The Grand Designer

Sequent calculus of constructions with linear types (Extended

Abstract)

Paolo TorriniDepartment of Computer Science, Swansea University

February 10, 2015

Abstract

We present a novel sequent calculus formulation of the Calculus of Constructions extended with lineartypes, using the dual sequent approach. We give a direct proof of the admissibility of the cut rules, basedon a decreasing measure defined on the typing derivations.

1 Introduction

Logical frameworks based on dependently typed lambda calculus and the Curry-Howard correspondencehave been extensively used in applications of mechanised theorem proving that include program verification,program extraction and semantics of programming languages [24]. Notably, such applications are not limitedto the formalisation of high-level languages. For example, the Coq theorem prover has been used to buildcompilers that are correct by construction, relying on its proof extraction features [20].

Several extensions of basic type systems are motivated by the use of type theory in the formalisation andimplementation of artefacts that involve low-level aspects and side-effects, often in connection with higher-levelfeatures such as parametric polymorphism [26]. Effect systems have been proposed to incorporate non-functional effects and destructive updates at the type level, sometimes relying on linearity and substructurallogic [29, 30].

The Coq theorem prover is based on the Calculus of Inductive Constructions (CIC), which extends theCalculus of Constructions (CC) [11] with inductive and coinductive type definitions [5]. The CC system is themost liberal in the lambda cube, allowing for types and terms to depend on each other in every possible sense[3]. This means that CC allows for types depending on terms in the style of LF, for unrestricted polymorphismin the style of system F, as well as for type level functions. Semantically, unrestricted polymorphism involvesdefinitions that refer to the collections being defined – what is usually known as impredicativity.

Intuitionistic linear logic (ILL) has been investigated mainly in connection with propositional, first orderand predicative higher-order systems [15, 4, 7]. ILL can be regarded as an important logical basis to dealwith effects, as it provides a notion of mutable state as part of the context of a derivation, without the needfor a monadic encoding of state. However, it has rarely been investigated in connection with more liberaltype systems that allow for impredicativity. Given the comparative success of Coq as a software verificationtool, and its use in formalising lower-level languages as well as polymorphic ones, it seems reasonable to ask aquestion about integrating linear types with the impredicative core of Coq – i.e., with CC.

Usually, type systems are defined as proof systems based on natural deduction. Assuming a sequentrepresents abstractly a derivation, natural deduction is based on rules that allow for the introduction andelimination of type constructors in the conclusion of that derivation. Sequent calculus provides an alternativeway to formalise a proof system, relying on rules that allow for the introduction of type constructors on theright and the left of the turnstile, i.e., in the conclusion and in the premises of the derivation represented bythe sequent. Systems of sequent calculus that allow for the admissibility of cut rules can be usually translated

1

into equivalent ones based on natural deduction. There is a close correspondence between cut elimination insequent calculus and normalisation in natural deduction [14].

The expressiveness of CC carries with itself distinctive features: on one hand, parametric polymorphismallows for formulations that are particularly concise, and it turns out often possible to give impredicative,higher-order definitions of operators that would otherwise be treated as primitives. Beyond conciseness,parametricity can be regarded as a powerful specification technique. Indeed, Church-style encodings provideways to get around limitations associated with monotonic inductive definitions [1], and can make it easier, forexample, to encode modular reasoning techniques such as data-types a-la-carte [13].

On the other hand, impredicativity makes it comparatively hard to reason about normalisation andtermination. Existing proofs of strong normalisation for CC are based on the use of candidates of reducibility[10] – a model theoretic technique originally introduced to prove the analogous property for system F [16]. Inthis paper, we provide an alternative approach to the formalisation and normalisation of CC, based on sequentcalculus. In section 2 we discuss motivation and give some background. In section 3 we present a sequentcalculus of construction with linear types, that we call LCC, based on a dual sequent approach. In section 5 wediscuss cut elimination, providing the highlights of the proof which is available in more detail in teh appendix.In section 6 we show how LCC has the expressiveness of CC extended with multiplicative-exponential lineartypes.

The strategy we use to prove cut elimination is comparatively similar to those used to deal with predicativesystems, relying on a notion of step-wise cut reduction [23, 22]. We use a decreasing measure that makes itpossible to deal syntactically with impredicativity by taking into account the complexity of the proof term,rather than simply that of the type. Its definition is significantly more complex than usual ones, though wedo not need to rely on a set theoretic construction, such as used in [10].

2 Proofs and computations

The typing relation, as much as logical consequence, is an inductively defined relation between premises (i.e.,the antecedent of a sequent) and a conclusion (its consequent). Giving rules to type value constructors andterm destructors leads to systems based on natural deduction. On the other hand, sequent calculus providerules to transform valid derivations, allowing for type constructors to be introduced on either side of theconsequence relation, thus increasing complexity, in some sense. Natural deduction may have a more intuitiveinterpretation in terms of proofs and computation, but the tendentially monotonic, analytic character ofsequent calculus can be useful in proving properties of a system, such as consistency and termination, as wellas in relationship with proof search.

Axioms in sequent calculus represent derivations that are unconditionally valid. From there, complexderivations can be constructed by rules that can be either operational ones, associated to type constructors,with left and right introduction, or else structural ones, such as thinning and contraction, acting solely on thecontext. From a program semantics point of view, this distinction may parallel one between types of termsand logical structure of contextual entities, as suggested in [21].

From a typing point of view, natural deduction provides a compositional way to type terms, whereassequent calculus provides essentially first of all a way to type normal forms. Reducible terms can then beobtained by forms of uniform substitution, corresponding to cut rules. In fact, cut-free derivations define adomain of abstract values, with respect to computations that can be represented as cut elimination.

Indeed, a cut rule can be interpreted computationally as the passing of an argument to a procedure, whereboth the procedure and the argument, meant as closed terms, are actually specified as sequents. In this sense,a computational state can be primarily thought of as a valid proof rather than as a well-typed term – thusmoving into a superficially monadic direction, comparable in some sense to modular operational semantics [9].A sequent can then be regarded as the specification of a concrete derivation (given as a proof tree). Reductiontakes place by applying transformation steps to the concrete proof, threading through abstract parameters(i.e., the context). Of course, this intuition comes mainly from a meta-linguistic level, closer to the spiritof logic programming. Nonetheless, it can draw an important connection between proofs and executablespecifications.

2

Interpreting sequent calculus rules as computational steps with respect to proof terms may involves moresubtlety. Gallier [14] insists on the use of let in connection with left introduction as a way to get controlover the evaluation strategy. Herbelin [18] introduces explicit substitution and gives an interpretation of cutelimination as substitution propagation. An interpretation of left introduction in terms of pattern matchingwas proposed in [6].

Shifting to dependent types, the proof theoretic benefits of sequent calculus become less obvious. Withtypes depending on terms, reduction appears at the type level, checking the well-formedness of contextsbecomes harder, and both aspect may spoil the analytic character of derivations. A further problem emergeswith impredicativity, as usual cut elimination techniques become insufficient. Nonetheless, there exist severalsequent calculus formulations of dependent type systems, mainly motivated by proof search.

In [25] a sequent calculus formalisation of the calculus of construction is given and proved equivalent toCC. Cut elimination is proved indirectly, appealing to the proof of strong normalisation for CC. Such proofuses candidates of reducibility, a technique based on a semantic interpretation of the calculus in set-theoreticmodels, analogous to a Kripke semantics [10]. A sequent calculus formalisation of pure type systems, includingCC, is given in [17], based on Kleene’s system G3. A more sophisticated formalisation of pure type systems,based on explicit substitution and on a focused calculus (hence strongly oriented toward proof search), hasbeen given in [19]. There, too, strong normalisation is proved indirectly, by appealing to equivalence with thenatural deduction systems.

Substructural logics introduce operational aspects that make it easier to reason about side-effects atthe logic level [29, 21, 28, 31]. Among them, linear logic and particularly its intuitionistic variant ILL [15],introduce a distinction between ephemeral and persistent premises [7], consistent with interpreting use ofarguments by functions as resource consumption. A linear premise or resource is used exactly once in aderivation — unlike non-linear ones that can be used any number of times. Linear premises form a multiset,hence derivations depend not only on their types, but also on their number, allowing for a quantitativeaccount of use. Linear types have been extensively used in reasoning about memory allocation [29, 30, 27, 8].

There are different ways to specify ILL – here we rely on the dual sequent approach introduced in [2],based on a sort distinction between linear variables and non-linear (or intuitionistic) ones. With respect toa semantic idea of sequents as basic constituents, it seems attractive to have a richer notion of context, interms of algebraic characterisation – an idea features strongly, e.g., in substructural operational semantics[21]. Their approach is to represent computation in terms of rewriting steps, which can be naturally encodedin linear logic. On the other hand, we are pursuing computation as cut elimination – and for this reason weare particularly interested in a direct proof of this property.

It is commonplace to distinguish between three sorts of operators within ILL [15]. Multiplicative operators– notably linear implication, the unit and the tensor product – behave in a properly linear way with respect toresource use. Exponential operators – especially exponentiation, intuitionistic implication and falsity – allowfor the encoding of intuitionistic logic in ILL. The additive operators introduce resource sharing – so additiveconjunction and choice. In LLC we only have function-like type constructors as primitives, associating eachvariable sort with a distinct form of binding — dependent product for non-linear variables, intuitionisticlinear implication for linear ones (we only consider types that are non-linear terms). Nonetheless, relying onimpredicative definitions, we can define all the multiplicative and exponential operators (section 5).

3 Language

The system LCC, here defined, integrates a sequent calculus version of multiplicative-exponential, dual ILL[2, 4, 7, 22] with higher-order dependent types (as in CC [11, 12]). Kinds are denoted Tj with j ∈ ω. Asa purely notational variant with respect to [11], we use T0 for P (i.e., P =df T0), and Tj with 0 < j forthe predicative hierarchy. The variables b, c, . . . ∈ Vars are split into two denumerably infinite subsets — thenon-linear variables x, y, . . . ∈ NV, and the linear ones v, u, . . . ∈ LV. Terms and types are simultaneouslydefined, and so their normal forms.

Kinds T =df Ti with i ∈ Nat

3

Variables b =df x | v

Terms N =df T | b | λx.N | N1 ·N2 | λv.N | N1ˆN2 | N1( N2 | ∀x : N1.N2

Normalised terms V =df T | b | λx.V | λv.V | b · V | bˆV | V1( V2 | ∀x : V1.V2

We use N,M, . . . as meta-variables for generic terms, A,B, . . . for terms that are types (i.e., typed bya kind), and V,U . . . for normalised terms. The primitive type constructors are ∀ (higher-order non-linearuniversal quantification, corresponding to the dependent product of CC), and ( (higher-order intuitionisticlinear implication). Intuitionistic implication (→) is the non-dependent case of ∀. At the term level, non-linear

abstraction λ is paired by non-linear application ·, and linear abstraction λ by linear application ˆ.We distinguish between terms only up to α-equivalence – i.e., each term stands implicitly for a set of

equivariant ones. Term reduction −→ is defined in the usual, context-free way, as the smallest relationwhich is closed with respect to β-reduction ( −→ β) and to congruence relative to the term constructors.

(λv.N)ˆK −→ β N [K/v]β1

(λx.N) ·M −→ β N [M/x] : A[M/x]β2

N −→ βN′

N −→ N ′βE N −→ N ′

λx.N −→ λx.N ′λE

N −→ N ′

λv.N −→ λv.N ′λE

N −→ N ′

NˆM −→ N ′ˆMÊ1

M −→ M ′

NˆM −→ NˆM ′Ê2

N −→ N ′

NˆM −→ N ′ˆMÊ1

M −→ M ′

NˆM −→ NˆM ′Ê2

A −→ A′

A( B −→ A′( B( E1

B −→ B′

A( B −→ A( B′( E2

A −→ A′

∀x : A.B −→ ∀x : A′.B∀E1

B −→ B′

∀x : A.B −→ ∀x : A.B′∀E2

Term equivalence ≡ is defined as reflexive, symmetric, transitive closure of −→ .Following the dual sequent approach, we consider the typing context as constituted of two parts: a linear

(sub)context, and a non-linear one. A non-linear context is a finite map that assigns types to non-linearvariables, a linear context is one that assigns types to linear variables. Concretely, we represent such finitemaps as sequences of variable declarations, assuming there are no repetitions, using the usual sequencenotation.

Non-linear contexts Γ =df · | Γ, x : ALinear contexts Φ =df · | Φ, v : A

In writing Γ, x : A,Γ′, we assume that Γ, i.e., the part of the context that comes before the declaration ofx, does not depend on x, whereas the remaining part Γ′ may. We treat permutation as implicit up to thisconstraint – i.e., we do not distinguish between Γ, x : A, y : B,Γ′ and Γ, y : B, x : A,Γ′ as long as A does notdepend on y and B does not depend on x.

A structural expression, ranged over by E, states either reduction or equivalence between two terms. Atyping judgement associates a type to a term. A context well-formedness judgement states that a globalcontext is well-formed.

Structural expressions E =df N1 ≡ N2 | N1 −→ N2

Generic judgements W =df N : A | Γ :: Ctx

4

We use W to range over judgements, and X for a generic expression (including terms, judgements,structural expressions, contexts, and sequents).

A sequent Ω has form Γ; Φ ` W . Ω represents abstractly the derivation of the consequent W (a judgement)from a context that includes a non-linear part Γ and a linear one Φ. On the other hand, a concrete derivationD is given as a proof tree. We write Γ ` W for Γ; · ` W , and ` W for · ` W .

We rely on usual notions of bound and free variables, denoting by X[M/b] capture-avoiding substitutionof a term for a free variable. A term is said to be non-linear when it does not contain any free occurrence oflinear variables.

4 Proof rules

4.1 Context formation

` · :: CtxC0

Γ ` A : T x /∈ Γ` Γ, x : A :: Ctx

C1

Well-formed non-linear contexts map non-linear variables to types that are well-formed with respect to asmaller context, so to avoid circular dependencies. C0 says that the empty context is well-formed, and this isactually the only axiom. In rule C1, A does not need to be a closed term. The premise says that A is a type,and it is well-formed in a context Γ with respect to which x is a fresh variable. Therefore, a variable cannothave a type that depends on it, neither directly, nor in the sense of mutual dependencies. There is no needfor requiring explicitly the well-formedness of Γ, i.e., for adding `Γ :: Ctx as a premise, as this will be provedanyway along with the well-formedness of A. Notice that the essential bit of this rule, from the point of viewof termination, is that the context in the premise is smaller.

4.2 Type formation

i < j ` Γ :: Ctx

Γ ` Ti : TjSF

Γ ` A : Ti Γ, x : A ` B : Tj ` Γ :: Ctx either 0 < (i, j) ≤ h or j, h = 0

Γ ` ∀x : A.B : Th∀F

Γ ` A : Ti Γ ` B : Tj ` Γ :: Ctx either 0 < (i, j) ≤ h or j, h = 0

Γ ` A( B : Th( F

A well-formed type, with respect to a non-linear context, is a term A for which we can derive A : T, forsome kind T (therefore, types are non-linear terms). Rule SF gives the subtyping relation for kinds, as in[11, 12]. ∀F is the type formation rule for dependent products, and similarly rule( F for linear implications.The type formation rules for ∀ are essentially the same in [12], section 11 – however, in order to make it withfewer rules (though slightly heavier side conditions), we use T0, as well as P, to denote the impredicativetype of propositions. The predicative hierarchy starts with T1.

4.3 Type conversion

0 < i < j Γ; Φ ` N : Ti

Γ ` N : TjKC

Γ; Φ ` N : A2 A1 −→ A2

Γ; Φ ` N : A1TC

Rule KC is kind conversion for the predicative hierarchy, as in CC [11, 12]. Type conversion is needed,as types may depend on terms that can be reduced. Rule TC gives a notion of conversion that suffices toobtain completeness with respect to equivalence. In fact, conversion in the opposite direction – from theredex to the reduced term – is admissible by inverting TC. Conversion of types in the context, also turns outto be admissible, as context formation rules lead back to type formation ones.

Notice that since TC replaces a term with an expanded one, it cannot break the analytic property – thetypes in the premises do not contain more symbols than those in the conclusion.

5

4.4 Structural rules

Γ ` A : TΓ; v : A ` v : A

LIdΓ, x : B; Φ, v : B ` N : A

Γ, x : B; Φ ` N [x/v] : ACP

The identity rule LId (not really an axiom, as A may not occur in Γ and thus has to be checked forwell-formedness), as well as the copy rule CP, are closely associated with dual ILL [7]. Nonetheless, similarproof primitives can be found, in a purely intuitionistic setting, as part in Herbelin’s system [18]. A generalform of identity (holding for any well-formed type) is needed here, as the system is impredicative. Assumingthe identity rule only for type variables would be too weak from the point of view of cut admissibility. Noticethat, although not an axiom, LId behaves as bottom line with respect to a linear part of a proof.

Reading proofs forward, rule CP involves discharging a linear variable (which must be actually used,and therefore is strict), substituting it with a non-linear one — thus making it strict, too. Reading rule CPbackward, a non-linear term is copied to a fresh linear variable (thus requiring evaluation, as it must be used).The intuitionistic version of the identity axiom can be easily derived from LId using CP.

From the point of view of termination, intuitively, the essential aspect of LId is that it involves a shiftfrom type checking in the conclusion to kind checking in the premise. In the case of CP, the variable v has tobe used, and therefore the number of applications of this rule is bounded by the structure of N .

4.5 Operational rules

Γ, x : A; Φ ` N : B

Γ; Φ ` λx. N : ∀x : A.B∀R

Γ; Φ, v : A ` N : B

Γ; Φ ` λv. N : A( B( R

Γ ` M : A Γ; Φ, v : B[M/x] ` N : C Γ ` ∀x : A.B : T

Γ; Φ, w : ∀x : A.B ` N [w ·M/v] : C∀L

Γ; ΦM ` M : A Γ; ΦN , v : B ` N : C Γ ` A( B : T

Γ; ΦM ,ΦN , w : A( B ` N [wˆM/v] : C( L

The operational rules form the semantic core of the formalisation. A term of type ∀x : A.B can beinterpreted as a function that expects a non-linear term M of type A to return a value of type B[M/x].Similarly, a term of type A( B can be interpreted as a linear function that expects a term of type A toreturn a value of type B. For each logic operator, the right rule corresponds to the construction of a value bymeans of a constructor (either λ or λ), the left one to the application of a term destructor (either · or ˆ),though not quite as directly as with an elimination rule in natural deduction. An intuitive forward reading,may treat the substitution of v as an application of an explicit substitution operator, along the lines of [18].Reading backward, w may be interpreted as a pattern, and v as the result of pattern matching [6].

With respect to termination, intuitively, types ∀x : A.B and A( B are structurally more complex thanA and B, and this essentially suffices for the right introduction rules and ( L. As to ∀L, although B[M/x]might not be simpler than ∀x : A.B, still N [w ·M/v] is more complex than N . This relies on the fact that vis used, and so, when N is in normal form, it is actually part of its syntax. In fact, variables that are notused can only be introduced by C1.

Nonetheless, this rule forces us to weaken the analytic property, as existence of a syntactical relationbetween types in the premises and types in the conclusion: it is no more possible to say that types in thepremises can only be sub-formulas of those in the conclusion – we need to allow for instances, too.

5 Computational properties

The analytic character of the proof rules, is anyway strong enough to ensure that it is not possible to derivearbitrary formulas, and therefore that, defining falsity by ⊥ =df ∀x : P. x, there can be no cut-free proof ofit.

6

Cut rules formalise meta-level substitution of terms for free variables. Three distinct rules are needed— Cut, CutG and CutS, corresponding respectively to substitution of terms for linear variables, and tosubstitution of non-linear terms for non-linear variables, in typing judgements and in context well-formednessjudgements.

Γ; ΦM ` M : B Γ; ΦN , v : B ` N : A

Γ; ΦM ,ΦN ` N [M/v] : ACut

Γ ` M : B Γ, x : B,Γ′; Φ ` N : A

Γ, (Γ′; Φ)[M/x] ` N [M/x] : A[M/x]CutG

Γ ` M : A ` Γ, x : A,Γ′ :: Ctx

` Γ,Γ′[M/x] :: CtxCutS

In the cut-free calculus, all the terms which form the object of typing judgements are in normal form —the only redexes can be in the types, introduced by means of conversion rule. Cut rules makes it possible tointroduce redexes at the object level — essentially, by substituting terms for variables introduced by leftrules. This does not necessarily guarantee that we can find a substitution for every possible expansion –hence, for completeness, rule TC is needed. On the other hand, reduction steps that can be applied to aredex, correspond closely to proof transformations that involve reducing, in some sense, the correspondingcut occurrence. In other terms, it is possible to simulate term reduction steps by carrying out correspondingproof transformations. Since proof transformations are clearly type preserving, this simulation provides anatural way to prove type preservation in the sense of subject reduction (SRed).

Γ; Φ ` N : A Γ; Φ ` N −→ N ′ : A

Γ; Φ ` N ′ : ASRed

The use of cut makes it comparatively easy to show the equivalence between systems based on sequentcalculus and the corresponding ones based on natural deduction. LCC is a conservative extension of CC (asformalised in [12]) – follows from the fact that rule ∀R is invertible (by induction on the structure of proofs),and therefore, given CutG and CutS, ∀L can be equivalently replaced with the corresponding eliminationrule. Cut elimination and the analytic property suffice to argue that LCC is a conservative extension.

From the fact that a cut-free proof corresponds to a term in normal form, follows that cut eliminationcorresponds to normalisation. In case eliminating cuts involve relying on a specific reduction order, the resultis weak normalisation. In case the cut reduction strategy is unconstrained, cut elimination corresponds tostrong normalisation. From strong normalisation and the local confluence property of the untyped calculus,confluence for the typed calculus follows by Newman’s Lemma.

The close correspondence between cut admissibility and normalisation, makes it possible to infer oneproperty from the other. CC is strongly normalising, as proved in [10] using candidates of reducibility.Therefore, by proving the equivalence w.r.t. provability between CC and the cut-free sequent calculus, onecan show that cut is admissible. However, we think it is interesting to prove cut elimination in a more directway.

5.1 Cut admissibility

In order to prove cut elimination directly, we need to show that cut occurrences can be reduced with respectto a measure, and eventually eliminated. Cut reduction, in general, is a proof transformation that can bedefined step-wise, by inverting an application of cut with respect to some of the rules that have been usedimmediately before in the derivation, hence somehow pushing the cut up the proof tree.

Cut reduction can be specified as a set of proof transformation rules, so to cover exhaustively all thepossible cases determined by the local structure of the derivation. Essentially, there are four sorts of cases.The first sort includes the cases in which the transformation eliminates an occurrence of cut (eliminationcases). The second sort includes the cases in which both the types involved in the substitution have been

7

freshly introduced (principal cases). The third sort includes the cases in which the type of the cut variablehas not been freshly introduced (right non-principal cases). The fourth sort includes the cases in which thetype of the cut variables has been freshly introduced, but the type of the cut term has not (left non-principalcases).

In order to prove that cut ’reduction’ is actually a reduction in the sense of a well-founded measure, andthus terminates, it is necessary to associate the proof with such a measure and show that this decreases aftereach transformation step.

We write D Ω meaning that D is a valid, concrete derivation of the sequent Ω. We write R(D1, . . . ,Dn)to denote the derivation obtained by applying rule R to the conclusions of derivations D1, . . . ,Dn. Given twoderivations D1,D2, we write D1 ≤ D2 to mean that D1 is a sub-derivation of D2 (in the sense of the sub-treerelation), and we write D1 < D2 when this relation is one of strict inclusion.

For a concrete derivation D, a measure MD can be defined by assigning a measure MC (rank) to eachoccurrence of a cut rule in D, then associating the derivation to the set of the maximal values among theranks (maximal rank set) and to the number of cut occurrences. The maximal rank set is decreased wheneverone of its element is replaced with a finite, possibly empty set of elements, each of which has a lower rank.

A decrease in MD corresponds to either (1) a decrease in the maximal rank set, or (2) a decrease in thenumber of cuts, with the maximal rank set staying the same.

The question is now, how to define the rank of a cut occurrence. In most non-dependently typed systems,such a measure can be defined out of two distinct ones [23] — one associated with the structure of the cutformula (degree), the other with the size of the proof tree (depth).

More precisely, the notion of depth of a cut occurrence (and similarly for any other rule occurrence) canbe defined as a well-founded partial order on proof trees.

Def. 1 The depth of cutb(D1,D∈) is greater than the depth of cutb′(D′1,D

′2) whenever

(1) D′1 ≤ D1 and D′s ≤ D2, and(2) either D′1 < D1 or D′2 < D2

Intuitively, a cut C1 has a lower depth than another one C2 when the two premises of C1 are sub-derivationsof the corresponding premises of C2 – at least one of them strictly. In general, most cases which are either insort three or four, can be associated with reduction steps that lead to cuts of lower depth.

Dependent types and impredicativity tend complicate the basic picture. Let us first consider the usualnon-dependent form of the cut rule.

Γ ` M : B Γ, x : B ` F : A

Γ ` F [M/x] : AUCut

With dependent types, substitution of a term for a variable may affect the judgement type as well as ofthe types of the variables declared in the conclusion. From the technical point of view of cut elimination,that the substitution required by a cut can affect the final type, turns out to be essential, e.g., to deal withthe principal case for ∀. It then turns out that it is also necessary to allow for the type of declared variablesto be affected – otherwise it would not be possible to invert an application of cut with one of ∀. Therefore,the non-dependent form of the cut rule needs to be strengthened to CutG.

Actually, the presence of dependencies in the context and of type level reduction turn out to be lessproblematic than they look. In fact, when the type of the cut term has been freshly modified by an applicationof a conversion rule, the trick consists of noticing that either we are in a right non-principal case, and we canreduce by inverting the cut with the last rule on the right branch, or we are in an elimination case, or elsethe type of the cut variable has been expanded by some other cut application – in which case, the order ofevaluation between the two occurrences is logically determined, as there is no choice.

However, the notion of depth alone does not suffice to eliminate cut, in general. The problematic casesare essentially those that introduce nested occurrences of cut – and these are, for LCC, all the principal cases(of ∀, ( and CP). As an example, consider the following derivation fragment.

8

Γ, x : φ ` K : ψ

Γ ` λx.K : ∀x : φ.ψ∀R

Γ `M : φΓ;u : ψ[M/x] ` N : AΓ ` ∀x : φ′.ψ′ : T

Γ;w : ∀x : φ.ψ ` N ′ : A∀L

Γ ` N ′′ : ACt

Cut reduction gives the following derivation.

Γ `M : φΓ, x : φ ` K : ψ

Γ ` K ′ : ψ[M/x]Cg

Γ;u : ψ[M/x] ` N : A

Γ ` N ′′′ : ACt

The induction hypothesis on the depth would suffice to eliminate the inner occurrence (i.e., Cg here).However, eliminating that occurrence might increase the size of the corresponding derivation, hence ultimatelydepth will not suffice to eliminate the new occurrence of Ct.

In an impredicative system, at this point it is possible to reason by induction on the complexity of the cuttype, i.e. resorting to the degree of the cut. However, in presence of impredicativity, this notion becomeshighly problematic, insofar as, e.g. (∀x : P.x( x)( (∀x : P.x( x) can be an instance of ∀x : P.x( x.

On the other hand, there is an intuitively clear sense in which the proof transformation above has areductive character: indeed, it reduces the number of applications of introduction rules, and particularly ofright introduction ones. Can this be turned into a general criterion? The answer depends on how we look ata derivation. If you treat it as a tree, as we did to compute the depth of the cut, the answer is negative. Ingeneral, reducing a cut may involve duplicating sub-derivations – this has effect of increasing the size of themain derivation, but also of increasing the number of rule applications, for any rule. However, if we can treata proof as a graph, i.e., by keeping sharing into account, then it is easy to see that no cut reduction stepinvolves increasing the number of occurrences of any introduction rule or of CP.

Therefore, a simple way to define a notion of rank that is appropriate for the definition of a decreasingmeasure, is to convert a proof tree to a proof graph (as a directed, acyclic graph). This can be done by asimple graph transformation process. We then define the degree of a cut as the number of the occurrences ofintroduction rules in the graph transform of the derivation.

As a matter of fact, transforming the proof tree to a graph as a whole probably introduces an aspect ofcomplexity that is not needed. All we need is that cut reduction steps introduce enough sharing to avoidduplication. To this purpose, it suffices to model cut reduction as graph transformation, rather than treetransformation, treating duplicate nodes as aliases. Then given a derivation D, it is comparatively easy todefine an algorithm that counts the occurrences of ∀R, ( R and CP, leaving out the aliases and the nodesabove them. It is then possible to define a notion of weight of a derivation as the numeric value obtained inthat way. The weight of a cut occurrence R(D1,D2) is defined as the weight of the same derivation.

One can see that in this sense, there exists a set of cut reduction rules which covers all the cases, and suchthat no step can increase the weight of the derivation it is applied to (the reduction rules are shown in theappendix). Crucially, cut reduction may increase the level of a derivation, but does not increase its weight.

Prop. 1 (Cut elimination) When there is a derivation of Γ; Φ ` N : A that uses any of the cut rules, thereis also a cut-free derivation Γ; Φ ` N ′ : A for some N ′.

We reason by induction on the measureMD, and therefore on the notion of rank of cuts, defined in termsof depth and weight. The argument consists of showing that, taken a derivation D that terminates with anapplication of a cut rule, it is possible either (1) to transform the derivation into an equivalent one in whichall the occurrences of cut have lower depth, or (2) to transform the derivation in an equivalent one in whicheach cut has a lower weight. The case for weight equals 0 (holding when none of the rules ∀R, ( R, CP areapplied in D) is provable by appealing to induction on depth. The base case for depth holds, as all cuts ofminimal depth can be eliminated.

9

6 Derivable rules

Although system LCC is based on ∀ and (, it is possible to give higher-order definitions of other logicoperators, thus recovering, essentially, the expressive power of multiplicative and exponential types in ILL.We have already mentioned the definability of → and ⊥. Weak intuitionistic existential quantification (∃)can be defined as in CC. We are not considering Σ types here, but they could be added, relying on thepredicative hierarchy, along the lines of their introduction in CC [12]. The multiplicative fragment of ILLcan be completed by giving definitions for ⊗ (tensor product) and 1 (unit). For the exponential fragment,it suffices to add the definition of ! (exponentiation). The higher-order definability of these operators wasalready known [31], however here we also show the corresponding operational rules.

A→ B =df ∀x : A. B with x /∈ fv(B)

A⊗B =df ∀x : P. (A( B( x)( x with x /∈ fv(A) ∪ fv(B)

1 =df ∀x : P. x( x

∃x : A.B =df ∀y : P. (∀x : A. B( y)( y with y /∈ fv(A) ∪ fv(B)

!A =df ∃x : A. 1

The definition of !A seems comparatively enlightening from a semantic point of view – it makes particularlyeasy to see that (∃x : A.1)( B is logically equivalent to A → B. The introduction rules associated witheach of the operators are derivable ones – here we give the proof term for each of them.

cons⊗(A,B,M,N) =df λx : P. λv : A( B( x. vˆMˆN

dest⊗(A,B,C,w, (u, v).N) =df (w · C)ˆ(λu : A, v : B. N)

Γ; Φ1 ` M : A Γ; Φ2 ` N : B

Γ; Φ1,Φ2 ` cons⊗(A,B,M,N) : A⊗B ⊗R

Γ; Φ, u : A, v : B ` N : C

Γ; Φ, w : A⊗B ` dest⊗(A,B,C,w, (u, v).N) : C⊗L

cons1 =df λx : P. λy : x. y dest1(A, u,N) =df (u ·A)ˆN

Γ ` cons1 : 11R

Γ; Φ ` N : A

Γ; Φ, u : 1 ` dest1(A, u,N) : A1L

cons∃(A,B,M,N) =df (λx : A. (λv : B. λy : P. λu : ∀x : A. B( y. (u · x)ˆv)ˆN) ·M

dest∃(A, x.B,C,w, (x, v).N) =df (w · C)ˆ(λx : A. λv : B. N)

Γ ` M : A Γ; Φ ` N : B[M/x]

Γ; Φ ` cons∃(A,B,M,N) : ∃x : A.B∃R

Γ, x : A; Φ, v : B ` N : C

Γ; Φ, w : ∃x : A.B ` dest∃(A, x.B,C,w, (x, v).N) : C∃L

10

cons!(A,M) =df (λx : A, y : P. λu : ∀x : A. 1( y. (u · x)ˆcons1) ·M

dest!(A,C,w, x.N) =df (w · C)ˆ(λx : A. λv : 1. N)

Γ ` M : A

Γ ` cons!(A,M) : A!R

Γ, x : A; Φ ` N : C

Γ; Φ, w :!A ` dest!(A,C,w, x.N) : C!L

This goes to show that in a higher-order setting, linear implication and dependent product suffice for themultiplicative exponential fragment of ILL. On the other hand, additive operators involve sharing, and thatseems harder to capture in the same way.

7 Conclusion

We have presented a novel formalisation of the calculus of constructions extended with linear types, basedon dual sequent calculus. We have given an outline of the proof of cut admissibility (see teh appendix forthe details), and thus of strong normalisation, which does not rely on set theoretic constructions along thelines of candidates of reducibility [10], but on a syntactic criterion of cut reduction. We have shown how theexpressive power of the multiplicative exponential fragment of ILL can be recovered, relying on impredicativedefinitions.

We think that sequent calculus provides a promising basis to bring a logical framework closer to anabstract machine, capable of executing specifications (albeit inefficiently), insofar as it allows for distinctionsbetween structural and operational rules, between the derivations that give normal forms and those that leadto computations, and for a notion of computation as proof transformation. From this point of view, it seemsuseful to integrate a formalism that supports parametric polymorphism and dependent types, such as CC[11], with one that supports destructive update, such as ILL [16].

Indeed, we think such an integration could be useful in order to make it simpler to reason formally aboutthe coexistence of polymorphism and mutable references – a topic that has long been regarded as a problematicone, and that has received considerable attention in the implementation of functional programming languages[26, 32]. We leave investigation in this field, and implementation of the ideas we have discussed, as matter forfuture work.

References

[1] Andreas Abel 0001, Ralph Matthes, and Tarmo Uustalu. Iteration and coiteration schemes for higher-order and nested datatypes. Theor. Comput. Sci., 333(1-2):3–66, 2005.

[2] A. Barber and G. Plotkin. Dual Intuitionistic Linear Logic. LFCS report series. University of Edinburgh,Department of Computer Science, Laboratory for Foundations of Computer Science, 1996.

[3] H. Barendregt. Lambda calculi with types. In Hand. of Logic in Co. Sc., pages 117–309. Oxford, 1992.

[4] N. Benton, G. Bierman, V. de Paiva, and M. Hyland. Linear lambda-calculus and categorical modelsrevisited. In E. Borger et al., editor, CSL’92, volume 702 of LNCS, pages 61–84. Springer Verlag, 1993.

[5] Yves Bertot and Pierre Castran. Interactive Theorem Proving and Program Development. Coq’Art: TheCalculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer Verlag, 2004.

[6] Val Breazu-Tannen, Laurence Puel, and Delia Kesner. A typed pattern calculus. Technical ReportRR-878, Universit de Paris-Sud (Orsay), 1993.

[7] I. Cervesato and F. Pfenning. A linear logical framework. Information and Computation, 179(1):19–75,2002.

11

[8] Jawahar Chirimar, Carl A. Gunter, and Jon G. Riecke. Reference counting as a computational interpre-tation of linear logic. Journal of Functional Programming, 6:6–2, 1996.

[9] Martin Churchill, Peter D. Mosses, and Paolo Torrini. Reusable components of semantic specifications.In MODULARITY ’14. ACM, April 2014.

[10] T. Coquand and J. Gallier. A proof of strong normalization for the theory of constructions using akripke-like interpretation. In Proc. of the 1st Workshop on Logical Frameworks, pages 1–21, 1990.

[11] T. Coquand and G. Huet. The calculus of constructions. Information and Computation, 76:95–120, 1988.

[12] Thierry Coquand. An analysis of girard’s paradox. In In Symposium on Logic in Computer Science,pages 227–236. IEEE Computer Society Press, 1986.

[13] Benjamin Delaware, Steven Keuchel, Tom Schrijvers, and Bruno C.d.S. Oliveira. Modular monadicmeta-theory. In ICFP’13, pages 319–330. ACM, 2013.

[14] J. Gallier. Constructive logics. part 1: A tutorial on proof systems and typed lambda calculi. TechnicalReport 0, Digital Paris Research Laboratory, May 1991.

[15] J.-Y. Girard and Y. Lafont. Linear logic and lazy computation. In TAPSOFT, Vol.2, volume 274 ofLNCS, pages 52–66, 1987.

[16] Jean-Yves Girard, Paul Taylor, and Yves Lafont. Proofs and Types. Cambridge University Press, NewYork, NY, USA, 1989.

[17] F. Gutierrez and B. Ruiz. A cut-free sequent calculus for pure type systems verifying the structuralrules of gentzen/kleene. In LOPSTR’02, volume 2664 of LNCS, pages 17–31. Springer-Verlag, 2003.

[18] H. Herbelin. A lambda-calculus structure isomorphic to gentzen-style sequent calculus structure. InL. Pacholski and J. Tiuryn, editors, Computer Science Logic, pages 61–75. Springer, Berlin,, 1994.

[19] Stephane Lengrand, Roy Dyckhoff, and James McKinna. A focused sequent calculus framework for proofsearch in pure type systems. Logical Methods in Computer Science, 7(1), 2011.

[20] X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52(7):107–115, 2009.

[21] F. Pfenning. Substructural operational semantics and linear destination-passing style. In APLAS, volume3302 of LNCS, pages 196–197. Springer-Verlag, 2004.

[22] F. Pfenning. Lecture notes, 2013.

[23] Frank Pfenning. Structural cut elimination in linear logic. Technical report, Carnagie Mellon University,1994.

[24] Benjamin C. Pierce. Types and programming languages. MIT Press, 2002.

[25] J. P. Seldin. A gentzen-style sequent calculus of constructions with expansion rules. Theor. Comput.Sci., 243(1-2):199–215, 2000.

[26] Jean-Pierre Talpin and Pierre Jouvelot. The type and effect discipline. Inf. Comput., 111(2):245–296,1994.

[27] D. N. Turner and P. Wadler. Operational interpretations of linear logic. Theor. Comput. Sc., 227(1-2):231–248, 1999.

[28] P. Wadler. Is there a use for linear logic? In PEPM, pages 255–273. ACM, 1991.

12

[29] D. Walker. Substructural Type Systems. In B. C. Pierce, editor, Advanced Topics in Types andProgramming Languages, chapter 1, pages 3–43. MIT Press, 2005.

[30] D. Walker and J. G. Morrisett. Alias types for recursive data structures. In TIC’00, volume 2071 ofLNCS, pages 177–206. Springer-Verlag, 2001.

[31] Kevin Watkins, Iliano Cervesato, Frank Pfenning, and David Walker. A concurrent logical framework i:Judgments and properties. Technical report, CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOLOF COMPUTER SCIENCE, 2003.

[32] Andrew K. Wright. Simple imperative polymorphism. Lisp Symb. Comput., 8(4):343–355, December1995.

13

A Cut elimination

We define LCC’ as the extension of LCC with rules Cut, CutG and CutS.

Prop. 1 The rules Cut,CutG, CutS are can be eliminated from LCC’.

Proof: by nested induction on the weight and the level of cut, reasoning on a derivation that has anapplication of cut as first step (going backward). We can use the induction hypothesis in the following cases:1) when we replace a cut with one of lower weight; 2) when we replace a cut with one of same or lower weightand lower level.

We show in the following section, by cases, that for any occurrence of a cut rule in a proof, there is atransformation that yields an equivalent proof, such that the chosen occurrence is replaced with some thathave lower measure in the new proof.

From the point of view of the notation, in the following we are going to use also Greek lower-case lettersas metavariables for types. We are going to write e.g. Φmn for Φm,Φn, i.e. for the disjoint union of Φm andΦn. We are also going to abbreviate Cut with Ct, CutG with Cg and CutS with Cs.

A.1 Context formation

A.1.1 Principal case

Γ ` N : AΓ ` A : T

` Γ, x : A :: CtxC1

` Γ :: CtxCutS

can be replaced with

` Γ :: Ctx

thus eliminating the cut occurrence.

A.1.2 Non-principal case

Γ ` N : A

Γ, x : A,Γ′ ` B : T

` Γ, x : A,Γ′, y : B :: CtxC1

` Γ,Γ′[N/x], y : B[N/x] :: CtxCutS


Γ ` N : A Γ, x : A,Γ′ ` B : T

Γ,Γ′[N/x] ` B[N/x] : TCutG

` Γ,Γ′[N/x], y : B[N/x] :: CtxC1

where the cut occurrence has same weight and lower level, due to the second premise.

A.2 Type formation cases

The cases in which the left premise of cut is a type formation rule, all fall either under the right non-principalcases or the context formation ones. We are left to consider the cases in which a type formation rule is usedas right premise of CutG (and particularly those in which the left premise is principal).

14

A.2.1 SF

Γ ` N : A

i < j ` Γ, x : A,Γ′ :: Ctx

Γ, x : A,Γ′ ` Ti : TjSF

Γ,Γ′[N/x] ` Ti : TjCutG


i < j

Γ ` N : A ` Γ, x : A,Γ′ :: Ctx

` Γ,Γ′[N/x] :: CtxCutS

Γ,Γ′[N/x] ` Ti : TjSF

where the new cut has same weight and lower level, due to the second premise.

A.2.2 Forall and implication formation

We consider the case of ∀F . The case of ( F is analogous.

Γ ` N : C

Γ, y : C,Γ′ ` A : Ti

Γ, y : C,Γ′, x : A ` B : Tj

` Γ, y : C,Γ′ :: Ctx

Γ, y : C,Γ′ ` ∀x : A.B : Th∀F

Γ,Γ′[N/y] ` ∀x : A[N/y].B[N/y] : ThCg

with either 0 < (i, j) ≤ h or j, h = 0, can be replaced with

Γ ` N : CΓ, y : C,Γ′ ` A : Ti

Γ,Γ′[N/y] ` A[N/y] : TiCg

Γ ` N : CΓ, y : C,Γ′, x : A` B : Tj

Γ,Γ′[N/y], x : A[N/y]` B[N/y] : Tj

Cg

Γ ` N : C` Γ, y : C,Γ′ :: Ctx

` Γ,Γ′[N/y]Cs

Γ,Γ′[N/y] ` ∀x : A[N/y].B[N/y] : Th∀F

in which each cut occurrence has same or lower weight and lower level, in each case due to the middlepremise.

A.3 Conversion rules

Each case in which a conversion rule is used as left premise of a cut application falls either in the rightnon-principal general case (and then it is comparatively straightforward), or else in the context formationprincipal one.

A.4 Axiom cases

A.4.1 Left axiom, Cut

Γ; Φ ` N : AΓ ` A : T

Γ; v : A ` v : ALId

Γ; Φ ` N : ACut

is trivially replaced by

Γ; Φ ` N : A

thus eliminating the cut occurrence.

15

A.4.2 Left axiom, CutG

Γ ` N : A

Γ,Γ′, x : A ` B : T

Γ,Γ′, x : A; v : B ` v : BLId

Γ(Γ′; v : B)[N/x] ` v : B[N/x]CutG

is replaced by

Γ ` N : A Γ,Γ′, x : A ` B : T

Γ,Γ′[N/x] ` B[N/x] : TCutG

Γ, (Γ′; v : B)[N/x] ` v : B[N/x]LId

where the new occurrence has same or lower weight and lower level due to the middle premise.

A.4.3 Right axiom, Cut

Γ ` B : TΓ; v : A ` v : A

LIdΓ; Φ, w : A ` N : B

Γ; Φ, v : A ` N [v/w] : BCut

is trivially replaced by

Γ; Φ, v : A ` N [v/w] : B

thus eliminating the cut occurrence (assuming renaming of free variables).

A.5 Principal cases

We first look at the cases in which the cut formula is the principal one in both premises of cut, or is theformula introduced by a structural rule in the right premise.

A.5.1 Implication, Cut, principal

Consider the derivation fragment

Γ; Φk, v : φ ` K : ψ

Γ; Φk ` λv.K : φ( ψ( R

Γ; Φm `M : φΓ; Φn, u : ψ ` N : AΓ ` φ( ψ : T

Γ; Φmn, w : φ( ψ ` N ′ : A( L

Γ; Φkmn ` N ′′ : ACt

Then the fragment can be replaced with the following one

Γ; Φm `M : φ Γ; Φk, v : φ ` K : ψ

Γ; Φkm ` K ′ : ψCt

Γ; Φn, u : ψ′ ` N : A

Γ; Φkmn ` N ′′′ : ACt

where each cut in the new derivation has lower weight than the cut in the original derivation. In fact, thenew derivation has overall lower weight than the original one, and so the cuts that occur in it, as associatedwith subderivations.

16

A.5.2 Universal quantifier, Cut, principal

Consider the derivation fragment

Γ, x : φ; Φk ` K : ψ

Γ; Φk ` λx.K : ∀x : φ.ψ∀R

Γ `M : φΓ; Φn, u : ψ[M/x] ` N : AΓ ` ∀x : φ.ψ : T

Γ; Φn, w : ∀x : φ.ψ ` N ′ : A∀L

Γ; Φkn ` N ′′ : ACt

Then the fragment can be replaced with the following one

Γ `M : φΓ, x : φ; Φk ` K : ψ

Γ; Φk ` K ′ : ψ[M/x]Cg

Γ; Φn, u : ψ[M/x] ` N : A

Γ; Φkn ` N ′′′ : ACt

where the new derivation has lower weight, and therefore each cut in the new derivation has lower weightthan the cut in the original one.

A.5.3 Copy rule, CutG, principal

The proof

Γ `M : φ

Γ, x : φ,Γ′; Φ, v : φ ` N : A

Γ, x : φ,Γ′; Φ ` N ′ : ACP

Γ, (Γ′; Φ)[M/x] ` N ′′ : A[M/x]Cg


Γ `M : φ

Γ `M : φ Γ, x : φ,Γ′; Φ, v : φ ` N : A

Γ, (Γ′; Φ)[M/x], v : φ ` N1 : A[M/x]Cg

Γ, (Γ′; Φ)[M/x] ` N2 : A[M/x]Ct

where clearly x /∈ fv(φ). The new derivation has lower weight than the original one, and so each cut thatoccurs in the new derivation.

A.6 Right Non-Principal cases (RNP)

We now consider the cases in which the cut formula is not the principal one in the right premise. The generalschema is

(1)

Ω1(. . . `M : γ)

Ω2(t : γ ` . . .) (2)

Ω3(t : γ ` . . .) R

Ω0[M/t]Cut′

where t : γ is the cut variable, and it is non-principal in the right-hand premise, which is obtained by ruleR. The transformed proof has the following form

(1)

Ω1(. . . `M : γ) Ω2(t : γ ` . . .)Ω4[M/t]

Cut′(2)

Ω0[M/t]R

17

We need to consider a case for each instance of Cut′ and of R.The cases in which the right premise is an axiom hold trivially. All the cases in which the right premise is

obtained either by right introduction rule or by formation rule are also straightforward. Therefore, we willonly consider the non-principal cases in which the right premise is obtained wither by left introduction rules,or by structural rule.

In each case, the transformed proof has the same weight, and each of the cut occurrences in the new proofhas lower level.

A.6.1 Right rules, RNP

RNP, CutG, universal quantifier

Γ `M : C

Γ,Γ′, y : C, x : A; Φ ` N : B

Γ,Γ′, y : C; Φ ` N ′ : ∀x : A.B∀R

Γ, (Γ′; Φ)[M/y] ` N ′′ : ∀x : A[M/y].B[M/y]CutG

is turned into

Γ `M : C Γ,Γ′, y : C, x : A; Φ ` N : B

Γ, (Γ′, x : A; Φ)[M/y] ` N ′′′ : B[M/y]CutG

Γ, (Γ′; Φ)[M/y] ` N ′′′′ : ∀x : A[M/y].B[M/y]∀R

RNP, CutG, implication

Γ `M : C

Γ,Γ′, y : C; Φ, v : A ` N : B

Γ,Γ′, y : C; Φ ` N ′ : A( B( R

Γ, (Γ′; Φ)[M/y] ` N ′′ : A[M/y]( B[M/y]CutG

is turned into

Γ `M : C Γ,Γ′, y : C; Φ, v : A ` N : B

Γ, (Γ′; Φ, v : A)[M/y] ` N ′′′ : B[M/y]CutG

Γ, (Γ′; Φ)[M/y] ` N ′′′′ : A[M/y]( B[M/y]( R

RNP, Cut, universal quantifier

Γ; Φm `M : C

Γ, x : A; Φn, v : C ` N : B

Γ; Φn, v : C ` N ′ : ∀x : A.B∀R

Γ; Φmn ` N ′′ : ∀x : A.BCut

is turned into

Γ; Φm `M : C Γ, x : A; Φn, v : C ` N : B

Γ, x : A; Φmn, v : C ` N ′′′ : BCut

Γ; Φmn ` N ′′′′ : ∀x : A.B∀R

RNP, Cut, implication

Γ; Φm `M : C

Γ; Φn, v : C,w : A ` N : B

Γ; Φn, v : C ` N ′ : A( B( R

Γ; Φmn ` N ′′ : A( BCut

18

is turned into

Γ; Φm `M : C Γ; Φn, v : C,w : A ` N : B

Γ; Φmn, w : A ` N ′′′ : BCut

Γ; Φmn ` N ′′′′ : A( B( R

A.6.2 Implication, RNP

RNP, Cut, implication, left premise The derivation

Γ; Φk ` K : γ

Γ; Φm, v : γ `M : φ Γ; Φn, u : ψ ` N : A

Γ; Φmn, w : φ( ψ, v : γ ` N ′ : A( L

Γ; Φkmn, w : φ( ψ ` N ′′ : ACt

is transformed into

Γ; Φk ` K : γ Γ; Φm, v : γ `M : φ

Γ; Φkm `M ′ : φCt

Γ; Φn, u : ψ ` N : A

Γ; Φkmn, w : φ( ψ ` N ′′′ : A( L

RNP, Cut, implication, right premise The derivation

Γ; Φk ` K : γ

Γ; Φm `M : φ Γ; Φn, v : γ, u : ψ ` N : A

Γ; Φmn, v : γ,w : φ( ψ ` N ′ : A( L

Γ; Φkmn, w : φ( ψ ` N ′′ : ACt

is transformed to

Γ; Φm `M : φ

Γ; Φk ` K : γ Γ; Φn, v : γ, u : ψ ` N : A

Γ; Φkn, u : ψ ` N ′′′ : ACt

Γ; Φkmn, w : φ( ψ ` N ′′′′ : A( L

RNP, CutG, implication The derivation

Γ ` K : γ

Γ, x : γ,Γ′; Φm `M : φΓ, x : γ,Γ′; Φn, u : ψ ` N : AΓ, x : γ,Γ′ ` φ( ψ : T

Γ, x : γ,Γ′; Φmn, w : φ( ψ ` N ′ : A( L

Γ, (Γ′; Φmn, w : φ( ψ)[K/x] ` N ′′ : A[K/x]Cg

is transformed to

Γ ` K : γΓ, x : γ,Γ′; Φm `M : φ

Γ, (Γ′; Φm)[K/x]`M : φ[K/x]

Cg

Γ ` K : γΓ, x : γ,Γ′;

Φn, u : ψ ` N : A

Γ, (Γ′; Φn, u : ψ)[K/x]` N ′′′ : A[K/x]

Cg

Γ ` K : γΓ, x : γ,Γ′ ` φ( ψ : T

Γ,Γ′[K/x] `(φ( ψ)[K/x] : T

Cg

Γ, (Γ′; Φmn, w : φ( ψ)[K/x] ` N ′′′′ : A[K/x]( L

19

A.6.3 Universal quantifier, RNP

RNP, Cut, universal quantifier, right premise

Γ; Φk ` K : γ

Γ `M : φ Γ; Φn, v : γ, u : ψ[M/x] ` N : A

Γ; Φn, v : γ,w : ∀x : φ.ψ ` N ′ : A∀L

Γ; Φkn, w : ∀x : φ.ψ ` N ′′ : ACt

is transformed to

Γ `M : φ

Γ; Φk ` K : γ Γ; Φn, v : γ, u : ψ[M/x] ` N : A

Γ; Φkn, u : ψ[M/x] ` N ′′′ : ACt

Γ; Φkn, w : ∀x : φ.ψ ` N ′′′′ : A∀L

RNP, CutG, universal quantifier Consider the following derivation

Γ ` K : γ

Γ, x : γ,Γ′ `M : φΓ, x : γ,Γ′; Φn, u : ψ[M/y] ` N : AΓ, x : γ,Γ′ ` ∀y : φ.ψ : T

Γ, x : γ,Γ′; Φn, w : ∀y : φ.ψ ` N ′ : A∀L

Γ, (Γ′; Φn, w : ∀y : φ.ψ)[K/x] ` N ′′ : A[K/x]Cg

This can be transformed to

Γ ` K : γΓ, x : γ,Γ′ `M : φ

Γ,Γ′[K/x] `M ′ : φ[K/x]

Cg

Γ ` K : γΓ, x : γ,Γ′;

Φn, u : ψ[M/y] ` N : A

Γ, (Γ′; Φn, u : ψ[M/y])[K/x]` N ′′′ : A[K/x]

Cg

Γ ` K : γΓ, x : γ,Γ′ ` ∀y : φ.ψ : T

Γ,Γ′[K/x] `(∀y : φ.ψ)[K/x] : T

Cg

Γ, (Γ′; Φn, w : ∀y : φ.ψ)[K/x] ` N ′′′′ : A[K/x]∀L

where M ′ ≡M [K/x].

A.6.4 Copy rule, RNP

RNP, Cut, copy rule

Γ; Φm `M : B

Γ; Φn, w : B, v : φ ` N : A

Γ; Φn, w : B ` N ′ : ACP

Γ; Φmn ` N ′′ : ACt


Γ; Φm `M : B Γ; Φ, w : B, v : φ ` N : A

Γ; Φmn, v : φ ` N ′′′ : ACt

Γ; Φmn ` N ′′′′ : ACP

RNP, CutG, copy rule

Γ `M : B

Γ, x : B,Γ′; Φ, v : φ ` N : A

Γ, x : B,Γ′; Φ ` N ′ : ACP

Γ, (Γ′; Φ)[M/x] ` N ′′ : A[M/x]Cg

20


Γ `M : B Γ, x : B,Γ′; Φ, v : φ ` N : A

Γ, (Γ′; Φ, v : φ)[M/x] ` N ′′′ : A[M/x]Cg

Γ, (Γ′; Φ)[M/x] ` N ′′′′ : A[M/x]CP

A.7 Left Non-Principal cases (LNP)

Now the cases in which the cut formula is not the principal one in the left premise are considered. Thegeneral schema is

(1) Ω1(. . . `M : γ)

Ω3(. . . `M : γ)R

(2)

Ω2(t : γ ` . . .)Ω0[M/t]

Cut′

where 1 and 2 are (possibly empty) proof trees, and M : γ, the cut term, is non-principal in the left-handpremise obtained by rule R. The new proof has form

(1)

Ω1(. . . `M : γ)

(2)

Ω2(t : γ ` . . .)Ω4[M/t]

Cut′

Ω0[M/t]R

Again, the proof need to consider a case for each instance of Cut’ and R. Notice that R cannot be a rightintroduction rule.

In each case, the transformed proof has the same weight, and each of the cut occurrences in the new proofhas lower level.

A.7.1 Implication, Cut, LNP

Γ; Φk ` K : φ Γ; Φm, u : ψ `M : γ

Γ; Φkm, w : φ( ψ `M ′ : γ( L

Γ; Φn, v : γ ` N : A

Γ; Φkmn, w : φ( ψ ` N ′ : ACt

is transformed to

Γ; Φk ` K : φ

Γ; Φm, u : ψ `M : γ Γ; Φn, v : γ ` N : A

Γ; Φmn, u : ψ ` N ′′ : ACt

Γ; Φkmn, w : φ( ψ ` N ′′′ : A( L

A.7.2 Universal quantifier, Cut, LNP

The derivation

Γ ` K : φ Γ; Φm, u : ψ[K/x] `M : γ

Γ; Φm, w : ∀x : φ.ψ `M ′ : γ∀L

Γ; Φn, v : γ ` N : A

Γ; Φmn, w : ∀x : φ.ψ ` N ′ : ACt

is transformed to

Γ ` K : φ

Γ; Φm, u : ψ[K/x] `M : γ Γ; Φn, v : γ ` N : A

Γ; Φmn, u : ψ[K/x] ` N ′′ : ACt

Γ; Φmn, w : ∀x : φ.ψ ` N ′′′ : A∀L

21

A.7.3 Copy rule, Cut, LNP

Γ, x : ψ; Φm, u : ψ `M : γ

Γ, x : ψ; Φm `M ′ : γCP

Γ, x : ψ; Φn, v : γ ` N : A

Γ, x : ψ; Φmn ` N ′ : ACt

is transformed to

Γ, x : ψ; Φm, u : ψ `M : γ Γ, x : ψ; Φn, v : γ ` N : A

Γ, x : ψ; Φmn, u : ψ ` N ′′ : ACt

Γ, x : ψ; Φmn ` N ′′′ : ACP

B Subject reduction

Prop. 2 If Γ; ∆ ` N : ψ and ΓN −→ N ′ : ψ, then Γ; ∆ ` N ′ : ψ

Proof: by cases on the structure of the reduction relation.Consider β reduction. For each type constructor K, and for each β redex D with K as principal constructor,

D has been introduced into the derivation Ω by application of a cut rule. The cut left premise ΩL has beenobtained by applying K right introduction at derivation Ω1, possibly followed by application of structural,conversion or left introduction rules. The cut right premise ΩR has been obtained by applying K leftintroduction at derivations Ω2L,Ω2R, possibly followed by other rules, without affecting the cut variable. Itis then possible to replace Ω with an equivalent derivation Ω′, obtained by applying first cut to Ω2L and ΩR,then cut to the consequence and Ω2R, followed by the other rules. The principal λ term of Ω′ is the result ofthe application of the β rule associated with K to D. Such Ω′ can be constructed from Ω by applying cutreduction steps that are those used in the cut elimination proof.

22

Documents

The Grand Designer