run4

7/24/2019 run4

1/22

Chapter 4

Relaxing the Proof Style

In the previous chapter, we defined propositional calculational logic, dis-cussed proof strategies and heuristics, and proved many theorems. In

this chapter, we introduce some flexibility in the proof format. First, we in-troduce an extension of our proof format in order to shorten some proofs ofimplications. Second, we show how to present proofs in a less formal style,

without sacrificing rigor. In doing so, we relate classical proof methods totheorems of propositional logic.

4.1 An abbreviation for proving implications

Step away from propositional formulas for a moment and consider arith-metic. Suppose b= d 1 holds. Since d 1< d , we infer b < d . We areproving b < d using a law of transitivity, X=Y Y < Z X < Z.

We can extend our proof format of Sec. 1.4 and give this proof of b < das shown below. In this proof, we are making implicit use of the law X=Y Y < Z X < Z.

b

= Some hintd 1

< Definition of < d

A similar proof format can be used whenever we have a relation (say)that satisfies transitivity laws like X=Y Y Z X Z and B C C D B D. (We already have transitivity of equality.) In particular,we can extend the proof format for propositional calculus in this fashionbecause of theorems (3.90a)(3.90c). Given P Q and Q R , wewould demonstrate that P R holds using the following proof.

P

= Why P Q Q

Why Q R R

7/24/2019 run4

2/22

80 4. Relaxing the Proof Style

Formally, in order to accept proofs in this new format, we have to showthat we can translate such a proof into a proof of P R that does not usethe extension. Here is the proof (note that it uses the same two theorems).

(P Q) (Q R) (P R) Transitivity (3.90b)= Redundant true: Why P Q

true (Q R) (PR)= Redundant true: Why Q R

true true (P R)= Idempotency of (3.43); Left identity of (3.80)

PR

Generalizing, we allow any number of steps and steps to be used inthe extended proof format. Similarly, from a sequence of and stepswe conclude that the first expression is a consequence of the last.

Using inference rule Modus ponens

Suppose we have a proof of P Q as shown to the left below.

P P reference to theoremP WhyP P1 WhyP P1

P1 P1. . . . . .

Pn Pn WhyPn Q WhyPn Q

Q Q

Suppose in addition that P is a theorem. Then, by Modus Ponens (3.92),

P, P Q

Q,

we conclude that Q is a theorem as well. In such situations, we indicatethe use of inference rule Modus ponens by placing a reference to theoremP to its right, as shown to the right above.

Metatheorem Monotonicity

We may now use proof steps of the form shown to the left below. But whatif P P1 is a theorem and we want to replace an occurrence of P thatis within the formula, as in the example to the right below? Can we dothis? And if we can, do we use implication or consequence in placeof the question mark?

7/24/2019 run4

3/22

4.1. An abbreviation for proving implications 81

P Q (P R) R Why P P1 ? . . .Why P P1. . .

P1 Q (P1 R) R

The answer to this question is given by Metatheorem Monotonicity (4.3),below. We begin our introduction to this metatheorem with the notions ofmonotonicityand antimonotonicity.

You know that x + 4 x+ 5 . This is because operation x+ y ismonotonic in its operands: increasing the value of an operand increases thevalue of the operation.

On the other hand x 4 x 5 . Operation is monotonic in its firstoperand but antimonotonic in its second operand: increasing the value of

the second operand decreases the value of the operation.

In terms of functions, we say: If x y implies f.x f.y, then fis monotonic in its argument; if x y implies f.x f.y , then f isantimonotonic in its argument.

The notion of monotonicity carries over to the boolean domain as well.

Definition. For a metavariable Vthat occurs exactly once in ex-pression E, and for boolean function f:

E is monotonic in positionV iff (PQ) (EVP EVQ)

E is antimonotonic in positionV iff (PQ) (EVP EVQ)

f is monotonic in its argumentiff (P Q) (f.P f.Q)

f is antimonotonic in its argumentiff (P Q) (f.P f.Q)

(4.1)

As an example, we know that PR is monotonic in position P, and wealso know that P P Q is a theorem. Hence, we can use the followingstep in a proof. The hint Monotonicity: ... tells us that we are using thefact that expression P Q is monotonic in position P.

P R Monotonicity: P P Q

(P Q) R

In order to use monotonicity and antimonotonicity arguments, we needto know which positions in an expression are monotonic or antimonotonic.

The following definition is central to this issue.

Definition. Let metavariable Voccur exactly once in an expres-sion E, but not within an operand of an equivalence (or inequiva-lence). Then the position ofV has even parity in Eif it is nestedwithin an even number of negations and antecedents; otherwise, ithas odd parity.

(4.2)

7/24/2019 run4

4/22


Examples. We give the parity of the position of V in several expres-sions. The third column gives the number of antecedents and the fourththe number of negations in which V occurs.

formula ante- nega- parity of cedents tions position of V

(a) V 0 0 even(b) V 0 1 odd(c) V 0 2 even(d) p q V 0 0 even(e) p V q 1 0 odd(f) p V q 1 1 even(g) ((p q) V) q 1 2 odd(h) p V q parity undefined;V in an equivalence

We can now state Metatheorem Monotonicity, which shows how simpleit is to determine whether a position in a boolean expression is monotonicor antimonotonic.

Metatheorem Monotonicity. A position in a boolean expres-sion is monotonic (antimonotonic) precisely when the parity of theposition is even (odd). In more detail: Suppose P Qis a theo-rem. LetEbe an expression with one occurrence of a metavariableV. Then:

(a) If the parity ofV in E is even, EVP EVQ is a theorem.

(b) If the parity ofV in E is odd, EVP EVQ is a theorem.

(4.3)

Metatheorem monotonicity (4.3) can be written as two derived inferencerules:

Monotonicity: P Q

E[V:= P] E[V:= Q]

(forV with evenparity in E)

(4.4)

Antimonotonicity: P Q

E[V:= P] E[V:= Q]

(forV with oddparity in E)

(4.5)

A proof of this theorem must await the introduction of mathematicalinduction; see Exercise 11.60 of Chap. 11. Here, we content ourselves withgiving a few examples of its use. To the left, below, is a proof step, in whichP is being replaced by P Q . We wonder what operator to use in place of ? . The parity of P in P R is even. Therefore, use the same operatorthat appears in the hint, , and write the step as shown to the right.

7/24/2019 run4

5/22

4.1. An abbreviation for proving implications 83

P R P R? P P Q (3.83) Monotonicity: P P Q

(P Q) R (P Q) R

Below is another example. The parity of P in P R is odd. Therefore,use the opposite operator, , to the one that appears in the hint and writethe step as shown to the right. Note the use of the word Antimonotonicityin the hint to alert the reader to the fact that the parity of the expressionbeing replaced is odd.

P R P R? P P Q (3.83) Antimonotonicity: P P Q

P Q R (P Q) R

The final example below makes an important point. Since the expressionP Q is being replaced, it must appear first in the formula in the hint, sothe hint is written not as P P Q but as P Q P. Then, sincethe position of P Q in the first formula is even, the step uses the sameoperator as the hint: .

(P Q) R Monotonicity: P Q P (3.83)

P R

The metatheorem requires that the position under consideration notbewithin an operand of because is neither monotonic nor antimonotonicin its operands. This can be seen by looking at Mutual implication (3.87):

P Q (P Q) (Q P)

In the RHS, P appears in both a monotonic and an antimonotonicposition, and that would imply that the position of P in the LHS is neithermonotonic nor antimonotonic. We can also see the need for the restrictionby noting that p trueis a theorem but these two expressions are not:

(p q) (true q) (IN V ALID)

(p q) (true q) (IN V ALID)

Five basic monotonicity theorems

We mentioned above that we wont prove Metatheorem Monotonicity untilChap. 11. However, we can give five basic theorems on which its proof rests.These theorems state which operands of the connectives , , , and are monotonic and which are antimonotonic.

7/24/2019 run4

6/22


Monotonicity theorems

Monotonic : (P Q) (P R Q R)(4.6)

Monotonic : (P Q) (P R Q R)(4.7)

Monotonic consequent: (P Q) ((R P) (R Q))(4.8)

Antimonotonic: (PQ) (P Q)(4.9)

Antimonotonic antecedent:(4.10)

(P Q) ((P R) (Q R))

We prove (4.6), without using Metatheorem Monotonicity, and leave theproofs of theorems (4.7)(4.10) to exercises.

We begin with the consequent of (4.6), since it has more structure, andtransform it into the antecedent, keeping in mind the goal, antecedentP Q . The first step is to eliminate the implication. Any of the threedefinitions of implication (3.65), (3.66), and (3.63) could be used for this.Here, we use (3.65) so that all the operators on both sides of the resultingequivalence are disjunctions. For the step of weakening or strengthening(which puts or as the operator in the left column), (3.83a), (3.83b),and (3.83c) are often useful.

P R Q R= (3.65), PQ P Q Q

P R Q R Q R= Idempotency of (3.31)

P Q R Q R= Distributivity of over (3.32),

with P,Q,R:= R, P Q, Q (P Q Q) R

Weakening (3.83a)P Q Q

= (3.65) againP Q

4.2 Additional proof techniques

When dealing with proofs of boolean expressions, our calculational logicsuffices. When dealing with other domains of interest (e.g. integers, se-quences, or trees), where we use inductively defined objects, partial func-

7/24/2019 run4

7/22

4.2. Additional proof techniques 85

tions, and the like, additional proof techniques become useful. In this sec-tion, we introduce these techniques. In doing so, we begin looking at therelation between formal and informal proofs.

Assuming the antecedent

A common practice in mathematics is to prove an implication P Q byassuming the antecedent P and proving the consequent Q . By assumingthe antecedent we mean thinking of it, momentarily, as an axiom and thusequivalent to true. In the proof of consequent Q , each metavariable in thenew axiom P is treated as a constant, so that instantiation cannot be usedto replace it. Later, we discuss the need for this restriction.

We justify this method of proof with the following metatheorem.

(Extended) Deduction Theorem. Suppose adding P1, . . . , Pnas axioms to calculational propositional logic, with the metavari-ables of the Pi considered to be constants, allows Q to be proved.Then P1 . . . Pn Qis a theorem.

(4.11)

The proof of this metatheorem involves showing how a proof of Q usingP1, . . . , Pn as additional axioms can be mechanically transformed into aproof of P1 . . . Pn Q . The description of the transformation is longand tedious, and we do not give it here.

Below, we give a proof of P Q (P Q) using metatheorem(4.11). The proof illustrates how we write in English that the conjuncts ofthe antecedent are assumed, or added as axioms to the logic.

Proof. To prove P Q (P Q) , we assume the conjuncts of itsantecedent and prove its consequent:

P

= Redundant true: Assumption Ptrue

= Redundant true: Assumption Q Q

FIGURE 4.1. Stylized Proof By Assuming the Antecedent

Proof of: P1 Pn QAssume P1, . . . , P n

(proof of Q , using Pi and Pi true for 1 i nas theorems whose metavariables are constants)

7/24/2019 run4

8/22


In a long proof, it may be difficult to remember the assumptions. In thiscase, we place the assumptions at the beginning of the proof, as in thefollowing example. The first line indicates that a proof is being conductedby assuming the conjuncts of the antecedent and proving the consequent.

Assume P, QP

= Redundant true: Assumption Ptrue

= Redundant true: Assumption Q Q

Metatheorem (4.11) requires that all metavariables in the assumed ex-pression be viewed as constants throughout the proof of Q , so that instan-tiation cannot be used to replace them. The following incorrect proof of(B C) (D C) shows why this requirement is necessary. The proofis incorrect because B in the assumption is replaced using instantiation.

Assume B C (proof incorrect)D

= Assumption B C, with B:= D i.e. D CC

Proofs by assumption can be hierarchical. For example, below we prove

(P P) ((Q Q) (P Q P Q)) .(4.12)

Our proof assumes first P P and then Q Q . However, P P

is not in a suitable form for use in this proof; by (3.66), it is equivalentto P P P , and this formula is what is needed. Rather than writeand prove P P P separately, as a lemma, we give a proof within aproof, but it is not completely formal.

Proof of: (P P) ((Q Q) (P Q P Q))Assume P P (by (3.66), equivalent to P P P)

Proof of: (Q Q) (P Q P Q)Assume Q Q (by (3.66), equivalent to Q Q Q )

P Q= Assumption P P P

P P Q= Assumption Q Q Q

P P Q Q

Monotonicity: Weakening (3.83b)P Q

7/24/2019 run4

9/22


When proving a theorem by assuming the antecedent or by using theextended format of Sec. 4.1, it may help to first use Shunting (3.70) andImplication (3.63) to move conjuncts from the antecedent to the consequentand disjuncts from the consequent to the antecedent. For example, by thesetheorems, all the following expressions are equivalent:

P (Q R)

P Q R

P Q R

P R Q

As an example of the use of shunting, we prove the following theorem;some of the steps of the proof may appear to be rabbits, but that is becausewe have not yet introduced the laws of arithmetic.

x y +z y x f(f.x f.y)=f.z z

7/24/2019 run4

10/22


analysis can lead to an explosion in the number of cases to be consideredmuch like the use of nested conditional statements in programs, whichwe all know becomes unwieldy. However, case analysis cannot always beavoided, and we need good methods for handling it.

A three-case analysis is based on the following theorem.

(P Q R) (PS) (Q S) (R S) S(4.13)

The first conjunct of the antecedent indicates that at least one of the casesP, Q , and R is true in each state. The other conjuncts indicate that Sholds in each case. It should be clear that the same kind of theorem, as wellas the results of this subsection, will hold for any number of cases. Here,

we treat only the three-case analysis.

A format for a three-case analysis is given in Fig. 4.2. Using a three-caseanalysis, we can prove S by splitting the state-space into three parts P,Q , and R (which may overlap) and then proving that in each case Sholds. For example, suppose we define the Fibonacci numbers f.i for i anatural number by

f.i =

0 ifi = 01 ifi = 1f(i 1) +f(i 2) if i >1 .

A proof of some property of f is then likely to use the three-case analysis

suggested by this definition, looking separately at the cases i= 0 , i= 1 ,and i > 1 . Such a proof is almost forced by the three-part definition off although by noticing that f.i = i for 0 i 1 , a two-case analysismight suffice. In general, reducing the number of cases used in defining anobject can reduce the work necessary for proving its properties.

FIGURE 4.2.Stylized Proof By Case Analysis

Prove of: S By cases: P, Q , R

(proof of P Q R omitted if obvious)Case P : (proof of P S)Case Q : (proof of Q S)Case R : (proof of R S)

7/24/2019 run4

11/22


Proof by partial evaluation

Another form of case analysis rests on theorem Boole (3.99):

E (V EVtrue) (V EVfalse) .

Using (3.99), we can justify the following derived inference rule, whichindicates that we can prove a theorem by considering two cases. In the firstcase, one of its variables is replaced by true, and in the second case, thatvariable is replaced by false. We call this approach Partial evaluationbecause replacing the variable by true and false often allows us to dofurther evaluation. We state partial evaluation as a derived inference rule.

Partial evaluation: E[V:= true], E[V:=false]

E(4.14)

We prove (4.14). Assuming the premises of the inference rule, we have,

E

= Boole (3.99)(V E[V:= true]) (V E[V:=false])

= Redundant true: Premises of (4.14)(V true) (V true)

= Identity of (3.44), twice; Excluded Middle (3.33)true

We illustrate the use of partial evaluation with two proofs of Contradic-tion (3.47), V V false; they should be compared to the calculationalproof requested in Exercise 3.30. The first proof is in English:

Proof. If V is true, then the LHS of the formula is true true, which,by Identity of (3.44) and Definition of false (3.15) is equivalent to

false. If V is false, then the LHS of the formula is false false, which,by Zero of (3.45) is equivalent to false. Hence, in both cases, the LHSis equivalent to falseand the formula is true. Therefore, by inference rule(4.14), the formula is true.

FIGURE 4.3.Stylized Proof By Partial Evaluation

Proof of: E By Partial evaluation

Case V:= true(proof of E[V:= true] )

Case V:= false(proof of E[V:=false] )

7/24/2019 run4

12/22


The second proof illustrates the stylized form of proof by partial evalu-ation, which makes the structure of the proof clearer.

Proof of: V V false By Partial evaluationCase V:= true

true true false= Identity of (3.44); Definition of false (3.15)

false false which is Reflexivity of (3.8)Case V:= false

false false false= Zero of (3.45)

false false which is Reflexivity of (3.8)

In addition to its use in proofs, inference rule (4.14) can be used to checkquickly if a formula could be a theorem. Choose a suitable variable and seewhat the value of the formula is when the variable is true and when itis false. If in either case the value is false, the formula is not a theorem.Such a check does not work so easily for other domains, like the integers,because there are too many different values of the variable to check.

Proof by mutual implication

A proof by mutual implication of an equivalence P Q is performed asfollows:

Proof method. To prove PQ, prove P Qand Q P.(4.15)

Such a proof rests on theorem Mutual implication (3.87), which we repeathere:

(P Q) (Q P) (P Q) .

Certain forms of calculational proof involve mutual implication in dis-guise. Consider a proof of P Q of the form:

FIGURE 4.4.Stylized Proof By Mutual Implication

Proof of: P Q By Mutual implicationCase P Q

(proof of P Q )Case P Q

(proof of P Q (or Q P))

7/24/2019 run4

13/22


P

= Hint

= HintP Q

= Hint

= HintQ

This proof establishes (P P Q) a n d (P Q Q) . SinceP P Q equivales Q P and P Q Q equivales P Q ,the proof establishes

(Q P) (P Q) ,

which is the LHS of Mutual implication (3.87). Hence, the proof is reallyjust a proof by mutual implication of P Q .

In Chap. 3, we used mutual implication to prove an equivalence onlyonce, even though we proved over 60 theorems (counting the exercises).Just like case analysis, a proof by mutual implication is generally goingto be longer than a direct proof that avoids it, and we suggest eschewingmutual implication where possible. However, there are situations wheremutual implication must be used to prove an equivalence P Q . Thisoccurs when the proofs of P Q and Q Prely on different properties.

Consider, for example, proving that a natural number is even exactlywhen its square is even. For this purpose, we use the following definitionsof i divides j, written i |j, and of even.i (for i and j integer).

Definition of |: i |j j = k . i (for some integerk )(4.16)

Definition of even: even.i 2 | i(4.17)

In the proof of the following theorem, notice how the first part relies onX = Y X. X = Y. Y while the second part relies on a theoremconcerning prime numbers.

Theorem.For any natural number i, even.i even(i . i).(4.18)

Proof of: (4.18) By Mutal implicationCase even.i even(i. i)

even.i

= Def. (4.17) of even ; Def. (4.16) of | i= 2 . k (for some integer k)

X=Y X. X= Y. Y (for integers X, Y )

7/24/2019 run4

14/22


i2 = (2. k). (2 . k) (for some integer k)= Arithmetic

i2 = 2 . (2. k2) (for some integer k) Def. (4.16) of | ; Def. (4.17) of even

even(i2)

Case even.i even(i . i)even(i. i)

= Definition of even 2 | i . i

2 is prime and for p a prime, p | b . c p | b p | c (a theorem about prime numbers)

2 | i 2 | i= Idempotency of (3.31)2 | i

= Definition (4.17) of even even(i)

Proof by contradiction

Another common practice in mathematics for proving a theorem P is toassume P is false and derive a contradiction:

Definition. A contradictionis an expression that is equivalent to

false.

(4.19)

The formal basis for a proof by contradiction is theorem (3.81), P false P. With the substitution P:= P, and using double negation(3.19), we derive the theorem

Proof by contradiction: P false P .(4.20)

Hence, having proved that P falseis a theorem, we can conclude thatP is a theorem as well.

Formula P false is often proved by assuming the antecedent P

FIGURE 4.5.Stylized Proof By Contradiction

Proof of: P By Contradiction

Assume P(proof of false)

7/24/2019 run4

15/22


and proving false. A shortcut is often taken: instead of proving falsedirectly, prove something that is obviously equivalent to false, like QQ .

This proof method is overused many proofs by contradiction can bemore simply written using a direct method. This overuse may arise fromtrying to do too much of the proof in English. As an example, consider thefollowing theorem and its English proof by contradiction, which was takenfrom a mathematics textbook.

Theorem. Let u be a left identity and v be a right identity ofoperator , i.e. u x= x and x v= x for all x. Thenu = v.

(4.21)

Proof. We assume u=v and prove a contradiction. Consider the expres-

sion u v . Since u is a left identity, this expression equals v ; since v is aright identity, this expression equals u ; hence, u= v , but this contradictsthe assumption u=v . Hence the assumption is false, and u= v .

Here is a much simpler, straightforward calculational proof.

u= v is a right identity

u v= u is a left identity

u

That the formal proof is much simpler is no accident. Using formal tools,and not even letting contorted English sentences come into ones thoughts,can often lead to simpler arguments. Let the formal tools do the work.

Here is a case where proof by contradiction is sensible. Consider writing afunction Halt that would test whether execution of an input-free program(or any imperative statement) halts. (By input-free we mean that theprogram does not read from files or refer to global variables.) The firstline, a comment, is a specification for Halt; it indicates that a functionapplication Halt(P) equivales the value of the statement P halts.

{Halt(P) P halts}function Halt(P :string) : bool;begin . . . end

Parameter P is a string of characters. Presumably, Halt analyzes P muchthe way a compiler does, but the compiler generates a program in somemachine language while Halt just determines whether P halts.

Function Halt would be very useful. However, Alan Turing proved inthe 1930s (see Historical note 4.1 on p. 94) that Haltcannot be written.

Theorem.Function Haltdoes not exist.(4.22)

7/24/2019 run4

16/22


HISTORICAL NOTE 4.1.Alan M. Turing (19121954)

Alan Turing is the legendary figure after whom the ACMs Annual Tur-ing Awardis named computer sciences equivalent of the Nobel Prize. Hisstature comes from work he did when he was 23 while on a student fellowshipat Cambridge University, work that was fundamental in a field that did notexist yet: computer science.

Turing was taken by Hilberts claim that mathematics would be decidable(see Historical note 6.1 on p. 120), i.e. in principle, there would be a me-chanical procedure for determining whether any statement was true or false.Turing developed an abstract form of computer (before computers existed)to carry out mechanical procedures. This mathematical computer, which nowbears the name Turing machine, is still of great interest today. Turing gaveconvincing evidence that the Turing machine was universal: any computablefunction could be written as a Turing machine. Using Turing machines, Tur-ing then proved that decidability was out of the question. For example, thehalting problem discussed on page 93 is undecidable; there is no procedure fordetermining in a finite time whether an arbitrary program will halt.

Turing was also a key player on the team at Bletchley that decipheredGerman messages during World War II. He was a prime developer of both theelectronics and the architecture of the British computer ACE (starting in 1945)and was the first to recognize the full potential of a stored-program computerthat could create its own instructions. A paper of his in 1949 is viewed as thefirst instance of a program-correctness proof.

The last two years of Turings life are a sad commentary on the times.

In 1952, Turing was charged with 12 counts of committing an act of gross

indecency with another male. He was a homosexual. Both men pleaded guilty,

but Turing felt no guilt and lived through the proceedings in a seeminglydetached manner. His punishment was a year of probation, during which he had

to take the female hormone estrogen to reduce his sexual libido. His intellectual

life went on as before. However, in June 1954, with no warning and no note

of explanation, he committed suicide by taking cyanide. (See the excellent

biography [25].)

Proof. Assume Halt exists and consider the following procedure.

procedure B ;begin while Halt(call B)do skipend

Note that the argument of the call on Halt in the body of B is a call onB itself. We observe the following.

call B halts= inspection of Bs procedure body

Halt(call B)= Definition of Halt see comment on function Halt

7/24/2019 run4

17/22


( call B halts)

We have derived a contradiction (of the form S S), so we havedisproved the assumption that Halt exists.

Proof by contrapositive

P Q and its contrapositive Q P are equivalent (theorem (3.67)).Hence, we can prove an implication by proving its contrapositive:

Proof method: ProveP Qby proving its contrapositive QP (see (3.67)).

(4.23)

It is difficult to say exactly when to use proof by contrapositive. Gener-ally, one resorts to it when a direct proof of P Q is not forthcoming andconsequent Q contains more specific or detailed information that mightbe helpful.

For example, consider proving x + y 2 x 1 y 1 . The conse-quent contains independent properties of x and y, while the antecedentcontains a property of both together, so this may be a case for a proof bycontrapositive. By Contrapositive (3.67), De Morgan, and arithmetic, thisformula is equivalent to x

7/24/2019 run4

18/22


Concluding remarks for Chapter 4

The extension in Sec. 4.1 to allow weakening/strengthening steps helpsshorten many proofs. In later chapters, this extension will be used often,and it should be thoroughly mastered.

Metatheorem Monotonicity (4.3) is not used much in this chapter, butit will be used more and more frequently in later chapters. If you are notsure of it, study it again and master it thoroughly.

We have discussed basic proof techniques that are usually used informallybut that have a formal basis in propositional logic. Deduction theorem(4.11) provides the technique of assuming the antecedent, and each of

(a) case analysis,(b) partial evaluation,(c) mutual implication,(d) contradiction, and(e) contrapositive

is based on a theorem of calculational propositional logic. Study each tech-nique: Be able to state the theorem or metatheorem on which it is basedand use it in several proofs. You will then have a solid grasp of manyfrequently used proof methods.

Exercises for Chapter 4

Exercises on an abbreviation for implications

4.1 Prove P (Q P) , using the method of Sec. 4.1. Start with theconsequent and remove the implication.

4.2 Prove Monotonic (4.7), (P Q) (P R Q R) , using themethod of Sec. 4.1. Start with the consequent, since it has more structure.

4.3 Prove Monotonic consequent (4.8), (P Q) ((R P) (R Q)) .

4.4 Prove Antimonotonic (4.9), (P Q) (P Q) .

4.5 Prove Antimonotonic antecedent (4.10), (P Q) ((P R) (QR)) .

4.6 Prove Weakening/strengthening (3.83d), P (Q R) P Q , using themethod of Sec. 4.1. Start with the antecedent, since it has more structure, anddistribute.

4.7 Prove (P Q) (R S) (P R Q S) , using the proof formatof Sec. 4.1. You may first want to remove the implications in the antecedent,distribute as much as possible, and then use theorem (3.83d) and an absorption

7/24/2019 run4

19/22

Exercises for Chapter 4 97

theorem.

4.8 Prove (P Q) (R S) (P R Q S) , using the proof formatof Sec. 4.1. Before using the proof format, you may first want to using Shunting(3.70) to move P R into the antecedent.

4.9 Prove (P Q R) (R Q) using the method of Sec. 4.1. Start withthe antecedent, since it has more structure, and use mutual implication.

4.10 State the parity of V in each expression (it may be undefined).

(a) q V(b) V q(c) V (p q)(d) (V p) q(e) (V p) q q(f) (V (p q)) q(g) p (V (p q))(h) (p (p q)) (V p) q(i) (V (p q)) p)(j) p V q p

4.11 Given an expression like q p , we may want to replace qby a weakerexpression. This requires determining the parity of V in V p . Alternatively,we could speak of the parity of the position of q in q P (which is theparity of V in V p ). Below are pairs of expressions. State the parity of theposition of the first expression in the second (it may be undefined).

(a) p : q p(b) second occurrence of q: q q(c) p q: (q (p q)) p

(d) p q: (q (p q)) p(e) p q: (p q) q q(f) p q: (z (p q)) q(g) (z (p q) : z (z (p q))(h) z p : (p (p q)) (z p) q(i) p : (z (p q)) p)(j) z q: p z q p

Exercises on additional proof techniques

4.12 Prove P (Q P) by the method of assuming the antecedent.

4.13 Prove (P Q) ((P Q) Q) by the method of assuming the

antecedent.4.14 Prove P Q (PQ) by the method of assuming the antecedent.

4.15 Prove (P P) (Q Q) (P Q P Q) by the method ofassuming the antecedent.

4.16 Prove Modus ponens (3.84), P (P Q) Q , by the method ofassuming the antecedent.

7/24/2019 run4

20/22


4.17 Prove the following theorem using Partial evaluation (4.14):

(P Q) R (P R) (Q R) .

4.18 Prove theorem (4.13), (PQR) (P S) (Q S) (R S) S.

4.19 Let x y be the minimum of integers x and y, defined by x y= (if xy thenx else y) . Prove that is symmetric, i.e. b c = c b . How many casesdo you have to consider? You may use the necessary rules of integer arithmetic,for example, that B C B = C B < C and that B < C C > B.And there are only two rules for the conditional expression:

(if true then x else y) = x(if false then x else y) = y

4.20 Prove by case analysis that is associative, i.e. that B (C D) =

(B C) D (see the previous exercise). How many cases do you have to consider,based on the definition of ?

4.21 Consider the discussion on page 90 that shows how a proof of P Q withP Q as an intermediate step can be viewed as a proof by mutual implication.Write a similar discussion to show how a proof of P Q with P Q as anintermediate step can be viewed as a proof by mutual implication.

4.22 Prove by contrapositive that if n2 is odd, n is odd, i.e. odd.(n2) odd.(n2) . Use the fact that n is even iff n= 2 . k for some integer k.

4.23 Prove by contrapositive that if x . y is even then x is even or y is even,i.e. even.(x . y) even.x even.y. Use the fact that n is even iff n= 2 . k forsome integer k.

Proof of the deduction theorem

We begin with a lemma.

Lemma.(P E)[V:= P X] (P E)[V:= X](4.24)

Proof. First, through a series of equivalence transformations, remove all occur-rences of , , and from Eto arrive at a formula E1 whose only operatorsare , , , and . Since these are equivalence transformations, we haveE E1 . Therefore, the lemma holds iff (P E1)[V:= P X] (P E1)[V:= X] .

Second, distributes over operators , , , and (theorems (3.69a)(3.69d)). In P E1 , distribute P inward to arrive at a formula E2in which in every subformula P W (for some W), W is a constant, avariable, or a metavariable. Further, every constant, variable, and metavariablein E2 is preceded by P . Since P E1 E2 , the lemma holds iffE2[V:= P X] E2[V:= X] .

Third, perform the substitutions shown in E2[V:= P X] E2[V:= X] toarrive at E3 E4 . Because this is an equivalence transformation, the lemmaholds iff E3 E4 .

7/24/2019 run4

21/22

Exercises for Chapter 4 99

Because of the form of E2 , the only difference between E3 and E4 is this:Wherever E4 contains P Xbecause of the substitution of X for V , E3contains P (P X) , also because of the substitution of X for V . ButP X P (P X) , as is readily shown (in the RHS, use Shunting (3.70)and Idempotency of (3.43) to arrive at the LHS). Therefore, E3 E4 , andthe lemma is proved.

We now prove the deduction theorem.

Deduction Theorem.Suppose adding Pas an axiom to calculationalpropositional logic, with the metavariables of P considered to be con-stants, allows Q to be proved. Then P Q is a theorem.

(4.25)

Extended Deduction Theorem (4.11) follows as a corollary to the deduction the-orem, based on Shunting (3.70), P0 P Q P (P0 Q) .

Assume we have a proof of Q given as a sequence of formulas S0, S1, . . . ,Sn where S0 is P (since P is temporarily considered to be an axiom), Sn isQ , and each of S1, . . . , Sn is either

an axiom, or

the conclusion of an inference rule whose premises appear earlier in thesequence.

We can assume that no derived inference rules are used, so that the only inferencerules used are Leibniz (3.1), Transitivity (3.2), and Equanimity (3.3).

Below, to the left, is the proof of Q , with each theorem Si labeled with labelsi. We transform this proof of Q (which has P as its first theorem) into a proofof PQ , shown to the right below (which does not use Pas an axiom). Thus,each Si has P prepended to it.

Proof ofSn Proof ofP Sn

s0: S0 s0: P S0

s1: S1 s1: P S1...

...

sn: Sn sn: P Sn

However, we may have to insert some other theorems before each P Si inorder to be able to conclude that P Si is a theorem. What we insert dependson the reason for theoremhood of Si in the proof to the left.

Case 1. Si is P . We transform Si into:

si: P P Reflexivity of (3.78)

Case 2. Si is an axiom. We transform Si into this sequence:i1: Si Axiomi2: Si (P Si) (3.77), P (Q P), with P, Q:=Si, Psi: P Si Modus ponens, i1, i2

Case 3. Si is the conclusion of inference rule Leibniz.We give its form aswell as the premise sj of the inference rule, which occurs earlier in the sequenceby the assumption of the deduction theorem, V does not occur in P :

7/24/2019 run4

22/22


sj : X Y ...

si: E[V:= X] E[V:= Y] Leibniz,sj

Step sj was translated into the following:

sj : P (X Y) ...

The following two steps are the beginning of the translation of si:

i1: PX PY Equanimity, sj, over (3.69a)i2: (P E)VPX (P E)

VPY Leibniz, i1

The rest of the translation of si is the equivalent of the following calculation,which proves that P (E[V:= X] E[V:= Y]) is a theorem.

P (E[V:= X] E[V:= Y])= over (3.69a)

P E[V:= X] P E[V:= Y]= Property of instantiation V does not occur in P

(P E)[V:= X] (P E)[V:= Y]= Lemma (4.24), twice

(P E)[V:= P X] (PE)[V:= P Y] i2

Case 4. Si is the conclusion of inference rule Transitivity. We give Sias well as the premises of the inference rule, which occur earlier in the sequence:

sx: X Y ...sy: Y Z ...

si: X Z Transitivity, sx, sy

We transform this sequence into the following:

sx: P (XY) ...sy: P (Y Z) ...

i1: P X P Y Equanimity, sx, over (3.69a)i2: P Y PZ Equanimity, sy, over (3.69a)i3: P X P Z Transitivity, i1, i2si: P (XZ) Equanimity, i3, over (3.69a)

Case 5. Si is the conclusion of inference rule Equanimity. We give Sias well as the premises of the inference rule, which occur earlier in the sequence:

sx: X ...sy: X Y ...

si: Y Equanimity, sx, sy

We transform this sequence into the following:

sx: P X ...sy: P (X Y) ...

i1: P X P Y Equanimity, sy, over (3.69a)si: P Y Equanimity, sx, i1

run4

Documents