Adding Negation to Lambda Mu

We present $\cal L$, an extension of Parigot's $\lambda\mu$-calculus by adding negation as a type constructor, together with syntactic constructs that represent negation introduction and elimination. We will define a notion of reduction that extends $\lambda\mu$'s reduction system with two new reduction rules, and show that the system satisfies subject reduction. Using Aczel's generalisation of Tait and Martin-L\"of's notion of parallel reduction, we show that this extended reduction is confluent. Although the notion of type assignment has its limitations with respect to representation of proofs in natural deduction with implication and negation, we will show that all propositions that can be shown in there have a witness in $\cal L$. Using Girard's approach of reducibility candidates, we show that all typeable terms are strongly normalisable, and conclude the paper by showing that type assignment for $\cal L$ enjoys the principal typing property.


Introduction
Intuitionistic Logic (il) [Bro07,Bro08,Bro75] plays an important role in Computer Science, given its strong relation with types in functional programming and the λ-calculus [Cur34,Bar84] through the Curry-Howard isomorphism [How80], i.e. through the fact that typeable functions in a functional programming language correspond to proofs in il, and provable properties to inhabitable types.Its importance is most prominent in the context of proof assistants, of which many are rooted in il.Proof assistants or theorem provers can also be seen as programming languages for which the type system corresponds to a formal logic and ensure proof correctness by capitalising on the Curry-Howard correspondence through their type system.Under this correspondence, checking that a term has a type is operationally equivalent to checking a proof of a proposition [Wad15].
There are currently many different proof assistants in use, that come in different shapes and forms, each with their own characteristic: Coq [Coq21] has a particular focus on the theorem proving aspect where proofs can be written with intuitive tactics, whereas Agda [Nor07] and Idris [Bra13] are more deeply connected to functional programming languages like Haskell.
The more widely used proof assistants that are based on the Curry-Howard isomorphism are all founded on intuitionistic type theory [Mar84].However, the use of il inescapably Overview.This paper introduces the calculus L, which expands on λµ by adding negation.
We will start in Section 1 with an overview of two of the common representations of cl, where we will focus on natural deduction and proof contraction, and why double negation elimination poses a particular problem for the latter.We will define ⊢ ni , a restriction to natural deduction for cl that uses negation and implication, and plays a central role in this paper.We will revisit Parigot's λµ also through its underlying logic, and explain how it deals with negation, implicitly through assumptions stored in the co-context, and explicitly through • →⊥.We in particular highlight that λµ is not fully equipped to deal with the latter kind of negation, as witnesses to tautologies not necessarily are closed terms.We also revisit Summer's νλµ-calculus that fully represents ⊢ ni , together with its non-confluent notion of reduction.
In Section 3 we define the calculus L as an extension of λµ by adding syntax and inference rules that express negation; it can also be seen as a restriction of νλµ.This calculus comes with four elementary notions of reduction, and we will show soundness results for all of them.This is followed in Section 4 by the proof that reduction is confluent, and in Section 5 by the proof that, although a restriction of νλµ, L can still inhabit all provable judgements of ⊢ ni .Then in Section 6, we will show that reduction is strongly normalisable, and conclude in Section 7 by showing that type assignment enjoys the principal typing property.

Natural Deduction for Classical Logic
Natural Deduction for cl, defined by Gentzen in [Gen35] is a way of describing the structure of formal proofs in mathematics that follow the intuitive, human, lines of reasoning as much and describes a step allowed in this formal system, where, assuming that all the statements in the premisses hold, then after applying this step named (Rule) we can accept that the conclusion holds as well.A statement, also called a judgement, is of the shape Γ ⊢ A, where A is a formula and Γ is a context, a collection of formulas that form the assumptions needed for A to hold, and expresses that 'if all formulas in the collection Γ hold, then so does A'.A number of these can together form the premisses; there is only one judgement in the conclusion. 1  Proofs are constructed by applying rules to each other, in the sense that the conclusion of one rule can be a premise of another.The premises on the initial rules (that are not the conclusion of other rules) are called the assumptions of the proof; the (single) conclusion occurs at the bottom.Judgements that are considered to be proven are those that appear at the bottom of the derivation tree.
The inference rules of natural deduction systems almost all come in two varieties for each logical operator: introduction and elimination rules, each for any particular logical connective.For example, for the logical operators ∧ (conjunction) and ∨ (disjunction), these rules look like: To deal with conclusions that need no premisses since they hold by themselves, an axiom rule is added; these form the assumptions of the proof and occur in the 'leaves' of the proof tree. (Ax)

Γ, A ⊢ A
In his paper, Gentzen also presents the Sequent Calculus, which differs from Natural Deduction in that it derives sequences of the shape A 1 , . . ., A n ⊢ B 1 , . . ., B m with the intended meaning 'if all of the properties A 1 , . . ., A n hold, then at least one of the B 1 , . . ., B m does as well.'For each connector, there is a left and right introduction rule, as in 1 An different notation can be found in the literature, where inference rules express the relation between the inferred formulas, without stating the context, and the assumptions are the formulas occurring in the leaves of the derivation tree.Assumptions can be cancelled through steps like 'implication introduction', and are then placed between square brackets or struck through.Since the latter is a non-local operation on the inference tree that is not easily defined or treated formally, here we prefer the 'sequent' notation: it neatly collects in the derived statement the assumptions on which it depends in the context Γ. 12:5 There are no elimination rules for connectors, just a generic (cut)-rule: where C of course can be A ∧ B.
For the Sequent Calculus, Gentzen defines a notion of (proof) contraction that removes occurrences of (cut), and shows that this is (weakly) normalising: for every proof that shows Γ ⊢ lk ∆, there exists a (cut)-free proof that shows the same result.The proof follows a left-most, innermost reduction strategy; it is not shown that cut-elimination is strongly normalising.He does not show a normalisation result in [Gen35] for Natural Deduction, which would eliminate all introduction-elimination pairs, but there is evidence that he did solve that later [vP08]. 2 Prawitz [Pra65] presented an extensive study of proof contraction for Natural Deduction.
The main issue is that in the Sequent Calculus, all logical connectors come with a left and a right introduction rule, whereas in Natural Deduction, not all proof-constructions follow the introduction-elimination pattern of the inference rules.For those that do, proof contraction consists of the removal from a proof of an introduction step followed immediately by an elimination step for the same logical connector; for '∧' that looks like: or, for implication: Notice that, in the rule (→I), the formula A ceases to be an assumption, and that, in the composed proof on the right, A is no longer an assumption needed to reach the conclusion, since it has been shown to hold by D 2 .As a result ∆ 1 and ∆ ′ 1 are not identical, since dealing with different contexts; however, the have the same structure in terms of rules applied.This is not possible for all logical connectors: the way negation is dealt with is, for example, not straightforward.Negation comes of course with introduction and elimination rules: but, in Classical Logic, negation plays a more intricate role, in that the law of excluded middle 'A ∨ ¬A is true for all A' holds (or something similar, like 'there is no distinction between the formulas ¬¬A and A').This is a property that cannot be shown, but has to forced onto the system, and can cause havoc for proof contraction.
There are many different rules that express this to a different degree, like: (called 'proof by contradiction', 'double negation elimination', 'law of excluded middle', 'Peirce's law ', and 'reductio ad absurdum', respectively.)These rules have different expressive power, and adding one rather than another can change the set of derivable properties (see [AH03]).
1.1.Classical Natural Deduction with Implication and Negation.The variant of Classical Natural Deduction we will consider in this paper uses the logical connectors ¬ (negation) and → (implication).
Definition 1.1 (Natural deduction with negation and implication).The formulas we use for our system of natural deduction with negation and implication are: where '→' associates to the right and '¬' binds stronger than '→', and φ is basic formula3 , of which there are infinitely countable many.A context Γ is a set of formulas, where Γ, A = Γ ∪ {A} and the inference rules are: (Ax) : Γ, A ⊢ A (→I) : We write Γ ⊢ ni A for judgements derivable in this system, and ⊢ ni as name for the system.
Notice that ⊥ is not a formula in ⊢ ni , but is a place-holder, used only to represent conflict; it could be omitted from the system, by deriving Γ ⊢ as the conclusion of (¬E).Also, the weakening rule (Wk) : To compare ⊢ ni with the logic with focus ⊢ f we will see below, we show Peirce's law in ⊢ ni (where Γ = (A → B) → A, ¬A): As suggested above, in the presence of (PbC) defining proof contraction is not straightforward.Assume we have used (PbC) to show Γ ⊢ A→B, and also have a proof for Γ ⊢ A; then applying (→E) constructs a proof that appears to be contractable.It is, however, not directly clear how to define that.
Example 1.2.Take the following proof in ⊢ ni : It is a priori not clear how to contract this proof.We would like to use the sub-derivations to be the building stones for the proof for Γ ⊢ B without the (PbC)-(→E) pair, but there is no sub-derivation above the step (PbC) that has A as an assumption (so does not contain Γ, A ⊢ A as the result of rule (Ax)), or that derives Γ ⊢ A→B.
There are many ways around this problem presented in the literature, but at this point we just want to highlight the problem.There are, of course, circumstances in which we can remove the (PbC)-(→E) pair in a proof in ⊢ ni .
Example 1.3.Assume we have the following proof (where Γ ′ ⊆ Γ) 4 : Γ, ¬(A→B), ¬C, ¬D ⊢ ¬(A→B) then we can bring sub-proof D 3 to the right of sub-proof D 1 , apply (→E), and construct the proof whereby removing the (PbC)-(→E) pair; the derivation D ′ 2 is in structure equal to D 2 , in the sense that the same rules get applied in the same order.Since we have removed the →-type, we can argue that the complexity of the proof has decreased.We will see below (Example 2.3 and 2.10) that this kind of proof contraction gets successfully modelled in λµ.
We will see in Section 2.3 a term calculus that directly represents proofs in ⊢ ni , and presents a notion of reduction that represents the above proof contraction, by presenting a different kind of term substitution.
To better be able to reason about the structure of proofs and the technicalities of proof contraction, we need to represent the structure of proofs via term information from an appropriate calculus, and inhabit the inference rules with terms, such that proof contractions will come to correspond to term reduction.This employs the Curry-Howard principle, which expresses a correspondence between terms and their types on one side, and proofs for propositions on the other.We will see below that associating a term calculus to an inference system unlocks the subtle differences between the variants of Classical Logic we consider here.
The natural way to inhabit ⊢ ni is using Summer's νλµ [Sum08]; we will first present Parigot's calculus λµ [Par93b], as this historically came first, and gives a very elegant solution to the proof-contraction problem of Example 1.2.

The foundation of λµ
Parigot's λµ-calculus is a proof-term syntax for classical logic, expressed in Natural Deduction, defined as an extension of the Curry type assignment system for the λ-calculus.With λµ Parigot created a multi-conclusion typing system which corresponds to a classical logic with focus; there derivable statements have the shape Γ ⊢ A | ∆, where A is the main conclusion of the statement, expressed as the active conclusion, Γ is the set of assumptions and ∆ is the set of alternative conclusions, or have the shape Γ ⊢ ⊥ | ∆ if there is no formula under focus.

2.1.
A classical logic with focus.Before discussing λµ, in order to better compare it with the other calculi we discuss in this paper, we first revise its underlying logic, which corresponds to the following system.Definition 2.1 (A classical logic with focus).The formulas for this system are: Contexts Γ and co-contexts ∆ are sets of formulas, and the inference rules are defined through: We write Γ ⊢ f M : A | ∆ for judgements derivable in this system.
but in a version of Natural Deduction where formulas have at most a negation at the front.Note that it therefore avoides the problem of Example 1.2 by not allowing the rule (PbC) to be applied to assumptions on the right in (¬E): A cannot be a negated type, so the premises in the right-hand proof cannot occur swapped.
Example 2.3.Using the above observation, following from Example 1.3, we can create the proofs in ⊢ f , and contract the left proof into the right one.
We will see in Example 2.10 that this forms the basis of structural reduction in λµ.
12:10 2.2.The λµ-calculus.We now present the variant of λµ we consider in this paper, as defined by Parigot in [Par93a] and that gives a Curry-Howard interpretation to the inference rules of ⊢ f .Definition 2.4 (Syntax of λµ).Let x range over the infinite, countable set of term-variables, and α, β range over the infinite, countable set of names.The λµ-terms we consider are defined by the grammar: Recognising both λ and µ as binders, the notion of free and bound names and variables of M , fv(M ) and fn(M ), respectively, is defined as usual, and we accept Barendregt's convention to keep free and bound names and variables distinct, using (silent) α-conversion whenever necessary.
We write x ∈ M (α ∈ M ) if x (α) occurs in M , either free of bound, and call a term closed if it has no free names or variables.We will call the pseudo-terms of the shape [α]M commands, and write C, and treat them as terms for reasons of brevity, whenever convenient.
We will use these notations for other calculi as well in this paper.
As with Implicative Intuitionistic Logic, the reduction rules for the terms that represent the proofs correspond to proof contractions, but in ⊢ f .The reduction rules for the λ-calculus are the logical reductions, i.e. deal with the removal of a introduction-elimination pair for implication and in addition to these, Parigot expresses also the structural rules that change the focus of a proof, where elimination essentially deals with negation and takes place for a type constructor that appears in one of the alternative conclusions (the Greek variable is the name given to a subterm).Parigot therefore needs to express that the focus of the derivation (proof) changes (see the rules in Definition 2.7), and this is achieved by extending the syntax with two new constructs [α]M and µα.M 5 that act as witness to passivation and activation of ⊢ f , which together move the focus of the derivation, and together are called a context switch.
Parigot defines a notion of reduction on these terms, expressed via implicit substitution, and as usual, M {N/x} stands for the (instantaneous) substitution of all occurrences of x in M by N .Two kinds of structural substitution are defined: the first is the standard one, where M {N •γ/α} stands for the term obtained from M in which every command of the form [α]P is replaced by [γ]P N (here γ is a fresh name).This yields a reduction that is Call by Name (cbn) in nature, and shown by Py [Py98] to be confluent.
The second will be of use for Call-by-Value (cbv) reduction, where {N •γ/α}M stands for the term obtained from M in which every [α]P is replaced by [γ]N P .Although cbv is not considered for the calculus L we define in Section 3, we add its definition here, since it does form part of Summer's calculus that we discuss in Section 2.3, and forms an intermediate stage between λµ and L.
They are formally defined by: Definition 2.5 (Structural substitution important cases are: [Par92] only defines the first variant of these notions of structural substitutions (so does not use the prefix 'right'); the two notions are defined together, but rather informally, using a notion of contexts in [OS97].
We have the following notions of reduction on λµ.For the fourth, call by value, different variants exists in the literature; we adopt the one from [OS97].
Definition 2.6 (λµ reduction).(1) The reduction rules of λµ are: (2) Evaluation contexts are defined as terms with a single hole ⌈ ⌋ by: We write C⌈M ⌋ for the term obtained by replacing the hole with the term M .(Free, unconstrained) reduction → βµ on λµ-terms is defined through C⌈M ⌋ → n C⌈N ⌋ if M → N using either the β, µ, θ, or ρ-reductions rule.
[β]N is not a value.Also, unlike for the λ-calculus, cbv reduction is not a sub-reduction system of → βµ : the rule (µ v ) (and left-structural substitution) are not part of → βµ .Both cbn and cbv constitute reduction strategies in that they pick exactly one βµ-redex to contract; notice that a term might be in either cbn or cbv-normal form (i.e.reduction has stopped), but need not be that for → βµ .
Type assignment for λµ is defined below through inhabiting the inference rules of ⊢ f with syntax; there is a main, or active, conclusion, labelled by a term, and the alternative conclusions are labelled by names α, β, etc. Judgements in λµ are of the shape Γ ⊢ λµ M : A | ∆, where ∆ consists of pairs of Greek characters (the names) and types; the left-hand context Γ, as for the λ-calculus, contains pairs of Roman characters and types, and represents the types of the free term variables of M .Definition 2.7 (Typing rules for λµ).(1) Let φ range over a countable (infinite) set of type-variables.The set of types is defined by the grammar: (2) A context (of term variables) Γ is a partial mapping from term variables to types, denoted as a finite set of statements x:A, such that the subjects of the statements (x) are distinct.We write Γ 1 , Γ 2 for the compatible union of Γ 1 and Γ 2 (if x:A 1 ∈ Γ 1 and x:A 2 ∈ Γ 2 , then A 1 = A 2 ), and write Γ, x:A for Γ, {x:A}, x ̸ ∈ Γ if there exists no A such that x:A ∈ Γ, and Γ\x for Γ\{x:A}.(3) A context of names ∆ (or co-context) is a partial mapping from names to types, denoted as a finite set of statements α:A, such that the subjects of the statements (α) are distinct.Notions ∆ 1 , ∆ 2 , as well as ∆, α:A and α ̸ ∈ ∆, ∆\α are defined as for Γ. (4) The type assignment rules for λµ, adapted to our notation, are: We will write Γ ⊢ λµ M : A | ∆ for statements derivable in this system.
(5) We extend Barendregt's convention on free and bound variables and names to judgements (for all the notions of type assignment we define here), so in Γ, x:A ⊢ λµ M : B | α:C, ∆, both x and α cannot appear bound in M .
We can think of [α]M as storing the type of M amongst the alternative conclusions by giving it the name α.Notice that ⊥ is not used at all in ⊢ λµ .
Notice that, if we erase all term information from the inference rules, we get the rules from ⊢ f , but for the variants of (µ); these we can infer, however, so they are admissible.
The following result is standard and of use in the proofs below.
Lemma 2.8 (Weakening and thinning for ⊢ λµ ).The following rules for weakening and thinning are admissible for ⊢ λµ : (Wk) : The following soundness result holds.
This result is in that paper also shown for cbv and cbn-reduction.
Example 2.10.We can illustrate µ-reduction by the derivations for the reduction step Notice that these are the 'inhabited' version of the proofs in Example 2.3; remember that a (Pass)-(Act) pair collapses into (µ).The derivation D ′ 2 is in structure equal to D 2 , since that is decided by the syntactic structure of the context C⌈•⌋ but contains µδ.[γ]M N rather than µδ.
The intuition behind the structural rule is given by de Groote [dG94]: "in a λµ-term µα.M of type A → B, only the subterms named by α are really of type A → B (. . .); hence, when such a µ-abstraction is applied to an argument, this argument must be passed over to the sub-terms named by α." Remark that this is accurate, but hides the fact that the naming construction [α]M is actually a (hidden) instance of rule (¬E), so 'naming' is actually a kind of application.The proof of Peirce's Law (Example 2.2) can be inhabited in λµ with λx.µα.[α](x(λy.µβ.[α]y)).In [Par92], Parigot shows that 'double negation elimination' can be represented in λµ; as suggested above, ⊥ is added as a pseudo-type to express negation ¬A through A→⊥, as well as contradiction.
Example 2.11 (Double negation elimination in λµ).Double negation elimination is shown in ⊢ ni by the proof on the left; we can also show this in ⊢ f , as in the proof on the right, but since ⊢ f has no rules for negation, we need to add ⊥ to express it, so write C → ⊥ for ¬C.
Notice that the rule (Pass) is not directly followed by (Act), while they always come together in λµ, and that the assumption ¬¬C, ¬C ⊢ ni ¬C gets replaced by the proof for (C → ⊥) → ⊥ ⊢ f C → ⊥ | C .Moreover, (¬E) is represented through (→I) and (→E).
Parigot shows that double negation elimination can be represented in λµ [Par92].
This corresponds to the proof in ⊢ f above, but for the fact that extra calls to (Pass) and (Act) are added inside the calls to (µ), as well as additional names of type ⊥; notice that because of these extra rules this term is not closed as it has a free name γ.The proof transformation we hinted at above translates to the following (where ∆ ′ = α:C, γ:⊥, ∆): We will see this kind of transformation play an important role in Section 5.
It is important to point out that the use of γ in the previous example creates an anomaly.Although ((C → ⊥) → ⊥) → C is a logical tautology, the λµ-term that is its witness is not a closed term so the proof has an uncanceled assumption.Moreover, terms can have type ⊥ without being typed with the equivalent of rule (¬I), but using (→E).
Several attempts have been made to rectify this.Parigot not only adds ⊥ to the language of types (in a side remark), but also allows for statements like γ:⊥ to be used without adding them explicitly to the co-context, so does not consider them 'real' assumptions.Ariola and Herbelin [AH03] define an extension of λµ, adding a special syntax construct [tp]M , where tp acts as a 'continuation constant' and represent the outermost context of the term.In their system, the witness to ((C → ⊥) → ⊥) → C is the term λy.µα.[tp]y(λx.µδ.[α]x), a closed term.
Another solution would be to detach, syntactically, passivation from activation, so to no longer insist that they strictly follow each other.That is the approach in de Groote and Saurin's Λµ-calculus [dG94,Sau08]; there the witness would be λy.µα.y(λx.[α]x)which directly inhabits the proof in ⊢ f above.That variant of λµ better expresses the logic of ⊢ f , but one problem with Λµ is that is not clear if (denotational) semantics can be defined for it, which is possible for λµ [SR98,vBBd18].This is directly related to the fact that a µ-abstraction can now be applied to a term of type ⊥ that is an application, rather than a term typed (implicitly) using rule (¬E).
2.3.The νλµ-calculus.In [Sum08], Summers makes a strong case for inhabiting the rules of ⊢ ni directly and in full, and defines the calculus νλµ by adding the rules for negation and their syntactic representation to a generalisation of λµ.He thereby extends the syntax with the construct [M ]N which is used to represent negation elimination, not just when M is a name, but also when the negated statement on the left is the result of a proof, and allows (µ) to be applied to assumption used on the right in (→E).He also removes the distinction between names and variables, and brings all assumptions together in one context.Definition 2.12 (Syntax of νλµ).The νλµ-terms we consider are defined over variables (Roman characters) by the grammar: Type assignment (see Definition 2.14 below) will naturally allow µ-binding to terms of the shape [P ]Q, but since ⊥ is a type, variables and applications can have type ⊥, allowing the term µα.y(λx.[α]x) to be typeable; since a term like λy.P cannot be assigned the type ⊥, a term like µx.λy.P will not be typeable.
The reduction rules for νλµ in [Sum08] are largely defined, as can be expected, through term substitution as far as the constructors λ and ν are concerned, but contracting a µ redex now becomes more involved than in λµ, for the reasons we discussed in Example 1.2.Definition 2.13 (Reduction in νλµ [Sum08]).(1) The auxiliary notion of substitution {z•N/x}7 is defined inductively over the structure of terms, using the base cases (2) The reduction rules of νλµ are: Evaluation contexts are defined by: (Free, unconstrained) reduction → βµ on L-terms is defined through C⌈M ⌋ → n C⌈N ⌋ if M → N using either of the nine rules above.
It is clear that these reduction rules contain the cbv-rules as well in (µ→ 2 ) and (µ¬ 2 ).Thereby reduction is not confluent; we have a critical pair in the rules (µ→ 1 ) and (µ→ 2 ) and the term (µx.M ) (µy.N ) is reducible using both, and these reduction steps will (normally) result in different outcomes.

Definition 2.14 (Type assignment for νλµ). (1) The set of types is defined by the grammar:
A, B :: A context (of term variables) Γ is defined as before.
(2) The type assignment rules for νλµ are: (Ax) : Γ, x:A ⊢ x : A (→I) : We will write Γ ⊢ νλµ M : A for statements derivable in this system.
Notice that ⊥ is a type in ⊢ νλµ .Because the inference rules of ⊢ ni can be obtained from those of ⊢ νλµ by removing all term information, it is immediately clear that all proofs in ⊢ ni have a term representation in νλµ.
Example 2.15.In this calculus, the witness for double negation elimination becomes: The presence of reduction rules µν and µµ in Definition 2.13 is remarkable, since they do not correspond to proof contractions in a proof system that uses ⊥ only to represent conflict.Both rule (µ) and (¬I) are only applicable to a statement of the shape Γ ⊢ νλµ M : ⊥; the rule (µ) above them implies an assumption of the shape ¬⊥, which is allowed since in [Sum08], ⊥ is a type, so the following are valid derivations.Moreover, treating ⊥ as a type gives that negation is represented in two different ways in νλµ.In all, after the choices made by Summers, the calculus is rather too permissive and below, we will choose to not treat ⊥ as a type.
Example 2.16.We can inhabit the proof for (A → B) → ¬B → ¬A in both ⊢ νλµ and ⊢ λµ .Let Γ = x:A→B, y:¬B, z:A, and Γ ′ = x:A→B, y:B→⊥, z:A, then we can construct, respectively: Notice that the same kind of transformation has been applied to replace the negated assumption Γ ⊢ L z : ¬B on the right, and that again the witness for the property is not a closed term in λµ (γ is free).

The L-calculus
We now present the calculus L we introduce in this paper, which can be seen as a variant of λµ that gives a Curry-Howard interpretation to the logical system below, which corresponds to ⊢ f , extended with negation by treating it as a first-class citizen.Our aim is to fully represent proofs in ⊢ ni in a natural way, but defining a calculus with a notion of reduction that is confluent.
We call this calculus L in honour of Mendelson's formal axiomatic theory L for the propositional calculus [Men64].Adapted to our notation, L is defined through: The first two rules form the axiom-schemes for intuitionistic implicational logic; the third rule renders the system classical.For example, using these three rules it is possible to show ¬¬C→C (for details, see [Men64], Lemma 1.11(a)).
The attentive reader will recognise the types of the combinators K and S of Curry's Combinatory Logic [Cur34,CF58] in the first two axioms; this is the origin of the Curry-Howard isomorphism [Cur34].Of course here we follow Church's approach, by defining an extended λ-calculus.
We will base L on a variant of the system ⊢ f defined below; notice that, because we use negation explicitly, as in νλµ we no longer have to separate the negated formulas from the non-negated ones.
(Ax) : Γ, A ⊢ A (→I) : Notice that A in rules (Act) and (Pass) can be a negated formula.The rule (Pass) could be omitted, since, as before, we can derive: We keep the rule, however, since we want to preserve the fact that in rule (Act) we only cancel a negated assumption that was used on the left in (¬E); notice that that characteristic is not expressed in the logic, but will be once we represent the structure of proofs through syntax.
Definition 3.2 (Syntax of L).The set of L-terms we consider is defined over variables and names by the grammar: Notice that α is not a term.Since ⊥ is not a type, type assignment (see Definition 3.6 below) will only allow µ-binding to terms of the shape [α]Q or [P ]Q, so staying close to λµ.
We will use L for the set of terms defined above, as well as for the system based on that, including the reduction and type assignment rules.In L, reduction of terms is expressed via three types of implicit substitution.As usual, M {N/x} stands for the (instantaneous) substitution of all occurrences of x in M by N .The definition of structural substitution for L is defined as for λµ (Definition 2.5), but with small modifications.Definition 3.3 (Structural substitution in L).Structural substitution, M {N •γ/α} and insertion M {N/α} are defined inductively over terms.We give the main cases: We have the following notion of reduction on L.
(1) The reduction rules of L are: Evaluation contexts are defined by: Reduction → L on L-terms is defined through C⌈M ⌋ → L C⌈N ⌋ if M → N using either the β, ν, µ, δ, θ, or ρ-reduction rule.As usual, we will use → = L for the reflexive closure, and → * L for the reflexive, transitive closure of → L .Since syntax and reduction rules for L are direct extensions of those for λµ, we can show easily that reduction in L is a conservative extension of reduction in λµ.A similar result cannot be shown for νλµ, nor for cbv reduction in λµ.
Type assignment for L is defined through: Definition 3.6 (Type assignment for L).(1) The set of types T L is defined by the grammar: where '→' associates to the right and '¬' binds stronger than '→'.If A = ¬B, we call A a negated type, and if A = ¬B, but B ̸ = ¬C, we call A a single negated type.If A = ¬¬B, we call A a double negated type, where B could be a negated type as well.(2) A context Γ is defined as a partial mapping from term variables to types (which can be negated) and names to negated types, denoted as a finite set of statements x:A and α:¬B, such that the subjects of the statements are distinct.We define Γ through: The type assignment rules for L are: We will write Γ ⊢ L M : A for statements derivable in this system.

12:20
Notice that ⊥ is not a type.Also, in rule (N), α:¬A is added to the context; this allows for that statement to already occur there.In all the rules where a variable or name is bound, by our variable convention it does not occur in the context in the conclusion.The notation Γ will be used in Corollary 5.3.
Example 3.7.In this calculus, λy.µα.[y] (νx.[α]x) is the witness for double negation elimination: It is also straightforward to find untypeable terms.For example, we cannot type a term like [λx.M ]N since type assignment would require a negated type for λx.M , nor µα.λx.M since that would require ⊥ for λx.M , nor νy.λx.M , µα.M N , µα.νx.M , etc.
We can also how that type assignment in L is a conservative extension of that in λµ.
Again, a similar result cannot be shown for νλµ.
It will be clear that, once allowing Greek characters for variables as well, the rule (N) is admissible in ⊢ νλµ , as was the case above for rule (Pass).Observe that, if Γ, α:¬A ⊢ L M : ⊥, in order for the derivation for Γ ⊢ L µα.M : A to be used as a subderivation, either A = B→C, or A = ¬B, for some B and C.
We will now show that types are preserved under reduction.For this we need a weakening result.
Lemma 3.9 (Weakening and thinning for ⊢ L ).The following rules are admissible for ⊢ L : (Wk) : Notice that, by our extension of Barendregt's convention in Definition 2.7, Γ ′ cannot contain statements for the bound names and variables in M .
Example 3.10.We illustrate the reduction rule δ: It might have been more natural, similar to the approach of [Sum08], to define which would have created the subterm [νz.
[z]N ]P in the derivation above; however, notice that [νz.
[z]N/α} only ever gets applied 'to the left'.
We will now show that type assignment is closed under reduction.First we show results for the three notions of term substitution.
Proof.(1) Standard, by induction on the definition of term substitution.
(2) By induction on the definition of structural substitution.All cases follow straightforwardly, except for: Since we know that Γ ⊢ L L : B, we can construct: (3) By induction on the definition of insertion.All cases follow straightforwardly, except for: and the derivation is of the shape: Γ, α:¬¬A ⊢ [α]P : ⊥ By induction we have Γ ⊢ L P {N/α} : ¬B, and we can construct: Notice that the structural substitution {N •γ/α} gets performed by building an application with any subterm P that is named α, resulting in [γ]P N of type B.Moreover, the insertion {N/α} gets performed for typed terms towards a name that has a double negated type, which disappears.
We will now show that type assignment respects reduction: Theorem 3.12 (Soundness).If Γ ⊢ L M : A, and M → L N , then Γ ⊢ L N : A.
Proof.By induction on the definition of → L , where we focus on the basic reduction rules.

Confluence
In this section we will show that reduction in L satisfies the Church-Rosser property, i.e. is confluent.This property is defined as follows: Definition 4.1 (Diamond and Church-Rosser Properties [Bar84]).Let R be binary relation on a set V .
(1) R satisfies the diamond property if for all t, u, v ∈ V , if t R u and t R v, then there exists w ∈ V such that u R w and v R w.
(2) R satisfies the Church-Rosser property (is confluent) if its reflexive, transitive closure R * satisfies the diamond property.
This immediately implies that if a relation is confluent, then so is its transitive closure.The standard approach to showing confluence is that of Tait and Martin-Löf (see [Bar84,Pfe92]) by defining a notion of parallel reduction that is based on the standard reduction, which is a reflexive relation defined (in the case of β-reduction) through the rules: By the last rule, '⇒' encompasses '→ β '; also, if N reduces to N ′ , then (λx.M )N reduces to M {N ′ /x}, so all contractions in the various copies of N inside M {N/x} are contracted simultaneously when contracting the redex (λx.M )N ; we are even allowed to contract a redex in M , and contracting all these together is considered a single step in '⇒'.The proof of confluence for β-reduction then contains of showing that ⇒ satisfies the diamond property, and that ⇒ = → * β .Using this technique, confluence has been claimed for λµ in [Par92], but, as noticed in [Py98,BHF01], that proof was not complete.The main reason is that the proof overlooks the fact that, perhaps unexpectedly, contraction of one redex can remove another.where N gets (also) placed as an argument to µβ.[γ]M N , creating the application (µβ.[γ]MN )N which means that the result is no longer a µ-abstraction, thus destroying the ρ-redex.The resulting terms can be joined, but not through a single parallel reduction step, Notice, in particular, the change in the rule based on β-reduction, which changes from Proof.First, since M ⇒ L M , for all M , by the presence of rules (9), (10), (11), and (12), we have Since in ⇒ L we essentially contract any number of → L -redexes in parallel (including zero or just one) we also have that ⇒ L ⊆ → * L .So in particular, ⇒ L is a subset of a relation that is transitive, so its transitive closure is that as well, so The following property expresses that the four kinds of substitution are respected by ⇒ L .Lemma 4.7 (Substitution Lemma).If P ⇒ L P ′ and Q ⇒ L Q ′ , then: (1) P {Q/z} ⇒ L P ′ {Q ′ /z}, (2) P {Q•γ/z} ⇒ L P ′ {Q ′ •γ/z}, (3) P {Q/α} ⇒ L P ′ {Q ′ /α}, and (4) P {β/α} ⇒ L P ′ {β/α}.

Proof.
(1) By induction on the definition of ⇒ L , where we focus on the first parallel reduction.
(1) : We now show that ⇒ L satisfies the diamond property.We will write 'P 1 ⇒ P 3 ⇒ P 2 ' for 'P 1 ⇒ L P 3 and P 2 ⇒ L P 3 '.Theorem 4.9.If P 0 ⇒ L P 1 and P 0 ⇒ L P 2 then there exists a P 3 such that P 1 ⇒ P 3 ⇒ P 2 .
Proof.By induction on the definition of ⇒, where we focus on the first parallel reduction.We only show the interesting cases.
Proof.By Theorem 4.9, we have that ⇒ L satisfies the diamond property, and by Lemma 4.6 that → * L is the transitive closure of ⇒ L .Then by Definition 4.1, → L is confluent.

Representing ⊢ ni in ⊢ L
In this section we will show that all statements provable in ⊢ ni have a witness in ⊢ L .We achieve this result by first defining a mapping for terms from νλµ to L; this will deal with a necessary transformation of derivations when establishing a relation between typeability in νλµ and L. What we use here is the transformation from ⊢ L to ⊢ νλµ : Remark that in the first, there is no subterm that has type C, whereas in the second, there is.So we can deal with (PbC) towards an assumption that is not on the left.

Theorem 3. 5 .
If M and N are λµ terms such that M → * βµ N , then M → * L N .Proof.Straightforward.

x}
It is this change that solves the problem mentioned.