Cyclic Proof Systems

Updated 2 August 2025

Cyclic Proof Systems are graph-based frameworks that replace explicit induction with global soundness criteria and cyclic reasoning.
They enforce soundness through ordinal-valued trace functions and infinite progress conditions to ensure decreasing measures along cycles.
Applications include program verification, model checking, and automata theory, providing automated decision procedures and invariant synthesis.

A cyclic proof system is a generalized proof framework in which proofs are represented not as well-founded trees but as possibly infinite (and typically regular) graphs—commonly finite graphs with cycles. By allowing cycles, such systems subsume conventional deductive reasoning based on induction or coinduction, replacing explicit induction hypotheses with global soundness criteria that preclude spurious cyclic inferences. The central metamathematical concern in cyclic proof theory is the precise formulation of these soundness criteria and the relationships to traditional inductive and coinductive proof systems. Cyclic proof systems have seen application across proof theory, program verification, model checking, and the algebraic theory of automata.

1. Abstract Structure of Cyclic Proof Systems

Cyclic proof systems extend traditional sequent calculus by permitting proofs whose underlying structure is a (possibly infinite but regular) directed graph. Each node in the proof is labeled by a sequent, and edges are labeled by inference rule applications. The key syntactic innovation is the identification of certain open leaves—buds—with companions occurring elsewhere in the proof, thus enabling cycles.

An abstract cyclic entailment system is defined as a tuple $(S, r, \mathcal{T}, \theta)$ , where:

$S$ is the set of sequents, typically pairs of antecedents and consequents of the form $A \vdash C$ .
$r$ is a distinguished family of rule instances governing local inference.
$\mathcal{T}$ denotes "trace values" (abstract program points or resources), with trace functions $\mathcal{T}_A, \mathcal{T}_C$ assigning values to antecedents/consequents.
$\theta$ is an ordinal-valued trace function: $\Theta: (\mathcal{T}_A \cup \mathcal{T}_C) \times M \rightarrow O$ , assigning a "size" (ordinal) to the realization of a trace value in a model $m \in M$ .

Proofs, potentially infinite in the process of unfolding cycles, are finitely represented by regular graphs equipped with appropriately labeled nodes and cyclic back-links.

2. Global Soundness and Trace Conditions

The admissibility of cyclic proofs is governed by global soundness criteria, typically formulated as conditions on infinite paths through the proof graph. The most prevalent criterion is the infinite progress or global trace condition:

Infinite Progress: On every infinite path, there must exist a "trace" with infinitely many progress points—formally, the cumulative progression sum along the path must increase (usually in the sense of a strictly descending sequence of ordinals).
For a path $\pi$ with sequents labeled by trace values $(\tau_1, \tau_2, ..., \tau_n, ...)$ , the progression sum is computed by a noncommutative reverse ordinal sum, enforcing that, ultimately, the assigned ordinals decrease autonomously along the path.
If such a condition fails, there exists the possibility of spurious cyclic reasoning where the purported proof simply cycles endlessly without making genuine progress toward discharge.

Local variants—e.g., reset conditions—enforce the progress criterion on each simple cycle rather than along all infinite paths, endowing the system with local soundness that can sometimes be checked through purely combinatorial means (Leigh et al., 2023).

3. Size-Measure, Model Relationships, and Quantitative Semantics

Key to ensuring soundness is the assignment of a quantitative size to each modeling of a trace value, formalized by the ordinal trace function $\Theta$ . This assignment enables the definition of well-founded descent:

For trace values $t_1 \in \mathcal{T}_A(A)$ (antecedent) and $t_2 \in \mathcal{T}_C(C)$ (consequent), and for every maximal right-hand trace in the proof, accompanying left-hand traces are compared by their progression sums $\mathrm{Prog}_\pi$ .
The central comparison: $t_2 \leq^P t_1$ if for every right-hand trace there exists a left-hand trace with $\mathrm{Prog}_\pi(\text{right}) \leq \mathrm{Prog}_\pi(\text{left})$ .
This comparison ensures that any model realizing the consequent is strictly "smaller" than one realizing the antecedent (in the sense of the ordinal-valued size measure). This mechanism underpins arguments excluding infinite countermodels and is essential in applications to termination and security proofs (Rowe et al., 2017).

4. Inference Schemes, Proof Search, and Automata Connections

Cyclic proof systems are typically specified by a small set of sequent-style inference rules. Standard systems for inductively defined predicates use the following key rules (Iosif et al., 2017):

Left and right unfoldings (LU, RU) reflecting the application of recursive definitions;
Constraint reduction rules synthesizing variable substitutions or Skolemizations;
A split rule (SP) decomposing conjunctive right-hand sides;
An ID or "loop" rule, allowing back-links to earlier sequents under strictly decreasing measures (witnessed via a ranking function).

Proof search in such systems, under suitable semantic restrictions (non-filtering, ranking, finite variable instantiation, and non-overlapping), is algorithmically tractable. For instance, proof search becomes a decision procedure for many fragments, and the analogy with automata theoretic language inclusion underpins both the structure of the rules and the complexity results—such as the simulation of language-inclusion games between tree automata (Iosif et al., 2017).

Moreover, the connection to automata theory is exploited operationally: the check for the global soundness condition (progress along traces) is sometimes reduced to automata-theoretic acceptance (e.g., via Büchi automata for paths), and the cyclic proof itself can be viewed as a machine-checkable certificate of inclusion or safety.

5. Applications in Program Verification and Software Model Checking

Cyclic proof systems have been applied extensively to the verification of properties in software and systems:

Termination Analysis: The well-founded measure enforced by the trace function $\Theta$ functions analogously to ranking functions in termination proofs. Cyclic proof systems thus allow for automated or semi-automated verification of the absence of infinite computations in recursive or iterative processes.
Invariant Synthesis: By internalizing induction and coinduction as cycles, such systems can discover invariants without requiring the prior provision of explicit induction hypotheses—this has led to effective frameworks for inductive reasoning in shape analysis, separation logic, and recursive type systems (Iosif et al., 2017, Tsukada et al., 2021).
Model Checking: Many important software model-checking algorithms (e.g., property-directed reachability frameworks such as PDR) can be recast as cyclic proof search in a nonstandard proof system, highlighting the deep connection between cyclic reasoning and symbolic model-checking strategies (Tsukada et al., 2021).

The following table summarizes salient features related to program verification:

Feature	Cyclic Entailment System (Rowe et al., 2017)	Program Verification Impact
Trace-based Progress	Ordinal-valued progression sum	Ensures measure decreases on loops
Model Size-Comparison	Ordering on traces (≤ᴾ, <ᴾ)	Guarantees shrinking counterexamples
Automated Decidability	Restrictable via semantic conditions	Proof search is often algorithmic
Relevance in Verification	Ranking, size functions as invariants	Proves termination, safety, or progress

6. Metatheoretic Strength and Cut-Elimination Issues

The existence and form of cut-elimination in cyclic systems is subtle and context-dependent. In some settings (notably full first-order logic with inductive predicates), cut-elimination fails: certain sequents are provable cyclically only with the use of cut, and not cut-free, even for very restricted logics (e.g., with unary predicates and functions) (Oda et al., 2022, Oda et al., 2021). This contradicts the strong cut-elimination property traditional to many sequent calculi and affects completeness, consistency arguments, and the subformula property.

However, for a range of propositional logics with fixed points or finite inductive definitions, cyclic proof systems do enjoy cut-elimination and are equivalent in proof-theoretic strength to their infinitary counterparts (Hori et al., 2023). The precise boundaries are shaped by language restrictions, the form of inductive definitions, and the discipline imposed by the global soundness criterion.

7. Graphical and Quantitative Illustrations

Cyclic proofs can be visualized as finite graphs with cycles that are equipped with labels reflecting traces and progress points. A typical schematic diagram consists of nodes $n_1, ..., n_k$ in a cycle, an edge from $n_k$ to a terminal "sink" state $\top$ , and self-loops representing termination. The progression along traces is realized through the ordinal-valued sums described by:

$\mathrm{Prog}_\pi(\tau_1, ..., \tau_n) = \begin{cases} 0, &\text{if } n = 1 \ {}^{(r, (S, \vec{S}), 1)}(\tau_1, \tau_2) + \dots + {}^{(r, (S, \vec{S}), 1)}(\tau_{n-1}, \tau_n), &\text{if } n > 1 \end{cases}$

Trace value ordering is formalized as:

$t_2 \leq^P t_1 \iff \forall \text{ right-hand traces }\ \exists \text{ left-hand trace} : \mathrm{Prog}_\pi(\text{right}) \leq \mathrm{Prog}_\pi(\text{left}).$

This formalism provides the quantitative underpinning for the soundness of cyclic arguments and is foundational for their application in verification and automata theory.

Cyclic proof systems thus integrate abstract semantic frameworks, quantitative progress tracking, and graph-theoretic representations to provide a robust formalism for reasoning about inductive and coinductive statements. Their combination of regularity, global progress, and size comparability positions them as a central tool both in proof theory and in the effective automation of program verification and model checking (Rowe et al., 2017, Iosif et al., 2017, Tsukada et al., 2021).