E I
E I

Q D
Q D
Natural deduction Natural deduction

Assume Γ, Α
F Γ
¬¬A
Γ, Α
A ¬I ¬E
Γ
¬A Γ
A

Γ
A Γ
B Γ
A∧B Γ
A∧B

∧I ∧E1 ∧E2 Γ
A Γ
¬A Γ
F
Γ
A∧B Γ
A Γ
B FI FE
Γ
F Γ
A

Γ
A Γ
B Γ, Α
C Γ, Β
C Γ
A∨B

∨I1 ∨I2 ∨E No T elmination
TI
Γ
A∨B Γ
A∨B Γ
C Γ
T

Γ, Α
B Γ
A Γ
A⇒B
⇒I ⇒E Note: one can get rid of the FE without losing
Γ
A⇒B Γ
B
expressiveness. Can someone see why?

E I
E I

Q D
Q D
Two kinds of non-determinism 1. Validity preservation

• Don’t care non-determinism (also called • An inference rule is said to preserve validity if its
conjunctive non-determinism) premise judgments are valid iff its conclusion
– All choices will lead to a successful search, so we judgment is
“don’t care” which one we take
• One direction of this definition (namely,
• Don’t know non-determinism (also called “premises” valid implies “conclusion” valid)
disjunctive non-determinism) always holds because it is required by
– Some of the choices will lead to a successful search, soundness.
but we “don’t know” which one a priori
• The other direction may not hold
• We will see several techniques for reducing non-
determinism

E I
E I

Q D
Q D
1. Validity preservation 1. Validity preservation
• When doing a backward search, rules that preserve • Great, so which rules in natural deduction
validity cannot be the source of “don’t know” non- preserves validity?
determinism
• Among validity preservation rules, it doesn’t matter which
• Not many…
one is applied or how it is instantiated, because none of • The sequent calculus will improve on this as
them will lead the search astray.
most of its rules (and in some versions, all of its
• Another way of looking at it is that if all the rules are rules) will be validity preserving
validity preserving, then there is no need to backtrack
– Notice the parallel with a forward search, where we don’t need to
backtrack because all rules are sound

1

E I
E I

Q D
Q D
2. Sub-formula property 2. Sub-formula property
• Prove A ∨ ¬ A in natural deduction
• A proof system has the sub-formula property if
the derivation of a judgment J only contains sub-
formulas of the formulas occurring in J
– More precisely, a proof system has the sub-formula
property if, whenever there exists a derivation of a
judgment J, then there exists a derivation of J that
only contains sub-formulas of the formulas in J

• This property is useful because it suggests ways

of instantiating free meta-variables in a forward
or a backward search: use sub-formulas of the
goal J.

E I
E I

Q D
Q D
Cheat sheet Cheat sheet

Assume Γ, Α
F Γ
¬¬A
Γ, Α
A ¬I ¬E
Γ
¬A Γ
A

Γ
A Γ
B Γ
A∧B Γ
A∧B

∧I ∧E1 ∧E2 Γ
A Γ
¬A Γ
F
Γ
A∧B Γ
A Γ
B FI FE
Γ
F Γ
A

Γ
A Γ
B Γ, Α
C Γ, Β
C Γ
A∨B

∨I1 ∨I2 ∨E No T elimination
TI
Γ
A∨B Γ
A∨B Γ
C Γ
T

Γ, Α
B Γ
A Γ
A⇒B
⇒I ⇒E
Γ
A⇒B Γ
B

E I
E I

Q D
Q D
2. Sub-formula property 2. Sub-formula property
• Prove A ∨ ¬ A in natural deduction • Natural deduction, in its vanilla flavor, does not
have the sub-formula property
• Proofs take “detours” through formulas that are
not in the goal
• The (cut-free) sequent calculus will improve on
this, as it will have the sub-formula property

2

E I
E I

Q D
Q D
3. Picking the right direction 3. Picking the right direction
• Which direction should we apply these rules in? • The amount of non-determinism in instantiating a rule
depends on the direction in which the rule is applied
– If the premise of a rule has more meta-variables than the
conclusion, then forward application of the rule will require less
Γ
A Γ
B Γ
A∧B Γ
A∧B choice than the backward application
∧I ∧E1 ∧E2 – Symmetrically, if the conclusion has more meta-variables than
Γ
A∧B Γ
A Γ
B
the premise, then the forward application will have more non-
determinism
Γ
A Γ
B Γ, Α
C Γ, Β
C Γ
A∨B
∨I1 ∨I2 ∨E • The sequent calculus will improve on natural deduction
Γ
A∨B Γ
A∨B Γ
C
in this respect, since most of its rules will have the same
meta-variables in the premise and the conclusion (the
Γ, Α
B Γ
A Γ
A⇒B only exception being quantifier rules)
⇒I ⇒E
Γ
A⇒B Γ
B

E I
E I

Q D
Q D
3. Picking the right direction 3. Picking the right direction
• Introduction rules are more deterministic going backward
• Elimination rules are more deterministic going forward Γ
A1 Γ
A2 … Γ
An

• This suggests an approach based on bi-directional

Elim rules
search: introduction rules are used in the backward
direction, elimination rules are used in the forward …
direction, and a derivation is found when the two meet
• The final derivation uses elimination rules to split Intro rules
assumptions up into their constituent components and
then introduction rules to combine these constituent
components into the goal formula
Γ
B Γ = { A1, A2, …, An }

E I
E I

Q D
Q D
3. Picking the right direction Summary
• For the intuitionistic subset of natural deduction, • Three techniques to reduce non-determinism:
all proofs can be expressed in such a form – Validity preservation
– This does not hold for the classical version of natural – Sub-formula property
deduction
– Pick the right direction to apply rules
• The intercalation calculus of John Byrnes
embodies this idea for intuitionistic natural
deduction
• The sequent calculus will be of help for this
approach, since it will simulate the bi-directional
search of intercalation using only a backward
search

3

E I
E I

Q D
Q D
Sequent calculus Sequent calculus
• Sequent calculus developed in 1935 by Gentzen in the • Although the original motivation for sequents
same seminal paper as natural deduction had nothing to do with automated reasoning, the
– Coincidentally, this paper also introduces the ∀ notation for
universal quantifiers
more direct form of proofs makes it a good fit for
automated theorem provers
• Sequents were originally introduced as a device for
proving natural deduction consistent • Sequents are also fairly intuitive to understand,
– Natural deduction corresponds to the way humans reason, but and so they provide a good balance between
proofs in natural deduction are sometimes long and indirect
– Proofs in the sequent calculus are much more direct, and this
human friendliness and machine friendliness
directness property allowed Gentzen to show consistency of
sequents
• Sequent style systems are used in PVS and
– Natural deduction was then shown consistent by demonstrating Twelf
its equivalence to the sequent calculus

E I
E I

Q D
Q D
Sequent calculus Sequent calculus
• A judgment in the sequent calculus has the form
Γ
∆ Γ
∆,A∨B

• The interpretation is that the conjunction of

formulas in Γ entails the disjunction of formulas
Γ
∆,A∧B
in ∆
• In other words: { α1, … , αn}
{ β1 , … , βm } is
interpreted as α1 ∧ … ∧ αn ⇒ β1 ∨ … ∨ βm Γ
∆,A⇒B

Γ
∆,¬A

E I
E I

Q D
Q D
Sequent calculus Sequent calculus
Γ
A Γ
B Γ
∆,A,B
∨I1 ∨I2 ∨R ∨L
Γ
A∨B Γ
A∨B Γ
∆,A∨B Γ, A ∨ B
∆

Γ
A Γ
B Γ
∆,A Γ
∆,B

∧I ∧R ∧L
Γ
A∧B Γ
∆,A∧B Γ, A ∧ B
∆

Γ, Α
B
⇒I Γ,A
∆,B
⇒R ⇒L
Γ
A⇒B
Γ
∆,A⇒B Γ, A ⇒ B
∆

Γ, Α
F
¬I Γ,A
∆
Γ
¬A ¬R ¬L
Γ
∆,¬A Γ, ¬ A
∆

Right rules correspond to introduction rules in natural deduction

4

E I
E I

Q D
Q D
Sequent calculus Sequent calculus: logical rules
Γ, A
∆ Γ, B
∆ Γ, Α
C Γ, Β
C Γ
A∨B Γ, A
∆ Γ, B
∆ Γ
∆,A,B
∨L ∨E ∨L ∨R
Γ, A ∨ B
∆ Γ
C Γ, A ∨ B
∆ Γ
∆,A∨B

Γ, A, B
∆ Γ
A∧B Γ
A∧B Γ, A, B
∆ Γ
∆,A Γ
∆,B

∧L ∧E1 ∧E2 ∧L ∧R
Γ, A ∧ B
∆ Γ
A Γ
B Γ, A ∧ B
∆ Γ
∆,A∧B

Γ
∆,A Γ, B
∆ Γ
A Γ
A⇒B Γ
∆,A Γ, B
∆ Γ,A
∆,B

⇒L ⇒E ⇒L ⇒R
Γ, A ⇒ B
∆ Γ
B Γ, A ⇒ B
∆ Γ
∆,A⇒B

Γ
∆,A Γ
¬¬A Γ
∆,A Γ,A
∆

¬L ¬E ¬L ¬R
Γ, ¬ A
∆ Γ
A Γ, ¬ A
∆ Γ
∆,¬A

Left rules correspond to the inverse application of ND elim rules

E I
E I

Q D
Q D
Sequent calculus: axioms Sequent calculus: structural rules

Thinning
Assume Γ
∆
Γ
∆
A
A
Γ, A
∆ Γ
∆,A

Contraction
• Note how this is different from the natural Γ,A,A
∆ Γ
∆,A,A

deduction axiom: Γ, A
∆ Γ
∆,A

Exchange
Assume Γ , A , B, Π
∆ Γ
∆ , A , B, Π
Γ, Α
A
Γ , B , A, Π
∆ Γ
∆ , B , A, Π

E I

Q D
Cut rule Cut rule: why have it there in the first place?

• It can make proofs smaller

Γ
∆,A A, Π
Λ – There are examples where the proof using cut takes a
Γ,Π
∆,Λ page, but the cut-free proof cannot be computed in
the lifespan of the universe!
• Gentzen’s cut-elimination theorem (also called
• It makes proving equivalence with respect to
Hauptsatz): if there exists a derivation of a
natural deduction easier
judgment J in the sequent calculus that uses the
cut rule, then there also exists a derivation of J
that does not use the cut rule

5

E I
E I

Q D
Q D
Cut rule: why remove it? Cut rule: why remove it?
• After removing the cut rule, all rules in the • Removing the cut rule makes the sequent
sequent calculus (except for quantifier rules) calculus have the sub-formula property
have the same number of meta-variables in the – don’t need to take detours through formulas that are
premise and the conclusion not mentioned in the original goal
– In general, this makes proofs smaller and more direct
• In terms of automation, this property is an (although in the worst case, it can make proofs be
improvement over natural deduction, where gigantic)
introduction rules were easier to apply in the
backward direction, and elimination rules were • Revisiting our previous example:
easier to apply in the forward direction – prove A ∨ ¬ A

E I
E I

Q D
Q D
Cheat sheet Other properties of sequents
Γ, A
∆ Γ, B
∆ Γ
∆,A,B
∨L ∨R • In the cut-free version of the sequent calculus
Γ, A ∨ B
∆ Γ
∆,A∨B presented here, all rules are validity preserving
– This removes the need to backtrack
Γ, A, B
∆ Γ
∆,A Γ
∆,B
Γ, A ∧ B
∆
∧L ∧R • Also, because applying left rules corresponds to
Γ
∆,A∧B
the inverse application of elim rules, Byrnes bi-
directional approach can be seen as a
Γ
∆,A Γ, B
∆ Γ,A
∆,B
⇒L ⇒R unidirectional search in the sequent calculus
Γ, A ⇒ B
∆ Γ
∆,A⇒B

Γ
∆,A Γ,A
∆
¬L ¬R
Γ, ¬ A
∆ Γ
∆,¬A

E I
E I

Q D
Q D
Summary of sequents Tactics and Tacticals
• Same number of meta-variables in premise and • LCF: Logic for Computable functions, 1969
consequents (except for quantifier rules) • A “meta-language” for manipulating proofs
– Reduces non-determinism – The language of proofs: higher-order logic
• Sub-formula property – The meta-language for manipulating proofs:
functional language with static types to help make
– Makes proofs more direct sure that the proofs are manipulated correctly
• Validity preservation (in some versions) • This language was called ML for meta-language
– Don’t need to backtrack
• LCF introduced tactics and tactics, but variants
• Can do natural-deduction-bi-directional searches have appeared in many systems, including HOL,
in one direction PVS, Isabelle and NuPRL

6

E I
E I

Q D
Q D
Tactics Tactics
• A tactic is a backward application of an inference • The system provides a set of primitive tactics, for
rule example:
– More broadly, a tactic is a way of decomposing a goal – skip: always success, does nothing
into sub-goals while performing a backward search – fail: always fails
• When applied, a tactic can either succeed – apply-⇒L: apply the ⇒L rule
– in which case it create a sub-goal – skolemize: if the formula to prove is a universal,
remove the quantifier
• Or it can fail because it is not applicable – simplify: simplify based on decision procedures
– in this case, the goal is not changed – Induct: if the formula to prove is a universal, try to
apply induction
– … (a typical system provides many more)

E I
E I

Q D
Q D
Tacticals Tacticals
• A tactical is a function that takes tactics and returns • Using these predefined tacticals, programmers
tactics can create new tactics from primitive tactics
• The system includes a set of predefined tacticals, for
example:
• They can also create their own tacticals
– IF-THEN-ELSE: takes three tactics a, b, and c, and returns a • Tacticals can be seen as creating more
tactic that applies a to the goal, and, if a succeeds, it then
applies b to all sub-goals created by a, otherwise, it applies c to complicated inference steps from simpler ones
all sub-goals created by a
– SEQ: takes two tactics a and b, and returns a tactic that applies
a to the goal, and b to all the sub-goal produced by a
– REPEAT: takes a given tactic, and repeatedly applies it until it
fails

E I
E I

Q D
Q D
Examples Examples
;; A tactical that tries all the tactics
;; in the given list in sequence. If Note: This is
;; one of the tactic succeeds, that not the syntax
;; A tactic that repeatedly skolemizes ;; tactic is applied and the try succeeds. of any
;; Otherwise, the try fails particular
;; and then simplifies define try(list) = system. Each
define grind = case list of system has its
nil: fail own syntax
REPEAT(SEQ(skolemize, simplify)) first::rest:
and language
IF-THEN-ELSE(first,
skip, for expressing
try(rest)) tactics and
tacticals. For
;; Perform a backward search, by first applying example, LCF
;; introduction rules repeatedly, and then applying and its
;; elimination rules to the results successors
define backsearch = SEQ( (such as HOL)
REPEAT(try(list-of-I-rules)),
use ML. PVS
REPEAT(try(list-of-E-rules)))
uses LISP.

7

E I

Q D
Tactics and tacticals: Summary
• Tactics and tacticals provide a way for a
programmer to customize a theorem prover
• Many variants exist, and each system has its
own primitives and its own language for defining
tactics and tacticals