Download ND for predicate logic ∀-elimination, first attempt Variable capture

∀-elimination, first
attempt
The rule for ∀-elimination is as follows, where t
can be any term, and [t/x] means that t is
substituted for every free occurrence of x in A.
(We shall formalize soon what “free” means.)
Natural deduction for predicate
logic
∀x.A
∀e
A[t/x]
This is intuitively clear—consider
for all numbers n it holds that n is even or n is odd
.
9 is even or 9 is odd
– p. 1/24
ND for predicate
logic
But there is a catch. . .
– p. 3/24
Variable capture
The rules of ND for predicate logic are those of
ND for propositional logic, plus introduction rules
and elimination rules for ∀ and ∃.
Consider e.g. the formula below, which holds
e.g. for the natural numbers.
A = ∀x.∃y.x < y
Applying ∀-elimination with t = y yields the
following formula, which is not valid.
∃y.y < y
The mistake has been caused by variable
capture: the variable y in t has been caught
by the quantifier ∃y.
– p. 2/24
– p. 4/24
Free variable
occurrences
Scope
To make precise what variable capture is, we
define the notion of scope.
Another definition we need to address the issue
of variable capture:
Definition. The scope of the occurrence of a
quantifier ∀x or ∃x in a formula A is obtained as
follows:
Definition. An occurrence of a variable x in a
formula A is said to be free if it is neither part of
a quantifier (∀x or ∃x) nor in the scope of a
quantifier for x.
1. Let ∀x.B be the subformula of A that starts
with the above quantifier occurrence.
Example. The left x is free in the formula below,
while the other two are not.
2. Remove all subformulæ of B that also start
with a quantifier for x (∀ or ∃).
p(x) ∧ ∀x.p(x)
– p. 5/24
– p. 7/24
Avoiding variable
capture
Scope: example
Next, we define the notion we shall use to avoid
variable capture:
Example. The scope of the right-hand ∀x in the
formula
(∀x.p(x)) ∧ ∀x.(p(x) → ∃x.q(x))
Definition. Given a term t, a variable x and a
formula A, we say that t is free for x in A if A
has no free occurrence of x in the scope of a
quantifier ∀y or ∃y for any variable y occurring in
t. (In other words, if no variable capture happens
during the substitution A[t/x].)
is p(x) → •, where • stands for the hole that
results from removing ∃x.q(x).
– p. 6/24
– p. 8/24
∀-elimination, final
version
∀-introduction
The rule for ∀-introduction in the style without
assumptions is
In the style without assumptions:
∀x.A
∀e if t is free for x in A
A[t/x]
A
∀i if no undischarged assumption
∀x.A
of A has a free occurrence of x.
In the style with assumptions:
Γ ∀x.A
∀e if t is free for x in A
Γ A[t/x]
– p. 9/24
– p. 11/24
Natural deduction:
example
∀-introduction
In the style with assumptions, the rule for
∀-introduction is
Assuming that x does not occur freely in A, we
have the following ND proof:
ΓA
∀i if x ∈ FV (Γ).
Γ ∀x.A
[∀x.(A → B)]2
∀e
A→B
[A]1
→e
B
∀i
∀x.B
→ i1
A → ∀x.B
→ i2 .
(∀x.(A → B)) → (A → ∀x.B)
Intuitively,
A holds of an arbitrary x
.
A holds for all x
From a syntactic point of view, “arbitrary” means
that x is not used in the assumptions.
– p. 10/24
The side condition for the ∀-elimination is “x is
free for x in A → B”. Exercise: show that x is
free for x in any formula.
– p. 12/24
∃-elimination
Exercises
Show:
In the style with explicit assumptions, the rule for
∃-elimination is
1. (∀x.(A(x) ∧ B(x))) ↔
((∀x.A(x)) ∧ (∀x.B(x))).
Γ ∃x.A Γ, A B
∃e x ∈ FV (Γ ∪ {B}).
ΓB
2. (∀x.(A(x) → B(x))) → ((∀x.A(x)) →
(∀x.B(x))). (Which condition is required for
the converse? Explain!)
Intuitively,
there is an x such that A(x)
an arbitrary x s.t. A(x) implies B
.
B holds
3. A ↔ ∀x.A where x ∈ FV (A).
4. (∀x.A(x)) → ¬∀x.¬A(x).
5. (∀x.∀y.A(x, y)) → ∀x.A(x, x). (Does this
require a side condition? Explain!)
– p. 13/24
∃-introduction
A[t/x]
∃i
∃x.A
Technically, “arbitrary” means that neither the
assumptions nor the conclusion B contain x.
– p. 15/24
∃-elimination
In the style without explicit assumptions, the rule
for ∃-elimination is
if t is free for x in A
The intuition is almost trivial:
∃x.A(x)
B
A(x) holds for some witness t instead of x
.
there exists some x such that A(x) holds
The side condition only makes sure that t
contains no variables in the scope of
quantifiers.
[A(x)]
··
·
if neither the undischarged
B
∃e assumptions nor B have free
occurrences of x.
Note the similarity with ∨e.
– p. 14/24
– p. 16/24
Example
Exercise
Show that ∃ can be expressed in terms of ∀ by
defining
∃x.A = ¬∀x.¬A,
[∀x.A]3
∀e
[¬A]1
A
→e
[∃x.¬A]2
⊥
∃e1
⊥
→ i2
¬∃x.¬A
→ i3
∀x.A → ¬∃x.¬A
in the sense that the introduction and elimination
rules for ∃ follow from the other rules of ND.
– p. 17/24
Example
Exercise
Show the claims below, where x ∈ FV (B).
The following proof shows the converse of the
formula proved on the previous slide.
1. (∀x.(A(x) → B)) → ((∃x.A(x)) → B).
[¬A]1
∃i
[¬∃x.¬A]2
∃x.¬A
→e
⊥
RAA1
A
∀i
∀x.A
→ i2
¬∃x.¬A → ∀x.A
Note that this proof uses RAA. The formula
¬∃x.¬A → ∀x.A does not hold in intuitionistic
logic.
– p. 19/24
2. ∃x.(A(x) ∨ B(x)) → ((∃x.A(x)) ∨ (∃x.B(x))).
3. (∃x.(A(x) ∧ B)) ↔ ((∃x.A(x)) ∧ B).
4. (∀x.(A(x) ∨ B)) ↔ ((∀x.A(x)) ∨ B).
5. (∃x.A(x)) ↔ ¬∀x.¬A(x).
(Some of these are hard—do not worry if you
cannot solve all five exercises.)
– p. 18/24
– p. 20/24
Summary of
quantifier rules
Exercise
The soundness proof for ∀i works as follows:
suppose that Γ |= A and M |= Γ. To see that
M |= ∀x.A, we need to show that M [a/x] |= A for
all a ∈ U . Because M |= Γ and x does not occur
freely in Γ, we have M [a/x] |= Γ. Because
Γ |= A, we get M [a/x] |= A.
The introduction and elimination rules for
quantifiers are
ΓA
∀i
Γ ∀x.A
if x ∈ FV (Γ)
Γ ∃x.A Γ, A B
Γ A[t/x]
∃e
∃i
ΓB
ΓA
Γ ∀x.A
∀e
Γ A[t/x]
x ∈ FV (Γ ∪ {A}),
where for ∀e and ∃i, the term t must be free for x
in A.
Exercise: Prove the soundness of the remaining
quantifier rules.
– p. 21/24
– p. 23/24
Completeness
Soundness
Theorem.[Soundness] If Γ A, then Γ |= A.
Theorem.[Completeness] If Γ |= A, then Γ A.
The soundness of the rules for ∧, →, ⊥, and
∨ is shown in the same way as for
propositional logic.
Showing the soundness of ∀i, ∀e, ∃i, and ∃e
is fairly easy.
– p. 22/24
The completeness proof follows the same
scheme as the one for propositional logic.
Only the Model Existence Lemma needs to
be re-proved, because situations now involve
a universe, functions, and predicates.
While the proof of Model Existence Lemma is
still based on (an updated version of)
maximally consistent sets, it is much harder
than in the propositional case.
– p. 24/24
Multiple conclusions
We also briefly considered sequents with
multiple conclusions, i.e. of the form
Γ Δ,
where Γ is a list of formulæ A1 , . . . , An and Δ is a
list of formulæ B1 , . . . , Bm . The intended
meaning is
The sequent calculus
A1 ∧ . . . ∧ An |= B1 ∨ . . . ∨ Bm .
– p. 1/20
– p. 3/20
Towards sequent
calculus
Sequents
As we have seen, the natural-deduction calculus
has an introduction rules and elimination rules for
every connective, e.g.
“Sequent” is another word for “syntactic
entailment” (recall lecture on ND). That is, a
sequent is of the form
Γ A1 Γ A2
∧i
Γ A 1 ∧ A2
Γ B,
where Γ is a list of formulæ A1 , . . . , An , and B is
a formula. By soundness and completeness (of
ND), we have
Γ A1 ∧ A2
Γ A1 ∧ A2
∧e
∧e.
Γ A1
Γ A2
Notice that all of the action happens on the right
side.
Γ B iff Γ |= B.
– p. 2/20
– p. 4/20
The sequent calculus
The Axiom rule
In his seminal 1934 paper, along with natural
deduction, Gentzen also proposed an
alternative to ND: the sequent calculus.
We also have axioms of the form
AA
Ax .
Instead of the elimination rules, the sequent
calculus has left introduction rules:
– p. 5/20
Rules for ∧ and ∨
Γ, A, B Δ
L∧
Γ, A ∧ B Δ
True and False
The rules for (true) and ⊥ (false) are
Γ A, Δ Γ B, Δ
R∧
Γ, Γ A ∧ B, Δ, Δ
Γ, A Δ Γ , B Δ
L∨
Γ, Γ , A ∨ B Δ, Δ
– p. 7/20
L⊥
ΓΔ
R⊥
Γ ⊥, Δ
ΓΔ
L
Γ, Δ
⊥
Γ A, B, Δ
R∨
Γ A ∨ B, Δ
Note the pretty symmetry: L∨ is the dual of R∧,
and L∧ is the dual of R∨.
– p. 6/20
R.
– p. 8/20
Implication
Exercise
The rules for implication are
Γ A, Δ Γ , B Δ
L→
Γ, Γ , A → B Δ, Δ
In fact, we could have defined
Γ, A Δ, B
R→.
Γ A → B, Δ
A → B = (¬A ∨ B).
Then we could derive the rules L → and R →
from L¬ and R¬. Show this.
– p. 9/20
Negation and
implication
The structural rules
As in the case of natural deduction, we define
¬A = (A → ⊥).
This means that the following rules are derivable:
Γ A, Δ
L¬
Γ, ¬A Δ
– p. 11/20
The introduction rules for the logical connectives
are called “logical rules”. Besides those and the
axiom rule, there is another essential set of rules:
the structural rules.
Exchange:
Γ, A Δ
R¬.
Γ ¬A, Δ
Γ, A, B, Γ Δ
LE
Γ, B, A, Γ Δ
– p. 10/20
Γ Δ, A, B, Δ
RE
Γ Δ, B, A, Δ
– p. 12/20
Using the structural
rules
Structural rules
Weakening:
Γ, Γ Δ
LW
Γ, A, Γ Δ
The structural rules allow us to simplify some
other rules. E.g. consider
Γ Δ, Δ
RW
Γ Δ, A, Δ
Γ A, Δ Γ B, Δ
R∧.
Γ, Γ , A ∧ B, Δ, Δ
Contraction:
Γ, A, A, Γ Δ
LC
Γ, A, Γ Δ
Because of LW and RW , the rule below suffices:
Γ Δ, A, A, Δ
RC
Γ Δ, A, Δ
Γ A, Δ Γ B, Δ
R∧.
Γ A ∧ B, Δ
Rules of the first kind are called multiplicative,
and rules of the second kind are called additive.
– p. 13/20
Significance of
structural rules
– p. 15/20
Exercise
The structural rules correspond to the fact
that contexts (which by definition are list of
formulæ) can be seen as sets.
Show that the multiplicative version together with
the structural rules implies the additive version.
Which structural rules are needed for that?
We could have introduced contexts as sets
from the beginning; but that would be unwise,
because sometimes one wants contexts to
be lists (e.g. in linear logic, which is beyond
the scope of this lecture).
– p. 14/20
– p. 16/20
Summary: structural
rules
The Cut rule
The final rule of the sequent calculus is the
famous Cut:
Γ, A, B, Γ Δ
LE
Γ, B, A, Γ Δ
Γ2 Δ1 , A, Δ3 Γ1 , A, Γ3 Δ2
Cut.
Γ1 , Γ2 , Γ3 Δ1 , Δ2 , Δ3
A is called the “cut formula”. As we shall see
shortly, the Cut rule plays a key rôle in the
translation of natural-deduction proofs into proofs
of the sequent calculus.
Γ, Γ Δ
LW
Γ, A, Γ Δ
Γ, A, A, Γ Δ
LC
Γ, A, Γ Δ
Γ Δ, A, B, Δ
RE
Γ Δ, B, A, Δ
Γ Δ, Δ
RW
Γ Δ, A, Δ
Γ Δ, A, A, Δ
RC
Γ Δ, A, Δ
– p. 17/20
Summary: Ax , Cut,
logical rules
AA
Ax
Γ2 Δ1 , A, Δ3
Γ1 , Γ2 , Γ3 Δ1 , Δ2 , Δ3
Γ, A, B Δ
Γ, A ∧ B Δ
Γ, A Δ
Γ, Γ , A ∧ B, Δ, Δ
Γ , B Δ
⊥
L∨
Γ, Δ
Γ , B Δ
Γ, Γ , A → B Δ, Δ
Γ A, B, Δ
Γ A ∨ B, Δ
ΓΔ
L⊥
ΓΔ
Γ B, Δ
Γ A, Δ
L∧
Γ, Γ , A ∨ B Δ, Δ
Γ A, Δ
Γ1 , A, Γ3 Δ2
Γ ⊥, Δ
L
L→
Terminology
The occurrences of Γ and Δ in the inference
rules are called the side formulæ or the
context.
Cut
R∧
In the conclusion of each rule, the formula not
in the context is called the main formula or
principal formula. In the rule Ax , both
occurrences of A are principal.
R∨
R⊥
The formula(s) in the premise(s) from which
the principle formula derives are called the
active formulas.
R
Γ, A Δ, B
Γ A → B, Δ
– p. 19/20
R→
– p. 18/20
– p. 20/20
Sequent calculus and
ND
Let’s write
Γ seq Δ
if some sequent Γ Δ is derivable in the sequent
calculus, and
Γ N D A
Sequent calculus vs. natural
deduction
if some sequent Γ A is derivable in ND. So the
theorem states
Γ seq A
iff
Γ N D A.
. – p.1/14
. – p.3/14
From ND to sequent
calculus
Sequent calculus and
ND
Theorem. A sequent Γ A is derivable in the sequent calculus if and only if it is derivable in natural deduction.
We show
Γ seq A
⇐
Γ N D A
by induction on the size of the proof of
Γ N D A.
We proceed by case split on the last rule
used in the proof of Γ N D A.
. – p.2/14
. – p.4/14
Axioms
Elimination rules
Case (1): the ND proof is
Γ, A N D A
Case (3): the last rule of the ND proof is an
elimination rule.
Ax .
∧e, → e, ∨e, ⊥e.
The sequent proof is
They are handled by left introduction rules
plus Cut (see lecture).
Ax
A seq A
LW.
Γ, A seq A
. – p.5/14
. – p.7/14
Reductio ad
absurdum
ND introduction rules
Case (2): the last rule of the ND proof is an
introduction rule:
Case (4): the last rule of the ND proof is
Γ, ¬A ⊥
RAA.
ΓA
→ i, ∧i, ∨i.
See lecture.
These cases are essentially handled by the
right introduction rules
R →, R∧, R ∨ .
of the sequent calculus.
. – p.6/14
. – p.8/14
The subformula
property
From sequent
calculus to ND
We still have to show
Γ seq A
Definition. An inference rule
⇒
Γ N D A.
(1)
One shows by (a tedious) induction on the
sequent proof that
Γ seq A1 , . . . , Am
⇒
Γ, ¬A1 , . . . , ¬Am N D ⊥
Γ1 Δ1
. . . Γn Δn
ΓΔ
has the subformula property if every formula in
the Γi or Δj is a subformula of Γ or Δ.
The subformula property is nice, because it
limits the possible hypotheses of Γ Δ.
Then (??) follows from the case m = 1 by
RAA.
So it helps proof search.
. – p.9/14
Soundness and
completeness
. – p.11/14
The cut rule
Theorem. The sequent Γ Δ is provable in the
sequent calculus if and only if Γ |= Δ.
Proof. The claim follows from soundness &
completeness for ND: suppose that
Δ = A1 , . . . , Am . Then
Γ2 Δ1 , A, Δ3 Γ1 , A, Γ3 Δ2
Cut
Γ1 , Γ2 , Γ3 Δ1 , Δ2 , Δ3
Needed for translating ND proofs into sequent
proofs.
Gentzen’s famous Hauptsatz (main theorem):
Γ seq Δ ⇐⇒ Γ, ¬A1 , . . . , ¬Am N D ⊥
Theorem. Every sequent-proof of Γ Δ can be
transformed into a proof of Γ Δ that does not
contain Cut.
⇐⇒ Γ, ¬A1 , . . . , ¬Am |= ⊥
⇐⇒ Γ |= A1 , . . . , Am .
. – p.10/14
. – p.12/14
Sequent calculus for
predicate logic
The quantifier rules are
Γ, A[t/x] Δ
L∀
Γ, ∀x.A Δ
Γ, A Δ
L∃
Γ, ∃x.A Δ
Γ A, Δ
R∀
Γ ∀x.A, Δ
Γ A[t/x], Δ
R∃,
Γ ∃x.A, Δ
where in R∀ and L∃ it must hold that x ∈
FV (Γ, Δ) and in L∀ and R∃ it must hold that t
is free for x in A.
Sequent calculus,
proof search,
& logic programming
. – p.13/14
. – p.1/??
Deductive vs.
reductive inference
Exercise
Show how
Deductive inference proceeds from
premises to a conclusion:
L∀ can be used to express the ND rule ∀e;
L∃ can be used to express the ND rule ∃e.
premise1 . . . premisen
⇓
conclusion
Reductive inference proceeds backwards
from a putative conclusion or goal sequent to
sufficient sets of premises:
premise1 . . . premisen
⇑
putative conclusion
. – p.14/14
. – p.2/??
Avoiding cut
Proof search
We call reductive inference proof search.
The cut rule is bad for proof search, because it
violates the subformula property. E.g., applying
(additive) cut backwards to
There can be many choices for reducing a
goal sequent. E.g. the goal sequent below
could be reduced in five ways.
ΓΔ
A ∧ B, C → (D → E), (A ∧ C) → E E ∨ B, B → D
Γ A, Δ
So we have a search space: all possible
attempts at reducing the goal sequent.
. – p.3/??
Evidently, we better avoid having to guess A. Fortunately, owing to the cut-elimination theorem, we
can prove everything without cut!
. – p.5/??
But even without cut and with only additive
rules, the search space turns out too big for
realistic proof search.
For proof search, additive rules are better than multiplicative
rules. For example, given the goal sequent
Γ A ∧ B, Δ,
The reason is the number of choices for
picking the principle formula. E.g. recall that
applying additive R∧ backwards yields
Γ B, Δ,
A ∧ B, C → (D → E), (A ∧ C) → E E ∨ B, B → D
while applying multiplicative R∧ yields
Γ1 A, Δ1
Γ, A Δ.
Search space still too
big
Opting for additive
rules
Γ A, Δ
yields the new goal sequents below:
provides five choices!
Γ2 B, Δ2
for any splitting of Γ = Γ1 , Γ2 and Δ = Δ1 , Δ2 . Evidently, we
. – p.4/??
. – p.6/??
Towards logic
programming
The “minimal
sequent calculus”
Logic programming limits the search-space by
focusing on sequents Γ A with a single
succedent A. We write
Γ, A A
Γ, A, B C
L∧
Γ, A ∧ B C
Γ ?− A
Γ, A C
A is called the goal formula of simply goal.
Γ is called the program, because it provides
the instructions for proving A, as we shall see.
?− stands for the inference engine. (E.g.
Prolog).
Γ, B C
Γ, A ∨ B C
Γ, A → B C
Γ, ∀x.A B
Γ, A B
. – p.7/??
Sequent calculus for
proof search
Γ, ∃x.A B
ΓA∧B
Γ A1 ∨ A2
L→
Γ, A[t/x] B
ΓA ΓB
Γ Ai
L∨
Γ A Γ, B C
Ax
L∀
L∃
(i = 1, 2)R∨
Γ, A B
ΓA→B
ΓA
Γ ∀x.A
Γ A[t/x]
Γ ∃x.A
R∧
R→
R∀
R∃
. – p.9/??
Completeness?
Logic programming is best discussed in the
context of an additive, cut-free,
single-succendent sequent calculus.
This calculus is not complete w.r.t. the usual
semantics of predicate logic!
However, only two rules are missing:
It helps to consider contexts Γ to be sets of
formulæ, not lists.
Γ, ¬A ⊥
Γ⊥
ex falso quodlibet
RAA.
ΓA
ΓA
This corresponds to making the rules
LE, RE, LC, RC implicit.
In fact, RAA implies EF Q.
The rule W R no longer makes sense,
because of single succedents.
The calculus without these two rules is for
minimal logic.
W L is not an inference rule, but it is derivable.
The calculus without RAA but with EF Q is for
intuitionistic logic. More about this later.
. – p.8/??
. – p.10/??
Uniform proofs
Completeness?
Logic programming constrains the search
space outlined by the minimal sequent
calculus even more.
Problem: uniform proofs are not even
complete for the minimal sequent calculus
(consider e.g. p ∨ q p ∨ q).
This can be explained elegantly in terms of
uniform proofs (Dale Miller et. al.).
Solution: characterize a class of sequents for
which uniform proofs are complete.
The idea is that the goal is taken to pieces (by
right rules) as long as possible; left rules are
applied only when the goal is atomic.
. – p.11/??
. – p.13/??
Hereditarily Harrop
sequents
Uniform proofs:
definition
Definition. A proof in the minimal sequent calculus is uniform if every sequent Γ A with nonatomic succedent A is obtained from a right rule.
Definition. A Hereditarily Harrop sequent is of
the form
D1 , . . . , Dn G,
where the D’s (definite clauses) and G (goal)
obey the grammar
D ::= ⊥|p|G → p|G → ⊥|∀x.D|D1 ∧ D2
G ::= ⊥|p|G1 ∧ G2 |G1 ∨ G2 |∃x.G|D → G.
. – p.12/??
. – p.14/??
Prolog as a special
case of HH sequents
Prolog as a special
case of HH sequents
mortal(X) :- human(X).
featherless(socrates).
bipedal(socrates).
animal(socrates).
human(X) := featherless(X),
bipedal(X), animal(X).
So a query to Prolog program can be considered
as a special case of a HH sequent
D1 , . . . , D n G
where
This corresponds to the following set Γ of definite clauses
(note the ∀-quantifier):
∀x.human(x) → mortal(x), f eatherless(socrates),
each Di is of the form
∀x1 . . . . ∀xn .(p1 ∧ . . . ∧ pk → q), where the pi
and q are atomic, and
G is of the form ∃x1 . . . . ∃xn .r1 ∧ . . . ∧ rm ,
where the ri are atomic.
bipedal(socrates), animal(socrates),
∀x.f eatherless(x) ∧ bipedal(x) ∧ animal(x) → human(x)
. – p.15/??
Prolog as a special
case of HH sequents
. – p.17/??
Lambda-prolog
By contrast, a Prolog query, e.g.
The full power of HH sequents is
implemented in Lambda-Prolog.
?- featherless(X),bipedal(X),animal(X)
corresponds to the goal (note the ∃-quantifier):
In particular, it allows goals of the form
D → G.
∃x.f eatherless(x) ∧ bipedal(x) ∧ animal(x)
D can be seen as code to be loaded prior to
proving G.
. – p.16/??
. – p.18/??
Completeness of
uniform proofs
Theorem. Uniform proofs of Hereditarily Harrop
sequents are complete w.r.t. minimal predicate
logic.
Proof.
By re-writing proofs in the minimal
sequent calculus into uniform proofs.
. – p.19/??