Fix handling of eigenvariables in the code

v-- · v-- · commit 2b9f2ba2fd5a · 2025-11-08T00:07:56.000+02:00
diff --git a/src/notebook/math/logic/deduction/proof_tree.py b/src/notebook/math/logic/deduction/proof_tree.py
@@ -8,6 +8,7 @@
     InferenceTreeRenderer,
     RuleApplicationRenderer,
 )
+from ....support.unicode import to_superscript
 from ..formulas import Formula, FormulaWithSubstitution
 from ..instantiation import (
     FormalLogicSchemaInstantiation,
@@ -204,11 +205,11 @@ def get_assumption_map(self) -> Mapping[Marker, Formula]:
 
     def get_marker_context(self) -> Iterable[Marker]:
         return sorted(
-            (marker for marker, formula in self._filter_assumptions(discharged_at_current_step=True)),
+            {marker for marker, formula in self._filter_assumptions(discharged_at_current_step=True)},
             key=str
         )
 
-    def _iter_free_eigenvariables(self) -> Iterable[Eigenvariable]:
+    def _iter_dischargeable_eigenvariables(self) -> Iterable[Eigenvariable]:
         for rule_premise, application_premise in zip(self.rule.premises, self.premises, strict=True):
             free = application_premise.tree.get_free_variables()
 
@@ -219,7 +220,7 @@ def _iter_free_eigenvariables(self) -> Iterable[Eigenvariable]:
                 yield eigen
 
     def get_eigenvariable_context(self) -> Iterable[Eigenvariable]:
-        return sorted(set(self._iter_free_eigenvariables()), key=str)
+        return sorted(set(self._iter_dischargeable_eigenvariables()), key=str)
 
     @override
     def build_renderer(self, *, conclusion: FormulaWithSubstitution | None = None) -> RuleApplicationRenderer:
@@ -233,7 +234,7 @@ def build_renderer(self, *, conclusion: FormulaWithSubstitution | None = None) -
 
         return RuleApplicationRenderer(
             line,
-            [str(marker) for marker in self.get_marker_context()] + [eigen.with_star() for eigen in self.get_eigenvariable_context()],
+            [str(marker) for marker in self.get_marker_context()],
             self.rule.name,
             [premise.build_renderer() for premise in self.premises]
         )
@@ -281,7 +282,7 @@ def apply(  # noqa: C901
         # Check if there is an eigenvariable in the main formula
         if eigen := get_main_eigenvariable(rule_premise, application_premise):
             if eigen.is_renamed() and eigen.var in get_free_variables(eigen.formula):
-                raise RuleApplicationError(f'The renamed eigenvariable {eigen.get_sub()} of the premise {eigen.formula} cannot be free in it')
+                raise RuleApplicationError(f'The renamed eigenvariable {eigen.get_sub()} of the premise conclusion {eigen.formula} cannot be free in it')
 
             if eigen.var in application_premise.tree.get_free_variables():
                 raise RuleApplicationError(f'The eigenvariable {eigen} cannot be free in the derivation of {application_premise.tree.conclusion}')
@@ -293,13 +294,16 @@ def apply(  # noqa: C901
             # Check if there is an eigenvariable in the discharge formula
             if eigen := get_discharge_eigenvariable(rule_premise, application_premise):
                 if eigen.is_renamed() and eigen.var in get_free_variables(eigen.formula):
-                    raise RuleApplicationError(f'The renamed discharge formula eigenvariable {eigen} cannot be free in {eigen.formula}')
+                    raise RuleApplicationError(f'The renamed eigenvariable {eigen.get_sub()} of the dischargeable formula {eigen.formula} cannot be free in it')
 
-                if eigen in application_premise.tree.get_free_variables():
-                    raise RuleApplicationError(f'The eigenvariable {eigen} for the discharge formula {application_premise.discharge} cannot be free in it')
+                if any(mvar.var == eigen.var and mvar.marker != application_premise.marker for mvar in application_premise.tree.get_marked_free_variables()):
+                    if application_premise.marker:
+                        raise RuleApplicationError(f'The eigenvariable {eigen} cannot be free in the derivation of {application_premise.tree.conclusion}, except possibly in [{application_premise.discharge}]{to_superscript(str(application_premise.marker))}')
 
-                if eigen in get_free_variables(evaluate_substitution_spec(application_premise.tree.conclusion)):
-                    raise RuleApplicationError(f'The discharge formula eigenvariable {eigen} cannot be free in the conclusion {application_premise.tree.conclusion} of the premise')
+                    raise RuleApplicationError(f'The eigenvariable {eigen} cannot be free in the derivation of {application_premise.tree.conclusion}')
+
+                if eigen.var in get_free_variables(evaluate_substitution_spec(application_premise.tree.conclusion)):
+                    raise RuleApplicationError(f'The discharge formula eigenvariable {eigen} cannot be free in the conclusion {application_premise.tree.conclusion} of premise number {i}')
 
             # Update instantiation
             instantiation |= infer_instantiation_from_formula_substitution_spec(
diff --git a/src/notebook/math/logic/deduction/test_proof_tree.py b/src/notebook/math/logic/deduction/test_proof_tree.py
@@ -117,6 +117,7 @@ def test_efq() -> None:
     )
 
 
+# thm:minimal_implicational_logic_axioms_nd_proof
 def test_implication_distributivity_axiom_tree() -> None:
     tree = apply(
         CLASSICAL_NATURAL_DEDUCTION_SYSTEM['→₊'],
@@ -170,6 +171,29 @@ def test_implication_distributivity_axiom_tree() -> None:
     )
 
 
+# inf:thm:propositional_admissible_rules/self_biconditional
+def test_self_biconditional() -> None:
+    premise = prop_premise(
+        marker='u',
+        discharge='p',
+        tree=prop_assume('p', 'u')
+    )
+
+    tree = apply(
+        CLASSICAL_NATURAL_DEDUCTION_SYSTEM['↔₊'],
+        premise,
+        premise
+    )
+
+    assert str_assumptions(tree) == {}
+    assert str(tree) == dedent('''\
+          [p]ᵘ    [p]ᵘ
+        u ____________ ↔₊
+            (p ↔ p)
+        '''
+    )
+
+
 def test_invalid_application_arity() -> None:
     with pytest.raises(RuleApplicationError, match='The rule ∧₊ has 2 premises, but the application has 1'):
         apply(
@@ -380,7 +404,7 @@ def test_forall_negation(dummy_signature: FormalLogicSignature) -> None:
 
 
 def test_forall_introduction_eigenvariable_failure_free_in_self(dummy_signature: FormalLogicSignature) -> None:
-    with pytest.raises(RuleApplicationError, match=re.escape('The renamed eigenvariable x ↦ y of the premise p₂(x, y) cannot be free in it')):
+    with pytest.raises(RuleApplicationError, match=re.escape('The renamed eigenvariable x ↦ y of the premise conclusion p₂(x, y) cannot be free in it')):
         apply(
             CLASSICAL_NATURAL_DEDUCTION_SYSTEM['∀₊'],
             premise(
@@ -409,7 +433,7 @@ def test_forall_introduction_eigenvariable_failure_free_in_derivation(dummy_sign
 
 def test_exists_elimination(dummy_signature: FormalLogicSignature) -> None:
     u = parse_formula('∃x.p₁(x)', dummy_signature)
-    v = parse_formula('(p₁(y) → q₁(f₀))', dummy_signature)
+    v = parse_formula('∀y.(p₁(y) → q₁(f₀))', dummy_signature)
     w = parse_formula('p₁(y)', dummy_signature)
 
     tree = apply(
@@ -418,20 +442,113 @@ def test_exists_elimination(dummy_signature: FormalLogicSignature) -> None:
         premise(
             tree=apply(
                 CLASSICAL_NATURAL_DEDUCTION_SYSTEM['→₋'],
-                assume(v, parse_marker('v')),
+                apply(
+                    CLASSICAL_NATURAL_DEDUCTION_SYSTEM['∀₋'],
+                    assume(v, parse_marker('v')),
+                    conclusion_sub=parse_term_substitution_spec('y ↦ y')
+                ),
                 assume(w, parse_marker('w')),  # We avoid discharging w here
             ),
             discharge=parse_formula_with_substitution('p₁(x)[x ↦ y]', dummy_signature),  # So that we can discharge it here
             marker=parse_marker('w')
         ),
     )
 
-    assert str_free_variables(tree) == set()
     assert str(tree) == dedent('''\
-                             [(p₁(y) → q₁(f₀))]ᵛ    [p₁(y)]ʷ
-                             _______________________________ →₋
-              [∃x.p₁(x)]ᵘ                q₁(f₀)
-        w, y* ______________________________________________ ∃₋
-                                  q₁(f₀)
+                         [∀y.(p₁(y) → q₁(f₀))]ᵛ
+                         ______________________ ∀₋
+                            (p₁(y) → q₁(f₀))          [p₁(y)]ʷ
+                         _____________________________________ →₋
+          [∃x.p₁(x)]ᵘ                   q₁(f₀)
+        w ____________________________________________________ ∃₋
+                                 q₁(f₀)
         '''
     )
+
+
+def test_simple_invalid_exists_elimination(dummy_signature: FormalLogicSignature) -> None:
+    u = parse_formula('∃x.p₁(x)', dummy_signature)
+    v = parse_formula('p₁(y)', dummy_signature)
+
+    # If not for its invalidity, the tree would look as follows:
+    #
+    #   [∃x.p₁(x)]ᵘ    [p₁(y)]ᵛ
+    # v _______________________ ∃₋
+    #            p₁(y)
+
+    with pytest.raises(RuleApplicationError, match=re.escape('The discharge formula eigenvariable y cannot be free in the conclusion p₁(y) of premise number 2')):
+        apply(
+            CLASSICAL_NATURAL_DEDUCTION_SYSTEM['∃₋'],
+            assume(u, parse_marker('u')),
+            premise(
+                tree=assume(v, parse_marker('v')),
+                discharge=parse_formula_with_substitution('p₁(x)[x ↦ y]', dummy_signature),  # So that we can discharge it here
+                marker=parse_marker('v')
+            ),
+        )
+
+
+def test_invalid_exists_elimination_with_leftover_variable(dummy_signature: FormalLogicSignature) -> None:
+    # A variation of test_exists_elimination with the constant f₀ replaced by the variable y
+    u = parse_formula('∃x.p₁(x)', dummy_signature)
+    v = parse_formula('∀y.(p₁(y) → q₁(y))', dummy_signature)
+    w = parse_formula('p₁(y)', dummy_signature)
+
+    # If not for its invalidity, the tree would look as follows:
+    #
+    #                  [∀y.(p₁(y) → q₁(y))]ᵛ
+    #                  _____________________ ∀₋
+    #                     (p₁(y) → q₁(y))          [p₁(y)]ʷ
+    #                  ____________________________________ →₋
+    #   [∃x.p₁(x)]ᵘ                   q₁(y)
+    # w ___________________________________________________ ∃₋
+    #                          q₁(y)
+
+    with pytest.raises(RuleApplicationError, match=re.escape('The discharge formula eigenvariable y cannot be free in the conclusion q₁(y) of premise number 2')):
+        apply(
+            CLASSICAL_NATURAL_DEDUCTION_SYSTEM['∃₋'],
+            assume(u, parse_marker('u')),
+            premise(
+                tree=apply(
+                    CLASSICAL_NATURAL_DEDUCTION_SYSTEM['→₋'],
+                    apply(
+                        CLASSICAL_NATURAL_DEDUCTION_SYSTEM['∀₋'],
+                        assume(v, parse_marker('v')),
+                        conclusion_sub=parse_term_substitution_spec('y ↦ y')
+                    ),
+                    assume(w, parse_marker('w')),  # We avoid discharging w here
+                ),
+                discharge=parse_formula_with_substitution('p₁(x)[x ↦ y]', dummy_signature),  # So that we can discharge it here
+                marker=parse_marker('w')
+            ),
+        )
+
+
+def test_invalid_exists_elimination_with_imprecise_quantification(dummy_signature: FormalLogicSignature) -> None:
+    # A variation of test_exists_elimination without universal quantification
+    u = parse_formula('∃x.p₁(x)', dummy_signature)
+    v = parse_formula('(p₁(y) → q₁(f₀))', dummy_signature)
+    w = parse_formula('p₁(y)', dummy_signature)
+
+    # If not for its invalidity, the tree would look as follows:
+    #
+    #                  [(p₁(y) → q₁(f₀))]ᵛ    [p₁(y)]ʷ
+    #                  _______________________________ →₋
+    #   [∃x.p₁(x)]ᵘ                q₁(f₀)
+    # w ______________________________________________ ∃₋
+    #                       q₁(f₀)
+
+    with pytest.raises(RuleApplicationError, match=re.escape('The eigenvariable y cannot be free in the derivation of q₁(f₀), except possibly in [p₁(x)[x ↦ y]]ʷ')):
+        apply(
+            CLASSICAL_NATURAL_DEDUCTION_SYSTEM['∃₋'],
+            assume(u, parse_marker('u')),
+            premise(
+                tree=apply(
+                    CLASSICAL_NATURAL_DEDUCTION_SYSTEM['→₋'],
+                    assume(v, parse_marker('v')),
+                    assume(w, parse_marker('w')),  # We avoid discharging w here
+                ),
+                discharge=parse_formula_with_substitution('p₁(x)[x ↦ y]', dummy_signature),  # So that we can discharge it here
+                marker=parse_marker('w')
+            ),
+        )
diff --git a/src/notebook/math/logic/substitution/__init__.py b/src/notebook/math/logic/substitution/__init__.py
@@ -1,2 +1,2 @@
-from .formula_visitor import evaluate_substitution_spec, substitute_in_formula
+from .formula_visitor import evaluate_substitution_spec, substitute_in_formula, unwrap_substitution_spec
 from .term_visitor import substitute_in_term
diff --git a/src/notebook/math/logic/substitution/formula_visitor.py b/src/notebook/math/logic/substitution/formula_visitor.py
@@ -59,3 +59,10 @@ def evaluate_substitution_spec(spec: FormulaWithSubstitution) -> Formula:
         return spec.formula
 
     return substitute_in_formula(spec.formula, spec.sub.src, spec.sub.dest)
+
+
+def unwrap_substitution_spec(spec: FormulaWithSubstitution) -> Formula:
+    if spec.sub is None:
+        return spec.formula
+
+    return spec.formula
diff --git a/text/higher_order_logic.tex b/text/higher_order_logic.tex
@@ -618,7 +618,7 @@ \section{Higher-order logic}\label{sec:higher_order_logic}
     \begin{itemize}
       \item Its type context \( T_P \) is the implicit context of \( \varphi \).
       \item Its free variable set \( F_P \) is the set of free variables of \( \varphi \):
-      \begin{equation}\label{eq:def:hol_natural_deduction_proof_tree/assumption/eigenvariables}
+      \begin{equation}\label{eq:def:hol_natural_deduction_proof_tree/assumption/free_variables}
         F_P \coloneqq \op*{Free}(\varphi).
       \end{equation}
     \end{itemize}
@@ -627,7 +627,7 @@ \section{Higher-order logic}\label{sec:higher_order_logic}
     \begin{itemize}
       \item Its type context \( T_P \) is the union of the contexts \( T_{P_1}, \ldots, T_{P_n} \) of the premises.
       \item Its free variable set \( F_P \) is more complicated:
-      \begin{equation}\label{eq:def:hol_natural_deduction_proof_tree/application/eigenvariables}
+      \begin{equation}\label{eq:def:hol_natural_deduction_proof_tree/application/free_variables}
         F_P \coloneqq \bigcup_{i=1}^n \set{ (v: m) \in F_{P_i} \given m \not\in D \T{and} v \not\in E },
       \end{equation}
       where
@@ -645,7 +645,7 @@ \section{Higher-order logic}\label{sec:higher_order_logic}
   \end{thmenum}
 \end{definition}
 \begin{comments}
-  \item The details of how we define the set of free variables is based on the analogous considerations for first-order logic from \cite[37]{TroelstraSchwichtenberg2000BasicProofTheory}.
+  \item The details of how we define the set of free variables is based on the analogous considerations for first-order logic from \cite[37]{TroelstraSchwichtenberg2000BasicProofTheory}, also implemented programmatically in the module \identifier{math.logic.deduction.proof_tree} in \cite{notebook:code}.
 
   The type context is only here for compatibility with our peculiar definition of logical formulas.
 \end{comments}

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-from .formula_visitor import evaluate_substitution_spec, substitute_in_formula`
	`1`	`+from .formula_visitor import evaluate_substitution_spec, substitute_in_formula, unwrap_substitution_spec`
`2`	`2`	`from .term_visitor import substitute_in_term`