Induction and Co-induction in Sequent Calculus

Induction and Co-induction in Sequen t Calculus Alwen T iu 1 and Alberto Momigliano 2 1 The Australian National Uni ve rsity Alwen.Tiu@rsise.a nu.edu.au 2 LFCS, Univ ersity of Edinb urgh amomigl1@inf.ed.a c.uk Abstract. Proof search has bee n used to specify a wide range of computation systems. In order to build a framework for reasoning about such speciﬁcations, we make use of a sequen t calculus in volvin g induction and co-indu ction. These proof principles are based on a proof theoretic (rather than set- theoretic) notion of d eﬁnition [13, 20 , 25 , 51 ]. Deﬁnitions are akin to (stratiﬁed) logic programs, where the left an d right rules for deﬁned atoms allo w on e to view theories as “close d” or deﬁning ﬁxed points. T he use of deﬁnitions makes it po ssible t o reason inten sionally about syntax, in particular enfo rcing free equality via uniﬁcation. W e add in a con sistent way rules fo r pre and pos t ﬁxed points, thus allowin g the user to reason inductiv ely and co-inducti v ely about properties of computational system making full use of higher-o rder abstract syntax. Consistency is guaranteed via cut-elimination, where we gi v e the ﬁrst, to our kn o wledge, cut-elimination procedure in the presenc e of general inducti ve an d co-inducti v e deﬁnitions. 1 Intr oduction A common approa ch to specifying comp utation systems is via deduc tiv e systems. Those are used to specify and reason about various lo gics, as well as aspects of program ming langua ges such as operation al seman tics, type th eories, abstract m achines etc . Such speciﬁcation s can be represented as log ical theor ies in a su itably expressiv e formal logic where pr oof-sear ch can then b e used to model the computation. A logic used as a speciﬁcation langua ge is known as a logical frameworks [39 ], which com es equ ipped with a r epresentation m ethodolo gy . Th e en coding of the syntax of deductive systems in side formal lo gic can beneﬁt fr om the use o f higher -or der abstract syntax (HO AS) [4 0], a high-level and declarati ve tre atment of object-lev el bound variables and substitution. At the same time, we want to u se such a logic in order to reason over the meta-theor etical prope rties of object languag es, for example type preservation in op erational seman tics [26 ], sou ndness and com pleteness o f compilatio n [3 2] or cong ruence o f bisimulation in transition systems [27] . T ypically this inv olves reasoning by (structur al) induction and, when dealing with inﬁnite behavior , co-induc tion [23]. The n eed to support both in ductive a nd co -indu ctiv e reason ing and some form o f HOAS requir es some careful design decisions, since the two ar e prima facie notoriously incompatible. While any meta- languag e based on a λ - calculus can b e used to spec ify and anim ate HO AS encoding s, meta- reasoning has traditionally in volved (co)inductive speciﬁcations both at the le vel of the syntax and of the judgemen ts — which are of course uniﬁed at the type-theoretic lev el. The ﬁrst provides c rucial freeness prop erties fo r datatypes constructo rs, while the second offers prin ciple o f case analysis and (co )indu ction. Th is is well-k nown to be problematic, since HOAS speciﬁcations lead to no n-mon otone (co)ind uctive op erators, which by card inality and consistency reasons are not perm itted in inductiv e logical fr ame- works. Moreover , ev en when HO A S is weakened so as to be made compatible w ith standard proof assi stants [12] such as HOL or Coq, the latter suffer the fate of allowing the existence of too many func tions an d yielding the so called exotic terms. Tho se are ca nonical ter ms in th e signatur e of an HO A S encodin g that do not corresp ond to any term in the deductiv e system under study . This causes a loss of adequacy in HO AS speciﬁcations, which is one of the pillar of formal veriﬁcatio n, and it und ermines the trust in forma l deriv ations. On the other han d, logics such as LF [21] that are weak by design [10] in order to support this style of syntax are not directly endowed with (co)ind uction principles. The contribution of this pap er lies in the d esign of a new logic, called Linc − (for a logic with λ -terms, in duction and co-inductio n), 3 which carefully adds principles of i nduction and co-induction to a higher-order intuitionistic logic based on a p roof theoretic notion o f deﬁnition , following on work (among others) L ars Halln ¨ as [20], Eriksson [ 13], Schroeder-Heister [51 ] an d McDowell an d Miller [25]. De ﬁnitions are akin to log ic programs, but allow us to view theories as “closed” or deﬁning ﬁxed points. This alone allo ws us to perform case analysis independen tly from induc- tion p rinciples. Ou r ap proach to form alizing ind uction and co-inductio n is via the least and greatest so lutions of the 3 The “minus” in the terminology refers to the lack of the ∇ quantiﬁer w .r .t. the epon ymou s log ic in T iu’ s thesis [56]. ﬁxed po int equatio ns speciﬁed by the deﬁnitions. Suc h least an d g reatest solution s are g uaranteed to exist by impos- ing a stratiﬁcation co ndition on deﬁn itions (which ba sically ensures m onoton icity). The proof rules f or ind uction and co-indu ction makes use o f th e notion of pr e-ﬁxed p oints a nd post-ﬁxed points respectively . In the in ductive case, this correspo nds t o the induction in variant, while in the co-inductive on e to the so-called simulation. The simply typ ed languag e underlying Linc − and the no tion of deﬁnition make it p ossible to reason in tensionally about syntax, in particu lar enforcing fr ee equality via uniﬁcation, which can be used on ﬁr st-order terms or high er- order λ -ter ms. In fact, we can suppor t HO AS encoding s of constants without requ iring them to b e the con structors of a (recursive) d atatype, which could not exist for cardinality reasons. In particular we can pr ove the freen ess properties of th ose co nstructors, n amely injec ti vity , distinctness and case exhaustion. Judgem ents are enco ded as d eﬁnitions accordin gly to their in formal semantics, either inductive or co-ind uctive. Deﬁn itions that are true in every ﬁx ed poin t will not be given here special consideration. Linc − can b e pr oved to be a conservative extension o f F O λ ∆ I N [25] an d a g eneralization with a hig her-order languag e of M artin-L ¨ of [24 ] ﬁrst-orde r theo ry of iterated inductive deﬁnition s. Mor eover , to the b est of our knowledge, it is the ﬁrst sequent calcu lus with a syntac tical cut-elimina tion theorem for co- inductive deﬁnitions. In recent ye ars, se veral lo gical systems ha ve been designed that build on the core features of Linc − . In p articular, one interesting, and o rthogo nal, extension is the ad dition of the ∇ -quantiﬁer [1 4, 31, 56 , 57], which allows one to reaso n about the intentional aspects of names and bindings in object syntax speciﬁcations (see, e.g., [1 5, 58, 59 ]). The cu t elimination proof presen ted in th is pa per can be used as a springboar d towards cut elimina tion proc edures for mor e expressiv e (conservativ e) extensions of Linc − such as the o nes with ∇ . Here lies the ad ded value of the pre sent pap er , which extends and r evises a conferen ce paper pub lished in th e pr oceeding s of TYPES 200 3 [33 ]. In the conf erence version, the co- inductive ru le had a techn ical side condition that is restricti ve and un natural. Th e restrictio n was essentially imposed by the particu lar cut elimination proo f technique outlined in th at paper . This restriction has b een rem oved in the present version, and as such the cut elimination proof itself has consequently been si gniﬁcantly revised. The rest of the paper is o rganized as f ollows. Section 2 intr oduces the sequ ent calculus f or the lo gic Linc − . Sec- tion 3 sho ws so me examples o f using induction an d co-induction to p rove prope rties of list-related predicates and the lazy λ -calcu lus. Section 4 studies several properties of deriv ations in Linc − that will b e used extensively in the cut-eliminatio n proof (Section 5). Section 6 surveys the related work and Section 7 concludes this paper . 2 The Logic Linc − The logic Linc − shares the core fragmen t o f F O λ ∆ I N , which is an in tuitionistic version o f Church’ s Simple Theory of T yp es. Formulae in the logic are built from predica te symbols an d the usual logical conn ectiv es ⊥ , ⊤ , ∧ , ∨ , ⊃ , ∀ τ and ∃ τ . Following Church, formu lae will be gi ven type o . T he q uantiﬁcation typ e τ (omitted in the r est of the p aper) can ha ve base or higher types, b ut those are restricted not to contain o . Thus the logic has a ﬁrst-order proof theory but allows the encod ing of higher-order abstract syntax. W e assume the usual notion of cap ture-avoiding s ubstitutions. Substitution s are r anged over by lower-case Greek letters, e.g., θ , ρ and σ . Application of substitution is written in postﬁx notation, e.g. t θ denotes the term resulting from an application of substitution θ to t . Com position of substitutions, denoted by ◦ , is deﬁned as t ( θ ◦ ρ ) = ( t θ ) ρ . The wh ole logic is presented in the sequent calculus in Figure 1 . A sequ ent is denoted by Γ − → C where C is a formu la and Γ is a mu ltiset o f form ulae. Notice that in the p resentation of th e rule schem es, we make use of HO AS, e.g., in the application B x it is implicit that B has no free occurren ce of x . In particular we work modulo α -conv ersion without furthe r n otice. In the ∀ R and ∃ L rules, y is an eigen variable that is not free in the lower sequent of the rule. Whenever we write a sequen t, it is assumed implicitly that the form ulae are well-typed and in βη -long norm al forms: the type context, i.e., the types of the constants and the eigenv ariables used in the sequent, is left implicit as well. The mc rule is a genera lization of the cut rule that simpliﬁes the presentation of the cut-elimin ation proof. W e extend th e core fr agment with a proo f the oretic no tion o f eq uality and ﬁxed p oints. Each of these extensions are discussed below . 2.1 Equality The right introduction rule for equality is the standard one, that is, it recogn izes that tw o terms are s yntactically equal. The left introduction rule is more in teresting. The substitution ρ in eq L is a u niﬁer of s and t . Note that we spe cify the premise of eq L as a set, with the intention that every sequent in the set is a pr emise of the ru le. Th is set is o f 2 Cor e rules: B , B , Γ − → C B , Γ − → C c L Γ − → C B , Γ − → C w L ⊥ , Γ − → B ⊥ L Γ − → ⊤ ⊤ R B , Γ − → D B ∧ C , Γ − → D ∧ L C , Γ − → D B ∧ C , Γ − → D ∧ L Γ − → B Γ − → C Γ − → B ∧ C ∧ R B , Γ − → D C , Γ − → D B ∨ C , Γ − → D ∨ L Γ − → B Γ − → B ∨ C ∨ R Γ − → C Γ − → B ∨ C ∨ R B t , Γ − → C ∀ x . B x , Γ − → C ∀ L Γ − → B y Γ − → ∀ x . B x ∀ R B y , Γ − → C ∃ x . B x , Γ − → C ∃ L Γ − → B t Γ − → ∃ x . B x ∃ R Γ − → B C , Γ − → D B ⊃ C , Γ − → D ⊃ L B , Γ − → C Γ − → B ⊃ C ⊃ R C − → C init ∆ 1 − → B 1 · · · ∆ n − → B n B 1 , . . . , B n , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc , where n > 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Equality rules: { Γρ − → C ρ | s ρ = βη t ρ } s = t , Γ − → C eq L Γ − → t = t eq R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inductio n rules: B S ~ y − → S ~ y Γ , S ~ t − → C Γ , p ~ t − → C I L , p ~ x µ = B p ~ x Γ − → B p ~ t Γ − → p ~ t I R , p ~ x µ = B p ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Co-inductio n r ules: B p ~ t , Γ − → C p ~ t , Γ − → C CI L , p ~ x ν = B p ~ x Γ − → S ~ t S ~ y − → B S ~ y Γ − → p ~ t CI R , p ~ x ν = B p ~ x Fig. 1. The inference rules of Linc − 3 course inﬁnite, since for every un iﬁer of ( s , t ) , we can extend it to anothe r uniﬁer (e.g., by add ing substitution pa irs for v ariables not in th e term s). Howev er , in many cases, it is sufﬁ cient to consider a particu lar set of un iﬁers, which is often called a comp lete set of u niﬁers (CSU) [ 4], from which any uniﬁer can b e obtained by co mposing a membe r of the CSU set with a substitution . I n the case where the terms are ﬁrst-ord er term s, or higher-order ter ms with the pattern restriction [30], the set CSU is a singleton, i.e., there exists a most general uniﬁer (MGU) for the terms. In examples and applications, we shall use a more restricted version of eq L using CSU: { Γρ − → C ρ | s ρ = βη t ρ , ρ ∈ C SU ( s , t ) } s = t , Γ − → C eq L CSU Replacing eq L with eq L CSU does n ot change the class of pr ovable formulae, as shown in [ 56]. No te that in applyin g eq L an d eq L CSU , eigenvariables can b e instan tiated as a re sult. Note also that if the pr emise set of eq L and eq L CSU are empty , then the sequent in the conclusion is considered proved. Our treatment of equ ality implicitly assumes the n otion of fr ee equality as common ly fo und in logic pro gramm ing. More speciﬁcally , the ax ioms o f f ree equa lity [9], that is, in jectivity of function symbols, inequ ality between distinc t function sym bols, and the “occur-check” are en forced via uniﬁcation in th e eq L -rule. For instance, given a base ty pe nt (f or natural num bers) and the constants z : n t (zero ) and s : nt → n t (su ccessor), we can derive ∀ x . z = ( s x ) ⊃ ⊥ as follows: z = ( s x ) − → ⊥ eq L − → z = ( s x ) ⊃ ⊥ ⊃ R − → ∀ x . z = ( s x ) ⊃ ⊥ ∀ R Since z and s x ar e not uniﬁable, the eq L ru le ab ove has e mpty premise, thus co ncludin g the de riv ation. W e can also prove the injectivity of the successor functio n, i.e . ∀ x ∀ y . ( s x ) = ( s y ) ⊃ x = y . This proo f theoretic notion of eq uality has been consider ed in se veral previous w ork e.g. by by Schro eder-Heister [51], and McDowell and Miller [25]. 2.2 Induction and co-induction One w ay of adding induction and co-indu ction is to i ntrodu ce ﬁxed point exp ressions and their ass ociated introduction rules, i.e. using the µ and ν opera tors of the (ﬁrst-ord er) µ -calculu s. This is essentially what we shall f ollow here, but with a different notation . Instead of using a “nameless” notation u sing µ and ν to express ﬁxed poin ts, we associate a ﬁxed point equation with an atomic formula. That is, we associate certain designated predicates with a deﬁnitio n . This notation is clearer and m ore convenient as far as our examples a nd app lications a re co ncerned . For the pr oof system using nameless notation for inductive and co-inductive pre dicates, the interested reader is referred to a recent work by Baelde and Miller [5]. Deﬁnition 1. An inductive d eﬁnition clause is wr itten ∀ ~ x . p ~ x µ = B ~ x, wher e p is a pr ed icate co nstant and ~ x is a sequence of va riables. Th e ato mic formula p ~ x is called the head of the clause, an d the formula B ~ x, wher e B is a closed term, is ca lled the bo dy . Similarly , a co-ind uctive deﬁnition clau se is written ∀ ~ x . p ~ x ν = B ~ x. Th e symbols µ = a nd ν = a r e used simply to indicate a deﬁnition clause: they ar e not a logical connective. A deﬁnition is a set of deﬁnition clauses. It is techn ically conv enient to bundle u p all the d eﬁnitional clau se for a g iv en pred icate in a single clau se, so that a pr edicate may occu r only at most once in the head s of th e clauses o f a d eﬁnition, following the sam e princip les o f the iff-completion in lo gic progr amming [50]. Further, in or der to simplify the presentation o f some ru les that inv olve predicate substitutions, we sometimes denote a deﬁnition using an abstraction over predicates, that is ∀ ~ x . p ~ x µ = B p ~ x where B is an abstraction with no free occurr ence o f predicate symbol p and variables ~ x . Substitutio n of p in the body of the clause with a formula S c an then be written simply as B S ~ x . When writing deﬁnition clauses, w e often omit the outerm ost universal quantiﬁers, with the assumptio n that fr ee variables in a clause ar e un iv ersally quantiﬁed (such variables will often be d enoted with capital letters). W e shall wr ite ∀ ~ x . p ~ x △ = B p ~ x to de note a deﬁnition clause generally , i.e., when we are not interested in the details of whether it is an inductive or a co -induc ti ve d eﬁnition. 4 The introdu ction rules for (co-) inductively deﬁned atoms are g iv en at the botto m of Figure 1. The abstra ction S is an inv ariant of the (co-) induction rule, which is of the same ty pe as p . Th e variables ~ y ar e new eigen v ariables. For the induction rule I L , S denotes a pre-ﬁxed poin t of the und erlying ﬁxed point o perator . Similarly , for the co-induction rule CI L , S can be seen as denoting a post-ﬁxed po int o f the same operato r . Here, we use a charac terization o f inductio n and co-indu ction pro of rules as, respectively , the least and the greatest solutions to a ﬁxed p oint equation. T o guarantee soundn ess of these rules, we shall restrict th e (co)in ductive deﬁnitions to ones which ar e mo noton e. In this case, the Knaster-T arski ﬁxed point theorem s tell u s th at the existence of a pre-ﬁxed point ( respectively , post-ﬁxed point) implies the existence of a least (resp., greatest) ﬁxed p oint. Monoto nicity is enforced by a s yntactic condition on deﬁnitions, as it is used for the logic F O λ ∆ I N [25]: we ru le out deﬁnitions with circular calling th rough implication s (negations) that can lead to inconsistency [49]. The notion of level of a formula allows us to deﬁne a proper stratiﬁcation on d eﬁnitions. Deﬁnition 2. T o each p r edicate p we associate a na tural n umber lvl ( p ) , the level o f p. Given a formula B, its le vel lvl ( B ) is deﬁn ed as follows: 1. lvl ( p ~ t ) = lvl ( p ) , 2. lvl ( ⊥ ) = lvl ( ⊤ ) = 0 , 3. lvl ( B ∧ C ) = lvl ( B ∨ C ) = max ( lvl ( B ) , lvl ( C )) 4. lvl ( B ⊃ C ) = max ( lvl ( B ) + 1 , lvl ( C )) 5. lvl ( ∀ x . B x ) = lvl ( ∃ x . B x ) = lvl ( B t ) , for any term t . The le vel of a sequen t Γ − → C is the level of C. A formula B is said to b e dominated by a pr edicate symbo l p , if lvl ( B ) ≤ lvl ( p ) an d lvl ( B [ λ ~ x . ⊤ / p ]) < lv l ( p ) , wher e λ ~ x . ⊤ is of th e same type as p. A deﬁnitio n clause ∀ ~ x . p ~ x △ = B ~ x is stratiﬁed if B ~ x is domina ted by p. Note that when p is vacuous in B and p dominates B , we obviously ha ve lvl ( B ) < lvl ( p ) . From now on, we shall be con cerned only with stratiﬁed deﬁnitions. An occurren ce of a form ula A in a formula C is strictly positive if that particular occurren ce of A is not to the left of any im plication in C . Stratiﬁcation then implies that all occurrences o f t he head in the body are strictly positi ve, and that there is n o mutual recu rsion between different deﬁnition clauses. This r estriction to non- mutual recursion is just for the sake of simp licity in the p resentation of the u nderlyin g idea of the cu t elimin ation proo f. This pr oof (Section 5) can be extended to han dle mutually r ecursive deﬁnitions with som e straigh tforward, albeit tedious, m odiﬁcations. In th e ﬁrst-order case, the restriction to non-mutu al recursion is im material, since one can easily encod e mutually recursive predicates as a single pre dicate with an extra argument. F or example, consider the follo wing mutual recursi ve deﬁnitions for ev en and odd numbers. even X µ = X = z ∨ ∃ y . y = ( s X ) ∧ od d y . od d X µ = ∃ y . y = ( s X ) ∧ even y . W e can collap se these two d eﬁnition clauses into a single one, with a parame ter that takes a co nstant e (fo r ‘even’) or o (for ‘odd’): evod W X µ = [ W = e ∧ ( X = z ∨ ∃ y . y = ( s X ) ∧ evod o y )] ∨ [ W = o ∧ ( ∃ y . y = ( s X ) ∧ evod e y )] . W e then de ﬁne ev en and odd as follo ws: even X µ = evod e X . od d X µ = evod o X . This deﬁnition can be stratiﬁed by assigning lev els to the predicate symbols such that lvl ( evod ) < lv l ( even ) < lvl ( od d ) . 3 Examples W e now giv e s ome examples, starting with some that make ess ential use of HO AS. 5 3.1 Lazy λ -Calculus W e consider an untyped version of the pure λ -calculus with lazy e valuation, following the usual HOAS style, i.e., object-level λ -o perator and application are encoded as constants lam : ( t m → t m ) → t m and @ : t m → t m → t m , where t m is the syntactic category of object-level λ - terms. The ev aluation relation is encod ed as the following indu ctiv e deﬁnition M ⇓ N µ = [ ∃ M ′ . ( M = lam M ′ ) ∧ ( M = N )] ∨ [ ∃ M 1 ∃ M 2 ∃ P . ( M = M 1 @ M 2 ) ∧ M 1 ⇓ lam P ∧ ( P M 2 ) ⇓ N ] Notice that object-level substitution is realized via β -reduction in the meta-logic. The notion of applicative simulation of λ -expressions [1] can be encoded as the (stratiﬁed) co-inductive deﬁnition sim R S ν = ∀ T . R ⇓ lam T ⊃ ∃ U . S ⇓ lam U ∧ ∀ P . sim ( T P ) ( U P ) . Giv en this encoding , we can prov e the reﬂexi vity p roper ty o f simulation, i.e., ∀ s . sim s s . This is proved co-inductively by using the simulation λ x λ y . x = y . After ap plying ∀ R and CI R , it remains to prove the sequents − → s = s , an d x = y − → ∀ x 1 . x ⇓ lam x 1 ⊃ ( ∃ x 2 . y ⇓ lam x 2 ∧ ∀ x 3 . ( x 1 x 3 ) = ( x 2 x 3 )) The ﬁrst sequent is provable by an application of eq R rule. The second sequen t is proved as f ollows. z ⇓ lam x 1 − → z ⇓ lam x 1 init z ⇓ lam x 1 − → ( x 1 x 3 ) = ( x 1 x 3 ) eq R z ⇓ lam x 1 − → ∀ x 3 . ( x 1 x 3 ) = ( x 1 x 3 ) ∀ R z ⇓ lam x 1 − → ( z ⇓ lam x 1 ∧ ∀ x 3 . ( x 1 x 3 ) = ( x 1 x 3 )) ∧ R z ⇓ lam x 1 − → ( ∃ x 2 . z ⇓ lam x 2 ∧ ∀ x 3 . ( x 1 x 3 ) = ( x 2 x 3 )) ∃ R x = y , x ⇓ lam x 1 − → ( ∃ x 2 . y ⇓ lam x 2 ∧ ∀ x 3 . ( x 1 x 3 ) = ( x 2 x 3 )) eq L x = y − → x ⇓ lam x 1 ⊃ ( ∃ x 2 . y ⇓ lam x 2 ∧ ∀ x 3 . ( x 1 x 3 ) = ( x 2 x 3 )) ⊃ R x = y − → ∀ x 1 . x ⇓ lam x 1 ⊃ ( ∃ x 2 . y ⇓ lam x 2 ∧ ∀ x 3 . ( x 1 x 3 ) = ( x 2 x 3 )) ∀ R The transiti vity property is expressed as ∀ r ∀ s ∀ t . sim r s ∧ sim s t ⊃ sim r t . Its proof in volves co-in duction o n sim r t with the simulation λ u λ v . ∃ w . sim u w ∧ sim w v , followed by case analysis (i.e., def L an d eq L rules) on sim r s and sim s t . The rest of the proof is purely logical. W e can also show the existence of diver gent terms. Di vergence is encoded as follows. divrg T ν = [ ∃ T 1 ∃ T 2 . T = ( T 1 @ T 2 ) ∧ divrg T 1 ] ∨ [ ∃ T 1 ∃ T 2 . T = ( T 1 @ T 2 ) ∧ ∃ E . T 1 ⇓ lam E ∧ divrg ( E T 2 )] . Let Ω b e th e term ( lam x . ( x @ x )) @ ( lam x . ( x @ x )) . W e sho w that divrg Ω hold s. Th e pr oof is straightfo rward by co- induction using th e simulation S : = λ s . s = Ω . Ap plying the CI R produ ces the sequents − → Ω = Ω and T = Ω − → S 1 ∨ S 2 where S 1 : = ∃ T 1 ∃ T 2 . T = ( T 1 @ T 2 ) ∧ ( S T 1 ) , and S 2 : = ∃ T 1 ∃ T 2 . T = ( T 1 @ T 2 ) ∧ ∃ E . T 1 ⇓ lam E ∧ S ( E T 2 ) . Clearly , only the second disjunct is prov able, i.e., by instantiating T 1 and T 2 with the same term lam x . ( x @ x ) , and E with the functio n λ x . ( x @ x ) . 3.2 Lists Lists over some ﬁxed type α are encoded as the type lst , with the usual constructor nil : lst for empty lis t and :: of type α → lst → lst . W e co nsider here the append predicate for both the ﬁnite and inﬁnite case. 6 F inite lis ts The usu al append predicate on ﬁnite lists can be encoded as the inductive deﬁn ition app L 1 L 2 L 3 µ = [( L 1 = nil ) ∧ ( L 2 = L 3 )] ∨ [ ∃ x ∃ L ′ 1 ∃ L ′ 3 . ( L 1 = x :: L ′ 1 ) ∧ ( L 3 = x :: L ′ 3 ) ∧ app L ′ 1 L 2 L ′ 3 ] . Associativity of append is stated form ally as ∀ l 1 ∀ l 2 ∀ l 12 ∀ l 3 ∀ l 4 . ( app l 1 l 2 l 12 ∧ app l 12 l 3 l 4 ) ⊃ ∀ l 23 . app l 2 l 3 l 23 ⊃ app l 1 l 23 l 4 . Proving this formula requires us to prove ﬁr st that the deﬁnition of appen d is function al, that is, ∀ l 1 ∀ l 2 ∀ l 3 ∀ l 4 . app l 1 l 2 l 3 ∧ app l 1 l 2 l 4 ⊃ l 3 = l 4 . This is done b y indu ction on l 1 , i.e., we apply th e I L r ule on ap p l 1 l 2 l 3 , after the introductio n rules fo r ∀ and ⊃ , o f course. The in variant in this case is S : = λ r 1 λ r 2 λ r 3 . ∀ r . app r 1 r 2 r ⊃ r = r 3 . It is a simple case analysis to check that this is the right in variant. Back to o ur original problem: after applyin g the introdu ction rule s f or the lo gical conn ectives in the formula, th e proble m o f associativity is reduced to the fo llowing sequent app l 1 l 2 l 12 , app l 12 l 3 l 4 , app l 2 l 3 l 23 − → app l 1 l 23 l 4 . (1) W e then procee d by in duction on the list l 1 , that is, we apply the I L rule to the hypo thesis app l 1 l 2 l 12 . Th e inv ariant is simply S : = λ l 1 λ l 2 λ l 12 . ∀ l 3 ∀ l 4 . app l 12 l 3 l 4 ⊃ ∀ l 23 . app l 2 l 3 l 23 ⊃ app l 1 l 23 l 4 . Applying the I L ru le, followed by ∨ L , to sequent (1) reduc es the sequent to the following sub-goals ( i ) S l 1 l 2 l 12 , app l 12 l 3 l 4 , app l 2 l 3 l 23 − → app l 1 l 23 l 4 , ( ii ) ( l 1 = nil ∧ l 2 = l 3 ) − → S l 1 l 2 l 3 , ( iii ) ∃ x , l ′ 1 , l ′ 3 . l 1 = x :: l ′ 1 ∧ l 3 = x :: l ′ 3 ∧ S l ′ 1 l 2 l ′ 3 − → S l 1 l 2 l 3 The proof for the second sequent is straightfor ward. The ﬁrst sequent reduces to app l 12 l 3 l 4 , app l 12 l 3 l 23 − → app nil l 23 l 4 . This follows fro m th e function ality of appen d an d I R . Th e third sequent follows by case analysis. Of course, these proof s could have been simpliﬁed by using a derived p rinciple of structural ind uction. While th is is easy to d o, we have preferr ed here to use the primitive I L rule. Inﬁnite lists The a ppend pred icate on inﬁn ite lists is deﬁn ed v ia co-recu rsion, that is, we deﬁn e the b ehavior of destructor oper ations on l ists (i.e., tak ing the h ead and the tail of the list). In t his case we never constru ct explicitly the result of a ppend ing two lists, rather the h ead and the tail o f the re sulting lists are computed as needed. Th e co-recursive append requir es case analysis on all arguments. coapp L 1 L 2 L 3 ν = [( L 1 = nil ) ∧ ( L 2 = nil ) ∧ ( L 3 = nil )] ∨ [( L 1 = nil ) ∧ ∃ x ∃ L ′ 2 ∃ L ′ 3 . ( L 2 = x :: L ′ 2 ) ∧ ( L 3 = x :: L ′ 3 ) ∧ coapp nil L ′ 2 L ′ 3 ] ∨ [ ∃ x ∃ L ′ 1 ∃ L ′ 3 . ( L 1 = x :: L ′ 1 ) ∧ ( L 3 = x :: L ′ 3 ) ∧ coapp L ′ 1 L 2 L ′ 3 ] . The correspo nding ass ociativity property is stated analogously to the inductive one and the main statement redu ces to proving the sequent coapp l 1 l 2 l 12 , coapp l 12 l 3 l 4 , coapp l 2 l 3 l 23 − → coap p l 1 l 23 l 4 . W e app ly the CI R ru le to coapp l 1 l 23 l 4 , using the simulation S : = λ l 1 λ l 2 λ l 12 . ∃ l 23 ∃ l 3 ∃ l 4 . coapp l 12 l 3 l 4 ∧ co app l 2 l 3 l 23 ∧ coapp l 1 l 23 l 4 . Subsequen t steps of the proof inv olve m ainly case analy sis on coapp l 12 l 3 l 4 . As in the inductive case, we have to p rove the sub-cases when l 12 is nil. Howe ver , unlike in the former case, case analysis on the arguments of coapp sufﬁ ces. 7 4 Pr operties of derivations W e discuss se v eral pr operties of deriv ations in Linc − . So me of them in v olve transforma tions on deri vations wh ich will b e used extensi vely in the cut-elimination pr oof in Section 5. Before we proceed , some remar ks on th e use of eigenv ariables in deriv ations ar e useful. In proof search in volving ∀ R , ∃ L I L , CI R o r eq L , new e igenv ariables can be introdu ced in the premises of the ru les. Let u s refer to such variables as intern al eigenv ariables, since th ey occur only in the premise deriv ations. W e view th e choice of such eigen v ariables as arbitrary and th erefore we identify deriv ations that differ on ly in the c hoice of the eig env ariables introduced b y those rules. An other way to look at it is to co nsider eigenv ariables as pro of-level binders. Hence when we work with a derivation, we actually work with a n eq uiv alence class of deriv ations modulo renaming of internal eigenv ariables. 4.1 Instantiating derivations The following deﬁnition e xtends substitutions to apply to d eriv ations. Since we iden tify deri vations that differ only in the choice of variables tha t are not free in the end-seque nt, we will assume that s uch v ariables are chosen to be distinct from th e variables in the domain of the substitution and from the free variables of the range of the substitution. Thus applying a substitution to a deriv ation will only affect the v ariables free in the end-sequent. Deﬁnition 3. If Π is a d erivation o f Γ − → C an d θ is a su bstitution, then we deﬁne the d erivation Πθ o f Γθ − → C θ as follows: 1. Supp ose Π ends wit h the eq L ru le  Π ρ Γ ′ ρ − → C ρ  ρ s = t , Γ ′ − → C eq L wher e s ρ = βη t ρ . Observe th at any u niﬁer for th e pa ir ( s θ , t θ ) can be transformed to ano ther uniﬁer for ( s , t ) , by composing the uniﬁer with θ . Thus Πθ is  Π θ ◦ ρ ′ Γ ′ θρ ′ − → C θρ ′  ρ ′ s θ = t θ , Γ ′ θ − → C θ eq L , wher e s θρ ′ = βη t θρ ′ . 2. If Π ends with any oth er rule a nd ha s premise derivations Π 1 , . . . , Π n , then Πθ a lso en ds with the same rule and has pr emise derivations Π 1 θ , . . . , Π n θ . Among the premises of the inference rules of Linc − , certain premises share the same right-hand side formula with the sequent in the conclusion . W e refe r to such premises as majo r premises. This notion of majo r premise will be useful in proving cut-elimination, as certain proof transformation s in v olve only major premises. Deﬁnition 4. Given an inference rule R with on e or mor e pr emise seq uents, we deﬁne its major premise sequen ts as follows. 1. If R is either ⊃ L , mc or I L , then its rightmost pr emise is th e major pr emise 2. If R is CI R th en its left pr emise is the major pr emise . 3. Otherwise, all the pr emises of R ar e major pr emises. A minor premise of a rule R is a p r emise of R which is not a major p r emise. The deﬁnition extends to derivatio ns by r eplacing pr emise sequents with premis e derivations. The follo wing two measures on deri vations will be useful later in proving many properties of the logic. Giv en a set of measures S , we deno te with lub ( S ) the least up per bound of S . Deﬁnition 5. Given a derivation Π with pr emise derivations { Π i } i , the measur e ht ( Π ) is lub ( { ht ( Π i ) } i ) + 1 . 8 Deﬁnition 6. Given a derivation Π with pr emise derivations { Π i } i , the measur e indm ( Π ) is deﬁ ned as follows indm ( Π ) =  lub ( { indm ( Π i ) } i ) + 1 , if Π ends with I L , lub ( { indm ( Π i ) } i ) , otherwise. Note that gi ven the possible inﬁnite branching of eq L rule, these measures in general c an b e ordin als. Therefo re in pro ofs in volving indu ction on those measur es, transﬁnite indu ction is needed . Ho wev er , in most of the indu ctiv e proof s to fo llow , we often do case an alysis on the last rule of a der iv ation. In such a situation, the inductive cases for both successor ordinals and limit ordinals are basically covered by the case analysis on the inference ﬁgures in v olved, and we shall not make e xplicit use of transﬁnite induction . Lemma 1. F or any substitution θ and derivation Π of Γ − → C , Πθ is a derivation of Γθ − → C θ . Pr oof. This lemma states that Deﬁnition 3 is well-constru cted, and follo ws by induction on ht ( Π ) . ⊓ ⊔ Lemma 2. F or any derivation Π and substitution θ , ht ( Π ) ≥ ht ( Πθ ) and indm ( Π ) ≥ indm ( Πθ ) . Pr oof. By inductio n on ht ( Π ) . The measures may not be equal because in the case where the deri v ation ends with the eq L ru le, some of the premise deriv ations of Π may not be needed to construc t the premise deriv ations of Πθ . ⊓ ⊔ Lemma 3. F or any derivatio n Π and su bstitutions θ an d ρ , the d erivations ( Πθ ) ρ and Π ( θ ◦ ρ ) ar e the same deriva - tion. Pr oof. By inductio n on the measure ht ( Π ) . ⊓ ⊔ 4.2 Atomic initial rule It is a common prop erty of most logics that the initial rule can be restricted to atomic form , that is, the rule p ~ t − → p ~ t init where p is a pred icate symbol. The more general rule is deri ved as follows. Deﬁnition 7. W e construct a de rivation Id C of the sequent C − → C inductively as follows. The in duction is on the size of C . If C is an atomic formula we simply apply the atomic initial rule. Otherwise, we apply the left and right intr oduction rules for the top most logical con stant in C, pr obably with some instan ces of th e contraction and the weakening rule. The proof of the following lemma is straightfo rward by induction on ht ( Id C ) . Lemma 4. F or any formula C , it ho lds that indm ( Id C ) = 0 . Restricting the initial rule to atomic form will simp lify some technical deﬁnitions to follow . W e shall use Id instead of Id C to deno te identity deri v ations since the formula C is always known from context. 4.3 Unfolding of deri vations Deﬁnition 8. Inductive unfolding. Let p ~ x µ = B p ~ x be an indu ctive deﬁn ition. Let Π be a derivation o f Γ − → C where p dominates C. Let S be a closed term of the same type as p a nd let Π S be a derivation of the sequent B S ~ x − → S ~ x wher e ~ x ar e new eigen v ariables not fr ee in Γ an d C . W e deﬁ ne the derivation µ p C ( Π , Π S ) of Γ − → C [ S / p ] as follows. If p is vacuo us in C, then µ p C ( Π , Π S ) = Π . Otherwise, we deﬁne µ p C ( Π , Π S ) according to the last rule of Π . 9 1. Supp ose Π ends wit h init p ~ t − → p ~ t init . Then µ p C ( Π , Π S ) is the derivation Π S B S ~ x − → S ~ x Id S ~ t − → S ~ t p ~ t − → S ~ t I L 2. Supp ose Π ends wit h ⊃ L Π 1 Γ ′ − → D 1 Π 2 D 2 , Γ ′ − → C D 1 ⊃ D 2 , Γ ′ − → C ⊃ L Then µ p C ( Π , Π S ) is the derivation Π 1 Γ ′ − → D 1 µ p C ( Π 2 , Π S ) D 2 , Γ ′ − → C [ S / p ] D 1 ⊃ D 2 , Γ ′ − → C [ S / p ] ⊃ L 3. Supp ose Π ends wit h ⊃ R Π ′ Γ , C 1 − → C 2 Γ − → C 1 ⊃ C 2 ⊃ R Note that since p dominates C, it mu st be the case tha t p does no t occ ur in C 1 . The derivation µ ( Π , Π S ) is then deﬁned as follows. µ p C 2 ( Π ′ , Π S ) Γ , C 1 − → C 2 [ S / p ] Γ − → C 1 ⊃ C 2 [ S / p ] ⊃ R 4. Supp ose Π ends wit h mc Π 1 ∆ 1 − → B 1 . . . Π m ∆ m − → B m Π ′ B 1 , . . . , B m , Γ ′ − → C ∆ 1 , . . . , ∆ m , Γ ′ − → C mc Then µ p C ( Π , Π S ) is Π 1 ∆ 1 − → B 1 . . . Π m ∆ m − → B m µ p C ( Π ′ , Π S ) B 1 , . . . , B m , Γ ′ − → C [ S / p ] ∆ 1 , . . . , ∆ m , Γ ′ − → C [ S / p ] mc 5. Supp ose Π ends wit h I L o n some pr edicate q given a deﬁnition clause q ~ z µ = D q ~ z. Ψ D I ~ z − → I ~ z Π ′ I ~ t , Γ ′ − → C q ~ t , Γ ′ − → C I L Then µ p C ( Π , Π S ) is the derivation Ψ D I ~ z − → I ~ z µ p C ( Π ′ , Π S ) I ~ t , Γ ′ − → C [ S / p ] q ~ t , Γ ′ − → C [ S / p ] I L 6. Supp ose Π ends wit h I R Π ′ Γ − → B p ~ t Γ − → p ~ t I R . Then µ p C ( Π , Π S ) is the derivation µ p B p ( Π ′ , Π S ) Γ − → B S ~ t Π S [ ~ t / ~ x ] B S ~ t − → S ~ t Γ − → S ~ t mc . 10 7. If Π ends with any othe r rules, and has pr emise d erivations  Π i Γ i − → C i  i ∈ I for some index set I , the n µ p C ( Π , Π S ) also ends with the same rule and has pr emise derivations { µ p C i ( Π i , Π S ) } i ∈ I . Deﬁnition 9. Co-inductive unfolding. Let p ~ x ν = B p ~ x be a co -inductive deﬁ nition. Let S be a c losed term of the same type as p and let Π S be a derivation of S ~ x − → B S ~ x . Let C b e a formula domina ted by p, and let Π be a de rivation of Γ − → C [ S / p ] . W e deﬁne the derivation ν p C ( Π , Π S ) of Γ − → C as follows. If p is vacuo us in C, then ν p C ( Π , Π S ) = Π . If C = p ~ t then C [ S / p ] = S ~ t and ν p C ( Π , Π S ) is the derivation Π Γ − → S ~ t Π S S ~ x − → B S ~ x Γ − → p ~ t CI R Otherwise, we deﬁne ν p C ( Π , Π S ) based on the last rule in Π . 1. Supp ose Π ends wit h ⊃ L Π 1 Γ ′ − → D 1 Π 2 D 2 , Γ ′ − → C [ S / p ] D 1 ⊃ D 2 , Γ ′ − → C [ S / p ] ⊃ L Then ν p C ( Π , Π S ) is the derivation Π 1 Γ ′ − → D 1 ν p C ( Π 2 , Π S ) D 2 , Γ ′ − → C D 1 ⊃ D 2 , Γ ′ − → C ⊃ L 2. Supp ose Π ends wit h ⊃ R Π ′ Γ , C 1 − → C 2 [ S / p ] Γ − → ( C 1 ⊃ C 2 )[ S / p ] ⊃ R Note tha t since p do minates C, it mu st be the case that p is vacuo us in C 1 . Therefor e we construct the derivation ν p C ( Π , Π S ) as follows. ν p C 2 ( Π ′ , Π S ) Γ , C 1 − → C 2 Γ − → C 1 ⊃ C 2 ⊃ R 3. Supp ose Π ends wit h mc Π 1 ∆ 1 − → B 1 . . . Π m ∆ m − → B m Π ′ B 1 , . . . , B m , Γ ′ − → C [ S / p ] ∆ 1 , . . . , ∆ m , Γ ′ − → C [ S / p ] mc Then ν p C ( Π , Π S ) is Π 1 ∆ 1 − → B 1 . . . Π m ∆ m − → B m ν p C ( Π ′ , Π S ) B 1 , . . . , B m , Γ ′ − → C ∆ 1 , . . . , ∆ m , Γ ′ − → C mc 4. Supp ose Π ends wit h I L o n a pr edicate q ~ t , given an inductive deﬁnitio n q ~ z µ = D q ~ z. Ψ D I ~ z − → I ~ z Π ′ I ~ t , Γ ′ − → C [ S / p ] q ~ t , Γ ′ − → C [ S / p ] I L 11 Then ν p C ( Π , Π S ) is the derivation Ψ D I ~ z − → I ~ z ν p C ( Π ′ , Π S ) I ~ t , Γ ′ − → C q ~ t , Γ ′ − → C I L 5. If Π ends with any othe r rules, and has pr emise d erivations  Π i Γ i − → C i [ S / p ]  i ∈ I for some index set I , the n ν p C ( Π , Π S ) also ends with the same rule and has premise derivations { ν p C ( Π i , Π S ) } i ∈ I . The following tw o lemmas state th at substitutions com mute with un foldin g of deriv ations. Their proofs fo llow straightfor wardly fr om the fact that the deﬁnitions of (co-)ind uctive unfolding depend only on the logical structures of conclusion s of sequents, hen ce is or thogon al to substitutions of eigen v ariables. In these lemm as, we assum e that the formu las C , p and deriv ations Π and Π S satisfy the conditio ns of Deﬁnition 8 and Deﬁnition 9. Lemma 5. The derivations µ p C ( Π , Π S ) θ and µ p C ( Πθ , Π S ) ar e the same derivation. Lemma 6. The derivations ν p C ( Π , Π S ) θ and ν p C ( Πθ , Π S ) ar e the same derivation. 5 Cut elimination for Linc − A centr al result of our work is cut-elimination, from which c onsistency o f the logic follows. Gen tzen’ s classic pro of of cut-elimination for ﬁrst-ord er logic uses an induction on the size of the cut form ula, i.e., the number of log ical connectives in the formula. The cut-elimination proced ure con sists of a set of r eduction rules that redu ce a cu t of a compou nd formu la to cuts on its sub-formulae of smaller size. In the case of Linc − , the use of indu ction/co-in duction complicates the reductio n of cuts. Consider for example a cut in v olving the induction rules Π 1 ∆ − → B p t ∆ − → p t I R Π B B S y − → S y Π S t , Γ − → C p t , Γ − → C I L ∆ , Γ − → C mc There are at least tw o problems in reducing this cut. First, any permutation upwards o f the cut will necessarily in v olve a cut with S that can be o f larger size than p , and hence a simp le inductio n on th e size of cut f ormula will not work. Second, the inv ariant S does not app ear in the conclu sion of the left premise o f the cut. The latter means that we nee d to transform the left premise so that its end sequent will agr ee with the right pr emise. Any such tran sformatio n will most likely be global , and hence simple induction on the height of deriv ations will not work either . W e shall use the reducibility techniqu es to p rove cut elimination. Mor e speciﬁcally , we shall build o n th e no tion of reducib ility introduced by Martin-L ¨ of to prove normalization of an intuitionistic logic with iterative inductive deﬁ- nition [24] . Martin-L ¨ of ’ s proof has been adapted to sequent calculu s by McDowell and Miller [25], but i n a restricted setting where only n atural n umber in duction is allowed. Since our logic in v olves ar bitrary stratiﬁed inductive deﬁ- nitions, which also inc ludes iter ativ e inductive deﬁnitions, w e shall need a more g eneral cu t red uctions. But the real difﬁculty in our case is really in establishing cut elimination in the presence of co-inductive deﬁnitions, for which there is no known cut elimination proof for the sequent calculus formu lation. The main part of the reducib ility technique is a deﬁnition of the family of reducible sets of deriv ations. In Martin- L ¨ of ’ s theo ry of iterative in ductive deﬁnitio n, this family of sets is d eﬁned inductively b y the level of the der iv ations th ey contain. Extendin g this deﬁnition of reducib ility to Linc − is not obviou s. In particu lar , in establishing the reducibility of a deriv ation Ξ ending with a CI R rule: Π Γ − → S ~ t Π S S ~ x − → B S ~ x Γ − → p ~ t CI R , p ~ x ν = B p ~ x 12 one must ﬁrst establish the reducibility o f its premise der iv ations. But a n aiv e deﬁn ition o f reducibility f or Ξ , i.e. , a deﬁnition that postulates the reducibility of Ξ from the reducibility of its premises, is not a monotone deﬁnition, since the premise deriv ations of Ξ may be deriv ations that ha ve a higher lev el than Ξ . T o deﬁne a p roper notio n of reducibility for the co-inductive cases, we use a notion of parametric reducibility , similar to th at used in th e stron g normalisation proof of System F [1 9]. The no tion of a para meter in ou r case is essentially a co inductive pr edicate. As with strong normalisation o f System F , these parameter s are substituted with some “reducibility candidates”, which in our case are certain sets of derivations of a co-ind uctive inv ariant which we call saturated sets . Let us say that a derivation Ψ has type B if its end sequ ent is of the form Γ − → B , for so me Γ . Roughly , a pa rametric reducibility set of type C , un der a parameter substitution [ S / p ] , where p is a co -inductive predicate an d S is an inv ariant of the same type as S , is a certain set of deriv ations of type C [ S / p ] satisfying so me closure conditio ns whic h ar e very similar to th e deﬁnition of red ucibility sets, but without the co -inductive part. T he deﬁnition of redu cibility in the case in v olving co -induc tion rules, e.g., as in th e deriv ation Ξ above, can then be deﬁned in terms parame tric reducibility sets, under appropriate parameter substitutions. Details of the deﬁn ition will be giv en later in this section. 5.1 Cut reduction W e follow the idea of Martin-L ¨ of in using de riv ations d irectly as a measure by deﬁning a well-fo unded or dering on them. Th e basis fo r the latter relation is a set of reduction ru les (called the contraction rules in [24]) tha t are u sed to eliminate the ap plications of the cut rule. For the cases in v olving logical conne ctiv es, the cu t-reductio n rules used to prove th e cut-elimination for Linc − are the same to those of F O λ ∆ I N . The crucial differences ar e in the reduction rules in volving induction and co-inductio n rules. Deﬁnition 10. W e deﬁne a reduction r elation between d erivations. The r ed ex is always a derivation Ξ ending with the multicut rule Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π B 1 , . . . , B n , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc W e r efer to the formulas B 1 , . . . , B n pr oduced by the mc as cut formu las . If n = 0 , Ξ r educes to the pr emise derivation Π . F or n > 0 we specify th e r eduction r elation based o n the last rule of the p r emise derivations. If the rightmost pr emise derivation Π ends with a left rule acting on a cut formula B i , then the la st rule of Π i and the last rule of Π together determine the r eduction rules tha t a pply . W e classify these rules according to th e fo llowing criteria: we call the rule a n essential case when Π i ends with a right rule; if it ends with a left rule, it is a left-commutative case; if Π i ends with the init rule, the n we have a n ax iom case; a multicut case a rises when it ends with the mc rule. When Π does no t end with a left ru le acting on a c ut formula, then its last rule is a lone sufﬁcient to determine the r eduction rules that apply . If Π ends in a rule acting on a formula other than a cut formula, the n we call this a right-commu tativ e case. A structu ral case results when Π ends with a contraction or weakening on a cut formula. If Π en ds with the init rule, this is also an axiom case; similarly a multicut case arises if Π ends in the mc rule. F or simplicity of pr esentation, we always show i = 1 . Essential cases: ∧ R / ∧ L : If Π 1 and Π ar e Π ′ 1 ∆ 1 − → B ′ 1 Π ′′ 1 ∆ 1 − → B ′′ 1 ∆ 1 − → B ′ 1 ∧ B ′′ 1 ∧ R Π ′ B ′ 1 , B 2 , . . . , B n , Γ − → C B ′ 1 ∧ B ′′ 1 , B 2 , . . . , B n , Γ − → C ∧ L , then Ξ r educes to Π ′ 1 ∆ 1 − → B ′ 1 Π 2 ∆ 2 − → B 2 · · · Π n ∆ n − → B n Π ′ B ′ 1 , B 2 , . . . , B n , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc The case for the other ∧ L ru le is symmetric. 13 ∨ R / ∨ L : If Π 1 and Π ar e Π ′ 1 ∆ 1 − → B ′ 1 ∆ 1 − → B ′ 1 ∨ B ′′ 1 ∨ R Π ′ B ′ 1 , B 2 , . . . , B n , Γ − → C Π ′′ B ′′ 1 , B 2 , . . . , B n , Γ − → C B ′ 1 ∨ B ′′ 1 , B 2 , . . . , B n , Γ − → C ∨ L , then Ξ r educes to Π ′ 1 ∆ 1 − → B ′ 1 Π 2 ∆ 2 − → B 2 · · · Π n ∆ n − → B n Π ′ B ′ 1 , B 2 , . . . , B n , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc The case for the other ∨ R ru le is symmetric. ⊃ R / ⊃ L : Su ppose Π 1 and Π ar e Π ′ 1 B ′ 1 , ∆ 1 − → B ′′ 1 ∆ 1 − → B ′ 1 ⊃ B ′′ 1 ⊃ R Π ′ B 2 , . . . , B n , Γ − → B ′ 1 Π ′′ B ′′ 1 , B 2 , . . . , B n , Γ − → C B ′ 1 ⊃ B ′′ 1 , B 2 , . . . , B n , Γ − → C ⊃ L Let Ξ 1 be  Π i ∆ i − → B i  i ∈{ 2 .. n } Π ′ B 2 , . . . , B n , Γ − → B ′ 1 ∆ 2 , . . . , ∆ n , Γ − → B ′ 1 mc Π ′ 1 B ′ 1 , ∆ 1 − → B ′′ 1 ∆ 1 , . . . , ∆ n , Γ − → B ′′ 1 mc Then Ξ r educes to Ξ 1 . . . − → B ′′ 1  Π i ∆ i − → B i  i ∈{ 2 .. n } Π ′′ B ′′ 1 , { B i } i ∈{ 2 .. n } , Γ − → C ∆ 1 , . . . , ∆ n , Γ , ∆ 2 , . . . , ∆ n , Γ − → C mc ∆ 1 , . . . , ∆ n , Γ − → C c L W e use the d ouble horizontal lines to indicate that the r elevant infer ence rule (in this case, c L ) may need to be applied zer o or mor e times. ∀ R / ∀ L : If Π 1 and Π ar e Π ′ 1 ∆ 1 − → B ′ 1 [ y / x ] ∆ 1 − → ∀ x . B ′ 1 ∀ R Π ′ B ′ 1 [ t / x ] , B 2 , . . . , B n , Γ − → C ∀ x . B ′ 1 , B 2 , . . . , B n , Γ − → C ∀ L , then Ξ r educes to Π ′ 1 [ t / y ] ∆ 1 − → B ′ 1 [ t / x ]  Π i ∆ i − → B i  i ∈{ 2 .. n } Π ′ . . . − → C ∆ 1 , . . . , ∆ n , Γ − → C mc ∃ R / ∃ L : If Π 1 and Π ar e Π ′ 1 ∆ 1 − → B ′ 1 [ t / x ] ∆ 1 − → ∃ x . B ′ 1 ∃ R Π ′ B ′ 1 [ y / x ] , B 2 , . . . , B n , Γ − → C ∃ x . B ′ 1 , B 2 , . . . , B n , Γ − → C ∃ L , then Ξ r educes to Π ′ 1 ∆ 1 − → B ′ 1 [ t / x ] . . . Π ′ [ t / y ] B ′ 1 [ t / x ] , B 2 , . . . , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc 14 ∗ / I L : Su ppose Π is the derivation Π S D S ~ x − → S ~ x Π ′ S ~ t , B 2 , . . . , B n , Γ − → C p ~ t , B 2 , . . . , B n , Γ − → C I L wher e p ~ x µ = B p ~ x. The n Ξ r educes to µ p p ~ t ( Π 1 , Π S ) ∆ 1 − → S ~ t . . . Π ′ S ~ t , . . . , B n , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc CI R / CI L : Su ppose Π 1 and Π ar e Π ′ 1 ∆ 1 − → S ~ t Π S S ~ x − → D S ~ x ∆ 1 − → p ~ t CI R Π ′ D p ~ t , . . . , Γ − → C p ~ t , . . . , Γ − → C CI L Let Ξ 1 be the derivation Π ′ 1 ∆ 1 − → S ~ t Π S [ ~ t / ~ x ] S ~ t − → D S ~ t ∆ 1 − → D S ~ t mc Then Ξ r educes to ν p D p ( Ξ 1 , Π S ) ∆ 1 − → D p ~ t  Π j ∆ j − → B j  j ∈{ 2 ,..., n } Π ′ D p ~ t , . . . , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc eq R / eq L : Su ppose Π 1 and Π ar e ∆ 1 − → s = t eq R  Π ρ B 2 ρ , . . . , B n ρ , Γρ − → C ρ  ρ s = t , B 2 , . . . , B n , Γ − → C eq L Then by the deﬁnition of eq R rule, s and t ar e equal terms (modulo λ -con version), and hence ar e uniﬁable by the empty substitution. Note that in this case Π ε ∈ { Π ρ } ρ . Ther efor e Ξ r educes to  Π i ∆ i − → B i  i ∈{ 2 .. n } Π ε B 2 , . . . , B n , Γ − → C ∆ 2 , . . . , ∆ n , Γ − → C mc ∆ 1 , ∆ 2 , . . . , ∆ n , Γ − → C w L Left-commutative cases: In the following cases, we sup pose that Π en ds with a left ru le, other than { c L , w L , I L } , acting on B 1 . • L / ◦ L : Su ppose Π 1 is  Π i 1 ∆ i 1 − → B 1  ∆ 1 − → B 1 • L , wher e • L is any left rule except ⊃ L , eq L , or I L . Then Ξ r edu ces to        Π i 1 ∆ i 1 − → B 1  Π j ∆ j − → B j  j ∈{ 2 .. n } Π B 1 , . . . , B n , Γ − → C ∆ i 1 , ∆ 2 , . . . , ∆ n , Γ − → C mc        ∆ 1 , ∆ 2 , . . . , ∆ n , Γ − → C • L 15 ⊃ L / ◦ L : Sup pose Π 1 is Π ′ 1 ∆ ′ 1 − → D ′ 1 Π ′′ 1 D ′′ 1 , ∆ ′ 1 − → B 1 D ′ 1 ⊃ D ′′ 1 , ∆ ′ 1 − → B 1 ⊃ L Let Ξ 1 be Π ′′ 1 D ′′ 1 , ∆ ′ 1 − → B 1 Π 2 ∆ 2 − → B 2 · · · Π n ∆ n − → B n Π B 1 , . . . , B n , Γ − → C D ′′ 1 , ∆ ′ 1 , ∆ 2 , . . . , ∆ n , Γ − → C mc Then Ξ r educes to Π ′ 1 ∆ ′ 1 − → D ′ 1 ∆ ′ 1 , ∆ 2 , . . . , ∆ n , Γ − → D ′ 1 w L Ξ 1 D ′′ 1 , ∆ ′ 1 , ∆ 2 , . . . , ∆ n , Γ − → C D ′ 1 ⊃ D ′′ 1 , ∆ ′ 1 , ∆ 2 , . . . , ∆ n , Γ − → C ⊃ L I L / ◦ L : Suppo se Π 1 is Π S D S ~ x − → S ~ x Π ′ 1 S ~ t , ∆ ′ 1 − → B 1 p ~ t , ∆ ′ 1 − → B 1 I L wher e p ~ x µ = D p ~ x. Let Ξ 1 be Π ′ 1 S ~ t , ∆ ′ 1 − → B 1 . . . Π n ∆ n − → B n Π B 1 , . . . , B n , Γ − → C S ~ t , ∆ ′ 1 , ∆ 2 , . . . , ∆ n , Γ − → C mc Then Ξ r educes to Π S D S ~ x − → S ~ x Ξ 1 S ~ t , ∆ ′ 1 , . . . , ∆ n , Γ − → C p ~ t , ∆ ′ 1 , . . . , ∆ n − → C I L eq L / ◦ L : Supp ose Π 1 is  Π ρ 1 ∆ ′ 1 ρ − → B 1 ρ  s = t , ∆ ′ 1 − → B 1 eq L , then Ξ r educes to      Π ρ 1 ∆ ′ 1 ρ − → B 1 ρ  Π i ρ ∆ i ρ − → B i ρ  i ∈{ 2 .. n } Πρ . . . − → C ρ ∆ ′ 1 ρ , ∆ 2 ρ , . . . , ∆ n ρ , Γρ − → C ρ mc      s = t , ∆ ′ 1 , ∆ 2 , . . . , ∆ n , Γ − → C eq L Right-com mutative cases: − / ◦ L : Sup pose Π is  Π i B 1 , . . . , B n , Γ i − → C  B 1 , . . . , B n , Γ − → C ◦ L , wher e ◦ L is a ny left rule other than ⊃ L , eq L , or I L a cting on a formula other than B 1 , . . . , B n . The derivation Ξ r educes to      Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B ′ n Π i B 1 , . . . , B n , Γ i − → C ∆ 1 , . . . , ∆ n , Γ i − → C mc      ∆ 1 , . . . , ∆ n , Γ − → C ◦ L 16 − / ⊃ L : S uppo se Π is Π ′ B 1 , . . . , B n , Γ ′ − → D ′ Π ′′ B 1 , . . . , B n , D ′′ , Γ ′ − → C B 1 , . . . , B n , D ′ ⊃ D ′′ , Γ ′ − → C ⊃ L Let Ξ 1 be Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π ′ B 1 , . . . , B n , Γ ′ − → D ′ ∆ 1 , . . . , ∆ n , Γ ′ − → D ′ mc and Ξ 2 be Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π ′′ B 1 , . . . , B n , D ′′ , Γ ′ − → C ∆ 1 , . . . , ∆ n , D ′′ , Γ ′ − → C mc Then Ξ r educes to Ξ 1 ∆ 1 , . . . , ∆ n , Γ ′ − → D ′ Ξ 2 ∆ 1 , . . . , ∆ n , D ′′ , Γ ′ − → C ∆ 1 , . . . , ∆ n , D ′ ⊃ D ′′ , Γ ′ − → C ⊃ L − / I L : Su ppose Π is Π S D S ~ x − → S ~ x Π ′ B 1 , . . . , B n , S ~ t , Γ ′ − → C B 1 , . . . , B n , p ~ t , Γ ′ − → C I L , wher e p ~ x µ = D p ~ x. Let Ξ 1 be Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π ′ B 1 , . . . , B n , S ~ t , Γ ′ − → C ∆ 1 , . . . , ∆ n , S ~ t , Γ ′ − → C mc Then Ξ r educes to Π S D S ~ x − → S ~ x Ξ ∆ 1 , . . . , ∆ n , S ~ t , Γ ′ − → C ∆ 1 , . . . , ∆ n , p ~ t , Γ ′ − → C I L − / eq L : If Π is  Π ρ B 1 ρ , . . . , B n ρ , Γ ′ ρ − → C ρ  B 1 , . . . , B n , s = t , Γ ′ − → C eq L , then Ξ r educes to       Π i ρ ∆ i ρ − → B i ρ  i ∈{ 1 .. n } Π ρ B i ρ , . . . , Γ ′ ρ − → C ρ ∆ 1 ρ , . . . , ∆ n ρ , Γ ′ ρ − → C ρ mc      ∆ 1 , . . . , ∆ n , s = t , Γ ′ − → C eq L − / ◦ R : If Π is  Π i B 1 , . . . , B n , Γ i − → C i  B 1 , . . . , B n , Γ − → C ◦ R , wher e ◦ R is any right rule except CI R , then Ξ r educes to      Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π i B 1 , . . . , B n , Γ i − → C i ∆ 1 , . . . , ∆ n , Γ i − → C i mc      ∆ 1 , . . . , ∆ n , Γ − → C ◦ R , 17 − / CI R : Su ppose Π is Π ′ B 1 , . . . , B n , Γ − → S ~ t Π S S ~ x − → D S ~ x B 1 , . . . , B n , Γ − → p ~ t CI R , wher e p ~ x ν = D p ~ x. Let Ξ 1 be Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π ′ B 1 , . . . , B n , Γ − → S ~ t ∆ 1 , . . . , ∆ n , Γ − → S ~ t mc Then Ξ r educes to Ξ 1 ∆ 1 , . . . , ∆ n , Γ − → S ~ t Π S S ~ x − → D S ~ x ∆ 1 , . . . , ∆ n , Γ − → p ~ t CI R Multicut cases: mc / ◦ L : If Π ends with a left rule , other than c L , w L a nd I L , acting on B 1 and Π 1 ends with a multicut and r educes to Π ′ 1 , then Ξ r educes to Π ′ 1 ∆ 1 − → B 1 Π 2 ∆ 2 − → B 2 · · · Π n ∆ n − → B n Π B 1 , . . . , B n , Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc − / mc : Sup pose Π is  Π j { B i } i ∈ I j , Γ j − → D j  j ∈{ 1 .. m } Π ′ { D j } j ∈{ 1 .. m } , { B i } i ∈ I ′ , Γ ′ − → C B 1 , . . . , B n , Γ 1 , . . . , Γ m , Γ ′ − → C mc , wher e I 1 , . . . , I m , I ′ partition the formulas { B i } i ∈{ 1 .. n } among the pr emise d erivations Π 1 , . . . , Π m , Π ′ . F or 1 ≤ j ≤ m let Ξ j be  Π i ∆ i − → B i  i ∈ I j Π j { B i } i ∈ I j , Γ j − → D j { ∆ i } i ∈ I j , Γ j − → D j mc Then Ξ r educes to n Ξ j . . . − → D j o j ∈{ 1 .. m }  Π i ∆ i − → B i  i ∈ I ′ Π ′ . . . − → C ∆ 1 , . . . , ∆ n , Γ 1 , . . . Γ m , Γ ′ − → C mc Structural cases: − / c L : If Π is Π ′ B 1 , B 1 , B 2 , . . . , B n , Γ − → C B 1 , B 2 , . . . , B n , Γ − → C c L , then Ξ r educes to Π 1 ∆ 1 − → B 1  Π i ∆ i − → B i  i ∈{ 1 .. n } Π ′ B 1 , B 1 , B 2 , . . . , B n , Γ − → C ∆ 1 , ∆ 1 , ∆ 2 , . . . , ∆ n , ∆ n , Γ − → C mc ∆ 1 , ∆ 2 , . . . , ∆ n , Γ − → C c L 18 − / w L : If Π is Π ′ B 2 , . . . , B n , Γ − → C B 1 , B 2 , . . . , B n , Γ − → C w L , then Ξ r educes to Π 2 ∆ 2 − → B 2 . . . Π n ∆ n − → B n Π ′ B 2 , . . . , B n , Γ − → C ∆ 2 , . . . , ∆ n , Γ − → C mc ∆ 1 , ∆ 2 , . . . , ∆ n , Γ − → C w L Axiom cases: init / ◦ L : Supp ose Π ends with a left-rule acting on B 1 and Π 1 ends with th e init rule. The n it mu st b e the case th at ∆ 1 = { B 1 } and Ξ r educes to Π 2 ∆ 2 − → B 2 · · · Π n ∆ n − → B n Π B 1 , B 2 , . . . , B n , Γ − → C B 1 , ∆ 2 , . . . , ∆ n , Γ − → C mc − / init : If Π ends with th e init rule, then n = 1 , Γ is the empty multiset, and C mu st be a cu t formula, i.e., C = B 1 . Ther efor e Ξ r educ es to Π 1 . Notice that the reductio ns in th e essential case for ind uction an d co-in duction are n ot symmetric. This is b ecause we use an asymm etric measure to show the ter mination of cut-red uction, that is, the complexity of cut is always reduced on the right premise. The difﬁculty in getting a symm etric measure, in the presence of contraction and implication (in the body of deﬁnition) , is already observed in logics with deﬁnitions b ut without (co-)in duction [49]. It is clear from an inspection of the rules of th e logic and the deﬁnition of cut reduction that e very deriv ation ending with a multicu t has a reduct. But beca use we u se multisets in sequ ents, there may be some a mbiguity as to w hether a formu la occurring on the left side of the righ tmost premise of a m ulticut rule is in fact a cut f ormula, and if so, wh ich of th e left p remises co rrespond s to it. As a result, se veral of th e reduction r ules may app ly , and so a deriv ation m ay have multiple redexes. The following lemmas sho w that the reductio n relation is preserved by some of the transfo rmations of deriv ations deﬁned previously . Lemma 7. Let Π be a deriva tion of Γ − → C ending with a mc and let θ b e a sub stitution. If Πθ reduces to Ξ then ther e e xists a derivation Π ′ such that Ξ = Π ′ θ and Π r educes to Π ′ . Pr oof. Observe that th e redexes of a deri vation ar e not affected by substitution, since the cut redu ction rules ar e determined by the last rules o f the p remise derivations of the d eriv ation, wh ich are not changed by substitution. Therefo re, any cu t reductio n rule that is applied to Πθ to get Ξ can a lso be applied to Π . Sup pose that Π ′ is the reduct of Π ob tained this way . In all cases, except for the cases wher e the reduction rule ap plied is either ∗ / I L or CI L / CI R , it is a matter of rou tine to check tha t Π ′ θ = Ξ . For the reductio n rules ∗ / I L and CI L / CI R , we need Lemma 5 and Lemma 6 which show that s ubstitution commutes with (co-) inductive unfold ing. ⊓ ⊔ Lemma 8. Let p ~ x µ = D p ~ x be an inductive deﬁn ition and let Π S be a derivation of D S ~ x − → S ~ x for some invariant S. Let C be a non- atomic formu la d ominated by p . Let Π and Π ′ be two derivation s of the same sequent Γ − → C, and Π ends with an mc -rule. If µ p C ( Π , Π S ) r educes to Ξ then ther e exists a d erivation Π ′ such that Ξ = µ p C ( Π ′ , Π S ) and Π r educes to Π ′ . Pr oof. By case analysis on the reduction rules. The c ase analy sis can be much simpliﬁed by th e fo llowing o bservations. First, th e red uction rules are driven o nly by outermost conn ectiv es in the formu las in the seq uent. Seco nd, the unfoldin g of a deriv ation affects o nly the right-hand- side of th e sequents appear ing in the d eriv ation (or more speciﬁcally , only the bran ches co ntaining major p remises). By a q uick inspectio n o n the d eﬁnition of red uction r ules in D eﬁnition 10, we see that th e only non- trivial case to consider is the right-com mutative case − / ◦ R . Since C is n on-ato mic (and assuming that it h as at le ast one occurrence of p , otherwise it is trivial since Π = µ p C ( Π , Π S ) in this case), th e only cases we need to verify is when its top most logical con nective is either ∧ , ∨ , ⊃ , ∀ a nd ∃ . In th ese cases, the un folding does not change the topmo st connec ti ve, therefore any reduction rule that applies to µ ( Π , Π S ) also applies to Π . Lemma 5 and Lemma 6 are used when substitutions are in volved ( right/left commutative cases with eq L ). ⊓ ⊔ 19 Lemma 9. Let p ~ x µ = D p ~ x be an inductive deﬁn ition and let Π S be a derivation of D S ~ x − → S ~ x for some invariant S. Let Π be the derivation Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π ′ B 1 , . . . , B n , Γ − → p ~ t ∆ 1 , . . . , ∆ n , Γ − → p ~ t mc Suppo se that Π ′ ends with a rule other than init and I R . If µ p p ~ t ( Π , Π S ) reduces to Ξ then th er e exists a derivation Π ′′ such that Ξ = µ p p ~ t ( Π ′′ , Π S ) and Π r educes to Π ′′ . Pr oof. The proof is straightfo rward by inspection on the cut reductio n rules and the deﬁnition of inductive unfolding. ⊓ ⊔ Lemma 10. Let p ~ x ν = D p ~ x be a co -indu ctive deﬁnition and let Π S be a derivation of S ~ x − → D S ~ x for some in variant S. L et C be a non-ato mic formula dominated by p . Let Π a nd Π ′ be two derivations of the sequent Γ − → C [ S / p ] , wher e Π end s with a mc rule. If ν p C ( Π , Π S ) reduces to Ξ then ther e exists a derivation Π ′ such that Ξ = ν p C ( Π ′ , Π S ) a nd Π r educes to Π ′ . Pr oof. Analogo us to the proo f of Lemma 8. ⊓ ⊔ 5.2 Normalizability Deﬁnition 11. W e d eﬁne the set of normalizable d erivations to b e the smallest set th at satisﬁes th e following co ndi- tions: 1. If a derivation Π ends with a multicut, then it is normalizab le if e very r educt of Π is normalizable. 2. If a d erivation ends with any rule o ther th an a mu lticut, then it is normalizable if the pr emise de rivations are normalizable. Follo wing Martin-L ¨ of [24 ], instead of assignin g some ordinal measu res to derivations and deﬁne an ordering on them, we shall use the deriv ation ﬁgures themselves as a measure. Each clause in th e d eﬁnition of no rmalizability asserts that a deri vation is nor malizable if certain (p ossibly inﬁnitely many) othe r deriv ations ar e normalizab le. W e call the latter the pr edecessors of the f ormer . Thus a deriv ation is normalizable if the tr ee of its successi ve p redecessors is well-found ed. W e refer to this well-found ed tree as it s normalization . Since a nor malization is well-fou nded, it has an associated inductio n principle: f or any prop erty P of d eriv ations, if for every derivation Π in the n ormalization , P ho lds fo r every prede cessor of Π im plies that P holds fo r Π , then P holds for e very deri vation in the normalization . The set of all normalizable deriv ations is denoted by NM . Lemma 11. If ther e is a normalizable derivation of a sequent, then ther e is a cut-fr ee deriva tion of the sequent. Pr oof. Let Π b e a normalizable deriv ation of the sequ ent Γ − → B . W e show by indu ction on the n ormalizatio n of Π that there is a cut-free deriv ation of Γ − → B . 1. If Π ends with a multicut, then any of its redu cts is one of its pred ecessors and so is norm alizable. But the red uct is also a deriv ation of Γ − → B , so by the induction hypothesis this sequent has a cut-free deriv ation. 2. Suppo se Π ends with a rule other than multicut. Since we are given th at Π is normaliza ble, b y deﬁnition the premise deriv ations are normalizable. These premise deriv ations a re the predecessors of Π , so by the ind uction hypoth esis t here are cut-free deriv ations of the premises. Thus there is a cut-fre e deri vation o f Γ − → B . ⊓ ⊔ The next lemma states that normalization is closed under substitutions. Lemma 12. If Π is a normalizable derivation, then for any substitution θ , Πθ is normalizable. Pr oof. W e prove this lemma by induction on the norma lization of Π . 1. If Π ends with a multicut, then Πθ also ends with a multicu t. By Lemma 7 every reduct of Π θ corr esponds to a reduct of Π , therefore by induction hypothesis ev ery reduct of Πθ is normalizable, and hence Πθ is normalizable. 2. Suppo se Π en ds with a rule oth er th an multicut and has p remise d eriv ations { Π i } . By Deﬁnition 3 each prem ise deriv ation in Πθ is either Π i or Π i θ . Since Π is normalizab le, Π i is normalizab le, and so by the induction hypoth- esis Π i θ is also norm alizable. Thus Πθ is normalizable. ⊓ ⊔ 20 5.3 Parametric reducibil ity Let us ﬁr st deﬁne some termin ology concer ning deriv ations. W e say that a der iv ation Π h as typ e C if the e nd sequent of Π is o f th e form Γ − → C for some Γ . W e say th at a set o f deriv ations S h as type C , if every d eriv ation Π ∈ S has type C . A set of de riv ations R is closed und er substitution if for e very Π ∈ R and for every substitution θ , Πθ ∈ R . T o simplify pr esentation, we shall use the following notation s to denote cer tain types of deriv ations. The deri vation Π 1 ∆ 1 − → B 1 · · · Π n ∆ n − → B n Π Γ − → C ∆ 1 , . . . , ∆ n , Γ − → C mc is abbreviated as mc ( Π 1 , . . . , Π n , Π ) . The derivation Π S B S ~ x − → S ~ x Π Γ , S ~ u − → C Γ , p ~ u − → C I L is abbreviated as ind ( Π S , Π ) , and the deriv ation Π Γ − → S ~ u Π S S ~ x − → B S ~ x Γ − → p ~ u CI R is abbreviated as coind ( Π , Π S ) . Deﬁnition 12. Let F be a clo sed term of typ e α 1 → · · · → α n → o. A set of derivations S is said to be F -indexed if every derivation in S h as type F t 1 . . . t n for some t 1 , . . . , t n . Giv en a s et S of deriv ations and a formula C , we denote with S ↓ C the set { Π ∈ S | Π is of type C } . W e shall now deﬁne a family of sets of deri v ations, which we call parametric reducibility sets. Deﬁnition 13. Parametric Reducib lity . Let p ~ x ν = B p ~ x be a co-inductive deﬁn ition, let I be a closed term of th e same type as p , let R be a set of d erivations, and let S b e an I - indexed set of derivations. Let C be a formula do minated by p. W e deﬁne the parametr ic reducibility s ets RED p C [ R , S ] , consisting of derivations of type C [ I / p ] , b y induction on the size of C, as follows. (In the following, we shall r efer to C a s the type of RED p C [ R , S ] .) 1. If p do es not appear in C then RED p C [ R , S ] = R ↓ C . 2. If C = p ~ u, for some ~ u, then RED p C [ R , S ] = S ↓ I ~ u . 3. Otherwise, the fa mily of pa rametric r educibility sets { RED p C θ [ R , S ] } θ is the sma llest fa mily that satisﬁ es th e following: for every θ and for every derivation Π of type C θ [ I / p ] , Π ∈ RED p C θ [ R , S ] if one of the following holds: (a) Π ends with mc, and all its r educts ar e in RED p C θ [ R , S ] . (b) Π ends with ⊃ R , i.e., Π ′ Γ , B − → D [ I / p ] Γ − → B ⊃ D [ I / p ] ⊃ R Π ′ ∈ RED p D [ R , S ] , and for every substitution ρ and for every derivation Ξ of ∆ − → B ρ in R , we have mc ( Ξ , Π ′ ρ ) ∈ RED p D ρ [ R , S ] . (c) Π ends with a rule ρ other th an mc and ⊃ R , the mino r premis e deriva tions o f Π ar e normalizable, and its major pr emise derivations ar e in the parametric r educibility sets of the appr opriate types. From now on, when we write RED p C [ R , S ] , it is u nderstoo d that p is a co- inductive predicate, C is dominated b y p , R is a set o f deriv ations, and S is an I -indexed set of normalizable deriv ations, for some I . Note that in Deﬁnition 13 (3) , we deﬁne simultaneously the reducibility sets RED P C θ [ R , S ] for all substitution θ . This is because in the case the deriv ation Π ends with eq L , reducibility of Π may depend on the reducibility of (possibly in ﬁnitely m any) d eriv ations which are in RED p C ρ [ R , S ] for some ρ . Since C ρ is of the same size as C θ , its 21 parametric reducib ility set may not yet be deﬁned by in duction on the size. W e theref ore need to deﬁne this and other reducibility sets which are indexed by instances of C simultaneously . As with th e deﬁnition of no rmalizability , clause (3) in Deﬁnitio n 13 deﬁnes a monoto ne ﬁxed p oint operato r (assuming the parametric reducib ility sets of sma ller types ha ve been ﬁxed), and it therefore indu ces a well-fou nded tree of der iv ations in the family { RED p C θ [ R , S ] } θ . It is immed iately clear from the deﬁnition that a deriv ation Π ′ in the family is a predecessor of Π (in the same family) if either – Π ends with a left rule and Π ′ is a major premise of Π , or – Π ends with mc and Π ′ is a reduct of Π . W e sha ll call the well-founded tree of successi ve pred ecessors of a deriv ation Π in the family { RED p C θ [ R , S ] } θ the parametric r eduction of Π . As with the norm alization of a deriv ation, it ha s an associated indu ction prin ciple. Note that, howe ver , th is orderin g on derivati ons is deﬁned only in the case wher e C satisﬁes the syntactic con dition deﬁned in Deﬁnition 13(3) , i.e., it contains at least an occurre nce of p and is not an atomic formu la. The deﬁnition of parametric reducib ility can be seen as deﬁning a function on S -in dexed sets. In the case where the type of the par ametric reducib ility set is the body of the co- inductive deﬁnition for p , this fun ction correspon ds to the underly ing ﬁxed point operato r for p . W e shall now deﬁne a class o f S -ind exed sets which are closed under this ﬁxed point op erator . These sets, c alled saturated sets in the following, can be seen as p ost-ﬁxed points of the ﬁx ed point operator for the co-in ductive deﬁnition for p . They will be used in d eﬁning the reducibility of deriv ations inv olving the co-indu ction rule CI R . Deﬁnition 14. Let ∀ ~ x . p ~ x ν = B p ~ x be an co-in ductive deﬁn ition. Let S be a closed term of th e same type as p. Let Π S be a derivation of S ~ x − → B S ~ x. Let R be a set of derivations. An S- indexed set S is a ( R , Π S ) -saturated set if th e following hold: 1. Every derivation in S is normalizab le. 2. If Π ∈ S th en Πθ ∈ S for an y θ . 3. If Π ∈ S a nd Π is of type S ~ u for some ~ u, then mc ( Π , Π S [ ~ u / ~ x ]) ∈ RED p B p ~ u [ R , S ] . 5.4 Reducibility W e now deﬁne a family of reducible sets RED i of lev el i . Deﬁnition 15. Reducibility . W e deﬁne the fam ily { RED i } i of reducib le sets of l evel i by induction o n i. In deﬁning the r educible set of level i, we assume tha t r educible sets of smaller levels have been deﬁn ed. Each set RED i the smallest set that satisﬁes the following: F or every derivation Π of le vel i, Π ∈ RED i if one of the following holds: 1. Π ends with mc and all its r educts ar e in RED i . 2. Π is Π ′ Γ , B − → D Γ − → B ⊃ D ⊃ R , Π ′ ∈ RED lvl ( D ) , an d for every substitution θ and for every derivation Ξ of ∆ − → B θ in RED lvl ( B θ ) , we have mc ( Ξ , Π ′ θ ) ∈ RED lvl ( D θ ) . 3. Π ends with CI R , i.e., Π is Π ′ Γ − → S ~ t Π S S ~ x − → B S ~ x Γ − → p ~ t CI R wher e p ~ x ν = B p ~ x , Π ′ and Π S ar e normalizable, and ther e e xists a ( R , Π S ) -saturated set S , w her e R = S { RED j | j < i } , such that Π ′ ∈ S . 4. Π ends with a rule ρ other than mc and ⊃ R , the minor pr e mise derivations of Π ar e normalizable, and its major pr emise derivations ar e in the r edu cibility sets of the appr opriate le vels. 22 As in the deﬁnition of n ormalizab ility , each clause in the d eﬁnition of redu cibility asserts th at a der iv ation is reducible provided that certain other d eriv ations, called the predecessors o f the d eriv ation, are reducible . The deﬁnition of redu cibility ind uces a well-fo unded order ing on deri vations in the re ducibility sets. W e shall r efer to this ordering as r educibility ordering and the induc ed well-founded tree as the r eduction of the deriv ation. W e say that a derivation is r educible if it is in RED i for some i . Lemma 13. Every r educible derivation is normalizable. Pr oof. Giv en a red ucible derivation Π , it is straightfo rward to sho w by induction on its re duction that it is norm alizable. In the case where Π ends with CI R , by the deﬁnition of saturated sets (Deﬁnition 14) and reducibility (Deﬁnition 15), its premise deriv ations are normalizab le, and therefore Π is also normalizable. ⊓ ⊔ Lemma 14. If Π is r educible then for every derivation θ , Πθ is also r educible. Pr oof. The proof is by induction on the r eduction of Π . W e consider two non-trivial cases here: the case where Π ends with mc and the case where it ends with CI R . For the form er , supp ose tha t Π = mc ( Π 1 , . . . , Π n , Π ′ ) . By Lemma 7, ev ery reduct of Πθ , say Ξ , is the r esult of substituting a reduct of Π . By induction hy pothesis, every red uct of Πθ is reducible, hence Πθ is also reducible. W e now consider the case Π ends with CI R , i.e., Π is Π ′ Γ − → S ~ t Π S S ~ x − → B S ~ x Γ − → p ~ t CI R where p ~ x ν = B p ~ x . Let i be the le vel of p and let R = S { RED j | j < lvl ( p ) } . By the deﬁnitio n of r educibility , we have that Π ′ and Π S are both norm alizable, and moreover , there exists a ( R , Π S ) -saturated set S , such that Π ′ ∈ S . Suppose that ~ u = ( ~ t ) θ . T o sho w tha t Πθ i s reducible, we must ﬁrst show that both Π ′ θ and Π S are norma lizable. T his is straightfor ward from t he f act that both Π ′ and Π S are norma lizable an d that normalisation is closed under substitution s (Lemma 12 ). I t r emains to show that th ere exists a ( R , Π S ) -saturated set S ′ such that Π ′ θ ∈ S ′ . L et S ′ = S . Since saturated sets are closed under substitution and Π ′ ∈ S ′ , we have Π ′ θ ∈ S ′ . ⊓ ⊔ Lemma 15. Let p b e a co-indu ctive predicate, let S be a clo sed term o f the sa me type as p. Let R = S { RED j | j < lvl ( p ) } , let S = [ { Ξ | Ξ is r educible and has type S ~ t for some ~ t } and let C be a formula do minated by p. Then for every r edu cible derivation Π of type C [ S / p ] , Π ∈ RED p C [ R , S ] . Pr oof. By induction on the reduction o f Π . If p d oes not occur in C the n Π ∈ R , sinc e in this case lvl ( C ) < lv l ( p ) (recall that C is domin ated by p ), therefore Π ∈ RED p C [ R , S ] . If C = p then Π ∈ S (since Π is r educible) , hen ce Π ∈ RED p C [ R , S ] . Th e oth er cases follow f rom straightforwardly f rom ind uction h ypoth esis. W e show h ere th e case where Π ends with ⊃ R . Π ′ Γ , B − → D [ S / p ] Γ − → B ⊃ D [ S / p ] ⊃ R Note that in this case C = B ⊃ D , and p does not occur in B by the restriction on C ( p do minates C ). Since Π is reducible, we have that Π ′ is a reducib le predecessor of Π , and for ev ery s ubstitution θ and ev ery reducible deriv ation Ξ of type B θ , we have mc ( Ξ , Π ′ θ ) is also a reducib le predecessor o f Π . It thus follows from in duction hyp otheses that Π ′ ∈ RED p D [ R , S ] an d for every Ξ ∈ R of type B θ (which is reducible b y the deﬁnitio n of R ), mc ( Ξ , Π ′ θ ) ∈ RED p D θ [ R , S ] . Therefore , by the deﬁnition of parametric reducibility , we have that Π ∈ RED p C [ R , S ] . ⊓ ⊔ 5.5 Reducibility of unf olded derivations The following lemmas state that redu cibility is preserved by (co)inductive un folding , under certain assumptions. Lemma 16. Inductive unfo lding. Let p ~ x µ = B p ~ x be an inductive d eﬁnition . Let Π S be a r ed ucible derivation o f B S ~ x − → S ~ x . Let Π b e a r educible derivation o f Γ − → C such that p domina tes C. S uppo se the following statements hold: 23 1. F or every derivation Ξ of ∆ − → B p ~ u, if µ ( Ξ , Π S ) is r educible, then the deriva tion mc ( µ ( Ξ , Π S ) , Π S [ ~ u / ~ x ]) is r e - ducible. 2. F or every r ed ucible derivation Ξ of ∆ − → S ~ u the derivation mc ( Ξ , Id S ~ u ) is r educible. 3. The derivation ind ( Π S , Id S ~ u ) is r educible, for every ~ u o f the appr opriate types. Then the derivation µ p C ( Π , Π S ) of Γ − → C [ S / p ] is r educible. Pr oof. By induction on the reductio n o f Π . W e show the non-trivial cases, assuming that p is not vacuous in C . T o simplify pr esentation, we shall write µ ( ., . ) instead of µ p F ( ., . ) , since in ea ch of the following cases, it is easy to infer from the context which F we are referrin g t o. 1. Suppo se Π ends with init rule on p ~ u . Then µ ( Π , Π S ) = ind ( Π S , Id S ~ u ) , which is reduc ible by assumption . 2. Suppo se Π ends with ⊃ R , that is, C = C 1 ⊃ C 2 . Π ′ Γ , C 1 − → C 2 Γ − → C 1 ⊃ C 2 ⊃ R By the restriction on C , we know that p is v acuous in C 1 , hence C [ S / p ] = C 1 ⊃ C 2 [ S / p ] . By the deﬁnition o f reducibility , the der iv ation Π ′ is redu cible and for every substitution θ and every reducible deriv ation Ψ of ∆ − → C 1 θ , the deriv ation Ξ Ψ ∆ − → C 1 θ Π ′ θ Γθ , C 1 θ − → C 2 θ ∆ , Γθ − → C 2 θ mc is reducible. W e want to show that the deri vation µ ( Π , Π S ) µ ( Π ′ , Π S ) Γ , C 1 p − → C 2 S Γ − → C 1 p ⊃ C 2 [ S / p ] ⊃ R is reducible. This reduces to showing that µ ( Π ′ , Π S ) is reducib le and that Ψ ∆ − → C 1 θ µ ( Π ′ , Π S ) θ Γθ , C 1 θ − → C 2 θ [ S / p ] ∆ , Γθ − → C 2 θ [ S / p ] mc is reducible. Th e ﬁrst follows f rom induction hy pothesis on Π ′ . F or th e second de riv ation, we know from Lemma 5 that µ ( Π ′ , Π S ) θ = µ ( Π ′ θ , Π S ) . It follows from this and the deﬁnition of inductive unfolding (Deﬁnition 8) that mc ( Ψ , µ ( Π ′ , Π S ) θ ) = mc ( Ψ , µ ( Π ′ θ , Π S )) = µ ( mc ( Ψ , Π ′ θ ) , Π S ) = µ ( Ξ , Π S ) W e can ap ply ind uction h ypoth esis on Ξ , since it is a pred ecessor of Π , to estab lish the redu cibility of µ ( Ξ , Π S ) . This, together with reducibility of µ ( Π ′ , Π S ) implies that µ ( Π , Π S ) is reducib le. 3. Suppo se Π ends with I R rule on p ~ u . Π ′ Γ − → B p ~ u Γ − → p ~ u I R Then µ ( Π , Π S ) is the derivation µ ( Π ′ , Π S ) Γ − → B S ~ u Π S [ ~ u / ~ x ] B S ~ u − → S ~ u Γ − → S ~ u mc The derivation µ ( Π ′ , Π S ) is reducible by induc tion hypoth esis. This, to gether with assump tion (1) of the lem ma, imply that µ ( Π , Π S ) is reducib le. 24 4. Suppo se Π ends with mc . Π 1 ∆ 1 − → D 1 · · · Π n ∆ n − → D m Π ′ D 1 , . . . , D m , Γ ′ − → C ∆ 1 , . . . , ∆ m , Γ ′ − → C mc Then µ ( Π , Π S ) is the derivation Π 1 ∆ 1 − → D 1 · · · Π n ∆ n − → D m µ ( Π ′ , Π S ) D 1 , . . . , D m , Γ ′ − → C [ S / p ] ∆ 1 , . . . , ∆ m , Γ ′ − → C [ S / p ] mc By the deﬁn ition of reducibility , e v ery reduct of Π is red ucible. W e need to show that every reduct of µ ( Π , Π S ) is reducible. From Lemm a 8 , we k now that for the ca se where C is n ot atomic every red uct of µ ( Π , Π S ) correspon ds to some reduct o f Π . Similarly , f or the case where Π ′ ends with a ru le oth er th an init or I R , by Lemma 9, the redu cts of µ ( Π , Π S ) are in one- to-one correspond ence with the reducts of Π . T herefo re in these cases, the inductive hypoth - esis can be ap plied to show the re ducibility of each red uct o f µ ( Π , Π S ) . This lea ves us the following two cases, where C = p ~ u and Π ′ ends with either I R or init rules. – Suppose Π ′ is the deriv ation Π ′′ D 1 , . . . , D m , Γ ′ − → B p ~ u D 1 , . . . , D m , Γ ′ − → p ~ u I R Let Ξ 1 be the deriv ation  Π j ∆ j − → D j  j ∈{ 1 ,..., m } Π ′′ D 1 , . . . , Γ ′ − → B p ~ u ∆ 1 , . . . , ∆ m , Γ ′ − → B p ~ u mc then the deriv ation Ξ 1 ∆ 1 , . . . , ∆ m , Γ ′ − → B p ~ u ∆ 1 , . . . , ∆ m , Γ ′ − → p ~ u I R is a red uct of Π (by the reductio n rule − / I R ), an d there fore by th e de ﬁnition of reducib ility both this red uct and Ξ 1 are reducible predecessor s of Π . Let Ψ be the deriv ation µ ( Π ′′ , Π S ) D 1 , . . . , Γ ′ − → B S ~ u Π ′ S B S ~ u − → S ~ u D 1 , . . . , Γ ′ − → S ~ u mc Then the deriv ation µ ( Π , Π S ) is the following  Π j ∆ j − → D j  j ∈{ 1 ,..., m } Ψ D 1 , . . . , Γ ′ − → S ~ u ∆ 1 , . . . , ∆ m , Γ ′ − → S ~ u mc The only applicable reduction rule to µ ( Π , Π S ) is − / mc , which gives us the reduct Ξ Ψ ′ ∆ 1 , . . . , ∆ m , Γ ′ − → B S ~ u Π ′ S B S ~ u − → S ~ u ∆ 1 , . . . , ∆ m , Γ ′ − → S ~ u mc , where Ψ ′ is the deriv ation  Π j ∆ j − → D j  j ∈{ 1 ,..., m } µ ( Π ′′ , Π S ) D 1 , . . . , Γ ′ − → B S ~ u ∆ 1 , . . . , ∆ m , Γ ′ − → B S ~ u mc Notice that Ψ ′ is exactly µ ( Ξ 1 , Π S ) , and is reducible by induc ti ve h ypoth esis. Ther efore assumption (1) ap plies, and the reduct Ξ is reduc ible, hence µ ( Π , Π S ) is also redu cible. 25 – Otherwise, suppo se Π ′ ends with init , then D 1 = p ~ u and Π is the deriv ation Π 1 ∆ 1 − → p ~ u p ~ u − → p ~ u init ∆ 1 − → p ~ u mc The only reduct of Π is Π 1 since the o nly applicable reduction is − / init . On the o ther hand, the deriv ation µ ( Π , Π S ) is Π 1 ∆ 1 − → p ~ u Π S B S ~ x − → S ~ x Id S ~ u − → S ~ u p ~ u − → S ~ u I L ∆ 1 − → S ~ u mc Its only reduct is (by ∗ / I L ) µ ( Π 1 , Π S ) ∆ 1 − → S ~ u Id S ~ u − → S ~ u ∆ 1 − → S ~ u mc The der iv ation µ ( Π 1 , Π S ) is reducible by ind uctive hypothesis ( Π 1 is a pr edecessor of Π ) and assumption (2 ) applies, and the above reduct is reduc ible. ⊓ ⊔ Remark 1. Intuitively , condition (1) of Lemma 16 can be seen as asserting that the set of red ucible deriv ations whose types are instances of S ~ x form s a pre-ﬁxed point of the ﬁxed point operator induced by the inductiv e deﬁnition of p . Lemma 17. Co-induc ti ve unfolding . Let p ~ x ν = B p ~ x be a co-inductive deﬁnition. Let Π S be a normalizable derivation of S ~ x − → B S ~ x fo r some invariant S. Let R = { RED j | j < lvl ( p ) } , and let S be a ( R , Π S ) -saturated set. Let Π be a derivation of Γ − → C [ S / p ] for some C domin ated by p. If Π ∈ RED C [ R , S ] the n ν p C ( Π , Π S ) is r educible. Pr oof. By induction on the size of C , with sub -indu ction on the p arametric reduction o f Π . As in the proof of in ductive unfold ing, we omit the subscript and superscript in the ν functio n to simplify the pre sentation of the proof. 1. If p is n ot free in C , then ν ( Π , Π S ) = Π . Since Π ∈ RED C [ R , S ] , it f ollows from the deﬁnition of parametr ic reducibility that Π ∈ R , hence it is reducible by assumption. 2. Suppo se C = p ~ u . Then C [ S / p ] = S ~ u and ν ( Π , Π S ) is the deriv ation Π Γ − → S ~ u Π S S ~ x − → B S ~ x Γ − → p ~ u CI R T o show that this deriv ation is redu cible, we ﬁ rst sho w that there exist a ( R , Π S ) -saturated set S ′ such that Π ∈ S ′ . Since Π ∈ RED p p ~ u [ R , S ] , b y th e deﬁnition of parametr ic reducib ility , we hav e Π ∈ S . Let S ′ = S . Then S ′ is indeed a ( R , Π S ) -saturated set contain ing Π . It remains to show that both Π and Π S are nor malizable. This follows from the assumption on Π S and the fact that saturated sets contain only normalizable deriv ations. 3. Suppo se p occur s in C but C 6 = p ~ u for any ~ u . There are sev eral subcases, depending on the last rule in Π . Then we show by induction on parame tric reducibility of Π that it is also reducible. (a) The base cases are those where Π ends with a rule with empty premises and where Π ends with a right- introdu ction rule. I n the former case, its red ucibility is immediate from the deﬁnition of r educibility (D ef- inition 1 5). F or the latter , in m ost ca ses, th e r educibility of Π f ollows from the outer induc tion hyp othesis (since in this case, the p remise deri vations of Π are in the parametric redu cibility sets of smaller types) and Deﬁnition 15. W e show here a no n-trivial ca se inv olving implicatio n-righ t: Supp ose Π ends with ⊃ R , i.e., C = C 1 ⊃ C 2 for some C 1 and C 2 . Π ′ Γ , C 1 − → C 2 [ S / p ] Γ − → C 1 ⊃ C 2 [ S / p ] ⊃ R 26 Note that p is vacuous in C 1 by the restriction on C . Th e deriv ation ν ( Π , Π S ) is ν ( Π ′ , Π S ) Γ , C 1 − → C 2 Γ − → C 1 ⊃ C 2 ⊃ R T o show th at ν ( Π , Π S ) is red ucible, we need to sho w that ν ( Π ′ , Π S ) is red ucible, an d f or every θ and e very Ψ ∈ RED C 1 θ , we have mc ( Ψ , ν ( Π ′ , Π S ) θ ) ∈ RED C 2 θ . The parametric r educibility o f Π implies that Π ′ ∈ RED C 2 [ R , S ] and for ev ery θ and e very deriv ation Ψ ′ ∈ R , mc ( Ψ ′ , Π ′ θ ) ∈ RED C 2 θ [ R , S ] . N ote that Ψ is in R since lvl ( C 1 θ ) < lvl ( p ) . Theref ore we also ha ve mc ( Ψ , Π ′ θ ) ∈ RED C 2 θ [ R , S ] . By the outer induction hypothesis, we ha ve that both ν ( Π ′ , Π S ) and ν ( mc ( Ψ , Π ′ θ ) , Π S ) are re ducible. It remains to sho w that the mc ( Ψ , ν ( Π ′ , Π S ) θ ) is reducible. Note that by Lemma 6 this derivation is eq uiv alent to mc ( Ψ , ν ( Π ′ θ , Π S )) . T o show that this d eriv ation is red ucible, there are two cases to con sider . If C 2 is non -atomic then it is easy to see tha t mc ( Ψ , ν ( Π ′ θ , Π S )) is equivalent to ν ( mc ( Ψ , Π ′ θ ) , Π S ) , which is reducible by the outer inductio n hypoth esis. If, howe ver , C 2 = p ~ u for some ~ u , th en mc ( Ψ , ν ( Π ′ θ , Π S )) is the deriv ation (supposing that the end sequent of Ψ is ∆ − → C 1 θ ): Ψ ∆ − → C 1 θ Π ′ θ C 1 θ , Γθ − → S ~ u Π S S ~ x − → B S ~ x C 1 θ , Γθ − → p ~ u CI R ∆ , Γθ − → p ~ u mc T o show that th is deriv ation is redu cible, we mu st show that all its r educts are reducible. There is only on e reduction rule that is applicab le in t his case, i.e., the − / CI R -case, which leads to the follo wing deriv ation: Ψ ∆ − → C 1 θ Π ′ θ C 1 θ , Γθ − → S ~ u ∆ , Γθ − → S ~ u mc Π S S ~ x − → B S ~ x ∆ , Γθ − → p ~ u CI R . But notice that this is exactly the d eriv ation ν ( mc ( Ψ , Π ′ θ ) , Π S ) , which is re ducible by the ou ter induction hypoth esis. Having sho wn that ν ( Π ′ , Π S ) and mc ( Ψ , ν ( Π ′ , Π S ) θ ) are reducible, we hav e suf ﬁcient conditions to conclud e that ν ( Π , Π S ) is indeed reducib le. (b) For the inductive cases, Π en ds eith er with mc or a left-rule. W e show the former case he re (the other cases are straightforward) . Suppose Π is Π 1 ∆ 1 − → D 1 · · · Π n ∆ n − → D m Π ′ D 1 , . . . , D m , Γ ′ − → C [ S / p ] ∆ 1 , . . . , ∆ n , Γ ′ − → C [ S / p ] mc Then ν ( Π , Π S ) is the derivation Π 1 ∆ 1 − → D 1 · · · Π n ∆ n − → D m ν ( Π ′ , Π S ) D 1 , . . . , D m , Γ ′ − → C ∆ 1 , . . . , ∆ n , Γ ′ − → C mc The deriv ation ν ( Π , Π S ) is red ucible if e very reduct of ν ( Π , Π S ) is also reducible. From Lemma10, it follo ws that every reduct of ν ( Π , Π S ) is of the fo rm ν ( Ξ , Π S ) wh ere Ξ is a reduct of Π . Since all r educts of Π are predecessor s of Π in the parametric reducibility ordering, we can apply the inductive h ypoth esis to show that ev ery reduct of ν ( Π , Π S ) is reducib le, hence ν ( Π , Π S ) is also redu cible. ⊓ ⊔ 27 5.6 Cut elimination Most cases in the cut elimin ation proof for L inc − in the fo llowing are similar to those of F O λ ∆ I N . Th e cru cial d iffer - ences are in the handlin g o f the es sential cut reductions f or inducti ve and co-inductive r ules. 4 In the case of deriv ations of inductiv e predicates, a cr ucial part of the proof is in establishing that the S -indexed set of red ucible der iv ations (where S is an inducti ve inv ariant) satisﬁes the conditions of Lem ma 16 (in effect, demonstrating that the said set forms a pre-ﬁxed point). Dually , in the case for co-indu ctiv e pro ofs, one must show that t he S -in dexed set of reducible deriv ations, where S is a co-inductiv e inv ariant, forms a saturated set (i.e., a post ﬁxed point of the co-inductive deﬁni- tion in volved). Lemma 18. F or any derivation Π of B 1 , . . . , B n , Γ − → C, for any r educible derivations Π 1 ∆ 1 − → B 1 , . . . , Π n ∆ n − → B n wher e n ≥ 0 , and for any substitutions δ 1 , . . . , δ n , γ such that B i δ i = B i γ for every i ∈ { 1 , . . . , n } , the derivation Ξ Π 1 δ 1 ∆ 1 δ 1 − → B 1 δ 1 · · · Π n δ n ∆ n δ n − → B n δ n Πγ B 1 γ , . . . , B n γ , Γγ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc is r educible. Pr oof. The proof is b y induction on indm ( Π ) with subordinate indu ction o n ht ( Π ) , on n and on the reductio ns of Π 1 , . . . , Π n . The pro of does not rely on th e or der of the ind uctions on reductions. Th us wh en we need to distinguish one of the Π i , we shall re fer to it as Π 1 without loss of gen erality . Th e deriv ation Ξ is reducible if all its reducts are reducible. If n = 0, then Ξ redu ces to Πγ , thus in this case we show that Π γ is r educible. Since reducibility is pr eserved b y substitution (Lemm a 14), it is eno ugh to show that Π is red ucible. This is proved by a case a nalysis of th e last ru le in Π . For each case, the result f ollows easily from the induction hypo thesis on ht ( Π ) and Deﬁn ition 15. The ⊃ R ca se requires that substitution for v ariables does no t increa se the m easures o f a deri vation. In the cases for ⊃ L and I L we need th e addition al info rmation that reducibility implies norm alizability (Le mma 13). The ca se for CI R requ ires special attention. Let p ~ x ν = D p ~ x be a co -inductive deﬁn ition. Suppose Π is the deriv ation Π ′ Γ − → S ~ t Π S S ~ x − → D S ~ x Γ − → p ~ t CI R for some inv ariant S . Let R = S { RED j | j < lvl ( p ) } . T o show that Π is redu cible we must show th at its pr emises are nor malizable and tha t there exists a ( R , Π S ) -saturated set S such that Π ′ ∈ S . T he for mer follows from the outer induction hypothe sis and Lemma 13. For the latter , the set S is deﬁned as follows: S = { Ψ | Ψ is a reducib le deriv aiton of type S ~ u , f or some ~ u } . Since Π ′ is redu cible b y indu ction hypo thesis, we hav e Π ′ ∈ S . It rema ins to show that S is a ( R , Π S ) -saturated set. More speciﬁcally , we sho w that S has the following proper ties. 1. Every deriv ation in S is normalizable. 2. If Ψ ∈ S then Ψθ ∈ S for any θ . 3. If Ψ ∈ S an d Ψ is of type S ~ u for some ~ u , then mc ( Ψ , Π S [ ~ u / ~ x ]) ∈ RED p B p ~ u [ R , S ] 4 W e also note that McDowell and Miller’ s proof of cut elimination for F O λ ∆ I N gi ven in [25] appears to contain a small gap in the proof of a main technical l emma. More speciﬁcally , they use a simil ar technical l emma as Lemma 18, but without the extra assumptions about the su bstitutions δ 1 , . . . , δ n , θ . The pro blem with their formulation o f the lemma ap pears in the case in volving the eq L / ◦ L reduction r ule. This problem is ﬁ xed in our cut elimination proof with the more general stat ement of Lemma 18. See http://www .lix.polytech nique.fr/ dale/papers/tcs00.errata.html for details of the errata in their paper . 28 Property (1) follows fr om the fact that reducibility implies normalizability (Lemma 13). Property (2) follows from the fact that redu cibility is closed und er substitution (Lemma 1 4). T o prove (3), ﬁrst notice that by Lemma 2, indm ( Π S [ ~ u / ~ x ]) ≤ indm ( Π S ) = ind m ( Π ) and ht ( Π S [ ~ u / ~ x ]) ≤ ht ( Π S ) < ht ( Π ) . Th erefore, by the ou ter indu ction hypothesis, we have that mc ( Ψ , Π S [ ~ u / ~ x ]) is reducib le. By Lem ma 1 5, we ha ve th at mc ( Ψ , Π S [ ~ u / ~ x ]) ∈ RED p B p ~ u [ R , S ] . The refore, S is a ( R , Π S ) - saturated set containing Π ′ , hence Π is reducible. For n > 0, we analyze all possible cut reduction s an d show fo r each c ase the redu ct is reducible. Some cases follow immediately from inductive h ypoth esis. W e show here the non-tr i vial cases. ⊃ R / ⊃ L : Sup pose Π 1 and Π are Π ′ 1 ∆ 1 , B ′ 1 − → B ′′ 1 ∆ 1 − → B ′ 1 ⊃ B ′′ 1 ⊃ R Π ′ B 2 , . . . , Γ − → B ′ 1 Π ′′ B ′′ 1 , B 2 , . . . , Γ − → C B ′ 1 ⊃ B ′′ 1 , B 2 , . . . , B n , Γ − → C ⊃ L The deriv ation Ξ 1 Π 2 δ 2 ∆ 2 δ 2 − → B 2 δ 2 . . . Π n δ n ∆ n δ n − → B n δ n Π ′ γ B 2 γ , . . . , B n γ , Γγ − → B ′ 1 γ ∆ 2 δ 2 , . . . , ∆ n δ n , Γγ − → B ′ 1 γ mc is reducib le by ind uction hypothesis since indm ( Π ′ ) ≤ indm ( Π ) and ht ( Π ′ ) < ht ( Π ) . Since Π 1 is reducible, by Deﬁnition 15 the deriv ation Ξ 2 Ξ 1 ∆ 2 δ 2 , . . . , Γγ − → B ′ 1 γ Π 1 δ 1 B ′ 1 δ 1 , ∆ 1 δ 1 − → B ′′ 1 δ 1 ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → B ′′ 1 δ 1 mc is a predece ssor of Π 1 and therefore is reducible. The reduct of Ξ in this case is the following deriv ation Ξ 2 . . . − → B ′′ 1 δ 1  Π i δ i ∆ i δ i − → B i δ i  i ∈{ 2 .. n } Π ′′ γ B ′′ 1 γ , . . . , B n γ , Γγ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ , ∆ 2 δ 2 , . . . , ∆ n γ , Γγ − → C γ mc c L ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ which is reducib le by induction hyp othesis and Deﬁnition 15. ∀ L / ∀ R : Suppose Π 1 and Π are Π ′ 1 ∆ 1 − → B ′ 1 [ y / x ] ∆ 1 − → ∀ x . B ′ 1 ∀ R Π ′ B ′ 1 [ t / x ] , B 2 , . . . , B n , Γ − → C ∀ x . B ′ 1 , B 2 , . . . , B n , Γ − → C ∀ L Since we id entify d eriv ations that d iffer only in the choice of in termediate eigenv ariables that are not free in the end sequents, we can choose a variable y such that it is not free in the domains and ranges of δ 1 and γ . W e assume without loss of gen erality that x is chosen to b e fr esh with respect to th e free variables in the substitutio ns so we can push the substitutions und er the bind er . The deriv ation Ξ is t hus Π ′ 1 δ 1 ∆ 1 δ 1 − → B ′ 1 δ 1 [ y / x ] ∆ 1 δ 1 − → ∀ x . B ′ 1 δ 1 ∀ R . . . Π ′ γ B ′ 1 γ [ t γ / x ] , . . . , Γγ − → C γ ∀ x . B ′ 1 γ , . . . , Γγ − → C γ ∀ L ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc Let δ ′ 1 = δ 1 ◦ [ t γ / y ] . The reduct of Ξ in this case is Π ′ 1 δ ′ 1 ∆ 1 δ 1 − → B ′ 1 δ 1 [ t γ / x ] . . . Π ′ γ B ′ 1 γ [ t γ / x ] , . . . , Γγ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc which is reducib le by induction hyp othesis. 29 eq R / eq L : Sup pose Π 1 and Π are ∆ 1 − → s = t eq R  Π ρ B 2 ρ , . . . , B n ρ , Γρ − → C ρ  ρ s = t , . . . , B n , Γ − → C eq L Then Ξ is the deriv ation ∆ 1 δ 1 − → ( s = t ) δ 1 eq R · · ·  Π γ ◦ ρ ′ B 2 γρ ′ , . . . , B n γρ ′ , Γρ ′ − → C γρ ′  ρ ′ ( s = t ) γ , . . . , B n γ , Γγ − → C γ eq L ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc The eq R tells us that s and t are uniﬁable via empty sub stitution (i.e., they a re the same normal terms). The reduct of Ξ Π 2 δ 2 ∆ 2 δ 2 − → B 2 δ 2 . . . Π γ B 2 γ , . . . , Γγ − → C γ ∆ 2 δ 2 , . . . , ∆ n δ n , Γγ − → C γ mc ∆ 1 δ 1 , ∆ 2 δ 2 , . . . , ∆ n δ n , Γγ − → C γ w L is therefor e reducible by inductio n hypothesis. ∗ / I L : Sup pose Π is the deriv ation Π S D S ~ x − → S ~ x Π ′ S ~ t , Γ − → C p ~ t , Γ − → C I L where p ~ x µ = D p ~ x . Let p ~ u be the result of applyin g δ 1 to p ~ t . Then Ξ is the d eriv ation Π 1 δ 1 ∆ 1 δ 1 − → p ~ u · · · Π n δ n ∆ n δ n − → B n δ n Π S D S ~ x − → S ~ x Π ′ γ S ~ u , . . . , Γγ − → C γ p ~ u , . . . , Γγ − → C γ I L ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc The deriv ation Ξ reduces to the deriv ation Ξ ′ µ ( Π 1 , Π S ) δ 1 ∆ 1 δ 1 − → S ~ u · · · Π n δ n ∆ n δ n − → B n δ n Π ′ γ S ~ u , Γγ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc Notice that we have used the fact that µ ( Π 1 δ 1 , Π S ) = µ ( Π 1 , Π S ) δ 1 in the deriv ation a bove, which follows from Lemma 5. Therefore, in order to prov e that Ξ ′ is reducible, it remains to sho w that the unf olding of Π 1 produ ces a reducible deriv ation. This will be proved using Lemma 16 , but we shall ﬁrst prove the following properties, which are the condition s for applyin g Lemma 16: 1. For ev ery der iv ation Ψ of ∆ − → D p ~ s , if µ ( Ψ , Π S ) is redu cible, then the d eriv ation mc ( µ ( Ψ , Π S ) , Π S [ ~ s / ~ x ]) is reducible. 2. For e very reducible deri vation Ψ of ∆ − → S ~ u th e deriv ation mc ( Ψ , Id S ~ u ) is reducib le. 3. The derivation in d ( Π S , Id S ~ u ) is red ucible, for e very ~ u of the appr opriate types. T o prove (1), we obser ve that ind m ( Π S [ ~ u / ~ x ]) ≤ indm ( Π S ) < ind m ( Π ) , so by the o uter induction hypo thesis, th e deriv ation mc ( µ ( Ξ , Π S ) , Π S [ ~ u / ~ x ]) is reducib le. Pro perty (2) is proved similarly , by ob serving that indm ( Id S ~ u ) < indm ( Π ) (sin ce identity derivations do not use the I L rule; c.f. L emma 4). Pro perty (3) fo llows from the fact that Id S ~ u is r educible and that Π S is r educible ( hence, also norm alizable). Having shown these th ree p roper ties, using Lemma 16 we conclude th at µ ( Π 1 , Π S ) is reducible, hence, by the outer induction ( Π ′ is smaller than Π ), th e reduct Ξ ′ is reducible. 30 CI R / CI L : Supp ose Π 1 and Π are Π ′ 1 ∆ 1 − → S ~ t Π S S ~ x − → D S ~ x ∆ 1 − → p ~ t CI R Π ′ D p ~ t , B 2 , . . . , Γ − → C p ~ t , B 2 , . . . , Γ − → C CI L where p ~ x ν = D p ~ x . Sup pose ( p ~ t ) δ 1 = ( p ~ t ) γ = p ~ u . Th en Ξ is the deriv ation Π ′ 1 δ 1 ∆ 1 δ 1 − → S ~ u Π S S ~ x − → D S ~ x ∆ 1 δ 1 − → p ~ u CI R · · · Π ′ γ D p ~ u , . . . , Γγ − → C γ p ~ u , . . . , Γγ − → C γ CI L ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc Let R = S { RED F | lvl ( F ) < lvl ( p ) } . Since Π 1 is re ducible, there exists a ( R , Π S ) -saturated set S suc h that Π ′ 1 ∈ S . Let Ξ 1 be the deriv ation Π ′ 1 δ 1 ∆ 1 δ 1 − → S ~ u Π S [ ~ u / ~ x ] S ~ u − → D S ~ u ∆ 1 δ 1 − → D S ~ u mc Since S is a ( R , Π S ) -saturated set, by Deﬁnition 14, Ξ 1 ∈ RED p D p ~ u [ R , S ] . It then fo llows from Lemma 17 that ν ( Ξ 1 , Π S ) is reducib le. The reduct of Ξ is the deriv ation ν ( Ξ 1 , Π S ) ∆ 1 δ 1 − → D p ~ u · · · Π n δ n ∆ n δ n − → B n δ n Π ′ γ D p ~ u , . . . , B n γ , Γγ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc . Its reducib ility follows from the reducibility of ν ( Ξ 1 , Π S ) and the outer induction hyp othesis. ⊃ L / ◦ L : Supp ose Π 1 is Π ′ 1 ∆ ′ 1 − → D ′ 1 Π ′′ 1 D ′′ 1 , ∆ ′ 1 − → B 1 D ′ 1 ⊃ D ′′ 1 , ∆ ′ 1 − → B 1 ⊃ L Since Π 1 is reducible, it follows from Deﬁnition 15 that Π ′ 1 is normalizable and Π ′′ 1 is reducib le. Let Ξ 1 be the deriv ation Π ′′ 1 δ 1 D ′′ 1 δ 1 , ∆ ′ 1 δ 1 − → B 1 δ 1 Π 2 δ 2 ∆ 2 δ 2 − → B 2 δ 2 · · · Πγ B 1 δ 1 , . . . , Γγ − → C γ D ′′ 1 δ 1 , ∆ ′ 1 δ 1 , ∆ 2 δ 2 , . . . , Γγ − → C γ mc Ξ 1 is reducible by induction hypo thesis o n the reduction o f Π 1 ( Π ′′ 1 is a predecessor of Π 1 ). The reduct of Ξ in this case is the deriv ation Π ′ 1 δ 1 ∆ ′ 1 δ 1 − → D ′ 1 δ 1 w L ∆ ′ 1 δ 1 , ∆ 2 δ 2 , . . . , Γγ − → D ′ 1 δ 1 Ξ 1 D ′′ 1 δ 1 , ∆ ′ 1 δ 1 , ∆ 2 δ 2 , . . . , Γγ − → C γ ( D ′ 1 ⊃ D ′′ 1 ) δ 1 , ∆ ′ 1 δ 1 , ∆ 2 δ 2 , . . . , Γγ − → C γ ⊃ L Since Π ′ 1 is norma lizable and s ubstitutions preserve n ormalizab ility , b y Deﬁnition 11 the lef t premise of the reduct is normalizab le, and hence the reduct is redu cible. eq L / ◦ L : Suppose Π 1 is  Π ρ ∆ ′ 1 ρ − → B 1 ρ  ρ s = t , ∆ ′ 1 − → B 1 eq L 31 Then Ξ is the deriv ation  Π δ 1 ◦ ρ ′ ∆ ′ 1 δ 1 ρ ′ − → B 1 δ 1 ρ ′  ρ ′ ( s = t ) δ 1 , ∆ ′ 1 δ 1 − → B 1 δ 1 eq L Π 2 δ 2 ∆ 2 δ 2 − → B 2 δ 2 · · · Πγ B 1 γ , . . . , Γγ − → C γ ( s = t ) δ 1 , ∆ ′ 1 δ 1 , ∆ 2 δ 2 , . . . , Γγ − → C γ mc Notice that each premise d eriv ation Π δ 1 ◦ ρ ′ of Π 1 δ 1 is a also a p remise deriv ation of Π 1 , since for every uniﬁer ρ ′ of ( s = t ) δ 1 , there is a uniﬁer of s = t , i.e., the substitution δ 1 ◦ ρ ′ . Theref ore e very Π δ 1 ◦ ρ ′ is a pr edecessor of Π 1 . Let Ξ ρ ′ be the deriv ation Π δ 1 ◦ ρ ′ 1 ∆ ′ 1 δ 1 ρ ′ − → B 1 δ 1 ρ ′ Π 2 δ 2 ρ ′ ∆ 2 δ 2 ρ ′ − → B 2 δ 2 ρ ′ . . . Πγρ ′ B 1 γρ ′ , . . . , Γγρ ′ − → C γρ ′ ∆ ′ 1 δ 1 ρ ′ , ∆ 2 δ 2 ρ ′ , . . . , Γγρ ′ − → C γρ ′ mc . The reduct of Ξ  Ξ ρ ′ ∆ ′ 1 δ 1 ρ ′ , . . . , Γγρ ′ − → C γρ ′  ρ ′ ( s = t ) δ 1 , ∆ ′ 1 δ 1 , . . . , Γγ − → C γ eq L is then reducib le by Deﬁnition 15. I L / ◦ L : Suppose Π 1 is Π S D S ~ x − → S ~ x Π ′ 1 S ~ t , ∆ ′ 1 − → B 1 p ~ t , ∆ ′ 1 − → B 1 I L Since Π 1 is redu cible, it follo ws from the deﬁnition of reducibility that Π ′ 1 is redu cible predecessor of Π 1 and Π S is normalizab le. Suppose p ~ u = ( p ~ t ) δ 1 = ( p ~ t ) γ . Let Ξ 1 be the deriv ation Π ′ 1 δ 1 S ~ u , ∆ ′ 1 δ 1 − → B 1 δ 1 · · · Π n δ n ∆ n δ n − → B n δ n Πγ B 1 γ , . . . , B n γ , Γγ − → C γ S ~ u , ∆ ′ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ mc Ξ 1 is reducible by inductio n on the reductio n of Π 1 , therefo re t he reduct of Ξ Π S D S ~ x − → S ~ x Ξ 1 S ~ u , ∆ ′ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ p ~ u , ∆ ′ 1 δ 1 , . . . , ∆ n δ n , Γγ − → C γ I L is reducible. − / ⊃ L : Su ppose Π is Π ′ B 1 , . . . , B n , Γ ′ − → D ′ Π ′′ B 1 , . . . , B n , D ′′ , Γ ′ − → C B 1 , . . . , B n , D ′ ⊃ D ′′ , Γ ′ − → C ⊃ L Let Ξ 1 be Π 1 δ 1 ∆ 1 δ 1 − → B 1 δ 1 · · · Π n δ n ∆ n δ n − → B n δ n Π ′ γ B 1 γ , . . . , B n γ , Γ ′ γ − → D ′ γ ∆ 1 δ 1 , . . . , ∆ n δ n , Γ ′ γ − → D ′ γ mc and Ξ 2 be Π 1 δ 1 ∆ 1 δ 1 − → B 1 δ 1 · · · Π n δ n ∆ n δ n − → B n δ n Π ′′ γ B 1 γ , . . . , B n γ , D ′′ γ , Γ ′ γ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , D ′′ γ , Γ ′ γ − → C γ mc 32 Both Ξ 1 and Ξ 2 are reducible by inductio n hypo thesis. Therefore the reduct of Ξ Ξ 1 ∆ 1 δ 1 , . . . , ∆ n δ n , Γ ′ γ − → D ′ γ Ξ 2 ∆ 1 δ 1 , . . . , ∆ n δ n , D ′′ γ , Γ ′ γ − → C γ ∆ 1 δ 1 , . . . , ∆ n δ n , ( D ′ ⊃ D ′′ ) γ , Γ ′ γ − → C γ ⊃ L is reducible (reduc ibility of Ξ 1 implies its norm alizability by Lemma 12). − / CI R : Sup pose Π is Π ′ B 1 , . . . , B n , Γ − → S ~ t Π S S ~ x − → D S ~ x B 1 , . . . , B n , Γ − → p ~ t CI R , where p ~ x ν = D p ~ x . Sup pose p ~ u = ( p ~ t ) δ 1 = ( p ~ t ) γ . Let Ξ 1 be the deriv ation Π 1 δ 1 ∆ 1 δ 1 − → B 1 δ 1 · · · Π n δ n ∆ n δ n − → B n δ n Π ′ γ B 1 γ , . . . , B n γ , Γγ − → S ~ u ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → S ~ u mc . The deriv ations Π ′ γ , Π S , Ξ 1 and the deriv ation Ψ ∆ ′ − → S ~ w Π S [ ~ w / ~ x ] S ~ w − → D S ~ w ∆ ′ − → D S ~ w mc , where Ψ is any reduc ible derivation, are all reduc ible by in duction hypo thesis on the leng th o f Π . Again , we use the same arguments as in the case where n = 0 to con struct a ( R , Π S ) -saturated set S such that Ξ 1 ∈ S . Therefo re by Deﬁnition 15, the reduct of Ξ : Ξ 1 ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → S ~ u Π S S ~ x − → D S ~ x ∆ 1 δ 1 , . . . , ∆ n δ n , Γγ − → p ~ u CI R is reducible. mc / ◦ L : Sup pose Π 1 ends with a mc . Then any reduct of Π 1 δ 1 correspo nds to a p redecessor of Π 1 by Le mma 7. Therefo re the reduct of Ξ is reduc ible by i nduction on the redu ction of Π 1 . − / init : Ξ reduces to Π 1 δ 1 . Since Π 1 is reducible, by Lemma 14, Π 1 δ 1 is reducible and hence Ξ is reducible. ⊓ ⊔ Corollary 1. Ev ery derivation is r e ducible. Pr oof. The proof follows from Lemma 18, by s etting n = 0. ⊓ ⊔ Since reducibility implies cut-eliminatio n, i t follows that e very proof can be transformed into a cut-free proof. Corollary 2. Given a ﬁx ed stratiﬁed deﬁnition, a sequent has a pr oo f in Linc − if and only if it has a cut-fr ee pr oo f. The consistency of Lin c − is an immediate consequen ce of cut-elimination. By consistency we mean the following: giv en a ﬁxed stratiﬁed deﬁnition and an arbitrary formu la C , it is no t the case that both C and C ⊃ ⊥ are provable. Corollary 3. Th e logic Linc − is consistent. Pr oof. Suppose otherwise, th at is, there is a fo rmula C such that th ere is a proof Π 1 of C and ano ther pr oof Π 2 for C ⊃ ⊥ . Since cut elimination holds, we can assume, without loss of genera lity , th at Π 1 and Π 2 are cut free. By inspection of the inference rules of Linc − , we see that Π 2 must end with ⊃ R , that is, Π 2 is Π ′ 2 C − → ⊥ − → C ⊃ ⊥ ⊃ R Cutting Π 1 with Π ′ 2 we get a deriv ation of · − → ⊥ , and applyin g the c ut-elimination procedu re we get a cut-fre e deriv ation o f · − → ⊥ . But th ere canno t be such a d eriv ation since there is n o right-in trodu ction rule for ⊥ , contradiction . ⊓ ⊔ 33 6 Related W ork Of co urse, there is a lon g association betwee n m athematical log ic and indu ctiv e deﬁnitions [ 2] and in particu lar with proof -theory , starting with the T akeuti’ s conjectu re, the earliest rele v ant en try fo r our pur poses bein g Martin-L ¨ of ’ s original formula tion of the theory of iterated inductive deﬁnition s [24]. From the impredicative e ncoding of indu ctiv e types [7] and the intro duction of (c o)recur sion [16, 29] in system F , (co) inductive types becam e common and made it into ty pe-theo retic proo f assistants su ch as Coq [37], ﬁrst v ia a prim itiv e recursive o perator, but e ventually in th e let-rec style of functio nal programm ing languages, as in Gimenez ’ s Calculus of Inﬁ nite Constructions [18] ; here termination (resp. prod uctivity) is ensured by a sy ntactic check known as guarded by destructors [17]. Note that Coq forb ids altogether th e intro duction of blo cks of m utually depen dent types co ntaining both in ductive and co-inductive ones, ev en tho ugh they could b e stratiﬁed. Moreover, while a syntactic chec k has obviou s advantages, it tends to be too restrictiv e, as observed and imp roved upon in [6] by usin g ty pe b ased ter mination. Th e same can b e said abo ut Ag da [36], where size types termination will ev entually supersede guardedness [28]. Baelde and Miller have recently introd uced an extension of linear logic with least and greatest ﬁxed points [5]. Howe ver , cu t elim ination is proved ind irectly v ia a second -ord er encoding o f the least and the gr eatest ﬁxed point operator s into h igher-order lin ear logic and via an ap peal to com pleteness of focused proo fs for higher-order linea r logic. Circular proofs are also connected with the emerging proof-th eory of of ﬁx ed point logics and process calculi [48, 55], as well as in traditional sequent calculi such as in [8]. The issue is the equiv alence between systems with local vs global induction, that is, between ﬁxed point rules vs. well-founded and guarded induction ( i.e . circular proofs). In the sequent calculus it is unknown whether ev ery inductive pr oof can be obtained via global induction. In high er order log ic (co)in ductive deﬁnitions are obtained via the usual T arski ﬁxed p oint con structions, as rea lized for example in Isabelle/HOL [38]. As we mentioned before, those appro aches are at odd with HOAS e ven at the level of the syntax. This issue has originated a research ﬁeld in its o wn that we can only try to mention the main contend ers: in the T welf system [41] the LF type theor y is used to encod e ded uctive systems as judgm ents and to specify meta- theorems as relatio ns (typ e families) among them; a lo gic programmin g-like inter pretation provid es an operational semantics to those relations, so that an external check for totality (incorpora ting terminatio n, well-modedness and coverage [42, 53] ) veriﬁes that t he gi ven relation is indeed a realizer for that theorem. Coinduction is still unaccounted for and may r equire a switch to a different operation al semantics for L F . There exists a second app roach to r easoning in LF that is b uilt on the idea o f devising an e xplicit (m eta-)meta- logic ( M ω ) for reasoning (in ductively) abou t the framework, in a fully automated way [52] . It can be seen as a constru ctiv e ﬁrst-order induc ti ve ty pe the ory , whose quantiﬁers ra nge over p ossibly op en LF o bjects over a signature. In this calculus it is possible to express and in duc- ti vely prove meta-logical prope rties of an object le vel system. M ω can be also seen as a depen dently-ty ped functional progr amming language, a nd as such it has been reﬁned ﬁrst in to the Elphin pr ogramm ing languag e [54] an d mo re recently in Delphin [4 7]. In a similar vein the co ntext mo dal logic of Pien tka, Pfenn ing and Naneski [ 34] pr ovides a basis for a d ifferent found ation for p rogram ming with HO AS and depe ndent ty pes b ased on hered itary substitutio ns, see the progra mming lan guage Beluga ( [43, 44]). Because all o f these systems are progr amming lang uages, we refrain from a deeper discussion. W e o nly note that systems like Delp hin or Beluga separate data from c omputatio ns. This means they are always based on eager evaluation, whereas co -recursive functions sho uld be in terpreted lazily . Using standard technique s such as thunks to simulate lazy e v aluation in such a context s eems problema tic (Pientka, personal commun ication). W eak high er-or d er abstract syntax [11] is an approa ch that strives to co-exist with an in ductive setting, wher e the positivity co ndition for datatypes and hypothetical judgmen ts must be ob eyed. T he pro blem of n egativ e occu rrences in datatypes is handled by replacing them with a new type. The approac h is extended to hypo thetical judg ments b y introdu cing distinct predicates fo r the negative o ccurren ces. Some axioms are need ed to reason about h ypothe tical judgmen ts, to mimic what is inf erred by the cut r ule in our a rchitecture. Miculan et a l. ’ s fram ew ork [ 22] emb races this axiomatic ap proach extending Coq with the “ theory of co ntexts” (T oC). The theo ry includes ax ioms fo r th e the reiﬁcation of key p roperties o f names ak in to fr e shness . Further more, h igher-order induction and r ecursion sch emata on expressions are a lso assumed. Hybrid [3 ] is a λ -calculus o n top of Isabelle/HOL which provides th e user with a Full HOAS s yntax, com patible with a classical (co)-in ductive setting. L inc − improves on the latter on se veral counts. First it disposes of Hy brid notion of a bstraction , which is used to car ve out th e “param etric” function spac e fr om the full HOL space. Mo reover it is not restricted to second-o rder abstract syntax, as the curren t Hybrid version is (and as T oC canno t escape from be ing). Fina lly , at higher ty pes, reasonin g via def L is more p owerful than in version, which does not exploit higher-order uniﬁcation. 34 T oC can be seen as a stepping stone to wards Gab bay and Pitts n ominal logic , wh ich aims to b e a foundation of progr amming and reasoning with names . It can be presented as a ﬁrst-order theory [45], which includes primitiv es for variable renam ing and variable freshness, and a (deriv ed) new “fre shness” qu antiﬁer . Using this theor y , it is p ossible to prove pr operties by structural induction an d a lso to de ﬁne functions by recursion over syn tax [ 46]. Ur ban et al. ’ s have eng ineered a nominal d atatype packag e inside Isabelle/HOL [35] analogous to the standard datatype package b ut deﬁning equi v alence classes of t erm constructors. In more recent v ersions, principles of primitiv e r ecursion and stron g induction ha ve been added [60]. Coinductio n on nominal datatypes is not a v ailable, but to be fair it is also absent from Isabelle/HOL due to some technical limitations in the automatio n of the inductive package 7 Conclusion and Futur e W ork W e ha ve presented a p roof theoretical tr eatment of bo th in duction and co-ind uction in a sequ ent calculus compatible with HOAS en coding s. Th e proo f pr inciple un derlyin g the explicit pr oof rules is basically ﬁxed p oint (co )inductio n. W e have shown some examples where informa l (co)inductive proof s using inv ariants and simu lations are r eprod uced formally in Linc − . Consistency of the logic is an easy consequence of cu t-elimination . Ou r proof system is, as far as we know , the ﬁrst which incorpor ates a co-induction proof rule with a direct cut elimination proof . This schema can be u sed as a springbo ard tow ards cut eliminatio n p rocedu res for mor e expre ssi ve (conservati ve) e xtensions of Linc − , fo r examp le in the direction of F O λ ∇ [31], or more recently , the logic LG ω [57] by T iu and the logic G by Gacek et al. [14]. As far as f uture work, we ma y investigate loosening the stratiﬁcation c ondition for examp le in the sense of local stratiﬁcation, po ssibly allowing to encode pro ofs such as type preservation in ope rational semantics directly in Linc − rather than with the 2-level approach [2 6, 32 ]. More general n otions of stratiﬁcations are alread y allowed in practice, see the proof by logical relations in [15], but not formally justiﬁed. Another interesting problem is the con nection with cir cular pr o ofs , which is par ticularly attractiv e from the view- point of proof search, both inductively and co-inductively . This could be realized by directly pr oving a cut-elimination result fo r a logic where cir cular pro ofs, und er termination and guarded ness conditions comp letely replace ( co)indu ctiv e rules. Indeed , the question whether “globa l” proofs are equi valent to “local” proo fs [8] is still unsettled. Acknowledgements T he L inc − logic was dev eloped in collabor ation with Dale Miller . Alberto Momig liano has been supporte d by EPSRC grant GR/M98555 and par tly by the MRG p roject (IST -2 001-3 3149 ), fun ded by the EC under the FET proactive initiati ve on Global Computin g. Refer ences [1] S. Abramsky and C.-H. L. Ong. Full abstraction in the lazy lambda calculus. Inf. Comput. , 105(2):159 –267, 1993. [2] P . Aczel. An introduction t o inductiv e deﬁnitions. In J. Barwise, editor, Handbook of Mathematical Logic , v olume 90 of Studies in Logic and the F ounda tions of Mathematics , chapter C.7, pages 739–7 82. North-Holland, Amsterdam, 1977. [3] S. Ambler , R. Crole, and A. Momigliano. Combining higher order abstract syntax with tactical theorem proving and (co)induction. In V . A. Carre ˜ no, editor, Pr oceedings of the 15th International Confer ence on Theor em Pro ving in Higher Or der Log ics, Hampton, V A, 1-3 A ugust 2002 , volume 2342 of LNCS . Springer V erlag, 2002. [4] F . Baader an d W . Snyder . Uniﬁcation theo ry . In J. A. Robinson and A. V oronko v , editors, Handbook of Au tomated Reasoning , pages 445–532 . Elsevier an d MIT Press, 2001. [5] D. Baelde and D. Miller . Least and greatest ﬁxed points in linear logic. In LP AR , Lecture Notes in Computer S cience, pages 92–106 . S pringer , 2007 . [6] G. Barthe, M. J. Frade, E. Gim ´ enez, L. Pinto, and T . Uustalu. T ype-based termination of recursi ve deﬁnitions. Mathematical Structur es in Computer Science , 14(1):97–141, 2004. [7] C. Bohm and A. Berarducci. Auto matic synthesis of typed lambda -programs on term algebras. Theor etical Computer Science , 39(2-3):13 5–153, Aug. 1985. [8] J. Brotherston and A. S impson. Complete sequent calculi for induction and inﬁnite descent. In LIC S , pages 51–62. IEEE Computer Society , 2007. [9] K. L. Clark. Negation as failure. In J. Gallaire and J. Minker , editors, Logic and Data Bases , pages 293–322. Plenum Press, Ne w Y ork, 1978. [10] N. de Bruijn. A plea for weake r framewo rks. In G. Huet and G. Plotkin, editors, Logical F r ameworks , pag es 40–67. Cambridge Univ ersity Press, 1991 . 35 [11] J. Despeyroux, A. Felty , and A. Hirschowitz. Higher-order abstract syntax in Coq. In Second International Confer ence on T yped Lambda Calculi and Applications , pages 124–138. Springer , Lectur e Notes in Computer Science , Apr . 1995. [12] J. Despey roux and A. Hirscho w itz. Higher -order abstract syntax with induction in Coq. In F if th Intern ational Confer ence on Logic Pr o gra mming and Automated Reason ing , pages 159–173, June 1994. [13] L.-H. Eri ksson. A ﬁnitary version of t he calculus of partial inductiv e deﬁnitions. In L.-H. Eriksson, L. Halln ¨ as, and P . Schroeder-Heister , editors, Proc eedings of the Second International W orkshop on Extensions to Logic P r o gramming , vol- ume 596 of Lectur e Notes in Artiﬁcial Intelligen ce , pages 89–134. Springer-V erlag, 1991. [14] A. Gacek, D. Miller , an d G. Nada thur . Combining generic judg ments with recursi v e deﬁnitions. In LICS , p ages 33–44 . IEEE Computer Society , 2008. [15] A. Gacek, D. Miller , and G. Nadath ur . Reasoning in Abella about structural operation al semantics speciﬁcations. In A. Abe l and C. Urban, editors, Informal pr oceed ings of LFMTP ’08 . T o appearin ENTCS , 200 8. [16] H. Geuv ers. I nducti ve and coinducti ve types with iteration and recursion. In B. Nordstr ¨ om, K. Pett ersson, and G. Plotkin, editors, Informal Pr oceed ings W orkshop on T ypes for Pro ofs and Pr o grams, B ˚ astad, Sweden , 8–12 J une 1992 , pages 193–217. Dept. of Computing Science, Chalmers Uni v . of T echn ology and G ¨ oteborg Univ ., 1992. [17] E. Gim ´ enez. Codifying guarded deﬁnitions with recursion schemes. In P . Dybjer and B. Nordstr ¨ om, editors, Selected P apers 2nd Int. W orkshop on T ypes for P r oofs and Pro gra ms, T YPES’94, B ˚ astad, Sweden, 6–10 Jun e 1994 , volume 996 of Lecture Notes in Computer Science , pages 39–59 . Springer-V erlag, Berlin, 199 4. [18] E. Gim ´ enez. Un Calcul de Constructions I nﬁnies et son Application a la V eriﬁcation des Systemes Communicants . PhD thesis PhD 96-11, Laboratoire de l’Informatique du Parall ´ elisme, Ecole Normale Sup ´ erieure de L yon , Dec. 1996. [19] J.-Y . Girard, P . T aylor , and Y . Lafont. Pr oofs a nd T ypes . Cambridge University Press, 198 9. [20] L. Halln ¨ as. Partial inducti v e deﬁnitions. Theor . Comput. Sci. , 87(1):115–142, 1991. [21] R. Harper , F . Honsell, and G. Plotkin. A framew ork for deﬁning logics. Jou rnal of the ACM , 40(1 ):143–184 , 1993. [22] F . Honsell, M. Miculan , and I. Scagnetto. An ax iomatic approach to metareasoning on nominal algebras i n HOAS. In F . Orejas, P . G. S pirakis, and J. v an Leeuwen, editors, ICALP , volume 2076 of Lectur e Notes in Computer Science , pages 963–97 8. Springer , 2001 . [23] B. Jacobs and J. Rutten. A tutorial on ( co)algebras and (co)induction. Bull etin of the E ur opea n A ssociation for T heor etical Computer Science , 62:222–2 59, June 1997. Surveys and T utorials. [24] P . Martin-L ¨ of. H auptsatz for the intuitionistic theory of iterated inducti v e deﬁnitions. In J. Fenstad, editor , Pro ceedings of the Second Sca ndinavian Logic Symposium , volume 63 of Studies in Logic an d the F ou ndations of Ma thematics , pages 1 79–216. North-Holland, 1971. [25] R. McDowell and D. Miller . Cut-elimination for a logic with deﬁnitions and induction. Theor etical Computer Science , 232:91–1 19, 2000. [26] R. McDo well and D. Miller . Reason ing with higher -order abstract syntax in a logical framewo rk. ACM Tr ansaction s on Computational Logic , 3(1):80–1 36, January 2002. [27] R. McDo well, D. Miller , and C. Palamidessi. Encoding transition systems in sequen t calculus. T CS , 294(3):41 1–437, 2003. [28] K. Mehltretter . T ermination checking for a dependently typed language. Master’ s thesis, LMU, Dec. 20 07. Diplomarbeit. [29] N. P . Mendler . Inducti ve types and type constraints in the second order lambda calculus. Annals of Pure and Applied L ogic , 51(1):159–1 72, 1991. [30] D. Miller . A logic programming language with lambda-abstraction, function v ari ables, and simple uniﬁcation. In P . Schroeder - Heister , editor , Extensions of Logic Pro gra mming: International W orkshop, T ¨ ubing en , volume 475 of L NAI , pa ges 253–281. Springer-V erlag, 19 91. [31] D. Miller and A. T iu. A proof theory for generic judgments. ACM T rans. Comput. Logic , 6(4):749 –783, 2005. [32] A. Momigliano and S. Ambler . Multi-lev el meta-reasoning wi th higher order abstract syntax. In A. Gordon, editor, FOS- SACS ’03 , volume 2 620 of LNCS , pages 375–392. Springer V erlag, 2003. [33] A. M omigliano a nd A. T iu. Induction and co-induction in sequent calculus. In S. Berardi, M. Coppo, and F . Damiani, editors, TYPES , volum e 3085 of Lectur e Notes in Computer Science , pages 293–30 8. Springer , 2003. [34] A. Nanev ski, B. Pientka, and F . Pfenning. Contextual modal type theory . ACM T ra nsactions on Computational Logic , 200? T o appear . [35] Nominal Methods Group. Nominal Isabelle. isabelle.in.tum.de/nominal/, 2008, Accessed 2 July 2008. [36] U. No rell. T owar ds a pr actical pro gr amming lan gua ge based on d ependent type theory . P hD thesis, Department of Computer Science and Engineering, Chalmers Uni versity of T echnology , SE- 412 96 G ¨ otebor g, Sweden, September 2007. [37] C. Paulin-Mohring. Induc tiv e deﬁnitions in the system Coq: Rules and properties. In M. Bezem and J. Groote, editors, P r o- ceedings of the International C onfer enc e on T yp ed Lambda Calculi and Applications , pages 328–34 5, Utrecht, The Nether- lands, Mar . 1993. Springer-V erlag LNCS 664. [38] L. C. Paulson. Mechanizing co induction and corecursion in higher-order logic. Jo urnal of Logic and Computation , 7(2):175– 204, Mar . 1997. [39] F . Pfenning. Logical frame wo rks. In A. Robinson and A. V oronko v , editors, Handbook of Automa ted Reasoning , chapter 17, pages 1063–11 47. E lsev ier Science Publisher and MIT Press, 2001. [40] F . Pfenning and C. Elliott. Higher-order abstract syntax. In PLDI , pages 199–208, 1988. 36 [41] F . Pfenning and C. Sch ¨ urmann. System des cription: T welf — a meta-logical frame work for deductiv e systems. In H. Ganzinge r , editor , Pro ceedings of the 16th International Confer ence on Automated Deduction (CADE-16) , pages 202 – 206, T rento, Italy , July 1999. Springer-V erlag LN AI 1632 . [42] B. Pientka. V erifying termination and r eduction properties about hig her-order logic programs. J . Autom. Reasoning , 34(2):179–2 07, 2005. [43] B. Pientka. A type-theoretic foundation for programming with higher-order abstract syntax and ﬁrst-class substitutions. In G. C. Necula and P . W adler , editors, POPL , pages 371–3 82. ACM, 2 008. [44] B. Pientka and J. Dunﬁeld. Programming with proofs and explicit conte xts. In PPDP . A CM Press, 200 8. [45] A. M. Pitts. Nominal logic, a ﬁrst orde r theory of names and binding. Information and Computation , 186(2):165–19 3, 2003. [46] A. M. Pitts. Alpha-structural recursion and induction. J. ACM , 53(3):459–50 6, 2006. [47] A. Poswolsk y and C. Sch ¨ urmann. Practical programming wi th higher-order encodings and dependent types. In S. Drossopoulou , editor, ESOP , v olume 4960 of Lectur e Notes in Computer Science , page s 93–107. S pringer , 2 008. [48] L. Santocanale. A calculus of circular proofs and its cate gorical semantics. In M. Nielsen and U. Engberg, editors, F oSS aCS , volume 2 303 of Lectur e Notes in Computer Science , pages 357–37 1. Springer , 2002. [49] P . Schroeder -Heister . Cut-elimi nation in logics wit h deﬁniti onal reﬂection. In D. Pearce and H. W ansing, editors, Nonclassical Logics and Information Pr ocessing , volume 619 of LNCS , p ages 146–171. Springer , 1992. [50] P . Schroeder -Heister . Deﬁnitional reﬂection and the completion. In R. Dyckho ff, editor , Pr oceedings of the 4th Intern ational W orkshop on Extensions of Logic Pr og ramming , pages 333–347 . Springer-V erlag LNAI 798, 1993. [51] P . Schroeder-Heister . Rules of deﬁniti onal reﬂection. In M. V ardi, editor, Eighth Annual Symposium on Logic in Computer Science , pages 222–2 32. I EEE Computer Society Press, IEEE, June 1993. [52] C. Sch ¨ urman n. Automating the Meta-Theory of Deductive Systems . P hD thesis, Carnegie-M ellon U ni versity , 2000. CMU- CS-00-146. [53] C. Sch ¨ urmann and F . Pfenning. A coverage checking algorithm for LF. In D. A. Basin and B. W olff, editors, TPHOLs , volume 2 758 of Lectur e Notes in Computer Science , pages 120–13 5. Springer , 2003. [54] C. Sch ¨ urmann, A. Posw olsky , and J. Sarnat. The ▽ -calculus. Functional programming with higher-o rder encodings. In Seven th International Confer ence on T yped Lambda Calculi and Applications , pages 339–353. Springer , Lecture Notes in Computer Science , Apr . 2005. [55] C. Spenger and M. Dams. On the structure of inductiv e reasonin g: Circular and t ree-shaped proofs in the µ -calculus. In A. Gordon, editor , FOSSA CS’03 , v olume 2620 of LNCS , pages 425– 440,. S pringer V erlag, 2003. [56] A. Tiu. A Logical Fr amewo rk f or Reasoning about Logical Speciﬁcations . PhD t hesis, Pennsylv ania S tate Unive rsity , May 2004. [57] A. T iu. A logic for reasoning about generic judgments. Electr . Notes Theor . Comput. Sci. , 174(5):3–18, 2007. [58] A. T iu and D. Miller . A proof search speciﬁcation of the pi-calculus. Electr . Notes Theor . Compu t. Sci. , 138(1):79–1 01, 2005. [59] A. F . T iu. Model checking f or pi-calculus using proof search. In Proc eedings of CONCUR 2005 , volume 3653 of Lectur e Notes in Computer Science , pages 36–50 . Springer , 2005 . [60] C. Urban and S. Berghofer . A recursion combinator for nominal datatypes implemented in Isabelle/HOL. In U. Furbach and N. Shankar , editors, IJCAR , volume 4130 of Lectur e Notes in Computer Scien ce , pages 498–512. S pringer , 2 006. 37

Induction and Co-induction in Sequent Calculus

Original Paper

Comments & Academic Discussion

Leave a Comment

Original Paper

Related Papers

Comments & Academic Discussion

Leave a Comment