Jh Herman Geuvers

Explicit substitution on the edge of strong normalization

Abstract We use the recursive path ordering (RPO) technique of semantic labelling to show the preservation of strong normalization (PSN) property for several calculi of explicit substitution. PSN states that if a term M is strongly normalizing under ordinary β-reduction (using ‘global’ substitutions), then it is strongly normalizing if the substitution is made explicit (‘local’). There are different ways of making global substitution explicit and PSN is a quite natural and desirable property for the explicit substitution calculus. Our method for proving PSN is very general and applies to several known systems of explicit substitutions, both with named variables and with De Bruijn indices: λν of Lescanne et al., λs of Kamareddine and Rios and λx of Rose and Bloo. We also look at two small extensions of the explicit substitution calculus that allow to permute substitutions. For one of these extensions PSN fails (using the counterexample in Mellies 1995). For the other we can prove PSN using our method, thus showing the subtlety of the subject and the generality of our method. One of the key ideas behind our proof is that, for λx the set of terms of the explicit substitution calculus, we look at the set λx rpo on labelled terms, such that any infinite λx-reduction path starting from an A ϵ λx rpo-descending sequence. The well-founded order >rpo is defined by using a technique similar to semantic labelling.

Degrees of undecidability in term rewriting

Undecidability of various properties of first order term rewriting systems is well-known. An undecidable property can be classified by the complexity of the formula defining it. This gives rise to a hierarchy of distinct levels of undecidability, starting from the arithmetical hierarchy classifying properties using first order arithmetical formulas and continuing into the analytic hierarchy, where also quantification over function variables is allowed. In this paper we consider properties of first order term rewriting systems and classify them in this hierarchy. Most of the standard properties are Π20 -complete, that is, of the same level as uniform halting of Turing machines. In this paper we show two exceptions. Weak confluence is Σ10- complete, and therefore essentially easier than ground weak confluence which is Π20-complete. The most surprising result is on dependency pair problems: we prove this to be Π11-complete, which means that this property exceeds the arithmetical hierarchy and is essentially analytic. A minor variant, dependency pair problems with minimality flag, turns out be Π20-complete again, just like the original termination problem for which dependency pair analysis was developed.

Natural deduction via graphs: formal definition and computation rules

In this paper, we introduce the formalism of deduction graphs as a generalisation of both Gentzen–Prawitz style natural deduction and Fitch style flag deduction. The advantage of this formalism is that, as with flag deductions (but not natural deduction), subproofs can be shared, but the linearisation used in flag deductions is avoided. Our deduction graphs have both nodes and boxes, which are collections of nodes that also form a node themselves. This is reminiscent of the bigraphs of Milner, where the link graph describes the nodes and edges and the place graph describes the nesting of nodes. We give a precise definition of deduction graphs, together with some illustrative examples. Furthermore, we analyse their computational behaviour by studying the process of cut-elimination and by defining translations from deduction graphs to simply typed lambda terms. From a slight variation of this translation, we conclude that the process of cut-elimination is strongly normalising. The translation to simple type theory removes quite a lot of structure, so we also propose a translation to a context calculus with lets that faithfully captures the structure of deduction graphs. The proof nets of linear logic also offer a graph-like presentation of natural deduction, and we point out some similarities between the two formalisms.

Proof by computation in the Coq system

In informal mathematics, statements involving computations are seldom proved. Instead, it is assumed that readers of the proof can carry out the computations on their own. However, when using an automated proof development system based on type theory, the user is forced to find proofs for all claimed propositions, including computational statements. This paper presents a method to automatically prove statements from primitive recursive arithmetic. The method replaces logical formulas by boolean expressions. A correctness proof is constructed, which states that the original formula is derivable, if and only if the boolean expression equals true. Because the boolean expression reduces to true, the conversion rule yields a trivial proof of the equality. By combining this proof with the correctness proof, we get a proof for the original statement.

Some logical and syntactical observations concerning the first-order dependent type system λP

We look at two different ways of interpreting logic in the dependent type system λP. The first is by a direct formulas-as-types interpretation a la Howard where the logical derivation rules are mapped to derivation rules in the type system. The second is by viewing λP as a Logical Framework, following Harper et al. (1987) and Harper et al. (1993). The type system is then used as the meta-language in which various logics can be coded.We give a (brief) overview of known (syntactical) results about λP. Then we discuss two issues in some more detail. The first is the completeness of the formulas-as-types embedding of minimal first-order predicate logic into λP. This is a remarkably complicated issue, a first proof of which appeared in Geuvers (1993), following ideas in Barendsen and Geuvers (1989) and Swaen (1989). The second issue is the minimality of λP as a logical framework. We will show that some of the rules are actually superfluous (even though they contribute nicely to the generality of the presentation of λP).At the same time we will attempt to provide a gentle introduction to λP and its various aspects and we will try to use little inside knowledge.

Rewriting for Fitch style natural deductions

Logical systems in natural deduction style are usually presented in the Gentzen style. A different definition of natural deduction, that corresponds more closely to proofs in ordinary mathematical practice, is given in [Fitch 1952]. We define precisely a Curry-Howard interpretation that maps Fitch style deductions to simply typed terms, and we analyze why it is not an isomorphism. We then describe three reduction relations on Fitch style natural deductions: one that removes garbage (subproofs that are not needed for the conclusion), one that removes repeats and one that unshares shared subproofs. We also define an equivalence relation that allows to interchange independent steps. We prove that two Fitch deductions are mapped to the same λ-term if and only if they are equal via the congruence closure of the aforementioned relations (the reduction relations plus the equivalence relation). This gives a Curry-Howard isomorphism between equivalence classes of Fitch deductions and simply typed λ-terms. Then we define the notion of cut-elimination on Fitch deductions, which is only possible for deductions that are completely unshared (normal forms of the unsharing reduction). For conciseness, we restrict in this paper to the implicational fragment of propositional logic, but we believe that our results extend to full first order predicate logic.

Automated machine-checked hybrid system safety proofs

We have developed a hybrid system safety prover, implemented in Coq using the abstraction method introduced by [2]. The development includes: a formalisation of the structure of hybrid systems; a framework for the construction of an abstract system (consisting of decidable “over-estimators” of abstract transitions and initiality) faithfully representing a concrete hybrid system; a translation of abstract systems to graphs, enabling the decision of abstract state reachability using a certified graph reachability algorithm; a proof of the safety of an example hybrid system generated using this tool stack. To produce fully certified safety proofs without relying on floating point computations, the development critically relies on the computable real number implementation of the CoRN library of constructive mathematics formalised in Coq. The development also features a nice interplay between constructive and classical logic via the double negation monad.

Narrating Formal Proof (Work in Progress)

Building on existing work in proxying interaction with proof assistants, we have previously developed a proof movie. We have now considered the problem of how to augment this movie data structure to support commentary on formal proof development. In this setting, we have studied extracting commentary from an online text by Pierce et al. [Pierce, B. C., C. Casinghino and M. Greenberg, Software foundations, Course notes, online at http://www.cis.upenn.edu/~bcpierce/sf/ (2010).].

Deduction Graphs with Universal Quantification

Deduction Graphs are meant to generalise both Gentzen-Prawitz style natural deductions and Fitch style flag deductions. They have the structure of acyclic directed graphs with boxes. In [Herman Geuvers and Iris Loeb. Natural Deduction via Graphs: Formal Definition and Computation Rules. Mathematical Structures in Computer Science (Special Issue on Theory and Applications of Term Graph Rewriting), Volume 17(03):485-526, 2007.] we have investigated the deduction graphs for minimal proposition logic. This paper studies the extension with first-order universal quantification, showing the robustness of the concept of deduction graphs.

A Formalisation of Consistent Consequence for Boolean Equation Systems

Boolean equation systems are sequences of least and greatest fixpoint equations interpreted over the Boolean lattice. Such equation systems arise naturally in verification problems such as the modal \(\mu \)-calculus model checking problem. Solving a Boolean equation system is a computationally challenging problem, and for this reason, abstraction techniques for Boolean equation systems have been developed. The notion of consistent consequence on Boolean equation systems was introduced to more effectively reason about such abstraction techniques. Prior work on consistent consequence claimed that this notion can be fully characterised by a sound and complete derivation system, building on rules for logical consequence. Our formalisation of the theory of consistent consequence and the derivation system in the proof assistant Coq reveals that the system is, nonetheless, unsound. We propose a fix for the derivation system and show that the resulting system (system CC) is indeed sound and complete for consistent consequence. Our formalisation of the consistent consequence theory furthermore points at a subtle mistake in the phrasing of its main theorem, and how to correct this.