lami on generalized theorems for normalization of proofs
TRANSCRIPT
LaMILaboratoire de Methodes Informatiques
On Generalized Theorems for
Normalization of Proofs
Marc Aiguier, Clement Boin and Delphine Longuet
e-mails: {aiguier,cboin,dlonguet}@lami.univ-evry.fr
Rapport de Recherche
Decembre 2005
CNRS – Universite d’Evry Val d’Essonne523 place des terrassesF–91000 Evry France
On Generalized Theorems for
Normalization of Proofs
Marc Aiguier, Clement Boin and Delphine Longuet
Abstract
In this paper, we provide a general setting under which results of normal-ization of proof trees such as, for instance, the logicality result in equationalreasoning and the cut-elimination property in sequent or natural deductioncalculi, can be unified and generalized. This is achieved by giving simpleconditions which are sufficient to ensure that such normalization resultshold. These conditions are based on basic properties of elementary combi-nations of inference rules which assure that the induced “global” proof treetransformation processes do terminate.
Keywords: formal systems, proof tree transformation, weak and strongnormalization, Recursive Path Ordering (RPO), cut-elimination.
1 Introduction
In many situations in logic, to facilitate the use of a logical system, orto obtain consistency results for proof systems, or else to automaticallyprove theorems, one often uses search (construction) proof strategies. Thesestrategies enable one to bound the search space for proofs to a given classof trees having a specific structure. One of the interests is to reduce proofsearch space (or even to make proof search feasible). This has been de-vised in various different contexts. Just a few examples: the so-called “log-icality result”, which establishes a correspondence between derivability andconvertibility in rewriting for many equational logics (sub-equational [29],mono-sorted [6], multi-sorted, conditional [20], partial [2], etc.); the cut-elimination result which shows that the cut rule is redundant for sequentand natural deduction calculi of many logics (classical first order [16], in-tuitionistic first order [21], some modal logics [30], linear [17], deductionmodulo [13], etc.); the confluence property of rewrite systems which estab-lishes that derivability can be proven by “valleys” for many logics dealingwith transitive relations (equational [11, 3], preorder [22, 26], special rela-tions [25]),1 or by using the Curry-Howard’s isomorphism, normalizationresults in typed λ-calculi as initiated by D. Prawitz [24]. Recently, such aresult of proof normalization has also been used in order to show the com-pleteness of a procedure based on axiom unfolding which selects test datasets from conditional positive algebraic specifications [1].
In all these cases, the main difficulty is to show that the full derivabil-ity (i.e. without any specific proof strategy) coincides with the derivabilityrestricted to a given class of proofs (i.e. with a specific proof strategy).Soundness of a given a strategy of proof search, which means that the re-stricted derivability is included into the full one, is obvious, because proofsresulting of such a strategy are particular instances of the general class ofproofs. Completeness, which is expressed by the converse inclusion, is moreproblematic. Indeed, it requires that for any theorem proven by a tree inthe general class, there exists some proofs in the restricted one (i.e. builtaccording to the considered strategy). In most logical systems, complete-ness is the consequence of a weaker result which consists in defining basictransformations to rewrite elementary combinations of inference rules (pos-sibly by duplicating a sub-derivation), and showing that the global proof treetransformation which is naturally induced by these basic transformations arenormalizing.2 For instance, concerning the logicality result for the classicalequational logic, the basic transformations consist in “distributing” substi-
1Besides, in the equational setting, G. Dowek has shown that the confluence of a rewritesystem can be defined as the cut elimination property of a proof system associated to thisrewrite system: asymmetric deduction modulo [12].
2Our paper does not deal with normalization by evaluation approach, the main idea ofwhich is to use the semantics for the purpose of normalization as in [5].
3
tution and context rules above transitivity, and removing all rules underreflexivity. In sequent calculus, the basic transformations consist, roughlyspeaking, in erasing the cut rule under axioms and moving it above all otherrules, in order to eliminate it.
These basic transformations are usually tedious but easy to define. Thedifficulty is to show that the induced global proof tree transformation isindeed normalizing. For instance, proving the result of cut elimination oftenrequires complex nested inductions, because it is not obvious that the processto “move” the cut rule (in order to eliminate it) is terminating [15]. Eachtime, such results of normalization of proof trees are established for eachunderlying logical system in an ad-hoc way.
In this report, we unify and generalize the method of normalization ofproof trees used in sequent calculus, natural deduction, equational reason-ing, or term rewriting into an abstract setting of arbitrary logical systems.Abstraction is obtained by studying proof tree normalization in the abstractframework of formal systems. This then enables one to be logical systemindependent. The interest is that, in computing science, many logics havebeen (will be) defined (in the future) to answer better, in a more suitableway, some specific aspect related to the activity of computing science. Whatis observed is that, most of the time, beside the original idea underlying anew logic, the authors have to develop a lot of inevitable formal results whichgeneralize (to the new framework) some “well-known classical results”. Con-sequently, it is very useful to provide a general framework allowing one togeneralize these results as this is done in this report for proof tree normal-ization results. Given a logic, such normalization results when they hold,may have shorter (but ad-hoc) proofs because for instance not rely on prooftrees (such as Newman’s lemma – see Subsection 5.2). The interest of theirunification and generalization is that these normalization results are provenonce and for all. Hence, they become simpler to establish when assumptionsto obtain them are easily checkable.
The report is organized as follows. In Section 2, we recall standard defi-nitions and notations about formal systems, deductions and proof trees. InSection 3, we introduce the class of (proof tree) transformation proceduresfor which we will express the crucial (shared) arguments of many differentnormalization results as generic conditions on allowed transitions. In Sec-tion 4, we will formalize a first set of conditions that will enable us to provea strong normalization result. We will show then that the cut-eliminationprocedure for the sequent calculus LK with explicit structural rules doesnot satisfy this set of sufficient conditions. A thorough study of reasons forwhich such a strong normalization result failed will enable us to set off lim-its of standard rewriting techniques for proving termination such as RPO.Then, we will give a new set of sufficient conditions that enable us to prove aweak normalization result. Finally, Section 5 proposes three instances of our
4
approach: equational reasoning and its logicality result, Newman’s lemmathat enables to transform any proof (written as series of peaks) into a val-ley, and (a version of 3) sequent calculus for classical first-order logic andits cut-elimination property. For each of them, we will establish a strongnormalization result. A weak normalization result for the sequent calculusLK with explicit structural rules will be presented in Section 4 as a runningexample.
2 Preliminaries
A formal system (a so-called calculus) S = (F,R) consists of a set F ele-ments of which are called formulæ,4 and a set R of n-ary relations on F ,called inference rules. Thus, a rule with arity n (n ≥ 1) is a set of tuples(ϕ1, . . . , ϕn) of formulæ of F . Each sequence (ϕ1, . . . , ϕn) belonging to arule r of R is called an instance of that rule with premises ϕ1, . . . , ϕn−1 andconclusion ϕn. It is usually written ϕ1 ... ϕn−1
ϕn. If n = 1, the instance is
called an axiom and is written ϕ1. A deduction in S is a finite sequence
(ψ1, . . . , ψm) of formulæ such that m ≥ 1 and, for all i = 1, . . . ,m, eitherψi is an axiom or there is an instance ϕ1 ... ϕn−1
ϕnof a rule in S such that
ϕn = ψi and {ϕ1, . . . , ϕn−1} ⊆ {ψ1, . . . , ψi−1}.A theorem in S is a formula ϕ such that there exists a deduction in S
with ϕ as last element. The existence of such a deduction is usually denotedby the meta-statement S ⊢ ϕ. Instances of rules can also be composed tobuild proof trees and proofs. Formally, a proof tree π in a formal system S isa finite tree whose nodes are labelled with formulæ of F in the following way:if a non-leaf node is labelled with ϕn and its predecessor nodes are labelled(from left to right) with ϕ1, . . . , ϕn−1, then ϕ1 ... ϕn−1
ϕnis an instance of a rule
of S. π is called a proof when its leaves are axioms. Thus, proofs are anotherway to denote deductions of theorems in formal systems. Given a proof treeπ, note LM(π) (resp. LS(π)) the multiset 5 (resp. the set 6) of leaves ofπ. We will use the notation {{a1, a2, . . . , an}} to denote a finite multiset. Aproof tree π with root ϕ is denoted by π : ϕ. We write π = (π1, . . . , πn, ϕ)ι,with n ∈ N, the proof tree whose last inference rule is ι = ϕ1,...,ϕn
ϕ and suchthat, for every i, 1 ≤ i ≤ n, πi is the subtree of π leading to ϕi. Usinga standard numbering of the tree nodes by natural number strings, we canrefer to positions in a proof tree. Thus, given a proof tree π, a position ofπ is a string ω on N which represents the path from the root of π to thesubtree whose conclusion occurs at that position. This subtree is denoted
3It is a version where structural rules are implicit.4Classicaly, F is a subset of A∗ the set of all finite words on the alphabet A. In this
report, this condition will never be used. Therefore, it will not be considered.5In LM(π), all leaves of π are considered. We then have a multiset because several
occurences of a same fomula can appear in π.6Here, when a formula ϕ of π has several occurences, only one is considered in LS(π).
5
by π|ω. Given a position ω ∈ N∗ in a proof tree π, π[π′]ω is the proof tree
obtained from π by replacing the subtree π|ω by π′. The trees π|ω and π′
necessarily have the same root. If π and π′ : ϕ are two proof trees and ωis a leaf position of π such that π|ω = ϕ, then we use the expression π ·ω π
′
rather than π[π′]ω. This operation is called composition of π and π′ on leafposition ω.
3 Proof transformation procedure
In all logical calculi where proof search strategies have been applied, thecompleteness of restricted derivability with respect to the full one is ob-tained by defining normalizing proof transformation procedures on the baseof elementary proof tree transformations. When we study most of theseprocedures, we can observe that they consist in replacing in proofs, somebasic patterns, that we will call basic proof trees, of the form (ι1, . . . , ιn, ϕ)ιwhere each ιi (1 ≤ i ≤ n) is either an instance of rule in R or a formula inF , by proof trees in normal form (i.e. trees that are not reducible by otherproof tree transformations). For instance, underlying the logicality resultfor the equational logic,7 we have the transformation rule:
Sub.Trans. t=t
′′ t′′=t′
t=t′
σ(t) = σ(t′) Trans.
Sub. t=t′′
σ(t)=σ(t′′) Sub. t′′=t′
σ(t′′)=σ(t′)
σ(t) = σ(t′)
As another example, we have in the cut-elimination result for sequentcalculi:8
Γ,ϕ⇒∆ Γ,ϕ′⇒∆Γ,ϕ∨ϕ′⇒∆ ∨Left Γ′⇒∆′,ϕ,ϕ′
Γ′⇒∆′,ϕ∨ϕ′∨Right
Γ,Γ′ ⇒ ∆,∆′Cut
Γ,ϕ⇒∆ Γ′⇒∆′,ϕ,ϕ′
Γ,Γ′⇒∆,∆′,ϕ′ Cut Γ, ϕ′ ⇒ ∆
Γ,Γ′ ⇒ ∆,∆′Cut
And, in the cut-elimination result for natural deduction:
∧-elim∧-intro Γ⊢ϕ Γ⊢ψ
Γ⊢ϕ∧ψ
Γ ⊢ ϕ Γ ⊢ ϕ
Definition 3.1 (Basic proof tree) Let S = (F,R) be a formal system. Abasic proof tree is a proof tree of the form (ι1, . . . ιn, ϕ)ι such that for everyi, 1 ≤ i ≤ n, either ιi ∈ F or there exists r ∈ R with ιi ∈ r.
Definition 3.2 (Transformation procedure) Let S = (F,R) be a for-mal system. A (proof tree) transformation procedure for S is a binaryrelation on proof trees such that for every π π′, π is a basic proof tree,
7A complete presentation of this result may be found in Subsection 5.1 and in [2].8See Subsection 5.3 and [18] for a complete presentation of this result.
6
π′ is a proof tree in normal form, LS(π′) ⊆ LS(π), and they have the sameroot.Note S, the closure of under proof tree context and composition on leafposition.
By using the standard terminology available in rewriting, is stronglynormalizing (or terminating) if every reduction sequence is finite, and weaklynormalizing if every proof has a normal form.
Normalization of the “global” transformation procedure obtained by re-peated application of transformation rules cannot be ensured without sup-plementary conditions. Moreover, there are some well-known examples oftransformation procedures that meet all the requirements of Definition 3.2but are weakly normalizing (e.g. the cut-elimination procedure for sequentcalculus with explicit structural rules), while some others are strongly nor-malizing (e.g. logicality or cut-elimination with implicit structural rules -see Section 5). In order to take into account the larger family of transfor-mation procedures, in the next section, we will study sufficient conditionson basic transformation rules which are easy to check, yet powerful enoughto ensure normalization.
4 Abstract normalization theorems
This section is devoted to (strong and weak) proof trees normalization the-orems. Their proofs are abstract in the sense that they proceed on thestructure of proof trees of any formal system.
A basic and powerful idea underlying most of termination methods suchas recursive path ordering (RPO) consists in comparing terms of rewritingrules by first comparing their root symbols, and recursively comparing thecollections of their immediate subterms. Therefore, start by assuming awell-founded ordering on atomic elements of proof trees (i.e. rule instances).Hence, given a transformation procedure , a well-founded ordering � on⋃
r∈R
r is supplied. In the proof of the termination for the cut-elimination
result, this order is defined as follows:9
∀@ ∈ {∨,¬,∃}, Cut ≻ @Right,@Left,Axiom
and
Γ1⇒∆1,ϕ1 Γ′
1,ϕ1⇒∆′
1
Γ1,Γ′
1⇒∆1,∆′
1
Cut ≻Γ2⇒∆2,ϕ2 Γ′
2,ϕ2⇒∆′
2
Γ2,Γ′
2⇒∆2,∆′
2
Cut
⇔|ϕ2| < |ϕ1|
9A complete presentation of Gentzen’s calculus LK for classical first-order predicatelogic can be found in Subsection 5.3.
7
where |ϕ| is the depth of formula defined to be supk(1 + |ϕk|) if the ϕi arethe direct sub-formulæ of ϕ.
In most examples of normalization results (see examples in Section 5),underlying transformation procedures satisfy the following condition:
Condition 1 For each (ι1, . . . , ιn, ϕ)ι π and for each (π′1, . . . , π′m, ϕ
′)ι′
subtree of π:
1. ι � ι′ if each π′i ∈ F ∪⋃
r∈R
r
ι ≻ ι′ otherwise
2. If ι ∼ ι′, then {{ι1, . . . , ιn}} ≻≻ {{ι′1, . . . , ι
′m}} where ≻≻ extends ≻ to
multisets on F ∪⋃
r∈R
r.
Notice that Condition 1 is a particular case of RPO which generalizesdistributivity 10 of some rules over others. Obviously, we then have thefollowing result.
Theorem 4.1 Every transformation procedure that satisfies Condition1 is strongly normalizing.
Proof Using proof terms for proofs, with a recursive path ordering >rpo
to order proofs induced by the well-founded relation (precedence) � onrule instances, we show that ⊆ >rpo. Let (ι1, . . . , ιn, ϕ)ι π be atransformation rule. By mathematical induction on π let us show that(ι1, . . . , ιn, ϕ)ι >
rpo π.
Basic case. π is the formula ϕ. According to Definition 3.2, LS(π) ⊆LS((ι1, . . . , ιn, ϕ)ι). Therefore, because reduction orderings have thesubterm property, we conclude (ι1, . . . , ιn, ϕ)ι >
rpo π.
General case. π is of the form (π1, . . . , πn, ϕ)ι′ . Here two cases have to beconsidered:
1. ι ≻ ι′. But, by the induction hypothesis, for every i, 1 ≤ i ≤ n,(ι1, . . . , ιn, ϕ)ι >
rpo πi, and then by RPO, (ι1, . . . , ιn, ϕ)ι >rpo π.
2. ι ∼ ι′. By Condition 1.1, each πi is in F ∪⋃
r∈R
r (1 ≤ i ≤ n).
By Condition 1.2, we have {{ι1, . . . , ιn}} ≻≻ {{ι′1, . . . , ι
′m}}, and
then {{ι1, . . . , ιn}}≫rpo{{ι′1, . . . , ι
′m}}. By RPO, we then conclude
(ι1, . . . , ιn, ϕ)ι >rpo π.
10Distributivity has been illustrated in the example of Section 3 with rules Sub. andTrans., where Sub. distributes over Trans.
8
�
Problems may occur with transformation rules of the form
(ι1, . . . , ιn, ϕ)ι π
such that there exists π′ = (ι′1, . . . , ι′m, ϕ
′)ι′ subtree of π with ι′j ∈ F ∪⋃
r∈R
r
for every j, 1 ≤ j ≤ m, satisfying:
• ι ∼ ι′
• LM(ι′j) = LM((ι1, . . . , ιn, ϕ)ι)
Indeed, such transformation rules may prevent from using the standard tech-niques to prove termination such as RPO, and then from obtaining a strongnormalization result.
An example of such a transformation rule is Rule R1 defined in the cut-elimination procedure for the sequent calculus that considers contractionsas explicit rules:
R1
Γ,ϕ,ϕ⊢∆Γ,ϕ⊢∆ Contr. Γ′ ⊢ ϕ,∆′
Γ,Γ′ ⊢ ∆,∆′Cut
Γ,ϕ,ϕ⊢∆ Γ′⊢ϕ,∆′
Γ,Γ′,ϕ⊢∆,∆′ Cut Γ′ ⊢ ϕ,∆′
Γ,Γ′,Γ′ ⊢ ∆,∆′,∆′Cut
...
Contr.
Γ,Γ′ ⊢ ∆,∆′Contr.
In this transformation rule, the problem comes from subtree
π′ =Γ, ϕ, ϕ ⊢ ∆ Γ′ ⊢ ϕ,∆′
Γ,Γ′, ϕ ⊢ ∆,∆′Cut
Indeed, we have Cut ∼ Cut and
LM
(Γ,ϕ,ϕ⊢∆Γ,ϕ⊢∆ Contr. Γ′ ⊢ ϕ,∆′
Γ,Γ′ ⊢ ∆,∆′Cut
)
=LM(π′)
It is well-known that this rule allows infinite reduction sequences when deal-ing with an unrestricted version of cut-elimination procedures by removingstrategy. The reason is that the sequent Γ′ ⊢ ϕ,∆′ and Cut are duplicated,and Contr. ≺ Cut. The only measure that decreases with such a rule is thenumber of occurrences of Contr. that occur above Cut in the right-hand sideof the rule. Therefore by applying a strategy that eliminates, in proof trees,maximal proof trees (see the abstract definition of maximality just below)which are the nearest to leaves, this kind of measure will be sufficient toobtain a result of weak normalization, under the condition that the otherrules do not introduce some occurrences of Contr.
9
Definition 4.2 (maximal proof tree) A proof tree π = (π1, . . . , πn, ϕ)ιis said maximal if and only if for every i, 1 ≤ i ≤ n, each πi is a proof treein normal form but π is not.
We then divide the set of transformation rules into two disjoint sets.
Definition 4.3 Let be a transformation procedure together with a well-
founded ordering � on⋃
r∈R
r. We will call rule of sort 1 any (ι1, . . . , ιn, ϕ)ι
π such that for each subtree π′ = (ι′1, . . . , ι′m, ϕ
′)ι′m+1of π where for every j,
1 ≤ j ≤ m, ι′j ∈ F ∪⋃
r∈R
r, we have ι ≻ ι′m+1. We will call rules of sort 2 all
other rules.
Now, we resume the above discussion by the following condition ex-pressed in our abstract framework:
Condition 2 For each transformation rule (ι1, . . . , ιn, ϕ)ι π and for eachsubtree π′ = (π′1, . . . , π
′m, ϕ
′)ι′m+1of π such that, if LM(π′) = {{ϕ1, . . . , ϕk}}
and ωl is the position of ϕl in π′ for each l, 1 ≤ l ≤ k, then there existsa sequence of proof trees in normal form (π1 : ϕ1, . . . , πk : ϕk) such that(. . . ((π′ ·ω1
π1) ·ω2π2) . . . ·ωk
πk) is maximal, we have:
1. LM(π′) ⊆ LM((ι1, . . . , ιn, ϕ)ι)
2. ι � ι′m+1
3. There does not exist a subtree π′′ of π′ of the form
...ϕ′′1
ι′′1...
...ϕ′′
pι′′p
ϕ′′ ι′′ suchthat there exists a transformation rule (ι1, . . . , ιq, ϕ)ι π of sort 2such that the sequence (ι1, . . . , ιq) is embedded in the sequence (ι′′1 , . . . , ι
′′p),
i.e. (ι′′1 , . . . , ι′′p) is of the form (. . . , ι1, . . . , ι2, . . . , ιq, . . .).
Consider Rule R1 (which is the only one to be of sort 2 in the cut-elimination procedure), the only subtree satisfying the premise of Condition
2 is π′ = Γ,ϕ,ϕ⊢∆ Γ′⊢ϕ,∆′
Γ,Γ′,ϕ⊢∆,∆′ Cut. Indeed, whatever the proof trees in normal
form π1 and π2 with conclusion Γ, ϕ, ϕ ⊢ ∆ and Γ′ ⊢ ϕ,∆′ respectively, theproof tree π1:Γ,ϕ,ϕ⊢∆ π2:Γ′⊢ϕ,∆′
Γ,Γ′,ϕ⊢∆,∆′ Cut is a maximal proof tree, as the transfor-
mation procedure is complete for Cut.11 Conditions 2.1 and 2.2 are thensatisfied because
LM(π′′)=LM
(Γ,ϕ,ϕ⊢∆Γ,ϕ⊢∆ Contr. Γ′ ⊢ ϕ,∆′
Γ,Γ′ ⊢ ∆,∆′Cut
)
11That is that the case of any rule over Cut is treated in the cut-elimination procedure.
10
andΓ, ϕ ⊢ ∆ Γ′ ⊢ ϕ,∆′
Γ,Γ′ ⊢ ∆,∆′Cut ∼
Γ, ϕ, ϕ ⊢ ∆ Γ′ ⊢ ϕ,∆′
Γ,Γ′, ϕ ⊢ ∆,∆′Cut
Condition 2.3 is aimed at eliminating situations that may allow the ap-plication of a rule of sort 2 and then may lead to unterminating situations.For instance, in Rule R1, Condition 2.3 is satisfied because no instance ofrule Contr. occurs in the right-hand side of R1 in such a place where arule Cut would be allowed to appear under it by the application of anothertransformation rule of sort 2. If this was the case, it would then be possibleto apply R1 again, and then the procedure would never terminate. Theonly case of subtree π′′ of π′ satisfying the form given in Condition 2.3 is π′
itself. Condition 2.3 is then satisfied because Γ,ϕ,ϕ⊢∆Γ,ϕ⊢∆ Contr. does not appear
in π′.
Now we arrive at the main theorem of this report.
Theorem 4.4 Suppose that satisfies Condition 2. Then is weaklynormalizing.
Proof The theorem is obtained by generalizations of Tait’s proof [27].
Note m(π) for π a maximal proof tree, the number of subtrees π′ of
π of the form ι′ι′1
...ϕ′1
...ι′m
...ϕ′
m
ϕ′ such that there exists a transformation rule
(ι1, . . . , ιn, ϕ)ι π′′ of sort 2 and the sequence (ι1, . . . , ιn) is embeddedin the sequence (ι′1, . . . , ι
′m). If π is not maximal, m(π) = 0.
The length |π| of a proof tree π is inductively defined to be supi(|πi|+1)if the πi are the direct subtrees of π, where |ϕ| = 0 if ϕ is a leaf.
It is well-known that all well-founded sets are isomorphic to a unique
ordinal. Note d :
(⋃
r∈R
r,�
)
→ α where α is an ordinal, this isomorphism.
Then, the rank of a maximal proof tree π, noted rk(π), is defined to be d(ι)+|π| where ι is the last inference rule applied in π (i.e. π = (π1, . . . , πo, ϕ)ι).
Therefore, the measure of a proof tree π, noted meas(π), is defined tobe sup((m(π′), rk(π′))) for the lexicographic ordering≫ on N×α, where π′
is covering all maximal subtrees of π .
First, let us show that applying any transformation rule does not increasethe measure of proof trees. Then, let π = (π1, . . . , πn, ϕ)ι be a maximal prooftree such that each πi is of the form (πi1 , . . . , πini
, ϕi)ιi (1 ≤ i ≤ n). Let(ι1, . . . , ιn, ϕ)ι π′ be a transformation rule. This rule transforms π intoπ = (π1, . . . , πo, ϕ)ι′ . By definition, π′ can have two forms:
1. If π′ is restricted to a ϕ , then π is ϕ too. So m(π) = 0 and thenm(π) < m(π).
11
2. Otherwise, π′ is of the form (π′1, . . . , π′o, ϕ)ι′ . Here two cases have to
be considered:
(a) Either π is maximal. Therefore, as π′ is a proof tree in normalform, there exists i, 1 ≤ i ≤ o, such that πi ∈ F . The fact that πis maximal is then the result of the composition of π′ with the treeπi : ιi. Consequently, the subtree of π′ satisfying the premises ofCondition 2 is π′ itself. Therefore, by Condition 2.1, we haveLM(π′) ⊆ LM((ι1, . . . , ιn, ϕ)ι). By Condition 2.3, we then havem(π) ≤ m(π). The case where m(π) < m(π) is straightforwardby definition. If m(π) = m(π), two cases have to be considered,but only one is relevant.
• Suppose ι ≻ ι′. Therefore, we have rk(π) > rk(π).
• Suppose ι ∼ ι′. This case is not possible actually. Asa matter of fact, if ι ∼ ι′, then the transformation rule(ι1, . . . , ιn, ϕ)ι π′ is of sort 2 by definition. Therefore,the number of rules of sort 2 that could be applied in π hasdecreased, hence m(π) < m(π), which contradicts the hy-pothesis.
Hence, we have meas(π)≪ meas(π).
(b) Maximal proof trees in π are among π1, . . . , πo. Let π′′ be amaximal proof tree of π, π′′ = (π′′1 , . . . , π
′′l , ϕ
′′)ι′′ . By following thesame arguments than previously, we have meas(π′′)≪ meas(π),and then meas(π)≪ meas(π).
We show that the set of basic transformation rules is terminating bystructural induction of proof trees.
Basic case. π is of the form ϕ . This is obvious because π is in normalform.
General case. π = (π1, . . . , πn, ϕ)ι. This is obvious if π is in normal form.Otherwise, two cases have to be considered:
1. π is a maximal proof tree (i.e. each πi is in normal form with1 ≤ i ≤ n). In this case, we have shown that basic transformationrules decrease the measure of proof trees at each step.
2. Some πi : ϕ are not in normal form. By induction hypothesis,there exists proof trees π′i : ϕ in normal form such that πi
∗ S π
′i.
Therefore, π′ = (π′1, . . . , π′n, ϕ)ι is either in normal form or a maxi-
mal proof tree. For the latter, we have shown that transformationrules decrease the measure of proof trees at each step.
12
�
In cut-elimination procedures for sequent calculus with explicit struc-tural rules, some strongly normalizing cut-elimination procedures have beendeveloped. The first proof of strong normalization has been given by Dra-galin in 1979 [14]. More recently, other proofs of strong normalization ofcut-elimination procedures have been given in [7, 8, 19, 28]. All of thesestrong results are obtained either by “camouflaging” contractions into in-troduction or cut rules, or by transforming the cut rule in order to preventcontractions on cut rules. For the latter, this is how E. Tahhan Bittar in [7]enters upon strong normalization proofs for cut-elimination. The cut rulein [7], called Mix rule, is defined as follows:
Γ, ϕn ⊢ ∆ Γ′ ⊢ ϕm,∆′
Γ,Γ′ ⊢ ∆, δ′Mix
where ϕn means ϕ, . . . , ϕ︸ ︷︷ ︸
n times
. For such a calculus, Rule R1 above is then
transformed as follows:
Γ,ϕ,ϕ⊢∆Γ,ϕ⊢∆ Contr. Γ′ ⊢ ϕ,∆′
Γ,Γ′ ⊢ ∆,∆′Mix
Γ, ϕ, ϕ ⊢ ∆ Γ′ ⊢ ϕ,∆′
Γ,Γ′ ⊢ ∆,∆′Mix
By using the precedence order:
∀@ ∈ {∨,¬,∃,Contr.,Weak}, Mix ≻ @Right,@Left, Axiom
We easily show that this cut-elimination procedure satisfies above Condition1.
Such transformations of inference rules in sequent calculus for obtainingstrong normalization result are intimately dependent on rule structure, andthen are hardly generalizable in our abstract framework.
5 Applications
In this section, in order to illustrate our approach with some concrete ex-amples, we will apply our general method to classical results, which are,respectively, the logicality result in equational logic, Newman’s lemma inrewriting theory and Gentzen cut-elimination result for a sequent calculusfor classical first-order predicate logic where structural rules are implicit(which is a quite standard formulation of the calculus). For each of them,we will prove a strong normalization result. In the literature, each of themhave been extended to many other logic calculi, but, each time the under-lying (meta) proof methodology is pretty much the same and it can be seenas a particular instance of our general abstract approach. We do not givesome weak normalization results fitting in our framework such as the cut-elimination one with explicit structural rules because some hints on this last
13
result have already been given in the last section. Moreover, its completepresentation can easily be obtained by adding rules given in Section 5.3.
5.1 Logicality
Before stating the logicality result, let us first give the formal system forequational logic. Let Σ be a signature, that is, a set of function names, eachone equipped with an arity in N. Let V be a set of variables. Note TΣ(V )the set of terms with variables in V . Let Γ be a set of equations, that is,sentences of the form t = t′ with t, t′ ∈ TΣ(V ). Therefore, the formal systemassociated to Σ and Γ is given by the pair S = (F,R) where F is the set ofall equations of the form t = t′ with t, t′ ∈ TΣ(V ), and R is the set of ruleinstances generated by the standard rule schemas recalled below.
Let C be any term of TΣ(V ∪{�}) with a unique occurrence of �.12 LetC[t] be the result of replacing in C the occurrence of � by t ∈ TΣ(V ), andlet σ : V → TΣ(V ) be a substitution. The considered rule schemas are:
Axiomt = t′ ∈ Γ
t = t′Ref.
t = tSym.
t = t′
t′ = t
Cont.t = t′
C[t] = C[t′]Sub.
t = t′
σ(t) = σ(t′)Trans.
t = t′ t′ = t′′
t = t′′
S ⊢ t = t′ is usually written Γ ⊢ t = t′.
A classical result due to G. Birkhoff [6] ensures that equational reasoning(given by derivability according to the rules above) coincides with convert-ibility in rewriting for equational logic. This property, named logicality [31],is expressed by:
Γ ⊢ t = t′ ⇐⇒ t∗↔Γ t
′ (Γ: set of equations)
where ↔Γ is the convertibility relation defined as the closure of equationsof Γ under symmetry (Sym.), substitution (Sub.) and context (Cont.), and∗↔Γ is the closure of ↔Γ under reflexivity (Ref.) and transitivity (Trans.).
Hence,∗↔Γ actually defines proof search (building) strategies which select
proof trees π composed of instances in R such that no instance of Trans.occurs over instances of Sym., Sub., and Cont.
Completeness of such strategies can be shown by using the following basicproof tree transformations:
Sub.Trans. t=t
′′ t′′=t′
t=t′
σ(t) = σ(t′) Trans.
Sub. t=t′′
σ(t)=σ(t′′) Sub. t′′=t′
σ(t′′)=σ(t′)
σ(t) = σ(t′)
12Intuitively, the special variable � represents a “hole”, so that C can be seen as acontext.
14
The cases of Sym. and Cont. correspond to a similar transformation,that is, a distribution of Sym. and Cont. over Trans.
Sub.Ref. t=t
σ(t) = σ(t) Ref.
σ(t) = σ(t)Trans.
Ref. t=t...t=t′
t = t′
...
t = t′
Sym.Ref. t=tt = t
Ref.t = t
Trans....t=t′ Ref. t′=t′
t = t′
...
t = t′
Cont.Ref. t=t
C(t) = C(t) Ref.
C(t) = C(t)
The transformation procedure defined by the above basic transforma-tions satisfies Condition 1 for the well-founded ordering defined by:
Sym. ∼ Sub. ∼ Cont. ≻ Trans. ≻ Ref. ∼ Axiom
As we have already observed, the transformation rules consist in dis-tributing instances of Sym., Sub. and Cont. over instances of Trans., anderasing all rule instances when they occur under Ref.’s ones. Hence, alltransformation rules are:
• either of the form
ιTrans.
ϕ Trans.
ι1 ι2ϕ
with ι, ι1, ι2 ∈ r and r ∈ { Sub., Cont., Sym. }
• or of the form
ιRef.
ϕ Ref.
ϕ
In the first case, ι ≻ Trans., ι ∼ ιj and LS(ιj) ⊆ LS(Trans.) for j = 1, 2,while in the second case, ι ≻ Ref. Therefore, all transformation rules satisfyCondition 1, and then by Theorem 4.1 the logicality procedure is stronglynormalizing.
5.2 Newman’s lemma
It is well-known that from any local-confluent and terminating rewrite sys-tem R, all proofs written as series of peaks can be transformed into valleysby removing and replacing, step by step, local peaks by equivalent valleys.This process can be formalized by a terminating transformation procedurethat meets all the requirements given in section 4. First, introduce theunderlying formal system. Let R be a rewrite system, that is a binary rela-tion → ⊆ TΣ(V )× TΣ(V ), which is terminating and locally confluent. Theassociated formal system S = (F,R) is then defined by:
15
• F is the set of all sentences of the form u→R v, u∗→R v and u
∗↔R v
• R is the set of inference rules
Axiomu→ v ∈ R
u→R vRew.
u→R v
u∗→R v
Der/Pr.u∗→R v
u∗↔R v
Cont.u∗→R v
C[u]∗→R C[v]
Sub.u∗→R v
σ(u)∗→R σ(v)
Peaku R
∗← w
∗→R v
u∗↔R v
Valleyu∗→R w R
∗← v
u∗↔R v
13
Proofu∗↔R w
∗↔R v
u∗↔R v
Deriv.u∗→R w
∗→R v
u∗→R v
Basic transformation rules are then the following:
PeakDeriv.u R
∗←u′ R
∗←w
u R
∗←w
w∗→R v
u∗↔R v
ProofDer/Pru R
∗←u′
u∗↔Ru′
Peaku′
R
∗←w
∗→Rv
u′∗↔Rv
u∗↔R v
Peaku R
∗← w Deriv.w
∗→Rv
′ ∗→Rv
w∗→Rv
u∗↔R v
ProofPeaku R
∗←w
∗→Rv
′
u∗↔Rv′
Der/Pr v′ ∗→Rv
v′∗↔Rv
u∗↔R v
PeakRew. u R←w→Rv
u R
∗←w R
∗→v
u∗↔R v
Valleyu∗→R x R
∗← v
u∗↔R v
14
ProofValleyu
∗→Rx R
∗←w
u∗↔Rw
Der/Prw∗→Rv
w∗↔Rv
u∗↔R v
ProofDer/Pru
∗→Rx
u∗↔Rx
Peakx R
∗←w
∗→Rv
x∗↔Rv
u∗↔R v
ProofDer/Pru R
∗←u′
u∗↔Ru′
Valleyu′ ∗→Rx R
∗←v
u′∗↔Rv
u∗↔R v
ProofPeaku R
∗←u′
∗→Rx
u∗↔Rx
Der/Prx∗←Rv
x∗↔Rv
u∗↔R v
The transformation procedure defined by the above basic transforma-tions satisfies Condition 1 for the well-founded ordering � defined by:
14Such x exists because R is locally confluent. Moreover, it can be computed becauseR is terminating.
16
Peak,Proof ≻ Rew ∼ Cont. ∼ Der/Pr. ∼ Sub. ∼ Valley ∼ Deriv.
ιu1 @ u2 @ u3
u1∗↔R u3
≻ ι′u′1 @′ u′2 @′ u′3
u′1∗↔R u′3
⇐⇒
∀i ∈ {1, 2, 3}, ui∗→R u
′i
∧
∃j ∈ {1, 2, 3}, uj+→R u
′j
ι, ι′ ∈ Proof ∪ Peak and @,@′ ∈ {∗↔R,
∗→R}.
Peaku1 R
∗← u2
∗→R u3
u∗↔R v
≻ u∗→R v ⇐⇒ u2
+→R u ∧ (∃j ∈ {1, 2, 3}, uj
∗→R v
All the transformation rules satisfy Condition 1 and then the procedureis strongly normalizing.
5.3 Gentzen’s Cut Elimination
First, let us introduce the formal system for (a version of) the sequent cal-culus LK for classical first order predicate logic. Here, we restrict ourselvesto the logical connectives {¬,∨} and the quantifier ∃. It is well-known thatother classical connectives and quantifiers can be defined from this restrictedset. First, we recall the basic notions and notations of first-order logic andsequent calculus.
In the case of first-order logic, a signature Σ = (Op,P ) contains two setsof operation names and predicate names, and each operation and predicatename is equipped with an arity in N. Σ-atoms are formulæ p(t1, . . . , tn)where p ∈ P and every ti (1 ≤ i ≤ n) is a term in TΣ(V ). Well-formedΣ-formulæ are then either atoms or sentences of form ¬ϕ, ϕ ∨ ψ, and ∃x.ϕwhere ϕ and ψ are well-formed Σ-formulæ and x is a variable in V . Thenotions of free and bound variable are defined as usual, and write ϕ[x/t] forclash of variables-avoiding substitution of t for x in ϕ.
In the formulation of classical sequent calculus chosen here, a Σ-sequentis any pair Γ ⇒ ∆ where Γ and ∆ are two finite sets of well-formed Σ-formulæ. In the following, we will write Γ, ϕ and Γ,Γ′ to mean Γ∪ {ϕ} andΓ ∪ Γ′, respectively. Our choice to consider sets rather than multi-sets (oreven lists) of formulæ in the definition of sequents eliminates contractionand exchange as explicit structural rules.
Given a signature Σ = (Op,P ), the formal system S = (F,R) for Σassociated to Gentzen-style sequent calculi is defined as follows:
• F is the set of Σ-sequents15
15Note that this definition is independent of the chosen structure for sequents, so thatcan be generalized to other sequent calculi.
17
• R contains all the instances of the following rule schemas:
Γ, ϕ⇒ ∆, ϕAx.16
Γ, ϕ⇒ ∆ Γ, ϕ′ ⇒ ∆
Γ, ϕ ∨ ϕ′ ⇒ ∆∨Left
Γ⇒ ∆, ϕ, ϕ′
Γ⇒ ∆, ϕ ∨ ϕ′∨Right
Γ⇒ ∆, ϕ
Γ,¬ϕ⇒ ∆¬Left
Γ, ϕ⇒ ∆
Γ⇒ ∆,¬ϕ¬Right
Γ, ϕ[x/y]⇒ ∆
Γ,∃x.ϕ⇒ ∆∃Left
Γ⇒ ∆, ϕ[x/t]
Γ⇒ ∆,∃x.ϕ∃Right
Γ⇒ ∆, ϕ Γ′, ϕ⇒ ∆′
Γ,Γ′ ⇒ ∆,∆′Cut
where the ∃Left rule obeys to the usual eigenvariable condition, statingthat x is not free in Γ,∆.
In the cut rule, ϕ is called the cut formula. Finally, we use the standardterminology of principal formula with respect to a rule r as follows:
– ¬ϕ is principal with respect to ¬Left and ¬Right,
– ϕ ∨ ϕ′ is principal with respect to ∨Left and ∨Right, and
– ∃x.ϕ is principal with respect to ∃Left and ∃Right,
In [16], Gentzen has shown that all cuts can be eliminated from prooftrees for a version of classical sequent calculus where structural rules areexplicit. To achieve this purpose, he has given a constructive proof of thecut-elimination result, by defining an effective procedure to eliminate cutsfrom a proof tree π whose conclusion is a tautology A and whose leaves areaxioms so as to obtain a cut-free proof tree π′ proving A from axioms. Thisprocedure is based on basic proof transformations which can be modeled inour abstract framework.
First, we need to add to the set R of inference rules the two followingadmissible rules:
Γ⇒ ∆
σ(Γ)⇒ σ(∆)Sub.
where σ : V → TΣ(V ) is a substitution and σ(Γ) = σ(ϕ1), . . . , σ(ϕn) whenΓ = ϕ1, . . . , ϕn.
16It is well known that formulation of the axioms makes the structural rule Weakening
admissible in the calculus.
18
Γ⇒ ∆
Γ′ ⇒ ∆′Weak. where either Γ′ = Γ,Φ
∆′ = ∆,Ψor Γ′ = Γ
∆′ = ∆,Ψor Γ′ = Γ,Φ
∆′ = ∆
Let us call the resulting extended system of rules R′. The intuitive reasonof such an extension of R to R′, is that, in usual cut elimination proofs forcalculi with implicit structural rules given in the literature [15, 21], these twosupplementary rules are replaced by obvious intermediary lemmas, which aresituated at a meta-theoretical level. Since we aim to see the cut-eliminationprocedure as a rewriting procedure, we do need to shift them at the objectlevel. Note that, because of admissibility of Sub. and Weak., there is a proofvia R of a tautology A if and only if there is a proof of A via R′. Moreover,our method will be such that cut-free proofs with respect to R′ are indeedcut-free proofs using only rules in R.
Therefore, Gentzen’s result (and, in particular, the termination of thecut-elimination procedure, which is the difficult part) can be shown by usingthe basic transformation rules described below. Such a set of transformationrules can be organized in four cases:
1. Case where the cut formula is not principal with respect to at least oneof the inferences leading immediately to the premises of the cut. Here,we give transformations for the case where right rules are applied soas to get the left premise of the cut rule, but one can generalize suchtransformations to the symmetric case in a standard way.
Γ1⇒∆1,ϕΓ′
1⇒∆2,ϕ
@Right Γ2, ϕ⇒ ∆3
Γ′1,Γ2 ⇒ ∆2,∆3Cut
Γ1⇒∆1,ϕ Γ2,ϕ⇒∆3
Γ′
1,Γ2⇒∆1,∆3
Cut
Γ′1,Γ2 ⇒ ∆2,∆2@Right
where @ ∈ {∨,¬,∃} and Γ′1 = Γ1 except for the ¬Right rule, whereΓ′1 = Γ1,¬ψ for some formula ψ.
2. Case where the cut formula is principal with respect to both the in-ferences leading immediately to the premises of the cut. In this casewe have the following basic proof tree transformations:
Γ,ϕ⇒∆ Γ,ϕ′⇒∆Γ,ϕ∨ϕ′⇒∆ ∨Left Γ′⇒∆′,ϕ,ϕ′
Γ′⇒∆′,ϕ∨ϕ′∨Right
Γ,Γ′ ⇒ ∆,∆′Cut
Γ,ϕ⇒∆ Γ′⇒∆′,ϕ,ϕ′
Γ,Γ′⇒∆,∆′,ϕ′ Cut Γ, ϕ′ ⇒ ∆
Γ,Γ′ ⇒ ∆,∆′Cut
19
Γ⇒∆,ϕΓ,¬ϕ⇒∆¬Left Γ′,ϕ⇒∆′
Γ′⇒∆′,¬ϕ¬Right
Γ,Γ′ ⇒ ∆,∆′Cut
Γ⇒ ∆, ϕ Γ′, ϕ⇒ ∆′
Γ,Γ′ ⇒ ∆,∆′Cut
Γ,ϕ[x/y]⇒∆Γ,∃x.ϕ⇒∆ ∃Left
Γ′⇒∆′,ϕ[x/t]Γ′⇒∆′,∃x.ϕ ∃Right
Γ,Γ′ ⇒ ∆,∆′Cut
Γ,ϕ[x/y]⇒∆Γ[y/t],ϕ[x/y][y/t]⇒∆[y/t]Sub. Γ′ ⇒ ∆′, ϕ[x/t]
Γ,Γ′ ⇒ ∆,∆′Cut
3. Case where at least one premise of the cut rule is an axiom.
Γ,ϕ⇒∆,ϕAx. Γ′, ϕ⇒ ∆′
Γ, ϕ,Γ′ ⇒ ∆,∆′Cut
Γ′, ϕ⇒ ∆′
Γ, ϕ,Γ′ ⇒ ∆,∆′Weak.
The dual case (i.e. the rule Ax. is applied on the right premise of thecut rule) is handled in the same way.
4. Finally, it remains the case where the rules Sub., Weak. lead to at leasta premise of any inference except the cut rule. Here, we can easily showthat Sub. and Weak. pass over rules in @Left and @Right rules where@ ∈ {∨,∧,∃}, and are canceled out when they are occurring underinstances of Ax. The basic transformations are similar to the ones forlogicality.
Every basic transformation satisfies Condition 1 for the well-foundedordering � defined as follows:
∀@ ∈ {∨,¬,∃}, Cut ≻ Weak. ∼ Sub. ≻ @Left ∼ @Right ∼ Ax.
Γ1⇒∆1,ϕ1 Γ′
1,ϕ1⇒∆′
1
Γ1,Γ′
1⇒∆1,∆′
1
Cut ≻Γ2⇒∆2,ϕ2 Γ′
2,ϕ2⇒∆′
2
Γ2,Γ′
2⇒∆2,∆′
2
Cut
⇔|ϕ2| < |ϕ1|
where |ϕ| is the depth of formula defined to be supk(1 + |ϕk|) if the ϕi arethe direct sub-formulæ of ϕ.
All the transformation rules are of the form
ι1 . . . ιnϕ
ι ι′1 . . . ι′m
ϕι′
with each ι′j ∈ F ∪⋃
r∈R
r and such that ι ≻ ι′ and for all 1 ≤ i ≤ m, ι ≻ ι′i.
Hence, all of them satisfy Condition 1. Therefore, by Theorem 4.1, thecut-elimination procedure as presented here is strongly normalizing.
20
6 Conclusions and Perspectives
In this report, we have given a method to obtain results of normalization ofproof trees independently of the underlying formal system. This has beenachieved by generalizing the observation that some inference rules pass overor are canceled out when they occur under any other rules. This generaliza-tion is expressed by a set of basic proof tree transformations which, whenthe induced global proof transformation is terminating, ensures the com-pleteness of the corresponding proof strategy. However, termination cannotbe ensured in general. Therefore, two conditions on the structure of basicproof tree transformations have been given, which are sufficient to ensuresuch a result of termination. These two conditions allow us to obtain anabstract strong and an abstract weak normalization result, respectively.
In order to validate our approach, we plan to continue to work in at leasttwo directions:
1. Check “by hand” that we can indeed cover several already knownnormalization results, for instance: cut-elimination for “standard”modal propositional sequent calculi for the logics K, K4, T, S4; cut-elimination for linear logic sequent calculus and/or proof-nets (whenproof-nets are presented under the form of proof structure which arebuilt according to the rules of linear sequent calculus as in [18]); cut-elimination for display calculi [4, 10], etc.
2. Submit our “meta proofs” to a generic theorem proof assistant, as, forinstance, Isabelle [23] or Coq [9], as it is done for a specific proof ofstrong normalization for the case of display calculi in [10]. This enablesone to certify, as a result, all existing and future normalization results.Indeed, it would be only enough to check that the transformationrules of proof trees which underlie the normalization result meet thesufficient conditions of Section 4.
References
[1] M. Aiguier, A. Arnould, C. Boin, P. Le Gall, and B. Marre. Testing fromalgebraic specifications: Test data set selection by unfolding axioms. InFormal Approche to Testing of Software, Lecture Notes in ComputerScience. Springer Verlag, 2005. To appear.
[2] M. Aiguier, D. Bahrami, and C. Dubois. On a generalised logicalitytheorem. In Artificial Intelligence, Automated Reasoning, and SymbolicComputation, volume 2385 of Lecture Notes in Artificial Intelligence,pages 51–64. Springer Verlag, 2002.
[3] F. Baader and T. Nipkow. Term Rewriting and All That. C.U. Press,1998.
21
[4] N. D. Belnap. Display logic. Journal of Philosophical Logic 11, pages375–417, 1982.
[5] U. Berger, M. Eberl, and H. Schwichtenberg. Term rewriting for nor-malization by evaluation. Information and Computation, 183:19–42,2003.
[6] G. Birkhoff. On the structure of abstract algebras. In Proceedings ofThe Cambridge Philosophical Society, volume 31, pages 433–454, 1935.
[7] E. Tahhan Bittar. Strong normalization proofs for cut-elimination inGentzen’s sequent calculi. In Proceedings of the Symposium on Alge-bra and Computer Science, Helena Rasiowa in Memoriam, volume 46,pages 179–225. Banach Center Publication, 1999.
[8] E.-A. Cichon, M. Rusinowitch, and S. Selhab. Cut elimination andrewriting: termination proofs. Technical report, INRIA-Lorraine,Nancy, France, 1996.
[9] C. Cornes, J. Courant, J.-C. Filliatre, G. Huet, P. Manoury, C. Munoz,C. Murthy, C. Parent, Ch. Paulin-Mohring, A. Saıbi, and B. Werner.The coq proof assistant reference manual, version 5.10. Technical Re-port 177, INRIA, July 1995.
[10] J. Dawson and R. Gore. A new machine-checked proof of strong nor-malisation for display logic. In James Harland, editor, Electronic Notesin Theoretical Computer Science, volume 78. Elsevier, 2003.
[11] N. Dershowitz and J.-P. Jouannaud. Rewrite systems. In J. vanLeeuwen, editor, Handbook of TCS, volume B: Formal Models and Se-mantics, pages 243–320. Elsevier, 1990.
[12] G. Dowek. Confluence as a cut-elimination property. In R. Nieuwenhuis,editor, Rewriting Techniques and Applications, volume 2706 of LectureNotes in Computer Science, pages 2–14. Springer Verlag, 2003.
[13] G. Dowek and B. Werner. Proof normalization modulo. In InternationalWorkshop on Types for Proofs and Programs, pages 62–77, London, UK,1999. Springer Verlag.
[14] A.-G Dragalin. Mathematical intuitionism, introduction to proof the-ory. Translations of Mathematical Monographs, 67:185–199, 1988.translation of the russian original from 1979.
[15] J.-H. Gallier. Logic for Computer Science, volume Foundations of Au-tomatic Theorem Proving. Harper & Row, 1986.
22
[16] G. Gentzen. Untersuchungen uber das logische schließen. Mathematis-che Zeitschrift, 39(176-210):405–431, 1935. English translation in M.-E.Szabo, editor, The collected Papers of Gerhard Gentzen, pages 68–131,North-Holland, 1969.
[17] J.-Y. Girard. Linear logic. Theoretical Computer Science, 50:1–102,1987.
[18] J.-Y. Girard, Y. Lafont, and P. Taylor. Proofs and Types. CambridgeUniversity Press, 1989.
[19] H. Herbelin. A λ-calculus structure isomorphic to Gentzen-style sequentcalculus structure. In L. Pacholski and J. Tiuryn, editors, Proceedings ofthe 8th International Workshop on Computer Science Logic, volume 933of Lecture Notes in Computer Science, pages 61–75. Springer Verlag,1995.
[20] S. Kaplan. Conditional rewrite rules. Theoretical Computer Science,33:175–193, 1984.
[21] S.-C. Kleene. Introduction to Meta-mathematics. North-Holland, 1952.
[22] J. Levy and J. Agustı. Bi-rewrite systems. Journal of Symbolic Com-putation, 22:279–314, 1996.
[23] T. Nipkow, L. Paulson, and M. Wenzel. Isabelle’s logics: Hol.http://isabelle.in.tum.de/doc/logics-HOL.pdf.
[24] D. Prawitz. Natural deduction: A proof-theoretical study. Almqvistand Wiksell, Stockholm, 1965.
[25] W. Marco Schorlemmer. Term rewriting in a logic of special relations.In 7th International Conference on Algebraic Methodology and SoftwareTechnology, volume 1548 of Lecture Notes in Computer Science, pages178–195. Springer, 1998.
[26] G. Struth. Non-symmetric rewriting. Technical report, MPI fur Infor-matik, 1996.
[27] W.-W. Tait. Normal derivability in classical logic. In J. Barwise, edi-tor, The Syntax and Semantics of Infinitary Languages, pages 204–236.Springer Verlag, 1989.
[28] C. Urban and G.-M. Bierman. Strong normalisation of cut-eliminationin classical logic. Acta Informaticae, 45(1-2):123–155, 2001.
[29] V. van Oostrom. Sub-birkhoff. In 7th International Symposium onFunctional and Logic Programming, volume 2998 of Lecture Notes inComputer Science, pages 180–195. Springer, 2004.
23
[30] L.-A. Wallen. Automated Deduction for Non Classical Logics. The MITPress, 1990.
[31] T. Yamada, J. Avenhaus, C. Loria-Saenz, and A. Middeldorp. Log-icality of conditional rewrite systems. Theoretical Computer Science,236(1,2):209–232, 2000.
24