Sequent calculus proof systems for inductive definitions James Brotherston Doctor of Philosophy Laboratory for Foundations of Computer Science School of Informatics University of Edinburgh 2006 Abstract Inductive definitions are the most natural means by which to represent many families of struc- tures occurring in mathematics and computer science, and their corresponding induction / re- cursion principles provide the fundamental proof techniques by which to reason about such families. This thesis studies formal proof systems for inductive definitions, as needed, e.g., for inductive proof support in automated theorem proving tools. The systems are formulated as sequent calculi for classical first-order logic extended with a framework for (mutual) inductive definitions. The default approach to reasoning with inductive definitions is to formulate the induction principles of the inductively defined relations as suitable inference rules or axioms, which are incorporated into the reasoning framework of choice. Our first system LKID adopts this direct approach to inductive proof, with the induction rules formulated as rules for introducing atomic formulas involving inductively defined predicates on the left of sequents. We show this system to be sound and cut-free complete with respect to a natural class of Henkin models. As a corollary, we obtain cut-admissibility for LKID. The well-known method of infinite descent `ala Fermat, which exploits the fact that there are no infinite descending chains of elements of well-ordered sets, provides an alternative approach to reasoning with inductively defined relations. Our second proof system LKIDω formalises this approach. In this system, the left-introduction rules for formulas involving inductively defined predicates are not induction rules but simple case distinction rules, and an infinitary, global soundness condition on proof trees — formulated in terms of “traces” on infinite paths in the tree — is required to ensure soundness. This condition essentially ensures that, for every infinite branch in the proof, there is an inductive definition that is unfolded infinitely often along the branch. By an infinite descent argument based upon the well-foundedness of inductive definitions, the infinite branches of the proof can thus be disregarded, whence the remaining portion of proof is well-founded and hence sound. We show this system to be cut- free complete with respect to standard models, and again infer the admissibility of cut. The infinitary system LKIDω is unsuitable for formal reasoning. However, it has a natural restriction to proofs given by regular trees, i.e. to those proofs representable by finite graphs. This restricted “cyclic” proof system, CLKIDω, is suitable for formal reasoning since proofs have finite representations and the soundness condition on proofs is thus decidable. We show how the formulation of our systems LKIDω and CLKIDω can be generalised to obtain soundness conditions for a general class of infinite proof systems and their correspond- ing cyclic restrictions. We provide machinery for manipulating and analysing the structure of proofs in these essentially arbitrary cyclic systems, based primarily on viewing them as gen- erating regular infinite trees, and we show that any proof can be converted into an equivalent proof with a restricted cycle structure. For proofs in this “cycle normal form”, a finitary, lo- i calised soundness condition exists that is strictly stronger than the general, infinitary soundness condition, but provides more explicit information about the proof. Finally, returning to the specific setting of our systems for inductive definitions, we show that any LKID proof can be transformed into a CLKIDω proof (that, in fact, satisfies the finitary soundness condition). We conjecture that the two systems are in fact equivalent, i.e. that proof by induction is equivalent to regular proof by infinite descent. ii Acknowledgements I owe a debt of thanks — and in some cases, money — to several people and organisations without whom this thesis would not exist. First, and foremost, I should like to extend my sincerest gratitude and respect to my super- visor, Alex Simpson. Alex contributed technical advice, ideas, references, culture, detailed and constructive feedback, and personal support, and generally taught me an awful lot about how to be a researcher. It’s a real privilege to have been his student, and I can only hope that some of his insight and critical ability turns out to have rubbed off on me. I should also like to thank my second supervisor Alan Smaill, and Alberto Momigliano who acted as my second supervisor while Alan was on sabbatical for a year. I am also grateful to my PhD advisory panel, which consisted of the two aforementioned gentlemen and also Alan Bundy, for providing useful annual feedback on my overall progress. I would like to especially thank Ren´eVestergaard for introducing me to academic research in the first place, as well as hosting me on a visit to JAIST in October 2004, and offering many useful pieces of advice during our acquaintance. I’m also indebted to colleagues and those in the academic community who offered helpful discussions, references and advice including (but probably not limited to) Lucas Dixon, Ross Duncan, Peter Dybjer, Roy Dyckhoff, Jeremy Gow, Geoff Hamilton, Conor McBride, Dale Miller, Sara Negri, Claus Peter-Wirth, Frank Pfenning, and Christoph Sprenger, as well as those mentioned previously. This PhD was made possible in the first place by the LFCS in the School of Informatics — who hosted me and provided a first-class research environment, as well as office space and logistical support — and by EPSRC, who funded the first three years of the work through an EPSRC PhD studentship. For the period thereafter, I would like to extend my gratitude to the the University of Edinburgh Hardship Fund (a charitable organisation), who were able to provide help when it was most needed, and to the generous people who fed me and bought me drinks. The figures appearing in this thesis were produced with Paul Gastin’s gastex package (for LaTeX), and the sequent calculus proofs were produced using Paul Taylor’s prooftree package. Both are excellent, as is the WinEdt program I used for editing the thesis. I would like to sincerely thank my friends and family for all their support, particularly during the long and fraught writing-up period. By writing a long list I run the very real risk of accidentally leaving someone out, so I will simply say that you all know who you are: thank you and I’ll buy you a beer. Having said that, there is nevertheless one very special person who deserves a proper men- tion. Jennie Fraser has been doing her utmost to keep me sane and solvent for the last couple of years, and I can’t thank her enough for all her love and support, except perhaps by offering all mine in return. Thank you, Jennie. iii Declaration I declare that this thesis was composed by myself, that the work contained herein is my own except where explicitly stated otherwise in the text, and that this work has not been submitted for any other degree or professional qualification except as specified. (James Brotherston) iv Table of Contents 1 Introduction 1 1.1 Overview ..................................... 1 1.2 Mathematical induction . ... 2 1.3 Infinitedescent .................................. 6 1.4 Ourapproach ................................... 9 1.5 Synopsis...................................... 12 2 First-order logic with inductive definitions (FOLID) 15 2.1 First-order logic with equality . ...... 16 2.2 Inductive definitions and standard semantics for FOLID ............. 20 2.3 Henkin semantics for FOLID ........................... 26 3 LKID: a proof system for explicit induction in FOLID 36 3.1 Sequent calculus proof rules for FOLID ..................... 37 3.2 HenkinsoundnessofLKID. 44 3.3 Cut-free Henkin completeness of LKID . ..... 51 3.4 LKID, second-order logic, and Peano arithmetic . .......... 65 3.4.1 Embedding LKID in L2K ........................ 65 3.4.2 LKIDandPeanoarithmetic . 69 ω 4 LKID : a proof system for infinite descent in FOLID 72 4.1 Sequent calculus proof rules for LKIDω ..................... 73 4.2 Infinite proofs in LKIDω ............................. 77 4.2.1 Generalised trace-based infinite proof systems . ......... 81 4.3 Cut-free completeness of LKIDω ......................... 83 5 Cyclic proofs in trace-based infinitary proof systems 94 5.1 The cyclic restriction of a trace-based infinitary proof system . 95 ω 5.2 CLKID : a cyclic proof system for FOLID .................... 99 v 6 Cycle normalisation for cyclic proofs 103 6.1 Tree-unfolding equivalence on cyclic proofs . ..........104 6.2 Cycle normalisation via tree-unfoldings . .........109 6.3 Cycle normalisation via iterated unfoldings . ..........113 7 Trace manifolds 121 7.1 Analysing the general trace condition . .......122 7.2 Tracemanifolds.................................. 126 7.3 Translation of LKID into CLKIDω ........................134 7.3.1 The Sprenger-Dam translation from global to local proof in the µ-calculus139 7.3.2 Connections with Walukiewicz’ completeness for the µ-calculus . 141 8 Conclusions 144 8.1 Summary of our contributions . 144 8.2 Futurework....................................145 A Decidability of proof in trace-based cyclic proof systems 147 Bibliography 155 vi Chapter 1 Introduction 1.1 Overview Inductive definitions are frequently encountered throughout mathematics and computer sci- ence, and the corresponding use of inductive proof methods to reason about inductively defined structures constitutes a fundamental part of mathematical reasoning. In all cases the aim of in- ductive reasoning is to exploit recursion in the definition of the inductively defined structures under consideration in order to prove general properties about those structures. The canonical example of an inductively defined structure occurring in mathematics is the set N of natural numbers, which can be given by the following inductive definition: 0 is a natural number; • if n is a natural number, then so is s(n) (the successor of n, i.e. n + 1). • Mathematical reasoning about inductively defined structures is most often formulated in one of two main styles.