Schematic Refutations of Formula Schemata

Proof schemata are infinite sequences of proofs which are defined inductively. In this paper we present a general framework for schemata of terms, formulas and unifiers and define a resolution calculus for schemata of quantifier-free formulas. The new calculus generalizes and improves former approaches to schematic deduction. As an application of the method we present a schematic refutation formalizing a proof of a weak form of the pigeon hole principle.


Introduction
Recursive definitions of functions play a central role in computer science, particularly in functional programming. While recursive definitions of proofs are less common they are of increasing importance in automated proof analysis. Proof schemata, i.e. recursively defined infinite sequences of proofs, serve as an alternative formulation of induction. Prior to the formalization of the concept, an analysis of Fürstenberg's proof of the infinitude of primes [3] suggested the need for a formalism quite close to the type of proof schemata we will discuss in this paper. The underlying method for this analysis was CERES [5] (cut-elimination by resolution) which, unlike reductive cut-elimination, can be applied to recursively defined proofs by extracting a schematic unsatisfiable formula and constructing a recursively defined refutation. Moreover, Herbrand's theorem can be extended to an expressive fragment of proof schemata, that is those formalizing k-induction [10,14]. Unfortunately, the construction of recursively defined refutations is a highly complex task. In previous work [14] a superposition calculus for certain types of formulas was used for the construction of refutation schemata, but only works for a weak fragment of arithmetic and is hard to use interactively.
The key to proof analysis using CERES in a first-order setting is not the particularities of the method itself, but the fact that it provides a bridge between automated deduction and proof theory. In the schematic setting, where the proofs are recursively defined, a bridge over the chasm has been provided [10,14], but there has not been much development on the other side to reap the benefits of. The few existing results about automated deduction for recursively defined formulas barely provide the necessary expressive power to analyse significant mathematical argumentation. Applying the earlier constructions to a weak mathematical statement such as the eventually constant schema required much more work than the value of the provided insights [8]. The resolution calculus we introduce in this work generalizes resolution and the first-order language in such a way that it provides an excellent environment for carrying out investigations into decidable fragments of schematic propositional formulas beyond those that are known. Furthermore, concerning the general unsatisfiability problem for schematic formulas, our formalism provides a perfect setting for interactive proof construction.
Proof schema is not the first alternative formalization of induction with respect to Peano arithmetic [17]. However, all other existing examples [6,7,15] that provide calculi for induction together with a cut-elimination procedure do not allow the extraction of Herbrand sequents 4 [12,17] and thus Herbrand's theorem cannot be realized. In contrast, in [14] finite representations of infinite sequences of Herbrand sequents are constructed, so-called Herbrand systems. Of course, such objects do not describe finite sets of ground instances, though instantiating the free parameters of Herbrand systems does result in sequents derivable from a finite set of ground instances.
The formalism developed in this paper extends and improves the formal framework for refuting formula schemata in [10,14] in several ways: 1. The new calculus can deal with arbitrary quantifier-free formula schemata (not only with clause schemata), 2. we extend the schematic formalism to multiple parameters (in [10] and in [14] only schemata defined via one parameter were admitted); 3. we strongly extend the recursive proof specifications by allowing mutual recursion (formalizable by so-called call graphs). Note that in [10] a complicated schematic clause definition was used, while the schematic refutations in [14] were based on negation normal forms and on a complicated translation to the n-clause calculus. Moreover, the new method presented in this paper provides a simple, powerful and elegant formalism for interactive use. The expressivity of the method is illustrated by an application to a (weak) version of the pigeon hole principle.

A Motivational Example
In [8], proof analysis of a mathematically simple statement, the Eventually Constant Schema, was performed using an early formalism developed for schematic proof analysis [10]. The Eventually Constant Schema states that any monotonically decreasing function with a finite range is eventually constant. The property of being eventually constant may be formally written as follows: where f is an uninterpreted function symbol with the following property ∀x n i=0 f (x) = i for some n ∈ N. The method defined in [10] requires a strong quantifier-free end sequent, thus implying the proof must be skolemized. The skolemized formulation of the eventually constant property is ∃x(x ≤ g(x) → f (x) = f (g(x))) where g is the introduced Skolem function. The proof presented in [8] used a sequence of Σ 2 -cuts ∃x∀y(((x ≤ y) ⇒ n + 1 = f (y)) ∨ f (y) < n + 1).
Also, the Skolem function was left uninterpreted for the proof analysis. The resulting cut-structure, when extracted as an unsatisfiable clause set, has a fairly simple refutation. Thus, with the aid of automated theorem provers, a schema of refutations was constructed. The use of an uninterpreted Skolem function greatly simplified the construction presented in [8]. In this paper we will interpret the function g as the successor function. Note that using the axioms presented in [8] the following statement is not provable. Note that we drop the implication of Equation 1 and the antecedent of the implication given that x ≤ suc(x) is a trivial property of the successor function. However, using an alternative set of axioms and a weaker cut we can prove this statement. The additional axioms are as follows: f (x) = i f (x) < s(k) , for 0 ≤ i ≤ k < n f (suc(x)) = i f (x) < s(k) , for 0 ≤ i ≤ k < n f (x) = k, f (suc(x)) = k f (x) = f (suc(x)) , for 0 ≤ k ≤ n For the most part these axioms are harmless, however f (suc(x)) < s(k) f (suc(x)) = k, f (x) < k implies that f has some monotonicity properties similar to the eventually constant schema. For all values y in the range larger than x, either f (y) = n or f (y) < n. Our axioms imply that once f (y) < n all values z > y are mapped to values of the range less than n. Being that our proof enforces this property using the following ∆ 2 -cut formula we are guaranteed to reach a value in the domain above which f is constant. The cut formula is as follows: ∃x(f (x) = k ∧ k = f (suc(x))) ∨ ∀x(f (x) < k) , for 0 ≤ k ≤ n.
One additional point which the reader might notice is that we use what seems to be the less than relation and equality relation of the natural numbers, but do not concern ourselves with substitutivity of equality nor transitivity of <. While including these properties will change the formal proof we present below, the argument will still require a free numeric parameter denoting the size of the range of f and the number of positions we require to map to the same value.
We will refer to this version of the eventually constant schema as the successor eventually constant schema. While this results in a new formulation of the eventually constant schema under an interpretation of the Skolem function as the successor function, we have not taken complete advantage of this new interpretation yet in that this re-formulation is actually of lower complexity than the eventually constant schema. For example in Figure 1 we provide the output of Peltier's superposition induction prover [2] when ran on the clausified form of thee cut structure of the successor eventually constant schema. The existence of this derivation implies that the proof analysis method of [14] may be applied to the successor eventually constant schema. Unfortunately, the prover does not find the invariant discovered in [8], but this may have more to do with the choice of axioms rather than the statement being beyond the capabilities of the prover.  We can strengthen the successor eventually constant schema beyond the capabilities of [13] easily by adding a second parameter as follows: We refer to this problem as the m-successor eventually constant schema. Applying this transformation to the the eventually constant schema of [8] is not so trivial being that the axioms used to construct the proof do not easy generalize. However, for the successor eventually constant schema the generalization is trivial and is provided below: where suc 0 (x) = x. Furthermore, the cut formula can be trivial extended as follows: Given that the m-successor eventually constant schema contains two parameters it is beyond the capabilities of [13]. Interesting enough, the prover can find invariants for each value of m in terms of n, though, these invariant get impressively large quite quickly. The cut structure of the m-successor eventually constant schema by be extracted as an inductive definition of an unsatisfiable negation normal form formula. We provide this definition by rewrite rules below: O(n, m) ≡D(n, m) ∧ P (n, m) C(y, n, 0) ≡f (S(0, y)) = n C(y, n, s(m)) ≡f (S(s(m), y)) = n ∨ C(y, n, m) where a is some arbitrary constant. We will show how our new formalism can provide a finite representation of the refutations of inductive definition even though the refutation requires mutual recursion as well as multiple parameters (six in total) to state finitely.

Schematic Language
We work in a two-sorted version of classical first-order logic. The first sort we consider is ω, in which every ground term normalizes to a numeral, i.e. a term inductively constructable by N ⇒ s(N ) | 0, such that s(N ) = 0 and s(N ) = s(N ) → N = N . Natural numbers (N) will be denoted by lowercase Greek letters (α, β, γ, etc); The numeral s α 0, α ∈ N, will be written as α. The set of numerals is denoted by Num. Furthermore, the ω sort includes a countable set of variables N called parameters. We denote parameters by n, m, n 1 , n 2 , . . . , m 1 , m 2 , . . .. The set of parameters occurring in an expression E is denoted by N (E). The second sort, the ι-sort (individuals), is a standard first-order term language extended by defined function symbols. Defined function symbols, i.e. primitive recursively defined functions, are differentiated from standard function symbols by adding a·.
Variables of the ι-sort are what we refer to as global variables. Global variables are indexed by terms of the ω-sort and are of type ω α → ι for α ≥ 0. The set of global variables will be denoted by V G . Given a sequence of ω terms − → t of length α and a global variable X of type ω α → ι, we will refer to the ι terms X( − → t ) as V-terms over X. The set of individual variables V ι consists of objects of the form X( t is a tuple of numerals. Additionally we introduce V F , the set of formula variables of type o which aid the construction defined predicate symbols. For terms we consider the set of function symbols of type τ , F τ . The set of defined function symbols of type τ is denoted byF τ . The types τ are either of the form ω α → ω (for α ∈ ω) which we call numeric types or of type ι α → ι for α ≥ 0 which we call individual types. We distinguishF ω -the set of all defined function symbols of numeric type andF ι -the set of all defined function symbols of individual type. We define F ω = {0}, F ω→ω = {s}, and F τ = ∅ for α > 1. We leave the symbol sets of complex ω types empty so that normalization of a ground term always results in a numeral. For the same reason the only constants of type ω are 0 and s. Basic functions such as projections will be introduced as defined function symbols. For all other types τ the set F τ is infinite. This extends to the defined symbols of any type, i.e.F τ is infinite. For defined function symbols we make use of global variables: the types τ are (ω γ1 → ι)×. . .×(ω γα → ι)×ω β → ι for α ≥ 0 and γ i > 0 for i ∈ {1, . . . , α}. The symbols inF ω andF ι are partially ordered by <F where <F is irreflexive, transitive and Noetherian.
We define a similar signature for predicate symbols of type τ , where P τ i is the (infinite) set of predicate symbols of type τ ; the set of defined predicate symbols of type τ is denoted byP τ . For ordinary (α-ary) predicate symbols the types are ι α → o, for α ≥ 0 as usual. Like for defined function symbols we make use of global and context variables for defined predicate symbols: the types τ are The symbols inP are partially ordered by <P where <P is irreflexive, transitive and Noetherian.
For the term language we consider ω-terms of type ω and ι-terms of type ι. Both term sets are defined via function symbols and defined function symbols.

Definition 1 (ω-terms T ω ).
( The set T ω 0 denotes terms constructed using (1). Note that the set of parameterfree terms in T ω 0 is Num, the set of numerals. For every defined function symbolf ∈F ω there exists a set of defining equations D(f ) which expresses a primitive recursive definition off .

Definition 2 (defining equations for numeric function symbols).
For everyf ∈F ω ,f : ω α+1 → ω we define a set D(f ) consisting of two equations: We define D(F ω ) = {D(f ) |f ∈F ω }, which is the set of all defining equations in the numeric types.
for t B = n and t S = s(k). Then, obviously,f defines +.
The set of all parameter assigments is denoted by S.
Definition 4 (rewrite system R(F ω )). Letf ∈F ω . Then R(f ) is the set of the following rewrite rules obtained from D(f ): Proof. Straightforward: termination and confluence of R(F ω ) are well known. In particular0, s and R(F) define a language for computing the set of primitive recursive functions; in particular the recursions are well founded. A formal proof of termination requires double induction on <F and the value of the recursion parameter.

Definition 5 (the ι-terms T ι ). The set T ι is defined inductively as follows:
all constants of type ι are in T ι , -for all X : ω α → ι ∈ V ι , for α ≥ 0 and t 1 , · · · , t α ∈ T ω , X(t 1 , · · · , t α ) ∈ T ι , i.e. X(t 1 , · · · , t α ) is a V -term over X. The set of all V -terms is denoted by The set of all terms in T ι which contain no defined symbols and no parameters is denoted by T ι 0 . T ι 0 is a set of "ordinary" first-order terms. In the following definitions we will abbreviate sequences of ω-terms of length β by − → t β and sequences of instantiated global variablesf X 1 ( When dealing with uninstantiated global variables we just write − → X α .

Definition 6 (defining equations for ι-symbols). Letf
where Y : ι. For minimalf t B is a term of type ι such that V-terms are over the variables . . , n β } and t B contains no defined symbols fromF τ for nonnumeric types τ . For nonminimalf , t B may contain defined Like for the numeric terms we define D( While numeric terms evaluate to numerals under parameter assignments, terms in T ι evaluate to terms in T ι 0 , i.e. to ordinary first-order terms. Like for the terms in T ω the evaluation is defined via a rewrite system. Definition 7 (rewrite system R(F ι )). Letf ∈F ι . Then R(f ) is the set of the following rewrite rules obtained from D(f ): If a term s rewrites to t under R(F ι ) we write s → ι t.
Proof. That R(F ι ) is strongly normalizing and locally confluent can be shown in the same way as for R(F ω ).
To evaluate a term t ∈ T ι under σ ∈ S to a numeral we have to combine → ω and → ι .
Definition 8 (evaluation of T ι ). Let σ ∈ S and t ∈ T ι . We define σ(t)↓ ι : Under a parameter assignment every term in T ι evaluates to a first-order term: Proof. We proceed according to Definition 8.
By induction we may assume that for γ i ∈ N. According to Definition 7f ( − → X α ,γ 1 , . . . ,γ β ,0) rewrites to t B where t B is a term of type ι containing neither defined symbols nor parameters; so forf ∈F andf is not minimal in <F we have to add induction on <F with the base cases shown above.
When we write x 1 for X(1,1) and x 2 for X (1,0) and y for Y we get the term in the common form g(x 1 , g(x 2 , y)).
Substitutions on term schemata need to be schematic as well, particularly when we are interested in unification. We develop some formal tools below to describe such schemata.

Definition 10 (s-substitution). Let Θ be a finite set of pairs
Remark 2. Note that for pairs (X( − → s α ), t) occurring in substitutions we require that the components of − → s α are terms in T ω 0 . For these term tuples we have σ( − → s ) = σ( − → s )↓ ω , so there is no need to apply↓ ω after substitution.

Proposition 4. For all σ ∈ S and every s-substitution Θ, Θ[σ] is a (first-order) substitution.
Proof. It is enough to show that for all ( Example 5. The following is an s-substitution The application of an s-substitution Θ to terms in T ι is defined inductively on the complexity of term definitions as usual.
Definition 11. Let Θ be an s-substitution and σ a parameter assignment. We define tΘ[σ] for terms t ∈ T ι : ; Example 6. Let us consider the following defined function symbol: and the parameter assignment σ = {n ← 0, m ← s(0)}. Then the evaluation of the termĝ(X, n, m) by the s-substitution Θ from Example 5 proceeds as follows: The composition of s-substitutions is not trivial as, in general, there is no uniform representation of composition under varying parameter assignments.

Example 7.
Let Then, for σ ∈ S s.t. σ(n) = 0 we get On the other hand, for σ ∈ S with σ (n) = 1 we obtain Let σ(n) = σ(m) = 0 and σ (n) = 0, σ (m) = 1. Then The examples above suggest the following restrictions on s-substitutions with respect to composition. The first definition ensures that domain and range are variable-disjoint.
Example 8. The s-substitution in Example 5 is normal. The substitutions Θ 1 and Θ 2 in Example 7 are normal. Θ 1 in Example 7 is not normal.

Proposition 5. It is decidable whether a given s-substitution is normal.
Proof. Let Θ be an s-substitution. We search for equal global variables in dom(Θ) and in rg(Θ); if there are none then Θ is trivially normal. So let . This test uses ordinary first-order unification on terms in Example 7 shows also that normal s-substitutions cannot always be composed to an s-substitution; thus we need an additional condition.

Proposition 6. It is decidable whether, for two normal s-substitutions
Proof. Like in Proposition 5: by unfication tests on X( − → s ), X( − → t ) occurring in the sets under consideration.
Then the composition Θ 1 Θ 2 is defined as The following proposition shows that Θ 1 Θ 2 really represents composition.
Proof. Let Then Θ 1 Θ 2 is defined as We write The last substitution is just ( . We refer to t 1 , t 2 as s-unifiable if there exists an s-unifier of t 1 , t 2 . s-unifiability can be extended to more than two terms and to formula schemata (to be defined below) in an obvious way.
Notice that the s-substitution of Example 5 is an s-unifier of X 3 (0, m) and X 4 (0, m).

Definition 16. An s-unifier
Remark 3. It is easy to see that for any s- Formula schemata are defined in a way that also the number of variables in formulas can increase with the assignments of parameters. For this reason we use global variables in the definition.

Definition 17 (formula schemata (FS)).
We define the set FS inductively: The subset of FS not containing formula variables is denoted by FS 0 . The subset of FS containing no defined symbols at all and neither parameters nor numerals is denoted by F 0 . F 0 is a set of ordinary quantifier-free first-order formulas.

Definition 18 (defining equations for predicate symbols). For everyP
The evaluation of a formula F ∈ FS is denoted by↓ o and is defined inductively.
we distinguish two cases: Proof. If there are no defined predicate symbols in F then, obviously, σ(F )↓ o ∈ F 0 ; indeed, here only the cases (1),(2),(4) and (5) in Definition 19 apply. If there are defined predicate symbols we proceed by induction on <P and the induction parameter.
LetP be minimal in <P and let F =P ( AsP is minimal the formula F B does not contain defined predicate symbols and so σ( Note that F S itself does not contain defined predicate symbols; in F S we have the symbolP but withP ( . Therefore we proceed by induction on the value of σ(t β+1 ) and infer that also σ( IfP is not minimal the base case forP involves only smaller defined predicate symbols. So by induction on <P we get the desired result.
Example 9. Let a be a constant symbol of type ι, P ∈ P ι×ι→o ,f as in Example 3, Concerning the ordering we haveP <PQ. The defining equations forP andQ are:P It is easy to see that the schemaQ(X, Y, n, m) is unsatisfiable. We compute g(a))))).
Note that, for σ(n) =ᾱ the number of different variables in σ(Q(X, Y, n, m))↓ o is α + 2; so the number of variables increases with the parameter assignments.
Example 10. Let us now consider the schematic formula representation of the inductive definition extracted from the m-successor eventually constant schema presented in Section 2. This requires us to define four defined predicate symbolŝ Furthermore, these defined predicate symbols contain the symbols =, <∈ ω × ω → o, f, suc ∈ ω → ω, a : ω, and n, m ∈ N . We also require a defined function symbolŜ of type ω × ω → ω. Note that in this case the type ι is identical to ω. Using these symbols we can rewrite the inductive definition provided in Section 2 as follows:

The Resolution Calculus
The basis of our calculus for refuting formula schemata is a calculus for quantifierfree formulas RPL 0 which combines dynamic normalization rules (a la Andrews, see [1]) with the resolution rule. In contrast to [1] we do not restrict the resolution rule to atomic formulas. We denote as PL 0 the set of quantifier-free formulas in predicate logic; for simplicity we omit → and represent it by ¬ and ∨ in the usual way. Sequents are objects of the form Γ ∆ where Γ and ∆ are multisets of formulas in PL 0 .
The rules are elimination rules for the connectives and the resolution rule. For proving (2) we first derive the standard clause set C of F . Therefore, we apply the rules of RPL 0 to F , decomposing F into its subformulas, until we cannot apply any rule other than the resolution rule res. The last subformula obtained in this way is atomic and hence a clause. The standard clause set C of F is comprised of the clauses obtained in this way. As ∀F is unsatisfiable, its standard clause set is refutable by resolution. Thus, we apply res to the clauses and obtain . The whole derivation lies in RPL 0 .
We will extend RPL 0 by rules handling schematic formula definitions. But we have to consider another aspect as well: in inductive proofs the use of lemmas is vital, i.e. an ordinary refutational calculus (which has just a weak capacity of lemma generation) may fail to derive the desired invariant. To this aim we extend the calculus by adding some tautological sequent schemata which enrich RPL 0 (which only decomposes formulas) by the potential to derive more complex formulas. Note that our aim is to use the calculi in an interactive way and not fully automatic, which justifies this process of "anti-refinement".
In extending RPL 0 to a schematic calculus we have to replace unification by s-unification. Formally we have to define how s-substitutions are extended to formula schemata and sequent schemata.

Definition 22.
Let Θ be an s-substitution. We define F Θ for all F ∈ FS which do not contain formula variables.
for the elimination of defined symbols. For the introduction of defined symbols we invert the rules above: Moreover we add the following tautological sequent schemata (ξ 1 , ξ 2 are formula variables): For comfort we may add arbitrary tautological sequent schemata to increase the flexibility and the practical use of the calculus.
Remark 4. It is easy to see that the added tautology schemata together with the cut rule simulate the logical introduction rules for ∧, ∨, ¬. As res generalizes the cut rule this is possible also in RPL Ψ 0 . We could instead have added the introduction rules themselves which is logically equivalent. But note that adding additional tautology schemata (besides these defined above) increases the flexibility of rule specification via "macros".
The refutational completeness of RPL Ψ 0 is not as issue as already RPL 0 is refutationally complete. RPL Ψ 0 is also sound if the defining equations are considered.
Proof. The introduction and elimination rules for defined predicate symbols are sound with respect to D(P); the resolution rule (involving s-unification ) is sound with respect to D(F ω ) ∪ D(F ι ). In computing global unifiers we have to apply s-substitutions to proofs. However, not every s-substitution applied to a RPL Ψ 0 derivation results in a RPL Ψ 0 derivation again. Just assume that an s-unifier in a resolution is of the form then X 1 (s)Θ and X 2 (s )Θ are no longer unifiable and the resolution is blocked.  Proof. By renaming of variables in subproofs and in s-unfiers.

Proof. By induction on the number of inferences in .
Induction base: is an axiom. ∅ is a global s-unifier which trivially fulfils the properties.
For the induction step we distinguish two cases.
-The last rule in is unary. Then is of the form By induction hypothesis there exists a global substitution Θ which is a global unifier for such that Θ is normal and V G (Θ ) ⊆ V G ( ). We define Θ = Θ . Then, trivially, Θ is normal and a global unifier of . Moreover, by definition of the unary rules in As is a normal RPL Ψ 0 derivation the unifier Θ is normal. By regularity of By induction hypothesis there exist global normal unifiers Θ 1 , Θ 2 for 1 and 2 such that We show now that (Θ 1 , Θ) and (Θ 2 , Θ) are composable. As Θ 1 is normal we have for all σ ∈ S Similarly we obtain As Θ is normal and restricted we have for all σ ∈ S Therefore (Θ 1 , Θ) and (Θ 2 , Θ) are both composable. As Θ 1 , Θ 2 , Θ are normal so are Θ 1 Θ and Θ 2 Θ. As Θ 1 , Θ 2 are essentially disjoint we can define which is an instance of and a cut derivation (note that every instance of a cut derivation is a cut derivation as well). -is of the form where χ is a binary introduction rule.
As is a normal RPL Ψ 0 derivation all occurring s-unifiers in 1 and 2 are normal. By regularity of we have that V G ( 1 ) ∩ V G ( 2 ) = ∅.

and by definition of binary introduction rules in RPL
Example 11. We provide a simple RPL Ψ 0 refutation using the schematic formula constructed in Example 10. We will only cover the RPL Ψ 0 derivation of the base case and wait for the introduction of proof schemata to provide a full refutation. We abbreviate X 1 , · · · , X 5 by X.

A Scaffolding for Schematic Derivations
In this section we define a scaffolding which supports the construction of schematic derivations. These are sequences of proofs pieced together from derivations whose leaves may be non-axiomatic initial sequents. These non-axiomatic initial sequents match the end sequent of other derivations and when pieced together form a derivation containing axiomatic initial sequents only. Usually schematic derivations have a starting derivation which contains free parameters. By substituting these free parameters by natural numbers and propagating the substitutions we can construct a resolution derivation. Each one of these derivations can be thought of as a control mechanism which directs a flow of substitutions through a network of junctions. The nonaxiomatic initial sequents can be thought of as the junctions at which two flows connect. As one changes the substitutions one changes how the substitutions flow through the network of junctions and thus the final output proof. This analogy to network flow is precisely how our scaffolding should be interpreted. Together, a collection of coalescing flow controls describe what we refer to as a call graph which defines, finitistically, how the flow is controlled within a network of junctions. We will show how this flow control mechanism can be used to provide a semantic foundation for schematic RPL Ψ 0 derivations discussed later in this paper.

Flows over a Junction Network
Rather than defining our framework over individual terms of T ω , we instead consider m-tuples of terms which we refer to as points of length m. Points are divided into sets {(t 1 , · · · , t m ) | t 1 , · · · , t m ∈ T ω }, denoted by P m , containing all points of the same length. We refer to these sets as point spaces of length m. Additionally, we distinguish the subset {(t 1 , · · · , t m ) | t 1 , · · · , t m ∈ Num}, denoted by P m 0 . We refer to this subset of P m as the concrete point space of length m. Associated with P m 0 is a well founded total order ≺ m which orders points of length m.
We extend the ordering of ≺ m to P m by extending the evaluation procedure for T ω discussed in Section 3. Given a point v = (t 1 , · · · , t m ) ∈ P m and σ ∈ S, then σ(v)↓ ω = (σ(t 1 )↓ ω , · · · , σ(t m )↓ ω ) ∈ P m 0 . Now let S ⊆ S and v, v ∈ P m . Then v ≺ S m v iff for every σ ∈ S, σ(v)↓ ω ≺ m σ(v )↓ ω . Points are paired with a symbol from a countably infinite set ∆ to form junctions. However, not every pairing of symbol and point is desired, in particular each symbol should only be paired with points of a specific length. To enforce this restriction we introduce a so called arity function A ∆ : ∆ → N. Thus, if for some symbol δ ∈ ∆, A ∆ (δ) = m a well-formed junction would pair δ with a point of length m. We refer to junctions which are well-formed with respect to an arity function A ∆ as A ∆ -junctions. The set of all A ∆ -junctions will be referred to as an A ∆ -junction network J (A ∆ ).
Note that ≺ S m may be easily extended to junctions whose points come from the same point space, however, this leaves many junctions incomparable. Thus, we extend ≺ S m to ≺ S J (A ∆ ) as follows: Definition 30 (network order). Let (δ, p), (δ , q) ∈ J (A ∆ ) and S ⊆ S. Then . When possible, we use the simplified notation ≺ S .
Notice that ≺ S , for certain choices of arity function, is not well founded. While this is in general problematic for termination, we will only consider finite subsets of ∆ and thus infinite descending chains can be avoided.
Definition 31. Let S * be a partitioning of S into mutually disjoint sets and P A ∆ S * : S * → J (A ∆ ) an injective mapping from S * to finite subsets of J (A ∆ ). We refer to P A ∆ S * as a flow if the following conditions are met: . This junction is referred to as the source of the flow and will be denoted by Example 12. In order to illustrate the power of the flow formalism let us consider the flow: This flow is sourced from (δ, n), i.e. P A ∆ S * = (δ, n). Evaluation at {n ← s 3 (0)} implies finding the partition this assignment belongs to, in this case S 1 . Thus, Notice that (δ, p(n)) ≺ S1 (δ, n) when p(·) denotes the predecessor function.
This flow formalizes primitive recursion, however, without defining normalization this is not entirely obvious. In the following section we introduce call graphs which provide a normalization procedure as well as flow composition.

Definition 32. A flow P A ∆
S * is regular if j j ∈ P A ∆ S * (S) , S ∈ S * is finite. The set of all regular flows over a A ∆ -junction network is denoted by P (A ∆ ).
Frequently we may write P S * if the arity is not important.
While non-regular flows may be interesting in their own right, for this work we need only to consider regular flows being that they directly correspond to well-formed proof schemata.

Call Graphs
When multiple flows are defined within the same junction network their intersections provide a graph-like structure. A call graph is a special case of flow intersection where each junction occuring in a flow is the source of a flow.

Definition 33. A finite set of flows G over J (A ∆ ) is referred to as a call graph
if for every P S * 1 ∈ G, S ∈ S * , σ ∈ S, j ∈ P S * 1 there exists a unique P S * 2 ∈ G and θ ∈ S s.t. θ([P S * 2 ])↓ ω = σ(j)↓ ω . We write flow(j, σ) = P S * 2 and subst(j, σ) = θ. We refer to G as finite when |G| ∈ N. The set of all finite call graphs definable over a junction network J (A ∆ ) is denoted by G (A ∆ ).
When P S * (S) = {[P S * ]} for some S ∈ S * we refer to S as a sink of P S * . The sinks represent end points of the flow.
If we assume that ≺ 4 is the lexicographical order then P 1 and P 2 respect the network order and are flows. Furthermore, the component ({(δ , n, m, k, w)}, S 3 ) of P 2 denotes the sinks of P 2 being that it matches every substitution of S 3 with a singleton set of junctions.
Being that we have reached a sink at this point flow and Subst are only defined for the source of P 2 .

Call Graph Traces
Given a finite call graph G, a flow P ∈ G and a assignment σ ∈ S we may consider the σ-θ transition defined by the flow through the call graph from source to sinks. We refer to the tree of junctions, which is constructed as an assignment passes through the call graph towards the sinks, as the trace of σ at P in G. The main result of this section is that the trace of an assignment is always a finite tree.
Note that if we take any two adjacent junctions in the above sequence they form the set of junctions associated with the partition S 1 after evaluation by n ← s β (0) , for α ≥ β > 0. Looking back at Definition 33, and considering a pair of junctions from the above trace, say (δ, s β (0)) and (δ, s β−1 (0)), the above mentioned association with S 1 holds only when the assignment is n ← s β (0) , however Definition 33 also requires us to find an assignment and a flow such that (δ, s β−1 (0)) is the source of a flow under that assignment. This assignment would be n ← s β−1 (0) thus transitioning us from the pair (δ, s β (0)) and (δ, s β−1 (0)) to the pair (δ, s β−1 (0)) and (δ, s β−2 (0)).
Before formally defining call graph traces, let us consider a more complex example which has a tree shaped trace structure. Consider the call graph G = {P 1 , P 2 } where the flows are defined as follows: . This call graph illustrates nested primitive recursion and the trace of {n ← s α (0)} at P 1 in G is Notice that the trace of {n ← s α (0), m ← s α (0)} at P 2 in G is similar to the the traces of the call graph G = {P }. We now formally define call graph traces and the computation of a trace of σ at a flow P in a call graph G.

Definition 34 (A ∆ -trace). An A ∆ -trace is a pairing of an A ∆ -junction with a set of A ∆ -traces built using the following inductive definition:
is an A ∆ -trace. We will refer to the outermost junction in an A ∆ -trace as the root of the trace. flow(j, σ), subst(j, σ))

Example 14.
Consider the call graph defined in Example 13. The trace of {n ← 2} at P 1 in G or T (G, P 1 , {n ← 2}) results in the following computation: Now for the base case consider any sub-trace T of T (G, P S * , σ) rooted at a junction j whose symbol is in ∆ max , we show that T must be finite. By Definition 34 all junctions occurring in T below j must be smaller than j with respect to the network order. By Definition 30, there is a total well-ordering of the junctions occurring in T because the arity function maps all junctions occurring in T to the same value. Thus, none of the sub-traces of T (G, P S * , σ) rooted at a junction j whose symbol is in ∆ max can be infinite. Now for the induction hypothesis, let us consider the set B which contains the m of largest values of A. We assume that any sub-trace T of T (G, P S * , σ) rooted at a junction j whose symbol is in ∆(B) is finite. For the step case, we show that when B contains the m + 1 largest values of A any sub-trace T of T (G, P S * , σ) rooted at a junction j whose symbol is in ∆(B) is finite.
If every junction occurring in T has a symbol which the arity function maps to the same value as the symbol of j then, instead of the set B we can consider the subset of B, {A ∆ (j)}. The base case handles the situation when B only contains one element and thus T is finite.
If T contains a junction j whose symbol δ is mapped to a different value then the symbol of j then we may split B into two sets, namely Notice that the sub-trace T starting from j may only contain symbols from ∆(B high ) which contains less than m + 1 symbols and thus by the induction hypothesis T must be finite and finishes the proof of the step case. Notice that we have covered all possible sub-traces of T (G, P S * , σ) and have shown that they must be finite. This implies that T (G, P S * , σ) itself must be finite.
It is not obvious which functions beyond primitive recursion are representable by finite saturated call graphs, however it is quite obvious that limiting flows such that the all points occurring in the flow are primitive recursively computable from the source would result in call graphs which evaluate to primitive recursively bounded traces. It is shown in [16] (see Theorem 7.1.5. on page 120) that a primitive recursive bound is sufficient to imply the existence of a primitive recursive description and thus call graphs with the above flow restriction are limited to primitive recursion. To show equivalence to primitive recursion one just has to note that call graphs implement composition, and flows implement primitive recursion, the projections, and the basic functions. The difference between our formalism and primitive recursion is an increase in flexibility necessary for describing recursive refutations.

Schematic RPL Ψ 0 Derivations
To construct schematic RPL Ψ 0 derivations we need a countably infinite set of proof symbols which are used to label the individual proofs of a proof schema.
A particular proof schema uses a finite set of proof symbols ∆ * ⊂ ∆. Also, we need a concept of proof labels which are used to normalize RPL Ψ 0 derivations. Definition 36 (proof label). Let δ ∈ ∆ be a proof symbol and ϑ a parameter substitution. We refer to the object (δ, ϑ) as a proof label.
Example 15. Let us consider the RPL Ψ 0 derivations of Example 20. The labels are used to label sequents of derivation ρ 1 (δ 2 , X, n, m, w, k, r, q) We will need to locate particular sequents within a given RPL Ψ 0 derivation. Thus we assume that each sequent in an RPL Ψ 0 derivation π is given a unique position from a set of positions Λ π . By |π| λ we denote the sequent S occurring in π at position λ ∈ Λ π . Furthermore, let π * be an RPL Ψ 0 derivation whose end-sequent is |π| λ , then by π[π * ] λ we denote the RPL Ψ 0 derivation where the derivation starting at λ in π is replaced by π * . Also, by leaf (π) for an RPL Ψ 0 derivation π, we denote the set of labels associated with the leaves of π.

Definition 37 (labelled sequents and derivations). Let S be a sequent and
, may be a labeled sequent. By LAB(π), where π is a labeled RPL Ψ 0 derivation, we denote the set of all positions λ such that |π| λ is a labeled sequent. By Ax(π) we denote the set of positions leaf (π) \ LAB(π). Example 16. The following labeled sequents use the labels discussed in Example 15.
(δ 3 , {r ← p(r), q ← s(q)}) : F 4 (X, k, s(q)) f (Ŝ(Y (p(w), s(k)), s(q))) < s(k) sequents and labeled derivations can be used to link derivations together. We can group our RPL Ψ 0 derivations together based on a partitioning of the set of all parameter assignments and link these groups together by the proof labels.
We will refer to the parameter substitution ϑ as subst (D, δ, j, λ).
Furthermore, an RPL Ψ 0 schema is referred to as a schematic RPL Ψ 0 derivation if there exists a top symbol which we denote by δ 0 . If the proofs of D(δ 0 ) end with we refer to D as an RPL Ψ 0 refutation schema.
We consider only normal and regular RPL Ψ 0 derivations in the construction of an RPL Ψ 0 schema, and thus only consider normal and regular RPL Ψ 0 schema. Definition 39. Let D be a RPL Ψ 0 schema. If all derivations ρ j (δ, X, t) occurring for any proof symbol δ in D are normal and regular RPL Ψ 0 derivations, we say that D is a normal and regular RPL Ψ 0 schema.
Nesting join applications is essential for defining evaluation of RPL Ψ 0 schemata.
Definition 41 (evaluation of RPL Ψ 0 schemata). Let D be a normal and regular RPL Ψ 0 schema, σ ∈ S, and δ a proof symbol of D. Then the evaluation of D at δ by σ, denoted by N (D, δ, σ), is as follows: Let D(δ) be ((ρ 1 (δ, X, n) S(δ, X, n)), and σ ∈ S i , for 1 ≤ i ≤ k δ . Then one of the following cases must hold: δ, X, n) δ, X, n) δ, X, n) Note that Definition 45 does not ensure termination of the the proof evaluation procedure, nor does it guaranteed an RPL 0 derivation as a result. To ensure termination one has to provide a call schematics, i.e. the call graphs constructed in Section 5, which guarantee termination. This so called call semantics is a mapping from the junctions of the flows occurring in a call graph to the labels occurring in the derivations of an RPL Ψ 0 schema. Definition 42. Let D(δ) be as defined in Definition 38 and C ∈ P (A ∆ ). We say that C |= D(δ) if for every σ ∈ S, there exists a unique i ∈ {1, · · · , k δ } s.t. (ρ i (δ, X, n), S i ) ∈ D(δ), σ ∈ S i and the following holds: Now we can connect call graphs to RPL Ψ 0 schemata. Definition 43. Let D be a RPL Ψ 0 refutation schema defined over the symbols ∆ * ⊂ ∆ and G ∈ G (A ∆ ). We say that G |= D if for each C ∈ G there exists a unique δ ∈ ∆ * s.t. C |= D(δ) and |∆ * | = |G|. D is said to be well-formed. For normal, regular RPL Ψ 0 schemata we can define a unification schema albeit with additional structure. While RPL Ψ 0 derivations can easily be amended with the addition of labels which aid evaluation, this cannot be easily done to s-unifiers. Instead we need to add placeholder unifiers which are replaced by s-unifiers during evaluation. unification schemata do not easily allow for the structure necessary for aiding evaluation and composition of recursively defined unifiers. Thus, (X, n)).

Well-formed RPL
Example 20. Below is the complete refutation schema for the schematic formula provided in Example 10. Note that we abbreviate X 1 , · · · , X 5 by X. Furthermore the definition ofF 5 requires 5 global variables with two arguments and one global variable Y with a single argument. However, in the derivations below we need Y to be two place. We allow replacement of the variable Y by a two place variable. This is essentially a variable renaming. Let The refutation provided in Example 11 is ρ 4 (δ 0 , X, Y, n, m). The other three derivations are as follows: where µ = {Y (n, 0) ← a}. X, Y, n, m, w, k, r, 0), X, Y, n, m, w, k, r, 0),

Implementation and Experiments with GradedStrictMonotoneSequenceSchema
In this section we will discuss our implementations and some experiments using the example GradedStrictMonotoneSequenceSchema. The underlying system of our implementations is Gapt 1 (General Architecture for Proof Theory) [11], which is a framework for implementing proof transformations and provides numerous algorithms for the analysis, transformation, and construction of proofs in various formal calculi. Gapt is implemented in Scala and licensed under the GNU General Public License. The software is available under https://logic.at/gapt. Gapt initially started as an implementation of the CERES method. The system which provided the foundational architecture for the current version of Gapt was developed for the analysis of Fürstenberg's proof of the infinitude of primes [4]. Gapt also provides an interface for importing proofs from most major theorem provers and exporting proofs and other structures in TPTP format. For information on how to install and use the system Gapt we refer to the Gapt User Manual 2 . Gapt opens in a Scala interactive shell (scala>) which can be used to run all the commands provided by the system.
In the examples directory of Gapt one can find several example proof schemata, as the proof schema discussed in Example 20. In Gapt we refer to this proof schema as GradedStrictMonotoneSequenceSchema . s c a l a . From the Scala interactive shell one can load examples by importing the objects. For instance, the GradedStrictMonotoneSequenceSchema can be imported with the following command: scala> import examples.GradedStrictMonotoneSequenceSchema For many applications we will also need to import the context of the proof schema: scala> import examples.GradedStrictMonotoneSequenceSchema.ctx To display the base case proof and the step case proof of the proof schema GradedStrictMonotoneSequenceSchema, we have to access omegaBc and omegaSc and output them in prooftool, which is a viewer for proofs and other elements also implemented in Gapt [9]. The sequence of commands scala> val base = GradedStrictMonotoneSequenceSchema.omegaBc scala> prooftool( base ) stores the base case proof omegaBc in b a s e and outputs the derivation in prooftool, see Figure 4. Similarly, with the sequence of commands below we can Note that to obtain the proof schema from Example 20 we have to instantiate the parameter k with 0. In fact, we can instantiate the proof schema GradedStrictMonotoneSequenceSchema with an arbitrary value for parameters n and m (having k fixed). The sequence of commands below instantiates the proof schema with the value n = 2 and m = 1. scala> val proof1 = instantiateProof.Instantiate( le"omega (s (s 0)) 0 (s 0) " ) scala> prooftool( proof1 ) Note that for this command it is important to import the context c t x of GradedStrictMonotoneSequenceSchema as well! We will not show the output of prooftool here, as the proof is too large to be displayed. Instead, we will output the so-called sunburst view of the proof. The sunburst view is accessible via prooftool and was introduced to obtain a means of displaying very large proofs. It can be interpreted as a structure which can be unrolled to a proof in tree-like structure. Indeed, the point in the middle of the sunburst corresponds to the end-sequent of a proof in tree-like structure. The different colors represent different types of inferences. Cut rules are displayed in green, structural rules and axioms are displayed in gray, the orange parts correspond to unary logical rules, the yellow ones to binary logical rules, strong quantifier rules are displayed in red and weak quantifier rules in blue. The sunburst of p r o o f 1 is illustrated in Figure 6. The sunburst view of the instantiated proof schema for n = 4 and m = 3 is displayed in Figure 7, we obtain it with the sequence of commands below.
scala> val proof2 = instantiateProof.Instantiate( le"omega (s (s (s (s 0)))) 0 (s (s (s 0))) " ) scala> prooftool( proof2 ) Instantiated proof schemata are essentially LK-proofs extended with an equational theory and thus, any of the proof analytic tools and methods of Gapt can be applied. The command scala> val cs = CharacteristicClauseSet(StructCreators.extract( proof2)) constructs an instance of the clause representation of the characteristic NNF formula (the running example in this work). It can be also displayed in prooftool. It is also possible to construct a resolution refutation from c s using the command  scala> val res = SPASS.extendToManySortedViaErasure.getResolution Proof( cs ) scala> prooftool( res ) The output is illustrated in Figure 8. Moreover, we can extract an expansion proof from the resolution refutation and output it in prooftool with the sequence of commands below. scala> val ep = ResolutionToExpansionProof( res.get ) scala> prooftool( ep ) The output in prooftool is illustrated in Figure 9. There are also tools specifically designed for uninstantiated proof schemata. One of the most interesting benefits of the interactive features of Gapt is the representation of the cut-structure of a proof schema as an inductive definition. The sequence of commands scala> val SCS = SchematicStruct( "omega" ).getOrElse( Map() ) stores the S c h e m a t i c S t r u c t in SCS. Given its type it is not possible to display it in prooftool. With the code

CharFormPRP.PR( CFPRN )
the schematic characteristic formula is stored in CFPRP and the primitive recursive definitions of the formula is constructed with CharFormPRP .PR( CFPRP ) .

Future Work and Applications
The initial intention of this research was to develop a schematic resolution calculus and thus allowing interactive proof analysis using CERES-like methods [3] in the presence of induction. More precisely, the resolution calculus introduced in this work will provide the basis for a schematic CERES method more expressive than the methods proposed in [10,14]. As already indicated, the key to proof analysis using CERES lies in the fact that it provides a bridge between automated deduction and proof theory. In the schematic setting a bridge has been provided [10,14], and the formalism presented here provides a setting to study automated theorem proving for schematic first-order logic. Our recursive semantics (Section 5) separates local resolution derivations from the global "shape" of the refutation, an essential characteristic of induction. While constructing a recursive resolution refutation for a recursive unsatisfiable formula is incomplete, it is not clear whether the problem remains incomplete when the call graph is fixed. In other words, we may instead ask: "Is providing a recursive resolution refutation, with respect to a given call graph, for recursive formulas complete?" The answer to this question is not so clear in that it depends on the resolution calculus itself as well as the associated unification problem. Both concepts are developed in this paper.
Concerning the resolution calculus presented in Section 4, both the Andrew's calculus-like sequent rules and the introduction of global variables provide the necessary extensions to resolution accommodating the recursive nature of our formula. The unification problem discussed in Section 3 has not been addressed so far, and furthermore it may have interesting decidable fragments impacting schematic proof analysis as well as other fields.
Overall, the avenues we leave for future investigations provide ample opportunities for studying schematic theorem proving.