Quantified Propositional Logspace Reasoning

Quan tified Prop ositional Logspace Reasoning Stev en P erron No ve mber 20, 2018 Abstract In this p ap er, w e develop a quantified prop os itional proof systems that corresponds to logarithmic-space reasoning. W e begin by defining a class Σ C N F (2) of quan tified form ulas that ca n b e ev aluated in log space. Then our new proof system GL ∗ is d e fi ned as G ∗ 1 with cuts restricted to Σ C N F (2) formulas and no cu t form ula that is not q uan tifier free contai ns a free v ariable that d o es not appear in the final formula . T o show that GL ∗ is strong enough to capture log space reason- ing, w e translate theorems of V L into a famil y of tautologies that ha ve p o ly nomi al-size GL ∗ proofs. V L is a theory of boun ded arithmetic that is known to correspond to logarithmic-space reasoning. T o d o the trans- lation, we find an appropriate axiomatization of V L , and put V L pro ofs into a new normal form. T o show that GL ∗ is not to o strong, w e p ro ve th e soundn es s of GL ∗ in such a wa y that it can be formalized in V L . This is done by giving a logarithmic-space algorithm that witnesses GL ∗ proofs. 1 In tro duction Recently there has b een a significan t amoun t of researc h looking into the connection betw een computational complexit y , boun ded arithmetic, and prop o sitional pro of complexity . A recent survey on this topic can b e found at [6]. The idea is that there is a hierarch y of complexity classes AC 0 ( T C 0 ⊆ N C 1 ⊆ L ⊆ N L ⊆ P. The first class is the set of problems that can b e solved by uniform, p o ly nomi al-size, constan t depth circuits. This class is imp or tant b e cause it can b e sho wn th a t P ARITY cann o t be solved in A C 0 . In fact, problems that inv olve coun ting cann ot be solv ed in AC 0 . The second class is T C 0 . This set of problems is the same as AC 0 except that T C 0 circuits can use counting gates. The class N C 1 is the set of problems that can b e solv ed using p olynomial-size, logarithmic-depth circuits. This class can b e thought of as the set of problems th at can b e solved very quickly when w ork is done in parallel. Eva luating b oolean form u l as is complete for this class. The clas s L is th e set of problems that can b e solv ed in logarithmic space on a T uring mac hine. The class N L is the set of problems that can 1 b e solved in logarithmic space on a non-d e t e rmin istic T uring mac h in e . The reachabilit y problem for d irected graphs is complete for this class. The sequence finishes with P , the set of problems that can be solv ed in p olynomial time on a deterministic T uring machine. Except for the first inclusion, is it unk now n if any of these inclusions are prop er. Eac h of these complexity classes has a corresponding th eory of arith- metic: V 0 , V T C 0 , V N C 1 , V L, V N L, and T V 0 , resp ectively . Eac h of these theories can prov e th at the functions in their corresp onding complexit y class are total. As a consequence, any information w e can obtain about the th eory tells us something ab out the complexity class and vice versa. There is also a connection with propositional pro of complexity . Some of the theories mentio n ed abov e hav e a corresp onding prop ositional proof system. As b efore, information ab out the p roof systems tells u s ab out the corresp onding th eory and complexity class. In this pap er, w e ex plore the pro of systems. The goal is to try t o understand ho w t he strength of a pro of system is affected by differen t restrictions. Our focus will b e on quantified prop ositional proof systems, b ut, to ex- plain our metho d, we will use quan tifier- free propositional p roof systems. Start with a F rege pro of system, sometimes called Hilb ert Style Sy stems. These systems are describ ed in standard logic text b o oks. A F rege pro of is a series of prop ositional formulas where eac h formula is an axiom or can be inferred from previous form ulas using one of the rules of inference. There are tw o common w a y s of restricting this proof system. The fi rst is to restrict all of the formulas in the pro of. F or ex ample, one d efinition of b ounded-d epth F rege is to restric t every formula in the pro of to form ulas with a constant depth. This work ed, but, if a pro of system is defined this w ay , th en there are formulas that cannot b e pro ved simply b ecause they are not allo wed to app ear in the proof. F or example, bounded -depth F rege with form u las of depth d cann ot prov e an y form ula of depth d + 1 . The other metho d is to restrict the formulas on which certain rules can b e applied. This solv es th e problem of th e first metho d and led to other definitions of bou n ded-dept h F rege. In this paper, we will look at restricting the cu t ru le in the tree-lik e sequent calculus for quantified prop ositional form u las. This systems is known as G ∗ . The cut rule derives Γ − → ∆ from A, Γ − → ∆ and Γ − → ∆ , A . In G ∗ , A can b e any qu antified prop ositional formulas. The pro of system G ∗ 0 is defined b y restricting A to quantifier-free form u las. I f we are giv en a G ∗ 0 proof of a Σ q 1 form ula ( ∃ ~ z B ( ~ z ), where B is quantifier-free), then w e can find a witness for existentia l quantifiers in this form ula in uniform N C 1 ; moreo ver, this problem is complete for this class. The complexity class N C 1 is t he set of problems that can b e solved by p olynomial-size, logarithmic-depth circuits with fan-in 2. T h e interesting observ ation is that ev aluating q uantifier-free fo rmulas is also complete for N C 1 . It is also p ossible t o conn ect G ∗ 0 to N C 1 indirectly through b ounded arithmetic. There is a th eory of arithmetic V N C 1 that is k now n to corresp ond to N C 1 reasoning. Giv en a V N C 1 proof of a bounded form u la it is p ossible to translate the pro of in to a family of p olynomial-size G ∗ 0 proofs. This tells us that the reasoning pow er of G ∗ 0 is at least as strong as that of V N C 1 [5]. In th e other direction, V N C 1 can prov e that G ∗ 0 is sound when pro v ing Σ q 1 form ulas. This means that, when pro v ing Σ q 1 form ulas, 2 the reasoning p ow er of G ∗ 0 is not stronger than that of V N C 1 . So w e sa y that G ∗ 0 corresponds to N C 1 reasoning. As w ell, if w e restrict cut form ulas to constan t- d epth, quantifier-free form ulas, w e get a pro of system that corresponds to AC 0 reasoning. The complexity class AC 0 is the set of problems th at can b e solv ed by p olynomial-size, constan t- depth circuits with u nbounded fan-in. Again, ev aluating constant-depth form ulas is complete for AC 0 . W e should note w e are t alking ab out th e pro ofs of quantifier-free form ulas. This giv es us tw o proof systems whose reasoning pow er is the same as the complexity of ev aluating t heir cut form ulas. This raises the question of whether or not this h olds in general. The quick answe r is no. A counter- example is G ∗ 1 . Ev aluating Σ q 1 form ulas is complete for N P , but th e Σ q 1 witnessing problem for G ∗ 1 is complete for P [8 ]. An other counter-example is GP V ∗ , where cut formulas are quantifier-free or form u las of the form ∃ x [ x ↔ A ], where A is a qu antifier-free formula that do es n ot mention x . Ev aluating a cut formula for GP V ∗ is complete for N C 1 , but th e witnessing problem is complete for P [14]. In this p ap er, we define a new proof system GL ∗ that corresp onds to L reaso n ing. The complexit y class L is the set of problems t hat can b e solv ed on a T uring Mac hine with a read-only input tap e and a w ork tape where the space used on the w ork t ap e is proportional to t he logarithm of th e size of th e input. Our pro of system GL ∗ is defined b y restricting cuts to Σ C N F (2) formulas, a set of form u las for whic h the ev aluation problem is complete for L . How ever, t hat is not enough. W e also restrict the free v ariables that app ear in cut formulas with q u antifiers to v ariables that app ear free in the fi nal sequent. W e then pro ve this pro of system corresponds to L reasoning by connecting it with a theory of arithmetic that is k nown to correspond to L reasoning. This defi nition is meant to demonstrate that th e strength of a pro of system is not related to the diffi- culty of ev aluating a single cu t fo rmula in t h e pro of, but to the complexity of witnessing the eigenv ariables in the p roof. In Section 2, we giv e definitions of the imp ortant concepts. In partic- ular, w e defin e t wo-sorted compu tational complexit y and b ound ed arith- metic. As we ll, we define the stand ard pro of systems and explain the connection b etw een pro of systems and theories of b ounded arithmetic in more detail. In Section 3, w e define GL ∗ . This includes the definition of the Σ C N F (2) formulas. In Section 4, w e change the theory V L and prov e a n ormal-form that is necessary fo r our results. This is the most tec hnical section in th e paper. In Section 5, w e prove the translation theorem. In Section 6, we pro ve that GL ∗ is sound in the th eory . This includ es an algorithm to ev aluate Σ C N F ( 2) formulas in L . This p ap er is an exp anded version of the author’s earlier pap er [13]. 2 Basic Definitions A n d Notation 2.1 Tw o-Sorted Computational Complexit y In this paper, we use tw o-sorted computational complexit y . The tw o sorts are numbers and binary strings (ak a finite sets). The num b ers are intended 3 to range ov er the natural num b ers and will b e denoted by lo wer-case letters. F or examp le, i , j , x , y , and z will often b e used for num b er v ariables; r , s , and t will b e u sed for num b er terms; and f , g and h will b e used for functions that return numbers. The strings are intended to b e fin ite strings ov er { 0 , 1 } with leading 0 remov ed. Since th e strings are finite, they can be though t of as sets where the i th bit is 1 if i is in the set. The strings will b e denoted by upp er- case letters. The letters X , Y , and Z will often b e used for string v ariables. W e focus on the complexit y class L . Let R ( ~ x, ~ X ) b e a relation. If w e are goi ng to sol ve this relation on a T u ring Machine M , then the input t o M will b e ~ x in unary and ~ X as a series of binary strings. So the size of the input is ~ x + | ~ X | . W e sa y R is in L if R can b e decided by a tw o-tap e T uring Mac hin e such that one tap e is a read-only input tap e, and less than O (log ( ~ x + | ~ X | )) squares are visited on t he other tape. F or functions, we sa y a num b er function f ( ~ x, ~ X ) is in F L if there is a p olynomial p suc h that f ( ~ x, ~ X ) < p ( ~ x, | ~ X | ), and the relation f ( ~ x, ~ X ) = y is in L . A string function F ( ~ x, ~ X ) is in F L if the size of F ( ~ x, ~ X ) is b ounded by a p olynomial an d if the relation R ( i, ~ x, ~ X ) ↔ the i th bit of F ( ~ x, ~ X ) is 1 is in L . This is eq u iv alent to d efining F L using a three-tap e T uring Mac hine with a write-only outpu t tap e. 2.2 Tw o-Sorted B ounded Arithmetic Besides t wo-sorted computational complexity , we also u se the tw o-sorted b ounded arithmetic. The sorts are th e same. This notation was base on the work of Zambella in [15 ], but we follo w the presentation of Cook and Nguyen from [4, 6]. The base language is L 2 A = { 0 , 1 , + , × , <, = , = 2 , ∈ , ||} . The constan t s 0 and 1 are num b er constants. The functions + and × take tw o num b ers as inp ut and return a number–the intended meanings are the obvio u s ones. The language also includes tw o binary predicates that take tw o numbers: < and = . The pred icate = 2 is meant to b e equality b etw een strings, instead of numbers. I n practice, the 2 will not b e written because whic h eq ualit y is mean t is ob v ious from the context. The membership pred icate ∈ takes a number i and a string X . It is meant to b e tru e if the i th bit of X is 1 (or i is in the set X ). This will also b e written as X ( i ). The fi nal function | X | takes a string as inpu t and returns a number. I t is intended to b e the number of bits needed to write X when leading zeros are remov ed (or the least upp er bou n d of the set X ). The set of axioms 2BASIC is the set of defining axioms for L 2 A . 4 B 1. x + 1 6 = 0 B 7. x ≤ x + y B 2. x + 1 = y + 1 ⊃ x = y B 8. ( x ≤ y ∧ y ≤ x ) ⊃ x = y B 3. x + 0 = x B 9. 0 ≤ x B 4. x + ( y + 1) = ( x + y ) + 1 B 10. x ≤ y ∨ y ≤ x B 5. x × 0 = 0 B 11. x ≤ y ↔ x < y + 1 B 6. x × ( y + 1) = ( x × y ) + x B 12. x 6 = 0 ⊃ ∃ y ≤ x ( y + 1 = x ) L 1. X ( y ) ⊃ y < | X | L 2. y + 1 = | X | ⊃ X ( y ) S E . X = Y ↔ [ | X | = | Y | ∧ ∀ i < | X | ( X ( i ) ↔ Y ( i ))] W e use ∃ X < b φ as shorthan d for ∃ X [( | X | < b ) ∧ φ ]. The shorthand ∀ X < b φ means ∀ X [( | X | < b ) ⊃ φ ]. The set Σ B 0 = Π B 0 is the set of formulas whose only q uantifiers are b ound ed n umber quan t ifi ers. F or i > 0, t h e set Σ B i is the set of form u las of the form ∃ ~ X < ~ tφ where φ is a Π B i − 1 form ula. F or i > 0, the set Π B i is the set of formulas of t h e form ∀ ~ X < ~ tφ where φ is a Σ B i − 1 form ula. Now w e can define tw o imp ortant axiom schemes: Φ-COMP: ∃ X ≤ b ∀ i < b [ X ( i ) ↔ φ ( i )] , Φ-IND: [ φ (0) ∧ ∀ x < b [ φ ( x ) ⊃ φ ( x + 1)]] ⊃ φ ( b ) where Φ is a set of fo rmula and φ ( i ) ∈ Φ, and, for Σ B i -COMP , φ do es n ot conta in X , but may contain other free v ariables. W e can now define the base theory . Definition 2.1. The th eory V 0 is axiomatized by the 2BASIC axioms plus Σ B 0 -COMP . It is p ossible t o sho w that V 0 prov es Σ B 0 -IND (Corollary [6]). This theory is typicall y view ed at the theory that corresp onds to AC 0 reason- ing. F rom time to time, we will use functions symbols that are not in L 2 A . The first is X ( i, j ) ≡ X ( h i, j i ), where h i, j i = ( i + j )( i + j + 1) + 2 j is the pairing function. It can be thou ght of as a tw o dimensional arra y of bits. The second is the row function. The notation we use is X [ i ] . This functions returns the i th row of the t wo dimensional array X . In th e same w ay , we can also describe three dimensional arrays. W e also wa nt to pair string. So if X = h Y 1 , Y 2 i , then X [0] = Y 1 and X [1] = Y 2 . Note th at, if w e add these functions with their Σ B 0 defining axioms to any theory T extending V 0 , we get a conserv ative ext ension. They can also be used in the in duction axioms [4]. This means that, if there is a T pro of of a form ula that uses these functions, there is a T pro of of the same form ula that d oes not use t h ese functions. T o get a theory that corresponds to L reasoning, w e add an axiom th at sa y s there is an output to a function t hat is complete for L with resp ect to AC 0 reductions. This is a sp ecific example of the method u sed in [4] to construct a theory for a giv en complexity class. The theory we defin e is Σ B 0 -rec from [16 ], but w e will call it V L . The complete function w e use is: Given a graph with edge relation φ ( i, j ) and n o des { 0 , . . . , a } , where every vertex in the graph has out-degree at least 1, find a path of length b . This is expressed using the Σ B 0 -rec axiom: ∀ x ≤ a ∃ y ≤ a φ ( x, y ) ⊃ ∃ Z , ∀ w ≤ b φ ( f ( a, w, Z ) , f ( a, w + 1 , Z )) (Σ B 0 -rec) 5 where f ( a, w, Z ) = min x ( Z ( w , x ) ∨ x = a ) and φ is a Σ B 0 form ula. The idea is that t h e function f ( a, w , Z ) extracts t he w th node in the path that Z encodes. Definition 2.2. The th eory V L is the theory axiomatized by V 0 plus Σ B 0 -rec. The Σ B 0 -rec axiom has the disadva ntage that th e path can start at an y nod e. How ever, as Zam b ella p ointed out in [16], to is p ossible to pro ve that th ere is a path of length b starting at a particular no de a . Lemma 2.3. Le t E b e the e dge r el ation for a dir e cte d gr aph on the no des { 0 , . . . , n − 1 } . Then for al l a < n and b , V L pr oves, if ∀ i < n ∃ j < n E ( i, j ) , then ther e i s a p ath of length b starting at no de a . Pr o of. Defin e φ ( h w , i i , h w ′ , j i ) as φ ( h w , i i , h w ′ , j i ) ≡ ( w ′ = w +1 mod b +1) ∧ ( w ′ 6 = 0 ⊃ E ( i, j ) ) ∧ ( w ′ = 0 ⊃ j = a ) . T ake a path of length 2 b in th e gra p h of φ . At some p oint in the fi rst half of that path, the path passes through t h e no de h 0 , a i . Starting from there w e can extract a path of length b in E that starts at no de a . 2.3 A Univ ersal Theory F or L Reasoning Another wa y to get a theory for L is to defin e a u n iversa l theory with a language that con tains a fun ction symbol fo r every fun ct ion in F L . Then, w e get a theory for L by taking the defining axioms for these functions. This is t h e idea b ehind other u niversal theories lik e P V and V 0 . In our case, we chara ct erize the F L fun ctions using Lind’s c haracterization [10] adjusted for the tw o-sort setting. In the next defin ition, w e d efine the set of function symbols in L F L and give their intended meaning. Definition 2.4. The language L F L is the smallest language satisfying 1. L 2 A ∪ { pd, min } is a subset of L F L and ha ve defining axioms 2BASI C, and the axioms pd (0) = 0 (2.1) pd ( x + 1) = x (2.2) min ( x, y ) = z ↔ ( z = x ∧ x ≤ y ) ∨ ( z = y ∧ y ≤ x ) (2.3) 2. F or every op en form u la α ( i, ~ x, ~ X ) ov er L F L and term t ( ~ x, ~ X ) ov er L 2 A , there is a string function F α,t in L F L with bit defining axiom F α,t ( ~ x, ~ X )( i ) ↔ i < t ( ~ x, ~ X ) ∧ α ( i, ~ x, ~ X ) (2.4) 3. F or every op en form ula α ( z , ~ x, ~ X ) ov er L F L and t erm t ( ~ x, ~ X ) ov er L 2 A , there is a number function f α,t in L F L with defin ing axioms f α,t ( ~ x, ~ X ) ≤ t ( ~ x, ~ X ) (2.5) z < t ( ~ x, ~ X ) ∧ α ( z , ~ x, ~ X ) ⊃ α ( f α,t ( ~ x, ~ X ) , ~ x, ~ X ) (2.6) z < f α,t ( ~ x, ~ X ) ⊃ ¬ α ( z , ~ x, ~ X ) (2.7) 6 4. F or all number functions g ( ~ x, ~ X ) and h ( p, y , ~ x, ~ X ) in L F L and term t ( y , ~ x, ~ X ) ov er L 2 A , there is a number function f g,h,t ( y , ~ x, ~ X ) with defining axioms f g,h,t (0 , ~ x, ~ X ) = min( g ( ~ x, ~ X ) , t ( ~ x, ~ X )) (2.8) f g,h,t ( y + 1 , ~ x , ~ X ) = min( h ( f ( y , ~ x , ~ X , y , ~ x, ~ X )) , t ( ~ x, ~ X )) (2.9) The last sc h eme is called p -b oun d ed num b er recursion. The p -b ound ed num b er recursion is equ iv alent to the l og -b oun ded string recursion giv en in [10]. The other schemes come from the defin ition of L F AC 0 in [4]. It is not difficult to see every function in L F L is in F L . The only p oint we should note is that the intermedia t e va lues in the recursion are b ounded b y a polynomial in the size of the inpu t . This means, if we store intermedia t e v alues in binary , the space used is b ound ed b y the log of the size of th e input. So the recursion can b e simulated in L . T o show that every F L function has a corresponding function symbol in L F L , n ote that the p -b ounded n umb er recursion can b e used t o tra verse a graph where every node has out-d egree at most one. Definition 2.5. V L is the theory o ver the language L F L with B1-B11, SE, plus 2.1 ; 2.2; 2.3; axiom 2.4 for each string function F α,t in L F L ; axioms 2.5, 2.6 , and 2.7 for each num b er function f α,t in L F L ; and axioms 2.8 and 2.9 for eac h number function f g,h,t in L F L . An open ( L ) form ula is a formula o ver the language L that do es not hav e any quantifiers. The imp ortan t part of this theory is that it really is a universal version of V L . Theorem 2.6. V L is a c onservative extension of V L . Pr o of. First to prove that V L is an extension of V L . All that is required is to prov e th e Σ B 0 -COMP and Σ B 0 -rec axioms . T o prove Σ B 0 -COMP , note that eve ry Σ B 0 form ula φ is equiva lent to an op en form ula φ ′ . F or example, V L ⊢ ∃ z < bψ ( z , ~ x, ~ X ) ↔ ψ ( f ψ ,b ( ~ x, ~ X ) , ~ x, ~ X ) when ψ is an op en form ula. Then the function F φ ′ ,t is the witness for ∃ Z ≤ t ∀ i < t [ Z ( i ) ↔ φ ( i )] . T o prov e the Σ B 0 -rec axiom, we can define a function f ( i, a, E ) that re- turns the i th nod e in the p ath the axiom sa ys ex ists. The function f can b e defin ed using p -b ounded num b er recursion. F rom there, a function witnessing the Σ B 0 -rec axiom can b e defi ned. T o p rov e that th e extension is conserv ative, w e sho w how to take an y mod el M of V L and find an expansion t hat is a model of V L . The idea is to exp and th e mo del one function at a time. W e can order the functions in L F L such that eac h function is defined in terms of the previous f u nctions. Let L i b e the language L 2 A plus th e first i functions in L F L . Let M i b e the model obtained by exp anding M to the functions in L i . W e will show that the mo del M ∞ = S M i is a mo del V L . A simi lar p ro of can be found in Chapter 9 of [6 ] and we will not repeat it here. 7 2.4 Quan tified P r op ositional Calculus W e are also interested in qu antified prop ositional pro of sy stems. The proof systems w e use we re originally defined in [9], and then they were redefined in [5, 11], which is t he p resentation we follo w. The set of connectives are {∧ , ∨ , ¬ , ∃ , ∀ , ⊤ , ⊥} , where ⊤ and ⊥ are constants for t rue and false, respectively . F ormulas are built using these connectives in th e u su al wa y . W e will often refer to form ulas by the num b er of quantifier alternatio n s. Definition 2.7. The set of form ulas Σ q 0 = Π q 0 is the set of quantifier-free prop ositional form u las. F or i > 0, the set of Σ q i (Π q i ) form ulas is the smallest set of form ulas that contains Π q i − 1 (Σ q i − 1 ) and is closed und er ∧ , ∨ , existential ( universal) quantification, and if A ∈ Π q i ( A ∈ Σ q i ) then ¬ A ∈ Σ q i ( ¬ A ∈ Π q i ). The fi rst pro of sy stem, from which all others will be defined, is the proof system G . This p roof system is a sequent calculus based on Gentzen’s system LK . The system G is essenti ally the DA G-like, propositional ver- sion of LK . W e will not giv e all of the rules, but wil l mention a few of sp ecial interest. The cut rule is A, Γ − → ∆ Γ − → ∆ , A cut Γ − → ∆ In this ru le, we call A the cut form ula. There are also four rules that introduce q uantifiers: A ( x ) , Γ − → ∆ ∃ -left ∃ z A ( z ) , Γ − → ∆ Γ − → ∆ , A ( B ) ∃ -right Γ − → ∆ , ∃ z A ( z ) Γ − → ∆ , A ( x ) ∀ -left Γ − → ∆ , ∀ z A ( z ) A ( B ) , Γ − → ∆ ∀ -right ∀ z A ( z ) , Γ − → ∆ These ru les h av e cond itions on them. In ∃ -left and ∀ -righ t, the v ariable x must not app ear in th e bottom sequen t. In t hese rules, x is called the eigen va riable. In the other tw o rules, the formula B must b e a Σ q 0 form ula, and n o v ariable that app ears free in B can b e b ound in A ( x ). The initial sequents of G are sequ ents of th e form − → ⊤ , ⊥ − → , or x − → x , where x is any prop ositional va riable. A G pro of is a series of sequ ents suc h t h at each sequen t is either an initial sequent or can b e derived from prev ious sequents using one of the rules of in ference. The proof system G i is G with cut formulas restricted to Σ q i form ulas. W e define G ∗ as the treelik e version of G . So, a G ∗ proof is a G proof where each sequent in used as an upp er sequen t in an inference at most once. A G ∗ i proof is a G ∗ proof in which cu t form ulas are prenex Σ q i . In [11], it was sho wn that, for treelike proofs, it did not matter if the cut form ulas in G ∗ i w ere prenex or not. So when we construct G ∗ i proofs, the cut formulas will not alw ays b e p renex, b u t that d o es not matter. T o make pro ofs simpler, we assume that al l treelik e pro ofs are in fr e e- variable normal form . 8 Definition 2.8. A parameter v ariable f or a G ∗ i proof π is a vari able that app ears free in the fin al sequ ent of π . A proof π is in fr e e-variable normal form if (1) every non-parameter v ariable is used as an eigenv ariable exactly once in π , and (2) parameter v ariables are not used as eigen va riables. Note th at, if a pro of is treelik e, w e can alwa ys put it in free-v ariable normal form by simply renaming v ariables. In fact, V P V prov es that every treelik e proof can b e put in free-v ariable normal form. A useful property of these pro of systems is the subformula pr op erty . It can be shown in V L that ev ery for mula in a G ∗ i proof is an ancestor (and therefore a subformula) of a cu t formula or a for mula in the final sequ ent. This is useful b ecause it tells us that an y non-Σ q i form ula in a G ∗ i proof must b e an ancestor of a final form ula. 2.5 T ruth Definitions In order to reason about t h e pro of systems in the theories, we m ust b e able to reason ab out quantified prop ositional form ulas. W e follo w the presentatio n in [8, 9, 5]. F ormally form ulas will b e coded as strings, but we will not distinguish b etw een a form ula and its encoding. So if F is a form ula, we will use F as the string enco ding the form ula as w ell. The metho d of co ding a formula can b e found in [5]. In th is pap er, we are only interested in Σ q 0 form ulas and prenex Σ q 1 form ulas. F or Σ q 0 form ulas, w e are able to giv e an Σ B 0 ( L F L ) functions that ev aluates the form ula. This formula will b e referre d to using A | = 0 F , where A is an assig n ment and F is a form u la. W e lea ve the precise definition to the readers. Give n a prenex Σ q 1 form ula F , the truth definition is a form ula that sa y s th ere is an assignment to th e quan t ified vari ab les that satisfies the Σ q 0 part of the form ula. This formula will b e referred to as A | = 1 F . V alid formulas (or tautologies ) are defined as T AU T i ( F ) ≡ ∀ A, (“A is an assignment to th e v ariables of F ” ⊃ A | = i F ) This truth definition can b e extended to define the truth of a sequent. So, if Γ − → ∆ is a sequ ent of Σ q i ∪ Π q i form ulas, then ( A | = i Γ − → ∆) ≡ “there exists a form ula in Γ that A do es not satisfy” ∨ “there exists a formula in ∆ that A satisfies” Another imp ortant formula w e will use is the reflection principle for a proof system. W e define the Σ q i reflection principle for a pro of system P as Σ q i -RFN( P ) ≡ ∀ F ∀ π , (“ π is a P pro of of F ” ∧ F ∈ Σ q i ) ⊃ T AU T i ( F ) This form ula essential ly sa ys that, if t here ex ists a P pro of of a Σ q i form ula F , then F is va lid. A nother w ay of p utting it is to say that P is sound when proving Σ q i form ulas. 9 2.6 Prop ositional T ranslations There is a close connection b etw een the theory V i and the pro of system G ∗ i . Y ou can think of G ∗ i as th e n on - uniform version of V i . This idea might not make muc h sense at first u ntil you realize you can translate a V i proof into a polynomial-size family of G ∗ i proofs. The translatio n that w e use is describ ed in [4, 5]. It is a modification of the Pa ris-Wilkie translation [12]. Giv en a Σ B i form ula φ ( ~ x, ~ X ) ov er the language L 2 A , we wan t t o translate it into a family of propositional formulas || φ ( ~ x, ~ X ) || [ ~ m ; ~ n ], where the size of the form ulas is b oun d ed by a p olynomial in ~ m and ~ n . The form ula || φ ( ~ x, ~ X ) || [ ~ m ; ~ n ] is mean t to b e a formula t hat is a tautology when φ ( ~ x, ~ X ) is true in the standard mod el whenever x i = m i and | X i | = n i . Then if φ ( ~ x, ~ X ) is true in the standard model for all ~ x and ~ X , then every || φ ( ~ x, ~ X ) || [ ~ m ; ~ n ] is a tautology . The va riables ~ m and ~ n will often b e omitted since they are und erstoo d. The free v ariables in the prop ositional form ula will b e p X i j for j < n i − 1. The v ariable p X i j is meant to represent the v alue of th e j th bit of X i ; w e know that the n i th bit is 1, and for j > n i , w e know the j th bit is 0. The definition of the translation proceeds by structural induction on φ . Supp ose φ is an atomic form u la. Then it has one of the follo wing forms: s = t , s < t , X i ( t ), or one of the trivial form ulas ⊥ and ⊤ , for terms s and t . Note that the terms s and t can b e ev aluated immediately . This is b ecause the exact val u e of every n u mber v ariable and the size of eac h string va riable is k now n . Let v al ( t ) b e v alue of t he term t . In the first case, we define || s = t || as the formula ⊤ , if v al ( s ) = v al ( t ), and ⊥ , otherwise. A simil ar construction is done for s < t . If φ is one of the trivial form ulas, then || φ || is th e same trivial form ula. So n ow , if φ ≡ X i ( t ), let j = v a l ( t ). Then the translation is defined as follo ws: || φ || ≡ 8 > < > : p X i j if j < n i − 1 1 if j = n 1 − 1 0 if j > n 1 − 1 Now for the inductive p art of the definition. Supp ose φ ≡ α ∧ β . Then || φ || ≡ || α || ∧ || β || . When the connective is ∨ or ¬ , the defi nition is similar. If the outermost connective is a number q u antifier bou n d by a term t , let j = v a l ( t ). Then the translation is defi ned as ||∃ y ≤ t, α ( y ) || ≡ j _ i =0 || α ( y ) || [ i ] ||∀ y ≤ t, α ( y ) || ≡ j ^ i =0 || α ( y ) || [ i ] ||∃ Y ≤ t, α ( Y ) || ≡ ∃ p Y 0 , . . . , ∃ p Y m − 2 , j _ i =0 || α ( Y ) || [ i ] ||∀ Y ≤ t, α ( Y ) || ≡ ∀ p Y 0 , . . . , ∀ p Y m − 2 , j ^ i =0 || α ( Y ) || [ i ] 10 Now w e are able to state th e translation theorem for V i and G ∗ i . Theorem 2.9. Supp ose V i ⊢ φ ( ~ x, ~ X ) , wher e φ is a b ounde d formula. Then ther e ar e p olynomial-size G ∗ i pr o of s of the fami ly of tautolo gies || φ ( ~ x, ~ X ) || [ ~ m ; ~ n ] . This t y p e of th eorem is the stand ard w ay of proving that the reasoning p o w er of th e pro of sy stem is as least as strong as th at of the th eory . 3 Definition of GL ∗ In this section, w e will define the pro of system we wish to explore. As w as stated in the introduction, this pro of system is defi n ed by restricting cut form ulas to a set of formula s that can b e ev aluated in L . A lone that is not enough to c han ge the strength of the proof system, so we also restrict the u se of eigenv ariables. The first step is to define a set of formulas t h at can b e ev aluated in L . These formula will b e bases on C N F (2) formula s. A C N F (2) f ormula is a C N F form ula where no va riable has more than t wo occurrences in the en tire form u la. It w as sho wn in [7] that determining whether or not a giv en C N F (2) form ula is satisfiable is complete for L . Based on this we get the follo wing definition: Definition 3.1. The set of formulas Σ C N F (2) is the smallest set 1. conta in in g Σ q 0 , 2. conta in in g ev ery formula ∃ ~ z , φ ( ~ z , ~ x ) where (1) φ is a q uantifier-free CNF f ormula V m i =1 C i and (2) existence of a z -literal l in C i and C j , i 6 = j , implies ex istence of an x -v ariable x such that x ∈ C i and ¬ x ∈ C j or vice ve rsa, and 3. closed un der substitution of Σ q 0 form ulas th at contain only x -v ariables for x -va riables. Definition 3.2. The idea behind this d efinition is that any assignment to the v ariables ~ x reduces th e qu antifer-free protion to a C N F (2) form ula in ~ z . GL ∗ is the p rop ositional pro of system G ∗ 1 with cuts restricted to Σ C N F (2) formulas in which every free v ariable in a non- Σ q 0 cut formula is a parameter v ariable. The restriction on t he free va riables in the cut form ula might seem strange, but it is necessa ry . I f we did not h a ve th is restriction, then the proof system would be as strong as G ∗ 1 . W e will not give a full pro of of this, but th e interested reader can see information on GP V ∗ in [14]. What w e will show is that, if the restriction on the v ariables is not presen t, then the p roof system can sim ulate G ∗ 1 for Σ q 1 form ulas. Let H ∗ b e th e pro of system G ∗ 1 with cut s restricted to Σ C N F (2) form ulas and no restriction on the free va riables. Definition 3.3. A n extension cedent Λ is a sequ ence of form ulas Λ ≡ y 1 ↔ B 1 , y 2 ↔ B 2 , . . . , y n ↔ B n (3.1) where B i is a Σ q 0 form ula that do es not mention any of th e v ariables y i , . . . , y n . W e call the v ariables y 1 , . . . , y n extension v ariables. 11 Based on a lemma in [8], Co ok and Nguyen prov ed the follo wing lemma in [6]. Lemma 3.4. If π is a G ∗ 1 pr o of of ∃ ~ z A ( ~ z , ~ x ) , wher e A is a Σ q 0 formula, then ther e exists a P K pr o of π ′ of Λ − → A ( ~ y , ~ x ) wher e Λ is as in 3.1 and | π ′ | ≤ p ( | π | ) , for some p olynomial p . The proof guaran teed b y this lemma is also an H ∗ proof since ev ery P K pro of is also an H ∗ proof. Ex tending this pro of with a number of applications of ∃ -right, w e get an H ∗ proof of Λ − → ∃ ~ z A ( ~ z , ~ x ) . (3.2) So now we need to fi nd a w ay to remove the extension cedent Λ. This is done one form ula at a time. Supp ose y ↔ B is the last formula in Λ. The key observ ation is that ∃ y [ y ↔ B ] is a Σ C N F (2) form ula b ecause the formula can b e express as ∃ y [( y ∨ 6 = B ) ∧ ( ¬ y ∨ B )]. So we can app ly ∃ -left with y as t he eigen v ariable to (3.2). The eigenv ariable restrictio n is met b ecause y is the last eigen vari able, and, th erefore, cannot app ear anywhere else t h e ex tension ced ent. Then we cut ∃ y [ y ↔ B ] after deriving − → ∃ y [ y ↔ B ]. W e can then d o this for every formula is Λ starting at the en d . This prov es the follo wing theorem. Theorem 3.5. H ∗ p -simulates G ∗ 1 for Σ q 1 formulas. This proof is not alw ays a GL ∗ proof b ecause the extension v ariables are not parameter v ariables, y et they app ear in cut formulas. 4 Adjusting V L In order to pro ve the translation theorem, w e start with the theory V L , whic h corresponds to L reasoning. This theory was defined in S ection 2.2. The p roof of the translation theorem is similar to other proofs of its typ e. W e tak e an anchored (or free-cut free) proof. Then the cut form ulas in this pro of will translate into th e cut form ulas in th e propositional p roof. If we use V L for this, there are tw o problem: (1) not all of the axioms of V L translate into Σ C N F (2) formulas and (2) the restriction of the free v ariables in cut formulas may not b e met. In the first subsection, w e take care of the first problem. The second problem in taken care of in Section 4.2. 4.1 A New Axiomatization F or V L W e wan t t o reform u late th e ax ioms of V L so they translate into Σ C N F (2) form ulas. All of th e 2BASIC axioms are Σ B 0 , so t hey translate in to Σ q 0 form ulas, which are Σ C N F (2), so t hey do not create an y problems. W e only need to consider Σ B 0 -COMP and Σ B 0 -rec. W e handle Σ B 0 -COMP the same w ay Co ok and Moriok a did in [5]. That is, if the pro of system is asked to cut the translation of an instance of th e Σ B 0 -COMP axiom, then the prop ositional proof is c hanged so that th e cut becomes V t i =0 [ || φ ( i ) || ↔ 12 || φ ( i ) || ], which is Σ C N F (2). T o take care of Σ B 0 -rec, we d efine a new theory t h at is equ iv alent to V L by replacing the Σ B 0 -rec axiom. Informally the n ew ax iom says that there exists a string Z that gives a specific pseudo-path of length b in the graph with a n od es and edge relation φ ( i, j ). This path starts at no de 0. If ( i, j ) is an ed ge in th is path, then j is the smallest n u mber with an edge from i to j , or j = a when there are no ou tgoing ed ges. Note that th e edge ma y not ex ist in the original graph when j = a . This is why w e call it a p seudo-path. I f ( i, j ) is the w th edge in the path, then Z ( w , i, j ) is true, an d Z ( w, i ′ , j ′ ) is false for every other pair. This is describ ed by t he Σ B 0 -edge-rec axiom sc h eme: ∃ Z ≤ 1 + h b, a, a i [ ρ 1 ∧ ρ 2 ∧ ρ 3 ∧ ρ 4 ∧ ρ 5 ∧ ρ 6 ∧ ρ 7 ∧ ρ 8 ] , (Σ B 0 -edge-rec) where ρ 1 ≡∀ j < a, ¬ Z (0 , 0 , j ) ∨ φ (0 , j ) ∨ ∃ l < j φ (0 , l )) ρ 2 ≡∀ j ≤ a ∀ k < j, ¬ Z (0 , 0 , j ) ∨ ¬ φ (0 , k ) ∨ ∃ l < k φ (0 , l )) ρ 3 ≡∀ i ≤ a ∀ j ≤ a, i = 0 ∨ ¬ Z (0 , i, j ) ρ 4 ≡∀ w < b ∀ i ≤ a ∀ j ≤ a, ¬ Z ( w + 1 , i, j ) ∨ ∃ h ≤ aZ ( w , h, i ) ∨ ¬ φ ( i, j ) ∨ ∃ l < j φ ( i, l ) ρ 5 ≡∀ w < b ∀ i ≤ a ∀ j < a, ¬ Z ( w + 1 , i, j ) ∨ φ ( i, j ) ∨ ∃ l < jφ ( i, l ) ρ 6 ≡∀ w < b ∀ i ≤ a ∀ j ≤ a ∀ k < j, ¬ Z ( w + 1 , i, j ) ∨ ¬ φ ( i, k ) ∨ ∃ l < kφ ( i, l ) ρ 7 ≡∃ i ≤ a ∃ j ≤ a, Z ( b, i, j ) ρ 8 ≡∀h w , i, j i ≤ h b, a, a i , [ w > b ∨ i > a ∨ j > a ] ⊃ ¬ Z ( w, i, j ) and φ ( i, j ) is a Σ B 0 form ula that does not mention Z , but ma y have other free va riables. It is not immediately obvious that th e axiom sa y s what it is sup p ose to, so w e will take a closer look. Let Z b e a string th at witnesses the axiom. W e wa nt to make sure Z is the path described ab ove . Lo oking at ρ 3 , we see the path starts at 0. Supp ose Z (0 , 0 , j ) is true. W e m ust show that j is th e first node adjacen t to 0. This follo ws from ρ 1 , whic h guarantees φ ( i, j ) is true when j < a , and ρ 2 , which guarantees φ ( i, k ) is false when k < j . A similar argument can b e made with ρ 5 and ρ 6 to sho w that every no de is the smallest no de adjacen t to its predecessor. T o mak e sure the path is long enough, w e ha ve ρ 7 , which sa y s there is a b th edge, and ρ 4 , which sa y s if there is a ( w + 1)th edge there is a w th . A s you ma y hav e n oticed, there are parts of this formula that seman t ically are not needed . F or example, the ∃ l < j φ (0 , l ) in ρ 1 is n ot need ed. It is used to make sure the axiom translates into a Σ C N F (2) formula . W e add ρ 8 to make sure there is a unique Z that witnesses th is axiom. Notation 1. F or simplicit y , ψ φ is the Σ B 0 part of the Σ B 0 -edge-rec axiom instantia ted with φ . Note this includes the boun d on the size of Z . So the axiom can b e written as ∃ Z ψ φ . Definition 4.1. V L ′ is the th eory axiomatized by th e axioms of V 0 , the Σ B 0 -edge-rec axioms, and A xiom (4.1). The language of V L ′ is the language of V 0 plus a string constant C with definin g axiom | C | = 0 (4.1) 13 W e add the string constant to the language so w e can p ut V L ′ proofs in free v ariable normal form (b elow ) . W e do not use the constant for any other reason. Also, in the translation, we can treat C as a string v ariable with n = 0. Lemma 4.2. T he the ory V L is e quivalent to V L ′ . Pr o of. T o pro ve the tw o theories are equ iv alent, w e m ust sho w t hat V L prov es the Σ B 0 -edge-rec axiom and that V L ′ prov es the Σ B 0 -rec axiom. Since th e tw o axioms express similar ideas, this is not surprising. T o show that V L prov es the Σ B 0 -edge-rec axiom, let φ ( i, j ) b e any Σ B 0 form ula. Then let Y b e the string such that Y ( i, j ) ↔ ( j < a ⊃ φ ( i, j )) ∧ ∀ k < j ¬ φ ( i, k ). This Y exists b y Σ B 0 -COMP . W e can think of Y as t h e graph that contains on ly the edges the Σ B 0 -edge-rec ax iom wo u ld use. Since V L prove s the X − M I N form ula, it fol lows that V L pro ves ∀ i ≤ a, ∃ j ≤ a, Y ( i, j ). This means there exists a path of length b in Y that starts at n od e 0 Lemma 2.3. It is a simple task to verify the b edges in th is path satisfy the Σ B 0 -edge-rec axiom for φ . T o sho w th at V L ′ prov es the Σ B 0 -rec ax iom, let φ ( i, j ) b e a Σ B 0 form ula such that ∀ i ≤ a ∃ j ≤ a, φ ( i, j ). By the Σ B 0 -edge-rec axiom, there is a pseudo-path of length b in the graph φ . W e need to sho w that this is a real path. S upp ose ( i, j ) is an edge in the path. If j < a , then ( i, j ) is in th e graph by ρ 1 and ρ 5 . Otherwise, j = a , and ∀ k < j ¬ φ ( i, k ). This implies φ ( i, j ) since every node has out-d egree at least 1. This means every edge in the pseudo-p ath exists, and there exists a path of length b . The next step is to b e sure the translation of the Σ B 0 -edge-rec axiom is a Σ C N F (2) formula. This is done b y a careful insp ection of the formula. Lemma 4.3. T he formula ||∃ Z ψ φ ( a, b, Z ) || is a Σ C N F (2) f ormula. Pr o of. First w e as sum e φ ( i, j ) ≡ X ( i, j ) for some v ariable X . It is easy to see that || ψ X ( i,j ) ( a, b, Z ) || [ a, b ; t, a ∗ a ], where t is the b ound on Z giv en in the Σ B 0 -edge-rec axiom, is a CNF form ula. Note that we assigned | Z | = t and | X | = a ∗ a . W e now need to make sure t h e clauses hav e the correct form. This is done by ex amining each o ccurrence of a boun d literal. T o verif y this, the pro of will require a careful inspection of t h e definition of the axiom. The only b ound v ariables are t hose that come from Z . These are p Z w,i,j , which we will refer to as z w,i,j . The only free va riables are those correspon ding to X . These v ariables will b e referred to as x i,j . W e will fi rst look at the p ositive o ccurrences of z w,i,j . On insp ection, w e can observ e that, when w < b , every o ccurrence of z w,i,j must b e in clauses that are p art of th e translation of ρ 4 . W e wan t to show that every clause that is part of the translation of ρ 4 has conflicting free v ariables. This is tru e since ¬ X ( i, j 1 ) will confl ict with one of the vari ables from ∃ l < j 2 , X ( i, l ) when j 1 < j 2 . When w = b , t h e v ariable z b,i,j app ears once in ρ 7 . Now we turn to the negativ e occurrences. Wh en w = 0, the v ariable z 0 ,i,j will app ear negatively in the clauses corresponding to ρ 1 , ρ 2 , and ρ 3 . If i > 0, it will app ear only in the clauses corresponding to ρ 3 and will appear only once. If i = 0, the v ariable z 0 , 0 ,j will n ot app ear in the t ranslation of ρ 3 b ecause the i = 0 p art will satisf y the clause. It is 14 easy to observ e that every o ccurrence of the v ariable in the translati on of ρ 1 and ρ 2 will h av e a conflicting free v ariable. Examine the constru ct ion X (0 , j ) ∨ ∃ l < j X (0 , l ) at the end of ρ 1 and ¬ X (0 , k ) ∨ ∃ l < k X (0 , l ) at the end of ρ 2 . A similar argumen t can be made with ρ 4 , ρ 5 , and ρ 6 when w > 0. This implies that the translation is a Σ C N F (2) formula when φ ( i, j ) ≡ X ( i, j ). When φ is a more general formula, the translation is the formula in the first case wi t h t he free v ariables substituted with th e translation of φ , whic h will b e Σ q 0 . Since Σ C N F (2) formulas are closed under this type of sub stitution, the formula is Σ C N F (2) in all cases. 4.2 Normal F orm F or V L ′ In this section, w e wan t to fi nd a normal form for V L ′ proofs that makes sure the translation of V L ′ proofs satisfy the va riable restriction for GL ∗ . The normal form we wan t is cut variable normal form (CVNF) and is defined in the follo wing. Definition 4.4. A formula φ ( Y ) is bit- d ep endent on Y if there is an atomic sub - form u la of φ of the form Y ( t ), for some term t . Definition 4.5. A proof is in free v ariable normal form if (1) every non- parameter free v ariable y or Y that app ears in the proof is used as an eigen va riable exactly on ce and (2) parameter v ariables are neve r used as eigen va riables. Note that if a proof is in free va riable normal form w e can assume that every instance of the n on - parameter v ariable Y (or y ) is in an ancestor of the sequent where Y i s u sed as an eigen v ariable. If it is not, we can replace Y with the constant C in all those sequ ents. Definition 4.6. A cut in a pro of is anchored if the cut form u la is an instance of an axiom. Definition 4.7. A V L ′ proof π is in cut variable normal form if π i s (1) in fr e e variable normal form, (2) every cut with a non- Σ B 0 cut formula is anchor e d, and (3) no cut f ormula that is an instanc e of the Σ B 0 -e dge-r e c axiom is bit-dep endent on a non-p ar ameter fr e e string variable. It is know n ho w to find a p roof with th e first tw o properties [6, 2], and this part will not b e rep eated h ere. Instead we focus on how to fin d a proof satisfying t he third prop erty . Theorem 4.8. F or every Σ B 1 the or em of V L ′ ther e exists a V L ′ -pr o of of that formula in CVNF. The pro of of t his theorem is the most technical in this pap er. At a high level, it amounts to showing Σ B 0 -edge-rec is closed under substitution of strings defined by Σ B 0 -edge-rec and Σ B 0 -COMP . W e b egin with an an- chore d pro of that is in free v ariable normal form. W e wa nt to change every cut that v iolates condition (3) in th e definition of CVN F. Consider the proof given in Figure 1. This is a simple example of what can go wrong. The general case is handled in the same wa y , so we wi ll only consider this case. Since all Σ B 1 cut form ulas are anc h ored and the ∃ Y γ ( Y ) must even- tually b e cut, it is b e an instance of Σ B 0 -COMP or Σ B 0 -edge-rec. So you 15 P . . . . . . . . . ∃ Z ψ φ ( Y ) ( Z ) , γ ( Y ) , Γ − → ∆ . . . . . . . . . γ ( Y ) , Γ − → ∆ , ∃ Z ψ φ ( Y ) ( Z ) γ ( Y ) , Γ − → ∆ ∃ Y γ ( Y ) , Γ − → ∆ Figure 1: E xample of a pro of that is not in CVNF can think of γ as a form ula that completely defines Y . Then we wan t to change φ ( Y ) so that it do es not men tion Y explicitly , but instead uses the definition of Y given by γ . Note that, for this to be tru e, the final formula must b e Σ B 1 ; otherwise, Y could hav e b een used as an eigenv ariable in a ∀ -right inference and would not b e we ll defined . Lemma 4.9. F or any Σ B 0 formula φ ( Y ) , ther e exist Σ B 0 formulas φ 1 and φ 2 such that φ 1 is not bit-dep endent on Y and V 0 pr oves the se quent γ ( Y ) , ψ φ 1 ( Z ) , ∀ i < t [ Z ′ ( i ) ↔ φ 2 ( Z )] − → ψ φ ( Y ) ( Z ′ ) . Pr o of. This proof is divided in to tw o cases. I n the first case, we assume γ ( Y ) ≡ | Y | ≤ t ∧ ∀ i < t [ Y ( i ) ↔ φ ′ ( i )] . (4.2) That is, ∃ Y γ ( Y ) is an instance of Σ B 0 -COMP . W e know Y must app ear in th at p osition b ecause it even tually gets q uantified. In this case, φ 1 is φ with every atomic form ula of the form Y ( s ) replaced by s < t ∧ φ ′ ( s ), and φ 2 is the formula Z ( i ). W e can pro ve that there exists a V 0 proof of (4.2) by structural ind uction on φ . F or t h e second case, we assume γ ( Y ) ≡ ψ φ ′ ( Y ) . That is, Y is the pseudo-path in the graph of φ ′ . The first step is to defi ne branching programs that comput e Y and Z ′ (the p seudo-path in the graph of φ ) using Y . Then φ 1 is the Σ B 0 description of the comp osition of these branching programs, and φ 2 is the Σ B 0 form ula th at extracts Z ′ from the run of t his last b ranching program. Definition 4. 10. A branching program is a nonempty set of nod es lab eled with triples ( α, i, j ), where α is a Σ B 0 form ula o ver some set of v ariables and 0 ≤ i, j ≤ t fo r some term t that depends only on the input s to th e program. Semantically , if a no de u is labeled with ( α, i, j ), then, when the b ranching p rogram is at no de u , it will go to no de i , if α is tru e, or nod e j , otherwise. The initial nod e is alwa ys 0. Note that a branc h in g program is essenti ally a graph with a sp ecial form, and , as with graph s, we use families of branching programs that can b e describ ed by Σ B 0 form ulas. H o weve r, w e will not giv e the explicit construction of the formula; w e lea ve it to the reader. The first step is to introduce the initial b ran ching program B P 0 that computes Z ′ . The nodes of B P 0 are in terp reted as triples h w , i, j i . A n inv ariant for this branc hing program is t hat, if we reach the no de h w, i, j i , 16 then the w th n od e of Z ′ is i and ∀ k < j ¬ φ ( i, k ). At eac h no de, w e chec k if j is the next no de. Let a b e t h e maximum v alue of a no de and b b e the length of the path. This means the num b er of nodes in B P 0 is bound by h b, a, a i . So no w to define the lab els. If j < a , then h w, i, j i is lab eled with ( φ ( i, j ) , h w + 1 , j, 0 i , h w , i, j + 1 i ). If j = a , then h w , i, j i is lab eled with ( ⊤ , h w + 1 , j, 0 i , 0). It is easy to see that the in v ariants hold and that Z ′ can b e obt ained from a path in B P 0 using Σ b 0 -COMP . The b ranching program that computes Y is constru cted the same wa y except φ ′ is used instead of φ . Let this branching progra m be B P . Mo vin g on to th e second step, we now w ant to simplify B P 0 so t h at every n od e whose label is bit-depen dent on Y is labeled with an atomic form ula. This is done to simplify the construction of th e comp osition. W e start with B P 0 . Then, given B P i , w e defin e B P i +1 by remo v ing one connective in a no de of B P i that is not in the right form. Let no de n in B P i b e lab eled with ( α, u 1 , u 2 ). The construction is divided into five cases: one for eac h p ossible outer connective. Case α ≡ ¬ β : B P i +1 is th e sa me as B P i except node n is no w lab eled with ( β , u 2 , u 1 ). Case α ≡ β 1 ∧ β 2 : The no des of B P i +1 are interpreted as pairs h u, v i . The no d e h u, 0 i corresp onds to no de u in B P i . The lab el of h n, 0 i b ecomes ( β 1 , h n, 1 i , h u 2 , 0 i ) and the lab el for h n, 1 i is ( β 2 , h u 1 , 0 i , h u 2 , 0 i ). Notice that h n, 1 i is used as an intermediate no de while ev aluating α . Case α ≡ β 1 ∨ β 2 : B P i +1 is defined as in the previous case, with a few minor mo difications. This case is left t o the reader. Case α ≡ ∃ z ≤ t β ( z ) : The no des b ecome pairs as in the previous case, but this time th e lab els are differen t. The n od e h n, i i is labeled with ( β ( i ) , h u 1 , 0 i , h n, i + 1 i ), when i < t . If i = t , the no de is lab eled with ( β ( i ) , h u 1 , 0 i , h u 2 , 0 i ). In this case , the branc hin g program is lo oking for an i that satisfies β ( i ). Case α ≡ ∀ z ≤ tβ ( z ) : This case is similar to the prev ious case. The only d ifference is the branc hing progra m is looking for an i t h at falsifies β ( i ). Let B P n b e the final branching p rogram in this construction ab o ve. W e now construct a branching program B P ′ that is the comp osition of B P n and B P . The nodes of B P ′ are pairs h u 1 , u 2 i where the fi rst elemen t corresponds to a node in B P n and t he second element corres p onds to a nod e in B P . Supp ose n o de u 1 in B P n is lab eled with ( α, v 1 , v 2 ). If α is not bit- dep endent on Y , then th e node h u 1 , 0 i is lab eled with ( α, h v 1 , 0 i , h v 2 , 0 i ). It is also p ossible that α is bit-dep endent on Y ; in whic h case, α is of the form Y ( w , i, j ). Let ( β , w 1 , w 2 ) be the lab el for no de u 2 in B P . Then the n od e h u 1 , u 2 i is lab eled as follo ws: ( β , h u 1 , w 1 i , h u 1 , w 2 i ), if u 2 ≤ h w , a, a i and u 2 6 = h w , i, j i , ( β , h v 1 , 0 i , h v 2 , 0 i ) if u 2 = h w , i, j i , and ( ⊤ , h v 2 , 0 i , h v 2 , 0 i ) otherwise. In this case, we are using the second elemen t to run B P and determine if the w th edge in t he path is ( i, j ). If it is, w e mo ve on to h v 1 , 0 i , and, if it is not, w e mov e on to h v 2 , 0 i . In th e lab els ab ov e, t he first line correspond s 17 P ′ . . . . . . . . . ψ φ ( Y ) ( Z ) , γ ( Y ) , Γ − → ∆ Q . . . . . . . . . γ ( Y ) , ψ φ 1 ( Z ) , τ ( Z ′ ) − → ∆ , ψ φ ( Y ) ( Z ) ψ φ 1 ( Z ) , τ ( Z ′ ) , γ ( Y ) , Γ − → ∆ ψ φ 1 ( Z ) , ∃ Z ′ τ ( Z ′ ) , γ ( Y ) , Γ − → ∆ ψ φ 1 ( Z ) , ∃ Z ′ τ ( Z ′ ) , γ ( Y ) , Γ − → ∆ − → ∃ Z ′ τ ( Z ′ ) ψ φ 1 ( Z ) , γ ( Y ) , Γ − → ∆ ∃ Z ψ φ 1 ( Z ) , γ ( Y ) , Γ − → ∆ ∃ Z ψ φ 1 ( Z ) , γ ( Y ) , Γ − → ∆ − → ∃ Z ψ φ 1 ( Z ) γ ( Y ) , Γ − → ∆ ∃ Y γ ( Y ) , Γ − → ∆ Figure 2: Mo dification of the pro of in Figure 1. The formula τ ( Z ′ ) is used to replace ∀ i < t [ Z ′ ( i ) ↔ φ 2 ( Z )] to ru nning B P . The second line corresponds to a chec k if ( i, j ) is the w th edge. The third line is used when we h a ve already found the w th ed ge and it is not ( i, j ). It is not d ifficult to see that it is p ossible to construct φ 1 (a Σ B 0 form ula describing B P ′ ), and φ 2 (a formula ex t racting Z ′ from a run of B P ′ . Moreo ver, V 0 prov es th at this constru ct ion wo rk s. Using t h is lemma, we are able to change th e pro of in Figure 1 into the pro of in Figure 2. In that pro of, P ′ is the p roof P with the rules that introdu ced ∃ Z ignored (renaming v ariables if necessary), and Q is an anchore d V 0 proof, which w e know exists by the lemma ab ov e. This gives us a new pro of of th e same form u la that still satisfies prop erties (1) and (2) in D efinition 4.7 and it contains one less cut that is bit-dep endent on Y . Using this manipulation, we prov e Theorem 4.8. Pr o of of The or em 4. 8. It would b e nice to be able to simply say w e can rep eatedly apply the manipulations above and even tually the proof will b e in CVNF, but this is n ot obvious. In the manipulation, if γ ( Y ) is bit-dep endent on a string vari able oth er than Y , th en the new Σ B 0 -edge- rec cut formula is bit-dep end ent on that v ariable. This includ es non- parameter string v ariables. So we need to state our induction hypothesis more carefully . Let Y 1 , . . . , Y n b e all of the non-parameter free string v ariables that app ear in π ordered suc h that the vari ab le Y i is u sed as a eigenv ariable b efore Y j for i < j . This implies Y i does not app ear in γ ( Y j ) in t h e manipulations abov e. So n ow supp ose no Σ B 0 -edge-rec cut formula is bit- dep endent on th e vari ables Y 1 , . . . , Y k , for some k < n . Then we can 18 manipulate π su ch that the same holds for th e vari ables Y 1 , . . . , Y k +1 . T o accomplish this, we simply manip u late every Σ B 0 -edge-rec cut form ula that is bit-d ep endent on Y k +1 as describ ed ab ov e. Since Y 1 , . . . , Y k cannot app ear in γ ( Y k +1 ), those v ariables will not violate the cond ition. So b y induction, we can get a pro of that is in CVNF. 5 T ranslation Theorem W e are no w prepared to pro ve the translation th eorem. The proof is d on e by induction on the length of the pro of. F or the base case, we need to prove the t ranslation of the axioms of V L ′ . W e know the Σ B 0 -COMP and the 2BASIC axioms have p olynomial-size G ∗ 0 proofs from oth er translation theorems [5]. This means they also hav e p olynomial-size GL ∗ proofs. Axiom (4.1) is easy to pro ve since it translates to − → ⊤ . W e still need to sho w ho w t o pro ve th e Σ B 0 -edge-rec axiom in GL ∗ . Recall th at w e write the ax iom as ∃ Z ψ φ ( a, b, Z ). N ote that the axiom d oes ha ve a b oun d on Z , but it has b een omitted since the sp ecific b ound is not imp ortant. Lemma 5.1. The f ormula ||∃ Z ψ φ ( a, b, Z ) || has a GL ∗ pr o of of size p ( a , b ) for some p olynomial p . Pr o of. The p roof is done by a brute force induction. W e pro ve, in GL ∗ , that, if there exists a pseudo-p ath of length b , then there ex ists a pseud o- path of length b + 1. It is easy to prov e t here exists a pseudo- path of length 0. Then with rep eated cutting we get our fin al result. The entire path is quantified, so we do not cut form u las with non-parameter free v ariables. Give n vari ables t h at encode a path of length b , we can defin e Σ q 0 for- mula s that determine the n ex t edge. Let A i,j ≡ || φ ( i, j ) || . Since φ is a Σ B 0 form ula, A i,j is a Σ q 0 form ula. T o prove that there is an edge t h at starts the p ath, consider th e form u la B 0 , 0 ,j ≡ A 0 ,j ∧ j − 1 ^ k =0 ¬ A 0 ,k , when j < a , and B 0 , 0 ,a ≡ a − 1 ^ k =0 ¬ A 0 ,k . It is easy to see B 0 , 0 ,j is tru e for ex actly one j ≤ a . This is also pro vable in GL ∗ . This shows that GL ∗ has a polyn omial-size pro of of ||∃ Z ψ φ ( a, 1 , Z ) || . F or t h e inductive step, if there is a path of length b and th e p ath is given b y the v ariables z w,i,j , then t he witnesses for the next edge are defined as follo ws: B b +1 ,i,j ≡ a _ k =0 z b,k,i ∧ A i,j ∧ j − 1 ^ k =0 ¬ A i,k , 19 when j < a , and B b +1 ,i,a ≡ a _ k =0 z b,k,i ∧ a − 1 ^ k =0 ¬ A i,k . Using the fact that exactly one z b,i,j is true, we can prove in GL ∗ that exactly one B b +1 ,i,j is t rue. This sho ws that GL ∗ has a polynomial-size proof of ||∃ Z ψ φ ( a, b, Z ) || − → ||∃ Z ψ φ ( a, b + 1 , Z ) || . So no w w e are able to prove ||∃ Z ψ φ ( a, b, Z ) || for an y b by successi ve cutting. Recall that ||∃ Z ψ φ ( a, b, Z ) || is a Σ C N F (2) formula, and note that the free va riables in ||∃ Z ψ φ ( a, b, Z ) || d o not change as b changes. This means w e are allo wed to do the cut. This can b e used to prov e t he translation theorem. Theorem 5. 2 ( V L - GL ∗ T ranslation Theorem) . Supp ose V L pr oves ∃ Z < tφ ( ~ x, ~ X , Z ) , wher e φ i s a Σ B 0 formula. Then ther e ar e p olynomial-size GL ∗ pr o of s of ||∃ Z < tφ ( ~ x, ~ X , Z ) || [ ~ n ] . Pr o of. By Theorem 4.2 and Theorem 4.8, th ere exists a V L ′ proof π of ∃ Z < tφ ( ~ x, ~ X , Z ) that is in CVNF. W e proceed by indu ction on the depth of π . The base case follo ws from Lemma 5.1 and the commen t s that precede it. The indu ctive step is d ivided into cases: one for each rule. With the exception of cut, every rule can b e handled the same wa y it is hand led in the V 1 - G ∗ 1 T ranslation Theorem (Theorem 7.51, [6]), and will n ot b e rep eated here. When looking at t h e cut rule, there are three cases. If the cut form ula is Σ B 0 , then w e simply cu t the correspond ing Σ q 0 form ula in th e GL ∗ proof. If the cut form u la is not Σ B 0 , then it must b e anchored since the pro of is in CVNF. This means the cut form ula is an instance of Σ B 0 -edge-rec or an instance of Σ B 0 -COMP . First supp ose it is an instance of Σ B 0 -edge-rec. Then w e are able t o cut the correspondin g form ula in the GL ∗ proof. This is because the axiom translates in t o a Σ C N F (2) form ula, an d the free v ariables in th e translation are p arameter va riables since the form ula is n ot bit-dep end ent on non-parameter string v ariables. When t h e cut formula is an instance of Σ B 0 -COMP , w e apply the same transformation as in the pro of of th e V N C 1 - G ∗ 0 translation th eorem [5]. That is, w e remov e the quantifiers by replac in g the v ariables with Σ q 0 for- mula s that witness the qu antifiers. This change do es not effect other cuts since their free v ariables are parameter v ariables or they are Σ q 0 form ulas and remain Σ q 0 after the substitut ion. The current cut form ula b ecomes a Σ q 0 form ula, whic h can be cut. Note th at, since there are a constant num- b er of cuts of this axiom, the substitution does not cause an exp onential increase in the size of the formulas. 6 Pro ving Reflection Principles In t h is section, we show that GL ∗ does not capture reasoning for a higher complexity class. This is done by proving, in V L , that GL ∗ is sound. 20 This idea comes from [3], where Co ok show ed that P V p ro ves exten ded- F rege is sound, and [9], where Kra jicek and Pu d lak show ed T i 2 prov es G i is sound for i > 0. W e will actually show that V L prov es GL ∗ is sound. The idea b ehind the p roof is to giv e an L F L function th at witnesses the qu antifiers in the proof. Then we pro ve, by Σ B 0 ( L F L )-IND, that this fun ct ions witness every sequent, including the fin al sequent. Therefore the formula is tru e. W e start b y giving an algo rithm that wi t n esses Σ C N F (2) formula s in L when the formula is true. This algorithm is the algorithm given in [7] with a few additions to fi nd the satisfying assignmen t. W e describe an L F L function th at corresp onds to this algorithm and pro ve it correct in V L . W e then u se this fun ct ion to find an L F L function that witnesses GL ∗ proofs, and pro ve it correct in V L . 6.1 Witnessing Σ C N F (2) F or m ulas Let ∃ ~ z A ( ~ x, ~ z ) b e a Σ C N F (2) form u la. W e will describ e how to fi nd a witness for this formula. W e assume that A is a C N F formula. That is, the substitution of the Σ q 0 form ulas has not happ ened . The general case is essentially the same. The first thing to tak e care of is the encod ing of A . W e will not go through t h is is detail. S uffice it to say that parsing a fo rmula can b e done in T C 0 [5], and, as long as w e are working in a theory that extends T C 0 reasoning, w e can use an y reas onab le enco ding. W e will refer t o the i th clause of A as C A i . A clause will b e view ed as a set of literal s. A liter al is either a v ariable or its negation. So w e will wri te l ∈ C A i to mean that the literal l is in the i th clause of A . Since the p arsing can b e done in T C 0 , these formulas can b e defin ed by Σ B 0 ( L F L ) formulas. An assignment will also b e view ed as a set of literal . If a literal is in the set, then that literal is true. S o an assignment X satisfies a clause C if and only in X ∩ C 6 = ∅ . Give n val u es for ~ x , w e first simplify A to get a C N F (2) formula. W e will refer to the simplified formula as F . This can b e done using the L F L function defi ned by the follo wing formula: l ∈ C F i ↔ l ∈ C A i ∧ X ∩ C A i = ∅ , where X is the assignmen t to th e free v ariables. F rom th e defi n ition of a Σ C N F (2) form ula, V L can easily prov e th at F now enco des a C N F (2) form ula. In fact, it can b e show n that no literal app ears more than once. A satisfying assignment to this formula is the witness w e wa nt. Mark Bra vermen gav e an algorithm for fi nding this assignment [1 ], b ut we use a different algorithm that is easier to formalize. Before we describe the algorithm that fi nds this assignment, we go through a couple definitions. First, a pur e l iter al is a literal that ap p ears in the formula, bu t its negation do es not. Next the formula imp oses an order on the literals. W e sa y a literal l 1 fol lows a literal l 2 if the clause that conta in s l 1 also con tains l 2 , and l 1 is immediately to the righ t of l 2 , 21 circling to the b eginning if l 2 is the last literal. More formally: f oll ow s ( l 1 , l 2 , F ) ↔ ∃ i, l 1 ∈ C F i ∧ l 2 ∈ C F i ∧ ∀ l 3 ( l 2 < l 3 < l 1 ⊃ l 3 6∈ C F i ) ∧ ∀ l 3 ( l 3 < l 1 < l 2 ⊃ l 3 6∈ C F i ) ∧ ∀ l 3 ( l 1 < l 2 < l 3 ⊃ l 3 6∈ C F i ) Note th at if a clause contains a single literal then t h at literal follo ws itself. A lso, note that literals are cod ed b y numbers and l 1 < l 2 means the number cod ing l 1 is less then the number codin g l 2 . T o find the assignmen t to F , we will go through the literals in the form ula in a very sp ecific order. Starting with a literal l that is not a pure literal, th e next liter al is the literal that follo ws l : next ( l 1 , F ) = l 2 ↔ f oll ow s ( l 2 , l 1 , F ) . Note that if l 1 is a pure literal, then there is no next literal, so w e simply define it to b e itself. The imp ortant distinction is that next giv es an ordering of the literals in a form ula, and f oll ows orders the literal in a clause. When F is understo od , we will not mention F in next and f ol low s . The algorithm that find s the assignment works in stages. At the b egin- ning of stage i , we h a ve an assignmen t that satis fi es the first i − 1 clauses . Then, in the i th stage, we make local changes to this assignmen t to satisfy the i th clause as well. At a h igh lev el, to satisfy t h e i th clause, we start with the first literal in the i th clause, and assign that literal to true. The clause th at contains this literal’s negatio n may b e hav e gone from b eing satisfied to b eing un satisfied. So w e no w go to th e next litera l, which is in this other clause. W e contin ue this until we get to a point where we know the other clause is satisfied. W e need to be able to do this in L . Algorithm 1 sho ws how to do this. At any p oin t in the algorithm, the only Algorithm 1 Algor ithm for Stage i Set l 1 to the first litera l in clause i . rep eat Assign true to l 1 . set l 2 := next ( l 1 ) while l 2 is not the complement of l 1 do Assign true to l 2 set l 2 := next ( l 2 ) If l 2 is a pure literal, as sign true to l 2 , and stage i is do ne. If l 1 and l 2 are in the same clause, stag e i is done. end while Assign tr ue to l 1 . { This s ta tement is redundant, but it is included to emphasis that l 1 is true. } set l 1 := next ( l 1 ) un til l 1 is the first litera l in c la use i A t this p o int we know the form ula is unsatisfia ble. information w e need are the v alues of l 1 and l 2 , so this is in L . Note that 22 w e do not store the assignmen t on the work tap e, but on a write-only , output tap e. What is not obvious is why this algorithm w orks. The next lemma can be used to show th at the both lo ops will even tu - ally finish. Lemma 6.1. F or al l l i ter al s l , ther e exists a t > 0 such that after t applic ations of next to l , we get to l or a pur e l iter al . Pr o of. Let next 0 ( l ) = l and next t +1 ( l ) = next ( next t ( l )). Since next has a finite range, there exist a minimum i and t such that next i ( l ) = next i + t ( l ). Supp ose this is not a pure literal. If i > 0, then nex t ( next i − 1 ( l )) = next ( next i + t − 1 ( l )). How ever, t h is implies next i − 1 ( l ) = next i + t − 1 ( l ) since next is one-to-one when not d ealing with p ure literals. This violates our choi ce of i . Therefore i = 0, and l = nex t 0 ( l ) = next t ( l ). The imp lies the inner loop will halt, b ecause, if it do es not end earlier, l 2 will even tu ally equal l 1 whic h b oth will b e in the same clause. F or t he outer loop, if t he algorithm do es not halt for any other reason, l 1 will even tually return to the fi rst literal in the i th clause. The next lemma plays a small role in the pro of of correctness. Lemma 6.2. Supp ose the algorithm fail s at sta ge i and that next t ( l ′ ) = l , wher e l ′ is the first l iter al i n clause i . Then, for every liter al i n the same clause as l , ther e is a t ′ such that next t ′ ( l ′ ) e quals that liter al. Pr o of. T o prov e this lemma, w e will sho w th at th ere exists a t ′ that equals the literal that follow s l . Then by conti nually applying this argumen t, y ou get that every literal in the clause is visited. Let l ′ b e the first literal in the i th clause. Then, after going through the outer lo op t times, l 1 = l . Since the algorithm fai ls, the inner lo op w ill finish because l 2 = l 1 . This means there is a t ′ such th at nex t t ′ ( l ′ ) = l . Then nex t t ′ +1 ( l ′ ) is the literal th at follo ws l . Theorem 6.3. I f the algorithm fails, the formula is unsatisfiable. Pr o of. This is prov ed by con t rad iction. Let F b e a C N F (2) form ula and A b e an assignment that satisfies it. Assume that th e algorithm fails. F rom this we can defi ned a function from the set of v ariables to th e set of clauses as follo ws: f ( i ) = j ↔ ( x i ∈ C F j ∧ x i ∈ A ) ∨ ( ¬ x i ∈ C F j ∧ ¬ x j ∈ A ) . Informally , if f ( i ) = j then clause C j is t rue b ecause of the v ariable x i . Since the formula is satis fi ed, this function is on to the set of clauses. A lso, since F is C N F (2), no literal appear more than once. So f is indeed a function b ecause if f ( i ) = j and f ( i ) = j ′ then the literal x i or ¬ x i is in b oth C F j and C F j ′ . Now we wil l use the as sum p tion that the algori th m fails to find a w ay to restrict f so that it violates th e P H P . Supp ose the algorithm fails at stage i . Let l b e first literal in clause i . W e then d efi ne sets of v ariables V a as follo ws: V a = n x n : ∃ b < a next b ( l ) = x n ∨ next b ( l ) = ¬ x n o . 23 W e also defined sets of clauses W t as follow s: W a = { C n : ∃ x ∈ V a ( x ∈ C n ∨ ¬ x ∈ C n ) } . Note that for a large enough a , sa y | F | , if C n is in W a , then every v ariable that appears in C n is in W a by 6.2. W e show by induct ion on a that | V a | < | W a | . F or a = 1, | V a | = 1. If l is a p ure literal or l and ¬ l are in t h e same clause, then the algorithm would succeed. O therwise | W a | = 2. F or the inductive case, supp ose | V a | < | W a | . Let l ′ = next a +1 ( l ). If l ′ is not a new v ariable, then | V a +1 | = | V a | < | W a | = | W a +1 | . If l ′ is a n ew v ariable, then l ′ must b e in a new clause. F or, if this was not th e case, the algorithm w ould succeed. T o see this, let l 1 b e the most recen t literal in th e same clause as l ′ . W e know l 1 is n ot l ′ since l ′ is a new vari ab le. Then even tually l 2 will become next ( l ′ ), which is in t h e same clause as l 1 . The inner lo op will not end because l 2 b ecomes th e complement of l 1 since that w ould mean nex t ( l 1 ) is more recen t. This gives | V a +1 | = | V a | + 1 < | W a | + 1 = | W a +1 | . If we restrict f to V | F | , th en f is a function from V | F | that is on to W | F | violating th e P H P . Theorem 6.4. If the algorithm suc c e e ds, then, for al l i , the assignment after given at the end of stage i satisfies the first i clauses of F . Pr o of. The pro of is done b y induction on i . F or i = 0, th e statement holds since there are no clauses to satisfy . A s an induction hyp othesis, supp ose the statement holds for i . Then w e will show if the algorithm ever visits one of the literals in clause n , then that clause is satisfied. Consider clause n , where n ≤ i + 1. Find the last p oint in th e algorithm that either l 1 or l 2 w as in clause n , and let l be that literal. First, it is p ossible that when the algorithm ends l 2 is in clause n . If l 2 is a p ure literal, then l 2 is set to true, satisfying the clause. Oth erwise, l 1 and l 2 are in the same clause. In this case, l 1 is true since it was assigned true. If l 2 ever became l 1 , the algorithm wo u ld ex it the inner loop, so l 1 could never ha ve b een assigned true. Second, w e consider the p ossibilit y that l 2 w as not in clause n when the algorithm ended. Then we claim that l is true, an d , therefore, clause n is satisfied. Supp ose for a con trad iction th at it is not. Then at some later p oint l was assigned true. This could happ en in one of th ree places. First is if l 1 = l and w e are at th e b eginning of the outer loop. H ow ever, l 2 w ould b e set to nex t ( l ) righ t after, whic h is in clause n . This means we did not find the last occurrence of a literal in clause n as we should ha ve. A similar argument can b e used in the other tw o places. W e now t urn to formalizing this algorithm. F or this, w e d efine an L F L function f ( i, t ) that will return the v alue of l 1 and l 2 after t steps in stage i . 24 This is done using n umber recursion. In the follo wing let f ( c, t ) = h l 3 , l 4 i : f ( i, 0) = h l 1 , l 2 i ↔ l 1 = min l l ∈ C F i ∧ l 2 = next ( l 1 ) f ( c, t + 1) = h l 1 , l 2 i ↔ φ 1 ⊃ l 1 = next ( l 3 ) ∧ l 2 = next ( l 1 ) ∧¬ φ 1 ∧ φ 2 ⊃ ( l 1 = l 3 ∧ l 2 = l 4 ) ∧¬ φ 1 ∧ ¬ φ 2 ⊃ ( l 1 = l 3 ∧ l 2 = next ( l 4 )) where φ 1 ≡ l 3 = l 4 φ 2 ≡ ( sameC lause ( l 3 , l 4 ) ∨ pur eLiter al ( l 4 )) The formulas φ 1 and φ 2 are the conditions th at are used to recognize when the inner loop ends. The first form u la is when the loop en d s and w e hav e to con t inue with th e outer loop. The second form u la is when the stage is finished. In th e form ula version, we do not stop if the algorithm fa ils. Instead w e view the algorithm as failing if after | F | 2 steps, φ 2 w as n ever true. W e use this v alue since | F | is an u pp er b oun d on th e num b er of literals in F and current state of the algorithm is determined b y a pair of literal. In the follo wing, an y reference to time has the implicit b ound of | F | 2 . The final step is to ex tract the assignment. The assignment is done by finding the last time a vari able is assigned a v alue. This means we must b e able to determine when a vari able is assigned a v alue. T o do this, observ e that a literal is assigned true just b efore the next function is app lied to that literal. With th is is mind w e get the follow in g: Assig ne d ( i, t, l ) ↔ ∃ l ′ ,f ( i, t ) = h nex t ( l ) , l ′ i ∨ f ( i, t ) = h l ′ , nex t ( l ) i So As sig ned ( i, t, l ) means that l w as assigned tru e during the t th step of stage i . Then w e can get the assignmen t as follo ws: l ∈ Assig nment ( i, F ) ↔ c = max c ∃ t Ass ig ned ( c, t , l ) ∧ t = max t Assig ne d ( c, t, l ) ∧ c ′ = max c ′ ∃ t ′ Assig ne d ( c, t ′ , l ) ∧ t ′ = max t ′ Assig ne d ( c ′ , t ′ , l ) ∧ ( c > c ′ ∨ ( c = c ′ ∧ t > t ′ )) The idea is the v alue of a v ariable is the last va lu e that w as assigned to it. The V L proof that this algorithm is correct is the ess entially the same as the pro ofs of Theorem 6.3 and Theorem 6.4, whic h can b e forma lized in V L . This giv es the follo wing. Theorem 6.5. V L pr oves that, if the algorithm fails, the f ormula is unsatisfiable. Theorem 6.6. V L pr oves that, if the algorithm suc c e e ds, then, f or al l i , Assig nm ent ( i, F ) gives a satisfying assignment to the firs t i clauses of F . 25 6.2 Witnessing GL ∗ Pro ofs Let π b e a GL ∗ proof of a Σ q 1 form ula ∃ ~ z P ( ~ x, ~ z ), and let A be an assign- ment to the parameter v ariables. W e assume π is in free v ariable normal form (D efi nition 2.8). Let Γ i − → ∆ i b e the i th sequ ent in π . W e will prov e by induction that for any assignmen t to all of the free v ariables of Γ i and ∆ i , a function W it ( i, π , A ) will find at least one formula that satisfies the sequent. There are tw o th ings to note. By the subformula prop erty , every form ula in Γ i is Σ C N F (2), which means it can b e ev aluated. Also, we need an assignment that gives appropriate v alues to th e n on-parameter free v ariables that could ap p ear. T o take care of this second p oint, we extend A to an assignment A ′ as follo ws: 1: Given a non-parameter free va riable y , find th e ∃ -left inference in π that uses y as an eigenv ariable. Let z be the new b oun d v ariable and let F b e the principal formula. 2: Find the descendant of F t h at is used as a cut formula. Let F ′ b e the cut formula. Note th at F is a subform u la of F ′ , and, b ecause of the vari able restriction on cut form u las, ev ery free va riable in F ′ is a parameter v ariable. 3: A ssign y th e v alue that A ssig nme nt ( F ′ , A ) assigns z . The reason for this particular assignment will b ecome evident in the pro of of Lemma 6.7. W e can n ow define W it ( i, π , A ′ ), which witnesses Γ i − → ∆ i . W it will go through each form ula in the sequent to find a form ula that sat- isfies the sequent. Σ C N F (2) form ulas are eval u ated using the algo- rithm describ ed in the p revious section. W e will now fo cu s our atten - tion on other Σ q 1 form ulas, whic h must app ear in ∆ i . Each Σ q 1 form ula F ≡ ∃ ~ zF ∗ ( ~ z ) in ∆ is ev aluated by finding a witness to the quantifiers as follo ws: 1: Find a form u la F ′ in π th at is an ancestor of F , is satisfied by A ′ , and is a Σ q 0 form ula of the form F ∗ ( z 1 /B 1 , . . . , z n /B n ) , where each B i is Σ q 0 2: z i is assigned ⊤ if A ′ satisfies B i , otherwise it is assigned ⊥ 3: if no such F ′ exists, then every b ound v ariable is assigned ⊥ . Lemma 6.7. F or every se quent Γ i − → ∆ i in π , W it ( i, π , A ′ ) finds a false formula in Γ i or a witness for a formula in ∆ i . Pr o of. W e pro ve the theorem by induction on the d ep th of the sequent. F or t he base case, the sequen t is an axiom, and the theorem obviously holds. F or the indu ctive step, w e need to look at eac h rule. W e can ignore ∀ -left and ∀ -right since universal quantifiers do not app ear in π . W e will now assume all formulas in Γ i are true and all Σ C N F (2) form ulas in ∆ i as false. So we need to find a Σ q 1 form ula in ∆ i that is true. Consider cut . Supp ose the inference is F, Γ − → ∆ Γ − → ∆ , F Γ − → ∆ 26 First supp ose F is tru e. By induction, with the upp er lef t sequent, W it witnesses one of th e formula s in ∆. Then the corresp onding form u la in the b ottom sequent is witnessed by W it . This is b ecause the ancestor of the form ula in the upp er sequent that gi ves th e witness is also an ancestor of the corresponding form ula in the low er sequent. If F is false, it cannot b e the formula that was witnessed in the upp er righ t sequent, and a similar argument can b e made. Consider ∃ - right. Sup p ose the inference is Γ − → ∆ , F ( B ) Γ − → ∆ , ∃ z F ( z ) First supp ose F ( B ) is Σ q 0 . If it is false, we can app ly the ind uctive hypothesis, and , by an argument similar to the previous case, pro ve one of the formulas in ∆ m ust b e witnessed. If F ( B ) is true, then W it wil l witness ∃ z F ( z ) since F ( B ) is the ancestor that gives the witness. If F ( B ) is not Σ q 0 , then we can app ly th e inductive hypothesis, and, by the same argument, find a formula that is witnessed. The last rule we will lo ok at is ∃ - left. S upp ose the inference is F ( y ) , Γ − → ∆ ∃ z F ( z ) , Γ − → ∆ T o be able to apply the inductive hyp othesis, we need to b e sure that F ( y ) is satisfied. If ∃ z F ( z ) it true, then w e know F ( y ) is satisfied b y the construction of A ′ : the v alue assigned to y is chos en to satis fy F ( y ) if it is p ossible. Oth erwise, ∃ z F ( z ) is false, and w e do not need induction. F or t he other rules the inductive h y p othesis can b e applied d irectly and th e witness found as in the previous cases. Theorem 6.8. V L pr oves GL ∗ is sound for pr o ofs of Σ q 1 formulas. Pr o of. The functions A ssig nme nt and W it are in F L and can be formal- ized in V L . A function that fi n ds A ′ , given A , can also be formalized since it in V L . The fi nal t hing to note is that the pro of of Lemma 6.7 can b e formal ized in V L since the induction h yp othesis can b e express as a Σ B 0 ( L F L ) formula and th e induction carried out. The reason this proof does not work for a larger proof system, sa y G ∗ 1 , is b ecause Assig nm ent cannot b e formaliz ed for the larger class of cut form ulas. Also, if th e v ariable restriction w as n ot present, w e w ould not b e able to find A ′ in L , and the pro of w ould, once again, break down. References [1] Mark Brav ermen. Witnessing SA T(2) and NAE-SA T(2) in L. 2003. [2] Sam u el R. Buss. In trod uction t o pro of theory . In Sam uel R. Buss, editor, Handb o ok of Pr o of The ory , pages 1–78. Elsevier Science Pub- lishers, Amsterdam, 1998. 27 [3] S. A. Cook. F easibly constructiv e proofs and the prop ositional cal- culus. In Pr o c e e dings of the 7-th A CM Symp osium on the The ory of c omputation , p ages 83–97, 1975. [4] Stephen Cook. The ories for Complexity Classes and their Pr op osi- tional T r anslations , pages 175–227. Qu aderni di Matematica. 2003. [5] Stephen Co ok and Tsuyoshi Moriok a. Quantified prop ositional cal- culus and a second-order theory for N C 1 . Ar chive for Math. L o gi c , 44(6):711– 749, August 2005. [6] Stephen Co ok and Phuong Nguyen. F oundations of proof complexity: Bounded arithmetic and prop ositional translations. A v ailable from http://w ww.cs.toronto. edu /˜sacook/csc2429h/b o ok, 2006. [7] J. Johannsen. Satisfiabilit y problem complete for deterministic log- arithmic space. In ST ACS 2004, 21st A nnual Symp osium on The- or etic al Asp e cts of Computer Scienc e, Pr o c e e dings , pages 317–325 . Springer, 2004. [8] Jan Kra jicek. Bounde d Arithmetic, Pr op ositional L o gic, and Com- plexity The ory . Cambridge Universit y Press, 1995. [9] Jan Kra jicek and P av el Pulak. Quantified propostitional calculi an d fragmen ts of b ounded arithmetic. Zeitschr. f. math. L o gik und Gr end- lagen d. Math. , 36:29–46, 1990. [10] John C. Lind. Computing in logarithmic space. Mac T echnical Mem- orandom 52, September 1974. [11] Tsuyoshi Moriok a. L o gic al Appr o aches to the Complexity of Se ar ch Pr oblems: Pr o of Compl exity, Quantifie d Pr op ositional C alculus, and Bounde d A rithmetic . PhD thesis, U n iversi ty Of T oronto, 2005. [12] J. P aris and A. Wilkie. Counting problems in bounded arithmetic. In Carlo s Augusto Di Pri sco, editor, Metho ds in M athematic al L o gic , vol u me 1130 of L e ctur e Notes in Mathematics , p ages 317–340, 1985. [13] Steven P erron. A p rop ositional pro of system for log space. In C.- H. Luke O ng, editor, CSL , volume 3634 of L e ctur e Notes in Computer Scienc e , pages 509–52 4. S pringer, 2005. [14] Steven James Perron. Examining t h e fragmen ts of G . In LICS , pages 225–234 . IEEE Computer S ociety , 2007. [15] D. Zam b ella. Notes on polynomially boun ded arithmetic. The Jour- nal of Symb olic L o gic , 61(3):942– 966, 1996. [16] D. Zam b ella. E n d ext ensions of mo dels of linearly boun ded arith- metic. Annals of Pur e and Appl i e d L o gic , 88:263–277, 1997. 28