitholdsMvρ(t)=
otherwise⊥7.Mwρ((t))=ifthereexistsvsuchthatwRvanditholdsMvρ(t)=
otherwise⊥8.OtherwiseMwρ(c(t1,...,tn))=Mw(c)(Mwρ(t1),...,Mwρ(tn)),n0,whereMw(cs1...sn→s0)∈
D(w)s1...D(w)sn→D(w)sn.Aconstantcs1...sn→s0isrigidif,andonlyif,forallpossible
worldsw,witholdsMw(c)=Mw(c);otherwisecs1...sn→s0isflexible.
GivenaCFOML-formulaϕandafirst-orderKripkemodelM,wesayMsatisfiesϕif,andonlyif,
foranyworldwandassignmentρitholdsMwρ(ϕ)=.ACFOML-formulaϕisvalid,if,andonlyif,
everyfirst-orderKripkemodelsatisfiesϕ.

3.3.2SemanticsforClassicalHigherOrderLogic
Forthesemanticsofhigher-orderlogicweusethegeneralmodelsfrom[Henkin,1950]bytakinginto
accountthecorrectionsfrom[Andrews,1972].Itisbasedonthenotionofframesthatisaτ-indexed
family{Dτ}τ∈Tofnonemptydomains,suchthatDo={,⊥}3andDτ1→τ2isacollectionoffunctions
mappingDτ1intoDτ2.ThemembersofDoarecalledtruthvaluesandthemembersofDS,S∈S,are
.-individualsScalledGivenaframe{Dτ}τ∈T,anassignmentisafunctionρonVsuchthatforeachvariablexτholds
ρ(xτ)∈Dτ.Givenanassignmentρ,avariablexτandanelemente∈Dτwedenotebyρ[x/e]that
assignmentρsuchthatρ(xτ)=eandρ(yτ)=ρ(yτ),ifyτ=xτ.
ForthedefinitionofthefunctionspacesinaframeweuseΛxτeτtodenoteafunctionfromDτ
intoDτinordertodistinguishitfromthesyntax.
Definition3.3.2(ExtensionalGeneralModels)Aframe{Dτ}τisanextensionalgeneralmodelin
thesenseof[Andrews,1972]if,andonlyif,itsatisfiesthefollowingconditions:
(a0)Foreachτ∈T,Dττ→ocontainstheidentityrelationqonDττ→o,
(a1)Do→ocontainsthenegationfunctionnsuchthatn()=⊥andn(⊥)=,
33.3.1.DefinitiontoAnalogous

25SEMANTICS3.3.(a2)Do→ocontainsΛxoandΛxoxo.Also,Do→ocontainsthealternationfunctionasuchthat
a()=Λxoanda(⊥)=Λxoxo,
(a3)Foreachτ∈T,D(τ→o)→ocontainsafunctionπ(τ→o)→osuchthatforallg∈Dτ→oπ(τ→o)→o(g)=
if,andonlyif,g=Λxτ,
(b)Forallτ,τandalle∈DτthefunctionΛxτeisinDτ→τ,
(c)Forallτ,τthefunctionΛxτΛyτxτisinDττ→τ,
(d)Forallτ,τ,τ,allx∈Dττ→τandally∈Dτ→τthefunctionΛzτx(z,y(z))isinDτ→τ,
(e)Forallτ,τ,τandallx∈Dττ→τthefunctionΛyτ→τΛzτx(z,y(z))isinD(τ→τ)τ→τ,
(f)Forallτ,τ,τthefunctionΛxττ→τΛyτ→τΛzτx(z,y(z))isinD(ττ→τ)(τ→τ)τ→τ.
Theinterpretationofaλ-termtbyanextensionalgeneralmodelN:={Dτ}τandwithrespecttoan
assignmentρistheusualinterpretationdefinedby:
--M(o):=Do={,⊥},
--Mρ(True):=,Mρ(False):=⊥,Mρ(¬):=n,Mρ(=ττ→o):=q∈Dττ→o,andthelogical
functions∧,∨,⇒,and⇔havetheclassicalinterpretation,
--Mρ(∀(τ→o)→o):=π∈D(τ→o)→o,andMρ(∃(τ→o)→o):=Mρ(λxτ→o¬(∀(λyτ¬(xy)))),
--Mρ(cτ)∈Dτ,foranyconstantcτ,
--Mρ(xτ):=ρ(xτ)∈Dτ,foranyvariablexτ,
--Mρ(t0t1,...,tn):=Mρ(t0)(Mρ(t1),...,Mρ(tn)),
--Mρ(λxτtτ)isthefunctionfromDτtoDτthatmapseveryelemente∈DτtoMρ[e/x](t).
NotationsUnifying3.3.3ForeverylogicLmentionedintheprevioussectionweassumethereisauniqueuniformnotation
forsignedformulaswithrespecttoL.Furthermore,weagreetoomittypeinformationonvariables
andconstants,unlesstheyarerequired.Inordertosimplifythepresentationofthemetaprooftheory
forthewholeclassoflogics,thesemanticsofthedifferentlogicsareunifiedtoauniformnotionofa
model.Definition3.3.3(L-Models)LetLbeoneofthelogicsunderconsideration.AnL-formulaϕis
L-satisfiableif,andonlyif,thereisanL-modelMsuchthatforallvariableassignmentsρandall
worldswitholdsMwρ(ϕ)=.AnL-formulaϕisL-validif,andonlyif,itisL-satisfiableinall
-models.L

26

CHAPTER3.SYNTAX,SEMANTICSANDUNIFORMNOTATION

αα0α1γγ0(c)νν0
(ϕ∨ψ)+ϕ+ψ+(∀xϕ)(ϕ[x/t])(ϕ)ϕ
(ϕ⇒ψ)+ϕψ+(∃xϕ)+(ϕ[x/t])+(ϕ)+ϕ+
(ϕ∧ψ)ϕψ
(¬ϕ)+ϕ
(¬ϕ)ϕ+
ββ0β1δδ0(c)ππ0
(ϕ∧ψ)+ϕ+ψ+(∀xϕ)+(ϕ[x/c])+(ϕ)+ϕ+
(ϕ∨ψ)ϕψ(∃xϕ)(ϕ[x/c])(ϕ)ϕ
(ϕ⇒ψ)ϕ+ψ
notation.Uniform3.1:Figure

NotationormUnif3.4Themetaproof-theoryfortheCOREframeworkreliesonanextensionofindexedformulatreeswhich
makesuseoftheconceptofpolaritiesanduniformnotation(cf.[Wallen,1990,Fitting,1972,Smullyan,
(1968]).).IntuitivPolaritiesely,positiareveassignedpolaritytoofaformulassubformulaandindicatessubformulasthatanditareoccursineitherthepositivsuccedente(+)oforanegatisequentve
inasequentcalculusproofandnegativepolarityisforformulasoccurringintheantecedentofa
sequent.Formulasannotatedwithpolaritiesarecalledsignedformulas.Uniformnotationassignsuniform
typestosignedformulaswhichencodetheir“behaviour”inasequentcalculusproof:therearetwo
twopropositionaltypesπandνuniformformodaltypesαandquantification.β,twoAtypessignedγandδformulaforisofquantificationtypeαifovtheerobjectsubformulasvariables,obtainedand
bysameapplicationsequent.ofSignedtherespectiformulasvearesequentoftypeβcalculus,ifthedecompositiondecompositionruleofonthethesignedformulaformulabothgivoccuresinrisetheto
asplitofthesequentcalculusproofandtheobtainedsubformulasoccurindifferentsequents.γ-type
signedformulasindicatethattheboundvariableisfreelyinstantiable,whileδ-typesignedformulas
arethoseforwhichtheEigenvariableconditionmusthold.Wecallγ-variable(resp.δ-variable)
variablesboundonsomeγ-typesigned(sub-)formula(resp.δ-type).InFigure3.1wegivethelistof
signedformulasforeachuniformtype.
mulas.ThetablesFurthermore,indicatetheyalsodefinehowatherecursionpolarityofprincipleasignedtoannotateformulaisallinheritedsubformulastoitsofarespectisignedvesubforformula-
withapolarityandauniformtype.Thisrecursionprincipleisthebasisforindexedformulatrees,
whicharesignedformulaswhereeachsubformulaisannotatedwithitspolarityanduniformtype.
Polaritiesanduniformnotationaresufficienttodefineauniformnotionofalogicalcontextand
todeterminetheusablerulesfromthelogicalcontext.Duetotheuniformresultsin[Wallen,1990]
theframeworkcanbeinstantiatedtosupporttheintuitiveproofsearchwithrespecttoavarietyof
logics,namelypropositional,first-orderclassicallogic,andsomepropositionalandfirst-ordermodal
1983,logics.IndePfenning,xed1987,formulaAndretreesws,are1989]closelywhichrelatedallowstotheexpansiontreatmenttreesofhigherfrom-order[Andrews,classical1981,logics.Miller,

3.4.UNIFORMNOTATION

εε0ε1ζζ0ζ1
(s⇔t)st(s⇔t)+st
(s=t)st(s=t)+st
Figure3.2:Uniformtypesforequationsandequivalences.

27

Wearemainlyinterestedinfirst-orderversionsofthelogicsaswellasinhigher-orderlogic,and
inordertokeeptheframeworksimple,werestrictourselvestofirst-orderandhigher-orderclassical
logic,andfirst-ordermodallogicswithconstantdomains.
Animportantintuitiveconceptisequalityandequivalenceandwewanttotreatthoseasfirst-class
citizensbysupportingtheiruseasrewriterules.Example:givenanequations=tandaformula
ϕ(s)itisnaturaltoallowtherewriteofϕ(s)toϕ(t).Similarlywewanttosupporttherewritingwith
equivalence,i.e.toapplyP⇔Qonϕ(P)toobtainϕ(Q).Notethatwecannotassignpolaritiesto
PandQinP⇔Q,whilePinϕ(P)maywellhaveapolarity.Furthermore,theuniformnotionof
rulesobtainedfromuniformnotationisrestrictedtologicalrefinementrulesanddoesnotcapture
equivalencerules.Inordertocaptureequationsandequivalenceweintroduceathirdpolarity,
undefined,anduniformtypesεandζfornegativeandpositiveequationsandequivalences.
Definition3.4.1(Polarities)Weintroducethreekindsofpolarities:apositivepolarity+(intuitively
polaritysuccedent.ofWeasaysequent),thataanepolaritygativeisdefinedpolarity,ifitis(intuitieithervelypositivantecedenteorneofgatiave.sequent),andanundefined
theThenotionofdefinitionaruleoftothecaptureadditionaluniformlyuniformlogicaltypesisequigivveninalenceFigurerules,3.2.inThecontrastnewtouniformlogicaltypeserefinementxtend
rules.weeInxtendthetherestofnotionthisofLthesiswe-satisfiabilityaremainlytosignedconcernedformulas.withInsignedordertoformulas.motivateTothiseasethedefinitionpresentationconsider
apolarities,sequentψall1,..the.,ψψnhaϕv.eItnegatirepresentsvepolaritytheproofwhilestatusϕhasthatpositiwevhaevetopolaritypro.veTheϕψfromarethetheψi.Inassumptionstermsof
iiandsatisfythusϕ.weHence,considerwethedefineLthat-modelsanLthat-modelsatisfyMthosesatisfiesformulasanegativeandprovformulaethatψthoseif,Land-modelsonlyif,alsoM
iMsatisfiessatisfiesψi.aFrompositivethereformulawederiϕ+ve,if,theanddualonlyif,definitionMdoesfornotpositivsatisfyeϕ.formulas,Formally:namelythatanL-model
Definition3.4.2(L-SatisfiabilityofSignedFormulas)LetϕpbeasignedL-formulaofdefined
polaritypandManL-model.Then:
+MM||==LLϕϕif,if,andandonlyonlyif,if,MM|=|=LLϕϕ

Fromthisdefinitionwecaninferforeachuniformtypeα,β,γ,δ,ν,andπtherelationshipbetween
thesatisfiabilityofasignedformulaofthistypeandthesatisfiabilityofitssignedcomponents.
Lemma3.4.3LetMbeanL-model,ρavariableassignment,w,vworlds,andϕpasignedL-formula
ofpolarityp.Thenitholds:

28

CHAPTER3.SYNTAX,SEMANTICSANDUNIFORMNOTATION
1.Ifϕp=αp(ϕ1p1,ϕ2p2),then
Mwρ|=Lαp(ϕ1p1,ϕ2p2)if,andonlyif,Mwρ|=Lϕ1p1andMwρ|=Lϕ2p2
2.Ifϕp=βp(ϕ1p1,ϕ2p2),then
Mwρ|=Lβp(ϕ1p1,ϕ2p2)if,andonlyif,Mwρ|=Lϕ1p1orMwρ|=Lϕ2p2
3.Ifϕp=γpxϕp,then
1Mwρ|=Lγpxϕ1pif,andonlyif,foralla∈Dτ,Mwρ[a/x]|=Lϕ1p
4.Ifϕp=δpxϕ1p,then
ρ[a/x]
Mwρ|=Lδpxϕ1pif,andonlyif,thereisana∈DτsuchthatMw|=Lϕ1p
5.Ifϕp=νp(ϕ1p),then
Mwρ|=Lνp(ϕ1p)if,andonlyif,forallvsuchthatwRvandMvρ|=Lϕ1p
6.Ifϕp=πp(ϕ1p),then
Mwρ|=Lπp(ϕ1p)if,andonlyif,thereisavsuchthatwRvandMvρ|=Lϕ1p

.oofPr1.α-typeformulas:weshowtheproofifϕpisoftheform(ϕ1⇒ϕ2+)+.Theothercasescanbe
analogously:edvproMwρ|=L(ϕ1⇒ϕ2)+⇔Mwρ|=L(ϕ1⇒ϕ2)
⇔Mwρ|=L¬ϕ1andMwρ|=Lϕ2
⇔Mwρ|=Lϕ1andMwρ|=Lϕ2
⇔Mwρ|=Lϕ1andMwρ|=Lϕ2+
2.β-typeformulas:weshowtheproofifϕpisoftheform(ϕ1+⇒ϕ2).Theothercasescanbe
analogously:edvproMwρ|=L(ϕ1⇒ϕ2)⇔Mwρ|=L(ϕ1⇒ϕ2)
⇔Mwρ|=L¬ϕ1orMwρ|=Lϕ2
ρρ⇔Mw|=Lϕ1orMw|=Lϕ2
⇔Mwρ|=Lϕ1+orMρw|=Lϕ2
3.γ-typeformulas:wepresenttheproofwhenϕpisoftheform∀xτϕ.Thecaseof∃+xτϕ+
analogous.isMwρ|=L∀xτϕ
⇔Mwρ|=L∀xτϕ
⇔Foralla∈DτsuchthatMwρ[a/x]|=Lϕ
⇔Foralla∈DτsuchthatMwρ[a/x]|=Lϕ

ARPRELIMIN3.5.REMARKSY

29

4.δ-typeformulas:wepresenttheproofwhenϕpisoftheform∃xτϕ.Thecaseof∀+xτϕ+
analogous.isMwρ|=L∃xτϕ
⇔Mwρ|=L∃xτϕ
⇔Thereexistsa∈DτsuchthatMwρ[a/x]|=Lϕ
⇔Thereexistsa∈DτsuchthatMwρ[a/x]|=Lϕ
5.ν-typeformulas:wepresenttheproofwhenϕpisoftheformϕ.Thecaseof+ϕ+is
analogous.Mwρ|=Lϕ
⇔Mwρ|=Lϕ
⇔ForallvwithwRvitholdsMvρ|=Lϕ
⇔ForallvwithwRvitholdsMvρ|=Lϕ
6.π-typeformulas:wepresenttheproofwhenϕpisoftheformϕ.Thecaseof+ϕ+is
analogous.Mwρ|=Lϕ
⇔Mwρ|=Lϕ
⇔ThereexistsvwithwRvsuchthatMvρ|=Lϕ
⇔ThereexistsvwithwRvsuchthatMvρ|=Lϕ




RemarkseliminaryPr3.5Beforepresentingtheformaldefinitionofindexedformulatreeswehaveaquicklookattheproblems
ofrewritingwithequationsandequivalencesasthetheoriesofindexedformulatrees[Wallen,1990]
andexpansiontrees[Andrews,1981,Miller,1983,Pfenning,1987,Andrews,1989]donotprovidea
directsupportforrewritingwithequationsandequivalences.In[Pfenning,1987]primitiveequality
ishandledbyexpandinganequationsτ=tτintoLeibniz’equality∀Pτ→oP(s)⇒P(t).Forrewriting
equationsandequivalencestheideaistouseLeibniz’equalityinthefollowingmanner:assumewe
haveanequationfromthedefinitionofadditionovernaturalnumbers
∀(λx∀(λy(s(x)+y)=s(x+y)))(3.1)
wheresisthesuccessoronnaturalnumbers.RewritingaformulaQ(s(a)+b)withthisequation
resultsinP(s(a+b))andwecanencodethisbyreplacing(3.1)with
∀(λx∀(λy∀(λPP(s(x)+y)⇒P(s(x+y)))))(3.2)
andinstantiatingPwithλuQ(u)inordertoobtain
Q(s(x)+y)⇒Q(s(x+y)).(3.3)
Applying(3.3)onQ(s(a)+b)weobtainQ(s(a+b)),whichisthedesiredresult.Thus,theideaisto
haverewritingasaprimitiveruleandtoencodeitinternallyasasequenceofexpansion,instantiation
andapplicationofLeibniz’equality.However,thisalreadyfailsforequationsinthepresenceof
quantifiedformulasthathaveundefinedpolarities.Example:assumewewanttoapply(3.1)onthe
formula∀(λzR(s(z)+b))⇔S.(3.4)

30

CHAPTER3.SYNTAX,SEMANTICSANDUNIFORMNOTATION

Intuitively(3.1)isapplicableon(3.4)anditshouldrewriteitinto
∀(λzR(s(z+b)))⇔S(3.5)
Expanding(3.1)weobtainagain(3.2),butwefailtoconstructaninstancetforPsuchthattheβη
longnormalformfort(s(x)+y)isunifiablebysomeσwith∀(λzR(s(z)+b))⇔Sandtheβηlong
normalformσ(t(s(x+y)))isequalto(3.5).Thisproblemshowsupbecausewewanttorewritewithin
thescopeofquantifierswithoutpolarity.Thewayaroundthatproblemistohaveanextensionality
into(3.1)transformswhichrule∀(λy(λx(s(x)+y)=λxs(x+y)))(3.6)
andtousethatequationfortherewriting4.TheLeibniz’equalityfor(3.6)is
∀(λy∀(λPP(λx(s(x)+y))⇒P(λxs(x+y)))).(3.7)
NowwecaninstantiatePwithλu(∀(λzu(z)))⇔S.Applyingtheinstantiationon(3.7)weobtain
∀(λy[∀(λzs(z)+y)⇔S]⇒[∀(λzs(z+y))⇔S].(3.8)
Now(∀(λzs(z)+y))⇔Sisunifiablewith(3.4)byinstantiatingywithbandweobtainthedesired
resultfrom(3.5).Thus,oursolutiontosupportintuitiverewritingwillbetoencodeitviaasequence
ofextensionalitysteps,expansionofprimitiveequalityintoLeibniz’equality,andstandardlogical
refinement.

3.5.1SketchoftheCOREProof-Theory
Theproof-theoreticalframeworkforCOREreliesentirelyonthe(extended)uniformnotationandis
basedformulaontreeafornotiontheofainitialproofconjecturestatethatandthisconsistsisusedoftwtoocheckthecomplementaryvalidityofparts:thesubstitutions.firstisanTheindesecondxed
partcalculusistherules.workingThewcopyorkingofthecopyfirstisanindexindeedxedformulaformulatreetreewhichwithisfreeactivvelyariables,transformedandtherebyistheaCOone-to-RE
onemappingbetweenthefreevariablesandbindingpositionsinthefirstindexedformulatree.The
secondaryuniformtypeofthebindingpositionsinthefirstindexedformulatreealsoindicatesthe
typesγorδofthefreevariables.
Theuniformnotationisthebasisforauniformdefinitionofalogicalcontextandreplacement
ing,rules(3)infreevpermutationsariableofindexmodaledformulaquantifierstrees.overThelogicalreasoningconnectirulesves,are(4)(1)resolutioncontraction,replacement(2)weakruleen-
equalities,application,(7)(5)extensionalitypropositionaloverγ-vsimplification,ariablesfor(6)eparticularxpansionεof-typeε-andsignedζ-typeformulasformulasandδ-vintoariablesLeibniz’for
intoparticulartheζ-typeconjunctionsignedoftwoformulas,implications,(8)the(9)booleanζinstantiation,-expansion(10)rulethethatincreaseexpandsofpositimultiplicitiesveequivofγalences-and
ν-typequantifiers,(11)theapplicationofrewritingreplacementrules,and(12)Cut.

4Thisextensionalityruleisthe(ξ)-rulefrom[Hindley&Seldin,1986].

4Chapter

IndexedFormulaTrees

ACOREproofstateconsistsofanindexedformulatreeandafreevariablecopyoftheindexed
formulatree.Thischapterintroducesindexedformulatrees,whichareacombinationoftheindexed
formulatreesin[Wallen,1990]withavariantoftheexpansiontreeproofsin[Miller,1983,Pfenning,
1987].mulaWetreeintroduceobtainedtheinitiallynotionoffromanaindexformula,edformulawhichwetreeindenotetwobysteps:initialfirstindewexeddefineformulatheindetreex.edInfora-
secondstepweaddnodesthatrepresenttheintroductionofLeibniz’equality,extensionalityintroduc-
wetionfordefineε-theandζ-typeapplicationofformulas,substitutionsbooleanζas-ewellxpansionastheaswellhandlingastheofnewvintroductionariables,offorcut.instanceFurthermorethose
unification.-orderhigherbygeneratedInthefollowingweagreetodenotebyαp(α1p1,α2p2)asignedformulaofpolarityp,uniformtype
α,andsubformulasαwithrespectivepolaritiespaccordingthetablesinFigure3.1(p.26).Byabuse
ofnotationwealsoiallowthereplacementoftheiαibynewformulas.Example:ifα+(αp1,αp2)is
(A⇒B+)+,thenαp(C,α2p2)denotes(C⇒B+)+.Weuseananalogousnotationfor1formulas2of
ppn1ptheformulaotherϕp1,uniformifn=types.1,andFurthermoreotherwisethewesignedagreetoformuladenoteαpby(ϕαp1(,ϕα1p2,(.ϕ..p2,,ϕ.n..),ϕnpneither)).theAnalogouslysinglesignedwe
defineβ.112

4.1InitialIndexedFormulaTrees
overDefinitionthestructure4.1.1of(Initialformulas.IndexedEachFnodeormulaofTrtheee)treeWehasadefineformulainitialasindelabel,xedaformulapolaritytr,eesandainductiuniformvely
type.Allnodes,exceptfortherootnodehavealsosecondaryuniformtypes,whichistheuniform
nodes.parenttheiroftype1.IfApisasignedatomofpolaritypandwithoutuniformtype,thenQ=Apisaninitialindexed
literalformulanodestreeofareleapolarityvesofpindeandxnoeduniformformulatype,treesandwhichLabelis(Q)indicated:=A.bythesubscript.Those
2.Ifε(s,t)pisasignedformulaofpolaritypanduniformtypeε,thenQ=ε(s,t)εpisaninitial
indexedformulatreeofpolaritypanduniformtypeε.Theyarealsoleavesofindexedformula
treesandLabel(Q):=ε(s,t).

31

32

TREESFORMULAINDEXED4.CHAPTER3.Ifζ(s,t)pisasignedformulaofpolaritypanduniformtypeζ,thenQ=ζ(s,t)ζpisaninitial
indexedformulatreeofpolaritypanduniformtypeζ.Theyarethelastkindofleavesof
indexedformulatreesandLabel(Q):=ζ(s,t).
4.LetQbeaninitialindexedformulatreeofpolaritypandLabel(Q)=ϕandαp(ϕp)asigned
formulawiththeoppositepolarityp.Then
α(ϕ)αp
=QQisaninitialindexedformulatreewithLabel(Q):=α(ϕ),ofpolaritypanduniformtypeα.
ThesecondarytypeofQisα1.
5.LetQ1,Q2beinitialpindexedpformulatreespwithrespectivepolaritiesp1andp2,andassumea
signedformulaα(Label(Q1)1,Label(Q2)2)ofpolarityp.Then
α(Label(Q1),Label(Q2))αp
=QQQ21isaninitialindexedformulatreewithLabel(Q):=α(Label(Q1),Label(Q2),polarityp,and
uniformtypeα.ThesecondarytypesofQ1andQ2areα1andα2.
6.LetsignedQ1,Q2formulabeβpinitial(Labelinde(xQed)p1,formulaLabel(treesQ)p2with)ofrespectipolarityvep.Thenpolaritiesp1andp2,andassumea
21β(Label(Q1),Label(Q2))βp
=QQQ21isaninitialindexedformulatreewithLabel(Q):=β(Label(Q1),Label(Q2),ofpolaritypand
uniformtypeβ.ThesecondarytypesofQ1andQ2areβ1andβ2.
7.Letγpxϕ(x)beasignedformulaofpolarityp,andQi,1ininitialindexedformulatrees
withLabel(Qi)=ϕ(Xi)wheretheXiarenew(meta)variables.Then
γpxϕ(x)γp
=QQ1...Qn
isaninitialindexedformulatreewithLabel(Q):=γpxϕ(x),ofpolaritypanduniformtypeγ.
AlltheQithenhavesecondarytypeγ0.ThemultiplicityofQisn.
Foreach1inwesaythatQiisthebindingnodeforXi.WealsocallametavariableXia
ariable.-vγ8.Letδpxϕ(x)beasignedformulaofpolarityp,andQaninitialindexedformulatreeswith
Label(Q)=ϕ(x)wherexisanewparameter.Then
δpxϕ(x)δp
=QQ

4.1.INITIALINDEXEDFORMULATREES33
isaninitialindexedformulatreewithLabel(Q):=δpxϕ(x),ofpolaritypanduniformtypeδ.
ThesecondarytypeofQisδ0.
WesaythatQisthebindingpositionforx.Wealsocallaparameterxaδ-variable.
9.LetQi,1inbeinitialindexedformulatreesallwiththesamelabelsuptorenamingof
boundvariablesandthesamepolarityp.Furtherletνp(Label(Q1))beasignedformulaof
Then.ppolarityν(Label(Q1))νp
=QQ1...Qn
isaninitialindexedformulatreewithLabel(Q):=ν(Label(Q1)),ofpolarityp,anduniform
typeν.AlltheQithenhavesecondarytypeν0.ThemultiplicityofQisn.
10.LetQbeaninitialindexedformulatreesofpolaritypandπp(Label(Q))asignedformulaof
Then.ppolarityπ(Label(Q))δp
=QQisaninitialindexedformulatreewithLabel(Q):=π(Label(Q)),ofpolaritypanduniform
typeπ.ThesecondarytypeofQisπ0.

Example4.1.2Asanexampleforaninitialindexedformulatreeweconsidertheformulaabout
numbersnatural(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔P(s(s(v)))
whereNatdenotesthetypeofnaturalnumbers,0Natisthezeroofnaturalnumbers,sNat→Natand
pdenoterepsectivelythesuccessorandpredecessorofsomenaturalnumber.Thentheinitial
indeNat→xedNatformulatreeforthepositiveformulaisviewedinFigure4.1(p.34).Inthefollowingsections
wewillusethisinitialindexedformulatreetoillustratedifferentrulesonindexedformulatrees.
Notation4.1.3(Γ0,Δ0,ν0andΠ0)Foragiven(initial)indexedformulatreewedenotethesetof
nodesofsecondarytypeγ0byΓ0,andanalogouslywedefinethesetsΔ0,ν0andΠ0.
Theproof-theorydefinedforCOREisametaproof-theoryinthatitsupportsavarietyoflogics.
Tothisend(following[Wallen,1990])therearetwokindsofsubstitutions:onefortheinstantiation
ofmetavariablesandonethatdealswiththemodalpartoftheconsideredlogics.Theformeris
calledavariablesubstitution,denotedbyσQ,andinstantiatesmetavariablesboundonnodesof
secondarytypeγ0.Following[Wallen,1990,Miller,1983,Pfenning,1987]theoccur-checkisrealised
asanacyclicitycheckofadirectedgraphobtainedfromthestructureoftheindexedformulatree
andadditionaledgesbetweenbindingnodesoftheinstantiatedmetavariableXandbindingnodesof
parametersoccurringinσQ(X).Wefirstintroducethestructuralorderinginducedbythestructure
ofanindexedformulatreeandthequantifierorderingVinducedbyavariablesubstitution.
Definition4.1.4(StructuralOrdering)LetQbeanindexedformulatree.Thestructuralordering
QisabinaryrelationamongthenodesinQdefinedby:Q1QQ2iffQ1dominatesQ2inQ.

34

TREESFORMULAINDEXED4.CHAPTER

(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v)))α+
(∀xNat0+x=x)∧+
(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))α(∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ
(∀xNat0+x=x)γ(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))γ(∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ+
0+X=Xε(∀yNat¬(X=0)⇒X+y=s(p(X)+y))γp(s(s(0))+v)⇔p(s(s(v)))ζ+
(¬(X=0)⇒X+Y=s(p(X)+Y))β
¬(X=0)α+X+Y=s(p(X)+Y)ε
0=Xε

Figure4.1:Initialindexedformulatreefortherunningexample.

Definition4.1.5(QuantifierOrdering)LetQbeanindexedformulatreeandσan(idempotent)
substitutionformetavariablesboundonγ0-typepositionsinQbytermscontainingonlymetavari-
ablesandparametersboundinQ.ThequantifierorderingVinducedbyσisthebinaryrelation
definedby:Q0VQ1iffthereisanX∈dom(σ)boundonQ1andthereoccursinσ(X)aparameter
.Qonbound0ThesecondkindofsubstitutionsiscalledamodalsubstitutionandisdenotedbyσM.Inorderto
defineitproperly,weintroducethenotionofmodalprefixesforthemodallogicsunderconsideration,
i.e.themodallogicsK,K4,D,D4,T,andS4.
Forthesemodallogicsthemodalprefixisdefinedforsomenodeintheindexedformulatreeand
isthesequenceofnodesfromν0andΠ0thatgovernthatnode.
Definition4.1.6(ModalPrefix)LetQbeanodeinanindexedformulatree.Themodalprefix
pre(Q)ofQisasequenceQ1,...,Qn∈(ν0∪Π0)andisdefinedasfollows:
ifQhasnoparentnode
pre(Q)ifQhasparentnodeQ∈ν0∪Π0
pre(Q):=Q::pre(Q)ifQhasparentnodeQ∈ν0∪Π0
whereQ::pre(Q)denotesthesequenceobtainedfromaddingQasfirstelementtothesequence
pre(Q).
Inordertoidentifytwonodesthemodalprefixesofbothnodesmustbeequal.Tothisendthe
nodesfromν0aretreatedlikemetavariablesandamodalsubstitutionisasubstitutionofnodesfrom
ν0bysequencesofnodesfromν0∪Π0.Additionally,amodalsubstitutionmustrespecttheso-called

TREESFORMULAINDEXEDINITIAL4.1.ConditionPropertygeneralpR0pup∈(ν0∪Π0),u∈(ν0∪Π0)
reflexivepRpp∈(ν∪Π)
transitivepR00pqp∈(ν00∪Π00),Q∈(ν0∪Π0)+
conditions.Prefix4.1:ableT

RofPropertiesL0DK,generalTgeneral,reflexive
K4,D4general,transitive
S4general,reflexive,transitive
Table4.2:Accessibilityrelationsonprefixes.

35

accessibilityrelationofthemodallogicunderconsideration,whichisgiveninTables4.1and4.2
takenfrom[Wallen,1990].
Beforeintroducingthenotionofmodalsubstitutionsweintroducetheinterpretationofnodesof
typeΠ0andthemodalassignmentfornodesoftypeν0.ConsideranL-modelMforsomemodal
logicLwithaccessibilityrelationRandwapossibleworld.TheinterpretationofsomenodeQ∈Π0
dependsonwanddenotesthesetofallworldswforwhichwRwholds.Thus,Mw(Q)={w|wRw}.
AmodalassignmentρMmapsaworldwandsomenodeQ∈ν0tosomeworldwforwhichwRw
holds.AssumeanL-modelM,apossibleworldw,andamodalassignmentρM.Theinterpretationof
somemodalprefixpisasetofpossibleworldsthataredescribedbytheprefix.
Definition4.1.7(SemanticsofModalPrefixes)LetMbeanL-model,RtheL-accessibilityrela-
tion,andletwbeapossibleworld.AninterpretationofaconstantnodeQ∈Π0withrespecttoMw
isintotheG,setsuchofallthatwwRorldsρMw(w,forQ)whichholds.wRwTheinterprholds.AetationmodalofamodalassignmentprefixρMpiswithamappingrespecttofromM,Gw,andν0
someρMisasetofpossibleworldsdefinedby:
{w}ifp=
MwρM(p)=Sw∈Mw(Q)MwρM(p)ifp=Q::pandQ∈Π0
MρρMM(w,Q)(p)ifp=Q::pandQ∈ν0
Lemma4.1.8(AccuracyofDefinition4.1.7)LetMbeanL-model,ρQanassignmentofobject
variables,ρMamodalassignment,andϕanL-formula.Foranypolaritypandsequencemqofmodal
quantifiersfrom{,}itholds:
MwρQ,ρM|=L(mq(ϕ))p⇐⇒forallw∈MwρM(mp)MwρQ,ρM|=Lϕp
towheresomemp(neisw)thevariablemodalnodeprefixofandϕeachobtainedπ-typefrommodalmq,wherequantifiereachtoνsome-typenewmodalconstantquantifiernode.corresponds

36

CHAPTERTREESFORMULAINDEXED4.

Proof.Weprovethestatementbyinductionoverthelengthnofmq:
n=0:Inthiscasethestatementtriviallyholds,sinceMwρM()={w}.
n→n+1:Therearetwocasestoconsider:
(A)Thesignedformula(mqϕ)pisoftheform(ν{ν,π}ϕ)p:letQ∈ν0bethevariablenodeobtained
fortheleadingν-typemodalquantifier.
MwρQ,ρM|=L(ν{ν,π}ϕ)p
⇔thereexistsw,wRw,suchthatMρQ,ρM|=L({ν,π}ϕ)p
w⇔IHthereexistsw,wRw,suchthatforallw∈MwρM(mp)MwρQ,ρM|=Lϕp
ρM(w,Q)⇔issuchawforallw∈MwρM(Q::mp)MwρQ,ρM|=Lϕp
(B)Thesignedformulaisoftheform(π{ν,π}ϕ)p:letQ∈Π0betheconstantnodeobtainedforthe
leadingπ-typemodalquantifier.
MwρQ,ρM|=L(π{ν,π}ϕ)p
⇔forallw,wRwitholdsMρwQ,ρM|=L({ν,π}ϕ)p
⇔IHforallw,wRwitholdsforallw∈MwρM(mp)MwρQ,ρM|=Lϕp
⇔forallw∈Mw(Q)itholdsforallw∈MwρM(mp)MwρQ,ρM|=Lϕp
⇔forallw∈MwρM(Q::mp)MwρQ,ρM|=Lϕp

Theabovesemanticsofmodalprefixesallowsthedefinitionofprefixedformulasandtheirseman-
tics,whichisaconvenienttoolformanysoundnessandsafenessarguments.Aprefixedformulaofa
nodeinanindexedformulatreeisoftheformmp.ϕpwherempisthemodalprefixofQ,pthepolarity
ofQ,andϕitslabel.ItspsemanticswithrespecttoanL-modelρM,apossibleworldwandassignment
ρisthevaluationofϕinthepossibleworldsdescribedbyMw(mp).
Definition4.1.9(ModalSubstitution)LetQbeanindexedformulatree.Amodalsubstitutionisa
mappingσM:ν0→(ν0∪Π0).ThehomomorphicextensionofσMtosequencesp∈(ν0∪Π0)is
bydefinedifp=
σM(p):=σM(Q)σM(q)ifp=Q::qandQ∈ν0
Q::σM(q)ifp=Q::qandQ∈Π0
whereσM(Q)σM(q)denotestheconcatenationofthetwosequencesσM(Q)andσM(q).Amodal
substitutionσMisidempotent,iffσMisidempotent,i.e.ifσM(σM(p))=σM(p).
Throughouttherestofthisthesisweassumethatallmodalsubstitutionsareidempotent.The
domainofamodalsubstitutionσMisthesetν0ofnodesQofsecondarytypeν0,forwhichσM(Q)=
Qholds;thedomainofσMisdenotedbydom(σM).Analogouslytosubstitutionsofmetavariables,
amodalsubstitutioninducesanorderingamongnodes(from[Wallen,1990]):
Definition4.1.10(ModalOrdering)LetQbeanindexedformulatreeandσMamodalsubstitution
forQ.ThemodalsubstitutionσMinducesabinaryrelationM∈ν0(ν0∪Π0)definedby:Q0MQ1
iffQ0∈σM(Q1).

TREESFORMULAINDEXEDINITIAL4.1.

37

WehavenowallnotionsrequiredforthedefinitionofasubstitutionforeachlogicLconsidered
inthisthesisanditsinducedreductionrelationL.Wepresentaunifiednotionforsubstitutions,in
ordertostresstheuniformityofthefoundationslaidin[Wallen,1990,Miller,1983,Pfenning,1987]
asabasisfortheuniformityoftheframeworkproposedinthisthesis.
Definition4.1.11(L-Substitution&Reduction-RelationL)LetQbeanindexedformulatree
.LlogicsomeforCPL:IfLisclassicalpropositonallogic(CPL),thentherearenosubstitutions.Thereductionrela-
tionListhetransitiveclosureofQ,i.e.L:=Q+.
CPML:IfLisclassicalpropositionalmodallogic(CPML),thenanL-substitutionconsistsofa
modalsubstitutionσM.Thedomainofsuchasubstitutionisdom(σM).Thereductionrelation
ListhetransitiveclosureoftheunionofQandM,i.e.L:=(Q∪M)+.
CFOML:IfLisclassicalfirst-ordermodallogic(CFOML),thenanL-substitutionconsistsofa
variablesubstitutionσQandamodalsubstitutionσM,denotedbyσQ,σM.Thedomainof
suchasubstitutionisthepairdom(σQ),dom(σM).ThereductionrelationListhetransitive
closureoftheunionofQ,V,andM,i.e.L:=(Q∪V∪M)+.
CFOL&CHOL:IfLisclassicalfirst-orderorhigher-orderlogic(CHOL),thenanL-substitution
consistsonlyofavariablesubstitutionσQ.Thedomainofthissubstitutionisdom(σQ).The
reduction+relationListhetransitiveclosureoftheunionofQandV,i.e.L:=(Q
.)V∪Remark4.1.12ThroughouttherestofthisthesisweagreethatifσissomeL-substitutionandQ
isthebindingnodeofsomeγ-variableX,thenifX∈dom(σ),wesaythatQisinstantiatedand
otherwiseQisuninstantiated.IfQisinstantiated,thenwemaydenotetheinstanceσ(X)alsoby
σ(Q).Similarly,ifQissomenodeofsecondarytypeν0,thenifQ∈dom(σ)thenQisinstantiated
andotherwiseQisuninstantiated.
BasedontheuniformnotionofanL-substitution,wecanuniformlydefinewhenanL-substitution
isadmissiblewithrespecttothelogicL.
Definition4.1.13(L-AdmissibleSubstitutions)LetQbeanindexedformulatreeforsomelogicL,
σLanL-substitution,andLtherespectivereductionrelation.σLisL-admissible,ifandonlyif
CPL:IfLisclassicalpropositionallogic,thenL(:=Q+)mustbeirreflexive.Thisisalwaysful-
filledbyconstructionoftheindexedformulatree.
CPML:IfLisclassicalpropositionalmodallogic,thenσL:=σManditmusthold
1.σMrespectstheL-accessibilityrelationR0on(ν0∪Π0);i.e.forallmodalprefixesp,q
inQ,pR0qimpliesσM(p)R0σM(q),
2.ifLisaK-logic,thenforanyQ∈ν0,suchthatσM(Q)=Q,theremustbeaQ∈Π0∪ν0
whichoccursinσM(Q),
3.andL:=(Q∪M)+mustbeirreflexive.
CFOML:IfLisclassicalfirst-ordermodallogic,thenσL:=σQ,σManditmusthold
1.σMrespectstheL-accessibilityrelationR0asforCPML,

38CHAPTER4.INDEXEDFORMULATREES
2.ifLisaK-logic,thenforanyQ∈ν0,suchthatσM(Q)=Q,theremustbeaQ∈Π0
whichoccursinσM(Q),
3.andL:=(Q∪V∪M)+mustbeirreflexive.
CFOL&CHOL:IfLisclassicalfirst-orderorhigher-orderlogic,thenL(:=(Q∪V)+)must
e.vxiirreflebeNotethatthenotionofadmissibilityofsubstitutionsisequivalenttothenotiondefinedin[Wallen,
1990]ifsubstitutionsσareidempotent.Withrespectto[Miller,1983,Pfenning,1987]ournotion
correspondstothedependencyrelationamongtheinstancesofγ-variables.
Lemma4.1.14(Relationshipbetweenassignmentandsubstitution)LetQbeanactualindexed
formulatree,andletσQ,σMbeanL-admissibleL-substitution.ThenforeveryL-modelM,every
possibleworldw,assignmentρQ,andmodalassignmentρM:
MwρQ,ρM(σM(pre(Q)).σQ(Label(Q)))=⇒MwρQ,ρM(pre(Q).Label(Q))
whereρQ:=ρQ[x/MwρQ,ρM(σQ(x))|x∈dom(σQ)]
ρM:=ρM[(w,Q)/MwρQ,ρM(σM(Q))|Q∈dom(σM)]forsomew∈MwρQ,ρM(σM(Q))
Proof.Weassumethatthestatementholdsforemptyprefixes,i.e.pre(Q)=(thisproofissimply
firstbystructuralinductionovertermsandthenovertheformulaLabel(Q).Thestatementisproved
byinductionoverthelengthnofpre(Q).
0:=nMρwQ,ρM(σM(pre(Q)).σQ(Label(Q)))
⇔MwρQ,ρM(σQ(Label(Q)))
⇔MρwQ,ρM(Label(Q))
⇔MwρQ,ρM(pre(Q).Label(Q))
n→n+1:wehavetwocasestoconsider:
(A).pre(Q)=Q::pandQ∈ν0:
MwρQ,ρM(σM(pre(Q)).σQ(Label(Q)))
⇔MwρQ,ρM(σM(Q::p).σQ(Label(Q)))
⇔MwρQ,ρM(σM(Q)σM(p).σQ(Label(Q)))
Lemma⇔4.1.8forallw∈MwρQ,ρM(σM(Q)).MwρQ,ρM(σM(p).σQ(Label(Q)))
⇔IHforallw∈MwρQ,ρM(σM(Q)).MρQ,ρM(p.Label(Q))
w⇒MρwQ,ρM(pre(Q).Label(Q))
whereρ:=ρ[w/(w,Q)],w∈MwρQ,ρM(σM(Q)).
MM(B).pre(Q)=Q::pandQ∈Π0:
MwρQ,ρM(σM(pre(Q)).σQ(Label(Q)))
⇔MwρQ,ρM(σM(Q::p).σQ(Label(Q)))
⇔MwρQ,ρM(Q::σM(p).σQ(Label(Q)))
Lemma⇔4.1.8forallw,wRwitholds.MρQ,ρM(σM(p).σQ(Label(Q)))
wIH⇔forallw,wRwitholds.MwρQ,ρM(p.Label(Q))
⇒MwρQ,ρM(Q::p.Label(Q))



FORMULAINDEXEDINITIAL4.1.TREES

39

Following[Wallen,1990,Andrews,1981]wedefine(horizontal)pathsonindexedformulatrees.
Definition4.1.15(Paths)LetQbeanindexedformulatree.ThenapathinQisasequence
Q1,...,Qnofα-relatednodesinQ.ThesetsP(Q)ofpathsthroughQisthesmallestsetcon-
taining{Q}andwhichisclosedunderthefollowingoperations:
α-Decomposition:IfQisanodeofprimarytypeαandsubtreesQ1,Q2,andP∪{Γ,Q}∈
P(Q),thenP∪{Γ,Q1,Q2}∈P(Q).
β-Decomposition:IfQisanodeofprimarytypeβandsubtreesQ1,Q2,andP∪{Γ,Q}∈
P(Q),thenbothP∪{Γ,Q1}∈P(Q)andP∪{Γ,Q2}∈P(Q).
γ-Decomposition:IfQisanodeofprimarytypeγandsubtreesQ1,...,Qn,andP∪{Γ,Q}∈
P(Q),thenP∪{Γ,Q1,...,Qn}∈P(Q).
δ-Decomposition:IfQisanodeofprimarytypeδandsubtreeQ,andP∪{Γ,Q}∈P(Q),
thenP∪{Γ,Q}∈P(Q).
ν-Decomposition:IfQisanodeofprimarytypeνandsubtreesQ1,...,Qn,andP∪{Γ,Q}∈
P(Q),thenP∪{Γ,Q1,...,Qn}∈P(Q).
π-Decomposition:IfQisanodeofprimarytypeπandsubtreeQ,andP∪{Γ,Q}∈P(Q),
thenP∪{Γ,Q}∈P(Q).
Notethecloserelationshipbetweenthedecompositionrulesforpathsforthedifferenttypesof
nodesandtherelationshipbetweenthesatisfiabilityofthemainformulaswithrespecttoitsconstituent
formulas:apathcontaininganα-typenodeisreplacedbyapathcontainingbothsubnodes,whilea
pathcontainingaβ-typenodeisdecomposedintotwopathseachcontainingoneofthesubnodes.
Analogouslythedecompositionofγ-,δ-,ν-andπ-typenodescorrespondstotherelationshipbetween
thesatisfiabilityofthesignedformulaoftherespectivetypetoitsconstituentformulas.Thisrela-
tionshiptogetherwiththesideconditionsimposedbytherequirements(1)thatamodalsubstitution
respectstheL-accessibilityrelationand(2)theacyclicityoftheoverallorderingLinducedbythe
L-substitutionentailthatwheneverwehaveobtainedasetofpathswhereallpathsareunsatisfiable,
thentheinitialconjectureisL-valid.Indeed,ifallpathsareunsatisfiable,wecanapplythemodel
satisfiabilityrulesbackwardsfromtheconstituentformulastothemainformulasandobtainthatthere
isnoL-modelMsatisfyingϕ+,i.e.∀MM|=Lϕ+,andthusitholdsbydefinition∀MM|=Lϕ.
HenceϕisL-valid.
Analysingthedecompositionrulesandtherespectivesatisfiabilityrelationsinmoredetail,we
observethattheyareequivalencetransformationswhichisnecessaryforoursoundnessandsafeness
results.Safenessmeansintuitivelythatnopossiblerefutationislostbysuchatransformation.The
decompositionruleshavethispropertyandthisallowstoswitchfreelybetweenthegranularityof
thedecompositionofpaths.However,thedefinitionoffurthertransformationsonindexedformula
treesrequiresaweakerpropertywhichonlyrequiresthepreservationofsatisfiablepathsduringthe
transformation,whichisthegeneralconditionforsoundness.Formally:
Definition4.1.16(Soundness&Safeness)LetQ,Qbetwoindexedformulatreeswithrespective
L-admissiblesubstitutionsσandσ,whereQhasbeenobtainedfromQbysometransformation.The
transformationissoundif,andonlyif,ifthereisanL-satisfiablepathQthensothereisinQ.The
transformationissafeif,andonlyif,ifthereisanL-satisfiablepathinQthensothereisoneinQ.

40

TREESFORMULAINDEXED4.CHAPTER

Indexedformulatreesareobtainedfromaninitialindexedformulatreebyfiveadditionalrules:
introductionofLeibniz’equalityforequationsandequivalences(Section4.2),aruleforfunctional
andbooleanextensionalityintroduction(Section4.3),aruletoexpandpositiveequivalencesintoa
conjunctionofimplications(Section4.4),asubstitutionrule(Section4.5),aruletointroducecuts
(Section4.7),andaruletoincreasethemultiplicityofnodesofprimarytypeγorν(Section4.11).

EqualityLeibniz’4.2Thefirstruleexpandsanε-orζ-nodeintoLeibniz’equality.Thisrulechangesagivenindexedformula
treebyreplacingtherespectiveε-orζ-nodeQe(i.e.Label(Qe)=ε(s,t)orLabel(Qe)=ζ(s,t))bya
subtreesso-calledQeLeibnizandannode,initialwhichindexedhastheformulasametreelabelfor(and∀PP(polaritys)⇒pPas(t))Qpe.,isofprimarytypeα,andhas
Definition4.2.1(Leibniz’EqualityIntroduction)LetQebealeafnodeinsomeindexedformula
ofpolarityp,uniformtypee∈{ε,ζ},suchthatLabel(Qe)=ε(sτ,tτ)orLabel(Qe)=ζp(sτ,tτ).Further
letQLbeaninitialindexedformulatreeforthesignedformula(∀Pτ→oP(s)⇒P(t)).Thenwecan
byQreplaceeLabel(Qe)αp
=QLeibnizQQLe

WecallthenewnodeaLeibniznode.
Example4.2.2WeillustratetheLeibniz’equalityintroductionrulewithourrunningexamplefrom
Example4.1.2(p.33).Theapplicationoftheruletotheε-typesubtree0+x=xεtransformsthe
indexedformulatreefromFigure4.1intotheindexedformulatreeinFigure4.2.

equalityLemma4.2.3introduction(Soundnessruleon&indexedSafenessformulaoftreesLeibniz’fromEqualityDefinitionIntr4.2.1oductionissoundRule)andsafe.TheLeibniz’
Proof.Theruleoperatesonliteralnodes.Sinceliteralnodesareneveroftypeγ,δ,ν,orπ,noquanti-
fierswithdefinedpolarityareduplicatedbythatoperationandthustheoperationdoesnotaffectthe
ovness)erallthatitsubstitutionalsoσpreservwhichestheeremainsxistenceL(resp.-admissible.absence)Itofremainstosatisfiablebeshownpaths.forTothissoundnessendwe(resp.considersafe-
thepathsaffectedbythesetransformations.
LetQ=ζε(s,t)betheε-orζ-typeliteralnodeonwhichtheruleisapplied.Thisruletransforms
wsfolloaspathstheΓ,ε+(s,t)intoΓ,ε+(s,t),γ+Pβ+(P(s)+,P(t)+)and
Γ,ζ(s,t)intoΓ,ζ(s,t),δPα(P(s),P(t)).
Weshowthatforbothtransformationstheformerpathissatisfiableif,andonlyif,thelatterisalso
satisfiable.Forthenegativecase,i.e.forε(s,t),weproveitwhenε(s,t)iss=t.Theprooffor

ALITYUEQLEIBNIZ’4.2.

41

(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x++y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v)))α
(∀xNat0+x=x)∧+
(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))α(∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ
(∀xNat0+x=x)γ(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))γ(∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ+
0+X=Xε(∀yNat¬(X=0)⇒X+y=s(p(X)+y))γp(s(s(0))+v)⇔p(s(s(v)))ζ+
0+X=Xε(∀qNat→oq(0+X)⇒q(X))γ(¬(X=0)⇒X+Y=s(p(X)+Y))β
(Q(0+X)⇒Q(X))β¬(X=0)α+X+Y=s(p(X)+Y)ε
Q(0+X)+Q(X)X=0ε

Figure4.2:IndexedformulatreeafterintroductionofLeibniz’equality.

(s⇔t)isanalogous.
Mwρ|=Ls=t
⇔Mwρ|=Ls=t
⇔Mwρ|=Ls=tandforallp∈Dτ→oMwρ[p/P]|=LP(s)orMwρ|=LP(s)
⇔Mwρ|=Ls=tandforallp∈Dτ→oMwρ[p/P]|=LP(s)orMwρ|=LP(t)
⇔Mwρ|=Ls=tandforallp∈Dτ→oMwρ[p/P]|=LP(s)orMwρ|=LP(t)+
⇔Mwρ|=Ls=tandforallp∈Dτ→oMwρ[p/P]|=Lβ(P(s),P(t)+)
⇔Mwρ|=Ls=tandMwρ|=LγPβ(P(s),P(t)+)
Forthepositivecaseζ+(s,t))weproveitwhenζ+(s,t)iss=t+.Theprooffor(s⇔t)+isanalogous.
ρMw|=Ls=t+
⇔Mwρ|=Ls=t
⇔Mwρ|=Ls=tandMwρ|=Ls=sandMwρ|=Ls=t
⇔Mwρ|=Ls=tandMwρ|=L(λxs=x)sandMwρ|=Lλx(s=x)t
⇔Mwρ|=Ls=tandthereexistsap∈Dτ→o(p=Mwρ(λx(s=x)))
Mwρ[p/P]|=LP(s)andMρw[p/P]|=LP(t)
⇔Mwρ|=Ls=tandthereexistsap∈Dτ→o(p=Mwρ(λx(s=x)))
Mwρ[p/P]|=LP(s)andMwρ[p/P]|=LP(t)+
⇔Mwρ|=Ls=tandthereexistsap∈Dτ→o(p=Mwρ(λx(s=x)))
Mwρ[p/P]|=Lα+(P(s),P(t)+)
⇔Mwρ|=Ls=t+andMwρ|=Lδ+Pα+(P(s),P(t)+)




42

TREESFORMULAINDEXED4.CHAPTER

Extensionality4.3Thesecondruledealswiththefunctionalandbooleanextensionalityofεandζ-formulas,andthe
respectiveintroductionrulecanbesketchedasfollows:
ζε(s(x),t(x))
ζε(λxs(x),λxt(x))Ext-I
Forthisruleweneedsomeadditionalrestrictionstoensureitssoundness:ifwehaveanε-formula
εand(s(X),moreot(Xv))er,itthenmustbeintuitivelypossiblewetocanmoveonlyitsabstractquantifierovinerfrontmetaofvε(sariables(X),t(Xbound)).inHowesomever,γin-typeordernodeto
insimplifyfrontofthetheεtheorem-formulaprovingandratherprocesswedefinearefrainsuffromficientforcingconditiontoactuallyensuringhavthatetothemovequantifierthequantifierscouldin
principlebemovedinfrontoftheε-formula.Forε-formulasε(s(X),t(X))withanoccurrenceofsome
γ-variableXtheconditionexpressesthattheγ-variableXislocalforε(s(X),t(X)).Analogously,ζ-
formulascanonlybeabstractedovervariablesboundinδ-nodes(i.e.parameters)andmustalsobe
“local”.Weformalisetheseconditionsbydefiningthenotionofalocalvariableforεandζformulas
(cf.Definition4.3.1),andusethisastheconditionfortherule.
labelDefinitioncontains4.3.1afree(LocalvariableVx.ariables)IfxisGivboundenaninindesomexedγ-typeformulanodetreeinQQ,andthenaxisnodeγQ-localinsideforQQif,whoseand
onlyif,QisthebindingpositionforxorQhasadirectparentnodeQsuchthat
--Qisofprimarytypeβ,xdoesnotoccurinthelabelofthesiblingofQ,andxisγ-localfor
or,Q--Qisofeitherprimarytypeαorγandxisγ-localforQ.
Thedualpropertyofaδ-localvariablexforsomeQisdefinedforvariablesboundinaδ-typenode
andholdsif,andonlyif,QisthebindingnodeforxorQhasadirectparentnodeQsuchthat
--Qisoftypeα,xdoesnotoccurinthelabelofthesiblingofQ,andxisδ-localforQ,or
--Qisofeithertypeβorδandxisδ-localforQ.

Beforepresentingtheextensionalityintroductionruleweproveapropertyaboutthelocalvariables
thatisusedinthesoundnessandsafenessproofoftheextensionalityintroductionrule.
Lemma4.3.2(LocalVariablesareLocal)LetQ=ϕ(x)tpbeasubtreeofanindexedformulatree
andQxptheparentpnodeofthebindingnodeofx.Ifxisγ-localtoQ,thenthelabelofQxisofthe
formγxΨ(ϕ(x)t)andthereisaΨsuchthatforeveryL-modelMwehave:
(i)Mwρ|=LγpxΨ(ϕ(x)tp)⇔Mwρ|=L(Ψ(γpxϕ(x)tp))p
Ifxisδ-localtoQ,thenthelabelofQxisoftheformδpxΨ(ϕ(x)tp)andthereisaΨsuchthat
foreveryL-modelM:
(ii)Mwρ|=LδpxΨ(ϕ(x)tp)⇔Mwρ|=L(Ψ(δpxϕ(x)tp))p

ALITYEXTENSION4.3.

43

Proof.Theproofof(i)isbyinductionoverthedistancefromQtoQx.Theproofof(ii)issimilar.
BasepCase:ForthebasecasewehavethesituationthatQxistheparentnodeofQandhasthelabel
γxϕ(x).HencethestatementholdstriviallywhereΨisλxox.
InductionanalysisStep:overtheAssumeprimarythetypestatementutofQholds:fortheparentnodeQpofQ.Weproceedbycase
p1.ut=β,thelabeloftheparentnodeQpisβp0(ϕ(x)p,ψp1)andxdoesnotoccurinψ.Then
byinductionhypothesisthereisaΨsuchthatitholds:
Mwρ|=LγpΨ(βp0(ϕ(x)p,ψp1))I⇔HMwρ|=LΨ(γp0xβp0(ϕ(x)p,ψp1))
Nowxisstilllocaltoϕ(x)panditremainstoprovethat
Mwρ|=Lγp0xβp0(ϕ(x)p,ψp1)⇔Mwρ|=Lβp0(γp0xϕ(x)p,ψp1)

Mwρ|=Lγp0xβp0(ϕ(x)p,ψp1)
⇔foralla∈DτitholdsMwρ[a/x]|=Lβp0(ϕ(x)p,ψp1)
⇔foralla∈DτitholdsMwρ[a/x]|=Lϕ(x)porMwρ[a/x]|=Lψp1
ψ∈x⇔foralla∈DτitholdsMρw[a/x]|=Lϕ(x)porMwρ|=Lψp1
⇔(foralla∈DτitholdsMwρ[a/x]|=Lϕ(x)p)orMwρ|=Lψp1
ρρ⇔Mw|=Lγpxϕ(x)porMw|=Lψp1
⇔Mwρ|=Lβp0(γp0xϕ(x)p,ψp1)
TheΨforthiscaseisthenλFoΨ(βp0(F,ψp1).
2.ut=α,thelabeloftheparentnodeQpisαp0(ϕ(x)p,ψp1).Thenbyinductionhypothesis
thereisaΨsuchthatitholds:
HIMwρ|=LγpΨ(αp0(ϕ(x)p,ψp1))⇔Mwρ|=LΨ(γp0xαp0(ϕ(x)p,ψp1))
Nowxisstilllocaltoϕ(x)panditremainstoprove
Mwρ|=Lγp0xαp0(ϕ(x)p,ψp1)⇔Mwρ|=Lαp0(γp0xϕ(x)p,ψp1)

Mwρ|=Lγp0xαp0(ϕ(x)p,ψp1)
⇔foralla∈DτitholdsMwρ[a/x]|=Lαp0(ϕ(x)p,ψp1)
⇔foralla∈DτitholdsMwρ[a/x]|=Lϕ(x)pandMwρ[a/x]|=Lψp1
x∈⇔ψforalla∈DτitholdsMρw[a/x]|=Lϕ(x)pand
foralla∈DτitholdsMwρ[a/x]Mwρ[a/x]|=Lψp1
⇔Mwρ|=Lγpxϕ(x)pandMwρ|=Lγp1xψp1
⇔Mwρ|=Lαp0(γp0xϕ(x)p,γp1xψp1)
TheΨforthiscaseisthenλFoΨ(αp0(F,γp1xψp1)).

44

44CHAPTER4.INDEXEDFORMULATREES
3.ut=γandthelabeloftheparentnodeQpisγp0yϕ(x)p,x=y.Thenbyinduction
hypothesisthereexistsaΨsuchthatitholds:
Mwρ|=LγpxΨ(γp0y(ϕ(x)p))⇔IHMwρ|=LΨ(γpxγp0yϕ(x)p)
Nowxisstilllocaltoϕ(x)panditremainstoprove
Mwρ|=Lγpxγp0yϕ(x)p⇔Mwρ|=Lγp0yγpxϕ(x)p
Mwρ|=Lγpxγp0yϕ(x)p
x⇔=yforalla,b∈DτitholdsMwρ[a/x,b/y]|=Lϕ(x)p
⇔Mwρ|=Lγp0yγpxϕ(x)p
TheΨinthiscaseisλFoΨ(γp0yF).
4.OtherwisexisnotlocaltoQ.
Theextensionalityintroductionrulechangesagivenindexedformulatreebyreplacinganεor
ζ-nodeQebyaso-calledExtensionality-Introductionnode,whichhasthesamelabelandpolarityp
thanQe,pisofprimarytypeαandwithsubtreesQeandaninitialindexedformulatreefor(λxs(x)=
λxt(x)).Ofcourse,Ext-IisonlyapplicableifxislocalforQe.
Definition4.3.3(ExtensionalityIntroduction)LetQebealeafinsomeindexedformulaofpolarity
p,uniformtypee∈{ε,ζ},suchthatLabel(Qe)=ζε(s,t).Letfurtherbexavariablethatislocalfor
Qe,andQExtbeaninitialindexedformulatreeforthesignedformula(λxs=λxt)p.Thenwecan
byQreplaceep)Q(LabelQExtI=eα
QQExteWecallthenewnodeanExtensionalityintroductionnode.

Example4.3.4WeillustratetheextensionalityrulewithourrunningexamplefromExample4.1.2
(p.33).Theapplicationoftherulewiththeγ-localvariableytotheε-typesubtreex+y=s(p(x)+y)ε
transformstheindexedformulatreefromFigure4.1intotheindexedformulatreeinFigure4.3.
ductionLemmarule4.3.5onindex(Soundnessedformula&treesSafenessfromofDefinitionExtensionality4.3.3isIntrsoundoduction)andsafe.TheExtensionality-Intro-
Proof.TheruleoperatesonliteralnodesandthusdoesnotaffectthesubstitutionwhichremainsL-
admissible.Itremainstobeshownforsoundness(resp.safeness)thatitpreservestheexistence(resp.
absence)ofsatisfiablepaths.Tothisendweconsiderthepathsaffectedbythesetransformations.
ζLetQ=ε(s(x),t(x))betheε-orζ-typeliteralnodeonwhichtheruleisappliedandxtheλ-
abstractedfreevariablethatislocaltoQ(cf.Definition4.3.1).Thisruletransformsthepathsas
wsfolloΓΓ,,ζε((ss((xx)),,tt((xx))))intointoΓΓ,,ζε((ss((xx)),,tt((xx)))),,εζ((λλxxss((xx)),,λλxxtt((xx)))).and

ALITYEXTENSION4.3.

45

(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))
⇒∀PNat→o∀vNatP(s(s(0))+v)⇔P(s(s(v)))α+
(∀xNat0+x=x)∧+
(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))α(∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ
(∀xNat0+x=x)γ(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))γ(∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ+
0+X=Xε(∀yNat¬(X=0)⇒X+y=s(p(X)+y))γp(s(s(0))+v)⇔p(s(s(v)))ζ+
(¬(X=0)⇒X+Y=s(p(X)+Y))β
¬(X=0)α+X+Y=s(p(X)+Y)ε
X=0εX+Y=s(p(X)+Y)ελyX+y=λys(p(X)+y)ε

Figure4.3:Indexedformulatreeafterextensionalityintroduction.

whereinthefirstcasexisγ-localtoQandinthesecondcasexisδ-localtoQ.
Weshowthatforbothtransformationstheformerpathissatisfiableif,andonlyif,thelatterisalso
satisfiable.Forthenegativecaseweproveitwhenε(s(x),t(x))iss(x)=t(x).Theproofforthecase
whenε(s(x),t(x))iss(x)⇔t(x)isanalogous.Notehowever,thatfors(x)⇔t(x)weintroducethe
ε-typesignedformula(λxs(x)=λxt(x)).
ρρMw|=Ls(x)=t(x)⇔Mw|=Ls(x)=t(x)
ρρ⇔Mw|=Ls(x)=t(x)andMw|=Ls(x)=t(x)
-localγisx⇔Mwρ|=Ls(x)=t(x)andforalla∈DτMwρ[a/x]|=Ls(x)=t(x)
Extensionality⇔Mwρ|=Ls(x)=t(x)andMwρ|=Lλxs(x)=λxt(x)
⇔Mwρ|=Ls(x)=t(x)andMwρ|=Lλxs(x)=λxt(x)
Forthepositivecaseweproveitwhenζ(s(x),t(x))iss(x)=t(x)+.Theproofforthecasewhen
ζ(s(x),t(x))iss(x)⇔t(x)+isanalogous.Again,notethatfors(x)⇔t(x)+weintroducetheζ-type
signedformula(λxs(x)=λxt(x))+.
Mwρ|=Ls(x)=t(x)+
ρ⇔Mw|=Ls(x)=t(x)
ρρ⇔Mw|=Ls(x)=t(x)andMw|=Ls(x)=t(x)
xisδ⇔-localMwρ|=Ls(x)=t(x)andthereisana∈DτMwρ[a/x]|=Ls(x)=t(x)
⇔Mwρ|=Ls(x)=t(x)andnotforalla∈DτMwρ[a/x]|=Ls(x)=t(x)
Extensionalityρρ⇔Mw|=Ls(x)=t(x)andnotMw|=Lλxs(x)=λxt(x)
⇔Mwρ|=Ls(x)=t(x)andMwρ|=Lλxs(x)=λxt(x)
⇔Mwρ|=Ls(x)=t(x)+andMwρ|=Lλxs(x)=λxt(x)+



46

TREESFORMULAINDEXED4.CHAPTER

(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v)))α+
(∀xNat0+x=x)∧
(∀xNat∀yNat¬(x=0)(∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ+
⇒x+y=s(p(x)+y))α
(∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ+
p(s(s(0))+v)⇔p(s(s(v)))ζ+(p(s(s(0))+v)⇒p(s(s(v))))∧(p(s(s(v)))⇒p(s(s(0))+v))β+
(p(s(s(0))+v)⇒p(s(s(v))))α+(p(s(s(v)))⇒p(s(s(0))+v))α+
p(s(s(0))+v)p(s(s(v)))+p(s(s(v)))p(s(s(0))+v)+

Figure4.4:Indexedformulatreeafterbooleanζ-expansion.

-ExpansionζBoolean4.4Thethirdruleconsistsoftheexpansionofpositiveequationsandequivalencesζ(A,B)overformulas
AoandBointo((A⇒B)∧(B⇒A))+.Therulereplacestherespectiveζ-typenodeQζoflabelζ(A,B)
withaso-calledζ-expansionnodeofthesamelabelandpolaritythanQζ,butofprimarytypeαand
withthesubtreesQζandaninitialindexedformulatreeforthesignedformula((A⇒B)∧(B⇒A))+.
Definition4.4.1(Booleanζ-Expansion)LetQζbealeafnodeinsomeindexedformulatreeof
positivepolarity,uniformtypeζ,andlabelζ(A,B),whereAandBareoftype+o.LetfurtherbeQEbe
aninitialindexedformulatreeforthesignedformula((A⇒B)∧(B⇒A)).Thenwecanreplace
byQζLabel(Qζ)α+
=QExpansionζQQEζWecallthenewnodeaζ-expansionnode.
Notethatthisrulecorrespondstotheb-rulein[Benzm¨ulleretal,2002b].
Example4.4.2Weillustratethebooleanζ-expansionrulewithourrunningexamplefromExam-
ple4.1.2(p.33).Theapplicationoftheruleontheζ-typesubtreep(s(s(0))+v)⇔p(s(s(v)))ζ+
transformstheindexedformulatreefromFigure4.1intotheindexedformulatreeinFigure4.4.
Wenowprovethesoundnessandsafenessofthebooleanζ-expansionrule.
Lemma4.4.3(Soundness&SafenessofBooleanζ-Expansion)Thebooleanζ-Expansionruleon
indexedformulatreeissoundandsafe.
.oofPrTheruleoperatesonliteralnodesandthusdoesnotaffectthesubstitutionwhichremainsL-
admissible.Itremainstobeshownforsoundness(respectivelysafeness)thatitpreservesalso

SUBSTITUTIONS4.5.

47

theexistence(respectivelyabsence)ofsatisfiablepaths.Theruleisappliedtoaliteralnode
Qζ=ζ(A,B),whichisofpositivepolarity,whereAandBare+formulas.Thenewnodeintroduced
βby(α(thatA,Brule+),α(denotesB,A+the)).signedTheruleformulatransforms((A⇒theB)∧paths(Bas⇒folloA))ws:,whichusinguniformnotationis

Γ,ζ(A,B)intoΓ,ζ(A,B),β(α(A,B+)+,α(B,A+)+)+
Weshowthattheformerpathissatisfiableif,andonlyif,thelatterpathissatisfiable.
Mwρ|=Lζ(Ao,Bo)⇔Mwρ|=LA=B
⇔Mwρ(A)=Mwρ(B)
⇔(Mwρ(A)=andMwρ(B)=⊥)or
(Mwρρ(A)=⊥andρMwρ(B)=)asMwρ(o)={,⊥}
⇔(Mρw|=LAandMwρ|=LB)or
(Mw|=LAandMw|=LB)
⇔(Mwρρ|=LAandMρwρ|=LB+)or
(Mw|=LA+andMw|=LB)
⇔Mwρ|=Lα(A,B+)+orMwρ|=Lα(B,A+)+
⇔Mwρ|=Lβ(α(A,B+)+,α(B,A+)+)+



Substitutions4.5ThefourthruleistheapplicationofadmissibleL-substitutionstoindexedformulatrees.Givenan
indexedformulatreeQandanadmissibleL-substitutionσ,wecanapplyanewL-substitutionσif
andonlyifdom(σ)∩dom(σ)=0/andσσisanL-admissiblesubstitution.Ifσisapplicableand
ifσcontainsavariablesubstitution,wemustapplyittoallsubtreesofQ.Thisisrequiredespecially
forthehigher-orderlogiccasewheninstantiatingsetvariables,i.e.variablesoftypeτ→owhereτis
.arbitraryDefinition4.5.1(InstantiationofIndexedFormulaTrees)LetQbeanindexedformulatreeand
Xaγ-variablethatoccursfreeinLabel(Q).TheinstantiationofXbytinQisdefinedas
--ifQisaleafnode,thenwereplaceQbyaninitialindexedformulatreefor{t/X}(Label(Q)).
--Otherwise,apply{t/X}tothelabelofQ,andrecursivelyapplyittothesubnodesofQ.
Definition4.5.2(L-SubstitutionApplicationonIndexedFormulaTrees)LetQbeanindexed
formulatree,σitsactualL-substitution,andσanewsubstitution.IfσisapplicableonQwithσ,
thenweapplyσtoQ.Theresultofthesubstitutionapplicationisthe(instantiated)indexedformula
treetogetherwiththenewsubstitutionσσ.
Example4.5.3Takeasanexampletheindexedformulatreeforthepositiveformula
(∀pι→o∀qι→o∃rι→o∀xι(p(x)∨q(x))⇒r(x))+.
Theinitialindexedformulatreeisviewedontheleft-handsideofFigure4.5andtheactualsubstitution
istheemptysubstitution.Instantiationoftheγ-variableRι→owithλyιp(y)∨q(y)resultsinthe

48

∀p∀q∃r∀x(p(x)∨q(x))⇒r(x)δ+
∀r∃r∀x(p(x)∨q(x))⇒r(x)δ+
∃r∀x(p(x)∨q(x))⇒r(x)γ+
∀x(p(x)∨q(x))⇒R(x)δ+
(p(x)∨q(x))⇒R(x)α+
(p(x)∨q(x))βR(x)+
p(x)q(x)

TREESFORMULAINDEXED4.CHAPTER

∀p∀q∃r∀x(p(x)∨q(x))⇒r(x)δ+
∀r∃r∀x(p(x)∨q(x))⇒r(x)δ+
∃r∀x(p(x)∨q(x))⇒r(x)γ+
∀x(p(x)∨q(x))⇒p(x)∨q(x)δ+
(p(x)∨q(x))⇒p(x)∨q(x)α+
(p(x)∨q(x))βp(x)∨q(x)+α
p(x)q(x)p(x)+q(x)+

Figure4.5:Examplesubstitutionapplicationonindexedformulatrees.

indexedformulatreeontheright-handsideofFigure4.5.NotehowtheleafnodeR(x)+intheinitial
indexedformulatreeisreplacedbyaninitialindexedformulatreeforthepositiveβη-normalised
formula({λyιP(y)∨Q(y)/R}R(x)))+.
Lemma4.5.4TheapplicationofanL-substitutionissound.
Proof.ThenewoverallsubstitutionisL-admissible,i.e.themodalsubstitutionrespectstheL-
accessibilityrelationandtheoverallorderingisLisirreflexive.Itremainstobeshownthatif
therewasanL-satisfiablepathbeforeinstantiation,thensothereisafterwards.Tothisendconsidera
thensubtreeithasQofbeenpolarityreplacedpandbyalabelϕsubtreethatofhaslabelbeenσ(afϕ);fectedbyotherwisethethelabelinstantiation.ofQIfhasQwbeenasaliteralreplacednodeby
σ(ϕ).Thus,inanpycasetheprefixedformulapre(Q).ϕphasbeenreplacedbytheprefixedformula
σthat(prfore(Qall)).wσ(andϕ)ρ.itholdsAssumeMQwρ|=wLaspreon(Qan).ϕLp.On-satisfiabletheotherpath,handthenfromthereeLemmaxistsan4.1.14L-modelthereeMxistssuchan
ρforσ,suchthatforallpossibleworldswholdsMwρ(pre(Q).ϕp)=Mwρ(σ(pre(Q)).σ(ϕ)p).Thus,
ifQwasL-satisfiablebefore,thenσ(Q)stillis.
ObtainingSubstitutions.Findingasubstitutionisessentialforautomatingproofsearch.Forthe
instantiationruletwokindsofsubstitutionsmustbedetermined:oneforγ-variablesinordertoin-
stantiatethelabelsofthenodesandonefornodevariablesinordertoadjustthemodalprefixof
nodes.Astandardprocedureforfindingobjectvariablesubstitutionsisaunificationprocedurewhich
computesfortwotermst1,t2asubstitutionσQsuchthatσQ(t1)andσQ(t2)aresyntacticallyequal.For
theCOREframeworkweusethehigher-orderunificationprocedurefrom[Snyder&Gallier,1989].
Theproceduregeneratesalistofsubstitutionsσeachpossiblyaccompaniedbyasetofflex-flex
constraintsoftheformH(t1,...,tn)=G(s1,...,sm),whereHandGarehigher-ordervariables.Only
oneofthesesubstitutionsandflex-flexconstraintscanbeapplied.However,undoingofsubstitution
applicationissupportedinCOREwhichenablesbacktrakingoverunifiers.

4.6.BINDINGGENERATEDVARIABLES

49

Thecheckfortheadmissibilityofthesubstitutionsisdeferredtotheacyclicitycheckofthenew
overallsubstitution.IncasetheactuallogicisCHOLtwoadditionalproblemsmustbetackled:first,
thehigher-orderunificationproceduremaygeneratenewvariables,forwhichtherearenobinding
nodesintheactualindexedformulatree.Second,theflex-flexconstraintsmustbetakenintoaccount
conditions.additionalasAvariableHgeneratedbyhigher-orderunificationisaγ-variable,butitisunclearhowthebinding
nodeforHstructurallyrelatestoexistingbindingnodes.TheexactlocationforthebindingofHcan
onlybedeterminedwhenHitselfgetsinstantiatedsinceitslocationdependsontheδ-variablesthat
occurinH’sinstantiation.ThisinstantiationbeingunknownatthetimeHisgeneratedrequiresa
“lazy”mechanismtointroduceabindingnodeforHthatisstructurallyindependentoftheexisting
quantifiersandonlybecomesrelatedwhenHisinstantiated.ThismechanismisdefinedinSection4.6.
Theflex-flexconstraintsgeneratedbyhigher-orderunificationareconstraintsthatstillneedto
beprovedinordertoequalisetwoformulasorterms.Themainproblemconsistsofinsertingthese
constraintsintotheindexedformulatreeatappropriatenodes.Thisdependsontheirroleandwe
defineinSection4.9ageneraltechniquetointegrateflex-flexconstraints.
ThesecondpartofanL-substitutionisamodalsubstitution.In[Otten&Kreitz,1996]theidea
ofaunificationprocedurefortermsiscarriedoverto(modal)prefixesofindexedformulatreescalled
theT-stringunificationprocedure.TheT-stringunificationprocedureisparameterizedoverasetof
unificationrulesthatarespecificforeachmodallogic.Eachinstantiationoftheunificationprocedure
hasthepropertythatitgeneratesonlysubstitutionsthatrespecttheL-accessibilityrelationofthe
respectivemodallogic.Thus,theunificationprocedurealreadydealswiththefirstconditionsfor
admissiblemodalsubstitutions(cf.thecasesCPMLandCFOMLinDefinition4.1.13).Thecheck
oftheotherconditionsisdeferredtotheinstantiationrule.

ariablesVGeneratedBinding4.6Asdiscussedintheprevioussectionwewanttosupporttheintroductionofnewvariables,e.g.those
generatedbyhigher-orderunification.Theyactlikemeta-variables,i.e.thesamesubstitutionrestric-
tionsapplytothemasforanyotherγ-variable,andwewanttotreatthemalike.
AssumeQistherootnodeofanindexedformulatreewithlabelϕandpolaritypandHτisanew
variable,i.e.thatisnotboundinQ.TointegrateabindingpositionforHwecreateaninitialindexed
formulatreeQforthesignedformula(∀HτTrue).ThenQisoftheform
(∀HTrue)γ
rueTandthenodeTrueisthebindingnodeforH.ThenweconnectQandQbysomenewα-typenode
ofpolarityp,andlabelαp(ϕp,(∀HTrue)).
Definition4.6.1(Insertionofnewvariables)LetQbeanindexedformulatree,Hτavariablenot
boundinQ,andletQbeaninitialindexedformulatreefor(∀HτTrue).Insertingabindingposition
forHτtransformsQinto
αp(Label(Q)p,(∀HTrue))
QQ

52

TREESFORMULAINDEXED4.CHAPTER

case.Thus,Label(Q)=(∀xρ(ϕ⇒ϕ)).
Mwρ|=Lαp(ψ,Label(Q)p)
⇔Mwρ|=LψandMwρ|=LLabel(Q)p
⇔forallv,wRv,foralla1,...,ak.Mvρ[xi/ai]|=L(ϕ⇒ϕ)
andMρw|=LLabel(Q)p
ρ[x/a]ρ[x/a]
⇔forallv,wRv,foralla1,...,akMvii|=Lϕ+orMvii|=Lϕ
andMwρ|=LLabel(Q)p
ρ⇔Mw|=LLabel(Q)p

|⇔theAdmissibilityconsideredofhigherCut.-orderThelogic.cutruleThereisitisadmissiblerequiredfortoallprovlogicsetheconsideredadmissibilityinthisofthethesis,eextensionalityxceptfor
rulefrom[Pfenning,1987](seeSection4.9).Itsnon-admissibilityforhigher-orderlogicwithHenkin
semanticsisfurthersupportedbytheresultsfrom[Benzm¨ulleretal,2002b].Wewilldiscussthe
non-admissibilityofthecutruleforthehigher-orderlogiccaseinmoredetailinSection5.5.

4.8ConnectionsandL-UnsatisfiablePaths
AconnectionisalinkbetweentwonodesinQ,whichareα-relatedwithoppositepolarities,havethe
samelabelandthesamemodalprefixwithrespecttotheactualL-substitutionσ.
Definition4.8.1(Connections)LetQbeanindexedformulatree.Aconnectionisapair(Q,Q)
ofnodeswiththesamelabel,thesamemodalprefix,andoppositepolarities,suchthatthereisapath
Γ,Q,QinsomeP∈P(Q).
Notethatweallowforconnectionsbetweennon-leafnodes.AsetCofconnectionsisspanning
forQandσ,ifthereisasetPofpathsP(Q),suchthateachpathinPeithercontainsaconnection
fromC,orcontainsTrue+,Falseort=t+.InthiscaseeachpathinPissaidtobeL-unsatisfiable
withrespecttoσ,whichisdefinedasfollows:
Definition4.8.2(L-UnsatisfiablePaths)LetQbeanindexedformulatree,σanactualL-admissible
eithersubstitutionapositiforveQnodeandpwith∈P(Plabel∈TP(rueQ,))aanepathgativethroughnodeQ.withThelabelpathFpalseis,Lapositi-unsatisfiablevenodeifpwithcontainslabel
t=t,ortwonodesthatformaconnection.

pplicationsARuleCut4.9InthissectionwepresenttwospecificwaysthecutrulefromSection4.7isused,namely(i)thatthe
extensionalityrulefrom[Pfenning,1987]isadmissibleand(ii)howflex-flexconstraintsthatarise
fromhigher-orderunificationcanbeintegratedintoanindexedformulatree.

TheExtensionalityRulefrom[Pfenning,1987]isAdmissible.Theextensionalityruledefined
forindexedformulatreesinthisthesisdiffersfromtheextensionalityrulein[Pfenning,1987].In
ordertoreducethecompletenessproofofourcalculustothecompletenessproofin[Pfenning,1987],
wepresenthowtheextensionalityrulefrom[Pfenning,1987]canbesimulatedbycombiningour
extensionalityrulewiththecutrule.

4.9.CUTRULEAPPLICATIONS

p(P)f

γβγxf(x)=g(x)δ+xf(x)=g(x)

(a)Originalindexedformulatree(b)Cutindexedformulatree
4.6:Figure

53

Lemma4.9.1TheExtensionalityrulefrom[Pfenning,1987]canbesimulatedbyacombinationof
thecutrule,theextensionalityintroductionruleandLeibniz’expansionrule.
Proof.Theextensionalityrulefrom[Pfenning,1987]is
P(f1,...,fn)p
Q0Q1...Qn
whereQ0isanindexedformulatreeforP(g1,...,gn)p,andtheQiareindexedformulatreesfor
δpx1,...,xnf(x1,...,xn)=g(x1,...,xn).Withoutlossofgeneralitywecanuseforourproofarule
wheren=1,sinceeveryapplicationoftheabovesimultaneousextensionalityrulecanbesimulated
bynapplicationsoftheunaryextensionalityrule.
Theproofsketchisasfollows:weshowthatthecut-rulecanbeusedtointroducetherequired
statementaboutδpxf(x)=g(x).Thiscanbeusedtoderiveζp(f,g)withtheextensionalityintro-
ductionrule,andsubsequentlyexpandedintotheLeibnizequalitytoobtainP(g)pfromP(f)p.
Theshapeofthewholeindexedformulatreebeforeextensionalityintroductionisshowedonthe
left-handsideofFigure4.6:Qisthewholeindexedformulatree(notshown)andthesubtreeonwhich
wewanttoapplytheextensionalityruleisthesubtreeP(f)p(left-handsideofFigure4.6).Tosimulate
theextensionalityrulefrom[Pfenning,1987]weperformacutovertheformula∀xf(x)=g(x).
Thecutcorrespondstotheindexedformulatreeviewedontheright-handsideofFigure4.6andits
insertionresultsinthefollowingindexedformulatree:

αP(f)pγ
βγxf(x)=g(x)δ+xf(x)=g(x)
+Theobligationposititoveproveoccurrencetheofcut-formula.∀xf(x)The=neg(xgati),vei.e.δoccurrencexf(x)γ=xg(fx()x)=grepresents(x)thecontainstheadditionalε-equationproof
thatisactuallyusedtoperformtheextensionalityproofstep.Applyingtheextensionalityintroduction

54CHAPTER4.INDEXEDFORMULATREES
ruleofDefinition4.3.3toγxf(x)=g(x)changesthewholeindexedformulatreeinto
αP(f)pγ
βαδ+xf(x)=g(x)

λxf(x)=λxg(x)γxf(x)=g(x)
NowweapplytheLeibniz’equalityintroductionruleontheε-equationλxf(x)=λxg(x)toobtain
asubtreeforγQβ(Q(λxf(x))p,Q(λxg(x))p).Afterinstantiationofthenewγ-variableQwith
λhP(h)andβη-normalisationweobtaintheindexedformulatree
αP(f)pγ
βαδ+xf(x)=g(x)
αγxf(x)=g(x)
ConnectionγQβ(Q(λxf(x))p,Q(λxg(x))p)λxf(x)=λxg(x)
βP(f)pP(g)p

FinallywecandrawaconnectionbetweenthesubtreesP(f)pandP(f)ptoobtainthetwonewsub-
goalsP(g)pandδ+xf(x)=g(x),whichcorrespondstothesubgoalswewouldgetwhenapplying
theextensionalityrulefrom[Pfenning,1987].

resultInsertingfromhigherFlex-Flex-orderConstraints.unification.FleTheyx-flexrepresentconstraintsadditionalareequationsconstraintsofthethatformneedH(tos)be=Gsolv(t)edthatin
ordertomaketwoformulasequal.Thusthereisaneedtoadequatelyrepresenttheseadditional
goalspurpose,inani.e.indeonxtheedsubtreeformulafromtreeQ.whichHoawever,connectionthe“eisxact”tobepositionintroduced.fortheThisisconstraintsaddresseddependswhenonweits
definetheactualCOREreasoningrules.Inthisparagraphweshowonlyhowaflex-flexconstraint
canbeattachedtoanarbitrarysubtreeQofQbyusingthecut-rule.Assumexisthelistofallγ-
andδ-variablesthatarefreeinH(s)=G(t)andnotboundonsomeparentnodeofQinQandρa
renamingofthesevariablesintovariablesxthatarenewwithrespecttoQ.Thenweintroducethe
flex-flexconstraintbyperformingacutoverH(s)=G(t),whichα-insertsaninitialindexedformula
treeforthenegativeformula∀xρ((H(s)=G(t))⇒(H(s)=G(t)))onQandresultsin
αp(γxρ((H(s)=G(t))⇒(H(s)=G(t))),Label(Q))
QQc

ANDSOUNDNESS4.10.COMPLETENESS

55

SinceonlythosefreevariablesareboundnowthathavenotbeenboundaboveQ,theresultingindexed
formulatreeisagainvalid.Afterapplicationofthecut-ruleweapplytheinversesubstitutionρ1on
theindexedformulatree.Thisisanadmissibleinstantiationsinceρ1cannotintroducecyclesintothe
reductionorderingbecausewehaveonlyboundthosevariablesintheconstraintsthatarenotbound
aboveQ.Hencetheresultingindexedformulatreeconciselyrepresentstheadditionalsubgoal.

CompletenessandSoundness4.10ForanyL-validformulaϕthereisanindexedformulatreeforϕandanL-substitutionσ,whichadmits
a1987,spanningWallen,setof1990]aboutconnections,proofthissearchisthewithmainindexresultedfromformula[Andretrees.ws,1981,Miller,1983,Pfenning,
Theorem4.10.1(Soundness&CompletenessofIndexedFormulaTreeproofs)Letϕbeafor-
mulawithrespecttooneofthelogicsLofDefinition3.2.1.ϕisL-validif,andonlyif,weconstruct
forϕanindexedformulatreeusingtherulesfromDefinitions4.1.1,4.2.1,4.3.3,4.4.1,4.5.2,and
4.7.1whichadmitsaspanningsetofconnectionswithrespecttoanL-admissiblesubstitution.
Proof.Followsforeachoftheconsideredlogicsfrom[Wallen,1990],exceptforhigher-orderlogic,
whereitfollowsfrom[Pfenning,1987]andLemma4.9.1.Thebooleanζ-expansionrulefromDefi-
thesenition4.4.1approaches.isnecessaryThereinisnoorderneedtoforunfoldanegatipositivevevequiariantvofalences,thatrule,sincesinceequivforalencesnegatiarevenotequivtreatedalencesin
theexpansioncanbesimulatedbytheLeibniz’equalityintroductionrule.

MultiplicitiesofeaseIncr4.11Proofsearchinindexedformulatrees(cf.[Wallen,1990,Pfenning,1987,Andrews,1981,Andrews,
1989])proceedsbyfixingthemultiplicityofnodesofprimarytypeγandν,andsubsequentlysearch-
ingforanappropriateL-admissiblesubstitutionandaspanningsetofconnections.However,setting
themultiplicitybeforehandisnotadequateforaninteractiveproofsearchwheremultiplicitiesof
nodesaredeterminedonthefly.Anexampleistheinstantiationofsomeγ-variablexboundonsome
γ0-typenodeQofparentnodeQγoflabelγpyϕ(y):inordertodesignacompleteproofprocedure,
wemustbeableto“copy”thatmetavariablebeforeinstantiatingit.Forthehigher-orderlogiccase
themultiplicitiescanbeadjustedduringproofsearchbyusingthetechniquefrom[Issar,1990].It
allowstoincreasethemultiplicityofsomeγ-typenodeandlocalisesitseffecttosomepathforwhich
noconnectionexistsbycopyingandrenamingthatpathadequately.However,thattechniqueisnot
applicableinourcontext,sincewehavetocopytheconcernedindexedformulatreewhichprevents
thelocalisationofthecopyingtosomesinglepath.Furthermore,addinganewinitialindexedformula
treeQforϕ(X)forsomenewmetavariableXandattachingittoQ,preventstocarryoverallproof
informationontoQ:Leibniz’equalityintroductionsandextensionalityintroductionsarelost,andall
connectionsthatinvolvedasubnodeofQarenotpresentforsubnodesinQ.Finally,substitution
informationisnotcarriedoverontoQ,saywhensomeγ-variableZdifferentfromXisinstantiated
withatermcontainingX,thenthereisnocopyofthatYwhichisinstantiatedwiththeequivalentterm
containingX.Thus,alltheproofinformationthatwasalreadyestablishedforQmustberedonefor
Q.Thesamereasoningapplieswhen“copying”ν0-typenode.
Inthefollowingwepresentamechanismtoconstructivelyincreasethemultiplicityofsomenode
whichcarriesoverallproofinformationtothenewcopy.First,notethattheincreaseofmultiplicityof
somenodemayentailtheincreaseofmultiplicityofsomeothernode.Thisisthecaseforexampleif

56CHAPTER4.INDEXEDFORMULATREES
anotionmetaofvselfariabletocontainedbecopiedsetofoccurssubtreesinthewithinstancerespectoftoasomesubstitution,othermetainvtheariable.sensethatIntuitiallvγely-,δwe-,ν-,needanda
π-variablesxthatoccurintheinstanceofsomevariabley,thesetcontainsboththesubtreesbinding
.yandxWeformalisethisintuitionbutintroducingthenotionofaconvexsetofsubtreeswithrespectto
someL-admissiblesubstitutionσ.
Definition4.11.1(ConvexSetofSubtr1ees)LetQbeanindexedformulatreewithL-admissible
substitutionσ,KasetofindependentsubtreesofQ.
boundTheninKQisweconhavvee:xifwithxroccursespectintoσsomeif,andinstanceonlyσif,(y)forforallQsome∈Ky,andthenforthereallγe-,xistsδ-,ν-,someπ-vQ∈ariablesKxin
bound.isywhichAtrivialexampleforsuchasetisthesetthatconsistsofthewholeindexedformulatreeQ.
AconvexsetKofsubtreesforanactualindexedformulatreeQhasthepropertythatitisnot
smallerwithrespecttoLthananyotherpartofQwhichisnotinK.Inotherwords,thereisno
γ-orν-variableboundoutsideKthatisinstantiatedwithsomevariableboundinK.Considerthe
restrictionσKofσtothoseγ-andν-variablesthat2areboundinK.CopyingthesubtreesinKyields
anewsetofsubtreesKandarenamingρofallvariablesinK.Thentherenamedsubstitution
σK:={ρ(σK(x))/ρ(x)|x∈dom(σK)}doesnotintroduceanyadditionaldependenciestopartsnot
inK.Furthermore,iftheoriginalsubstitutionwasL-admissible,thensoisσKσ.Inthefollowing
lemmaweformalisethisobservation:
Lemma4.11.2(MaximalityofConvexSetsofSubtrees)LetQbeanindexedformulatreewith
L-admissiblesubstitutionσ,KaconvexsetofsubtreesofQ.Forallx∈dom(σ),ifxisnotboundin
K,thenallvariablesthatoccurinσ(x)arealsonotboundinK.
yProofbound.TheinKstatementthatoccursisproinvedσ(xby).Thencontradiction:byDefinitionassume4.11.1therexisanshouldxnotbeboundboundininKKand,awhichvariableisa
contradiction.Fortheincreaseofmultiplicities,wehavetodetermineaconvexsetofsubtreesofwhichwehave
toincreasethemultiplicities.Weintroduceaconstructivemechanismtodeterminetheminimalsetof
nodeswhosemultiplicitiesneedtobeincreasedwhenincreasingthemultiplicityofsomegivennode.
Intuitively,ifwehavetocopyanodeQm,thenwemustcopyQmandallitschildren.Furthermore,
ifQmiseitherthebindingnodeofsomeγ-variablethatoccursintheinstanceofsomeγ-variableof
bindingpositionQorithassecondarytypeν0orπ0andoccursintheinstanceofsomeothernodeQ
ofsecondarytypeν0,thenwemustcopyQaswell.
Definition4.11.3(DeterminingNodestoIncreaseMultiplicities)LetQbeanindexedformula
tree,andσanL-admissiblesubstitution.LetQmbeanodeofsecondarytypeγ0orν0.Thesubtrees
tocopyinordertoincreasethemultiplicityofQm’sparentaregivenbythepredicateµ(Qm)thatis
defined:elyvinductiµ(Qm)={Qm}∪SQ|QmQµ(Q)∪SQ∈InstQ(Qm)µ(Q)
∪SQ∈InstM(Qm)µ(Q)
12i.e.i.e.γ,noδ-,nestedν-,andπsubtrees.-variables.

TIPLICITIESMULOFINCREASE4.11.

57

whereInstQ(Qm)isthesetofbindingnodesofvariablesx,suchthatyoccursinσ(x)andyisbound
onQm.IfQmisnotabindingnode,thenInstQ(Qm)=0/.InstM(Qm)istheanalogoussetfornodesof
.νtypesecondary0Wedenotebyµ(Qm)minthesubsetoftheminimalnodeswithrespecttoLofµ(Qm).
Lemma4.11.4LetQbeanindexedformulatreeofsecondarytypeγ0orν0,andσanactualL-
Thensubstitution.admissible1.µ(Q)mincontainsonlynodesofsecondarytypeγ0orν0.
2.µ(Q)minisaconvexsetofsubtreeswithrespecttoσ.

Proof.Bothpartsofthelemmaareeasyconsequencesofthedefinitionofµ(Q)andµ(Q)min.
Havingdeterminedtheminimalnodesthatneedtobecopied,wecopythesubtreesQwhose
rootsarethesenodesandrenamethevariablesifnecessary.Notethatwecannotjustcreateinitial
indexedformulatrees,sincewemustkeeptrackoftheapplicationsofLeibniz’equalityintroductions
andextensionalityintroductionsduringthecopyingprocess.Fromthiscopyingprocessweobtaina
renamingρofthecopiedvariablesandanisomorphicfunctionιbetweentheoriginalsubtreesand
theircopies.Weagreethatρisatotalfunction,whichistheidentityfunctionforallvariablesnot
occurringinQ,andιisatotalfunctionwhichistheidentityfunctiononallnodes,exceptthose
.QinoccurringThenewsubtreesareofsecondarytypeγ0orν0andareinsertedasfurtherchildrenontherespec-
tiveparentnodeofprimarytypeγorν,whichincreasestheirmultiplicities.Therenamingρandthe
nodemappingιareusedinordertocarryoverthesubstitutioninformationbyenlargingthevariable
substitutionσQandthemodalsubstitutionσM:
--FromρandσQwecreatethesubstitutionσQ:={ρ(σQ(x))/ρ(x)|x∈dom(ρ)}.
--FromιandσMwecreatethesubstitutionσM:={ι(σM(Q))/ι(Q)|Q∈dom(ι)}.
Finally,theinformationaboutestablishedconnectionsinCiscarriedoverbyenlargingCusingι,
i.e.weaddthefollowingconnections:
{(ι(c),ι(c))|(c,c)∈C,corc∈dom(ι)}

Definition4.11.5(MultiplicityIncrease)LetQbeanindexedformulatreewithactualL-admissible
substitutionσ.FurthermoreletQmbeanodeofsecondarytypeγ0orν0.Inordertoincreasethe
multiplicityofQm’sparentwedeterminethesetµ(Qm)min.ForeachQ∈µ(Qm)min
1.wecopyQtoobtainQtogetherwithavariablerenamingρandanisomorphicmappingfrom
QtoQ.SubsequentlyweaddQtotheparentnodeofQ;
2.weextendthevariableandmodalsubstitutionsofσrespectivelyby
{ρ(σQ(x))/ρ(x)|x∈dom(ρ)}and{ι(σM(Q))/ι(Q)|Q∈dom(ι)}.

REVISITEDCOMPLETENESSANDSOUNDNESS4.12.

59

Proof.Theproofisachievedintwosteps:first,weprovethattheincreaseofmultiplicitespreserves
theL-admissibilityofthesubstitution.Secondly,weprovethattheindexedformulatreeafterincrease
ofmultiplicitieshasanL-satisfiablepath,if,andonlyif,theoriginalindexedformulatreealreadyhad.
1.PreservationofL-admissibilityofsubstitution:ByLemma4.11.4thesetµ(Q)minisaconvex
setofsubtreesfromQ,andbyLemma4.11.2itfollowsthatµ(Q)minismaximalwithrespectto
L.Thusthecopiesofµ(Q)minarealsomaximalwithrespecttothenewoverallsubstitution.
Furthermore,sincethesubstitutionbeforemultiplicityincreasewasL-admissible,thesubstitu-
tionextension{ρ(σQ(x))/ρ(x)|x∈dom(ρ)}and{ι(σM(Q))/ι(Q)|Q∈dom(ι)}isirreflexive
amongthecopiesofµ(Q)min.Thus,thenewoverallsubstitutionisL-admissible.
2.ForeachQ∈µ(Q)mintheincreaseofmultiplicitiesaddsthecopyQofQtoeachpaththat
containedQ.Thus,ifQhastheprefixformulapre(Q).ϕp,thenQhasthelabelpre(Q).ρ(ϕp).
Sinceρissimplyarenamingofvariables,ittriviallyholdsthatpre(Q).ϕpisL-satisfiableif,
andonlyif,pre(Q).ρ(ϕp)isL-satisfiable.
Remark4.11.8ThemultiplicityincreasingrulecopiesallLeibniz’equalityandextensionalityintro-
ductions.However,notallofthemarenecessary,sinceweareonlyinterestedinmakinganadequate
copyoftheactualproofstate.Thenecessaryintroductionrulesarethosethatintroducednewsubtrees
inwhichactuallyoccurconnections.Ifnoconnectionoccursinsuchasubtreewecandisgardthe
ruleapplication.However,forthepurposeoftheframeworkpresentedinChapter5thecurrentrule
isadequate,becausesuperflouspartsobtainedbycopyingcanberemovedusingtheweakeningrule
5.Chapterinintroduced

4.12SoundnessandCompletenessRevisited
Inordertoobtainacompleteproofprocedurewehavetosearchfortherightmultiplicityofγ-and
ν-typenodes.Anexampleisaniterativedeepeningoverthemaximumnumberofallowedmultiplici-
ties.Butthismeanswehavetorestarttheactualmatrixproofsearcheachtimeineveryiteration,thus
losingtheinformationaboutsubstitutionsandalreadyestablishedconnections.Theruletoincrease
themultiplicitiesovercomesthatlimitationandsupportsademand-drivenincreaseofthemultiplic-
ities.Furthermoreitnotonlypreservesexistingsubstitutionsandconnections,butmoreovercarries
thisinformationovertothenewsubtreesthatresultfromtheincreaseofmultiplicities.Asaneasy
consequencethecalculusthatresultsfromtheadditionofthemultiplicityincreasingruleissoundand
complete.Theorem4.12.1LetϕbeaformulawithrespecttooneoflogicsLofDefinition3.2.1.ThenϕisL-
validif,andonlyif,fromaninitialindexedformulatreeforQ,wecanderiveanindexedformulatree
Qusingtherulesinstantiation,Leibniz’equalityintroduction,extensionalityintroduction,boolean
ζ-expansion,cut,andmultiplicityincreasesuchthattheoverallsubstitutionisL-admissibleandthere
issomeP∈P(Q)suchthatallpathsinPareL-unsatisfiable.
Proof.FollowsfromTheorem4.10.1andLemma4.11.7.

Summary4.13theTheindeindexxededformulaformulatreestreesin[Wintroducedallen,in1990]thisandchaptertheearextensionalaegeneralisedxpansioncalculustreesinthat[Pfenning,subsumes1987].both

60

4.CHAPTERTREESFORMULAINDEXED

ThebasicrulestomanipulatethemarethestrictminimumtorepresentandchecktheL-admissibility
ofsubstitutionsformetavariablesandnodevariablesfortherespectivemodalformulas,aswellas
therulestodealwiththeintroductionofLeibniz’equalityforprimitiveequalityandequivalence,the
functionalandbooleanextensionality,theexpansionofpositiveequivalencesintoimplications,cut,
andthedynamicincreaseofmultiplicities.
Asaresultweobtainasoundandcompleteproofcalculusforawholeclassoflogics.Although
thiscalculusisnotparticularlyintuitive,indexedformulatreesareusedintheprooftheoryofCORE
torepresentquantifierdependencies.Thiscalculusisthebackboneoftheframeworkwithrespectto
thechecksoftheadmissibilityoftheactualsubstitution.TheintuitivepartoftheCOREprooftheory
consistsoffreevariableindexedformulatreeswhichareaddedontopofindexedformulatreesas
presentedinthenextchapter.

Chapter5

FreeVariableIndexedFormulaTrees

Inthischapterwedefinefreevariableindexedformulatreesontopoftheunderlyingindexedformula
trees.Theworkingcopyofanindexedformulatreeisinitiallyafreevariablerepresentationofthe
indexedformulatree.Weusea“freevariable”representationinordertoeasetheintuitivereadingof
trees.Indeedtheapplicationofrulesusuallyrequirestheinstantiationofvariables,anditwouldbeodd
toinstantiatevariablesforwhichtherearestillquantifiersaroundandthefreevariablerepresentation
avoidsthis.Sinceallintroducedmetavariablesorparametersthatresultfromγ-andδ-typenodesin
theindexedformulatreearerequiredtobenew,thiscanbedone.
Furthermore,freevariableindexedformulatreesprovidesupportforthegenerationandapplica-
tionofrulesfromthelogicalcontextofsomesubformula.Theworkingcopyismanipulatedbyrule
applicationswhilestillbeinglinkedwiththeoriginalindexedformulatreetokeeptrackofinformation
aboutbindingnodesofvariablesandmodalprefixesofsubformulas.
AfterthedefinitionofinitialfreevariableindexedformulatreesinSection5.1,weintroduce
inSection5.2auniformnotionforalogicalcontextofsubtreesaswellasauniformnotionofare-
placementruleinsidealogicalcontext.Basedonthesenotions,wedefineinSection5.3theCORE
proofstateandtheactualrulesforthemanipulationofsubtrees,i.e.theCOREcalculus.TheCORE
calculusconsistsof12rules,namelyinstantiation,increaseofmultiplicities,Leibniz’equalityintro-
duction,extensionalityintroduction,contraction,weakening,modalpermutation,anexpansionrule
forpositiveequivalences,resolutionandrewritingreplacementruleapplications,propositionalsim-
plification,andcut.Thesoundnessandsafenessofthecalculusrulesisshowntogetherwiththeir
definition.ThechapterconcludeswiththecompletenessproofinSection5.4andanoteaboutcut
5.5.Sectioninelimination

5.1InitialFreeVariableIndexedFormulaTrees

Letusfirstintroduceinitialfreevariableindexedformulatreesandsubsequentlyaddtherulesto
formanipulatewhichanthem.initialTheindexedreasonformulaforthistreeisisthatcreatedwetoinitiallyrepresentstartthetheproofdependenciessearchwithbetweenthequantifiers.conjecture,
it,whichSubsequentlyisanweinitialinitialisefreevtheariableproofindestatexedwithformulathatinitialtree.indeAfterwxedardsformulawetreedefineandtheawcalculusorkingcoprulesyforfor
themanipulationofsuchaproofstate,whichtransformtheworkingcopyandpossiblytheindexed
tree.formulaThedefinitionofinitialfreevariableindexedformulatreesisessentiallythestraightforwardrep-

61

62

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

resentationofaninitialindexedformulatreewithouttheobjectlevelquantifiers.Multiplicitiesof
γ-typenodesarerepresentedbyα-nodes.However,therepresentationofmodalquantificationnodes,
i.e.ofν-andπ-typenodes,islessstraightforward.Indeed,inordertohaveanintuitiverepresentation,
modalquantificationsshallbeexplicitlyrepresented–incontrasttoobjectlevelquantification.Thus,
a-formulaisrepresentedasa-formula.However,aproblemarisesfromthemultiplicitiesofν-
typenodesinQ.Itiscertainlynotintuitivetorepresente.g.anegativeν-typenodeofmultiplicityn
byaformula(ϕ1∧...∧ϕn),sincetheprooftheoryofindexedformulasassignstoeachϕiadifferent
(variable)position.Inordertorepresentthisamoreadequaterepresentationis(ϕ1)∧...∧(ϕn).
However,weneedtoreferencetheadjoinedvariablepositionstoeach(ϕi),inordertobeableto
determinethemodalprefixofsomesubformula.
Definition5.1.1(InitialFreeVariableIndexedFormulaTrees)Wedefineinitialfreevariable
indexedformulatreesRinductivelyoverthestructureofsomegivenindexedformulatreeQ.Each
nodeofthetreehasaformulaaslabel,apolarity,auniformtype,andpossiblytheindexedformula
treenodeforwhichitisaworkingcopy.
1.IfQ=Apisaliteralnode,thenR=pAQisafreevariableindexedformulatreeofthesame
label,polarityanduniformtypethanQandareferencetoQ.Theyareleavesoffreevariable
trees.formulaedxinde2.IfQ=ε(s,t)εp,thenR=εpε(s,t)Qisafreevariableindexedformulatree.Theyareleavesoffree
variableindexedformulatrees.
3.IfQ=ζ(s,t)ζp,thenR=ζpζ(s,t)Qisafreevariableindexedformulatree.Thesearealsoleaves
offreevariableindexedformulatrees.
If4.

α(Label(Q))αp
=QQisanindexedformulatreeandRisafreevariableindexedformulatreeforQ,then
αpα(Label(R))
=RRisafreevariableindexedformulatreeforQ.
If5.

α(Label(Q1),Label(Q2))αp
=QQQ21isanindexedformulatree,R1andR2arefreevariableindexedformulatreesforQ1andQ2
then,elyvrespectiαpα(Label(R1),Label(R2))
=RRR21isafreevariableindexedformulatreeforQ.

63

5.1.INITIALFREEVARIABLEINDEXEDFORMULATREES63
If6.β(Label(Q1),Label(Q2))βp
=QQQ21isanindexedformulatree,R1andR2arefreevariableindexedformulatreesforQ1andQ2
then,elyvrespectiβpβ(Label(R1),Label(R2))
=RRR21isafreevariableindexedformulatreeforQ.
If7.γpxϕ(x)γp
=QQ1...Qn
isanindexedformulatreeandR1,...,RnarefreevariableindexedformulatreesforQ1,...,Qn
respectively,thenletR1:=R1,and
αpα(Label(Ri),Label(Ri+1))
Ri+1:=
RiRi+1
for1i(n1).ThenR:=RnisafreevariableindexedformulatreeforQ.NotethattheRi
donothaveareferencetoQ.
If8.δpxϕ(x)δp
=QQisanindexedformulatreeandRisafreevariableindexedformulatreeforQ,thenRisalsoa
freevariableindexedformulatreeforQ.
If9.ν(Label(Q1))νp
=QQ1...Qn
isanindexedformulatreeandR1,...,RnarefreevariableindexedformulatreesforQ1,...,Qn
then,elyvrespectipαα(Label(Ri),ν(Label(Ri+1)))
νpν(Label(Ri))Q1
R1:=andRi+1:=Riνpν(Label(Ri+1))Qi+1
R1R1+ifor1i(n1).ThenR:=RnisafreevariableindexedformulatreeforQ.

64

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

α+(0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y)))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y))ζ+p(s(s(0))+v)⇔p(s(s(v)))
ε0+X=Xβ¬(X=0)⇒X+Y=s(p(X)+Y)
α+¬(X=0)εX+Y=s(p(X)+Y)
εX=0

If10.

Figure5.1:Initialfreevariableindexedformulatreefortherunningexample

π(Label(Q))πp
=QQisanindexedformulatreeandRisafreevariableindexedformulatreeforQ,then
δpπ(Label(R))Q
=RRisafreevariableindexedformulatreeforQ.

TheExamplecorresponding5.1.2Asaninitialefreexamplevariableconsiderindethexed(initial)formulaindextreeedisshoformulawnintreeFigurefrom5.1.Example4.1.2(p.33):

thatItisisdefinedconvoenientvertotheαintroduce-equalityaofnotiontheiroflabels.equalityNotebetweenthatwefreeneedvαariable-equalityinde,xasedthereformulaaretreesstill
variablequantificationbindersinsideintheequivformula,alences,forwhichinstanceareanotusualremoλved-abstractionsincetheyindohighernothav-orderealogic,definedorunipolarityversal.

Notation5.1.3LetR,Rbetwofreevariableindexedformulatrees.WesaythatRandRareα-equal
if,andonlyif,theirlabelsareequaluptotherenamingofboundvariables.

Itremainstodefinethemodalprefixofsomesubtreeofafreevariableindexedformulatree.

treeDefinitionandRa5.1.4nodein(PraefixfreeofvFrariableeeVindeariablexedIndexedformulaFtreeormulathatTrbelongsees)toLetQ.QThebeanmodalindexprefixedpreformula(R)

5.1.INITIALFREEVARIABLEINDEXEDFORMULATREES
ofRisasequencenodesQ1,...,Qn∈(ν0∪Π0)fromQandisdefinedasfollows:
QifRhasnoparentnodeandisofprimarytype
ifν-Rorhasπ-typenoandparentnodeassociatedandisnodenotQof∈ν0primary∪Π0
pre(R):=Q::pre(R)iftypeRνhas-orπparent-typenodeRandisofprimarytype
ν-orπ-typeandassociatednodeQ∈ν∪Π
typeν-orπ-type
pre(R)ifRhasparentnodeRandisnotof0primary0
TheprefixedformulaofRispre(R).ϕ,whereϕisthelabelofR.

65

Remark5.1.5Thereisobviouslyacloserelationshipbetweenthestructureofafreevariablein-
dexedformulatreeRandthetermstructureofLabel(R).Thisallowsustodefinethesubtree
occurrenceofasubtreeRofRasthesubtermoccurrenceρofLabel(R)withinLabel(R),i.e.
Label(R)|ρ=Label(R).EachsubtreeRofRisuniquelydeterminedbythissubtermoccurrence
andbyabuseofnotationwewriteR|ρtodenoteR.NotethatnotallsubtermoccurrencesofLabel(R)
aresubtreeoccurrences,sincethetreestructuredoesnotextendbelowtheliteralnodelevel.

Definition5.1.6(ProvedandDisprovedFreeVariableIndexedFormulaTrees)LetRbealiteral
freevariableindexedformulatree.Then
--Risproved,if,andonlyif,eitherithasnegativepolarityanditslabelisFalse,orithaspositive
polarityanditslabelisTrue,oritisofprimarytypeaζandthelabelisζ(t,t).
--Rneisgativedispropolarityved,if,andanditsonlylabelif,isTrueeither,oritithasisofpositiprimaryvepolaritytypeεandandtheitslabellabelisisεF(t,alset).,orithas
LetRbeafreevariableindexedformulatree.Risproved(resp.disproved),if,andonlyif,
--Risaproved(resp.disproved)literalfreevariableindexedformulatree,
--orRisofprimarytypeα(resp.β)andsomesubtreeisproved(resp.disproved),
--orRisofprimarytypeβ(resp.α)andallsubtreesareproved(resp.disproved),
--orRisofprimarytypeνorπanditssubtreeisproved(resp.disproved).

Lemma5.1.7Thedefinitionofprovedanddisprovedfreevariableindexedformulatreesisaccurate.

Proof.TheintuitionbehindtheabovedefinitionisthatafreevariableindexedformulatreeRisproved
if,andonlyif,theprefixedformulaofRisL-unsatisfiable.Similarly,Risdisproved,if,andonlyif,
theprefixedformulaofRisL-valid.WeprovetheaccuracybyinductionoverthestructureofR.
BaseCase:Inthiscase+Risaliteral.BydefinitionofL-satisfiabilityofprefixedformulas,theprefixed
freeformulasvariablepre(Rinde).Txrueed,prformulae(R).Ftreesalseare,andprovpred.e(R).ζ(s,Analogouslys)+are,thenotLprefixed-satisfiable.formulasThus,pre(thoseR).Trueliteral,
pre(R).False+,andpre(R).ε(s,s)areL-valid.Thusthoseliteralfreevariableindexedformulatrees
ed.vdisproare

66

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

InductionStep:Weprovetheaccuracyof“proved”bycaseanalysisovertheuniformtypeofR.
A.Label(R)p=αp(Label(R1)p1,Label(R2)p2):forallM,w,ρ:
Mwρ|=Lpre(R).αp(Label(R1)p1,Label(R2)p2)
⇐⇒Mwρ|=Lpre(R).Label(R1)p1andMwρ|=Lpre(R).Label(R2)p2)
Sincepre(R)p=prpe(Ri),i=1,2p,1Risproved,p2if,andonlyif,atleastoneofitssubtreesisproved.
B.Label(R)=β(Label(R1),Label(R2)):forallM,w,ρ:
Mwρ|=Lpre(R).βp(Label(R1)p1,Label(R2)p2)
⇐⇒Mwρ|=Lpre(R).Label(R1)p1orMwρ|=Lpre(R).Label(R2)p2)
Sincepre(R)p=prep(Ri),i=1,2p,Risproved,if,andonlyif,bothsubtreesareproved.
C.Label(R)=ν(Label(R1)1):ForallM,w,ρ:
Mwρ|=Lpre(R).νp(Label(R1)p1)⇐⇒Mwρ|=Lpre(R1).Label(R1)p1
Thus,Risprovedif,andonlyif,R1isproved.
D.Label(R)p=πp(Label(R2)p1):similartothepreviouscase.
5.1.1PathsinFreeVariableIndexedFormulaTrees
Similarlytoindexedformulatreeswedefine(horizontal)pathsforfreevariableindexedformulatrees.
WeshowthatthereisacorrespondencebetweenthepathsthroughaninitialindexedformulatreeQ
andthepathsthroughtheinitialfreevariableindexedformulatreeRforQ.Thiscorrespondenceis
exploitedinordertoestablishtheinitialvalidityrelationshipbetweenQandits“workingcopy”R.
Definition5.1.8(PathsinFreeVariableIndexedFormulaTrees)LetRbeafreevariableindexed
formulatree.ApathinRisasequenceR1,...,Rnofα-relatednodesinR.ThesetsP(R)
ofpathsthroughRisthesmallestsetcontaining{R}andwhichisclosedunderthefollowing
operations:α-Decomposition:IfRisanodeofprimarytypeαandsubtreesR1,R2,andP∪{Γ,R}∈P(R),
thenP∪{Γ,R1,R2}∈P(R).
β-Decomposition:IfRisanodeofprimarytypeβandsubtreesR1,R2,andP∪{Γ,R}∈P(R),
thenbothP∪{Γ,R1}∈P(R)andP∪{Γ,R2}∈P(R).
ν-Decomposition:IfRisanodeofprimarytypeνandsubtreeR1,andP∪{Γ,R}∈P(R),
thenP∪{Γ,R1}∈P(R).
π-Decomposition:IfRisanodeofprimarytypeπandsubtreeR1,andP∪{Γ,R}∈P(R),
thenP∪{Γ,R1}∈P(R).
Notetheabsenceofdecompositionrulesforγandδ-nodessincefreevariableindexedformula
treeshavenosuchnodes.ThusP(Q)constainssetsofpathsthatdonotoccurinP(R).Notefurther
thatP(R)containssetsofpaths,thatcontainnodesfromRwithoutreferencetosomenodeinQ.
Definition5.1.9(ConnectionsinFreeVariableIndexedFormulaTrees)LetRbeafreevariable
indexedformulatree.Aconnectionisapair(R,R)ofnodeswiththesamelabel,thesamemodalpre-
fixundertheactualmodalsubstitution,andoppositepolarities,suchthatthereisapathΓ,R,R
insomeP∈P(R).

5.2.LOGICALCONTEXTANDREPLACEMENTRULES

67

Definition5.1.10(L-UnsatisfiableandL-SatisfiablePaths)LetRbeafreevariableindexedfor-
amulaposititreeveandnodep∈withP(Plabel∈TP(rueR,))aanepathgativethroughnodeR.withThelabelpathFalsepis,aLpositive-unsatisfiablenodeifwithplabelcontainsζ(t,t),eitheror
twonodesthatformaconnection.IfpisnotL-unsatisfiable,thenpissaidtobeL-satisfiable.

5.2LogicalContextandReplacementRules
Thefreevariableindexedformulatreecontainsalltheinformationnecessarytodeterminestatically
thelogicalcontext1logicalcontextforanyofitssubtrees.Moreoveritdeterminesallpossiblerules
withinthelogicalcontexttomanipulatethesubtreeunderconsideration.Thekeyinformationis
theannotateduniformtypeandthepolarity.IndeedthelogicalcontextofsomesubtreeRconsists
simplyofallthosesubtreesthatareconnectedwithRviaanodeofuniformtypeα,andthiscan
becheckedstaticallyfromthefreevariableindexedformulatree.Toseethis,consideranα-type
formula(A∨B)+:applyingtherespectivedecompositionruleon(A∨B)+insomesequentcalculus
correspondstothefollowinginferencestep:
ΓA,B,Δ
Γ(A∨B),Δ∨-R
ObviouslythetwocomponentsAandBoftheα-typeformulaoccurinthesamesequentandthusare
inthesamelogicalcontext.GeneralisingthisobservationforanytwonestedsubformulasofAand
Bitiseasytoseethatgivensomesubformulaϕ1inAandsomesubformulaϕ2inB,thesuccessive
applicationofallsequentcalculusdecompositionrulesstartingfromΓ(A∨B),Δresultsin,among
others,asequentoftheformΓϕ1,ϕ2,Δ.Wesayϕ1andϕ2areα-related.Conversely,wesay
thattwosubformulasareβ-related,iftheyarerelatedbyaβ-typeformula.
However,thisisonlyvalidforclassicallogics.Duetothemodalconnectivesandinmodal
logicstheremightnotbeasequentcontainingbothformulas,eventhoughtheyareα-related.But,
neverthelesstheconverseistrue,i.e.iftwoformulasarenotα-related,theycanneveroccurinasame
sequent.Thus,thegeneralpatternisthatiftwoformulasareα-relatedthenandonlythencantheybe
inthesamelogicalcontext.Whetherornottheyreallyareinthesamelogicalcontextcanbestatically
checkedbycomparingthemodalprefixesofbothformulas:ifthereisanL-admissiblesubstitution
thatunifiesbothprefixes,thenbothformulasareindeedinthesamelogicalcontext.
Havingdeterminedtheformulasthatareinthelogicalcontextofsomeformula,wearenow
concernedwiththedeterminationofthepossibleruleswhichcanbegeneratedfromthiscontext.To
motivatethis,considerthegoalsequentA⇒(B⇒C)C.ApplyingA⇒(B⇒C)toCmeansthat
thegoaltoproveCisreplacedbythegoaltoproveAandB.InthiscasebothoccurrencesofC
haveoppositepolaritiesandareα-relatedvia.Furthermore,thenewsubgoals,i.e.thepositive
occurrencesofAandB,canbedeterminedstaticallyfromtheformulabycollectingalltheformulas
thatareβ-relatedtothenegativeoccurrenceofC.Thisenablesgeneratingrulesfromaformulaby
fixingtheleft-handside,e.g.thenegativeC.Theright-handsideoftheruleisthenthelistofall
formulasthatareβ-relatedtotheleft-handside,andwewrite
C+→
A+,B+
toindicatethatthisrulerefinessomepositiveCtothe(positive)subgoalsAandB.Analogously,if
thereisanegativeequationoranegativeequivalenceinthecontext,i.e.anε-typeformulaε(s,t),we
1Notethatbylogicalcontextwemeantheinformationbeyondforinstancethescopeofvariableswhichisalready
providedbythecorrespondingindexedformulatree.

68

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

ruletheobtains→
t,ϕ1p1,...,ϕnpn
wheretheϕipiare,again,theformulasβ-relatedtoε(s,t).Thisrulecontainstheinformation,that
somegoalformulap1ϕ(s)pnwhereshasanarbitrarypolarity–evennopolarity–canberefinedtothe
subgoalsBeforeϕ(t),ϕ1formalising,...,ϕthen.notionofreplacementrules,weintroducethenotionofaweakenedsigned
formula.Itconsistsofweakeningα-connectedpartsofsomeindexedformula,andthisismotivated
bythefollowingobservation:considerthenegativeformula(A∨B)⇒Cwhichusingtheuniform
notationsyntaxisβ(α+(A+,B+),C).ApplyingthisruletosomepositiveC+wouldrefineC+to
α++(A,B)+.However,thisisnotnecessary,sinceitwouldalsobesoundtorefineC+only+to+either+
AorB.Theseadditionalpossibilitiescanbeobtainedfromtheβ-relatedformulaα(A,B)
byweakeningsomeα-parts.Inordertoincludethisintotheformaldefinitionofreplacementrules,
wedefineforsomegivenfreevariableindexedformulatreeQwithlabelϕpthesetoffreevariable
indexedformulatreesthatcanbeobtainedfromQbyweakening.
Definition5.2.1(WeakeningofFreeVariableIndexedFormulaTrees)LetRbeafreevariable
indexedformulatree.ThesetWeakened(R)ofweakenedfreevariableindexedformulatreesforRis
definedrecursivelyoverthestructureofR:
Weakened(R)={R}if,andonlyif,Risaliteralnode
Weakened(αp(R1,R2))={αp(R1w,R2w)|Riw∈Weakened(Ri),i=1,2}
∪Weakened(R1)∪Weakened(R2)
Weakened(βp(R1,R2))={βp(R1w,R2w)|Riw∈Weakened(Ri),i=1,2}
Weakened(νp(R))={νp(Rw)|Rw∈Weakened(R)}
Weakened(πp(R))={πp(Rw)|Rw∈Weakened(R)}

Lemma5.2.2LetRbeafreevariableindexedformulatreeofpolaritypandR∈Weakened(R)of
Then:.ppolarityMwρ|=Lpre(R).Label(R)p=⇒Mwρ|=Lpre(R).Label(R)p
Proof.TheproofisbyinductionoverthestructureoftheformulaR.
BaseCase:InthiscaseRisaliteralandWeakened(R)={R}.Thusthestatementholdstrivially.
InductionStep:WeconsiderthefourdifferentcasesforR:
(A)R=αp(R1,R2):then
Mwρ|=Lpre(R).αp(R1,R2)
Lemma⇔4.1.8forallw∈Mwρ(pre(R))Mwρ|=Lαp(R1,R2)
⇔forallw∈Mwρ(pre(R))Mwρ|=LR1andMwρ|=LR2
I⇒Hforallw∈Mwρ(pre(R))Mwρ|=LR1andMwρ|=LR2
(foranyR1∈Weakened(R1)andR2∈Weakened(R2))
⇔Mwρ|=Lpre(R).αp(R1,R2)andMwρ|=Lpre(R).R1
andMwρ|=Lpre(R).R2

69

5.2.LOGICALCONTEXTANDREPLACEMENTRULES69
(B)R=βp(R1,R2):then
Mwρ|=Lpre(R).βp(R1,R2)
Lemma⇔4.1.8forallw∈Mwρ(pre(R))Mwρ|=Lβp(R1,R2)
⇔forallw∈Mwρ(pre(R))Mwρ|=LR1orMwρ|=LR2
I⇒Hforallw∈Mwρ(pre(R))Mwρ|=LR1orMwρ|=LR2
(foranyR1∈Weakened(R1)andR2∈Weakened(R2))
⇔Mwρ|=Lpre(R).βp(R1,R2)
(C)R=νp(R):then
Mwρ|=Lpre(R).νp(R)
Lemma⇔4.1.8forallw∈Mwρ(pre(R))Mwρ|=Lνp(R)
⇔forallw∈Mwρ(pre(R))andforsomew,wRwMwρ|=LR
I⇒Hforallw∈Mwρ(pre(R))andforsomew,wRwMwρ|=LRw
(foranyRw∈Weakened(R))
⇔forallw∈Mwρ(pre(R))Mwρ|=Lνp(Rw)
⇔Mwρ|=Lpre(R).νp(Rw)
(D)R=πp(R):then
Mwρ|=Lpre(R).πp(R)
Lemma⇔4.1.8forallw∈Mwρ(pre(R))Mwρ|=Lπp(R)
⇔forallw∈Mwρ(pre(R))andforallw,wRwMwρ|=LR
I⇒Hforallw∈Mwρ(pre(R))andforallw,wRwMwρ|=LRw
(foranyRw∈Weakened(R))
⇔forallw∈Mwρ(pre(R))Mwρ|=Lπp(Rw)
⇔Mwρ|=Lpre(R).πp(Rw)
Forthedefinitionofreplacementrulesitisconvenienttostatethefollowingcorollary.
Corollary5.2.3(ConnectableFreeVariableIndexedFormulaTrees)LetσbeanactualL-
admissiblesubstitution,andletRandRbetwofreevariableindexedformulatreesthathavethe
samemodalprefixwithrespecttoσbutoppositepolarities.IfthereexistsanRw∈Weakened(R)
whichisα-equal(seeNotation5.1.3)tosomeRw∈Weakened(R),thenthereexistsnoL-modelM
whichsatisfiesbothRandR.WesaythatRandRareconnectable.
Proof.LettheprefixedformulasofRandRberespectivelyw.ϕpandw.ϕp.ThenRwhasthe
prefixedformulaw.ϕwpwhileRwhastheprefixedformulaw.ϕwp.AssumethereisanL-modelthat
satisfiesbothw.ϕpandw.ϕp,i.e.forallpossibleworldsvandallassignmentsρitholds:
Mvρ|=w.ϕpandMvρ|=w.ϕp
ByLemma5.2.2itfollows
Mvρ|=w.ϕwpandMvρ|=w.ϕwp
Whichisacontradiction.



70

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

Theconsequenceofthecorollaryisthattwofreevariableindexedformulatreesformaconnection
if,andonlyif,theintersectionoftheirrespectivesetsofweakenedfreevariableindexedformulatrees
.non-emptyareInordertoformalisethenotionofareplacementrule,wefirstdefinetheconditionsofsome
subtreeastheformalcharacterisationoftheβ-relatedformulasofsomenode.
Definition5.2.4(NodeConditions)LetR,cbenodesinsomefreevariableindexedformulatree,
suchthatcgovernsR.LetR1,...,Rnbeallmaximalnodesthatarebelowcandβ-relatedtoR.Then
theconditionsofRaregivenbythesetCRc:=Weakened(R1)...Weakened(Rn).
Replacementrulesareoftwokinds:thefirstkindarethosewheretheleft-handsideisanodewith
apolarity,andthesecondkindresultfromε-typenodes.Theformerarecalledresolutionreplacement
rules,whilethelatterarecalledrewritingreplacementrules.
Definition5.2.5(AdmissibleResolutionReplacementRules)LetR0,Rbenodesinsomefreevari-
ableindexedformulatreeandσtheactualoverallsubstitution.ThenR0→R1,...,Rnisanadmissi-
bleresolutionreplacementruleforR,if,andonlyif,
1.R0andRhaveoppositepolaritiesandareα-relatedbyanodec,
2.themodalprefixesofR0andRareequalwithrespecttoσ,
3.and(R1,...,Rn)∈CRc0.

Definition5.2.6(AdmissibleRewritingReplacementRules)LetR0,Rbenodesinsomefreevari-
ableindexedformulatree,R0ofprimarytypeεandlabelε(s,t),andσtheactualoverallsubstitution.
Thens→t,R1,...,Rnandt→s,R1,...,RnareadmissiblerewritingreplacementrulesforR,if,
if,onlyand1.R0andRareα-relatedbyanodec,
2.themodalprefixesofR0andRareequalwithrespecttoσ,
3.anditholdsthat(R1,...,Rn)∈CRc0.
5.3CORECalculusRules
InthissectionwefinallypresentthebasicrulesoftheCOREframework.Wefirstclarifythenotion
ofaproofstateinCOREbeforepresentingthetwelvebasicrules.
ACOREproofstateisparameterizedovertheactuallogicLandconsistsofanindexedformula
treeQ,anactualL-substitutionσandafreevariableindexedformulatreeR.Aproofstatewithrespect
toLisdenotedby[Q,σLR].Inorder+toprovesomeconjectureϕtheinitialproofstateconsistsof
theinitialindexedformulatreeQIforϕ,theemptysubstitution,andtheinitialfreevariableindexed
formulatreeRIforQI.Thereasoningrulestransformaproofstate[Q,σLR]intoaproofstate
[Q,σLR].Thetransformationissound,if,andonlyif,σisL-admissibleforQ,σisL-admissible
forQ,andwheneverthereisanL-satisfiablepathinR,thenthereisanL-satisfiablepathinR.

5.3.CORECALCULUSRULES

71

(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x++y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v)))α
(∀xNat0+x=x)∧+
(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))α(∀pNat→o∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ
(∀xNat0+x=x)γ(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))γ(∀vNatp(s(s(0))+v)⇔p(s(s(v))))δ+
0+X=Xε(∀yNat¬(X=0)⇒X+y=s(p(X)+y))γp(s(s(0))+v)⇔p(s(s(v)))ζ+
(¬(X=0)⇒X+Y=s(p(X)+Y))β
¬(X=0)α+X+Y=s(p(X)+Y)ε
0=X....................................ε.........................................................................
+α(0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y)))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y))ζ+p(s(s(0))+v)⇔p(s(s(v)))
ε0+X=Xβ¬(X=0)⇒X+Y=s(p(X)+Y)
α+¬(X=0)εX+Y=s(p(X)+Y)
εX=0

Figure5.2:Initialproofstatecomposedoftheinitialindexedformulatree(upperpart)andthecorre-
spondinginitialfreevariableindexedformulatree(lowerpart).

Definition5.3.1(ProofState,Soundness&Safeness)LetLbeoneofthelogicsunderconsider-
ation,Qanindexedformulatree,σanL-substitution,andletRbeafreevariableindexedformula
tree.Thenaproofstateisdenotedby[Q,σLR].Aproofstepisatransformationofsomeproofstate
[Q,σLR]intoanotherproofstate[Q,σLR],whichisdenotedas[Q,σLR]→[Q,σLR].
Suchaproofstepissoundif,andonlyif,ifσisL-admissiblewithrespecttoQandthereisan
L-satisfiablepathinRthenσisL-admissiblewithrespecttoQandthereisanL-satisfiablepathin
.RAproofstepissafeif,andonlyif,ifσisL-admissiblewithrespecttoQandthereisanL-
satisfiablepathinRthenσisL-admissiblewithrespecttoQandthereisanL-satisfiablepathin
.R

Example5.3.2Considerasanexampletheformula(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒
x+y=s(p(x)+y))⇒∀pNat→o∀vNatp(s(s(0))+v)⇔P(s(s(v)));theinitialproofstateforthe

72

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

α+((0+X=X∧0+X=X)∧(¬(X=0)⇒X+Y=s(p(X)+Y)))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α(0+X=X∧0+X=X)∧(¬(X=0)⇒X+Y=s(p(X)+Y))ζ+p(s(s(0))+v)⇔p(s(s(v)))
α0+X=X∧0+X=Xβ¬(X=0)⇒X+Y=s(p(X)+Y)
ε0+X=Xε0+X=Xα+¬(X=0)εX+Y=s(p(X)+Y)
εX=0

Figure5.3:Freevariableindexedformulatreeresultingfromcontractingε0+X=X.

positiveformulaiscomposedoftheindexedformulatreeandthefreevariableindexedformulatree
showninFigure5.2.Theinitialsubstitutionistheemptysubstitution.
Thereasoningrulesthatmanipulateaproofstate[Q,σLR]areoftwokinds:therearerules,
likeinstantiation,Leibniz’equalityintroduction,etc.,thataffectQ,σ,andRandtherearethosethat
affectonlyR,likeforinstancetheapplicationofareplacementrule.Thefirstkindofrulesessentially
changeQandthechangesneedtobepropagatedintoR.Howthosechangesarepropagateddepends
onthechangesinRbythesecondkindofrules,whichwepresentfirst.
Contraction5.3.1Givenaproofstate[Q,σLR]andRcasubtreeinR,thecontractionruleα-insertsacopyofRcin
R.Copyingofafreevariableindexedformulatreeisthestraighforwardoperationthatpreservesall
.QtoreferencesDefinition5.3.3(ContractionRule)Let[Q,σLR]beaproofstate,Rcasubtreeofpolaritypin
R,andRcacopyofRc.Theapplicationofthecontractionruleresultsintheproofstate[Q,σLR],
whereRisobtainedfromRbyreplacingthesubtreeRcby
αpα(Label(Rc),Label(Rc))
RRcc

Example5.3.4ConsiderasanexamplethefreevariableindexedformulatreefromExample5.1.2
(p.64).Applyingthecontractionruletoε0+X=Xyieldsthefreevariableindexedformulatree
showninFigure5.3.Notethattheindexedformulatreeoftheproofstateisnotaffectedbythatrule.

Lemma5.3.5Thecontractionruleissoundandsafe.
Proof.ConsiderthelabelonRc,i.e.theprefixedsignedformulapre(Rc).Label(Rc)p.Itisreplaced
bytheprefixedsignedformulapre(Rc).αp(Label(Rc)p,Label(Rc)p).Obviouslypre(Rc).Label(Rc)p
isL-satisfiableif,andonlyif,theprefixedsignedformulapre(Rc).αp(Label(Rc)p,Label(Rc)p)is
L-satisfiable,sinceLabel(Rc)=Label(Rc).

5.3.CORECALCULUSRULES

73



eningeakW5.3.2Givenaproofstate[Q,σLR]andRwasubtreeinR,theweakeningrulereplacesRwbysome
Rw∈Weakened(Rw).
Definition5.3.6(WeakeningRule)Let[Q,σLR]beaproofstate,RwasubtreeinR,andRw∈
Weakened(Rw).Theapplicationoftheweakeningruleresultsinaproofstate[Q,σLR],whereR
isobtainedfromRbyreplacingthesubtreeRwbyRw.
Example5.3.7AsanexampleconsiderthefreevariableindexedformulatreeinFigure5.3:Ap-
plyingtheweakeningruletooneoftheα0+X=Xweobtainagaintheinitialfreevariableindexed
tree.formulaLemma5.3.8Theweakeningruleissound.
Proof.FollowsdirectlyfromLemma5.2.2.
ermutationPModalStructural5.3.3Wehaveretainedtheν-andπ-typemodalconnectivesforintuition.However,duringproofsearchwe
mustbeabletomovetheseconnectivesoverthelogicalconnectivesinordertoapplythereplacement
rules.TakeasanexampleapositivenodeR1inthefreevariableindexedformulatreethathasalabel
(A∧B)andafurtherα-relatednegativenodeR2oflabel(A)∧(B).Inordertoapplytherule
fromR2onR1,thelabelsofthesenodesmustbeequal.Thus,weneedaruletotransformtheformer
nodeintoapositivenodeR1oftheform(A)∧(B).Generallyweneedarulethatallowsustomove
anymodalconnectiveoveranystandardlogicalconnective,i.e.∧,∨,¬,and⇒.Writingthesetrans-
formationsasaxiomsresultsineitherunsoundorunsafetransformationsingeneral,asforexample
thetransformations(A∨B)⇒(A)∨(B)or(A∨B)⇒(A)∨(B).However,theinformation
containedinafreevariableindexedformulatreeallowsforsoundandsafetransformations:theν-
andπ-typenodesinafreevariableindexedformulatreehavereferencestothenodesofsecondary
typesν1andπ1intheindexedformulatreefromwhichtheyoriginate.Thus,amodalnodeRoflabel
(A∨B)isindexedbythatnodeQintheindexedformulatree,whichwewriteasQ(A∧B).The
prefixesofAandBarebothpre(R)::Q.ThetransformationofRintoasubtreefor(A)∧(B)
preservesthatinformation,i.e.weobtainanindexedversionofthatformulathatisQ(A)∧Q(B).
Now,theprefixesofAandBarestillpre(R)::Q.Thepreservationofthereferencesduringthe
transformationofthesubtreesmakesthattransformationsoundandsafe.
Definition5.3.9(StructuralModalPermutationRule)LetR,R1andR2beafreevariableindexed
formulatree.Thestructuralmodaltransformationsarethendefinedas
--Replacingthesubtreeνpν(α(Rp))Qbyαpα(ν(Rp)Q),
--Replacingthesubtreeνpν(α(R1p1,R2p2))Qbyαpα(ν(R1p1)Q,ν(R2p2)Q),
--Replacingthesubtreeνpν(β(R1p1,R2p2))Qbyαpβ(ν(R1p1)Q,ν(R2p2)Q),
andanalogouslyforπ-typenodes.
Lemma5.3.10(Soundness&SafenessoftheStructuralModalTransformations)Thestructural
modaltransformationsaresoundandsafe.

74

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

Proof.Weprovethestatementforthetwotransformationsofbinaryconnectives.Theproofsforthe
analogous.arecasesotherReplacingthesubtreeνpν(α(R1p1,R2p2))Qbyαpα(ν(R1p1)Q,ν(R2p2)Q):thepathsinthefreevariable
indexedformulatreearetransformedasfollows:

Γ,νQ(α(R1p1,R2p2))intoΓ,νQ(R1p1),νQ(R2p2)
ThefirstpathΓ,νQ(α(R1p1,R2p2))resultsbythepathdecompositionrulesinthepath
Γ,R1p1,R2p2,whereR1p1andR2p2havethesameprefixpre(R)::Q.Thesecondpaththat
resultsfromthestructuralmodaltransformationcanalsobedecomposedintoΓ,R1p1,R2p2,
andR1p1andR2p2againhavethesameprefixpre(R)::Qasoriginally.Thus,theruleapplication
safe.andsoundisReplacingthesubtreeνpν(β(R1p1,R2p2))Qbyαpβ(ν(R1p1)Q,ν(R2p2)Q):thepathsinthefreevariablein-
dexedformulatreearetransformedasfollows:

Γ,νQ(β(R1p1,R2p2))intoΓ,νQ(R1p1)
andΓ,νQ(R2p2)
Again,thefirstpathΓ,νQ(β(R1p1,R2p2))canbedecomposedintothepathsΓ,R1p1and
Γ,R2p2,whereR1p1andR2p2havethesameprefixpre(R)::Q.Thesecondpaththatresults
fromthestructuralmodaltransformationcanalsobedecomposedintotwopathsΓ,R1p1
andΓ,R2p2,andR1p1andR2p2againhavethesameprefixpre(R)::Qasoriginally.Thus,
theruleapplicationissoundandsafe.
Notethatstructuralmodaltransformationrules“move”allmodalconnectivestowardstheliteral
nodesandgroupthemthere.Thiscorrespondstotherepresentationofmodalprefixesinencodings
ofmodallogicformulasintofirst-orderlogicformulasforresolutiontheoremprovingaspresentedin
1995].[Nonnengart,

pplicationARuleReplacement5.3.4Inthissectionwedefinetheapplicationofresolutionreplacementrules,whereasrewritingstylere-
placementrulesarepresentedbelowinSection5.3.11.
Theapplicationofaresolutionreplacementruletosomenodeaconsistsofreplacingthegoal
tomayprohavveeadifbyferentthemodalsubgoalsprefixtoesprovethanthea,vaaluescannotofbethesimplyrule.Sincereplacedthebyvaaluesofconjunctionaofreplacementthevalues.rule
nodeInsteadthatwegovreplaceernsaabyandsomecompliestriviallytotheprovmodaledformulaprefixofandtheattachsubgoal.thevInaluesorder(i.e.toβthe-insertsubgoals)theatsubgoalssome
atthesenodes,wemustbeabletofindatermthatadequatelyrepresentstheformularesultingfromthe
insertion.Generally,givenanytwosignedformulasϕp,ϕpweneedtofindaformulaβp(ϕp,ϕp).
Tothisendweintroducethenotionofβ-termsandprovethatthosetermsalwaysexist.
Definition5.3.11(β-terms)LetLbeoneoftheconsideredlogicsandp,p1,p2definedpolarities.A
β-termforLwithrespecttothepolaritiesp,p1,andp2isaλ-termλϕ1λϕ2ϕoftypeo→o→o,

5.3.CORECALCULUSRULES

75

α+((12∧Ord([1]))⇒Ord([1,2]))⇒Ord([1,2])α+((12∧Ord([1]))⇒Ord([1,2]))⇒((12∧Ord([1]))∧True)
β(12∧Ord([1]))⇒Ord([1,2])+Ord([1,2])β(12∧Ord([1]))⇒((12∧Ord([1]))∧True)β+(12∧Ord([1]))∧True
β+12∧Ord([1])Ord([1,2])β+12∧Ord([1])Ord([1,2])β+12∧Ord([1])+True
+12+Ord([1])+12+Ord([1])+12+Ord([1])

Figure5.4:Freevariableindexedformulatreesbeforeandafterapplicationofthereplacementrule.

suchsignedthatformulaforantypisofformulasprimaryψ1,ψ2type,ifβt,isϕ1theandβηϕ2longoccurnormaluniquelyforminoft((withλϕ1λϕrespecti2vϕe)ψ1ψpolarities2),thenp1andthe
p2andtheoccurrencesofϕ1andϕ2insidethavethesamemodalprefixast.
Lemma5.3.12(Existenceofβ-Terms)ForanylogicLfromDefinition3.2.1,foranytwoformulas
ψ1,ψ2,polaritiesp,p,andanpypprefixpmthereexistsabinaryβ-termβforp,p,andp,suchthatthe
prefixesofψandψinsideβ(ψ,ψ)areequaltom.
Proof.Toprovethislemmawegiveforeachpolarityconstellationanexampleβ-termwhichfulfills
therequirements.ppβ-term
++λψ1λψ2(∧ψ1ψ2)
+λψ1λψ2(¬(⇒ψ1ψ2))
+λψλψ11λψλψ22((⇒∨ψψ12ψψ21))


∨Theβ-insertionofasubtreeonsomenodeconsistsinreplacingthenodewithaβ-typenodewith
arespectiveβ-termlabelandofsubtreesthegivensubtreeandtheoriginalnode.
Definition5.3.13(ResolutionReplacementRuleApplication)Let[Q,σLR]beaproofstate,
aanodeinR,andu→v1,...,vn(n0)anadmissibleresolutionreplacementrulefora(i.e.
vi∈Weakened(vi),viβ-relatedtou)suchthatuandaareconnectable(seeCorollary5.2.3).The
applicationofu→v1,...,vntoaisdefinedasfollows:
--Foreachvi,wedeterminethenodepiwhich(a)governsaand(b)hasthesamemodalprefix
thanviwithrespecttoσandβ-insertvionpi.
--subsequently,wereplacethesubtreeabyaninitialfreevariableindexedformulatreeforTrue+,
ifahaspositivepolarity,orotherwiseforFalse.

Example5.3.14Considerasanexamplethefollowingfreevariableindexedformulatreeobtained
forthe(positive)formulaaboutlistsofnaturalnumbers
((12∧Ord([1]))⇒Ord([1,2]))⇒Ord([1,2])

5.3.CORECALCULUSRULES

77

1.IfthepathwasofthekindΓv1,...,Γvi,vi,Γb1,...,Γbj,bj,thenitstillexistsinthenewsubtree.
2.IfthepathwasofthekindΓv1,...,Γvn,Γu,u,Γb1,...,Γbj,bj,thenitstillexistsinthenewsub-
tree.3.IfthepathwasofthekindΓv1,...,Γvi,vi,Γb1,...,Γbm,Γa,a,wecanfindinthenewsubtreethe
pathΓv1,...,Γvi,vi,Γvi,viwhereΓviaretheα-relatedpartinthenewsubtree,thatarebelowc.
ΓviisasubsetofΓb1,...,Γbm,Γa,andfromLemma5.2.2weknowthatifviisL-satisfiable,
thensoisvi.Thusthenewpathisa“subset”oftheoldpath,andthusalsoL-satisfiable.
4.IfthepathwasΓv1,...,Γvn,Γu,u,Γb1,...,Γbm,Γa,a,thenitisnotL-satisfiable,sinceitcontains
theconnectablenodesuanda(cf.Corollary5.2.3).

Hencetheresolutionapplicationofanadmissiblereplacementruleissound.
Theapplicationofaresolutionreplacementruleisnotsafe,exceptwhenuhasnoβ-relatedsub-
trees.Inordertoallowforasafeapplicationoftheresolutionreplacementrule,thecontractionrule
needstobeappliedbeforeapplyingtheresolutionreplacementrule.

andLemmathatgov5.3.16ernsallTheβ-insertioncombinationnodesofthefortheapplicationnewofsubgoalsthevcontractionandtherulesubsequentonsomenodeapplicationbbeloofwthec
resolutionreplacementruleissafe.i
Proof.Theproofisbyinductionoverthestructureofthedirectsubtreesofcthatcontainsb.
BaseCases=b,i.e.bisadirectsubtreeofc.Theprefixedformulaoncispre(c).αp(ϕ,Label(b)),
whereϕisthesubformulacontainingtheresolutionreplacementrule.Afterapplication
ofthecontractionruleandtheresolutionreplacementruleweobtaintheprefixedformula
pre(c).αp(ϕ,α(Label(b),ϕ)),whereϕisthesubformulaobtainedfromLabel(b)byreso-
lutionreplacementruleapplication.ObviouslyitholdsforanyL-modelM,anyworldwand
:ρassignmentMwρ|=Lpre(c).αp(ϕ,α(Label(b),ϕ))=⇒Mwρ|=Lpre(c).αp(ϕ,Label(b)).
pInductionψ(ψ(Step:Label(bThe)))isprefixtheedformulaformulaoncontainingcisoftheLabel(bform)andpre(ψc().αLabel(ϕ,(bψ))(ψis(theLabel(bformula)))),onwherethe
parentnodeofb.Byinductionhypothesisweknowthatapplyingthecontractionruleonthe
knoparentwthatnodeforbpanofybLand-modelMsubsequently,anyworldapplyingwandtheassignmentresolutionρ:replacementruleissafe.Thuswe
Mwρ|=Lpre(c).αp(ϕ,ψ(α(ψ(Label(b)),ψ(ϕ))))
=⇒Mwρ|=Lpre(c).αp(ϕ,ψ(ψ(Label(b))))
Weprovebycaseanalysisovertheuniformtypeofψ(Label(b))that
Mρ|=pre(b).ψp(αp(Label(b)p,ϕp))
wL=⇒Mpwρ|=Lpre(bp).αp(ψp(Label(b)p),ψp(ϕp))

78

78CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES
A.ψp=λPαp(ψ,Pp),whereψissomesignedformula.Then
Mwρ|=Lpre(bp).ψp(αp(Label(b)p,ϕp))
⇔forallw∈Mwρ(pre(bp))Mwρ|=Lαp(ψ,αp(Label(b)p,ϕp))
⇔forallw∈Mwρ(pre(bp))Mwρ|=LψandMwρ|=LLabel(b)pandMwρ|=Lϕp
⇔forallw∈Mwρ(pre(bp))Mwρ|=LψandMwρ|=LLabel(b)p
andMρ|=LψandMρ|=Lϕp
⇔forallww∈Mwρ(pre(bpw))Mwρ|=Lαp(ψ,Label(b)p)andMwρ|=Lαp(ψ,ϕp)
⇔forallw∈Mwρ(pre(bp))Mwρ|=Lαp(αp(ψ,Label(b)p),αp(ψ,ϕp))
⇔Mwρ|=Lpre(bp).αp(ψp(Label(b)p),ψp(ϕp))
B.ψp=λPβp(ψ,Label(b)p),whereψissomesignedformula.Then
Mwρ|=Lpre(bp).ψp(αp(Label(b)p,ϕp))
⇔forallw∈Mwρ(pre(bp))Mwρ|=Lβp(ψ,αp(Label(b)p,ϕp))
⇔forallw∈Mwρ(pre(bp))Mwρ|=Lψor(Mwρ|=LLabel(b)pandMwρ|=Lϕp)
⇔forallwρ∈Mwρ(pre(bpρ))(Mwρ|=LψorMwρ|=LLabel(b)p)
and(Mw|=LψorMw|=Lϕp)
⇔forallw∈Mwρ(pre(bp))Mwρ|=Lβp(ψ,Label(b)p)andMwρ|=Lβp(ψ,ϕp)
⇔forallw∈Mwρ(pre(bp))Mwρ|=Lαp(βp(ψ,Label(b)p),βp(ψ,ϕp))
⇔Mwρ|=Lpre(bp).αp(ψp(Label(b)p),ψp(ϕp))
C.ψp=λPνp(Label(b)p):analogously.
D.ψp=λPπp(Label(b)p):analogously.
Simplification5.3.5Definition5.3.17(SimplificationRule)Let[Q,σLR]beaproofstate,andletRbeasubtreeof
R.Thesimplificationruleconsistsof
--ifRisproved,replaceRbyaninitialfreevariableindexedformulatreeforTrue+ifthepolarity
ofRispositive,andotherwisebyaninitialfreevariableindexedformulatreeforFalse,
--ifRisdisproved,replaceRbyaninitialfreevariableindexedformulatreeforFalseifthe
polarityofRispositive,andotherwisebyaninitialfreevariableindexedformulatreeforTrue+,
--ifRaβ-typenodeβ(R1p1,R2p2)pandnotproved,buteitherR1orR2isproved,then
–replaceRbyRi,ifRiisthenon-provensubtreeandp=pi,or
–replaceRbyα(Ripi)p,ifRiisthenon-provensubtreeandp=pi
--ifRanα-typenodeα(R1p1,R2p2)pandnotdisproved,buteitherR1orR2isdisproved,then
–replaceRbyRi,ifRiisthenon-disprovensubtreeandp=pi,or
–replaceRbyα(Ripi)p,ifRiisthenon-disprovensubtreeandp=pi
--OtherwisetoleaveRunchanged.



5.3.CORECALCULUSRULES79
Example5.3.18TakeasanexamplethefreevariableindexedformulatreefromFigure5.4(p.75):
applyingthesimplificationruletothewholetreeyieldsthesimplifiedfreevariableindexedformula
treeα+((12∧Ord([1]))⇒Ord([1,2]))⇒(12∧Ord([1]))
β(12∧Ord([1]))⇒(12∧Ord([1]))β+12∧Ord([1])
β+12∧Ord([1])Ord([1,2])+12+Ord([1])
+12+Ord([1])
Lemma5.3.19(Soundness&SafenessofSimplification)Thesimplificationruleissoundandsafe.

Proof.Theproofisbycaseanalysisoverthecasesinthedefinitionofthesimplificationrule.Thelast
caseistriviallysoundandsafe.Forthefirsttwocasesofthesimplificationrulethesoundnessand
safenessfollowsdirectlyfromLemma5.1.7.ForthethirdcaseweconsiderhowthepathsthroughR
areaffectedbythesimplificationrule:
Γ,β(ϕp,Provedp)pintoΓ,ϕp(5.1)
respectivelyΓ,β(ϕp,Provedp)pintoΓ,α(ϕp)p(5.2)
whereProvedpisTrue+,ifp=+,andFalseifp=.Forthepathtransformation(5.1)wehave:
Mwρ|=Lpre(R).β(ϕp,Provedp)p
⇔forallw∈Mwρ(pre(R))Mρ|=Lβ(ϕp,Provedp)p
⇔forallw∈Mwρ(pre(R))Mwwρ|=LϕporMwρ|=LProvedp
ρpMw|=L⇔Provedforallw∈Mwρ(pre(R))Mwρ|=Lϕp
⇔Mρw|=Lpre(R).ϕp
Forthepathtransformation(5.2)wehave:
Mwρ|=Lpre(R).β(ϕp,Provedp)p
⇔forallw∈Mwρ(pre(R))Mwρ|=Lβ(ϕp,Provedp)p
⇔forallw∈Mwρ(pre(R))Mwρ|=LϕporMwρ|=LProvedp
Mwρ|=L⇔Provedpforallw∈Mwρ(pre(R))Mρ|=Lϕp
w⇔forallw∈Mwρ(pre(R))Mwρ|=Lα(ϕp)p
⇔Mwρ|=Lpre(R).α(ϕp)p
Thus,thesimplificationruleissoundandsafe.

Thus,thesimplificationruleissoundandsafe.
Toeasethedefinitionofthesecondkindofrules,i.e.therulesthataffectQandwhoseeffects
needtobepropagatedintoR,wedescribethegeneralprincipleforthepropagationofchangesinQto
R.TothisendconsidertherespectiverulesandhowtheyaffectQ:

80

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

--TheintroductionofLeibniz’equality(cf.Definition4.2.1)essentiallyinsertsanα-relatedinitial
indexedformulatreeLfor(∀PP(s)⇒P(t))ptosomegivenliteralnodeζε(s,t).Thiscanbe
propagatedtoRbyα-insertingoneachoccurrenceofζε(s,t)insideRarespectiveinitialfree
variableindexedformulatreeforL.
--Theextensionalityintroduction(cf.Definition4.3.3)behavesanalogouslytothepreviousrule:
itinsertsanα-relatedliteralnodefor(λxs=λxt)ptosomegivenliteralnodeζε(s,t)p.Again,
thiscanbepropagatedtoRbyα-insertingoneachoccurrenceofζε(s,t)insideRaninitialfree
variableindexedformulatreefor(λxs=λxt)p.
--deThexedbooleanformulaζ-etreeLxpansionfor((Arule⇒(cf.B)∧(BDefinition⇒A))+4.4.1)tosomeessentiallygivenζinserts-typeannodeαζ(A-relatedo,Bo).initialThisin-is
propagatedtoRbyα-insertingoneachoccurrenceofζ(Ao,Bo)insideRarespectiveinitialfree
variableindexedformulatreeforL.
--Theationofνinstantiation-typenodesrule(cf.doesnotDefinitionaffectR,4.5.2)exceptinstantiatesfortheγ-vdeterminationariablesandofνthe-nodes.modalTheprefixinstanti-esof
and,subtrees.ifXisFaorsetthevariable,instantiationreplacesofatheγ-vliteralariableXnodesitoflabelessentiallyX(s1,...instantiates,sn)pbytheanlabelsinitialofindenodes,xed
formulatreeforσQ(X(s1,...,sn))↓pβη.ThiscanbepropagatedptoRbyinstantiatingthelabels
ofnodesinRandreplacingthepoccurrencesofX(s1,...,sn)byinitialfreevariableindexed
formulatreesforσQ(X(s1,...,sn))↓βη.
--Therespectivincreaseeγ-typeofandνmultiplicities-typenodes(cf.andDefinitionextends4.11.5)theovaddserallcopiessubstitution.ofindexTheedeformulaxtensiontreesoftheon
tree.substitutionFromthemustcopbeyinghandledoftheinrespecticombinationveindexwithedtheformulainsertiontreeweoftheobtainnewaindexrenamingedρformulaand
anisomorphicmappingιfromnodesintheoldindexedformulatreeQtonodesinthenew
indexedformulatreeQ.InsideRwedeterminethelargestsubtreesthatcontainonlynodes
fromQ(literalsaswellasν-andπ-typenodesannotatedbynodesfromQofsecondarytype
ν0andreferencedπ0).nodesTheninweQinα-insertaccordanceacopywithofι.thosesubtreesbyrenamingthelabelsbyρandthe

EqualityLeibniz’5.3.6Definition5.3.20(Leibniz’EqualityIntroductionRule)Let[Q,σLR]beaproofstate,Reanε-
orζ-typesubtreeinR,QeitsassociatedsubtreeinQofpolaritypandlabelζε(s,t),andQeaninitial
indexedformulatreefor(∀PP(s)⇒P(t))p.TheapplicationoftheLeibniz’EqualityIntroduction
ruleonReresultsinaproofstate[Q,σLR].TherebyQistheresultofapplyingtheLeibniz’
equalityintroductionruleonQewhichconsistedinreplacingQeby
Label(Qe)αp
=QLeibnizQQee

5.3.CORECALCULUSRULES

81

+α(¬((((X0+=X0)=⇒XX∧(+Q(Y0+=Xs()p(⇒XQ)(+XY))))))∧(⇒0+(pX(s(=s(X0∧))(+Qv()0⇔+Xp()s(⇒s(vQ())))X))))∧
α((0+X=X∧(Q(0+X)⇒Q(X)))∧
(0+X=X∧(Q(0+X)⇒Q(X))))∧(¬(X=0)ζ+p(s(s(0))+v)⇔p(s(s(v)))
⇒X+Y=s(p(X)+Y))
α((0+X=X∧(Q(0+X)⇒Q(X)))∧(0+X=X∧(Q(0+X)⇒Q(X))))β¬(X=0)⇒X+Y=s(p(X)+Y)
α0+X=X∧(Q(0+X)⇒Q(X))α0+X=X∧(Q(0+X)⇒Q(X))α+¬(X=0)εX+Y=s(p(X)+Y)
ε0+X=XβQ(0+X)⇒Q(X)ε0+X=XβQ(0+X)⇒Q(X)εX=0
+Q(0+X)Q(X)+Q(0+X)Q(X)

Figure5.6:FreevariableindexedformulatreeresultingfromintroducingLeibniz’equalityforthe
ε-typeformulaε0+X=X.

FurthermoreRistheresultofreplacingallliteralnodesRLinRthatareannotatedbyQewith
αpα(Label(RL),Label(RL))
RRLLwhereRLisaninitialfreevariableindexedformulatreeforQe.
Example5.3.21Considerasanexampletheproofstatefortheformula
(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔P(s(s(v)))
afterapplicationofthecontractionrule;theindexedformulatreeforthatproofstateisshownin
Figureintroduction4.1(p.of34)theandLeibniz’thefreeequalityvariablefortheindeεxed-typeformulaformulatree0is+Xsho=wnXinyieldsFigureon5.3the(p.one72).handThethe
indexedformulatreeshowninFigure4.2(p.41).Theεadaptationofthetwooccurrencesofthat
formulainthefreevariableindexedformulatreeyieldsthefreevariableindexedformulatreeshown
5.6.FigureinLemma5.3.22TheLeibniz’equalityintroductionruleissoundandsafe.
Proof.ThelabelofRListheprefixedformulapre(RL).ζεp(s,t)ands,tareoftypeτ.Thisprefixed
formulaisreplacedbytheformulapre(RL).αp(εζp(s,t),∀pPP(s)⇒P(t)).LetMwρbeanL-model
withpossibleworldwandassignmentρthatsatisfiespre(RL).ζεp(s,t).Weprovethesoundnessand

82CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES
safenessforthecasewhereζεp(s,t)isoftheform(s=t)+.Theothercasesareanalogous.
Mwρ|=Lpre(RL).(s=t)+
⇔forallw∈Mwρρ(pre(RL))Mρwρ|=L(s=t)+
⇔forallw∈Mw(pre(RL))Mw|=Ls=t
⇔forallw∈Mρwρ(pre(RL))Mwρρ(s)=Mwρρ(t)
⇔forallw∈Mw(pre(RL))Mw(s)=Mw(t)
andthereexistspMw(τ→o).(¬p(Mwρ(s)))andp(Mwρ(t))
P⇔newforallw∈Mwρ(pre(RL))Mwρ(s)=Mwρ(t)
andthereexistsp∈Mw(τ→o)Mwρ[p/P]|=LP(s)⇒P(t)
⇔forallw∈Mwρ(pre(RL))Mwρ(s)=Mwρ(t)
andnotforallp∈Mw(τ→o)Mwρ[p/P]|=LP(s)⇒P(t)
⇔forallρw∈Mwρ(pre(RL))Mwρ(s)=Mwρ(t)
andMw|=L∀Pτ→oP(s)⇒P(t)
⇔forallw∈Mwρ(pre(RL))Mwρ|=L(s=t)+andMwρ|=L(∀Pτ→oP(s)⇒P(t))+
⇔forallw∈Mwρ(pre(RL))Mwρ|=Lα+(s=t+,(∀Pτ→oP(s)⇒P(t))+)
⇔Mwρ|=Lpre(RL).α+(s=t+,(∀Pτ→oP(s)⇒P(t))+)
Extensionality5.3.7Definition5.3.23(ExtensionalityIntroductionRule)Let[Q,σLR]beaproofstate,Reanε-or
ζ-typesubtreeinR,QeitsassociatedsubtreeinQofpolaritypandlabelζε(s,t)withlocalvariable
x,andQeaninitialindexedformulatreeforζε(λxs,λxt).Theapplicationoftheextensionality
introductionruleonReresultsinaproofstate[Q,σLR].TherebyQistheresultofapplyingthe
extensionalityintroductionruleonQewhichconsistedinreplacingQeby
Label(Qe)αp
=QExtQQeeFurthermoreRistheresultofreplacingallliteralnodesRLinRthatareannotatedbyQewith
αpα(Label(RL),Label(RL))
RRLLwhereRLisaninitialfreevariableindexedformulatreeforQe.

Example5.3.24ConsiderthesampleinitialproofstateshowninFigure5.2(p.71).Theintroduction
ofextensionalityfortheε-typenodeεX+Y=s(p(X)+Y)yieldstheindexedformulatreeshown
inFigure4.3(p.45)andthefreevariableindexedformulatreeshowninFigure5.7.
Lemma5.3.25Theextensionalityintroductionruleissoundandsafe.

5.3.CORECALCULUSRULES

83

α+(0+X=X∧(¬(X=0)⇒((X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y)))))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α0+X=X∧(¬(X=0)⇒((X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y))))ζ+p(s(s(0))+v)⇔p(s(s(v)))
ε0+X=Xβ¬(X=0)⇒((X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y)))
α+¬(X=0)α(X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y))
εX=0εX+Y=s(p(X)+Y)ελyX+y=λys(p(X)+y)

εXFigure+Y5.7:=s(pFree(Xv)+Yariable)withindexedrespecttoformulaγ-localtreevafterariableeY.xtensionalityintroductionforε-typeformula

Proof.ThelabelofRListheprefixedformulapre(RL).ζεp(s,t)wheres,tareoftypeτ.Thisprefixed
formulaisreplacedbytheformulapre(RL).αp(ζεp(s,t),ζεp(λxs,λxt)).LetMwρbeanL-model
withpossibleworldwandassignmentρthatsatisfiespre(RL).ζεp(s,t).Weprovethesoundnessand
safenessforthecasewhereζεp(s,t)isoftheform(s=t)+.Theothercasesareanalogous.
Forthecase(s=t)+thevariablexmustbeδ-localwithrespectto(s=t)+.Thenitholds:
Mρ|=pre(R).(s=t)+
⇔forwallLw∈MLρ(pre(R))Mρ|=(s=t)+
⇔forallw∈Mwwρ(pre(RLL))Mwwρ|=LLs=t+andMwρ|=Ls=t+
&localδxLemma⇔4.3.2forallw∈Mwρ(pre(RL))Mwρ|=Ls=t+andMwρ|=L(∀xτs=t)+
Extensionalityρρ+ρ+
⇔⇔forforallallww∈∈MMwρw((prpree((RRLL))))MMρw||==LLsα+=(ts=tand+,(Mλwxτ|=Ls(=λxλτxτst=)+λ)xτt)
w⇔Mwρ|=Lpre(RL).α+(s=t,λxτs=λxτt)
-ExpansionζBoolean5.3.8Definition5.3.26(Booleanζ-ExpansionRule)Let[Q,σLR]beaproofstate,Rζaζ-typesubtree
inruleR,onandRQζitsresultsinassociatedaproofsubtreestatein[QQ,ofσlabelRζ](,Ao,whereBo).QTheistheapplicationresultofoftheapplyingbooleantheζ-ebooleanxpansionζ-
LζexpansionruleonQζwhichintroducesanintitialindexedformulatreeQEfor((A⇒B)∧(B⇒A))+.
Furthermore,RisobtainedbyreplacingallliteralnodesRLofRannotatedbyQζby
αpα(Label(RL),Label(RL))
RRLLwhereRLisaninitialfreevariableindexedformulatreeforQE.

84

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

+
α⇒(0(+p(Xs(s=(vX)))∧⇒(¬p((Xs(s=(00)))+⇒vX))∨+Y((p(=s(ss((p0(X)))++v)Y⇒)))p(s(s(v))))∧(p(s(s(v)))⇒p(s(s(0))+v)))
(((pp((ss((ss((v0)))))+⇒v)p(⇒s(sp((0s())s(+vv))))))∨∧(p(s(s(v)))⇒p(s(s(0))+v)))
ζ+p(s(s(0))+v)⇔p(s(s(v)))β+(p(s(s(0))+v)⇒p(s(s(v))))∧(p(s(s(v)))⇒p(s(s(0))+v))
α+(p(s(s(0))+v)⇒p(s(s(v))))α+(p(s(s(v)))⇒p(s(s(0))+v))
p(s(s(0))+v)+p(s(s(v)))p(s(s(v)))+p(s(s(0))+v)

Figure5.8:Freevariableindexedformulatreeafterbooleanζ-expansiononζ+p(s(s(0))+v)⇔
p(s(s(v))).

Example5.3.27TakeasanexampletheproofstatefromFigure5.2(p.71).Theapplicationofthe
booleanζ-expansionruleappliedtoζ+p(s(s(0))+v)⇔p(s(s(v)))yieldstheindexedformulatree
alreadyshowninFigure4.4(p.46)andthefreevariableindexedformulatreeofFigure5.8.
Lemma5.3.28Thebooleanζ-expansionruleissoundandsafe.
Proof.Theruleoperatesonliteralnodesandthusdoesnotaffectthesubstitutionwhichremains
L-admissible.Itremainstobeshownforsoundness(respectivelysafeness)thattherulepreserves
theexistence(respectivelyabsence)ofsatisfiablepaths.TheruleisappliedonaliteralnodeRζ=
ζ(A,B),whichisofpositivepolarityandwhereAandBare+formulas.Thenewnodeintroduced
βby(α(Athat,Brule+)+,αdenotes(B,Athe+)+)signed+.Theformularule((Atransforms⇒B)∧the(Bpaths⇒Aas))follo,ws:whichusinguniformnotationis
Γ,ζ(A,B)intoΓ,ζ(A,B),β(α(A,B+)+,α(B,A+)+)+
Weshowforthattransformationthattheformerpathissatisfiableif,andonlyif,thelatterpathis
satisfiable.Mwρ|=Lpre(R).ζ(Ao,Bo)+
⇔forallw∈Mζwρ(pre(Rζ))Mwρ|=Lζ(Ao,Bo)
Definition⇔3.4.2forallw∈Mwρ(pre(Rζ))Mρ|=LA=B
⇔forallw∈Mwρ(pre(Rζ))Mwρw(A)=Mwρ(B)
ρMw(o)=⇔{,⊥}forallw∈Mwρ(pre(Rζ))(Mwρ(A)=andMwρ(B)=⊥)or
(Mρ(A)=⊥andMρ(B)=)
⇔forwallw∈Mwρ(pre(Rwζ))(Mwρ|=LAandMwρ|=LB)or
(Mwρ|=LAandMwρ|=LB)
Definition⇔3.4.2forallw∈Mwρ(pre(Rζ))(Mwρ|=LAandMwρ|=LB+)or
(Mwρ|=LA+andMwρ|=LB)
Lemma⇔3.4.3forallw∈Mwρ(pre(Rζ))Mwρ|=Lα(A,B+)+orMwρ|=Lα(B,A+)+
Lemma⇔3.4.3forρallw∈Mwρ(pre(Rζ))+Mwρ+|=Lβ(α(A+,+B++)+,α(B,A+)+)+
⇔Mw|=Lpre(Rζ).β(α(A,B),α(B,A))



5.3.CORECALCULUSRULES

85

Instantiation5.3.9anLetL[Q,σ-substitutionLR]beσasuchproofthatstate.theTheresultinginstantiationoverallLrulee-substitutionxtendstheσactualσisLsubstitution-admissible.σbyGenerallyapplying,
anmodalL-substitutionsubstitutionhasconsistsnoofdirectanefobjectfectonvQ,ariableexceptforsubstitutiontheσQdeterminationandamodalofthesubstitutionequalityofσM.prefixThees
andfortheoverallordering.TheobjectvariablesubstitutionaffectsQbyapplyingthesubstitution
tothelabelsofthenon-literalnodesandbyreplacingliteralnodesQLinQbyaninitialindexed
formulatreeQLσforσQ(Label(QL)).EachsuchQLmaybeassociatedtooneormoreliteralnodesin
R.Thus,whilereplacingQLbyQLσweσneedtoreplacethecorrespondingliteralnodesinRbyinitial
freevariableindexedformulatreesforQL.
suchDefinitionthatσσ5.3.29isL-admissible.(InstantiationTheRule)instantiationLet[Q,σruleLR]resultsbeainaproofproofstate,state[andQ,σσanσLR]-substitutionwhere
LQresultsfromQasdefinedinDefinition4.5.2andRresultsfromRbyapplyingthesubstitutionto
thenon-literalnodesandbyreplacingallliteralnodesinRwithassociatedliteralnodeQLinQthat
havebeenreplacedinQbysomeQLσwithaninitialfreevariableindexedformulatreeforQLσ.
Lemma5.3.30Theinstantiationruleissound.
Proof.Theinstantiationruleissound,sincetheadmissibilityofthesubstitutionischeckedonQ(resp.
Qof).theItalsowholepreservsignedestheformulaeϕxistenceinQofLbefore-satisfiableapplicationpaths,ofastheisprovsubstitutionedasσfollo.Ifws:MletMsatisfiesbeanϕpLthen-modelfor
allpossibleworldswandallassignmentsρitholds:Mwρ|=Lϕp.FromLemma4.1.14itfollowsthat
foranyassignmentρandsubstitutionσthereisaassignmentρsuchthat
Mwρ|=Lσ(ϕ)p=⇒Mwρ|=Lϕp
Hence,ML-satisfiesσ(ϕ)p.
NewVariables.Higher-orderunificationmaygeneratenewvariables.InSection4.6weshowed
hoproofwthesestate[Q,σadditionalLR]vto[ariablesQ,σareLR]handledwhereQinsideQcontains.Thusthetheinteadditionalgrationofbindingsnewforvtheariablesnewvchangesariables.a

MultiplicitiesofeaseIncr5.3.10Theincreaseofmultiplicitiesisnecessaryforasafeinstantiation.Thisisachievedbyincreasingthe
multiplicitiesoftheparentnodesofthebindingnodesofinstantiatedobjectvariablesandvariable
nodes,beforeapplyingasubstitution.InSection4.11weshowedhowthemultiplicitiesareincreased
inbeentheindeobtainedxedbyformulacopying,treeasQ.wellFromasatheremappingweιobtainfromthenodessubtreesintheofoldprimarysubtreestypetoν0ornodesΠ0inthatthehanevwe
subtreeandarenamingθofobjectlevelvariables.AssumetheoverallmodalsubstitutionisσM:
thenpropagatingthenewmultiplicitiesintothefreevariableindexedformulatreeRisachievedby
consideringthesubtreesinRthathaveanassociatednodeQindom(ι)orwhereσM(Q)∩dom(ι)=
0/.ThosesubtreesareeitherliteralnodesorsubtreesoftypeνwithassociatednodeQsuchthat
σM(Q)∩dom(ι)=0/.Thus,weneedtocopythosesubtreesoftypeνbyrenamingthereferencesinto
Qbyιandtheobjectlevelvariablesbyθ.FortherespectiveliteralnodesinRthatdonotoccurin
oneofthesesubtreesweconsiderthemaximalsubtreesRthatcontainonlythosekindofliteralnodes.
Themaximalsubtreesarealsocopiedbyapplyingtherenamingsθandι.

86

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

Definition5.3.31(IncreaseofMultiplicities)Let[Q,σLR]beaproofstate,andQasetofsub-
treesfromQofwhichtoincreasethemultiplicities.Thenewproofstate[Q,σLR]isobtained
by

--increasingthemultiplicitiesinQaccordingtoDefinition4.11.5whichresultsinQ,avariable
renamingθandamappingιonsubtreesoftheindexedformulatreeQ.
--LetRMbethemaximalsubtreesthathaveanassociatednodeoftypeν0indom(ι)andRLthe
maximalsubtreesthatcontainonlyliteralnodesindom(ι)andthatdonotoccurinRM.For
eachsubtreeR0∈RM∪RLweα-insertacopyofR0thathasbeenrenamedwithrespecttoθ
.ιand

Lemma5.3.32Theincreaseofmultiplicitiesissoundandsafe.
Princreaseoof.ByofLemmamultiplicities4.11.7isthestillneLwoverall-admissible.NosubstitutionwconsiderthattheresultsmaximalfromsubtreesinstantiationR∈Rrequired∪RforintheR
thathavebeencopied.Eachsuchsubtreehasalabelpre(R0).ϕpandhasbeenreplaced0byMaLsubtree
ofholdstheforsameeveryprefixLand-modellabelM,pre(possibleR0).αwp(ϕorldp,wθ(ϕand)p).Sinceassignmentθisρonlythereaexistsrenamingaρofvsuchariablesthatittrivially
Mwρ|=Lpre(R0).ϕp=⇒Mwρ|=Lpre(R0).αp(ϕp,θ(ϕ)p)
Conversely,foreveryL-modelM,possibleworldwandassignmentρ’itfollowsfromLemmata3.4.3
that4.1.8andMwρ|=Lpre(R0).αp(ϕp,θ(ϕ)p)=⇒Mwρ|=Lpre(R0).ϕp
5.3.11ApplicationofRewritingReplacementRules
ifAtheresolutionleft-handsidereplacementoftheruleruleisisalwaysconnectableappliedtotothatanode.nodeofArethewritingfreevariablereplacementindexedrulecanformulaalsotree,be
Forappliedthetoapplicationsomenode,ofabreutwritemayalsobereplacementvirtuallyruletoappliedsometonodesometheresubtermwritingofthestepislabelofencodedaliteralinternallynode.
byacombinationoftheLeibniz’equalityintroductionandtheinstantiationrule.Wecallthiskindof
rewritingonnodesbooleanrewriting,sinceitconsistsoftheapplicationofanequivalenceA⇔B.
AsalreadypresentedinSection3.5,rewritinginsidelabelsofliteralnodesalsoreliesonthis
insidecombinationlabels,itofmayLeibniz’requireequalityanandadditionallyinstantiation,applicationbutofduethetoethextensionalitypresenceofrule.quantifiersorλ-binders
Sincetherewriting“inside”literalnodesreliesonextensionalityintroductionandrewritingon
nodeswefirstdefinetherewritingonnodes.
state,Definitionaanode5.3.33inRof(RewritingpolaritypandReplacementletu→Rulev,vA,...,pplicationvn(nOn0)Nodes)beanLet[Qadmissible,σLreR]bewritingaproofre-
1placementapplicationruleofufor→a,v,v1,where...,uvnandtovaisarethedefinedleft-asandfollows:right-handsidesofanε-typepositionv0.The
1.ApplytheLeibniz’equalityintroductionruletov0toobtain
β(P(Label(v))p,P(Label(u))p),

5.3.CORECALCULUSRULES87
2.InstantiatePbyλxxtoobtainβ(Label(v)p,Label(u)p),whichresultsintheresolution
rulereplacementLabel(u)p→Label(v)p,v1,...,vn.
3.ApplyLabel(u)p→Label(v)p,v1,...,vntoa.
Lemma5.3.34Therewritingstylereplacementruleapplicationonnodesissound.
Proof.TheLeibniz’equalityintroductionruleissoundandsafe.Theresolutionstyleruleapplication
sound.isAsamotivatingexampleforrewritinginsideliteralnodeswerefertotheexamplefromSec-
tion3.5.Wefirststatethedefinitionforrewritinginsideliteralnodesandafterwardsgiveanexample
thatillustratesthedifferentstepsofthedefinition.
Definition5.3.35(RewritingReplacementRuleApplicationInsideLiteralNodes)Let[Q,σL
R]beaproofstate,aaliteralnodeoflabelϕinRandofpolarityp,πavalidsubtermoccurrenceinside
Label(a),andletu→v,v1,...,vn(n0)beanadmissiblerewritingreplacementrulefora,where
uandvaretheleft-andright-handsidesofanε-typepositionv0oflabelε(s,t).Theapplicationof
u→v,v1,...,vnonaatπisdefinedasfollows:
--Letsuchx1,that...σ,x(ns)be=σthe(ϕv)ariablesandxithat∈domare(σfree),1inϕ|iπ,bnut.notinϕ.Letfurtherbeσasubstitution
π|--LetD:={X∈dom(σ)|∃xixi∈σ(X)}bethevariablesthatareinstantiatedwithatermin
whichoccursoneofthexi.Thenσispartitionedintotwodisjunctsubstitutionsdefinedby
σ1:=σ|Dandσ2:=σ|dom(σ)\D
--λyApply...λtheyes=λxtensionalityy...λyt.introductionruleonv0forthevariablesinDtoobtainv0oflabel
n1n1Ifthisfailstheruleapplicationfails.
--OtherwiseapplytheLeibniz’equalityintroductiononv0toobtaintheformula
γpPβp(P(λy1...λyns)p,P(λy1...λynt)p).
Thisresultsintheresolutionreplacementrule
P(λy1...λyns)p→P(λy1...λynt)p,v1,...,vn.
--Applythesubstitution{λfϕ|π f(σ1(yn),...,σ1(y1))/P}σ2.
--Applythe(instantiated)resolutionreplacementrule.
Lemma5.3.36Theapplicationofarewritingreplacementruleinsidenodesissound.
Proof.SincetheapplicationofrewritingreplacementrulesisacombinationofotherCOREcalculus
sound.isitrules,

88

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

Asanexampletoillustratetherewritinginsideliteralnodesconsiderthefollowinghigher-order
literalQ(λxNats(s(x))+y),whereQisapredicate,sisthesuccessorfunctiononnaturalnumbers
and+additiononnaturalnumbers.Fortherewritingconsidertheformula∀u,vs(u)+v=s(u+v),
whichgivesrisetotherewritereplacementrules(u)+v→s(u+v).Theapplicationoftheruleto
theliteralatthesubterms(s(x)+y)isachievedasfollows:
1.TheboundvariableinQ(λxs(s(x))+y)isx,andthesubstitutionσis{s(x)/u,v/y}.
2.ThenD:={u},σ1:={s(x)/u},andσ2:={v/y}.
3.Theapplicationoftheextensionalityintroductionruleoveru∈Dons(u)+v=s(u+v)results
inλus(u)+v=λus(u+v).
4.TheLeibniz’equalityintroductiononλus(u)+v=λus(u+v)resultsin∀PP(λus(u)+
v)⇒P(λus(u+v)).
5.Theγ-variablePisinstantiatedwithλfQ(λxf(s(x)))whichresultsinQ(λxs(s(x))+v)⇒
Q(λxs(s(x)+v)).
6.Finallyσ2isappliedwhichresultsinQ(λxs(s(x))+y)⇒Q(λxs(s(x)+y)),whichyields
therequiredresolutionreplacementruleQ(λxs(s(x))+y)→Q(λxs(s(x)+y)).Theruleis
applicableonQ(λxs(s(x))+y)andresultsinQ(λxs(s(x)+y)).

5.3.11.1LimitationsofReplacementRuleRewriting
Althoughthepreviousrewritingwithreplacementrulessupportsrewritingbelowbindingsofvari-
ables,itstillislimited.Asanexampleconsidertheconditionalvariant∀u,vu=0⇒u+v=
s(p(u)+v),wherepdenotesthepredecessorfunctiononnaturalnumbers,insteadoftheequa-
tion∀u,vs(u)+v=s(u+v).Thisaxiomresultsintheconditionalrewritingreplacementrule
[u=0]u+v→s(p(u)+v).Applyingthisruleresultsinthefollowingsteps:
1.TheboundvariableinQ(λxs(s(x))+y)isx,andthesubstitutionσis{s(s(x))/u,v/y}.
2.ThenD:={u},σ1:={s(s(x))/u},andσ2:={v/y}.
Thenextstepthatconsistsoftheextensionalityintroductionoverufails,sinceuoccursinthe
conditionu=0andthusisnotγ-localtou+v=s(p(u)+v).Thus,theapplicationofthereplacement
rulefails.Awaytolookatthisproblemisthatitfailsbecausethereisnowayofmovingthecondition
ofthereplacementrulebelowthebinderofx.
Onepossibilitytoremedythisproblemistouseforeachtypeτan“if-then-else”functionCoττ→τ
(cf.[Andrews,2002],p.235).Havingthisfunctionwouldintegratetheconditionoftherulebelow
thebinderofxandintheaboveexampletheresultofthereplacementruleapplicationwouldbe:

Q(λxC(s(s(x))=0,s(s(x))=0,s(p(s(s(x)))+y),s(s(x))+y))
InsteadofusingCwecouldalsousethedescriptionoperatorι:(τ→o)→τ,foreachtypeτ.The
functionCcanbedefinedbythedescriptionoperatorasfollows:
C(A,s,t)=ι(λy(A∧y=s)∨(¬A∧y=t))

5.3.CORECALCULUSRULES

89

Thedescriptionoperatoritselfcanbedefinedbythefollowingaxiomschemas:
∀yτι(λxτx=y)=y
foreverytypeτ.Usingthedescriptionoperator,theresultofthereplacementruleapplicationwould
be:Q(λxι(λz(s(s(x))=0∧z=s(p(s(s(x)))+y))∨(s(s(x))=0∧z=s(s(x))+y)))

Anothersolutionthatavoidstheuseofthedescriptionoperatorconsistsofremovingtheconditions
oftheequationsbydecomposingtheproblem

(u=0⇒u+v=s(p(u)+v))⇒Q(λxs(s(x))+y)
into

(u+v=s(p(u)+v)⇒Q(λxs(s(x))+y))∧(u=0∧Q(λxs(s(x))+y))
andsubsequentlyapplyingtheunconditionalequationu+v=s(p(u)+v)onQ(λxs(s(x))+y),
yieldswhich

(u+y=s(p(u)+y)⇒Q(λxs(p(s(s(x)))+y)))∧(u=0∧Q(λxs(s(x))+y))
TheCOREcalculusrulesdonotsupportthatkindofdecompositiondirectly.However,inChap-
ter10admissiblewerulepresentinthesuchCaOβREcalculus.-decompositionThus,ruleitcanwhichbeisusedusedtoinperform[Sch¨utte,this1977]kindofandβprove-decomposition.thatitisan

Cut5.3.12Thecutruleisthebasisfordifferentkindsofreasoningstepslikespeculativeproofsteps,lemma
introduction,proofbycontradictionorcaseanalysis.Itconsistsofreplacingaprefixedformulaw.ϕ
byw.βp(αp(Ap,ϕp),αp(Ap,ϕp)).
Thenewoccurrencesofϕparesimplecopiesoftheoldsubtree.ThesubtreesforApandAp
areinitialfreevariableindexedformulatreesfortherespectivesubtreesintheindexedformulatree
forβp(Ap,Ap)thathasbeenα-insertedinthecorrespondingindexedformulatreeQtorepresentthe
cut.TheproblemhereistodeterminewherethecutmustactuallybeperformedinQ.Theproblem
arisessincethefreevariableindexedformulatreeϕpusuallydoesnotcorrespondtoasinglesubtree
inQ,buthasbeenconstructedbyreplacementruleapplications.Theexactpositionofthecutformula
howevercannotbedeterminedyet,asitdependsonhowthepartsofthatcutformulaareusedlater-on
intheproof,i.e.whichpartsofAare“connected”topartsinϕp.Thus,wefollowadefensiveapproach
andassumeanypartofAcaninprinciplebeconnectedtoanypartinϕp.Technicallyspeaking,this
impliesthatwedetermineallsubtreesofQthatarereferencedinϕp–eitherbyliteralnodesorν-or
π-typenodes–anddeterminethesmallestsubtreeinQthatcontainsallthesesubtrees.Thatsubtree
isthenusedtoactuallyperformthecutoverA.
Definition5.3.37(CutRule)Let[Q,σLR]beaproofstate,andletRbeasubtreeofRwith
polaritypandlabelϕ,andAaformula.Assumefurther,thatQisthesmallestsubtreeofQthat
containsallsubtreesreferencedinR.ThecutoverAonRresultsinanewproofstate[Q,σLR],

90CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES
whereQandσresultfromthecutoverAonQinQ(cf.Definition4.7.1).Fromtheretwofree
variableindexedformulatreesRApandRAppofrespectipvesignedlabelsApandApareconstructed
fromtheinitialindexedformulatreesforAandA.FinallyRisobtainedfromRbyreplacingthe
subtreeRwiththesubtree
βpβp(αp(Ap,ϕp),αp(Ap,ϕp))
αpαp(Ap,ϕp)αpαp(Ap,ϕp)
RApRRApR
whereRisacopyofR.
Lemma5.3.38Thecutruleissoundandsafe.
Proof.TheL-admissibilityofσwithrespecttoQhasbeenshowninLemma4.7.3.Itremains
toprovethattheprefixedformulapre(R).ϕpisL-satisfiable,if,andonlyif,theprefixedformula
pre(R).βp(αp(Ap,ϕp),αp(Ap,ϕp))isL-satisfiable.LetMbeanL-model,wapossibleworldand
ρanassignment.Thenitholds:
Mwρ|=Lpre(R).βp(αp(Ap,ϕp),αp(Ap,ϕp))
⇔forallw∈Mwρ(pre(R))Mρ|=Lβp(αp(Ap,ϕp),αp(Ap,ϕp))
⇔forallw∈Mwρ(pre(R))Mwwρ|=Lαp(Ap,ϕp)orMwρ|=Lαp(Ap,ϕp)
⇔forallw∈Mwρ(pre(R))(Mwρ|=LApandMwρ|=Lϕp)
or(Mwρ|=LApandMwρ|=Lϕp)
⇔forallw∈Mwρ(pre(R))(Mwρ|=LApandMwρ|=Lϕp)
or(Mρ|=LApandMρ|=Lϕp)
⇔forallww∈Mwρ(pre(Rw))(Mwρ|=LAporMwρ|=LAp)andMwρ|=Lϕp)
⇔forallw∈Mwρ(pre(R))Mwρ|=Lϕp
⇔Mwρ|=Lpre(R).ϕp
Flex-FlexConstraints.Higher-orderunificationmaygenerateflex-flexconstraints.InSection4.9
wepresentedhowthoseareintegratedviathecut-ruleintotheindexedformulatree.Theseconstraints
ariseduringhigher-orderunification,andaredirectlyrelatedtotheapplicationofareplacementrule
inordertoenableitsapplication.Theexactsubtreeonwhichtheconstraintsneedtobeinsertedis
thusdeterminedbythesubtreeaofthefreevariableindexedformulatreeonwhichthereplacement
applied.isruleAssumetheflex-flexconstraintisH(s)=G(t)andthesignedlabelofthefreevariableindexed
formulatreeaisϕp.Tointroducethatconstraintweperformacutoverthatconstraintformulawhich
replacesthefreevariableindexedformulatreeaby
βp(αp(H(s)=G(t),ϕp),αp(H(s)=G(t)+,ϕp))
αp(H(s)=G(t),ϕp)αp(H(s)=G(t)+,ϕp)
H(s)=G(t)ϕpH(s)=G(t)ϕp
ThisallowstopapplytherewritingreplacementrulethatresultsfromH(s)=G(t)onthe2leftoc-
currenceofϕ,inorderenabletheapplicationoftheactualreplacementruleonthatformula.The
2Iftherearemorethanoneflex-flexconstraint,thisprocessneedstobeiteratedtointegrateallflex-flexconstraints
beforeapplyingtheactualreplacementrule.

COMPLETENESS5.4.

91

occurrenceofH(s)=G(t)+representstheactualnewgoalthatconsistsofprovingtheflex-flexcon-
straints.

Completeness5.4Inthissectionweprovethecompletenessofthecalculusconsistingofcontraction,weakening,struc-
turalmodalpermutation,replacementruleapplications,simplification,increaseofmultiplicity,in-
stantiation,Leibniz’equalityintroduction,extensionalityintroduction,booleanζ-expansion,andcut.
Theorem5.4.1(Completeness)LetϕbeanL-formula,Qaninitialindexedformulatreeforϕ+,R
aninitialfreevariableindexedformulatreeforQ,andIdtheemptysubstitution.IfϕisL-validthen
thereisaCOREderivation
[Q,IdLR]→[Q,σL+True]

Proof.ThecompletenessproofreliesonthesoundnessandcompletenessresultsofTheorem4.12.1
whichisdueto[Wallen,1990,Andrews,1989,Pfenning,1987].Theproofsketchisasfollows:from
Theorem4.12.1weassumethatwehaveguessedtherightmultiplicitiesforγ-andν-typenodes,
therightcombinedsubstitutionσ,thenecessaryintroductionsofLeibniz’equality,extensionalityin-
troductions,booleanζ-expansions,cut,andhavemovedanyand-quantifierinfrontofliteral
nodesusingthestructuralmodalpermutationrule.Allpathsintheresultingfreevariableindexed
formulatreeRPare(propositionally)L-unsatisfiable.Thatisfrom[Q,IdLR]wecanderiveaproof
state[QP,σLRP].Inasecondphasewehavetoprovethatfrom[QP,σLRP]wecanderive
[QP,σL+True].Theproblem[QP,σLRP]isessentiallypropositional,sinceallnecessarysubstitu-
tionshavealreadybeenapplied.Inthissecondphaseweprovethatthecombinationofthecontraction
rule,resolutionreplacementruleapplication,andsimplificationallowsustosimulatethepathresolu-
tionrulefrom[Murray&Rosenthal,1987a].SincepathresolutioniscompletetheCOREcalculusis
alsocomplete.However,whilepathresolutionderivesanemptysubgraph,weshowthatinCOREwe
obtainthefinalproofstate[QP,σL+True].ThetechnicalproofispresentedinAppendixA.
Notethatcutisonlynecessaryforcompletenessforthecaseofhigher-orderlogicwithHenkin
semantics.Foranyotherlogicthesimulationoftheextensionalityrulefrom[Pfenning,1987]isnot
necessarytoestablishcompleteness,whichistheonlycasethatactuallyrequiresthecutrule.We
discusstheissueofcuteliminationinthatcaseinthefollowingSection5.5.

5.5ANoteonCutElimination
Wehavealreadydiscussedthatcutisnotnecessaryforalllogicsbuthigher-orderlogicwithHenkin
semantics.WebrieflydiscussthefactthatcuteliminationisprobablyimpossibleintheCOREcalculus
withoutloosingcompletenessofthecalculuswithrespecttothatlogic.In[Benzm¨ulleretal,2002b]it
isshownthatforhigher-orderlogicswithHenkinsemanticstogetherwiththerulesξ,b(cf.Figure5.9)
andtheβη-normalisationrule,cuteliminationisimpossible3(cf.Example2.2.17in[Benzm¨ulleret
al,2002b]).IntheCOREcalculusweassumealltermstobeinβηnormalform,soβη-normalisation
isbuilt-in.Furthermore,theξ-rulecorrespondstotheCOREextensionalityintroductionruleandthe
3Actually[Benzm¨ulleretal,2002b]showstheresultforarulefinsteadofξandβη-normalisation.However,fis
admissibleinthepresenceofξandβη-normalisationrules.

92

CHAPTER5.FREEVARIABLEINDEXEDFORMULATREES

Γ∀XM=N,ΔξΓ,AB,ΔΓ,BA,Δb
ΓλXM=λXN,ΔΓAo=Bo,Δ
Figure5.9:Sequentcalculusξ-andb-rulesfrom[Benzm¨ulleretal,2002b].

b-rulecorrespondstotheζ-expansionruleonbooleans.Thealternativetothecut-rulepresentedin
[Benzm¨ulleretal,2002b]istousethefollowingtworules:
Γ,AA=B,B,Δ=ΓA1=B1,Δ...ΓAn=Bn,Δh
Γ,AB,ΔInitΓ(hA1,...An)=(hB1,...Bn),Δdec
WeconjecturethattherespectiveCOREcounterpartsofbothrulesarenotadmissibleinthecut
freeCOREcalculus,andthuscuteliminationisnotpossibleinCORE.Forfutureworkwepropose
toinvestigatethisquestioninmoredetail.Inparticular,weproposetocheckwhetheremploying
counterpartsofInit=anddechinsteadofthecutruleissufficientforaHenkincompleteandcut-free
variantoftheCOREcalculus.

Summary5.6TheprooftheoryoftheCOREsystem,aspresentedinthischapter,isactuallyametaprooftheoryas
itrelevantencompassesinformationavarietyaboutofthelogics.statusofThethecentralproof.ItnotionconsistsisthatofofanaindeproofxedstateformulawhichtreeQcontains,theallactualthe
substitutionσ,andafreevariableindexedformulatreeR.Qisanindexedformulatree(respectively
anexpansiontreeproof)andthisisusedtorepresentthedependenciesamongvariableandmodal
quantifiers.Itformsthebackboneoftheprooftheorywithrespecttosoundnessandensuresthe
admissibilityofsubstitutions.TheactualinterfacetotheuserandreasoningenginesisRwhichisa
freevariableformula,thevariablesbeingboundinQ.Thefreevariableformulaisannotatedwith
ofthepolaritieslogicalandconteuniformxtoftypesandsubformulasthisasproofwellastheoreticreplacementinformationrules.istheThebasisforreplacementauniformrulescannotionon
theonehandbeviewedastheoperationalisationofassertionlevelproofstepsandthereforesupport
theproofdevelopmentattheassertionlevel.Ontheotherhand,fromalogicalpointofview,they
aregeneralisedresolutionandparamodulationrules,whichisasuitablerepresentationforautomatic
procedures.reasoningthatifTheRwcanorkingbecopytransformedistomanipulatedTrue+bythe(respectiCOvRelyEFalsereasoning),thenrulestheandtheinitialsoundnessconjectureproofholds.ensuresThe
COREcalculusconsistsof12rulesanditscompletenesshasbeenprovedfortheclassoflogicsunder
considerations.ThesetofcalculusrulesisminimalforthewholeclassoflogicsandinSection5.5we
presentedsomeevidenceforthefactthatcuteliminationisnotpossiblewithoutloosingcompleteness
forhigher-orderlogicwithHenkinsemantics.
Althoughinprinciplethecalculusenforcesthereductionoftheinitialfreevariableindexedfor-
mulatreetoTrue+(respectivelyFalse),werefrainfromenforcingthisinpractice.Indeed,aspointed
outinSection1.2oftheintroduction,thefreevariableindexedformulatreerepresentspossiblecase
splitsbymeansoflogicalconnectives.Thus,inpractice,aproofstateisproved,ifthefreevariable
indexedformulatreeistriviallyprovablebysimplification,whichcorrespondstothefactthatallcases
representedinthefreevariableindexedformulatreeareproved.

chicalHierar

artP

Reasoning

III

6Chapter

encingInferwindoW

Thepleteproofcontetheoryxtualreasoning.introducedinTheChapterproof5stateproisvidesalwallaysanecessaryformula,featureswhichtomeetssupportthesoundandrequirementscom-
sketchedintheintroduction(Section1.1.3).However,sofar,theopengoalsarealistwithexactly
voneariableelement,indexednamelyformulathetreeformula(FVIF-tree)representingofthetheproofproofstate,state.containsThisallsignedpossibleformula,conjunctiorvratherethesubgoalsfree
andallalternatives.Indeed,considerasubtreeofthewholeFVIF-tree:theneachsubtreethatisβ-
anrelatedalternatitoavgievengoal.subtreeThus,isainsteadofconjunctidealingvelywithrelatedonesingleside-goal.formula,Analogouslyitshould,eachbeαpossible-relatedtofocussubtreeonis
β-relatedsubtreeswithoutactuallydecomposingthewholeformula.Additionally,afocusmechanism
wouldallowustomimicthestyleofproofsearchenforcedbystandardsequentcalculi.Moreover,in
contrasttothesecalculi,keepingthewholeFVIF-treewouldallowustoundodecompositionsbysim-
plyretractingthefocustotop-level1.Adetailedanalysisoftwopresentationallydifferentversionsof
a“same”proofispresentedinSection6.1,whichfurthermotivatesthebenefitofafocusmechanism.
Thisproofsearchtechniqueoffocusingandun-focusingisknownaswindowinferencing(or
windowinferenceasitwasoriginallycalled)[Robinson&Staples,1993,Grundy,1991,Staples,1995].
InthischapterwedefinewindowinferencingontopoftheCOREreasoningrulesandextenditto
supportthevarietyofreasoningrulesprovidedbytheunderlyingframework.However,whilein
[Robinson&Staples,1993,Grundy,1991,Staples,1995]thereasoningonsubpartsoftheformula
givesrisetoproofobligations,inourcasetheCOREframeworkprovidesallthecontextualreasoning
capabilitiesrequiredbywindowinferenceandnofurtherproofobligationsarise.
InSection6.2wedefinethenotionofwindowsforsubtreesofFVIF-treesandwindowtreesto
capturethehierarchicalstructureofwindows.Basedonthesenotionswedefinewindowproofstates
asalloanweustoxtensionfocustoCandOREun-focusproofonstates.subpartsInofSectionthe6.3.1FVIF-tree.wepresentThosetherulesreasoningonlyafrulesfectonthewindohierarchywsthatof
windowsrepresentedinthewindowtree,butnottheFVIF-tree.Finally,theactualwindowinference
rulesthataffectthestructureoftheFVIF-treearepresentedinSection6.3.2.Therebywedefinefor
eachoftheCOREreasoningrulesacorrespondingwindowinferencerule.

1Note,thatthiswouldbeevenpossibleafterhavingperformedsomechangesonthesubtrees,i.e.afterhavingtrans-
subformula.focusedtheformed

95

96

INFERENCINGWWINDO6.CHAPTER

ationvMoti6.1Asamotivationforfocusingwepresenttwoproofsofthefollowingtheoremaboutsumsofnatural
numbers:∀n∑in=1i3=(∑in=1i)2.Thetwoproofsareessentiallythesame,althoughtheirpresentations
differ.Thefirstproofispresentedinanintuitive,structuredhandwrittingstyle.
ExampleProof6.1.1of∀n∑in=1i3=(∑in=1i)2.Theproofisbyinductionovern:
BaseCasen=0:
1.Byn=0weobtain∑i0=1i3=(∑i0=1i)2.
2.Bydefinitionof∑andsquare(x2)weobtain0=0
InductionStepn=n+1:Theinductionhypothesisis∑in=1i3=(∑in=1i)2.
1.Byn=n+1weobtain∑in=+11i3=(∑in=+11i)2.
2.Bydefinitionof∑weobtain(n+1)3+∑in=1i3=((n+1)+∑in=1i)2.
3.By(a+b)2=a2+2ab+b2weobtain(n+1)3+∑in=1i3=(n+1)2+2(n+1)(∑in=1i)+
(∑in=1i)2.
4.ByInd.Hyp.itreducesto(n+1)3=(n+1)2+2(n+1)(∑in=1i).
5.By∑in=1=n(n+1)weobtain(n+1)3=(n+1)2+2(n+1)n(n+1)
226.Andfinally(n+1)3=(n+1)3
Thesameproofwithoutexplicitproofstructure,i.e.wheretheproofstateiscontainedinasingle
ws:folloasisformula,ExampleProof6.1.2of∀n∑in=1i3=(∑in=1i)2.Tothegoalweapplythe(higher-order)induction
axiomfornaturalnumbers∀P((∀nn=0⇒P(n))∧∀n,n(n=n+1∧P(n)))⇒∀nP(n))and
obtainnnnnnn
∀nn=0⇒∑i3=(∑i)2∧∀n,nn=n+1∧∑i3=(∑i)2⇒∑i3=(∑i)2(6.1)
i=1i=1i=1i=1i=1i=1
Weapplytheconditionn=0tothesubformula∑in=1i3=(∑in=1i)2whichresultsin
00nnnn
∀nn=0⇒∑i3=(∑i)2∧∀n,nn=n+1∧∑i3=(∑i)2⇒∑i3=(∑i)2(6.2)
i=1i=1i=1i=1i=1i=1
Tothatmodifiedsubformulaweapplytwicethedefinitionof∑whichresultsin
nnnn
∀nn=0⇒0=0∧∀n,nn=n+1∧∑i3=(∑i)2⇒∑i3=(∑i)2(6.3)
i=1i=1i=1i=1
Ontheotherpartoftheformulaweapplyn=n+1twicetothesubformula∑in=1i3=(∑in=1i)2which
toeducesrnnn+1n+1
∀nn=0⇒0=0∧∀n,nn=n+1∧∑i3=(∑i)2⇒∑i3=(∑i)2(6.4)
i=1i=1i=1i=1

TIONATIVMO6.1.

97

Applyingthedefinitionof∑twicetothatformulaleavesuswith
nnnn
∀nn=0⇒0=0∧∀n,nn=n+1∧∑i3=(∑i)2⇒(n+1)3+∑i3=((n+1)+∑i)2(6.5)
i=1i=1i=1i=1
By(a+b)2=a2+2ab+b2weobtain
∀nn=0⇒0=0∧
∀n,nn=n+1∧∑in=1i3=(∑in=1i)2(6.6)
⇒(n+1)3+∑in=1i3=(n+1)2+2(n+1)(∑in=1i)+(∑in=1i)2
Applyingtheinductionhypothesis∑ni=1i3=(∑in=1i)2andsubsequentsimplificationby(a+b=c+
b)⇔(a=c)weobtain
∀nn=0⇒0=0∧
∀n,nn=n+1∧∑in=1i3=(∑in=1i)2(6.7)
⇒(n+1)3=(n+1)2+2(n+1)(∑in=1i)
Applying∑in=1=n(n2+1)to∑in=1iresultsin
nn
∀nn=0⇒0=0∧∀n,nn=n+1∧∑i3=(∑i)2⇒(n+1)3=(n+1)2+2(n+1)(n(n+1))
i=1i=12
(6.8)whichaftersomefurthersimplerearrangementsresultsin
nn∀nn=0⇒0=0∧∀n,nn=n+1∧∑i3=(∑i)2⇒(n+1)3=(n+1)3(6.9)
i=1i=1
Asubsequentsimplesimplificationshowsthatnowtheproofiscompleted.
Thetwoproofsareessentiallythesame,exceptthatthefirsthasarichproofstructure,where
thedifferentcasesandassumptionsareexplicit,whilethesecondproofhasapoorproofstructure
andeverythingiscontainedinasingleformula.However,considerthestate(6.1)inthesample
proof6.1.2:thestructureofthesampleproof6.1.1atthesamestageiscontainedintheformulaand
wecanobtainitbyfocusingontherespectivegoalformulas∑in=1i3=(∑in=1i)2andinterpretingthe
logicalconnectivesaccordingtheir(uniform)type:
ExampleProof6.1.3Theproofisbyinductionovern:
BaseCasen=0:Thegoalistoprove∑in=1i3=(∑in=1i)2.
InductionStepn=n+1:Theinductionhypothesisis∑in=1i3=(∑in=1i)2.Thegoalistoprove
∑in=1i3=(∑in=1i)2.
Similarly,wecanobtainanystageofthesampleproof6.1.1byfocusingontherespectivesub-
formulasinthecorrespondingstepofthesampleproof6.1.2.Thereasonforthatisthatthelogical
connectivesinthecompleteformulacorrelatewiththeproofstructuringconcepts.
TheCOREprooftheorysupportsthedevelopmentofproofsinthestylepresentedinthesample
proof6.1.2.Wenowintroducewindowstructuresthatallowustofocusonsubpartsofthecomplete

98

6.CHAPTERINFERENCINGWWINDO

formula.Thecontentofthewindows,i.e.thesubformulasthefocusofattentionison,arethevisible
partsoftheformulato,forinstance,theuser.Thestructureoftheproofisdictatedbythelogical
connectivesabovethewindowsandtheproofcanbepresentedaccordingly.Sincetheproofstateis
stillacompleteFVIF-tree,theformulasinthelogicalcontextofawindowcanstillbedetermined
bytheunderlyingCOREcontextmechanism.Furthermore,thecontextformulascanbeappliedonto
thesubformulas,whichchangesthecontentofawindow.However,wenotonlyallowtofocuson
formulas,butalsotofocusonanysubtermbelowtheliterallevel.Thishasalreadybeenintroduced
intheoriginalwindowinferencefrom[Robinson&Staples,1993],andprovedtobeanadequate
mechanismfortheoremprovingheuristicsasRippling[Bundyetal,2003,Bundyetal,1990b,Hutter,
1990]forinductivetheoremproving,oritsgeneralizedvariantforequationaltheoremproving[Hutter,
1997b].,Hutter1997a,

6.2Windows,WindowStructuresandWindowProofStates
Inthissectionwefirstdefinethenotionofawindowandthenthehierarchyofwindowsbyintroducing
tree,windowandstructurtechnicallyes.Intuititheyvareely,windopointerswstoshowsubtreesusaandsmallbsubtermsutofcurrentlythelabelimportantofapartleaf-nodeoftheofFVIF-the
FVIF-treeinaproofstate.Introducingawindowforasubtreeallowsthereasoningprocesstofocus
onthethatsurroundingsubtreepartshidingisthestillvisiblesurroundinginthepartswindoofwtheandwholetherulesFVIF-tree.obtainedThefromcontethextuallogicalconteinformationxtcanin
beusedtomanipulatethesubtreecontainedinthewindow.
Clearlyitispossibletorecursivelyaddwindowstosubtrees.ThesubtreerelationshipinaFVIF-
treeentailsapartialorderingamongwindows,whichcapturesthehierarchicalstructureofwindows.
Thethosethatmaximalarewindoactuallywswithvisibletorespectthetothatreasoninginducedenginesorderingandtheareuser.so-calledactivewindows,whichare
Beforedefiningthenotionofwindowsandwindowstructureswedefinethetargetdomainof
aswindoanywsproperinsomesubtermFVIF-treeofalabelR.Asofmotisomevleafatednodeabove,ofaR.windoThus,wthemaytargetdenotedomainanyofsubtreesomeofwindoRaswwellfor
Risdefinedasfollows:
Definition6.2.1(SubstructuresofFVIF-trees)LetRbeaFVIF-tree.ThesubstructuresofRare
ofallLabelsubtrees(R)of.RWeanddenoteallRπthatwheresetRbyisS(aR).leaf-nodeThoseSof∈RS(andR)πthataarenon-emptyleafvnodesalidannotatedsubtermbyoccurrencesomeπ
arecalledinnersubstructures.
ForconveniencewealsodefineS(S)asthesetthatcontainsallsubstructuresofS,i.e.S(R)ifSis
aFVIF-treeR,andotherwise,ifS:=Rπ,thenS(S)areallRπ,whereπisavalidsubtermoccurrence
forLabel(R)andπisaprefixofπ.
Inthefollowingsectionswewillhavetoreplacesubstructuresbyothersubstructures,whichwe
ws:folloasdefineDefinition6.2.2(ReplacementofSubstructures)LetS,SbesubstructuresofsomeFVIF-tree,S∈
SS(S)with,andSSinSatogethersubstructurewithaofpartialanothermappingFVIF-tree.ι:S(SThen)\Swe(S)denote→S(byS|S( S|SS )S,whichι)thearedefinedreplacementbyof
--IftheSisamappingsubtreeoftheandSissubstructuresasubtreeofSthennotitinSdenotestotheirthestandardcorrespondingreplacementsubstructuresofSinwithS|SS ;Sι.is

6.2.WINDOWS,WINDOWSTRUCTURESANDWINDOWPROOFSTATES99

--IfS:=RπandS:=Rπ,andifthelabelsofRandRareequaluptothesubtermsdenotedby
π,thenS|S SdenotesthereplacementofRbyR;ιisthemappingofthesubstructuresofS
thatarenotinStotheircorrespondingsubstructuresinS|S S.
--Otherwisethereplacementisundefined.
Notethatintheabovedefinition,ifthewholesubtreeSisreplaced,i.e.S=S,thendom(ι)=0/.
Finally,windowsaredefinedasfollows:
Definition6.2.3(Windows)LetRbeaFVIF-tree,Wanenumerableset,andf:W→S(R)a
partialfunction.WesaythatfisawindowstructureforRandeachn∈dom(f)isawindowthat
denotesthesubtreef(n).Thepolarity,uniformtypeandlabelofnarethoseoff(n),iff(n)isa
subtree.Otherwisef(n):=Rπandnhasundefinedpolarity()anduniformtype(),anditslabelis
Label(R)|π.
Wedenoteby(S,f)thecombinationofasubstructurewithawindowstructurefforS,andsay
thatSisannotatedbyf.WesayfurtherthatfiscompleteforSif,andonlyif,thereisann∈dom(f)
suchthatf(n)=S.
ThewindowsinsomesubstructureSwithrespecttof,denotedbyWin(S,f)arealln∈dom(f)
suchthatf(n)∈S(S).TherestrictionofawindowstructureftoSisthefunctionf↓Sdefinedby
f↓S(n):=f(n)iff(n)∈S(S)
otherwiseundefinedNotethatf↓SisalwaysawindowstructureforS.Thehierarchyamongwindowsn∈dom(f)is
inducedbythesubtreeandsubtermrelationshipsofthedenotedsubstructures.
Definition6.2.4(WindowHierarchyandActiveWindows)LetSbeasubstructure,fawindow
structureforS,andn,n∈dom(f).Thennissmallerthann(wewritenfnornfn)if,andonly
if,--f(n)isasubtreeandf(n)iseitherapropersubtreeoff(n)orf(n)isaleaf-nodeRannotated
byasubtermoccurrenceandRisasubtreeoff(n),or
--f(n)isaleafnodeRannotatedbyπandf(n)isthatsameleafnodeRannotatedbyπandπis
aproperprefixofπ.
Theparentwindowwithrespecttofofsomewindownisthatn,ifitexists,suchthatnfn
holds,andthereisnon,suchthatnfnandnfnhold.Conversely,thechildwindowsofn
withrespecttofareallwindowsofwhichnistheparentwindow.
AwindowngovernsasubstructureSif,andonlyif,S∈S(f(n))andthereisnofurtherwindow
nsuchthatnfnandforwhichS∈S(f(n))holds.
Theactivewindowsoffarethewindowsindom(f)thataremaximalwithrespecttof.
IntuitivelytheactivewindowsdenotethosesubstructuresofSthatarevisibletothereasoning
enginesandtheuser.AsanexampleconsidertheinitialFVIF-tree(cf.Figure5.1,p.64)forthe
formula(∀xNat0+x=x)∧(∀xNat∀yNat¬(x=0)⇒x+y=s(p(x)+y))
⇒∀pNat→o∀vNatp(s(s(0))+v)⇔P(s(s(v)))

100

INFERENCINGWWINDO6.CHAPTER

α+(0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y)))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y))ζ+p(s(s(0))+v)⇔p(s(s(v)))
ε0+X=Xβ¬(X=0)⇒X+Y=s(p(X)+Y)
α+¬(X=0)εX+Y=s(p(X)+Y)
εX=0

Figure6.1:ExamplewindowstructurefortheinitialFVIF-treeoftherunningexample.

Y=Ws(ep(X)introduce+Y).InwindowsFigurefor6.1the(p.top-le100)velwenodeshowasthewellasFVIF-treeforthetogethersubtreeswithε0the+X=windoXwandεstructure,X+
wheresubtree.weInthatdisplayexample,graphicallytheactithevewindowindowswsonaresubtreesthoseonbyε0+puttingX=aXboxandεaroundX+theY=roots(p(nodeX)of+Ythat),
whiletherootnodeistheirparentwindow.
WenowdefinethenotionofawindowproofstateasanextensionofaCOREproofstatebya
windowstructureffortheFVIF-treeintheproofstate.
Definition6.2.5(WindowProofState)Let[Q,σR]beaCOREproofstateandfawindow
structureforRthatiscompleteforR.Then[Q,σLL(R,f)]isawindowproofstate.Itsactive
windowsarethoseoff.
windowsGivenofaf.windoWhetherwproofthosestateare[Q,σconjunctiL(vRe,f)],subgoalstheorvisiblealternatigoalsvesinthisdependsproofonstatewhetherarethethoseactiveare
-related.αor-relatedβFreplacementortheofaspecificationsubstructureofhoSwtheof(CSO,fR)Eby(Sreasoning,f),ruleswhereafffectisathecompletewindowwindostructurewwestructuredefinefortheS
andfisawindowstructureforS.
Definition6.2.6(ReplacementofAnnotatedSubstructures)Let(S,f),(S,f)beannotatedsub-
structures,fcompleteforS,andSasubstructureofS.Thereplacement(S,f)|S (S,f)ofSby
0/(S,fholds.)inIf(itS,isf)isdefined,definedtheif,andreplacementonlyif,(S|resultsS Sin,ι()Sis,f)definedwhereandS(:dom=(Sf)\Winand(Sf,fis))∩defineddom(fby)=
S S|--IfeitherS=S,orS:=SandfiscompleteforS,then
f(n):=ιf((fn()n))ififnn∈∈domdom((ff))\Win(S,f)
otherwiseundefined--Otherwise,ifS=SandfisnotcompleteforS,thenassumen0∈dom(f)in
f(n):=Sf(n)ififnn=∈n0dom(f)
otherwiseundefined

6.3.COREWINDOWINFERENCERULES

101

Theabovereplacementofannotatedsubstructuresistheonlyrulerequiredtodefinetheeffects
ofCOREreasoningrulesonthewindowstructure.Acommoneffectpatternisalsotheinsertionof
anannotatedsubstructure,asforexampleα-insertionforcontraction,Leibniz’equalityintroduction,
extensionalityintroduction,orβ-insertionforreplacementruleapplication.However,theinsertionof
annotatedsubstructuresreliesonthepreviousreplacementofannotatedsubstructures.Nevertheless
wepresentitsformaldefinition,sinceitiswidelyusedinthesubsequentsections.Inthatdefinition
weneedtocombinetwopartialfunctions:tothisendweintroducetheoperator,whichisdefined
onpartialfunctionsg,gforwhichholds∀n∈dom(g)∩dom(g)g(n)=g(n),by:
g(n)ifn∈dom(g)
(gg)(n):=g(n)ifn∈dom(g)\dom(g)
otherwiseundefinedDefinition6.2.7(InsertionofAnnotatedSubstructures)Let(S,f),(S,f)beannotatedsubstruc-
turessuchthatfiscompleteforSanddom(f)∩dom(f)=0/,letSbeasubstructureofS,andbothS
andSarenotinnersubstructures.Thenwedefinetheα-insertion(respectivelyβ-insertion)of(S,f)
onSin(S,f)bythereplacementofSwiththeannotatedα-typesubstructure(α(S,S),f↓Sf)
(respectivelytheβ-typesubstructure(β(S,S),f↓Sf).Wedenotetheresultingannotatedsub-
structuresrespectivelyby(S,f)|S (α(S,S),f↓Sf)and(S,f)|S (β(S,S),f↓Sf)

6.3COREWindowInferenceRules
Thereasoningrulesforwindowproofstatesaretwofold:firstly,therearerulestomanipulatethe
windowtree,i.e.toopennewwindows,ortocloseactivewindows.Morespecifically,theserules
supportopeningofsubwindowsforactivewindows,whichcorrespondstothewindowopeningrule
from[Robinson&Staples,1993].Additionallytheysupportopeningofwindowsforwindowsthat
arenotactive,whichallowsustofocusonformulasinthelogicalcontextofagivenwindow.Also
wemayconsideralternativestotheactualgoalorside-goalstoanactualgoal,dependingonwhether
thenewwindowisα-orβ-relatedtoexistingactivewindows.Finally,activewindowscanbeclosed,
whichcorrespondsroughlytothewindowclosingrulefrom[Robinson&Staples,1993].Thefirst
kindofrulesarepresentedinSection6.3.1.Thesecondkindofrulesarethewindowinferencerules
forallCOREcalculusrules,whicharepresentedinSection6.3.2.
6.3.1WindowInferenceRulesforWindowStructures
Inordertoproveaformula,theinitialwindowproofstateis[Q,σL(R,{n→R})],where[Q,σLR]
istheinitialproofstatefortheformulaandnistheinitialwindowdenotingthewholesubtreeR.The
windowinferencerulestomanipulatethewindowtreeare(1)openingsubwindowsforanactive
window,(2)openingfurthersubwindowsfornon-activewindows,and(3)closingactivewindows.
Definition6.3.1(SubwindowsforActiveWindows)Let[Q,σL(R,f)]beawindowproofstate,
nanactivewindowwithrespecttof,andS1,...,Skproperandindependent2substructuresoff(n).
TheopeningofsubwindowsfornonSisdefinedby
[Q,σL(R,f)]
[Q,σL(R,{nS1→S1,...,nSk→Sk}f])SubwindowsfornonS
2I.e.foreach1initholdsf(n)∈S(Si)andforeach1i=jnitholdsSi∈S(Sj).

102

INFERENCINGWWINDO6.CHAPTER

α+(0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y)))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y))ζ+p(s(s(0))+v)⇔p(s(s(v)))
ε0+X=Xβ¬(X=0)⇒X+Y=s(p(X)+Y)
α+¬(X=0)εX+Y=s(p(X)+Y)
εX=0

Figure6.2:Exampleforopeningasubwindowforanon-activewindow.

wherethenSiarenewwithrespecttodom(f),and{nS1→S1,...,nSk→Sk}denotesthepartialfunc-
tionofdomain{nS1,...,nSk}thatmapseachnSitoSi.
toalsoWhileallothewforsubwindofurtherwsubwindoopeningwsruleforintroducesnon-activesubwindowindows.wsforThisisactivesupportedwindows,byittheisconsubwindovenientw
rule.additionDefinition6.3.2(SubwindowsforNon-ActiveWindows)Let[Q,σL(R,f)]beawindowproof
state,nanon-activewindowwithrespecttof,Sapropersubstructureoff(n).Ifdom(f↓S)=0/andn
governsS,thentheopeningofasubwindowfornonSisdefinedby
[Q,σL(R,f)]
[Q,σL(R,{nS→S}f)]SubwindowfornonS
wherenSisnewwithrespecttodom(f).
ConsiderasanexamplethewindowstructurefortheFVIF-treeshowninFigure6.1(p.100):
Openingafurthersubwindowforthenon-activetop-levelwindowresultsinthewindowstructure
viewedinFigure6.2.Theactivewindowsofthatwindowstructurearethen0+X=X,X+Y=
s(p(X)+Y),andζ+p(s(s(0))+v)⇔p(s(s(v))).εε
Finally,weintroducearuletoremoveactivewindows,whichallowstoun-focus.
withDefinitionrespect6.3.3tof(WwithindochildwwindoClosingwsnRule)1,...,Letnk[.QIf,σallLni(Rare,f)]actibeveawindowindowswwithproofstate,respectnatof,windothenw
thesubwindowclosingruleisdefinedas
[Q,σL(R,f)]
[Q,σL(R,f)]CloseSubwindowsofn
wheref(n):=f(n)ifn∈{n1,...,nk}
otherwiseundefined+p(sExample(s(0))+6.3.4v)⇔Forp(se(s(vxample)))allowsconsiderustothecomewindobackwtothestructurewindoinwFigurestructure6.2.fromClosingFigurethe6.1windo(p.w100).on
ζ

6.3.COREWINDOWINFERENCERULES

103

Thiscompletesthereasoningrulesthataffectthewindowstructureonly.Inthenextsectionwe
showhowthestandardCOREcalculusrulesareusedaswindowreasoningrulesandhowtheyaffect
structure.wwindothe

6.3.2CORECalculusWindowInferenceRules
WeshallnowgivethewindowversionsoftheactualCOREcalculusrulesbydefininganappropriate
windowinferenceruleforeachcalculusrule.

Axiom6.3.2.1ThesingleaxiomnodeforruleTruecloses+oraFproofalse.whenWethedenoteFVIF-treethissingleRofanodeprooftreestateby[ProQ,vσedp,LR]whereispropisved,R’si.e.itpolarityis.a
Forthewindowversionofthatrulewerequirethatthewindowstructurefofthewindowproofstate
[Q,σL(Provedp,{n→Provedp})]hasasinglewindowonProvedp.
isaDefinitionFVIF-tree6.3.5forT(Wrueindo+orwFalseAxiom,thenRule)thatLet[windoQ,σwLproof(R,{nstate→isR}pro)]vbeed.awindowproofstate.IfR

Contraction6.3.2.2Thecontractionruleisappliedtosomewindowproofstate[Q,σL(R,f)]andreplacesasubtreeR
ofRbysomenewsubtreethatcontainsRanditscopyR.Fromthecopyingweobtainanisomorphic
mappingι:S(R)→S(R)andtogetherwithf↓RwedefinenewwindowstructurefRforRsuchthat
thereisamappingι:dom(f↓R)→dom(fR)andιf↓R=fRιholds,i.e.thefollowingdiagram
commute:mustιS(R)S(R)
f↓R=fR
dom(f↓R)dom(fR)
ιThenthewindowcontractionruleconsistsoftheα-insertionof(R,fR)onRin(R,f).
Definition6.3.6(WindowContractionRule)Let[Q,σL(R,f)]beawindowproofstate,Ra
subtreeofR,RacopyofRwithmappingι,awindowstructurefRobtainedfromf↓Randι,anda
mappingι:S(R)→S(R).Thenthewindowcontractionruleisdefinedby
[Q,σL(R,f)]
[Q,σL(R,f)|R (α(R,R),f↓RfR)]WindowcontractionofR
if,andonlyif,ιf↓R=fRιholds.

oftheExamplewindo6.3.7wcontractionConsiderasruleanoneε0xample+X=theXwindoduplicateswstructurethatofsubtreeFigureand6.2inserts(p.a102):newThesubwindoapplicationwfor
thecopiedsubtreesincetherewasawindowontheoriginalsubtree.Theresultingwindowstructure
isshowninFigure6.3(p.104).

104

WINDO6.CHAPTERINFERENCINGW

α+((0+X=X∧0+X=X)∧(¬(X=0)⇒X+Y=s(p(X)+Y)))⇒(p(s(s(0))+v)⇔p(s(s(v))))
α(0+X=X∧0+X=X)∧(¬(X=0)⇒X+Y=s(p(X)+Y))ζ+p(s(s(0))+v)⇔p(s(s(v)))
α0+X=X∧0+X=Xβ¬(X=0)⇒X+Y=s(p(X)+Y)
ε0+X=Xε0+X=Xα+¬(X=0)εX+Y=s(p(X)+Y)
εX=0

Figure6.3:Windowstructureresultingfromcontractingε0+X=X.

eningeakW6.3.2.3TheweakeningrulereplacesasubtreeRofRbyasubtreeR∈Weakened(R).Someofthesubtrees
ofRarenolongerpresentintheweakenedsubtreeandweneedtoconstructawindowstructurefor
RfromR.Tothisendweextendthedefinitionofweakenedsubtreestoannotatedsubtreesthat
returnaweakenedsubtreetogetherwithanadequatewindowstructure.Inthatdefinitionweneedthe
converseoperationto,whichisdefinedonarbitrarypartialfunctionsg,gby
(gg)(n):=g(n)ifn∈dom(g)\dom(g)
otherwiseundefinedDefinition6.3.8(WeakeningofAnnotatedFVIF-trees)Let(R,f)beanannotatedFVIF-tree.The
setWeakened(R,f)ofweakenedannotatedFVIF-treesfor(R,f)isdefinedrecursivelyoverthestruc-
:Rofture--IfRisaleafnode,then
Weakened(R,f):={(R,f↓R)}
--IfR:=αp(R1,R2),then
–if∃n∈dom(f)f(n)=αp(R1,R2),then
Weakened(αp(R1,R2),f):={(αp(R1w,R2w),f1f2{n→αp(R1w,R2w)})
|(Riw,fi)∈Weakened(Ri,f),i=1,2}
∪Weakened(R1,(f{n→R1|∀n}){n→R1})
∪Weakened(R2,(f{n→R2|∀n}){n→R2})

otherwise–Weakened(αp(R1,R2),f):={(αp(R1w,R2w),f1f2)
|(Riw,fi)∈Weakened(Ri,f),i=1,2}
∪Weakened(R1,f)∪Weakened(R2,f)
--IfR:=βp(R1,R2),then

6.3.COREWINDOWINFERENCERULES

105

–If∃n∈dom(f)f(n)=βp(R1,R2)then
ppwwpww
Weakened(β(R1,R2),f):={(β(R1,R2)|,(fR1iw,ffi2)∈{Wneak→βened(R(1R,i,Rf2),))i=1,2}
otherwise–Weakened(βp(R1,R2),f):={(βp(R1w,R2w)|,(fR1w,ffi2))∈Weakened(Ri,f),i=1,2}
i--IfR:=νp(R),then
–If∃n∈dom(f)f(n)=νp(R)then
Weakened(νp(R),f):={(νp(Rw),f{n→νp(Rw)})|(Rw,f)∈Weakened(R,f)}
Otherwise–Weakened(νp(R),f):={(νp(Rw),f)|(Rw,f)∈Weakened(R,f)}
--IfR:=πp(R),then
–If∃n∈dom(f)f(n)=πp(R),then
Weakened(πp(R),f):={(πp(Rw),f{n→πp(Rw)})|(Rw,f)∈Weakened(R)}
Otherwise–

Weakened(πp(R),f):={(πp(Rw),f)|(Rw,f)∈Weakened(R)}

UsingtheweakeningofannotatedFVIF-treesthewindowweakeningruleisdefinedoverthe
replacementofannotatedsubstructuresasfollows:
Definition6.3.9(WindowWeakeningRule)Let[Q,σL(R,f)]beawindowproofstate,Ra
subtreeofR.Thenthewindowweakeningruleisdefinedby
[Q,σL(R,f)]
[Q,σL(R,f)|R (R,f)]WindowweakeningofR
where(R,f)∈Weakened(R,f↓R).
Example6.3.10ConsiderasanexamplethewindowstructureofFigure6.3(p.104):Weakening
theε0+X=Xintroducedbycontractionremovesthatsubtreeanditswindowandweobtainagain
thewindowstructurefromFigure6.2(p.102).

106

INFERENCINGWWINDO6.CHAPTER

ermutationsPModalStructural6.3.2.4ThestructuralmodalrulereplacesforexamplesubtreesofRthathavetheformνQ(α(R1,R2))by
α(νQ(R1),νQ(R2)).ThewindowversionofthatrulereplacesthesubstructureνQ(α(R1,R2))in(R,f)
withtheannotatedsubstructure(α(νQ(R1),νQ(R2)),f)forsomef.Forthespecificationoff
weproceedasfollows:anywindowstructureinsidetheRiispreserved.Ifthereisawindowon
νQ(α(R1,R2))orα(R1,R2),thenthosearesettoα(νQ(R1),νQ(R2)),possiblybymergingthem.
Definition6.3.11(WindowStructuralModalPermutationRule)Let[Q,σL(R,f)]beawindow
proofstate,RasubtreeofRonwhichtheCOREstructuralmodalpermutationruleisapplicable.The
windowstructuralmodalpermutationruleisthendefinedasfollows:
1.IfR=νp(αp(Rp)),then
[Q,σL(R,f)]
[Q,σL(R,f)|νp(αp(Rp)) (αp(νp(Rp)),f)]UnarywindowmodalpermutationonR
wherefisdefinedby
--ifthereisannsuchthatf(n)=νp(αp(Rp))andannwithf(n)=αp(Rp),then
f:=f↓R{n→αp(νp(Rp))}.
--ifthereisannwithf(n)=αp(Rp),butnonwithf(n)=νp(αp(Rp)),thenf:=
f↓R{n→αp(νp(Rp))}.
--otherwisef:=f↓R.
2.IfR=νp(αp(R1p1,R2p2)),then
[Q,σL(R,f)]
[Q,σL(R,f)|νp(αp(R1p1,R2p2)) (αp(νp1(R1p1),νp2(R2p2)),f)]BinarywindowmodalpermutationonR
wherefisdefinedby
--ifthereisannsuchthatf(n)=νp(αp(R1p1,R2p2))andannwithf(n)=αp(R1p1,R2p2),
thenf:=f↓R1f↓R2{n→αp(νp1(R1p1),νp2(R2p2))}.
--ifthereisannwithf(n)=αp(R1pp1,R2p2),bputnonwithf(n)=νp(αp(R1p1,R2p2)),then
f:=f↓R1f↓R2{n→αp(νp1(R11),νp2(R22))}.
--otherwisef:=f↓R1f↓R2.
TheothercasesoftheruleforthedifferentformsofRareanalogously.
Example6.3.12Considerasanexampletheformula(A∧B)⇒Aanditswindowstructureon
theleft-handsideofFigure6.4,wherethesubscriptsQandQarethereferencestothevariable
nodesinthecorrespondingindexedformulatree.Theapplicationofthewindowstructuralmodal
permutationtothesubtreeνQ(A∧B)movesthemodalquantifierinwardsandinheritsthewindow
onthatnodetothenewnodeα(Q(A)∧Q(B)).

6.3.COREWINDOWINFERENCERULES

α+Q(A∧B)⇒QA
νQ(A∧B)π+QA
αA∧B+A
AB

α+(Q(A)∧Q(B))⇒QA
α(Q(A)∧Q(B))π+QA
νQ(A)νQ(B)+A
AB

Figure6.4:WindowstructuresbeforeandafterstructuralmodalpermutationonαA∧B.

107

6.3.2.5ResolutionStyleReplacementRuleApplication
Theresolutionstylereplacementruleapplicationofu→v,...,vonsomesubtreeareplaces
thesubtreeabyasubtreeforProvedandβ-insertsthe(weak1ened)msubtreesvi.However,forthe
inheritwindowitvinersionanofadequatethatrulemannerwe.mustThisisforaccommodateinstanceathepossiblecaseifwindowewhaveastructureresolutionthatisinsidereplacementaand
rulethatstemsfromarewritereplacementrule.Ifthereisawindowstructure,sayfa,insidea,we
caneasilyconstructawindowstructurefuforusinceaanduhavethesamelabelandthusuand
ahaveisomorphicsubstructures.AssumenowthatthelabelofucanbeexpressedbyLabel(u):=
((λx1,...,xns(x1,...,xn))u1...un),wheretheuicorrespondtotheactivewindowsinuandthexi
denotethepositionsofthesewindowsandhenceoccurexactlyonceins(x1,...,xn).Inorderto
adequatelyinheritthatstructureduringruleapplication,weneedtofindaviwhichlabelisoftheform
((λx1,...,xns(x1,...,xn))v1...vn).Ifso,wecaninheritthewindowstructuretothatvi.Notethat
thisrequirementsalsoensurethatallnon-activewindowsinucanbeuniquelyassignedtoviasthe
contextoftheu1,...,unandv1,...,vnareequal.Inordertoformalisethatrequirementweintroduce
thenotionofisomorphicsubstructuresuptosomesubstructuresandasubstitution.Weusethatnotion
afterwardstostrengthentheapplicationconditionofreplacementrulesforthewindowversionofthe
rule.applicationrulereplacementresolutionDefinition6.3.13(IsomorphicSubstructuresuptosomeSubstructuresandSubstitution)Let
S,Sbetwosubstructures,σanL-substitution,andS1,...,Sn∈S(S)andS1,...,Sn∈S(S).Wesay
thatSandSareisomorphicuptoS1,...,SnandS1,...,Snandσif,andonlyif,σ(Label(S))=
Label(S|Si Si,i=1...n).Ifso,thenthereexistsaninjectivemorphismι:S(S)→S(S|Si Si,i=1...n).That
functionistheidentityfunctionontheSi.
Furthermore,wedenotebyιS,Sthemapping{S1→S1,...,S1→S1}ι,whichisaninjective
morphismnn[[ιS,S:(S(S)\S(Sj))∪{S1,...Sn}→(S(S)\S(Sj))∪{S1,...Sn}
j=1j=1

Therestrictionofthewindowapplicationofaresolutionreplacementruleu→v1,...,vmon
someannotatedFVIF-tree(a,f)isthenthatwemustfindavithathasthesamemodalprefixthanaand
isisomorphictoauptosomev1,...vn∈S(vi)andthesubstructuresa1,...,anofawhicharedenoted

108

INFERENCINGWWINDO6.CHAPTER

+α+(12⇒(Ord([1])⇒Ord([1,2])))⇒Ord([1,2])α⇒(1((122⇒∧(OrOrdd([([11]))]))∧⇒TOrrued)([1,2]))
12⇒(Ord([1])⇒Ord([1,2]))+Ord([1,2])
ββ12⇒(Ord([1])⇒Ord([1,2]))β+(12∧Ord([1]))∧True
+12Ord([1])⇒Ord([1,2])
β+12βOrd([1])⇒Ord([1,2])β+12∧Ord([1])+True
+Ord([1])Ord([1,2])
+Ord([1])Ord([1,2])+12+Ord([1])

Figure6.5:Windowstructuresbeforeandafterapplicationofthereplacementrule.

byforvtheiandactivanewindoisomorphismwsoff.ι:Fromdom(thef)→respectidomv(ef)mappingsuchthatιa,vithewefollocanwingconstructdiagramawindocommutes:wstructuref
ιSS(S(a)\jn=1S(aj))∪{a1,...an}(S(vi)\jn=1S(vij))∪{vi1,...vin}
ff=dom(f)ιdom(f)
duceFornewthewindodefinitionwsthatofthedenotewindothewadditionalresolutionβ-insertedreplacementsubtreesrulev,j=application1...n,notej=ithatthatwearealsoinsertedintro-
jbytheresolutionreplacementruleonsubtreesRforwhichf↓Risnon-empty.
Definition6.3.14(WindowResolutionReplacementRuleApplication)Let[Q,σL(R,f)]bea
forwindoa.wTheproofruleisstate,awindoawsubtreeapplicableofR,andonua→in(vR1,,f..).,if,vmandanonlyadmissibleif,thereisresolutionavithathasreplacementthesamerule
modalprefixthana,andhassubstructuresv1,...,vn,suchthatvisisomorphictoawithrespectto
vi1,...,vinandtheactivewindowsinawithirespectitof↓aandiresultsinthemappingιa,vi.Thenthe
windowresolutionreplacementruleapplicationisdefinedby
[Q,σL(R,f)]
[Q,σL(R,f)]Applyu→v1,...,vmona
where(R,f)resultsfrom
--thereplacementofawith(Provedp,0/),
--theβ-insertionof(vi,f)onsomeadequatesubtree,andwherefissuchthatthereisaniso-
morphismιanditholdsιf=fι.
--theβ-insertionof(vj,fj)onsomeadequatesubtreeRjforj=1...n,j=i,wherefj:={nj→
vj},njisnew,iff↓Rj={};otherwisefj:={}.
Example6.3.15Considerasanexamplethewindowstructureviewontheleft-handsideofFig-
ure6.5,wherethereisanwindowontheinnersubstructure[1,2]ofthesubtree+Ord([1,2]).The

6.3.COREWINDOWINFERENCERULES

α+(12⇒(Ord([1]))⇒Ord([1,2]))⇒(12∧Ord([1]))
β12⇒(Ord([1])⇒Ord([1,2]))β+12∧Ord([1])
+12βOrd([1])⇒Ord([1,2])+12+Ord([1])
+Ord([1])Ord([1,2])

109

Figure6.6:WindowstructureaftersimplificationofthewindowstructurefromFigure6.5(p.108).

++heritsapplicationthatofwindothewtoresolutiontheinnerreplacementsubstructurerule[1]Orofd([1the,2])→inserted1subgoal2,Or+dOr([d1([])1])toandthataddssubtreeanein-w

windowforthefurthersubgoal+12.Theresultingwindowstructureisshownontheright-hand
6.5.FigureofsideSimplification6.3.2.6ThesimplificationrulereplacesasubtreeRofRby(1)eitherasubtreeRforeitherTrue+orFalse
ifRisproved,orbyasubtreeRforTrueorFalse+ifitisdisproved.Or(2)ifRisoftheform
βand(R1,R2)otherwisewherebyeα(Rxactlyj).Orone,offinallythe,R(3)iisifRprovised,ofbytheRj,formj=αi(,R1if,RR2j)andwhereRehavexactlytheonesameofthepolarityRiis,
disproInvtheed,byfirstRj,case,j=ithe,ifRwindojandwRhastructurevetheforsameRispolarityremov,edandandifotherwisetherewbyasα(aRj).windowonR,then
itshalldenoteRafterwards.InthesecondcaseanywindowstructureforRiisdeleted,whilethe
windowstructureforRj,j=i,ispreserved.Iftherearewindowsnandnthatrespectivelydenote
βthe(R1,R2replacing)andRjsubtreeandistheRj,thenreplacingnisremosubtreeved.isα(TheRj),thirdthencasenfinallydenotesisα(Rj)analogouslyafterwtoards.thelastOtherwise,case.if
Definition6.3.16(WindowSimplificationRule)Let[Q,σL(R,f)]beawindowproofstate,Ra
.Rofsubtree+1.IfR(respectiofvelypolarityFalsep+is),ifpropv=ed+,and(respectiforvFelyalsedisprov(respectied),vthenelyTletrueR),beifap=FVIF-tree.ThenfortheTruesim-
isruleplification[Q,σL(R,f)]
[Q,σL(R,f)|R (R,f)]WindowsimplifyR
wheref(n):=Rundefinediff(n)otherwise.=R’,
2.IfR:=β(R1,R2)andnotproved(respectivelyα(R1,R2)andnotdisproved)andRiisproved
(respectivelydisproved),then:
--IfRandRj,j=i,havethesamepolarity,thenthesimplificationruleis:
[Q,σL(R,f)]
[Q,σL(R,f)|R (Rj,fj)]WindowsimplifyR

110

INFERENCINGWWINDO6.CHAPTER

+(α¬((((X0+=X0)=⇒XX∧(+QY(0=+sX()p(⇒X)Q(+XY))))))∧(⇒0(+p(Xs(=s(X0))∧(+Qv()0⇔+Xp()s(⇒s(vQ())))X))))∧
α((0+X=X∧(Q(0+X)⇒Q(X)))∧
(0+X=X∧(Q(0+X)⇒Q(X))))∧(¬(X=0)ζ+p(s(s(0))+v)⇔p(s(s(v)))
⇒X+Y=s(p(X)+Y))
α((0+X=X∧(Q(0+X)⇒Q(X)))∧(0+X=X∧(Q(0+X)⇒Q(X))))β¬(X=0)⇒X+Y=s(p(X)+Y)
α0+X=X∧(Q(0+X)⇒Q(X))α0+X=X∧(Q(0+X)⇒Q(X))α+¬(X=0)εX+Y=s(p(X)+Y)
ε0+X=XβQ(0+X)⇒Q(X)ε0+X=XβQ(0+X)⇒Q(X)εX=0
+Q(0+X)Q(X)+Q(0+X)Q(X)

Figure6.7:WindowstructureresultingfromintroducingLeibniz’equalityfortheε-typeformula
ε0+X=X.

wherefj:=f↓Rj.
--IfRandRj,j=i,haveoppositepolarities,thenthesimplificationruleis:
[Q,σL(R,f)]
[Q,σL(R,f)|R (α(Rj),fj)]WindowsimplifyR
wherefj(n):=α↓(RRjj)iff(n):=R↓Rj
f(n)ifn∈dom(f)
otherwise.undefinedExample6.3.17Considerasanexamplethewindowstructureontheleft-handsideofFigure6.5
(p.108).ThewindowsimplificationofitresultsinthewindowstructureshowninFigure6.6(p.109).
EqualityLeibniz’6.3.2.7Givenawindowproofstate[Q,σL(R,f)],letQ:=ζε(s,t)pbeanε-orζ-typeleafnodeinQof
polarityp,andR1,...,RntheleafnodesinRthatbelongtoQ.ThentheLeibniz’equalityintroduction
ruleforQα-insertsoneachRiaFVIF-treeRifor(P(s)⇒P(t))p.Forthewindowversionofthat
rulethewindowstructurefortheRiremaininplaceandnewwindowsareaddedforeachRi.
Definition6.3.18(WindowLeibniz’EqualityIntroductionRule)Let[Q,σL(R,f)]beawindow
proofstate,Q:=ζε(s,t)aleafnodeofpolaritypinQ,andR1,...,RntheleafnodesinRthatbelong
toQ.LetfurtherQbeanindexedformulatreefor(∀PP(s)⇒P(t))pandR1,...,RnFVIF-treesfor
Q.ThenthewindowLeibniz’equalityintroductionruleis
[Q,σLR]
[Q|Q α(Q,Q),σL(R,f)|Ri (α(Ri,Ri),fi),i=1...n]WindowLeibniz’equalityintroductiononQ
whereforall1in,fi:=f↓Rifi,wherefi:={}iff↓Ri={},andotherwisefi:={ni→Ri}and
niisnew.

6.3.COREWINDOWINFERENCERULES

111

α+(0+X=X∧(¬(X=0)⇒((X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y)))))
⇒(p(s(s(0))+v)⇔p(s(s(v))))
α0+X=X∧(¬(X=0)⇒((X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y))))ζ+p(s(s(0))+v)⇔p(s(s(v)))
ε0+X=Xβ¬(X=0)⇒((X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y)))
α+¬(X=0)α(X+Y=s(p(X)+Y))∧(λyX+y=λys(p(X)+y))
εX=0εX+Y=s(p(X)+Y)ελyX+y=λys(p(X)+y)

s(pFigure(X)+6.8:Y)Wwithindowrespecttostructureγ-localafterveariableYxtensionality.introductionforε-typeformulaεX+Y=

Example6.3.19Considerasanexamplethewindowstructureobtainedbywindowcontraction
showninFigure6.3(p.104).TheapplicationofthewindowLeibniz’equalityintroductionrule
forε0+X=XinsertsforbothoccurrencestherespectiveLeibniz’equalitysubtreesandaddssub-
windowsfortheintroducedsubtrees,sincethereweresubwindowsontheoccurrencesofε0+X=X.
TheresultingwindowstructureisshowninFigure6.7.

Extensionality6.3.2.8Givenawindowproofstate[Q,σL(R,f)],letQ:=ζε(s,t)pbeanε-orζ-typeleafnodeinQof
polarityp,xavariablethatislocalforQandR1,...,RntheleafnodesinRthatbelongtoQ.Thenthe
extensionalityintroductionruleforQwithxα-insertsoneachRiaFVIF-treeRifor(λxs=λxt)p.
ForthewindowversionofthatrulethewindowstructurefortheRiremaininplaceandnewwindows
areaddedforeachRi.
Definition6.3.20(WindowExtensionalityIntroductionRule)Let[Q,σL(R,f)]beawindow
proofstate,Q:=ζε(s,t)aleafnodeofpolaritypinQ,xlocalforQ,andR1,...,Rntheleafnodes
inRthatbelongtoQ.LetfurtherQbeanindexedformulatreefor(λxs=λxt)pandR1,...,Rn
FVIF-treesforQ.Thenthewindowextensionalityintroductionruleis
[Q,σLR]
[Q|Q α(Q,Q),σL(R,f)|Ri (α(Ri,Ri),fi),i=1...n]WindowextensionalityintroductionforQwithx
whereforall1in,fi:=f↓Rifi,wherefi:={}iff↓Ri={},andotherwisefi:={ni→Ri}and
niisnew.
Example6.3.21ConsiderasanexamplethewindowstructurefromFigure6.1(p.100).Thewindow
extensionalityintroductiononεX+Y=s(p(X)+Y)withrespecttotheγ-localvariableYα-inserts
thesubtreeελyX+y=λys(p(X)+y)andaddsawindowforthatsubtreesincetherewasawindow
onεX+Y=s(p(X)+Y).TheresultingwindowstructureisshowninFigure6.8.

112

INFERENCINGWWINDO6.CHAPTER

α+(0+X=X∧(¬(X=0)⇒X+Y=s(p(X)+Y)))
⇒((p(s⇒(sp((vs()))s(v⇒))))p(∧s((sp((0s))(s(+vv)))))∨⇒((pp((ss((ss((00))))++vv)))))
(((pp((ss((ss((v0)))))+⇒v)p(s⇒(s(p0(s))(s+(vv))))))∨∧(p(s(s(v)))⇒p(s(s(0))+v)))
ζ+p(s(s(0))+v)⇔p(s(s(v)))β+(p(s(s(0))+v)⇒p(s(s(v))))∧(p(s(s(v)))⇒p(s(s(0))+v))
α+(p(s(s(0))+v)⇒p(s(s(v))))α+(p(s(s(v)))⇒p(s(s(0))+v))
p(s(s(0))+v)+p(s(s(v)))p(s(s(v)))+p(s(s(0))+v)

Figure6.9:Windowstructureafterbooleanζ-expansiononζ+p(s(s(0))+v)⇔p(s(s(v))).

-ExpansionζBoolean6.3.2.9+Givpolarityena,andwindoR1w,...proof,Rnstatethe[Qleaf,σnodesL(Rin,fR)],thatletQ:belong=ζ(toAo,QB.o)Thenbeatheζ-typebooleanleafζ-enodeinxpansionQofrulepositivfore
Qα-insertsoneachRiaFVIF-treeRifor((A⇒B)∧(B⇒A))+.Forthewindowversionofthatrule
thewindowstructurefortheRiremaininplaceandnewwindowsareaddedforeachRi.
Definition6.3.22(WindowBooleanζ-ExpansionRule)Let[Q,σL(R,f)]beawindowproof
state,Q:=ζ(Ao,Bo)apositiveleafnodeinQ,andR1,...,Rntheleaf+nodesinRthatbelongtoQ.
LetfurtherQbeanindexedformulatreefor((A⇒B)∧(B⇒A))andR1,...,RnFVIF-treesfor
Q.Thenthewindowbooleanζ-expansionruleis
[Q,σLR]
[Q|Q α(Q,Q),σL(R,f)|Ri (α(Ri,Ri),fi),i=1...n]Windowbooleanζ-expansionofQ
whereforall1in,fi:=f↓Rifi,wherefi:={}iff↓Ri={},andotherwisefi:={ni→Ri}and
niisnew.

Example6.3.23Considerasanexamplethewindowstructureafteropeninganadditionalsubwin-
dowforthenon-activetop-levelwindowfromFigure6.2(p.102).Theapplicationofthewindow
booleanζ-expansionforζ+p(s(s(0))+v)⇔p(s(s(v)))α-insertsthenewsubtreeforβ+(p(s(s(0))+
v)+⇒p(s(s(v))))∧(p(s(s(v)))⇒p(s(s(0))+v))andaddsawindowforitsincetherewasawindow
onζp(s(s(0))+v)⇔p(s(s(v))).TheresultingwindowstructureisshowninFigure6.9.
Instantiation6.3.2.10TheinstantiationrulereplaceseachliteralinwhichoccursaninstantiatedvariablebyanewFVIF-
treefortheinstantiatedlabel.Ifahigher-ordervariableisinstantiatedandsomewherethereisa
windowstructureinsidethesubstructureofanoccurrenceofthatvariable,thenthatwindowstructure
isaffectedbythatinstantiation.Inthesecaseswesimplyremovethewindowstructurethatisinside
suchasubstructure.Formally,wedefinethewindowversionoftheinstantiationruleby:

6.3.COREWINDOWINFERENCERULES

113

Definition6.3.24(WindowInstantiation)Let[Q,σL(R,f)]beawindowproofstate,andσan
L-substitution,suchthatσσisL-admissible.LetfurtherbeQ1,...,QntheleafnodesinQthatare
affectedbyσ,andforeachQiletRi1,...,RinibetheleafnodesinRthatbelongktoQi.Finally,foreach
QiletQibetheindekxedformulatreeforσ(Label(Qi))thatreplacesQiandRibetheFVIF-treefor
QithatreplacesRi.Thenthewindowinstantiationruleis
[Q,σLR]Windowinstantiationσ
[Q|Qi Qi,σσL(R,f)|Rik (Rik,fik),1in,1kni]
wherethefkaredefinedby:letS1,...,SjbethemaximalsubstructuresinRkthatcontainahigher-
ordervariableifromdom(σ).TheycorrespondtosubstructuresS1,...,SjofRiiksuchthatRikandRik
areisomorphicuptoS1,...,SjandS1,...,Sjandσ.Fromthereweobtaintheinjectivemorphism
ιRik,RikandtogetherwiththerestrictionofftothedomainofιRik,Rikcanobtainfikandιiksuchthat
ιRik,Rikf↓dom(ιRik,Rik)=fikιikholds.

MultiplicitiesofeaseIncr6.3.2.11TheincreaseofmultiplicitiesincreasesthemultiplicitiesofspecificsubtreesinQfromwhichwe
obtainavariablerenamingρ.Furthermore,theruleα-insertsnewsubtreesR1,...,Rnrespectivelyon
specificsubtreesR1,...RnofR(cf.Definition5.3.31),anditholdsρ(Label(Ri))=Label(Ri),forall
1in.
ForthewindowversionofthatrulewecopyanywindowstructureinsidetheRitotherespective
Ri.TothisendweusethepropertythatRiandRiareisomorphicuptothesubstitutionρ.Fromthere
wecanobtainanadequatefiforRifromf↓Ri.
Definition6.3.25(WindowIncreaseofMultiplicities)Let[Q,σL(R,f)]beawindowproofstate,
QtheindexedformulatreethatresultsfromtheincreaseofmultiplicitiesinQ,ρtherespective
renaming,ιtherespectiveautomorphismonsubnodesofQ,andσthenewoverallL-substitution.
Furthermore,letR1,...RnbethesubtreesofRthatarecopiedmoduloρandιtoobtainR1,...,Rn.
Thenthewindowruletoincreasemultiplicitiesis
[Q,σL(R,f)]
[Q,σL(R,f)|Ri (α(Ri,Ri),f↓Rfi),i=1...n]Windowincreasemultiplicities
iwherefiisobtainedfromtheisomorphicrelationshipuptoρofRiandRiwhichentailsthe
morphismsιRi,RiandιisuchthatιRi,Rif↓Ri=fiιiholds.

6.3.2.12RewritingStyleReplacementRuleApplication
ThisruleisaspecificcombinationofLeibniz’equalityintroduction,instantiation,andresolutionstyle
replacementruleapplication.Duringthedefinitionofthewindowresolutionstylereplacementrule
applicationwehavealreadytakencarethattherewritingreplacementruleapplicationishandledin
.mannerappropriatethe

Cut6.3.2.13TheCutoversomeformulaϕonsomesubtreeRofRandofdefinedpolaritypisachievedby

114

WWINDO6.CHAPTERINFERENCING

1.α-insertinganinitialindexedformulatreeQfortheclosedquantifiedcutformula(∃x(ϕ⇒
ϕ))+(respectively(∃x(ϕ⇒ϕ))+formodallogics)togetherwithanL-substitutionσand
FVIF-treesRϕandRϕ+respectivelyforthenegativeandpositivesubtreesoflabelϕinQ,
2.copiesRtoRandreplacesRinRwithβ(α(Rϕ,R),α(Rϕ+,R)).
ForthewindowversionofthatruleweinheritanywindowstructureinsideRtoRandadd
windowsdenotingRϕandRϕ+onlyiftherewasawindowonorinsideRbeforeruleapplication,i.e.
iff↓R={}wherefisthewindowstructurebeforeruleapplication.
Definition6.3.26(WindowCutRule)Let[Q,σL(R,f)]beawindowproofstate,Rasubtreeof
Rwithdefinedpolarity,Qtheinitialindexedformulatreefor(∃x(ϕ⇒ϕ))+3,σthesubstitutionto
adequatelyintegrateQ,RϕandRϕ+FVIF-treesrespectivelyforthenegativeandpositivesubtreesof
labelϕinQ,andRacopyofR.Thenthewindowcutruleis
[Q,σL(R,f)]
[α(Q,Q),σσL(R,f)|R (β(α(Rϕ,R),α(Rϕ+,R)),f)]Windowcutoverϕ
wherefisdefinedby:letfbethewindowstructureforRobtainedfromf↓Randitsisomorphic
relationshiptoR.Furthermore,letfϕ:={}iff↓R={}andotherwisefϕ:={n→Rϕ,n+→Rϕ+},
n,n+new.Thenf:=f↓Rffϕ.

Summary6.4InthischapterweaddedfurtherintuitivereasoningcapabilitiesontotheCORErulestosupportthefo-
iscusingonlyaandtechnicalmanipulationadd-onoftoarbitrarysupportasubpartshierarchicalofthereasoningFVIF-tree.styleItturnedwhichoutdoesthatnotwindoprovidewinferencingadditional
contextualreasoningcapabilities,sincetheunderlyingframeworkalreadysupportsallnecessarycon-
capabilites.reasoningxtualteFocusingonsubpartsoftheFVIF-treesupportstheuserandthereasoningenginestoarbitrar-
ilychoosealistofopengoals,consideralternativestochosensubgoals,andcomebackonthose
decisions,withouthavingtobacktrack.
Finally,thedifferentpossibilitiestoadaptthewindowtreestructureduringtheapplicationofthe
COREcutruleallowstorepresentvariousreasoningmethodslikecaseanalysis,proofbycontradiction
andspeculativeproofsteps.Thisisthebasistosupportbothclassicaltacticalorfullyautomaticproof
searchproceduresandproofplanningprocedureswithinthesameframework.

3respectively(∃x(ϕ⇒ϕ))+formodallogics.

7Chapter

ofChangeesentationRepr

Representationalchangeisanimportantfeaturenotonlyinmathematicalproblemsolving.Itisoften
usedinordertosimplifyagivenproblemposedinsomerepresentationlanguagebytranslatingitintoa
moreadequaterepresentationoftheproblem.Thetranslationcaneitherbyanadequatereformulation
oftheproblemandhenceaproofobtainedfortheprobleminthenewrepresentationprovesthe
originalproblem.Orthetranslationisastrictabstractionofthesourcerepresentationinwhichcase
thereisapriorinoformalrelationshipbetweenaproofwithrespecttothenewrepresentationanda
possibleproofwithrespecttotheoriginalrepresentation.However,theproofwithrespecttothenew
representationcanforinstancebeusedasaplantoguidethesearchforaproofwithrespecttothe
representation.originalInSection7.1wepresentsomechangesofrepresentationknownfromtheliteraturethathave
beensuccessfullyusedintheoremproving,especiallyproofplanning.Basedontherequirement
specificationwepresentinSection7.2theconceptsthatunderlytheinfrastructureforrepresentational
changeimplementedinCORE.

7.1ExamplesforRepresentationalChanges

LabelledFragmentsinInductiveTheoremProving.Themajortaskininductivetheoremproving
isthattothisapplytheapplicationinductionbecomeshypothesispossible.totheTheinductikeyveobservconclusion,ationtoi.e.supporttoachangethegoal-directedrepresentationguidancesuchof
theapplicablemanipulationisthatofthethelatterisinductioncontainedconclusionintheininductionordertoevconclusion,entuallyi.e.makiteistheaskinductioneleton.Thehypothesisdiffer-
encesbetweentheinductionhypothesisandtheinductionconclusionarethenoccurrencesoffunction
symbolsaroundthepartsthatbelongtotheskeleton.Takeasanexamplethefollowingformulaoverx
asinductionconclusionϕ(x+s(y))andlettheinductionhypothesisbeϕ(x).Thedifferencesbetween
theseformulasaretheoccurrencesof+,y,ands.Inordertoapplyϕ(x)theinductionconclusionmust
betransformedintoaformulaoftheformΨ(ϕ(x)).Thedifferencesaremadeexplicitbyannotating
thefunctionsymbolsbycolours,e.g.whiteiftheybelongtotheskeletonandgrayiftheybelongto
thedifferences:ϕ(x+s(y)).
Theguidanceinformationthatenablestheapplicationoftheinductionhypothesisconsistsin
oftheapplyingformula,rulesthatwhile–frompreservingantheoperationalskeletonpointparts.ofvieAnwe–moxampleveforthedifthiskindferencesoftorulewisardsthetop-level

115

116

CHAPTER7.CHANGEOFREPRESENTATION

X+(Y+Z)=(X+Y)+Z(7.1)

Thelabelledfragmentsrepresentationof[Hutter,1994]isanabstractionfromtheconcretefunc-
tionsymbolscontainedinthedifferences.Therebyalloccurrencesoffunctionsymbolsthatformthe
differencesareabstractedtoanewuninterpretedfunctionsymbol.Intheaboveexampleweobtain:
ϕ((x)).Similarly,theaxiomsareabstractedwithrespecttotheskeleton/contextannotations,which
inxampleeforresults

X+(Y)=(X+Y)(7.2)
Thiswaytheabstractspaceisconstructedfromthegroundspace.Aproofintheabstractspace
doesnotentailthatthereisaproofinthegroundspace.However,itcanserveasaproofplanforthe
proofinthegroundspace,andeachintermediatestepintheabstractspacecorrespondstosomeofthe
intermediateformulasinthegroundspaceproof.Thatis,wehave

✉SpaceAbstract✉✉

GroundSpace✉✉✉✉✉
groundAlthoughspace,thetheeconvxistenceerseofholds:aproofifintheretheisnoabstractproofinspacethedoesabstractnotimplyspace,thatthentherethereisaistnoproofproofinthein
space.groundtheandanFromaabstractedlogicalpointconjecture.ofviewIntheorderabstracttosupportspacetheconsists,reuselikeofthegenericgroundreasoningspace,ofasetprocedures,ofaxiomsthe
abstractspaceshouldberepresentedinthesameformalismthanthegroundspace.

DiagrammaticReasoning.Diagramsandgeometricoperationsoverdiagramsareaformalism
widelyusedinmathematicalproblemsolving.[Jamniketal,1997,Jamniketal,1999]investigate
howtosupportthisstyleofreasoning,especiallyforreasoningaboutsumsandproductsovernatural
numbers.Forinstancetheproductofnandn+1canberepresentedbythefollowingdiagram:
✉✉...✉✉
✉✉...✉✉
...............
n✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
1+nGeometricoperationsoverthesediagramscorrespondtospecificmathematicaloperationsover
naturaldiagonallinenumbers.intheForesquarexamplethathalfresultsofinthetwoaboveisoscelesproducttrianglesdiagramofisheightobtainedandbywidthn:virtuallydrawinga

7.1.EXAMPLESFORREPRESENTATIONALCHANGES

n✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
.............
............
..✉...
n→n+n
✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
✉✉...✉✉
1+nn

117

sitionofSimilarlythe,naturaltheproductnumbercanberepresenteddecomposedbytheintoproductintosub-diagramsa2,b2,abwhich,andba:correspondstothedecompo-

✉...✉...✉✉✉
✉...✉...✉✉✉
b...............
✉...✉...✉✉✉
✉...✉...✉✉✉
a✉...✉...✉✉✉
ba

Inordertosupportthisstyleofreasoningwithinatheoremproveralanguagedescribingthe
geometricobjectsisdefined:square(a,b)forsquaresofheightaandwidthb,andtriangle(a,b)for
trianglesofheightaandwidthb.Thegeometricoperationsaredescribedbyfurtherfunctionslike
half(square(n,n+1))thatdividesasquareintotwotriangles,“flip”totransformannm-square(resp.
triangle)intoanmn-square(resp.triangle),or“+“forthehorizontalandverticalcompositionof
squares.Thesemanticsoftheseoperationsisthendefinedbythefollowingaxioms:

half(square(n,n+1))=triangle(n,n)(7.3)
flip(square(n,m))=square(m,n)(7.4)
square(a,b)+square(c,b)=square(a+c,b)(7.5)
square(a,b)+square(a,c)=square(a,b+c)(7.6)
square(a+b,a+b)=(square(a,a)+square(a,b))
+(square(b,a)+square(b,b))(7.7)
itisTaouseproblemthatintherepresentationdomainofforannaturalactualnumbers.problemIfso,solvingthetask,abstractwefirstspacehaveistoconstructeddeterminefromwhetherthe
abogroundveaxiomsspacebydescribingmappingthetheaxiomsgeometricandoperations.conjecturesTheintotheproblemdiagramontheabstractrepresentationspaceandisthenaddingagainthe
composedofasetofaxiomsandaconjecture.Ifthemappingisadequatethenaproofwithrespect
totheabstractspaceentailsthatthereisaproofinthegroundspace.Ifthemappingisnotadequate,
forinstanceiftheconjectureinthegroundspacecontainedpropertiesthatcouldnotberepresented
bydiagrams,thentheabstractproofcanstillbeusedasaproofplantoguide(partsof)theproofin
space.groundthe

118

CHAPTER7.CHANGEOFREPRESENTATION

AbstractingtoSimplerRepresentations.Moreclassicalabstractionsthantheabovearemappings
ofproblemsgivenwithrespecttosomelogicLtoaproblemwithrespecttoaweakerlogicL.
are:Examples--Themappingofhigher-orderlogicproblemstofirst-orderlogicproblems:eitherahigher-
orderlogicproblemisreformulatedasafirst-orderlogicproblemasdonein[Kerber,1992],
orthehigher-orderlogicproblemisessentiallyafirst-orderorderproblem,andthuscanbe
reformulatedassuchinacanonicalway.Theadvantageofthesereformulationsisthattheproof
searchproceduresforfirst-orderlogicaremoreefficientrespectivelymorewelldevelopedthan
thoseforhigher-orderlogic.Inbothcasesthefirst-orderproofentailstheexistenceofahigher-
orderlogicproof,iftheinitialtransformationwasadequate.Otherwise,itcanserveasaproof
planforthosepartsoftheinitialhigher-orderproblemthathavebeenadequatelytransformed.
--Themappingoffirst-orderlogicproblemstopropositionallogicproblems.Thisisessentially
similartothepreviouscase.Notethatinthiscasethetransformationallowstomovefroma
semi-decidabledomaintoadecidabledomain.
--Themappingof(partsof)aproblemintoarepresentationsuitabletouseadecisionprocedure.
Takeasanexampleadecisionprocedureforlineararithmetic:iftheoriginalproblemcontains
subproblemsthatareessentiallylineararithmeticproblems,thenanexplicittransformationinto
therepresentationforpurelineararithmeticproblemsisrequiredinordertoenabletheappli-
cationofthedecisionprocedure.Again,theproofwithrespecttotheabstractdomainimplies
theexistenceofaproofintheoriginaldomainonlyifthemappingisadequate.Otherwise,
theabstractproofcanbeusedasaproofplantoguide(partsof)theproofwithrespecttothe
domain.original

Theseexamplesdemonstratethefollowinginformalrequirementspecificationforaninfrastructure
thatefficientlysupportstheuseofabstractionsduringproofsearch:
--Proofsearchwithrespecttodifferentrepresentationsshouldbesupportedinparallel.Although
bothproofstatesshouldbeseparatedfromeachotherforsoundnessreasons,therelationsbe-
tweentheproofswithrespecttodifferentlevelsofabstractionsshouldbeexplicitinorderto
communicatethisinformationtoallpartnersinvolvedintheproblemsolvingprocess.
--Abstractionsshouldbetreatedasfirst-classcitizenslikeother(pure)calculusrules.Theyshould
beprovidedassuchtothedifferentpartnersanalogouslytothecalculusrulesandcontextual
information.Thisrequiresamechanismtodefinetheapplicationdomainsofrepresentational
abstractionsinordertoallowtochecktheirapplicabilityinsomeproofstate.

7.2ConceptsandRulesforRepresentationalChange
Inthisresentations,sectioni.e.,weintroduceabstractions,theinbasicCORE.conceptsRethatgardingtheunderlietheinformaldefinitionrequirementanduseofspecificationchangeofinrep-the
pretweenviousproofssection,thatCORbelongEtosupportsdifferentmultipleproofstatessimultaneousisamatterproofofstates.proofEstablishingrepresentationtheandconnectionitwillbe-be
addressedinChapter8.Itremainstoprovidetheconceptsofabstractions,theexplicitrepresentation
ofcitizenstheduringapplicabilityproofofsearch.abstractions,andthetreatmentofabstractionsandrefinementsasfirst-class

7.2.CONCEPTSANDRULESFORREPRESENTATIONALCHANGE

119

Inordertodescribetheapplicationdomainofanabstractionweintroducethenotionofarea-
andsoningconstantsdomainthatinareSectionrequired7.2.1.byanIntuitivelyabstractionareasoningfunction.domainBasedisonathissignaturewedefinecontainingtheconcepttheoftypesa
representationalabstractioninSection7.2.2.

DomainsReasoning7.2.1Ftheortherepresentationaldescriptionofabstractionsrepresentationalbutratheralloabstractions,wforanweydokindnotofimposedescriptionaofdeclaratithosevedescriptiontransformations,of
explicitlyincludinganyprogramminglanguage.Inordertosupportanexplicitrepresentationofthe
applicationdomainforspecificrepresentationalabstractions,weintroducethenotionofreasoning
domains.Theintuitionthatunderliestheirdefinitionisthatarepresentationalabstractionusuallyhas
built-inknowledgeaboutspecifictypesandconstantsandexploitsthatbuilt-inknowledgeinorderto
computeanewrepresentation.Takeasanexampletherepresentationalabstractiontodiagramrepre-
sentations:implementationtheneedsabstractiontoerecognisexploitsthethatknotypewledgeandtheaboutrespectifunctionsveovfunctions,ertheitnaturalmustrelynumbers.ontheSincesyntax,its
cali.e.aconnectibasevtypees¬,Nat∧,∨and,⇒,⇔function.Furthermore,symbols+,the,,ΣapplicationoftypesdomainNatofNata→Natrepresentationalaswellastheabstractionlogi-
mayfirst-orderberestricteddomain.toaReasoningspecificlogic,domainslikearetheameanchangetofrommakaethathigher-ordersyntacticallogicandlogicalrepresentationtorequirementssome
xplicit.eDefinition7.2.1(ReasoningDomains)LetLbealogicandΣavalidL-signature.ThenD:=(L,Σ)
Disa:=r(L,easoningΣ)if,anddomain.onlyAif,Lreasoningisasub-logicdomainofD:L=(andL,ΣΣ)isismorcontainedespecificinΣ.thanareasoningdomain
Arepresentationalabstractionisthenapplicabletosomeproofstateifitsreasoningdomainisless
statespecificconsiststhantheofthereasoninglogicofdomainthatofproofthestateprooftogetherstate.withTherebyalltypesreasoninganddomainconstantsofathat(windooccurw)inproofthat
proofstate,whichisdefinedasfollows:
proofDefinitionstatewith7.2.2respect(ReasoningtoL,andDomainΣtheofLW-signatureindowPrthatoofconsistsStates)ofLetallLtypesbeandlogic,constantsWPSainwindoWPSw.
ThenthereasoningdomainofWPSis(L,Σ).
GivenareasoningdomainDwedenotebyWPSDthesetofwindowproofstatesthathavea
reasoningdomainthatisequaltoormorespecificthanD.

AbstractionsesentationalRepr7.2.2Arepresentationalabstractionisamappingℵthatmapswindowproofstatestowindowproofstates.
Inordertodescribethetypeofthemapping,therepresentationalabstractionconsistsofareasoning
domaindescribingitsapplicationdomainandatargetreasoningdomain.Thenthemappingℵisa
functionfromthesetofwindowproofstatesofthesourcereasoningdomainintothesetofwindow
proofstatesforthetargetreasoningdomain.Thesourcereasoningdomainistherebyadescription
thattypicallyonlyapproximatestheactualdomainofthemappingℵ.Thus,ℵistypicallyonlya
partialfunction.Inordertorepresenttherelationsbetweenthegroundandabstractproofstates,
therepresentationalabstractionfunctionmustprovidetheinformationwhichactivewindowsofthe

120

CHAPTER7.CHANGEOFREPRESENTATION
[Q,σL(R,f)]COREDerivation[Q,σL(R,f)]
RDRefinementAbstraction1A=(D,D,ℵ)RARAA=(D,D,ℵ)
RD[Q,σL(R,f)][Q,σL(R,f)]
COREDerivation
refinement.&Abstraction7.1:Figure

groundproofstatecorrespondtowhichactivewindowsoftheabstractproofstate.Thisisusedto
establishthecorrespondingprooflinksintheproofrepresentationinChapter8.Thus,therepresenta-
tionalabstractionfunctionℵmustprovideboththenewproofstateandtherelationshipbetweenold
andnewactivewindowsintherespectivewindowtrees.Notethatthisactivewindowrelationshipis
indeedarelationandnotamapping,sinceanactivewindowwithrespecttothegroundproofstate
maycorrespondtomorethanoneactivewindowintheabstractproofstate.
Definition7.2.3(RepresentationalAbstractions)Arepresentationalabstractionisa3-tupleA=
(D,D,ℵ)whereD,DarereasoningdomainsandℵapartialmappingfromWPSDintoWPSDR,
whereRisthesetofbinaryrelationsbetweenwindowstructures,suchthat:
--Ifℵ([Q,σL(R,f)])=([Q,σL(R,f)],R)thenforall(n,n)inR,nisanactivewindow
offwithrespecttoRandnisanactivewindowoffwithrespecttoR.
WesaythatDisthesourcereasoningdomainofAandDisthetargetreasoningdomainofA.
Therepresentationalabstractionscanbeusedatanystageoftheproofprocesstochangethe
representation.TherelationRindicateswhichactivewindowofthegroundproofstateisabstracted
towhichactivewindowsintheabstractproofstate.Theactualapplicationoftherepresentational
abstractionconsistsoffirstcheckingtheapplicabilityoftheabstractionbycomparingthesource
reasoningdomainoftheabstractionwiththereasoningdomainoftheactualproofstate[Q,σL
(R,f)].Secondly,theabstractionfunctionisappliedontheproofstatewhichyieldsthenewproofstate
[Q,σL(R,f)].Thus,insteadofhavingasingleproofstateatthetime,theuseofrepresentational
abstractionsrequirestosupporttherepresentationandmanagementofmultipleproofstates.

RefinementsesentationalRepr7.2.3Inthissectionwedefinetheconverseoftherepresentationalabstractioninordertosupportthe
refinementofanabstractproofstatetotheoriginalproofstate.Thesituationisasfollows:we
startedwithaproofstateWPS=[Q,σL(R,f)]thathasbeenabstractedtotheproofstateWPS=
[Q,σL(R,f)].FromthatproofstateweobtainedtheproofstateWPS=[Q,σL(R,f)]by
applyingCOREreasoningrules.Wenowhavetomapbackthisnewproofstatetoobtainasuccessor
.WPSforstateproofWehavesketchedthesituationinFigure7.1:inthefigure,thesolidlinesdescribetheactual
situationandthedashedlinesdescribetheadditionalstepsthatneedtobeintroducedinordertorefine
theabstractproof.AssumeRAistherelationshipbetweenactivewindowsofWPSandWPS,and
RDisarelationshipbetweenactivewindowsinWPSandthederivedabstractproofstateWPS.For

SUMMAR7.3.Y

121

themomentweassumesucharelationshipRDexistsandwedefineitinChapter8.Therefinement
problemconsistsindeterminingaproofstateWPS=[Q,σL(R,f)],suchthat:
1.ℵ(WPS)=(WPS,RA),i.e.WPSistheproofstateobtainedbyrepresentationalabstraction
fromWPSandRAistherelationshipbetweenactivewindowsfromWtoW,
2.thereisaCOREderivationfromWPStoWPSandRDistherelationshipbetweenactivewin-
dowsinWPSandWPS,
3.anditholdsRDRA=RARD,whereRR:={(w,w)|∃w(w,w)∈Rand(w,w)∈R}.
NotethatinthefiguretherepresentationalrefinementrelationfromWPStoWPSisannotated
withtheactivewindowrelationshipRA1thatistheinverseoftherelationshipobtainedbyabstraction;
i.e.RA1:={(w,w)|(w,w)∈RA}.
Definition7.2.4(RepresentationalRefinement)LetA=(D,D,ℵ)bearepresentationalabstrac-
tion,WPS,WPS,WPS,andWPSbewindowproofstates,suchthat
1.ℵ(WPS)=(WPS,RA),ℵ(WPS)=(WPS,RA)
2.WPS→WWPSandWPS→WWPSarevalidCOREproofswithrespectiveactivewindow
relationshipsRDandRD.
ThenWPSisarepresentationalrefinementofWPSbyAif,andonlyif,itholdsRDRA=RARD.

Inthedefinitionofrepresentationalrefinementweexplicitlyrefrainedtoimposeaconstructive
waytodeterminetherefiningproofstateWPS.Ingeneraltherearedifferentwaystofindthatproof
state:forexampleiftheabstractrepresentationcontainsenoughdetailsinordertocomputetheproof
stateWPSfromWPS,thenthederivationofWPStoWPScanbeperformedby,forinstance,using
thecutrule.OrtheabstractderivationfromWPStoWPScanbeusedtoguidethederivationof
WPSfromWPSandsubsequentlycheckingwhetherℵ(WPS)=(WPS,RA)holds.

Summary7.3theReasoningactualdomainsrepresentationalhavebeenabstractions.definedasaThisdeclaratiinformationveisapproximationusedinorderfortothecheckapplicationthedomainapplicabilityof
ofabstractions,representationalsimilartoanabstractionsyotherandconteproxtualvidetheuserinformationandtheaboutreasoningpossibleenginescontinuationswiththeoftheapplicableproof.
Furthermore,wedefinedtheeffectofusingarepresentationalabstractionatanystageoftheproof
state.searchandFinallythewerelationsdefinedthebetweeninvariantsactiveforthewindowsrefinementoftheoforiginal(partsof)proofanstateabstractandproof.theabstractproof

8Chapter

HierarchicalProofDatastructure

Theframeworkdefinedinthisthesisaimsatacommunicationinfrastructurewhichmediatesbetween
thefirst,usertheandstatustheofthereasoningproofasengines.wellInasthethedesignpossibleofthenextframestepsworkmustwebedistinguishedpresentedintwoanmajorintelligibleparts:
ofamannerwindotowbothprooftheuserstateandthattheisbasedreasoningontheCengines.ORETothiscalculusendforweintuitivintroducedeconteinxtualChapter6reasoning.thenotionThe
secondmajorpartoftheframeworkisconcernedwithinformationaboutthehistoryofaproofasa
differentcomplementarytypesofproofs,informationnamelytotheproofsstatusofbasedaonproof.calculusWealsorules,enproofvisionedaplans,proofor,morerepresentationgenerally,withany
kindofproofstepannotatedwithanaturallanguagedescription.
tion8.1Thiswechaptermotivisatetheconcerneddatastructurewiththeuseddefinitionforproofs.ofsuchInatheprooffirstpartofrepresentationthatsectionforCOweREsk.InetchSec-the
ofprooftheserulesrepresentationleadstotherequiredinformaltoadequatelydefinitionofencodethetheCORmethodologicalEwindorwolesofinferencesubgoalsrules.Theintroducedanalysisby
bretheviatewindowportionsinferenceofproofs,rules.toeFinallyxpand,wemotispeculativatevetheproofhierarchicalsteps,ortostructureuseofrepresentationalproofsthatallowsabstractionstoab-
andrefinements.Theformaldefinitionofthehierarchicalproofdatastructureisthenpresentedin
stepsSectionfrom8.2andSectionwesho1.1.2warehowthenaturallyinformalrepresentedcategoriesintheofintrhierarchicala-levelandproofinter-leveldatastructure.proofconstruction

8.1MotivationoftheHierarchicalProofDatastructure

Thegoalistoprovideaproofrepresentationthatdealswithalltheaspectsofproofdevelopment
consideredsofarinthisthesis.Ideally,theproofrepresentationshouldontheonehandadequately
representtheproofhistoryandefficientlysupportproofcontinuationsandontheotherhandbeina
formatthatiseasytoproofcheck.However,becauseofthecomplexityoftheCOREwindowcalculus
thelatterisnotpossible,withoutencodingthecomplexityintheproofcheckingrules.Thecauses
forthecomplexityaretheglobaleffectsofsomereasoningrules,asforinstancereplacementrule
applicationsortheincreaseofmultiplicities,whichhamperssimpleproofcheckingofCOREwindow
proofs.Therefore,weconcentrateonthefirstaspects,i.e.todevelopaproofrepresentationthat
adequatelyrepresenttheproofhistoryandefficientlysupportsproofcontinuationsandleavetheproof
checkingaspectsforfuturework.

123

124

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

8.1.1COREWindowInferenceRules
TheopengoalsofawindowproofstateWPS=[Q,σL(R,f)]aretheactivewindowswithrespect
tof.Thereforetodesigntheproofdatastructurewedefineaproofnodeforeachactivewindow.Note
thattheactualwindowproofstateWPSissharedamongtheseproofnodesfortheactivewindows.
Inordertocapturethesharingofthewindowproofstateamongtheproofnodes,weaddthewindow
proofstateWPStoeachproofnode.Thus,aproofnodeconsistsofawindowproofstateWPSand
oneofitsactivewindowsw∈dom(f).Fornotationalconveniencewealsoaddlabelstoproofnode.
Thusa(window)proofnodeisdenotedby
LabelWPStateWindowJustification/Abstraction/Refinement
wWPSL0whereL0isitslabel,WPSitswindowproofstatewithwindowstructurefandw∈dom(f)an
activewindowfromWPS.
WenowconsidertheCOREwindowinferencerules.Fromanoperationalpointofviewtheyeither
replaceactivewindowsbynewwindows,closeactivewindows,oraddfurtheractivesubwindowsto
non-activewindows.Weconsidertherulesinmoredetailinordertomotivatetheeffectofawindow
ruleapplicationontheproofnodes.

ActiveSubwindowOpeningRule.Therulethatopenssubwindowsw1,...,wnforanactivewin-
dowwrelatesw’sproofnodetotheproofnodesforthenewwindows.
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPSwSubwindow-Open:L1,...,Ln
L1WPS1w1
.........
LnWPS1wn
ruleWandesayaddthatthatw’sproofjustificationnodetoisw’sjustifiedproofbynode.theprNoteoofthatnodestheneforwthewwindoi’swsviathebelongtosubwindowanewwindoopeningw
proofstateWPS1.Wesaythatanodeisopenif,andonlyif,thenodehasnojustification.The
invariantfortheproofrepresentationisthattheopennodesallhavethesamewindowproofstate.
Non-ActiveSubwindowOpeningRule.Therulethatopensasubwindowwforanon-activewin-
dowwisusedtofocusonsubtreesthataresurroundingsomegivenwindow.Theruleaddsanew
activesubwindowforthissubtreetow’slistofsubwindows.Sincewisanon-activewindow,thereis
aproofnodeforwwithjustificationSubwindow-Open(L1,...,Ln)intheproofrepresentation.Adding
afurthersubwindowtransformstheproofto
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPSwSubwindow-Open:L1,...,Ln,Ln+1
L1WPS1w1
.........
LnWPS1wn
Ln+1WPS2w

8.1.MOTIVATIONOFTHEHIERARCHICALPROOFDATASTRUCTURE125

mentn/RefineJustification/AbstractioSubwindow-Open:L1,...,Ln,Ln+1
Adapt-Window-Proof-State:L1

Adapt-Window-Proof-State:Ln

Thewindowproofstatebythetimetheadditionalsubwindowisintroduceddiffersfromthewin-
dowproofstatesintroducedfortheothersubwindowswisincethewindowstructuresdiffer.Inorder
toensuretheinvariantoftheproofrepresentation,wemustadaptthewindowproofstatesWPS1for
theopengoalstoWPS2.TothisendweintroduceajustificationAdapt-Window-Proof-Stateforeach
obtainandnodeopenLabelWPStateWindowJustification/Abstraction/Refinement
L0WPSwSubwindow-Open:L1,...,Ln,Ln+1
L1WPS1w1Adapt-Window-Proof-State:L1
L1WPS2w1
.........
LnWPS1wnAdapt-Window-Proof-State:Ln
LnWPS2wn
Ln+1WPS2w
SubwindowClosingRule.Thefinalwindowreasoningrulethatonlyaffectsthewindowstructure
isthesubwindowclosingrule.Itclosesallactivesubwindowsofsomewindowwandtheparent
windowgetsactiveagain.Itintroducesanewwindowproofnodefortheparentwindowandjustifies
allwindowproofnodesofitssubwindowsbythejustificationWindow-Close.
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPS0wSubwindow-Open:L1,...,Ln,Ln+1
L1WPS1w1Adapt-Window-Proof-State:L1
L1WPS2w1Window-Close:Ln+2
.........
LnWPS1wnAdapt-Window-Proof-State:Ln
LnWPS2wnWindow-Close:Ln+2
Ln+1WPS2wWindow-Close:Ln+2
Ln+2WPS3w
WindowAxiomRule.ThenextCOREwindowinferenceruleistheAxiomrule.Itjustifiesawin-
dowproofnode,whosewindowproofstateisprovedandthewindowisthetop-levelwindow.Thus,
proofthetransformsitLabelWPStateWindowJustification/Abstraction/Refinement
.........
L[Q,σL(Proved,{w→Proved})]w
where[Q,σL(Proved,{w→Proved})]isaprovedwindowproofstateanditswindowstructureis
thesinglewindowwinto
LabelWPStateWindowJustification/Abstraction/Refinement
.........
L[Q,σL(Proved,{w→Proved})]wAxiom

126CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE
WindowContractionandMultiplicity-Increase.Boththewindowcontractionruleandthewin-
dowmultiplicity-increaseruleα-insertcopiesRofsomesubtreesRand,ifthereisawindowstruc-
tureinsideR,createsanisomorphicwindowstructureforR.Otherwise,thedomainofthewindow
structureisnotaffected.Wepresentthechangeoftheproofrepresentationforthecontractionrule.
Thechangeoftheproofrepresentationforthemultiplicityincreasingruleisanalogous.
IfthewindowstructureinRisempty,i.e.f↓R=0/,wecanassumethatwistheactivewindow
suchthatf(w)containsthecopiedsubtreeasapropersubstructure.Thenthewindowcontraction
byrepresentedisstepproofLabelWPStateWindowJustification/Abstraction/Refinement
.........
LWPSwContraction(R):L
LWPSw
.........
Otherwise,iftherewasawindowstructurefinRthenweobtainfaswindowstructurefor
Rwhichisisomorphictof.Thenforeachactivewindoww1,...,wnoffthereisaone-to-one
correspondencetotheactivewindowsw1,...,wnoff.Thus,eachproofnodeforwiisjustifiedby
thewindowcontractionruletoanewproofnodeforwiandaproofnodeforwi,bothwithrespectto
thenewwindowproofstate.Thus,theresultingproofrepresentationis
LabelWPStateWindowJustification/Abstraction/Refinement
.........
L1WPSw1Contraction(R):L1,L1
.........
LnWPSwnContraction(R):Ln,Ln
L1WPSw1
.........
LWPSwn
L1nWPSw1
.........
LnWPSwn
.........
Ineithercaseinordertoensuretheinvariantoftheproofrepresentationwemustadaptthewindow
proofstateoftheremainingopengoalsbyusingthejustificationAdapt-Window-Proof-State.
Theeffectofthewindowmultiplicityincreasingruleontheproofrepresentationisinprinciplelike
amultipleapplicationofthecontractionrule.Thus,theproofrepresentationischangedaccordingly.
WindowWeakening,Simplification,andModalStructuralPermutation.Thewindowweaken-
ingrule,thewindowsimplificationrule,andthewindowmodalpermutationrulereplaceasubtreeR
bysomesubtreeR,thatmaycontainlessstructure.Iftherewasanon-emptywindowstructuref
insideR,theninallthreecasesaweakenedwindowstructurefforRisderivedfromRandf.If
therewasnowindowstructureinsideR,thenthereisnowindowstructureinR.

8.1.MOTIVATIONOFTHEHIERARCHICALPROOFDATASTRUCTURE127

Inthefirstcase,assumetheactivewindowsinRwithrespecttofarew1,...,wnandtheactive
windowsinRwithrespecttofarew1,...,wk.Duetothedefinitionoffitholdsforeachwithat
eitheritisinw1,...,wn,oritisaparentwindowofsomewjwithrespecttofinR.Wedenoteby
Children(wi,f,{w1,...,wn})allchildrenofwiwithrespecttofin{w1,...,wn}.Bythestructure
oftheFVIF-treeandthedefinitionofwindowstructuresthesetsChildren(wi,f,{w1,...,wn})are
sets.disjoint--Invariantwindows:foreachwiitholdsthatitiseitherinw1,...,wkandwedenotethesetof
thosewibyI;
--Closedwindows:orthereisawjsuchthatwi∈Children(wj,f,{w1,...,wn})andwedenote
thesetofthesewibyC;
--Deletedwindows:or,theyareinnoneoftheabovecategoriesandwedenotethatsetbyD.
Foreachwithereisbeforeruleapplicationaproofnode
LabelWPStateWindowJustification/Abstraction/Refinement
wWPSLiIfwi∈I,thenthatproofnodeisjustifiedbyawindowweakening(orsimplification,ormodal
obtaintojustificationpermutation)structuralLabelWPStateWindowJustification/Abstraction/Refinement
LWPSwiWeakening(R,R):L
LWPSwi
whereWPSisthenewwindowproofstate.ForeachwjwhereChildren(wj,f,{w1,...,wn})=0/we
introduceanewproofnodewithrespecttothenewproofstateWPS.
LabelWPStateWindowJustification/Abstraction/Refinement
LwjWPSwj
Foreachwi∈Children(wj,f,{w1,...,wn})wejustifywi’sproofnodebyawindowweakening
(orsimplification,ormodalstructuralpermutation)justificationtotheproofnodeofwj.
LabelWPStateWindowJustification/Abstraction/Refinement
LwiWPSwiWeakening(R,R):Lwj
LwjWPSwj
Finally,theproofnodesofthewi∈Darejustifiedbyawindowweakening(orsimplification,or
modalstructuralpermutation)justificationwithoutsuccessornode.
LabelWPStateWindowJustification/Abstraction/Refinement
LwiWPSwiWeakening(R,R)
Again,allotheropengoalsbeforeruleapplicationarejustifiedbyAdapt-Window-Proof-Stateto

128

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

mentn/RefineJustification/AbstractioLeibniz’equality(R,R):L1,L
Leibniz’equality(R,R):Ln,L

adaptthemtothenewwindowproofstateandthusensuringtheinvariantoftheproofrepresentation.
WindowLeibniz’Equality,Extensionality,andBooleanζ-ExpansionRules.Alltheserulesα-
insertnewsubtreesRonsubtreesR.Onlyiftherewasanon-emptywindowstructurefinR,then
anadditionalwindowissettoR.Otherwise,thedomainoftheoverallwindowstructureisunchanged.
Iftherewasanon-emptywindowstructureinR,thenassumew1,...,wnaretheactivewindows
withrespecttofinRandwisthenewwindowforR.Thenwejustifyeachproofnodeofsomewi
byaLeibniz’equality(respectivelyextensionalityintroductionandbooleanζ-expansion)justification
tothetwonewproofnodesforwiandwwithrespecttothenewproofstate.Thus,thenewproof
is:representationLabelWPStateWindowJustification/Abstraction/Refinement
L1WPSw1Leibniz’equality(R,R):L1,L
.........
LnWPSwnLeibniz’equality(R,R):Ln,L
L1WPSw1
.........
LnWPSwn
wWPSLIfthewindowstructureinsideRwasempty,letwbetheactivewindowthatgovernsR.Then
itsproofnodeisjustifiedbyaLeibniz’equality(respectivelyextensionalityintroductionorboolean
ζ-expansion)justificationtoaproofnodeforwwithrespecttothenewproofstate.Thus,thenew
is:representationproofLabelWPStateWindowJustification/Abstraction/Refinement
LWPSwLeibniz’equality(R,R):L
LWPSw
Again,inbothcases,allotheropengoalsbeforeruleapplicationarejustifiedbyAdapt-Window-
Proof-Statetoadaptthemtothenewwindowproofstateandthusensuringtheinvariantoftheproof
representation.WindowInstantiation.ThewindowinstantiationrulereplacesanyliteralnodeRinwhichoccurs
aninstantiatedvariablebyaninitialFVIF-treeRfortheinstantiatedlabel.Inthepresenceofanon-
emptywindowstructurefinsideR,thewindowtreestructurefforRisobtainedfromf.Iff
denotedsubstructuresbelowaninstantiatedhigher-ordervariable,thenfisarestrictionoff.This
isanalogoustotheconstructionofthenewwindowstructurewhenapplyingthewindowweakening
rule.Otherwise,fisisomorphictof.
Forthedefinitionofhowtheproofrepresentationischanged,weconsiderthetwocases:(1)the
windowstructurefinsideRisempty,and(2)thewindowstructurefinsideRisnon-empty.
Inthefirstcase,letwbetheactivewindowthatgovernsR.Thentheproofnodeforwisjustified
byaninstantiationjustificationtothenewproofnodeforw.
LabelWPStateWindowJustification/Abstraction/Refinement
LwWPSwInstantiate(σ):Lw

8.1.MOTIVATIONOFTHEHIERARCHICALPROOFDATASTRUCTURE

129

mentn/RefineJustification/AbstractioInstantiation(σ,R,R):L

LwWPSw
Forthesecondcase,assumetheactivewindowsinRwithrespecttofarew1,...,wnandthe
activewindowsinRwithrespecttofarew1,...,wk.Duetothedefinitionoffeithersomeof
thewiareeitherinw1,...,wnorareaparentwindowofsomewjwithrespecttofinR.Assume
w1,...,wlarethosecontainedinw1,...,wnandwl+1,...,wkarethosethatareparentwindowsofsome
w1,...,wn.WedenotebyChildren(wi,f,{w1,...,wn})allchildrenofwi,il+1withrespecttof
in{w1,...,wn}.NotethatbythestructureoftheFVIF-treeandthedefinitionofwindowstructures
thesetsChildren(wi,f,{w1,...,wn}),il+1,aredisjointsets.
Foreachwi∈{w1,...,wl}thereisbeforeruleapplicationaproofnode
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSwi
Thatproofnodeisthenjustifiedbyaninstantiationjustificationtothenewproofnodeforwiwith
respecttothenewproofstate:
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSwiInstantiation(σ,R,R):L
LWPSwi
whereWPSisthenewwindowproofstate.Foreachwi,il+1,anewproofnodeforwiwith
respecttothenewproofstateWPSisintroduced.
LabelWPStateWindowJustification/Abstraction/Refinement
LwiWPSwi
Furthermore,forallwindowswi1,...,wip∈Children(wi,f,{w1,...,wn})theproofnodeofwiqis
justifiedbyaninstantiationjustificationtothenewproofnodeforwi.Thus,weobtainthefollowing
representation:proofLabelWPStateWindowJustification/Abstraction/Refinement
Lwi1WPSwi1Instantiation(σ,R,R):Lwi
.........
LwipWPSwi1Instantiation(σ,R,R):Lwi
LwiWPSwi
Notethatunlikethewindowweakeningrule,forthewindowinstantiationruletherearenodeleted
windows;allwindowsareeitherpreservedorclosedtosomeparentwindow.
AgainallotheropengoalsbeforeruleapplicationarejustifiedbyAdapt-Window-Proof-Stateto
adaptthemtothenewwindowproofstateandthusensuringtheinvariantoftheproofrepresentation.

mentn/RefineJustification/AbstractioInstantiation(σ,R,R):Lw
iInstantiation(σ,R,R):Lw
i

ofWtheindowresolutionReplacementstyleRulereplacementArule,pplications.sinceFtheorrethewritingreplacementstyleisaruleswecombinationconsiderofthatonlyandtheothercase
inferencerules.AssumeWPS=[Q,σL(R,f)]istheactualwindowproofstate,u→v1,...,vmis

130CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE
theruletoapplyonsomesubtreeRofR.Ifthewindowstructuref↓RinRisnon-empty,thenthe
applicationconditionrequiresthatthereisavithatisisomorphictoRuptosomevi1,...,vmnandthe
substructuresofRdenotedbytheactivewindowswithrespecttof↓R.Ifsoanfcanbeconstructed
forviandthereisaone-to-onecorrespondenceofeachactivewindoww1,...wnoff↓RforRtoan
activewindowwioffforvi.Inadditiontoviandf,theothervj,i=j,areβ-insertedonasubtreeRj,
andnewwindowsareinsertedforthoseifthesubtreeRjhasanon-emptywindowstructure.Without
lossofgeneralitywecanassumethatwindowswv1,...,wvlareinsertedforv1,...,vlandi>l.Each
proofnodeforwiisjustifiedbyareplacementruleapplicationtoaproofnodeforwiandtheproof
nodesv1,...,vl:
LabelWPStateWindowJustification/Abstraction/Refinement
L1WPSw1Apply(u→v1,...,vm):L1,Lv1,...,Lvl
.........
LnWPSw1Apply(u→v1,...,vm):Ln,Lv1,...,Lvl
L1WPSw1
.........
L1WPSwn
Lv1WPSwv1
.........
LvlWPSwvl
Ifthewindowstructuref↓RinRisempty,thenthewindowwthatgovernsRalsogovernsviinthe
newsubtree.Likeinthefirstcase,inadditiontovi,theothervj,i=j,areβ-insertedonasubtreeRj,
andnewwindowsareinsertedforthoseifthesubtreeRjhasanon-emptywindowstructure.Again,
withoutlossofgeneralitywecanassumethatwindowswv1,...,wvlareinsertedforv1,...,vlandi>l.
Theproofnodeforwisjustifiedbyareplacementruleapplicationtoaproofnodeforwwithrespect
tothenewproofstateandtheproofnodesv1,...,vl,alsowithrespecttothenewproofstate:
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSwApply(u→v1,...,vm):L,Lv1,...,Lvl
LWPSw
Lv1WPSwv1
.........
LvlWPSwvl
Finally,allotheropengoalsbeforeruleapplicationarejustifiedbyAdapt-Window-Proof-Stateto
adaptthemtothenewwindowproofstateandthusensuringtheinvariantoftheproofrepresentation.
WindowCut.ThewindowcutrulereplacesasubtreeRbyasubtreeRCutwhichisoftheform
β(α(Rϕ+,R),α(Rϕ,R)),whereRϕ+andRϕ+arethesubtreesforthecut-formulaandRisacopyofR.
IfthewindowstructureonRisempty,thennowindowstructureforRCutisintroduced.Inthatcase
assumewisthewindowthatgovernsR.ThentheproofnodeforwisjustifiedbyacutoverϕonR
toaproofnodeforwwithrespecttothenewproofstate.Thus,weobtain:

8.1.MOTIVATIONOFTHEHIERARCHICALPROOFDATASTRUCTURE131
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSwCut(ϕ,R):L
wWPSLIftherewasawindowstructuref={}forR,thennewtop-levelwindowsw1C,w2Careintro-
++fducedisfordefinedRϕforandRR.ϕ,Thus,theifwindow1,w...,wnstructureareontheRactiisvepreservwindoedwsandoffanforR,isomorphicthesewindowindowwsarestructurestill
activewindowsinthenewproofstate.Furthermore,thereisaone-to-onecorrespondencebetween
w1,...,wnandtheactivewindowsw1,...,wnoffforR.Thatwindowcutproofstepisthenrepre-
ws:folloassentedLabelWPStateWindowJustification/Abstraction/Refinement
L1WPSw1Cut(ϕ,R):L1,L1,L1C,L2C
.........
LnWPSwnCut(ϕ,R):Ln,Ln,L1C,L2C
LCWPSwC
LC12WPSw12C
L1WPSw1
L1WPSw1
.........
LWPSw
LnnWPSwnn
And,again,allotheropengoalsbeforeruleapplicationarejustifiedbyAdapt-Window-Proof-State
toadaptthemtothenewwindowproofstateandthusensuringtheinvariantoftheproofrepresentation.
ThiscompletesthelistofCOREwindowinferencerulesandtheireffectsontheproofrepresenta-
tion.BeforemotivatingtheuseofhierarchiesintheproofrepresentationinSection8.1.3,webriefly
motivatethemethodologicalroleofsuccessornodesinjustifications.
8.1.2RolesofWindowProofNodes
Considerthejustificationintroducedbyawindowcutoversomeformulaψoftheproofnodeforw1,
thatdenotestheformulaϕ.Thatproofnodeisrelatedtofourproofnodes,namely
LabelWPStateWindowJustification/Abstraction/Refinement
L1WPSw1:=ϕ+Cut(ψ):L1C,L1,L2C,L1
L1CWPSw1C:=ψ
+LL1CWPSWPSwwC1::==ϕψ+
L21WPSw12:=ϕ+
Thewindowsw1Candw1areα-relatedbetweeneachotheraswellasthewindowsw2Candw1.From
apurelogicalpointofviewallsuccessorproofnodesofL1subgoals,andeachpairisanalternative
toprovethatsubgoal.However,dependingonthemethodologythatunderliedtheintroductionofthe
cut,differentrolescanbeattributedtotheseproofnodes:ifthecutwasusedtoperformacaseanalysis

132

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

overψ,thenw1Candw2Carethecaseconditions,whilew1andw1arethesubgoals.Ifthecutwasused
toperformaspeculativeproofsteptospeculatethatthegoaltoproveϕ+couldberefinedtothegoal
toproveψ+,thenw2Cisthemajorsubgoalofthatproofstep,w1playsno(methodological)role,and
w2Candw1representthelocallemmathatneedstobeprovedtovalidatethespeculativeproofstep.
Thus,w2Candw1formtheconditionofthespeculativestep.
Ifthismethodologicalinformationabouttheroleofproofnodeswithinjustificationswouldbe
explicit,thenitwouldbevisibletotheuserandthereasoningengines,andthuscontributetoabetter
understandingoftheproofstatusandtheintentionsoftheproof.Furthermore,itcouldbeexploited
bytheuserandthereasoningenginestoorganisetheirproofsearch,forexampletopursueanof-
fensiveproofsearchstrategybyalwaystacklingthe“major”subgoalsfirstand,onlywhentheproof
alongthoselinessucceeds,tacklingthevarious“conditions”.Conversely,adefensivestrategycanbe
designed,thatalwaysfirsttacklesthe“conditions”andthenthe“major”subgoals.
Furthermore,thisinformationabouttheroleofproofnodesisnotonlyusefultoorganisethe
proofsearch,butalsoforproofpresentation.Indeed,theinformationabout“condition”and“major”
subgoalscanbefruitfullyexploitedtoexplainacompletedorpartialproof.Alsoitcanbeusedto
displayaconciserepresentationoftheproofbyomittingtheproofsof“conditions”andonlyviewing
subgoals.“major”ofproofstheRolesofproofnodescannotonlybeassignedforthewindowcutrule,butalsoforotherrule
applications,likeforinstancetheapplicationofareplacementrule.Takeasanexampleareplacement
ruleOrdered(X::Y::L)→(XY)+,Ordered(Y::L)+obtainedfromthedefinitionofapredicate
“Ordered”overlistsofnaturalnumbers.Assumeanopengoalintheproofis
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPSOrdered(1::2::3::[])+
where::isconcatenationofnaturalnumberstolistsand[]denotestheemptylist.Applyingthe
ruleonthatproofnoderesultsintheproofstate
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPSOrdered(1::2::3::[])+Apply(Ordered(X::Y::L)→
(XY)+,Ordered(Y::L)+):L1,L2
L1WPS(12)+
L2WPSOrdered(2::3::[])+
Althoughthereplacementruleintroducestwosubgoals,fromamethodologicalpointofviewthe
firstsubgoalL1canbeseenasa“condition”,whileL2isthe“major”subgoal.
Thus,theformaldefinitionoftheproofdatastructureinSection8.2willaccommodatetherep-
resentationofmethodologicalinformationabouttheroleofsubgoalswithinjustifications.Although
sofarweconsideredonly“condition”and“major”subgoals,otherclassificationsarepossible,forin-
stancehavingahierarchyfortheimportanceofsubgoals.Thus,inthegeneraldefinitionoftheproof
datastructurewewillsimplyassumeagivensetofroledescriptions.

8.1.3HierarchiesinProofs
Theproofdatastructureisanimportantmeanstocommunicateinformationabouttheprooftothe
havepartnersbeenanditpioneeredisbycomplementarytheprooftotheplanninginformationapproachprotovidedproofbythesearchproofstates.[CheikhrouhouHierarchies&Soringe,proofs2000]

8.1.MOTIVATIONOFTHEHIERARCHICALPROOFDATASTRUCTURE133

andhaverecentlybeenformalisedforproofplanningin[Fiedler,2001].Liketheroleofproofnodes,
theexplicituseofhierarchiesinproofsservesboththepresentation–andthusabetterunderstanding
–oftheproofaswellastheorganisationoftheproofsearch.Wedistinguishtwokindsofhierarchies
inproofs:thederivationalhierarchyandtherepresentationalhierarchy:
--Derivationalhierarchiesarecausedbythehierarchiesofproofprocedures,likeforexamplea
proofprocedurethatcausestheexecutionofanotherproofprocedureishierarchicallyhigher
thanthelatter.Therebythecausalrelationshipofthecallstoreasoningproceduresdoesnot
necessarilyreflectthechronologicalorderoftheexecutionsofthereasoningprocedures.In-
deed,whileintacticaltheoremproving,ahierarchicallyhighertacticiscompletedafterthe
completionofitssub-tactics,inproofplanningthehigh-levelmethodiscompletedbeforeits
expansion.Theformerapproachcanbedescribedbytheintroductionofabbreviationsfor
partsofalowerlevelproof.Thisishowhierarchiesareintroducedintacticaltheoremprov-
ing,wheretheportionoftheproofobtainedbytheexecutionofatacticisabbreviatedbythe
nameofthattactic.Inthelatterapproach,partsofaproofareconstructedbeforehandonsome
higherlevelofabstractionbyignoringmanylogicallyrelevantdetails.Therebytherefinement
ofthehigh-levelproofincrementallytacklesallthedetailsthathavebeenignoredinthefirst
place.Theexplicitrepresentationoftherelationshipbetweenhigh-levelproofstepsandthe
subproofobtainedfromtheirrefinementistheproofplanningapproachfromwhichoriginates
thehierarchicalviewonproofs.
--Representationalhierarchiesresultfromtheuseofrepresentationalabstractions.Thereby,the
proofwithrespecttotheabstractspaceishierarchicallyhigherthanthecorrespondingproof
stepswithrespecttothegroundspace.Althoughthesehierarchieshaveaclearaspectofa
derivationalhierarchy,theyaremainlyduetothechangeoftherepresentation.

8.1.3.1DerivationalHierarchies
Inthissectionwebrieflysketchhowderivationalhierarchiesareintroducedbybothproofplanning
tactics.andmethodsThewindowcutrulesupportstherepresentationofhigh-levelproofsteps,thussupportstherea-
soningstyleadvocatedbythetraditionalproofplanningparadigm.Takingariskofoversimplification,
wecansaythataproofplanningmethodMstatesthatfromagivenproofsituationϕwecanobtain
anewproofsituationψbyusingthatmethod.Proofsituationscorrespondtosubtreesdenotedbyan
activewindow.Thusgiventhefollowingproofsituationwiththeopengoaltoproveϕ
LabelWPStateWindowJustification/Abstraction/Refinement
+ϕWPSLwecanrepresenttheuseofthatmethodbyapplyingawindowcutoverψonϕwhichresultsin
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSϕ+Cut(ψ):LLemmaGoal,L,LSubgoal,LLemmaHyp
LLemmaHypWPSψ
LLemmaGoalWPSϕ+
LSubgoalWPSψ+
LWPSϕ+

134

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

mentn/RefineJustification/AbstractioCut(ψ):LLemmaGoal,L,LSubgoal,LLemmaHyp

Subsequentlyweapplythewindowweakeninginordertoremovetheoccurrenceofϕ+inthe
proofnodeL,andfinallyobtain
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSϕ+Cut(ψ):LLemmaGoal,L,LSubgoal,LLemmaHyp
LLemmaHypWPSψ
LLemmaGoalWPSϕ+
LSubgoalWPSψ+
LWPSϕ+Weakening
Theactualproofplanningstepwastorefineϕtoψ,i.e.thelinkfromLtoLSubgoal,whilea
subproofforϕ+undertheadditionalhypothesisψjustifyingthenodeLLemmaGoalwillbetheso-
calledexpansionofthatproof-planningstep.Wedenotethatcombinationofwindowcut,window
weakening,andtherespectiverolesofthesubwindowasanoracleproofstep.
TheactualproofplanningstepisrepresentedbyintroducinganabstractjustificationofnameM
fromLtoLSubgoalonly,whichresultsinto
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSϕ+M(ψ):LSubgoal
Cut(ψ):LLemmaGoal,L,LSubgoal,LLemmaHyp
LLemmaHypWPSψ
LLemmaGoalWPSϕ+
LSubgoalWPSψ+
LWPSϕ+Weakening
StructurallytheproofplanningjustificationM(ψ,LSubgoal)isanabstractionofitsexpansion,i.e.
thelower-levelproofthatconsistsofthewindowcutjustification,thesubsequentweakeningjustifica-
tion,andadditionalfurtherjustificationsforLLemmaHypandLLemmaGoal.Notethattheproofplanning
justificationcontainsstrictlylesssuccessornodesthanthelower-levelproofthatencodestheproof
planningstep.Whenthelemmathatvalidatestheproofplanningstepwillbeproved,thentheproof
planningstepwillbeverified,i.e.theproofplanningstepwillhaveanexpansion.
Wenowconsiderthecaseoftacticsandthehierarchiestheyintroduceintotheproofrepresenta-
tion.Considerthefollowinglow-levelpartialproofgeneratedbysometacticT:
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPSOrdered(1::2::3::[])+Apply(Ordered(X::Y::L)→
+(XY)+,Ordered(Y::L)+):L1,L2
L1WPS(12)
L2WPSOrdered(2::3::[])+Apply(Ordered(X::Y::L)→
+(XY)+,Ordered(Y::L)+):L3,L4
L3WPS(23)
L4WPSOrdered(3::[])+Apply(Ordered(X::[])→):L5
L5WPSTrue+
ThispartialproofcanbeabbreviatedbyasinglejustificationofnameTfromL0toallresulting
subgoals,i.e.L1,L3,andL5.Thisisrepresentedby

8.1.MOTIVATIONOFTHEHIERARCHICALPROOFDATASTRUCTURE

135

LabelWPStateWindowJustification/Abstraction/Refinement
+L0WPSOrdered(1::2::3::[])Apply(Ordered(X::TY:L::1L,)L3,L→5
++L1WPS(12)+(XY),Ordered(Y::L)):L1,L2
L2WPSOrdered(2::3::[])++Apply(Ordered(X::+Y::L)→
+(XY),Ordered(Y::L)):L3,L4
L3WPS(23)
L4WPSOrdered(3::[])+Apply(Ordered(X::[])→):L5
L5WPSTrue+
NotethattheabbreviatingjustificationT:L1,L3,L5containsexactlyallopensubgoalsofthe
subproof.underlyingRemark8.1.1Theabbreviationofproofsequencesbysinglejustificationsissimilarinnatureto
themajorintroductionconcepts,ofwhileabbredefinitions.viationsHowearever,justinourshort-cutsandunderstanding,donotdefinitionsnecessarilyareintroduceusedtoanewintroduceconcept.new

mentn/RefineJustification/Abstractio

chiesHieraresentationalRepr8.1.3.2Representationalhierarchiesinproofsresultfromtheuseofrepresentationalabstractionsandrefine-
ments.Considerasanexamplethefollowinglemmaovertheintegers:
nn∀nNatn0⇒n(n+1)=(i∑=1i)+(i=∑1i).
Afterfocusingontherelevantpartsofthatformula,i.e.n0,n(n+1),and(∑in=1i)+(∑in=1i),we
areinthefollowingproofsituation:
LabelWPStateWindowJustification/Abstraction/Refinement
L1WPSn(n+1)
L2WPS(∑in=1i)+(∑in=1i)
L3WPSn0
whereWPSistheactualwindowproofstate.Usingtheabstractionfunctiontodiagrams(cf.Sec-
tion7.1)itmapsn(n+1)tosquare(n,n+1),(∑in=1i)+(∑in=1i)totriangle(n,n)+triangle(n,n),
anddoesnotmapn0,whichisonlyused,forinstance,toensuretheapplicabilityoftheabstrac-
tion.Theresultingproofsituationisthen
LabelWPStateWindowJustification/Abstraction/Refinement
L1WPSn(n+1)Diagrams:L
L2WPS(∑in=1i)+(∑in=1i)Diagrams:L12
L3WPSn0
LWPSsquare(n,n)
L12WPStriangle(n,n)+triangle(n,n)

mentn/RefineJustification/AbstractioL:DiagramsDiagrams:L21

Continuingtheproofwithrespecttothediagrammaticrepresentationtransformsthewindowsto

136

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

equalisetheircontenttoobtaintheproofsituation
LabelWPStateWindowJustification/Abstraction/Refinement
L1WPSn(n+1)Diagrams:L1
L2WPS(∑in=1i)+(∑in=1i)Diagrams:L2
L3WPSn0
LWPSsquare(n,n)DiagramProof:L
L21WPStriangle(n,n)+triangle(n,n)DiagramProof:L12
L1WPStriangle(n,n)+triangle(n,n)
L2WPStriangle(n,n)+triangle(n,n)
Finallytheabstractproofisrefinedtoaproofwithrespecttotheoriginalrepresentation.That
proofisforinstancedonebyinduction,inourcaseoverthepositiveintegersincluding0.This
transformsontheonehandn(n+1)toboth0(0+1)and(n+1)((n+1)+1)whicharethe
refinementsofL1.Ontheotherhandittranforms(∑in=1i)+(∑in=1i)to0(0+1)and(n+1)((n+
1)+1),whicharerefinementsforL2.
Fortherefinementnotethattheabstractionrelation(RAinDefinition7.2.4)is{(L1,L1),(L2,L2)}
andthederivationalrelation(RDinDefinition7.2.4)is{(L1,L1),(L2,L2)}.Thus,RDRAisthe
relation{(L1,L1),(L2,L2)}andtherefinementsoftheabstractproofstepDiagrammProofmustindeed
refineL1tobothL11andL12,whicharethesuccessornodesofL1(analogouslyforL2).
LabelWPStateWindowJustification/Abstraction/Refinement
L1WPSn(n+1)Diagrams:L1
DiagProofRefine:L,L
L2WPS(∑in=1i)+(∑in=1i)Diagrams11:L122
DiagProofRefine:L21,L22
L3WPSn0
L1WPSsquare(n,n+1)DiagramProof:L1
L2WPStriangle(n,n)+triangle(n,n)DiagramProof:L2
L1WPStriangle(n,n)+triangle(n,n)DiagramRefine:L11,L12
L2WPS0triangle(n,n)0+triangle(n,n)DiagramRefine:L21,L22
L11WPS(∑i=1i)+(∑i=1i)
L12WPS(∑i0=1i)+(∑i0=1i)
L21WPS(∑in=+11i)+(∑in=+11i)
L22WPS(∑in=+11i)+(∑in=+11i)
Inthenextsectionweformallydefinethehierarchicalproofdatastructure.Itaccommodatesallthe
aspectsofahierarchicalproofdatastructuresketchedsofar.Additionallyitexplicitlyrepresentsthe
directionoftheintroductionofanabbreviation,likeupwardsfortheabbreviationofaproofsequence
generatedbyatactic,ordownwardslikebetweenaproofplanningstepanditsexpansion.Thisexplicit
representationofthedirectionsintheconstructionofthehierarchywillserveasoneformalproperty
thatallowstodistinguishtop-downproofconstructionsa`laproofplanningfrombottom-upproofcon-
structiona`latacticaltheoremprovingandotherautomaticproofsearchprocedures.Furthermore,the
distinctionbetweenabbreviatingjustificationsthatcontainallopensubgoalsoftheunderlyingproof
versusabbreviatingjustificationsthatonlycontainsomeofthemisanotherformalpropertywhich
allowstodistinguishbetweentop-downandbottom-upproofconstructionparadigms.Thosetwo
propertiesresultingfromaproofrepresentationthataccommodatesbothreasoningparadigmswhile

8.2.HIERARCHICALPROOFDATASTRUCTURE

137

showingtheirdifferencesmayserveasastartingpointforacomparisonofthedifferentreasoning
paradigms.

8.2HierarchicalProofDatastructure

Forthedefinitionofthehierarchicalproofdatastructurewebuildupontheformalisationoftheproof
planningdatastructurefrom[Fiedler,2001]andadaptandextendittofitourcontext.
Theinferencerulesarethenamesinjustifications:wedistinguishbetweenformalandinformal
inferencerules,wheretheformalinferencerulesaretheCOREwindowinferenceruleswhileinformal
inferencerulesarenamesordescriptions,likenamesoftacticsorproofplanningmethods,oranykind
ofdescriptionforaportionofaproofprovidedforinstancebytheuser.

Definition8.2.1(InferenceRules)TheinferencerulesaregivenbyapairI=(F,I)offormaland
informalinferencerules.TheformalinferencerulesaretheCOREwindowinferencerules.The
informalinferencerulesarearbitrarydescriptions.

AssketchedinSection8.1.2thesuccessorproofnodesinjustificationscanhavedifferentmethod-
ologicalroles.Forthegeneraldefinitionofthehierarchicalproofdatastructureweassumeanarbitrary
butindicatefixedtheirsetofrelatiroles.veWedoimportance.notHoimposeweverthat,thisthereismustpossiblebeaninorderordertoamongallowtheforroles,thefordistinctioninstancebe-to
bytweenusinga“conditions”binarysetandofroles“major”{Conditionsubgoals,asSubGoalsketched}intogetherSectionwiththe8.1.2.orderThiscanConditionsimply<beSubGoalmodelled.
(notDefinitionnecessarily8.2.2total)(Roles)amongThetheroleselementsRareofgivRen.byanarbitraryfiniteset,possiblywithanordering

Wenowintroducetheactualobjectsthatdefinethehierachicalproofdatastructure.Assketched
intheprevioussections,itiscomposedofwindowproofnodesthatareannotatedbyjustifications.
Wefirstdefinejustificationsasfollows:

isaDefinition3-tupleJ8.2.3=(R(J,P,NR)ustifications),whereRLetisIanbeasetinferenceofruleinferencefromrulesI,PandalistRaofsetofparametersroles.AforR,justificationandNR
aCOlistREofwindowindowwcalculusproofnodesruleiscalledannotatedabyformalroles,calledjustification.successornodes.Ajustificationcontaininga

Definitionrepresentational8.2.4(Reprabstractionsesentational(cf.DefinitionAbstraction7.2.3).&AreprRefinementesentationalApplications)abstractionLetAapplicationbeasetisofa
3-tupleA=(a,P,N),whereaisarepresentationalabstractionfromA,Palistofparametersfora,
andNalistofwindowproofnodes,calledabstractionnodes.
Arepresentationalrefinementapplicationisa3-tupleR=(a,P,N),wereaisarepresentational
abstractionfromA,Palistofparametersfora,andNalistofwindowproofnodes,calledrefinement
.nodes

Basedonthiswedefinewindowproofnodes.Inthisdefinitionweusethenotionofdirectedjus-
tificationsequences,whichisonlyintroducedafterwards.Forthemomentwecanassumeadirected
justificationsequencetobeasetofjustifications.

138

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

Definition8.2.5(WindowProofNodes)Awindowproofnodeisa5-tupleN=(WPS,w,J,A,R),
whereWPSisawindowproofstate,wanactivewindowofWPS,Jadirectedjustificationsequence,
Arepresentationalabstractionapplications,andRrepresentationalrefinementapplications.Wesay
thatanyjustificationJinJjustifiesN.IfNisjustifiedbytheaxiomrule,i.e.hasnosuccessornodes,
thenNisahypothesis.
ThesupportnodesofNisthetransitiveclosureofallsuccessornodesofN.
Remark8.2.6Forthedefinitionofrepresentationalrefinements(cf.Definition7.2.4)weassumed
foraderivationWPS→WWPStheexistenceofarelationshipRDbetweenactivewindowsinWPS
toactivewindowsinWPS.Intheproofrepresentationthereisaproofnodeforeachactivewindowin
WPS.DuringthederivationofWPSthosearerelatedviajustificationstonewproofnodes,thatbelong
toactivewindowsinthenewproofstateWPS.Foreachinitialactivewindowtheactivewindows
ofthesupportnodesareallwindowsinthatrelation.Thus,theassumedrelationRDisstatically
determinedfromtheproofrepresentation,andcanbeusedtochecktherepresentationalrefinement
relationships.Windowproofnodestogetherwiththeirjustificationsdefinethegraphstructureofthehierarchical
proofdatastructure.Thehierarchiesinproofdatastructuresarebasedonthefollowingnotionofproof
graphs.Definition8.2.7(ProofGraphs)LetNbeasetofwindowproofnodes,letSNandN∈N.Nis
aproofgraphofNfromSif,andonlyif,oneofthefollowingholds:
.SN1.∈2.LetN=(WPS,w,J,A,R).
(a)ForeachjustificationJ=(R,P,NR)inJandforeachsuccessornodeNfromNRthereis
asetNNthatisaproofgraphofNfromS,
(b)ForeachrepresentationalabstractionapplicationA=(a,P,N)inAandforeachabstrac-
tionnodeNfromNthereisasetNNthatisaproofgraphofNfromS,and
(c)ForeachrepresentationalrefinementapplicationR=(a,P,N)inRandforeachrefinement
nodeNfromNthereisasetNNthatisaproofgraphofNfromS.
NisaformalproofgraphofNfromSif,andonlyif,NandeachsupportnodeofNinNhavea
justification.formalSinceNNthisclearlydefinesanacyclicgraph.
Basedonproofgraphswedefinethederivationalhierarchyinaproofdatastructure.Thehierarchy
isinducedbytherelationshipbetweenjustificationsandaproofgraphforthatjustification.This
inducesanorderingamongjustifications,whichisusedtodefinedirectedjustificationsequences.
Thosearepairsofnon-disjointsetsofjustifications,eachbeingpartiallyorderedwithrespectto
andtheirunionisrequiredtobetotallyorderedwithrespectto.Themotivationforhavingtwosets
ofjustificationsistorepresentthedirectionofthehierarchy.FortwojustificationsJ,Jthatareinthe
firstsetandforwhichJJholds,thenJhasbeenabstractedtoJ.Conversely,ifthejustifications
arefromthesecondsetandJJholds,thenJhasbeenrefinedtoJ.
Definition8.2.8(DirectedJustificationSequences)LetN=(WPS,w,J,A,R)beawindowproof
node,J=(R,P,NR)beajustificationinJ,andS={N|NinNR}.

8.2.HIERARCHICALPROOFDATASTRUCTURE
..NAJA.SA
NA=(a,P,N)A
NGNG...
SGxpansion.eRepresentational8.1:Figure

139

1.ThederivationalexpansionofJisasetEJofwindowproofnodesthatconstitutesaproofgraph
ofN\JfromS,whereN\JdenotesNwithJdeletedfromitsdirectedjustificationsequence.We
saytheexpansionEJrefinesJ.WesaytheexpansionEJiscompleteif,andonlyif,EJis
aformalproofgraphofNfromS.IfEJisacompletederivationalexpansion,wesaythe
expansionEJofJprovesJ.
2.AjustificationJ=(R,P,NR)ismoreabstractthanajustificationJ=(R,P,NR)(wewriteJ
JorJJ)if,andonlyif,thereisajustificationJsuchthatJjustifiesNinthederivational
expansionofJandeitherJ=JorJJ.
3.Adirectedjustificationsequenceisapair(JA,JR)ofsetsofjustifications,suchthatJAandJR
arepartiallyorderedwithrespectto.ForanyJ,J∈JAsuchthatJJwesaythatJhas
beenabstractedtoJ.Analogously,foranyJ,J∈JRsuchthatJJwesaythatJhasbeen
refinedtoJ.
Wesaythatadirectedjustificationsequenceiscompleteif,andonlyif,JA∪JRistotallyordered
.torespectwithThedistinctionbetweencompleteandincompletejustificationsequencesintheabovedefinitionis
needed,sinceweareinterestedinrepresentingintermediatestatesoftheproof,andnotonlycompleted
proofsasin[Fiedler,2001].Thenotionofdirectjustificationsequences,morespecificallythenotions
ofderivationalexpansionsandtheinducedorderingamongjustifications,representthederivational
hierarchiesinproofs.Analogouslytothenotionofexpansionswedefinerepresentationalexpansions
ofjustifications,whichcorrespondtotherepresentationalhierarchiesinproofs.
Definition8.2.9(RepresentationalExpansions)LetNG=(WPSG,wG,JG,AG,RG)beawindow
proofnode,A=(a,P,N)fromAG,NA=(WPSA,wA,JA,AA,RA)aSwindowproofnodeinN,JA=
(RA,PA,NRA)ajustificationinJA,SA={NA|NA∈NRA},andSG=(WPS’A,wA,JA,AA,RA)∈SA{NG|NG∈
RA}(cf.Figure8.1).Then
1.TherepresentationalexpansionofJAisasetERJAofwindowproofnodesthatconstitutesa
proofgraphofNG\(a,P,N)fromSG,whereNG\(a,P,N)denotesthenodeNGwith(a,P,N)deleted
applications.abstractionrepresentationalitsfrom2.ThejustificationJAisrepresentationallymoreabstractthanajustificationJ(wewriteJAAJ
orJAJA)if,andonlyif,thereisajustificationJthatjustifiesNGintherepresentational
expansionofJAandeitherJ=JorJJ.
Finally,wedefinethehierarchicalproofdatastructureasfollows:

140

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

Definition8.2.10(HierarchicalProofDatastructure)Ahierarchicalproofdatastructureisa3-
tupleP=(ϕ,C,N),whereϕisaclosedformulawithrespecttosomelogicL,Nisasetofwindow
proofnodes,C=(WPS,w,J,A,R)inNisawindowproofnodewhereWPSistheinitialwindow
proofstateforϕwithinitialrootwindoww.TheopengoalsofParethosewindowproofnodesfrom
Nthathavenodirectedjustifications.

Definition8.2.11(CompleteHierarchicalProofDatastructures)LetP=(ϕ,C,N)beahierar-
chicaldatastructureproofP=(datastructureϕ,C,N)andisHcompletetheif,hypothesisandonlyinif,theNsupportconstitutesnodesaofformalC.TheproofgraphhierarchicalofCprooffrom
.H

Finally,wedefinethenotionofapureCOREwindowproof.ACOREwindowproofisobtained
fromahierarchicalproofdatastructurebyremovingallnon-formaljustifications.

Definitiondatastructure.8.2.12Then(PurPiseaCOpurReECOPrRoofEproofDatastructurdatastructure)eLetif,Pand=(ϕonly,C,if,N)allbenodesainNhierarchicalhaveproofonly
formaljustificationsandnorepresentationalabstractionapplications.
ApureCOREproofdatastructurePiscompleteif,andonlyif,Piscomplete.

8.3ProofPathsandDependencies

Inthissectionweintroducethenotionofpathsbetweenwindowproofnodesandqualitativedescrip-
tionsofthedependenciesbetweenwindowproofnodes.ThesenotionsareusedinSection9.5forthe
interfacebetweenreasoningproceduresandtheCOREwindowreasoningrules.
Definition8.3.1(ProofPaths)LetP=(ϕ,C,N)beahierarchicalproofdatatstructureandN,N∈
N.ApathbetweenNandNisapossiblyemptysequenceofjustificationsJ1,...,Jn,suchthat
--ifthesequenceisempty(n=0),thenitmustholdN=N,
--otherwiseJ1=(R,P,NR)mustbejustificationofN,andthereisanN∈NR,suchthatJ2,...,Jn
isapathfromNtoN.
WesaythatNdependsonNif,andonlyif,thereisapathfromNtoN.

Thedependenciesbetweenproofnodescanbefurthercategorised:ifbetweentwowindowproof
nodesN,NthereispathpfromNtoNthatconsistsonlyofAdapt-Window-Proof-State-justifications,
thenonlythecontextofthewindowsalongthatpathhasbeenchanged,butneverthewindowsthem-
selves.InthatcasewesaythatNispassivelyjustifiedbyN.Otherwise,wesaythatNisactively
justifiedbyNviathejustificationsinp.

structureDefinitionand8.3.2N,N∈(ActiNvesuch&PthatassivetherePrisoofaPaths)non-emptyLetpathP=J(1,ϕ.,.C.,,JNn)bebetweenaNhierarchicalandN.IfproofallJidatat-are
NisAdapt-Wactivelyindow-Prjustifiedoof-StatebyNviathatjustifications,path.thenNispassivelyjustifiedbyNviathatpath.Otherwise,

8.4.CATEGORIESOFJUSTIFICATIONS

141

ustificationsJofCategories8.4Intheintroductionwemotivatedacategorisationofproofconstructionsteps.Weintroducedthecat-
egoriesofintra-level(respectivelyhorizontal)proofstepsandinter-level(respectivelyvertical)proof
steps.Inthefollowingweapplythisinformalcategorisationtothehierarchicalproofdatastructure
introducedtorepresentCOREproofs.
Theintra-levelproofstepswheredividedintothosethatverifiablyrefineagoalintosubgoals(local
lemmaapplication)andthosethatspeculateaboutthesubgoals(locallemmaspeculation).Thus,all
justificationsthatareintroducedbyCOREwindowinferencerules,i.e.theformaljustifications,are
steps.proofapplicationlemmalocalAjustificationthathasbeenintroducedbyaproofplanningsteponsomewindowproofnodeNis
alocallemmaspeculationproofstepaslongasthereisnoderivationalexpansionforthatjustification.
Assoonassuchajustificationhasaderivationalexpansion,thejustificationturnsintoalocallemma
applicationproofstep,sinceitisvalidatedbytheexpansion.Anexpansionforaproofplanning
stepisobtainedbyprovingtheconditionofthecutproofstepthatencodedtheproofplanningstep.
Thus,thecompleteproofoftheconditiontogetherwiththecutjustificationareanexpansionof
theproofplanningstep.Provingtheconditionisaverticalrefinementproofstep,andthevertical
refinementisexplicitlyrepresentedbyputtingthewindowcutrulejustificationJCandthejustification
JrepresentingtheproofplanningstepintotheJRsetofjustificationsofN.Assoonasthecondition
oftheproofplanningstepisprovedandthusthecutjustificationisthestartingjustificationofan
expansionofJ,itholdsJJC.Notethattheproofoftheconditionneedsnottobeaformalproof,
sincefurtherspeculativestepsmaybeinvolvedinthatproof.However,theproofplanningstepand
itsexpansionareproofstepsondifferentlevelsofabstractions,andthusitislegitimatetosaythat
theproofplanningstepisalocallemmaapplicationproofsteponitslevelofabstraction,whichis
validatedbytheproofgraphthatdefinesitsexpansion.
AjustificationthathasbeenintroducedasanabbreviationforaproofgraphforsomenodeNisa
locallemmaapplicationproofsteponahigherlevelofabstractionthantheabbreviatedproofgraph.
Examplesforsuchabbreviationsaretheabbreviationofaportionofaproofthathasbeengenerated
bysometactic.Anotherpossibilityisthattheuserabbreviatesaportionoftheproofbysomehigh-
leveldescriptionforit.Theactionofabbreviatingaportionofaproofisitselfaverticalabstraction
proofstep,andthusthestartingjustificationJPoftheabbreviatedproofgraphandtheabbreviating
justificationJareinsertedinthesetJAofthejustificationsofN.Sincetheproofgraphisanexpansion
ofJbydefinitionofanabbreviation,itholdsJJA.
Theabovediscussionservesasabasisforthefollowingdefinitionofastaticcategorisationof
justificationscontainedinahierarchicalproofdatastructure.
Definition8.4.1(CategoriesofJustifications)LetP=(ϕ,C,N)beahierarchicalproofdatastruc-
ture,N=(WPS,w,(JA,JR))andJ,Jjustificationsfrom(JA,JR).Thenwesay
--Jisalocallemmaapplicationjustificationif,andonlyif,eitheritisaformaljustificationor
thereisajustificationJEinJRsuchthatJJE,i.e.JEisthestartingjustificationofanexpansion
.Jfor--Jisalocallemmaspeculationjustificationif,andonlyif,itisnotalocallemmaapplication
justification,i.e.itisneitheraformaljustificationnorhasanexpansion.
--thepair(J,J)isaverticalrefinementproofstepofJtoJif,andonlyif,J,JareinJRandit
holdsJJ.

142

CHAPTER8.HIERARCHICALPROOFDATASTRUCTURE

--thepair(J,J)isaverticalabstractionproofstepofJtoJif,andonlyif,J,JareinJAandit
holdsJJ.

Backtracking8.5Proofattemptsmayfailandtheneedarisestoresumetheproofconstructionatanearlierstage.In
computerbasedproofconstruction,whetherinteractiveorfullyautomatic,thesefailuresneedtobe
recognisedbytheproofproceduresandtheunderlyingproofconstructionsystemneedstosupport
backtrackingpartsofaproof.Asusual,backtrackingisachievedinCOREviatheproofhistory
backtoaspecificwindowproofstate.Ifajustificationisprunedfromtheproofrepresentation,all
justificationsthatdependonitneedtobeprunedfirst.Theproofhistoryexplicitlyrepresentedin
theproofdatastructureinducesatotalorderingamongthewindowproofstates.Eachwindowproof
stateisabacktrackingpointandbacktrackingisachievedalongtheinducedtotalorderingamong
windowproofstates.Thatchronologicalbacktrackingmayremovemoreproofstepsthannecessary,
asforinstancetheremaybereasoningruleapplicationsthatarenotconceptuallyrelevantforthe
failedproofattempt.However,whetherproofstepsbelongtoaproofattemptornotrequirestoknow
thestrategicinformationthatunderliedtheproofattempts.Thatknowledgeisnotalwaysexplicitly
representedandthusweleavethedecisionwhetherajustificationbelongstoaproofattemptornot
tospecificbacktrackingprocedures.Backtrackingprocedurescanbedefinedasexplicitreasoning
proceduresorbepartofsaytheimplementationofatacticprogramminglanguagewithafailure
andsuccesssemantics.Thebacktrackingprocedurecandecidewhichjustificationsarenotpartof
aproofattempt,memorisethoseproofsteps,and,afterperformingthechronologicalbacktracking,
automaticallyreconstructthesepartsoftheproof.Thiscanforexamplebeachievedbyareplay
mechanismintegratedintheimplementationofsometacticlanguage(seealsoSection9.1).

Summary8.6Theexplicitrepresentationoftheproofhistoryprovidescomplementaryinformationabouttheproof
totheuserandthereasoningengines.Thedatastructureisahierarchicalproofdatastructurethatcon-
tainsCOREwindowreasoningproofstepsaswellastheproofhierarchiesthatareinherentintheorem
proving.Furthermore,theinformalcategoriesofintra-levelandinter-levelproofconstructionsteps
fromSection1.1.2canbeformallydefinedinanaturalwayforthehierarchicalproofdatastructure.
Thetructureandmethodoloeasegicaltherolesofunderstandingsubgoalsoftheintroducedproof.Webyproofrefrainedstepsfromaregivingarepresentedgeneralintheformalproofdefinitiondatas-
ofmethodologicalrolesasthatinformationispurilyheuristical.However,thisdoesnothamperthe
formaldefinitionofspecificmethodologicalrolesforaspecifictheoremprovingprocedure.Therole
informationcanbeexploitedontheonehandtoorganisetheproofsearchandduringthedesignof
itivproofesearchpresentationofprocedures.aproof.OnFtheoreotherxamplehandthethismainideainformationofaproofprovidescanbeafurtherpresentedflebyxibilityonlyforanpresentingintu-
the“main”subgoals–accordingtothemethodologicalcategorisation–andomitthe“conditions”.

Applications

artP

IV

9Chapter

InterfaceforReasoningProcedures

Atheoremprover,whetherinteractiveorfullyautomatic,consistsofasetofreasoningprocedures.In
thischapterwedescribetheinterfaceofCOREto(semi-)automaticreasoningprocedures.Themajor
problemforthedesignofautomaticreasoningproceduresisthelargenumberofpossiblereplacement
flerulesxibilityforeachduringsubtree.proofThissearchlarprogevidednumberbyCofORE.replacementHowever,rulestheisflenoxibilitysurprisemustandbeisacontrolledsignforwhenthe
designingreasoningprocedures.Inordertoputtheproposedsolutionsintocontext,wesketchin
isSectionusedfor9.1theasampleimplementationtacticoflanguageINKA5.0[Schairer[Auteetalxier,et2001]al,1999].implementedTheoninterplaytopofofCOREbacktrackingwhich
implementedinthetacticlanguageandbacktrackingoftheproofstateandproofrepresentationis
inthedescribednumberinofSectionα-and9.2.βIn-typeSectionconnecti9.3vwees,probeforevethatdefiningthethenumbernotionofofreplacementfiltersinrulesSectionise9.4.xponentialFilters
areinspiredbyheuristiccategorisationsimplementedin[Hutter&Sengler,1996]andtheyarethe
solutionreplacementwerules.proposeforFinallya,fleinxibleSectiondefinition9.5weofshowcontrolhowknothetacticwledgeextoecutionsrestrictcanthebeselectionrepresentedofinpossiblethe
tactichierarchicaldefinitionsproof–ismadedatastructureexplicitandinhowthetherebyhierarchiestheofthehierarchyproofamongdatastructure.tactics–implicitlyinducedby

LanguageacticTThe9.1

Thesemanticsoftacticsisdefinedincontinuationpassingstylewhichisastandardtechniqueby
now(cf.[Abelsonetal,1996,Graham,1994,Reynolds,1993,Norvig,1992,Elliott&Pfenning,1991,
Carlsson,1984]).Weonlypresentabriefdescriptionofthetacticlanguagehere.Theideaisto
describetheevaluationofanexpressionewithrespecttoacontinuationSwhichrepresentsthefuture
ofthecomputationafterehasbeenevaluated.AcontinuationSisafunctionofoneargument.In
ordertoevaluateewithrespecttoS,thecontinuationSisappliedtothevalueofe.Evaluationof
aliterallwithrespecttoSis,therefore,describedbyS(l).Evaluationofcomplexexpressionsis
decomposedinsuchawaythatapartoftheexpressionisevaluatedwithrespecttoanewcontinuation
whichcombinestherestoftheevaluationofthecomplexexpressionandalsoconsiderstheoriginal
continuation.Asanexample,ifeisalistofexpressionse1,e2,...,en,itsevaluationrelativetoScanbe
describedbysayingthate1shouldbeevaluated(assumetheresultish)withrespecttothecontinuation
thatevaluatese2,...,en(assumetheresultist)andthenappliestheoriginalcontinuationStothelist
composedoftheheadhandthetailt.Evaluationofcomplexexpressionscanbedecomposeduntil

145

146

CHAPTER9.INTERFACEFORREASONINGPROCEDURES

theexpressiontoevaluateisaliteralorvariableandtherestoftheevaluationisencodedinthe
successcontinuation.Thisdefinesanon-standardinterpreterforthetacticprogramminglanguage
incontinuationpassingstyle,i.e.wecanviewthedefinitionoperationallyasthewayinwhicha
atacticsequenceexpressionofbasiciseexvecuted.aluationThesteps.generalThisisideainisthatcontrastevtoaluationtheisstandardflattenedev(oraluationstratesequentialised)gy,whichinto
evaluatesanexpressionbyevaluatingitssubexpressionsalongitsabstractsyntaxtree,anddoesnot
explicitlysequentialisetheevaluation.
xofTtheacticsnamedcanbetacticdefinedfmayandbenamed,freeinforethexamplesbodyeas.inTactics“tacticfmay(x)=calle”,otherwherenamedtheformaltacticstoparametersolve
subgoalssubproblemofthebeforecurrentevaluatinggoal.theDependingbodyofonthethecalledprooftactic.representationItmayalsothisnecessitatenecessitatestocleaningfocusuponafterthe
evthataluatingsettingtheandbody,cleaningdependingupareondonetheconcreteappropriatelyproof,i.e.beforerepresentation.andafterTheatacticsemanticsiscalled.hastotakNoteethatcare
itthesetsupinterpretertheknoproofwsstate.whichSoitnamedistacticpossibleistobeingmakecalledtheandproofthestateactualvdependentaluesitonisthecalledtacticwiththatwhenis
called.InSection9.5wepresenthowthiscloserelationshipbetweentheactualproofstateandthe
calleddatastructuretacticisofCmadeOReE.xplicitbyintroducingappropriatetacticjustificationsintothehierarchicalproof

Backtracking9.2ThebasictacticalsarethewindowreasoningrulesprovidedbyCORE.Furthertacticalsaredefinedin
thetacticlanguagethatsupportthecombinationofnamedandunnamedtacticstodefinecomplextac-
tics.Amongothers,thetacticlanguageincludesaspecialoperatorchoosewhichimplementssearch.
Itevaluatesitsargument,whichshouldbealistofalternatives,andthenchoosesthefirstalternative
forwhichtheremainingpartoftheevaluationissuccessful,i.e.doesnotfail.Ifthereisnosuchalter-
thenative,settingchooseoffails.continuationsAsusualbyusingthisisasecondrealisedbycontinuationbacktrackingFthatandencodescanbethedonefutureofstraightforwtheevardlyaluationin
iftheevaluationofanexpressionfails.Againthisisastandardtechniquecoveredintheliterature
(cf.[Abelsonetal,1996]).Tacticscanexplicitlycallfailwhichisanabbreviationforchoose([])
andfailsstraightaway.Inorderforthistoworkproperly,sideeffectsoftacticsneedtoberestricted
suchthattheycanbebacktrackedover.
Inparticular,becausethereisaninteractionbetweentheevaluationoftacticexpressionsand
theproofrepresentation,thesemanticshastoensurethattheproofrepresentationisadjustedwhen
backtrackingoccurs.Thisisimportantinparticularwhenupdatingtheproofrepresentationisdone
bydestructivelyupdatingproofdatastructures.Inthiscase,sinceevaluationofatacticexpression
canmodifytheproofstatebetweenthetimeachoicepointissetupandthetimethesubsequent
tothecomputationrememberedfails,thestateproofbeforestateahasnewtobealternativerememberedistried.beforeThisahaschoicebeenisbtrieduiltandintohasthetobesemanticsrewoundof
chooseinsuchawaythatonlyonecomputationforeachchoicepoint,correspondingtotryingthe
firstsuccessfulchoicefromthelistofalternatives,hasleftmodificationsintheproofrepresentation.
Theneteffectisthattheproofrepresentationisalwayswell-formedandonlycontainspartsthat
correspondtosuccessfulevaluationpaths.Furthermore,eachsuccessfulexecutionofatacticcanbe
associatedwithawell-definedpartoftheproofrepresentation(cf.Section9.5).
Foreachbacktrackingpointtheactualproofstateisstored.Eachproofstatecorrespondstoaset
ofproofnodesintheproofdatastructure(seeChapter8).Thus,forthepurposeofbacktrackingitis

RCEMENTREPLA9.3.ULES

147

sufficienttosavetheproofstatebeforetacticexecution.Ifatacticexecutionisbacktracked,theproof
state,andthusthetheproofrepresentation,isbacktrackedtotheinitialwindowproofstatewhich
isassociatedtothattactic(cf.Section8.5).However,savingawholeproofstatebeforeeachtactic
executionisexpensive,andintheimplementationtheproofstateistransformedbyruleapplications
andthedifferencesbetweentwoproofstatesaresaved.Thedifferencesareexplicitlymaintainedin
theproofrepresentationandareusedtobacktracktoapreviousproofstatebyapplyingtheinverse
ferences.dif

RulesReplacement9.3Asmentionedabove,thebasictacticalsaretheCOREwindowreasoningrules.Whilemostof
theserulesinvolveanon-deterministicchoice,liketheselectionofsubtreestoopensubwindows,the
branchingfactorfortheapplicationofreplacementruleshasaparticularlyhighcomplexity.Itresults
fromtheworstcaseanalysisforthenumberofreplacementrulesforsomesubtreeoftheFVIF-tree.
WedenotebyRules(R)thesetofallreplacementrulesforsomesubtreeR.
nodes.LemmaThen9.3.1thecardinality(Complexity)ofLetRulesR(beRa)isO(FVIF-treed22ofnα+ndepthβ).dandwithnαα-typenodesandnββ-type
Proof.ForeachsubtreeRthenumberofpossibleleft-handsidesforareplacement2islimitedbythe
numberofα-relatedsubtreesandtheirdepth.AsubtreeofdepthdcontainsO(d)subtrees.For
aeachofreplacementtheserule.subtreesForRI,eachthereRarethereatmostarenatβmost-relatedO(2nα)subtreespossibleRVtoweakobtainenedthesubtrees.right-handThus,sidesforof
nVnn+n
eachcompleRIxitythereforaretheatnumbermostOof((2α)βreplacement)=O(2rulesαβfor)eachpossibleRisO(dreplacement2)O(2nrules.α+nβ)=Hence,O(dthe2w2norstα+nβ)case.

Thishugenumberofpossiblereplacementrulesmustbehandledduringautomaticproofsearch,
ofasaitisreplacementcertainlynotrulefeasiblefromthetoalwconteaysxt,twgenerateokindsallofpossibleinformationreplacementcanberules.usedFtoortherestrictthedeterminationsearch:
thatfirst,onlyrestrictionsleaf-nodescanbeareusedimposedastoleft-handdeterminesides,possibleoronlyleft-handthosesidessubtreesofarerules.consideredExamplesasforthisleft-handare
thesides,ifpossibletheirlabelright-handsharessidescertainofaruleconstantcanbesymbolsrestrictedwithbytheproformulavidingdenotedinformationbyawindoaboutwho.worSecondlyhow,
nottoweakentherespectivesubtrees.

Filters9.4Fortheinterfacetoautomaticreasoningprocedureswithintroducethenotionoffiltersthatareusedto
generateonlythesereplacementrulesthatfulfilltherequirementsdescribedinthefilter.Afiltercon-
sistsoftwoparts,oneforthedescriptionofpossibleleft-handsides,andasecondforthedescription
howtoweakentheβ-relatedsubtreestodeterminetheright-handsides.
Left-handsidesofreplacementrulesareeitherFVIF-treesorleft-orright-handsidesofε-type
leafnodes.Thus,thedescriptionofpossibleleft-handsidesofrulesisdefinedasapredicateover
FVIF-treesandε-typenodesRoflabelε(s,t)togetherwithasubtermoccurrenceπthatdenoteseither
sort,i.e.π=[1]orπ=[2].WedenotebyRthesetofallFVIF-treesandbyEallε-typenodesinR

148

CHAPTER9.INTERFACEFORREASONINGPROCEDURES

annotatedbyeither[1]or[2].GivenR[1]∈EitscomplementaryelementisR[2]andvice-versa.Then
thedescriptionofadequateleft-handsideisapredicateoverRE.
Right-handsidesofreplacementrulesaredeterminedbytheleft-handsideandtheweakeningof
theβ-relatedformulas.Iftheleft-handsideisfromE,thentheright-handsidescontainsthecom-
sidesplementaryarecomposedelementofandthetheweakweakenedenedsubtreessubtreesofofsubtreestheββ-related-relatedtosubtrees.theleft-handOtherwise,side.theHoweverright-hand,for
theeachdescriptionleft-handofsidethethereright-handmaybesesidesveralisapossiblebinarylistspredicateofovright-hander(REsides,)(dueRtoE)weakthatening.holdsThus,for
thosecombinationofleft-andright-handsidesthatareinthedomainofthefilter.
admissibleDefinition9.4.1left-hand(Filter)sidesAandfilteraFbinary:=PL,predicatePRisPRovcomposeder(RofEa)(predicateREP)LovtoerRfilterEtoadmissiblefilter
replacementruleswithadmissibleleft-handsides.ThefilterfunctionforFisthefunction∇that
assignstoeachsubtreeRthesetofrulesthatareadmissiblewithrespecttothefilter.ThefunctionFis
ws:folloasdefined∇F(R):={u→v1,...,vn∈Rule(R)|bothPL(u)andPR(u,{v1,...,vn})hold}

Eachtacticisaspecificationofaproofsearchprocedure.Forinstanceasimplificationtactictries
toreducethesizeofatermaccordingtosomegiventermordering;aninductiontactictriestoapplyan
inductionaxiomthatissuitableforagivenproblem;aripplingtactictriestoenabletheapplicationof
theinductionhypothesis;oratacticmayimplementasuperpositionstrategy[Bachmairetal,1992].
Eachkindoftacticorsetoftacticsrequiresspecificreplacementrules.Weviewfiltersasthe
primaryinfrastructuretospecifythedifferentclassesofreplacementrules.Forexampleforthesim-
plificationtactics,therequiredreplacementrulesu→v1,...,vnareeitherthosewheretheright-hand
sideisempty,i.e.n=0,orthatresultfromε-typeleafnodes,n=1anduisgreaterthanv1withre-
specttoawell-foundedtermordering.FortheRipplingtacticthecategorisationreliesonthenotion
ofskeletonsandtherelativeoccurrencesofcontextswithrespecttotheskeletonpart.Forasuper-
positiontactic,theleft-handsidemustbegreaterthananyright-handside,again,withrespecttoa
ordering.termwell-foundedThefilterinfrastructureisinterfacedtothetacticsbyhavingaspecialoperatorinthetacticlan-
guagenamedfilters.Furthermore,thetacticlanguagesupportstheassignmentoffilterstowindows.
Theeffectisthatforeachwindow,thesetofreplacementrulesaredeterminedwithrespecttoall
filtersassignedtothatwindow.Havingaspecialoperatorinthetacticlanguageallowsustointegrate
thechangeofassignmentstowindowsintothedescriptionofcomplextactics.
ThereplacementofactivewindowsbynewactivewindowsduringtheapplicationofCOREwin-
dowreasoningrulesrequiresageneralprinciplefortheinheritanceofassignedfiltersfromtheoriginal
setofactivewindowstothenewsetofactivewindows.Todefinethisinheritanceprinciple,theproof
datastructureisused,whichcontainstherelationshipbetweentheoldandthenewactivewindows.
IfaCOREreasoningrulejustifiesaproofnodeforsomewindowwbyasetofproofnodesfornew
activewindowsw1,...,wn,thenthefiltersassignedtowareinheritedtoeachwi.Takeasanexample
thesubwindowreasoningrule(cf.Definition6.3.2,page102)thatisappliedonsomeactivewindow
w:therulejustifiesthewindowproofnodeforwbyasubwindowjustificationtothewindowproof
nodesforthenewsubwindows:

9.5.TACTICEXECUTION&HIERARCHICALPROOFDATASTRUCTURE149

mentn/RefineJustification/AbstractioSubwindow-Open(L1,...,Ln)

LabelWPStateWindowJustification/Abstraction/Refinement
L0WPSwSubwindow-Open(L1,...,Ln)
L1WPS1w1
.........
LnWPS1wn
stateofThus,anyeachotherwiactivinheritsewindothewwassignedbyfiltersintroducingfromanw.Adapt-WFurthermore,indow-Prtheruleoof-Stateadaptstothethewindowindowwproofproof
nodeforwwithrespecttothenewwindowproofstate:
LabelWPStateWindowJustification/Abstraction/Refinement
LWPSwAdapt-Window-Proof-State(L1)
LWPS1w
Thus,theassignmentoffiltersispreservedforthesewindows.

9.5TacticExecution&HierarchicalProofDatastructure
ThehierarchiesinproofdatastructureforCOREsupporttherepresentationofaCOREderivationat
differentlevelsofabstractions.Tactics,especiallynamedtactics,definedinthetacticlanguagearea
hierarchicalspecificationofproofsearchmethodologies.Takeasanexampleatacticoftheform
f(t1,...,tn)=...g(ti)...
whichisthedefinitionofanamedtacticfwithformalparameterst1,...,tn,thatcallssome
furthertacticgwithti.Whenthetacticfisexecuteditinvolvestheexecutionofthetacticg.Thus,
thatcalltofishierarchicallyhigherthanthesubsequentcalltog,anditisdesirabletorepresent
efthisfectifvactenessintheoftheproofusedtactics.datastructure,Noteforethatxamplethisisinalsoorderpossibletoalloforwarecursive“post-mortem”callstotactics:analysisinofthatthe
casethefirstcalltosometacticfishierarchicallyhigherthansubsequentcallstothesametactic.
Inordertorepresentthehierarchicaldependenciesbetweentacticcalls,weneedtodetermine
thewindowproofnodesrespectivelybeforeandafterthecalltosometacticf.Forthoseinitial
exwindoecutionwproofwenodesintroducethatforareNaactivelynewrelatedjustification(cf.thatDefinitiondescribes8.3.2)thattowindotacticwcall.proofThenodesnewNafterjustificationtactic
isanAsabbrealreadyviationofmentionedtheseabopathsve,andthethuswindoitwisproofaddedtostatesthesetbeforeJAandoftheafterthedirectedcallofajustificationstacticareofsaNv.ed
bythetacticinterpreter.Thus,definingthecalltoanamedtacticfwithactualparameterst1,...,tnwe
canassumethatthewindowproofstatesareknown,andcalledWPSbeforetacticexecutionandWPS
afterWPS.tacticForexeachecution.w∈WThen,whoseletWwindobewtheproofactivenodewindoNwwsisinactivWPSelyandjustifiedWbebythesomeactivewindowindowwsproofin
nodewithrespecttoWPS,letNwbeallwindowproofnodeswithrespecttoWPSofwhichNw
depends(cf.Definition8.3.1).ThenweintroduceanadditionalabbreviatingjustificationJ:=
(Callf,{t1,...,tn}):NwforthewindowproofnodeNw.f(t1,...,tn)
Alongthesamelinesabbreviatingjustificationscanbeintroducedforthetacticalsusedinthe
bodyofnamedtactics.Doingso,thehierarchicalproofdatastructureisanexplicitrepresentation
ofalllevelsofabstractionscontainedintacticsthathavecontributedtothederivation.Thisexplicit

150

CHAPTER9.INTERFACEFORREASONINGPROCEDURES

informationisnotonlyinterestingfortheuser,butalsoforthemonitoringoftacticexecutions.The
latterisespeciallyvaluableforauserinordertoanalysetheefficiencyoftheproofsearchprocedurehe
specifiedinthetactics.Furthermore,itcouldserveasabasisforoptimisationoftacticspecifications.

Summary9.6

InthischapterwehavesketchedtheinterfaceofCOREtoautomaticreasoningproceduresusingthe
tacticlanguageof[Autexieretal,1999]todesignreasoningprocedures.Wesketchedtherelation-
shipsbetweenontheonehandproofdevelopmentandbasictacticals,andontheotherhandbetween
proofbacktrackingandfailurecontinuationsintheimplementationofthetacticlanguage.Inorder
tohandlethelargenumberofpossiblereplacementrules,weintroducedthenotionofafilterfor
theselectionofreplacementrules.Filtersandtheirassignmenttowindowsarefurtherprimitives
inthetacticlanguage.Alsowedescribedtheuniforminheritancemechanismforfiltersduringrule
applications.Finally,weshowedhowtheimplicittactichierarchiescanbemadeexplicitbyappro-
priatejustifications.Therebythehierarchyoftacticcallsthatcontributedtotheproofisexplicitly
representedintheproofdatastructure.Thisrepresentationsupportsabetterunderstandingofhowthe
proofwasconstructedanditcanalsobeexploitedtoanalysetheefficiencyoftactics.

10Chapter

CalculusSequentInterfaceStyle

Inthischapterweshowhowasequentstylecalculus[Gentzen,1969]canbedefinedontopofCORE.
doThewproofsequentsstate.requiredRoughlyby,thesesequentscalculiarearelistsdefinedofactiwithverespectwindotowsthethatactivareeαwindo-related,wsofbautCOtheREactiwin-ve
windowsofawindowproofstatemustsatisfyfurtherproperties,calledthesequentialityproperty.
Thestatewithsequentialityrespecttopropertytheactiveenforceswindoaws.specificThepreservstructureationofofthethatFVIF-treestructureofaduringCORtheEwindoapplicationwproofof
thedecompositionsequentcalculusofinternalstyleβ-typeinferencesignedrulesformulas,requiresawhilespecificβpreservingthe-decompositioncontextrulethatsurroundingallowsthoseforforthe-
Suchmulas.aruleIntuitivhasely,beenitsupportsproposedthebyderiSchv¨ationutteinofthe[Sch¨utte,formulaβ1977](ϕ(Aand),ϕ(weB))provfromeinaSectionformulaϕ10.1(β(Athe,B))ad-.
themissibilityformalofdefinitionthisruleofinthesequentsCORonEtopofcalculus.aCORBasedEonwindoawwindoproofwvstateersionandofthethisruleimplementationwepresentof
thesequentstylecalculusinSection10.2.Finally,wediscusstherelationshipofthiscalculustothe
thetheoremsequentprovingstylemodulocalculuscalculustogether[Dowithwektheetal,reasoning1998,Dowek,capabilities2000]ofCandORproEnotvideonlysomeesubsumes,videncebthatut
alsoextendthefeaturesofthecalculus.

10.1Sch¨utte’sβ-DecompositionRule
Inthissectionwepresenttheβ-decompositionrulefrom[Sch¨utte,1977]andprovethatitisaderived
reasoningruleinCORE.Thederivedreasoningruleissubsequentlyusedinordertodefinetheβ-
decompositionruleforthesequentstylecalculusdefinedinthischapter.
positionExploitingofβ-typetheformulasuniforminnotation[Sch¨utte,introduced1977]isforthedefinedasrepresentationfollows:ofsignedformulas,thedecom-
ϕ(ApA)pϕ(BpB)p
ϕ(β(ApA,BpB))pβ-Decompose
exactlywhereonceϕiswithanyahigherdefined-orderpolarityinpredicateψp,offorantypeypo∈→{o,+and}.ofInthe[Sch¨formutte,λxo1977]ψ,thissuchrulethatisxrestrictedoccurs
toanditssituationsgeneralisedwherevϕersioncontainscanbenoβdefined-typeforCformulas.OREHoproofweverstates,theasrulefolloisws:soundforthegeneralcase,

151

152

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

pppBAbeaDefinitionproofstate10.1.1with(Scha¨uttesubtreeβRof-Decompositionlabelϕ(β(ARule)pA,BpBLet))[pQ,andσϕLisR(ofϕ(βthe(Aform,Bλx))o)]ψ,,p∈such{,that+}x,
pstepoccurs[Q,eσxactlyLR(ϕonce(β(AwithpA,aBpB))definedp)]→polarity[Q,σinψL.R(βThen(ϕ(AthepA)Sc,ϕh(¨ButtepBβ))p)].-decompositionofRistheproof
Thisβ-decompositionruleisadmissibleintheCOREcalculus,i.e.wheneverwehaveaproof
statewhereinitsFVIF-treeoccursasubtreeoflabelϕ(β(ApA,BpB))p,thenwepAcanfindpaBpsequenceof
COREreasoningstepstransformingthatsubtreetoasubtreeoftheformβ(ϕ(A),ϕ(B)).
Lemma10.1.2(AdmissibilityofSch¨utteβ-DecompositionRule)EachapplicationoftheSch¨utte
β-decompositionrulecanbesimulatedbyasequenceofCOREcalculusrules.
Proof.Thehigher-orderpredicateϕisoftheformλxψ,wherexoccursexactlyonceinψandhasa
definedpolaritywheneverψhasadefinedpolarity.
Theproofofthislemmaisbyinductionoverthestructureofψ:
BaseCaseψ:=x:thusϕ:=λxxandϕ(β(ApA,BpB))pisβ(ApA,BpB)pandtheproofstateisnot
rule.thebychangedInductionStep:Byinductionhypothesiswecanassumethattheconjectureholdsforsomeψ,resp.
ϕ:proofs=λxforψp.:=Weproarevetheanalogous.inductionThestepprooffortheprinciplecaseforwhereeachthecasepolarityistopisencodeposititheve,βi.e.p:=-decomposition+.The
β(proofϕ(ApAstep),ϕin(BapB)),sequenceproveofoneCORsideEofproofthesteps:formulafirst,werepresentingperformtheacutcutbyonRovreplacementerthenerulewapplication,subformula
andreducethesubtreetothedesired“shape”bysimplificationandweakening.
1.ψ:=¬(ψ):thus,ϕ:=λx¬(ψ)
[Q,σLR(¬(ϕ(β(ApA,BpB)))+)]
→I.H.[Q,σLR(¬(∨(ϕ(ApA),ϕ(BpB))))]
Atthisstagewecutovertheformula¬(ϕ(ApA))∧¬(ϕ(BpB)).Thisintroducesa
positiveandpAanegativepBversionofthatformula,i.e.∧(¬(ϕ(ApA)),¬(ϕ(BpB)))+and
∧(¬(ϕ(A)),¬(ϕ(B))).
Thus,weobtaintheproofstate:

Weakening
∧(¬(ϕ(ApA)+),¬(ϕ(BpB)))∨¬(∨(ϕ(ApA),ϕ(BpB)))+
[Q,σLR∧]
∧(¬(ϕ(ApA)+),¬(ϕ(BpB)+))⇒¬(∨(ϕ(ApA),ϕ(BpB)))+
A2A1R2R1
Subsequently,weapplytheunconditional(replacement1)rules(2)obtainedfromR1andR2respec-
tivelytothesubtreesA1andA2.ThisreplacesthesesubtreesbyFalsewhichallowstoprove
thispartofthecut-formulabysimplification.Theupperoccurrenceoftheoriginalsignedfor-
mulaisweakenedandfinalsimplificationofthewholesubtreeresultsintheproofstate:
[Q,σLR(∧(¬(ϕ(ApA)),¬(ϕ(BpB)))+)]

10.1.SCH¨UTTE’Sβ-DECOMPOSITIONRULE
2.ψ:=∧(C,ψ):thus,ϕ:=λx∧(C,ψ):
[Q,σLR(∧(C,ϕ(β(ApA,BpB)))+)]
→I.H.[Q,σLR(∧(C,∧(ϕ(ApA)+,ϕ(BpB)+)))]

153

Atthisstageweperformacutovertheformulafor∧(∧(C,ϕ(ApA)),∧(C,ϕ(BpB))).Thisintro-
ducesapositiveandanegativeversionofthatformula,i.e.∧(∧(C,ϕ(ApA)),∧(C,ϕ(BpB)))+
and∧(∧(C,ϕ(ApA)),∧(C,ϕ(BpB)))
Thus,weobtaintheproofstate:

Weakening
∧(∧(C,ϕ(ApA)),∧(C,ϕ(BpB)))+∨∧(C,∧(ϕ(ApA)+,ϕ(BpB)+))+
[Q,σLR∧]
R0R1R2A0A1A2
∧(∧(C,ϕ(ApA)),∧(C,ϕ(BpB)))⇒∧(C,∧(ϕ(ApA)+,ϕ(BpB)+))+
(3)(1)(2)
Subsequently,weapplytheunconditionalreplacementrulesobtainedfromR0,R1andR2re-
spectivelytothesubtreesA0,A1andA2.ThisreplacesthesesubtreesbyTrue+whichallowsto
provethispartofthecut-formulabysimplification.Theupperoccurrenceoftheoriginalsigned
formulaisweakenedandfinalsimplificationofthewholesubtreeresultsintheproofstate:
[Q,σLR(∧(∧(C,ϕ(ApA)),∧(C,ϕ(BpB)))+)]
3.ψ:=C∨ψ:thus,ϕ:=λx∨(C,ψ):
[Q,σLR(∨(C,ϕ(β(ApA,BpB)))+)]
I.H.→[Q,σLR(∨(C,∧(ϕ(ApA)+,ϕ(BpB)+)))]

Atthisstageweperformacutovertheformulafor∧(∨(C,ϕ(ApA)),∨(C,ϕ(BpB))).Thisintro-
ducesapositiveandanegativeversionofthatformula,i.e.∧(∨(C,ϕ(ApA)),∨(C,ϕ(BpB)))+
and∧(∨(C,ϕ(ApA)),∨(C,ϕ(BpB)))
Thus,weobtaintheproofstate:

Weakening
∧(∨(C,ϕ(ApA)),∨(C,ϕ(BpB)))+∨∨(C,∧(ϕ(ApA)+,ϕ(BpB)+))+
[Q,σLR∧]
∧(∨(C,ϕ(ApA)),∨(C,ϕ(BpB)))⇒∨(C,∧(ϕ(ApA)+,ϕ(BpB)+))+
A0A2A1R2R1
(1)(2)

154

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

Subsequently,weapplythereplacementrulesfromR1andR2respectivelytoA1andA2,which
arebothreplacedby¬(C)+.Onthesetwonewsubtreesweapplytheunconditionalreplace-
mentrulefromA0toC,whichreplacesthesesubtreesbyFalseandFalse,whichallowsto
provethispartofthecut-formulabysimplification.Theupperoccurrenceoftheoriginalsigned
formulaisweakenedandfinalsimplificationofthewholesubtreeresultsintheproofstate:
[Q,σLR(∧(∨(C,ϕ(ApA)),∨(C,ϕ(BpB)))+)]
4.Thecasesforψ:=C⇒ψandψ:=ψ⇒Ccanbeprovedanalogously.
5.ψ:=ψ,andthusϕ:=λx(ψ):notethatintheFVIF-treethesubtreeforQϕ(β(ApA,BpB))
hasareferencetothesubtreeQofQfromwhichstemsthismodalquantifier.Thuswehave:
[Q,σLR(Qϕ(β(ApA,BpB)))+)]
I.H.→[Q,σLR(Q(∧(ϕ(ApA)+,ϕ(BpB)+)))]
Atthisstageinsteadofperformingacut,weapplytoQ(∧(ϕ(ApA)+,ϕ(BpB)+))themodal
obtaintorulepermutationstructural[Q,σLR(∧(Q(ϕ(ApA)),Q(ϕ(BpB))))]
whichprovesthatcase.Theothercasewhereψ:=(ψ)isanalogous.
WenowdefineawindowversionoftheSch¨utteβ-decompositionrule.
Definition10.1.3(WindowSch¨utteβ-DecompositionRule)Let[Q,σL(R,f)]beawindowproof
state,RasubtreeofRoftheformϕ(β(ApA,BpB))p.LetfurtherR:=β(ϕ(ApA)p,ϕ(BpB)p)pbethe
FVIF-treethatreplacesRintheSch¨utteβ-decompositionrule,andιA:S(R)\S(β(ApA,BpB))→
S(ϕ(ApA)p)\S(ApA)andιB:S(R)\S(β(ApA,BpB))→S(ϕ(BpB)p)\S(BpB)theobviousisomor-
phisms.Finally,letfAϕandfBϕbethewindowstructuressuchthatfAϕιA=ιAf↓S(R)\S(β(ApA,BpB))and
fBϕιB=ιBf↓S(R)\S(β(ApA,BpB))hold.ThenthewindowSch¨utteβ-decompositionruleisdefinedby
[Q,σL(R,f)]Sch¨utteβ-Decomposition
[Q,σL(R,f)R (R,f)]
whereifthereisannsuchthatf(n)=R,thenf:=fAϕfBϕf↓ApAf↓BpB{n→R};otherwise
f:=fAϕfBϕf↓ApAf↓BpB.

10.2SequentsandSequentStyleInferenceRules
Letrules.usWnoewusetheintroducewindothewnotionreasoningofsequentscapabilities[Gentzen,ofCORE1969]andondefinetopofthesequentsCORasEawindolistofwwindoreasoningws,
thatdefining(1)thedenotesequent,subtreestherethatarearenoαβ-related,-relatedandsubtrees(2)intothethesmallestwindows.subtreeFurthermore,thatcontainsinorderalltowindoensurews
thatthesequentsonlydenoteformulasandatoms,werequirethewindowsusedinsequentstonot
denoteinnersubstructures(seeDefinition6.2.1).

10.2.SEQUENTSANDSEQUENTSTYLEINFERENCERULES

155

Definition10.2.1(Sequents)LetWPS:=[Q,σL(R,f)]beawindowproofstateandw1,...,wn
activewindows,suchthatw1,...,wihavenegativepolarityandwi+1,...,wnhavepositivepolarity.Let
furtherRbethesmallestsubtreethatcontainsallsubtreesdenotedbyw1,...,wn.Thenw1,...,wi
wi+1,...,wnisasequentwithrespecttoWPSif,andonlyif,
1.allwidonotdenoteinnersubstructuresoftheR(cf.Definition6.2.1),
2.allwiareα-relatedbetweeneachother,and
3.thereisnosubtreeinRthatisβ-relatedtoanywi.
Wesaythatasequentw1,...,wiwi+1,..+.,wnisprovedif,andonlyif,atleastoneofthewidenotes
asubtreethatisproved,i.e.iseitherTrue,False,orζ(s,s).
Notation10.2.2Inthesequel,weagreetodenoteasequentw1,...,wiwi+1,...,wnalsobysim-
plywritingthelistofwindoww1,...,wi,wi+1,...,wn,sincethesequent-structureisuniquelydeter-
mineduptopermutationsofwindowsbythepolaritiesofthewindows.Furthermore,wemaywrite
ϕ1p1,...,ϕnpntodenoteasequentcomposedofnwindows,eachdenotingasubtreeoflabelϕiand
.ppolarityiBasedonthisdefinitionofsequentswedefinethesequent-stylecalculusrules.Thedecomposition
rulesarebasedontheopeningofsubwindows,exceptfortheβ-decompositionrule,whichrelieson
thewindowSch¨utteβ-decompositionrule.Notethatthereareneitherγ-norδ-rules,sinceFVIF-trees
donotcontainquantifiedformulas(exceptforquantifierswithoutpolarities).
AproofstateforsequentcalculusconsistsofastandardCOREwindowproofstate[Q,σL(R,f)]
togetherwithasetofsequents.Inordertoensurethatthesequentscoverallpartsoftheproofstate,
weintroducethenotionofaspanningsetofsequents.AsetofsequentsSisspanningwithrespectto
[Q,σL(R,f)]if,andonlyif,anyliteralnodeinRiscontainedinasubtreedenotedbyoneofthe
windowsinsomesequentfromS.
Definition10.2.3(CORESequentProofState)Let[Q,σL(R,f)]bevalidCOREwindowproof
stateandSasetofsequentswithrespectto(R,f).Then[Q;σ;(R,f)LS]isavalidCOREsequent
proofstateif,andonlyif,SisspanningforR,i.e.anyliteralnodeinRiscontainedinasubtree
denotedbyoneofthewindowsinsomesequentfromS.Asequentproofstateisprovedif,andonly
if,allsequentsofthatsequentproofstateareproved.
Inorderforasetofsequentstobespanning,theactivewindowsintherespectivewindowproof
statemustalsobespanning,i.e.allleafnodesoftheFVIF-treemustbecontainedinasubtreedenoted
bysomeactivewindow.Thus,inordertoallowforastaticdeterminationofaspanningsetofsequents,
weaimatthedefinitionofaninvariant,whichencompassestheinvariantthattheactivewindowsare
spanning.ayswalInordertomotivatethedefinitionofthatinvariantassumeagivenwindowproofstatewitha
spanningsetofactivewindows.Thesequentswithrespecttothesewindowsshouldbeuniquely
determinedbypartitioningtheactivewindowsintosetscontaininganactivewindowandallother
activewindowsthatare(1)α-relatedtothatwindowand(2)allthewindowsinasequentshouldbe
unconditionalbetweeneachother.Thesecondpropertymeansthatnoneofthewindowscontainedin
asequenthasaβ-relatedpartinthe(smallest)subtreecontainingallwindowsthatformthatsequent.
Thus,wedefinetheinvariantasfollowsbythenotionofsequentialactivewindows:

156

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

αno

noβnoβ...noβnoβ

Γ1Γ2Γn1Γn

Figure10.1:StructureoftheFVIF-treeenforcedbythesequentialityproperty.

activDefinitionewindo10.2.4wsfromf(SequentialaresequentialActiveif,Windoandws)onlyif,Let[(1)Q,σtheLacti(vR,ef)]windobeawswindoarewspanningproofforstate.RandThe
(2)eachα-relatedwindowwofsomeactivewindowwisunconditionalwithrespecttow.
ThesequentialitypropertyenforcesaspecificstructureoftheFVIF-tree,whichisshowninFig-
ure10.1:theFVIF-treeconsistofanupperpart,wherenoα-typenodeoccursandalistoflowerparts
wherenoβ-typenodeoccursabovethesubtreesdenotedbytheactivewindows.Atthebottomofthe
lowerpartsoccurthesubtreesdenotedbytheactivewindowsintheΓi.Enforcingthisinvariantduring
dowssequentbystylepartitioningreasoningthesealloaswsusdescribetostaticallyabove.Obdetermineviously,theforeachsequentssetfromofthesequentialsequentialactiveactivwindoewin-ws
shotherewisthatonlythisoneinvariantpossibleholdspartitionintheandinitialthusstatetheandsequentsthatitareispreservuniquelyedduringdetermined.sequentInthecalculussequelrulewe
applications.Thus,wecanstatethefollowinglemmathatcapturestherelationshipbetweenwindow
proofstateswithsequentialactivewindowsandCOREsequentproofstates.
Lemma10.2.5LetWPSbeawindowproofstatewithsequentialactivewindowsandSbethese-
quentsobtainedbypartitioningtheseactivewindows.Then[Q;σ;(R,f)LS]isaCOREsequent
state.proofProof.Followsdirectlyfromthedefinitions.
TheinitialCOREsequentproofstateconsistsofasinglesequentcomposedofthesingleinitial
top-levelwindowofthewindowproofstate.Itholdstriviallythatthissingletonactivewindowforms
asetofsequentialactivewindows,andtheonlypossiblesequentforitisw.Thus,forsomeclosed
formulaϕ,if[Q,idL(R,{w→R})]istheinitialwindowproofstateforϕ,then[Q;id;(R,{w→
R})Lw]istheinitialCOREsequentproofstate.
RuleAxiomStyleSK10.2.1Theaxiomruleinasequentcalculusclosesanopensequentoftheforms:Γ,AA,ΔorΓs=s,Δ.
Inourrepresentationthefirstsequentisnotyetprovedbutthelatteris.Thus,theaxiomruleshall

10.2.SEQUENTSANDSEQUENTSTYLEINFERENCERULES

157

“prove”sequentsoftheformΓ,AA,Δ.Duetothestructureofsequents,thetwowindowsdenoting
thepositiveandnegativeoccurrencesofAareα-relatedbetweeneachotherandtherearenoβ-related
ruleformulasfromtoAthosethatincanthebesubtreeappliedoncontainingA+andbothreplacesofthem.itbyTThus,rue+there(orisviceanversa).unconditonalTheapplicationreplacementof
ethatxplicit,ruletheCtransformsOREthesimplificationsequentintoruleΓis,AappliedTrue,onΔ,thewhichsubtreeisathatprovedcontainssequent.theInsequentorderΓ,toAmakTruee,thatΔ;
itsimplifiesthatsubtreetoProvedp(i.e.True+orFalse)andclosesallthewindowsonthatsubtree.
ItremainsasingleactivewindowonProvedpandthesequentialityoftheactivewindowsistrivially
ed.preserv

10.2.2SKStyleWeakeningRule
Thesequentcalculusweakeningrulesarerespectively1
Δ,ΓΓ,Ap,ΔWeakening
InoursettingtheweakenedpartscorrespondtothesubtreesintheFVIF-treedenotedbythe
windowsAandB,respectively.Accordingtothedefinitionofthewindowweakeningrule(Defini-
tion6.3.9)wecanachievetheeffectofthesequentweakeningrulebyapplyingthewindowweakening
ruletothesubtreethatcontainsthedenotedwindow.Thereby,boththesubtreeandthewindoware
removedandweendupwiththenewsequentΓΔ.
ForthedefinitionoftheweakeningrulewemustdetermineaparentnodeofthesubtreeRdenoted
bythewindowwthatshallbeweakenedforwhichitholds:theparentnodemusthaveprimarytype
αandinthesubtreecontainingRthereoccursnootherwindowthanthewindoww.Bythestructure
requiredbysequentialactivewindows,thisisonlypossibleiftheto-be-weakenedwindowisnotthe
onlywindowdefiningthesequent.Inotherwords,wecanonlyweakenApinΓ,Ap,Δ,ifeitherΓor
Δarenon-empty.Thisisnotaseriousrestriction,sincetheweakeningofAinasequentlikeA.
resultsintheemptysequent..,whichisnotprovable.
Definition10.2.6(SKWeakeningRule)LetWPSbeawindowproofstatewithsequentialactive
windows,wanactivewindowandΓ,w,ΔasequentwithrespecttoWPS,andΓ∪Δ=0/.Letfurther
beRthesmallestparentnodeofthesubtreeRwdenotedbywthatcontainsnootherwindowthanw
andwhoseparentnodeisoftypeα.ThentheSKweakeningruleappliesthewindowweakeningrule
ontheparentofRbyweakeningR.
Lemma10.2.7(AccuracyofDefinition10.2.6)TheSKweakeningruleyieldsawindowproofstate,
thatalsohassequentialactivewindowsandcontainsthesequentΓ,Δ,Γ∪Δ=0/,insteadofthesequent
Γ,w,Δ.
Proof.Duetothestructureofasequent–ensuredbythesequentialitypropertyofactivewindows–if
thereareatleasttwowindowsinasequent,theremustbesuchanα-typeparentnodeR.Theweak-
eningofthatnodebyreplacingitwiththatsubtreenotcontainingtheweakenedwindowpreserves
theotherwindowsandremovesw.Additionallyitpreservesthesequentialityoftheremainingactive
windows.Thus,inthenewwindowproofstatewehavethesequentΓ,Δ.
1ThenotationforsequentsisdefinedinNotation10.2.2.

158

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

RuleContractionStyleSK10.2.3Thecontractionrulesinasequentcalculusare
Γ,Ap,Ap,Δ
Γ,Ap,ΔContraction
Thecontractionformulascorrespondtoactivewindowsinoursettingandtheactualcontraction
operationcorrespondstotheapplicationofthewindowcontractionruleontherespectivewindow.
Bydefinition,thatrulealsocreatesanewwindowforthecopiedsubtree.Sincethecontraction
isperformedbyα-insertingthecopiedsubtreeontheoriginalsubtree,thistriviallypreservesthe
sequentialityoftheactivewindows.
Definition10.2.8(SKContractionRule)LetWPSbeawindowproofstatewithsequentialactive
windows,wanactivewindow,andΓ,w,ΔasequentwithrespecttoWPS.TheSKcontractionofw
consistsinapplyingthewindowcontractionruletowwhichresultsinanewactivewindowwand
thesequentΓ,w,w,Δ.
Lemma10.2.9(AccuracyofDefinition10.2.8)TheSKcontractionruleyieldsawindowproofstate
thathassequentialactivewindowsandcontainsthesequentΓ,w,w,ΔinsteadofΓ,w,Δ.
Proof.Followsdirectlyfromthedefinitionofthewindowcontractionruleandthesequentialityofthe
originalwindowproofstate.

10.2.4SKStyleα-DecompositionRule
Thesequentcalculusrulesforα-decompositionarerespectively

Γ,ApA,BpB,ΔΓ,Ap,Δ
Γ,α(ApA,BpB)p,Δα-Binary-DecomposeandΓ,¬(Ap)p,Δα-Unary-Decompose
Inoursettingtheα(ApA,BpB)p(respectively¬(Ap)p)isthecontentofanactivewindowand
theα-decompositioncorrespondssimplytotheopeningofsubwindowsforthesubtreesApAandBpB
(respectivelyonlyforAp).Forthebinarycase,sincethedirectparentnodeα(ApA,BpB)pofApA
andBpBisofprimarytypeα,thispreservesthesequentialityoftheactivewindows.Fortheunary
case,thesequentialityispreservedanyway.Furthermore,ifthewindowwdenotingα(ApA,BpB)p
(resp.¬(Ap)pwasinasequentΓ,w,Δ,thenthesubwindowsw1,w2forApAandBpB(respectively
thesubwindowwforAp)occurinthesequentΓ,w1,w2,Δ(respectivelyinΓ,w,Δ).
Definition10.2.10(SKα-DecompositionRule)LetWPSbeawindowproofstatewithsequential
activewindows,andwanα-typewindowthatoccursinasequentΓ,w,Δ.TheSKα-decomposition
ruleconsistsofopeningsubwindowsforthedirectchildrenofw.
Lemma10.2.11(AccuracyofDefinition10.2.10)TheSKα-decompositionruleyieldsawin-
dowproofstate,thatalsohassequentialactivewindowsandcontainsinsteadofthesequent
Γ,α(ApA,BpB)p,Δ(respectivelyΓ,α(ApA)p,Δ)thesequentΓ,ApA,BpB,Δ(respectivelyΓ,ApA,Δ).
Proof.Directlyfromthedefinitionandthesequentialityoftheactivewindowsofthewindowproof
statebeforeruleapplication.

10.2.SEQUENTSANDSEQUENTSTYLEINFERENCERULES
R

βno

159

Γβ(ApA,BpB)pΔ
Figureforming10.2:thesequentSituationhasnobeforeβ-typeβnode.-decomposition:thesmallestsubtreeRthatcontainsallwindows

10.2.5SKStyleβ-DecompositionRule
Thesequentcalculusruleforβ-decompositionis
ppΓ,AΓ,Aβ,(ΔApA,BpBΓ),pB,ΔB,Δβ-Decompose
Again,inoursettingβ(ApA,BpB)pispthecontentpofanactivewindow.However,simplyopening
subwindowsonthetwochildsubtreesAAandBBlikeintheα-decompositioncasewouldresultin
awindowproofstatewheretheactivewindowsarenotsequential.ThesituationisviewedinFig-
ure10.2:thesequentialitypppropertypensuresthatthereisasmallestsubtreeRcontainingthewindows
oftheβthe-typesequentnodeβwith(ApβA(,ABpAB,)Bp,B)whichandthatviolatesthecontainsnosequentialityβ-typenode.condition.AfterInorderfocusingtoitwremedyouldthatcontainsitu-
ationtheβ-connectivemustbemovedaboveR,whichhisachievedbyapplyingthewindowSch¨utte
β-decompositionrule.ThisruletransformsthesubtreeRinto
Rβ

βnoβno

ΓApAΔΓBpBΔ
Notethattherulealso“copies”allthewindowsintheappropriatemannerinordertoobtainthe
twonewsequentsΓ,ApA,ΔandΓ,BpB,Δ.
Definition10.2.12(SKβ-DecompositionRule)LetWPSbeawindowproofstatewithsequential
activewindows,β(ApA,BpB)paβ-typeactivewindowthatoccursinsomesequentΓ,β(ApA,BpB)p,Δ
andRthesmallestsubtreethatcontainsallwindowsofthatsequent.TheSKβ-decompositionrule
consistsofapplyingthewindowSch¨utteβ-decompositionruletothatwindowwithrespecttoR.It
resultsinanewwindowproofstatethatcontainsthesequentsΓ,ApA,ΔandΓ,BpB,Δinsteadofthe
sequentΓ,β(ApA,BpB)p,Δ.

160

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

Lemma10.2.13(AccuracyofDefinition10.2.12)TheSKβ-decompositionruleresultsinaproof
state,thatalsohastheppsequentialityppropertyandcontainsthesequentsΓ,ApA,ΔandΓ,BpB,Δinstead
ofthesequentΓ,β(AA,BB),Δ.
Proof.Directlyfromthesequentialityoftheoriginalproofstateandthedefinitionofthewindow
Sch¨utteβ-decompositionrule.

10.2.6SKStyleν-andπ-DecompositionRules
Thesequentcalculusν-andπ-decompositionrulesare
Γ,ApΔΓ,Ap,Δ
Γ,ν(Ap)p,Δν-DecompositionandΓ,π(Ap)p,Δπ-Decomposition
whereΓ:={νA|νA∈Γ}andΔ:={νA|νA∈Δ}.Inoursetting,bothrulesarerealisedsimply
byopeningasubwindowfortherespectivesubtreeAp.However,fortheπ-rule,insteadofobtaining
thesequentΓ,Ap,ΔweobtainthesequentΓ,Ap,Δ,likeintheνcase.Althoughthismayappear
strange,itisperfectlysound,sincetheapplicabilityoftheaxiomrulecheckstheprefixesofthe
formulas,andthoseformulasthatshouldhavebeenremovedbytheπ-rulearesimplynotapplicable.
Furthermore,mimickingtheπ-ruleinthatwayoffersmoreflexibilityduringproofsearch,whichis
illustratedbythefollowingexample:assumewearegiventhefollowingmodalsequent(A∧B)
(A).Theapplicationofthestandardπ-decompositionruleon(A)wouldleaveuswiththenon-
provablesequent(A),whichisduetothepurelysyntacticaldeterminationofΓandΔ.Inorder
toavoidthat,weshouldhavefirstappliedtheα-decompositionruletoobtainA,B(A),and
onlythenapplytheπ-decompositionruletoobtainthe“right”sequentA,BA.Thisnecessary
detourisavoidedbythewaywerealisedtheπ-decompositionrule,sincetheπ-decompositionon
(A∧B)(A)resultsin(A∧B)A,whichistheprovablesequent.
Definition10.2.14(SKν-andπ-DecompositionRules)TheSKπ-andν-decompositionrulescon-
sistofopeningasubwindowonthesubtreeoftheactiveπ-type(respectivelyν-type)window.

InstantiationStyleSK10.2.7TheCOREinstantiationruleappliesanadmissible(combined)substitution(σQ,σM)onthewhole
FVIF-treeanddoesnotaffectthestructureofthewindowtree,sincetherearenowindowsbelowthe
literallevel.Thus,β-typenodescanonlybecreatedbyinstantiatinghigher-ordersetvariables,which
areallinsidetheactivewindows.Thisensuresthatnoβ-nodesareinsertedabovetheactivewindows.
ThemodalpartσMofasubstitutionisappliedontheindexedformulatreeandaffectstheprefixes.
TheobjectvariablesubstitutionσQisbothappliedontheindexedformulatreeandtheFVIF-tree,
andtherebyinstantiatesthecontentofthewindows.Thus,thesequentialitypropertyoftheactive
windowsispreservedduringinstantiationandallsequentsareinstantiatedinparallelandthenew
windowproofstatecontainsthesequentsσQ(Γ),whereΓwasasequentintheoriginalwindowproof
state.

Definition(combined)10.2.15substitution(SK(σQ,σMInstantiation))ontheThewindoSKwproofInstantiationstate.ruleconsistsintheapplicationofa

10.2.SEQUENTSANDSEQUENTSTYLEINFERENCERULES

161

10.2.8SKStyleIncreaseofMultiplicities
Multiplicitiesareincreasedinordertopreserveuninstantiatedformulas.Fromastandardsequent
calculusperspectiveitcorrespondstoanaposterioriinsertionintheactualsequentcalculusderivation
ofaγ-quantifiereliminationruleandsubsequentapplicationoftheanalogoussequentdecomposition
rules.Theaposterioriγ-quantoreliminationcorrespondstotheCOREruletoincreasemultiplicities,
andmorespecificallytothechangeintheindexedformulatreeQofaproofstate[Q,σL(R,f)].
TheeffectsofthatruleontheFVIF-treeRtogetherwiththecopyingofrespectivewindowsfromf
reflectstheaposterioriintroductionofthesequentdecompositiononthatnewcopy,analogouslyto
theotherformulasresultingfromthatsamemainγ-typeformula.
Fromastandardsequentcalculusperspectivethisisnottheapplicationofasequentcalculusrule,
butratheraprooftransformationrule.However,theavailabilityofthatkindofrulealsoincreases
theamenitiesofthesequentstylecalculusforinteractivetheoremproving:neitherthenumberof
γ-decompositionrulesmustbeguessedbythetimethatquantoriseliminated,normustaquantified
formulabecopiedbeforeinstantiation,butthemultiplicitiescanbeajustedbytheneedsarisingduring
search.prooffurtherExample10.2.16Weillustratethebenefitofthedynamicincreaseofmultiplicitieswiththefollow-
ingexample:considertwoaxiomsaboutaddition(+)overthenaturalnumbers:
∀n,mNats(n)+m=s(n+m)(10.1)
∀n,mNatn+s(m)=s(n+m)(10.2)
wheresdenotesthesuccessorfunctiononnaturalnumber.Thesequentstylerepresentationforthese
isaxiomsotws(N1)+M1=s(N1+M1),N2+s(M2)=s(N2+M2)
wheretheNiandMiarethemeta-variablesintroducedfortherespectiveboundvariables.From(10.2)
inthesequentweobtainthereplacementruleN2+s(M2)→s(N2+M2),whichcanbeappliedby
unification(substitutionis{N1/N2,s(M2)/M1})toN1+M1toobtain:
s(N1)+s(M2)=s(s(N1+M2)),N1+s(M2)=s(N1+M2)
Themeta-variablesintheresultingequations(N1)+s(M2)=s(s(N1+M2))arethoseofs(N1)+M1=
s(N1+M1)andN2+s(M2)=s(N2+M2).Theincreaseofmultiplicitiesofthebindingnodesof
thesemeta-variablesallowsustogeneratearbitrarymanycopiesofthederivedequation.Inorderto
havethesameconvenienceinastandardsequentcalculuswewouldhavetointroducetheformula
∀n,mNats(n)+s(m)=s(s(n+m))asalemmabycut.Thisrequireseithertoanticipatetheresult
oftheequationapplicationtogeneratethelemma,orifwedeviseaderivedformulatobeusedlike
alemma,thenwehavetotransformtheproofbyintroducingitasalemmaattheappropriateplace
inordertoavoidtohavetoreproveitagain.Theincreaseofmultiplicitiesovercomestheseproblems
andallowsustosimplycontinuetheproofwithanyderivedformula.
Thesequentialitypropertyoftheactivewindowsispreservedduringtheincreaseofmultiplicities.
Toseethis,considerthestructureoftheFVIF-treeviewedinFigure10.1onpage156.Thisstructure
isenforcedbythesequentialitypropertyoftheactivewindows.Theincreaseofmultiplicitiescopies
independentsubtreesofthewholesubtree,wherethecopyingalsorenamesthereferencesintothe
indexedformulatreeappropriately.Ifasubtreerootedintheupperpartiscopied,thesequentiality
ispreserved,butadditionalsequentsarisefromit.Ifasubtreerootedinsomeofthelowerpartsis
copied,forinstanceintheβ-subtreecontainingthesequentΓ2,thenthesequentialityisalsopreserved
andnewwindowsareaddedtothesequentΓ2.

162

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

10.2.9SKStyleLeibniz’EqualityIntroduction
TheLeibniz’Equalityintroductionruleinsequentcalculusissimplytheexpansionofthedefinition
ofequality.Thus,thesequentcalculusrulesforitare

Γ,(∀PP(A)⇒P(B)),ΔLeibniz’EqualityΓ,(∀PP(A)⇒P(B))+,ΔLeibniz’Equality
Γ,ε(A,B),ΔandΓ,ζ(A,B),Δ
TherespectiveCOREreasoningruleα-insertsthenewsubtreeforP(A)⇒P(B)onthesub-
treeζε(A,B).Ifanactivewindowisonζε(A,B),thenthewindowversionoftheCOREruleintroduces
anewactivewindowforthenewsubtree.Thisobviouslypreservesthesequentialityoftheactivewin-
dows,andthenewsequentobtainedfromΓ,ζε(A,B)p,ΔisthenΓ,ζε(A,B)p,(P(A)⇒P(B))p,Δ.
10.2.10SKStyleExtensionalityIntroduction
TheextensionalityruleinCOREcorrespondstotheξ-rule2.Thesequentcalculusrulesfortheξ-rule
are:

Γ,ε(λxG,λxH),ΔΓ,ζ(λxG,λxH),Δ
Γ,γxε(G,H),ΔExt.IntroductionandΓ,δxζ(G,H),ΔExt.Introduction
AnalogouslytotheLeibniz’equalityintroductionrule,theCOREextensionalityintroductionrule
α-insertsthesubtreeforζε(λxG,λxH)pontheoriginalequalityζε(λxG,λxH).Notethatthe
FVIF-treedoesnotcontainthequantifiers.Thissyntacticrequirementinthesequentcalculusissub-
sumedbythelocalitypropertyofthevariablex,whichischeckedontheindexedformulatreeandis
moreflexiblesinceitdoesnotrequirethequantifiertobeimmediatelyinfrontofζε(G,H).Again,
ifanactivewindowisonζε(G,H),thenanewwindowisintroducedforζε(λxG,λxH)andthe
sequentialitypropertyoftheactivewindowsispreserved.TheapplicationoftheCOREwindowexten-
sionalityintroductionruletransformsthesequentΓ,ζε(G,H),ΔintoΓ,ζε(G,H),ζε(λxG,λxH),Δ.

10.2.11SKStyleζ-ExpansionRule
Thesequentcalculusζ-expansionruleis
Γ,(A⇒B)+,ΔΓ,(B⇒A)+,Δ
Γ,ζ(A,B),Δζ-Expansion
Theζ-expansionruleforbooleansα-insertsonasubtreeoflabelζ(Ao,Bo)asubtreeforthesigned
formula((A⇒B)∧(B⇒B))+.Thewindowversionofthatruleaddsanewactivewindowfor
((A⇒B)∧(B⇒A))+,iftherewasanactivewindowonζ(Ao,Bo).Thus,theapplicationofthat
COREwindowζ-expansionrulepreservesthesequentialityoftheactivewindows.Itsapplicationon
thesequentΓ,ζ(Ao,Bo),Δresultsinthesequent
2Duetotheβηlongnormalformusedinthetermrepresentation,thisisequivalenttothef-rule,asshownin[Benzm¨uller
2002a].,alet

10.3.ANOTEONDEDUCTIONMODULO

163

Γ,ζ(Ao,Bo),((A⇒B)∧(B⇒A))+,Δ
Fromthatsequentwecanobtainthetwosequentsrequiredbytheabovesequentcalculusζ-
eSch¨uttexpansionβruleby-decompositionfirstweakruletoening((Athe⇒B)subtree∧(B⇒Acontaining))+.Asζ(A,balready)andshownsecondlythispreservapplyingesthethewindosequen-w
tialityoftheactivewindowsandresultsinthetwosequents
Γ,(A⇒B)+,ΔandΓ,(B⇒A)+,Δ
ruleCutStyleSK10.2.12ThesequentcalculusCutruleis
Γ,A+,ΔΓ,A,ΔSKCut
Δ,ΓwayInthatorderthetosequentialityimplementofthatactivrule,ewewindousewstheisCOpreservREed.windoTowthiscutendrule,wewhichapplythemustbewindowappliedcutinrulea
tothesubtreethatcontainsallactivewindowsformingthesequentΓ,Δ.Assumethatsubtreehasthe
labelϕp;thenthatsubtreeisreplacedbyasubtreeforβ(α(A+,ϕp),α(A,ϕp)).Sinceϕpcontainsno
ϕβp-typeiscopiednode,sofordobothα(Ane+w,ϕp)andoccurrencesα(A,ofϕϕp)p.andneFurthermore,wactivethewindowindowswforAstructureandinsideA+aretheinserted.original
Γ,Thus,A+,ΔtheandΓ,Asequentiality,Δ.oftheactivewindowsispreservedandwehaveobtainedthenewsequents
ThiscompletesthesequentcalculusstylereasoningbasedonCOREwindowcalculus.Except
forlustherule,asinstantiationshowninandFigurethe10.3.multiplicityTheincreasinginstantiationrulesandalltherulesmultiplicitycanbewrittenincreasingasrulessequentarecalcu-proof
IntransformationanycasetherulesCOandREcannotreasoningberuleswrittenareasstillpureavsequentailableduringcalculussequentrules.stylereasoning.Especially
theapplicationofreplacementrulesinsidesequentsisnaturallysupported.Thisiscommentedin
moredetailinSection10.3.Finally,wehaverestrictedthewindowreasoningcapabilitiesofCORE
byweweakforbiddingenthistherestrictionopeningofweobtainsubwindothewswindobelowwtheinferenceliterallevel.capabilitiesHoweverdefined,itisinnota[Staples,surprise1995]thatforif
system.Isabellethe

10.3ANoteonDeductionModulo
Theoremprovingmodulo[Doweketal,1998,Dowek,2000]isatechniquetointegratededuction
withrespecttosomestandardcalculuslikeforexamplesequentcalculusandtermrewritingsystems.
Itextendsthecalculusrulesbyanequivalencerelationprovidedbyabackgroundtheorytocheck
theequalityofformulasandtermsduringtheapplicationofthecalculusrules.Takeasanexamplea
standardsequentcalculusβ-decompositionrulelike
ΓA,ΔΓB,Δ∧-R
Γ(A∧B),Δ

164

CHAPTER10.SEQUENTCALCULUSSTYLEINTERFACE

ProvedProved
Γ,A+,A,ΔAxiomΓ,ζ(s,s),ΔAxiom
Γ,pΔWeakeningΓ,Ap,pAp,ΔContraction
Γ,A,ΔΓ,A,Δ
Γ,ApA,ΔΓ,BpB,ΔΓ,ApA,BpB,Δ
Γ,β(ApA,BpB)p,Δβ-DecomposeΓ,α(ApA,BpB)p,Δα-binary-Decompose
Γ,Ap,ΔΓ,Ap,Δ
Γ,α(Ap)p,Δα-unary-DecomposeΓ,(νA)p,Δν-Decompose
Γ,ζε(A,B)p,(P(A)⇒P(B))p,Δ
Γ,Ap,ΔLeibniz
Γ,(πA)p,Δπ-DecomposeΓ,ζε(A,B)p,Δ
whereotherwisePisPaisneawnewfreevEigenariable,variable.ifpisnegative;
εεppΓ,ζ(A,B),ζ(λxA,λxB),ΔΓ,(A⇒B)+,ΔΓ,(B⇒A)+,Δ
ExtensionalityΓ,ζε(A,B)p,ΔΓ,ζ(A,B),Δζ-Expansion
ifxislocalforζε(A,B)p

Γ,A+,ΔΓ,A,ΔCut
Δ,Γ

Figure10.3:SequentcalculusstylereasoningrulessupportedbyCORE.

fromaAssumebackgroundfurtherthattheoryRT.denotesTheebooleanxtensionreofwritetherulesaboveandEcalculusatermrulerethatwritingtakessystem,theboththeoryTobtainedinto
thenisaccountΓREA,ΔΓREB,Δ∧-RifCRE(A∧B)
ΓREC,Δ
whereREistheequivalencerelationimplementedbytherewriterulesfromRandE.Theinte-
grationprincipletherebyreliesontheuseofstandardtermrewritingtechniquesforEandanextended
narrowingandresolutionprincipleforthebooleanrewriterulesinR.However,thewholeapproach
isrestrictedtounconditionalrewriterules,bothforEandR.Themainresultisthecompleteness
resultofdeductionmoduloexpressedby
ΓREA⇔T,ΓA
proach,Theaswesequentshallstyleseenocalculusw.TheonketopyofobservCOREationisisanthatethextensionsetofoftherulesEtheoremandRprovingobtainedmodulofromTap-

YSUMMAR10.4.

165

areasubsetoftheCOREreplacementrulesthatresultfromthetheoryT.Furthermore,thenotionof
replacementrulesisnotrestrictedtounconditionalrulesasintheoremprovingmodulo.Intheorem
provingmoduloonlybooleanrewriterulesoftheformAp→Bpresultingfromequivalenceand
refinementrelationsareconsidered,asforexampleinthesequentB⇒A,ΓΔ.Itisnotpossibleto
usetheruleA+→B+,C+inthesequentC⇒(B⇒A),ΓΔ.Furthermore,fortherewriterules
onterms,onlyunconditionalequationscanbeused,asforexampleins=t,ΓΔ.Thenotionof
replacementrulesprovidedbyCOREallowfurthertheuseofconditionalruleslikes→t,A+in
thesequentA⇒s=t,Γ.Finally,thetheoremprovingmoduloapproachprovidedbyCOREis
applicabletoalllogicsconsideredinCORE,namelythemodallogics,butalsotohigher-orderlogic
.xtensionalityewith

Summary10.4

Thesequentstylecalculusreliesonaβ-decompositionrulethatisageneralisationoftheβ-decom-
positiondefinedbySch¨uttein[Sch¨utte,1977]andthesequentialitypropertyofactivewindowsina
COREwindowproofstate.Thesequentsarelistsofactivewindowsthatareα-related,andthesequen-
tialitypropertyensurestheaccuracyofthesesequentdefinitions.Sequentialityispreservedbyusinga
versionoftheβ-decompositionrulefrom[Sch¨utte,1977],whichisadmissibleintheCOREcalculus.
TheinfrastructureunderlyingthesequentstylecalculusandprovidedbytheCOREcalculussupports,
fromasequentcalculusperspective,complexprooftransformationsteps(cf.Example10.2.16)that
dealwiththeaposterioriincreaseofmultiplicitiesofγ-andν-typeformulas.Asaresult,weobtain
asequentstylecalculusthatovercomesthewell-knownproblemswithfixingtheordertoeliminate
quantifiersduringproofconstructioninstandardformulationsofthiscalculus.Furtheroptimisations
thatresultfromtheunderlyingCOREframeworkarethesupportforwindowinferencereasoningstyle
from[Robinson&Staples,1993,Staples,1995]andabuilt-insupportoftheoremprovingmodulo
[Doweketal,1998,Dowek,2000]duetotheCOREreplacementruleapplicationrules.
Thestructureofasequentcalculusproofisrepresentedinsideasignedformulabyusingwindows
intheappropriatemanner.Thusitsupportsaproofsasformulasparadigmwheretheproofstatecan
alwaysbeviewedasasingleformulawhichrepresentsthesequentcalculusproofstructure.Further-
more,thewindowsusedtoimplementsequentscanbeclosedatanystageofthederivationwiththe
effecttoinvertthesequentdecompositionrules,withoutactuallyhavingtoexplicitlyreconstructthe
formulas.

11Chapter

SampleProofsinCORE

InthischapterwepresentnowsomeexamplesofCOREproofsusingtheproofrepresentationfrom
Chapter8.Fromthehierarchicalproofdatastructurewecangenerateanelementarynaturallanguage
presentationofaproof.Thepresentationreliesontheideatogrouptogetherα-relatedwindowsto
formwindoonewsthecaseofadisjunctiproof,vegoals.wheretheThenegativreasoningewindoruleswsarearethethefocusingassumptionsrulesofthatandcasetheCandORtheEpositicalculusve
typerules.connectiTherebyvesfocusingintroducesbelonewwaβ-typeassumptionsconnectiorvealternativintroducesegoals.newThecases,basicwhilelanguagefocusingconstructsbelowforα-
are:languagepresentationproofthe--“Case”todescribethecaseofacaseanalysis;
--“Assume”tolisttheassumptionsofasinglecase;
--“byrule”todescribetheapplicationofaCOREcalculusrule.
thatUsingalthoughthesetheconstructslanguageisallonotwsusformallytopresentdefined,theitesamplextendstheproofsinlanguageanaturalintroducedlanguagein[Abelstyle.etNoteal,
2001]forfirst-orderlogicassertionlevelproofs.

11.1Higher-OrderLogicProofs
Inthissectionwepresenttheproofforthehigher-orderlogictheoremspo→o(ao∧bo)⇒p(b∧a),
and∀po→oλxp(p(p(x)))=λxp(x).Forthepresentationoftheproofs,especiallyfortheformulas
intheFVIF-trees,weagreetodenoteγ-typevariablesincapitalletter,asforexampleX,andδ-type
variablesbylowercaseletter,forexampley.

11.1.1Proofofpo→o(ao∧bo)⇒p(b∧a)
ExampleProof11.1.1ofpo→o(ao∧bo)⇒p(b∧a)
Wehavetoprovepo→o(ao∧bo)⇒p(b∧a).
Bycutoverthelemmaa∧b=b∧aweobtainthefollowingcases:
Case1:Wehavetoprovethedisjunctivegoals(1.1)a∧b=b∧aand(1.2)po→o(ao∧bo)⇒p(b∧a).
Byweakeningwithdiscardthegoal(1.2).
167

168

CHAPTER11.SAMPLEPROOFSINCORE

Byζ-expansionto(1.1)wereduceittothenewgoal

((a∧b)⇒(b∧a))∧((b∧a)⇒(a∧b))(11.1)
Inthatformulaweapplya→True+andb→True+totheleftoccurrenceofthesubfor-
mula(b∧a),andsimilarlyforthesecondoccurrenceofthesubformula(a∧b),toobtain
((a∧b)⇒(True∧True))∧((b∧a)⇒(True∧True))(11.2)
ThisgoalistriviallysimplifiedtothegoalTrue,whichcompletestheproofofthiscase.

Case2:Assumea∧b=b∧a,thegoalistoprovepo→o(ao∧bo)⇒p(b∧a).
Bytheassumptiona∧b=b∧athegoalisreducedtopo→o(ao∧bo)⇒p(a∧b).
Fromthelefthandsideoftheimplicationweobtainthereplacementrulep(a∧b)→True+
whoseapplicationontherighthandsideleavesuswithpo→o(ao∧bo)⇒True.
ThisgoalistriviallysimplifiedtoTrue,whichprovesthatcase.
ThedetailedversionofthatproofusingthehierarchicalproofdatastructurefromChapter8is
giveninAppendixB.1.

CORESequentCalculusProof.WenowpresentaproofofthattheoremintheCOREsequent
calculusstyleinterfacebymixingitwiththeunderlyingCOREcalculusrulesinsidethewindowsthat
formthesequents.Ontheinitialsequentp(a∧b)⇒p(b∧a)weperformacutovera∧b=b∧a,
whichresultsinthetwosequents:

a∧b=b∧a,p(a∧b)⇒p(b∧a)anda∧b=b∧ap(a∧b)⇒p(b∧a)
Thefirstsequentisprovedasfollows:
TrueAxiomSimplifyTrueAxiomSimplify
(a∧b)⇒(True∧True)Applya→True+,(a∧b)⇒(True∧True)Applya→True+,
(a∧b)⇒(b∧a)b→True+(b∧a)⇒(a∧b)b→True+
((a∧b)⇒(b∧a))∧((b∧a)⇒(a∧b))β-Decomposition
a∧b=b∧aζ-Expansion
a∧b=b∧a,p(a∧b)⇒p(b∧a)Weakening

Thesecondsequentisprovedasfollows:

a∧b=b∧aTrueAxiomSimplify
a∧b=b∧ap(a∧b)⇒True+
a∧b=b∧ap(a∧b)⇒p(a∧b)Applyp(a∧b)→True
a∧b=b∧ap(a∧b)⇒p(b∧a)Applya∧b→b∧a

PRLOGICHIGHER-ORDER11.1.OOFS

169

11.1.2Proofof∀po→o.λx.p(p(p(x)))=λx.p(x)
COREWindowProof.Fortheproofofthattheoremweusethefollowinglemmata,whichcanbe
Theeasilysecondproven.lemmaTheisfirstanisainstancesimpleofalemmabooleanewhichstatesxtensionalitythatifaproperty.formulaisnottrue,thenitisfalse.

(11.5)

∀xo¬(x=True)⇒x=False(11.3)
∀Q,Po→o(∀xoQ(x)⇒P(x))⇒λxQ(x)=λxP(x)(11.4)
Theproofofthetheorem∀po→o.λx.p(p(p(x)))=λx.p(x)isperformedbycaseanalysisover
x=True,andthevaluesofp(True)andp(False).
ExampleProof11.1.2∀po→o.λx.p(p(p(x)))=λx.p(x)
Bylemma(11.4)toλx.p(p(p(x)))=λx.p(x)weobtainthenewgoal
p(p(p(x)))=p(x)(11.5)
Bycutoverx=Trueweobtaintwocases:
Case1:Assumingx=Truewehavetoprovep(p(p(x)))=p(x).
Bytheassumptionx=True(i.e.thereplacementrulex→True)thegoalisreducedto
p(p(p(True)))=p(True).(11.6)
Bycutoverp(True)=Trueweobtaintwocases:
Case1.a:Assumingp(True)=Truewehavetoprovep(p(p(True)))=p(True).
ApplyingtheassumptionfourtimesreducesittothetriviallyprovablegoalTrue=True,
whichcompletestheproofofthiscase.
Case1.b:Assuming¬(p(True)=True)wehavetoprovethegoalp(p(p(True)))=p(True).
Bylemma(11.3)ontheassumptionweobtain
p(True)=False.(11.7)
Applying(11.7)(i.e.thereplacementrulep(True)→False)twicereducesthegoalto
p(p(False))=False.(11.8)
Bycutoverp(False)=Trueweobtaintwocases:
Case1.b.i:Assumingp(False)=True,wehavetoprovep(p(False))=False.
Bytheassumptionsp(False)=True,p(True)=FalsethisgoalisreducedtoFalse=
False,whichistriviallyprovableandthuscompletestheproofofthatcase.
Case1.b.ii:Assuming¬(p(False)=True),wehavetoprovep(p(False))=False.
Bylemma(11.3)ontheassumptionwecanderivep(False)=False.
Applyingp(False)=FalsetwicetothegoalleavesuswiththetrivialgoalFalse=
.alseFCase2:Assuming¬(x=True)wehavetoprovep(p(p(x)))=p(x).
Theproofofthatcaseissimilarthanforthefirstcaseusinglemma(11.3)andisconductedby
caseanalysisoverp(False)=Trueandp(True)=True.
ThedetailedversionofthatproofusingthehierarchicalproofdatastructurefromChapter8is
giveninAppendixB.2.

170

CHAPTER11.SAMPLEPROOFSINCORE

(11.9)(11.10)

CORESequentCalculusProof.TheproofforthesametheoremwiththeCOREsequentcal-
culusstyleinterfaceofCOREfromChapter10isperformedasfollows:ontheinitialsequent1
λx.p(p(p(x)))=λx.p(x)wefirstapplythelemma(11.4)toobtainthesequent
p(p(p(x)))=p(x)
Bycutoverx=Trueweobtainthetwosequents
x=Truep(p(p(x)))=p(x)(11.9)
x=True,p(p(p(x)))=p(x)(11.10)
Weonlyshowtheprooffor(11.9);theprooffor(11.10)isanalogous.
On(11.9)weproceedbycaseanalysisoverp(True)=True,whichresultsin
x=True,p(True)=Truep(p(p(x)))=p(x)(11.11)
x=Truep(True)=True,p(p(p(x)))=p(x)(11.12)
To(11.11)weapplytherewritingreplacementsrulesobtainedfromtheformulasintheantecedentof
thesequenttoreducethatsequenttox=True,p(True)=TrueTrue,whichistriviallyprovableby
rule.axiomtheTo(11.12)weapplytheresolutionreplacementrulefrom(11.3)atthepositiveformulap(True)=
Truetoobtain,after¬R-elimination,
x=True,p(True)=Falsep(p(p(x)))=p(x)
Afterfinalcaseanalysisoverp(False)=Truethisresultsinthetwosequents

x=True,p(True)=False,p(False)=Truep(p(p(x)))=p(x)(11.13)
x=True,p(True)=Falsep(False)=True,p(p(p(x)))=p(x)(11.14)
Thefirstsequentistriviallyprovablebyusingthereplacementrulesthatresultfromtheformulasin
theantecedentofthesequent.Forthesecondsequentwefirsthavetoapplyagain(11.3)toobtain,
-elimination,afterR¬x=True,p(True)=False,p(False)=Falsep(p(p(x)))=p(x)
whichisalsotriviallyprovableusingthereplacementrulesfromtheantecedentformulas.

11.2IrrationalityofSquareRootof2
InthissectionwepresenttheCOREproofsfortheprominentfirst-orderlogictheoremaboutthe
irrationalityofthesquarerootof2.Theaxiomsandlemmasweassumeforthatproofare:
denote1Note(partsthatof)thisthesequentFVIF-tree,doeswhilenotthecontainquantifiersthearequantifierformaintainedp,insincethethebackgroundsequentsbyaretheimplementedcorrespondingviaindewindoxedwsformulawhich
tree.

11.2.IRRATIONALITYOFSQUAREROOTOF2

∀x,y,z:ℜ(x>y∧y>z)⇒x>z
∀xs(x)>x
)0(tna∀x:ℜnat(x)⇒nat(s(x))
∀x:ℜnat(x)⇒nat(x2)
∀x:ℜnat(x)⇒x0
∀x:ℜnat(x)⇒¬(s(x)=0)
2=s(s(0))
∀r:ℜrat(r)⇔∃n,m:ℜnat(n)∧nat(m)∧mr=n∧
¬(∃d:ℜnat(d)∧cd(n,m,d))
∀n,m,p:ℜ(¬(n=0)∧mn=pn)⇒m=p
∀m,n:ℜ(mn2)=(mn)n
∀m,n:ℜ(m2n2)=(mn)2
∀m,m:ℜm=n⇒m2=n2

171

(11.15)(11.16)(11.17)(11.18)(11.19)(11.20)(11.21)(11.22)(11.23)(11.24)(11.25)(11.26)(11.27)

√∀n:ℜn0⇒n2=n(11.28)
∀n,m,d:ℜcd(n,m,d)⇔nat(n)∧nat(m)∧nat(d)∧∃q1,q2:ℜnat(q1)(11.29)
∧nat(q2)∧n=q1d∧m=q2d
∀x:ℜnat(x)⇒(even(x)⇔∃ynat(y)∧x=y2)(11.30)
∀x:ℜeven(x2)⇔even(x)(11.31)
Theconjectureisthen¬(rat(√2)).
ExampleProof11.2.1of¬(rat(√2))Toprove¬(rat(√2)),weassumerat(√2)andderiveacon-
adiction.trBy(11.23),thedefinitionofrat,wederivefromrat(√2)
√nat(N)∧nat(M)∧M2=N∧¬(nat(D)∧cd(N,M,D))(11.32)
whereN,M,andDareinstantiablevariables.
Byconsideringnat(D)∧cd(N,M√,D)weobtain:
Assumingnat(N),nat(M),M2=N,wehavetopr√ovenat(D)∧cd(N,M,D).
By(11.27),(11.26)and(11.28)weobtainfromM2=NthenewassumptionM22=N2and
theadditionalgoal20.Thatgoalisprovedbyusing(11.22),(11.15),and(11.16).
WeduplicatethenewassumptionM22=N2topreserveitforlater.
By(11.30)ononeofthemwederiveeven(N2)andobtainthenewgoalsnat(N2),nat(M2).These
goalsareprovedusingtheassumptionsnat(N),nat(M)andlemma(11.19).
By(11.31)and(11.30)toeven(n2)weobtainthenewassumptions
N=m2(11.33)
nat(m)(11.34)

172

CHAPTER11.SAMPLEPROOFSINCORE

wheremisanewparameter.
By(11.33)ontheassumptionM22=N2weobtainM22=(m2)2.
By(11.26),(11.25),and(11.24)weobtain(M2=m22)andtheadditionalgoal¬(2=0).This
goalisprovedby(11.22),(11.21),and(11.18).
By(11.30)to(M2=m22)weobtaineven(M2)andtheside-goalsnat(M2)andnat(m2),which
areeasilyprovenby(11.19)andtheassumptionsnat(M)andnat(m).
By(11.31)and(11.30)weobtainthenewassumptions
M=m2(11.35)
nat(m)(11.36)

wheremisanewparameter.
By(11.29),thedefinitionofcd,togoalnat(D)∧cd(N,M,D)weobtain
nat(N)∧nat(M)∧nat(D)∧nat(Q1)∧nat(Q2)∧N=Q1D∧M=Q2D(11.37)
Byinstantiation{m/Q1,m/Q2,2/D}andbytheassumptions(11.33)and(11.35)thegoalisreduced
toTrue,whichcompletestheproof.
ThedetailedversionofthatproofusingthehierarchicalproofdatastructurefromChapter8is
giveninAppendixB.3.

CORESequentCalculusProof.AgainweusetheCOREsequentcalculusfromChapter10to-
getherwith√theunderlyingcontextualreasoning√capabilitiesprovidedbyCORE.Theinitialsequent
is¬(rat(2)),whichisreducedtorat(2)bythe¬R-rule.Theapplicationof(11.23)reduces
tosequentthat√nat(n),nat(m),m2=n,¬(nat(D)∧cd(n,m,D))
Furtherapplicationofthe¬R-ruleandapplicationof(11.27)and(11.26)resultsin
√nat(n),nat(m),m222=n2nat(D)∧cd(n,m,D)
Theapplicationof(11.28)resultsin
nat(n),nat(m),(20⇒m22=n2)nat(D)∧cd(n,m,D)
whichafter⇒L-eliminationreducestothetwosubgoals
1.nat(n),nat(m),m22=n2nat(D)∧cd(n,m,D),and
2.nat(n),nat(m),20,nat(D)∧cd(n,m,D).
Thesecondsubgoalcanbeeasily2proved2by(11.22),(11.20),(11.18),and(11.17).Thefirst
sequentisreducedbycontractionofm2=nto
nat(n),nat(m),m22=n2,m22=n2nat(D)∧cd(n,m,D)
Byapplicationof(11.30)itisreducedto
nat(n),nat(m),nat(m2)⇒nat(n2)⇒even(n2),m22=n2nat(D)∧cd(n,m,D)
whichaftereliminationofallimplicationsisreducedtothethreesubgoals

11.2.IRRATIONALITYOFSQUAREROOTOF2

173

1.nat(n),nat(m),m22=n2nat(m2),nat(D)∧cd(n,m,D)
2.nat(n),nat(m),m22=n2nat(n2),nat(D)∧cd(n,m,D)
3.nat(n),nat(m),even(n2),m22=n2nat(D)∧cd(n,m,D)
Thefirsttwosubgoalsareeasilyprovablefromnat(m)andnat(m)by(11.19).Thethirdsubgoal
isreducedintotwosubgoalsasfollows:
na2t(n),2nat(m),n=m2,nat(n),nat(m),n=m2,
2m=mnat(D)∧cd(n,m,D)¬(2=0),nat(D)∧cd(n,m,D)
L⇒nat(n),nat(m),n=m2,¬(2=0)⇒m2=m22,nat(D)∧cd(n,m,D)
Apply(11.24)
nat(n),nat(m),n=m2,m22=(m22)2,nat(D)∧cd(n,m,D)
Apply(11.25)
nat(n),nat(m),n=m2,m22=m222,nat(D)∧cd(n,m,D)
Apply(11.26)
nat(n),nat(m),n=m2,m22=(m2)2nat(D)∧cd(n,m,D)
nat(n),nat(m),n=m2,m22=n2nat(D)∧cd(n,m,D)Apply(n=m2)
Apply(nat(n))+Simplify
nat(n),nat(m),nat(n)⇒n=m2,m22=n2nat(D)∧cd(n,m,D)
nat(n),nat(m),even(n),m22=n2nat(D)∧cd(n,m,D)Apply(11.30)
Apply(11.24)
nat(n),nat(m),even(n2),m22=n2nat(D)∧cd(n,m,D)

Again,thesecondsubgoalcanbeprovedby(11.22),(11.21),(11.18),and(11.17).Thefirst
subgoalisfurtherreducedbylemmaapplicationasfollows:
nat(n),nat(m),n=m2,nat(m2)⇒(nat(m2)⇒(nat(m)⇒m=m2))nat(D)∧cd(n,m,D)
Apply(11.30)
nat(n),nat(m),n=m2,nat(m2)⇒(nat(m2)⇒even(m))nat(D)∧cd(n,m,D)
Apply(11.31)
nat(n),nat(m),n=m2,nat(m2)⇒(nat(m2)⇒even(m2))nat(D)∧cd(n,m,D)
Apply(11.30)
nat(n),nat(m),n=m2,m2=m22nat(D)∧cd(n,m,D)

Theresultingsequentreducestofoursubgoalsbysuccessiveeliminationofallimplications:

1.nat(n),nat(m),
n=m2,m=m2nat(D)∧cd(n,m,D)
2.nat(n),nat(m),
n=m2,nat(m2),nat(D)∧cd(n,m,D)
3.nat(n),nat(m),
n=m2,nat(m2),nat(D)∧cd(n,m,D)
4.nat(n),nat(m),
n=m2,nat(m),nat(D)∧cd(n,m,D)
Again,thelastthreesubgoalsareeasilyprovableinafewstepsandweomitthedetailedpresen-
tationsofthosesubproofs.Thefirstsubgoalisfinallyprovedby

174

CHAPTER11.SAMPLEPROOFSINCORE

Axiomnat(n),nat(m),n=m2,m=m2True
nat(n),nat(m),n=m2,m=m2nat(2)∧nat(2)(11.22),2(11.18),(11.17)
xtApply-Contenat(n),nat(m),n=m2,m=m2
nat(2)∧nat(n)∧nat(m)∧nat(2)∧nat(m)
∧nat(m)∧n=m2∧m=m2
Inst(m/Q1,m/Q2,2/D)
nat(n),nat(m),n=m2,m=m2
nat(D)∧nat(n)∧nat(m)∧nat(D)∧nat(Q1)
∧nat(Q2)∧n=Q1D∧m=Q2D
Apply(11.29)
nat(n),nat(m),n=m2,m=m2nat(D)∧cd(n,m,D)
LogicsModalFirst-Order11.3Inthissectionwepresentaproofofatheoreminfirst-ordermodallogicS4.

11.3.1Proofof∃x.(ϕ(x)∨ψ(y))⇔∃x.(ϕ(x)∨ψ(y))
Thetheoremistakenfrom[Hughes&Cresswell,1996].Notethatψ(y)isusedtoindicatethatthe
variablexdoesnotoccurinthatsubformula,andyisanarbitraryconstant.Again,wefirstpresenta
high-levelCOREproofforthattheorembeforegivingtheCOREsequentcalculusproof.
ExampleProof11.3.1Wehavetoprove∃x(ϕ(x)∨ψ(y))⇔∃x(ϕ(x)∨ψ(y)).
Bytheζ-expansionruleitisreducedto
(ϕ(x)∨ψ(y))⇒(ϕ(X)∨ψ(y))(ϕ(x)∨ψ(y))⇒(ϕ(X)∨ψ(y))(11.38)
Weconsiderthetwosubformulasontherighthandsideoftheimplicationwhichresultsintwocases:
Case1:AssumingP(Pϕ(x)∨ψ(y))wehavetoprovec(cϕ(X)∨ψ(y)).
Bycombinedsubstitution[c/P,c/P,x/X]andsubsequentapplicationoftheassumption
c(cϕ(x)∨ψ(y))thegoalisreducedtothetriviallyprovableformulaTrue.
Case2:AssumingP(Pϕ(x)∨ψ(y))wehavetoprovec(cϕ(X)∨ψ(y)).
Bycombinedsubstitution[c/P,c/P,x/X]andsubsequentapplicationoftheassumption
c(cϕ(x)∨ψ(y))thegoalisreducedtothetriviallyprovableformulaTrue.
ThedetailedversionofthatproofusingthehierarchicalproofdatastructurefromChapter8is
giveninAppendixB.4.

COproof.REAgain,SequentforsequentCalculusPrcalculusoof.deriThevationsequentweusecalculustheCORproofEiscontextualanalogoustoreasoningtheCOREcapabilitieswindoonw
subformulasofsequents.Theinitialsequentis
∃x(ϕ(x)∨ψ(y))⇔∃x(ϕ(x)∨ψ(y))
Byapplicationoftheζ-expansionruleandsubsequentdecompositionoftheright-handsideconjunc-
tionweobtainthetwosubgoals:

11.3.FIRST-ORDERMODALLOGICS

1.P(Pϕ(x)∨ψ(y))⇒c(cϕ(X)∨ψ(y))
2.c(cϕ(x)∨ψ(y))⇒c(cϕ(x)∨ψ(y))
Thefirstsequentisthenprovedasfollows:

Axiomc(cϕ(x)∨ψ(y))TrueSimplify
c(cϕ(x)∨ψ(y))c(cTrue∨True)Applyψ(y)→True
c(cϕ(x)∨ψ(y))c(cTrue∨ψ(y))
c(cϕ(x)∨ψ(y))c(cϕ(x)∨ψ(y))InstApply{c/ϕP(,xc)/→P,Tx/rueX}
P(Pϕ(x)∨ψ(y))c(cϕ(X)∨ψ(y))
P(Pϕ(x)∨ψ(y))⇒c(cϕ(X)∨ψ(y))⇒R
Thesequentproofforthesecondsubgoalisanalogous.

175

Conclusion

artP

V

Chapter12

orkwRelated

ReasoningContextual12.1

Therepresentationofcontextandtheformalisationofcontextualreasoninghasplayedandstillplays
antheimportantproblemofroleconteinxthamulti-agentveemerged:systemstheandso-callednaturallanguagemetaphysicaldialogues.perspectiTwveomajorwhichperspecticonsidersvescon-on
tecontextsasxtsasbeingpartspartofofthethelocalstructurecognitiofvethestates,world,suchandastheanagent’so-calledscocognitivgnitiveestate.perspectiThevethatmetaphysicalconsidersap-
proacheslieinthemodel-theoretictraditionfromTarski[Tarski,1936]toKaplan[Kaplan,1978]and
trytoheterogenousmodelallcontecombinationxtswithinofadistribsameutedmodel,modelswhilefortheeachcognitilocalvecontext.approachesTheresearchattemptintotheformalisecognitivthee
modellingparadigmhasbeeninitiatedbyMcCarthy[McCarthy,1993]andhascoinedthenotionof
localmodelsemanticsandcalculifortheseso-calledmulti-contextsystems.Theyarebasedontwo
principles:logicalgeneralTheprincipleoflocalitywhichadvocatesthateverythingthatcanbeexpressedandinferredislocal
xt.conteatoTheprincipleofcompatibilitywhichadvocatesthattwocontextsmayberelatedinsuchawaythat
reasoninginacontextmayaffectreasoninginothercontexts.
proachesTheabonotionve.ofItiscontextratherusedaninimplicitthisthesismodellingisnotofanecontexplicitxtsthatmodellingreliesonofthecontextsuniformasinthenotation.ap-
bothFurthermore,perspectives.comparedThetonotionthetwofocontextapproaches,fortheFVIF-treesnotionoffollowscontethextprovidedmetaphysicalbyCOREapproachisasincehybridtheof
contextsareinferredfromthestructure,andespeciallytheuniformnotationandpolaritiescontained
intheFVIF-trees.However,thewindowstructuresthatareaddedontotheFVIF-treesareinthetra-
ditionofthecognitiveperspective.Thewindowsarebasedontheprincipleoflocalitybysupporting
theuseofcontextualinformationwithinawindow.Thelogicalcontextofawindowisconditioned
intoreplacementrulesbyexploitingtheglobalormetaphysicalcontextscontainedinFVIF-trees.Fur-
respectthermore,totheonewindoprinciplewafoffectthecompatibilitycontextisofobservotheredwindobythews,windonamelywthosestructure,thatsinceareαderiv-related.ationsThus,with
necessaryreasoningtoinonetransferconteknoxtmaywledgeaffectfromtheonecontereasoningxttoinotheranother,contesincexts.thisHoiswever,implicitlynoeachiexplicitvedrulesbyarethe
representation.background(metaphysical)

179

180

CHAPTER12.RELATEDWORK

12.1.1WindowInferenceReasoning
Windowinferencehasbeenproposedin[Robinson&Staples,1993]asaformalisationofahierar-
chicalstructureofpracticalmathematicalreasoning.Itsupportsthetemporaryfocusingonarbitrary
plicitlysubstructuresconstructofatheformulalogicalbycontethextofdefinitiontheofsubstructures.decompositionItresultsandinarecompositionhierarchyofrules,whichsubproblemsalsoethatx-
co-existatasinglestageoftheproof.Windowinference[Robinson&Staples,1993]alsoallowsthe
useofcontextwithinawindowandfollowsstrictlythecognitiveapproach.Althoughwindowinfer-
encerulestofocusonformulasinthecontextofagivenwindowhavebeendefinedin[Grundy,1992],
thewindocontews.xtofaFurthermore,windowitisdoesessentiallynotprostaticvideaandisuniformnotdirectlyconditioningaffectedofbytheinformationtransformationsofcontainedα-relatedina
logicalcontextasthisisdoneinCOREbythenotionofreplacementrule.Eachtransformationofthe
contentofanactivewindowresultsinalocallemmathatneedstobetackledafterwards,whilethe
theuniformrespectivnotioneofwindowreplacementtransformationruleandprooftheirstepsinapplicationCOREin.COREdirectlyensuresthesoundnessof

ReasoningchicalHierar12.2Hierarchiesplayanimportantroleinanykindofreasoning.Thereforedifferenttechniquestosupport
hierarchicalreasoningareintegratedinCORE:hierarchiesoccurinthestructureofsubgoalswhich
areaddressedbythewindowinferencecapabilities.Derivationalhierarchiesduringproofconstruction
areaddressedinthedesignofthehierarchicalproofdatastructurethatallowstheexplicitrepresen-
tationoftheabbreviationofpartialproofsandtheexpansionofspeculative,highlevelproofsteps.
Finally,hierarchiesintroducedbychangingtheproblemrepresentationarealsotakenintoaccountby
supportingtheexplicitrepresentationofthearisingabstractionandrefinementrelationshipsbetween
proofswithrespecttodifferentrepresentations.Relatedworkwithrespecttothethreekindsofhier-
archiesarediscussedinthefollowingthreesections.Theproofdatastructurethatplaysanimportant
roleintherepresentationofhierarchiesisanextensionoftheproofdatastructurein[Cheikhrouhou
&Sorge,2000].ThedifferencesarediscussedinSection12.2.4.

12.2.1HierarchiesofSubproblems
Windowinference[Robinson&Staples,1993]advocatesthepracticaladvantageofhavingahierarchy
ofsubproblemswithoutactuallyhavingtodecomposetheoriginalformula.Thus,byrevokingthe
windowhierarchytheoriginalformoftheproblemispreservedwhichissuitableforuserinteraction.
ThewindowinferencemechanismsinCOREexhibitthesamefeaturesasitisinspiredbywindow
inferencingfrom[Robinson&Staples,1993].However,whilethehierarchyispreservedbythe
windowreasoningrulesfrom[Robinson&Staples,1993],thevariousreasoningrulesinCOREcan
changethehierarchicalstructureofthewindows.Thisallowsforamoreflexiblereasoningstyleand
wehavedefinedthesechangesinauniformmanneranddesignedtheeffectssuchthattheyadequately
supportanintuitivereasoningstyle.

12.2.2DerivationalHierarchies
Derivationalhierarchiesareanimportantinformationforthecommunicationofintentionsabout
canproofs.beTherefinedyorcomeeinxpandedtwointokinds,partialthatcanproofsalsoforbethatmixedabstractatdifproofferentstep,levandels:partialabstractproofsproofcanstepsbe

REASONINGHIERARCHICAL12.2.

181

abbreviatedbymacro-inferencestepsthat(intuitively)describethepurposeoftheproofpart.Thefirst
bykindusingofabstractionmethods,andthecorrespondsrefinementtotheofprooftheplanningabstractproofapproachstepthatisachiespeculatesvedbyonexecutingintermediatethegoalstactic
thattructureiswrapped[Cheikhrouhouinsidethe&Sormethod.ge,2000]ThisimplementedsubsumestheintheΩcapabilitiesMEGAof-prooftheplannerhierarchical[Siekmannproofetdatas-al,
tactic2002a].T,Theintoasecondkindmacro-inferenceofabstractionstepannotatedcorrespondsbythetonameabstractingofaatacticpartialandderipossiblyvation,somebuiltbyactualsomepa-
atrameters.leastitisThisnotkindpossibleoftoabstractiondistinguishofproofthepartsabstractionisnotpossiblerelationshipsinfrom[Cheikhrouhoutherefinement&Sorge,relationships2000],or
inhierarchical[Cheikhrouhouproof&Sordatastructurege,2000].definedBothforCkindsORofE.deriItvationalespeciallyabstractionsaccommodatescanbetheexplicitrepresentedinrepresen-the
oftationabstractoftheproofdirectionsstepsinandthebottom-upconstructionforoftheabbreabstractionviationofrelationships,partiali.e.proofsbytop-downmacrofortheinferencerefinementsteps.
susvTherebyertical,itallowsrefinementthecaterelationshipsgorisationofintroducedtheseearlierrelationships,asintoinformalverticalcategoriesabstractionofproofstepsrelationships,thatvserver-e
thecommunicationofinformationabouttheproofandproofintentions.

chiesHieraresentationalRepr12.2.3Representationistypicallydomainspecificanditisoftenchangedinordertosimplifyagivenprob-
lembymappingitintoadifferentrepresentation.Afterthemapping,aproofisconstructedwith
respecttothenewrepresentationwhichcanbeusedasaplantoperformtheactualproofwithre-
specttotheoriginalrepresentationoftheproblem.ThehierarchicalproofdatastructureinCORE
supportstheexplicitrepresentationofthenecessaryabstractionandrefinementstepsthatoccurin
theoremprovingbyrepresentationalabstraction.Furthermore,theformalnotionofaproofaccom-
modatestheserelationships.Themostsimilarworkinthisrespecthasbeenconductedinthecontext
oftheABSFOLsystem[Giunchiglia&Villafiorita,1996].Itsupportsthedeclarativespecificationof
representationalabstractionsbysetsofrewriterules,usingthemforabstractionbasedtheoremprov-
ingandforrefiningtheproofsketchthatresultsfromtheabstractproof.Withtheexceptionofthe
specificationofabstractions,thewholescenarioissupportedbyCORE.Thespecificationlanguage
forabstractionsinABSFOLreliesonrewriterules.Thisresultsinthatonlyacertainclassofab-
stractionscanbedescribed[Plaisted,1981].Itisinsufficienttosupportthedefinitionof,forinstance,
abstractionsthattaketheproblemintoaccount,i.e.goal-dependentabstractionssuchas[Autexier&
Hutter,1997,Autexier,1997],orthoseusedininductivetheoremprovingthatrelyonmoresubtle
informationannotatedtosymboloccurrences[Hutter,2000a].Forthesereasonswehaverefrained
fromfixingaspecificspecificationlanguageforabstractionfunctions.

12.2.4ProofDatastructureinΩMEGA
Thehierarchicalproofdatastructureisanadaptationandextensionoftheproofdatastructureused
intheΩMEGAproof-planner.Althoughwehavealreadymentionedsomedifferencesbetweenthese
proofdatastructuresinprevioussections,werecapitulateallthedifferencesinthissectionforthesake
completeness.of

ProofNodes.TheΩMEGAproof-plannerisbasedonanaturaldeductioncalculusforclassical
higher-orderlogic.Thus,theproofnodesareessentiallynaturaldeductionsequentswhileinCORE
theyconsistofawindowproofstateandoneactivewindowwithrespecttothatproofstate.ΩMEGA

182

CHAPTER12.RELATEDWORK

isproofessentiallynodesarethesamejustifiedforbyCaOREsequenceproofofnodes,justifications,thoughthewhichnotionareofannotatedinferencebyruledifinferencefers.Eachrules.proofThis
thenodemayjustifications.haveaHosequencewever,ofintheΩjustifications,MEGAproofandthenotiondatastructureofproofonlythegraphshierarchyinducesofaproofhierarchystepsisamongvis-
byible,abbrewhileviatingitisanotportionpossibleofatoproofdistinguishgeneratedwhetherbyasomehierarchytacticwithhasthebeennamebuildofthebottom-up,tactic,orfortop-doinstancewn,
asforinstancetherefinementofaspeculativeproof-planningstep.Asthisisaninterestinginforma-
tiondesignedabouttotheproofdistinguishandalsobetweenservesabbreforviationbacktrackingandexpansionpurposes,thehierarchies.COREFprooforthisdatastructurepurposethehasCORbeenE
theproofhierarchy:nodethejustificationsfirstsetareindicatessplitintowhichtwosequencesjustificationofhasbeenjustificationsabbrethatviatedbyrepresentanotherthe,anddirectionsthesec-in
ondsetindicateswhichjustificationhasbeenexpandedintoanother.Thisexplicitlydistinguishes
bottom-uphierarchiesfromtop-downhierarchies.
Inadditiontothejustifications,theCOREproofnodesmayalsocontainrepresentationalabstrac-
tionsrelationshipsanddorefinementsnotexistthatinlinktheaproofprooftoproofdatastructurenodesofthewithΩMrespectEGAtoadifproof-plannerferent.representation.These

InferenceRules.TheinferencerulesinΩMEGAconsistofthebasicnaturaldeductioninference
rulesandthenamesofproofplanningmethodstogetherwithactualparameters.InCOREwedis-
tinguishbetweenformalandinformalinferencerules.FormalinferencerulesaretheCOREwindow
reasoningrulesandtheycorrespondtothenaturaldeductioncalculusrulesinΩMEGA.Theinformal
inferencerulesencompassthenamesofproofplanningmethods,butalsothenamesoftacticsand
descriptions.arbitrary

Justifications.Justificationsinbothsystemsareannotatedwithinferencerules,althoughtheno-
tionsofinferencerulediffer.Furthermore,COREjustificationsallowtheassignmentofso-called
methodologicalrolestothesubgoalsofajustification.Theycanbeusedtoexplicitlyrepresentinfor-
mationaboutthemethodologicalroleasubgoalplaysforaparticularjustification,suchasforinstance
thatitisamajorsubgoaloronlyacondition,whichcanbeusedforbothproofsearchstrategiesand
proofpresentation.ThisdoesnotexistinΩMEGAjustifications.

RulesReplacement12.3ThereplacementrulesplayamajorroleinthereasoningstyleprovidedbytheCOREwindowrea-
soningcalculus.Thereareseveralconceptsrelatedtothenotionofreplacementruleswhichwenow
detail.moreindiscuss

12.3.1ModifiersinINKA
InapreviousversionoftheinductivetheoremproverINKA[Hutter&Sengler,1996]alargesetof
tacticsreliedonthenotionofmodifiers.ThatversionoftheINKAtheoremproverisbasedona
resolutionandparamodulationcalculusforclassicalfirst-orderlogicandusedaspecificnormalform
ofclauses.paramodulationModifiersrulesandwereasaintroducedspecificationbothofastheanabstractoperationalconceptbehathatviouroftheencompassesapplicationresolutionoftheseand
andrules.vThecouldybecananbeytermthoughtorofliteralasandconditionaltheϕirearewritetherulesconditionsoftheofformthat[ϕrule.1,...,Theϕn]u→vdetermination,whereofu

ULESRCEMENTREPLA12.3.

183

theseruleswasbasedonthesyntaxoftheformulasandtheirapplicationwasbasedonresolutionand
paramodulation.WithrespecttotheINKAconceptofamodifierthereplacementrulesareageneralisationby
removingthemethodologicalroleattributedtotheformulasoccurringasconditionsinthemodifiers
andconsideralltheseformulasasnormalsubgoalslikev.Thusweseparatedthemethodological
rolesofformulasfromthepurelogicalroleoftheseformulas,liftingthemethodologicalroleof
theseformulastotheproofdatastructure.Additionally,thebinarycategoryofrolesinINKA,i.e.
“condition”and“subgoal”,hasbeengeneralisedtosupportanykindofmethodologicalcategorisation.
Finally,whilemodifiersarerestrictedtoliteralsandequations,replacementrulesaredefinedfor
arbitraryformulas.ThiswaspossibleduetotheuseofpolaritiesanduniformnotationinFVIF-trees.
Theuseoftheuniformnotationwasalsothebasisforthedefinitionofuniformnotionsofcontexts
andreplacementrules,whichenabledthecarryingoverofthatnotiontofurtherlogics.

12.3.2AssertionLevelforProofPresentation
Theassertionlevelhasbeenintroducedin[Huang,1996]asanabstractionfromthepurenatural
deductioncalculus.Itreliesonthenotionofassertionlevelproofsteps,whereanassertionsubsumes
axioms,definitions,lemmas,andtheorems.Anassertionlevelproofstepconsistsoftheapplication
ofanassertioninsomespecificproofsituation.Replacementrulesareageneralisationofthenotion
ofanassertionlevelproofstep,andespeciallyprovideaconciseformalisationforthis,solvingthe
problemthat“introspectionseemsimpossibletorevealtheinternalstructureoftheinterpreterapplying
1996].[Huang,assertions”Theassertionlevelisthebasisforthegenerationofproofdescriptionsinnaturallanguage.The
netbenefitofreplacementrulesisthattheysupporttheconstructionofaproofdirectlyonthelevel
ofassertions,whichovercomestheneedtobuildanassertionlevelproofbyabstractionofastandard
calculusproof,likenaturaldeduction.

Rewriting-OrderHigher12.3.3Higher-Orderrewriting[Nipkow,1991,Wolfram,1993,Prehofer,1994,Baader&Nipkow,1998]has
beendefinedforpureunconditionalequationaltheoriesusingaprimitivenotionofequalitywhilethe
techniqueforrewritingusedinthisthesisreliesonLeibniz’definitionofequalityandextensionality.
Furthermore,itisdesignedforconditionalrewritinginarbitrarytheories.Itisanextensionofthe
higher-orderrewritingtechnique,thoughtheaspectsofterm-orderingsandcompletionisoutsidethe
scopeofthisthesis.Notethattheextensionalityintroductionrequiredtosupporthigher-orderrewrit-
inginthisthesisisimplicitinthehigher-orderrewritingtechniquesfrom[Nipkow,1991,Wolfram,
1993,Prehofer,1994,Baader&Nipkow,1998]sinceextensionalityintroductionisalwayspossiblein
theories.equationalunconditional

ModuloDeduction12.3.4Theoremprovingmodulo[Doweketal,1998,Dowek,2000]isatechniquetointegratedeductionwith
respecttosomestandardcalculus,suchas,forexample,sequentornaturaldeductioncalculiandterm
rewritingsystems.TheapplicationofreplacementrulesisattheheartoftheCOREprooftheoryand
thusincludestheframeconditionalworkisreanwritingadequateaswellbasisasforlogicaldeductionrefinementmodulo.offormulasSincetothelistsnotionofofsubgoalsreplacementitisastrictrule
extensionofthedeductionmoduloapproach.

184

CHAPTER12.RELATEDWORK

12.3.5FocusingProofConstruction
Andreoli[Andreoli,1992]introducedthenotionoffocusingproofsforlinearlogic,inordertoreduce
thenon-determinisminproofconstructionbyalternatingphasesofinvertibleandnon-invertiblesteps.
Whilefocusingproofswherefirstintroducedin[Andreoli,1992]bymeansofa“triadic”sequent
systemthatmadeexplicitthealternatingphases,thesimplerpresentationin[Andreoli,2000]isbetter
suitedforacomparisonwithreplacementrules.[Andreoli,2000]definestheFocusinginterpretation
ofaformulaFasasetofderivedsequentcalculusinferencerules.TakeasanexampletheMALL
formulaF=a⊥
b⊥((c&d)&e)
f.TheFocusinginterpretationofthisformulaisthe(setof)
rulesinferenceΓ,c,eΓ,d,eΔ,f
Γ,Δ,a,b,F
whereΓandΔrangeoverarbitrarymultisetsofformulas.Thus,theFocusinginterpretationcanbe
viewedasthepossibleapplicationdirectionsofanassertionF.
Thefocusingproofconstructiontechniquehasalsobeendefined,amongothers,forconstructive
first-orderlogicin[Abeletal,2001],whereitisusedforproofcheckinglemmaapplications.The
focusingproofstepscorrespondtothecriteriausedinthedefinitionofadmissiblereplacementrules.
However,themajordifferencebetweenthefocusingproofstepsandthereplacementrulesintroduced
inthisthesisisthattheinferencerulesobtainedbyFocusinterpretationcanonlybedeterminedfor
top-levelformulasandonlyappliedtotop-levelformulas,whilethereplacementrulescanbedeter-
minedforandappliedtosubformulas.Furthermore,thereplacementrulesincludethetreatmentof
conditionalequivalencesandequations.

Calculi12.412.4.1Sch¨utte’sProofTheory
TheprooftheorypresentedbySch¨utte[Sch¨utte,1977]exploitsthesameprooftheoreticpropertiesof
conjecturesthatleadtothedefinitionofpolaritiesanduniformnotationtodefinesimplecalculifor
classicalandintuitionisticlogic.Comparedtosequentandnaturaldeductioncalculiitdoesnotenforce
atop-downdecompositionapproach,butrathersupportstheinnerdecompositionofβ-typeformulas.
ThecalculusrulesrelyonthenotionsofP-formsandN-formsthatcanbedefinedasfollowsbyusing
polarities:wefirstdefineunconditionalformstobeU(x):=ϕ(x)wherexisabooleanvariablethat
occursexactlyonceinϕandifϕ(x)isp+assignedapositivepolarity,thenxhaspolarityp,andthere
arenoβ-relatedformulasforxinϕ(x).Allsuchformulaswherep=+arecalledP-forms(i.e.
ϕ(x+)+,andotherwiseN-forms(i.e.ϕ(x)+ifp=.Finally,anNP-formisL(x,y):=ϕ(x,y)such
thatforanyformulaψ,L(ψ,y)isanN-formforyandL(x,ψ)isaP-formforx.Theaxiomsofthe
classicalsententialcalculusfrom[Sch¨utte,1977]areL(ψ,ψ),U(⊥)andtheonlypropositional
isruledecompositioninnerU(Ap)+U(Bp)+
U(β(Ap,Bp)p)+β-Decompose
wheretheformuladenotedbyU(Ap)+isU(¬(Ap))+ifp=p,andotherwiseU(Ap)+.
TheaxiomsareimmediatelyprovablewiththeCOREreasoningrule(simplificationonlyfor
U(⊥)andreplacementruleapplicationandsimplificationforL(ψ,ψ)),whiletheβ-decomposition
rulehasbeenprovedtobeadmissiblewithrespecttoCOREreasoningrulesinSection10.1.

CALCULI12.4.

(A∧(A⇒(A∧B)))⇒(A∧B)α+α+(A∧(A⇒(A∧B)))⇒(A∧B)
(A∧(A⇒(A∧B)))α(A∧B)β+α(A∧(A⇒(A∧B)))(A∧B)β+
A1A⇒(A∧B)βA4+B2+AA1βA⇒(A∧B)+AA4+BB2
A2+(A∧B)α+AA2(A∧B)α
A3B1AA3BB1

185

Figure12.1:InitialindexedformulatreeandinitialFVIF-treefor((A∧(A⇒(A∧B)))⇒(A∧B))+.

ThereasoningstyleprovidedbytheinferencerulesoftheSch¨utteprooftheoryisalsointuitive
withessentialrespectfeaturetonotofaenforcingcalculusfortheintuiticompletevereasoningdecompositiontosupportofthetheoriginaltransformationformula.ofWepartsbelieofaveitformulaisan
proofwithouttheoryactuallyareabeingclearforcedcontribtoution.decomposeHowevtheer,formula.withinInthisthatthesisrespectweshothewedinferencethatrulesreplacementofSch¨utte’ruless
accommodatetheoremprovingontheassertionlevel[Huang,1996].Thusreplacementrulesare
afurtherkeytechniquetosupportanintuitivereasoningstyle.Thatnotionofreplacementrules
isreplacemententirelyabsentrulesinandaSch¨utte’sgeneralisationproofoftheorythe,βwhile-formulatheCOREdecompositionprooftheoryofSch¨utte.supportsboththeuseof

CalculiMatrix12.4.2TheCOREprooftheoryandmatrixcalculi(respectivelyexpansiontreeproofs)relyonthesamelogi-
calfoundations,butthestylesofproofconstructionareinherentlydifferent.ConsideraninitialCORE
proofstate[Q,idLR]forsomeconjecture.Matrixproofsearchfixestheinitialmultiplicitiesofthe
γ-andν-typenodesinQandthensearchesforaspanningsetofconnectionsforQ,possibly,inthe
caseofhigher-orderlogic,byadjustingthemultiplicitiesusingIssar’spath-focusedduplicationpro-
cedure[Issar,1990].TheCOREstyleofproofsearch+alsosupportstheincreaseofmultiplicities,but
otherwiseconsistsoftransformingRintoeitherTrueorFalseratherthansearchingforaspan-
ningsetofconnections.Thepath-focusedduplicationtechniquefrom[Issar,1990]wasdevelopedfor
higher-orderlogicandsupportstheincreaseofthemultiplicityofanarbitraryγ-typenode.However,
ratherthanconsideringallresultingnewpaths,theeffectsarelocalisedtothepaththatinitiatedthe
copying.Sinceinourframeworkwerelyonindexedformulatreesandnotonapathrepresentation,
wecannotlocalisetheeffecttosomesinglepath,andhenceIssar’stechniqueisnotapplicableinour
context.ThemultiplicityincreasingrulefromSection4.11copiesandrenamesawholesubtreeand
thusweareforcedtoconsiderallresultingpaths.Especially,wehavetocarryoverallproofinfor-
mationestablishedfortheoriginalsubtree,whichisachievedbydeterminingaconvexsetofsubtrees
beforecopying.Itdeterminesasetofsubtreeswhichhavetobecopiedinordertoallowtocarry
overallproofinformation,especiallyestablishedconnections,tothenewpaths.Notethatthisisnot
necessaryfortheIssar’stechnique,sincethepaththattriggeredtheadjustmentofmultiplicitiesis
connections.containnottoassumedTheinstantiation,Leibniz’equalityintroductionandextensionalityintroductionrulesareanalo-
gousinbothapproaches.TheCOREweakeningandcontractionrulesareunnecessaryinamatrix

186

CHAPTER12.RELATEDWORK

proofsearch.Thus,themajordifferenceisindeterminingspanningconnectionsversusapplicationof
replacementrules.Atfirstsightthereseemstobearelationshipbetweentheinsertionofaconnection
andanapplicationofareplacementrule;indeed,theapplicationofareplacementrulealsorequires
thattheleft-handsideoftheruleandthesubtreetheruleisappliedtohaveoppositepolarities,the
samemodalprefixandthesamelabel.Thiscorrespondstotheconditiontoestablishaconnection.
Thefactthatreplacementrulesdonotnecessarilyoperateonliteralnodesisnotaproblem,sinceboth
subtreeshaveisomorphicstructuresduetotheequalityoftheirlabelsandthustherelationshipcan
beinheritedalongthetreestructure.However,themajordifferenceisthatwhileinamatrixproof
searchbothliteralsareα-relatedinQ,intheCOREapproachtheoriginalliteralsinQmaybeα-
orβ-related.Thisisduetothefactthatsubformulasthatareinitiallyβ-relatedbecomeα-related
inRviaruleapplication.Considerasanexampletheformula(A∧(A⇒(A∧B)))⇒(A∧B):the
initialindexedformulatreeandthecorrespondingFVIF-treeforthepositiveformulaareshownin
distinguishthemexplicitly.OnA4+wecanapplythereplacementruleAA3→+AA2,whichresults
Figure12.1(p.185),whereweassignednumberstotheliteralnodesintheinde
xedformulatreeto
FVIF-treetheinα+(A∧(A⇒(A∧B)))⇒(A∧B)
α(A∧(A⇒(A∧B)))(A∧B)β+
AA1βA⇒(A∧B)+AA2+BB2
+AA2α(A∧B)
AA3BB1
plyAA3→+AA2;howeverwecannotinherittheconnectioninformation,sinceA2andA3are
andintroduces
aconnectionbetweenA4andA3.OnthenewoccurrencesifA2wecouldagainap-
β-relatedintheindexed
formulatree.Asimilarproblemoccurswhenapplyingthereplacement
ruleα(AA3∧BB1)→+AA2toβ+(+AA2∧+BB2):Whileitispossibletoinherittheconnectionto
(B2,B1),itisnotpossibletoinherititto(A3,A2).Thus,therearetwokindsofconnections:thosebe-
tweenα-connectedliteralsinQandthosebetweenβ-connectednodesinQ.Theformercorresponds
toastandardmatrixconnectionwhiletheotherdoesnot.Intheliteraturebothtypesofrelation-
shipsareknownasc-linksandd-linkswhichhavebeenusedtodefinepathresolution[Murray&
Rosenthal,1987a]andpathdissolution[Murray&Rosenthal,1987b].Thatrelationshiphasalready
beenexploitedinthecompletenessproofinSection5.4,althoughinaslightlydifferentway.Tore-
turntomatrixproofsearch,theproblempersiststhatwewouldhavetoshowthatbyinheritingthe
connectioninformationtoQduringreplacementruleapplication(inR)weobtainaspanningsetof
connectionsforQ,onceRhasbeenreducedtoTrue+(respectivelyFalse).Duetothefactabove,
thisisanon-trivialproblemandthusislefttofuturework.

CalculusSequent12.4.3OnemotivationforthedevelopmentoftheCOREprooftheorywastoovercometheneedforformula
decompositionasenforcedbysequentandnaturaldeductioncalculiinordertosupportanintuitive
reasoningstyle.InChapter10wehavepresentedhowasequentstylecalculuscanbesimulatedin
CORE.ThenetbenefitsarethattheunderlyingCOREprooftheorynotonlyprovidesanaturalbasis
forcalculusdeductionproofmodulotransformationforthiscalculus,operationsbutthatalsoresultsupportsfromnon-tritheflevialxibleandincreasepracticallyofconvmultiplicities.enientsequentThe

CALCULI12.4.

187

prooftransformationoperationisalsothemajorreasonwhyanongoingCOREderivationcannotbe
directlycompletedCtranslatedOREproofintoaintoasequentderivationcalculuswithderivrespectation.toHowethesever,itcalculi.shouldThisbewouldpossibleresulttoinatranslatesimplea
bedonemechanismwithfortheintuitiindependentveCOREproofreasoningcheckingrules.ofCFOorREtheproofs,definitionalthoughofsuchtheaprooftranslationdevweelopmentenvisioncan
usingthetechniquestogeneratesequentcalculusproofsfromcompletedmatrixproofs,asforinstance
gifromvenainCORE[Pfenning,proof1987].which,Howeunfortunatelyver,this,isnotpre-requiresyetpossiblethata(seecompletepreviousmatrixsection).proofcanbeobtained

12.4.4ResolutionandParamodulationbasedCalculi

Resolutionandparamodulationcalculitypicallyrelyonclausalnormalformwhichisobtainedby
skolemisingthePrenexnormalformofthenegatedconjecture.Themajorinferencerulesarereso-
lution,ageneralisationofModusPonens,andparamodulationthatcanbeviewedasakindofcon-
ditionalrewriting.Thesecalculiaremachineorientedcalculiandtheyarenotparticularlysuitable
forinteractiveproofsearch.Thestructureoftheoriginalconjectureislostinthenormalform.The
COREreplacementrulescanbeviewedasageneralisationofresolutionandparamodulationtoquan-
tifierfreeformulasthatarenotinnormalform.Theadmissibilityofsubstitutionsisensuredbythe
quantifierstructurewhichcontrastswiththe“occur-check”usedinthesecalculithatreliesonskolemi-
sation.Duetotherelationshipbetweenreplacementrulesandresolutionandparamodulationrules,it
shouldbesimpletodefineorderingbasedsearchspacerestrictionsforreplacementruleapplications
analogoustothoseinsuperpositioncalculi[Bachmairetal,1992].

13Chapter

Conclusion

Thecomputer-baseddevelopmentofmathematicalproofsrequiresinteractionoftheuserwiththethe-
oremprovingsystem.Synergeticcooperationoftheuserandthereasoningproceduresinsideatheo-
remprovingsystemreliesespeciallyonthequalityoftheinterface,whichmustaddressthedifferent
requirementsthatarisefrombothsides.COREencompassesmostaspectsofthecommunicationthat
rangefromthepresentationoftheproofstate,viathesupplyofrelevantcontextualinformationabout
possibleproofcontinuations,tothesupportforahierarchicalproofdevelopment.
Thecommunicationinfrastructurehastoprovideauniforminterfaceadequateforbothhuman
usersandautomaticreasoningprocedures.ThecommunicationinfrastructureofCOREimplements
thisrequirementandaddressestheaforementionedthreeaspectsofthecommunicationthroughthe
followingCOREfeatures:

1.possibleSimultaneousalternativepresentationgoals.ofEitherthestyleproofofstateaspresentationasingleoftheformula,prooforastate,listandofgoalsespeciallyandthethe
possibilityfortheirsimultaneouspresentation,providesacompleteandcomplementaryview
state.prooftheon

2.Complete,contextualproofcontinuationinformationforeverypartoftheproofstateinauni-
formproofconstructionstepformat.Theproofconstructionstepsallowforanintuitivereading
thatsubsumestheassertionlevelproofsfrom[Huang,1996]andsuitsboththeuseranddeclar-
ativehigh-levelproofplanningprocedures.Furthermore,theyallowforanoperationalreading
asageneralinferencerule,whichaccommodatestheintegrationofproceduralproofprocedures
tactics.elik

3.Supportforhierarchicalreasoning,suchas(1)thespeculationofsubgoalsasperformed,for
instance,inproofplanning,(2)thehierarchicalreasoningstyleadvocatedbywindowinference,
(3)thechangeoftherepresentationformalismbyabstraction,and(4)theexplicitrepresentation
ofderivationalandrepresentationalhierarchiesthatariseduringproofconstructioninorderto
adequatelyconveytheencodedproofintentionstotheuserandthereasoningprocedures.

Thekeyfeatureforthedevelopmentofthecommunicationinfrastructureisthenew(meta)proof
prooftheoryCtheoryOREforincludesconteacutxtualrulereasoningwhichiswhichadmissibleissoundforallandlogicscompletebuthigherforav-orderarietylogicofwithlogics.HenkinThe
semantics.Thepillarsofthemetaprooftheoryare:

189

190

CONCLUSION13.CHAPTER

--auniformcalculusforindexedformulatrees(respectivelyexpansiontreeproofs)whichissound
andcompleteforthewholeclassoflogicsandisusedasaconciserepresentationofvariable
proandving,modalwedevquantifierelopedadependencies.techniquetoInorderdynamicallytomeetincreasethetherequirementsmultiplicitiesofofinteractivequantifierstheoremby
duringpreservingproofanytypeconstructionofproofandovinformation.ercomestheTheproblemresultingthatincalculustheserulecalculicanbetheusedonmultiplicitiesdemandof
quantifiersmusteitherbesetbeforehandorthattheproofinformationisnotpreservedwhen
multiplicities.quantifierincreasing

--uniformcalculusextendedbyafreevariablerepresentationoftheformulacontainedinan
indexedformulatreeandfullyannotatedbyprooftheoreticinformationsuchaspolaritiesand
uniformtypes.ACOREproofstateisalwaysapairconsistingofanindexedformulatreeand
anactualformulawithfreevariables.Themetaprooftheoryconsistsof12proofrules,and
aproofiscompletediftheformulaintheproofstateisTrue+.Inthisway,aCOREproof
statecanalwaysbeviewedasasingleformulaandtheuniformtypesprovideallthenecessary
informationtodeterminesubgoalsandalternatives.

--typesthatprovidethebasisforauniformdefinitionandimplementationofthelogicalcontext
ofanysubformulaandthereplacementrulesthatresultfromformulascontainedinalogical
context.Thenotionofcontextandthederivedreplacementrulesarethemajordevelopments
thatsmoothedthewayforsupportingauniformcontextualreasoningstyle.Ontheonehand,
replacementrulesoperationaliseandsubsumetheassertionlevelproofrulesandthussupport
thedirectandintuitiveproofdevelopmentattheassertionlevel.Ontheotherhand,theyare
generalisedresolutionandparamodulationrulesthatsuittheintegrationofproceduralproof
procedures,suchastacticsorsuperpositionbasedproofprocedures.Thus,replacementrules
aretheuniformproofconstructionstepformatthatallowforbothanintuitiveandanopera-
tionalreading.Providingthemtotheuserandthereasoningproceduresintherespectiveformat
isthecentralinformationaboutverifiablysoundproofcontinuations.Otherproofcontinua-
tions,whosesoundnesscannotbeimmediatelyverified,suchasproofplanningstepsand,more
generally,anyspeculativeproofconstructionsteps,arerepresentedusingthecutrule.

Wedevelopedawindowcalculustosupportthefocusingonsubpartsofaformula.TheCORE
windounderlyingwcalculusCOREsupportscalculustheprovideshierarchicalallthereasoningnecessarystylefeaturesadvocatedtobyuniformlywindowdetermineinference.Sincereplacementthe
rulesfromthelogicalcontextofanysubformula,itextendspreviousimplementationsofwindowin-
ferencebytheuniformdeterminationofreplacementrules.Asanapplicationofthatwindowcalculus
wepresentedtheimplementationofasequentcalculusbasedonthewindowcalculus.Theresult-
ingsequentcalculusovercomesthelimitationsofstandardimplementationsofthesecalculi,suchas
selectingtherightorderfordecomposingformulasandeliminatingquantifiers.Furthermore,from
ofthequantifiers,underlyingCOwhichREcalculuscorrespondsittoinheritspothewerfulabilityprooftosoundlytransformationandadequatelyoperationsinincreasestandardmultiplicitiessequent
calculi.Finally,thesequentcalculusinheritsallcontextualreasoningcapabilitiesfromtheCOREcal-
culusandthussubsumesthetheoremprovingmoduloapproach[Doweketal,1998,Dowek,2000].
Wealsoprovidedsupportforthedefinitionofreasoningdomainsandrepresentationalabstrac-
thetions.proofTheseconstruction.conceptsaretheFinally,formalwebasesdefinedasupportinghierarchicalproofrepresentationaldatastructureabstractionstoatrepresentanyCstageORofE

ORKWFUTURE13.1.

191

windowproofstogetherwithallderivationalandrepresentationalhierarchiesthatariseduringproof
construction.Itexplicitlyrepresentsallrelationsbetweenthedifferenthierarchiesandisthecentral
representationofthehistoryofa(partial)proof.Itistheuniformrepresentationofallinformation
aboutcompletedproofpartsaswellasproofintentionsforopengoals.
AllthetechniquesandsolutionsdevelopedinthisthesishavebeenimplementedintheCORE
system,whichisusedasthecommunicationinfrastructuretosupporttheintegrationofthemulti-
strategyproofplannerMULTI[Melis&Meier,2000,Meier,2003],theagent-basedproofsystem
Ω-ANTS[Benzm¨uller&Sorge,2000,H¨ubner,2003],andtheinductivetheoremproverINKA[Hutter
&Sengler,1996,Autexieretal,1999].

orkWeFutur13.1Theworkpresentedinthisthesisprovidesabasisforfutureworkinmanyrespects:proofchecking,
automationofproofsearch,userinteractionandfoundationalresearch.

ProofChecking.Proofcheckingofproofsconstructedwithinatheoremprovingenvironmentisan
proofimportanttheoryissuecaninnotordereasilytobeindependentlycheckedbycertifypurethesesyntacticalproofs.Theproperties,reasoningasthey,rulesforoftheinstance,CORErelymetaon
indeuniformxedformulanotation,treepolaritiesandthusandifitmaywhaouldvebenon-tripossiblevialtoglobalconstructeffects.aThematrixCORproofEproofduringstateaCORcontainsEproofan
construction,itwouldinprincipleallowonetousethetechniquesthatgeneratesequentornatural
betweendeductioncalculusreplacementproofsrulefromapplicationcompletedandthematrixinsertionproofs.ofTheconnectionsformalisationdiscussedoftheincloseSectionrelationship12.4.2
togetherspanningsetwithofanconnectionsappropriateforproofitsindexensuringedthatformulaanytree,iscompletedthefirstCOREfutureproofworkstatestepinthecorrespondsdirectiontoa
ofproofchecking.Althoughtheformalisationandtheproofaresufficientfromatheoreticalpointof
beview,donetheandactualisanon-triimplementationvialtask.ofaprocedurethatgeneratesasequentcalculusproofstillneedsto
Anrepresentationalternatithatveisdirectionsuitabletoforwardsproofproofchecking.checkingAispossiblethedevstartingelopmentpointofcould,anforassertioninstance,levelbeproofthe
assertionlevelproofcalculusdevelopedforfirst-orderlogicproofsin[Abeletal,2001].Thedevel-
toopmentdefineofanvariantsadequateofthistransformationcalculusforofathe(partial)logicsCORconsideredEwindoinwthiscalculusthesiswproof.ouldmakeitconceivable

AutomationofProofSearch.TheembeddingofastrongsequentcalculusinCOREtogetherwith
thereplacementrulesthatbehavelikeassertionlevelproofstepsontheonehandandgeneralised
resolutionandparamodulationproofstepsontheotherhand,makesitplausiblethattheproofsearch
automationtechniquesdevelopedforthesecalculicanbeadaptedtotheCOREprooftheory.Thisin-
cludestacticaltheoremprovingforsequentcalculusincludingthetheoremprovingmoduloapproach,
orproofplanningovertactics.Furthermore,theassertionlevelcharacterofreplacementrulessupports
thedefinitionofproofplanningdirectlyontheintuitiveandhuman-orientedassertionlevel.Alsothe
term-orderingbasedautomatedtheoremprovingproceduresforresolutionandparamodulationcalculi
shouldbetransferabletotheCOREsetting.Finally,thecloserelationshipoftheinternalCOREproof
staterepresentationtomatrixcalculigivesrisetoafurtherinterestinglineofresearchconcernedwith
thetransferofproofsearchautomationtechniquesfromthatarea.

192

CONCLUSION13.CHAPTER

UserInteraction.Naturallanguagepresentationofproofstranslatesformallogicproofsintoastyle
ascanbefoundinamathematicaltextbook.Theassertionlevelof[Huang,1996]isthebasisforthese
techniquesandusuallymustbereconstructedfromthegivensequentornaturaldeductionproofs.
Thesetechniquesalsosupportthenaturallanguagepresentationofpartialproofs.TheCOREreason-
ingrulesandespeciallythereplacementrulesallowforadirectconstructionofproofsattheassertion
el.vle

FoundationalResearch.Incontrasttothemoreapplicationorientedresearchsuggestedabove,
thereisalsointerestingfoundationalfuturework.TheCOREmetaprooftheoryreliesontheexist-
ingWallen-stylematrixcharacterisations[Wallen,1990],whichhamperstheadditionofnewlogics.
FoundationalworkshouldthereforesupportthedefinitionofnewlogicsinsideCORE,forexample
byspecifyingthesequentcalculusrulesforthatlogic,analogoustothedefinitionoflogicsinlogical
frameworks[Harperetal,1987,Pfenning,1996,Pfenning&Sch¨urmann,1999].Theautomaticgen-
erationofakindofWallenstylematrixcharacterisationfromthesedescriptionswouldallowintuitive
andcontextualreasoningcapabilitiesforthenewlogics.Butachievingthistaskislikelyasdifficult
asitisattractive.However,agoodstartingpointwouldbetoattempttointegratethelogicsforwhich
Wallenstylematrixcharacterisationsalreadyexist[Wallen,1990,Mantel&Kreitz,1998].

encesRefer

,alet[Abel2001]

1996],alet[Abelson1992][Andreoli,2000][Andreoli,1972]ws,[Andre1981]ws,[Andre1989]ws,[Andre2002]ws,[Andre

[Andrewsetal,1990]

[Andrewsetal,2000]

Abel,Andreas,Chang,Bor-YuhEvanandPfenning,Frank.(June
2001).Human-readablemachine-verifiableproofsforteaching
constructivelogic.InEgly,Uwe,Fiedler,Armin,Horacek,Hel-
mutandSchmitt,Stephan,(eds.),ProceedingsoftheWorkshop
onProofTransformations,ProofPresentationsandComplexityof
Proofs(PTP’01).Universita´deglistudidiSiena.
Abelson,H.,Sussman,G.andSussman,J.(1996).Structureand
InterpretationofComputerPrograms.MITPress.
Andreoli,Jean-Marc.(1992).Logicprogrammingwithfocusing
proofsinlinearlogic.JournalofLogicandComputation,2(3).
Andreoli,Jean-Marc.(2000).Focussingandproofconstruction.
AnnalsofPureandAppliedLogic,107(1):131–163.
Andrews,PeterB.(June1972).Generalmodels,descriptions,and
choiceintypetheory.TheJournalofSymbolicLogic,37(2):385–
397.Andrews,PeterB.(April1981).Theoremprovingviageneral
matings.JournaloftheAssociationforComputingMachinery,
28(2):193–214.Andrews,PeterB.(1989).Onconnectionsinhigher-orderlogic.
JournalofAutomatedReasoning,5:257–291.
Andrews,PeterB.(2002).AnIntroductiontoMathematicalLogic
andTypeTheory:ToTruthThroughProof,volume27ofGabbay,
DovM.andBarwise,Jon,editor,AppliedLogicSeries.Kluwer
AcademicPublishers,Dordrecht/Boston/London,secondedi-
tion.Andrews,PeterB.,Issar,Sunil,Nesmith,DanandPfenning,
Frank.(July1990).TheTPSTheoremProvingSystem.InStickel,
MarkE.,(ed.),Proceedings10thInternationalConferenceonAu-
tomatedDeduction(CADE),volume449ofLNAI,pages641–642.
erlag.VSpringerAndrews,PeterB.,Bishop,MatthewandBrown,ChadE.(2000).
SystemDescription:TPS:ATheoremProvingSystemforType
Theory.volume1831ofLecturenotesincomputerscience,pages
.Springer164–169.193

194

[Autexier&Hutter,1997]

1997],xier[Aute

[Autexieretal,1998]

[Autexieretal,1999]

[Autexieretal,2002]

[Baader&Nipkow,1998]
1992],alet[Bachmair

1984]gt,[Barendre[Benzm¨uller&Sorge,1999]

REFERENCES

Autexier,SergeandHutter,Dieter.(October1997).Equational
proof-planningbydynamicabstraction.InBonacina,MariaPaola
andFurbach,Ulrich,(eds.),ProceedingsofFTP97:International
WorkshopFirst-OrderTheoremProving,number97-50inReport
Series,pages1–6,JohannesKeplerUniversit¨at,4040Linz,Aus-
RISC-Linz.tria.Autexier,Serge.(June1997).Anabstractionforproof-planning:
TheS-abstraction.SEKIReportSR-97-05,Universit¨atdesSaar-
landes,FachbereichInformatik,Postfach151150,D–66041
en.uck¨SaarbrAutexier,S.,Hutter,D.,Langenstein,B.,Mantel,H.,Rock,G.,
Schairer,A.,Stephan,W.,Vogt,R.andWolpers,A.(september
1998).VSE:Formalmethodsmeetindustrialneeds.International
JournalonSoftwareToolsforTechnologyTransfer,Specialissue
onMechanizedTheoremProvingforTechnology,SpringerVerlag.
Autexier,Serge,Hutter,Dieter,Mantel,HeikoandSchairer,Axel.
(1999).Systemdescription:Inka5.0–alogicvoyager.In
Ganzinger,H.,(ed.),Proceedingsofthe16thInternationalConfer-
enceonAutomatedDeduction(CADE),LNAI1632,Trento,Italy.
.SpringerAutexier,Serge,Hutter,Dieter,Mossakowski,TillandSchairer,
Axel.(September2002).ThedevelopmentgraphmanagerMAYA.
InKirchner,H´el`eneandRingeissen,Christophe,(eds.),Pro-
ceedings9thInternationalConferenceonAlgebraicMethodology
AndSoftwareTechnology(AMAST’02),volume2422ofLNCS.
.SpringerBaader,FranzandNipkow,Tobias.(1998).TermRewritingand
AllThat.CambridgeUniversityPress.
Bachmair,Leo,Ganzinger,Harald,Lynch,ChristopherandSny-
der,Wayne.(June1992).Basicparamodulationandsuperposi-
tion.InKapur,Deepak,(ed.),Proceedingsofthe11thInterna-
tionalConferenceonAutomatedDeduction(CADE),volume607
ofLNAI,SaratogaSprings,NY.Springer.
Barendregt,HenkP.(1984).TheLambdaCalculus–ItsSyntax
Holland.North.SemanticsandBenzm¨uller,ChristophandSorge,Volker.(21–24,September
1999).CriticalAgentsSupportingInteractiveTheoremProving.
InBarahona,P.andAlferes,J.J.,(eds.),ProgressinArtificialIn-
telligence,Proceedingsofthe9thPortugueseConferenceonArtifi-
cialIntelligence(EPIA-99),volume1695ofLNAI,pages208–221,
´Evora,Portugal.SpringerVerlag,Berlin,Germany.

REFERENCES

[Benzm¨uller&Sorge,2000]

[Benzm¨ulleretal,2002a]
[Benzm¨ulleretal,2002b]

1937][Bernays,1941][Bernays,1965][Beth,1847][Boole,1979]Moore,&yer[Bo1914],[Brouwer1925],[Brouwer1988],[Bundy

alet[Bundy1990a],

et[Bundy1990b],al

195

Benzm¨uller,ChristophandSorge,Volker.(2000).Ω-OANTS–
anopenapproachatcombininginteractiveandautomatedtheo-
remproving.InKerber,ManfredandKohlhase,Michael,(eds.),
SymbolicComputationandAutomatedReasoning,pages81–97.
A.K.Peters.Benzm¨uller,Christoph,Kohlhase,MichaelandBrown,ChadE.
(2002a).HigherOrderSemanticsandExtensionality.Technical
report,CarnegieMellonUniversity,Pittsburgh,PA.
Benzm¨uller,Christoph,Kohlhase,MichaelandBrown,ChadE.
(2002b).Semantictechniquesforcut-eliminationinhigherorder
logic.Technicalreport,CarnegieMellonUniversity,Pittsburgh,
A.PBernays,Paul.(1937).Asystemofaxiomaticset-theory.Journal
ofSymbolicLogic,2:65–77.
Bernays,Paul.(1941).Asystemofaxiomaticset-theory.Journal
ofSymbolicLogic,6:1–17.
Beth,EvertW.(1965).Thefoundationsofmathematics:astudy
inthephilosophyofscience.Studiesinlogicandthefoundations
ofmathematics.North-holland,2ndrev.ed.edition.
Boole,George.(1847).TheMathematicalAnalysisofLogic.
Macmillan,Barclay,Cambridge,UK,ReprintedbyBasilBlack-
1965.UK,Oxford,well,Boyer,RobertS.andMoore,JStrother.(1979).Acomputational
logic.ACMmonographseries.AcademicPress.
Brouwer,LuitzenEgbertusJan.(1914).IntuitionismandFormal-
ism.BulletinoftheAmericanMathematicalSociety,20:81–96.
Brouwer,LuitzenEgbertusJan.(1925).ZurBegr¨undungderintu-
itionistischenMathematik.MathematischeAnnalen,93:244–257.
Bundy,Alan.(1988).Theuseofexplicitplanstoguideinductithve
proofs.InLusk,R.andOverbeek,R.,(eds.),Proceedings9In-
ternationalConferenceonAutomatedDeduction(CADE),LNAI,
.Springer111–120.pagesBundy,A.,vanHarmelen,F.,Horn,C.andSmaill,A.(July1990).
TheOyster-Clamsystem.InStickel,MarkE.,(ed.),Proceedings
10thInternationalConferenceonAutomatedDeduction(CADE),
volume449ofLNAI,pages647–648.SpringerVerlag.
Bundy,A.,vanHarmelen,F.,Smaill,A.andIreland,A.(July
1990).Extensiontotherippling-outtacticforguidinginduc-
tiveproofs.InStickel,MarkE.,(ed.),Proceedings10thInterna-
tionalConferenceonAutomatedDeduction(CADE),volume449

196

2003],alet[Bundy1984][Carlsson,2000]ge,Sor&[Cheikhrouhou

1936][Church,1940][Church,,alet[Constable1986]

1997],alet[Dahn

1973a]Bruijn,[De

[De1973b]Bruijn,

1980]Bruijn,[De

REFERENCES

ofLNAI,pages132–146,Kaiserslautern,Germany.SpringerVer-
lag.Bundy,Alan,Basin,David,Hutter,DieterandIreland,Andrew.
(2003).Rippling:Meta-LevelGuidanceforMathematicalRea-
soning.CambridgeUniversityPress.
Carlsson,M.(1984).Onimplementingprologinfunctionalpro-
gramming.NewGenerationComputing,2(4).
Cheikhrouhou,LassaadandSorge,Volker.(march2000).PDS–
athree-dimensionaldatastructureforproofplans.InProceedings
oftheInternationalConferenceonArtificialandComputational
IntelligenceforDecision,ControlandAutomationinEngineering
andIndustrialApplications(ACIDCA’2000).
Church,Alonzo.(1936).Anunsolvableproblemofelementary
numbertheory.AmericanJournalofMathematics.
Church,Alonzo.(1940).Aformulationofthesimpletheoryof
types.JournalofSymbolicLogic,5:56–68.
Constable,RobertL.,Allen,StuartF.,Bromley,H.M.,Cleaveland,
W.R.,Cremer,J.F.,Harper,R.W.,Howe,DouglasJ.,Knoblock,
T.B.,Mendler,N.P.,Panangaden,P.,Sasaki,JamesT.andSmith,
ScottF.(1986).ImplementingMathematicswiththeNuprlDevel-
NJ.Prentice-Hall,.SystemopmentDahn,BerndIngo,Gehne,J,Honigmann,Th.andWolf,A.(1997).
IntegrationofautomatedandinteractivetheoremprovinginILF.
InMcCune,W.,(ed.),Proceedingsofthe14thInternationalCon-
ferenceonAutomatedDeduction(CADE),LNAI1249,pages57–
60,Townsville,NorthQueensland,Australia.Springer.
DeBruijn,NicolaasGovert.(1973a).AUTOMATH-EinProjekt
zurKontrollevonMathematik.InBraffort,P.,(ed.),Proceedings
ofthesymposiumAPLASM,volumeI,Orsay,France.Talkgiven
atInnsbruckerMathematikertag,1974.Germantranslationof“The
AUTOMATHMathematicsCheckingProject”.
DeBruijn,NicolaasGovert,(1973b).AUTOMATH,ALan-
guageforMathematics.S´eminairedeMath´ematiquesSuperieures
52,D´epartementdeMath´ematiques,Universite´deMontr´eal,
Canada.eal,´MontrDeBruijn,NicolaasGovert.(1980).AsurveyoftheprojectAU-
TOMATH.InSeldin,J.P.andHindley,J.R.,(eds.),ToH.B.
Curry-EssaysontheCombinatoryLogic,CalculusandFormal-
ism,pages579–606.AcademicPress,London,UK.

REFERENCES

wek,[Do2000]

[Doweketal,1998]
1997]we,Lo&[Duncan

1986]Ohlbach,&[Eisinger

[Elliott1991]Pfenning,&

2001],[Fiedler1972][Fitting,1922]el,[Fraenk[Franke&Kohlhase,1999]

1879]ge,[Fre

1996]aldmann,W&[Ganzinger

197

Dowek,Gilles.(2000).Automatedtheoremprovinginfirst-order
logicmodulo:onthedifferencebetweentypetheoryandsetthe-
ory.InCafferra,RandSalzer,G.,(eds.),AutomatedDeductionin
ClassicalandNon-ClassicalLogics,number1761inLNAI,pages
erlag.-VSpringer1–22.Dowek,Gilles,Hardin,Th´er`eseandKirchner,Claude.(April
1998).Theoremprovingmodulo.RapportdeRecherche3400,
InstitutNationaldeRechercheenInformatiqueetenAutomatique.
Duncan,DavidandLowe,Helen.(1997).Xbarnacle:Making
theoremprovthersmoreaccessible.InMcCune,W.,(ed.),Proceed-
ingsofthe14InternationalConferenceonAutomatedDeduction
(CADE),LNAI1249,Townsville,NorthQueensland,Australia.
.SpringerEisinger,NorbertandOhlbach,Hans-J¨urgen.(1986).TheMark-
grafKarlRefutationprocedure(MKRP).InSiekmann,J¨org,(ed.),
Proceedingsofthe8thInternationalConferenceonAutomatedDe-
duction(CADE),LNCS,pages681–682.Springer.
Elliott,ConalandPfenning,Frank.(1991).Asemi-functional
implementationofahigher-orderlogicprogramminglanguage.In
Lee,Peter,(ed.),TopicsinAdvancedLanguageImplementation,
Press.MIT289–325.pagesFiedler,Armin.(2001).User-adaptiveProofExplanation.Phd
thesis,Naturwissenschaftlich-TechnischeFakult¨atI,Universit¨at
desSaarlandes,Saarbr¨ucken,Germany.
Fitting,Melvin.(1972).Tableaumethodsofproofformodallog-
ics.NotreDameJournalofFormalLogic,XIII:237–247.
Fraenkel,AdolfAbraham.(1922).ZudenGrundlagenderCantor-
ZermeloschenMengenlehre.MathematischeAnnalen,86:230–
237.Franke,AndreasandKohlhase,Michael.(1999).Mbase:Rep-
resentingmathematicalknowledgeinarelationaldatabase.In
CALCULEMUS99,SystemsforIntegratedComputationandDe-
.vierElse.ductionFrege,Gottlob,(1879).Begriffsschrift,einederarithmetischen
nachgebildeteFormelsprachedesreinenDenkens,Halle,Ger-
many,Reprintin:BegriffsschriftundandereAufs¨atze,J.An-
gelelli,editor,Hildesheim.SeealsoinLogiktexte,KarelBerka,
LotharKreiser,editors,pages82-112.
Ganzinger,HaraldandWaldmann,Uwe.(1996).Theoremprov-
ingincancellativeabelianmonoids.InMcRobbie,M.A.and

198

REFERENCES198Slaney,J.K.,(eds.),Proceedingsofthe13thInternationalCon-
ferenceonAutomatedDeduction(CADE),volume1104ofLNCS
,pages388–402,NewBrunswick,N.Y.Springer.
[Gentzen,1969]Gentzen,Gerhard.(1969).TheCollectedPapersofGerhard
Gentzen(1934-1938).EditedbySzabo,M.E.,NorthHolland,
Amsterdam.[Giunchiglia&Villafiorita,1996]Giunchiglia,FaustoandVillafiorita,Adolfo.(1996).ABSFOL:A
proofcheckerwithabstraction.InthMcRobbie,M.A.andSlaney,
J.K.,(eds.),Proceedingsofthe13InternationalConference
onAutomatedDeduction(CADE),volume1104ofLNCS,pages
136–140,NewBrunswick,N.Y.Springer.
[G¨odel,1930]G¨odel,Kurt.(1930).DieVollst¨andigkeitderAxiomedeslogischen
Funktionenkalk¨uls.Monatsheftef¨urMathematik,37:349–360.
[G¨odel,1931]G¨odel,Kurt.(1931).¨UberformalentscheidbareS¨atzederPrin-
cipiaMathematicaundverwandterSystemeI.Monatsheftef¨ur
38:173–198.,PhysikundMathematic[G¨odel,1940]G¨odel,Kurt.(1940).TheConsistencyoftheAxiomofChoiceand
oftheGeneralizedContinuum-HypothesiswiththeAxiomsofSet
Theory.AnnalsofMathematicsStudies,3.
[Gordonetal,1979]Gordon,M.J.,Milner,A.J.andWadsworth,C.P.(1979).Edin-
burghLCF–Amechanisedlogicofcomputation.SpringerVerlag,
78.LNCS[Graham,1994]Graham,P.(1994).OnLisp–AdvancedTechniquesforCommon
Hall.Prentice.Lisp[Grundy,1991]Grundy,Jim.(1991).WindowinferenceintheHOLsystem.In
ProceedingsoftheInternationalWorkshopontheHOLTheorem
ProvingSystemanditsApplications.
[Grundy,1992]Grundy,Jim.(1992).Awindowinferencetoolforrefinement.In
ProceedingsoftheFifthRefinementWorkshop,WorkshopinCom-
puterScience,pages230–254.SpringerVerlag.
[Harperetal,1987]Harper,Robert,Honsell,FurioandPlotkin,Gordon.(June22-25
1987).Aframeworkfordefininglogics.InProceedingsofthe
SymposiumonLogicinComputerScience(LICS’87),pages194–
204,Ithaca,NewYork,USA.IEEEComputerSocietyPress.
[Heiseletal,1991]Heisel,M.,Reif,W.andStephan,W.(1991).Formalsoftware
developmentintheKIVsystem.InLowry,M.R.andMcCartney,
R.D.,(eds.),AutomatingSoftwareDesign,pages547–574.AAAI
CA.ark,PMenloPress,[Henkin,1950]Henkin,Leon.(1950).Completenessinthetheoryoftypes.The
JournalofSymbolicLogic,15:81–91.

1930]odel,¨[G1931]odel,¨[Godel,¨[G1940]1979],alet[Gordon1994][Graham,1991],[Grundy1992],[Grundy1987],alet[Harper

[Heisel1991],alet

1950][Henkin,

REFERENCES

1930][Herbrand,1956]yting,[He1930][Hilbert,1986]Seldin,&y[Hindle1999][Horacek,

1994][Huang,1996][Huang,2003],ubner¨[H1996]Cresswell,&[Hughes1996],Sengler&[Hutter

1990],[Hutter

,[Hutter1994]

1997a],[Hutter

199

Herbrand,Jacques.(1930).Recherchessurlath´eoriedela
d´emonstration.Sci.Lett.Varsovie,ClassesIIIsci.math.phys.,
33.Heyting,Arend.(1956).Intuitionism.North-HollandPublishing
Company,Amsterdam,Netherlands,(1971)thirdedition.
Hilbert,David.(1930).ProblemederGrundlegungderMathe-
matik.MathematischeAnnalen,102:1–9.
Hindley,J.RogerandSeldin,JonathanP.(1986).Introductionto
Combinatorsandλ-Calculus,volume1ofLondonMathematical
SocietyStudentTexts.CambridgeUniversityPress.
Horacek,Helmut.(1999).Presentingproofsinahuman-oriented
way.InGanzinger,H.,(ed.),Proceedingsofthe16thInternational
ConferenceonAutomatedDeduction(CADE),LNAI1632,pages
142–156,Trento,Italy.Springer.
Huang,Xiaorong.(1994).HumanOrientedProofPresentation:A
ReconstructiveApproach.Phdthesis,FB14Informatik,Saarland
.ersityvUniHuang,Xiaorong.(1996).HumanOrientedProofPresentation:
AReconstructiveApproach.Number112inDISKI.Infix,Sankt
Augustin,Germany,Alsopublishedas[Huang,1994].
H¨ubner,Malte.(2003).Supportinginteractivetheoremprovingin
CORE.Diplomathesis,FR6.2Informatik,SaarlandUniversity.
Hughes,G.E.andCresswell,M.J.(1996).ANewIntroduction
toModalLogic.Routledge,11NewFetterLane,London,EC4P
4EE.Hutter,DieterandSengler,Claus.(1996).INKA-TheNextGen-
eration.InthMcRobbie,M.A.andSlaney,J.K.,(eds.),Proceed-
ingsofthe13InternationalConferenceonAutomatedDeduction
(CADE),volume1104ofLNCS,NewBrunswick,N.Y.Springer.
Hutter,Dieter.(July1990).Guidinginductionproofs.InStickel,
MarkE.,(ed.),Proceedings10thInternationalConferenceonAu-
tomatedDeduction(CADE),volume449ofLNAI.SpringerVer-
lag.Hutter,Dieter.(1994).Synthesizinginductionorderingsforex-
istenceproofs.InBundy,Alan,(ed.),Proceedingsofthe12thIn-
ternationalConferenceonAutomatedDeduction(CADE),LNAI,
pages29–41,Nancy,France.Springer.
Hutter,Dieter.(1997a).Colouringtermstocontrolequational
reasoning.JournalofAutomatedReasoning,18:399–442.

200

1997b],[Hutter

,[Hutter2000a]2000b],[Hutter1990],[Issar

1997],alet[Jamnik

1999],alet[Jamnik1978][Kaplan,1992],erber[K

[Kerberetal,1998]
2000]ohlhase,[K

1999]Stenz,&[Letz

REFERENCES

Hutter,Dieter.(1997b).Equalizingtermsbydifferencereduction
techniques.InKirchner,H.andGramlich,B.,(eds.),Workshop
onStrategiesinAutomatedDeduction,Townsville,Australia,14th
InternationalConferenceonAutomatedDeduction,CADE-14.
Hutter,Dieter.(2000a).Annotatedreasoning.AnnalsofMathe-
maticsandArtificialIntelligence(AMAI),SpecialIssueonStrate-
giesinAutomatedDeduction.
Hutter,Dieter.(2000b).Managementofchangeinstructuredveri-
fication.InProceedingsofAutomatedSoftwareEngineering,ASE-
IEEE..2000Issar,Sunil.(1990).Path-focusedduplication:Asearchprocedure
forgeneralmatings.InTheAmericanAssociationforArtificial
Intelligence(AAAI),(ed.),Proceedingsofthe8thNationalCon-
ferenceonArtificialIntelligence(AAAI90),Vol.1,July29-Au-
gust3,1990:Proceedings5VVol.1,pages221–226,MenloPark
-Cambridge-London.AAAIPress/MITPress.
Jamnik,Mateja,Bundy,AlanandGreen,Ian.(1997).Automation
ofdiagrammaticreasoning.InPollack,M.E.,(ed.),Proceedings
ofthe17thInternationalJointConferenceonArtificialIntelligence
(IJCAI),August,volume1,pages528–533,SanMateo,CA.Mor-
.PublisherKaufmannganJamnik,Mateja,Bundy,AlanandGreen,Ian.(1999).Onau-
tomatingdiagrammaticproofsofarithmeticarguments.Journalof
Logic,LanguageandInformation,8(3):297–321.
Kaplan,D.(1978).Logicofdemonstratives.JournalofPhilo-
8.,gicLosophicalKerber,Manfred.(1992).OntheRepresentationofMathemat-
icalConceptsandtheirTranslationintoFirstOrderLogic.Phd
thesis,FachbereichInformatik,Universit¨atKaiserslautern,Kaiser-
.yGermanslautern,Kerber,Manfred,Kohlhase,MichaelandSorge,Volker.(1998).
Integratingcomputeralgebraintoproofplanning.JournalofAu-
21(3):327–355.,ReasoningtomatedKohlhase,Michael.(2000).OMDOC:TowardsanInternetStan-
dardfortheAdministration,DistributionandTeachingofmathe-
maticalKnowledge.InCampbell,JohnA.andRoanes-Lozano,
Eugenio,(eds.),ProceedingsofArtificialintelligenceandsym-
boliccomputation(AISC-00),volume1930ofLNCS.Springer.
Letz,ReinholdandStenz,Gernot.(1999).Modeleliminationand
connectiontableauprocedures.InRobinson,A.andVoronkov,

REFERENCES

[L¨uthetal,1999]

1998]Kreitz,&[Mantel

[McCarthy1993],

1990][McCune,

2000],[Meier

2003],[Meier2000],Meier&[Melis

2001],alet[Melis

1983],[Miller

201

A.,(eds.),HandbookofAutomatedReasoning,chapter28,pages
.vierElse2015–2114.L¨uth,Christoph,Tej,H,KolyangandKrieg-Br¨uckner,Bernd.
(1999).TASandIsaWin:Toolsfortransformationalprogramde-
velopmentandtheoremproving.InProceedingsoftheEuropean
JointConferenceonTheoryandPracticeofSoftware(ETAPS’99),
number1577inLNCS.Springer.
Mantel,HeikoandKreitz,Christoph.(October1998).AMa-
trixCharacterizationforMELL.InDix,J.,delCerro,L.Farinas
andFurbach,U.,(eds.),ProceedingsofLogicsinArtificialIntel-
ligence,EuropeanWorkshop,JELIA’98,LNAI1489,pages169–
183,Dagstuhl,Germany.Springer.
McCarthy,Jon.(August28-September31993).Notesonfor-
malizingcontext.InArtificialintelligence(IJCAI-93):13thIn-
ternationalJointConferenceonArtificialIntelligence,volume2,
Chamb´ery,France.MorganKaufman.
McCune,William.(July1990).OTTER2.0.InStickel,
MarkE.,(ed.),Proceedings10thInternationalConferenceonAu-
tomatedDeduction(CADE),volume449ofLNAI,pages663–664.
erlag.VSpringerMeier,Andreas.(2000).SystemDescription:TRAMP:Transfor-
mationofMachine-FoundProofsintoNaturalDeductionProofsat
theAssertionLevel.volume1831ofLecturenotesincomputer
science,pages460–464.Springer.
Meier,Andreas.(2003).ProofPlanningwithMultipleStrategies.
Phdthesis,FR6.2Informatik,SaarlandUniversity,forthcoming.
Melis,EricaandMeier,Andreas.(2000).ProofPlanningwith
MultipleStrategies.InLoyd,J.,Dahl,V.,Furbach,U.,Kerber,
M.,Lau,K.,Palamidessi,C.,Pereira,L.M.andStuckey,Y.Sagi-
vandP.,(eds.),FirstInternationalConferenceonComputational
Logic(CL-2000),volume1861ofLNAI,pages644–659,London,
erlag.-VSpringerUK.Melis,Erica,Andr`es,Eric,B¨udenberger,Jochen,Frischauf,
Adrian,Goguadze,George,Libbrecht,Paul,Pollet,Martinand
Ullrich,Carsten.(2001).Activemath:Agenericandadaptive
web-basedlearningenvironment.ArtificalIntelligenceinEduca-
12(4).,tionMiller,DaleA.(1983).ProofsinHigher-OrderLogic.Phdthesis,
CarnegieMellonUniversity.

202

1987a]Rosenthal,&[Murray1987b]Rosenthal,&[Murray

1977]Oppen,&[Nelson

[Newelletal,1957]

1991],wo[Nipk1995][Nonnengart,1992][Norvig,1996]Kreitz,&[Otten

1989]aulson,[P1988]Elliott,&[Pfenning[Pfenning&Sch¨urmann,1999]

REFERENCES

Murray,NeilV.andRosenthal,Erik.(April1987).Inferencewith
pathresolutionandsemanticgraphs.JournaloftheAssociationof
34(2):225–254.,hineryMacComputingMurray,NeilV.andRosenthal,Erik.(July12-171987).Path
dissolution:Astronglycompleteinferencerule.InProceedingsof
the6thNationalConferenceonArtificialIntelligence,pages161–
A.WSeattle,166,Nelson,GregandOppen,DerekC.(October1977).Fastdecision
algorithmsbasedonunionandfind.InProceedingsofthe18th
AnnualSymposiumonFoundationsofComputerScience,pages
.SocietyMathematicalAmerican114–119.Newell,Allen,Shaw,CliffandSimon,Herbert.(1957).Empirical
explorationswiththelogictheorymachine:Acasestudyinheuris-
tics.InProceedingsofthe1957WesternJointComputerConfer-
ence,NewYork,USA.McGraw-Hill.reprintedinComputerand
Thoughts,EdwardA.Feigenbaum,JulianEldman,editors,new
1963.USA,ork,YNipkow,Tobias.(1991).Higher-ordercriticalpairs.InProceed-
ingsofthe6thIEEESymposiumonLogicinComputerScience,
pages342–349.IEEEComputerSocietyPress.
Nonnengart,Andreas.(1995).AResolution-BasedCalculusfor
TemporalLogics.Phdthesis,ComputerScienceDepartment,Saar-
.ersityvUnilandNorvig,Peter.(1992).ParadigmsofArtificialIntelligencePro-
gramming:CaseStudiesinCommonLisp.MorganKaufmann.
Otten,JensandKreitz,Christoph.(1996).T-stringunification:
Unifyingprefixesinnon-classicalproofmethods.InMiglioli,P.,
Moscato,U.,Mundici,D.andOrnaghi,M.,(eds.),Proceedings
of5thWorkshopontheoremProvingwithanalytictableauxand
relatedmethods,LNAI1071,pages244–260.SpringerVerlag.
Paulson,LawrenceC.(1989).Thefoundationofagenerictheorem
prover.JournalofAutomatedReasoning,5:363–397.
Pfenning,FrankandElliott,Conal.(1988).Higherorderabstract
syntax.InProceedingsoftheACMSIGPLAN’88Symposiumon
LanguageDesignandImplementation,pages199–208.
Pfenning,FrankandSch¨urmann,Carsten.(1999).Systemdescrip-
tion:Twelf-ameta-logicalframeworkfordeductivesystems.In
Ganzinger,H.,(ed.),Proceedingsofthe16thInternationalConfer-
enceonAutomatedDeduction(CADE),LNAI1632,pages202–
206,Trento,Italy.Springer.

REFERENCES

1987][Pfenning,[Pfenning,1996]

1981][Plaisted,,[Prehofer1994]

1993]ynolds,[Re[Riazanov&Voronkov,2001]

&[Robinson1993]Staples,1965][Robinson,2001],alet[Schairer

1977]utte,¨[Sch1987][Siekmann,1999],alet[Siekmann

203

Pfenning,Frank.(1987).ProofTransformationinHigher-Order
Logic.Phdthesis,CarnegieMellonUniversity.
Pfenning,Frank.(April22-241996).Thepracticeoflogical
frameworks.InTreesinAlgebraandProgramming-CAAP’96,
21stInternationalColloquium,volume1059ofLNCS,pages119–
Sweden.oping,¨Link134,Plaisted,David.(1981).TheoremProvingwithAbstractions.
JournalofArtificialIntelligence,16:47–108.
Prehofer,Christian.(1994).Higher-ordernarrowing.InProceed-
ingsofthe9thAnnualIEEESymposiumonLogicinComputer
Science,pages507–516,Paris,France.IEEEComputerSociety
Press.Reynolds,J.C.(1993).Thediscoveriesofcontinuations.Lispand
6.,ComputationSymbolicRiazanov,AlexanderandVoronkov,Andrei.(2001).Vampire1.1
(systemdescription).InGor´e,Rajeev,Leitsch,AlexanderandNip-
kow,Tobias,(eds.),AutomatedReasoning,volume2083ofLNAI,
376–380.pagesRobinson,PeterD.andStaples,John.(1993).Formalizingahier-
archicalstructureofpracticalmathematicalreasoning.Journalof
LogicandComputation,3(1):47–61.
Robinson,JohnAlan.(1965).Amachineorientedlogicbasedon
theresolutionprinciple.JournaloftheACM,12:23–41.
Schairer,Axel,Autexier,SergeandHutter,Dieter.(June2001).
Apragmaticapproachtoreuseintacticaltheoremproving.In
Bonacina,Maria-PaolaandGramlich,Bernhard,(eds.),Proceed-
ingsofthe4thWorkshoponStrategiesinAutomatedDeduction
(STRATEGIES’01),volumeTRDII10/01,pages75–86.Univer-
sita´deglistudidiSiena.
Sch¨utte,Kurt.(1977).ProofTheory.(Originaltitel:Beweisthe-
orie),volume255ofDieGrundlehrendermathematischenWis-
senschaften.Springer,Berlin;Heidelberg;NewYork.
Siekmann,J¨org.(1987).UnificationTheory.JournalofSymbolic
.ComputationSiekmann,J¨org,Hess,Stephan,Benzm¨uller,Christoph,
Cheikhrouhou,Lassaad,Fiedler,Armin,Horacek,Helmut,
Kohlhase,Michael,Konrad,Karsten,Meier,Andreas,Melis,
Erica,Pollet,MartinandSorge,Volker.(1999).LΩUI:Lovely
Ωmegauserinterface.FormalAspectsofComputing,11:326–342.

204

[Siekmann2002a],alet

2002b],alet[Siekmann

1968][Smullyan,[Snyder&Gallier,1989]
1995][Staples,1996],[Stuber

1936]arski,[T1937]uring,[T1928]Neumann,on[V1990]allen,[Walther[W1987],

REFERENCES

Siekmann,J¨org,Benzm¨uller,Christoph,Brezhnev,Vladimir,
Cheikhrouhou,Lassaad,Fiedler,Armin,Franke,Andreas,Ho-
racek,Helmut,Kohlhase,Michael,Meier,Andreas,Melis,Erica,
Moschner,Markus,Normann,Immanuel,Pollet,Martin,Sorge,
Volker,Ullrich,Carsten,Wirth,Claus-PeterandZimmer,J¨urgen.
(2002a).ProofdevelopmentwithOMEGA.InVoronkov,An-
drei,(ed.),Proceedingsofthe19thInternationalConferenceon
AutomatedDeduction(CADE-19),number2392inLNAI,pages
.SpringerDenmark.Copenhagen,144–149,Siekmann,J¨org,Benzm¨uller,Christoph,Fiedler,Armin,Meier,
Andreasand√Pollet,Martin.(2002b).Proofdevelopmentwith
OMEGA:2isirrational.InBaaz,MatthiasandVoronkov,An-
drei,(eds.),LogicforProgramming,ArtificialIntelligence,and
Reasoning,9thInternationalConference,LPAR2002,number
2514inLNAI,pages367–387.Springer.
Smullyan,R.M.(1968).First-OrderLogic,volume43ofErgeb-
nissederMathematik.Springer-Verlag,Berlin.
Snyder,WayneandGallier,Jean.(July/August1989).Higher-
orderunificationrevisited:Completesetsoftransformations.Jour-
nalofSymbolicComputation,8(2):101–140.
Staples,Mark.(September1995).Windowinferenceinisabelle.
InPaulson,Larry,(ed.),ProceedingsoftheFirstIsabelleUsers
Workshop,Cambridge,UK.
Stuber,J¨urgen.(1996).Superpositiontheoremprovingforabelian
groupsrepresentedasintegermodules.InGanzinger,Harald,
(ed.),Rewritingtechniquesandapplications:Intern.conference
(RTA-7):NewBrunswick,NJ,USA,July27-30,1996;proceed-
ings,volumeLNCS1103,pages33–47S.,Berlin.Springer.
Tarski,Alfred.(1936).DerWahrheitsbegriffindenformalisierten
1:261–405.,PhilosophiaStudiaSprachen.Turing,Alan.(1937).Oncomputablenumbers,withanappli-
cationtotheEntscheidungsproblem.ProceedingsoftheLondon
MathematicalSociety,42:230–265.43:544-546.
VonNeumann,John.(1928).DieAxiomatisierungderMegen-
lehre.MathematischeZeitschrift,27:669–752.
Wallen,Lincoln.(1990).Automatedproofsearchinnon-classical
logics:efficientmatrixproofmethodsformodalandintuitionistic
logics.MITPressseriesinartificialintelligence.
Walther,Christoph.(1987).Amany-sortedcalculusbasedon
resolutionandparamodulation.Researchnotesinartificialintel-
Kaufmann.ganMorligence.

REFERENCES

1999]eidenbach,[W

1910]Russell,&[Whitehead

1993]olfram,[W

1908][Zermelo,

205

Weidenbach,Christoph.(1999).SPASS:CombiningSuperposi-
tion,SortsandSplitting.InRobinson,A.andVoronkov,A.,(eds.),
HandbookofAutomatedReasoning.Elsevier.

Whitehead,AlfredNorthandRussell,Bertrand.(1910).Principia
Mathematica,volumeI.CambridgeUniversityPress,Cambridge,
edition.secondBritain,Great

Wolfram,DavidA.(1993).TheClausalTheoryofTypes,volume2
ofCambridgeTractsinTheoreticalComputerScience.Cambridge
Press.ersityvUni

Zermelo,Mengenlehre.Ernst.(1908).MathematischeUntersuchungenAnnalen,¨uber65:261–281.dieGrundlagender

ppendixA

AppendixA

oofPrCompleteness

+RbeTheoraneminitial5.4.1FVIF-tree(Completeness)forQ,andLetϕIdbetheanLempty-formula,substitution.QanIfinitialϕisindeL-vxedalidthenformulatheretreeisforaϕCO,RletE
ationvderi[Q,IdLR]→[Q,σL+True]
Prwhichoof.isThedueto[Wcompletenessallen,1990,proofAndrereliesws,onthe1989,soundnessPfenning,and1987].ThecompletenessproofskresultsetchisofasfolloTheoremws:4.12.1from
Theorem4.12.1weassumethatwehaveguessedtherightmultiplicitiesforγ-andν-typenodes,the
rightcombinedsubstitutionσ,thenecessaryintroductionsofLeibniz’equality,extensionalityintro-
ductions,booleanζ-expansions,cut,andhavemovedanyand-quantifierinfrontofliteralnodes
usingthestructuralmodalpermutationrule.AllpathsintheresultingFVIF-treeRPare(proposi-
tionally)L-unsatisfiable.Thatisfrom[Q,IdLR]wecanderiveaproofstate+[QP,σLRP].Ina
[Qsecond,σphaseR]weishaveessentiallytoprovethatpropositional,from[QPsince,σallLRP]necessarywecanderivsubstitutionse[QP,σhaveLTalreadyrue].beenTheapplied.problem
PLPInrulethisapplication,secondphaseandweprosimplificationvethattheallowsuscombinationtosimulateofthethepathcontractionresolutionrule,ruleresolutionfrom[Murrayreplacement&
whileRosenthal,path1987a].resolutionSincederivpathesanresolutionemptyissubgraph,completewetheshoCwORthatEincalculusCOREiswealsoobtaincomplete.thefinalHowevproofer,
state[QP,σL+True].
ThefirstpartoftheproofisstraightforwardsincetheCOREcalculusprovidesallnecessaryrules
--toeliminatepositiveequivalencesandequalitiesonbooleansusingthebooleanζ-expansion
rule,--toitieslikincreaseeinthe[Pfenning,multiplicities,1987]byapplycombiningsubstitutions,theCOREintroduceextensionalityLeibniz’equalitiesintroductionanderulewithxtensional-the
cutrule(cf.Lemma4.9.1),and
--tosafelygroupallmodalquantifiersthatoccurintheFVIF-treearoundtheliteralnodesusing
thestructuralmodalpermutationrule(Definition5.3.9).
tionofThus,thewecancontractionderive[rule,QP,σresolutionLRP]anditreplacementremainsruletoproveapplication,intheandsecondphasesimplificationthattheallowscombina-usto
simulatepathresolution.Inordertomotivatethiswecomparehowpathresolutiontransformsthe

209

BppendixA

SampleCOREWindowProofs

B.1Proofofpo→o(ao∧bo)⇒p(b∧a)
Theinitialproofnodeforthepositiveformula(po→o(ao∧bo)⇒p(b∧a))+is
LabelWPStateWindowJustification/Abstraction/Refinement
L0WPS1po→o(ao∧bo)⇒p(b∧a)
Inordertoeasereadability,weagreetoomitinthepresentationofthatproofthenecessaryAdapt-
Window-Proof-State-justifications.Theideafortheproofofthattheoremistousetheformulaa∧b=
b∧aasalemmatoreducep(b∧a)top(a∧b),andsubsequentlyusethenegativeoccurrenceofthat
proof.thefinishtoformulaThelemmaisintroducedbywindowcut,whichtransformstheFVIF-treeinto

L10L20L30L40
(((a∧b)=(b∧a))+∨(p(a∧b)⇒p(b∧a)+))∧(((a∧b)=(b∧a))⇒(p(a∧b)⇒p(b∧a)+))
Therebythewindowstructureisinheritedtothenewoccurrencesoftheoldgoalformula(L20,L40),
andnewwindowsareintroducedfortheoccurrencesofthelemma,ontheonehandwhereitisanew
assumption(L30),andontheotherhandwhereitisanadditionalalternativeproofobligation(L10).
Thisresultsinthewindowproofnodes
LabelWPStateWindowJustification/Abstraction/Refinement
L10WPS2((a∧b)=(b∧a))+
L20WPS2p(a∧b)⇒p(b∧a)+
L30WPS2((a∧b)=(b∧a))
L40WPS2p(a∧b)⇒p(b∧a)+
Wenowconsiderthetwocases((a∧b)=(b∧a)∨p(a∧b)⇒p(b∧a))+(L10andL20)and
((a∧b)=(b∧a)⇒p(a∧b)⇒p(b∧a))+(L30andL40):
1.L10andL20:firstweremovetheproofnodeL20byweakening.OnL10weproceedbyapplying
theζ-expansionrule,whichresultsin

213

214

APPENDIXB.SAMPLECOREWINDOWPROOFS

t/RefinemenJustification/Abstraction

LabelWPStateWindowJustification/Abstraction/Refinement
L11WPS3((a∧b)⇒(b∧a))∧((b∧a)⇒
)A((a∧b))+
)B(Thereweobtainforboth(A)and(B)thereplacementrulesa→True+andb→True+
fromthelogicalcontextofthosesubformulas.Thesuccessiveapplicationoftheserulesresults
inLabelWPStateWindowJustification/Abstraction/Refinement
L15WPS4(a∧b)⇒(True+∧True)∧((b∧a)⇒
(True∧True))
tosimplifiedbecanwhichLabelWPStateWindowJustification/Abstraction/Refinement
L26WPS4True
2.L30andL40:weusetherewritingreplacementrulea∧b→b∧afromL30onL40toobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L41WPSp(a∧b)⇒p(a∧b)+
Forthepositivesubformulap(a∧b)weobtaintheexpectedresolutionreplacementrule
p(a∧b)→True+,whoseapplicationreducesL41to
LabelWPStateWindowJustification/Abstraction/Refinement
L42WPSp(a∧b)⇒True+
Afterclosingthesubwindowsandafinalsimplificationweobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L6WPS14True+
UsingtherepresentationofCOREwindowproofsfromChapter8thecompleteCOREwindow
then:isproofLabelWPStateWindowJustification/Abstraction/Refinement
L0WPS1po→o(ao∧bo)⇒p(b∧a)Cut(a∧b=b∧a):L10,L20,L30,L40
Weuse(a∧b)=(b∧a)asalemmawhichweintroducebyCut.

215

L:-Expansionζ11Apply(b→True):L12
Apply(a→True):L13
Apply(a→True):L14
Apply(b→True):L15
L:Simplify26L:Close5eningeakWL:Close5Apply(a∧b→b∧a):L41
Apply(p(a∧b)→True):L42
L:Simplify43L:Close5L:Simplify6Axiom

B.2.PROOFOF∀Po→o.λX.P(P(P(X)))=λX.P(X)215
1.Subgoal((a∧b)=(b∧a)∨p(a∧b)⇒p(b∧a))+
L10WPS2(a∧b)=(b∧a)+ζ-Expansion:L11
L11WPS3((a∧b)⇒(b∧a))∧((b∧a)⇒(a∧b))+Apply(b→True):L12
L12WPS4(a∧b)⇒(True∧a)∧((b∧a)⇒(a∧Apply(a→True):L13
+))bL13WPS4(a∧b)⇒(True∧True)∧((b∧a)⇒(a∧Apply(a→True):L14
+))bL14WPS4(a∧b)⇒(True∧True)∧((b∧a)⇒Apply(b→True):L15
(True∧b))+
L15WPS4(a∧b)⇒(True∧True)∧((b∧a)⇒Simplify:L26
(True∧True))+
L26WPS4TrueClose:L5
L20WPSp(a∧b)⇒p(b∧a)+Weakening
2.Subgoal((a∧b)=(b∧a)⇒p(a∧b)⇒p(b∧a))+
L30WPS2((a∧b)=(b∧a))Close:L5
L40WPS2p(a∧b)⇒p(b∧a)+Apply(a∧b→b∧a):L41
L41WPSp(a∧b)⇒p(a∧b)+Apply(p(a∧b)→True):L42
L42WPSp(a∧b)⇒True+Simplify:L43
L43WPSTrue+Close:L5
L5WPSTrue∧((a∧b)=(b∧a))⇒True+Simplify:L6
L6WPS14True+Axiom
B.2Proofof∀po→o.λx.p(p(p(x)))=λx.p(x)
Theproofofthetheorem∀po→o.λx.p(p(p(x)))=λx.p(x)isperformedbycaseanalysisover
x=True,andthevaluesofp(True)andp(False).Theaxiomsusdinthatproofaregivenonp.169.
Theinitialwindowproofnodeis
LabelWPStateWindowJustification/Abstraction/Refinement
L0λxp(p(p(x)))=λxp(x)+
Byusingthelemma(11.4)weobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L1p(p(p(x)))=p(x)+
Weperformthefirstcaseanalysisoverx=Truebyusingthecutrulewhichresultsin
LabelWPStateWindowJustification/Abstraction/Refinement
L20x=True
L30p(p(p(x)))=p(x)+
L40¬(x=True)
L50p(p(p(x)))=p(x)+

216

APPENDIXB.SAMPLECOREWINDOWPROOFS

TherebyL20andL30occurinthesamelogicalcontextaswellasL40andL50.
--CaseL20,L30:toL30weapplytherewritingreplacementrulex→TrueobtainedfromL20
obtainandLabelWPStateWindowJustification/Abstraction/Refinement
L31p(p(p(True)))=p(True)+
Onthatproofnodeweperformacaseanalysisoverp(True)=Trueusingthecutrule,which
inresultsLabelWPStateWindowJustification/Abstraction/Refinement
L320p(True)=True
L330p(p(p(True)))=p(True)+
L340¬(p(True)=True)
L350p(p(p(True)))=p(True)+
Asbefore,ontheonehandL320andL330occurinasamelogicalcontext,andontheotherhand
L340andL350.NoteforbothsubgoalsL20isalsointhesamelogicalcontext:
1.CaseL320andL330:toL330weapplyfourtimestherewritingreplacementrulefromL320,
toLreduceswhich330LabelWPStateWindowJustification/Abstraction/Refinement
L331True=True+
2.CaseL340andL350:toL340weapplytheresolutionreplacementruleresultingfrom(11.3)
obtaintoLabelWPStateWindowJustification/Abstraction/Refinement
L341p(True)=False
Fromthatproofnodeweobtaintherewritingreplacementrulep(True)→False,which
weapplytoL350andobtain:
LabelWPStateWindowJustification/Abstraction/Refinement
L351p(p(False))=False
Forthatproofnodeweperformthefinalcaseanalysisoverp(False)=Trueusingthecut
inresultswhichrule,LabelWPStateWindowJustification/Abstraction/Refinement
L3520p(False)=True
L3530p(p(False))=False
L3531False=False+
L3532True+

B.2.PROOFOF∀Po→o.λX.P(P(P(X)))=λX.P(X)217
(a)CaseL3520,L3530:byapplicationoftherewritingreplacementrulesfromL3520and
L341onL3530weobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L3531False=False+
whichistriviallyprovablebysimplification.
(b)CaseL3540,L3550:byapplicationof(11.3)onL3540weobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L3541p(False)=False
ToL3550weapplytwicetherewritingreplacementrulefromL3541toobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L3551False=False+
whichisalsotriviallyprovablebysimplification.
--CaseL40,L50:theproofofthiscaseisanalogouslytotheotherbyusingtheresolutionreplace-
mentrulefrom(11.3),andcaseanalysisoverp(False)=Trueandp(True)=True.
ThecompleteCOREwindowproofforthattheoremispresentedbelow:
LabelWPStateWindowJustification/Abstraction/Refinement
L0λxp(p(p(x)))=λxp(x)+Apply(11.4):L1
L1p(p(p(x)))=p(x)+Cut(x=True):L20,L30,L40,L50
1.Subgoal(x=True⇒p(p(p(x)))=p(x))+
L20x=True
L30p(p(p(x)))=p(x)+Apply(L20):L31
L31p(p(p(True)))=p(True)+Cut(p(True)=True):
L320,L330,L340,L350
A.Subgoal(p(True)=True⇒p(p(p(True)))=p(True))+
L320p(True)=TrueClose:L36
L330p(p(p(True+)))=p(True)+4Apply(L320):L331
L331True=TrueSimplify:L332
L332True+Close:L36
B.Subgoal(¬(p(True)=True)⇒p(p(p(True)))=p(True))+
L340¬(p(True)=True)Apply(11.3):L341
L341p(True)=FalseClose:L36
L350p(p(p(True)))=p(True)+Apply(L341):L351
L351p(p(False))=FalseCut(p(False)=True):
L3520,L3530,L3540,L3550

218

APPENDIXB.SAMPLECOREWINDOWPROOFS

Apply(L3520,L341):L3531
L:Simplify3532Apply(11.3):L3541
2Apply(L3541):L3551
L:Simplify3552L:Simplify357L:Close36L:Simplify37

i.Subgoal(p(False)=True⇒p(p(False))=False)+
L3520p(False)=True
L3530p(p(False))=False+Apply(L3520,L341):L3531
L3531False=False+Simplify:L3532
L3532True+
ii.Subgoal(¬(p(False)=True)⇒p(p(False))=False)+
L3540¬(p(False)=True)Apply(11.3):L3541
L3541p(False)=False
L3550p(p(False))=False2Apply(L3541):L3551
L3551False=False+Simplify:L3552
L3552True+
L356(p(False)=T+rue⇒True)∧(p(False)=Simplify:L357
False⇒True)
L357True+Close:L36
L36(p(True)=T+rue⇒True)∧(p(True)=Simplify:L37
False+⇒True)
rueTL372.Subgoal(x=True∨p(p(p(x)))=p(x))+
L40¬(x=True)Apply(11.3):L41
L41x=False
L50p(p(p(x)))=p(x)+Apply(L41):L51
L51p(p(p(False)))=p(False)+Cut(p(False)=True):
L520,L530,L540,L550
A.Subgoal(p(False)=True⇒p(p(p(False)))=p(False))+
L520¬(p(False)=True)Apply(11.3):L521
L521p(False)=FalseClose:L56
L530p(p(p(False)))=p(False)+4Apply(L520):L531
L531False=False+Simplify:L532
L532True+Close:L56
B.Subgoal(p(False)=True⇒p(p(p(False)))=p(False))+
L540p(False)=TrueClose:L56
L550p(p(p(False)))=p+(False)+Apply(L540):L551
L551p(p(True))=TrueCut(p(True)=True):
L5520,L5530,L5540,L5550
i.Subgoal(p(True)=True⇒p(p(True))=True+
L5520p(True)=TrueClose:L556
L5530p(p(True))+=True2Apply(L5520):L5531
L5531True+=TrueSimplify:L5532
L5532TrueClose:L556

B.3.PROOFOFTHEIRRATIONALITYOFSQUAREROOTOF2

219

ii.Subgoal(¬(p(True)=True)⇒p(p(True))=True+
L5540¬(p(True)=True)Apply(11.3):L5541
L5541p(True)=FalseClose:L556
L5550p(p(True))=+TrueApply(L5541,L540):L5551
L5551True=TrueSimplify:L5552
L5552True+Close:L556
L556(p(True)=T+rue⇒True)∧(p(True)=Simplify:L557
False⇒True)
L557True+Close:L56
L56(p(False)=False⇒+True)∧Simplify:L57
(p(False)=True⇒True)
L57True+
L6(x=True⇒True)∧(x=False)⇒Simplify:L7
+)rueTL7True+Axiom
B.3ProofoftheIrrationalityofSquareRootof2
√√Thetheoremis¬(rat(2))andtheinitialwindowproofnodeforthepositiveformula¬(rat(2))+
isLabelWPStateWindowJustification/Abstraction/Refinement
L0¬(rat(√2))+
√Theaxiomsusedinthatproofaregivenonp.171.Byfocusingonrat(2)intheinitialwindow
andsubsequentapplicationof(11.23)weobtainthefollowing4windows,whichareallinthesame
xt:contelogicalLabelWPStateWindowJustification/Abstraction/Refinement
L20nat(n)
L30nat(m√)
L40m2=n
L50nat(D)∧cd(n,m,D)+
ToL40weapply(11.27),(11.26),and(11.28)whichresultsinthetwowindowproofnodes:
LabelWPStateWindowJustification/Abstraction/Refinement
L43020+
L440(m22=n2)
TheproofofL430isachievedbyusing(11.22),(11.15),and(11.16).ToL440weapplythecon-
tractionruletoduplicatethatformulawhichresultsin
LabelWPStateWindowJustification/Abstraction/Refinement
L450(m22=n2)

ment/RefineJustification/Abstraction

220

APPENDIXB.SAMPLECOREWINDOWPROOFS

ment/RefineJustification/Abstraction

ment/RefineJustification/Abstraction

L460(m22=n2)
ToL450weapply(11.30),whichresultsinthesubgoals
LabelWPStateWindowJustification/Abstraction/Refinement
L451nat(n2)+
L452nat(m2)+
L453even(n2)
TheproofsforL451andL452aretrivialusingL20,L30,and(11.19).ToL453weapply(11.31)and
obtainto(11.30)subsequentlyLabelWPStateWindowJustification/Abstraction/Refinement
L4550nat(n)+
L4560nat(m)
L4570n=m2
Again,L4550andL4560aretriviallyprovenbyL20andL30.ThenwecanapplyL4570toL60which
inresultsLabelWPStateWindowJustification/Abstraction/Refinement
L461(m22=(m2)2)
Afterapplicationof(11.26),(11.25),and(11.24)thisproofnodeisreducedto
LabelWPStateWindowJustification/Abstraction/Refinement
L4640¬(2=0)+
L4650(m2=m22)
TheproofnodeL4640istriviallyprovenby(11.22),(11.21),and(11.18).ToL4650weap-
obtainto(11.30),plyLabelWPStateWindowJustification/Abstraction/Refinement
L4660nat(m2)+
L4670nat(m2)+
L4680even(m2)
Afterapplicationof(11.31)onL4680andfurtherapplicationof(11.30)weobtain
LabelWPStateWindowJustification/Abstraction/Refinement
L4660nat(m2)+
L4670nat(m2)+
L4682nat(m)+
L4683nat(m)+
L4684m=m2

ment/RefineJustification/Abstraction

Apply(11.27):L41
Apply(11.26):L42
Apply(11.28):L430,L440
...Contraction:L450,L460
Apply(11.30):L451,L452,L453
Apply(11.31):L454
Apply(11.30):L4550,L4560,L4570
Apply(L20):

B.3.PROOFOFTHEIRRATIONALITYOFSQUAREROOTOF2221
Again,theproofnodesL4660,L4670√,L4682,andL4683aretriviallyprovable.ThecompleteCORE
windowprooffortheirrationalityof2ispresentedbelow.Notethat,analogouslytothedetailed
presentationabove,wehaveomittedthedetailedproofsforthetrivialsubgoalsthatariseduringre-
application.ruleplacementLabelWPStateWindow√Justification/Abstraction/Refinement
L0¬(rat(2))+Subwindow:L1
L1rat(√2)Apply(11.23):L20,L30,L40,L50
L20nat(n)
L30nat(m)
A.Alternativesnat(n),nat(m),m√2=n
L40m√2√=nApply(11.27):L41
L41((m2)2=n2)Apply(11.26):L42
L42(m2√22=n2)Apply(11.28):L430,L440
L43020+...
L440(m22=n2)Contraction:L450,L460
i.Firstalternative(m22=n2)
L450(m22=n2)Apply(11.30):L451,L452,L453
L451nat(n2)+
L452nat(m2)+
L453even(n2)Apply(11.31):L454
L454even(n)Apply(11.30):L4550,L4560,L4570
L4550nat(n)+Apply(L20):
L4560nat(m)
L4570n=m2
ii.Secondalternative(m22=n2)
L460(m22=n2)Apply(L4570):L461
L461(m22=(m2)2)Apply(11.26):L462
L462(m22=m222)Apply(11.25):L463
L463(m22=(m22)2)Apply(11.24):L4640,L4650
L4640¬(2=0)
L4650(m2=m22)Apply(11.30):L4660,L4670,L4680
L4660nat(m2)+
L4670nat(m2)+
L4680even(m2)Apply(11.31):L4681
L4681even(m)Apply(11.30):L4682,L4683
L4682nat(m)+
L4683nat(m)+
L4684m=m2
B.Alternativenat(D)∧cd(n,m,D)+
L50nat(D)∧cd(n,m,D)+Subwindow:L51,L52

Apply(L4570):L461
Apply(11.26):L462
Apply(11.25):L463
Apply(11.24):L4640,L4650
Apply(11.30):L4660,L4670,L4680
Apply(11.31):L4681
Apply(11.30):L4682,L4683

Subwindow:L51,L52

222APPENDIXB.SAMPLECOREWINDOWPROOFS
L51nat(D)+Apply([m/Q1]):L510
L510nat(2)+Apply(11.22),2(11.18),(11.17)
L52cd(n,m,D)+Apply(11.29):L53
L53(nat(n)∧nat(m)∧nat(D)∧nat(Q1)∧Apply([m/Q1,2/D],L4670)
nat(Q2)∧n=Q1D∧m=Q2D)+
L54(nat(n)∧nat(m)∧nat(2)∧nat(m)∧Apply([m/Q2],L4684):L55
nat(Q2)∧True∧m=Q22)+
L55(nat(n)∧nat(m)∧nat(2)∧nat(m)∧Apply(L20,L30,L4660,L4683):L56
+L56(naTtrue(m∧)T∧Truerue∧∧naTt(rue2))∧True∧True∧Simplify:L57
True∧True)+
L57nat(2)+Apply(11.22),2(11.18),(11.17)
B.4Proofof∃x.(ϕ(x)∨ψ(y))⇔∃x.(ϕ(x)∨ψ(y))
Theinitialwindowproofstateforthetheoremis
LabelWPStateWindowJustification/Abstraction/Refinement
L0∃x(ϕ(x)∨ψ(y))⇔
∃x(ϕ(x)∨ψ(y))
Notethatthequantifiersarestillinsidetheformula,astheyarebelowtheequivalenceandthus
cannotbeeliminated.However,theexpansionofthepositiveequivalencebytheζ-expansionrule
removesthequantifiers.ThecompleteCOREwindowproofisthen:
LabelWPStateWindowJustification/Abstraction/Refinement
L0∃x∃x(ϕ(x()∨ϕψ((xy)))∨ψ(y))⇔ζ-Expansion:L01
L01((ϕϕ((xx))∨∨ψψ((yy))))⇒⇒((ϕϕ((XX))∨∨ψψ((yy))))Subwindow:L1,L2
A.SubgoalP(Pϕ(x)∨ψ(y))⇒c(cϕ(X)∨ψ(y))
L1P(Pϕ(x)∨ψ(y))⇒c(cϕ(X)∨Instantiate([c/P,c/P,x/X]):L11
))y(ψL11c(cϕ(x)∨ψ(y))⇒c(cϕ(x)∨ϕ(x)→True:L12
))y(ψL12c(cϕ(x)∨ψ(y))⇒c(cTrue∨ψ(y)→True:L13
))y(ψL13c(cϕ(x)∨ψ(y))⇒c(cTrue∨Simplify:L14
)rueTL14TrueClose:L3
B.SubgoalP(Pϕ(x)∨ψ(y))⇒c(cϕ(x)∨ψ(y))
L2P(Pϕ(x)∨ψ(y))⇒Instantiate([c/P,c/P,x/X]):
L21cc((ccϕϕ((xX))∨ψ(∨y))ψ(y))⇒L21ϕ(x)→True:L22
c(cϕ(x)∨ψ(y))

B.4.PROOFOF∃X.(ϕ(X)∨ψ(Y))⇔∃X.(

L22L23L24L3L4



c(cϕ(x)∨
c(cTrue∨ψ(y))
c(cϕ(x)∨
c(cTrue∨True)
rueTrueTrueT∧rueT

(ψ))y))y(ψ

ϕ(X)∨ψ(Y))

⇒⇒

223

ψ(y)→True:L23
L:Simplify24L:Close3L:Simplify4Axiom

Index

[Q,σLR],COREproofstate,70
[Q,σL(R,f)],COREwindowproofstate,101
[Q;σ;(R,f)LS],COREsequentproofstate,
155abstraction6ertical,v20term,abstraction35relation,accessibilityactivewindow,99
αα,-equalityuniformtype,26
freevariableindexedformulatree,64
67-related,αα0,secondarytype,31
α1,secondarytype,31
substructureannotated101insertion,100replacement,20term,application8el,vleassertionassertionlevelrule,8
146backtracking,ββ,uniform-decompositiontype,26rule,151,151
152,admissibility67-related,β74-terms,ββ0,secondarytype,31
β1,secondarytype,31
βηbooleannormalζ-eform,xpansion20
indexedformulatree,46
xpansion-eζbooleanfreevariableindexedformulatree,83
booleanζ-expansionrule,83
logicfirst-orderclassicalseeCFOL,CFOML,seeclassicalfirst-ordermodallogic
CHOL,seeclassicalhigher-orderlogic
logicfirst-orderclassicalsemantics,seeclassicalhigher-orderlogic
22syntax,

225

logicmodalfirst-orderclassical23semantics,22syntax,logic-orderhigherclassical24semantics,22syntax,logicpropositionalclassicalsemantics,seeclassicalhigher-orderlogic
22syntax,logicmodalpropositionalclassicalmodalfirst-orderclassicalseesemantics,logic22syntax,completenessindexedformulatree,55,59
xitycomple147rule,replacementconnectablefreevariableindexedformulatrees,
69connectionfreevariableindexedformulatree,66
indexedformulatree,52
20term,constantcontractionfreevariableindexedformulatree,72
72rule,contractionconvexsetofsubtrees,56
56,maximalityEROC91completeness,7system,COREcalculusrule
83xpansion,-eζboolean72contraction,89cut,82,xtensionalitye85multiplicities,ofincrease85instantiation,80,equalityLeibniz’75application,rulereplacementresolutionrewritingreplacementruleapplication,86
70safeness,

22678simplification,structuralsoundness,70modalpermutation,73
73ening,weakCOREproofstate,70
COREsequentcalculus
αaxiom-decompositionrule,156rule,158
159rule,-decompositionβcutxcontractionrule,163rule,158
162rule,introductionxtensionalityeLeibniz’instantiationequalityrule,160introductionrule,162
νmultiplicity-decompositionincreaserule,rule,160161
160rule,-decompositionπζ-eweakxpansioneningrule,rule,157162
COREsequentproofstate,155
COREwindowcalculusrule
102,wsubwindoclosecreatesubwindow,101,102
103axiom,wwindo103contraction,wwindowindowstructuralmodalpermutation,106
105ening,weakwwindoCOREwindowcalculusrule,101
logicpropositionalclassicalseeCPL,CPML,seeclassicalpropositionalmodallogic
cutfreevariableindexedformulatree,89
indexedformulatree,50
89rule,cutδ,deductionuniformtype,modulo,26163
26ariable,-vδδ0,secondarytype,31
derivationalexpansion,138
derivationalhierarchy,133,138
138HPDS,sequence,justificationdirected20,domε,Eigenuniformvariabletype,,2627
xpansione

INDEXderivrepresentational,ational,138139
xtensionalityefreevariableindexedformulatree,82
indexedformulatree,44
82rule,xtensionalitye148,filter148function,flex-flexconstraints,insertionof,54
formula65ed,prefixfreevariableindexedformulatree
64,-equalityαbooleanconnectableζ-expansion,subtrees,6983
66connection,72contraction,89cut,edisprovxtensionalityed,65,82
62initial,Leibniz’instantiation,equality85,80
modallogicalconteprefix,xt,6467
85increase,multiplicitypropaths,ved,6665
resolutionreplacementrule,replacement67ruleapplication,75
rewritingreplacementruleapplication,86
structuralsimplification,modal78permutation,73
98substructure,68ening,weak73eninga,weak26type,uniform,γ26ariable,-vγγ0,secondarytype,31
hierarchical139proofdatastructure(HPDS),123,
hierarchyderivational,133,138
132proof,in135representational,

INDEX139HPDS,142backtracking,140complete,directedinferencerule,justification137sequence,138
137justification,proofproofnodegraph,role,138137
pureCOREproof,140
representationalrepresentationalrefinementabstractionapplication,application,137137
137node,proofwwindoindeincreasexedofformulamultiplicitiestreerule,85
bindingnewvariables,49
booleancompleteness,ζ-e55,xpansion,5946
52connection,convexsetofsubtrees,56
50cut,44,xtensionalityeinitial,Leibniz31equality,40
LL-substitution-unsatisfiablepath,application,5247
57increase,multiplicitysafeness,soundness,3939,55,59
137HPDS,rule,inferenceinitialfreevariableindexedformulatree,62
initialindexedformulatree,31
insertingflex-flexconstraints,54
instantiationfreevariableindexedformulatree,85
85rule,instantiationinter-levelproofstep,6
intra-levelproofstep,5
justification141141,gories,cate137HPDS,justification,37substitution,-admissibleL20-term,λequalityLeibnizindexedformulatree,40
equalityLeibniz’

227

freevariableindexedformulatree,80
80rule,equalityLeibniz’lemma5application,5speculation,25,-formulaLLlocal-modelv,ariable,2542
localvariable,δ-,42
localvariable,γ-,42
67xt,contelogicalL-satisfiable,25,27
25formula,27formula,signedpath-satisfiableLfreevariableindexedformulatree,67
37-substitution,Lapplication-substitutionLindexedformulatree,47
path-unsatisfiableLindexedformulatree,52
path-unsatisfiableLfreevariableindexedformulatree,67
25,alid-vLmanmodalysortedassignment,type,1935
modalordering(M),36
34prefix,modaloffreevariableindexedformulatree,64
35semantics,36substitution,modalincreasemultiplicityfreevariableindexedformulatree,85
indexedformulatree,57
70conditions,node26type,uniform,νν0,secondarytype,31
21occurrence,134step,prooforacleordering36modal,34,quantifier33structural,paths

228freevariableindexedformulatree,66
indexedformulatree,39
140proof,26type,uniform,ππ0,secondarytype,31
65formula,edprefixproof132,hierarchy140paths,proofproofabstraction,construction6step,4
proofproofgraph,history,4HPDS,138
HPDS,node,proofproofrefinement,seewindo6wproofnode137
7status,proofproofinterstep-level,6
proofstepintra-leevel,5xpansion,134
quantifierordering(Q),34
1199,domain,reasoningofwindowproofstate,119
reductionrelation(L),37
refinement6ertical,v67rule,replacementresolution70admissible,writingre70admissible,replacementrulecomplexity,147
1206,abstraction,representationalHPDS,application,abstractionrepresentational137139xpansion,erepresentationalrepresentationalrepresentationalhierarchyrefinement,,1356,121
HPDS,application,refinementrepresentationalresolution137replacementapplicationrule,75
rulereplacementresolution70admissible,applicationrulereplacementresolution

INDEXfreevariableindexedformulatree,75
rewritingreplacementapplicationrule,86
rulereplacementwritingre70admissible,applicationrulereplacementwritingrefreevariableindexedformulatree,86
137nodes,proofofroleroleofwindowproofnode,131
safenessindexedformulatree,39
31type,secondary31,α0βα01,,3131
δβ1,,3131
031,γ0πν00,,3131
23semantics,classicalfirst-orderlogic(CFOL),seeclas-
logic-orderhighersical(CFOML),logicmodalfirst-orderclassical23classicalhigher-orderlogic(CHOL),24
classicalpropositionallogic(CPL),seeclas-
logic-orderhighersicalclassicalseeclassicalpropositionalfirst-ordermodalmodallogiclogic(CPML),
35prefix,modal154sequent,154calculus,sequentsequentialactivewindows,155
155151,,propertysequentialitysimplificationfreevariableindexedformulatree,78
78rule,simplificationsoundnessindexedformulatree,39,55,59
permutationmodalstructuralfreevariableindexedformulatree,73
73rule,permutationmodalstructuralstructuralordering(Q),33
20substitution,20domain,37-admissible,L

INDEX

36modal,substructure107isomorphic,ofafreevariableindexedformulatree,98
98replacement,21occurrence,subterm21,Subtermst22syntax,22(CFOL),logicfirst-orderclassicalclassical22first-ordermodallogic(CFOML),
classicalhigher-orderlogic(CHOL),22
22(CPL),logicpropositionalclassicalclassical22propositionalmodallogic(CPML),
145language,tactictype,theorem19provingmodulo,163
typeuniformα,β,γ,δ,ν,π,26
27,ζ,εariablev26-,δ26-,γvverticalariableterm,20
6abstraction,6refinement,eningweakannotatedfreevariableindexedformulatree,
104freevariableindexedformulatree,68,73
73rule,eningweakwindoactiw,ve,9999
103rule,axiom154rule,-decompositionβbooleanζ-expansionrule,112
102rule,wsubwindoclose103rule,contractioncreatesubwindowrule,101,102
130cut,114rule,cut111rule,introductionxtensionalitye

229

99,hierarchy128,112rule,instantiationLeibniz’multiplicityequalityincreaserule,introduction113rule,110
proofproofstate,node,100(HPDS),137
129application,rulereplacementresolutionresolution108replacementruleapplicationrule,
rewritingsimplificationreplacementrule,109ruleapplication,129
106rule,permutationmodalstructural105rule,eningweakwindorole,wproof131node,124
99structure,wwindotype,uniform,ζ27

Un pour Un
Permettre à tous d'accéder à la lecture
Pour chaque accès à la bibliothèque, YouScribe donne un accès à une personne dans le besoin