david.baelde at ens-lyon.org dale.miller at inria.fr Abstract. The first-order theory of MALL (multiplicative, additive linear logic) over only equalities is an interesting but weak logic since it cannot capture unbounded (infinite) behavior. Instead of accounting for unbounded behavior via the addition of the exponentials (! and?), we add least and greatest fixed point operators. The resulting logic, which we call µMALL = , satisfies two fundamental proof theoretic properties. In particular, µMALL = satisfies cut-elimination, which implies consistency, and has a complete focused proof system. This second result about focused proofs provides a strong normal form for cut-free proof structures that can be used, for example, to help automate proof search. We then consider applying these two results about µMALL = to derive a focused proof system for an intuitionistic logic extended with induction and co-induction. The traditional approach to encoding intuitionistic logic into linear logic relies heavily on using the exponentials, which unfortunately weaken the focusing discipline. We get a better focused proof system by observing that certain fixed points satisfy the structural rules of weakening and contraction (without using exponentials). The resulting focused proof system for intuitionistic logic is closely related to the one implemented in Bedwyr, a recent model checker based on logic programming. We discuss how our proof theory might be used to build a computational system that can partially automate induction and co-induction. 1

Bedwyr is a generalization of logic programming that allows model checking directly on syntactic expressions possibly containing bindings. This system, written in OCaml, is a direct implementation of two recent advances in the theory of proof search. The first is centered on the fact that both finite success and finite failure can be captured in the sequent calculus by incorporating inference rules for definitions that allow fixed points to be explored. As a result, proof search in such a sequent calculus can capture simple model checking problems as well as may and must behavior in operational semantics. The second is that higherorder abstract syntax is directly supported using term-level λ-binders and the quantifier known as ∇. These features allow reasoning directly on expressions containing bound variables. 2

The operational semantics of programming and specification languages is often presented via inference rules and these can generally be mapped into logic programming-like clauses. Such logical encodings of operational semantics can be surprisingly declarative if one uses logics that directly account for term-level bindings and for resources, such as are found in linear logic. Traditional theorem proving techniques, such as unification and backtracking search, can then be applied to animate operational semantic specifications. Of course, one wishes to go a step further than animation: using logic to encode computation should facilitate formal reasoning directly with semantic specifications. We outline an approach to reasoning about logic specifications that involves viewing logic specifications as theories in an object-logic and then using a meta-logic to reason about properties of those object-logic theories. We motivate the principal design goals of a particular meta-logic that has been built for that purpose.

Some recent theoretical work in proof search has illustrated that it is possible to combine the following two computational principles into one computational logic. 1. A symmetric treatment of finite success and finite failure. This allows capturing both aspects of may and must behavior in operational semantics and mixing model checking and logic programming. 2. Direct support for λ-tree syntax, as in λProlog, via term-level λ-binders, higher-order pattern unification, and the ∇-quantifier. All these features have a clean proof theory. The combination of these features allow, for example, specifying rather declarative approaches to model checking syntactic expressions containing bindings. The Bedwyr system is intended as an implementation of these computational logic principles. Why the name Bedwyr? In the legend of King Arthur and the round table, several knights shared in the search for the holy grail. The name of one of them, Parsifal, is used for an INRIA team associated with the “Slimmer ” effort. Bedwyr was another one of those knights. Wikipedia (using the spelling “Bedivere”) mentions that Bedwyr appears in Monty Python and the Holy Grail where he is “portrayed as a master of the extremely odd logic in the ancient times, whom occasionally blunders. ” Bedwyr is a re-implementation and rethinking ∗ Support has been obtained for this work from the following sources: from INRIA through

Proof theory can be applied to the problem of specifying and reasoning about the operational semantics of process calculi. We overview some recent research in which λ-tree syntax is used to encode expressions containing bindings and sequent calculus is used to reason about operational semantics. There are various benefits of this proof theoretic approach for the π-calculus: the treatment of bindings can be captured with no side conditions; bisimulation has a simple and natural specification in which the difference between bound input and bound output is characterized using difference quantifiers; various modal logics for mobility can be specified declaratively; and simple logic programming-like deduction involving subsets of second-order unification provides immediate implementations of symbolic bisimulation. These benefits should extend to other process calculi as well. As partial evidence of this, a simple λ-tree syntax extension to the tyft/tyxt rule format for name-binding and name-passing is possible that allows one to conclude that (open) bisimilarity is a congruence. Key words: operational semantics, proof theoretic specifications, λ-tree syntax, rule formats, π-calculus A number of frameworks have been used to formalize the semantics of process calculi and, more generally, programming languages. For example, algebra, category theory, and I/O automata have been used to provide formal settings for not only specifying but also reasoning about the operational semantics of calculi and languages. In this note, we overview recent results in making use of proof theory to encode and reason about such operational semantics. By the term “proof theory ” we refer the study of proofs for logics, particularly in the style initiated by Gentzen. 1 Support for this work comes from INRIA through the “Equipes Associées ” Slimmer and from the ACI grants GEOCAL and Rossignol.

We specify the operational semantics and bisimulation relations for the finite π-calculus within a logic that contains the ∇ quantifier for encoding generic judgments and definitions for encoding fixed points. Since we restrict to the finite case, the ability of the logic to unfold fixed points allows this logic to be complete for both the inductive nature of operational semantics and the coinductive nature of bisimulation. The ∇ quantifier helps with the delicate issues surrounding the scope of variables within π-calculus expressions and their executions (proofs). We illustrate several merits of the logical specifications permitted by this logic: they are natural and declarative; they contain no side-conditions concerning names of variables while maintaining a completely formal treatment of such variables; differences between late and open bisimulation relations arise from familar logic distinctions; the interplay between the three quantifiers (∀, ∃, and ∇) and their scopes can explain the differences between early and late bisimulation and between various modal operators based on bound input and output actions; and proof search involving the application of inference rules, unification, and backtracking can provide complete proof systems for one-step transitions, bisimulation, and satisfaction in modal logic. We also illustrate how one can encode

c t i v it y e p o r t

Abstract. We consider encoding finite automata as least fixed points in a prooftheoretical framework equipped with a general induction scheme, and study automata inclusion in that setting. We provide a coinductive characterization of inclusion that yields a natural bridge to proof-theory. This leads us to generalize these observations to regular formulas, obtaining new insights about inductive theorem proving and cyclic proofs in particular. 1