Rasiowa–Harrop Disjunction Property

We show that there is a purely proof-theoretic proof of the Rasiowa–Harrop disjunction property for the full intuitionistic propositional calculus (IPC\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbf {IPC}$$\end{document}), via natural deduction, in which commuting conversions are not needed. Such proof is based on a sound and faithful embedding of IPC\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbf {IPC}$$\end{document} into an atomic polymorphic system. This result strengthens a homologous result for the disjunction property of IPC\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbf {IPC}$$\end{document} (presented in a recent paper co-authored with Fernando Ferreira) and answers a question then posed by Pierluigi Minari.


Introduction
In paper [5], as a corollary of a purely syntactical proof of the faithfulness of the embedding of full intuitionistic propositional calculus IPC into the atomic polymorphic system F at , a new syntactical proof of the disjunction property of IPC was produced. The major novelty of this alternative proof is the non-necessity of commuting conversions on the natural deduction calculus.
The main goal of the present paper is to answer a question then posed by Pierluigi Minari: "Is it possible to give a direct 1 proof of the Rasiowa-Harrop disjunction property of IPC via the faithful embedding of IPC into F at (and the normalization property of the latter)?" We show that the answer is yes, and somewhat natural, once we consider the atomic polymorphic calculus in the form F ∧ at (a technical variant of F at ). To make the paper reasonably self-contained we introduce the systems and the properties needed in what follows. The atomic polymorphic system we are going to work with, which we denote by F ∧ at , is the restriction of Jean-Yves Girard system F [7,10] (with →, ∧, and ∀ as primitive connectives) to atomic universal instantiations. 2 The formulas in F ∧ at are defined as the smallest class of expressions that includes the atomic formulas (propositional constants and second-order variables) and is closed under implication, conjunction and second-order universal quantification. In the natural deduction calculus, proofs in F ∧ at are built using the following introduction rules: [A] .
where, in the third rule, X does not occur free in any undischarged hypothesis; and the following elimination rules: . .

∀X.A ∀E A[C/X]
where C is an atomic formula (free for X in A), and A[C/X] is the result of replacing in A all the free occurrences of X by C. It is the restriction to atomic instantiations in the latter rule that distinguishes F ∧ at from F. The impredicative system F allows, in the ∀E rule, the instantiation of X by any (not necessarily atomic) formula of the system.
Since our goal is to study the Rasiowa-Harrop disjunction property in the full intuitionistic propositional calculus IPC via the atomic polymorphic system F ∧ at , we are going to make crucial use of the Russell-Prawitz translation ( [9,11]) from IPC into F ∧ at , that we review below. For each formula A of the full intuitionistic propositional calculus, we define its translation A * into F ∧ at inductively as follows: (P ) * :≡ P , for P a propositional constant 2 System F ∧ at is system Fat [2,4] with an extra primitive connective for conjunction.
where X is a second-order variable which does not occur in A * nor in B * . Note that the Russell-Prawitz translation also allows for the translation of ∧ in terms of → and ∀. Since our target system F ∧ at has ∧ as a primitive symbol the translation can be simplified as above.
The previous translation is, in fact, a sound and faithful embedding of . . , A n and A 1 , . . . , A n , A are formulas in IPC and Γ * :≡ A * 1 , . . . , A * n . The soundness proof can be found in [2,3] and relies on the phenomenon of instantiation overflow. Instantiation overflow ensures that, from formulas of the form for any (not necessarily atomic) formula F . The proof of instantiation overflow is given in [2,3] and it yields algorithmic methods for obtaining the two kinds of deductions above. For a recent study on instantiation overflow see also [1].
The proof of faithfulness can be found in [5]. 3 The advantage of working in the predicative system F ∧ at is that it has (as opposed to IPC) no "bad" connectives, i.e., ⊥ and ∨ are absent from the calculus and has no ad hoc commuting conversions (see the enjoyable discussions by Girard in Chapter 10 of [7] commenting harshly on what he calls the "defects" of the natural deduction calculus). As we argue in the last section, IPC should be seen through the lens of its embedding into F ∧ at , avoiding this way the "defects" of the system. Two properties of F ∧ at , we are going to use extensively in the present paper, are the strong normalization property for βη-conversions [4] 4 and the subformula property for normal 3 The proof-theoretic proof of faithfulness presented in [5] was given in the context of Fat. The proof can be trivially adapted to F ∧ at , i.e., to the case where conjunction is a primitive symbol. 4 The strong βη-normalization proof of Fat presented in [4] generalizes easily to F ∧ at : a straightforward reducibility clause can be added for conjunction.
proofs [2]. 5 We remember that the proper subformulas of a formula of the form ∀X.A are the subformulas of the formulas of the form A[C/X], for C an atomic formula free for X in A. As usual, we assume that bound variables in a formula can be freely renamed.
More than the subformula property, in what follows, we are going to need the following stronger result: -A n is the conclusion; -for i = 0, . . . , n − 1, A i is the principal premise (i.e. the premise that carries the eliminated symbol) of an elimination rule whose conclusion is A i+1 .
In particular, A n is a subformula of A 0 .
After this introductory section where we presented the goal of the paper, the systems involved and made a quick survey on relevant properties of these systems, the paper is organized as follows: in Section 2, we introduce some definitions relevant to our study e.g. strictly positive subformula or Rasiowa-Harrop formula in both IPC and F ∧ at frameworks and prove some auxiliary results involving these concepts; in Section 3, we prove that F ∧ at enjoys the Rasiowa-Harrop disjunction property and in Section 4 we present the main result of the paper: an alternative proof of the Rasiowa-Harrop disjunction property of IPC, via natural deduction, without commuting conversions. We finish (Section 5) with some comments and final considerations.

Preliminaries
By a disjunction in F ∧ at , denoted by D * ∨ E * 6 , we mean the translation of a disjunction, i.e., a formula of the form ∀X.((D * → X) → ((E * → X) → X)) :≡ (D ∨ E) * (with D and E formulas in IPC). 5 Again, paper [2] is about Fat, but the rules for conjunction can be dealt with exactly in the same way (see [7, p. 76]). 6 Note that ∨ is not a primitive symbol in F ∧ at . The abbreviation D * ∨ E * is introduced for ease of notation.
By a translated formula in F ∧ at we mean a formula in F ∧ at which is the translation (via the Russell-Prawitz translation) of a certain formula in IPC.
Easily from the Russell-Prawitz translation we have the following result: (ii) Universal quantifications in A * always occur in one of the following two specific forms: Remark 2.2. Note that Lemma 2.1 impacts on the nesting of universal quantifications in a translated formula. In a translated formula we never have A(X, Y ) (with X, Y distinct variables) simultaneously under the scope of the second-order quantifications ∀X and ∀Y . Thus, a subformula of a translated formula has no more than one atomic formula (repetitions may occur) obtained by the instantiation of second-order universal quantifications of the translated formula.
Proposition 2.3. Let A 0 , . . . , A n be a principal branch according to Proposition 1.1, let A 0 be a translated formula in F ∧ at and X be a second-order variable. If X occurs free in A n and A n ≡ X, then there are formulas Proof. By Proposition 1.1, we know that A n is a subformula of A 0 . By the freely renaming of bounded variables in a formula we may assume without loss of generality (see Lemma 2.1 and Remark 2.2) that A n occurs in A 0 . Notice, again by Lemma 2.1(i), that A n is in A 0 under the scope of a second-order quantification ∀X. By Lemma 2.1(ii), we know that the universal quantifications in a translated formula are of one of the following forms: , with D and E formulas of IPC. The second-order universal quantification which has A n as a subformula can not be ∀X.X because X occurs free in A n and A n ≡ X. Thus, it has to be ∀X. ( ) is a formula in the principal branch. Note that, by definition, a principal branch is a sequence of immediate subformulas. If ∀X.((D * → X) → ((E * → X) → X)) was not in the principal branch then A n would not be in the principal branch either because from a formula properly containing ∀X.
, through a single elimination rule we could not obtain a proper subformula of (D ∨ E) * .
Proof. The proof is by induction on the number of inferences in D. The base of induction is when D consists solely of an hypothesis (i.e. A is derived from A). The result is obvious: For the implication rules, for the conjunction rules and for the ∀E-rule when the conclusion is not obtained by instantiating the bound variable of the universal quantifier by the atomic variable X the result follows immediately by induction hypothesis. Just notice that the rules are still valid when replacing the free occurrences of X by F .
In In what follows we will need the notion of Rasiowa-Harrop formula in both the IPC and the F ∧ at contexts. For that, we review the notion of strictly positive subformula of a formula in IPC and introduce a homologous definition in the context of F ∧ at .

Equivalently, A is a Rasiowa-Harrop formula if each disjunction (if any) in A occurs only in the antecedent of some implicative subformula of A.
Lemma 2.9. Let D, E and A be formulas in IPC. If (D ∨ E) * ∈ sp(A * ) then D ∨ E ∈ sp(A). 8 Proof. By induction on A. If A is a propositional constant or A ≡ ⊥ the result is trivial (antecedent false, nothing to check). Proof. Suppose that A * is not a Rasiowa-Harrop formula of F ∧ at . Take ∀X.((D * → X) → ((E * → X) → X)) ≡ (D ∨ E) * an element of sp(A * ). By Lemma 2.9, we know that D ∨ E ∈ sp(A). Thus A is not a Rasiowa-Harrop formula of IPC. The proof follows by contraposition.
Lemma 2.11. The elimination rules of F ∧ at are such that: (i) The conclusion is a strictly positive subformula of the principal premise.

(ii) If the principal premise is a RH-formula then the conclusion is a RH-
formula. 8 Note that a general result for arbitrary formulas is not valid: B * ∈ sp(A * ) not even implies that B is a subformula of A. Just take B ≡ P , with P a propositional constant in IPC, and A ≡ ⊥. We have that P * ∈ sp(⊥ * ) but P is not a subformula of ⊥. Moreover, B * ∈ sp(A * ) and B a subformula of A still does not imply that B ∈ sp(A). Just take A ≡ R → (P ∨ Q) and B ≡ R, with P , Q and R distinct propositional constants in IPC. We have that R * ≡ R ∈ sp((P * → R) → ((Q * → R) → R)) ⊆ sp((R → (P ∨ Q)) * ) but R / ∈ sp(R → (P ∨ Q)).

Proof. (i) By Definition 2.6, we have that sp(B) ⊆ sp(A → B), sp(A) ⊆ sp(A ∧ B), sp(B) ⊆ sp(A ∧ B) and sp(A[C/X]) ⊆ sp(∀X.A)
for C an atomic formula. The result follows because a formula belongs to its sp class.
Proposition 2.12. Let A 0 , A 1 , . . . , A n be a principal branch according to Proposition 1.1 (in particular, A 0 is the undischarged hypothesis and A n is the conclusion). Then Proof. By induction on n, applying Lemma 2.11 and its proof.

Rasiowa-Harrop Disjunction Property of F ∧ at
Having in view to present, in the next section, a purely proof-theoretic proof of the Rasiowa-Harrop disjunction property of IPC, via natural deduction without the need of commuting conversions, we prove below the following Rasiowa-Harrop disjunction property of F ∧ at .
Since F ∧ at enjoys the (strong) normalization property, take a normal derivation of A ∨ B from D in F ∧ at : The last rule must be an introduction rule. Note that if it was an elimination rule, the principal branch would have a RH-formula (D) as undischarged hypothesis and a conclusion (A ∨ B) which is not a RH-formula, contradicting Proposition 2.12(ii).
Thus we have Again the penultimate rule has to be an introduction rule. If it was an elimination rule, by Proposition 2.3, the principal branch, with D as undischarged hypothesis and (A → X) → ((B → X) → X) as conclusion, would have a formula of the form ∀X.
with F and G translated formulas in F ∧ at . 9 Thinking in the principal branch D, . . . , F ∨ G, we would have a RH-formula D as undischarged hypothesis but a non RH-formula F ∨ G as the conclusion, contradicting Proposition 2.12.
Thus we have Let us argue that again the last rule can not be an elimination rule. If it was an elimination rule, the principal branch would be of the form (i) D, . . . , (B → X) → X or of the form (ii) A → X, . . . , (B → X) → X.
Again, by Propositions 2.3 and 2.12, case (i) does not occur. Case (ii) does not occur either, because the formula following A → X in the principal branch would be X and the principal branch would stop there (never reaching (B → X) → X). Note that a second-order variable can not be a principal premise in an elimination rule.
Thus we have Since X is a variable, the last rule has to be an elimination rule. The possible cases (for the last rule) are: (i) ∀X.X X , (ii) H∧X X , (iii) X∧H X , and (iv) H→X H X , with H a formula in F ∧ at . In case (i) we have a proof of the form

∀X.X ∀E X
Note that D and potentially A → X and B → X are the only possible undischarged hypotheses. Thus we have the following derivation in F ∧ where the double line hides the proof in F ∧ at that exists by instantiation overflow.
Therefore, by the (strong) normalization property of F ∧ at , there is a normal proof of A (in F ∧ at ) from the hypothesis D and possibly A → X and B → X. By the subformula property we know that any universal formula in such a proof is a subformula of a translated formula. Thus, by Lemma 2.4 (taking F :≡ X → X) we conclude that there is a normal derivation in F ∧ at of A from D. Note that X does not occur free in D nor in A.
We argue that cases (ii) and (iii) never occur. Notice that, by Proposition 1.1, we would have a principal branch of the form D, . . . , H ∧ X, X (case X ∧H is similar). [A → X or B → X can not be the undischarged hypothesis on the top of the principal branch because such branches would have just two formulas A → X, X or B → X, X.] By Proposition 2.3, the principal branch would have a formula of the form F ∨ G, with F and G translated formulas in F ∧ at . Contradiction by Proposition 2.12, because the principal branch D, . . . , F ∨ G would have a RH-formula as (undischarged) hypothesis and a non RH-formula as conclusion. 10 Let us analyse case iv). We know that the principal branch has to start with the undischarged hypothesis A → X, B → X or D. If the principal branch starts with A → X we have that the proof has the form But then we have a normal proof of the form A which we already saw (applying Lemma 2.4) that yields a proof of A from D.
If the principal branch starts with B → X the analysis is entirely similar replacing A by B and we obtain a proof in F ∧ at of B from D. The principal branch can not start with D, because if it was the case, by Proposition 2.3, the principal branch D, . . . , H → X would have a formula of the form F ∨ G with F and G translated formulas in F ∧ at . Contradiction by Proposition 2.12.
This finishes the proof.

Rasiowa-Harrop Disjunction Property of IPC
We are now able to present our main result: an alternative purely prooftheoretic proof, via natural deduction, of the Rasiowa-Harrop disjunction property of IPC. This alternative strategy is cemented on the Rasiowa-Harrop disjunction property of F ∧ at proved in the previous section and takes advantage of the sound and faithful embedding of IPC into F ∧ at . The main interest of reasoning via F ∧ at is that the system has only "good" connectives 11 -and has no commuting conversions. 12 11 We avoid this way the "bad" elimination rules (for ⊥ and ∨) of IPC pointed by Girard in [7, p. 74].
12 Note that, in the framework of IPC, in order to ensure that normal proofs enjoy the subformula property, the natural deduction calculus has to be enriched with some ad hoc conversions, the so called commuting (or permutative) conversions. See Girard's criticism of such conversions on [7, p. 80]. System F ∧ at does not suffer from the previous defects pointed by Girard: F ∧ at has no commuting conversions, no "bad" connectives and normal proofs still enjoy the subformula property. Proof. Suppose that D IPC A ∨ B. Since the Russell-Prawitz translation of the full intuitionistic propositional calculus into F ∧ at is sound, we have D * which, according to our notation, is also written as D *

Final Comments
(1) The reason we worked with an atomic polymorphic system which directly deals with conjunction (F ∧ at instead of F at ) is because with the "natural" definition of RH-formulas in the atomic polymorphic context (as presented in Definition 2.8) the RH-disjunction property is valid in F ∧ at but not in F at . The proof that the RH-disjunction property is valid in F ∧ at was presented in Theorem 3.1. To argue that the RH-disjunction property is not valid in F at it is enough to present a counterexample. Let P , Q and R be distinct propositional constants in IPC. Let D be the following formula in F at : ((P ∨ Q) ∧ R) * , i.e., D :≡ ∀X.(((P ∨ Q) * → (R * → X)) → X) 14 . We can prove that D F at P * ∨ Q * , but D F at P * nor D F at Q * . Moreover, since for all atomic formula C, no element of the set sp(D) is a disjunction. Thus, we conclude that D is a RH-formula in F at . 15 (2) In the Russell-Prawitz translation of IPC into F ∧ at , instead of the translation of disjunction presented in Section 1, we could have used the alternative translation: (A ∨ B) * :≡ ∀X.(((A * → X) ∧ (B * → X)) → X), where X is a second-order variable which does not occur in A * nor in B * .
(3) In the well-known book [7], Girard defends that the elimination rules for ⊥ and ∨ are not as natural and well-behaved as the other (natural deduction) inference rules of IPC. He argues that since the presence of such rules gives rise to problems and "boring complications" (e.g. the need for commuting conversions in order to have the subformula property in normal derivations) "one tends to think that natural deduction should be modified to correct such atrocities". In recent years [3,4] we have suggested that system F at (which embeds IPC and has very well-behaved rules) provides a natural framework for full intuitionistic propositional logic. Nowadays the author believes that system F ∧ at is even more adequate and appealing for studying IPC. F ∧ at keeps the advantages of F at -no bad connectives, no commuting conversions, strong normalization property, subformula property, sound and faithful embedding of IPC into the system-and has an advantage over F at -equality of proofs for βη-conversions. In F ∧ at (as opposed to F at ) we have that βη-conversions of IPC translate into βη-conversions of the atomic polymorphic system 16 and, as a consequence, from the strong normalization of F ∧ at considering βη-conversions we can derive a proof of the strong normalization of IPC with respect to βη-conversions (see [6]). The present paper (see comment 1) above) reinforce the idea that F ∧ at is really convenient for studying structural proof-theoretic properties of IPC: F ∧ at enjoys the Rasiowa-Harrop disjunction property and from such proof an 15 Note that the example above does not provide a counterexample for the RHdisjunction property in the framework of F ∧ at : the formula D ≡ ((P ∨ Q) ∧ R) * ≡ (P ∨ Q) * ∧ R * is not a RH-formula in F ∧ at . 16 In Fat such result is not valid precisely due to the η-conversion for conjunction. alternative proof of the Rasiowa-Harrop disjunction property in the context of IPC can be derived.