Martin-Lof's Inductive Definitions
Are Not Equivalent to Cyclic Proofs
FOSSACS 2017 Uppsala
April, 26 2017
Stefano Berardi
Makoto Tatsuta
C.S. Dept.
Torino University
National Institute of Informatics/Sokendai
Italy
Japan
A Refutation of BrotherstonSimpson’s Conjecture
• Cyclic Proofs (2006). Cyclic proofs (Brotherston [1],
Simpson [2]) are an alternative formalization of
induction on data bases, suitable for proof search
and for Separation Logic.
• Brotherston-Simpson Conjecture (2011, [2]). Cyclic
proofs are equivalent to LKID, Martin-Lof's Theory
of (finitary) Inductive Definitions.
• Brotherston-Simpson Conjecture is false (2017, this
talk). The 2-Hydra statement has a cyclic proof but
no proof in LKID.
LKID, Martin-Lof's Theory of
(finitary) Inductive Definitions.
• LKID is First Order Logic with equality, plus
introduction and elimination rules for any set of
atomic positive inductive definitions, say:
1. Bool(true), Bool(false)
2. N(0),
if N(n) then N(sn)
3. List(nil),
if N(a) and List(L) then List(cons(a,L))
• In LKID, Classical Logic is allowed.
• In LKID, there is no negative axiom like true  false,
0  sx, nil  cons(x,L), … or uniqueness axiom like sx
= sy  x = y …
CLKID (regular cyclic proofs)
• Introduction and Elimination rules for inductive
definitions are replaced by case rules:
,t=0|-  ,Nx, t=sx|- 
,Nt|- 
• Proofs are infinite regular trees: proof search stops
whenever we pass through the same sequent twice.
• A cyclic proof is an infinite object, yet it is decidable
whether a cyclic proof is correct, using the global
trace condition:
in all infinite branches there is some variable whose
value is decreasing infinitely many times
CLKID versus LKID
1. All theorems of CLKID are true ([3], Prop. 3.2.8).
2. All theorems of LKID are theorems of CLKID ([3],
Lemma 7.3.1, and [2], Thm. 7.6).
3. If we add basic arithmetic to LKID, CLKID and we
restrict to the language of arithmetic then LKID =
CLKID (Simpson, FOSSACS 2017).
4. If we add basic arithmetical axioms to LKID,
CLKID and we add all inductive predicates then
LKID = CLKID (Berardi, Tatsuta LICS 2017)
Yet 2-Hydra is provable CLKID and not in LKID: there
is some basic arithmetic hidden in CLKID.
The Hydra Statements
• The Hydra of Lerna was a mythological monster,
popping two smaller heads whenever you cut one.
• The original Hydra was defeated by fire, a
mathematical Hydra statement says that we
eventually kill Hydra just by cutting head.
• There is an Hydra statement for trees true but not
provable in Peano Arithmetic (Kirby, Paris 1982 [3])
• 2-Hydra is a miniature statement. We select some
way of reducing x,yN: (x+1,y+2)|(x,y) and
(0,y+2)|(y+1,y) and (x+2,0)| (x+1,x) (reducing
the last non-zero value produces two smaller
copies). We claim reductions terminate.
A formal definition of 2-Hydra
pxy = reductions from (x,y)N2 terminate
A cyclic proof of 2-Hydra
A proof of Nx,Ny|-pxy in CLKID + 0,s,N. We prove it
from a proof of Nx,Ny|-pxy for a “smaller” pair (x,y),
using reductions Hb, Hc, Hd at each step.
A structure M with M|= 2-Hydra
We define M = N + Z + an infinite descent p for 2Hydra (in red). p is union of 3 partial bijections and we
move along p by repeating forever: (x+1,y+2)(x,y),
(0,y+2)(y+1,y), (x+2,0) (x+1,x)
LKID+0,s,N |- 2-Hydra
• Let LKID+0,s,N be the theory of inductive
definition of 0,s and N (natural numbers). We do
not have order, nor sum, nor product.
• Since M|=2-Hydra, we prove that LKID+0,s,N |- 2Hydra proving that M|= LKID+0,s,N, that is, that M
satisfies induction for N. This is done in two steps:
1. all predicates in M which do not satisfy induction
rule have measure 1/3 or 2/3 (one-line proof)
2. all predicates in M have measure some n/2m
(difficult part), hence satisfy induction by point 1.
The only non-trivial predicate p of M is union of 3
partial bijections. Which sets are definable from it?
A Quantifier-Elimination result for
Partial Bijections
Q.-E. Thm. Let U be a set and Rel a set of partial
bijections on U. Assume that all finite partial
bijections on U are in Rel, that Dom =
{dom(R)|RRel} is complement-closed, and that for
all R,SRel, DDom we have idD,R-1,RS,RS,
RDRel. Let S be the structure with universe U,
one symbol for each uU, DDom, RRel. Then:
1. The theory of S has quantifier-elimination.
2. Any first-order definable set in S is in Dom:
no new set is first order definable in S
The Q.E. Result decides
Brotherston-Simpson’s conjecture
1. Let Dom = the finite unions of subsets of M
including (up to finitely many elements) one
element every 2n. They have measure some n/2m.
2. Let Rel = the partial bijections with domain some
DDom, equal (up to finitely many elements) to y
= 2zx + r, for some zZ,rQ.
• Then the Q.-E. result implies that all first order
definable sets in M are in Dom, hence have
measure some n/2m, hence satisfy induction for N.
Thus:
M|= LKID+0,s,N
M|=2-Hydra
CLKID+0,s,N|- 2-Hydra
References
[1] Brotherston, J. (2006). Sequent calculus proof
systems for inductive definitions, ph.d. thesis,
Laboratory for Foundations of Computer Science,
School of Informatics, University of Edinburgh.
[2] Brotherston, J.; Simpson, A. (2011). Sequent
calculi for induction and finite descent, Journal of
Logic and Computation 21 (6) 1177-1216.
[3] Kirby, L.; Paris, J. (1982). "Accessible
Independence Results for Peano Arithmetic" (PDF).
Bulletin of the London Mathematical Society. 14 (4):
285. doi:10.1112/blms/14.4.285.
The Hydra in the book “Historiae
Naturalis” of Johnston (1625)
Question 1: is the Quantifier
Elimination Result new?
• Our interest is not the Q.E. result per se, but rather
the identification of this Q.E. result as a way of
proving the unprovability of 2-Hydra in LKID.
• Model-theorists David Evans, Victoria Gould,
Bruno Poizat, Frank Wagner and Domenico
Zambella never heard of this Q.E. result.
• However, Domenico Zambella pointed out that this
kind of result is often hidden in a note or in an
exercise of a larger paper, so we cannot be
completely sure it is new.
Question 2: do we have LKIDCLKID
if we add all inductive predicates?
• Open question: if we add all inductive definitions
and rules to LKID and to CLKID, but nothing else,
do we get LKID=CLKID ?
• Possibly no. However, our proof would require
changes, because M=N+Z does not satisfy the
induction rule for , therefore M is not a model of
LKID + all inductive predicates.
• We conjecture that our proof goes through if we
redefine M=Z+Z .