Structural sharing and ecient proof-search in

propositional intuitionistic logic

D. Galmiche and D. Larchey-Wendling
LORIA - Universite Henri Poincare
Campus Scientique, BP 239
Vanduvre-l`es-Nancy, France
Abstract. In this paper, we present a new system for proof-search in
propositional intuitionistic logic from which an ecient implementation
based on structural sharing is naturally derived. The way to solve the
problem of formula duplication is not based on logical solutions but on an
appropriate representation of sequents with a direct impact on sharing
and therefore on the implementation. Then, the proof-search is based on
a ner control of the resources and has a O(nlog n)-space complexity.
The system has the subformula property and leads to an algorithm that,
for a given sequent, constructs a proof or generates a counter-model.
1 Introduction
In recent years there was a renewed interest in proof-search for constructive
logics like intuitionistic logic (IL), mainly because of research in intuitionistic
type theories and their relationships with programming through proof-search [7].
Nowadays, theorem provers are more often used into the formal development of
software and systems and have to be integrated into various environments and
large applications. Then, to provide a simple implementation of a logical calculus
(and connected proof-search methods) in imperative programming languages
like C or Java, we have to consider new techniques leading to the clarity of
the implementation [8] but also to a good and ecient explicit management of
formulae, considered here as resources. The potential support for user interfaces
or for a natural parallelisation of the proof-search process could be expected.
A recent work on ecient implementation of a theorem prover for Intuitionistic
Propositional Logic (IPL) has emphasized the interest of ner control and man-
agement of the formulae involved in the proof-search, with an encoding of the
sequents at the implementation step [2]. But to solve the problem of duplication
of some formulae we need to reconsider the global problem of proof-search in this
setting, knowing that a usable proposal is necessary for a good space complexity
and an ecient implementation based on resources sharing. A logical solution
based on the introduction of new variables and of some adequate strategies is
given in [3]. Our goal in this paper is to propose a solution at a structural level
(no new formulae and only modications of the sequents structure) including
a ner management of formulae (as resources). Therefore, we dene, from an
analysis of previous works, a new logical system, that has some similarities with
the one of [3]. With such a system we can naturally derive, from the logical rules
and a particular representation of sequents (with specic tree structures), some
new rules that act on trees to perform proof-search. Moreover, these ideas can
also be applied to a refutability system for IPL to generate counter-models in
case of unprovability [5]. With such an approach the depth of the search tree
is in both systems linearly bounded and the control on resources leads to an
ecient implementation in imperative languages.
2 Proof search in intuitionistic logic
We focus on IPL for which the LJ sequent calculus is a simple formulation
having the subformula property. On the other hand, it lacks termination and thus
implementing this calculus involves some kind of loop-checking mechanism to
ensure the termination of computation. A solution is the use of the contraction-
free sequent calculus LJT [1] that has the nice property that backward search
does not loop. There exists other proposals for proof-search in IL based for
instance on resolution [7], constraints [9] or skolemization [6].
Let us start to recall the main characteristics of the LJT system. It is is sound
and complete w.r.t. provability in LJ and a backward search does not loop and
always terminates [1]. For that, the left-implication rule of LJ is replaced by four
rules depending on the form of the premiss of the principal formula. Then, the
treatment of the implication is becoming ner and the termination is obtained
from a well-founded ordering on sequents. Moreover the contraction rule is no
longer a primitive rule but is nevertheless admissible. The corresponding multi-
conclusion calculus is also a good basis for a non-looping method to construct
Kripke trees as counter-models for non-provable formulae of IPL [5]. It provides
a calculus, called CRIP, in which refutations are inductively dened and Kripke
counter-models can be extracted from these refutations. The rules of LJT are
given in gure 1, X representing atomic formulae, A, B, G representing formulae
and being a multiset of formulae. This system provides a decision procedure
in which the deductions (proofs) may be of exponential depth in the size of their
endsequent. Moreover in rules like -L
3
, some formulae of the conclusion appear
twice (duplication problem). We also observe that, for instance in the -L
3
rule,
the premises are not smaller (in the usual meaning) than the conclusion, even
if they are with a multiset ordering (see [1]). The LJT prover, implemented in
Prolog, is based on an analytic approach where the size of the formulae decreases
but a potential big number of subformulae might appear. One one has no explicit
knowledge on the formulae used during the proof-search or on the depth of proofs.
Moreover, LJT does not satisfy the subformula property: for instance, in rule
-L
4
, the formula B C is introduced in the left premise even if it is not a
subformula of (AB)C. Some rules duplicate formulae as in rule -L
3
where
C is duplicated and in rule -L
4
where B is duplicated. Therefore, the idea to
share formulae naturally arises so that the duplication would be harmless in
terms of space. But we have to know which are the formulae that might appear
, X X
Id
T
T
, F G
F
, A, B G
, A B G
-L
A B
A B
-R
A
A B
-R1
B
A B
-R2
, A G , B G
, A B G
-L
, A B
A B
-R
, X, B G
, X, X B G
-L1
, A (B C) G
, (A B) C G
-L2
, A C, B C G
, (A B) C G
-L3
, B C A B , C G
, (A B) C G
-L4
Fig. 1. The LJT calculus
during such backward proof search. Then we have recently proposed an explicit
management of the formulae (considered as resources) and a new proof search
method for LJT based on new concepts and results such as a new notion of
subformula [2].
In the LG system, independently proposed in [3], the length of the deductions is
linear bounded in terms of the size of the endsequent. A backward application
of the rules gives rise to an O(nlog n)-space decision algorithm for IPL. In this
work, the strategy used to avoid the duplication of subformulae is dierent for
the -L
3
and -L
4
rules: for the rst one, it corresponds to add new proposi-
tional variables and to replace complex formulae by such new variables. For the
second one, it forces the sequents to keep a convenient form in order to apply
some transformations or reductions. In fact, in this system, the duplication prob-
lem is solved at a logical level by the introduction of new variables and the use of
particular sequents [3]. But it is complicated and several implementation prob-
lems arise. Our aim, in this paper, is to propose an alternative (not logical but
structural) solution based on a ne management of new structures appropriate
for an ecient implementation.
Let us mention the work of Weich [10] that is based on constructive proofs of the
decidability of IPL by simultaneously constructing either a proof, taking up the
approach of [3] or a counter-model rening the idea of [4]. His algorithm is faster
than the refutability algorithm of [5]. When restricted to provability it coincides
with the one of [3] including the same logical solution for the duplication problem.
Our proposal is based on a new logical system that has some similarities with
the formulations of LG dedicated to the implementation [3]. The duplication
problem is in our case treated by a structural approach in which no new vari-
able or formula is introduced and such that we only modify the structure of
the sequents. It will lead to a more direct and clear implementation in imper-
ative languages. The main characteristics coming from the use of appropriate
sharing techniques are: no dynamic memory allocation, a ner control on the
resources and a O(nlog n)-space algorithm for provability. A similar approach
can be applied to dene and then implement an algorithm for refutability with
the generation of counter-models in a same space complexity, i.e., with the depth
of search tree being linearly bounded.

, A, B

, A B
[
L
]

, A

, B

, A B
[
L
]

, X, C

, X, X C
[X]
, X, X

C
[X

]
, A, B

, C

, (A B) C
[]
, A, B

C
, (A B)

C
[

, A (B C)

, (A B) C
[]
, A

C , B

C
, (A B)

C
[

, A C, B C

, (A B) C
[]
, A

C, B C
, (A B)

C
[

l
]
, X X
[Ax]
, A C, B

C
, (A B)

C
[

r
]
, A, B G
, A B G
[
L
]
, A G , B G
, A B G
[
L
]
, X, C G
, X, X C G
[X]
, A, B

C , C G
, (A B) C G
[]
, A (B C) G
, (A B) C G
[]
, A C, B C G
, (A B) C G
[]
A B
A B
[
R
]
A
A B
[
R
l
]
, A B
A B
[
R
]
B
A B
[
Rr
]
Fig. 2. The SLJ-system
3 A new system for intuitionistic proof search
We present in this section a new logical system, called SLJ, that leads to a natural
use of sharing techniques on structures adapted to an ecient implementation
in imperative languages. It is derived from the ideas of LJT [1] and of LG [3].
3.1 The SLJ system
The SLJ-system, that is given in gure 2, includes two kinds of sequents, like
in [3]. We have the usual intuitionistic sequent A which is a multiset
of formulae forming the hypothesis together with a unique formula A called
the conclusion. The intuitive meaning of a sequent is that the conclusion A
logically follows from the hypothesis in . Moreover, we have a second kind of
sequent which we will call boxed sequent: ,

C which intuitively means

, C . The special -notation indicates that the conclusion is shared
with the left side of an implication in the hypothesis: C. For example, in
rule [], B is shared and not duplicated. There is a mark to determine
which formula is concerned. In this second kind of sequents, there is exactly
one marked formula on the left of an implication of the hypothesis. We will
denote

to point out the fact that contains exactly one formula of type

C. This will happen when this last formula is not the active one like in
rule [X] for example. This idea of marking was introduced in [3] to avoid
one particular kind of duplication of formula in LJT and is also useful for our
purpose. It is important to notice that when we try to prove a boxed sequent
,

C , the sequents encountered upper in the proof are always boxed:

only boxed sequents appear in the proof of an initial boxed sequent.
The reader may also noticed that the rules [
L
], [
L
], [X], [], [] and
[] are duplicated. There is one version for boxed sequents and another version
for standard sequents. In the case of boxed sequents, the marked (or starred)
formula is not active. We have chosen not to distinguish the names because only
the nature of the sequent (boxed or not) diers for each pair of rules. On the
contrary, if we compare the rules [] and [

], then it appears that they

are very dierent. In the case the marked formula is active, the rules do not have
the same meaning at all.
This system is very interesting because all the duplications appearing in LJT
have been removed except in the rules [], [

l
] and [

r
]. The problem
of duplication in the rule (-L
4
) of LJT has then disappeared. We will see
in section 4 that the last duplication cases can be addressed by changing the
structure of sequent to represent sharing.
3.2 Kripke models
Kripke models are a very general model representation for logics like intuitionistic
or modal logics. Here, we will adopt the same notation as in [10] for Kripke trees.
A Kripke tree is a pair / = (o
K
, [/
1
, . . . , /
p
]) where o
K
is a nite set of logical
variables and [/
1
, . . . , /
p
] is a nite list of Kripke trees. Moreover, we suppose
that for each i, o
K
o
Ki
. This monotony condition is typical to intuitionistic
logic as opposed to modal logics for example. This is an inductive denition of
Kripke trees and the base case is when the list [/
1
, . . . , /
p
] is empty, i.e. p = 0.
In fact, Kripke trees are regular (oriented) trees with each node tagged with a
set of variables that grows along the paths from the root to the leaves.
We then introduce the notion of forcing. Let / = (o
K
, [/
1
, . . . , /
p
]) be a Kripke
tree and F be a logical formula. We say that / forces F and write / F. The
inductive denition is the following:
K X i X SK K AB i K A implies K B and i, Ki AB
K A B i K A and K B K A B i K A or K B
The only dierence with classical logic here is that the forcing of logical impli-
cation A B is inherited in the sons /
i
of / and so in all its subtree. In fact,
this inheritance is extended to all formulae with the following result, a proof of
which can be found in [10].
Lemma 1. If F is a logical formula and / = (o
K
, [/
1
, . . . , /
p
]) is a Kripke tree
forcing F, i.e. / F, then for all i, /
i
F.
Kripke trees are models of intuitionistic logic. Let A
1
, . . . , A
n
B be a sequent,
we say that a Kripke tree / is a model of A
1
, . . . , A
n
B if / A
1
and . . . and
/ A
n
implies / B. We will often write / A
1
, . . . , A
n
B.
Theorem 1 (Soundness). If A is provable in intuitionistic logic and /
is a Kripke tree then / A.
Models are very often used in a negative way to provide a synthetic argument
to the unprovability of some formula or sequent. Therefore, we say that / is a
counter-model of the sequent A
1
, . . . , A
n
B if / A
1
and . . . and / A
n
and
/ B. We write / A
1
, . . . , A
n
B. There is an constructive version of the
completeness theorem, see [10] for example.
Theorem 2 (Completeness). Let A be a sequent, then either it is intu-
itionistically provable, or there exists a Kripke tree / such that / A.
3.3 Completeness of SLJ
Before proving the theorem we have to precise how Kripke trees can model
boxed sequents. / is a counter-model to ,

C if / is a counter-model
to , C , so /, C and /. But we do not know whether / forces
C or not at the level of /. However, if one of its sons /
i
forces then /
i
also
forces C. The completeness result for SLJ can be decomposed into two parts:
one for boxed sequents and one for standard sequents. Here we only prove the
part for boxed sequents. The other part is very similar. The reader is reminded
that the following proofs are inspired from [5, 10].
Theorem 3 (Soundness). If ,

C is a provable sequent in SLJ, then

, C is intuitionistically provable (or provable in LJT).
To obtain this result, it is sucient to show that all the boxed rules
1
of SLJ are
admissible. For example, let us explore the case of [

]. We have to prove that

the following rule is admissible in IPL:
, AC A , B C B
, (A B) C A B
From the premisses, we obtain (A C) A and (B C) B. The
sequent (AC) A, (B C) B, (A B) C A B is also provable. By
two applications of the (Cut) rule, we obtain , , (A B) C A B. We
nally get the conclusion by application of the contraction rule. More details can
be found in [3].
Theorem 4 (Completeness). Let ,

C be a boxed sequent, either it

admits a proof in SLJ, or it admits a Kripke tree counter-model.
The proof is done by induction on , C, but it is not a simple induction on
the size of , C, see [1]. First, we point out the fact that some rules have
the important invertibility property: any counter-model to one of the premisses
is a counter-model to the conclusion. This is the case for the [
L
], [
L
], [X],
1
Boxed rules are the rules of gure 2 for which the conclusion is a boxed sequent.
[X

], [

], [], [

] and [] rules. Then if has one of the following

form,
, A B , A B , X, X C
, (A B) C , (A B) C
one of the above rule can be applied. The induction hypothesis gives us either
one proof for each premiss or else one counter-model to one of the premisses,
and thus we either have a proof or a counter model of ,

C . This is
also the case when A B, A B or X and X . Then the
problem is reduced to the following case:

X1, . . . , Xn, Y1 D1, . . . , Y

k
D
k
,
(A1 B1) C1, . . . , (Ap Bp) Cp
with X
1
, . . . , X
n
Y
1
, . . . , Y
k
= . Moreover, either AB, or X and
X , X
1
, . . . , X
n
, Y
1
, . . . , Y
k
. We will suppose that A B for the rest of
the proof the other case is simpler. We introduce
i
=

(A
i
B
i
)C
i

.
Then, by induction hypothesis, either one of the
i
, A
i
, B

i
C
i
, C is
provable, or there exists a counter-model for each of them.
In the rst case, suppose that
i0
, A
i0
, B

i0
C
i0
, C has a proof in SLJ.
Then consider the rule
i
0
, Ai
0
, B

i
0
Ci
0
, C i
0
, Ci
0
,

C
,

C
[]
This rule is right invertible: a counter-model of the second premiss is a counter-
model of the conclusion. On the other hand, a proof of the second premiss would
give a proof of ,

C . Thus, we obtain a proof or a counter-model of

the conclusion.
In the second case, for each i [1, p] let /
i
be a counter-model of
i
, A
i
, B

i

C
i
, C . Let us consider AB.
2
By induction hypothesis, either one
sequent among , A

C, B C and , A C, B

C is provable,
or we have two counter-models /
A
and /
B
. In the rst subcase, we obtain a
proof of , (A B)

C applying [

l
] or [

r
]. In the second subcase,
we dene / =

X
1
, . . . , X
n
, [/
1
, . . . , /
p
, /
A
, /
B
]

. It is only routine to check

that / is a counter-model to ,

C . We now give some details of the

proof. As X
j

i
, we get /
i
X
j
and so X
j
o
Ki
for any j [1, n] and
i 1, . . . , p, A, B. Thus, / is a Kripke tree and it is simple to check that
/ X
1
, . . . , X
n
, Y
1
D
1
, . . . , Y
k
D
k
, C.
As /
A
A and /
B
B, we obtain / and then it remains to prove that
/(A
j
B
j
) C
j
holds. For any i 1, . . . , p, A, B j, (A
j
B
j
) C
j
is
in the context (
i
or ) and so /
i
(A
j
B
j
)C
j
. Why does /
j
(A
j
B
j
)C
j
hold? Because we have /
j
A
j
and /
j
B
j
C
j
. Moreover /
j
B
j
and also
/
j
A
j
B
j
and thus / A
j
B
j
. Finally, if / A
j
B
j
then / C
j
.
2
Remember we have supposed this but a complete proof would also consider the case
X and X {X1, . . . , Xn, Y1, . . . , Y
k
}.
This completeness proof for the boxed fragment of SLJ also describes an algo-
rithm that produces a proof or a counter-model out of a given (boxed) sequent.
It can be eectively used to build counter-models.
4 Sharing techniques
In this section, we will present an alternative approach, w.r.t. [3], to address
the problem of duplication of formulae during proof search. It is not logical but
structural: only the structure of sequents is modied, no new formula or variable
is introduced. Looking at the SLJ-system, we can observe that a duplication
occurs when the active formula is of type (AB) C, and only in this case, as
for example in the rule []. Hudelmaier proposed a way to bypass this problem
for complexity reasons: he wanted the linear size of sequent to decrease strictly
while applying rules of his system and put a restriction on C that is to be an
atomic formula, a variable for example. But doing this, he had to introduce a
new rule in the system so that any formula C could be replaced by a variable
without modifying the meaning of the sequent:
, AX, X C G
, AC G
[X new variable]
By this trick, the system assures that any duplication is done on a formula of
size 1 and then has the property that the application of rules decreases the linear
size of the sequent. That is why we say that the duplication problem is addressed
on the logical side. We can see that the variable X represents the sharing of C
between AC and B C by combining the two rules:
, AX, B X, X C G
[]
, (A B) X, X C G
[X new variable]
, (A B) C G
But this method has the drawback of introducing some new formulae (AX for
example) during the proof-search. This could be a problem when we look for a
resource-conscious implementation of proof-search. It may not be easy to allocate
in advance all the formulae that could appear during the proof-search process.
We propose an alternative approach that consists in encoding the sharing of C
between AC and B C inside the sequent structure.
4.1 A structural solution
Usually, an intuitionistic sequent is a multiset (or set or list, depending on struc-
tural rules) of formulae, as hypothesis, together with a unique formula for the
conclusion. Here, we will consider a new structure encoding the sharing.
Sequent structure. The left part of sequents will have the structure of a forest
(i.e. list of trees). Each tree represents a compound formula where sharing is
taken into account. For this, the nodes of the trees are associated to subformulae
of the initial sequent which will be called tags. Let l be a leaf in this tree, we
denote by F
0
, . . . , F
l
the list of formulae encountered while following the path
from the root of tag F
0
to the leaf l tagged with F
l
.
Each tree T is associated a meaning, which is the logical formula

l
F
l

Fig. 3.
Mean-
ing
func-
tion
F
0
where l ranges over the leaves of T . As usual, is right associative
and F
l
F
0
means F
l
( F
0
). See the example in gure 3. There
is an obvious map from formulae to trees F F that associates a formula
F to one-node tree whose root is tagged with F.
Rules. The rules are derived from the SLJ rules and the preceding meaning
maps. They act on the leaves of the trees and there are two cases: the tree is
a one-node tree or else the root is not a leaf.
In the case of a one-node tree, ei-
. . . ,
R
A B
C
, . . . . . .
. . . ,
R
A B
C
, . . . . . .
[]
Fig. 4. Tree decomposition rule
ther the formula is an implication
in which case the node is rewritten
as a two-nodes tree (rule [
L
] in
gure 5) or we apply left conjunc-
tion or disjunction rule to obtain
one or two one-node trees.
In the case the root is not a leaf,
a formula F
l
(F
l1
F
0
)
corresponds to the leaf l and thus
to an left implication rule of SLJ.
For example, if F
l
is AB the leaf
l is replaced by a two-nodes tree
whose leaf is tagged with A and
whose root is tagged with B like it appears in rule [] of gure 5.
We focus here on one of the rules that involves duplication. Considering the trees
of gure 4, we see that the tree of the conclusion is associated to a formula of
the shape

(A B) (C R)

. Considering the rule []

of SLJ, and the fact that can be exchanged with commas (,) on the left
side of SLJ-sequents because of the rule [
L
], we can convert this formula into

A(C R) B (C R)

. The new formula exactly

corresponds to the tree of the premise. It illustrates the method from which
we derive the tree manipulation rules from SLJ-rules. We also notice how the
duplication has been removed with the help of sharing. The node tagged with C
is shared in the two paths leading to A and B. Finally, A and B which replace
A B are subformulae. This fact is a general one, and all rules introduce only
subformulae so that the tags of the trees are all subformulae of the formulae of
the initial sequent. The it provides a subformula property (see section 4.2).
It is important to point out that the sharing version of SLJ is not a simple
implementation in terms of trees. In particular, we have previously seen that
proving a boxed sequent only involves boxed sequents. This is no longer the case
in the sharing tree version. The tree version of the rule [X] might remove a
whole subtree and this one might contain the marked (or starred) formula. In
((A B) (C D)) E
(A B) (C D)
A B
A B
C D
D
E
C
F
0
1
2
3 4
5
6
7
8
9
4
7
6

3
, 8
7 9
[]
4
7
5
3
9
[]
2
7
5
9
[]
1
7
9
[L]
0 9
Fig. 5. An example of proof search
this case, the premiss cannot be a boxed sequent and we must reintroduce the
marked formula as the conclusion of the premiss.
An example. Considering gure 5, we aim to prove the sequent ((AB) (C
D)) E F. First we build the tree of the subformulae of this sequent. The
nodes are given with numbers used to label the nodes of proof trees. The proof-
search tree is written bottom-up as usual. We start by translating the premiss
into a forest (in this case, there is only one tree) and then we develop this forest
following the rules for trees. Notice that only the leaves of the trees are concerned
in those rules. Inner nodes are asleep until all the sons are removed. This
point has some consequences when ecient implementation is taken into account
(see section 5). Moreover a marked formula 6

appears in the tree at the end of

the proof-search. As for SLJ, there might be at most one marked formula in the
forest, meaning that this formula is shared with the conclusion and in this case,
the conclusion is boxed.
4.2 Properties of structural sharing
Structural sharing avoids the duplication of formulae. In fact, anytime a formula
on a leaf is decomposed, it is always replaced by one or two leaves that are
tagged with the subformulae of the tagging formula. Sometimes a part of the
tree can be removed. Let us consider some results about complexity, subformula
property and counter-models. If we measure the size of the forest by the sum of
the size of each tagging formula, then the size of any premise of a rule is strictly
smaller than the size of the conclusion. Moreover, the size of the initial forest is
exactly the size of initial sequent in the usual sense.
Theorem 5. The depth of the proof-search tree is bounded by the size of the
sequent (or forest) to prove.
This result is important and already obtained in [3], providing an O(nlog n)-
space decision procedure for intuitionistic logic. Here we focus on an ecient
implementation of such a procedure, based on structural sharing. Another im-
portant point is that a tagging formula is always replaced by some of its direct
subformulae.
Theorem 6. The tagging formulae occurring during the proof-search, as the
forest gets decomposed, are subformulae of the initial sequent (or forest).
The consequence for implementation is signicant. In fact, an occurrence of a
formula A is always decomposed by the same rule, which ever the context. This
only depends on the polarity
3
of A as a subformula. It allows to do the allocation
of space for subformulae before the proof-search starts, and not dynamically.
In section 3.3, we sketched an algorithm to eectively build a counter-model
when the proof-search fails, like what was already done in [10]. The proof can be
very easily adapted to the sharing-trees version of the system. In fact, one can
eectively build Kripke-trees that are strong counter models (see [10]) in case of
the failure of the proof-search algorithm on sharing trees.
Theorem 7. The algorithm can produce proofs or counter-models and their
depth is bounded by the size of the sequent to prove.
5 Implementation issues
The sharing tree version of the SLJ system is well suited for an ecient imple-
mentation in imperative languages. A proof-search algorithm requires a bounded
memory space (depending on the size of the initial sequent) and it can be imple-
mented without using dynamic memory allocation at all. Moreover, good choices
are not obvious, especially in terms of time, if we aim to have a light use of re-
sources. To dene a good proof-search strategy is not an easy task and can
depend on the kind of formulae. Moreover, its implementation could be dicult
because it could involve too much administrative tasks like maintaining lists of
formulae or even traversing lists at each point in the proof search. A strategy has
to take into account that some rules have the invertibility property. Moreover,
in case the algorithm has to return counter-models, the strategies are restricted
to those respecting the order in the completeness proof of section 3.3.
For a given strategy, the program having a sequent (set of sharing trees) as input
has to choose a leaf of the tree. Going through the tree to search for a particular
kind of leaf is not a good solution and it is necessary to gather leaves by types.
But this information has to be maintained when the proof rules are applied. To
summarise, the basic resources are the sequent represented as a tagged tree of
formulae and the conclusion (or starred formula if we have a boxed sequent). This
information is completed with some administrative information so as to make
these resources accessible in minimal time. The key-points are the following: the
leaves should be organised by types to have an ecient choice. It is especially
important to avoid the traversal of leaves at each point of the proof-search; the
3
This is the parity of the number of times a subformula occurs on the left of .
application of rules should not involve too much administrative tasks otherwise
the benets of the added information would be null; the reverse application of
rules is also concerned by this point because the non-invertibility of some rules
implies some backtracking.
6 Conclusion
In this paper, we have presented a new system SLJ derived from ideas of LJT [1]
and LG [3] which is proved sound and complete for IPL. It is an intermediate
step towards an ecient implementation of IPL based on the concept of sharing
trees. This system has very nice properties like the subformula property, a linear
bound on the depth of proof search and the ability to generate Kripke counter-
models. In addition to the theoretical complexity results, our approach provides
an eective and ne control of space and time resources, adapted to the design
in imperative languages. A rst implementation has been developed in C and
the practical feasability of the method has been conrmed. A possible extension
of this work would be, as in [10], implementing the intuitionistic proof of the
system based on sharing trees and mechanically extracting a (proved) algorithm
from this proof.
References
1. R. Dyckho. Contraction-free sequent calculi for intuitionistic logic. Journal of
Symbolic Logic, 57:795807, 1992.
2. D. Galmiche and D. Larchey-Wendling. Formulae-as-resources management for an
intuitionistic theorem prover. In 5th Workshop on Logic, Language, Information
and Computation, WoLLIC98, Sao Paulo, Brazil, July 1998.
3. J. Hudelmaier. An O(nlog n)-space decision procedure for intuitionistic proposi-
tional logic. Journal of Logic and Computation, 3(1):6375, 1993.
4. M. Ornaghi P. Miglioli, U. Moscato. Avoiding duplications in tableaux systems for
intuitionistic and Kuroda logic. Logic Journal of the IGPL, 5(1):145167, 1997.
5. L. Pinto and R. Dyckho. Loop-free construction of counter-models for intuition-
istic propositional logic. In Behara and al., editors, Symposia Gaussiana, pages
225232, 1995.
6. N. Shankar. Proof search in the intuitionistic sequent calculus. In 11th Conference
on Automated DEduction, LNAI 607, pages 522536, Saratoga Springs, June 1992.
7. T. Tammet. A resolution theorem prover for intuitionistic logic. In 13th Conference
on Automated Deduction, LNAI 1104, pages 216, NJ, USA, 1996.
8. C. Urban. Implementation of proof search in the imperative programming language
pizza. In Int. Conference TABLEAUX98, LNAI 1397, pages 313319, Oisterwijk,
The Netherlands, May 1998.
9. A. Voronkov. Proof-search in intuitionistic logic based on constraint satisfaction.
In Int. Workshop TABLEAUX96, LNAI 1071, pages 312327, Italy, 1996.
10. K. Weich. Decisions procedures for intuitionistic logic by program extraction.
In Int. Conference TABLEAUX98, LNAI 1397, pages 292306, Oisterwijk, The
Netherlands, May 1998.