Deductive Systems for Logic Programs with Counting

Abstract

In answer set programming, two groups of rules are considered strongly equivalent if they have the same meaning in any context. Strong equivalence of two programs can be sometimes established by deriving rules of each program from rules of the other in an appropriate deductive system. This paper shows how to extend this method of proving strong equivalence to programs containing the counting aggregate.

1 Introduction

In answer set programming (ASP), two groups of rules are considered strongly equivalent if, informally speaking, they have the same meaning in any context (Lifschitz et al. 2001).

If programs $\Pi _1$ and $\Pi _2$ are strongly equivalent then, for any program $\Pi$ , programs $\Pi _1\cup \Pi$ and $\Pi _2\cup \Pi$ have the same stable models. Properties of this equivalence relation are important because they can help us simplify parts of an ASP program without examining its other parts. More generally, they can guide us in the process of developing correct and efficient code.

Strong equivalence of two programs can be sometimes established by deriving rules of each program from rules of the other in an appropriate deductive system. Deriving rules involves rewriting them in the syntax of first-order logic. The possibility of such proofs has been demonstrated for the ASP language mini-gringo (Lifschitz et al. 2019; Lifschitz 2021; Fandinno and Lifschitz 2023a), and it was used in the design of a proof assistant for verifying strong equivalence (Heuer 2020; Fandinno and Lifschitz 2023b).

We are interested in extending this method of proving strong equivalence to ASP programs with aggregates, such as counting and summation (Gebser et al. 2019, Section 3.1.12). Procedures for representing rules with aggregates in the syntax of first-order logic have been proposed in several recent publications (Lifschitz 2022; Fandinno et al. 2022; Fandinno and Hansen 2025). The first of these papers describes a deductive system that can be used for proving strong equivalence of programs in the language called mini-gringo with counting (mgc). But that system is too weak for reasoning about mgc rules that contain variables in the right-hand side of an aggregate atom. For instance, let $A$ be the pair of rules

\begin{equation*}\begin{array} l p(a),\\[5pt] q(Y) \leftarrow {{\mathit{count}}}\{ X : p(X) \land X \neq a \} = Y, \end{array}\end{equation*}

and let $B$ stand for

\begin{equation*}\begin{array} l p(a),\\[5pt] q(Y-1) \leftarrow {{\mathit{count}}}\{ X : p(X)\} = Y. \end{array}\end{equation*}

These pairs of rules are strongly equivalent to each other, but the deductive system mentioned above would not allow us to justify this claim.

We propose here an alternative set of axioms for proving strong equivalence of programs with counting. After reviewing in Section 2 the language mgc and the translation $\tau ^*$ that transforms mgc rules into first-order sentences, we define in Section 3 a deductive system of here-and-there with counting $({\mathit{HT}_{\!\!\#}})$ . Any two mgc programs $\Pi _1$ and $\Pi _2$ such that $\tau ^*\Pi _1$ and $\tau ^*\Pi _2$ can be derived from each other in this deductive system are strongly equivalent. Furthermore, the sentences $\tau ^*A$ and $\tau ^*B$ , corresponding to the programs $A$ and $B$ above, are equivalent in $\mathit{HT}_{\!\!\#}$ , as well as any two sentences that are equivalent in the deductive system from the previous publication on mgc (Sections 4 and 5).

The system $\mathit{HT}_{\!\!\#}$ is not a first-order theory in the sense of classical logic, because some instances of the law of excluded middle $F\lor \neg F$ are not provable in it. This fact makes it difficult to automate reasoning in $\mathit{HT}_{\!\!\#}$ , because existing work on automated reasoning deals for the most part with classical logic and its extensions. (Pearce et al. 2001) and (Lin 2002) showed how to modify the straightforward representation of propositional rules by formulas in such a way that strong equivalence will correspond to equivalence of formulas in classical logic. Their method was used in the design of a system for verifying strong equivalence of propositional programs (Chen et al. 2005). It was also generalized to strong equivalence of propositional formulas (Pearce et al. 2009), first-order formulas (Ferraris et al. 2011), and mini-gringo programs (Fandinno and Lifschitz 2023b), and it was used in the design of a system for verifying strong equivalence in mini-gringo (Heuer 2020). In Section 6 we show that this method is applicable to programs with counting as well. To this end, we define a classical first-order theory ${\mathit{HT}'_{\!\!\#}}$ and an additional syntactic transformation $\gamma$ such that two sentences $F_1$ , $F_2$ are equivalent in $\mathit{HT}_{\!\!\#}$ if and only if $\gamma F_1$ is equivalent to $\gamma F_2$ in ${\mathit{HT}'_{\!\!\#}}$ . It follows that if the formula $\gamma \tau ^*\Pi _1\leftrightarrow \gamma \tau ^*\Pi _2$ can be derived from the axioms of ${\mathit{HT}'_{\!\!\#}}$ in classical first-order logic then $\Pi _1$ is strongly equivalent to $\Pi _2$ .

Section 7 describes a modificaton ${\mathit{HT}^{\omega}_{\!\!\#}}$ of the deductive system $\mathit{HT}_{\!\!\#}$ that is not only sound for proving strong equivalence, but also complete: any two mgc programs $\Pi _1$ , $\Pi _2$ are strongly equivalent if and only if the formulas $\tau ^*\Pi _1$ and $\tau ^*\Pi _2$ are equivalent in the modified system. This is achieved by including rules with infinitely many premises, similar to the $\omega$ -rule in arithmetic investigated by Leon Henkin (1954):

\begin{equation*}\frac {F(0)\quad F(1)\quad \ldots }{\forall n F(n)}.\end{equation*}

Deductive systems of this kind are useful as theoretical tools. But derivations in such systems are infinite trees, and they cannot be represented in a finite computational device.

Some additional details of the semantics of mgc are reviewed in Appendix A, and proofs are presented in Appendix B. Some of the proofs refer to the concept of an HT-interpretation, which is reviewed in Appendix B.3. In Appendix B.5, we define a class of standard HT-interpretations, for which the deductive system ${\mathit{HT}^{\omega}_{\!\!\#}}$ is sound and complete.

A preliminary report on this work was presented at the Seventeenth International Conference on Logic Programming and Non-monotonic Reasoning (LPNMR 2024).

2 Background

In this section, we recall the basic definitions about logic programs (Section 2.1), stable models and strong equivalence (Section 2.2), representation of logic programs by first-order formulas (Sections 2.3 and 2.4) and the logic of here-and-there (Section 2.5).

2.1 Programs

The syntax of mini-gringo with counting is defined as follows. ¹ We assume that three countably infinite sets of symbols are selected: numerals, symbolic constants, and variables. We assume that a 1-1 correspondence between numerals and integers is chosen; the numeral corresponding to an integer $n$ is denoted by $\overline n$ . (In examples of programs, we sometimes drop overlines in numerals.)

The set of precomputed terms is assumed to be a totally ordered set containing numerals, symbolic constants, and possibly other symbols, such that numerals are contiguous (every precomputed term between two numerals is a numeral) and are ordered in the standard way. mgc terms are formed from precomputed terms and variables using the unary operation symbol $|\ |$ and the binary operation symbols:

\begin{equation*}+\quad -\quad \times \quad /\quad \backslash \quad ..\end{equation*}

An mgc atom is a symbolic constant optionally followed by a tuple of terms in parentheses. A literal is a mgc atom possibly preceded by one or two occurrences of not. A comparison is an expression of the form $t_1\prec t_2$ , where $t_1$ , $t_2$ are mini-gringo terms, and $\prec$ is $=$ or one of the comparison symbols:

(1) \begin{equation} \neq \quad \lt \quad \gt \quad \leq \quad \geq \end{equation}

An aggregate element is a pair $\textbf {X}:{\textbf {L}},$ where $\textbf {X}$ is a tuple of distinct variables, and $\textbf {L}$ is a conjunction of literals and comparisons such that every member of $\textbf {X}$ occurs in $\textbf {L}$ . An aggregate atom is an expression of one of the forms

(2) \begin{equation} {{\mathit{count}}} \{E\} \geq t,\ {{\mathit{count}}} \{E\} \leq t,\ \end{equation}

where $E$ is an aggregate element and $t$ is a term that does not contain the interval symbol ( $..$ ). The conjunction of aggregate atoms (2) can be written as ${{\mathit{count}}}\{E\}=t$ .

A rule is an expression of the form

(3) \begin{equation} {\mathit{Head}}\leftarrow {\mathit{Body}}, \end{equation}

where

• • $\mathit{Body}$ is a conjunction (possibly empty) of literals, comparisons, and aggregate atoms, and

• • $\mathit{Head}$ is either an atom (then (3) is a basic rule), or an atom in braces (then (3) is a choice rule), or empty (then (3) is a constraint).

A variable that occurs in a rule $R$ is local in $R$ if each of its occurrences is within an aggregate element, and global otherwise. A rule is pure if, for every aggregate element $\textbf {X}:\textbf {L}$ in its body, all variables in the tuple $\textbf {X}$ are local. For example, the rule

\begin{equation*} q(Y) \leftarrow {{\mathit{count}}}\{X:p(X)\} = Y \land X\gt 0 \end{equation*}

is not pure, because $X$ is global.

In mini-gringo with counting, a program is a finite set of pure rules.

2.2 Stable models and strong equivalence

An atom $p(\textbf {t})$ is precomputed if all members of the tuple $\textbf {t}$ are precomputed terms. The semantics of mgc is based on an operator, called $\tau$ , which transforms pure rules into infinitary propositional formulas formed from precomputed atoms (Lifschitz 2022, Section 5). For example, the rule

\begin{equation*}q \leftarrow {{\mathit{count}}}\{X:p(X)\} \leq 5\end{equation*}

is transformed by $\tau$ into the formula

\begin{equation*}\left ( \bigwedge _{\Delta \,:\,|\Delta | \gt 5}\neg \bigwedge _{x\in \Delta }\;p(x) \right )\to q,\end{equation*}

where $\Delta$ ranges over finite sets of precomputed terms and $|\Delta |$ stands for the cardinality of $\Delta$ . The antecedent of this implication expresses that a set of more than 5 elements cannot be a subset of $\{X:p(X)\}$ . The result of applying $\tau$ to a program $\Pi$ is defined as the conjunction of formulas $\tau R$ for all rules $R$ of $\Pi$ .

Stable models of an mgc program $\Pi$ are defined as stable models of $\tau \Pi$ in the sense of the work by (Truszczynski 2012). Thus stable models of programs are sets of precomputed atoms.

About programs $\Pi _1$ and $\Pi _2$ we say that they are strongly equivalent to each other if $\tau \Pi _1$ is strongly equivalent to $\tau \Pi _2$ ; in other words, if for every set $\Phi$ of infinitary propositional formulas formed from precomputed atoms, $\{\tau \Pi _1\}\cup \Phi$ and $\{\tau \Pi _2\}\cup \Phi$ have the same stable models. It is clear that if $\Pi _1$ is strongly equivalent to $\Pi _2$ then, for any program $\Pi$ , $\Pi _1\cup \Pi$ has the same stable models as $\Pi _2\cup \Pi$ (take $\Phi$ to be $\{\tau \Pi \}$ ).

2.3 Representing MGC terms and atoms by formulas

In first-order formulas used to represent programs, we distinguish between terms of two sorts: the sort general and its subsort integer. General variables are meant to range over arbitrary precomputed terms, and we assume them to be the same as variables used in mgc programs. Integer variables are meant to range over numerals (or, equivalently, integers). In this paper, integer variables are represented by letters from the middle of the alphabet ( $I,\ldots ,N$ ).

The two-sorted signature $\sigma _0$ includes

• • all numerals as object constants of the sort integer;

• • other precomputed terms as object constants of the sort general;

• • the symbol $|\ |$ as a unary function constant; its argument and value have the sort integer;

• • the symbols $+$ , $-$ and $\times$ as binary function constants; their arguments and values have the sort integer;

• • pairs $p/n$ , where $p$ is a symbolic constant and $n$ is a nonnegative integer, as $n$ -ary predicate constants; their arguments have the sort general;

• • symbols (1) as binary predicate constants; their arguments have the sort general.

Note that the definition of $\sigma _0$ does not allow terms that contain a general variable in the scope of an arithmetic operation. For example, the mgc term $Y-\overline 1$ is not a term over $\sigma _0$ .

A formula of the form $(p/n)(\textbf {t})$ , where $\textbf {t}$ is a tuple of terms, can be written also as $p(\textbf {t})$ . Thus precomputed atoms can be viewed as sentences over $\sigma _0$ .

The set of values of an mgc term ² $t$ can be described by a formula over the signature $\sigma _0$ that contains a variable $Z$ that does not occur in $t$ (Lifschitz et al. 2019; Fandinno and Lifschitz 2023a). This formula, “ $Z$ is a value of $t$ ,” is denoted by $\textit {val}_{t}(Z)$ . Its definition is recursive, and we reproduce here two of its clauses:

• • if $t$ is a precomputed term or a variable then $\textit {val}_{t}(Z)$ is $Z=t$ ,

• • if $t$ is $t_1\;\textit {op}\;t_2$ , where op is $+$ , $-$ , or $\times$ then $\textit {val}_{t}(Z)$ is

  \begin{equation*}\exists I J (\textit {val}_{t_1}(I) \land \textit {val}_{t_2}(J) \land Z=I\;\textit {op}\;J),\end{equation*}
  where $I$ and $J$ are integer variables that do not occur in $t$ .

For example, $\textit {val}_{Y-\overline 1}(Z)$ is

\begin{equation*}\exists I J(I=Y \land J=\overline 1\land Z=I-J).\end{equation*}

The translation $\tau ^B$ transforms mgc atoms, literals, and comparisons into formulas over the signature $\sigma _0$ . (The superscript $B$ conveys the idea that this translation expresses the meaning of expressions in bodies of rules). For example, $\tau ^B$ transforms $p(t)$ into the formula $\exists Z(\textit {val}_{t}(Z) \land p(Z))$ . The complete definition of $\tau ^B$ can be found in earlier publications (Lifschitz et al. 2019; Fandinno and Lifschitz 2023a) and is reproduced in Appendix A for convenience.

2.4 Representing aggregate expressions and rules

To represent aggregate expressions by first-order formulas, we need to extend the signature $\sigma _0$ (Lifschitz 2022, Section 7). The signature $\sigma _1$ is obtained from $\sigma _0$ by adding all predicate constants of the forms

(4) \begin{equation} {\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F\hbox{ and }{\mathit{Atmost}}^{\textbf {X};\textbf {V}}_F \end{equation}

where $\textbf {X}$ and $\textbf {V}$ are disjoint lists of distinct general variables, and $F$ is a formula over $\sigma _0$ such that each of its free variables belongs to $\textbf {X}$ or to $\textbf {V}$ . The number of arguments of each constant (4) is the length of $\textbf {V}$ plus 1; all arguments are of the sort general. If $n$ is a positive integer then the formula ${\mathit{Atleast}}^{\textbf {X},\textbf {V}}_F(\textbf {V},\overline n)$ is meant to express that $F$ holds for at least $n$ values of $\textbf {X}$ . The intuitive meaning of ${\mathit{Atmost}}^{\textbf {X},\textbf {V}}_F(\textbf {V},\overline n)$ is similar: $F$ holds for at most $n$ values of $\textbf {X}$ .

For an aggregate atom of the form ${{\mathit{count}}}\{\textbf {X}:\textbf {L}\}\geq t$ in the body of a rule, the corresponding formula over $\sigma _1$ is

\begin{equation*} \exists Z\left (\textit {val}_{t}(Z) \land {\mathit{Atleast}}^{\textbf {X};\textbf {V}}_{\exists \textbf {W}\tau ^B(\textbf {L})}(\textbf {V},Z)\right ), \end{equation*}

where

• • $\textbf {V}$ is the list of global variables that occur in $\textbf {L}$ , and

• • $\textbf {W}$ is the list of local variables that occur in $\textbf {L}$ and are different from the members of $\textbf {X}$ .

For example, the aggregate atom ${{\mathit{count}}}\{ X : p(X)\} \geq Y$ is represented by the formula

\begin{equation*} \exists Z\left (Z=Y\land {\mathit{Atleast}}^{X;}_{\exists Z(Z=X\land p(Z))}(Z)\right ) \end{equation*}

( $\textbf {V}$ and $\textbf {W}$ are empty).

The formula representing ${{\mathit{count}}}\{\textbf {X}:\textbf {L}\}\leq t$ is formed in a similar way, with $\mathit{Atmost}$ in place of $\mathit{Atleast}$ .

Now we are ready to define the translation $\tau ^*$ , which transforms pure rules into sentences over $\sigma _1$ . It converts a basic rule

\begin{equation*}p(t) \leftarrow B_1\land \cdots \land B_n\end{equation*}

into the universal closure of the formula

\begin{equation*}B^*_1\land \cdots \land B^*_n\land \textit {val}_{t}(Z)\to p(Z),\end{equation*}

where $B^*_i$ is

• • $\tau ^B(B_i)$ , if $B_i$ is a literal or comparison, and

• • the formula representation of $B_i$ formed as described above, if $B_i$ is an aggregate atom.

The definition of $\tau ^*$ for pure rules of other forms can be found in the previous paper on mini-gringo with counting (Lifschitz 2022, Sections 6 and 8). For any program $\Pi$ , $\tau ^*\Pi$ stands for the conjunction of the sentences $\tau ^*R$ for all rules $R$ of $\Pi$ .

2.5 Logic of here-and-there and standard interpretations

We are interested in deductive systems $S$ with the following property:

(5) \begin{equation} \begin{array} c {for\;any\;programs}\,\Pi _1\; {and}\, \Pi _2,\\[5pt] {if} \; \tau ^*\Pi _1\; {and} \, \tau ^*\Pi _2 \, {can\;be\;derived\;from\;each\;other\;in}\, S\\[5pt] {then} \,\Pi _1\, {is\;strongly\;equivalent\;to}\,\Pi _2. \end{array} \end{equation}

Systems with property (5) cannot possibly sanction unlimited use of classical propositional logic. Consider, for instance, the one-rule programs

\begin{equation*}p \leftarrow {\mathit{not}} q\quad \hbox{and}\quad q \leftarrow {\mathit{not}} p.\end{equation*}

They have different stable models, although the corresponding formulas

\begin{equation*}\neg q\to p\quad \hbox{and}\quad \neg p\to q\end{equation*}

have the same truth table.

This observation suggests that the study of subsystems of classical logic may be relevant. One such subsystem is first-order intuitionistic logic (with equality) adapted to the two-sorted signature $\sigma _1$ . Intuitionistic logic does have property (5). Furthermore, this property is preserved if we extend it by the axiom schema

(6) \begin{equation} F\lor (F\to G) \lor \neg G, \end{equation}

introduced by Hosoi (1966) as part of his formalization of the propositional logic known as the logic of here-and-there.

The axiom schema

(7) \begin{equation} \exists X(F\to \forall X\,F) \end{equation}

(for a variable $X$ of either sort) can be included without losing property (5) as well. It was introduced to extend the logic of here-and-there to a language with variables and quantifiers (Lifschitz et al. 2007). Both (6) and (7) are provable classically, but not intuitionistically.

The axioms and inference rules discussed so far are abstract, in the sense that they are not related to any properties of the domains of variables (except that one is a subset of the other). To describe more specific axioms, we need the following definition. An interpretation of the signature $\sigma _0$ is standard if

• • its domain of the sort general is the set of precomputed terms;

• • its domain of the sort integer is the set of numerals;

• • every object constant represents itself;

• • the absolute value symbol and the binary function constants are interpreted as usual in arithmetic;

• • predicate constants (1) are interpreted in accordance with the total order on precomputed terms chosen in the definition of mgc (Section 2.1).

Two standard interpretations of $\sigma _0$ can differ only by how they interpret the predicate symbols $p/n$ . If a sentence over $\sigma _0$ does not contain these symbols then it is either satisfied by all standard interpretations or is not satisfied by any of them.

Let $\mathit{Std}$ be the set of sentences over $\sigma _0$ that do not contain predicate symbols of the form $p/n$ and are satisfied by standard interpretations. Property (5) will be preserved if we add any members of $\mathit{Std}$ to the set of axioms. The set $\mathit{Std}$ includes, for instance, the law of excluded middle $F\lor \neg F$ for every formula $F$ over $\sigma _0$ that does not contain symbols $p/n$ . Other examples of formulas from $\mathit{Std}$ are

\begin{equation*}\overline 2\times \overline 2 = \overline 4,\quad \forall N (N*N\geq \overline 0),\quad t_1\neq t_2, \end{equation*}

where $t_1$ , $t_2$ are distinct precomputed terms.

To reason about mgc programs, we need also axioms for $\mathit{Atleast}$ and $\mathit{Atmost}$ . A possible choice of such additional axioms is described in the next section.

3 Deductive system $\mathit{HT}_{\!\!\#}$

The deductive system $\mathit{HT}_{\!\!\#}$ (“here-and-there with counting”) operates with formulas of the signature $\sigma _2$ , which is obtained from $\sigma _1$ (Section 2.4) by adding the predicate constants ${\mathit{Start}}^{\textbf {X};\textbf {V}}_F$ , where $\textbf {X}$ and $\textbf {V}$ are disjoint lists of distinct general variables, and $F$ is a formula over $\sigma _0$ such that each of its free variables belongs to $\textbf {X}$ or to $\textbf {V}$ . The number of arguments of each of these constants is the combined length of $\textbf {X}$ and $\textbf {V}$ plus 1. The last argument is of the sort integer, and the other arguments are of the sort general.

For any integer $n$ , the formula ${\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},\overline n)$ is meant to express that if $n\gt 0$ then there exists a lexicographically increasing sequence $\textbf {X}_1,\ldots \textbf {X}_n$ of values satisfying $F$ such that the first of them is $\textbf {X}$ . Two features of the $\mathit{Start}$ predicate make it useful. On the one hand, it can be described by a recursive definition. On the other hand, the predicates $\mathit{Atleast}$ and $\mathit{Atmost}$ can be defined in terms of $\mathit{Start}$ as illustrated by formulas (8) and (9).

3.1 Axioms of $\mathit{HT}_{\!\!\#}$

The axioms for $\mathit{Start}$ define these predicates recursively:

\begin{equation*} \begin{array} l \forall \textbf {X}\textbf {V} N(N\leq \overline 0 \to {\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},N)),\\[5pt] \forall \textbf {X}\textbf {V} ({\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},\overline 1)\leftrightarrow F),\\[5pt] \forall \textbf {X}\textbf {V} N(N\gt \overline 0 \to ({\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},N+\overline 1) \leftrightarrow \\[5pt] \hskip 4cm F\land \exists \textbf {U}(\textbf {X}\lt \textbf {U}\land {\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {U},\textbf {V},N)))). \end{array}\end{equation*}

Here $N$ is an integer variable, and $\textbf {U}$ is a list of distinct general variables of the same length as $\textbf {X}$ , which is disjoint from both $\textbf {X}$ and $\textbf {V}$ . The symbol $\lt$ in the last line denotes lexicographic order: $(X_1,\ldots ,X_m)\lt (U_1,\ldots ,U_m)$ stands for

\begin{equation*} \bigvee _{l=1}^m\left ((X_l\lt U_l) \land \bigwedge _{k=1}^{l-1}(X_k=U_k)\right ). \end{equation*}

This set of axioms for $\mathit{Start}$ will be denoted by $D_0$ .

The set of axioms for $\mathit{Atleast}$ and $\mathit{Atmost}$ , denoted by $D_1$ , defines these predicates in terms of $\mathit{Start}$ :

(8) \begin{align} \forall \textbf {V} Y({\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {V},Y) &\leftrightarrow \exists \textbf {X} N({\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},N)\land N\geq Y)), \end{align}

(9) \begin{align} \forall \textbf {V} Y({\mathit{Atmost}}^{\textbf {X};\textbf {V}}_F(\textbf {V},Y) &\leftrightarrow \forall \textbf {X} N({\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},N)\to N\leq Y)). \end{align}

In addition to the axioms listed above, we need the induction schema ³

\begin{equation*} F^N_{\overline 0}\land \forall N\left (N\geq \overline 0 \land F \to F^N_{N+\overline 1}\right ) \to \forall N (N\geq \overline 0 \to F) \end{equation*}

for all formulas $F$ over $\sigma _2$ . The set of the universal closures of its instances will be denoted by $\mathit{Ind}$ .

The deductive system $\mathit{HT}_{\!\!\#}$ is defined as first-order intuitionistic logic for the signature $\sigma _2$ extended by

• • axiom schemas (6) and (7) for all formulas $F$ , $G$ , $H$ over $\sigma _2$ , and

• • axioms $\mathit{Std}$ , $\mathit{Ind}$ , $D_0$ , and $D_1$ .

This deductive system has property (5):

Theorem 1. For any programs $\Pi _1$ and $\Pi _2$ , if the formula $\tau ^*\Pi _1\leftrightarrow \tau ^*\Pi _2$ is provable in $\mathit{HT}_{\!\!\#}$ then $\Pi _1$ and $\Pi _2$ are strongly equivalent.

The proof of this theorem can be found in Appendix B.8 (page 57). As discussed in Section 7, $\mathit{HT}_{\!\!\#}$ is an extension of the system with property (5) introduced by Lifschitz (2022). Furthermore, in Section 4 we show that $\mathit{HT}_{\!\!\#}$ is sufficiently strong for proving the equivalence between $\tau ^*A$ and $\tau ^*B$ for the programs $A$ and $B$ from the introduction.

3.2 Some theorems of $\mathit{HT}_{\!\!\#}$

The characterization of $\mathit{Atleast}$ and $\mathit{Atmost}$ given by the axioms $D_1$ can be simplified, if we replace the variable $Y$ by an integer variable:

Proposition 1. The formulas

(10) \begin{equation} \forall \textbf {V} N({\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {V},N) \leftrightarrow \exists \textbf {X}\,{\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},N)) \end{equation}

and

(11) \begin{equation} \forall \textbf {V} N({\mathit{Atmost}}^{\textbf {X};\textbf {V}}_F(\textbf {V},N) \leftrightarrow \neg {\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {V},N+\overline 1)) \end{equation}

are provable in $\mathit{HT}_{\!\!\#}$ .

A few other theorems of $\mathit{HT}_{\!\!\#}$ :

Proposition 2. The formulas

(12) \begin{align} &\forall \textbf {V} N(N\leq \overline 0\to {\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {V},N)), \end{align}

(13) \begin{align} &\forall \textbf {V} ({\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {V},\overline 1) \leftrightarrow \exists \textbf {X}\,F), \end{align}

(14) \begin{align} \forall \textbf {X}(F\to G)\to \forall \textbf {X}\textbf {V} N({\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {X},\textbf {V},N) \to {\mathit{Start}}^{\textbf {X};\textbf {V}}_G(\textbf {X},\textbf {V},N)), \end{align}

(15) \begin{align} \forall \textbf {Z}\textbf {V} N ({\mathit{Start}}^{\textbf {X};\textbf {V}}_F(\textbf {Z},\textbf {V},N)\land N\gt \overline 0 \to F^{\textbf {X}}_{\textbf {Z}}) \end{align}

are provable in $\mathit{HT}_{\!\!\#}$ .

An expression of the form ${\mathit{Exactly}}^{\textbf {X};\textbf {V}}_F(\textbf {t},t)$ is shorthand for the conjunction

\begin{equation*}{\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {t},t)\land {\mathit{Atmost}}^{\textbf {X};\textbf {V}}_F(\textbf {t},t)\end{equation*}

( $\textbf {t}$ is a tuple of terms, and $t$ is a term). By (11), ${\mathit{Exactly}}^{\textbf {X};\textbf {V}}_F(\textbf {X},N)$ is equivalent in $\mathit{HT}_{\!\!\#}$ to

\begin{equation*}{\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {X},N)\land \neg {\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {X},N+\overline 1).\end{equation*}

Proposition 3. The formulas

(16) \begin{equation} \forall \textbf {X} Y({\mathit{Exactly}}^{\textbf {X};\textbf {V}}_F(\textbf {X},Y) \to \exists N(Y=N\land N\geq \overline 0)) \end{equation}

and

(17) \begin{equation} \forall \textbf {X}(F\leftrightarrow G)\to \forall \textbf {X} Y({\mathit{Exactly}}^{\textbf {X};\textbf {V}}_F(\textbf {X},Y)\leftrightarrow {\mathit{Exactly}}^{\textbf {X};\textbf {V}}_G(\textbf {X},Y)) \end{equation}

are provable in $\mathit{HT}_{\!\!\#}$ .

The proof of these results can be found in Appendix B.1 (page 28).

4 An example of reasoning about programs

In this section, we show that $\tau ^*A$ is equivalent to $\tau ^*B$ , for the programs $A$ and $B$ from the introduction, in the logic of here-and-there with counting, defined in the previous section. The proof consists of three parts.

4.1 Part 1: Simplification

The translation $\tau ^*$ transforms program $A$ into the conjunction of the formulas

(18) \begin{equation} \forall Z(Z=a\to p(Z)) \end{equation}

and

(19) \begin{align} \!\!\!\forall Y\!Z\big (\exists Z_1(Z_1 = Y\! \land {\mathit{Atleast}}^{X;}_F(Z_1)) \land \exists Z_2(Z_2 = Y\! \land {\mathit{Atmost}}^{X;}_F(Z_2)) \land Z = Y \to q(Z)\big ), \end{align}

where $F$ stands for $\tau ^B(p(a)\land X\neq a)$ . Formula (18) is equivalent to $p(a)$ , and (19) is equivalent to

(20) \begin{equation} \forall Y({\mathit{Atleast}}^{X;}_F(Y)\land {\mathit{Atmost}}^{X;}_F(Y)\to q(Y)). \end{equation}

The antecedent of this implication can be written as ${\mathit{Exactly}}^{X;}_F(Y)$ . By (16), it follows that the variable $Y$ can be replaced by the integer variable $N$ . Furthermore, by (17), formula (20) can be further rewritten as

(21) \begin{equation} \forall N({\mathit{Exactly}}^{X;}_{p(a)\land X\neq a}(N)\to q(N)), \end{equation}

because $F$ is equivalent to $p(a)\land X\neq a$ .

The result of applying $\tau ^*$ to $B$ is the conjunction of (18) and

\begin{gather*} \begin{aligned} \forall YZ\big ( &\exists Z_1(Z_1=Y\land {\mathit{Atleast}}^{X;}_G(Z_1))\,\land \qquad \qquad \\ &\exists Z_2(Z_2=Y\land {\mathit{Atmost}}^{X;}_G(Z_2))\,\land \qquad \;\;\\ &\exists IJ(I=Y\land J=\overline 1\land Z=I+J) \to q(Z)\big ), \end{aligned} \end{gather*}

where $G$ stands for $\tau ^B(p(X))$ . This formula can be equivalently rewritten as:

\begin{equation*}\forall I({\mathit{Exactly}}^{X;}_G(I+\overline 1)\to q(I))\end{equation*}

and further as

(22) \begin{equation} \forall I({\mathit{Exactly}}^{X;}_{p(X)}(I+\overline 1)\to q(I)), \end{equation}

because $G$ is equivalent to $p(X)$ .

Thus the claim that $\tau ^*A$ is equivalent to $\tau ^*B$ will be proved if we prove the formula

\begin{equation*} p(a) \to \forall N({\mathit{Exactly}}^{X;}_{p(X)\land X\neq a}(N)\leftrightarrow {\mathit{Exactly}}^{X;}_{p(X)}(N+\overline 1)). \end{equation*}

It is clearly a consequence of the formula

(23) \begin{equation} p(a) \to \forall N({\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N)\leftrightarrow {\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1)), \end{equation}

which is proven below.

4.2 Part 2: Three lemmas

Three lemmas will be proved in the next section:

(24) \begin{align} &\forall XN(N\gt \overline 0\land X \gt a\land {\mathit{Start}}^{X;}_{p(X)}(X,N) \to {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N)), \end{align}

(25) \begin{align} &\forall XN(N\gt \overline 0\land X\neq a\land {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)\to {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N)), \end{align}

and

(26) \begin{equation} \begin{array} r \forall XN(N\gt \overline 0\land X\lt a\land p(a)\land {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N)\to {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)). \end{array} \end{equation}

Using these lemmas, we will now prove (23). Assume $p(a)$ ; our goal is to show that

\begin{equation*} {\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N)\leftrightarrow {\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1). \end{equation*}

We consider three cases, according to the axiom

\begin{equation*}\forall N(N\lt \overline 0 \lor N=\overline 0 \lor N\gt \overline 0)\end{equation*}

from $\mathit{Std}$ .

If $N\lt \overline 0$ then both sides of the equivalence are true by (12). If $N=\overline 0$ then the left-hand side is true by (12), and the right-hand side follows from $p(a)$ by (13). Hence, assume that $N\gt \overline 0$ .

Right-to-left: assume ${\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1)$ . By (10), there exists $X$ such that

(27) \begin{equation} {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1). \end{equation}

Case 1: $X=a$ , so that ${\mathit{Start}}^{X;}_{p(X)}(a,N+\overline 1)$ . By $D_0$ ,

\begin{equation*}p(a)\land \exists U(a\lt U\land {\mathit{Start}}^{X;}_{p(X)}(U,N)).\end{equation*}

Take $U$ such that $a\lt U$ and ${\mathit{Start}}^{X;}_{p(X)}(U,N)$ . By (24), it follows that

\begin{equation*}{\mathit{Start}}^{X;}_{p(X)\land X\neq a}(U,N).\end{equation*}

Then ${\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N)$ by (10).

Case 2: $X\neq a$ . By (27) and (25),

\begin{equation*}{\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N).\end{equation*}

By (10), it follows that ${\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N)$ .

Left-to-right: assume ${\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N)$ . Then, for some $X$ ,

(28) \begin{equation} {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N) \end{equation}

by (10), and consequently ${\mathit{Start}}^{X;}_{p(X)}(X,N)$ by (14).

Case 1: $X\gt a$ . Then

\begin{equation*}p(a)\land \exists U(a\lt U\land {\mathit{Start}}^{X;}_{p(X)}(U,N))\end{equation*}

(take $U$ to be $X$ ). By $D_0$ , we can conclude that ${\mathit{Start}}^{X;}_{p(X)}(a,N+\overline 1)$ . Then ${\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1)$ follows by (10).

Case 2: $X\leq a$ . From (28) and (15), $X\neq a$ , so that $X\lt a$ . From (28) and (26), ${\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)$ ; ${\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1)$ follows by (10).

4.3 Part 3: Proofs of the lemmas

Proofs of all three lemmas use induction in the form

(29) \begin{equation} F^N_{\,\overline 1}\land \forall N\left (N\geq \overline 1 \land F \to F^N_{N+\overline 1}\right ) \to \forall N (N\geq \overline 1 \to F), \end{equation}

which follows from $\mathit{Ind}$ and $\mathit{Std}$ .

Proof of (24). We need to show that for all positive $N$ ,

(30) \begin{equation} \forall X(X\gt a \land {\mathit{Start}}^{X;}_{p(X)}(X,N)\to {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N)). \end{equation}

If $N$ is $\overline 1$ then (30) is equivalent to

\begin{equation*}\forall X(X\gt a \land p(X) \to p(X)\land X\neq a)\end{equation*}

by $D_0$ ; this formula follows from $\mathit{Std}$ . Assume (30) for a positive $N$ ; we need to prove

\begin{equation*}\forall X(X\gt a \land {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)\to {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N+\overline 1)).\end{equation*}

Assume $X\gt a \land {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)$ . From the second conjunctive term,

\begin{equation*} p(X)\land \exists U(X\lt U\land {\mathit{Start}}^{X;}_{p(X)}(U,N)) \end{equation*}

by $D_0$ . Take $U$ such that $X\lt U$ and ${\mathit{Start}}^{X;}_{p(X)}(U,N)$ . Then $U\gt a$ , so that by the induction hypothesis, ${\mathit{Start}}^{X;}_{p(X)\land X\neq a}(U,N)$ . Since $p(X)$ , $X\neq a$ , and $X\lt U$ ,

\begin{equation*}{\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N+\overline 1))\end{equation*}

follows by $D_0$ .

Proof of (25). We need to show that for all positive $N$ ,

(31) \begin{equation} \forall X(X\neq a\land {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)\to {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N)). \end{equation}

To prove this formula for $N$ equal to $\overline 1$ , assume that $X\neq a\land {\mathit{Start}}^{X;}_{p(X)}(X,\overline 2)$ . By (15), the second conjunctive term implies $p(X)$ ; ${\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,\overline 1)$ follows by $D_0$ . Now assume (31) for a positive $N$ ; we need to prove

(32) \begin{equation} \forall X(X\neq a\land {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 2)\to {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N+\overline 1)). \end{equation}

Assume $X\neq a\land {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 2)$ . From the second conjunctive term we conclude by $D_0$ that $p(X)$ and, for some $U$ ,

(33) \begin{equation} U\gt X\land {\mathit{Start}}^{X;}_{p(X)}(U,N+\overline 1). \end{equation}

We proceed by cases.

Case 1: $U=a$ , so that ${\mathit{Start}}^{X;}_{p(X)}(a,N+\overline 1)$ . By $D_0$ , it follows that for some $V$ , $V\gt a\land {\mathit{Start}}^{X;}_{p(X)}(V,N)$ . Then, by (24), ${\mathit{Start}}^{X;}_{p(X)\land X\neq a}(V,N)$ . On the other hand, $p(X)\land X\neq a$ and $V\gt a=U\gt X$ ; the consequent of (32) follows by $D_0$ .

Case 2: $U\neq a$ . By the induction hypothesis, from the second conjunctive term of (33) we conclude that ${\mathit{Start}}^{X;}_{p(X)\land X\neq a}(U,N)$ . Since $U\gt X$ and $p(X)\land X\neq a$ , the consequent of (32) follows by $D_0$ .

Proof of (26). We need to show that for all positive $N$ ,

(34) \begin{equation} \forall X(X\lt a \land p(a)\land {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N)\to {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 1)). \end{equation}

To prove this formula for $N$ equal to $\overline 1$ , assume that

\begin{equation*}X\lt a\land p(a)\land {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,\overline 1).\end{equation*}

By $D_0$ , the second conjunctive term implies ${\mathit{Start}}^{X;}_{p(X)}(a,\overline 1)$ , and the third term implies $p(X)$ . Hence,

\begin{equation*}p(X)\land \exists U(X\lt U \land {\mathit{Start}}^{X;}_{p(X)}(U,\overline 1))\end{equation*}

(take $U$ to be $a$ ). By $D_0$ , it follows that ${\mathit{Start}}^{X;}_{p(X)}(X,\overline 2)$ . Now assume (34) for a positive $N$ ; we need to prove

\begin{equation*}\forall X(X\lt a\land p(a)\land {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N+\overline 1)\to {\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 2)).\end{equation*}

Assume $X\lt a\land p(a)\land {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(X,N+\overline 1)$ . From the last conjunctive term, we conclude by $D_0$ that $p(X)$ , and there exists $U$ such that

(35) \begin{equation} X\lt U\land {\mathit{Start}}^{X;}_{p(X)\land X\neq a}(U,N). \end{equation}

From the second conjunctive term of (35), by (15), $p(U)$ and $U\neq a$ . We proceed by cases.

Case 1: $U\lt a$ . By the induction hypothesis, ${\mathit{Start}}^{X;}_{p(X)}(U,N+\overline 1)$ . Since $p(X)$ and $X\lt U$ , we can conclude by $D_0$ that ${\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 2)$ .

Case 2: $U\gt a$ . By (14), the second conjunctive term of (35) implies ${\mathit{Start}}^{X;}_{p(X)}(U,N)$ . Since $p(a)$ and $a\lt U$ , ${\mathit{Start}}^{X;}_{p(X)}(a,N+\overline 1)$ follows by $D_0$ . Then, since $p(X)$ and $X\lt a$ , ${\mathit{Start}}^{X;}_{p(X)}(X,N+\overline 2)$ follows in a similar way.

5 Comparison with the original formalization

The deductive system from the previous paper on mgc programs (Lifschitz 2022) operates with formulas over the signature $\sigma _1$ (that is, $\sigma _2$ without $\mathit{Start}$ predicates). Its definition uses the following notation. If $r$ is a precomputed term, $\textbf {X}$ is a tuple of distinct general variables, and $F$ is a formula over $\sigma _0$ , then the expression $\exists _{\geq r}\textbf {X} F$ stands for

Here $\textbf {X}_1,\ldots ,\textbf {X}_n$ are disjoint tuples of distinct general variables that do not occur in $F$ . The symbols $\top$ and $\bot$ denote the logical constants true, false. The equality between tuples $X_1,X_2,\ldots$ and $Y_1,Y_2,\ldots$ is understood as the conjunction $X_1=Y_1\land X_2=Y_2\land \cdots$ . The three cases in this definition cover all precomputed terms $r$ , because the set of numerals is contiguous (Section 2.1). Similarly, $\exists _{\leq r}\textbf {X} F$ stands for

By $\mathit{Defs}$ we denote the set of all sentences of the forms

(36) \begin{equation} \forall \textbf {V} \left ({\mathit{Atleast}}^{\textbf {X};\textbf {V}}_F(\textbf {V},r)\leftrightarrow \exists _{\geq r} \textbf {X} F\right ) \end{equation}

and

(37) \begin{equation} \forall \textbf {V} \left ({\mathit{Atmost}}^{\textbf {X};\textbf {V}}_F(\textbf {V},r)\leftrightarrow \exists _{\leq r}\textbf {X} F\right ). \end{equation}

These formulas are similar to the axioms $D_1$ of $\mathit{HT}_{\!\!\#}$ (Section 3.1) in the sense that both $\mathit{Defs}$ and $D_1$ can be viewed as definitions of $\mathit{Atleast}$ and $\mathit{Atmost}$ . But each formula in $\mathit{Defs}$ refers to a specific value $r$ of the last argument of $\mathit{Atleast}$ , $\mathit{Atmost}$ , whereas the last argument of $\mathit{Atleast}$ , $\mathit{Atmost}$ in $D_1$ is a variable. This difference explains why $\mathit{HT}_{\!\!\#}$ may be a better tool for proving strong equivalence than deductive systems with the axioms $\mathit{Defs}$ .

Theorem 2. The formulas $\mathit{Defs}$ are provable in $\mathit{HT}_{\!\!\#}$ .

The proof of this theorem can be found in Appendix B.2 (page 37). The formulas $\mathit{Defs}$ are the only axioms of the deductive system from the previous publication (Lifschitz 2022) that are not included in $\mathit{HT}_{\!\!\#}$ . So the theorem above shows that all formulas provable in that system are provable in $\mathit{HT}_{\!\!\#}$ as well.

6 Deductive system ${\mathit{HT}'_{\!\!\#}}$

In this section, we show that combining $\tau ^*$ with an additional syntactic transformation $\gamma$ allows us to replace $\mathit{HT}_{\!\!\#}$ by a classical first-order theory.

The signature $\sigma '_2$ is obtained from the signature $\sigma _2$ (Section 3.1) by adding, for every predicate symbol $p$ other than comparison symbols (1), a new predicate symbol $p'$ of the same arity. The formula $\forall \textbf {X}(p(\textbf {X})\to p'(\textbf {X}))$ , where $\textbf {X}$ is a tuple of distinct general variables, is denoted by ${{\mathcal{A}}}(p)$ . The set of all formulas ${{\mathcal{A}}}(p)$ is denoted by ${\mathcal{A}}$ .

For any formula $F$ over the signature $\sigma _2$ , by $F'$ we denote the formula over $\sigma '_2$ obtained from $F$ by replacing every occurrence of every predicate symbol $p$ other than comparison symbols by $p'$ . The translation $\gamma$ , which relates the logic of here-and-there to classical logic, maps formulas over $\sigma _2$ to formulas over $\sigma '_2$ . It is defined recursively:

• • $\gamma F=F$ if $F$ is atomic,

• • $\gamma (\neg F)=\neg F'$ ,

• • $\gamma (F\land G)=\gamma F \land \gamma G$ ,

• • $\gamma (F\lor G)=\gamma F \lor \gamma G$ ,

• • $\gamma (F\to G)=(\gamma F \to \gamma G)\land (F'\to G')$ ,

• • $\gamma (\forall X\,F)=\forall X\,\gamma F$ ,

• • $\gamma (\exists X\,F)=\exists X\,\gamma F$ .

To apply $\gamma$ to a set of formulas means to apply $\gamma$ to each of its members.

By ${\mathit{HT}'_{\!\!\#}}$ , we denote the classical first-order theory over the signature $\sigma _2'$ with the axioms ${\mathcal{A}}$ , $\gamma ({\mathit{Ind}})$ , $\mathit{Std}$ , $\gamma D_0$ , and $\gamma D_1$ .

Theorem 3. A sentence $F\leftrightarrow G$ over signature $\sigma _2$ is provable in $\mathit{HT}_{\!\!\#}$ iff $\gamma F \leftrightarrow \gamma G$ is provable in ${\mathit{HT}'_{\!\!\#}}$ .

The proof of this theorem can be found in Appendix B.4 (page 47).

Corollary 1. A sentence $F$ over the signature $\sigma _2$ is provable in $\mathit{HT}_{\!\!\#}$ iff $\gamma F$ is provable in ${\mathit{HT}'_{\!\!\#}}$ .

Proof. In Theorem 3, take $G$ to be $\top$ .

From Theorems 1 and 3, we conclude that mgc programs $\Pi _1$ and $\Pi _2$ are strongly equivalent if the formula $\gamma \tau ^*\Pi _1\leftrightarrow \gamma \tau ^*\Pi _2$ is provable in ${\mathit{HT}'_{\!\!\#}}$ .

7 Deductive system ${\mathit{HT}^{\omega}_{\!\!\#}}$

In case of the language mini-gringo, using inference rules with infinitely many premises allows us to define a deductive system that satisfies not only condition (5) but also its converse: programs $\Pi _1$ , $\Pi _2$ are strongly equivalent if and only if $\tau ^*\Pi _1$ and $\tau ^*\Pi _2$ can be derived from each other (Fandinno and Lifschitz 2023a, Theorem 6). In this section we define a deductive system with the same property for the language mgc. This system, like the deductive system from the previous publication on mgc (Lifschitz 2022), does not require extending the signature $\sigma _1$ .

The system ${\mathit{HT}^{\omega}_{\!\!\#}}$ is an extension of first-order intuitionistic logic formalized as the natural deduction system Int (Fandinno and Lifschitz 2023a, Section 5.1) for the signature $\sigma _1$ . Its derivable objects are sequents – expressions $\Gamma \Rightarrow F$ , where $\Gamma$ is a finite set of formulas over $\sigma _1$ (“assumptions”), and $F$ is a formula over $\sigma _1$ . A sequent of the form $\Rightarrow F$ is identified with the formula $F$ . The system ${\mathit{HT}^{\omega}_{\!\!\#}}$ is obtained from Int by adding

• • axiom schemas (6) and (7) for all formulas $F$ , $G$ , $H$ over $\sigma _1$ ,

• • axioms $\mathit{Std}$ and $\mathit{Defs}$ , and

• • the $\omega$ -rules

  (38) \begin{gather} \frac {\Gamma \Rightarrow F^X_t \hbox{ for all precomputed terms}\,t} {\Gamma \Rightarrow \forall X\,F}, \end{gather}
  where $X$ is a general variable, and
  (39) \begin{gather} \frac {\Gamma \Rightarrow F^N_{\overline n} \hbox{ for all integers}\,n} {\Gamma \Rightarrow \forall N\,F}, \end{gather}
  where $N$ is an integer variable.

Induction axioms are not on this list, but the instances of the induction schema $\mathit{Ind}$ for all formulas $F$ over $\sigma _1$ are provable in ${\mathit{HT}^{\omega}_{\!\!\#}}$ . Indeed, we can prove in ${\mathit{HT}^{\omega}_{\!\!\#}}$ the sequents

\begin{equation*} F^N_{\overline 0}\land \forall N\left (N\geq \overline 0 \land F \to F^N_{N+\overline 1}\right ) \Rightarrow \overline n\geq \overline 0 \to F \end{equation*}

for all integers $n$ ; then $\mathit{Ind}$ can be derived by the second $\omega$ -rule followed by implication introduction.

Theorem 4. For any mgc programs $\Pi _1$ and $\Pi _2$ , the formula $\tau ^*\Pi _1\leftrightarrow \tau ^*\Pi _2$ is provable in ${\mathit{HT}^{\omega}_{\!\!\#}}$ iff $\Pi _1$ and $\Pi _2$ are strongly equivalent.

The proof of this theorem can be found in Appendix B.7 (page 55). The system ${\mathit{HT}^{\omega}_{\!\!\#}}$ is not an extension of $\mathit{HT}_{\!\!\#}$ , because its axioms say nothing about the predicate symbols ${\mathit{Start}}^{\textbf {X};\textbf {V}}_F$ . But all theorems of $\mathit{HT}_{\!\!\#}$ that do not contain these symbols are provable in ${\mathit{HT}^{\omega}_{\!\!\#}}$ :

Theorem 5. Every sentence over the signature $\sigma _1$ provable in $\mathit{HT}_{\!\!\#}$ is provable in ${\mathit{HT}^{\omega}_{\!\!\#}}$ .

The proof of this theorem can be found in Appendix B.8 (page 57).

In order to illustrate how ${\mathit{HT}^{\omega}_{\!\!\#}}$ can be used to prove strong equivalence without using the $\mathit{Start}$ predicates, consider the two programs from the introduction. As discussed in Section 4, the strong equivalence of these two programs will be verified if we can prove formula (23), which is equivalent to the conjunction of formulas

(40) \begin{align} \forall N( p(a) \wedge {\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N)\to {\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1)),\end{align}

(41) \begin{align} \forall N( p(a) \wedge {\mathit{Atleast}}^{X;}_{p(X)}(N+\overline 1) \to {\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(N))\end{align}

We can prove (40) using the $\omega$ -rule (39) with infinitely many premises of the form

(42) \begin{gather} p(a) \wedge {\mathit{Atleast}}^{X;}_{p(X)\land X\neq a}(\overline n)\to {\mathit{Atleast}}^{X;}_{p(X)}(\overline n +\overline 1), \end{gather}

one for each integer $n$ . Each of these formulas can be proved in ${\mathit{HT}^{\omega}_{\!\!\#}}$ , without using the $\omega$ -rule. Note that, by (36), the antecedent of (42) entails

\begin{align*} p(a) \wedge \exists X_1\cdots X_n\left (\, p(X_1) \wedge X_1 \neq a \land \dotsc \land p(X_n) \wedge X_n \neq a \land \bigwedge _{i\lt j}\neg (X_i=X_j) \right ) \end{align*}

which entails the consequent of (42). The proof uses the introduction of the existential quantifier rule, introducing the variable $X_{n+1}$ in place of the object constant $a$ , and equivalence (36) again, now with $n+1$ variables $X_1,\dotsc ,X_{n+1}$ . We can similarly prove (41) using the $\omega$ -rule (39) with infinitely many premises obtained by replacing in (41) variable $N$ by numeral $\overline n$ for each integer $n$ .

8 Conclusion

In this paper, we argue that strong equivalence of two programs with counting can be established, in many cases, by proving the equivalence of the corresponding first-order sentences in the deductive system $\mathit{HT}_{\!\!\#}$ . We do not know whether $\mathit{HT}_{\!\!\#}$ is complete for strong equivalence, that is to say, if $\tau ^*\Pi _1\leftrightarrow \tau ^*\Pi _2$ is provable in $\mathit{HT}_{\!\!\#}$ for all pairs $\Pi _1$ , $\Pi _2$ of strongly equivalent mgc programs. But the deductive system ${\mathit{HT}^{\omega}_{\!\!\#}}$ , which contains infinitary rules, is complete in this sense.

Sentences $F_1$ and $F_2$ are equivalent in $\mathit{HT}_{\!\!\#}$ if and only if the sentences $\gamma F_1$ and $\gamma F_2$ are equivalent in the classical first-order theory ${\mathit{HT}'_{\!\!\#}}$ . This fact suggests that it may be possible to use theorem provers for classical theories, such as vampire (Kovaćs and Voronkov 2013), to verify strong equivalence of mgc programs. Extending the proof assistant anthem (Fandinno et al. 2020; Heuer 2020) in this direction is a topic for future work.

A translation similar to $\tau ^*$ is used in anthem to verify another kind of equivalence of mini-gringo programs – equivalence with respect to a user guide (Fandinno et al. 2023; Hansen 2023). We plan to extend work on user guides to programs with counting.

Finally, we would like to investigate the possibility of extending the deductive systems described in this paper to counting aggregates with comparison symbols other that $\geq$ and $\leq$ and to aggregates other than counting (Fandinno and Hansen 2025).