cs 245 - additional notescs245/instructor...cs 245 - additional notes semantics of propositional...

CS 245 - Additional Notes


Collin Roberts

December 12, 2016

1/383


Introduction

Slide 11

• Solution to example 1:• Let c stand for “She is clever”.• Let h stand for “She is hard-working”.• Then we get (c ∧ h).

• Solution to example 4:• Let s stand for “He studies hard”.• Let f stand for “He will fail”.• Then we get ((¬s)→ f ).

Introduction Slide 11 2/383


Introduction

Slide 12

• Solution to example 1:• Let r stand for “It rains”.• Let h stand for “He will be at home”.• Let m stand for “He will go to the market”.• Let s stand for “He will go to the school”.• Then we get ((r → h) ∧ ((¬r)→ (m ∨ s))).



Introduction

Slide 13

• Q: Why can “This sentence is false” not be a proposition?

• A: The sentence cannot be true and it cannot be false.• If the sentence is true, then the sentence is false.• If the sentence is false, then the sentence is true.



Syntax of Propositional Logic

Slide 18

• In CS 245, all expressions have finitely many symbols, so thatthe length of an expression is well-defined.

• The length of the given expression is 9.

• We use the absolute value bars to denote the length of a string,e.g. |α| denotes the length of the string α.

• The given expression is not a formula. We will see why, soon.

Syntax of Propositional Logic Slide 18 5/383



Slide 21

• From now on, by default a ? symbol means an arbitrary binaryconnective symbol, i.e. one of {∧,∨,→,↔}.




Slide 22

• Suppose that P = {p, q, r , s}.• At this point, we are only concerned with the construction of the

formula, not with evaluating whether it is true or not.

• We will discuss truth tables for formulæ soon.




Slide 23

• Another name for an atom is an atomic formula.

• We read the negation (¬α) as “not α”.

• We read the conjunction (α ∧ β) as “α and β” .

• We read the disjunction (α ∨ β) as “α or β”.

• We read the implication (α→ β) as “α implies β”.

• We read the equivalence (α↔ β) as “α if and only if β”.

• See also slide 27.



Semantics of Propositional Logic

Slide 26

• The valuation is denoted by t.

• In function notation, letting P denote the set of propositionalvariables, we have

t : P → {F, T}

• Remark: We can assign any truth value to any variable,regardless of whether the corresponding statement is actuallytrue or false. For a given variable, we might not know which isthe correct choice at first. We want to be free to analyze thegiven formula with any assignment of F or T to any variable.

Semantics of Propositional Logic Slide 26 9/383



Slide 26

Examples:

1. Let P = {p, q}.1 Then define

t1 : P → {F, T}p 7→ F

q 7→ T

2 A different valuation on the same P is

t2 : P → {F, T}p 7→ T

q 7→ F

For this P , there are 2|P| = 22 = 4 possible valuations in total.It is an exercise to write down the remaining two.




Slide 26

1. (Fancier) Let P = {p1, . . . , pn}, for some n ≥ 1. Then define

t : P → {F, T}

pi 7→{

F if i ≡ 0 mod 2T if i ≡ 1 mod 2

2. Let p represent the statement “The earth revolves around thesun.” Let q represent the statement “Canada is part of SouthAmerica.” Q: Is the following a legal valuation?

t2 : P → {F, T}p 7→ F

q 7→ T

A: Yes. Propositional variables have no intrinsic meaning.




Slide 27

• Add parentheses to make the formulæ on this slide well-formed.




Slides 30 & 31

• We will talk later about the equivalence of the truth of formulæ .

• For example, the formula

(¬(a ∧ b))

has the same truth table as the formula

((¬a) ∨ (¬b)),

but these are different formulæ.

Semantics of Propositional Logic Slides 30 & 31 13/383



Slide 40

• The definition of Q(k) makes the hypothesis for stronginduction simply Q(k) itself.




Slide 42

• A parse tree for a formula represents the formation sequence as a tree withits root at the top, and each internal node corresponding with anapplication of one of the formation rules.

• For example, this is a parse tree for the formula α = ((p ∧ (¬q))→ r):

→

∧ r

p ¬

q

• This parse tree has height 4.• See also p34 of the text.




Slide 43

• Let R be a property that a formula can have.

•...

• Then R(ϕ) for every formula ϕ.




Slide 44

I suggest this notational change, to avoid confusion between themain formula and the sub-formulæ.

• Let ϕ be an arbitrary formula.

• Then the proof is by structural induction on ϕ.




Slide 45

• “Without loss of generality” clearly applies to all the binaryconnectives.

• We prove the result for negations of the form ϕ = (¬α) too.

op ((¬α)) = 1 + op(α) (inspection)

= 1 + cl(α) (induction hypothesis: R(α))

= cl ((¬α)) (inspection)




Slide 46

• The proof that follows does not use the template for structuralinduction, but instead uses strong induction on the number ofbinary connective symbols in our formula ϕ.




Slides 48 and 49

• We make being non-empty part of the definition of a prefix.

• I state the assumption of being non-empty again in my definitionof Property B . This is redundant, but I hope it makes thedefinition of B as clear as possible.

• Example: “hou” is a (non-empty) proper prefix of “house’.

Semantics of Propositional Logic Slides 48 and 49 20/383



Slides 48 and 49

Theorem (Unique Readability) 3.1

Every formula is of exactly one of an atom, (¬α),(α ∧ β), (α ∨ β), (α→ β), or (α↔ β); and in each case it is ofthat form in exactly one way.




Slides 48 and 49

Proof. Let ϕ be an arbitrary formula.

We prove that, for any natural number n, every formula ϕ containingat most n binary connective symbols satisfies all three of thefollowing properties.

A: The first symbol of ϕ is either ‘(’ or a variable.

B: ϕ has an equal number of ‘(’ and ‘)’, andeach non-empty proper prefix of ϕ has more ‘(’ than ‘)’.

C: ϕ has a unique construction as a formula.

Then the desired conclusion will be a consequence of ϕ havingproperty C .

As above, the proof is by induction on the number of binaryconnective symbols in ϕ.




Slides 48 and 49

Base (k = 0 binary connective symbols): We prove the base case byinduction on the number of unary connective symbols, i.e. on thenumber of ¬ symbols in ϕ.

• Base (0 ¬ symbols ) : The only possibility is that ϕ = p, forsome propositional variable p. Then ϕ clearly has propertiesA,B and C .

• Induction (> 0 ¬ symbols ) : We may write ϕ = (¬α), for someformula α. The induction hypothesis applies to α, so α hasproperties A,B and C .• It is clear that ϕ = (¬α) has property A.• It is clear that ϕ = (¬α) has property B, because α does.• It is clear that ϕ = (¬α) has property C , because α does.




Slides 48 and 49

Induction (k > 0 binary connective symbols): There are two cases toconsider, depending on the last connective used to construct ϕ.

In the first case, we may write ϕ = (α ? β), for some formulæ α, βand some binary connective symbol ?. The induction hypothesisapplies to α and β.

• It is clear that ϕ has property A.• It is also clear that ϕ has property B , because α and β do.• For property C , we must show that

If ϕ = (α′ ?′ β′) for formulæ α′ and β′ and binary connectivesymbol ?′, then α′ = α, ?′ = ? and β′ = β.

If α′ has the same length as α, then they must be the samestring (as both start at the second symbol of ϕ).• Then we must also have ?′ = ?, as each is one symbol long.• Finally this implies β′ = β, completing the argument.• So we must prove |α′| = |α|, i.e. the strings have equal lengths.




Slides 48 and 49

Explanation of the Connection Between α and α′:

• In the past, some students have been confused about why itholds that either α = α′, α is a proper prefix of α′ or vice versa.

• The key fact to remember here is that both α and α′ arose froma choice of how to decompose the given formula ϕ. In detail,

(α ? β) = ϕ = (α′ ?′ β′).

• Because we actually mean equality of formulæ (i.e.symbol-by-symbol equality of the expressions constituting theformulæ ) here, we now see that the above fact about α and α′

must hold.




Slides 48 and 49

• For a contradiction, assume that either α′ is a proper prefix of αor α is a proper prefix of α′.

• But then since α and α′ are formulæ with at most kconnectives, the inductive hypothesis applies to them. Inparticular, each has property B .

• Since α and α′ are formulæ therefore α and α′ have a balancednumber of ‘(’ and ‘)’ characters, by property B .

• But if α is a proper prefix of α′, then α has more ‘(’ than ‘)’characters, also by property B . This is a contradiction.

• We reach a similar contradiction if we assume that α′ is a properprefix of α. Thus neither α nor α′ can be a proper prefix of theother.

• Thus ϕ has a unique derivation, as required by property C .




Slides 48 and 49

In the second case, we may write ϕ = (¬α), for some formula α.

• As explained earlier, if α has properties A, B and C, then so doesϕ.

• Note that the number of binary connectives in ϕ and in α areequal.

• So without loss of generality we may continue the proof byreplacing the original ϕ with the α that arises at this point.

• Since there are more than 0 binary connectives in ϕ, thereforeafter finitely many steps, we will be back in the first case above.

• So we are finished.

�



Working with Formulas

Slide 54

• Remark: Every line of the truth table corresponds with adifferent choice of the valuation, t.

Working with Formulas Slide 54 28/383



Deleted Slide

Proposition 4.1

For any formula ϕ and any truth valuation t, ϕt ∈ {F, T}.

Proof. The proof is by structural induction on ϕ. Let P denote ourset of propositional variables.

Base (ϕ = p, for some atom p ∈ P): Then by the definition of atruth valuation t, pt ∈ {F, T}. So the base case holds.

Working with Formulas Deleted Slide 29/383



Deleted Slide

Induction: As we are not in the base case, we have the followingpossibilities for ϕ.

• ϕ = (¬α), for some formula α satisfying αt ∈ {F, T}: Then bydefinition,• If αt = F then ϕt = T, and• If αt = T then ϕt = F.

In either case, ϕt ∈ {F, T}.• ϕ = (α→ β), for some formulæ α, β

satisfying αt ∈ {F, T} and βt ∈ {F, T}: Then by definition,

• If αt = F or βt = T then ϕt = T, and• ϕt = F otherwise.

In either case, ϕt ∈ {F, T}.




Deleted Slide

• ϕ = (α↔ β), for some formulæ α, βsatisfying αt ∈ {F, T} and βt ∈ {F, T}: Then the proof is similarto the previous case.

• ϕ = (α ∧ β), for some formulæ α, βsatisfying αt ∈ {F, T} and βt ∈ {F, T}: Then the proof is similarto the previous case.

• ϕ = (α ∨ β), for some formulæ α, βsatisfying αt ∈ {F, T} and βt ∈ {F, T}: Then the proof is similarto the previous case.

�




Slide 55

• Exercise: Putting in parentheses to make the given expression intoa well-formed formula gives

((p → (¬q))→ (q ∨ (¬p))) .

Solution: The required truth table is

p q (p → (¬q)) (q ∨ (¬p)) ((p → (¬q))→ (q ∨ (¬p)))F F T T TF T T T TT F T F FT T F T T




Slide 56 & 57

• The valuation p = q = r = s = T witnesses that the set

{((p → q) ∨ r), ((p ∨ q) ∨ s)}

of formulæ is satisfiable.

• Note that, using the earlier technique of valuation trees, we canobserve that any valuation setting q = T will satisfy the givenset.

Working with Formulas Slide 56 & 57 33/383



Slide 56 & 57

• Another name for a tautology is a valid formula.

• A simple example of a tautology is (p ∨ (¬p)), for somepropositional variable p.




Slide 56 & 57

Example: Is the formula ((((p ∧ q)→ r) ∧ (p → q))→ (p → r)) atautology?

Solution: The required truth tables are

p q r (p ∧ q) ((p ∧ q)→ r) (p → q)F F F F T TF F T F T TF T F F T TF T T F T TT F F F T FT F T F T FT T F T F TT T T T T T




Slide 56 & 57

(((p ∧ q)→ r) ∧ (p → q)) (p → r) ((((p ∧ q)→ r) ∧ (p → q))→ (p → r))T T TT T TT T TT T TF F TF T TF F TT T T

So yes, the given formula is a tautology.




Slide 56 & 57

Proposition 4.2

Let ϕ be unsatisfiable. Then (¬ϕ) is a tautology.

Proof. Let t be any valuation. Using our rules for valuations, wehave

(¬ϕ)t =

{F if ϕt = T

T if ϕt = F=︸︷︷︸

ϕ is unsatisfiable

T,

which shows that (¬ϕ) is a tautology. �




Slide 56 & 57

Proposition 4.3

Let ϕ be a tautology. Then (¬ϕ) is unsatisfiable.

Proof. Exercise. �




Slide 59

• Here is a diagram of a valuation tree for the set P = {p, q, r} ofpropositional variables in the given example.

pF T

qF T

qF T

rF T

rF T

rF T

rF T




Slide 61

Substitution

Substitution is needed to carefully prove the equivalence of formulæ .A more robust definition of substitution will be needed later, forpredicate logic.

Definition. Let p be a propositional variable. Let ϕ, ψ be anyformulæ . Then ϕ[ψ/p] denotes the formula obtained by replacingall copies of p in ϕ with ψ.

Example. If ϕ = (p ∧ q), ψ = (r ∧ s), then

ϕ[ψ/p] = ((r ∧ s) ∧ q).




Slide 61

Substitution LemmaSubtitution Lemma 4.4

Let p be a propositional variable. Let ϕ be a tautology. Let ψ be anyformula. Then ϕ[ψ/p] is a tautology.

Proof. Let t be any valuation. We need to show that ϕ[ψ/p]t = T.let t ′ be the valuation

t ′ : P → {F, T}p 7→ ψt

q 7→ t(q), for all q 6= p

Thenϕ[ψ/p]t = ϕt′ = T,

since ϕ is a tautology. This completes the proof that ϕ[ψ/p] is atautology. �




Slide 61

Substitution Lemma (Variation)

Lemma. Let p be a propositional variable. Let ϕ be an unsatisfiableformula. Let ψ be any formula. Then ϕ[ψ/p] is an unsatisfiableformula.

Proof. Let t be any valuation. We need to show that ϕ[ψ/p]t = F.let t ′ be the valuation

t ′ : P → {F, T}: p 7→ ψt

: q 7→ t(q), for all q 6= p

Thenϕ[ψ/p]t = ϕt′ = F,

since ϕ is an unsatisfiable formula. This completes the proof thatϕ[ψ/p] is an unsatisfiable formula. �




Slide 61

Equivalent is Equivalent

Equivalent formulas are equivalent in any context.

Theorem. Let p be a propositional variable. Let ϕ, α, β be anyformulæ . If α↔ β is a tautology, then ϕ[α/p]↔ ϕ[β/p] is atautology.




Slide 61


Proof. Let ϕ be any formula. Assume that α↔ β is a tautology. Inother words, for any valuation t, we have αt = βt .

Let t be any valuation. We will prove by structural induction on ϕthat ϕ[α/p]t = ϕ[β/p]t .

Base (ϕ is atomic): We have two sub-cases:

1. If ϕ = p, then ϕ[α/p] = α and ϕ[β/p] = β. Therefore

ϕ[α/p]t = αt = βt = ϕ[β/p]t ,

as required.

2. If ϕ = q, for some q 6= p, then ϕ[α/p] = q = ϕ[β/p], so theresult holds trivially.




Slide 61


Induction: We have two sub-cases:

• If ϕ = (¬ψ) for some ψ, then ϕ[α/p] = (¬ψ)[α/p] andϕ[β/p] = (¬ψ)[β/p]. Therefore by induction it follows that

ϕ[α/p]t

= (¬ψ)[α/p]t

=︸︷︷︸induction

(¬ψ)[β/p]t

= ϕ[β/p]t ,

as required.




Slide 61


• If ϕ = (ψ ? η), for some ψ, η and some binary connective ?, thenϕ[α/p] = (ψ ? η)[α/p] and ϕ[β/p] = (ψ ? η)[β/p]. Therefore byinduction it follows that

ϕ[α/p]t

= (ψ ? η)[α/p]t

=︸︷︷︸induction

(ψ ? η)[β/p]t

= ϕ[β/p]t ,

as required.

�Working with Formulas Slide 61 46/383



Slide 62

• Verification that ((p ∧ q) ∧ r) ≡ (p ∧ (q ∧ r)):

p q r (p ∧ q) ((p ∧ q) ∧ r) (q ∧ r) (p ∧ (q ∧ r))F F F F F F FF F T F F F FF T F F F F FF T T F F T FT F F F F F FT F T F F F FT T F T F F FT T T T T T T




Slide 62

• Verification that ((p → q)→ r) 6≡ (p → (q → r)):

p q r (p → q) ((p → q)→ r) (q → r) (p → (q → r))F F F T F T TF F T T T T TF T F T F F TF T T T T T TT F F F T T TT F T F T T TT T F T F F FT T T T T T T




Slide 64

Prove or disprove each of the following (from Lecture Slides).

• ((p ∧ q) ∨ (q ∧ r)) ≡ (q ∧ (p ∨ r))Solution: We showed in class that ≡ is an equivalence relation,i.e. it is reflexive, symmetric and transitive. We compute

(q ∧ (p ∨ r))≡ (q ∧ p) ∨ (q ∧ r) distributivity≡ ((p ∧ q) ∨ (q ∧ r)) commutativity of ∧

and so by the symmetry of ≡, we have proved((p ∧ q) ∨ (q ∧ r)) ≡ (q ∧ (p ∨ r)).




Slide 64

• ((p ∨ r) ∧ (q ∨ s)) ≡ (((p ∧ q) ∨ (p ∧ s)) ∨ ((r ∧ q) ∨ (r ∧s)))Solution:

((p ∨ r) ∧ (q ∨ s))≡ (((p ∨ r) ∧ q) ∨ ((p ∨ r) ∧ s)) distributivity≡ ((q ∧ (p ∨ r)) ∨ (s ∧ (p ∨ r))) commutativity≡ (((q ∧ p) ∨ (q ∧ r)) ∨ ((s ∧ p) ∨ (s ∧ r))) distributivity≡ (((p ∧ q) ∨ (r ∧ q)) ∨ ((p ∧ s) ∨ (r ∧ s))) commutativity≡ (((p ∧ q) ∨ (p ∧ s)) ∨ ((r ∧ q) ∨ (r ∧ s))) commutativity




Slide 64

• (p ∨ (p ∧ q)) ≡ p (without using Simplification II)Solution:

(p ∨ (p ∧ q))≡ ((p ∧ T) ∨ (p ∧ q)) Simplification I≡ (p ∧ (T ∨ q)) distributivity≡ (p ∧ T) Simplification I≡ p Simplification I




Slide 64

• (¬((¬p) ∨ (¬(r ∨ s)))) ≡ ((p ∧ r) ∨ (p ∧ s))Solution:

(¬((¬p) ∨ (¬(r ∨ s))))≡ (¬(¬p)) ∧ (¬(¬(r ∨ s)))) DeMorgan≡ (p ∧ (r ∨ s)) double negation≡ ((p ∧ r) ∨ (p ∧ s)) distributivity




Slide 64

• (¬(¬(p ∧ q) ∨ p)) ≡ F

Solution:

(¬(¬(p ∧ q) ∨ p))≡ (¬(((¬p) ∨ (¬q)) ∨ p)) DeMorgan≡ (¬((¬p) ∨ ((¬q) ∨ p))) associativity≡ (¬((¬p) ∨ (p ∨ (¬q)))) commutativity≡ (¬(((¬p) ∨ p) ∨ (¬q))) associativity≡ (¬(T ∨ (¬q))) excluded middle≡ (¬T) Simplification I≡ F property of ¬




Slide 64

• p ≡ (p ∧ (q → p))Solution:

(p ∧ (q → p))≡ (p ∧ ((¬q) ∨ p)) implication≡ (p ∧ (p ∨ (¬q))) commutativity≡ p Simplification II

and so by the symmetry of ≡, we have provedp ≡ (p ∧ (q → p)).




Slide 64

• p ≡ (p ∧ ((¬((¬q) ∧ (¬p))) ∨ p))Solution:

(p ∧ ((¬((¬q) ∧ (¬p))) ∨ p))≡ (p ∧ (p ∨ (¬((¬q) ∧ (¬p))))) commutativity≡ (p ∧ (p ∨ ((¬(¬q)) ∨ (¬(¬p))))) DeMorgan≡ (p ∧ (p ∨ (q ∨ p))) double-negation≡ (p ∧ (p ∨ (p ∨ q))) commutativity≡ (p ∧ ((p ∨ p) ∨ q)) associativity≡ (p ∧ (p ∨ q)) Simplification I≡ p Simplification II

and so by the symmetry of ≡, we have provedp ≡ (p ∧ ((¬((¬q) ∧ (¬p))) ∨ p)).




Slide 64

• (p ∧ ((¬((¬q) ∧ (¬p))) ∨ p)) ≡ qSolution: This equivalence does not hold. Consider thevaluation t(p) = T, t(q) = F. Under this valuation the RHSevaluates to F and the LHS evaluates to

(T ∧ ((¬((¬F) ∧ (¬T))) ∨ T))≡ (T ∧ ((¬(T ∧ F)) ∨ T)) property of ¬≡ (T ∧ (¬F ∨ T)) property of ∧≡ (T ∧ (T ∨ T)) property of ¬≡ (T ∧ T) property of ∨≡ T property of ∧




Slide 67

• Every propositional variable involved must be set to T or F undert. Hence we can always determine Σt and ϕt .

• The definition of Σ |= ϕ says nothing about ϕt in the casewhere Σt = F.

• Do not allow Propositions 4.2 and 4.3 to create confusion aboutthe remarks on Slides 64? & 65? following the definitions.Negating a statement about a formula ϕ is not alwaysequivalent to replacing ϕ with (¬ϕ) in a statement about ϕ.




Slide 68

• Examples:

1. Verification that {(p → q), (q → r)} |= (p → r): We have thefollowing truth table:

p q r (p → q) (q → r) (p → r)

F F F T T T

F F T T T T

F T F T F T

F T T T T T

T F F F T F

T F T F T T

T T F T F F

T T T T T T




Slide 68

• 1. Proof that{((p → (¬q)) ∨ r), (q ∧ (¬r)), ((p → r) ∧ (r → p))} 6|= (p ∧ (q → r)):

Solution: We have the following truth tables.

p q r (p → (¬q)) ((p → (¬q)) ∨ r) (q ∧ (¬r)) ((p → r) ∧ (r → p))F F F T T F TF F T T T F FF T F T T T TF T T T T F FT F F T T F FT F T T T F TT T F F F T FT T T F T F T




Slide 68

• 1.

p q r (q → r) (p ∧ (q → r))

F F F T F

F F T T F

F T F F F

F T T T F

T F F T T

T F T T T

T T F F F

T T T T T




Slide 68

• 1. Verification that ϕ is a tautology if ∅ |= ϕ: Let t be any truthvaluation. We need to show that ϕt = T. As ∅ contains noformulæ we have that ∅t = T (no counterexample exists toviolate the definition). Then by the definition of |=, we havethat ϕt = T, as required.

2. The fact that ∅t = T in the preceding argument may becounterintuitive. If you claim that, instead, we should have∅t = F, then my question back to you is, “what is yourcounterexample, i.e. what formula ϕ ∈ ∅ satisfies ϕt = F?”

3. The empty set has lots of other properties which may seemcounterintuitive at first, e.g. the empty set is contained in anyset.




Slide 75

• Verification that the P1 block executes the same on left andright:

i q u ((i ∨ (¬u)) ∧ (¬(u ∧ q))) ((¬(i ∧ u ∧ q)) ∧ (¬((¬i) ∧ u)))F F F T TF F T F FF T F T TF T T F FT F F T TT F T T TT T F T TT T T F F

• The other verifications are similar.




Slide 76

• Verification that formulæ (ϕ→ η) and ((¬ϕ) ∨ η) areequivalent (same as earlier):

ϕ η (ϕ→ η) ((¬ϕ) ∨ η)F F T T

F T T T

T F F F

T T T T

• A: For any n ≥ 0, the number of n-ary connectives is: 2(2n).




Slide 77

Theorem 4.5

The set {∧,∨,¬} is an adequate set of connectives.

Proof. Fix any n > 0. Fix any function

f : {F, T}n → {F, T}.

Write the arguments to f as p1, . . . , pn. It suffices to define f interms of {∧,∨,¬}.




Slide 77

• Construct the truth table for the function f .

• For every row with output T, construct an n-ary conjunctioncontaining pi if the i th column contains T, and (¬pi ) if the i th

column contains F.

• Construct a formula ϕ as the disjunction of all the aboveconjunctions.

• By construction, ϕ has the same truth table as f , and ϕ isconstructed in terms of {∧,∨,¬}.

�




Slide 77

Theorem 4.6

Each of the sets {∧,¬}, {∨,¬} and {→,¬} is an adequate set ofconnectives.

Proof. By Theorem 4.5, it suffices to show that

1. We can define ∨ in terms of {∧,¬},1 (A1 ∨ A2) = (¬((¬A1) ∧ (¬A2)))

√

2. We can define ∧ in terms of {∨,¬}1 (A1 ∧ A2) = (¬((¬A1) ∨ (¬A2)))

√

and

3. We can define ∧ and ∨ in terms of {→,¬}.1 (A1 ∧ A2) = (¬(A1 → (¬A2)))

√

2 (A1 ∨ A2) = ((¬(A1)→ A2))√

�Working with Formulas Slide 77 66/383



Slide 77

Theorem 4.7

The set {∧,∨} is not an adequate set of connectives.

Proof. Possibly on a03 - if not, then I will add the proof to thesenotes. �




Slide 78

• Q: Is there a binary connective ∗ such that the singleton set {∗}is adequate?A: Yes. There will likely be an example for you to work out on .Otherwise, I will type up the details here.

• Q: Are there binary connectives c1, c2 and c3 such that{c1, c2, c3} is adequate, but none of {c1, c2}, {c1, c3}, or {c2, c3}is adequate? (Such a set is called a minimal adequate set.)A: Watch for the answer on future assignments. Otherwise, Iwill type up the details here.

• Q: Find all minimal adequate sets containing only binary, unaryand nullary connectives.A: Watch for the answer on future assignments. Otherwise, Iwill type up the details here.




Slide 79

Remark: Here we do not use the word “normal” to indicate any kindof value judgment about our formula. Saying a formula is in “normalform” simply means that the formula is written in a particular waywhich has “good properties”.

Definition 4.8

A formula L is a literal if it is either an atom p or the negation (¬p)of an atom.




Slide 79

Definition 4.9

A formula ϕ is in Conjunctive Normal Form (CNF) if it is aconjunction of clauses, where each clause D is a disjunction of literals:

L ::= p|(¬p)

D ::= L|(D ∨ L)

ϕ ::= D|(D ∧ ϕ)

Remarks:

1. See also Definition 1.42 in the text.




Slide 79

Examples:

1. These formulæ are in CNF.1 (((((¬q) ∨ p) ∨ r)︸︷︷︸

clause

∧ ((¬p) ∨ r)︸︷︷︸clause

) ∧ q︸︷︷︸clause

)

2 (((p ∨ r)︸︷︷︸clause

∧ ((¬p) ∨ r)︸︷︷︸clause

) ∧ (p ∨ (¬r))︸︷︷︸clause

)

2. These formulæ are not in CNF.1 (((¬(q ∨ p)) ∨ r) ∧ (q ∨ r)) (Reason: (q ∨ p) is not literal.)




Slide 80

Motivation: If a given formula is in CNF, then it is easy to checkwhether it is a tautology. (For a general formula, checking this isexponential in the number of propositional variables involved.) Thewhole CNF formula evaluates to true if and only if each clause in theconjunction evaluates to true. Each clause evaluates to true if andonly if it contains a copy of (p ∨ (¬p)) for some atom p, up tocommuting the literals in the clause (See Lemma 1.43 in the text).

Naturally, one wonders whether an arbitrary formula can betransformed into an equivalent formula in CNF. We now develop analgorithm achieving just that.




Slide 80

Definition 4.10

A formula ϕ is in Disjunctive Normal Form (DNF) if it is adisjunction of clauses, where each clause D is a conjunction of literals:

L ::= p|(¬p)

D ::= L|(D ∧ L)

ϕ ::= D|(D ∨ ϕ)




Slide 80

The propositional connectives satisfy the following “laws of Booleanalgebra”.

1. (ϕ→ η) ≡ ((¬ϕ) ∨ η)

2. ((¬ϕ)→ (¬η)) ≡ (η → ϕ)

3. (¬(¬ϕ)) ≡ ϕ

4. (¬(ϕ ∨ η)) ≡ ((¬ϕ) ∧ (¬η))

5. (¬(ϕ ∧ η)) ≡ ((¬ϕ) ∨ (¬η))

6. (ϕ ∧ η) ≡ (η ∧ ϕ)

7. (ϕ ∨ η) ≡ (η ∨ ϕ)

8. ((ϕ ∨ η) ∨ ζ) ≡ (ϕ ∨ (η ∨ ζ))

9. ((ϕ ∧ η) ∧ ζ) ≡ (ϕ ∧ (η ∧ ζ))

10. ((ϕ ∨ η) ∧ ζ) ≡ ((ϕ ∧ ζ) ∨ (η ∧ ζ))




Slide 80

11. (ϕ ∧ (η ∨ ζ)) ≡ ((ϕ ∧ η) ∨ (ϕ ∧ ζ))

12. ((ϕ ∧ η) ∨ ζ) ≡ ((ϕ ∨ ζ) ∧ (η ∨ ζ))

13. (ϕ ∨ (η ∧ ζ)) ≡ ((ϕ ∨ η) ∧ (ϕ ∨ ζ))

Rules 6 through 75 are the familiar commutative, associative anddistributive laws (imagine replacing “∨” by “+” and “∧” by “×”).

Rules 75 and 75, another form of distributivity, follow from theduality of “∨” and “∧”.

The remaining rules do not have arithmetic counterparts. Rule 1 canbe taken as a definition of →; the others are known as thecontrapositive law (Rule 2), the law of double negation (Rule 3) andDeMorgan’s Laws (Rules 4 and 5).




Slide 80

Although the rules are symmetrical (one can substitute either side ofthe equivalence with the other side), the left-to-right directionspermit conversion of any formula over the basis {¬,∧,∨,→} toeither conjunctive or disjunctive normal form. For each of thefollowing steps, apply it as often as possible, and then continue tothe next.

1. Replace every ‘→’ using Rule 1.

2. Where ‘¬’ applies to a compound formula, use Rule 3, 4, or 5(whichever applies).

3. Now apply the appropriate distributive law.1 For disjunctive normal form: whenever ‘∧’ applies to formulæ

containing ‘∨’, use Rule 10 and/or 75, as often as necessary.2 For conjunctive normal form, do the “dual” transformation:

whenever ‘∨’ applies to formulæ containing ‘∧’, use Rule 75and/or 75, as often as necessary.




Slide 80

In each case, applying a rule means to replace the left-hand side ofthe equivalence by the right-hand side.

See pp59-65 of the text for a proof that the algorithm always outputsan equivalent formula in the desired form, which depends only on theformula input.



Proof Systems in Propositional Logic

Slide 82

• A proof is 100 % syntactic, 0 % semantic.

Proof Systems in Propositional Logic Slide 82 78/383



Slide 83

• Clarify the statement“Generically, a proof consists of a list of formulas.”to“Generically, a proof consists of a sequence of formulas.”




Deleted Slide

• Add the missing parentheses to make well-formed formulæ .

• Also use set braces to denote the set of formulæ on the LHS ofthe ` symbol.

• Then rewrite the corrected version of the sentence as

{((p ∧ (¬q))→ r), (¬r), p} ` q.

Proof Systems in Propositional Logic Deleted Slide 80/383



Slide 88

• Every formula in a Resolution refutation proof is a clause.




Slide 89

• I like a more pictorial representation of a Resolution refutationproof. For the proof on this slide, the corresponding picture is

q p ((¬p) ∨ (¬q))

(¬q)

⊥




Slide 94

• In both of the final statements on the slide,• Change

“ϕ is a Theorem”To“Σ ` ϕ is a Theorem”.




Slide 95

• DeMorgan Law plus simplifying using the (¬(¬)) rule yields...




Slide 96

• I like a more pictorial representation of a Resolution refutationproof. For the proof on this slide, the corresponding picture is

p ((¬p) ∨ q) ((¬q) ∨ r) (¬r)

q

r

⊥




Soundness of Resolution: Slides 97-99

Here we re-write the proof of the Soundness of Resolution from theSlides.

1. The desired result for the Soundness of Resolution isIf Σ `Res ϕ, then Σ |= ϕ.

2. Rewriting the first part using our Resolution setup gives

If Σ ∪ {(¬ϕ)} `Res ⊥, then Σ |= ϕ.

3. Rewriting the second part using Lemma 5.1 gives

If Σ∪{(¬ϕ)} `Res ⊥, then Σ∪{(¬ϕ)} is unsatisfiable.

4. Theorem 5.3 implies 3.

Proof Systems in Propositional Logic Soundness of Resolution: Slides 97-99 86/383




Lemma 5.1

Let Σ be a set of propositional formulæ. Let ϕ be a propositionalformula. Then Σ |= ϕ if and only if Σ ∪ {(¬ϕ)} is not satisfiable.

Proof.

• For the forward direction, assume that Σ |= ϕ.• For a contradiction, suppose that Σ ∪ {(¬ϕ)} is satisfiable.• Let t be a valuation such that (Σ ∪ {(¬ϕ)})t = T.• Then Σt = T and ϕt = F.• This contradicts the fact that Σ |= ϕ.





• For the backward direction, assume that Σ ∪ {(¬ϕ)} is notsatisfiable.• For a contradiction, suppose that there exists a valuation t such

that Σt = T and ϕt = F.• Then (¬ϕ)t = T.• Then we have (Σ ∪ {(¬ϕ)})t = T.• This contradicts the fact that Σ ∪ {(¬ϕ)} is not satisfiable.

�





Proposition 5.2

Let Γ, Γ′ be sets of propositional formulæ such that Γ `Res Γ′. If Γ issatisfiable, then Γ′ is satisfiable.

Proof. The proof is by induction on the number of applications of theResolution inference rule to obtain Γ′ from Γ.

• Base (0 steps):

• Then Γ′ = Γ, so the result is clear.





• Induction (> 0 steps):

• Suppose that Γ′ is obtained from Γ′′ in one step, and Γ′′ isobtained from Γ in strictly fewer steps than Γ′ (so that theinduction hypothesis applies to Γ′′).

• By induction, Γ′′ is satisfiable.• Suppose that β ∈ Γ′ is a formula obtained from Γ′′ by the use of

one Resolution inference rule.• It remains to show that Γ′ is also satisfiable.• We will show that Γ′′ ∪ {β} is satisfiable, which implies the

desired result.• Let t be a truth valuation such that (Γ′′)t = T.• We will show that βt = T.• Let β be (γi ∨ γj ), where β was obtained by combiningβi = (γi ∨ p) and βj = ((¬p) ∨ γj ) with the Resolutioninference rule.





• We have the following cases for t(p).• If t(p) = F, then we must have (γi )

t = T (since βti = T).

Therefore βt = T.• If t(p) = T, then we must have (γj )

t = T (since βtj = T).

Therefore βt = T.

• In all cases βt = T. This finishes the induction step, and theproof.

�





Theorem (Soundness of Resolution) 5.3

Let Σ be any set of propositional formulæ. Let Σ `Res ⊥. Then Σ isunsatisfiable.

Proof. Apply the contrapositive of Proposition 5.2, with Γ = Σ andΓ′ = ⊥. �




Completeness of Resolution: Slides 100-103

Here is an explanation of why the two statements of completeness forResolution given at the bottom of Slide 100 are equivalent.

• The statement of completeness of the Resolution proof system is

If Σ |= α then Σ `Res α.

• Rewriting the second part using the setup of Resolution gives

If Σ |= α then Σ ∪ {(¬α)} `Res ⊥.

• Rewriting the first part using Lemma 5.1 gives

If Σ ∪ {(¬α)} is unsatisfiable then Σ ∪ {(¬α)} `Res ⊥.

• The contrapositive of the last statement is

If Σ ∪ {(¬α)} 6`Res ⊥ then Σ ∪ {(¬α)} is satisfiable.

• Theorem 5.4 then gives the result.Proof Systems in Propositional Logic Completeness of Resolution: Slides 100-103 93/383




Theorem (Completeness of Resolution) 5.4

Let Σ be a finite set of propositional (simplified) CNF clauses. IfΣ 6`Res ⊥ then Σ is satisfiable.

Remark: This Theorem is true even if we remove the requirementthat Σ is finite. However proving this stronger result would requiretransfinite induction, which is beyond the scope of this course.

Proof Systems in Propositional Logic Completeness of Resolution: Slides 100-103 94/383




Proof. The proof is by induction on the number of propositionalvariables in Σ.

Base (0 variables): In this case, Σ = ∅. It is clear that ∅ 6`Res ⊥, andthe desired result holds because ∅ is satisfied under any valuation.

Base (1 variable): In this case, The only possible clauses are p and(¬p). Σ cannot contain both, as this would violate the hypothesisthat Σ 6`Res ⊥. Since Σ contains at most one of p and (¬p),therefore Σ is satisfiable.





Induction (> 1 variable):

• Let p be a propositional variable that occurs in Σ.

• Partition Σ into three subsets:• Sp: The set of clauses containing exactly one copy of the literalp,

• S(¬p): The set of clauses containing exactly one copy of theliteral (¬p) and

• R: The remainder set of clauses containing exactly no copy ofthe literals p or (¬p).• Since R involves strictly fewer propositional variables than Σ,

therefore the induction hypothesis applies to R.• Hence R is satisfiable.• Let t be a valuation on all propositional variables in Σ except p,

such that R t = T.

• Because our clauses are all simplified as much as possible, everyclause in Σ will belong to exactly one of these subsets.





• We will show that there is always a way to extend the valuationt to the propositional variable p, thus creating a new valuationt ′, such that Σt′ = T, so that Σ is satisfiable.





• We have these cases, depending on the valuations of the parts ofthe clauses in Sp that are different from p.• If for every clause (α ∨ p) ∈ Sp, α

t = T, then we may set

t ′(p) = F. In this case t already satisfies all of Sp, and ourchoice of t ′(p) will also satisfy all of S(¬p). Therefore in thiscase, we have that t ′ satisfies Σ, as required.

• Otherwise there exist clauses (α ∨ p) ∈ Sp, αt = F. To satisfy

Σ, we must set t ′(p) = T. This choice will satisfy (α ∨ p). Theonly problem with this choice would be if there existed((¬p) ∨ β) ∈ S(¬p), β

t = F. It remains to explain why thiscannot happen. By one application of the Resolution inferencerule, (α ∨ β) ∈ R (since it contains no copy of p or (¬p)).Since t satisfies R, and since αt = F, therefore βt = T. Thiscompletes the argument that Σt′ = T in this case.

• This completes the induction step, and the proof.




Slide 104

• Note, this “algorithm” also requires Σ to be finite, as in theprevious Theorem.



Natural Deduction

Slide 120

• The subproof can “see outside of itself”, i.e. the subproof canaccess formulæ from the main proof.

• The main proof cannot “see inside of a subproof”, i.e. the mainproof cannot access formulæ from inside the subproof.

Natural Deduction Slide 120 100/383


Natural Deduction

Slide 123

• The conclusion ((p → q) ∨ (q → p)) suggests that we try tofinish the proof with ∨i.

• But we can see via the contrapositive of soundness that this willnot succeed because our premise of (p ∨ q) is not strong enoughto prove either of (p → q) or (q → p) on its own.• The valuation t(p) = T, t(q) = F witnesses that{(p ∨ q)} 6|= (p → q); therefore {(p ∨ q)} 6` (p → q).

• The valuation t(p) = F, t(q) = T witnesses that{(p ∨ q)} 6|= (q → p); therefore {(p ∨ q)} 6` (q → p).

• In our application of ∨e, we are taking

ϕ1 = p

ϕ2 = q

α = ((p → q) ∨ (q → p)).



Natural Deduction

Slide 124

• Can we say “provable” here, instead of “true”?



Natural Deduction

Slide 125

• Our more familiar setup for a proof by contradiction (also knownas Reductio Ad Absurdum or RAA for short) is

(¬ψ)....⊥ψ

• Anything that can be proved with RAA (a derived rule) can beproved with the basic rules ¬i and ¬¬e.

• You should convince yourself that this is true.



Natural Deduction

Slide 126

• Note that Σ = {(ϕ→ (¬ϕ))} does not satisfy Σ `⊥.

• However if we enlarge our set of premises, say by takingΣ′ = {(ϕ→ (¬ϕ)), ϕ}, then we have Σ′ `⊥ (as we can seefrom the sub-proof).



Natural Deduction

Slide 127

• Add parentheses to make the double negation into a well-formedformula: (¬(¬ϕ)).



Natural Deduction

Questions from the Class

• Q: Can we have an example of a proof where we make anassumption based on what we want to prove, but theassumption is not correct?A: Here is an incorrect proof witnessing{(p → r)} ` ((p ∨ q)→ r). Note that, by soundness, this proofcannot be correct since the valuation p = r = F, q = T makes(p → r) evaluate to T and ((p ∨ q)→ r) evaluate to F. Canyou spot the error in the proof?

1. (p → r) Premise

2. (p ∨ q) Assumption

3. p ∨e: 2

4. r →e: 1,3

5. ((p ∨ q)→ r) →i: 2–4

Natural Deduction Questions from the Class 106/383


Natural Deduction


• Q: Can we have a concrete example of the rule that if Σ `⊥,then Σ ` ϕ, for any ϕ?

A: Let

Σ = {p, (¬p)}ϕ = ((p ∨ q)→ r).

Note that Σ `⊥. Here we present a proof that witnesses Σ ` ϕ. Itshould be clear how we could modify the proof for any other choiceof ϕ.



Natural Deduction


1. p Premise

2. (¬p) Premise

3. (p ∨ q) Assumption

4. (¬r) Assumption

5. p Copy: 1

6. (¬p) Copy: 2

7. ⊥ ¬e: 5, 6

8. (¬(¬r)) ¬i: 4–7

9. r ¬¬e: 8

10. ((p ∨ q)→ r) →i: 3–9



Natural Deduction

Slide 132

• Q: Please publish sample .tex code that makes boxes forsub-proofs.A: I have posted the .tex code and the required .sty files tocompile this document.



Natural Deduction

Slide 133

• Once we have proved the soundness and completeness ofPropositional Logic, we can see that a proof exists to witnessthe given statement, as follows.

• Note that (((p → q)→ p)→ p) is a tautology, i.e.∅ |= (((p → q)→ p)→ p).

• By Theorem 6.5, therefore ∅ `ND (((p → q)→ p)→ p).

• We still need to exhibit an explicit proof. See a04.



Natural Deduction

Slide 134

• Add parentheses to make into a well-formed formula:(ϕ ∨ (¬ϕ)).



Natural Deduction

Soundness of Propositional Logic: Slides 135-142

Soundness and Completeness

As on Slide 136, our next major goal is to prove the soundness andcompleteness of Natural Deduction. These two results connectprovability (syntactic) with entailment (semantic), in both directions.

1. Soundness: If Σ `ND ϕ, then Σ |= ϕ.

2. Completeness: If Σ |= ϕ, then Σ `ND ϕ.

These proofs will both be simplest, if we can work with the smallestpossible set of Natural Deduction rules. We need to make certainthat all Natural Deduction inference rules can be derived from ourminimal set.

Natural Deduction Soundness of Propositional Logic: Slides 135-142 112/383


Natural Deduction


Minimal Inference Rules

• From now on, we write ⊥ for “falsity” (similarly to the slides).

• Base:Σ ` ϕ, Axiom if ϕ ∈ Σ.

• Induction:•

Σ ` ϕ Σ ` (ϕ→ ψ)

Σ ` ψ , → e

•Σ ∪ {ϕ} ` ψΣ ` (ϕ→ ψ), → i

•Σ ∪ {(ϕ→ ⊥)} ` ⊥

Σ ` ϕ , Reductio ad absurdum (RAA)



Natural Deduction


Deriving All Natural Deduction Rules: ∧i, ∧e

∧i:ϕ ψ

((ϕ→ (ψ → ⊥))→ ⊥)

∧e (left):

((ϕ→ (ψ → ⊥))→ ⊥)ϕ

∧e (right):

((ϕ→ (ψ → ⊥))→ ⊥)

ψ



Natural Deduction


Deriving All Natural Deduction Rules: ∧i, ∧e

• Recall that proof rules in any proof system, including NaturalDeduction, are purely syntactic.

• However, we want to make our syntactic rules agree with oursemantic intuition as much as possible.

• It is an exercise to verify that ((p → (q → ⊥))→ ⊥) has thesame truth table as (p ∧ q).

• Then by the Substitution Lemma,((ϕ→ (ψ → ⊥))→ ⊥) ≡ (ϕ ∧ ψ).

• It is another exercise to verify that these versions of the ∧i and∧e rules have the same content as the ones introduced on theslides.



Natural Deduction


Deriving All Natural Deduction Rules: ∨i, ∨e

∨i (left):ϕ

((ϕ→ ⊥)→ ψ)

∨i (right):ψ

((ϕ→ ⊥)→ ψ)

∨e:((ϕ→ ⊥)→ ψ) (ϕ→ α) (ψ → α)

α



Natural Deduction


Deriving All Natural Deduction Rules: ∨i, ∨e

• It is an exercise to verify that ((p → ⊥)→ q) has the sametruth table as (p ∨ q).

• Then by the Substitution Lemma, ((ϕ→ ⊥)→ ψ) ≡ (ϕ ∨ ψ).

• It is another exercise to verify that these versions of the ∨i and∨e rules have the same content as the ones introduced on theslides.



Natural Deduction


Deriving All Natural Deduction Rules: ¬i, ¬e

• To introduce (¬ϕ), we introduce (ϕ→ ⊥) using the →i rule.

• To eliminate (¬ϕ), we eliminate (ϕ→ ⊥) using the →e rule.



Natural Deduction


Deriving All Natural Deduction Rules: ¬i, ¬e

• It is an exercise to verify that (p → ⊥) has the same truth tableas (¬p).

• Then by the Substitution Lemma, (ϕ→ ⊥) ≡ (¬ϕ).

• It is another exercise to verify that these versions of the ¬i and¬e rules have the same content as the ones introduced on theslides.



Natural Deduction


Deriving All Natural Deduction Rules

• By now, we are convinced that all propositional formulæ can bewritten using only {→,⊥}.

• This fact is analogous to the fact that {→,¬} is an adequateset of connectives for propositional logic.

• This fact will be extremely useful when we prove Completeness.



Natural Deduction


Proof Trees

Example 1: A proof that finishes with an application of the →e rule.

(ϕ→ ψ) ϕ

ψ

→e →e



Natural Deduction


Proof Trees

Example 2: A proof that finishes with an application of the ∨e rule.

ϕ1 ϕ1

(ϕ1 ∨ ϕ2) α α

α∨e

∨e ∨e



Natural Deduction


Substitution Theorem

Substitution Theorem 6.1

If Σ ` ϕ, then (Σ ` ϕ)[ψ/p], for any propositional variable p and anyformula ψ.

Proof (Sketch).

• By structural induction on Σ ` ϕ.

• Observe that all inferences remain correct under replacement ofp by ψ in ϕ.

�



Natural Deduction


Weakening Theorem

Weakening Theorem 6.2

If Σ ` ϕ, then Σ ∪ Σ′ ` ϕ, for any Σ′.

Proof.


• Base: If Σ ` ϕ with only the Axiom, then ϕ ∈ Σ ⊆ Σ ∪ Σ′.Therefore ϕ ∈ Σ ∪ Σ′, and so, by the Axiom, Σ ∪ Σ′ ` ϕ.



Natural Deduction


Weakening Theorem

• Induction: As we are not in the base case, we have these casesfor the last inference rule used in the proof Σ ` ϕ.• →e with premises Σ ` ψ and Σ ` (ψ → ϕ): By the induction

hypothesis, Σ ∪ Σ′ ` ψ and Σ ∪ Σ′ ` (ψ → ϕ). Then by →e,we have Σ ∪ Σ′ ` ϕ.

• ϕ = (α→ β), via →i with premise Σ ∪ {α} ` β: By theinduction hypothesis, Σ ∪ Σ′ ∪ {α} ` β. Then by →i, we haveΣ ∪ Σ′ ` (α→ β).

• RAA with premise Σ ∪ {(ϕ→ ⊥)} ` ⊥: By the inductionhypothesis, Σ ∪ Σ′ ∪ {(ϕ→ ⊥)} ` ⊥. Then by RAA, we haveΣ ∪ Σ′ ` ϕ.

�



Natural Deduction


Applications of the Weakening Theorem

• This givesΣ ` ψ Σ′ ` (ψ → ϕ)

Σ ∪ Σ′ ` ϕ

• or equivalentlyΣ ` ψ Σ′ ∪ (ψ) ` ϕ

Σ ∪ Σ′ ` ϕ



Natural Deduction


Applications of the Weakening Theorem

• In general, every natural deduction Theorem T of the form

{ϕ1, . . . , ϕk} ` ψ

yields a proof rule

Σ ` ϕ1 · · · Σ ` ϕk

Σ ` ψ Theorem T



Natural Deduction

Soundness

How to Prove an Entailment

To prove an entailment Σ |= ϕ,

• let t be any valuation such that Σt = T,

• then prove that ϕt = T.

Natural Deduction Soundness 128/383


Natural Deduction

Soundness

Soundness

Theorem (Soundness) 6.3

If Σ ` ϕ, then Σ |= ϕ.

Proof.


• Base: If Σ ` ϕ with only the Axiom, then ϕ ∈ Σ. Therefore anyvaluation t such that Σt = T necessarily makes ϕt = T. Thisshows that Σ |= ϕ in the base case.



Natural Deduction

Soundness

Soundness

• Induction: As we are not in the base case, we have these casesfor the last inference rule used in the proof Σ ` ϕ.• →e with premises Σ ` ψ and Σ ` (ψ → ϕ):

• By the induction hypothesis, Σ |= ψ and Σ |= (ψ → ϕ).• Let t be any valuation such that Σt = T.• Then by the definition of entailment, we haveψt = T = (ψ → ϕ)t .

• Thus it follows by the rule for valuations on → that ϕt = T.• This shows that Σ |= ϕ.



Natural Deduction

Soundness

Soundness

• Induction: As we are not in the base case, we have these casesfor the last inference rule used in the proof Σ ` ϕ.• ϕ = (α→ β), via →i with premise Σ ∪ {α} ` β:

• By the induction hypothesis, Σ ∪ {α} |= β.• Let t be any valuation such that Σt = T.• If αt = F, then by the rule for valuations on →, we haveϕt = (α→ β)t = T.

• If αt = T, then (Σ ∪ {α})t = T, so that, by the definition ofentailment, we have βt = T. Then by the rule for valuations on→, we have ϕt = (α→ β)t = T.

• This shows that Σ |= ϕ.



Natural Deduction

Soundness

Soundness

• Induction: As we are not in the base case, we have these casesfor the last inference rule used in the proof Σ ` ϕ.• RAA with premise Σ ∪ {(ϕ→ ⊥)} ` ⊥:

• By the induction hypothesis, Σ ∪ {(ϕ→ ⊥)} |= ⊥.• Let t be any valuation such that Σt = T.• If (ϕ→ ⊥)t = F, then by the rule for valuations on →, we haveϕt = T.

• If (ϕ→ ⊥)t = T, then (Σ ∪ {(ϕ→ ⊥)})t = T. By the definitionof entailment, we have ⊥t = T. This contradicts the propertiesof ⊥, so this case cannot occur.

• This shows that Σ |= ϕ.

• All cases are now handled, so this completes the proof.

�Natural Deduction Soundness 132/383


Natural Deduction

Soundness

Soundness - Remarks on the Proof

• This proof works even if Σ is infinite (even uncountable).

• But because any individual proof includes finitely many steps, itcan have only finitely many premises.

• So every proof can be written using a finite subset Σ0 ⊂ Σ, evenif Σ is infinite.



Natural Deduction

Soundness

An Application of Soundness

• Problem: Prove that {(α→ β)} 6` (β → α).

• Solution: The contrapositive of soundness is: If Σ 6|= ϕ, thenΣ 6` ϕ.

• For a counterexample, let α = p, β = q.

• Then the valuation p = F, q = T witnesses that{(α→ β)} 6|= (β → α).

• So we are done.



Natural Deduction

Completeness

Definitions Needed for Completeness

• We call Σ inconsistent if Σ ` ⊥,• equivalently if Σ ` ϕ and Σ ` (¬ϕ), for some formula ϕ.

• We call Σ consistent if it is not inconsistent.

Entailment and Provability

• We call Σ unsatisfiable if no valuation t makes Σt = T.

• Recall: If Σ is unsatisfiable then Σ |= ϕ, for any ϕ.

• Similarly, if Σ is inconsistent then Σ ` ϕ, for any ϕ.

• Exercise: Prove it!

Natural Deduction Completeness 135/383


Natural Deduction

Completeness

A Lemma Used to Prove Completeness

Lemma 6.4

Σ ` ϕ if and only if Σ ∪ (ϕ→ ⊥) is inconsistent.

Proof.

• Assume that Σ ` ϕ.

• Then Σ ∪ (ϕ→ ⊥) ` ϕ by the Weakening Theorem 6.2.

• And Σ ∪ (ϕ→ ⊥) ` (ϕ→ ⊥) by the Axiom.

• Therefore Σ ∪ (ϕ→ ⊥) ` ⊥ by →e on the preceding twopremises.

• This proves that Σ ∪ (ϕ→ ⊥) satisfies the definition of beinginconsistent.



Natural Deduction

Completeness

A Lemma Used to Prove Completeness

• Now assume that Σ ∪ (ϕ→ ⊥) is inconsistent.

• Then Σ ∪ (ϕ→ ⊥) ` ⊥ by definition.

• Then we have Σ ` ϕ by RAA.

�



Natural Deduction

Completeness

Completeness

Theorem (Completeness) 6.5

If Σ |= ϕ, then Σ ` ϕ.

Proof.

• It suffices to prove that if Σ is consistent, then Σ is satisfiable.

• This is because the contrapositive of this statement (replacing Σwith Σ ∪ (ϕ→ ⊥)) is that: if Σ ∪ (ϕ→ ⊥) is not satisfiable,then Σ ∪ (ϕ→ ⊥) is inconsistent.

• By Lemma 6.4, we can re-write this as: if Σ ∪ (ϕ→ ⊥) is notsatisfiable, then Σ ` ϕ.

• Rewriting this using Lemma 5.1, we get: if Σ |= ϕ, then Σ ` ϕ.



Natural Deduction

Completeness

Completeness

• Let Σ be consistent.

• WLOG, assume that all the formulæ in Σ are constructed usingonly {→,⊥}.

• Suppose that Σ is countable, and assume that we can write asequence of all the well-formed formulæ that use only {→,⊥}:

ϕ0, ϕ1, . . . , ϕi , . . .

• Now define

Σ0 = Σ

Σi+1 =

{Σi ∪ {ϕi} if Σi ∪ {ϕi} is consistentΣi otherwise

, i ≥ 0



Natural Deduction

Completeness

Completeness

• The assumptions about countability are too strong.

• Σ may not be countable.

• We could fix this using transfinite induction, which is beyondthe scope of this course.



Natural Deduction

Completeness

Completeness

• Let

M =∞⋃

i=0

Σi .

• Define a valuation t via t(p) = T if and only if p ∈ M .

• I claim that Σt = T, i.e. that Σ is satisfiable.

• We will prove that ψt = T if and only if ψ ∈ M .

• This is enough since M ⊇ Σ by construction.



Natural Deduction

Completeness

Completeness

• Observation #1: M contains ϕ or (ϕ→ ⊥) and not both (sinceM is consistent by construction).

• Observation #2: If ϕ ∈ M and (ϕ→ ψ) ∈ M , then ψ ∈ M(since M is consistent by construction).

• Let ψ be arbitrary.

• The proof is by induction on the structure of ψ.



Natural Deduction

Completeness

Completeness

Base (ψ = p for some propositional variable p):

• By the construction of t, we then have ψt = t(p) which equals Tif and only if ψ ∈ M .



Natural Deduction

Completeness

Completeness

induction (ψ = (α→ β), for some α, β):

• If β ∈ M , then by induction, βt = T. Then by the rules forvaluations involving →, we have ψt = (α→ β)t = T.

• Otherwise, β /∈ M . By induction βt = F.• If α ∈ M, then by an earlier observation, we have a

contradiction. This case cannot occur.• If α /∈ M, then by induction αt = F. Then by the rules for

valuations involving →, we have ψt = (α→ β)t = T.

�



Natural Deduction

Completeness

Compactness

• We already showed that if Σ ` ϕ, then there is a finite subsetΣ0 ⊆ Σ such that Σ0 ` ϕ.

• Applying soundness, we have that if Σ |= ϕ, then there is a finitesubset Σ0 ⊆ Σ such that Σ0 |= ϕ.

• There is a corresponding result about finiteness in the otherdirection, called Compactness.



Natural Deduction

Completeness

Compactness

Theorem (Compactness) 6.6

If every finite subset Σ0 ⊆ Σ is satisfiable, then Σ is satisfiable.

Proof.

• Suppose that every finite subset Σ0 ⊆ Σ is satisfiable.

• We already showed thatΣ is consistent implies that Σ is satisfiable.

• Hence it suffices to show that Σ is consistent.

• For a contradiction, suppose that Σ is inconsistent.

• Assume that Σ ` ϕ and Σ ` (¬ϕ), for some formula ϕ.



Natural Deduction

Completeness

Compactness

• By an earlier fact, there exist finite subsets Σ1,Σ2 ⊆ Σ suchthat Σ1 ` ϕ and Σ2 ` (¬ϕ).

• By soundness, Σ1 |= ϕ and Σ2 |= (¬ϕ).

• Then by construction, Σ1 ∪ Σ2 is a finite subset of Σ.

• By hypothesis, Σ1 ∪ Σ2 is satisfiable.

• Let t be a valuation such that (Σ1 ∪ Σ2)t = T.

• In other words, Σt1 = T = Σt

2.

• By entailment, ϕt = T = (¬ϕ)t .

• But this implies ϕt = T and ϕt = F.

• This contradiction finishes the proof.

�Natural Deduction Completeness 147/383


Natural Deduction

Completeness

Definable Sets Of Valuations

Definition 6.7

We use the notation

mod(Σ) = {t | Σt = T},

i.e. mod(Σ) denotes the set of valuations which satisfy Σ.

Definition 6.8

A set S of valuations is called definable (in propositional logic) if

S = mod(Σ), for some set Σ of formulæ .



Natural Deduction

Completeness

Definable Sets Of Valuations

• The notion of definable sets will come into its own once westudy Predicate Logic.

• Some authors refer to valuations as interpretations. Thenotion of an interpretation will come also into its own once westudy Predicate Logic.

• To prove that a given set S is definable in the sense of Definition6.8, we must exhibit a set Σ of formulæ , then prove thatS = mod(Σ).

• To prove that a given set S is not definable in the sense ofDefinition 6.8 is more difficult. However We can do this usingcompactness.



Natural Deduction

Completeness

Definable Sets Of Valuations - Example 1

• For both examples, use the countable set of propositionalvariables

{p0, p1, p2, . . .}.

• Define valuations tF and {t0, t1, t2, . . .} via

tF(pj ) = F, ∀j ∈ N

ti (pj ) =

{F if j < iT if j ≥ i

• Let S = {tF} ∪ {ti | i ∈ N}.• Let Σ = {(pi → pi+1) | i ∈ N}.• Then S = mod(Σ), so that S is a definable set of valuations.



Natural Deduction

Completeness


• Keeping the same notation from the first example, let

S+ = {ti | i ∈ N}.• I claim that S+ is not definable.• For a contradiction, suppose that S+ is definable.• Let Σ+ be a set of formulæ such that S+ = mod(Σ+).• Let

ΣF = {(¬pi ) | i ∈ N}Σ = Σ+ ∪ ΣF.

• We will show that every finite subset Σ0 ⊆ Σ is satisfiable, butΣ is not satisfiable.

• This contradiction with Compactness (Theorem 6.6) willcomplete the proof.



Natural Deduction

Completeness


• First, I claim that Σ is not satisfiable.

• For a contradiction suppose that Σ is satisfiable.

• Let t be a valuation such that Σt = T.

• Then, since ΣtF = T, therefore t(pj ) = F, ∀i ∈ N.

• But then t cannot satisfy Σ+, since setting all the variables to F

only admits finitely many of the ti , not the infinitely many thatare in S+.

• This proves the claim.



Natural Deduction

Completeness


• Next, I claim that every finite Σ0 ⊆ Σ is satisfiable.• Let Σ0 ⊆ Σ be finite.• Then Σ0 contains only finitely many (¬pj ) formulæ from ΣF.• Let i = max{j | (¬pj ) ∈ Σ0}+ 1.• Now note that ti satisfies all the formulæ from ΣF ∩ Σ0.• We still need to argue that ti satisfies all the formulæ from

Σ+ ∩ Σ0.• Recall that we assumed S+ = mod(Σ+).• Let ψ ∈ Σ+ be arbitrary.• Then by definition ti ∈ S+ implies that (Σ+)ti = T, which in

turn implies ψti = T.• This shows that ti satisfies Σ+, in particular ti satisfies Σ+ ∩Σ0.• This proves the claim.



Natural Deduction

Completeness


• We showed that Σ is unsatisfiable, but that every finite Σ0 ⊆ Σis satisfiable.

• This contradicts Compactness, Theorem 6.6.

• This contradiction completes the proof that S+ is not definable.



First-Order Predicate Logic

Slide 150

• We may take the domain of the bird example to be a set ofanimals.

• We may take the domain of the student example to be a set ofpeople.

First-Order Predicate Logic Slide 150 155/383



Slide 150

• Clarify the statement“These refer to things: birds, students, instructors. They alsorefer to properties of things, either as individuals (ability to fly)or in combination (relative age).”to say“These refer to things: birds, students, instructors. They alsorefer to properties of things, either as individuals (ability to fly)or in combination (comparison of ages).”




Slide 159

• A natural example of a domain in mathematics is the integers,Z.

• The constants, or distinguished elements in this domain areusually taken to be 0 and 1.

• These elements are distinguished because they have specialarithmetic properties, e.g. 0 + z = z and 1z = z hold for anyz ∈ Z.




Slide 161

• In the example at the top of the slide,• the domain D is people, and• the subset S of students is a unary relation contained inside

that domain.

• A badly chosen example in which a relation fails to becontained in its domain: Suppose that we initially takeD = Z. Then later, we decide that we want to study the relation

R = {x ∈ R | x ≤ 2}.

Then we see that 12∈ R , but 1

2/∈ D. We should go back to the

drawing board, and change our domain to D = R.




Slide 161

Definition 7.1

Let X be a non-empty set. Let k ≥ 1. A k-ary relation on X is anyset of k-tuples of elements of X .




Slide 161

Examples:

• Let X = {1, 2, 3, 4, 5}. Then

1. {1, 2, 3} is an example of a unary relation on X . We couldequivalently express this relation as

{x ∈ X | x ≤ 3}.

2. {〈1, 1〉, 〈2, 2〉, 〈3, 3〉, 〈4, 4〉, 〈5, 5〉} is an example of a binaryrelation on X . We could equivalently express this relation as

{〈x , y〉 ∈ X × X | x = y},

in other words the relation of equality.3. {〈1, 2, 3〉, 〈2, 2, 5〉, 〈3, 1, 2〉} is an example of a 3-ary relation on

X .




Slide 161

Examples:

• Let X = Z. Then

{〈x , y〉 ∈ Z× Z | x < y}

is an example of a binary relation on Z.

• Let X = R. Then the parabola

{〈x , y〉 ∈ R× R | y = x2}

is an example of a binary relation on R. This is an example of arelation which is also a function (think of the vertical line test).




Slide 161

Examples:

• Let X = R. Then the unit circle

{〈x , y〉 ∈ R× R | x2 + y 2 = 1}

is an example of a binary relation on R. This is an example of arelation which fails to be a function (think of the vertical linetest).

• D = R× Z is a good domain for the floor function. Note thatthe floor function is not an example of a binary relation, becausethe sets from which the two co-ordinates are taken to make thepairs are not the same.




Deleted Slides After Slide 165

Functions

In addition to predicates and quantifiers, first-order logic extendspropositional logic by using functions as well. To see why, considerthe following statement.

Every child is younger than its mother.

One might try to express this statement in FOL by the formula

(∀x (∀y ((C (x) ∧ M(y , x))→ Y (x , y)))) .

But this allows x to have several mothers!

First-Order Predicate Logic Deleted Slides After Slide 165 163/383




Functions: Example and Definition

Functions in FOL give us a way to express statements more concisely.The previous example can be expressed as(

∀x(C (x)→ Y (x ,m(x))

))where m denotes the function that takes one argument and returnsthe mother of that argument.

Formally, we represent a k-ary function f as the k + 1-ary relation Rf

given by

Rf ={〈x1, . . . , xk , xk+1〉 ∈ Dk+1 | f (x1, . . . , xk) = xk+1

}.





Functions: Further Examples

More examples:

• Alex and Sam have the same maternal grandmother:

m(m(a)) = m(m(s)) .

• Some program computes the squaring function:

(∃p(∀x (r(p, x) = x ∗ x))).

These use m(·) as “mother-of” and r(·, ·) as “result-of”.



Syntax of Predicate Logic

Slide 167

• The ingredients of the syntax of First Order Logic (i.e. the legalsymbols for the language of First Order Formulæ ) are

1. constant symbols, e.g. c , d , c1, c2, c3, . . .2. variable symbols, e.g. x , y , x1, x2, x3, . . .3. function symbols, e.g. f , g , f1, f2, f3, . . .4. predicate symbols, or relation symbols, e.g.

P,Q,P1,P2,P3, . . .5. connective symbols: ¬,∧,∨,→

6. quantifier symbols: ∀, ∃punctuation symbols:‘(′, ‘)′, ‘,′

7.• The meanings of connectives, quantifiers and punctuation will befixed.

• The meanings of constants, functions, variables and predicateswill be determined by semantics.

Syntax of Predicate Logic Slide 167 166/383



Slide 167

• Constant symbols are included because we often need to referto objects in our domain (universe) that have special properties.For example,• When doing algebra in the style of Math 135 (which is really

ring theory), we need to mention 0 and 1 to state the ringaxioms.

• When doing calculus in the style of Math 137, we need tomention 0 to state the definition of a limit.

• Variable symbols are used in the usual mathematical way.




Slide 167

• Function symbols (each having a fixed arity) are used in theusual mathematical way, noting that, jumping ahead tosemantics:

1. functions must take all their inputs from the chosen domain(universe), and

2. functions must be defined everywhere on the domain (universe).

• Predicate symbols (each having a fixed arity) are used similarlyto function symbols, noting that, jumping ahead to semantics:

1. predicates must take all their inputs (which are tuples) from thechosen domain (universe),

2. predicates must be defined everywhere on the domain (universe)and

3. predicates evaluate to F if the tuple of interest does not lie inthe relation, or T if the tuple of interest lies in the relation.

• This explains how the predicate (equivalently relation) symbolsproduce propositions.




Slide 168

• See also p99 of the text.




Slide 171

General Formulas

• The scope of a variable is determined by the quantifier. Weneed to keep careful track of the scope because• the same variable can occur in different places in a formula, and• we will soon discuss substitutions, where understanding the

scope is crucial to doing the substitution correctly.




Slide 171

General Formulas

Here is a natural example of a first-order formula which uses thequantifier ∀:

D = Rϕ = (x2 ≥ 0), then construct the formula

(∀x (x2 ≥ 0)).

In more detail, let L be a language having

• constants: {0}• variables: {x}• functions: {∗(2)}• relations: {≥(2)}

Then we may define atomic terms 0 and x , andSyntax of Predicate Logic Slide 171 171/383



Slide 171

General Formulas

term : (x ∗ x)

atomic formula : ((x ∗ x) ≥ 0)

formula : (∀x ((x ∗ x) ≥ 0))

We may then interpret this via the interpretation I, having

D = dom(I) = R0I = 0

∗I = usual multiplication in R≥I = usual ≥ in R

which interprets the formula as the familiar (true) statement fromarithmetic that the square of any real number is a non-negative realnumber.




Slide 172

Examples: Parse trees

• The domain need not be stated inside the formula itself (aswould have been done in the set theory notation of Math 135).

• Here we reproduce the parse tree from p101 of the text, for theformula:

(∀x ((P(x)→ Q(x)) ∧ S(x , y))).




Slide 172


∀x

∧

→ S

P Q x y

x x




Slide 172


How is the following formula generated?

(∀x (F (b)→ (∃y (∀z (G (y , z) ∨ H(u, x , y))))))?

Here is a parse tree which shows the construction.




Slide 172

∀x

→

F ∃y

b ∀z

∨

G H

y z u x y



Semantics of First Order Logic - Formulæ Without Variables

Slide 174

• We use the symbol L for the set of symbols because, in modeltheory (the subject to which this material properly belongs), thisset is called a language.

• See also Definition 2.14 in the text.

Semantics of First Order Logic - Formulæ Without Variables Slide 174 177/383



Slide 175

• Note that the definition of tM uses the recursive definition ofthe term t from earlier.

• The value of a term is always a member of the domain of I. Itis an exercise to rigourously prove this statement. Try structuralinduction on t. (See also Proposition 10.1.)




Slide 177

Definition 9.1

The successor function s on the natural numbers N is:

s : N → Nn 7→ n + 1

For example, s(0) = 1, s(1) = 2, s(99) = 100.

• Here we use the construction of Slide 164 to represent any k-aryfunction (here the unary successor) as a (k + 1)-ary relation.

• This construction shows that every function is a relation.

• It is important to remember that not every relation is afunction. Geometrically, think about the vertical line test.




Slide 179

• If an n-ary function f I is defined on a domain D, then we require

f I : D × · · · × D︸︷︷︸n copies

→ D.




Slide 183

Motivation for Substitution

• Consider a language L having• constants {0, 1}• functions {+(2),−(2)}• relations {=(2)}

• Consider the predicate formula (∀y (∃x (x + y = 0))).

• Define the interpretation I having• domain Z• 0I is the actual zero in Z• 1I is the actual one in Z• +I ,−I the usual addition and subtraction in Z• =I the usual equality in Z

• It is then clear that I |= (∀y (∃x (x + y = 0))).




Slide 183

Motivation for Substitution

• With our naive approach to ∀e, we should be able to re-writethe inner formula, with any term plugged in for y .

• But letting y = 1− x , the inner formula reads(∃x (x + (1− x) = 0)), which simplifies to (∃x (1 = 0)).

• Something is clearly wrong with the naive approach.

• Problem: The term 1− x which we want to substitute for yinvolves the same variable name as the variable following thequantifier ∃x .

• What should have remained free accidentally becomes boundwhen we substitute naively.




Slide 183

• Here is the explicit setup which is implied by what is given. LetL be a language having• constants: ∅• variables: {x , y}• functions: {f (1), g (2),+(2)}• relations: {E (1),S (2)}

• If ϕ = E (f (x)), then:

α[y + y/x ] = E (f (y + y))

α[f (x)/x ] = E (f (f (x)))

E (f (x + y))[y/x ] = E (f (y + y))




Slide 184

• The “capture” to which we refer in the second example occurswhen we write down the finished formula after the substitution.




Slide 186

We make this recursive definition of substitution on a term, whichhas the same effect but makes induction proofs involving substitutionclearer later on.

Definition 9.2

Let s, t be terms. Let x be a variable. Then the substitution s[t/x ] isdefined recursively:Base:

• If s is c , for a constant symbol c , then s[t/x ] = c .

• If s is y , for a variable symbol y 6= x , then s[t/x ] = y .

• If s is x , then s[t/x ] = t.

Induction: In this case, s is g(t1, . . . , t`), for some `-ary functionsymbol g and terms t1, . . . , t`. Then s[t/x ] = g(t1[t/x ], . . . , t`[t/x ]).




Slide 188

Example, Revisited

• Note that in the end the y in the sub-formula β and the y goingwith the ∃ quantifier both get replaced with w , per oursubstitution algorithm.

• Also note that the “Otherwise” clause in Case 5 of oursubstitution algorithm requires adding new variables to oursetup.• In other words we are actually augmenting the given language L

that we want to study when we exercise this “Otherwise” clause.• In our example, we added a variable w which was not part of the

original language. The original variables were simply {x , y , z}.• Carrying out this augmentation is a small price to pay to avoid

the capture problem.



Semantics of First-Order Logic

Slide 191

• An interpretation I selects a domain D and gives meanings to

1. constant symbols,2. function symbols and3. relation symbols.

• An environment, E , (once an interpretation is chosen) givesmeanings to the free variables. Bound variables in a formulaare handled by the rules for quantifiers that are given later on(starting on Slide 196.

• Since an environment evaluates all the free variables in anyformula, specifying an interpretation and an environment givesus enough machinery to evaluate a formula with only freevariables (i.e. without bound variables).

• Later, defining an “override” to an environment (see Slide 196)will give us a technique for evaluating a formula with boundvariables.

Semantics of First-Order Logic Slide 191 187/383



Slide 192

• The notation α(I,E)2 denotes the valuation of the formula α2

under the interpretation I and the environment E .




Slide 193

• Note, we must already have a language L in mind to get startedhere.

• Our goal is to give a meaning to ϕ(I,E), for any formula ϕ, anyinterpretation I, and any environment E .

• Up until now we have only done this explicitly in the case whenterms and formulæ contain no variables.

• In the presence of the environment E , augmenting our earlierapproach will now handle everything except bound variables informulæ .

• We will show how to handle the quantifiers later, starting onSlide 196.

• See also Slide 201 and Definition 2.18 in the text.• The notation xE denotes the value of the variable x under the

environment E .• As earlier (see also Proposition 10.1), the evaluation of every

term is a domain element.Semantics of First-Order Logic Slide 193 189/383



Slide 193

Proposition 10.1

Let t be any predicate term. Let I be any interpretation, withdomain D. Let E be any environment. Then t(I,E) ∈ D.

Proof. The proof is by structural induction on t.

Base: If t = c , for some constant symbol c , then

t(I,E) = cI ∈ D by definition.

If t = x , for some variable symbol x , then

t(I,E) = xE ∈ D by definition.




Slide 193

Induction: In this case t = f (t1, . . . , tk), for some k-ary functionsymbol f , and some terms t1, . . . , tk . Then

t(I,E) = f (t1, . . . , tk)(I,E)

= f I(

t(I,E)1 , . . . , t

(I,E)k

).

By induction, t(I,E)i ∈ D for all 1 ≤ i ≤ k . By definition, f I is a

k-ary function on D. Therefore f I(

t(I,E)1 , . . . , t

(I,E)k

)∈ D. This

completes the induction step, and the proof. �




Slide 196

• Before starting the slide, note that we now have enoughmachinery to evaluate any formula that has only free variables(i.e. no bound variables).• As we saw earlier, specifying an interpretation suffices to

evaluate a formula with no variables at all.• Specifying an environment then evaluates all free variables,

hence this suffices to evaluate a formula with only free variables.• On this slide we begin work on the last type of formula, one

which contains bound variables.

• Think of the [x 7→ a] as an “override” of the usual value of E (x).

• Example: Let D be N with E : x 7→ 3; y 7→ 7. ThenE [x 7→ 10] : x 7→ 10; y 7→ 7.

• Any choice of a domain element for each variable in the setupdefines an environment.




Slide 199

Here is the explicit setup which is implied by what is given:

• constants: ∅• variables: {x , y}• functions: ∅• relations: {R( binary )}




Slide 199

What is (∀x (∃y R(x , y)))(I,E)?

• Note that

〈E [x 7→ a][y 7→ a](x),E [x 7→ a][y 7→ a](y)〉= 〈a, a〉∈ RI , and

〈E [x 7→ b][y 7→ b](x),E [x 7→ b][y 7→ b](y)〉= 〈b, b〉∈ RI ,

and hence(∀x (∃y R(x , y)))(I,E) = T .




Slide 200

• Because adding an override of the form [x 7→ a] to anenvironment E produces a new environment, we can compose asmany overrides as needed.

• We will adopt the convention that every variable may beoverridden at most once in any given string of overrides.




Slide 201

• (See also Definition 2.18 in the text.)




Slide 204

Explanation for why α is not valid:

• Recall the definition of valid on Slide 203.

• By this definition, we must exhibit a choice of an interpretationI and environment E which fail to satisfy α. Consider

dom(I) : Nf I : addition

gI : squaring

PI : equality

E (x) = 1

E (y) = 1

E (z) = 1.




Slide 204

Then

g(x) = 1

g(y) = 1

g(z) = 1

f (g(x), g(y)) = 1 + 1

= 2

6= g(z).

This choice of interpretation and environment show that α is notvalid.




Slide 204

It is easy to see that, using the given interpretation,P(f (g(x), g(y)), g(z)) evaluates to true exactly when(E (x),E (y),E (z)) are a Pythagorean triple.




Slide 206

Relevance Lemma

Relevance Lemma 10.2

Let α be a first-order formula, I be an interpretation, and E1 and E2

be two environments such that E1(x) = E2(x) for every x that occursfree in α. Then

I |=E1 α if and only if I |=E2 α.

Proof. The proof is by structural induction on the formula α, and isleft as an exercise. �




Slide 207

Logical ConsequenceDefinition 10.3

let Σ be a set of well-formed formulæ of predicate logic. Let I be aninterpretation and let E be an environment. We write I |=E Σ if andonly if I |=E ψ, for every formula ψ ∈ Σ.

Definition 10.4

Suppose Σ is a set of well-formed predicate formulæ and ϕ is awell-formed predicate formula. We say that ϕ is a logicalconsequence of Σ, written as Σ |= ϕ, if and only if for anyinterpretation I and environment E , we have

I |=E Σ implies I |=E ϕ.

• ∅ |= ϕ means that ϕ is valid.Semantics of First-Order Logic Slide 207 201/383



Slide 208

Example: Show that ∅ |=((∀x (α→ β)

)→((∀x α)→ (∀x β)

)).

Proof by contradiction. Suppose there are I and E such that

I 6|=E

((∀x (α→ β)

)→((∀x α)→ (∀x β)

)).

Then (by virtue of the properties of implication) we must haveI |=E

(∀x (α→ β)

)and I 6|=E

((∀x α)→ (∀x β)

).

The second(by virtue of the properties of implication) givesI |=E (∀x α) and I 6|=E (∀x β).

Using the definition of ∅ |= for formulas with ∀, we havefor every a ∈ dom(I), I |=E [x 7→a] (α→ β) and I |=E [x 7→a] α.Thus also I |=E [x 7→a] β for every a ∈ dom(I).

Thus I |=E (∀x β), a contradiction.Semantics of First-Order Logic Slide 208 202/383



Slide 209

Example. Show that {(∀x (¬γ))} |= (¬(∃x γ)).

Suppose that I |=E (∀x (¬γ)). By definition, this means

for every a ∈ dom(I), I |=E [x 7→a] (¬γ).

Again by definition (for a formula with ¬), this is equivalent to

for every a ∈ dom(I), I 6|=E [x 7→a] γ

and also

there is no a ∈ dom(I) such that I |=E [x 7→a] γ.

This last is the definition of I |=E (¬(∃x γ)), as required.

Observe that the other direction can be proved similarly.




Slide 210

Example: Show that, in general,

{((∀x α)→ (∀x β))} 6|= (∀x (α→ β)) .

(That is, find α and β such that consequence does not hold.)

Key idea: ϕ→ ψ yields true whenever ϕ is false.

Let α be R(x). Let I have domain {a, b} and RM = {a}. ThenI |= (∀x α)→ (∀x β) for any β. (Why?)

To obtain I 6|= (∀x (α→ β)), we can use (¬R(x)) for β. (Why?)

Thus {((∀x α)→ (∀x β)

)} 6|= (∀x (α→ β)), as required. (Why?)




Slide 210

• The reason why I |= ((∀x α)→ (∀x β)) for any β:• Let E be any environment.• Then we have α(I,E [x 7→b]) = F .• This shows that (∀x α)(I,E) = F , for any environment E .• In other words I 6|= (∀x α).• Then we have I |= ((∀x α)→ (∀x β)) for any β, by the

properties of implication.




Slide 210

• The reason why, to obtain I 6|= (∀x (α→ β)), we can useβ = (¬R(x)):• Let β = (¬R(x)).• Let E be any environment.• Then α(I,E [x 7→a]) = T and β(I,E [x 7→a]) = F .• This shows that (∀x (α→ β))(I,E) = F , for any environment E .• In other words I 6|= (∀x (α→ β)).

• The reason why {((∀x α)→ (∀x β))} 6|= (∀x (α→ β)):• Just apply the definition, using the previous two facts.




Slide 211

Example: for any formula α and any term t, we have

∅ |= ((∀x α(x))→ α[t/x ]) :

• If ∅ 6|= (∀x α(x)), then there is nothing to prove.

• So assume ∅ |= (∀x α(x)), then argue that ∅ |= α[t/x ].

• Since t is a term, by Proposition 10.1, t evaluates to an elementof the domain under any interpretation and environment.

• Hence our hypothesis that ∅ |= (∀x α(x)) implies the desiredresult.




Slide 216

Example. Show that

{(¬P(t))} ` (∃x (P(x)→ Q(t))),

for an arbitrary term t.

Proof:

1. (¬P(t)) Premise

2. P(t) Assumption

3. ⊥ ¬e: 1,2

4. Q(t) ⊥e: 3

5. (P(t)→ Q(t)) →i: 2–4

6. (∃x (P(x)→ Q(t))) ∃i: 5

(The last step could have produced (∃x (P(x)→ Q(x))), if desired.)Semantics of First-Order Logic Slide 216 208/383



Slide 216

This Slide can be slightly confusing. Keep the setup clearly in mind.

• α is (P(x)→ Q(y)). This is because of the result we are givento prove. The same proof (up to the last line) would workequally well with (P(x)→ Q(x)) instead.

• t is y , so that

• α[t/x ] is (P(y)→ Q(y)), as on line 5 of the proof, and

• (∃x α[t/x ]) is (∃x (P(x)→ Q(y)), as on line 6 of the proof.




Slides 218-220

Lemma 10.5

Let s, t be any predicate terms. Let x be a variable. Let I be anyinterpretation. Let E be any environment. Then

s[t/x ](I,E) = s(I,E [x 7→t(I,E)]).

Proof. The proof is by structural induction on s.

Base: If s = c , for some constant symbol c , then

s[t/x ](I,E) = c[t/x ](I,E) = cI = c (I,E [x 7→t(I,E)]) = s(I,E [x 7→t(I,E)]).

Semantics of First-Order Logic Slides 218-220 210/383



Slides 218-220

If s = y , for some variable symbol y 6= x , then

s[t/x ](I,E) = y [t/x ](I,E) = y E = y (I,E [x 7→t(I,E)]) = s(I,E [x 7→t(I,E)]).

If s = x , then

s[t/x ](I,E) = x [t/x ](I,E) = t(I,E) = x (I,E [x 7→t(I,E)]) = s(I,E [x 7→t(I,E)]).




Slides 218-220

Induction: In this case, s = g(t1, . . . , t`), for some `-ary functionsymbol g , and some terms t1, . . . , t`. Then

s[t/x ](I,E) = g(t1, . . . , t`)[t/x ](I,E)

= gI(t1[t/x ](I,E), . . . , t`[t/x ](I,E)

)=︸︷︷︸

I. H.

gI(

t(I,E [x 7→t(I,E)])1 , . . . , t

(I,E [x 7→t(I,E)])`

)= g (t1, . . . , t`)

(I,E [x 7→t(I,E)])

= s(I,E [x 7→t(I,E)]).

This completes the induction step, and the proof. �




Slides 218-220

Lemma 10.6

Let α be any predicate formula. Let t be any term. Let I be anyinterpretation, with domain D. Let E be any environment. Thenα[t/x ](I,E) = α(I,E [x 7→t(I,E)]).

Remark: This result is called Claim II in the main slides.

Proof. The proof is by structural induction on α.

Base: α is P(t1, . . . , tk), for some k-ary relation symbol P , and someterms t1, . . . , tk . Then

α[t/x ](I,E) = P(t1, . . . , tk)[t/x ](I,E)

= P(t1[t/x ], . . . , tk [t/x ])(I,E)

= PI(t1[t/x ](I,E), . . . , tk [t/x ](I,E)

).




Slides 218-220

We also have that

α(I,E [x 7→tI,E ]) = P(t1, . . . , tk)(I,E [x 7→t(I,E)])

= PI(

t(I,E [x 7→t(I,E)])1 , . . . , t

(I,E [x 7→t(I,E)])k

).

So we are done with the base case if we can prove that

ti [t/x ](I,E) = t(I,E [x 7→t(I,E)])i , for all 1 ≤ i ≤ k .

This is clear by Lemma 10.5.




Slides 218-220

Induction: If α is (¬β), for some β, then

α[t/x ](I,E) = (¬β)[t/x ](I,E)

= (¬β[t/x ])(I,E)

=

{T if β[t/x ](I,E) = F

F if β[t/x ](I,E) = T

=︸︷︷︸I. H.

{T if β(I,E [x 7→t(I,E)]) = F

F if β(I,E [x 7→t(I,E)]) = T

= (¬β)(I,E [x 7→t(I,E)])

= α(I,E [x 7→t(I,E)]).




Slides 218-220

If α is (β ∧ γ), for some β, γ, then

α[t/x ](I,E) = (β ∧ γ)[t/x ](I,E)

= (β[t/x ] ∧ γ[t/x ])(I,E)

=

{T if β[t/x ](I,E) = T and γ[t/x ](I,E) = T

F otherwise

=︸︷︷︸I. H.

{T if β(I,E [x 7→t(I,E)]) = T and γ(I,E [x 7→t(I,E)]) = T

F otherwise

= (β ∧ γ)(I,E [x 7→t(I,E)])

= α(I,E [x 7→t(I,E)]).

The cases for the remaining binary connectives are similar.




Slides 218-220

If α is (Qxβ), for some β and quantifier Q, then

α[t/x ](I,E) = α(I,E)

= α(I,E [x 7→t(I,E)]),

since overriding the bound variable x in the environment has noeffect.

If α is (Qyβ), for some variable y 6= x , some β and quantifier Q,then we have two sub-cases, depending on whether y occurs in t ornot. We suppose that Q is ∀. The sub-cases for ∃ are analogous.




Slides 218-220

If y does not occur in t, then

α[t/x ](I,E) = (∀y β)[t/x ](I,E)

= (∀y β[t/x ])(I,E)

=

{T if β[t/x ](I,E [y 7→d ]) = T for all dF otherwise

=︸︷︷︸I. H.

{T if β(I,E [y 7→d ][x 7→t(I,E)]) = T for all dF otherwise

=︸︷︷︸y 6=x

{T if β(I,E [x 7→t(I,E)][y 7→d ]) = T for all dF otherwise

= (∀y β)(I,E [x 7→t(I,E)])

= α(I,E [x 7→t(I,E)]).




Slides 218-220

If y occurs in t, then, letting z occur nowhere in α or t, we have

α[t/x ](I,E) = (∀z (β[z/y ])[t/x ])(I,E)

=

{T if (β[z/y ])[t/x ](I,E [z 7→d ]) = T for all dF otherwise

=︸︷︷︸I. H.

{T if β[z/y ](I,E [z 7→d ][x 7→t(I,E)]) = T for all dF otherwise

=︸︷︷︸x 6=z

{T if β[z/y ](I,E [x 7→t(I,E)][z 7→d ]) = T for all dF otherwise

= (∀z β[z/y ])(I,E [x 7→t(I,E)])

= α(I,E [x 7→t(I,E)]).

All cases have been handled. This completes the induction step, andthe proof. �




Slides 218-220

Theorem 10.7

The ∀e inference rule is sound.

Proof. Let α be any predicate formula. Let x be a variable. Let t bea predicate term. Since the ∀e inference rule asserts{(∀x α)} ` α[t/x ], to establish soundness we must prove{(∀x α)} |= α[t/x ]. Let (I,E ) be an interpretation andenvironment such that I |=E (∀x α). Let I have domain D. Bydefinition of satisfaction for a ∀ formula, this means thatα(I,E [x 7→d ]) = T, for all domain elements d . We are done if we canargue that I |=E α[t/x ], equivalently that α[t/x ](I,E) = T. By

Lemma 10.6, this is equivalent to α(I,E [x 7→t(I,E)]) = T. Proposition10.1 guarantees that t(I,E) is some domain element. Hence by theabove fact about satisfaction of a ∀ formula, the desired result isclear. �




Slides 218-220

Theorem 10.8

The ∃i inference rule is sound.

Proof. Let α be any predicate formula. Let x be a variable. Let t bea predicate term. Since the ∃i inference rule asserts{α[t/x ]} ` (∃x α), to establish soundness we must prove{α[t/x ]} |= (∃x α). Let (I,E ) be an interpretation andenvironment such that I |=E α[t/x ], equivalently α[t/x ](I,E) = T.

By Lemma 10.6, this is equivalent to α(I,E [x 7→t(I,E)]) = T. Let Ihave domain D. We are done if we can argue that I |=E (∃x α),equivalently that α(I,E [x 7→d ]) = T, for some domain element d .Proposition 10.1 guarantees that t(I,E) is some domain element.Hence α(I,E [x 7→t(I,E)]) = T witnesses the desired result. �




Slide 223

Rule ∀i Is Sound

A word of explanation is in order to motivate Definitions 10.9 and10.10, which are crucial ingredients in the proof of Theorem 10.11.

To carefully define the ∀i rule, we need to prove our formula holds foran arbitrary domain element y with no assumptions about y . Ifsuch an argument involves a formula in which a variable y is free,then it may impose undesired conditions on y . For example, if theargument involves bird(y), then the conclusion may only apply todomain elements which are birds, not necessarily to all domainelements.




Slide 223

Rule ∀i Is Sound

Consider the following proof fragment.

1.... ?

2. bird(y) ?

3. y ?

4.... ?

5. ϕ[y/x ] ?

6.... ?

We want to prevent this situation from occurring.




Slide 223

Rule ∀i Is Sound

Also consider the example below:

Σ = {(∀x P(x)), (∃z Q(y , z))}.

If Q is the < relation, then the formula (∃z Q(y , z)) says that “y isnot the maximal element of the domain”. If the desired conclusionα[y/x ] is connected with y being maximal in the domain, then wemay colour our desired result if we permit this formula to be in Σ.

See also pp110-111 in the text.




Slide 223

Rule ∀i Is Sound

Recall:

Definition 10.9

a variable is fresh in a subproof if it occurs nowhere outside the boxof the subproof.

Definition 10.10

Let Σ be a set of well-formed formulæ of first-order logic, and let ybe a variable. Then y is not free in Σ if y is not a free variable inany formula ψ ∈ Σ.




Slide 223

Examples:

1. For example, let L be a language having• constants: ∅• variables: {x , y , z ,w}• functions: ∅• relations: {P(1),Q(2)}

Then letΣ = {(∀x P(x)), (∃z Q(y , z))}.

Then the set of variables which are not free in Σ is {x , z ,w}(the only free variable in a formula of Σ is y).




Slide 223

Recall the Relevance Lemma 10.2.

Recall that soundness means that a statement written with “`”implies the same statement written with “|=”. The statement of the∀i rule is

If Σ ` α[y/x ] where y is not free in Σ, then Σ ` (∀x α) .

So to establish the soundness of this result, we need to argue that

If Σ |= α[y/x ] where y is not free in Σ, then Σ |= (∀x α) .

This is exactly the statement of Theorem 10.11.




Slide 223

Theorem 10.11

Let α be an arbitrary well-formed formula of first order logic. Let Σbe an arbitrary set of well-formed formulæ of first order logic.Suppose that Σ |= α[y/x ], and y is not free in Σ. Then Σ |= (∀x α).

Proof. Fix an arbitrary interpretation I and environment Esatisfying I |=E Σ. Our goal is to prove that I |=E (∀x α).

By our hypotheses, I |=E α[y/x ]. Since y is not free in Σ, I claimthat the Relevance Lemma 10.2 implies that for every a ∈ dom(I),

I |=E [y 7→a] Σ if and only if I |=E Σ.




Slide 223

Let ψ ∈ Σ be arbitrary. Because of Definition 10.3, it suffices toprove that

I |=E [y 7→a] ψ if and only if I |=E ψ.

To apply the Relevance Lemma 10.2 for formula ψ, we need to verifythat

E (z) = E [y 7→ a](z), for any free variable z in ψ.

Because of our hypothesis that y is not free in Σ (Recall Definition10.10), therefore y is not free in ψ. Hence E and E [y 7→ a](z) mustcoincide on every free variable z in ψ. Therefore the RelevanceLemma 10.2 applies as stated.

Thus for every a ∈ dom(I) we have I |=E [y 7→a] α[y/x ] and thusI |=E [x 7→a] α. By definition, this is the required I |=E (∀x α). SinceI and E were arbitrary, therefore we have satisfied Definition 10.4. Inother words we have Σ |= (∀x α), as required. �




Slide 226

Σ ` (∃x α) Σ ∪ {α[u/x ]} ` β, u fresh

Σ ` β




Slide 227

Rule ∃e Is Sound

As earlier, soundness means that a statement written with “`”implies the same statement written with “|=”. The statement of the∃e rule is

If Σ ` (∃x α) and Σ ∪ {α[u/x ]} ` β with u fresh and where u isnot free in Σ, α or β, then Σ ` β.

So to establish the soundness of this result, we need to argue that

If Σ |= (∃x α) and Σ ∪ {α[u/x ]} |= β with u fresh and where u isnot free in Σ, α or β, then Σ |= β.

This is exactly the statement of Theorem 10.12.Semantics of First-Order Logic Slide 227 231/383



Slide 227

Rule ∃e Is Sound

Theorem 10.12

Let α, β be arbitrary well-formed formulæ of first order logic. Let Σbe an arbitrary set of well-formed formulæ of first order logic.Suppose that Σ |= (∃x α) and Σ ∪ {α[u/x ]} |= β with u fresh andwhere u is not free in Σ, α or β. Then Σ |= β.

Proof. Fix an arbitrary interpretation I and environment Esatisfying I |=E Σ. Our goal is to prove that I |=E β.




Slide 227

Rule ∃e Is Sound

Because I |=E Σ and Σ |= (∃x α), by the first entailment we haveI |=E (∃x α). By the definition of satisfaction for existential formulæ, this says that there exists a domain element a ∈ dom(I) such thatI |=E [x 7→a] α. In other words, there exists a fresh u which is not freein Σ, α or β, such that I |=E α[u/x ].

We have I |=E Σ and I |=E α[u/x ]. Therefore, by the secondentailment, we have I |=E β.

This completes the proof. �




Slide 228

We apply the ∃e rule with

α = R(y)

β = (∃y R(y))




Slide 230


α = (¬α)

β = (¬(∀x α))




Slide 231


α = α

β = ⊥




Slide 232

Quantifiers and Negation: The final case

So far, we have shown that{(¬(∃x α))} ` (∀x (¬α)){(∀x (¬α))} ` (¬(∃x α)) , and{(∃x (¬α))} ` (¬(∀x α)) .

Example. Show that {(¬(∀x α))} ` (∃x (¬α)).

1. (¬(∀x α)) Premise

2.

3.

¬α[t/x ] ??

4.

(∃x (¬α)) ∃i: ??

For what term t can we prove (¬α[t/x ])?

There is no such t!

We need to try something cleverer. . . .Semantics of First-Order Logic Slide 232 237/383



Slide 233

Example. Show that {(¬(∀x α))} ` (∃x (¬α)).

1. (¬(∀x α)) Premise

2. (¬(∃x (¬α))) Assumption

3. u fresh Assumption

4. (¬α[u/x ]) Assumption

5. (∃x (¬α)) ∃i: 4

6. ⊥ ¬e: 5, 2

7. (¬(¬α[u/x ])) ¬i: 4–6

8. α[u/x ] ¬¬e: 7

9. (∀x α) ∀i: 3–8

10. ⊥ ¬e: 9, 1

11. (¬(¬(∃x (¬α)))) ¬i: 2–10

12. (∃x (¬α)) ¬¬e: 11Semantics of First-Order Logic Slide 233 238/383



Slide 235

Example. Show that {(∀x (∀y A(x , y)))} ` (∀y (∀x A(x , y))).

1. (∀x (∀y A(x , y))) Premise

2. v fresh Assumption

3. u fresh Assumption

4. (∀y A(u, y)) ∀e:1

5. A(u, v) ∀e:4

6. (∀x A(x , v)) ∀i: 2–5

7. (∀y (∀x A(x , y))) ∀i: 2–6



First-Order Logic With Equality

Slide 238

As an alternative to taking deduction rules for =, one can insteaddefine axioms for equality. An axiom is a premise that is alwaystaken; it need not be listed explicitly.

EQ1 (∀x (x = x)) is an axiom.

EQ2 For each formula α and variable z ,(∀x(∀y((x = y)→

(α[x/z ]→ α[y/z ]

))))is an axiom.

These axioms imply

• Symmetry of =: ∅ `ND= (∀x (∀y ((x = y)→ (y = x)))) .

• Transitivity of =:∅ `ND= (∀x (∀y (∀z ((x = y)→ ((y = z)→ (x = z)))))) .

First-Order Logic With Equality Slide 238 240/383



Slide 239

Here we present a proof of the Lemma which sticks to the “one ruleper line” convention that we have been using since the beginning ofour section on predicate logic.

Lemma 11.1

∅ ` (∀x (∀y ((x = y)→ (y = x)))) .




Slide 239

1. u fresh

2. v fresh

3. (u = v) Assumption

4. (∀x (∀y ((x = y)→ ((z = u)[x/z]→ (z = u)[y/z])))) EQ2 (with ϕ = (z = u))

5. (∀y ((u = y)→ ((u = u)→ (y = u)))) ∀e: 4

6. ((u = v)→ ((u = u)→ (v = u))) ∀e: 5

7. ((u = u)→ (v = u)) →e: 3, 6

8. (∀x (x = x)) EQ1

9. (u = u) ∀e: 8

10. (v = u) →e: 7, 9

11. (u = v)→ (v = u) →i: 3–10

12. (∀y (u = y)→ (y = u)) ∀i: 2–11

13. (∀x (∀y ((x = y)→ (y = x)))) ∀i: 1–12

�




Slide 240

Here we present a proof of the Lemma which sticks to the “one ruleper line” convention that we have been using since the beginning ofour section on predicate logic.

Lemma 11.2

∅ ` (∀x (∀y (∀z ((x = y)→ ((y = z)→ (x = z)))))) .




Slide 240

1. u fresh

2. v fresh

3. w fresh

4. (u = v) Assumption

5. ((u = v)→ (v = u)) Symmetry of =

6. (v = u) →e : 4, 5

7. (∀x (∀y ((x = y)→ ((s = w)[x/s]→ (s = w)[y/s])))) EQ2 (where α is (s = w))

8. (∀y ((v = y)→ ((v = w)→ (y = w)))) ∀e: 7

9. ((v = u)→ ((v = w)→ (u = w))) ∀e: 8

10. ((v = w)→ (u = w)) →e: 6, 9

11. ((u = v)→ ((v = w)→ (u = w))) →i: 4–10

12. (∀z ((u = v)→ ((v = z)→ (u = z)))) ∀i: 3, 4–11

13. (∀y (∀z ((u = y)→ ((y = z)→ (u = z))))) ∀i: 2, 3–12

14. (∀x (∀y (∀z ((x = y)→ ((y = z)→ (x = z)))))) ∀i: 1, 2–13

�




Slide 241

• Question from the class: On the final exam, are studentsallowed to use the symmetry and transitivity proved here,without re-proving them?Answer: Yes.

• Applying rule =e with formulas t1 = t2 and r [t1/z ] = r [t1/z ](from =i) yields the conclusion.




Slide 241

Derived Proof Rules for Equality - Substitution of

Equals

Here we present a detailed proof of the EQSubs rule.

Lemma 11.3

Let r(z) be a function. Let t1, t2 be terms. Then

{(t1 = t2)} ` r [t1/z ] = r [t2/z ].




Slide 241

Derived Proof Rules for Equality - Substitution of

Equals

1. (t1 = t2) Premise

2. (∀x (∀y ((x = y)→ ((r(t1) = r(z))[x/z]→ (r(t1) = r(z))[y/z])))) EQ2 (with α = (r(t1) = r(z)))

3. (∀y ((t1 = y)→ ((r(t1) = r(z))[t1/z]→ (r(t1) = r(z))[y/z]))) ∀e : 2

4. ((t1 = t2)→ ((r(t1) = r(z))[t1/z]→ (r(t1) = r(z))[t2/z])) ∀e : 3

5. ((r(t1) = r(z))[t1/z]→ (r(t1) = r(z))[t2/z]) →e : 1, 4

6. ((r(t1) = r(t1))→ (r(t1) = r(z))[t2/z]) substitution

7. (∀x x = x) EQ1

8. (r(t1) = r(t1)) ∀e : 7

9. (r(t1) = r(z))[t2/z] →e: 6, 8

10. r [t1/z] = r [t2/z] substitution



Soundness and Completeness of First-Order Logic

Slide 242

Soundness of First-Order Logic

The soundness of the new rules is proved in the Lecture Slides,immediately after the definition of each rule.

Soundness and Completeness of First-Order Logic Slide 242 248/383



Slide 243

Completeness of First-Order Logic

• We are going to sketch a proof of the main ingredient in theproof of completeness, namely that every consistent set offormulæ of first-order logic has an interpretation andenvironment which satisfy it.

• In detail, let Σ be any consistent set of formulæ of first-orderlogic.

• We are going to sketch a proof that there exists aninterpretation I and an environment E such that I |=E Σ.

• The first ingredient in constructing I is to declare its domain D.• The key requirement of the domain D is that every term in the

setup is a domain element.• Since we can choose the domain to be any set that we like, we

may make every term into a domain element.Soundness and Completeness of First-Order Logic Slide 243 249/383



Slide 244

At the bottom of the slide, we need the fact that we may havepsq = ptq, even if s 6= t as terms. I think this remark is confusinggiven how we are making our construction here. Here is a briefexplanation of what I mean.

• Suppose that our domain is N, the natural numbers.

• Suppose that in our language has constants {0, 1, 2}, and thatwe interpret these constant symbols to have their usualmeanings.

• Suppose that our language has the binary function symbol +,and that we interpret this function symbol to have its usualmeaning.

• Then 1 + 2 and 2 + 1 are terms, and we havep1 + 2q = p2 + 1q, even though 1 + 2 6= 2 + 1 as terms.




Slide 244

The reason why this remark is confusing is that we already have tohave a domain in mind before we can construct an example like this.However, we are constructing our domain using our set of terms, sosuch an example must always “put the cart before the horse”.




Slide 245

• An example to justify the last two statements made onthe slide: Let L be a language having• constants: ∅• variables: {x}• functions: ∅• relations: {R(1)}

Let

Σ1 = {(∀x R(x))}Σ2 = {(∀x (¬R(x)))}.

Let I1 be an interpretation constructed as above which satisfiesΣ1 and let I2 be an interpretation constructed as above whichsatisfies Σ2. Then we must have

RI1 = D, i.e. RI1 must include every domain element, and

RI2 = ∅, i.e. RI2 must exclude every domain element.




Slide 246

• Task for Collin: Try to construct an example showing thej → j + 1 work.



Compactness of First-Order Logic

Definable Sets Of Models

Definition 13.1

We use the notation

mod(Σ) = {I | I |= Σ},

i.e. mod(Σ) denotes the set of interpretations which satisfy Σ.

Definition 13.2

A set S of models is called definable (in first order logic) if

S = mod(Σ), for some set Σ of formulæ .

Compactness of First-Order Logic 254/383




Theorem (Compactness of FOL) 13.3

If every finite subset Σ0 ⊂ Σ is satisfiable, then Σ is satisfiable.

• We shall not prove this Theorem here.

• However we shall now demonstrate some applications of thisTheorem.




Example: A Model Requiring an Infinite Universe

• Consider a language L having relations {A(1),R (2)}.• Then consider the set Σ of first-order formulæ :

(∀x (∀y (R(x , y)→ A(y)))) (1)

(∀x (A(x)→ (∃y R(x , y)))) (2)

(∀x (∀y (∀z ((R(x , z) ∧ R(y , z))→ x = y)))) (3)

(∃x (∃y ((¬A(x)) ∧ R(x , y)))) (4)

Diagram:

(¬A) R // A R // A R // · · · R // A R // A R // · · ·




Example: A Model Requiring an Infinite Universe

• Why this picture cannot “loop”, i.e. why we must continuegenerating new elements forever:

• For a contradiction suppose that we have a loop somewhere:

(¬A) R // · · ·R

// c1 R// c2 R

// · · ·R// ck

R

0 or more steps

• The leftmost element exists, by formula 4.

• Then the element c1 with two incoming arrows fails to satisfyformula 3, providing a contradiction.



Applications of Compactness

Example: Models Having a Finite Universe Are Not

Definable

N.B. This is really FOL with equality.

1. “A model has at least k elements” is defined by:

ϕk =∧

1≤i<j≤k

ci 6= cj , for constants ci .

2. “A model has an infinite universe” is defined by:

Σ∞ = {ϕk | k > 0}.

3. For a contradiction, suppose that Σfin defines models having afinite universe.

Applications of Compactness 258/383




Definable

• Then by construction, Σ∞ ∪ Σfin is unsatisfiable.

• Let Σ0 ⊂ Σ∞ ∪ Σfin be any finite subset.

• Then Σ0 contains only finitely many ϕk , say {ϕk1 , . . . , ϕk`}.• Let U be any set with |U | = max{k1, . . . , k`}+ 1. Then

• U satisfies {ϕk1 , . . . , ϕk`} since it is bigger than required by allof them, and

• U satisfies Σfin by assumption, and hence satisfies any subset ofΣfin.

This shows that U satisfies Σ0.





Definable

• We have proved that every finite subset of Σ∞ ∪ Σfin issatisfiable.

• By compactness, this proves that Σ∞ ∪ Σfin is satisfiable.

• This contradicts the fact that Σ∞ ∪ Σfin is unsatisfiable, and itcompletes the proof.




Example: Models Having a Finite R-cycle Are Not

Definable

Definition 14.1

An R-cycle of length k is a sequence of k pairs of domain elementswhich all satisfy R :

R(c1, c2),R(c2, c3), . . . ,R(ck−1, ck),R(ck , c1).





Definable

1. “A model has an R-cycle of length k” is defined by:

ψk = ϕk ∧

( ∧1≤i≤k−1

R(ci , ci+1)

)∧ R(ck , c1),

so that “A model has no R-cycle of length k” is defined by(¬ψk).

2. “A model has no finite R-cycle” is defined by:

Σnofincycle = {(¬ψk) | k > 0}.

3. For a contradiction, suppose that Σfincycle defines models havinga finite R-cycle.





Definable

• Then by construction, Σnofincycle ∪ Σfincycle is unsatisfiable.

• Let Σ0 ⊂ Σnofincycle ∪ Σfincycle be any finite subset.

• Then Σ0 contains only finitely many (¬ψk), say{(¬ψk1), . . . , (¬ψk`)}.

• Let U be any set with an R-cycle of length max{k1, . . . , k`}+ 1,and no shorter R-cycles. Then• U satisfies {(¬ψk1), . . . , (¬ψk`)} since its shortest cycle is

bigger than required by all of them, and• U satisfies Σfincycle by assumption, and hence satisfies any

subset of Σfincycle .

This shows that U satisfies Σ0.





Definable

• We have proved that every finite subset of Σnofincycle ∪ Σfincycle issatisfiable.

• By compactness, this proves that Σnofincycle ∪ Σfincycle issatisfiable.

• This contradicts the fact that Σnofincycle ∪ Σfincycle isunsatisfiable, and it completes the proof.



Arithmetic

Slide 250

Why use axioms?

• Axioms constrain possible interpretations.

• Some axioms don’t have a simple corresponding rule.

• In a computer implementation, inference rules get built in. Thusnew inference rules require rewriting code. Axioms, on the otherhand, are easy to add — or to remove.

Arithmetic Slide 250 265/383


Arithmetic

Slide 255

Note that the PA7 axiom is actually used in the following threeplaces in the following slides:

1. Main Proof: to obtain the result (∀x (∀y (x = y = y + x))) onSlide 262.

2. Main Proof: base case - to obtain the result(∀y (0 = y = y + 0)) on Slide 256.

3. Main Proof: induction case - to obtain the result on Slides259-261.



Arithmetic

Slide 257

Let ψ = 0 + y = y + 0. Then our target is

(∀y (0 + y = y + 0→ 0 + s(y) = s(y) + 0)).

Here is a more detailed version of the last equality in the proof in themiddle of the slide.

s(y ′ + 0) =︸︷︷︸PA3+∀e+EQSubs

s(y ′) =︸︷︷︸PA3+∀e

s(y ′) + 0.

The fresh variable y ′ plays the role of y in the subproof.



Arithmetic

Slide 258

Line 1 of the proof in the main slides, 0 + 0 = 0 + 0 is not actually needed here.

1. y ′ fresh Assumption

2. 0 + y ′ = y ′ + 0 Assumption

3. 0 + s(y ′) = s(0 + y ′) PA4 + (∀e)2

4. s(0 + y ′) = s(y ′ + 0) EQSubs(s(·)) : 25. y ′ + 0 = y ′ PA3 + ∀e6. s(y ′ + 0) = s(y ′) EQSubs(s(·)) : 57. s(y ′) + 0 = s(y ′) PA3 + ∀e8. 0 + s(y ′) = s(y ′) + 0 EQTrans(3) : 3, 4, 6, 7

9. 0 + y ′ = y ′ + 0→ 0 + s(y ′) = s(y ′) + 0 →i: 2–8

10. (∀y (0 + y = y + 0→ 0 + s(y) = s(y) + 0)) ∀i: 1–9

This proves the induction step of the base case.



Arithmetic

Slide 258

Proof of the Base Case for Commutativity

Now for the main proof, taking ψ = (0 + y = y + 0), we have

1. ((0 + 0 = 0 + 0)→((∀y ((0+y = y +0)→ (0+ s(y) = s(y)+0)))→(∀y (0 + y = y + 0))))

PA7

2. ((∀y ((0 + y = y + 0)→ (0 + s(y) = s(y) + 0)))→(∀y (0 + y = y + 0))))

→e : 1 + base case

3. (∀y (0 + y = y + 0)) →e : 2 + induction case



Arithmetic

Slide 259

Lemma 15.1

For each free variable x ,

{(∀y (x + y = y + x))} `PA (∀y (s(x) + y = y + s(x))).

• The target s(x) + 0 = 0 + s(x) follows from(∀y (0 + y = y + 0)) plus ∀e plus the commutativity of +.



Arithmetic

Slide 262

Putting It All Together

Now for the main proof, taking ϕ = (∀y (x + y = y + x)), we have

1. ((∀y (0 + y = y + 0))→((∀x ((∀y (x + y = y + x))→ ((∀y (s(x) + y = y + s(x))))))→(∀x (∀y (x + y = y + x)))

PA7

2. ((∀x ((∀y (x + y = y + x))→ ((∀y (s(x) + y = y + s(x))))))→(∀x (∀y (x + y = y + x)))

→e : 1 + base case

3. (∀x (∀y (x + y = y + x))) →e : 2 + induction case

The other familiar properties of addition and multiplication have similar proofs. One can continue withdivisibility, primeness, etc.



Arithmetic

Slide 266

• Rsq(x1, x2) is T if and only if x21 = x2.

• Correct the description of the formula to

There exists a square of t which satisfies ϕ.

• A student found the following review exercise for the mid-term,which we solved in class.Problem: Suppose that propositional formulæ α, β satisfy{α} 6|= β. Does it follow that ∅ ` (¬(α→ β))?Solution: It does not follow. For example, let α = p, β = (¬p).Then letting t(p) = T witnesses that {α} 6|= β, but lettingt(p) = F witnesses ∅ 6|= (¬(α→ β)), which by thecontrapositive of soundness shows that ∅ 6` (¬(α→ β)).



Arithmetic

Slide 266

Example: When we prove that every non-zero natural number is asuccessor, namely

∅ `PA (∀x ((x 6= 0)→ (∃z (s(z) = x)))),

we take ϕ to be ((x 6= 0)→ (∃z (s(z) = x))), so that the base case is

∅ `PA ((0 6= 0)→ (∃z (s(z) = 0))).

Here is a proof.

1. (0 6= 0) Assumption

2. (0 = 0) EQ1 + ∀e

3. ⊥ ⊥i: 1,2

4. (∃z (s(z) = 0)) ⊥e: 3

5. ((0 6= 0)→ (∃z (s(z) = 0))) →i: 1–4



Lists

Slide 270

Remarks:

• Proof that cons(e, e) 6= e: This is obvious by axiom List1.

Definition 16.1

Define the following shorthand.

cons0(e) = e

consk(e) = cons(e, consk−1(e)), for k ≥ 1.

Lists Slide 270 274/383


Lists

Slide 270

Lemma 16.2

Let k , ` ≥ 1. If k 6= `, then consk(e) 6= cons`(e).

Proof. The contrapositive of the desired result is thatconsk(e) = cons`(e) implies k = `. The proof is by stronginduction on k .

• Base (k = 1): Then we have

cons`(e) = cons1(e)

= cons(e, cons0(e))

= cons(e, e),

which by definition, implies that ` = 1, completing the base case.



Lists

Slide 270

• Induction (k > 1): Assume that consk(e) = cons`(e). Then we

have cons(e, consk−1(e)) = cons(e, cons`−1(e)). Applyingaxiom List2, we obtain that consk−1(e) = cons`−1(e). Byinduction, this gives k − 1 = `− 1, which implies k = `. Thiscompletes the induction, and the proof.

�



Lists

Slide 271

• Explanation of why 〈a, `〉 6= 〈a, 〈`〉〉: Recall that• 〈a〉 = cons(a, e),• 〈a, `〉 = cons(a, 〈`〉) and• 〈`〉 = cons(`, e),

so that we have

〈a, `〉 = cons(a, 〈`〉)= cons(a, cons(`, e)), and

〈a, 〈`〉〉 = cons(a, 〈〈`〉〉)= cons(a, 〈cons(`, e)〉)= cons(a, cons(cons(`, e), e)).



Lists

Slide 272

1. 〈e〉 = cons(e, e), so we get

cons(cons(e, e), cons(cons(e, e), e))

= cons(〈e〉, cons(〈e〉, e))

= cons(〈e〉, 〈〈e〉〉)= 〈〈e〉, 〈e〉〉.



Lists

Slide 274

• Both of these exercises will be solved, either in a future Tutorial,or in these notes.



Lists

Slide 275

• The relation Rfirst contains all pairs (x , y), where y is the firstelement of the list x . This makes the defining formula(∃z(x = cons(y , z))) make sense.

• Similarly, the relation Rrest contains all pairs (x , y), where y isthe rest of the list x . This makes the defining formula(∃z(x = cons(z , y))) make sense.



Lists

Slide 276Lemma 16.3

∅ `List (∀x (∀y (∀z (((Rfirst (x, y)) ∧ (Rfirst (x, z))) → (y = z))))).

1. u fresh

2. v fresh

3. w fresh

4. (Rfirst (u, v) ∧ Rfirst (u, w)) Assumption

5. Rfirst (u, v) ∧e: 4

6. ∃s (u = cons(v, s)) Definition of Rfirst : 5

7. Rfirst (u, w) ∧e: 4

8. ∃t (u = cons(w, t)) Definition of Rfirst : 7

9. u = cons(v, s′) ∃e: 6 [term s′ ]

10. cons(v, s′) = u Commutativity of =: 9

11. u = cons(w, t′) ∃e: 8 [term t′ ]

12. cons(v, s′) = cons(w, t′) Transitivity of =: 10–11

13. v = w List2: 12

14. ((Rfirst (u, v) ∧ Rfirst (u, w)) → (v = w)) →i: 4–13

15. (∀z ((Rfirst (u, v) ∧ Rfirst (u, z)) → (v = z))) ∀i: 3–14

16. (∀y (∀z ((Rfirst (u, y) ∧ Rfirst (u, z)) → (y = z)))) ∀i: 2–15

17. (∀x (∀y (∀z ((Rfirst (x, y) ∧ Rfirst (x, z)) → (y = z))))) ∀i: 1–16



Lists

Slide 277

Define a binary relation EQLen so that EQLen(x , y) iff x and y havethe same length. Declare the following axioms.

• EL1. EQLen(e, e).

• EL2. (∀x ((x 6= e)→ ((¬EQLen(x , e)) ∧ (¬EQLen(e, x))))).

• EL3.

(∀x (∀y (∀z (∀w (((EQLen(x , y)→ EQLen(cons(u, x), cons(v , y)))∧ (EQLen(cons(u, x), cons(v , y))→ EQLen(x , y)))))))).



Lists

Slide 278

Lemma 16.4

∅ `List,EL (∀x EQLen(x , x)).

Proof. Let x be any list. Let ϕ = EQLen(x , x). The proof is by inductionon x , using the List3 axiom.

• Base (x = e): Then we have ∅ `EL EQLen(x , x), by EL1. So thebase case holds.

• Induction: Let x be fresh. To get the required ∀ formula in List3, weneed to prove (EQLen(x , x)→ (∀yEQLen(cons(y , x), cons(y , x)))).But this follows directly from EL3, as is pointed out on the slides.

�

• Task for Collin: Write this up as a proper natural deduction proof.



Programs Using Lists

Slide 281

• . . . We can then reason about f using the machinery of firstorder logic.

Programs Using Lists Slide 281 284/383



Slide 282

• A function is total if it is defined for all possible arguments. Bydefinition, every function in first-order logic is total.

• A function is partial if it is not defined for all possiblearguments. Scheme functions may be partial (if some argumentscause an error).

• You proved an analogous fact to the remark at the bottom ofthe slide on a06: for any unary function g , the formula(∀x(∃z(g(x) = z))) is valid.




Slide 283

• Refer to Slide 275 for the definition of the relation Rfirst .




Slide 286

• Look back to slide 283 for the definition of the ternary relationRAppend .

• Recall that a triple (x , y , z) lies in RAppend iff appending y to xproduces z .




Slide 287

Here is a more explicit explanation of the simplification at the bottomof the slide.

• Introduce new variables for the anonymous values:• vf : the value of first x• vr : the value of rest x• va: the value of (Append (rest x) y).

• We want to simplify the formula ((x 6= e)→ ϕ2), using List1and List2.

• Recall the definitions of List1 and List2:• List1. (∀x (∀y (cons(x , y) 6= e))).

• List2.(∀x (∀y (∀z (∀w ((cons(x , y) = cons(z ,w))→((x = z) ∧ (y = w)))))))

.




Slide 287

Writing out ϕ2 in full gives

(Rfirst(x , vf )→ (Rrest(x , vr )→(RAppend (vr , y , va)→ RAppend (x , y , cons(vf , va)))))

• From earlier, we have• Rfirst(x , vf ) = T iff (∃a cons(vf , a) = x)• Rrest(x , vr ) = T iff (∃b cons(b, vr ) = x)

Note: both hold since we have x 6= e as the left-hand side of ourfirst implication.

• Therefore, by the commutativity and transitivity of =, we getcons(vf , a) = cons(b, vr ).

• Then applying axiom List2 gives (vf = b) ∧ (a = vr ).

• Hence by EQSubs, we have x = cons(vf , vr ).




Slide 287

• So applying →e to all but the last implication, and replacing xby cons(vf , vr ), we simplify ((x 6= e)→ ϕ2) to

(RAppend (vr , y , va)→ RAppend (cons(vf , vr ), y , cons(vf , va))),

as on the Slide.




Slide 288

• Explain better how to obtain these formulæ from the previoustwo slides.

• The quantifiers in the App2 formula should be (∀x (∀y (∀z (∀w .

• The two formulæ on this slide summarize what we have derivedon Slides 286 and 287.

Here we give the details of the Exercise from the Slide. We mustshow:

{App1,App2} `List ∀y ∀x ∃z RAppend (x , y , z)




Slide 288

Plan of proof:

• Use induction on x ; that is, use List3 with formulaϕ = ∃z RAppend (x , y , z). (Note: y is free here.)

• For the base case, we need ∃z RAppend (e, y , z). From App1, wehave RAppend (e, y , y), so taking z = y works.

• For the induction case, we shall prove (for x ′ fresh, andarbitrary z ′) that

((∃z ′RAppend (x ′, y , z ′))→ (∀u(∃z ′RAppend (cons(u, x ′), y , z ′)))).

This is a consequence of App2.

• Then elimination and introduction of the appropriate quantifierscompletes the proof.




Slide 288

1. y fresh

2. RAppend (e, y , y) App1 + ∀e

3. (∃z RAppend (e, y , z)) ∃i: 2

4. x′ fresh

5. (∃z RAppend (x′, y , z)) Assumption

6. RAppend (x′, y , z′), z′ fresh Assumption

7. u fresh

8. RAppend (x′, y , z′)→ RAppend (cons(u, x′), y , cons(u, z′)) App2 + ∀e

9. RAppend (cons(u, x′), y , cons(u, z′)) →e: 6, 8

10. (∃z RAppend (cons(u, x′), y , z)) ∃i: 9

11. (∀u(∃z RAppend (cons(u, x′), y , z))) ∀i: 7–10

12. (∀u(∃z RAppend (cons(u, x′), y , z))) ∃e: 5, 6–11

13. ((∃z RAppend (x′, y , z))→ (∀u(∃z RAppend (cons(u, x′), y , z))))→i: 5–12

14.(∀x

(∃z RAppend (x′, y , z)→ ∀u ∃z RAppend (cons(u, x′), y , z)

))∀i: 4–13

15. RAppend (e, y , y)→(∀x

(∃z RAppend (x′, y , z)→

(∀u(∃z RAppend (cons(u, x′), y , z))))→

(∀x (∃z RAppend (x, y , z))))

List3 + ∀e

16. (∀x (∃z RAppend (x, y , z))) (→e)2: 3, 14, 15

17. (∀y (∀x (∃z RAppend (x, y , z)))) ∀i: 1–16




Slide 288

• We would still need to prove that z is unique to conclude thatRAppend is actually a function.

• According to Professor Buss, this fact is not provable from theaxioms we have so far.




Slide 289

Exercise: Prove Append is associative.

We must express the property of associativity of a function by usingits relation. This comes out as

∀y ∀z ∀w ∀x(∃u(RAppend (x , y , u) ∧ RAppend (u, z ,w))→ ∃v (RAppend (y , z , v) ∧ RAppend (x , v ,w)))

(The order of quantifiers chosen for an induction on x .)




Slide 289

Basis:∃u(RAppend (e, y , u) ∧ RAppend (u, z ,w))→∃v (RAppend (y , z , v) ∧ RAppend (e, v ,w))

Conditional on u existing, it must be y ; thus RAppend (y , z ,w).Therefore, it suffices to take v = w .




Slide 289

Induction step:

∀x((∃u(RAppend (x , y , u) ∧ RAppend (u, z ,w)

)→

∃v(RAppend (y , z , v) ∧ RAppend (x , v ,w)

))→∀t(∃u(RAppend (cons(t, x), y , u) ∧ RAppend (u, z ,w)

)→

∃v(RAppend (y , z , v) ∧ RAppend (cons(t, x), v ,w)

))).

I hope it works.



Interpreting Scheme Programs

Slide 296

• I had a significant error here in my first version of these notes,which I now correct.

• I thought that the first item in a list which is a name would bedifferent for different named objects. This is incorrect.

• Every string which is a name has the constant “name” as itsfirst item.

Interpreting Scheme Programs Slide 296 298/383



Slide 297

• Lists are equal when they are the same length, and each pair ofcorresponding items in both lists is equal.

• The statement “We assume a canonical way to transcribe textstrings into names” from the slide essentially means that ifs1 6= s2, then the contents of s1 will be embedded into the names1 somewhere after the first entry, and similarly for s2 and s2.This explains the statement that “If s1 and s2 are differentstrings, then the corresponding names s1 and s2 are alsodifferent.”

• Recall that λ allows us a generic way to declare bindings ofvariables. We will explain the important details when neededlater on. See Slide 313.




Slide 299

• The list of names not needing underlines is:

{define, cond, λ, e}.




Slide 300

• This process of substitution will naturally be recursive.




Slide 301

• Example:• Let D = 〈〈x , 5〉〉.• Then we will see soon that the Step relation will contain triples

• 〈x ,D, 5〉, and•⟨⟨

+, x , y , z⟩,D,

⟨+, 5, y , z

⟩⟩.




Slide 303

Examples:

1. Apply a built-in function in Scheme: Step contains〈〈+, 1, 1〉,D, 2〉, for any dictionary, D.

2. Replace a user-defined name by its definition: Step contains〈x ,D, 5〉, for dictionary D = 〈〈x , 5〉〉.




Slide 304

• If a name b denotes a built-in function fun, then we assume thatthe function is definable by a FOL relation. That is, there is aformula

ρfun(x1, . . . , xk , y)

that is true if and only if (b , x1 , . . . , xk )

produces the value y .

• Example: The formula ρfirst for the built-in function first is therelation Rfirst(x , y) from earlier.




Slide 305

• Look back to Slide 301 for the definition of the relation Step.

• Although we have not defined this carefully yet (see Slide 307),we will fix our dictionary D at this point, and not let it varywhile we carry out our substitutions.

• Note that the definition of Step1 does not depend on thechoice of dictionary D. This is supported by the comment onSlide 306 that we now need to look up the definition of the namein our dictionary if the definition is not fixed in the language.

• Recall from Slide 304 that ρfun(x, y) is true if and only iffun(x) = y .




Slide 305

Example:

• As on the previous slide, the formula ρfirst for the built-infunction first is the relation Rfirst(x , y) from earlier.

• For any x and y , Rfirst(cons(x , y), x) = T .

• Applying the Step1 axiom gives

Rfirst(cons(x , y), x)→ Step(〈first, cons(x , y)〉,D, x).

• And since Rfirst(cons(x , y), x) = T , an application of →e thengives

Step(〈first, cons(x , y)〉,D, x),

as stated on the slide.




Slide 309

• Add parentheses on these implications.

• Explanation of Step3:• We are trying to look up x in our dictionary.• Recall that LookUp(x ,D, y) = T if and only if looking up x in

dictionary D returns y .• We need to enforce x 6= u, to avoid conflict with the earlierStep2 axiom.




Slide 310

Correct the formula to

Step4 : (∀x (∀y (Rfirst(x , name)→ (LookUp(x ,D, y))→ Step(x ,D, y)))).




Slide 311

• Note that every function symbol of the given language is avalue.




Slide 313

• Recall the definition that (list . . .) is the Schemesyntax for declaring a list.

• Here is a crash course in the lambda syntax in Scheme:A lambda expression has the form(lambda <formals> <body>)

A formals expression has the form<formals> --> <variable> | (<variable>*) |

(<variable>+ . <variable>)

A body expression has the form<body> --> <definition>* <expression>+




Slide 313

Here is a crash course in the lambda calculus:lambda-expression ::= variable

| constant

| application

| abstraction

application ::= (lambda-expression)lambda-expression

abstraction ::= Lvariable.lambda-expression

The evaluation of lambda-expression is from the application of tworeduction rules.




Slide 313

• The α reduction rule says that we can consistently renamebindings of variables:

Lx .E → Lz .E [z/x ],

for any z which is neither free nor bound in E , where whereE [z/x ] means the substitution of z for x for any free occurrenceof x in E .

• The β reduction rule says that application of alambda-expression to an argument is the consistent replacementof the argument for the lambda-expression’s bound variable in itsbody:

(Lx .P)Q → P[Q/x ]

where P[Q/x ] means the substitution of Q for x for any freeoccurrence of x in P .




Slide 313

• To explain the ¬Rfirst(x , λ) part of Step7, recall Example 2 fromSlide 312.




Slide 314

Clarify where the recursive part that goes along with Step8 iscaptured.




Slide 320

• For Step15, change (y 6= name) to (¬Rfirst(y , name)).




Slide 322

• A fully worked out example of all this is really needed!



Program Verification

Slide 333

• All states should state the value of the variable x , forconsistency.

Program Verification Slide 333 317/383



Slide 335

• Note that a Hoare triple is any triple of the correct form,whether it makes sense or not.

• The good Hoare triples are the ones that are satisfied underpartial correctness.

• The best Hoare triples are the ones that are satisfied under totalcorrectness.




Slide 336

• As on Slide 334, the statement should be “Compute a numbery , whose square is...”

• Change the multiplication symbol from · to ∗ for consistencywith the next slide.




Slide 337

• When we say “hold” here, we really mean “are satisfied underpartial correctness”, as defined below.




Slide 344

• If we remove the precondition, then our program might neverterminate, e.g. if we take x = −1 then the program will runforever.

• The program either runs forever (if x < 0), or satisfies thepost-condition when it terminates (if x ≥ 0).

• So partial correctness still holds, but termination does not.

• Hence total correctness does not hold.




Slide 345

• Note that because x gets modified during execution, the desiredpost-condition can never be satisfied.




Slide 346

• The logical variable x0 keeps track of the number whose factorialwe need to compute.

• This example is a modification to Example 5 from slide 345.




Slide 347

• Explanation of the last statement: The question of whetheran arbitrary program terminates is called the halting problem.

• The halting problem is known to be undecidable.

• This means that no algorithm exists that can answer thequestion in general.

• We will prove this by the end of the course.




Slide 350

• The Assignment rule is

∅ `par {Q[E/x ]}︸︷︷︸precondition

x = E︸︷︷︸program

{Q}︸︷︷︸postcondition

.

• The rule for assignment has no premises and is therefore anaxiom of our logic.

• It tells us that, if we wish to show that Q holds in the state afterthe assignment x = E , we must show that Q[E/x ] holds beforethe assignment (so that the Hoare triple given in the statementof the Assignment rule satisfies partial correctness).

• Several explanations may be required to understand this rule.




Slide 350

• At first sight, it looks as if the rule has been stated in reverse;one might expect that, if Q holds in a state in which we performthe assignment x = E , then surely Q[E/x ] holds in the resultingstate, i.e. we just replace x by E . In other words, one mightsuspect that the rule should actually be

{Q}︸︷︷︸precondition

x = E︸︷︷︸program

{Q[E/x ]}︸︷︷︸postcondition

.

(Note that the text gets the notation for the substitutionbackwards at this point.) This is wrong. It is true that theassignment x = E replaces the value of x in the starting state byE , but that does not mean that we replace occurrences of x in acondition on the starting state by E .




Slide 350

• For example, let Q be x = 6 and E be 5. Then

{x = 6}x = 5{5 = 6}

is not satisfied under partial correctness: given a state in whichx equals 6, the execution of x = 5 results in a state in which xequals 5. But Q[x/E ] is the formula 5 = 6 which holds in nostate.

• The right way to understand the Assignment rule is to thinkabout what you would have to prove about the initial state inorder to prove that Q holds in the resulting state. Since Q willin general be saying something about the value of x , whateverit says about that value must have been true of E , since in theresulting state the value of x is E . Thus, Q with E in place of xwhich says whatever Q says about x but applied to E must betrue in the initial state.




Slide 351

• In the notation of the rule, we take

Q = (x = 7)

E = y + 1.




Slide 352

• To match earlier notation, change P to Q here.




Slide 354

• Preconditions: {y > 0}• To match earlier notation, change P to Q here.




Slide 355

• The assignment rule gives the last three lines, exactly as in theexample on Slide 351.




Slide 356

• See Slide 359 for an example of applying this composition rule.




Slide 359

• The proof witnessing∅ ` ((x = x0) ∧ (y = y0))→ ((y = y0) ∧ (x = x0)) is left as an(easy) exercise.




Slides 364 and 365

• Apply the assignment rule with

x = max

E = x

Q = (max ≥ x).

Program Verification Slides 364 and 365 334/383



Slide 371

• Correct the typo in the statement of Implied (b):

∅ ` ((x ≤ y)→ (((x > y) ∧ (y = x)) ∨ ((x ≤ y) ∧ (y = y)))).




Slide 376

• Remark: This is our code from an earlier example to computey = x!.




Slide 378

• Remark: For the while template, we take P = I , and handleimplications before “while” according to the assignment rule,and the global precondition for the program.




Slide 379

Proof that {((y = z!) ∧ (z = x))} ` (y = x!): (The last line of theproof in the Lecture Slides is a bit too fast.)

1. ((y = z!) ∧ (z = x)) Premise

2. (y = z!) ∧e : 1

3. (z = x) ∧e : 1

4. (z! = x!) EQSubs [f (u) = u!]: 3

5. (y = x!) EQTrans : 2, 4




Slide 382

• Remark: Taking i = n + 1 witnesses that Implied(c) is false.




Slide 384

• Remark: A general proof of termination must be written basedon the formula B in the while statement (however complicated itmay be).




Slide 390

A{1← 7}{2← 14}[2] = 14

A{1← 7}{2← 14}{3← 21}[2] = 14

A{1← 7}{2← 14}{3← 21}[i ] =

7 if i = 114 if i = 221 if i = 3A[i ] otherwise




Slide 395

• We have proved that the given Hoare triple is satisfied underpartial correctness.

• Since there are no loops, the program always terminates.

• Hence the given Hoare triple is satisfied under total correctness.




Slide 396

• Assume that R is an array having elements indexed 1, . . . , n.

• For consistency with what follows, we change the “while”statement towhile (j <= floor(n/2)) .

We reproduce the revised code here.j = 1 ;

while (j <= floor(n/2)) {t = R[j] ;

R[j] = R[n+1-j] ;

R[n+1-j] = t ;

j = j + 1 ;

}




Slide 397

• Let rx denote the x th element of the array R , at the start ofprogram execution. The rj are logical variables.

• Let x be some index in the range 1, . . . ,⌊

n2

⌋.

• Correct the second statement under the “Invariant?’ line to read:If j ≤ x ≤

⌊n2

⌋, then no exchange has happened yet.

• Let Inv ′(j) be the formula

(∀x ((1 ≤ x < j)→ ((R[x ] = rn+1−x ) ∧ (R[n + 1− x ] = rx )))∧ ((j ≤ x ≤

⌊n2

⌋)→ ((R[x ] = rx ) ∧ (R[n + 1− x ] = rn+1−x )))).

Then as in the earlier examples, we need to take

I =(

Inv ′(j) ∧(

j ≤⌊n

2

⌋+ 1))

as our loop invariant formula, in order to make the finalimplication in our proof work out.




Slide 398

• The loop invariants should all be

I =(

Inv ′(j) ∧(

j ≤⌊n

2

⌋+ 1))

.

• We correct the annotation of the program on the next slide.




Slide 399

Here is the annotated program. Note, we could enforce the formula (n ≥ 0) throughout theannotation, but we will not bother.(| (∀x ((1 ≤ x ≤ n)→ (R[x] = rx ))) |)(|(Inv ′(1) ∧

(1 ≤

⌊n2

⌋+ 1

))|) Implied(a)

j = 1 ;(|(Inv ′(j) ∧

(j ≤

⌊n2

⌋+ 1

))|) Assignment

while (j <= floor(n/2)) {(|((

Inv ′(j) ∧(j ≤

⌊n2

⌋+ 1

))∧

(j ≤

⌊n2

⌋))|) partial-while

(|((Inv ′(j + 1)[R′/R]) ∧

(j ≤

⌊n2

⌋)), where R′ is

R{j ← R[n + 1− j]}{n + 1− j ← R[j]} |) Implied(c)

t = R[j] ;(| ??? |) AssignmentR[j] = R[n+1-j] ;(| ??? |) AssignmentR[n+1-j] = t ;(|(Inv ′(j + 1) ∧

(j + 1 ≤

⌊n2

⌋+ 1

))|) Lemma

j = j + 1 ;(|(Inv ′(j) ∧

(j ≤

⌊n2

⌋+ 1

))|) Assignment

}(|((

Inv ′(j) ∧(j ≤

⌊n2

⌋+ 1

))∧

(¬(j ≤

⌊n2

⌋)))|) partial-while

(| (∀x ((1 ≤ x ≤ n)→ (R[x] = rn+1−x ))) |) Implied(b)

• The argument for Implied(c), involving R′, is outlined on Slide 400.• The justification for the Lemma is that the three assignment lines simply swap the

entries R[j] and R[n + 1− j] (by the earlier “baby” example of verifying a single swap),and the usual approach to constructing a correct precondition from a givenpost-condition, with an assignment between.




Slide 400

• The slide justifies Implied(c). Everything is clear from the definitions,except possibly the entry (x = j).

• The hypothesis for (x = j) is

((R[j ] = rj ) ∧ (R[n + 1− j ] = rn+1−j )).

• The conclusion for (x = j) is

((R ′[j ] = rn+1−j ) ∧ (R ′[n + 1− j ] = rj )).

• By the definition for R ′, we have

R ′[j ] = R[n + 1− j ] = rn+1−j , and

R ′[n + 1− j ] = R[j ] = rj ,

so that everything knits together as required.




Slide 400

• Implied(a) (not argued in the slides) reads((∀x ((1 ≤ x ≤ n)→ (R[x ] = rx )))→

(Inv ′(1) ∧

(1 ≤

⌊n2

⌋+ 1)))

Inv ′(1) reads

(∀x ((1 ≤ x < 1)→ ((R[x ] = rn+1−x ) ∧ (R[n + 1− x ] = rx )))∧ ((1 ≤ x ≤

⌊n2

⌋)→ ((R[x ] = rx ) ∧ (R[n + 1− x ] = rn+1−x )))).

Since no x can satisfy (1 ≤ x < 1), there is nothing to check in thefirst clause. The second clause is simply the given precondition, sothe required implication holds.




Slide 400

• Implied(b) (not argued in the slides) reads(((Inv ′(j) ∧

(j ≤

⌊n2

⌋+ 1))∧(j >

⌊n2

⌋))→ (∀x ((1 ≤ x ≤ n)→ (R[x ] = rn+1−x )))

)Recall that Inv ′(j) reads

(∀x ((1 ≤ x < j)→ ((R[x ] = rn+1−x ) ∧ (R[n + 1− x ] = rx )))∧ ((j ≤ x ≤

⌊n2

⌋)→ ((R[x ] = rx ) ∧ (R[n + 1− x ] = rn+1−x )))).

From(j ≤

⌊n2

⌋+ 1)

and(j >

⌊n2

⌋), we conclude that j =

⌊n2

⌋+ 1. Hence

we can re-write Inv ′(j) as

(∀x ((1 ≤ x <⌊

n2

⌋+ 1)→ ((R[x ] = rn+1−x ) ∧ (R[n + 1− x ] = rx )))

∧ ((⌊

n2

⌋+ 1 ≤ x ≤

⌊n2

⌋)→ ((R[x ] = rx ) ∧ (R[n + 1− x ] = rn+1−x )))).

No x satisfies the second clause, so there is nothing to check there. Thefirst clause implies the desired program post-condition, and so we arefinished.




Slide 400

• So far we have argued that the given Hoare triple is satisfied underpartial correctness.

• We still need to argue that the program always terminates, so thatthe given Hoare triple is satisfied under total correctness. Take theloop variant to be

⌊n2

⌋+ 1− j . The rest is an exercise.

• It is a homework task for Collin to re-do the annotation, removingthe Lemma, and checking the assignments that perform the swapone line at a time.




Slide 410

• The first example satisfies the specification, but destroys thearray content! So we need to refine the example on the followingslides.




Slide 411

• Recall that a permutation on a set X is a bijection from X toitself.• For example, if X = {1, 2, 3}, then the function

f : X → X1 7→ 22 7→ 13 7→ 3

is a permutation on X .• If we agree to write the elements of X in a particular order,

then we can think of the above permutation as taking [1 2 3] to[2 1 3].

• This second interpretation of a permutation is the better one forour purposes in sorting lists here.




Slide 414

• Example: Suppose A = [1 5 8 3] is already sorted up to positionk = 4 (i.e. the elements from 1 up to k − 1 = 3 are already inthe correct order, and we are about to insert element k = 4).Then to insert A[4] = 3, we loop through the sorted part of thearray from the right, until we find the first element A[j ] such thatA[j ] ≤ A[4], then insert A[4] between A[j ] and A[j + 1]. We get

8 = A[3] 6≤ A[4] = 3

5 = A[2] 6≤ A[4] = 3

1 = A[1] ≤ A[4] = 3,

and so we insert A[4] between j = 1 and j = 2. After theinsertion, we obtain that sorted array: A = [1 3 5 8].




Slide 415

• The proof of correctness is on a09.




Slide 416

• Example: Suppose A = [5 1 3 8]. Arbitrarily choose our pivotvalue to be the first array element, namely 5. Then partitioningthe list gives 5 1 3︸︷︷︸

≤5

8︸︷︷︸>5

.Then we recursively sort each side separately.

• General Remark: In an annotation, if the same implication isrequired at multiple places, then prove it once (as a Lemma),then refer to it as often as needed in the body of the annotation.



Decision Problems

Slide 429

• These examples from the Slide are decidable:• Given a formula of propositional logic, is it satisfiable?• Given a positive integer, is it prime?

• By the end of the section, we will show that these examplesfrom the Slide are undecidable:• Given a multivariate polynomial equation, does it have any

integer solutions?• Given a program and input, will the program terminate on the

input?

Decision Problems Slide 429 356/383


Decision Problems

Slide 430

• Correct “Sometime” to “Sometimes”.



Decision Problems

Slide 432

• It is important to point out that the algorithm must alwayscomplete after finitely many steps.

• We say that a function is computable if there is an algorithmthat a computer could execute to compute it.

• Decidable problems and computable functions are closelyconnected.

• For more details about decidable problems and computablefunctions, take CS 360.



The Halting Problem

Slide 434

• On this Slide, we present a more concise argument that theHalting Problem is undecidable.

• Assume that the definition (define (halts? P I) ...)

satisfies the contract on Slide 434.• Define the scheme program, C:

( define (diagHalts? P)

cond ( [ (halts? P P) (loop loop) ]

[ #t #f ]

)

)

• Here, I wave my hands over the fact that any program and anyinput can be encoded into a natural number, so that using theidentifier for a program as input to a program makes sense.

• We could explain how this could be done systematically, if wehad enough time.

The Halting Problem Slide 434 359/383


The Halting Problem

Slide 434

• Now consider the question of whether C halts when processinginput C.

• If C halts when processing input C, then• (halts? C C) halts and returns #t .• By the first clause in the cond statement, C runs forever when

processing input C.• This is a contradiction.

• If C runs forever when processing input C, then• (halts? C C) halts and returns #f .• By the second clause in the cond statement, C halts when

processing input C.• This is a contradiction.

• All possibilities lead to contradiction.

• Therefore we are done.



The Halting Problem

Slide 443

• This is an informal definition of a Turing reduction whichsuffices for our purposes in CS 245. For the formal definition ofa many-to-one reduction, take CS 360.

• If the array has an even number, n, of elements, then its medianelement is the average of the elements in positions n

2and n

2+ 1

(the average of the two middle elements).

• If the array has an odd number, n, of elements, then its medianelement is the element in positions n+1

2(the middle element).



The Halting Problem

Slide 444

• The first bullet says “If there is a reduction from A to B, and Bis decidable, then A is also decidable”.

• The second bullet says “If there is a reduction from A to B, andA is undecidable, then B is also undecidable”.

• Note that the second bullet is just the contrapositive of the first.



Other Undecidable Problems

Slide 447

• Remark: This is an example of a reduction.

• If you want to learn more about reductions, then take CS 360.

• The instruction “Base the formula on Step” refers to thegeneralized technique of translating from Scheme into FOL, onSlides 262-282.

Other Undecidable Problems Slide 447 363/383



Slide 448

• Post’s Correspondence Problem is the question: “Given aninstance of PCP, does a solution exist?”

• Post’s Correspondence Problem is undecidable.

• See pp132-135 of the text for the connection between Post’sCorrespondence Problem and the undecidability of whether anarbitrary formula of FOL is valid.

• For another application of Post’s Correspondence Problem (toprove that a decision problem about Context-Free Languages isundecidable), take CS 360.




Slide 449

• Correct “imput” to “input”.




Decision Problems About Languages

General Remarks About Undecidability

• Saying that a decision problem is undecidable is stronger thansaying that we have not yet found an algorithm to solve it.

• A decision problem is undecidable if and only if no algorithmexists to answer it in general.

Other Undecidable Problems Decision Problems About Languages 366/383





• Many nice decision problems are stated in terms of membershipin some formal language.

• So here we introduce some common terminology to enable us todiscuss such problems.





Definitions

• Alphabet: Finite set of symbols, usually denoted ΣExamples:• Binary alphabet: Σ = {0, 1}• Latin alphabet: Σ = {a, b, . . . , z}• Unary alphabet: Σ = {1}.

• A string is an ordered sequence of alphabet symbols. Strings arealso called words.Examples of words: rover, 1010110

• Denote the length of the string x by |x |.All of our strings all have finite length.

• Empty string: εLength of the empty string: |ε| = 0.





String Concatenations

Concatenation:

• One string after another

• Example: if x = car , y = rot, then xy = carrot.

• Not surprising: if x = ε, then xy = y .

• Length of a concatenation equals sum of lengths:|xy | = |x |+ |y |.





Languages

Σ∗: All finite strings over alphabet Σ

Language: a subset of Σ∗.

• That is, a set of strings over Σ.• Some languages are finite; others are not.

Examples:

• {1, 01, 001, 0001, . . .}• {cat, dog , hamster}• {aa, abab, abbabb, abbbabbb, . . .}• {ε, 0, 1, 00, 01, 10, 11, 000, 001, 010, . . .}• ∅

The second last of these is just {0, 1}∗.

We can describe languages by rules, or by listing all their elements.Other Undecidable Problems Decision Problems About Languages 370/383





• With a language L ⊆ Σ∗ in mind, a typical decision problemabout L is

Given any word w ∈ Σ∗, is w ∈ L?

• Recall that an algorithm to answer this question must give thecorrect answer in finitely many steps, for any w ∈ Σ∗.

• We say that the language L is decidable if and only ifmembership in L is decidable.

• The question of membership in a language has some content:Let L = {1, 01, 001, 0001, . . .}. Then• 00001, 00000000001 are examples of words in L, while• 10110, 011, ε are examples of words not in L.






• Examples (with Σ = {0, 1}):• If L ⊆ Σ∗ is finite, then membership in L is decidable.• If L = {0}∗ ⊆ Σ∗, then membership in L is decidable.• If L = {0i 1i | i ≥ 0} ⊆ Σ∗, then membership in L is decidable.





Example - Proving a Language is Decidable

Problem: Let Σ be a non-empty finite alphabet. Let L1, L2 ⊆ Σ∗ bedecidable languages. Prove that

L1 ∪ L2 = {w ∈ Σ∗ | w ∈ L1 or w ∈ L2} ,

the union of L1 and L2, is also decidable.

Solution: It suffices to exhibit an algorithm to decide membership inL1 ∪ L2.





Example - Proving a Language is Decidable

This algorithm decides membership in L1 ∪ L2.

• Let w ∈ Σ∗ be arbitrary.

• Decide whether w ∈ L1. If so, then halt and indicate thatw ∈ L1 ∪ L2.

• Otherwise, we know that w /∈ L1. Decide whether w ∈ L2. If so,then halt and indicate that w ∈ L1 ∪ L2.

• Otherwise, halt and indicate that w /∈ L1 ∪ L2.

By construction, this algorithm decides membership in L1 ∪ L2, andso we are finished.





Strategy - Proving a Decision Problem is NotDecidable

• Suppose we want to prove a given decision problem (e.g.membership in a language L) is not decidable.

• There are many techniques for writing such a proof. Take CS360 to see examples.

• In CS 245, our one template for proving this is• For a contradiction, assume L is decidable.• Argue that with this assumption, we can decide the Halting

Problem.• Since the Halting Problem is undecidable, this is a contradiction.

• This week’s tutorial notes will show some examples.





Example - Proving a Decision Problem is NotDecidable

Problem (from a10 Study Exercises): Show that the followingproblem is undecidable:

Given a Hoare triple (|α |) C (| β |), is it satisfied underpartial correctness?

That is, show that an algorithm to decide partial correctness wouldafford an algorithm to decide the Halting Problem.

Hint: Explain how, given a pair (P I), you can specify α, C and β,such that the partial correctness of (|α |) C (| β |) relates to thehalting (or not) of (P I).






Solution: Let (P I) be any candidate for the Halting Problem. Wewill construct our Hoare triple so that (P I) halts if and only if{α}C{β} is not partially correct. The key fact to remember is thatany Hoare triple in which the code fails to terminate is triviallysatisfied under partial correctness. Now consider the following Hoaretriple:

(| true |)Run P with input I

x = -1;

(| x > 0 |)






Assuming that we have a decider for partial correctness, we constructa decider for the Halting Problem according to the followingalgorithm:

• Run the decider for partial correctness on the above Hoare triple.• If the decider indicates that the Hoare triple is satisfied under

partial correctness, then output “(P I) does not halt”.• If the decider indicates that the Hoare triple is not satisfied

under partial correctness, then output “(P I) halts”.

By construction, this algorithm decides the Halting Problem. Sinceno decider for the Halting Problem can exist, therefore a decider forpartial correctness also cannot exist.





Question from the Class: Suppose we have a Scheme program, C,which accepts a candidate (P I) for the Halting Problem. Supposethat the logic of C is

• If (P I) halts, then C runs forever on input (P I), and

• If (P I) runs forever, then C halts on input (P I).

Can we use C to decide the Halting Problem?

Answer: With the machinery of CS 245, I do not yet see how to usethis program C to decide the Halting Problem. The difficulty withapplying CS 245 techniques to this question is that our C is not adecider, as it can run forever. I will prove directly that no program C

as described exists. I will sketch a proof that having C would allow usto decide the Halting Problem, using Turing machines, which areintroduced in CS 360.





Proof that no program C as described exists:

• For a contradiction, assume that C as described exists.

• Declare the following program, called D:

( define (diagTest P)

cond ( [ (C P P) #t ]

[ #t #f ]

)

)





• Now consider the question of whether D halts when processinginput D.

• If D halts when processing input D, then• (C D D) runs forever,• hence D runs forever when processing input D.• This is a contradiction.

• If D runs forever when processing input D, then• (C D D) halts,• hence D halts when processing input D.• This is a contradiction.

• All possibilities lead to contradiction.

• Therefore we are done.





Sketch of a proof having C would allow us to decide the Halting Problem(using Turing machines as in CS 360):

• The key fact to use that that if a language L and itscomplement L′ are both recursively enumerable (i.e. recognizedby some Turing machine), then L is decidable (i.e. recognized bya Turing machine that always halts).

• Hence if we can construct a Turing machine to enumerate theset of pairs (P I) such that (P I) halts, and another Turingmachine to enumerate the set of pairs (P I) such that (P I)

runs forever, then we can use the above fact to decide theHalting Problem.





• The enumerator for the set of pairs (P I) such that (P I) haltsis a non-deterministic Turing machine that systematicallyexecutes each candidate (P I) and enumerates the pairs thathalt.

• The enumerator for the set of pairs (P I) such that (P I) runsforever is a non-deterministic Turing machine thatsystematically tests each candidate (P I) by running (C P I)

and enumerates the pairs (P I) such that (C P I) halts.


cs 245 - additional notescs245/instructor...cs 245 - additional notes semantics of propositional...

Documents