Imogen: Focusing the Polarized Inverse Method for Intuitionistic Propositional Logic

. In this paper we describe Imogen, a theorem prover for intuitionistic propositional logic using the focused inverse method. We represent ﬁne-grained control of the search behavior by polarizing the input formula. In manipulating the polarity of atoms and subformulas, we can often improve the search time by several orders of magnitude. We tested our method against seven other systems on the propositional fragment of the ILTP library. We found that our prover out-performs all other provers on a substantial subset of the library.


Introduction
Imogen is a theorem prover for intuitionistic propositional logic (IPL) based on a focused inverse method with explicit polarities.The inverse method [15,7] uses forward saturation, generalizing resolution to non-classical logics.Focusing [1,14] reduces the search space in a sequent calculus by restricting the application of inference rules based on the polarities of the connectives and atomic formulas.One of the novel aspects of Imogen is that it exploits inherent flexibility in the assignment of polarities to subformulas to optimize proof search.Different assignments of polarities can yield dramatically different performance.
Raths and Otten [18] compare seven systems on the ILTP library [19], a collection of challenge problems for intuitionistic logic provers.In contrast to Imogen, all these use backward search.Five implement variations of the tableau method, and the other two directly employ a sequent calculus.This difference in basic approach is reflected in a unique performance profile.Imogen clearly outperforms the other provers on an interesting subset of the benchmark problems, with a tendency to do better on nontheorems.Some problems that appear difficult for backward search are solved almost instantaneously by Imogen, and vice versa.We therefore consider Imogen an interesting and viable alternative for intuitionistic theorem proving.
In this system description we give an overview of the basic principles underlying Imogen, its implementation, and analyze its performance compared to other provers for IPL.The theoretical foundations for Imogen are mostly contained in published papers cited in this description; we therefore do not explicitly state or prove any metatheorems.The source code for Imogen is available at http://www.cs.cmu.edu/∼ seanmcl/Imogen.
In this section we sketch the main principles underlying Imogen and their interaction: focusing, polarization, and the inverse method.

Focusing
Focusing is a method to restrict the space of possible proofs in a cut-free sequent calculus without affecting provability.It was originally developed for backward search in classical linear logic [1], but has been applied to other non-classical logics [11,14] as well as forward search [5].
Focusing is based on two observations about the properties of connectives.The first is that certain connectives can always be eagerly decomposed during backward proof search without losing completeness.For example, the goal of proving A ⊃ B can always be decomposed to proving B under additional assumption A. Such connectives are said to have negative polarity.As long as the top-level connective stays negative, we can continue the decomposition eagerly without considering any other possibilities.In contrast, for a formula such as A ∨ B, we have to make a choice whether to try to prove A or B. Such connectives are said to have positive polarity.Surprisingly, as long as the top-level connective stays positive, we can continue the decomposition eagerly, making a choice at each step.Moreover, we can arbitrarily assign positive or negative polarity to atomic formulas and restrict the use of atoms in initial sequents.
Proofs that satisfy all three restrictions are called focused.Imogen restricts its forward search to focused proofs, in a manner explained in the next two sections, drastically reducing its search space when compared to the usual sequent calculus.

Polarized Formulas
In linear logic, the polarity of each connective is uniquely determined.This is not true for intuitionistic logic where conjunction and truth are inherently ambiguous.We therefore assign polarities to formulas in a preprocessing phase.It is convenient to represent the result as a polarized formula [12] where immediately nested formulas always have the same polarity, unless an explicit polarity-shifting connective ↑ or ↓ is encountered.These coercions are called shifts.
In order to avoid confusion with input formulas, we borrow the notation for polarized formulas from linear logic.The reader should keep in mind that their interpretation here is not linear.Implication has slightly special status, in that its left-hand side has opposite polarity from its right-hand side.This is because in the sequent calculus for intuitionistic logic, the focusing behavior of connectives on the left-hand side is the opposite of their behavior on the right-hand side.
Positive formulas A + :: The translation A − of an (unpolarized) formula F in IPL is nondeterministic, subject only to the constraint that its erasure |A − | = F .
For example, the formula ((A∨C)∧(B ⊃ C)) ⊃ (A ⊃ B) ⊃ C can be interpreted as the following polarized formulas (among others): Shift operators have highest binding precedence in our presentation of the examples.As we will see, the choice of translation determines the search behavior on the resulting polarized formula.Different choices can lead to search spaces with radically different structure [6].

From Focused Proofs to Big-Step Inferences
A sequent of intuitionistic logic has the form Γ =⇒ A, where Γ is a set or multiset of formulas.For purposes of Imogen it is convenient to always maintain Γ as a set, without duplicates.Since we can always eagerly decompose negative connectives on the right of a sequent and positive connectives on the left, the only sequents in polarized logic we need to consider have negative formulas on the left or positive formulas on the right, in addition to atoms which can appear with either polarity on either side.The righthand side could also be empty if we are deriving a contradiction.We call such sequents stable.
Stable Hypotheses Γ :: We exploit focusing on polarized formulas to derive big-step rules that go from stable sequents as premises to stable sequents as conclusions.Completeness of focusing tells us that these derived rules, by themselves, are sufficient to prove all valid stable sequents.Rather than formally specify this rule generation (see, for example, Andreoli [2] for the linear case), we only illustrate the process, continuing with the example above.
The overall goal is always translated to a negative formula, which we break down to a set of stable sequents by applying invertible rules.Here we obtain We search for proofs of these two stable sequents independently.For each stable sequent, we focus on each constituent formula in turn, and decompose it until we reach all stable sequents as premises.Each possibility yields a new big-step inference rule.We continue to analyze its premises recursively in the same manner.As an example, we show the process for the first goal above.Focusing on A yields the initial sequent A =⇒ A. Focusing on ↓B C and ↓A B yield the big-step rules

The Inverse Method with Big-Step Rules
The usual (small-step) inverse method applies sequent calculus rules in the forward direction so that each derived formula is a subformula of the original goal.The subformula property is already built into the generation of the rules, so all we need to do now is to apply the big-step rules to saturation in the forward direction.To start the process, each derived rule with no premises is considered as an initial sequent.
To prove the first stable sequent in our example, we begin with the initial sequent A =⇒ A. We only have two inference rules, of which only the second applies.The application of this rule derives the new fact A, ↓A B =⇒ B. Once again, we have only one choice: applying the first rule to this new sequent.The application yields A, ↓A B, ↓B C =⇒ C which is our goal.In general, forward inference may only generate a strengthened form of the goal sequent, so we need check if any derived sequents subsume the goal.Γ =⇒ γ subsumes Γ =⇒ γ if Γ ⊆ Γ and γ ⊆ γ .The inference process saturates if any new sequent we can derive is already subsumed by a previously derived sequent.If none of these subsume the goal sequent, the goal is not provable and we explicitly fail.In this case, the saturated database may be considered a kind of countermodel for the goal sequent.If the goal sequent is found, Imogen can reconstruct a natural deduction proof term as a witness to the formula's validity.

Optimizations and Heuristics
A problem with focusing becomes apparent when considering formulas such as Focusing on F on the right will produce 2 n inference rules.Inverting F on the left will produce a single rule with 2 n premises.To avoid exponential behavior such as this, we can change the polarities of the subformulas by adding double shifts, ↓↑ and ↑↓: The double shifts break the focusing and inversion phases respectively, leading to a linear number of rules and premises at the expense of an increased number of inverse method deductions.In the extreme, if we insert double shifts before every subformula, we can emulate the inverse method for the ordinary sequent calculus.Imogen currently uses a simple heuristic to insert double shifts for avoiding an exponential explosion.
Formulas which appear in a stable goal sequent will appear in every sequent which backward search could construct and are therefore redundant.We omit such global assumptions from all sequents.Another helpful optimization is backward subsumption.When a new sequent is derived, we remove all sequents that it subsumes from the database.These effects are quantified in section 5.

Inference Engine
Imogen's saturation algorithm is based on the Otter loop [16].It maintains Otter's two distinct databases for active sequents 1 , those sequents that have had all inference rules applied to them, and kept sequents that have not yet been considered for inferences.New rules are generated when a multiple premise rule is matched against an active sequent.This method of matching multi-premise rules incrementally is called partially applied rule generation.
The algorithm proceeds as follows.It first polarizes the input formula and runs an initial stabilization pass to determine the stable sequents to prove.The initial sequents and derived rules are then generated using focusing.As an optimization, all non-atomic subformulas are given unique labels.This allows fast formula comparison.The final step before search is to initialize the kept sequent database with the initial sequents.
At this stage, Imogen begins the forward search.It selects a kept sequent based on some fair strategy.The sequent is matched against the first premise of all current rules.The matching process will produce new sequents that are put into the kept database, as well as new partially applied rules.The new rules are recursively matched against the active database, and the resulting sequents are put into the kept database.This process repeats until either the kept database becomes empty, in which case the search space is saturated and the formula is invalid, or until the goal sequent is subsumed by a derived sequent.

Evaluation
We evaluated our prover on the propositional fragment of the ILTP [19] library of problems for intuitionistic theorem provers.The 274 problems are divided into 12 families of difficult problems such as the pigeonhole principle, labeled SYJ201 to SYJ212.For each family, there are 20 instances of increasing size.There are also 34 miscellaneous problems.The provers that are currently evaluated are ft-C [20], ft-Prolog [20], LJT [8], PITP [3], PITPINV [3], and STRIP [13].These provers represent a number of different methods of theorem proving in IPL, yet forward reasoning is conspicuously absent.Imogen solved 255 of the problems.PITPINV was the only prover to solve more.The table uses the notation of [18].All times are in seconds.The entries "stack", "mem", "large", and "alloc" indicate that the prover process ran out of memory.">600" indicates that the prover was unable to solve the problem within the ten minute time limit.A negative number indicates the time to ascertain that a formula is not valid.All statistics except for those of Imogen were executed on a 3.4 GHz Xeon processor running Linux [18].The Imogen statistics are a 2.4 GHz Intel Core 2 Duo on Mac OS X.Thus the Imogen statistics are conservative.In analyzing the table, notice that Imogen has no difficulty with SYJ209 and SYJ211, which are difficult for the other provers, but has far greater difficulty with SYJ201, which is trivial for most of the backwards methods.
To elucidate the effects of various internal features and optimizations, the following tables compare Imogen to itself with different optimization strategies and heuristics.

Conclusion
The most closely related system to Imogen is Linprover [4], which is an inverse method prover for intuitionistic linear logic exploiting focusing, but not polarization.We do not explicitly compare our results to Linprover, which incurs additional overhead due to the necessary maintenance of linearity constraints.We are also aware of two provers for first-order intuitionistic logic based on the inverse method, Gandalf [21] and Sandstorm [9], both of which partially exploit focusing.We do not compare Imogen to these either, since they incur substantial overhead due to unification, contraction, and more complex subsumption.
Imogen could be in a number of ways.Selecting sequents from the kept database for rule application could be improved by a more intelligent ordering of formulas.Better heuristics for assigning polarities to subformulas, especially atoms, seem to offer the biggest source of performance gains.Experimenting with double shifts and atom polarities by hand greatly increased performance, but as yet we have no sophisticated methods for determining more optimal assignments of polarities.
We implemented Imogen with the eventual goal to generalize the system to firstorder intuitionistic logic and logical frameworks and were somewhat surprised that even a relatively straightforward implementation in a high-level language is not only competitive with previous provers based on backward search, but clearly better on a significant portion of accepted benchmark problems.We plan to begin experiments using the polarized inverse method for LF [10] and M2, the metalogic of Twelf [17].
One of Imogen's strengths is its ability to do redundancy elimination.The databases can grow large, making deriving further inferences slower.Yet when a strong sequent is derived, it is not uncommon for half or more of the database to be subsumed and eliminated with backward subsumption, thus allowing Imogen to continue making deductions at a much higher rate.We believe that this will be important in solving difficult problems in more complex logics.
Our experience with Imogen, in addition to the evidence provided by the provers cited above, adds strength to our thesis that the polarized inverse method works well on non-classical logics of different kinds.
Some illustrative examples of difficult problems are shown in the following table: