It is common for text-books, such as [Troelstra and Schwichtenberg, 2000] and [Negri and von Plato,2001], to proveCut admissibility by inspecting whether or not the cut formula is principal for the left or right premiss of the instance ofCut. To closely follow such a proof would require us to give a full definition of what it means to be principal for a derivation. Rather than that, we prove the result by case analysis on the last rule used in the left premiss of the instance of Cut. As we shall see, this approach relies heavily on the invertibility of the rules of G3ip.
Another result which we had to prove is the admissibility (depth-preserving) of Weak- ening. An example of the inversion result, along with depth-preservingWeakening and its natural extension, are shown without proof:
lemmainversionDisjL:
assumesΓ⊕A∨∗B ⇒C ↓n
shows∃ j k.j≤n ∧k≤n ∧Γ⊕A⇒C ↓j ∧Γ⊕B ⇒C ↓k
lemmadpWeak: fixesΓ ::form multiset assumesΓ⇒C ↓n showsΓ⊕A⇒C ↓n
lemmadpWeak0: assumesΓ⇒C ↓n showsΓ + Γ0⇒C ↓n
As with the previous section, we will intersperse the sketches of the cases with formal proof blocks.
lemmacutAdmissibility: fixesA::form andn m ::nat assumesΓ⇒A↓n andΓ⊕A⇒C ↓m shows∃ k.Γ⇒C ↓k usingassms
proof (induct x ≡length A y ≡n+m+1 rule:nat-prod-induct)
The proof method is induction, introduced by the keyword induct. We use the rule nat- product-induct, shown on the previous page. We have to instantiate the variables in that method, which we do by the notationx≡lengthAandy ≡n+m+ 1. In other words we set the lexicographic induction up using the length of theCut formula, and then the sum of the heights of the premisses.
There is only one case to consider. So, using the induction hypothesis, we prove the case by a split on the last rule used for the left premiss:
case(less x y) then haveIH:V u v ΓA n C m. [[(u,v)<∗(x,y); Γ⇒A↓n; Γ⊕A⇒C ↓m;u =length A;v =n +m +1]] =⇒ ∃a.Γ⇒C ↓a byauto haveΓ⇒A↓n byfact then show?case
proof (cases)
This gives 9 separate cases. Seven of these are relatively uninteresting; we show only two as examples. If the last rule used wasR∧, then the left premiss ends with:
Γ⇒E↓j Γ⇒F ↓k Γ⇒E∧F ↓j+k+ 1
where n=j+k+ 1. The right premiss is then Γ⊕E∧F ⇒ C ↓m. Because L∧for G3ipis invertible, there exists some m0≤msuch that:
Γ, E, F ⇒C↓m0
The following derivation, with two uses of the induction hypothesis, completes this case:
Γ⇒F ↓k
Γ⇒E↓j
Γ, F ⇒E↓j w Γ, E, F ⇒C↓m0
∃d0.Γ, F ⇒C↓d0 ih
∃d.Γ⇒C↓d ih
This is formalised as follows:
case(ConjRΓ0E j F k)
then obtainm0whereΓ⊕E ⊕F ⇒C ↓m0usinginversionConjLbyauto fromhΓ0⇒E ↓ji andhΓ=Γ0ihaveΓ⊕F ⇒E ↓j usingdpWeak byauto
withhΓ⊕E ⊕F ⇒C ↓m0iandIH
andhx=length Aiand hA =E∧∗Fi
have∃ n.Γ⊕F ⇒C ↓n by(auto simp add:union-ac) withhΓ0⇒F ↓ki andhΓ = Γ0i andIH
andhx =length Aiand hA=E∧∗Fi
show∃ n.Γ⇒C ↓n byauto
It is possible to apply the induction hypothesis twice because F has shorter length than E∧F. Thus, it does not matter what the depth of the derivation is.
In the next highlighted case, that of L∧, we use the sub-induction hypothesis. That is, the length of the cut formula is held constant and the depth of the instance of Cut is reduced. When the last rule used in the derivation of the left premiss was L∧, there must have been an occurrence of E∧F in Γ. Thus, there is some Γ0 such that Γ = Γ0⊕E∧F. The left premiss is then:
Γ0, E, F ⇒A↓j Γ0, E∧F ⇒A↓j+ 1
where n =j+ 1. As before, the right premiss of the instance of Cut can be rewritten as Γ0⊕E∧F⊕A⇒C↓m. Using the invertibility ofL∧, there is anm0 ≤m such that:
Γ0, E, F, A⇒C↓m0
Then, the following derivation, with one application of the induction hypothesis, suffices to removeA:
Γ0, E, F ⇒A↓j Γ0, E, F, A⇒C↓m0
∃d0.Γ0, E, F ⇒C↓d0 ih
∃d.Γ0, E∧F ⇒C↓d This is formalised as follows:
case(ConjLΓ0E F A0j)
withhΓ⊕A⇒C ↓miandhA=A0ihave Γ0⊕E∧∗F ⊕A0⇒C ↓m bysimp
then obtainm0wherem0≤m and Γ0⊕E ⊕F ⊕A0⇒C ↓m0 usinginversionConjLby(auto simp add:union-ac)
withhΓ0⊕E ⊕F ⇒A0↓jihave ∃ n.Γ0⊕E ⊕F ⇒C ↓n
usingIH
andhA=A0iand hx =length Ai andhy =n+m+1iand hn=j+1i byauto
then have∃ n.Γ0⊕E ∧∗F ⇒C ↓n usingprovable-dp.ConjLbyauto withhΓ = Γ0⊕E ∧∗Fishow∃ n.Γ⇒C ↓n bysimp
where the last rule used was an axiom or an instance ofR⊃. That the latter requires special attention is owing toL⊃being only partially invertible.
For the former, there is some propositional variable (say Ati) and Γ0 such that the left premiss is Γ0⊕Ati⇒Ati↓0. Using this information, the right premiss is Γ0⊕Ati⊕Ati⇒
C↓m. Case analysis on this premiss is then used. If the last rule used on the right was a logical rule (i.e. not an axiom or instance of L⊥) then it is easy to show that Ati can be cut in the premiss(es) of such a rule. For instance, we show the case ofR⊃:
Γ0,Ati, E⇒Ati↓0 Γ0,Ati,Ati, E⇒F ↓j
∃d0.Γ0,Ati, E⇒F ↓d0
∃d.Γ0,Ati⇒E⊃F ↓d
This is formalised as follows:
case(Ax i Γ0)
withhΓ⊕A⇒C ↓mihaveΓ⊕At i ⇒C ↓m bysimp
then show∃ k.Γ⇒C ↓k proof (cases)
case(ImpR Γ1 E F j)
fromhA=At iiandhn=0i andhΓ⇒A↓nihave Γ⇒At i ↓0 bysimp
then haveΓ⊕E ⇒At i ↓0 usingdpWeak byauto moreover fromhΓ1 ⊕E ⇒F ↓jiandhΓ⊕At i = Γ1i
have Γ⊕E ⊕At i ⇒F ↓j by(auto simp add:union-ac) ultimately have∃ n.Γ⊕E ⇒F ↓n usingIH
and hm =j+1iand hx =length Ai
and hy =n+m+1i andhA=At ii byauto
then have∃ n.Γ⇒E⊃F ↓n usingprovable-dp.ImpRbyauto then show∃ n.Γ⇒C ↓nusing hC =E ⊃Fi bysimp
Note there is a slight difference between the informal and formal proofs. In the formal proof, we useWeakening to introduce the formulaE, whereas in the informal proof we give a new axiom withE in the context. This difference is not significant.
If the last rule on the right was an axiom, then we do slightly different things depending on whether the propositional atom on the right is the same as the one on the left. However, both cases are fairly straightforward, and are omitted.
For the final case, where the last rule used on the left wasR⊃, we again have to perform case analysis on the rule used to derive the right premiss. For the right rule, we cut in the premiss(es). As an example, considerR∨1:
Γ⇒E⊃F ↓j+ 1 Γ, E⊃F ⇒G↓k
∃d0.Γ⇒G↓d0
∃d.Γ⇒G∨H ↓d
result on the left premiss (not shown). The case where the last rule used wasL⊃is the only remaining case. There are two further subcases: one where the cut formula is the principal formula of the right premiss, and one where it is not. The latter is shown briefly, the former in detail. For the former, the usual transformation (see proof of theorem 4 on page 16) is used and is formalised as follows:
case(ImpLΓ1 G H k C0l)
haveE ⊃F =G⊃H ∨E⊃F6=G⊃H byblast moreover
{assumeE⊃F 6=G⊃H— Details omitted have∃ n.Γ⇒C ↓nbyauto
}
moreover
{assumeE⊃F =G⊃H
then haveE =G andF=H byauto
withhΓ0⊕E⊃F = Γ1 ⊕G⊃HihaveΓ0= Γ1 byauto
withhΓ = Γ0i andhΓ0⊕E ⇒F ↓jiand hE=Giand hF=Hi
andhΓ⇒A↓niandhA=E⊃Fi
haveΓ1 ⊕G ⇒H ↓j andΓ1 ⇒G⊃H ↓n byauto withhΓ1 ⊕G⊃H ⇒G ↓ki have∃ n.Γ1 ⇒G ↓n
usingIH
andhx =length Aiand hA=E⊃FiandhE⊃F =G⊃Hi
andhy =n+m+1iandhm=k+l+1ibyauto
then obtainn0whereΓ1 ⇒G ↓n0byblast withhΓ1 ⊕G ⇒H ↓ji have∃ n.Γ1 ⇒H ↓n
usingIH
andhx =length Aiand hA=E⊃FiandhE⊃F =G⊃Hibyauto
then obtainm0whereΓ1 ⇒H ↓m0byblast withhΓ1 ⊕H ⇒C0↓lihave ∃ n.Γ1 ⇒C0↓n
usingIH
andhx =length Aiand hA=E⊃FiandhE⊃F =G⊃Hibyauto
withhΓ0= Γ1iand hΓ = Γ0i andhC =C0i
have∃ n.Γ⇒C ↓n byauto
}
ultimately show ∃ n.Γ⇒C ↓n byblast qed— This completes the proof
Using this result, it is easy to show that context-splittingCut is admissible: lemmacontextSplitCut:
assumesΓ⇒A↓n andΓ0⊕A⇒C ↓m shows∃ a.Γ + Γ0⇒C ↓a
proof−
fromassms haveΓ + Γ0⇒A↓n usingdpWeak0byauto moreover
fromassms haveΓ0⊕A + Γ⇒C ↓m usingdpWeak0byauto then haveΓ + Γ0⊕A⇒C ↓m by(simp only:union-ac) ultimately
show∃ a.Γ + Γ0⇒C ↓a using cutAdmissibilityby(auto simp add:union-ac) qed