Automated Deduction in Arithmetic with the Omega Rule

Home , Natural deduction, Rule of inference

Siani Baker Computer Laboratory University of Cambridge Cambridge, CB2 3QG, UK E-mail: [email protected]

Abstract the language of arithmetic. This rule is not deriv- able in Peano Arithmetic (PA)1, since for example, An important technique for investigating for the GSdel formula G(x), for each natural number derivability in formal systems of arithmetic n, PA i- G(n__) but it is not true that PA I- VxG(x). has been to embed such systems into semi- This rule together with Peano’s axioms gives a com- formal systems with the w-rule. This paper plete theory - the usual incompleteness results do not exploits this notion within the domain of au- apply since this is not a formal system in the usual tomated theorem-proving and discusses the sense. implementation of such a proof environment. However, this is not a good candidate for implementa- This involves providing an appropriate repre- tion since there are an infinite number of premises. It sentation for infinite proofs, and a means of would be desirable to restrict the w-rule so that the in- verifying properties of such objects. finite proofs considered possess some important properties of finite proofs. One suitable option is to use a constructive w-rule. The w-rule is said to be con- 1 Introduction structive if there is a recursive function f such that for every n, f(n) is a GSdel number of P(n), where P(n) Normally, proofs considered in theorem-proving are fi- is defined for every natural number n and is a proof nite; however, there is a reasonable notion of infinite of A(_n) [Takeuti 87]. This is equivalent to the require- proof involving the w-rule, which infers a proposition ment that there is a uniform, computable procedure from an infinite number of individual cases of that describing P(n), or alternatively that the proofs are proposition. The w-rule involves the use of infinite recursive (in the sense that both the prooftree and the proofs, and therefore poses a problem as far as imple- function describing the use of the different rules must mentation is concerned. be recursive) [Yoccoz 89]. There is a primitive recursive counterpart 2 which is also a candidate for imple- With the goal of automatic derivation of proofs within mentation. Note that in particular these rules differ some formalisation of arithmetic in mind, an (imple- mentable) representation for an arithmetical system from the form of the w-rule (involving the notion of including the w-rule is proposed. The implemented provability) considered by Rosser [Rosser 37] and sub- sequently Feferman [Feferman 62]. system is useful as a proof environment (and also as guide to generalisation in the more usual formalisation Various theoretical results are known for these sys- of arithmetic [Baker et al 92]). tems. Shoenfield has shown that ’PA + w-rule’ (PA~)a is equivalent to ’PA + recursively restricted The Constructive Omega Rule w-rule’ [Shoenfield 59]. The sequent calculus enriched 2 with the recursively restricted w-rule in place of the rule of induction (let us call it PAr~4) has cut elinfi- A standard form of the w-rule is nation, and is complete [Shoenfield 59]. l See for A(0),A(1)...A(n_)... example [Schwichtenberg 77] for a formalisation. Sin other words, such that there is a primitive recursive function f for which, for every n, .f(n) is a GSdelnumber where n_n_ is a formal numeral, which for natural num- of the proof of A(n__), the nth numeratorof the w-rule. ber n consists in the n-fold iteration of the successor 3See Section 3 below for description. function applied to zero, and A is formulated within 4For a more formal description see [Baker 92a]. From: AAAI Technical Report FS-93-01. Compilation copyright © 1993, AAAI (www.aaai.org). All rights reserved.

The primitive recursive variant has also been shown to approach the restriction must be placed on the shape be complete by Nelson [Nelson 71]. If one has the rule of the proof tree in which the w-rule appears: only F~-A derivations5. which are "effective" will be accepted of repetition ~ in PAw, any recursive derivation can be "stretched out" to a primitive recursive deriva- Hence I define tion using the same rules of inference, plus this rule [LSpez-Escobar 76, P169]. Since my implementation I’-pAc~ ~ t~f 3.f. f is an ’effective’ prooftreeof is developed using effective operations over represen- PAc~with ¢ as initial sequent. tations of object-level syntax (where effectiveness is an analogous concept to primitive recursion), and PA This does not define PAc~ as a (semi-)formal system with the unrestricted w-rule forms a conservative ex- in the sense that it does not say what the axioms and tension of this system, the (classical) system PA with rules of inference are. This replaces the usual approach a primitive recursive restriction on the prooftrees was of using numeric encoding (using notation r 7) to con- chosen as a basis for implementation. sider some statement used to strengthen PA of the form: In the context of theorem proving, the presence of cut elimination for these systems means that generalisa- (3H (prooftree(H) A conc(H) = r-~>7)) tion steps are not required. In the implementation, although I do not claim completeness, some proofs that It is now necessary to provide some means for reason- normally require generalisation can be generated more ing about primitive recursive infinite proof trees. The easily in PAc~ than PA. objects of interest are prooftrees (in the sense of LSpez- Escobar [LSpez-Escobar 76]), labelled with formulae 3 PAw: Arithmetic with the (namely, the sequents to be proved at each point) and rules. The notion of effectiveness of a tree, which corre- Constructive Omega Rule sponds to primitive recursion, is defined in [Baker 92a]. In addition, a (proof) tree must be well-founded, in the The system PAwis essentially PA enriched with the sense that it does not have an infinitely deep branch. w-rule in place of the rule of induction. The deriva- The rules that relate the formulae between node and tions are then infinite trees of formulae; a formula subnode are the standard rules for the logical connec- is demonstrated in PAw by "exhibiting" a prooftree tives, the extra w-rule with subgoals (I)(0), ¢(1),..., labelled at the root with the given formula. Syn- and substitution. A formula in PA is demonstrated tactical details about this system PAware given in in the extended theory by exhibiting a prooftree la- [L6pez-Escobar 76, P162] (see [Prawitz 71, P266-267] belled at the root with the given formula. Proper- for a natural deduction representation). PAwhas been ties of such primitively recursively defined trees can described by Schfitte as a semi-formal system to stress be proved using induction principles associated with the difference between this and usual formal systems the datatypes. These are the sorts of proofs that have which use finitary rules [Schiitte 77, P174]. been automated by [Bundy et al 91], and I am able to For implementational purposes infinite proofs must be automate the simpler proofs that arise. This involves, thought of in the constructive sense of being gener- for example, giving a proof that a given rewrite applied ated, rather than absolute. It is necessary to place a a given number of times to a formula schema yields a restriction on the prooftrees of PAwsuch that only particular formula schema. Details of this, and of how those which have been constructively generated are the implementation relates to the effective prooftrees allowed, in order to capture the notion of infinite la- are considered in [Baker 92a]. belled trees in a finite way. The normal approach when dealing with a system with infinitary proofs such as 4 Implementational Representation PA~ is to work with numeric codes for the derivations rather than using the derivations themselves. See [Schwichtenberg 77, P886] for further details, includ- One use of the constructive w-rule is to enable auto- ing the case of the w-rule. By adding the provability re- mated proof of formulae, such as Vx (x + x) + x lation and numeric encoding, a reflection system which x + (x + x), which cannot be proved in the nor- necessarily extends the original one may be formed mal axiomatisation of arithmetic without recourse to [Kreisel 65, P163]. However,the necessity of using this the cut rule. In these cases the correct proof could GSdel numbering approach may be avoided by follow- be extremely difficult to find automatically. How- ing Tucker in defining primitive recursion ("effective- ever, it is possible to prove this equation using the ness") over various data-types that are better adapted w-rule since the proofs of the instances (0 + 0) + 0 to computational purposes [Tucker et al 90]. 0+(0+0), (1+1)+1 = 1+(1+1) .... are easily and the general pattern determined by inductive infer- If an arithmetical encoding method were to be used, ence. the primitive recursive constraint could be attached directly to the w-rule. However, without using such an S[Baker92a] provides a full definition of effectiveness.

Axioms 0+y = y (1) s(x)+y = s(x+y) (2)

Proof (n+a) +a= a+ (a+a) n__-s"(O) (8"(0)+ s"(0))+ s"(0)= s"(0)+ (8"(0) (2) n TIMES ON LEFT ([1, 1]) 8"(0+ 8"(0))+ s"(0)= s"(0)+ (s"(0) (1) ONLEFT ([2, 2, 1, 1]) s"(s"(0))+ ,"(O)= ~"(0)+ (,"(0) (2) n TIMES ON RIGHT ([2]) s"(,"(0))+ s"(0)= ,"(0+ (,"(0) (1) ON RIGHT ([2,2,2]) s"(,"(0))+ 8"(0)= ,"(,"(0) (2) n TIMES ON LEFT ([1]) ~"(~"(0)+ ~"(0))= s"(8"(0)+,"(0)) A A A A EQUALITY

Figure 1: A General Proof ofVx (x+x) +x = x+(x+x)

For the implementation it is necessary to provide (for number of times to formulae (dependent upon the pa- the nth case) a description for the general proof in rameter n). As an example, the implementational rep- constructive way (in this case a recursive way), which resentation of the general proof for Vx (z + x) + x captures the notion that each P(n) is being proved in x + (z + x) takes the form given in Figure 1 (although a uniform way (from parameter n). This is done it may be represented in a variety of ways) presuming manipulating A(n), where VxA(x) is the sequent to be that, within the particular formalisation of arithmetic proved, and using recursively defined function defini- chosen, one is given the axioms of addition of Figure 1. tions of PA as rewrite rules, with the aim of reducing By s’~ (0) is meant the numeral n, ie. the term formed both sides of the equation to the same formula. The recursive fimction sought is described by the sequence by applying the successor function n times to 0. The next stages use the axioms as rewrite rules from left of rule applications, parametrised over n. In practice, to right, and substitution in the general proof, un- tile first few proofs will be special cases, and it is rather der the appropriate instantiation of variables, with the tile correspondence between the proofs of P(99), say, and P(100), which should be captured. The processes aim of reducing both sides of the equation to the same formula. The subpositions to which the rewrite rules of generation of a (recursive) general proof from individual proof instances, and the (metalevel) check- are applied are given in parentheses, according to the ing that this is indeed the correct proof have been exp_at notation of Clam [van Harmelen 89]. The general proof represents, and highlights, blocks of rewrite automated (see [Baker 92b]). Further details of the rules which are being applied. Meta-induction may be ’algorithms and representations used, together with the correspondence between the adopted implementa- used (on the first argument) to prove the more general rewrite rules from one block to the next: for example, tional approach and the formal theory of the system Vn sn (x) + y = n (x +y)corresponds to n a pplications are described in [Baker 92a]. Any appropriate inductive inference algorithm, such as Plotkin’s least general of axiom (2) above. generalisation [Plotkin 69], or that of Rouveirol, who Effective trees selected by the implementation are has tackled the problem of controlling the hypothesis shownto be correct, according to a given way of check- generation process to get only the most relevant can- ing for correctness, which involves using induction over didates [Rouveirol 90], could be used to guess the gen- various datatypes. To reason about such trees, I work eral proof from the individual proof instances. In gen- in a theory of trees and of the original syntax (which eral, the complexity of the algorithm needed to guess may be defined effectively). Defining equations for a general proof from non-uniformly generated exam- primitive recursive functions are taken as axioms, with ples is exponential, whereas the stages of checking the a derived form as inference rules to allow rewriting of general proof and suggesting a cut formula are only a formula in the obvious way. Furthermore, the sys- polynomially complex, and this is reflected in the time tem encapsulated by the implementation is shown to taken to produce the result. As an alternative, the user be sound with respect to PAc~, although completeness may bypass this whole stage by specifying the general is left as an open question. Casesplits and condition- proof directly. als in the general proof correspond to branching in the effective tree representation. The general proof representation represents P(n), the proof of the nth numerator of the constructive w-rule, Automated proof in such a system might be seen as in terms of rewrite rules applied f(n) or a constant a goal in itself, but it is also possible to use this sys- From: AAAI Technical Report FS-93-01. Compilation copyright © 1993, AAAI (www.aaai.org). All rights reserved.

tern as a guide to the provision of difficult proofs in downby the rewrite rules corresponding to (1) and moreconventional systems. This is the concern of the (2) above, and hence fertilisation (substitution using following section. the induction hypothesis) cannot occur. That is why we have to use the cut rule. We would wish A to be a more general version of C, so that we could prove 5 An Application: Generalisation A ~- C, but on the other hand to be suitable to give an inductive proof, so that we could prove ~- A by in- Generalisation is a proof step whichallows the postu- duction. Hence we would be tackling the problem of lation of a new theorem as a substitute for the cur- generalisation by using an alternative (stronger) rep- rent goal, fromwhich the latter follows easily. It is a resentation of arithmetic as a guide. powerfultool with a variety of r61es, such as enabling proofs, defining newconcepts, turning proofs for a spe- Three methods have been developed in order to sug- cific exampleinto ones valid for a range of examples gest a cut formula from a general proof. The most and producing clearer proofs. Althoughgeneralisation basic is to see what remains unaltered in the nth case is an important problem in theorem-proving, it has proof, and then write out the original formula, but by no means been solved. It is important and still with the corresponding term re-named. So, for the ex- being investigated for reasons which have to do with ample in Figure 1, we would wish to rewrite the vari- cut elimination and the lack of heuristics for providing able correspondingto A as y. In this case, this would cut formulae. A cut elimination theorem for a system give states that every proof in that system maybe replaced A - VxVy(x + y) + y = x + (y+ bys. one which does not involve use of the cut rule A could then be proved by induction on x. Note that Uniformproof search methods can be used for logical what is meant by ’unaltered’ is defined by what is un- systems, in sequent calculus form, where the cut rule affected in structure by the rewrite rules. This proce- is not used. In general, cut elimination holds for arith- dure has been automated (all that is required is de- metical systems with the w-rule, but not for systems tection of the unaltered terms), and so the cut for- with ordinary induction. Hencein the latter, there is mula may be produced automatically. This method the problemof generalisation, since arbitrary formulae of generalisation will allow the proof of sometheo- can be cut in. This makes automatic theorem-proving rems which pose a problem for other methods, such as very difficult, especially as there is no easy or fail-safe x # 0 --+ p(x) + s(s(x)) = s(z) wherep is t hepre- methodof generating the required cut formula. decessor function (detailed comparisonsof this ’unaltered term’ method with other generalisation methods Animportant technique for investigating derivability with regard to this exampleare given in [Baker 92a]). in formal systems of arithmetic has been to embed such systems into semi-formal systems with the w-rule. A second method which encompasses this approach, This section presents a new approach to the prob- but produces a more general generalisation, is to lems of generalisation by means of "guiding proofs" look at the rules of the general proof, and work ill the stronger system, which maysucceed in produc- out what the most general statement could be which ing proofs in the original system when other methods was proved using these rules. This process has fail (cf. examples(9), (10), (13) of Table 1). been applied in various other domains (see for ex- gested methods are suitable for automation (and in- ample [Donat & Wallen 88]), and is the approach of deed the first two methods suggested below have been explanation-based generalisation (denoted ’EBG’as automated for simple arithmetical examples) and re- an abbreviation). EBGis a technique for formulating sult in the suggestion of an appropriate cut formula. general concepts on the basis of specific training exam- pies, first described in [Mitchell 82]. In general terms Note that there is a class of proofs, including Vx(x the process worksby generalising a particular solution x) + x = x + (x + x), which are provable PA only to the most general possible solution which uses the using the cut rule but which are provable in PAc~ rules of the original solution. It does this by applying [Baker 92a]. [ consider whether the proof in PAc~ these rules, making no assumptions about the form of suggests a proof in PA, ie. in particular, what the the generalisedsolution, and using unification to fill in cut formula would be in a proof in Peano Arithmetic? this form. The methodis applied in this instance to a That is, what would the A be below? new domain, namely that of general proofs. The approach is described in detail in [Baker 92a], but as an illustration of the method, let us apply explanation- based generalisation to Figure 1, to give the process shown in Figure 2. The right hand column are the Ordinary induction does not work on Vx(x + x) + x instantiations of variables, whichare finally to be fil- x + (x + x) (C), primarily because the second, third tered back up into the original expression. Essentially and sixth terms in the step case may not be broken what is happeningis that the application of the rules are matched to see what the generalisation could be. 6See[Schwichtenberg 77], for example. So if (2) is applied m times, this will matchwith the

rules form of general proof instantiations (2) n times at I’1, 1"1 fnO([s’(X) YIK]) = W original (1) once at 1,,2,2, 1, 13 fnO([s"(X + Y)IK]) = W (2) n times at 1,2] fnO([s"(Y)lK]) = W X = 0 (1) oneeat 1,,2,2,2] fnO([sn(Y)lK]) =sn(P+Q) W=sn(P)+Q (2) ntimesat I’1] sn(Y+K) =sn(Q) P=0, fnO=+ EQUALITY s"(Y + K) =s"(Y + It’) Q= Y +

Figure 2: Illustration of Explanation-Based Generalisation on Rules of General Proof

form Although the heuristic of replacing unaltered terms is sm(X) q- Y :::~ sm(X q- suitable for implementation (and was successfully implemented), the method of explanation-based generali- Nothing more is supposed about the original form of sation extends this idea to provide a uniform algorithm the general proof than that it is of the form U = W. based on the underlying structure of the proof. The The rule application blocks on the left hand side of implementation of EBGdescribed in [Baker 92a] fol- this figure are identical with those of the general proof lows the unification process described above, and thus given in Figure 1. The procedure is to form the most subsumes the implementation of the heuristic method. general general proof which could use those same rules to achieve equality. Hence, these same rewrite rules A third, more general, method of generalisation which are applied at the specified subpositions to give a new subsumes the previous suggestions is provided by lin- general proof. In so doing the structure of U and W earisation of the general proof, which suggests cut for- is revealed. For instance, the fact that rule (2) may mulae in more complex cases (see [Baker 92a] since be applied n times at subposition [1,1] of U = W re- there is not the space to give further details in this ab- veals that U must be of the form fnO([sn(X) + YIK]) stract). In the natural number examples given above, (which represents some functor fnO of as yet unknown the general proof is linear in the sense that the proof of arity with initial argument sn(X) + and ad ditional P(s(n)) reduces to that of P(n). However, in many ex- arguments K) before the rule application, and of the amples involving lists, this is not so, and a new method form fnO([sn(X Y)IK]) af terwards. Th is pr ocess is for providing a cut formula is needed. The linearisa- repeated until all the given rules are exhausted. Fi- tion method suggests correct cut formulae for exam- nally, the left-hand side and the right-hand side of the ples (12)-(14) of Table 1 (where <> denotes list general proof are unified (since the original proof re- catenation). In particular, the generalisation of (12) sulted in equality). Throughout this process, informa- given as Va Vl len(rev(l) <> a) = len(rev(a) <> l), tion will have been obtained regarding the structure which is a better result (since it only requires one in- of some of the postulated variables in this new general duction) than that more commonlysuggested by other proof, such as that presented in the final column of methods ofVa Vl len(rev(l) <> a) = len(a <> l) (re- Figure 2. quiring two inductions). Feeding such variable instantiation information back A selection of the theorems proved by these meth- to the original expression U = Wshows that it must ods is listed in Table 1. 7 Note that examples (3)- be of the form: (9) and example (11) involve generalisation apart, else generalisation of commonsubexpressions. In these (~_+ Y) + I¢ = ~_+ (Y + cases both the heuristic of replacing unaltered vari- This gives tile most general generalisation as being ables and the explanation-based generalisation method work fairly straightforwardly. Although the examples Vx Vy Vk (x T y) T k = x -F (y T listed in the table are of a similar simple form, these methods may also be applied to complicated exam- The whole process is really just a term-matching ex- ples containing nested quantifiers, etc., for the w-rule ercise, and has been successfully automated. applies to arbitrary sequents. Example (8) provides The EBG method proposed in this section will suc- an instance of nested use of the w-rule, which carries ceed in the sense that there does exist some general through directly. For example (10), the cut formula proof such that a correct cut formula could be found even(2.x) could possibly be extracted by a user from by EBG(so long as inductive proof by generalisation the form of the general proof, which is an improvement apart, that is, generalisation by means of renaming over other generalisation methods. However, in some some occurrences of the same variable in an expression, cases where an w-proof may be provided, it is not clear is possible). However,it will not necessarily work with any given general proof, nor if generalisation apart is TDefirfitions of the predicates involved maybe found in not appropriate for the example under consideration. [Baker 92a]. From: AAAI Technical Report FS-93-01. Compilation copyright © 1993, AAAI (www.aaai.org). All rights reserved.

w~+s(~) = ~(~+~) (3) w(~+~)+~ = ~+(~+~) (4) vxx+s(~) = s(x)+x (5) w~.(:~ + ~) = ~.~ + ~.~ (6) w(2+~)4-~ = 2+(~+~) (7) w¯ # o ~ p(x)+ ~(~(~)) = ~(~)+ (9) Vz even(x + x) = true (10) Vl(l<>l) <>l = l<> (l<>l) (11) Vl len(rev(l)) = len(l) (12) Yl rotate(len(l),l) = l (13) Yl rev2(l, nil) = rev(l) (14)

Note that induction is blocked for the above expressions, but they may all be proved by the method proposed (namely by using the constructive w-rule) and a correct cut formula produced as appropriate.

Table 1: Some Examples of Theorems Proved

what the cut fornmla might be. to other data-types. Not only is it the case that certain new structural patterns may be seen in the gen- These methods involving manipulation of the general eral proof which may guide generalisation, but also proof should be compared with current generalisa- that the general representation of an arbitrary ob- tion methods. Of these, perhaps the most famous ject of that type (eg. sn(O) for natural numbers, if that implemented by Boyer and Moore in their theorem-prover NQTHM[Boyer ~ Moore 79]. The Xl :: x2 :: ...xm :: nil for lists, etc.) enables the structure of that particular data-type to be exploited, in main heuristic for generalisation is that identical terms the sense that rewrite rules may be used which would occurring on both the left and right side of the equa- not otherwise be applicable. tion are picked for rewriting as a new variable (with certain restrictions). This may be a quick method if Hence a new method for generalisation has been pro- it, happens to work, but may also entail the proofs of posed which is robust enough to capture in many cases many lemmas, which might need to be stored in ad- what the alternative methods can do (in some cases vance in anticipation of such an event in order to be with less work), plus it works on examples on which more efficient. Tile problems inherent in Boyer and they fail. Moore’s approach have led Raymond Aubin to extend their work in this field [Aubin 75]. Aubin’s method is to "guess" a generalisation by generalising occur- 6 A Proof Environmentfor the rences in the definitional argument position, and then Constructive OmegaRule to work through a number of individual cases to see if the guess seems to work. If it does work, he will This section describes the Constructive Omega Rule look for a proof. If it does not, then he will "guess" Environment (CORE), which is a proof development a different generalisation. However, Aubin’s solution environment in which a (constructive) version of the does not work in all cases. In particular, if a construc- w-rule may be used as a rule of inference, and a sys- tor such ms a successor function appears in an origi- tem in which w-proofs may be displayed and investi- nal goal, together with individual variables, Aubin’s gated. The implementation allows both the automatic method may result in over-generalisation or indeed no or incremental construction of w-proofs, and the val- solution at all. The proposed guiding methods pro- idations of descriptions of w-proofs. It is carried out vide a uniform approach and do not have to check within the framework of an interactive theorem-prover extra criteria, nor work through individual examples. with Prolog as the tactic language. Moreover, it is not possible to overgeneralise to a non- theorem (the method is sound but not complete -- it Within CORE,any finitely large number of individual does not always provide a solution, nor necessarily the instances of proofs of a proposition may be generated automatically by the use of various tactics. The gen- best solution possible). eral representation of the proofs is provided by an in- The suggested approaches also apply more generally ductive inference algorithm, which starts with an ini- From: AAAI Technical Report FS-93-01. Compilation copyright © 1993, AAAI (www.aaai.org). All rights reserved.

tial generalisation and then works by updating this merits about objects of the sort could be proved. Thus general proof using the other individual proofs, until it appears that the approach described in this paper the general proof seems to have reached a stable form. may be an aid to automated deduction, and in addi- This general proof is then automatically checked to tion provides a mechanism for guiding proofs in more see if it is indeed the correct one. There are two op- conventional systems. tions which are allowable from a goal F ~- VxP(x). One is to ask to use the constructive w-rule, whereby Acknowledgements the system will check to see whether it can find a correct general proof, and then return to the former sys- I would like to acknowledge the Science and Engineer- tem and close the branch, or else report failure. The ing Research Council for funding the research reported user may then continue to investigate other positions in this paper, the help of Alan Smaill, and many oth- in the prooftree. The other option is to ask for an ers, from the Mathematical Reasoning group in Edin- appropriate cut to be carried out in PA (the cut be- burgh University, plus the Isabelle group in the Cam- ing worked out by the system from the general proof), with a further option to complete the tree as far as bridge Computer Laboratory. possible (using standard theorem-proving techniques). The general proof may be provided automatically, but References there is an option in each case to switch temporarily to another system which will allow for the description, [Aubin 75] R. Aubin. Some generalization manipulation and display of the general proof. The heuris- user may specify the proof incrementally, in terms of tics in proofs by induction. In applications in positions in the tree, plus induction G. Huet and G. Kahn, editors, over a distinguished parameter, or all at once -- and Actes du Colloque Construction: this is checked. The system builds up a recursive func- Amglioration et vdrification de tion description of the general proof, and is able to Programmes. Insti- display individual proofs in addition to the general tut de recherche d’informatique case. A cut formula is automatically suggested from et d’automatique, 1975. general proofs using an implementation based on the [Baker 92a] S. Baker. Aspects of the Con- method of explanation-based generalisation, which is structive Omega Rule within a technique for formulating general concepts on the Automated Deduction. Unpub- basis of specific training examples, first described in lished PhDthesis, University of [Mitchell 82] (see [Baker 92a]). [Baker 921)] provides Edinburgh, 1992. details of the proof development systems upon which the implementation is based; representation of the w- [Baker 92b] S. Baker. COREmanual. Tech- rule and its subgoals; generation of individual proofs; nical Paper 10, Dept. of Ar- the application of rewrite rules; provision of a general tificial Intelligence, Edinburgh, proof; correctness checking of the general proof (using 1992. meta-induction); generalisation, and finally, the inter- [Baker et al 92] S. Baker, A. Ireland, and active system, and how to use it. A. Smaill. On the use of Current. work involves reimplementation of such a sys- the constructive omega rule tem of arithmetic with the w-rule, plus the gener- within automated deduction. In alisation methods, within Isabelle. The latter is a A. Voronkov, editor, Interna- generic proof development environment [Paulson 86] tional Conference on Logic Pro- which provides a sophisticated environment for de- gramming and Automated Rea- velopment of these strategies across many different soning - LPAR 92, St. Peters- datatypes. burg, Lecture Notes in Artificial Intelligence No. 624, pages 214- 225. Springer-Verlag, 1992. 7 Conclusions [Boyer & Moore 79] R.S. Boyer and J.S. Moore. A Computational Logic. Academic In conclusion, implementation of a system of arith- Press, 1979. ACMmonograph metic with the w-rule has been carried out within the series. framework of an interactive theorem-prover with Pro- log as the tactic language. This approach works for [Bundy et al 91] A. Bundy, A. Stevens, F. van theories other than arithmetic and logics other than Harmelen, A. Ireland, and a sequent version of the predicate calculus, and may A. Smaill. Rippling: A heuristic rather be regarded as suggesting a general framework. for guiding inductive proofs. Re- So long as a procedure for constructing a proof for search Paper 567, Dept. of Ar- each individual of a sort is specified, universal state- tificial Intelligence, Edinburgh, From: AAAI Technical Report FS-93-01. Compilation copyright © 1993, AAAI (www.aaai.org). All rights reserved.

1991. To appear in The Journal resolution. In Proceedings of of Artificial Intelligence. ECAI-90, pages 557-562, Stock- holm, August 1990. [Donat & Wallen 88] M.R. Donat and L.A. Wallen. Learning and applying gener- [Schiitte 77] K. Schiitte. Proof Theory. alised solutions using higher or- Springer-Verlag, 1977. der resolution. In E. Lusk and [Schwichtenberg 77] H. Schwichtenberg. Proof the- R. Overbeek, editors, Lecture ory: Some applications of cut- Notes in Computer Science, vol- elimination. In Barwise, ed- ume 310, pages 41-60. Springer- itor, Handbook of Mathemati- Verlag, 1988. cal Logic, pages 867-896. North- [Feferman 62] S. Feferman. Transfinite recur- Holland, 1977. sive progressions of axiomatic [Shoenfield 59] J.R. Shoenfield. On a restricted theories. Journal of Symbolic w-rule. Bull. Acad. Sc. Polon. Logic, 27:259-316, 1962. Sci., Ser. des sc. math., astr. et [Kreisel 65] G. Kreisel. Mathematical logic. phys., 7:405-7, 1959. In T.L. Saaty, editor, Lectures [Takeuti 87] G. Takeuti. Proof theory. North- on Modern Mathematics, vol- Holland, 2 edition, 1987. ume Ill, pages 95-195. John Wi- ley and Sons, 1965. [Tucker et al 90] J.V. Tucker, S.S. Wainer, and J.I. Zucker. Provable com- [L6pez-Escobar 76] E.G.K. L6pez-Escobar. On an putable functions on abstract- extremely restricted data-types. Lecture Notes in w-rule. Fundamenta Mathemat- Computer Science, 443:660-673, icae, 90:159-72, 1976. 1990. [Mitchell 82] T.M. Mitchell. Toward com- [van Harmelen 89] F. van Harmelen. The CLAM bining empirical and analytical proof planner, user manual and methods for inferring heuristics. programmer manual: version Technical Report LCSR-TR-27, 1.4. Technical Paper TP-4, DAI, Laboratory for Computer Sci- 1989. ence Research, Rutgers Univer- sity, 1982. [Yoccoz 89] S. Yoccoz. Constructive aspects of the omega-rule: Application [Nelson 71] G.C. Nelson. A further re- to proof systems in computer stricted w-rule. Colloquium science and algorithmic logic. Mathematicum, 23, 1971. Lecture Notes in Computer Sci- [Paulson 86] L. Paulson. Natural deduc- ence, 379:553-565, 1989. tion as higher order resolution. Journal of Logic Programming, 3:237-258, 1986. [Plotkin 69] G. Plotkin. A note on inductive generalization. In D Michie and B Meltzer, editors, Machine In- telligence 5, pages 153-164. Ed- inburgh University Press, 1969. [Prawitz 71] D. Prawitz. Ideas and results in proof theory. In J.E. Fen- stad, editor, Studies in Logic and the Foundations of Mathe- matics: Proceedings of the Sec- ond Scandinavian Logic Sympo- sium, volume 63, pages 235-307. North Holland, 1971. [Rosser 37] B. Rosser. GSdel-theorems for non-constructive logics. JSL, 2(3):129-137, September 1937. [Rouveirol 90] C. Rouveirol. Saturation: Post- poning choices when inverting