Proving decidability of Intuitionistic Propositional Calculus

on Coq

Masaki Hara (qnighy)

University of Tokyo, first grade

Logic Zoo 2013 にて

1. Task & Known results

2. Brief methodology of the proof

1. Cut elimination

2. Contraction elimination

3. →𝐿 elimination

4. Proof of strictly-decreasingness

3. Implementation detail

4. Further implementation plan

Task

• Proposition: 𝐴𝑡𝑜𝑚 𝑛 , ∧, ∨, →, ⊥

• Task: Is given propositional formula P provable in LJ?

– It’s known to be decidable. [Dyckhoff]

• This talk: how to prove this decidability on Coq

Known results

• Decision problem on IPC is PSPACE complete [Statman]

– Especially, O(N log N) space decision procedure is known [Hudelmaier]

• These approaches are backtracking on LJ syntax.

Known results

• cf. classical counterpart of this problem is co-NP complete.

– Proof: find counterexample in boolean-valued semantics (SAT).

methodology

• To prove decidability, all rules should be strictly decreasing on some measuring.

• More formally, for all rules 𝑆1,𝑆2,…,𝑆𝑁

𝑆0𝑟𝑢𝑙𝑒

and all number 𝑖 (1 ≤ 𝑖 ≤ 𝑁), 𝑆𝑖 < 𝑆0

on certain well-founded relation <.

methodology

1. Eliminate cut rule of LJ

2. Eliminate contraction rule

3. Split →𝑳 rule into 4 pieces

4. Prove that every rule is strictly decreasing

Sequent Calculus LJ

•Γ⊢𝐺

𝐴,Γ⊢𝐺𝑤𝑒𝑎𝑘

𝐴,𝐴,Γ⊢𝐺

𝐴,Γ⊢𝐺𝑐𝑜𝑛𝑡𝑟

Γ⊢𝐴 𝐴,Δ⊢𝐺

Γ,Δ⊢𝐺(𝑐𝑢𝑡)

•

𝐴⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

•

Sequent Calculus LJ

•Γ⊢𝐺

𝐴,Γ⊢𝐺𝑤𝑒𝑎𝑘

𝐴,𝐴,Γ⊢𝐺

𝐴,Γ⊢𝐺𝑐𝑜𝑛𝑡𝑟

Γ⊢𝐴 𝐴,Δ⊢𝐺

Γ,Δ⊢𝐺(𝑐𝑢𝑡)

•

𝐴⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

• We eliminate cut rule first.

Cut elimination

• 1. Prove these rule by induction on proof structure.

•Γ⊢𝐺

Δ,Γ⊢𝐺𝑤𝑒𝑎𝑘𝐺

Δ,Δ,Γ⊢𝐺

Δ,Γ⊢𝐺𝑐𝑜𝑛𝑡𝑟𝐺

•Γ⊢⊥

Γ⊢𝐺⊥𝑅𝐸

•Γ⊢𝐴∧𝐵

Γ⊢𝐴∧𝑅𝐸1

Γ⊢𝐴∧𝐵

Γ⊢𝐵∧𝑅𝐸2

•Γ⊢𝐴→𝐵

𝐴,Γ⊢𝐵→𝑅𝐸

• If Γ1⊢𝐴 𝐴,Δ1⊢𝐺1

Γ1,Δ1⊢𝐺1(𝑐𝑢𝑡𝐴) and

Γ2⊢𝐵 𝐵,Δ2⊢𝐺2

Γ2,Δ2⊢𝐺2(𝑐𝑢𝑡𝐵) for all

Γ1, Γ2, Δ1, Δ2, 𝐺1, 𝐺2 , then Γ⊢𝐴∨𝐵 A,Δ⊢𝐺 𝐵,Δ⊢𝐺

Γ,Δ⊢𝐺(∨𝑅𝐸)

Cut elimination

• 2. Prove the general cut rule Γ ⊢ 𝐴　𝐴𝑛, Δ ⊢ 𝐺

Γ, Δ ⊢ 𝐺𝑐𝑢𝑡𝐺

by induction on the size of 𝐴 and proof structure of the right hand.

• 3. specialize 𝑐𝑢𝑡𝐺 (n = 1) ■

Cut-free LJ

•Γ⊢𝐺

𝐴,Γ⊢𝐺𝑤𝑒𝑎𝑘

𝐴,𝐴,Γ⊢𝐺

𝐴,Γ⊢𝐺𝑐𝑜𝑛𝑡𝑟

•

𝐴⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

•

Cut-free LJ

•Γ⊢𝐺

𝐴,Γ⊢𝐺𝑤𝑒𝑎𝑘

𝐴,𝐴,Γ⊢𝐺

𝐴,Γ⊢𝐺𝑐𝑜𝑛𝑡𝑟

•

𝐴⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

• Contraction rule is not strictly decreasing

Contraction-free LJ

•

𝐴,Γ⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥,Γ⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•𝐴→𝐵,Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

Contraction-free LJ

• Implicit weak

–

𝐴,Γ⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥,Γ⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

• Implicit contraction

–𝐴→𝐵,Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

–Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

–𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Contraction-free LJ

• Implicit weak

–

𝐴,Γ⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥,Γ⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

• Implicit contraction

–𝐴→𝐵,Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

–Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

–𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Proof of weak rule

• Easily done by induction ■

Proof of contr rule

• 1. prove these rules by induction on proof structure.

–𝐴∧𝐵,Γ⊢𝐺

𝐴,𝐵,Γ⊢𝐺∧𝐿𝐸

𝐴∨𝐵,Γ⊢𝐺

𝐴,Γ⊢𝐺∨𝐿𝐸1

𝐴∨𝐵,Γ⊢𝐺

𝐵,Γ⊢𝐺(∨𝐿𝐸2)

–𝐴→𝐵,Γ⊢𝐺

𝐵,Γ⊢𝐺(→𝑤𝑒𝑎𝑘)

• 2. prove contr rule by induction on proof structure.■

Contraction-free LJ

•

𝐴,Γ⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥,Γ⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•𝐴→𝐵,Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

Contraction-free LJ

•

𝐴,Γ⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥,Γ⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

•𝐴→𝐵,Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿

𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵(→𝑅)

•𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

• This time, →𝐿 rule is not decreasing

Terminating LJ

• Split 𝐴→𝐵,Γ⊢𝐴 𝐵,Γ⊢𝐺

𝐴→𝐵,Γ⊢𝐺→𝐿 into 4 pieces

1. 𝐶,𝐴𝑡𝑜𝑚 𝑛 ,Γ⊢𝐺

𝐴𝑡𝑜𝑚 𝑛 →𝐶,𝐴𝑡𝑜𝑚 𝑛 ,Γ⊢𝐺→𝐿1

2. 𝐵→𝐶,Γ⊢𝐴→𝐵 C,Γ⊢𝐺

𝐴→𝐵 →𝐶,Γ⊢𝐺(→𝐿2)

3. 𝐴→ 𝐵→𝐶 ,Γ⊢𝐺

𝐴∧𝐵 →𝐶,Γ⊢𝐺(→𝐿3)

4. 𝐴→𝐶,𝐵→𝐶,Γ⊢𝐺

𝐴∨𝐵 →𝐶,Γ⊢𝐺(→𝐿4)

Correctness of Terminating LJ

• 1. If Γ ⊢ 𝐺 is provable in Contraction-free LJ, At least one of these is true:

– Γ includes ⊥, 𝐴 ∧ 𝐵, or 𝐴 ∨ 𝐵

– Γ includes both 𝐴𝑡𝑜𝑚(𝑛) and 𝐴𝑡𝑜𝑚 𝑛 → 𝐵

– Γ ⊢ 𝐺 has a proof whose bottommost rule is not the form of 𝐴𝑡𝑜𝑚 𝑛 →𝐵,𝐴𝑡𝑜𝑚 𝑛 ,Γ⊢𝐴𝑡𝑜𝑚 𝑛 𝐵,𝐴𝑡𝑜𝑚 𝑛 ,Γ⊢𝐺

𝐴𝑡𝑜𝑚 𝑛 →𝐵,𝐴𝑡𝑜𝑚(𝑛),Γ⊢𝐺(→𝐿)

• Proof: induction on proof structure

Correctness of Terminating LJ

• 2. every sequent provable in Contraction-free LJ is also provable in Terminating LJ.

• Proof: induction by size of the sequent.

– Size: we will introduce later

Terminating LJ

•

𝐴,Γ⊢𝐴𝑎𝑥𝑖𝑜𝑚

⊥,Γ⊢𝐺(𝑒𝑥𝑓𝑎𝑙𝑠𝑜)

• 𝐶,𝐴𝑡𝑜𝑚 𝑛 ,Γ⊢𝐺

𝐴𝑡𝑜𝑚 𝑛 →𝐶,𝐴𝑡𝑜𝑚 𝑛 ,Γ⊢𝐺→𝐿1

𝐵→𝐶,Γ⊢𝐴→𝐵 C,Γ⊢𝐺

𝐴→𝐵 →𝐶,Γ⊢𝐺→𝐿2

•𝐴→ 𝐵→𝐶 ,Γ⊢𝐺

𝐴∧𝐵 →𝐶,Γ⊢𝐺→𝐿3

𝐴→𝐶,𝐵→𝐶,Γ⊢𝐺

𝐴∨𝐵 →𝐶,Γ⊢𝐺→𝐿4

•𝐴,Γ⊢𝐵

Γ⊢𝐴→𝐵→𝑅

𝐴,𝐵,Γ⊢𝐺

𝐴∧𝐵,Γ⊢𝐺∧𝐿

Γ⊢𝐴 Γ⊢𝐵

Γ⊢𝐴∧𝐵(∧𝑅)

•𝐴,Γ⊢𝐺 𝐵,Γ⊢𝐺

𝐴∨𝐵,Γ⊢𝐺∨𝐿

Γ⊢𝐴

Γ⊢𝐴∨𝐵∨𝑅1

Γ⊢𝐵

Γ⊢𝐴∨𝐵∨𝑅2

Proof of termination

• Weight of Proposition

– 𝑤 𝐴𝑡𝑜𝑚 𝑛 = 1

– 𝑤 ⊥ = 1

– 𝑤 𝐴 → 𝐵 = 𝑤 𝐴 + 𝑤 𝐵 + 1

– 𝑤 𝐴 ∧ 𝐵 = 𝑤 𝐴 + 𝑤 𝐵 + 2

– 𝑤 𝐴 ∨ 𝐵 = 𝑤 𝐴 + 𝑤 𝐵 + 1

• 𝐴 < 𝐵 ⇔ 𝑤 𝐴 < 𝑤(𝐵)

Proof of termination

• ordering of Proposition List

– Use Multiset ordering (Dershowitz and Manna ordering)

Multiset Ordering

• Multiset Ordering: a binary relation between multisets (not necessarily be ordering)

• 𝐴 > 𝐵 ⇔

A

B

Not empty

Multiset Ordering

• If 𝑅 is a well-founded binary relation, the Multiset Ordering over 𝑅 is also well-founded.

• Well-founded: every element is accessible

• 𝐴 is accessible : every element 𝐵 such that 𝐵 < 𝐴 is accessible

Multiset Ordering

Proof

• 1. induction on list

• Nil ⇒ there is no 𝐴 such that 𝐴 <𝑀 Nil, therefore it’s accessible.

• We will prove: 𝐴𝑐𝑐𝑀 𝐿 ⇒ 𝐴𝑐𝑐𝑀(𝑥 ∷ 𝐿)

Multiset Ordering

• 2. duplicate assumption

• Using 𝐴𝑐𝑐(𝑥) and 𝐴𝑐𝑐𝑀(𝐿), we will prove 𝐴𝑐𝑐𝑀 𝐿 ⇒ 𝐴𝑐𝑐𝑀(𝑥 ∷ 𝐿)

• 3. induction on 𝑥 and 𝐿

– We can use these two inductive hypotheses.

1. ∀𝐾 𝑦, 𝑦 < 𝑥 ⇒ 𝐴𝑐𝑐𝑀 𝐾 ⇒ 𝐴𝑐𝑐𝑀(𝑦 ∷ 𝐾)

2. ∀𝐾, 𝐾 <𝑀 𝐿 ⇒ 𝐴𝑐𝑐𝑀 𝐾 ⇒ 𝐴𝑐𝑐𝑀(𝑥 ∷ 𝐾)

Multiset Ordering

• 4. Case Analysis • By definition, 𝐴𝑐𝑐𝑀(𝑥 ∷ 𝐿) is equivalent to

∀𝐾, 𝐾 <𝑀 (𝑥 ∷ 𝐿) ⇒ 𝐴𝑐𝑐𝑀(𝐾) • And there are 3 patterns:

1. 𝐾 includes 𝑥 2. 𝐾 includes 𝑦s s.t. 𝑦 < 𝑥, and 𝐾 minus all such 𝑦 is

equal to 𝐿 3. 𝐾 includes 𝑦s s.t. 𝑦 < 𝑥, and 𝐾 minus all such 𝑦 is

less than 𝐿

• Each pattern is proved using the Inductive Hypotheses.

Decidability

• Now, decidability can be proved by induction on the size of sequent.

Implementation Detail

•

IPC Proposition (Coq)

• Inductive PProp:Set := | PPbot : PProp | PPatom : nat -> PProp | PPimpl : PProp -> PProp -> PProp | PPconj : PProp -> PProp -> PProp | PPdisj : PProp -> PProp -> PProp.

Cut-free LJ (Coq)

• Inductive LJ_provable : list PProp -> PProp -> Prop := | LJ_perm P1 L1 L2 : Permutation L1 L2 -> LJ_provable L1 P1 -> LJ_provable L2 P1 | LJ_weak P1 P2 L1 : LJ_provable L1 P2 -> LJ_provable (P1::L1) P2 | LJ_contr P1 P2 L1 : LJ_provable (P1::P1::L1) P2 -> LJ_provable (P1::L1) P2 …

Exchange rule

• Exchange rule : Γ, 𝐴, 𝐵, Δ ⊢ 𝐺

Γ, 𝐵, 𝐴, Δ ⊢ 𝐺𝑒𝑥𝑐ℎ

is replaced by more useful Γ ⊢ 𝐺

Γ′ ⊢ 𝐺𝑝𝑒𝑟𝑚𝑢𝑡𝑎𝑡𝑖𝑜𝑛

where Γ, Γ′ are permutation

Permutation Compatibility (Coq)

• Allows rewriting over Permutation equality

Instance LJ_provable_compat : Proper (@Permutation _==>eq==>iff) LJ_provable.

Permutation solver (Coq)

• Permutation should be solved automatically

Ltac perm := match goal with …

Further implementation plan

•

Further implementation plan

• Refactoring (1) : improve Permutation-associated tactics

– A smarter auto-unifying tactics is needed

– Write tactics using Objective Caml

• Refactoring (2) : use Ssreflect tacticals

– This makes the proof more manageable

Further implementation plan

• Refactoring (3) : change proof order

– Contraction first, cut next

– It will make the proof shorter

• Refactoring (4) : discard Multiset Ordering

– If we choose appropriate weight function of Propositional Formula, we don’t need Multiset Ordering. (See [Hudelmaier])

– It also enables us to analyze complexity of this procedure

Further implementation plan

• Refactoring (5) : Proof of completeness

– Now completeness theorem depends on the decidability

• New Theorem (1) : Other Syntaxes

– NJ and HJ may be introduced

• New Theorem (2) : Other Semantics

– Heyting Algebra

Further implementation plan

• New Theorem (3) : Other decision procedure

– Decision procedure using semantics (if any)

– More efficient decision procedure (especially 𝑂(𝑁 log 𝑁)-space decision procedure)

• New Theorem (4) : Complexity

– Proof of PSPACE-completeness

Source code

• Source codes are:

• https://github.com/qnighy/IPC-Coq

おわり

1. Task & Known results

2. Brief methodology of the proof

1. Cut elimination

2. Contraction elimination

3. →𝐿 elimination

4. Proof of strictly-decreasingness

3. Implementation detail

4. Further implementation plan

References

• [Dyckhoff] Roy Dyckhoff, Contraction-free Sequent Calculi for Intuitionistic Logic, The Journal of Symbolic Logic, Vol. 57, No.3, 1992, pp. 795 – 807

• [Statman] Richard Statman, Intuitionistic Propositional Logic is Polynomial-Space Complete, Theoretical Computer Science 9, 1979, pp. 67 – 72

• [Hudelmaier] Jörg Hudelmaier, An O(n log n)-Space Decision Procedure for Intuitionistic Propositional Logic, Journal of Logic and Computation, Vol. 3, Issue 1, pp. 63-75