Natural deduction for intuitionistic linear logic

Natural deduction for intuitionistic linear logic A.S.Troelstra Dedicated to Dirk van Dalen on occasion of his 60th birthday

May 10, 1993 Abstract

The paper deals with two versions of the fragment with unit, tensor, linear implication and storage operator (the exponential !) of intuitionistic linear logic. The rst version, ILL, appears in a paper by Benton, Bierman, Hyland and de Paiva; the second one, ILL+ , is described in this paper. ILL has a contraction rule and an introduction rule !I for the exponential; in ILL+ , instead of a contraction rule, multiple occurrences of labels for assumptions are permitted under certain conditions; moreover, there is a dierent introduction rule for the exponential, !I+ , which is closer in spirit to the necessitation rule for the normalizable version of S4 discussed by Prawitz in his monograph \Natural Deduction". It is relatively easy to adapt Prawitz's treatment of natural deduction for intuitionistic logic to ILL+ ; in particular one can formulate a notion of strong validity (as in Prawitz's \Ideas and Results in Proof Theory") permitting a proof of strong normalization. The conversion rules for ILL explicitly mentioned in the paper by Benton et. al. do not suce for normal forms with subformula property, but we can show that this can be remedied by addition of a single conversion rule. ILL+ also suggests the study of a class of categorical models, more special than the class introduced by Benton et. al.

1 Introduction In this paper we shall assume familiarity with the proof-theoretic treatment of intuitionistic logic IL as presented e.g. in [P1, T1, T2]. We discuss natural deduction versions of the multiplicative-exponential fragment of intuitionistic linear logic, ILLme (usually shortened to ILL below, since we shall not deal with the full system ILL here). The operators and constants of ILLme are ? (tensor), 1 (unit), ( (linear implication), and ! (storage operator, exponential). ! behaves more or less like the modal necessity operator in the well-known sytem S4 of modal logic; in particular, the rst natural deduction formulations proposed for ILL (e.g. in [A]) had the following introduction rule for ! !? A !? !A `

`

We gratefully acknowledge the use of D. Roorda's style le \exptrees.sty" for the typesetting of prooftrees. We are indebted to H. Schellinx for discussions and critical comments on a rst draft of this paper. 

1

(we use ?; ?0; : : : ;
;
0; : : : for multisets of assumptions) or in tree form [ !?]] D

A !A where the brackets [ and ] in [ !?]] serve to indicate that [ !?]] is a complete multiset of open assumptions in , discharged at the application of !-introduction. This version has the disadvantage, as noted by several researchers, that the proof trees are not closed under substitution of deductions for open assumptions (substituting deductions for the assumptions !? in an application of !-introduction leads to a deduction which ends in general not with a correct application of !-introduction). In [BBHP] it was proposed to generalize the !I-rule to
1 !A1; : : : ;
!A !A1 ; : : : ; !A B
1; : : :;
!B In the sequel we shall reserve the designation ILL for this version from [BBHP]. Closure under substitution is now taken care of, but for a proof-theoretic treatment the new version of the !I-rule turns out to be somewhat awkward; in a sense, the rule both introduces and eliminates !-formulas, and there is no direct relation in complexity between !B and the formulas !A ; the latter may be much more complex than the conclusion. Prawitz's treatment of S4 in [P1] suggests another possibility, which we shall call !I+: a correct application of !I+ has the form D

`

n

`

n

n

n

`

`

i

D

1

Dn

[ !A1; : : : ; !A ] n

D

B !B (no assumptions open in become bound in ; [ !A1; : : : ; !A ] is a complete list of the open assumptions in ). However, this does not combine very well with the contraction rule for the exponential. Therefore we study another version of ILLme , called ILL+ , in which !I is repaced by !I+, and contraction is eliminated by considering prooftrees where multiple labels of variables are permitted, if they arise by substituting isomorphic copies of a deduction 0 for a collection of open assumptions of the form !A in another deduction . Thus we suppress the dynamic aspect of contraction (i.e. the separate operation of replacing two distinctly labelled occurrences of a formula !A by a single occurrence); a precise statement of the conditions permitting multiple occurrences of the same label will be given later on. It appears that ILL+ permits a proof-theoretic treatment closely parallel to Prawitz's treatment of intuitionistic logic in [P1, P2]. In particular, we can formulate a notion of strong validity giving rise to a proof of strong normalization for ILL+ ; normal forms of deductions in ILL+ have the subformula property and can be analyzed in terms of the structure of tracks (track = path in [P1]), which in normal deductions always consist Di

D

D

D

D

2

n

of an elimination part, followed by a minimal part, followed by an introduction part. Applications of the kind given in [P1] follow. Returning to ILL itself, the obvious \direct conversions" contracting an E-rule application with the conclusion of an I-rule as main premise, and the \permutative conversions" permitting to permute E-rule applications upward past minor premises of certain E-rules, do not suce to give a normal form with subformula property. But one extra conversion, corresponding to one of the equalities in the notion of categorical model of ILL described in [BBHP], suces for this; it is consideration of ILL+ which suggests a suitable normalization strategy for ILL relative to this set of conversion rules. Finally, one may ask what notion of categorical model corresponds to ILL+? For + as such, the question does not make immediate sense, since the restrictions one has ILL to impose on conversions in ILL+ are non-standard for a term-calculus. But the question does suggest the possible interest of a notion of categorical model obtained by imposing one extra equation on the set of equations listed for the models of BBHP, to the eect that any map from !? to !A can be obtained as the result of an !I-introduction to a map from !? to A. This identity is true in algebraic models (trivially), but we do not know of a non-trivial type-theoretic or categorical model where it holds.

2 Notational representation of natural deductions We recall that deductions in the system IL of natural deduction for intuitionistic propositional logic can be presented, in a highly redundant way, as trees where the nodes are labelled by sequents of the form () x1 : A 1 ; : : : ; x : A t : B where t is a rigidly typed term of type B , and the free variables of t occur among x1; : : : ; x . Such a representation obviously contains redundancies, since if t is rigidly typed, the variables x in t occur also typed as x : A ; moreover, t re ects in its construction the complete prooftree up to this node, so the conclusion label at the bottom of the tree contains in fact all relevant information concerning the tree. Several isomorphic forms of presentation of deductions in IL are obtained by stripping certain types of redundant information from the tree. Thus, for example, we obtain the usual formula-tree presentation by (1) stripping the terms and the context x1 : A1 ; : : :; x : A of each label, retaining only B in ( ) above, (2) retaining the variable labels of assumptions appearing at the top nodes (the leaves) of the tree; (3) indicating the rules used (when needed to avoid ambiguity) and (4) indicating, by repeating the labels, where assumptions are discharged. The term-presentation is obtained by retaining only the rigidly typed term at the root of the tree, etc. Each of these styles has its own merits; the formula-tree style has a certain \geometric

avour" and permits an appealing formulation of the structure of normalized proofs (as built from tracks with an elimination part, minimal part, and introduction part, cf. [P1]) from which we can neatly derive a number of corollaries (the subformula property, a generalized form of the disjunction rule etc.) It is true that for IL the E-rule and the corresponding conversions (normalizing steps) are nastier than the other rules (a fact strongly emphasized in [GLT])| but really not too nasty, I think | it is still manageable. 

n

n

`

n

i

i

i

n

n



_

3

The term presentation is very compact and precise, and makes the isomorphism between typed-term calculi and deduction systems fully explicit. It also suggests further normalization steps, which serve as a stepping stone towards a category-theoretic formulation of the logic. The preceding remarks apply, mutatis mutandis, also to natural deduction formulations of intuitionistic linear logic. In exhibiting deductions as formula trees, we use some standard conventions. We use calligraphic ; ; ; ; , possibly sub-or superscripted, for formula prooftrees. D E F G H

[A] x

D

B is a prooftree with [A] the set of all open asumptions of the form A with the label x. The label is often dropped. Several assumption classes may appear as: D

[A; B ] or [A][B ] x

y

x

y

Whenever an open hypothesis A is discharged by a rule application, all occurrences of A with label x above the application of the rule are discharged (closed) simultaneously. It is usually convenient to assume that any label x discharged by rule application  occurs only above ; this can be achieved by relabelling closed assumptions if necessary (in termnotation this is just renaming bound variables). x

3 Intuitionistic linear logic In presenting intuitionistic linear logic ILL care has to be taken in handling assumptions. For the purely multiplicative fragment with ?; (; 1, this is simple: in the formula-tree style, the assumptions are treated as a multiset, or more precisely, as a set of occurrences, each occurrence with a distinct label; each (I-application discharges precisely one occurrence, each ?E-application precisely two occurrences. If we add the exponential !, however, we must build into the rules that multiple use is equivalent to single use of the assumption !A. We can stick to the convention that distinct occurrences of assumptions always have distinct labels by having a contraction rule. The eect of this rule is to replace two distinct labels (x; y say) of a formula occurrence !A with a new single occurrence with a new label (z say). In the formula-tree style an application of the contraction rule looks like [!A; !A] !A

D

z

B

[!A; !A]

y

x

0

B x; y

y

x

or more generally

4

D

!A

D

B

0

B x; y

Similarly with weakening; the possibility of \vacuously" depending on assumption of the form !A (labelled x) is expressed by a weakening rule: D

0

D

D

0

!A B , more generally !A B B B x

3.1.

Definition. In an application of the promotion rule !I x1

[ A1 : : : ; A ] xn

n

D

1

Dn

E

B !A1 : : : !A x1; : : : ; x !B the conclusions !A of the are the side premises of the !I-application, and B is the main premise. 2 n

n

Di

i

3.2.

Notation. If ?;
are used for collections of formulas in versions of ILL, the ?;


are treated as multisets; for sequences of formulas and derivations we use vectornotation B~ ; ~ etc. 2 D

3.3. Definition. (The system ILL) For reference, we give a version of a natural deduction calculus for ILL (restricted to !; (; ?; 1), presented as a termcalculus. Axiom x : A x : A B
; x : A; y : B t : C ? E ? s : A??;
?I ? ?;
s : As ? t
: A ?t B: B E (s; t) : C )

)

)

)

)

)

)

? x;y

s:A(B
t:A ?;
st : B 1I : 1 1E ? ?;
s : 1 E1 (
s; t) :t A: A x1 : !A1 ; : : : ; x : !A s : B !I ?1 t1 : !A1 ; : : ?: ; ?; : : : ; ?t : !A! (t1; : : :; t ; s) 1 1 s : !B
t : A D ? s : !B W ? ?;
Ew (s; t) : A ? Ed (s) : B y : !B;
t : A C ? s : ?!B;
x : E!B; c (s; t) : A

:A t:B (I ??; xx:t :A(B

(E ?

)

)

)

)

) 

)

)

)

)

`

n

`

n

n

)

n

`

n

x ;:::;xn

)

n

`

n

)

)

)

)

)

)

x;y

?;
are sets of statements x : A with the x all distinct; ?;
disjoint. In ! (~t; s) the operator ! binds ~x in s; in Ec (s; t) Ec binds x; y in t. W = weakening, D = dereliction, C = contraction. 2 i

~ x

x;y

i

i

x;y

5

~ x

In discussing ILL it is often advantageous to generalize both weakening and contraction. Weakening is generalized to: 1 !A1 D

Dn

: : : !A B and contraction to

D

0

B

n

[(!A1) 1 ; : : : ; (!A ) ] k

1 !A1 D

Dn

D

0

n

kn

B

: : : !A

n

B where (!A ) refers to k (k > 1) assumptions of the form !A in 0. This form of contraction is a combination of n applications of i

ki

i

i

i

D

[(!A ) ] i

Di

D

ki

0

B

!A

i

B which in turn is a mild generalization of the original contraction rule. Definition. In the applications of the general forms of W and C, the !A appearing as conclusions of the are called the major premises (plural!) of the application, and B the minor premise. 2

3.4.

i

Di

In [BBHP] normalization for natural deduction is not discussed, but some conversions are listed, in particular (1) \detour-conversions", i.e. the removal of a formula occurrence introduced by an I-rule, only to be immediately eliminated as major premise of an E-rule. (2) permutation conversions of the following general form: a subdeduction of the form 3.5.

00

D

D

A

B

01

B

01

D D

1

converts to

D

00

B

D

1

C

C A C C where the nal rule is an E-rule with B as major premise (and similarly with more premises in the rule). Normalization becomes rather complicated in ILL, due to the complicated form of the promotion rule, as illustrated by the conversion of an !-introduction followed by a C

6

contraction. The dotted line in the second prooftree serves to make it visually clear that both formulas above it enter as assumptions in the deduction . F

[ A1 : : : ; A ] x1

xn

n

1 !A1 D

Dn

B

!A !B






[!B !B] u

E

n

x1; : : :; x C

v

F

C u; v

n

is transformed into [ !A1; : : : ; !A ]

[ !A1; : : : ; !A ]

n

x1

E

!A1 : : : !A [!B D

1

y1

B

xn

n

!A1

E

!A1 : : : !A !B ]

B

yn

n

Dn

!A






n

F

C

(contractions) n n C Detour conversions and permutative conversions are not sucient to guarantee the subformula property for normal proofs, as we shall see. n

x1 ; y1 ; : : : ; x

;y

3.6. Example. Here is an example of a deduction in the fragment (; ! which is normal w.r.t. detour- and permutation conversions, but which does not have the subformula property. (In particular, !(B1 ( B2) does not occur as subformula in the conclusion).

!(!

(( ( ! (( (

C

!(!

C

(( ( B1

B2

))

(1)

!(

B1

C

!

(

C

B1

(2) B2

)) (3) ! 2) ( 1 2 3,4

B2

B1

B

B

)

C

! 5

(5)

(! ) 2 ! ((! (! ) (( ( ))((! ((! (! C

B1

B2

( (

B2

B1

B2

B2

B1

B1

B2

))

(7)

B1

B1

B2

B2

C

) (6) !

B2

B1

!

B1

C

B1

B

(!

!(!

!(

(4)

6,7

1

Formulating an analogue of the notion of path (track in our terminology) as used by Prawitz, it seems natural to let in an application of !I the occurrences of !A as conclusion of be followed by the assumption !A in . We then see that in our counterexample the introduction of !(B1 ( B2) on the left is followed by a dereliction from the assumption !(B1 ( B2) on the right; but the detourconversions and permutation conversions mentioned before do not permit contracting the !I followed by !E (dereliction) in the path. i

D

i

E

7

The following type of conversion permits us to contract the promotion/dereliction in our example. [ !B~ ]

~ [ : : :!A : : :] 0 !B~ A ~ !A ~ 0 C !C F

D

i

D

i

G

G

i

~ (!B~ is a sequence of deductions of the form !B ) is replaced by F

Fi

i

[ !B~ ] D

!B~ A [ : : : !A : : :] i

~ 0 ~ !B~ ~ 0 C !C This additional conversion permits normalization with subformula property for normal deductions, as we shall see later; an appropriate normalization strategy will be suggested by the system ILL+, to be discussed next. For the reasons given above it seems worthwhile to explore the possibility of an alternative formula-tree presentation which is geometrically more manageable, at the expense of a slightly more complicated treatment of labelling of assumptions. Our solution (system + ILL ) is closer in spirit to Prawitz's treatment of natural deduction for S4 (cf. [P1]) and permits a satisfactory normalization theorem, with the subformula property for normal proofs, and a structure of paths in deductions similar to the case of intuitionistic logic. i

F

D

G

G

4 The system ILL+ In comparing the two systems we shall stick to the convention that in a proof tree [A] always refers to a single assumption occurrence of the form A. The principal features in which ILL+ diers from ILL are the following. The promotion rule In ILL+ the rule, now called !I+, takes the form

4.1.

E

1

[ !A1

En






!A ] n

D

B !B 8

that is to say, in deduction with conclusion B and complete set of open assumptions !A1; : : : ; !A , deductions 1 ; : : :; have been substituted; this premise permits deriving !B from B . In term style this becomes If t[x1; : : : ; x =s1 ; : : : ; s ] : B; FV(t) = x1 : !A1; : : : ; x : !A s1 : !A1; : : : ; s : !A ; then !t[~x=~s ] : !B: So in ILL+ the operator ! does not bind variables; we may assume (FV(s1 ) : : : FV(s )) FV(t) = . D

E

n

En

n

f

n

n

n

ng

n

[

[

n

\

;

Definition. An application of !I+ as exhibited is said to be based on E1; : : : ; E . n

2

The contraction rule and multiple label occurrences The weakening rule is not changed. The contraction rule does not appear explicitly, but is built into the system by permitting multiple occurrences of the same free variable for assumptions. Let us formulate the condition for multiple label occurrences more precisely. Whenever a label x for an open assumption A in deduction is used precisely k times (k > 1), then there are k isomorphic copies 1 ; : : :; of the same deduction with conclusion of the form !B , such that in each there is a single occurrence of x, and is of the form 4.2.

D

E

Ek

F

Ei

1

E

F

Ek

[!B : : : !B ]

D

F

[!B : : : !B] or t[x1 : !B; : : :; x : !B=s; : : : ; s]



k

E

E

A special case is where the consist of !B alone. Labels y1; : : :; y in 1 ; : : : ; respectively corresponding to a label y bound in , are all distinct. (This is necessary to guarantee that identical labels are always discharged simultaneously.) Intuitively we may think of the multiple occurrence as representing a generalized contraction rule application. The set of occurrences of !B is called a substitution location. The weakening rule is generalized as already indicated for ILL. Ei

k

E

F

4.3.

Definition. (The termsystem for ILL+ )

?I tt ?: As : As ?: BB

? E t : A ? BE s([xt; :s)A;: Cy : B ] : C ? x;y

x : A] : B (I y:tt[[x=y ]:A(B I

1



:1

(E t : A (ts B: B s : A

E tE[x1 :(t1)]::AA

1

x

~ s : !~A ] : B !I+ t[~x :!t![A=~ ~x=~s ] : !B

D Edt(t:!)B: B

with restrictions on variables as indicated above. 2 9

~ ~ C t :w!A~ s : B E (t; s) : B

Ek

4.4.

Proposition. There is a map  from the deductions in ILL+ to the deductions in

, and a map + in the opposite direction, such that if in ILL+ ( in ILL) proves ? A, then  in ILL ( + in ILL+ ) proves ? A. Proof. We introduce an auxiliary system ILL++, containing all the rules of ILL+, having the same conditions on labels, and in addition has the (derivable) rules !I and the generalized contraction rule of ILL: ILL

D

`

D

E

x1

E

`

[!A; : : :; !A] xn

E

D

C x1; : : : ; x

!A

C The map + may be de ned on the deductions of ILL, inductively on the length of derivations: (1) replace any application of C as above by D

n

D

[!A; : : : ; !A] E

C (Nothing in any copy of is bound in .) (2) replace an !I-application as on the left by the !I+-application on the right. D

E

x1

[ !A1; : : :; !A ] xn

D

1 !A1 D

Dn

1

Dn

[ !A1; : : : ; !A ]

n

n

E

: : : !A B B x1; : : : ; x !B !B (Nothing in any becomes bound in .) For the converse map , we proceed as follows. Let be a deduction in ILL++; suppose a k-fold occurrence of a label results from the substitution of copies of 0 at k (k > 1) assumptions of the form !A in 00, i.e. E

n

n

Di

E

D

D

D

D

D

0

D

0

[!A; : : : ; !A]



D

00

Then the k assumptions !A form a substitution location (\subl") and the 0 is the corresponding substitution deduction (\sded"). De ne the multiplicity degree md of a deduction as the sum of the lengths of its sded's. N.B. If we encounter nested subdeductions D

D

D

D

000



0

[!B ] D

00

!A

10

with both !B and !A elements of substitution sets, then this contributes at least length( 0) + length( 000) (i.e. the elements of 0 count at least twice!). Any replacement of a subdeduction 000 of the form D

D

D

D

D

0

D

0

x1

[!A; : : : ; !A]

by

00

D

0

[!A; : : : ; !A] xn

D

00

B

!A

x1; : : : ; x B lowers the md of the deduction. We successively remove multiple occurrences of labels from a given deduction as follows. Given a multiple label x, arising from substitution of deduction 0 at k occurrences of !A in , we distinguish two cases: (1) x is open in the whole deduction , and we replace the multiple substitution of 0 by a contraction applied after the last rule application. (2) if x is bound, there must be a rule application where all occurrences of x become bound simultaneously, so contains a subdeduction  D

B

n

D

D

D

D

D

D

D

0

D

D

0

D

[!A; : : : ; !A] D

B

E

B0

x; y; : : :

D

0

[!A; : : : ; !A]

or

00

0

D E

B0

00

B x; y; : : :

In this case we introduce the contraction after the conclusion B of 00. We continue till we have found a deduction of md zero. The result is almost an ILLproof, except for the possible occurrences of !I+-applications D

D

1

Dn

[ !A1; : : : ; !A ] n

E

B !B We may now assume that all assumption occurrences have distinct labels in the whole deduction. We replace such an !I+-application by an !I-application [ : : : !A : : :] xi

i

1 !A1 D

Dn

E

: : : !A B x1; : : : ; x !B (x1; : : : ; x fresh labels). In nitely many steps we reach an ILL-deduction. While there are several possibilities for transformation, as e.g. in the case of !I+-applications, a unique choice is easily stipulated (e.g. choose highest occurrences !A1 ; : : :; !A which can serve as a basis for the !I+-application). 2 n

n

n

n

11

5 Conversions of ILL+ New conversions Permutative conversions are de ned as usual, and involve ?E, 1E, and (multiple) weakening followed by some elimination rule. Also standard are the ?-, (- and 1-conversions.

5.1.

> 0 if reduces to 0, and obtained from by a single conversion. 2 !I+ followed by dereliction contracts according to

5.2.

Notation. We write D

D

D

D

D

>1 0 or 0 < 1 , if 0 is D

D

D

D

D

Di

[ : : :; !A : : :]

>1

i

D

B !B B

Di

[ : : : !A : : :] i

D

B

i.e. D4+ Ed (!t[~x=~s ]) = t[~x=~s ] where !t is based on the ~s. !I+ followed by weakening contracts as follows: Di

[ : : : !A : : :] i

D

B !B

E

>1

Di

E

: : : !A : : : C C i

C C an instance of the generalized rule of weakening (which may be replaced by n successive weakenings). In term notation: Ew (!t[~x=~s ]; t0) = Ew (~s; t0) With n-fold weakening as primitive, the !I+{W contraction may be formulated accordingly: W1+ Ew (t~1; !t[~x=~s ]; t~2; t0) = Ew (t~1;~s; t~2 ; t0) Here the ~x indicates the set of occurrences [ !A1; : : : ; !A ] in a promotion application, i.e. t is based on ~s. It is to be noted that application of a single conversion in a subtree belonging to a set of isomorphic subtrees inserted at a substitution location, may fall outside our class of prooftrees for ILL+; but nitely many \isomorphic" conversions will then bring us back into the class of ILL+ -prooftrees. n

12

The term equations for ILL We shall brie y compare the term-equivalences of [BBHP] with the equivalences generated by our conversions. For brevity, we state the term equivalences of [BBHP] in our notation; it is instructive to write them out as operations on prooftrees. We arrange the equations in groups. 5.3.

1. Equalities corresponding to detour-conversions for 1; ?; ( and !I{!E. D1 E1 ( ; s) = s; 

D2

E (t ? t0; s) = s[x; y=t; t0];

D3

(x:t)s = t[x=s];

D4

Ed (! (~s; t)) = t[~x=~s ]:

?

x;y

~ x

In ILL+, D1{3 also hold as conversions, to D4 corresponds the conversion of dereliction following promotion in the form D4+ mentioned before. 2. Extensionalities (analogues of -conversion). E1 E1 (t; f [z= ]) = f [z=t]; 

E2

E (t; f [z=x ? y]) = f [z=t];

E3

x:tx = t (x FV(t));

E4

! (t; Ed(x)) = t:

?

x;y

62

x

To E1{4 correspond in ILL+ E1{3 and E4 in modi ed form E4+ !(Ed(t)) = t: 3. Equalities involving weakening. Ew (~s; t) is short for Ew (s1 ; Ew (s2; : : : Ew (s ; t) : : :)) The equations are W1 Ew (! (~s; t); t0) = Ew (~s; t0); n

~ x

(s;~s 0 ; Ew (x; t)) = Ew (s; ! 0 (~s 0 ; t));

W2

!

W3

Ec (s; Ew (x; t)) = t[y=s]; Ec (s; Ew (y; t)) = t[x=s];

W4

f [Ew(z; s)] = Ew (z; f [s]):

x;~ x

0

x;y

~ x

x;y

W1 corresponds to the conversion of promotion followed by weakening and corresponds in + to W1+ mentioned above.

ILL

13

W2 expresses that for a promotion following a weakening the weakening may be pushed \downward" past the promotion. In ILL+ it corresponds to (in term notation) W2+ !Ew (x; t[~x=~s ]) = Ew (x; !t[~x=~s ]): W3 corresponds to W3+ Ew (t; s[x=t]) = s[x=t]: which is also not among our conversions. W4 permits us to push weakening up/down as long as no binding of hypotheses is involved, and contains our permutation conversions for weakening as a special case. 4. Equalities with contraction. We use an abbreviation Ec (~t; s) := Ec1 1 (t1; Ec2 2 (t2; : : : Ec (t ; s) : : :)) where ~y y1; : : :; y , ~z z1 ; : : :; z . The equalities are C1 Ec (! (~s; t); s0) = Ec 0 00 (~s; s0 [y; z=! (~x 0 ; t); ! (~x 00; t)]); y ;z

y ;~ ~ z





n

y;z

y ;z

~ x

yn ;zn

n

~ x

~ x ;~ x

~ x

(x0; y0 ;~s 0 ; t));

C2

! 0 (s;~s 0; Ec (z; t)) = Ec 0 0 (s; !

C3

Ec (s; t) = Ec (s; t);

C4

Ec (s; Ec (w; t)) = Ec (s; Ec (w; t));

C5

f [z=Ec (s; t)] = Ec (s; f [z=t]):

z;~ z

x;y

x;y

n

x ;y

x;y;~ z

0

y;x

x;w

y;z

x;y

w;z

x;y

x;y

C1{5 disappear (i.e. left- and righthand side of the equation translate into identical terms) in ILL+. The generalized form of contraction requires a much more involved term operator. 5. Other rules. P1 f [w=E1 (s; t)] = E1 (s; f [w=t]); P2

f [w=E (s; t)] = E (t; f [w=s]): ?

?

x;y

x;y

The same equations can be adopted in ILL+; these equalities contain the permutation conversions for E and E1 as special cases. X1 ! 0 00 (~t0 ; ! (~t; f ); ~t00; g) =! 0 0 0 "(~t0 ; ~t; ~t00; g[y=! (~x 0 ; f )]): In ILL+ X1 disappears. ?

y ;y;~ ~ y

~ x

y ;~ ~ x ;~ y

~ x

14

Remark. If there is a notion of categorical model corresponding to ILL+ , which might

be seen as a strengthening of the conversion rules for ILL+ as well as the categorical identities for ILL as stipulated in [BBHP], it should be based on the ILL+ -conversion rules plus E1{3, E4+, W2+ ,W3+ ,W4, P1{2. However, the term calculus of ILL+ does not behave in the standard way, as we already pointed out: isomorphic subterms of type !A giving rise to multiple occurrences of the same variable (multiple labels) ought always to be converted simultaneously in order to stay within the same class of ILL+ -terms. It does make immediate sense however, to ask for the notion of categorical model corresponding to a system based on contraction as for ILL, but with the rule !I+. In this intermediate system a very natural conversion rule suggests itself, namely E4 ! (~y; Ed (t)) = t[~x=~y]; from which it follows that ! (~s; Ed (t)) = t[~x=~s]: This conversion has in ILL the eect that ~ x

~ x

[ !B~ ]

[ !A1; : : : ; !A ]

Ei

D

n

C

: : : !A ?1 !A !A +1 : : : !C is equivalent to i

i

i

[ !B~ ] Ei

[ !A1 : : : ; !A ; : : : ; !A ] i

!A1 : : : !A ?1 !B~ !A +1 : : : !A !C (Replace by i

i

n

D

C

n

Ei

[ !B~ ] Ei

!A ~ !B A !A and apply the rule X1, etc.) The rule E4 holds in algebraic models for linear logic (intuitionistic linear logic with storage, in the terminology of [T2]), but we do not know of a non-trivial type-theoretic i

i

i

15

model where E4 is ful lled. E4 is in fact equivalent to the requirement that a \change of basis" for the promotion rule leaves the proof term the same. Speci cally, [ !B~ ] D

!A

[ !B~ ]

[ !B~ ] 

D

!A

!A

!A A

D



!B~

!A

!A A

where the rst instance of !I has basis !A, the second the basis [ !B~ ] ; the rst equivalence is the usual E4, the second is the "change of basis" equivalence, the combination yields E4 . Strategies for normalizing 5.5. Definition. A segment in a deduction is a set of formula occurrences A1 ; : : : ; A of the same formula, such that A +1 is immediately below A for 1 i < n, A for i < n is minor premise of W,1E or ?E, A1 is not conclusion of such a rule, and A is not minor premise of such a rule. A segment is maximal if either n = 1 and A1 = A is conclusion of an I-rule and major premise of an E-rule, or n > 1 and A is major premise of an E-rule. A terminal segment of is a segment where A is the conclusion of . (N.B. In our fragment of ILL+ the terminal segment is unique.) A segment is critical if it is a maximal segment of maximal degree (degree of a segment = complexity of the formula of the segment). 2 5.4.

n

i



i

i

n

n

n

D

5.6.

D

n

Proposition. (Normalization for ILL+) Each deduction D in ILL+ can be brought

into normal form by a nite sequence of reduction steps.

Proof. We may normalize deductions by making conversions at the leftmost-topmost critical segment. If this is done in the leftmost subdeduction D0 of a nite set of copies of D0 inserted for several occurrences of a formula !A, then the result might fall outside

our class of deductions; but if we next successively make the same conversion in each of the copies, we are back at a deduction of ILL+. Each step in this procedure according to the strategy just described results in a diminishing of the total length of all maximal segments of maximal complexity. One case requires attention: what if for a substituted deduction 0, at two occurrences o1 and o2 of the substitution location consisting of occurrences of !A say, at o1 a conversion cutting out !A is possible, and at o2 not? But in this case Rule ( 0) is promotion, and it is easy to see that in this case we can take the basis of the promotion (a set of occurrences of a formula !B say) in all copies of the original 0 as new substitution locations. The form of normal deductions may now be analyzed as done in [P1]; more details are given in section 6. D

D

D

16

6 Strong normalization in ILL+ We may prove strong normalization for ILL+ using Prawitz's concept of strong validity, adapted to the present system (for an exposition of the intuitionistic case see e.g. [T1]). Since single conversions do sometimes lead outside ILL+, we consider a wider class of proof trees, where multiple labels are permitted (as usual, open assumptions with the same label always have to be discharged simultaneously); for the rest the rules have the same form as for ILL+ . If we can prove strong normalization for this wider class of deductions, we have SN for + ILL , with respect to those normalization strategies where, if one of a series of copies of substituted at a set of occurrences of !A is converted, then all the others are converted in the same way at the next steps until the whole group has again become isomorphic. D

Definition. is a conversion candidate of if the terminal segment of is of the form A ? B and begins with an ?-introduction with deductions ; 0 of the premises, and ( ; 0). If >  and  has a conversion candidate , we say that is a derivate of . 2

6.1.

Z

D

D

F F

Z 

F F

D

D

D

Z

Z

D

Notation. Below we shall (unless indicated otherwise) stick to the convention that given

a derivation not ending with W, the subdeductions of the premises from left to right are 0; 1; : : :; in the case of weakening 1 is the minor premiss and 0 stands for one of the major premises. This may be iterated giving rise to notations 01 etc. Similarly for 0. We write > 0 or 0 < if reduces to 0, i.e. 0 is obtained from by a series of conversion steps. We write >1 0 or 0 < 1 if 0 is obtained from by a single conversion applied to some subdeduction of . Rule( ) is the last rule applied in . \SN" abbbreviates \strongly normalizable". 2 D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

6.2. Definition. A deduction is said to be strongly valid (SV) if one of the following clauses applies: 1. consists of an assumption, or the axiom 1I. 2. Rule( ) ?I; !I+ and the subdeductions of the premises are SV. 3. Rule( ) = (I, i.e. is of the form D

D

D

2 f

g

D

D

[A] D

0

B A(B then

D 2

SV if for all  SV with conclusion A D

2

17

D



[A] D

B 4. 5. 6. 7.

is SV. Rule( ) (E; !E , is normal or for all 0 < 1 0, 0 is SV. Rule( ) = W, and is normal or for all 0 < 1 , 0 is SV, ~ 0 SN, 1 SV. Rule( ) = 1E, and is normal, or for all 0 < 1 , 0 is SV, SN( 0) and SV( 1). Rule(D) = ?E, and is normal or for all 0 < 1 , 0 is SV, and condition ( ) holds, that is to say SN( 0), SV( 1), and whenever the deduction 0 of the main premise A ? B has a derivate ( ; 0), and the minor premise has deduction D

2 f

g

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

D

2

D

D

2

D

D

D



D

D

F F

[A; B ] D

F F

0

, then [A; B ]

1

C

D

is SV:

1

C

2 6.3.

(

Lemma. Let Rule(D) 2 f?I; !I+ ; Ig. Then, if D D

( ) n

=

then : : : >1 ( ) >1 of repetitions. D

n

i

( ) 0 n

D

A

D

or

( +1)

i

n

>1

( ) 0 n

D

D

A

( +2) n

i

D

>1

D

(1)

>1

D

(2)

>1 : : :, where

( ) 1 n

>1 : : : become reduction sequences after deletion

Lemma. If D > D0 and SV(D) then SV(D0). proof. By induction over the inductively de ned class of SV deductions. Obviously it suces to show that if D >1 D0, and SV(D), then SV(D0). 2 6.4.

Lemma. D 2 SV ) D 2 SN. Proof. By induction over the class of SV deductions. The induction step is immediate if D 2 SV by clauses 3{6, since then if D is not normal all D0 < 1 D are SV, and so by

6.5.

the induction hypothesis SN. If SV by clauses 1{2, strong normalizability is also immediate from the induction hypothesis. 2 D 2

18

6.6.

(

Lemma. Let Rule(D) 2 f?E; E; !E; W; 1Eg. Then D 2 SV if

(i) (ii) (iii) (iv) (v)

SN( ) for all immediate subdeductions . If Rule ( ) = (E or !E, then SV( ). If Rule( ) = W, then SN( ~ 0) and SV( 1). If Rule( ) = 1E, then SN( 0) and SV( 1). If Rule( ) = ?E, clause ( ) in the de nition of SV applies. Proof. In order to prove this lemma, we assign to each satisfying the conditions of the lemma with conclusion of given complexity an induction value IV( ) = ( ; ; ) where = (sum of) length(s) of reduction tree(s) of 0 ( resp. ~ 0);

= (sum of) length(s) of 0 (resp. ~ 0);  = sum of lengths of reduction trees of the deductions of the premises. The ordering is lexicographic: ( ; ; ) < ( 0; 0 ; 0) := ( < 0 ) ( = 0 < 0 ) ( = 0 = 0  < 0 ). We prove the lemma by induction on IV( ). It suces to prove 0 < 1 (SV( 0)), since the other conditions imposed on SV by the de nition hold automatically if the assumptions of the lemma are satis ed. Case 1. normal: we are done. In all other cases, let 0 < 1 ; let IV( ) = ( ; ; ) and IV( 0) = ( 0; 0 ; 0) (if de ned, which has to be shown). Case 2. 0 is obtained by a conversion step applied to the deduction of one of the primises of the last rule application in . Then 0 falls under the conditions of the lemma, and has a well-de ned lower IV. Case 3. 0 < 1 by a detour-conversion involving the nal rule-application. Then the major premiss of the last rule in is obtained by an I-rule. For example, Di

Di

D

Di

D

D

D

D

D

D

D



D

D



D



D

D

D



_

^

8D

^

D

^

_

D

D

D

D

D

D

D

D

D

D

D

D

D

[A]

1

D

00

D

B

D 

1

D

0  [A]

00 A(B A B B By clause (ii), SV( 1), SV( 0), and hence by the de nition of SV, it follows that SV( 0). if D

D

D

D

D

D

00

0 00 B !B B B 0. then SV( 0), hence SV( 00), where 00 0 Case 4. < 1 by a permutative reduction involving the nal rule application. D

D 

D

D

D



D

D

 D

D

19

Subcase 4.1.

(E or !E is permuted over ?E. Let [A; B ] 01

00

D

[A; B ]

0 D

D

1

C

00 A?B C (D 1 D A ? B C C(D D D SN( 0), hence also SN( 00 ). The induction value of 0, if de ned, is clearly lower: < 0 or = 0 0 < . We must show that 0 again satis es the conditions of the lemma. Note: SV( 0), SV( 1), SV( 01), hence SV( 10 ) by the lemma, since IV( 10 ) = ( 00 ; 00 ; 00) with 00 < ( 00 = 00 < ), hence SV( 10 ). Also, if 00 has a derivative ( ; 0), we must show that D

D



;

D

D

D



D

D

01 ;

D

^

D

D

D

_

D

^

D

D

D

F F

FF

F

D

0

[A B ]

00



01

1

C(D C D is SV. For this we need that the left subdeduction of 00 is SV. But SV( 0), hence this follows by condition ( ) in the de nition of SV. As a result, 00 ; 10 are SV, hence SN, and IV( 0) is de ned and the IH applies. The treatment of !E over ?E is completely similar. Subcase 4.2. (E or !E over W or 1E. The arguments are quite similar to, but slightly simpler than in the preceding case. Subcase 4.3. ?E or W or 1E over ?E or W or 1E. Let us consider the most complicated case of ?E over ?E. D

D

F

D



D

D

D

[A; B ] D

00

D

01

1 A?B C ?D C?D E E IV( ) = ( ; ; ). We have (a) 0 SN, 1 SV; (b) If 0 has a derivate ( ; 0), then D



D

D

D

D

2

D

2

D

F F

FF

H



[A; B ] [C; D]

[C; D]

0

[C D ] 1

D

E

is also SV. 20

0

D



01

C?D E A?B E D

00

1

D

E

We have to show that 0 falls under the IH. In the rst place SN( 00) holds, since SN( 0). Secondly, we must check that 10 is SV. This requires (1) SN( 01), which follows from SN( 0), (2) SV( 1) which holds by (a), and (3) whenever 01 has a derivate ( ; 0), then as above is SV. But if 01 has a derivate ( ; 0) then ( ; 0) is also a derivate of 0, so (3) follows from (b). Hence SV( 10 ) follows by IH, since 10 has a lower IV. In order to get SV( 0) it remains to be shown that if 00 has a derivate ( ; 0), then D

D

D

D

D

D

D

D

F F

H

D

F F

F F

D

D

D

D

D

G G

G

G G

0

[A; B ] [C; D]

00



D

01

C?D E

1

D

E

is also SV. This is similar to the preceding part of the argument; the crucial clause to be veri ed is now: if 000 has a derivate ( ; 0), then is SV. However, if 00 has a derivate ( ; 0), this means that 0 reduces to something like F F

G

D

H

G G

G

G

D

0

A B A?B A?B .. [A; B ] . A?B 01 C?D A?B C?D En

0

E

and then

D

D

also reduces to

0

G

G

0 [A; B ]

A B 01 A?B C?D C?D C?D .. . C?D C ?D D

En

0

E

21

so

D

0

reduces to a deduction G G

0

[A; B ] 01

D

C?D C?D .. . C?D 0 C?D and it appears that ( ; 0) is also a derivate of 0, hence is indeed SV. Subcase 4.4. Permutation of 1E over ?E. This case is similar to earlier cases, but simpler. 2 En

E

F F

D

H

is SVS (strongly valid under substitution) if every substitution of SV deductions for open assumptions in yields a SV deduction. 2

6.7.

Definition.

D

D

Proposition. All deductions in ILL+ are SVS. Proof. By induction on the lengths of deductions. We consider two typical cases.

6.8.

Case 1. Let Rule (D) = W. Then D

0

D

!A

1

B

B 0 ; 1 are SVS by induction hypothesis. Let  be a substitution instance of , so D

D



D

D

D





0

D 



1

D

!A

B

B

then D; D are SV, hence D is SN and so D is SV by the preceding lemma. 0

1

Case 2. Rule(D) is ?E, so

0

[A; B ] D



D

1

0

D

A?B C C and let  be a substitution instance D

D





 D 0

A?B C

[A; B ] 

1

D

C

22

D

By induction hypothesis 0; 1 are SV, so 0 is SN. Suppose 0 has a derivate ( ; 0) occurring in a  < ;  is SV, and it follows that ; 0 are SV. Then D

D

F F

D

F F

D

D

D

D

F F

0

[A; B ] 

1

D

is SV. etc. 2

C

7 The structure of normal deductions in ILL+ 7.1.

Definition. A track in a normal

D

is a sequence of formula occurrences A0 , A1 ,

A2,: : : , A such that 1. A0 is an axiom, open assumption or assumption closed by (I in ; 2. A +1 is immediately below A if A +1 is conclusion of an I-rule, A a premise of the same rule; 3. A +1 is immediately below A if A is major premiss of an application of !E = D, (E, or minor premise of an application of ?E, W, or 1E; 4. A is major premise of an application of ?E and A +1 is an assumption discharged by that application; 5. A is either conclusion of , or major premise of 1E, or a major premise of W. 2 We can divide a track into segments as in the case of intuitionistic logic; in a track of a normal deduction we can then distinguish the elimination part, followed by the minimal part, followed by the introduction part. n

D

i

i

i

i

i

i

i

i

i

D

n

7.2.

Lemma. Each formula occurrence in the proof tree of a normal deduction belongs

to some track .

Proof. By induction on the depth of deductions. 7.3.

2

Proposition. (Subformula property) Let ? ` A by a normal deduction D. Then

all formulas in

D

are subformulas of ?

A.

[ f

g

Proof. A track of order 1 of a deduction D ends in the conclusion of D (i.e. is a terminal

track ). A track of order n + 1 terminates either in a major premise of 1E, or in a major premise !B of W, or in a minor premise of (E, while the minor premise in the case of 1E, W, and the major premise in the case of (E, belong to a track of order n. We prove by induction on the order of tracks that all formulas in a track are subformulas of ? A . For the track of any order we have that all formulas occurring in it are subformulas of the open assumptions of the deduction or of the nal formula of the track. Let  be a track of (with conclusion A) of order n + 1. [ f

g

D

23

If  terminates in a minor premise B of (E, then the major premise B ( C belongs to a track of order n and so by induction hypothesis, B ( C is subformula of ? A . Then B is also subformula of ? A , so  satis es the subformula property. If  terminates in a major premise of an 1E- or W-application, the last rule must be an elimination, and the whole track consists of subformulas of the rst formula in the track. The rst formula is either an open assumption of the deduction, or is discharged below the end of the track. If discharged by (I, or by ?E, this happens in a track of lower order, and the IH applies to this track. 2 As an example of an application we give the next proposition. [ f

[ f

g

g

7.4. Definition. A formula (-occurrence) in a formula A is said to be a strictly positive part (s.p.p.) of A according to one of the following clauses: 1. A is s.p.p. of A; 2. if B ? C is s.p.p of A, then B; C are s.p.p. of A; 3. if !B is s.p.p. of A, so is B ; 4. if B ( C is s.p.p of A, so is C .

2

7.5. Proposition. If ? A ? B in ILL, and ? does not contain ? in a strictly positive position (? not main operator of a s.p.p. subformula of ?), then ?1 A and ?2 B with ?1 and ?2 sub-multisets of ?. Proof. Let be a normal deduction of ? A ? B . If ends with an I-rule we are done. If the terminal segment starts with an introduction, the deduction takes the form `

`

D

`

F

F

0

`

D

A B A?B A?B .. . A ? B 2 A?B 1 A?B where the nal segment passes through a number of ?E, 1E, and W-applications. However, ?E-applications are in fact excluded, since no strictly positive occurrence of ? appears in En

E

E

24

?. But this means that in

F

and 0 no assumptions are discharged, and F

F

F En

E

1

E

2

A

A .. . A

A

En

and 2

E

1

E

A are both correct deductions. 2

B

B

B .. . B

0

B

Remark. The statement of the proposition may be considerable re ned, e.g. by noting that assumptions common to ?1; ?2 must permit to derive exponential formulas, etc. Another application may be (almost) copied from [P1, page 57].

(

Proposition. Let C be without , ?  fA then ?0 ` A for some i  n, ?0 a sub-multiset of ?.

7.6.

i

(B :1 i



i n , and assume ? C . 

g

`

i

8 Normalization in ILL We shall now show how the normalization strategy in strategy in ILL.

ILL

+

suggests a corresponding

8.1. Definition. A segment in ILL is a sequence of occurrences A1 ; : : : ; A of the same formula such that 1. A1 not conclusion of W, 1E, ?E, nor assumption discharged by C or !I; 2. A not minor premise of W, 1E, ?E, or side premise of !I, or major premise of C; 3. for 1 i < n, either A is minor premise of an application  of W, 1E or ?E, and A is the conclusion of ; or A is major premise of C and A +1 is one of the assumptions discharged by ; or A is side premise of an instance  of !I, and A +1 is an assumption discharged by . A segment is maximal if  A1 ; : : : ; A , A1 conclusion of I-rule, A major premise of E-rule. As before, we de ne a critical segment as a maximal segment of maximal degree. 2 n

n



i

i

i

i

i



8.2.

in

i

n

n

Definition. A track of D in ILL is a sequence of formula occurrences A1 , : : : , A

n

such that 1. A1 is an open assumption or an axiom or an assumption discharged by (I; 2. A is major premise of (E or D, or minor premise of ?E, C, 1E, W, or premise of (I, ?I, and A +1 is the conclusion;

D

i

i

25

3. A C ? D is major premise of ?E, and A +1 is one of the assumptions discharged; 4. A is major premise of a contraction, and A +1 one of the assumptions discharged; 5. A is a side premise of a promotion, and A +1 is an occurrence discharged by the promotion. 6. A is major premise of a weakening or 1E, or minor premise of (E; 

i

i

i

i

i

i

n

2

Description of a strategy for normalization We look for an analogue of the strategy which works well in the intuitionistic case and for ILL+, namely: look for the rightmost branch in the formula tree containing a critical segment; apply a conversion in the topmost critical segment in this branch. This strategy works for ILL+, because segments (in contrast to tracks) always belong to a unique branch of the tree. But this is not any longer the case for ILL. So in order to determine the proper place for a conversion, we construct, inspired by ILL+, an auxiliary partially ordered system with nodes labeled by formulas as follows. Given , the auxiliary structure [ ] is obtained by systematically replacing 8.3.

D

D

[ 1] !A1 [!A1 D

[ !A1 ; : : :; !A ] D

1

Dn

D

0

n

by

B

!A1 : : : !A !B n






[ ] !A !A ] Dn

n






[ 0] B !B

n

D

and [ ] !A D

x1

[!A; : : :; !A] xn

= [!A: : :!A] !A B [ 0] B B B letting the map [ ] act as a homomorphism for all other rules. There is a bijective correspondence between the formula occurrences in and in [ ]. A more formal description of the partial order of [ ] is as follows: [ ] = ( ;